# 1223: Smartypants Revenge

| Name                                                                       | Authors                                   | Category         |
| -------------------------------------------------------------------------- | ----------------------------------------- | ---------------- |
| [Intigriti December Challenge (2023)](https://challenge-1223.intigriti.io) | [Protag](https://twitter.com/0daystolive) | ReDoS, SSTI, RCE |

## Challenge Description

> Find the flag and win Intigriti swag.

## Useful Resources

* [HackTricks: SSTI](https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection)
* [PHP: Regular Expression](https://www.alphacodingskills.com/php/php-ref-regex.php)
* [Checking Strings: Avoiding Catastrophic Backtracking](https://community.appway.com/screen/kb/article/checking-strings-avoiding-catastrophic-backtracking-1482810891360)
* [Smarty Pants (unpatched version of this challenge from 1337UP CTF 2023)](https://ctftime.org/task/27094)

## Community Writeups

1. [smickovskid](https://damjan-smickovski.dev/blog/intigriti_challenge_1223_writeup)
2. [simonedimaria](https://simones-organization-4.gitbook.io/hackbook-of-a-hacker/ctf-writeups/intigriti-challenges/1223)
3. [neptunianhacks](https://fireshellsecurity.team/intigriti-december-challenge/)
4. [0xalexandre](https://fernale.blogspot.com/2023/12/intigriti-ctf-12-23.html)
5. [siss3l](https://gist.github.com/Siss3l/f2d2da950ec30c1b0e621611ef660318)
6. [stealthcopter](https://sec.stealthcopter.com/intigriti-december-challenge-smarty-pants/)