many people wrote lots of things here. But someone who is trying to solve these things at first should remember that it is just for ‘getting started.’ So I think it is only required for using metasploit basically, that is all
Just try to use metasploit looking for simple backup exploit, set proper RHOST,RPORT and FILEPATH from the assignment text and then just cat the file location you got back from msfconsole.
I wish I could kiss you.
I was able to do this with Kali NOT running the HTB VPN.
Hi All, There are 2 method to get the flag for the question.
Searchsploit = Find the services via searchsploit and read the .txt file.
Difficulty: Harder than Metasploit
Notes: Yes it might be confusing at start, but look at those links. Example the content mentioned use oldbackup IF the folders are there, we don’t know. So what will happen if we removed that word and input something else. Try reading the text file and understand what this exploit do. You can also adding …/…/…/…/…/ then following with flag.txt then download the content. Once the downloaded file is NOT 0 bytes, it means you got the flag.
Metasploit = Search for the service and get the flag.
Difficulty: Easier than Searchsploit & manual exploitation
Notes: start msfconsole, search for the service and check if there is any relevance. Then set RHOST, RPORT, FILEPATH then RUN. FILEPATH is your target location. Then cat the file on the target directory and you got the flag.
Hope this helps.
Solved: keep overwhelming the server, I had to add a -t 10 at the end of the gobuster command. DERP on my part.
I’m having a slightly different issue, Gobuster times out so I’m not sure which file path to target. I Can’t figure out why, as I can see the webpage, ping it, nmap it, and even run Metasploit. But when I wan enumerate directories, gobuster just times out.
Hi all, I could not complete it with searchsploit but with Metasploit it was very easy.
First when you find what vulnerability you will be exploiting MAKE SURE TO READ CAREFULLY WHAT IT DOES!!
Then use metasploit and MAKE SURE TO SET TO OPTIONS. Review all options carefully.
good luck!!!
I used Kali over VPN and oh what a whirlwind it was. Failure does teach a lot. Found myself going over Burp and what not only to realize msf was my way to the light. Question tho, someone mentioned starting the “systemctl start postgresql”. What is that for? flag.txt landed in the loot in ~
First, you scan your target to identify the vulnerabilities, if you choose to exploit the WordPress Simple Backup Plugin, you can do this using searchsploit. Use searchsploit to get more context on the vulnerability. You will probably get an auxiliary exploit php/webapps/39883.txt. You can use this exploit in msfconsole and assign the file path to the filename of the flag. Remember to set your host and report too.
1 Like