Academy help

edited December 2020 in Other

Hello, guys.

I would really love a help on Skills Assessment - File Inclusion/Directory Traversal academy exercise.

I have tried almost every technique, but nothing seems to be working for me, so I can not find the exact technique needed for the vulnerability, so I can access root.

Any help? Thanks

Tagged:

Comments

  • Hi Jotunr,
    did you pay attention to the page when doing your test? I think you could do the tests again carefully to have an idea of how the website has been designed for the purpose of LFI.
    try "Source Code Disclosure via PHP Wrappers" we learned in the course and maybe you will find some interesting things ...

  • @jotunr did you make it to the other end of this one? just a bit hung up on it as well...

    @KptnKmer in your reference to the the tools for fuzzing or the wrappers themselves? ive looked at the source for the index.php and i cant see anything that stands out. is there another hint you may be able to drop?

  • edited January 4
    Type your comment> @KptnKmer said:
    > Hi Jotunr,
    > did you pay attention to the page when doing your test? I think you could do the tests again carefully to have an idea of how the website has been designed for the purpose of LFI.
    > try "Source Code Disclosure via PHP Wrappers" we learned in the course and maybe you will find some interesting things ...


    I got the index.php source, its send you to different pages depending on parameter value and if value is acceptable its appending .php, how can we bypass since its php5.5+ we cant use null byte. Stuck here.

    Any help would be appreciated
  • The same problem...

  • look at the source code carefully, maybe line by line, you could find other way out

  • Type your comment> @KptnKmer said:

    Hi Jotunr,
    did you pay attention to the page when doing your test? I think you could do the tests again carefully to have an idea of how the website has been designed for the purpose of LFI.
    try "Source Code Disclosure via PHP Wrappers" we learned in the course and maybe you will find some interesting things ...

    Hi @KptnKmer, thank you for your comment. I followed this instruction and solved the question in a shot.
    For those who still looking for solution, pay more attention at index.php file and you guys will find something interesting.

Sign In to comment.