(File Inclusion TryHackMe) Local File Inclusion [LFI] Vulnerability FileInclusionVM walkthrough THM

This video will walk you through FileInclusionVM room on tryhackme from Task 1 - 5 and also explain Concept and impact of Local file Inclusion Vulnerability.

File Inclusion (RFI) and Local File Inclusion (LFI) are vulnerabilities that are often found in poorly-written web applications. These vulnerabilities occur when a web application allows the user to submit input into files or upload files to the server

File Inclusion vulnerabilities allow an attacker to read (and sometimes execute) files on the victim machine. This can be very dangerous because if the web server is misconfigured and running with high privileges, the attacker may gain access to sensitive information. If the attacker is able to place code on the web server through other means, then they may be able to execute arbitrary commands.

IMPORTANT LINUX FILE LOCATION – /etc/issue – /proc/version – /etc/profile – /etc/passwd – /etc/passwd – /etc/shadow – /root/.bash_history – /var/log/dmessage – /var/mail/root – /var/spool/cron/crontabs/root

Links TryHackMe - https://tryhackme.com/room/fileinc

CTF-SEC YOUTUBE - https://www.youtube.com/channel/UCMq4uUwcWnYgfe3z5w3Kt7A FACEBOOK - https://www.facebook.com/MarstartechNigeria/ INSTAGRAM - PATREON - https://www.patreon.com/computertechforum

00:00 Understanding Local file inclusion 02:31 Modifying host file 04:01 Introduction [Task 1] 04:31 Deploying machine [Task 2] 04:51 Path Transversal [Task 3] 05:38 Identifying LFI and viewing /etc/password file using path transversal LAB 1 [Task 4] 08:35 Identifying directory specified in an LFI include function LAB 2 [Task 4] 09:26 Bypassing Filters using Null byte character LAB 3 [Task 5] 13:43 Locating function causing directory transversal LAB 4 [Task 5] 14:49 Bypassing include statement that is set to read files from a define location LAB 6 [Task 5] 16:56 Reading specific file (/etc/os-relealse) from web server using Defined Path Transversal LAB 6 [Task 5] 19:07 Please Leave a comment

To be continued in the next video #Tryhackme #PathTransversal #FileInclusion #LocalFileInclusion #lfiBypass #RFI #RCE #pentesting #Hacking #lfi #howto #2022 ... https://www.youtube.com/watch?v=7r_Ufo4vscM