Use nmap to scan for open ports.

Head to the web server

Clicking on the LFI-attack page will showcase how to do LFI attack on a website

Add the following to the end of address article?name=../../../../../../etc/passwd and inspect source to get a better view,

Try it with article?name=../../../../../../root/root.txt to gain the final flag

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: