In the section “dev.inlanefreight.local” / image upload it says to change the Content-Type: header to image/png. If I do there’s no longer the error message but the file still doesn’t appear in the /uploads/ dir.
I tried for an hour different methods, like changing the Content-Disposition from multipart/form-data to attachment, actually uploading a png, adding the headers from previous sections etc. Just didn’t work.
Got it working finally using another file type
In the section Dealing with The Unexpected where we are going to http://tracking.inlanefreight.local/
I can follow the example and read files fine. But I am struggling with trying to figure out how to actually find the flag. Is there a way to get a reverse shell or run commands here? Thank you!
Hi there!
I am stuck in the exercise: “Use the SSRF to Local File Read vulnerability to find a flag. Submit the flag value as your answer (flag format: HTB{}).”.
I cannot find a flag. Not in the generated PDF document, nor in its properties / metadata, nor in the code, nor can I guess a file name for a flag or its location.
Did anyone find the solution?
I hope by now you found the answer, still for future reference just use /flag.txt
Try to check the roo* folder 
Is there a way you can list the contents of a directory to see what’s there? Rather than just poking around in the dark
How did you even get to the upload part, i keep getting a request timed out to the server
i have tired my tun0 and the ip of the machine but keep getting the same error
Any luck? I even copied the module’s request letter-for-letter and still got the same timeout error you are getting.
Not sure if the lab is screwed up or what.
I kept getting that same error no matter what I tried, but my advice is the mythology behind it. Hope that helps
For “Exploit the WordPress instance and find a flag in the web root. Submit the flag value as your answer (flag format: HTB{}).” in ir.inlanefreight.local
when I edit 404.php for example to get the revere shell it gives me:
You need to make this file writable before you can save your changes. See Changing File Permissions for more information.
I tried other methods; uploading a plugin that contains reverse shell in php code but I get error not loading
Can any one help me please 
nvm I found the flag
I hope you found the answer, but for other users :
Add the “X-Custom-IP-Authentication: 127.0.0.1” before the “connection : …” at the Request, so you don’t get “timed out”.
