Task 1: Set Up the Environment

Step 1

• Start pfSense, Windows, and Kali Virtual machines. Verify the boxes can communicate.

Step 2

• Install XAMPP on the Windows 10 machine.

Step 3

• Create the lfi-lab file in C:\xampp\htdocs to extract the provided files to C:\xampp\htdocs\lfi-lab and set up the vulnerable website. Once the files have been written to C:\xampp\htdocs\lfi-lab, run the XAMPP Apache service.

Task 2: Investigate the Website

Step 1

• Access the site’s main page with http:/localhost/lfi-lab in the URL. What do you see? Is this the only page that exists?

Step 2

• Try to find other pages in the site’s code using dirb in Kali Linux. Use the command dirb http://[IP address]/lfi-lab in Kali. Did you find a webpage that could help you gain access to the system? Try to access it.

Step 3

• Examine the main webpage’s source code to find a hint.

Step 4

• Follow the clue and use http://[IP address]/lfi-lab/generate.php?name=Alice

Task 3: Perform the Attack

Step 1

• Search for useful information in the generated PDF. It should lead you to a specific library used for this site. Inspect the documentation and discover how to extract file name content.

Step 2

• Execute a payload (a crafted URL address) to extract the content of the page you found in Lab Task 2. Use the following payload: http://[ip-here]/lfi-lab/generate.php?name=<annotation+content= ””+file = ”admin/index.php”+/>

Step 3

• Open the toggle sidebar, click the attachments icon, and select index.php.

Step 4

• Examine the downloaded file and identify key information for further use.

Step 5

• Type http://192.168.0.17/lfilab/generate.php?name=<annotation+content=””+file=”admin/log.txt”+/> to use the key information as an identifier. Toggle the sidebar to download the file and locate the password in the log file with the hints from Step 4.

Step 6

• Enter the parameters for [Ip Address]/lfi-lab/admin/. After admin will be ?para… and password.

[Ip Address]/lfi-lab/admin/?param=LFI_is_great&pass=NewPassFor2019!!