I’m stuck at the last module at the fifth Question “Use a vulnerable plugin to download a file containing a flag value via an unauthenticated file download.”.
I don’t know exactly what they want.
I obviously did a wpscan and found a bunch of vulnerabilities. wpscan --url http://blog.inlanefreight.local --enumerate --api-token ****
I have already a shell on the target system but without knowing which flag they want exactly, it’s quite difficult (at least for me )
All other questions were clear for me.
@Toubster did you get it? I could get all the other flags but this one. I inspected the web root directory and home but found nothing. Even after have logged in at wp-admin I didn’t find any extra post/page.
You should detect the right Vuln plugins, and I think you should read exploit information about those vuln plugins on Exploit Database —> You will get the flag for your answering
@Satellite but it isnt the same vuln plugin we exposed in the other questions?
I tryed every plugin and have LFI and RCE access but i fail like @Toubster
I want to complet this modul
I have the same problem, but i have not figured out yet which file I need to download. Looking on every file accessible to the user erika , I didn’t find any HTB{} or flag yet…
Finally, thank you for a hint that actually made sense. I spent literally 2 full weeks on flag 5 (and had all the others and root access etc.) Wow finally done with this module. HTB shoud kind of rewrite some of the hints and questions as this was not about skills and understanding but had no idea wth they wanted from me.