I’ve been working on the LFI Skills Assessment - File Inclusion module, and I’ve been able to get everything to work except for one thing. No matter what I do, my User-Agent for a log poisoning attack just doesn’t seem to change.
I tried the -A flag with curl, I tried using BurpSuite to modify the HTTP request, and I even tried changing the default User-Agent in Firefox’s settings with “general.useragent.override”, but when I check the access log for the InLaneFreight website, it still shows the old User-Agent header
I’m really confused as to why it doesn’t seem to change, does someone know why this is happening?
(Also, thanks in advance to anyone who replies :])
1 Like
Did anybody assist you? I’m stuck at the exact same place!
John
Nah, it just started working for some reason, I’m still not exactly sure why.
It’s also been a while since I did that box, so I don’t remember what exactly got it to work, but I’ll try my best :].
From what I remember, the syntax that did work was using curl like this curl -H “User-Agent: user-Agent-Name-Here” (of course there was additional syntax for stuff other than the Agent Header, but I don’t know what it was I think?)
I also tried using just curl to access the website, because I wasn’t sure if the browser was interfering, so when it did work, I was doing everything from the command line.
Lastly, the payload suggested by Hack the Box didn’t work for me, so I used something like this instead: <?php system("yourCommandName 2>&1",$output); ?>
Btw, I don’t remember if the quotation marks breaks the command so you may have to experiment with that.
Also my command looked something like this: “cd …/…/…/…/…/…/; ls”
There was of course also a cat command after I knew where the file was/what the name was.
1 Like
Same thing happened to me. I could not get that flag yesterday. Today I went through the same steps and it worked! Weird, but glad to be done with this module!
John
1 Like