Hello. Does anyone solved final example in Attacking wordpress section of module?
It’s about “Following the steps in this section, obtain code execution on the host and submit the contents of the flag.txt file in the webroot.”
I’ve done like in theory but metasploit module not handling reverse shell (but exploit done). Is this necessary to get the shell to read the flag or i can do it with web shell? I think that flag in /home/webroot isn’t available to read for www-data user or not? Can anyone give any direction to solve?
1 Like
Hey! did you solve it? I am in the same situation.
Yep. So you not need to metasploit, web shell is enough
Hey! thanks for answering. I did a reverse shell with webshell and metasploit but I thought I needed root for access flag.txt. is it that way? cant find the flag.txt with normal user with bash. searched almost everywhere /home /var/www. thank you in advance. p.s. no need to give me the answer. you can give me a hint if you want 
Ive done it with some exploit from exploitdb and just curl. Playing with msf led to nothing
Your comment does not help, I saw your comment and I figure out myself . For those struggling and saw my comment.
The real hints is :
Whatever users or methods you reverse shell or web shell it does not matter much. Try find every “web root” folder which is /var/www/* , you will see the flag file and the flag file name is abit tricky.
2 Likes
Thanks for the hint, it is saved there,
/var/www/blog.inlanefreight.local/flag_d8e8fca2dc0f896fd7cb4cb0031ba249.txt
3 Likes
You could upload even a webshell, GitHub - flozz/p0wny-shell: Single-file PHP shell .I used this one and I caught the flag immediately.
Check the results of W***an, this will give you a clue.
yes,the name of file is not flag.txt,but flag*.txt
I got /var/www/blog.inlanefreight.local/flag_d8e8fca2dc0f896fd7cb4cb0031ba249.txt and then what do I do? I’ve already used cat and nothing