Lo-Fi
Want to hear some lo-fi beats, to relax or study to? We've got you covered!
Last updated
Want to hear some lo-fi beats, to relax or study to? We've got you covered!
Last updated
Hey, fellow hackers! 🏴☠️
Today, I’m sharing a cool LFI (Local File Inclusion) challenge room I tackled. Let’s dive in quickly!
Since this was an LFI challenge, a port scan (nmap) wasn’t necessary. But hey, old habits die hard! So, I ran an nmap scan anyway, just to see what’s open.
After scanning through the website, I noticed something interesting—it’s built using PHP. There were two endpoints:
http://10.10.129.104/?search=lofi
http://10.10.129.104/?page=coffee.php
🚨 The "?page=" parameter caught my attention. Why? Because it looked like it was including files dynamically.
My first instinct? Try to read the passwd file (/etc/passwd). So, I entered a classic LFI payload:
💥 Boom! Instead of getting the file, I was greeted with a super dramatic error message:
"HACKKERRR!! HACKER DETECTED. STOP HACKING YOU STINKIN HACKER!" 😆
Okay, so the system was blocking requests that started with a "/". No problemo!
Since direct access was blocked, I tried the good old directory traversal trick using ../ to move up directories.
🎯 Bingo! We got the passwd file. This confirmed that the LFI vulnerability was real.
Now, the real challenge—where was the flag? Since there were no user directories, I figured the flag could be placed somewhere random in the system.
So, I started testing different paths, from the root (/). :
🎉 Voilà! Flag Captured!
This was a fun and educational challenge! If you’re a developer, make sure your applications validate inputs properly to prevent these attacks.
Hope you enjoyed this write-up! Keep hacking (ethically, of course 😉), and stay curious! 🚀💻
