So I am trying to complete the Laudanum, One Webshell To Rule Them All section, but I keep getting stuck on the same problem.
When I follow the section very closely I keep getting an error when I try to go to the uploaded document.
What I have done:
I use the PwnBox that is provided by HTB.
So I first edited the /etc/hosts document like it tells you to do. I can browse to the status.inlanefreight.local page and that works fine.
I also did copy the shell that is provided and renamed it to demo.aspx (like in the example).
I edited the shell on line 59 and added the provided IP.
After this I upload the created file to the status.inlanefreight.local page.
I get the message: Uploaded Configuration File Name: C:\inetpub\wwwroot\status.inlanefreight.local\files\demo.aspx
When I go to the link status.inlanefreight.local\\files\demo.aspx I get the error :
404 - File or directory not found. The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
What I have tried
I thought it could have something to do with a blocking mechanism which they talk about in the section. They advise removing comments and or ASCII art. Since there is no ASCII art in this file, but there are a lot of comments I removed those and tried again.
Unfortunately, I got the same result (the 404 error).
I also tried to check if the files directory even exists by doing: status.inlanefreight.local\\files\
This gives me a 403 error which makes me believe it does exist, but I do not get access to it (like it suggests)
I think I have done everything correctly and have been struggling for quite some time now. Can anyone help me or tell me what I can do or what I did wrong?
What browser are you using? I’ve just got it. I had some problems at first but I just reset the target and tried a different name like shell.aspx and accessing the same url as the example but changing the name.
I also had a problem with the first question about "Where is the Laudanum aspx web shell located on Pwnbox? " I have tried copying the same path that you get when you upload it and different variations like chaging / for , using c in upper and lowercase and removing the name of the file. I could not get it, any help?
I`m stuck in the same problem… I have reset the machine and changed the name several times but still get the 404 error… How did you solve your issue?!
Hi mate, I’m stuck on “Where is the Laudanum aspx web shell located on Pwnbox? Submit the full path. (Format: /path/to/laudanum/aspx)” - I’m not entirely sure what’s going wrong, I’ve entered every location of it, as well as every format I could think of.
I don’t want to share the locations here, but could you ping me a message back please - I want to ensure I keep up the 100% on this.
I’ve even searched the entire system locate laudanum but still no luck from the returns.
Yes…I have it, but not logical. In practice, you would have to check where it is located in your box. You can find the “expected” answer in the text in the chapter, copy and paste it. This is not your path, but just the path it was when HTB Academy has been written. tell me if it is ok for you.