TryHackMe: Local File Inclusion Writeup

Local File Inclusion Logo at Tryhackme

This room aims to understand and exploit a web server that is vulnerable to the Local File Inclusion (LFI) vulnerability. This room can be accessed using this link: https://tryhackme.com/room/lfi

Task 1: Deploy

  1. Deploy the VM and access its web server: http://MACHINE_IP. Answer: No answer needed

Task 2: Getting user access via LFI

  1. Look around the website. What is the name of the parameter you found on the website? Answer: page
  2. You can read the interesting files to check out while testing for LFI. Answer: No answer needed
  3. This file can give information about the system like the name of all the existing users on the system. Answer: No answer needed
  4. What is the name of the user on the system? Answer: falcon
  5. Once you find the name of the user it’s important to see if you can include anything common and important in that user’s directory, could be anything like theirs .bashrc etc. Answer: No answer needed
  6. Name of the file which can give you access to falcon’s account on the system? Answer: id_rsa
  7. What is the user flag? Answer: B8LEGIF049JT4RTVWUG4

Task 3: Escalating your privileges to root

  1. What can falcon run as root? Answer: /bin/journalctl
  2. Search gtfobins via the website or by using gtfo tool, to see if you find any way to use that binary for privilege escalation. Answer: No answer needed
  3. What is the root flag? Answer: H1EQRK5XEX140H2KMO08
  4. Why not complete the LFI beginner level challenge next? Answer: No answer needed

Follow me on LinkedIn: https://www.linkedin.com/in/-prashantkumar07/

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store