Is the "Laudanum, One Webshell To Rule Them All" section not working from the "SHELLS & PAYLOADS" module?

So I am trying to complete the Laudanum, One Webshell To Rule Them All section, but I keep getting stuck on the same problem.
When I follow the section very closely I keep getting an error when I try to go to the uploaded document.

What I have done:
I use the PwnBox that is provided by HTB.

So I first edited the /etc/hosts document like it tells you to do. I can browse to the status.inlanefreight.local page and that works fine.

I also did copy the shell that is provided and renamed it to demo.aspx (like in the example).
I edited the shell on line 59 and added the provided IP.

After this I upload the created file to the status.inlanefreight.local page.
I get the message:
Uploaded Configuration File Name: C:\inetpub\wwwroot\status.inlanefreight.local\files\demo.aspx

When I go to the link status.inlanefreight.local\\files\demo.aspx I get the error :
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.

What I have tried

  1. I thought it could have something to do with a blocking mechanism which they talk about in the section. They advise removing comments and or ASCII art. Since there is no ASCII art in this file, but there are a lot of comments I removed those and tried again.
    Unfortunately, I got the same result (the 404 error).
  2. I also tried to check if the files directory even exists by doing:
    status.inlanefreight.local\\files\

This gives me a 403 error which makes me believe it does exist, but I do not get access to it (like it suggests)

I think I have done everything correctly and have been struggling for quite some time now. Can anyone help me or tell me what I can do or what I did wrong?

What browser are you using? I’ve just got it. I had some problems at first but I just reset the target and tried a different name like shell.aspx and accessing the same url as the example but changing the name.

I also had a problem with the first question about "Where is the Laudanum aspx web shell located on Pwnbox? " I have tried copying the same path that you get when you upload it and different variations like chaging / for , using c in upper and lowercase and removing the name of the file. I could not get it, any help?

I already passed that level if you still need help just ping me

1 Like

I`m stuck in the same problem… I have reset the machine and changed the name several times but still get the 404 error… How did you solve your issue?!

Thanks!

read through the passage carefully and you should get an idea of what your looking for.

where full path of the directory you land in ? I’m stuck too

Let go through my notes! I will write back!

You mean the folder you land in after gaining the shell of host-3?!

c:\windows\system32\inetsrv

Hi mate, I’m stuck on “Where is the Laudanum aspx web shell located on Pwnbox? Submit the full path. (Format: /path/to/laudanum/aspx)” - I’m not entirely sure what’s going wrong, I’ve entered every location of it, as well as every format I could think of.

I don’t want to share the locations here, but could you ping me a message back please - I want to ensure I keep up the 100% on this.

I’ve even searched the entire system locate laudanum but still no luck from the returns.

That’s question ask where the webshell that you use is from.So,maybe you can get the answer then.

any result?

Yes…I have it, but not logical. In practice, you would have to check where it is located in your box. You can find the “expected” answer in the text in the chapter, copy and paste it. This is not your path, but just the path it was when HTB Academy has been written. tell me if it is ok for you.

You are actually looking for the demo.aspx file.

I’m stuck too…any help?

I am also stuck on what seems to be a simple question. I have done all other assignments in this module.

The hint says the answer is the absolute path to where the webshell is stored and to look in /usr/share/webshells

Now I am bringing up parrot and execute the following command: ls -lrt /usr/share/webshells
That gives the following results:

It shows that the laudanum directory is symbolically linked to the /usr/share/laudanum path like is shown in the below Figure.

Then I edit the shell.aspx file and add a simple sentence. “This is a test.”

I then check the content of the shell.aspx file under the two possible paths to make sure that it is the same file under each path.

cat /usr/share/webshells/laudanum/aspx/shell.aspx
cat /usr/share/laudanum/aspx/shell.aspx

image
image

Both times the file content shows the text I added. See below.

So, the answer should be one of two:
/usr/share/webshells/laudanum/aspx
or
/usr/share/laudanum/aspx

But none of them is correct.

One also can locate the laudanum directory and look for aspx …
The result is below:

Again, none of the above is correct.

Some notes say that the answer is the location of the demo.aspx file.

According to the writeup they say to copy the files like shown below.
image

This really makes no sense why /home/tester would be the right answer.
It does not really matter where one puts the copy of the file. It could easily be any directory like /tmp
I tried it and it was also incorrect.

Any thoughts on this.

Thanks for any helo.

For second question the anwser u are looking for is on the HTB page provided as a part of a command.

For anyone getting 404 error code, change the allowed IP address list in the laudanum aspx webshell script to contain also your VM or local machines IP.
Otherwise the aspx webshell won’t recognize your IP address as an allowed host to interact with.

And, for the ones struggling with the first question… You have to gain a shell within the web server. Once that’s done, discover the directory you land in…
Since the question steers you to a Windows hosts (the "c:" format), there is one command to view your directory path and files.

You are so close. I looked at all the things you did and what I did and read the question again. The answer in right in front of you. Just read the question, it is not obvious but it is there on your thread.

The path is (/usr/share/nishang/Antak-WebShell/antak.aspx)