by neosama - February 27, 2021 at 08:37 PM
Guys i tried lot of bruteforcing but not correct. You guys can share wordlists?
Dirsearch will give you the answer
Where is the tutorial??
@robix73 wttt???????????????
(February 27, 2021 at 08:56 PM)Ro0ted Wrote: Dirsearch will give you the answer

I found this bro but how to continue mate :>>

Run dirsearch on the 2 Wordpress you’ll find interesting files
I've been stuck in the dashboard after reusing creds. Do we go after the bank? Is there an authenticated RCE or am I being stupid?

EDIT: nevermind. got it after fighting with some php. now enuming for katie and stuck at foothold
here there are the creds, but view page source : http://spectra.htb/testing/wp-config.php.save
after that : msfconsole admin upload (use exploit/unix/webapp/wp_admin_shell_upload)

Possibly Related Threads…
Thread Author Replies Views Last Post
FLAG Hackthebox spectra and thenotebook writeup Nsociety 1 649 April 22, 2021 at 07:41 PM
Last Post: razza
FLAG HTB Spectra xurka 7 1,650 March 14, 2021 at 05:33 PM
Last Post: paulwatson42016
TUTORIAL Spectra Detailed Writeup Jockerjock 0 1,003 March 04, 2021 at 12:46 PM
Last Post: Jockerjock

 Users browsing this thread: 1 Guest(s)