TryHackMe Inclusion writeup (Beginner Friendly)

Hi, this write-up is for inclusion, a beginner LFI challenge. Hope you guys like it. This is a room created by falconfeast.

Inclusion TryHackMe room Link: https://tryhackme.com/room/inclusion

Task 1 Deploy

Just simply connect to TryHackMe OpenVPN or start AttackBox in TryHackMe to start with.

Task 2 Root It

In this task, there are two questions and both are the same finding for flags.

#1
Let's go to the link provided by TryHackMe. We can see this page.

As the question state, find parameters. So, let's click buttons around to get what is the same “word” in the URL.

It seems we have found out what is the parameter for this site. So, we can start to search for directories through this URL.

After entering ../../../../etc/passwd, we could see this output generated from the site. It seems we are on the right track. Now, we can try ../../../../etc/shadow, which is the hash is stored. And…

Yes, we found the hash for the user! Now let’s save the hash we found and run hashcat to crack the hash for us.

This method doesn't seem to work. So, I use another method which will be easier. By using ../../../../home/user/user.txt, we could easily get the flag we wanted.

Now, its the turn of root.txt. I tried the same method to find root.txt.

AND WE ARE DONE!!

Conclusion I found:
1. Clicking around is a good start to find things.
2. Finding hash is not the only way to get access to the files. There might be a more easy way to do that.

Thank you for reading this write-up. And thanks THM for providing such a good place for learning how to hack.

<script src="https://tryhackme.com/badge/138308"></script>