Stuck @ Academy > HACKING WORDPRESS> Skills Assessment - WordPress -

edited March 30 in Off-topic

Hi,

I am stuck at the last module of >>

**ACADEMY > HACKING WORDPRESS > Skills Assessment - WordPress INLANEFREIGHT
**
https://academy.hackthebox.eu/module/details/17

**This is the first question of the module -> Identify the WordPress version number...
**

​To identify the Wordpress version of the module i use wpscan

wpscan --url http://10.129.195.42 --enumerate --api-token mytokenhere

Wpscan says no wordpress installation here on the TARGET machine ->

the remote website is up, but does not seem to be running wordpress.the target machine has no wordpress installed.

Same with curl

curl -sS -X GET LOCALTARGETIP | grep generator

Nothing ..

There are no signs of wordpress installation however

curl -sS -X GET LOCALTARGETIP

I see that there is this link to a http://blog.inlanefreight.local page in the source html, but this link is not resolving, so no wordpress installation there neither..

So far up until here i get no result from targeting the TARGET (10.129.195.42) machine..

so i try to wpscan inlanefreight.com..

when i use wpscan on https://www.inlanefreight.com

I get version 5.6.2 and theme name as -> ben_theme

But these are not the correct answers...Not accepted.

I have nmaped the Target, i see only 22 and 80 ports open!!

What am i missing here, Where is the wordpress installation ? There is no wordpress installation on the Target machine and www.inlanefreight.com wordpress version 5.6.2 is not the correct answer.

What am i missing here ??

Comments

  • First, a caveat. I haven't looked at this academy lab so I have no idea what the correct path is here.

    In general, I'd be hesitant when it comes to launching any packets at what could be a legitimate website. Most resources on HTB use a .HTB or .LOCAL TLD to prevent any traffic accidentally hitting the internet. However, I do notice that the website you've mentioned seems... weird (the phone number is 1800 HTB 8888)

    The version of WP on that public website does appear to be 5.6.2 but it's worth noting that was only released in Feb 2021, so unless the lab is constantly updated, it is unlikely they planned ahead and put that as the answer.

    So I'd focus on the IP address or http://blog.inlanefreight.local domain.

    When you visit http://10.129.195.42 in your browser what do you see?

    Have you tried adding blog.inlanefreight.local and inlanefreight.local to your hosts file and visiting them to see if the header change makes a difference?

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited March 30

    Visiting http://10.129.195.42 i see that there is the an APACHE server serving a simple copy of an inlanefreight site.

    There is no wordpress installation though, only a link to a BLOG -> http://blog.inlanefreight.local..

    But this link wont resolve :(

    I did add this to resolv.conf

    inlanefreight.local 10.129.195.42

    And tried again

    ─$ curl -sS -X GET http://blog.inlanefreight.local/

    Output

    curl: (6) Could not resolve host: blog.inlanefreight.local

  • @lokey said:

    Visiting http://10.129.195.42 i see that there is the an APACHE server serving a simple copy of an inlanefreight site.

    Have you checked none of the sub-pages are actually Wordpress?

    There is no wordpress installation though, only a link to a BLOG -> http://blog.inlanefreight.local..

    Ok, this seems promising.

    But this link wont resolve :(

    I did add this to resolv.conf

    inlanefreight.local 10.129.195.42

    Try adding blog.inlanefreight.local to the hosts file. There isn't a DNS on most HTB environments, so you need to be pretty specific with what hosts names you want to point to what IP addresses.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • 👍 Thanks!

Sign In to comment.