Module "WEB requests". To get the flag, use cURL to download the file returned by '/download.php' in the above server

Hi!
I downloaded this file and didn’t find the flag:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://inlanefreight.com/download.php&quot;&gt;here&lt;/a&gt;.&lt;/p&gt;
<hr>
<address>Apache/2.4.29 (Ubuntu) Server at inlanefreight.com Port 80</address>
</body></html>

Where is the flag here?

Hey, what does the curl line look like?

Feel free to DM me the line you are using.
-onthesauce

curl -O inlanefreight.com/download.php

Try it with no -O flag. And skip the domain name if you haven’t put it into the hosts file.
-onthesauce

What does it mean?

Without -O flag it gives the same result.

So do ‘curl IP/download.php’

If you haven’t added the IP and domain name to the hosts file then how is linux going to know what inlanefreight is?

curl 134.209.24.248/download.php

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.4.29 (Ubuntu) Server at 134.209.24.248 Port 80</address>
</body></html>

So I think there’s some problem with this task in HTB Academy.

Try resetting the target machine and give it another go.

Just did it. The same result.

Thanks for the help anyway.

Did you reset your pwnbox too?

Yes

OK. I solved the problem. It was necessary to enter the target IP and not the URL which was mentioned in the text.
Thank you for your time.

Hey no worries. I was kinda thinking that was implied haha.

Definitely keep the /etc/hosts file in mind you will need to understand it in future modules. As an example, if you had added the IP and domain name to the hosts file:
134.209.24.248 inlanefreight.com
Then your previous command would have worked. Because the machine would have checked the hosts file in its search to translate that domain into an IP address. This may not make sense now, but it will soon.

Hope that helps you in the future. Keep at it!
-onthesauce

Thanks!

It didn’t work for me, I didn’t find the flag (
what command did you end up using?

Hi!
What command did you use?
Did you connect to the target before this?

1m

connect to the target machine;
make sure to add the port with the ip address of the target machine,
like so;
curl ip:port/download.php --remote-name

you will get the flag.
it will be downloaded into the current folder you are or your root folder.
:grinning:

1 Like

trying to add but permission was denied…