Skills Assessment WordPress - Help on last question

Hi there.
I cant get solved the last question "create shell and read flag.txt from home/erika. Can someone help me? I tried reverse shell on 404 and denied on erika account, msfconsole also uploading the shell. I can only access the http://blog.inlanefreight.local/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd
and tried to change to …path=/home/erika/flag.txt but error comes out.
Regards and thank you in advance,

Solved. Hint: change code without active theme.


I am stuck in “Obtain a shell on the system and submit the contents of the flag in the /home/erika directory”

how to go ahead in this. Can you please help?

Hi. Sure. Did you manage the reverse shell?

I couldn’t obtain reverse shell.

I am trying to get admin credentials by running password wordlists. Once I get admin credentials, I can plant reverse shell.

Am I on the right track?

Yes :ok_hand: as I said previously:

and I would add: then, change to the theme where you put your reverse shell (I suppose on 404.php)