Premise

In this video walk-through, we covered the basics of LFI vulnerability and how to perform a testing to find it. This video is part of web fundamentals pathway from TryHackMe.

Local File Inclusion (LFI) is the vulnerability that is mostly found in web servers. This vulnerability is exploited when a user input contains a certain path to the file which might be present on the server and will be included in the output. This kind of vulnerability can be used to read files containing sensitive and confidential data from the vulnerable system.

The main cause of this type of Vulnerability is improper sanitization of the user’s input. Sanitization here means that whatever user input should be checked and it should be made sure that only the expected values are passed and nothing suspicious is given in input. It is a type of Vulnerability commonly found in PHP based websites but isn’t restricted to them.

Get OSCP Certificate Notes

Importance of Arbitrary file reading

A lot of the time LFI can lead to accessing (without the proper permissions) important and classified data. An attacker can use LFI to read files from your system which can give away sensitive information such as passwords/SSH keys; enumerated data can be further used to compromise the system.

In this task, we are going to find the parameter which is vulnerable to the Local File Inclusion attack. We will then will try to leverage information obtained to get access to the system.

Room Answers

Look around the website. What is the name of the parameter you found on the website?

What is the name of the user on the system?

Name of the file which can give you access to falcon’s account on the system?

What is the user flag?
What can falcon run as root?

Search gtfobins via the website or by using gtfo tool, to see if you find any way to use that binary for privilege escalation.

What is the root flag?

Video Walk-through
https://www.youtube.com/watch?v=3NyggS4Ltmk
About the Author

Cybersecurity Instructor & Swimmer

View Articles