One of my previous conclusions was really off, "of course the more shells you upload the faster..."
First, the original exploit has you uploading 4096 * 4096 shells, this will be counterproductive if the server fills up. You will never get your shell in that case. I missed that on my initial research, since I uploaded just one shell and took a nap.
After being displeased with the results playing with two asyncio coroutines, I split it into two python files and used two terminals to attempt the exploit.
I was considering perfecting this so that I could become more familiar with async python, however... no. I will learn with a different project. This has triggered an ADHD like reaction, hey look over there... Next post: Securing WordPress
As SecurityNerds, our team participated in the Defcon28 SafeMode Red Team Village Qualifiers. This post is about my two favorite challenges from the ctf. The . . .
I was presented with an interesting piece of python code: It seems this originally came from: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion It sparked a very interesting discussion in a . . .