Testing for all LFI on OWASP-SKF

Welcome back my budding hackers , so this time we’ll blackbox test the Owasp-Skf and we’ll try to test the LFI’s (local file inclusion) this time .

LFI (case-1)

Let’s run our owasp-skf server for LFI

We can see that we have a submit button and a drop down menu as well , so let’s check them out .

On clicking on the submit button and inspecting the html code

We can notice that the server is refeering to a file at location text/intro.txt with the file name as intro.txt , let’s try directory traversal here and check if we can exploit the LFI.

We’ll do directory traversal for /etc/passwd

Once we do that let’s use the drop down option for chapter 1

Once we click on the submit button , we have all the content of /etc/passwd.

LFI (case-2)

Let’s try to exploit , the way we did before

We can see that we get a message “try harder’ , okay let’s try hard then . Since our usual method is not working , so the server must be filtering our “../” , and that’s the reason why we aren’t able to exploit , let’s have a closer look at this photo .

So we’ll use “…/./” in place of “../” alright , so let’s try this method

Here we go , we have exploited LFI .

LFI (case-3)

Let’s try the payload that we used in case-2 here

It says try harder which means that the server isn’t accepting the “../” at all , what we can do now ?

Let’s set up our burp proxy and analyze the requests

When we click on submit button for chapter one , this is the request that we see , we can see the file path here , so let’s inject our payload here .

But before sending the request as i said before the server isn’t accepting “../” at all so what we can do is to encode our payload with url encoding , we can encode it one time , two time whatever , i have encoded it thrice here , so let’s forward this packet .

Here we go

File inclusion vulnerabilities are simple and easy to exploit and they can actually cause potential damage , check out my other blog to learn how you can execute code on server just by exploiting LFI vulnerability .

https://medium.com/@a3h1nt/from-local-file-inclusion-to-reverse-shell-774fe61b7e1e.

--

--

--

Infosec Enthusiast | Student

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

DOP vellum point stress

Flutter Stack Weekly — Issue #9

[TryHackme]- HaskHell Walkthrough

Scraping dynamic HTML in Python with Selenium

Why there is a difference in behavior for copying contents in primitive and non primitive data…

Use Packer from HashiCorp to create images.

Recap — Learn Command Line (P.4)

6-Put Boundary on Player’s Movement

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
A3h1nt

A3h1nt

Infosec Enthusiast | Student

More from Medium

PWNABLE.KR BOF WALKTHROUGH

World Password Day: Get Aware Before It’s Too Late

World Password Day Infographic and information about secure password to avoid attacks

HACKING THROUGH INSTAGRAM