Php script in Tier1 machine 5 "Three" not working

I may not be posting this in the right place, I’m new here, forgive me please.
I’ve been working my way through the machines from the ground up, and am getting hung up on Three. I’ve been following the walkthrough and everything has been fine, until it’s time to enter http://s3.thetoppers.htb/shell.php?cmd=id
into the browser. Instead of getting the {udi, gid, and group} I’m just getting blank brackets {}
My php script is exactly what’s in the walkthrough, <?php system($_GET["cmd"]); ?>
Any thoughts? Thanks in advance, much appreciated!

1 Like

same issue here, just displays {}

Hello you two,

i just had the same issue. I thought it may be some sort of bug or something like that, till i just checked up the URLs again that are used in the walkthrough. You are using the wrong URL, as the shell-script is uploaded to the upper domain level. You will have to change your URL to thetoppers.htb/shell.php. I’m not very familiar with s3, so I can’t exactly explain why the shell is not available within the s3 subdomain, but that should fix the issue.

Kind regards,

Same here, maybe S3 did some changes to how they interpret this kind of PHP scripts …

I tried using both top-level domain and sub-domain:

update: nevermind, it works, simply remove s3 from the URL: http://thetoppers.htb/shell.php?cmd=id

I was having the same problem. Turns out I used the exact onliner that is in the walkthrough to add s3.thetoppers.htb to /etc/hosts, including the ip that was there.
Changed /etc/hosts accordingly and it immediatly worked.

[TARGET IP]     thetoppers.htb
[TARGET IP]     s3.thetoppers.htb

same problem! i see nothing with ncat

FIXED!!! i found the problem and it’s really stupid
in shell.php instead of $_GET[“cmd”] do $_GET[‘cmd’]
i think the use of these → “” is making it not understand the script

Help, I followed all the advise above and I am getting a white blank page when I put in http://thetoppers.htb/shell.php?cmd=id in the browser. I have tried everything.
This is my hosts file. The IP is correct per lab.