Dive into the TryHackMe "Lo-Fi" room with me as we explore Local File Inclusion (LFI) vulnerabilities and unravel the secrets hidden within this engaging challenge!
https://www.youtube.com/watch?v=FwGWEEQcO-c&list=PLezu4l4_AXSG8LrK4RiCLDKnFaT5LKWWL&ab_channel=ChrisAlupului
https://www.youtube.com/watch?v=_LXA3brPU7A&list=PLezu4l4_AXSG8LrK4RiCLDKnFaT5LKWWL&index=4&t=2954s&ab_channel=ChrisAlupului
https://www.youtube.com/watch?v=TE6NWoxvm6c&list=PLezu4l4_AXSG8LrK4RiCLDKnFaT5LKWWL&index=3&t=2184s&ab_channel=ChrisAlupului
https://youtu.be/g4dElX7yYUc
🔗 TryHackMe Room: Lo-Fi
In this video, we’ll:
✅ Start the machine, configure /etc/hosts, and analyze the setup.
✅ Discuss the fundamentals of file inclusion vulnerabilities, focusing on Local File Inclusion (LFI).
✅ Perform reconnaissance and examine the web application’s structure.
✅ Spot the vulnerability in the URL's page parameter and exploit it to access sensitive files.
✅ Use path traversal techniques ( ../ ) to uncover critical information from the server, like the /etc/passwd file.
Whether you're a beginner or an aspiring ethical hacker, this step-by-step walkthrough will equip you with the skills to identify and exploit LFI vulnerabilities in a safe and controlled environment.
🚀 Subscribe for more hacking adventures and tutorials
🔔 Don’t forget to like, share, and hit the notification bell!
------------------------------
Chris Alupulu's Socials:
Instagram: https://instagram.com/chrisalupului
X: https://x.com/chrisalupului
TikTok: https://tiktok.com/chrisalupului
BlueSky: https://bsky.app/profile/chrisalupulu...
Visit my website: https://alupului.com
My Recording Gear Used:
https://www.amazon.com/shop/chrisalup...
Sponsors:
Interested in sponsoring my videos? Reach out to me at: chris@alupify.com
------------------------------
💡 TIMESTAMPS:
00:00 Intro
00:55 Room info
02:35 File inclusion & LFI
03:51 Adding IP to hosts file
05:55 Recon nmap scan
08:35 Lo-fi website with Burp Suite
21:00 Outro
#tryhackme #thm #ethicalhacking #lfi #cybersecurity #penetrationtesting #kalilinux #burpsuite #infosec #pentesting #offensivesecurity #cybersecurityforbeginners #cybersecuritytutorial #redteam
DISCLAIMER: This video is intended for educational purposes only. All activities demonstrated in this video were conducted on legally authorized systems such as HackTheBox & TryHackMe. Unauthorized hacking, including attempts to gain unauthorized access to computers, servers, or other digital assets, is illegal and unethical. Always obtain proper permission before conducting any form of penetration testing or security research. The techniques shown here should only be used in ethical hacking environments, and I am not responsible for any misuse of the information provided.