I’m in Hack the Box academy, in the web proxies module. I’m really stuck on changing directories and getting it to show in the browser or in burp.
I feel like I understand the material, as far as what I should be doing, but I’m kinda stuck on how to get the directories to show, and finding the 2nd flag.
My hint is you can use the ‘ls -a’ and ‘cd …’ commands to go to previous directories and view the content.
I had the exact same problem and was stuck for a while until I thought about these two commands. I used them in the Burp repeater and was eventually able to find the directory with the other flag inside.
Hey man I think this part in the module has a bug I’ve literally tried everything for the past 4 days and it’s not working. I fully understand what’s being asked and I have experience using Burp. It will not let me change directories it’s annoying at this point.
I answered this on another thread, but you don’t need to change directories. You just need to view what is in the other directories ls will work until you find the path you need to use to cat the flag
true the pwd command is useful and definitely an alternative to the find command in this situation, if you needed or wanted to navigate the site, I.E. a real website during a web app pentest. but in this situation, i chose a shortcut with find /*…basically just hail mary-ed my way to the flag. haha
I had simalar problems and use a long time “trying harder”. Then I rebooted the boxes and wupti.
use the find command and seach then cat the file. After reboot I had permissions. The flag is there and no surprise in where to find it and yes the pwd command helps you. The 2 flags are not the same.
true you can do that, however the way i was showing was for more of blackbox (real) type setting. Obviously we know the flag is in flag.txt but what about when we do not have that much information to go on,
The find command (and grep for that matter) is a very useful tool especially when you aren’t given the keys to the kingdom.