SSTI and Privilege Escalation

During a guest Lecture for the class CS544 Intro to Cybersecurity, I delivered a tutorial on Server-Side Template Injection (SSTI) and Privilege Escalation. The session provided a hands-on walkthrough of exploiting the Hack The Box (HTB) machine “Perfection,” focusing on leveraging a Ruby-based SSTI vulnerability to gain a reverse shell on the target server.

After initial access, we extracted database output and demonstrated password cracking techniques. The tutorial also covered post-exploitation steps, including exploring the remote machine for hints and using the discovered information to brute-force credentials, ultimately achieving full system access.

The session provided hands-on experience with real-world exploitation, privilege escalation, and post-exploitation strategies in a controlled environment. Participants gained practical skills in identifying and exploiting SSTI vulnerabilities, as well as techniques for maintaining access and escalating privileges on compromised systems.