[SyLZ]

Unlock to view walkthrough.  :biggrin:

walkthrough Tenet Hidden Content

You must register or login to view this content.

[Buttmuncher]

Sweet walkthrough and the creds work.

however you start with Put the code below in a php file and execute it. - how do you put the code on the server?

EDUT

ah - read more - got it now

[liveartic12]

Where is the bak file location for the foothold in order to have the code for sator.php ?

[SyLZ]

If you found sator.php just add .bak to it. Sator.php.bak and download it.

No need for it in this writeup.

[Buttmuncher]

how did people find sator.php

[caueb]

how did people find sator.php

There is a comment with a hint:
http://tenet.htb/index.php/2020/12/16/logs/#comment-2

[Buttmuncher]

how did people find sator.php

There is a comment with a hint:
http://tenet.htb/index.php/2020/12/16/logs/#comment-2

yeah - i saw that but how do you get the website to give it up?

if you go to / its actually hitting the Wordpress url.

if you try /../sator.php.bak it gets a 404.

[Buttmuncher]

Anyone? I am pretty stuck finding this.

[dragobooste]

Anyone? I am pretty stuck finding this.

The sator.php is on http://10.10.10.223/sator.php

[0xvijay]

Anyone? I am pretty stuck finding this.

Add a new vhost

sator.tenet.htb

then the file is in
http://sator.tenet.htb/sator.php.bak

[Buttmuncher]

Anyone? I am pretty stuck finding this.

Add a new vhost

sator.tenet.htb

then the file is in
http://sator.tenet.htb/sator.php.bak

thank you so much. i am an asshole!

[sergeomm]

Anyone? I am pretty stuck finding this.

Add a new vhost

sator.tenet.htb

then the file is in
http://sator.tenet.htb/sator.php.bak

I'm wondering how you were supposed to find that. I used ffuf to enumerate vhosts, but sator.tenet.htb did not supply me with a different response than let's say blabla.tenet.htb. Is there a logical way to find this out? Because I didn't start searching for sator.php on sator.tenet.htb because I thought that subdomain did not exist.