#readwise # Included Write-up  ## Metadata - Author: [[Hack The Box]] - Full Title: Included Write-up - URL: https://readwise.io/reader/document_raw_content/296112235 ## Summary Vulnerabilities often arise from misconfigurations in web applications, particularly with Local File Inclusion (LFI). This allows attackers to access sensitive files on the server by manipulating URL parameters. By exploiting LFI, attackers can potentially execute malicious code and gain unauthorized access to the system. The process can lead to privilege escalation, allowing them to control the server fully. ## Highlights Local file inclusion (also known as LFI) is the process of including files, that are already locally present on the server, through the exploitation of vulnerable inclusion procedures implemented in an application. ([View Highlight](https://read.readwise.io/read/01jseyzdfjfntc9j2pfrnxy0j9)) --- Trivial File Transfer Protocol (TFTP) is a simple protocol that provides basic file transfer function with no user authentication. TFTP is intended for applications that do not need the sophisticated interactions that File Transfer Protocol (FTP) provides. ([View Highlight](https://read.readwise.io/read/01jsez2df7kggv4ph23wjxjgd8)) --- TFTP works by default without the need for authentication. That means that anyone can connect to the TFTP server and upload or download files from the remote system. ([View Highlight](https://read.readwise.io/read/01jsez3mwt3gpzp42m778dve8x)) --- We can chain this with the LFI vulnerability that we have already identified, in order to upload malicious PHP code to the target system that will be responsible for returning a reverse shell to us. We will then access this PHP file through the LFI and the web server will execute the PHP code. ([View Highlight](https://read.readwise.io/read/01jsez3xvwk6ew8t3fq4aj0ehz)) ---