Hacking WordPress (cannot open flag.txt)

m4tt20 · March 18, 2022, 1:05pm

“Use the credentials for the admin user [admin:sunshine1] and upload a webshell to your target. Once you have access to the target, obtain the contents of the “flag.txt” file in the home directory for the “wp-user” directory.”

I understand How to use basic commands through RCE like ls , cd and similar commands but for some reason if i attempt to use a command like “cat” there is no output. I have been stuck for 2 days on this one problem.

how would i go about reading the contents of this file ? any hints would be nice

onthesauce · March 18, 2022, 1:17pm

Hey,

You have:
?cmd=

Not 100% sure, but the ; could be telling bash that /home/*** is a separate command.

Try:
?cmd=
Or:
?cmd=

m4tt20 · March 18, 2022, 1:20pm

wow. thanks, idk how i got stuck on that one for so long.

onthesauce · March 18, 2022, 1:21pm

No worries! It happens to all of us. I am just glad you didn’t give up!

Definitely take a shot at command injections after, it would have helped you here.
-onthesauce

bloodoflapulapu · July 4, 2022, 4:30am

me too, thank you @onthesauce, much appreciated for beginner like me