I am learning HTB academy file inclusion topic, while doing PHP wrappers module. I am able to get the web shell but from web shell I am not able to get the reverse shell and flag also.
Here the question is find the flag at / with PHP wrappers, How should I know where flag file is located.
I got the web shell and I am able to run the id and ls and some commands but i am not find the flag, how should i find the flag where is located / means root or home directory, I am trying this from one week, there is no hints for the question.
Hey not sure if you got this already but I would start by listing the root directory with something like ls / or ls+/ in the url friendly form.
-onthesauce
I am also getting the same issue from last 2 weeks, I got the web shell but I haven’t get the reverse shell and I am able to find out the flag at /. what is this mean, it mean root directory or home directory.
There is find command is there, when I try the find command: find /home -n name flag.txt
The file is not located and I am not able to find out the flag.
Are anyone found this from somewhere, Give me some hints.
First, we need to run the “pwd” command to check the current working directory. the output will be “/var/www/html” . After this we need to list all directories in " / " folder command for this is " ls+/ ".The output will have a text file " .txt ".we can use the cat command to see the flag inside the txt file.
command: " cat …/…/…/[name_of_text_file].txt "
NOTE: the name of file which has flag is not flag it is some random characters
Thanks with this help I was able to complete the module.
But what I am wondering about is, where does the “+” come from when you are trying to pass the command for “ls /”? I realize the + is taking the place of the space in a multi worded command… but why +? I literally do not know why I would use a + in this case. Some kind of encoding? But not url. Because a space translates to something like %20