( You are targeting the inlanefreight.htb domain. Assess the target server and obtain the contents of the flag.txt file. Submit it as the answer. )
ANYONE KNOW ABOUT THAT TOPIC? I uploaded webshell on site but only working two commands dir and whoami . Have anyone any references ?
have you tried the command more?
thanks for response . I have already find answer 
I managed to get the flag with a webshell that I uploaded via sqlā¦ It was limited and messy but it did the job.
I figured MySQL was the other path.
Sent you a PMā¦ I can most likely do the webshell, but looking for another method that is more in line with the modules in this courseā¦ a service. Thanks for any help. Stuck on this one.
Got it, thanks @19delta4u !
Hello! I`m stuck trying to find the passwordā¦ I bruteforce but no luckā¦ rockyou list will never complete in the time I have the pawnboxā¦
Can someone give me some advice, I have entered mysql with the credentials f*** and the pass 9***, but within it I understand that I must upload a file, or how can I do it, I need some advice I am stuck.
Iāve seen some people talking about methods out of scope for this module, I would suggest having a look around this module.
Try not to move to SQL injection (from the web), enumerate the system, look at what you can get to within the scope of this lab
There are also some useful links;
https://www.hackingarticles.in/shell-uploading-web-server-phpmyadmin/
Any suggestions or hint without the sql injection method? Iām in mysql server with the creds I found and digging around the databases. thanks
edit: Iām trying now to work with command injection from browser but somehow I donāt know how further can I process
Stuck on the cmd=____
Except for dir and whoami nothing means nothing is working ?
Any help regarding this?
Everything could be done easier. Using only tools from the learning path without shell uploads.
I have access to the db and am executing a search for a file containing the term flag via my reverse shell like this
The command shows me an empty page when calling it via browser. When running the simple dir command within the directoy I see some folders but nothing cotaining the flag.txt.
Please help me. What am I missing?
I used to solve it by uploading a shell like demonstrated in Attacking SQL Databases and executing my shell commands via curl by just passing the parameters like this:
Hello SjPn,
May I know what service you did brute-force to, please?
Regards,
I do not know the path to the file any hint?
i ran āwhere /r c: flag.txtā through php I uploaded.
Hello SjPn,
Thank you very much for the help.
Remember that it is not necessary to load a webshell, as it is very complicated by certain restrictions. I recommend using the MySQL query ā> select LOAD_FILE(āPATHā);
You can guess the route, I hope it helps you.
PATH= admin desktop