☎️
Contrxl
  • 🏡Home
  • ❓Anonymity Tools
  • ⌨️Cisco
    • Networking Basics
      • Communication in a Connected World
      • Network Components, Types and Connections
      • Wireless and Mobile Networks
      • Home Networking Technologies
      • Communication Protocols
      • Network Media
      • The Access Layer
      • The Internet Protocol
      • IPv4 and Network Segmentation
  • 💾Intune
    • ADMX Configuration
    • App Deployment
    • App Updating/Patching
    • File Deployment
    • Remediations
  • 🎓Learning Links
  • 💻Microsoft
    • 📘Microsoft Portal Links
    • Configure SIEM Security Operations using Microsoft Sentinel
      • Create and Manage Microsoft Sentinel Workspaces
        • Introduction
        • Plan for the Microsoft Sentinel Workspace
        • Create a Microsoft Sentinel Workspace
        • Manage Workspaces Across Tenants Using Azure Lighthouse
        • Understand Microsoft Sentinel Permissions and Roles
        • Manage Microsoft Sentinel Settings
        • Configure Logs
  • 📰News & Information
  • 💡OSINT
    • IP & Domain OSINT
    • Email & Username OSINT
    • Vulnerability OSINT
  • 📚Projects
    • ‼️A Simulation Study of DDoS
  • ⚒️Tools
    • Burp Suite
      • Repeater
      • Intruder
      • Other Modules
    • GoPhish
    • Hydra
    • John the Ripper
    • Metasploit
      • Exploitation
      • Meterpreter
    • NMAP
    • Wireshark
  • 🖥️TryHackMe
    • Learning Paths
      • Complete Beginner
        • 1. Complete Beginner Intro
        • 2. Linux Fundamentals
        • 3. Introductory Networking
        • 3.1 Network Exploitation Basics
        • 4. OWASP Top 10 Exploits
        • 5. Upload Vulnerabilities
        • 5.1 An Example Methodology
        • 6. Cryptography - Hashing
        • 7. Cryptography - Encryption
        • 8. Active Directory Basics
        • 9. What the Shell?
        • 10. Linux Privesc
        • 11. More Linux Privesc
      • Jr Penetration Tester
        • Walking an Application
        • Content Discovery
        • Subdomain Enumeration
        • Authentication Bypass
        • IDOR
        • File Inclusion
        • SSRF
        • XSS (Cross-site Scripting)
        • Command Injection
        • SQL Injection
        • Passive Reconnaissance
        • Active Reconnaissance
        • Protocols and Servers
        • Protocol and Server Attacks
        • Vulnerabilities
        • Exploiting Vulnerabilities
        • Linux Privilege Escalation
        • Windows Privilege Escalation
      • CompTIA Pentest+
        • Planning and Scoping
          • Pentesting Fundamentals
          • Red Team Engagements
          • Governance and Regulation
        • Tools and Code Analysis
          • Metasploit: Introduction
          • Wireshark: The Basics
          • Burp Suite: The Basics
          • Hydra
          • Python Basics
        • Attacks and Exploits
          • Phishing
          • Windows Local Persistence
          • Breaching Active Directory
          • Lateral Movement & Pivoting
Powered by GitBook
On this page
  1. TryHackMe
  2. Learning Paths
  3. Jr Penetration Tester

File Inclusion

Sixth section in Jr Penetration Tester learning path.

Introduction

In some scenarios, web apps are configured to request access to files on a given system, including images, static text etc. Parameters are query parameter strings attached to the URL. File inclusion vulnerabilities are commonly exploited in programming languages for web apps like PHP that are poorly written and implemented. An attacker could leverage these vulnerabilities to leak data like code, credentials or other files. If the attacker can write files, then this could also be used to gain RCE (Remote Code Execution).

Path Traversal

Also known as directory traversal, a web app vulnerability can be used to allow an attacker to read OS resources like local files on the server. Path traversal occurs when the user's input is passed to a function like "file_get_contents" in PHP.

The behaviour of the URL can be tested by using the dot-dot-slash attack. An example of this would be modifying a URL to: http://app.com/get.php?file=../../../../etc/passwd, if this returns the contents of /etc/passwd then we have a path traversal vulnerability.

Local File Inclusion (LFI)

LFI attacks are often due to developers lack of security awareness, in PHP, functions like include, require, include_once and require_once often contribute to vulnerable web apps. Along with the dot-dot-slash attack we can experiment with null bytes, a null byte is %00 or 0x00 in hex and is used to terminate a string. Adding a null byte to the end of a payload tells the function to ignore everything after it.

Remote File Inclusion (RFI)

RFI is used to include remote files, like LFI, RFI occurs when input is not sanitised correctly. The risk of RFI is higher as it allows attackers to gain RCE on a server, other consequences of this include: sensitive information disclosure, cross-site scripting (XSS) and denial of service (DoS).

Last updated 11 months ago

🖥️
  • Introduction
  • Path Traversal
  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)