Halloween CTF: Army of Darkness Edition

Here's what's in store:

SSTI (Server-Side Template Injection):

• Common in web frameworks like Flask.
• Testing for SSTI is crucial as it can lead to unintended code execution, making apps vulnerable.

Permission Elevation:

• Spot the unquoted service path and elevate your permissions to NT_AUTHORITY/SYSTEM.
• Living off the Land isn’t just for primitive screw heads!

Don't be like Ash, forgetting the crucial words at the last moment. Take notes, master the vulnerabilities, and be prepared for future competitive events! Hail to the King, baby!

VM Info:

• Points: 100
• The VM needed for this challenge can be downloaded here.
  • THE UNZIP DECRYPT PASSWORD is RED17
• You’ll need Kali Linux as well.
• The final flag is in c:\flag\

Need a walkthrough: Click Here