LFI -INCLUSION Tryhackme Walkthrough…
Hee.. guys let check another blog of mine. In this blog i gave detail walkthrough of LFI INCLUSION. I showed 2 differnet Methods to capture the flag. Let get start reading the blog.
Note:
The first step is Reconnissance, why because how much of target information u have that much easy to hack into the system or sever
First Method
Nmap scanning:
Command: nmap -sS -sV -A <Target-Ip>
Port 22 and 80 is open it mean SSH & HTTP is running let check the website.
There is a blog which telling about hacking LFI & RFI Attack let click onthe LFI attack.
They gave the how to do LOCAL FILE INCLUSION which i shown above let do it. I tried and finally i got succeed by getting /etc/passwd folder.
Then i found the falconfeast user which contain ssh password as (rootpassword).
Let do same for /etc/shadow file wheather it giving any data like passwd. We get the root user and noraml user passwd with in hash code
By using same way try to get the normal user and root user flag through LFI Method.
Second Method:
Use the creds which found in the etc/passwd for try to login in to the ssh.
We can see that socat has root privileges with NOPASSWD let try to escalate it. For that go to GTFOBIN search for socat u get the command and use it and try to escalate the root privileges.
SUCCESSFULLY CAPTURE THE FLAG……👏👌
REFERENCE LINK: