Repeating web requests

I’m in Hack the Box academy, in the web proxies module. I’m really stuck on changing directories and getting it to show in the browser or in burp.

I feel like I understand the material, as far as what I should be doing, but I’m kinda stuck on how to get the directories to show, and finding the 2nd flag.

Hey,

My hint is you can use the ‘ls -a’ and ‘cd …’ commands to go to previous directories and view the content.

I had the exact same problem and was stuck for a while until I thought about these two commands. I used them in the Burp repeater and was eventually able to find the directory with the other flag inside.

1 Like

Hey man I think this part in the module has a bug I’ve literally tried everything for the past 4 days and it’s not working. I fully understand what’s being asked and I have experience using Burp. It will not let me change directories it’s annoying at this point.

I answered this on another thread, but you don’t need to change directories. You just need to view what is in the other directories ls will work until you find the path you need to use to cat the flag

don’t forget to use ls -la for your own sanity.

just ls root dir and cat the flag

1 Like

I’ve tried everything: ;ls -la; or ;ls -a; … even tried to cat flag2.txt but I cant get flag # 2. Can someone please help? Thanks!

don’t waste your time with the ls command or searching…trying to find the magic directory or change directories.

use the find command
find /* -name flag.txt

then cat the output

3 Likes

use the find command
find /* -name flag.txt

then cat the output

4 Likes

Thank you!!

1 Like

Hey - thanks so much for that! I tried this, but both flags are the same, what am I doing wrong?

*edit: ah I’ve figured it out. Also cool that you can use commands like ‘pwd’ to find out where you are :smiley:

1 Like

true the pwd command is useful and definitely an alternative to the find command in this situation, if you needed or wanted to navigate the site, I.E. a real website during a web app pentest. but in this situation, i chose a shortcut with find /*…basically just hail mary-ed my way to the flag. haha

i do that find /* -name flag.txt but flag same , and pwd i am on /var/www/html/flag.txt but the flag same

1 Like

I had simalar problems and use a long time “trying harder”. Then I rebooted the boxes and wupti.

use the find command and seach then cat the file. After reboot I had permissions. The flag is there and no surprise in where to find it and yes the pwd command helps you. The 2 flags are not the same.

1 Like

1;cat /* flag.txt; to save my people time

4 Likes

true you can do that, however the way i was showing was for more of blackbox (real) type setting. Obviously we know the flag is in flag.txt but what about when we do not have that much information to go on,
The find command (and grep for that matter) is a very useful tool especially when you aren’t given the keys to the kingdom.

If still anyone is looking for the solution better follow this link Using Web Proxies HackTheBox. Intercepting Web Requests | by Avataris12 | Medium for saving some time

thanks for that!

There are two flag.txt files
The first file is found on the root directory
/flag.txt
The other is found at /www/html/flag.txt

Use the command find /* -name flag.txt to find all the files

Then use the command cat /flag.txt