Inclusion room write-up
A beginner level LFI challenge on TryHackMe
LFI (Local File Inclusion)
Level : Easy
Room link : https://tryhackme.com/room/inclusion
Hello friends, thodi hacking krlo // skip-this
TASK 1 :-
Deploy the machine, no answer required
TASK 2 :-
- NMAP SCAN : nmap -sV -T4 <I.P>
2. Visiting <I.P> on browser an LFI vulnerable blog shows up
3. Upon visiting one of the blog we can see parameter “?name=” in URL bar and it seems vulnerable. Let’s exploit it!
4. After getting credentials from above ssh into machine and ola we are in 😎
For Privilege Escalation : https://gtfobins.github.io/gtfobins/socat/
Grab the user & root flag from above steps……………
Enjoy, thanks for reading and have a good day 🍺
👋 Follow and connect with me on Github