This is a write-up for LFI Inclusion room from TryHackMe which is a beginner level LFI challenge:
Our task is simple: Deploy the machine and find LFI parameters and get the user and root flag. First check what all services are running on the machine using:
nmap -sC -sV 10.10.41.78
So we have SSH and a Web Server running. Lets check the website first.
On the website after doing basic browsing we found the following links:
- http://10.10.41.78/article?name=hacking
- http://10.10.41.78/article?name=lfiattack
- http://10.10.41.78/article?name=rfiattack
We have a parameter “name” and this can be used to do LFI.
Lets try the following and see if we get anything:
http://10.10.41.78/article?name=../../../../../etc/passwd
