Clone this repo to begin the SSTI exploit activity in ACS 3230.
Complete the first two exploits and document your findings in your README
. The rest are stretch challenges!
docker build -t flask-image .
docker run -p 5001:5000 --rm --name flask-container flask-image
- Create a new GitHub repo and name it
Jinja2-ExploitMe
- Clone the Jinja2-ExploitMe repository
- Run
git remote rm origin
in your local copy - Replace it using your new GitHub URL:
git remote add origin https://github.com/YOUR_USERNAME/YOUR_REPO_NAME
- Create a virtual environment for the project:
python3 -m venv venv
- Activate the virtual environment:
source venv/bin/activate
- Install the requirements
pip install -r requirements.txt
IMPORTANT: DO NOT USEpip3
! ALWAYS usepip
andpython
with an activated virtual environment. - Run
export FLASK_ENV=development; flask run
to get started! Be sure to read the instructions on the sidebar. - Be sure to activate the virtual environment each time you work on the project.
Run the following commands in your terminal:
source venv/bin/activate
export FLASK_ENV=development; flask run
Then, visit http://localhost:5000
and complete the challenges listed in the sidebar.
Please turn in your deliverables on Gradescope.
The first two challenges are graded. The remaining are stretch challenges!