Hacking WordPress (cannot open flag.txt)

“Use the credentials for the admin user [admin:sunshine1] and upload a webshell to your target. Once you have access to the target, obtain the contents of the “flag.txt” file in the home directory for the “wp-user” directory.”

I understand How to use basic commands through RCE like ls , cd and similar commands but for some reason if i attempt to use a command like “cat” there is no output. I have been stuck for 2 days on this one problem.

how would i go about reading the contents of this file ? any hints would be nice :grinning:

1 Like


You have:

Not 100% sure, but the ; could be telling bash that /home/*** is a separate command.



wow. thanks, idk how i got stuck on that one for so long.

No worries! It happens to all of us. I am just glad you didn’t give up!

Definitely take a shot at command injections after, it would have helped you here.

me too, thank you @onthesauce, much appreciated for beginner like me