Attacking Common Applications - WordPress - Discovery & Enumeration

magic · January 9, 2023, 5:01am

For the first flag: Enumerate the host and find a flag.txt flag in an accessible directory.

I must be missing something simple. I’ve brute forced accessible directories on * blog.inlanefreight.local and none that I’ve found contain a flag.txt. I’ve even gone as far as writing a script to curl every directory I’ve discovered and append flag.txt to look for any 200 responses, and haven’t found anything.

What simple step am I missing?

magic · January 9, 2023, 5:13am

Sometimes all it takes is asking the question to make the answer painfully obvious.

Run through all the steps taken in the walkthrough of this section and pay close attention to the output of the automated tool.

Read it line by line if you have to

magic · January 9, 2023, 5:14am

d******** l****** e******

stevencookie · June 17, 2023, 5:42am

I still can’t find flag.txt LOL

CyberAsian · July 3, 2023, 3:36am

gobuster dir -u http://blog.inlanefreight.local/wp-content/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt