Part 4 - LFI & RFI Lab

Video Activity

This lesson offers a brief introduction of the LFI and RFI lab. This unit covers: 1. LFI Discovery 2. LFI Exploitation 3. RFI Discovery 4. RFI Exploitation

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

This lesson offers a brief introduction of the LFI and RFI lab. This unit covers: 1. LFI Discovery 2. LFI Exploitation 3. RFI Discovery 4. RFI Exploitation

Video Transcription
00:04
Welcome to Cyberia. I'm Raymond Evans, and I will be your subject matter expert for CyberRays Web at penetration Testing course. This video will be discussing the LF I and horrify Lab. This lab should take you about 30 minutes to accomplish, so we'll be covered. We're going to talk about the elf I Discovery portion of lab and then the Aleph I exploitation portion
00:22
and the Or, if I, Discovery Portion lab and then the horrify exploitation portion. So using the Web for pen testers Web page identifying Al if I vulnerability manually or with ease and attack Proxy, I showed you how to do it manually by looking at different files and seeing where it's calling from and then
00:40
doing the dot dot ford slash um,
00:43
and calling it a file name to try to see if you can pull data from it. So go ahead and try that out manually. And Tracy um, and then
00:55
you should also probably do it with one of father's as well, and see how it identifies it. So once the vulnerable pages found the vulnerable u R L
01:06
read the etc network file
01:08
using the LF I exploitation technique. After that you're gonna move on or if I so using the word for pen testers webpage identifying our vulnerability with manually or with this that attack proxy again. I showed you how to do this manually by uploading a piece of PHP shell code
01:29
or a PHP shell exploitation tool such as,
01:34
um, that my favorite one that I shared you in the earlier lesson, but attempt to upload that and see if you can execute it. So once you have identified the vulnerability, upload the B 374 K software and download the past of you defile from the target machine. What was covered?
01:53
What we discussed the Aleph I discovery portion of the lab,
01:57
the exploitation portion of the lab gratify the horrified Discovery portion a lab and then the horrify exploitation portion as well. Happy hacking, everyone.
Up Next
Instructed By