MENU

Fun & Interesting

How to Exploit LFI | LoFi TryHackMe Walkthrough for Beginners

Chris Alupului 2,085 4 months ago
Video Not Working? Fix It Now

Dive into the TryHackMe "Lo-Fi" room with me as we explore Local File Inclusion (LFI) vulnerabilities and unravel the secrets hidden within this engaging challenge! https://www.youtube.com/watch?v=FwGWEEQcO-c&list=PLezu4l4_AXSG8LrK4RiCLDKnFaT5LKWWL&ab_channel=ChrisAlupului https://www.youtube.com/watch?v=_LXA3brPU7A&list=PLezu4l4_AXSG8LrK4RiCLDKnFaT5LKWWL&index=4&t=2954s&ab_channel=ChrisAlupului https://www.youtube.com/watch?v=TE6NWoxvm6c&list=PLezu4l4_AXSG8LrK4RiCLDKnFaT5LKWWL&index=3&t=2184s&ab_channel=ChrisAlupului https://youtu.be/g4dElX7yYUc 🔗 TryHackMe Room: Lo-Fi In this video, we’ll: ✅ Start the machine, configure /etc/hosts, and analyze the setup. ✅ Discuss the fundamentals of file inclusion vulnerabilities, focusing on Local File Inclusion (LFI). ✅ Perform reconnaissance and examine the web application’s structure. ✅ Spot the vulnerability in the URL's page parameter and exploit it to access sensitive files. ✅ Use path traversal techniques ( ../ ) to uncover critical information from the server, like the /etc/passwd file. Whether you're a beginner or an aspiring ethical hacker, this step-by-step walkthrough will equip you with the skills to identify and exploit LFI vulnerabilities in a safe and controlled environment. 🚀 Subscribe for more hacking adventures and tutorials 🔔 Don’t forget to like, share, and hit the notification bell! ------------------------------ Chris Alupulu's Socials: Instagram: https://instagram.com/chrisalupului X: https://x.com/chrisalupului TikTok: https://tiktok.com/chrisalupului BlueSky: https://bsky.app/profile/chrisalupulu... Visit my website: https://alupului.com My Recording Gear Used: https://www.amazon.com/shop/chrisalup... Sponsors: Interested in sponsoring my videos? Reach out to me at: [email protected] ------------------------------ 💡 TIMESTAMPS: 00:00 Intro 00:55 Room info 02:35 File inclusion & LFI 03:51 Adding IP to hosts file 05:55 Recon nmap scan 08:35 Lo-fi website with Burp Suite 21:00 Outro #tryhackme #thm #ethicalhacking #lfi #cybersecurity #penetrationtesting #kalilinux #burpsuite #infosec #pentesting #offensivesecurity #cybersecurityforbeginners #cybersecuritytutorial #redteam DISCLAIMER: This video is intended for educational purposes only. All activities demonstrated in this video were conducted on legally authorized systems such as HackTheBox & TryHackMe. Unauthorized hacking, including attempts to gain unauthorized access to computers, servers, or other digital assets, is illegal and unethical. Always obtain proper permission before conducting any form of penetration testing or security research. The techniques shown here should only be used in ethical hacking environments, and I am not responsible for any misuse of the information provided.

Comment