TryHackMe : Inclusion

3 min readApr 15, 2022

Hi!!! I haven’t written a blog post in long time. I often think about being here now. Let’s start with the tryhackme lfi inclusion room, if you are a beginner level, this exercise can help you understand local file inclusion.

Difficulty: Easy

Briefly, if we talk about local file inclusion. Local file inclusion is a vulnerability that allows the attacker to read files that are stored locally through the web application.This happens because the code of the application does not properly sanitize the include() function.So if an application is vulnerable to LFI this means that an attacker can harvest information about the web server.

Task 1 : Deploy

This is a beginner level room designed for people who want to get familiar with Local file inclusion vulnerability.

Answer the questions below

Deploy the machine and start enumerating.

Task 2 : Root It

If you’ve deployed the VM then try to find the LFI parameters and get the user and root flag.

Answer the questions below

User Flag

We have an ip address, and it’s 80. the port is open, so we can connect via http.

We click on any page, and when we look at the url, a field has appeared, and it is obvious that we can change it.

We enter our payload and boom we can show any information this machine (username = falconfeast and falconfest password: take/a/good/look/at/the/etc/passwd/page)

http://target-ip/article?name=../../../../etc/passwd

and then 22. since we know that the port is open, we log in with ssh.

We can use and find flags easy this command : find / -name user.txt 2>/dev/null and then we can read with cat flag.

Root Flag

We are trying to find the root flag, but we find that we don’t have the authority after that, if we look at the basics of showing authority, we use the first command that comes to mind sudo -l.