Drag any color from the left toolbar to an area or text in the page. A blue outline will indicate a droppable element.
On mobile, wait a tiny bit until you drag the color drop.
Let the hunt begin!
Hackthebox Aragog Walkthrough:
Nmap Result
|
1 2 3 4 5 6 7 8 9 |
[snip] PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 | ftp-anon: Anonymous FTP login allowed (FTP code 230) [snip] 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0) [snip] 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) [snip] |
FTP allow anonymous login, further enumeration reveal “test.txt” file.
The following code will return “ugly” page like this:
|
1 2 3 4 5 6 |
//case where someone attempting to reach wp-admin if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX') && basename( $_SERVER["SCRIPT_FILENAME"] ) !== 'admin-post.php'){ //Fix to prevent fatal error caused by some themes and Yoast SEO do_action('aiowps_before_wp_die_renamed_login'); wp_die( __( 'Not available.', 'all-in-one-wp-security-and-firewall' ), 403 ); } |
Since we have our own 404 page, why not we use it? Add the following code to redirect it to our theme 404 page.
|
1 2 3 4 5 6 7 8 9 10 |
//case where someone attempting to reach wp-admin if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX') && base name( $_SERVER["SCRIPT_FILENAME"] ) !== 'admin-post.php'){ //Fix to prevent fatal error caused by some themes and Yoast SEO do_action('aiowps_before_wp_die_renamed_login'); //wp_die( __( 'Not Available.', 'all-in-one-wp-security-and-firewall ' ), 404 ); global $wp_query; $wp_query->set_404(); status_header( 404 ); get_template_part( 404 ); exit(); } |
and now for security reason, whoever request to the restricted page will get our beautiful 404 page.
Welcome to HuntForBug. This is my first post. Let the hunt begin!
– HFB –