Hacking Wordpress Academy - Remote Code Execution (RCE) via the Theme Editor

I’ve been trying to figure this one out for 2 days now:

“Use the credentials for the admin user [admin:sunshine1] and upload a webshell to your target. Once you have access to the target, obtain the contents of the “flag.txt” file in the home directory for the “wp-user” directory.”

I’m stuck on the syntax using curl to grab the contents of the “/home/htb-###/flag.txt” file. Some help would be grateful!!!

Can you show the syntax that you usted to get the flag? To know what and why you’re stuck. If you’re doing something wrong.

For the last, do you upload the right payload in the “404.php” on theme editor?

Feel free to DM me.