👩‍🎓👨‍🎓 Check out how we can detect an LFI and escalate it to an RCE on the Archangel box by @RealTryHackMe
Check out the box on Try Hack Me: tryhackme.com/room/archangel
00:00 Introduction
00:20 Finding a domain name
01:25 Running FFuF to perform content discovery
03:00 Simple LFI
04:30 PHP:// Wrapper
06:00 Reading the source code
07:30 Bypassing WAF
08:40 Log poisoning
10:00 RCE
13:30 Outro
---
🧑‍💻 Sign up and start hacking right now - go.intigriti.com/register
👾 Join our Discord - go.intigriti.com/discord
🎙️ This show is hosted by / pinkdraconian ( @PinkDraconian ) & / intigriti
👕 Do you want some Intigriti Swag? Check out swag.intigriti.com/