Jinja2-ExploitMe

Clone this repo to begin the SSTI exploit activity in ACS 3230.

Complete the first two exploits and document your findings in your README. The rest are stretch challenges!

Setup (Docker)

1. Build the Image

docker build -t flask-image .

2. Run the Container

docker run -p 5001:5000 --rm --name flask-container flask-image

3. Access via Browser

http://localhost:5001

Setup (Manual)

1. Create a new GitHub repo and name it Jinja2-ExploitMe
2. Clone the Jinja2-ExploitMe repository
3. Run git remote rm origin in your local copy
4. Replace it using your new GitHub URL: git remote add origin https://github.com/YOUR_USERNAME/YOUR_REPO_NAME
5. Create a virtual environment for the project: python3 -m venv venv
6. Activate the virtual environment: source venv/bin/activate
7. Install the requirements pip install -r requirements.txt
   IMPORTANT: DO NOT USE pip3! ALWAYS use pip and python with an activated virtual environment.
8. Run export FLASK_ENV=development; flask run to get started! Be sure to read the instructions on the sidebar.
9. Be sure to activate the virtual environment each time you work on the project.

Usage

Run the following commands in your terminal:

source venv/bin/activate
export FLASK_ENV=development; flask run

Then, visit http://localhost:5000 and complete the challenges listed in the sidebar.

Deliverables

Please turn in your deliverables on Gradescope.

The first two challenges are graded. The remaining are stretch challenges!