I’m stuck at the last module at the fifth Question “Use a vulnerable plugin to download a file containing a flag value via an unauthenticated file download.”.
I don’t know exactly what they want.
I obviously did a wpscan and found a bunch of vulnerabilities. wpscan --url http://blog.inlanefreight.local --enumerate --api-token ****
I have already a shell on the target system but without knowing which flag they want exactly, it’s quite difficult (at least for me )
All other questions were clear for me.
@Toubster did you get it? I could get all the other flags but this one. I inspected the web root directory and home but found nothing. Even after have logged in at wp-admin I didn’t find any extra post/page.
You should detect the right Vuln plugins, and I think you should read exploit information about those vuln plugins on Exploit Database —> You will get the flag for your answering
@Satellite but it isnt the same vuln plugin we exposed in the other questions?
I tryed every plugin and have LFI and RCE access but i fail like @Toubster
I want to complet this modul
I have the same problem, but i have not figured out yet which file I need to download. Looking on every file accessible to the user erika , I didn’t find any HTB{} or flag yet…
)
