I’m getting quite frustrated with this Academy lesson. Every other one that I’ve worked through, they have given enough detail to figure out the answer to the question with either the cheat sheet or they tell you how to do it.
The question is: To get the flag, start the above exercise, then use cURL to download the file returned by ‘/download.php’ in the server shown above.
I’ve generated my target and have the IP, load up the PWNBOX and run curl against the target:
┌─[us-academy-2]─[10.10.14.178]─[htb-ac-117766@htb-byh7cnu1sf]─[~]
└──╼ [★]$ sudo curl -O http://inlanefreight.com/download.php
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 329 100 329 0 0 1058 0 --:–:-- --:–:-- --:–:-- 1057
┌─[us-academy-2]─[10.10.14.178]─[htb-ac-117766@htb-byh7cnu1sf]─[~]
└──╼ [★]$ ls
Desktop download.php Templates
┌─[us-academy-2]─[10.10.14.178]─[htb-ac-117766@htb-byh7cnu1sf]─[~]
└──╼ [★]$ cat download.php
Moved Permanently
The document has moved here.
Apache/2.4.29 (Ubuntu) Server at inlanefreight.com Port 80
cat says that this document is not there; and is located through https://…
┌─[us-academy-2]─[10.10.14.178]─[htb-ac-117766@htb-byh7cnu1sf]─[~]
└──╼ [★]$ sudo curl -O https://inlanefreight.com/download.php
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 280 100 280 0 0 1280 0 --:–:-- --:–:-- --:–:-- 1278
┌─[us-academy-2]─[10.10.14.178]─[htb-ac-117766@htb-byh7cnu1sf]─[~]
└──╼ [★]$ ls
Desktop download.php Templates
┌─[us-academy-2]─[10.10.14.178]─[htb-ac-117766@htb-byh7cnu1sf]─[~]
└──╼ [★]$ cat download.php
Not Found
The requested URL was not found on this server.
Apache/2.4.29 (Ubuntu) Server at inlanefreight.com Port 443
Run curl on the https://… url and getting a 404 error.
I’ve tried this on my own Linux VM through the VPN as well as through the PWNBOX. Can someone assist me on what I am doing wrong or missing?