Posts Tagged ‘LFI’

OSCP diary – week 04

Sunday, August 21st, 2022

I finally finished the LFI exercise… it took a while because I was using a & instead of a ? in the wrong place in the URL. <sarcasm>Surprisingly, things don’t work properly if you do that</sarcasm>. After that, it was smooth sailing. OR SO I THOUGHT. Took some more digging and I got the flag so I’m good maybe but I certainly did not follow the instructions so I’m not sure if there is a correct way to complete the exercise. But I guess one aspect of the course is also to show that following the book/the guidelines is not always necessary or recommended.

Moving on, I made progress on the RFI exercise and continued reading up on SQL injections.

This all seems to take a long time, I wonder if I’m wasting too much on these exercises >_<

OSCP diary – week 03

Tuesday, August 16th, 2022

I’ve continued with the web application attacks chapter and I’m a bit ashamed to say I’m stuck on one of the LFI exercises. I try to finish all the exercises before moving on, or at least before moving to a completely new chapter.

In this particular exercise, I’ve tried a couple of things (what I could think of), watched the course videos (which I usually don’t) and did additional research but I’m still stuck. Might reach out to colleagues this week although I still have one idea that I need to check/confirm before asking others for ideas.

Meh, nobody said it’s easy.