Hacking WordPress (cannot open flag.txt)

m4tt20 · March 18, 2022, 1:05pm

“Use the credentials for the admin user [admin:sunshine1] and upload a webshell to your target. Once you have access to the target, obtain the contents of the “flag.txt” file in the home directory for the “wp-user” directory.”

I understand How to use basic commands through RCE like ls , cd and similar commands but for some reason if i attempt to use a command like “cat” there is no output. I have been stuck for 2 days on this one problem.

how would i go about reading the contents of this file ? any hints would be nice

onthesauce · March 18, 2022, 1:17pm

Hey,

You have:
?cmd=

Not 100% sure, but the ; could be telling bash that /home/*** is a separate command.

Try:
?cmd=
Or:
?cmd=

m4tt20 · March 18, 2022, 1:20pm

wow. thanks, idk how i got stuck on that one for so long.

onthesauce · March 18, 2022, 1:21pm

No worries! It happens to all of us. I am just glad you didn’t give up!

Definitely take a shot at command injections after, it would have helped you here.
-onthesauce

bloodoflapulapu · July 4, 2022, 4:30am

me too, thank you @onthesauce, much appreciated for beginner like me

Dartvol · November 20, 2024, 9:08pm

Thank you, I would never have guessed to use exactly “+”

Topic		Replies	Views
Remote Code Execution (RCE) via the Theme Editor [Academy] Other wordpress , rce , htb-academy	7	2835	January 19, 2023
Hacking Wordpress Academy - Remote Code Execution (RCE) via the Theme Editor Capture the Flags	1	2465	January 19, 2022
Help Academy	0	261	May 25, 2024
ATTACKING COMMON APPLICATIONS \| Attacking WordPress Academy wordpress	11	2749	November 20, 2024
Use what you learned in this section find the content of flag.txt in the home folder of the user you previously found in command injetion Bypassing Blacklisted Commands	1	1856	December 1, 2023

Hacking WordPress (cannot open flag.txt)

Related topics