Attacking Enterprise Networks - Web Enumeration & Exploitation

In the section “dev.inlanefreight.local” / image upload it says to change the Content-Type: header to image/png. If I do there’s no longer the error message but the file still doesn’t appear in the /uploads/ dir.

I tried for an hour different methods, like changing the Content-Disposition from multipart/form-data to attachment, actually uploading a png, adding the headers from previous sections etc. Just didn’t work.

Got it working finally using another file type

I just finished this section of the module. It was way too long, but I suppose that’s a good thing.

Reach out if you get stuck.


In the section Dealing with The Unexpected where we are going to http://tracking.inlanefreight.local/
I can follow the example and read files fine. But I am struggling with trying to figure out how to actually find the flag. Is there a way to get a reverse shell or run commands here? Thank you!

Hi there!

I am stuck in the exercise: “Use the SSRF to Local File Read vulnerability to find a flag. Submit the flag value as your answer (flag format: HTB{}).”.

I cannot find a flag. Not in the generated PDF document, nor in its properties / metadata, nor in the code, nor can I guess a file name for a flag or its location.

Did anyone find the solution?