HTB Academy - Hacking wordpress, Skills Assessment

Hi guys i completed the all questions except “Submit the contents of the flag file in the directory with directory listing enabled.” I checked on the system as user but coudn’t find flag.txt. Please help me where is the quention’s answer?

I’m having issues right at the beginning of this assessment where my WPscan is not working because it says the target machine is not running wordpress when it clearly is. Has anyone else had this issue? I have checked the IP I am using and regenerated new target machines but nothing is working.

Look at the source code.

Hey There!

I’m having some trouble regarding the task where you need to download a file via a vulnerable plugin. I’ve solved all other challenges, and I believe I have found the correct plugin to exploit as well, however when i attempt to do the various PoC’s found online they don’t seem to work. Can anybody help?

You’re not the only one. I ran used nikto to find info about the site and i see it is running bootstrap and not wordpress.


Or am i wrong in my finding?

I am confused about what you mean. I am looking at the sourcecode. There is no mention of WP or Wordpress

This is what I am finding as well. I am confused by what the first step should be. I tried the other links on the page to see if another page had a different source code. I tried the blog page first because WP is often used for blogs, and I tried all the other links I could find on the page. Many of them are broken links and the others dont show much. I also tried adding /admin to the end of the ip because often wp will send you to the admin login page if you do this, so I was hoping it would give me a better foothold to start checking the layout, but I got a 404. Its almost like this VM was not made for this assessment.

Exactly, that’s what I mean. So you need to find a site that really runs on wordpress

Ok, I was able to get all the way to the last item. I am in the wordpress editor. I have been unable to get from there to a shell. I tried the method from the lesson where you add php lines to the 404 page (or other pages) but I am unable to save. There is an error saying that it cannot communicate with server and will not save the code. I have tried installing a vulnerable plugin but Metasploit fails to login with the valid credentials which I used to log in, I know they work but for some reason MS doesnt think they do. I am pretty much out of ideas. Is there some kind of setting or line I could change from this side to make Wordpress not check the php for errors before it saves. That seems to be the cause according to some stuff I found online. Wordpress wants to check the php for errors but cant reach out to some server to do that. Therefore it doesnt save. I tried disabling all the sites plugins to see if one of them was the cause for not being able to reach said server, but it did not fix the problem. I am out of ideas. Someone got a clue?

Hey. I also had the same issue. Try to think what can you edit besides themes and also read warnings

Honestly I have been at this too long and Im starting to overthink it. I wish the course actually covered what I should be looking for because I am completely lost at this point.

finally :slight_smile:

  1. at starting i was stuck at finding wordpress site so read source codes very carefull and edit /etc/hosts file
  2. you will find many vulns but i found a user
  3. edit plugins
    i am not sure this works for you but this is my way to revshell