I am running this verybad service to see how can people attack this and extract information.

verybad.kushaldas.in:8000/

Give it a go and let me know what all can you find :)

Happy hacking!!

Follow

@akshay Let me know if you found something, I saw the file :)

· · Web · 1 · 0 · 0

@kushal Well, I gave up :/

Basically all of /proc is readable. With that I could see what all things are actually available.
ld-linux-x86-64.so.2 can probably run files even without executable bit? But rocket limits Vec<u8> to 8 KiB and so I couldn't post anything useful in.

@kushal It's probably possible to override some of that by memory manipulation - but I have no clue how to do any of that.

Sign in to participate in the conversation
dgplug

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!