FILE INCLUSION / DIRECTORY TRAVERSAL Academy Skills Assessment

Can anyone help me with this I am stuck trying to figure this out. Been hammering on it a few days and can’t figure out what I am doing wrong

I found …_admin/index.php and I think this is not the good way finish the task.

Also I found that “…” will redirect me to error.php page and I can’t use that, also the version of PHP is 7 and I cant use %00 byte and URL encoding to bypass. I extratxt the content of all the web page like

-about
-contact
-industries
and I dont found any usefull stff. Can someone help me to finish this task?

hint “source code disclosure”

I finish and find the key

Type your comment> @Gocka said:

I finish and find the key

But how? I haven’t been able to solve this for 4 days.

The source code of the main page showed me 3 possible arguments for index.php. Attempts to use different arguments for ‘index.php?page=’ failed.

ffuf does not let you know what other directories or pages there are.

js/main.js didn’t say anything either. Deobfuscation of other scripts, too.

The form for sending messages from the contacts section didn’t help.

The only result I could get was a message about incorrect input when I used the page= arguments of the form in all sorts of ways …//

An attempt to replace the User-Agent with a script and view /var/log/apache2/access. log fails.
Just like the other directories listed in the tutorial.

Which direction should I go next?

Guys. I’m struggling with question in module: Local File Inclusion

" Submit the contents of the flag.txt file located in the /usr/share/flags directory."

I’ve tried some methods in with changing URL on web browser, and CURL method as well. Could somebody give me a hint?

Type your comment> @zborekp said:

Guys. I’m struggling with question in module: Local File Inclusion

" Submit the contents of the flag.txt file located in the /usr/share/flags directory."

I’ve tried some methods in with changing URL on web browser, and CURL method as well. Could somebody give me a hint?

Just request it such as first example with “language” parameter

Type your comment> @Wiiz4Rd said:

Type your comment> @Gocka said:

I finish and find the key

But how? I haven’t been able to solve this for 4 days.

The source code of the main page showed me 3 possible arguments for index.php. Attempts to use different arguments for ‘index.php?page=’ failed.

ffuf does not let you know what other directories or pages there are.

js/main.js didn’t say anything either. Deobfuscation of other scripts, too.

The form for sending messages from the contacts section didn’t help.

The only result I could get was a message about incorrect input when I used the page= arguments of the form in all sorts of ways …//

An attempt to replace the User-Agent with a script and view /var/log/apache2/access. log fails.
Just like the other directories listed in the tutorial.

Which direction should I go next?

Try read the index file and you will find something

Everything is so tricky. I forgotten that “flag” is a text file inside of directory “flags”. The easiest way - is working, thanks

Type your comment> @Gocka said:

Try read the index file and you will find something

Thanks. The source code of the index page ? Or the contents of the file index.php ? I can’t see the content index.php, only the source code of the index page. Probably if I could see. php then I would figure out how to get to the flag. How can I read index.php ?

Local File Inclusion–>Source Code Disclosure via PHP Wrappers

Read the guide and you will find how to read index file

Type your comment> @Gocka said:

Local File Inclusion–>Source Code Disclosure via PHP Wrappers

Read the guide and you will find how to read index file

Thanks. I’ve already tried this and haven’t gotten anything yet. Apparently I did something wrong. I’ll try again now.

Spoiler Removed

Any tips for Hardening tips module?

“Edit the php ini file to block system() then try to execute php code…()…fill in the blank: system() has been disabled for -___reasons”

So, I set apache2 settings accordingly (paragraph Application Hardening) then I restarted it
I created php file and copy it into /var/www/html

However not sure if content of php file is correct and which CURL method should I use, after curl -X there are no logs in error.log file

Check the “WebServer” Log

anyone help me I m stuck on the skill assessment file inclusion/directory traversal

I do not have a solution which you find like admin plz guide me last 7 days I m stuck there

everywhere giving me a 404 not found error

Type your comment> @zborekp said:

Any tips for Hardening tips module?

“Edit the php ini file to block system() then try to execute php code…()…fill in the blank: system() has been disabled for -___reasons”

So, I set apache2 settings accordingly (paragraph Application Hardening) then I restarted it
I created php file and copy it into /var/www/html

However not sure if content of php file is correct and which CURL method should I use, after curl -X there are no logs in error.log file

Hey zborekp!

I am currently at the same problem, i modified the php.ini but i dont know how to “then try to execute php code that uses system”

when i Cat the error.log the is no … disabled for … reason .

Did you figure it out and could give me a hint?

Kind regards
PortaHelle

Hello! I have a problem, I’ve done all the agent poisoning stuff to get RCE but I can’t go through the /root directory when I do the &cmd=ls+/root to see the flag file. I’ve thought that I couldn’t go through that directoy because I wouldn’t have permissions to do it so I tried to get a reverse shell to try privilege escalation techniques and didn’t worked.
Could I get any hints?

Hello! I found the admin page in the index.php source code. I open the page and I can read the passwd file in etc map but I couldn’t use such a technique what I can use for running such command like “ls”. Could somebody help me what kind of technique have to use on the admin page.

Type your comment> @B2Man said: > Hello! I found the admin page in the index.php source code. I open the page and I can read the passwd file in etc map but I couldn’t use such a technique what I can use for running such command like “ls”. Could somebody help me what kind of technique have to use on the admin page. I was able to do it. If somebody need help write to me.