Exploiting an Insecure File Extraction with 2pacx

In this PoC we’re running a siddhi of type exploit (2pacx) combined with a payload flask_pinstealer and a forward (atlatl) to catch the PIN retrieved, authenticate, hooking the console, and also given us a shell on server.