LFI Inclusion-TryHackMe

0xsanz
2 min readJul 29, 2020
LFI -TryHackMe

This is a write-up for LFI Inclusion room from TryHackMe which is a beginner level LFI challenge:

https://tryhackme.com/room/inclusion

Our task is simple: Deploy the machine and find LFI parameters and get the user and root flag. First check what all services are running on the machine using:

nmap -sC -sV 10.10.41.78

--

--

0xsanz

Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204,AZ500