Look carefully at what is sent when various things take place. If you tamper with something, does it change what the thing can do?
I tried different php-wrappers (obviously wrong) an got nothing on the screen :neutral: Still struggle with this thing. Could you give some further “intial” kickstart?
Look carefully at what is sent when various things take place. If you tamper with something, does it change what the thing can do?
I tried different php-wrappers (obviously wrong) an got nothing on the screen :neutral: Still struggle with this thing. Could you give some further “intial” kickstart?
Nevertheless thanks so far!
My mistake - I thought this was a question about the HTB Box Academy, not the Academy LFI.
Hello everyone,
I have been staring at the screen for days trying to figure this out. I have have successfully located the admin panel. But I cant figure out how to get to root. Someone help me please my brain is hurting.
Why is there such an uninformative discussion here? It all comes down to “I’ve solved it” or " look carefully." I look carefully for the second day, tried everything I could from the training section and did not get any result. What should I pay attention to?
Why is there such an uninformative discussion here? It all comes down to “I’ve solved it” or " look carefully."
Largely because everything else gets flagged as spoiler and deleted.
I look carefully for the second day, tried everything I could from the training section and did not get any result. What should I pay attention to?
When you make a request to create a new user account, look at everything that is sent. Dont just click submit and let it happen. Intercept and inspect it. When you’ve done this and think you understand all the things sent, one will be an obvious candidate to be tampered.
Tamper with it and see what happens to the account you create.
Its important to note, it only works on a new account creation, once the account exists, you’ve missed your chance.
Tamper with it and see what happens to the account you create.
Its important to note, it only works on a new account creation, once the account exists, you’ve missed your chance.
I can’t find the account creation form on the site under investigation.
The source code of the main page showed me 3 possible arguments for index.php. Attempts to use different arguments for ‘index.php?page=’ failed.
ffuf does not let you know what other directories or pages there are.
js/main.js didn’t say anything either. Deobfuscation of other scripts, too.
The form for sending messages from the contacts section didn’t help.
The only result I could get was a message about incorrect input when I used the page= arguments of the form in all sorts of ways …//
Which direction should I go next? Maybe I’m not using some application or script that isn’t mentioned in the tutorial section?
It still doesn’t work. I understand that the server is nginx and not Apache, I fix the file paths, but I can’t get anything. Neither using the User-Agent, nor any wrappers.
What else do I need to know besides what the academy has given me in this section?
Greetings, today I have started this test and I am stagnant; I have tried all the techniques that were developed in the module including those of wrapper and obfuscation of html code but apparently this has mechanisms that do not allow it.
What I see is that they indicate to focus first on the index file but here I have a doubt they refer to the index of the main page which is a php extension and I download it with wget but when checking only in the final part, js files appear. Can someone give me any clues that I can follow.
@thenevvin said:
Hello everyone,
I have been staring at the screen for days trying to figure this out. I have have successfully located the admin panel. But I cant figure out how to get to root. Someone help me please my brain is hurting.
Update: just finished. that was lit!
hmmm I’m also now at the admin panel and I think I have tried all the rce methods listed in the tutorial but nothing seems to be working?
I couldn’t find cookies for the webpage so that rules out the session files method, and I have tried the expect wrapper, data wrapper, rfi with python http server, and none of which seems to work.
I’m completely new to penetration testing. Could someone gimme a hint or sth? I’m stuck at getting rce for the last stage.
#btw basic LFI seems to work in the admin panel, but I believe it’s of no use?