Skip to content

GoogTech/htb_academy_basic_deserialization_attacks_htbooks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
Exploit
Exploit
 
 
static
static
 
 
templates
templates
 
 
util
util
 
 
README.md
README.md
 
 
app.py
app.py
 
 
flag.txt
flag.txt
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

It’s a Python web application that primarily focuses on code review, identifying deserialization vulnerabilities in the code, and demonstrating basic deserialization attack techniques. It's worth noting that they were developed as part of the HackTheBox Academy's Introduction to Deserialization Attacks module.

❗️❗️❗️Deserialization Attacks include:

  • Object Injection (Payload in /Exploit/Object_Injection
  • RCE: Magic(Special) Methods (Payload in /Exploit/Remote_Code_Execution

How to run it

# 1.Install the sqlite3

# 2.Create the python venv
python3 -m venv venv

# 3.Install the python modules
python3 -m pip install -r requirements.txt

# 4.Run the web server
python3 -m flask run

About

It’s a Python web application that primarily focuses on code review, identifying deserialization vulnerabilities in the code, and demonstrating basic deserialization attack techniques.

Topics

python lab webapp code-review deserialization-vulnerability hackthebox-academy

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages