i find the admin panel,but i cant use the LFI what can do next
Anybody can DM me? For the questions "Using the file inclusion find the name of a user on the system that starts with “b”.
" I’m 95% certain my payload is good and somehow it just hangs there without responding. I got the index.php and config.php files and there’s nothing I see there that would prohibit me from using that payload. Thanks
Read carefully the /etc/passwd file, the answer is there.
OK I have done it, the file name was funny:)
I found the source, thus I’ve tried many ways to bypass the control, resultless. I did with and without the null byte. I’ve tried to poison the User Agent, no more result. I’m kinda stuck now
i was in the same situation, try to read /etc/passwd/ properly, the name is there
did you try to grep the output of the error.log file ??
Hello everybody , I’m stuck please help. I find access.log of nginix and can read it but when i want to use User agent it don’t add log . any hint ?
You are on the right track with the User agent. Play around with your inputs. Maybe make them simple at first just to make sure you can actually run code.
There is a risk that you can enter in a user agent which breaks the admin page when it tries to read the access log, this means that any agent text entered after the one that broke the page will have no effect because the page breaks before it can read any new agents. You will need to restart the assessment machine if that happens.
ht
if anyone is stuck on how to get the flag when you got RCE, remember that you cant use LFI if you dont know the path of your target. in other words once you got RCE find the file you need then you can access it with LFI
As the Gattsu mentioned above, the problem is PHP code. Try to simplify it, how could you execute ls command within PHP without passing it through parameter?
eh estado luchando con este reto,
dentro de /var/www/html debes crear un archivo shell.php con el contenido ```
luego en otra terminal curl -X GET 'http://10.129.5.70/shell.php'
para luego leer con cat /var/log/apache2/error.log
security
Two addition hint for those still struggling
- it’s access.log not error.log (the Log poisioning wording confused me for a couple of hours)
- it is ’ not “”
- If the log crash or return no log, and you provide the right log path, restart the machine
- The payload with cmd , revert the User agenet back to normal