TryHackMe Box Walkthrough : Inclusion

A basic level LFI challenge for beginner.

Lets launch the machine before launching the machine make sure your vpn is connected. After Launching we will get ip of the machine.

Reconnaissance

Starting with a simple nmap scan

Command : nmap -sC -sV -p- — min-rate=10000 -oN nmap <machine_ip>

We see that 2 ports are open 22 (SSH), 80 (http). It means there must be a webpage.

We get this page and as we know it is an LFI challenge but there is no parameter in the URL to inject our LFI payload. So when we click on the LFI-attack to see we get any parameter.

we got a parameter ?name=lfiattack. As we went inside the LFI attack we found some information about how LFI vulnerabilty works. So I will try LFI attack on this webpage.

../../../etc/passwd

We will use this credentials to login with SSH.

ssh falconfeast@<IP>

rootpassword

We found our first flag now copy and paste the flag in THM.

Privilege escalation

To escalate our privilege we will what commands can we run as root.

sudo -l

I will go to GTFO Bins to see what payload or command is available for /usr/bin/socat.

sudo socat stdin exec:/bin/sh

Successfully Escalated Privilege to Root now I will look for root flag.

Finally we found the root flag. Copy and paste the flag in THM site and finish the challenge.

If you found this usefull do leave a clap.