Stuck @ Academy > HACKING WORDPRESS> Skills Assessment - WordPress


I’m stuck at the last module at the fifth Question “Use a vulnerable plugin to download a file containing a flag value via an unauthenticated file download.”.
I don’t know exactly what they want.
I obviously did a wpscan and found a bunch of vulnerabilities.
wpscan --url http://blog.inlanefreight.local --enumerate --api-token ****

I have already a shell on the target system but without knowing which flag they want exactly, it’s quite difficult (at least for me :smiley: )
All other questions were clear for me.

Can anyone help me?

@Toubster did you get it? I could get all the other flags but this one. I inspected the web root directory and home but found nothing. Even after have logged in at wp-admin I didn’t find any extra post/page.

Hi @y0k4i , sry for the late reply!
No, I haven’t found the solution to this one flag. :frowning:

You should detect the right Vuln plugins, and I think you should read exploit information about those vuln plugins on Exploit Database —> You will get the flag for your answering

@Satellite but it isnt the same vuln plugin we exposed in the other questions?
I tryed every plugin and have LFI and RCE access but i fail like @Toubster
I want to complet this modul :cold_sweat:

Just check the vulnerabilities with the CVE number, then you will find the answer