Open in app

Sign in

Write

Sign in

Mastodon

Member-only story

Lo-Fi: TryHackMe Writeup.

Rsprasangi
DevPulse
Published in
3 min readFeb 21, 2025
Lo-Fi THM

Tackling the Lo-Fi TryHackMe room turned out to be a fascinating adventure! With a mix of curiosity and determination, I jumped right into it, and what followed was an enjoyable learning experience plus a little bit of brute forcing the directory! Follow the steps below to reach to the flag!!!!

Step 1: The Foundation — Scouting the Terrain:

As always the very first step to any challenge is the very well known reconnaissance phase using Nmap. As seen in the below image we get two open ports: 22 for ssh and 80 for http.

Step 2: Peeling Back the Layers:

Opening the web application in my browser, I began analyzing its structure. The source code hinted at a potential Local File Inclusion (LFI) vulnerability, and I decided to test it out.

How to Perform an LFI Attack

1. Inputs: Look for parameters in the URL or form fields that load files, such as ?page= or ?file=.
2

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Continue in app
Or, continue in mobile web

Already have an account? Sign in

DevPulse
DevPulse

Published in DevPulse

53 Followers
Last published 22 hours ago

DevPulse is your go-to publication for cutting edge technical insights, tutorials, and industry trends. Stay ahead in the fast-paced world of development with in-depth articles on coding, software engineering, and the latest tech innovations. Tune into the pulse of technology!

Rsprasangi
Rsprasangi

Written by Rsprasangi

204 Followers
296 Following

With 12 years in IT, I share cutting edge insights on tech, coding and innovation at DevPulse, driving the future of Software Engineering one article at a time.

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams