Official MetaTwo Discussion

Had a long way until logging in, but after that, root was the easiest thing in the world
This machine gives a good sense of progress, every step has its own lessons and I learnt how to use sqlmap :relaxed:
Recently I kept making scripts to automate some tasks and create misc functionalities, so my rate of completion is decreasing XD

If anyone is needing help, R is always here, I can surely lend you a hand at anytime, just send me a message :heart:

2 Likes

Rooted!
Nice machine! It take a while for retrieve all elements for get a shell as user!
Root was interesting but definitely simple!

Hello, I am a very new beginner and I am struggling with the sql injection, I think I have the right plugin: http://metapress.htb/wp-content/plugins/bookingpress-appointment-booking . I have found an exploit online but I don’t really understand it. Can anyone give me a walkthrough or hint for it, please?

Of course, I sent you a message on the topic, I can guide you through it :heart:

1 Like

Anyone wanna give me a nudge? I was able to log in to the site but when I attempt to upload ANY media file I get a “This file type is not permitted for security reasons”. I have been trying to look through the source code but cant seem to find anything that would inhibit uploads.

I’m having the same issue. Got so frustrated that I looked at a walkthrough just to confirm I was doing it right. Maybe someone messed with the admin settings on wp?

When something is malformed it may be marked as insecure…

Hello after you root a machine, please don’t leave files lying around. Just found the root by using cat on a file. Had to see walkthrough on why it was too easy. The steps to find the flag was more complex than just using cat.

I am having same error … someone please fix this … it’s very frustrating

Hello everyone.

I have found what i need to do to exploit wordpress after i log in.

I follow the steps exactly like the exploit says, but for some reason when i upload the file, i do no get a response with the file that i request in base64.

Is someone else having or faced the same issue?

Very easy machine. Finally I enjoyed this without getting blocked for hours. I even done this without the need of a hint.
If you need any help don’t hesitate to contact me

Nice machine. Foothold was a chain of finding the right exploits and knowing where to look. Took a while, maybe I should have made a script for the xxe part.
Root was a lot easier than other ‘easy’ boxes.
Don’t forget to delete the root password file when you’re done.

hi, I did as described by CVE, but I couldn’t upload files in the WordPress background. Warning This is an unsafe file type

Is your problem solved, I am also experiencing the same situation.

hi, I did as described by CVE, but I couldn’t upload files in the WordPress background. Warning This is an unsafe file type

Hi, as sayed from others uploading a file is a rabbit hole. If you found the right CVE then you just need to look for something more… try to find some usefull information inside files

Is my CVE incorrect, not to upload media files to exploit xxe vulnerabilities?

I’ve spent literally hours with the LFI vuln, completely unable to find the wp-config.php file that I’ve been looking for. Have I missed a vuln that exposes its path? I feel I’ve checked all the common places

I think it’s in the previous directory.

I was being really dumb there, didn’t occur to me to use relative paths… :tired_face: The brain fog was real. Thanks for the pointer though, exactly what I needed.

That was a really fun box, probably on the harder end of easy given how many things you needed to chain together. Root was simple but if you don’t know the technology it’ll make you learn :slight_smile:

If anyone has any specific Qs, or is bashing their head against a wall like I was, DMs are open.