( You are targeting the inlanefreight.htb domain. Assess the target server and obtain the contents of the flag.txt file. Submit it as the answer. )
ANYONE KNOW ABOUT THAT TOPIC? I uploaded webshell on site but only working two commands dir and whoami . Have anyone any references ?
have you tried the command more?
thanks for response . I have already find answer
I managed to get the flag with a webshell that I uploaded via sql… It was limited and messy but it did the job.
I figured MySQL was the other path.
Sent you a PM… I can most likely do the webshell, but looking for another method that is more in line with the modules in this course… a service. Thanks for any help. Stuck on this one.
Got it, thanks @19delta4u !
Hello! I`m stuck trying to find the password… I bruteforce but no luck… rockyou list will never complete in the time I have the pawnbox…
Can someone give me some advice, I have entered mysql with the credentials f*** and the pass 9***, but within it I understand that I must upload a file, or how can I do it, I need some advice I am stuck.
I’ve seen some people talking about methods out of scope for this module, I would suggest having a look around this module.
Try not to move to SQL injection (from the web), enumerate the system, look at what you can get to within the scope of this lab
There are also some useful links;
Any suggestions or hint without the sql injection method? I’m in mysql server with the creds I found and digging around the databases. thanks
edit: I’m trying now to work with command injection from browser but somehow I don’t know how further can I process
Stuck on the cmd=____
Except for dir and whoami nothing means nothing is working ?
Any help regarding this?