4 hours 20 minutes

Video Description

This lesson offers a brief introduction of the LFI and RFI lab. This unit covers: 1. LFI Discovery 2. LFI Exploitation 3. RFI Discovery 4. RFI Exploitation

Video Transcription

Welcome to Cyberia. I'm Raymond Evans, and I will be your subject matter expert for CyberRays Web at penetration Testing course. This video will be discussing the LF I and horrify Lab. This lab should take you about 30 minutes to accomplish, so we'll be covered. We're going to talk about the elf I Discovery portion of lab and then the Aleph I exploitation portion
and the Or, if I, Discovery Portion lab and then the horrify exploitation portion. So using the Web for pen testers Web page identifying Al if I vulnerability manually or with ease and attack Proxy, I showed you how to do it manually by looking at different files and seeing where it's calling from and then
doing the dot dot ford slash um,
and calling it a file name to try to see if you can pull data from it. So go ahead and try that out manually. And Tracy um, and then
you should also probably do it with one of father's as well, and see how it identifies it. So once the vulnerable pages found the vulnerable u R L
read the etc network file
using the LF I exploitation technique. After that you're gonna move on or if I so using the word for pen testers webpage identifying our vulnerability with manually or with this that attack proxy again. I showed you how to do this manually by uploading a piece of PHP shell code
or a PHP shell exploitation tool such as,
um, that my favorite one that I shared you in the earlier lesson, but attempt to upload that and see if you can execute it. So once you have identified the vulnerability, upload the B 374 K software and download the past of you defile from the target machine. What was covered?
What we discussed the Aleph I discovery portion of the lab,
the exploitation portion of the lab gratify the horrified Discovery portion a lab and then the horrify exploitation portion as well. Happy hacking, everyone.

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image