File Inclusion 500 Internal Server error

Penne · March 25, 2022, 5:25pm

Good morning,
Just wondering if anyone has done the File Inclusion module ever since it was redone (3/25). I’m at the last part (Skills Assessment) and every time I tried to cat a file on “the log place”*, the server would return a 500 on the next Send in BurpSuite. Anything other than ls or whoami would return a 500. It didn’t use to do this IIRC.

*: “the log place” being that one place where you can see the results of your commands. If you’ve done it, you know where it is.

EDIT: Used another method which made cat more stable. That worked instead.

onthesauce · March 25, 2022, 5:35pm

DM me the line you are using that gives you the 500 error if you don’t mind.
-onthesauce

Penne · March 25, 2022, 5:40pm

Dm-ed

GitaN0w1 · April 23, 2022, 8:30pm

I am wondering if I’m having a similar issue.

I am trying the Academy, page 2 of File Inclusion, called “Local File Inclusion (LFI)” and the images in the training/guidance section are broken. Also, I am not able to practice on any “target” machine… Has the recent update broken this module?

I have watched a video, and looked at other forums posts to see if I’m doing it right, and I believe I am: “/etc/passwd” as the value of the “language” url param has no server response,server timeout. Any other param value reloads the webpage but with no content inside the “container”.

onthesauce · April 23, 2022, 11:03pm

The images are loading fine for me. How is your connection speed and are you using the pwnbox? I know that certain VPN services and servers also affect my load times for the pwnbox and target machines.
-onthesauce

GitaN0w1 · April 24, 2022, 12:41am

Really? I wonder why. I’ve tried via a few different computers. My connection is fine, and no VPN is involved. I just cannot see any of the images in the “academy” training/education page (before jumping into a pwnbox). Here’s the url to the first image in page 2 of the education module: https://academy.hackthebox.com/module/storage/modules/23/basic_lfi_lang.png

Also, the activity to earn cubes doesn’t seem to work either. I’ve tried the LFi techniques via the pwnbox in addition to VPN from my own machine.

RachelGomez · March 20, 2023, 4:58am

Tips to fix-
Try Reloading the Page.
Clear Your Browser Cache.
Check Your Server Logs.
Check for Errors in Establishing a Database Connection.
Check Your Plugins and Themes.
Reinstall WordPress Core.
Check for Permissions Error.
Increase PHP Memory Limit.

Regards,
Rachel Gomez