Exploiting Java Tomcat With a Crazy JSP Web Shell - Real World CTF 2022

Channel:

Subscribers:

920,000

Published on February 24, 2022 4:44:36 PM ● Video Link: https://www.youtube.com/watch?v=qA8KB6KndrE

Duration: 21:49

84,859 views

3,741

This was a hard web CTF challenge involving a JSP file upload with very restricted character sets. We had to use the Expression Language (EL) to construct useful primitives and upload an ascii-only .jar file.

Alternative writeups: https://github.com/voidfyoo/rwctf-4th-desperate-cat/tree/main/writeup
Fuzzing log4j with Jazzer: https://www.youtube.com/watch?v=kvREvOvSWt4

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Other Videos By LiveOverflow

2022-05-08	Crafting a Minecraft 0day...
2022-05-01	Flying Without Elytra
2022-04-20	Modding is Hacking...
2022-04-16	Awkward VLOG at Nullcon Berlin 2022
2022-04-10	Minecraft, But It's Reverse Engineered...
2022-04-03	Breaching Security of Palais des Congrès (in Minecraft) #shorts
2022-04-01	I Spent 100 Days Hacking Minecraft
2022-03-24	I've been Hacking for 10 Years! (Stripe CTF Speedrun)
2022-03-16	Missing HTTP Security Headers - Bug Bounty Tips
2022-03-07	Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
2022-02-24	Exploiting Java Tomcat With a Crazy JSP Web Shell - Real World CTF 2022
2022-02-12	Sudo Exploit for (old) Ubuntu 20.04 LTS
2022-02-01	Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046
2022-01-18	Debugging The Failing sudoedit Exploit \| Ep.16
2022-01-11	Creating The First (Failed) Sudoedit Exploit \| Ep. 15
2022-01-03	Learning about nss (Linux Name Service Switch) During Sudo Exploitation \| Ep. 14
2021-12-24	Log4j Lookups in Depth // Log4Shell CVE-2021-44228 - Part 2
2021-12-17	Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228
2021-12-14	Can We Find a New Exploit Strategy? \| Ep. 13
2021-12-02	Authorization vs. Authentication (Google Bug Bounty)
2021-11-18	Developing GDB Extension for Heap Exploitation \| Ep. 12

Tags:

Live Overflow

liveoverflow

hacking tutorial

how to hack

exploit tutorial

real world ctf

realworld ctf

jsp shell

web shell

tomcat

ROOT.war

web.xml

ctf

capture the flag

desperate cat

md5

java

jdk

jvm

docker