Inject HTB Walkthrough | Exploiting LFI to RCE | Beginner Pentesting Guide

We’re tackling the Hack The Box machine Inject, which has a great vulnerability chain to learn which leads to remote code execution (RCE) and is a bit harder then our last video https://youtu.be/x18XKXuj0lo We’ll start by exploiting Local File Inclusion (LFI) and Path Traversal, uncovering a SpringBoot vulnerability that gives us an initial foothold. From there, we move on to privilege escalation by abusing a cron job running Ansible to gain root access. 🔔 If you're into penetration testing, ethical hacking, and CTF challenges, this walkthrough is for you! Don't forget to like, comment, and subscribe for more HTB content. https://www.youtube.com/watch?v=FwGWEEQcO-c&list=PLezu4l4_AXSG8LrK4RiCLDKnFaT5LKWWL&ab_channel=ChrisAlupului https://www.youtube.com/watch?v=_LXA3brPU7A&list=PLezu4l4_AXSG8LrK4RiCLDKnFaT5LKWWL&index=4&t=2954s&ab_channel=ChrisAlupului https://www.youtube.com/watch?v=TE6NWoxvm6c&list=PLezu4l4_AXSG8LrK4RiCLDKnFaT5LKWWL&index=3&t=2184s&ab_channel=ChrisAlupului ------------------------------ Chris Alupulu's Socials: Instagram: https://instagram.com/chrisalupului X: https://x.com/chrisalupului TikTok: https://tiktok.com/chrisalupului BlueSky: https://bsky.app/profile/chrisalupulu... Visit my website: https://alupului.com My Recording Gear Used: https://www.amazon.com/shop/chrisalup... Sponsors: Interested in sponsoring my videos? Reach out to me at: [email protected] ------------------------------ 💡 TIMESTAMPS: 00:00 Intro 01:00 Hosts file 02:00 Recon with nmap 04:36 Resolve & explore website 05:55 Discovered our attack vector 11:25 Testing LFI & path traversal 22:28 SpringBoot vulnerability 32:10 Foothold established 35:38 Priv escalation 40:28 Outro Think you're ready for a bigger challenge? 🔥 Hack The Box Pro Labs offer advanced, real-world network simulations like Dante, Offshore, and Cybernetics. Dive deep into hands-on environments built to level up your skills in hacking, Active Directory, and red teaming. Perfect for sharpening your expertise and exploring real corporate network setups. Get started today! Affiliate Disclaimer: This video includes affiliate links and if you use them, I may earn a small commission at no extra cost to you. 🔥 Thanks for supporting the channel! 👉 Hack The Box Affiliate Link 👈 https://hacktheboxltd.sjv.io/nXk647 #htb #ethicalhacking #pentesting #cybersecurity #ethicalhacker #tryhackme #redteam #infosec #kalilinux #hackthebox #offensivesecurity #lfi DISCLAIMER: This video is intended for educational purposes only. All activities demonstrated in this video were conducted on legally authorized systems such as HackTheBox & TryHackMe. Unauthorized hacking, including attempts to gain unauthorized access to computers, servers, or other digital assets, is illegal and unethical. Always obtain proper permission before conducting any form of penetration testing or security research. The techniques shown here should only be used in ethical hacking environments, and I am not responsible for any misuse of the information provided.