Tutorial on SSTI and Privilege Escalation

This tutorial was delivered as a guest lecture in CS544 Intro to Cybersecurity. I performed a real-time walkthrough of exploiting the Hack The Box (HTB) machine “Perfection.” The session focused on leveraging a Ruby-based Server-Side Template Injection (SSTI) vulnerability to gain a reverse shell on the target server.

After initial access, we extracted database output and demonstrated password cracking techniques. The tutorial also covered post-exploitation steps, including exploring the remote machine for hints and using the discovered information to brute-force credentials, ultimately achieving full system access.

The session provided hands-on experience with real-world exploitation, privilege escalation, and post-exploitation strategies in a controlled environment. Participants gained practical skills in identifying and exploiting SSTI vulnerabilities, as well as techniques for maintaining access and escalating privileges on compromised systems.