File Inclusion - TryHackMe Junior Penetration Tester 3.6

Подписаться 4 тыс.

Просмотров 10 тыс.

50% 1

Introduction to Web Hacking, Lesson 6 - File Inclusion !
"This room introduces file inclusion vulnerabilities, including Local File Inclusion (LFI), Remote File Inclusion (RFI), and directory traversal."
course link: tryhackme.com/hacktivities
Module: Introduction to Web Hacking
"Get hands-on, learn about and exploit some of the most popular web application vulnerabilities seen in the industry today."
Get unlimited Web-based AttackBox & Kali tryhackme.com/why-subscribe
================================================
What is TryHackMe's Jr Penetration Tester learning path?
By the end of the FREE course you will learn the necessary skills to start a career as a penetration tester which include:
Pentesting methodologies and tactics
Enumeration, exploitation and reporting
Realistic hands-on hacking exercises
Learn security tools used in the industry
#tryhackme #jrpentester #ethicalhacking =============================================================
Contents
00:00 - Intro
01:09 - Introduction
05:09 - Deploy the VM
06:25 - Path Traversal
11:59 - Local File Inclusion - LFI
17:08 - Local File Inclusion - LFI #2
28:20 - Remote File Inclusion - RFI
31:32 - Challenge - RCE in Lab #Playground
33:44 - Remediation
34:57 - Challenge
=============================================================
Music:
"1968" by TrackTribe - RU-vid Audio Library License -------------------------------------------------------
"Spots Action" - by Audionautix - RU-vid Audio Library License -------------------------------------------------------
Sound Effects from ZapSplat www.zapsplat.com -------------------------------------------------------
Images:
TryHackMe tryhackme.com/hacktivities
Pixabay www.pixabay.com
Vecteezy www.vecteezy.com

Наука

Опубликовано:

29 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 33

@BrockRosen 2 месяца назад

Check out my new song! - "Prelude" ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-UUi1af8rxjo.html

@crazydave1990ify 4 месяца назад

I love how tryhackme teaches absolutely nothing about curl in this particular room, and then they expect you to pull some out of the hat like it's nothing.

@frantardencilla8606 4 месяца назад

Yeah, I had to go back all previous lessons and did not find anything related to this challenge.

@esthertay7124 4 месяца назад

Had to double check if i missed out anything and since i followed room by room, we didnt get to learn how to use Burp too haha

@reu3437 4 месяца назад

@@esthertay7124 I was actually googling how to change get request to post, and a few results mention using burp. But as far as i recall, following through the path, burpsuite is not covered yet! Thank goodness i wasnt the only one feeling like a deer with headlights 😹

@user-hu5xb3yw9q 5 месяцев назад

You made it look easy but from the comments I see I wasn't the only one struggling on this one

@michaelboyd9183 Год назад

Great walkthrough! This room had me stumped for a long time!

@Cashmeister96 Год назад

Thanks, this was a good learning resource you explain the concepts clearly.

@BrockRosen 6 месяцев назад

I try!

@jamest3145 5 месяцев назад

Excellent video. I don’t think the content on THM has enough help for people new to computing so this is very good to give some help. This is a hard room

@mr.meatbeat9894 11 месяцев назад

Thanks man, this really helped. Great explanations. Enjoy the sub.

@BrockRosen 6 месяцев назад

Thanks for the sub!

@rowanmurphy5239 3 месяца назад

I have absolutely no idea where you're getting FoxyProxy out of Burp Suite, I did exactly what you did, and it won't even open anything. Even after I handle the error message that tells me to change a setting. Nothing happens. It just sits there like I didn't press the Open browser button. And THM did not explain almost anything in this entire module.

@sebastianwar7936 8 дней назад

Really feels like between start and end, we were missing 2-3 more learning modules.

@kanchanamarindagoda6039 7 месяцев назад

Thanks a lot, I got stuck in this room for a long time

@BrockRosen 6 месяцев назад

Glad I could help!

@SeekingTech Год назад

I wish to see your account florish, Great Help!!

@leonstone3443 3 месяца назад

hey thanks! you helped me understand better and i finished on my own after the first question! edit. nvm, when i got the challenges part i crapped my pants and came back

@cptvasilyzaytsev9245 6 месяцев назад

Great video. I have spent hours on challenge #3 going down rabbit holes. I appreciate the simplicity of the answer now haha. Is there a specific reason as to why you specified a POST method in the -d (HTTP POST data) flag?

@BrockRosen 6 месяцев назад

All GET requests were being sanitized (what the hint was trying to tell us), so we only needed to change the method and kazaam, the flag pops out. Overall, POST requests are more flexible when a user submits data or files to a server whereas GET is great for saving and coming back to website parameters you've changed

@cptvasilyzaytsev9245 6 месяцев назад

Ok, thanks for clarifying! Does it matter if you specify the method with the -X option, or with the -d option?@@BrockRosen

@BrockRosen 6 месяцев назад

No, I don't think it matters. @@cptvasilyzaytsev9245

@cptvasilyzaytsev9245 6 месяцев назад

Ok, great. Thanks for confirming. I appreciate the comments!@@BrockRosen

@daguru4089 Месяц назад

Can you set the cookie from the developer tools in the browser instead of using the burp suite?

@suhanichoudharry 4 месяца назад

can u tell which editing software you used ?

@frybait0626 3 месяца назад

On the Challenge lab#1 it says "The input form is broken! You need to send `POST` request with `file` parameter!" why is it that you're specifying again the method to "GET" ?

@recon0x7f16 7 месяцев назад

i dont follow at @19:35 i don't understand wdym by how php or file type to pass to the include function.

@FettyHuang 8 месяцев назад

Is anyone else having problems with loading burpsuite? 38:15, I get an error message when I try to press open a browser. I fix that by allowing burp to run without a sandbox but when I turn on the burp from foxyproxy, my page cannot refresh. It's like I am disconnected from the internet when I turn on burp from foxyproxy. I did exactly what he did in the video but either some updates were made or something else cause I cannot access the burpsuite the same as this video.

@jameschatsshit 8 месяцев назад

I've ran into the exact same problem however once you start the browser sometimes you need to send the payload which is why it exists in the first place I believe. Pretty sure you've done all the hard work there, you can see "intercept is on" within the suite which means that it wont load the page until youve told it to. To fix that, every time the page refreshes with intercept, you need to click the "forward" button to connect to the next page within the browser.