Skip to content

TryHackMe Writeups

Fileinc

TryHackMe Writeups

Home
Crackthehash
Cyberadventtemplate
Template
25daysofchristmas
25daysofchristmas
- 25daysofchristmas
AIforcyber aoc2025 y9wWQ1zRgB
AIforcyber aoc2025 y9wWQ1zRgB
- AIforcyber aoc2025 y9wWQ1zRgB
HackfinityBattle
HackfinityBattle
- HackfinityBattle
ICS modbus aoc2025 g3m6n9b1v4
ICS modbus aoc2025 g3m6n9b1v4
- ICS modbus aoc2025 g3m6n9b1v4
Adenumeration
Adenumeration
- Adenumeration
Adv3nt0fdbopsjcap
Adv3nt0fdbopsjcap
- Adv3nt0fdbopsjcap
Adventofcyber2
Adventofcyber2
- Adventofcyber2
Adventofcyber2023
Adventofcyber2023
- Adventofcyber2023
Adventofcyber2024
Adventofcyber2024
- WIP adventofcyber2024
- Adventofcyber2024
Adventofcyber23sidequest
Adventofcyber23sidequest
- Adventofcyber23sidequest
Adventofcyber24sidequest
Adventofcyber24sidequest
- Adventofcyber24sidequest
Adventofcyber25
Adventofcyber25
- Adventofcyber25
Adventofcyber25sidequest
Adventofcyber25sidequest
- Adventofcyber25sidequest
Agentsudoctf
Agentsudoctf
- Agentsudoctf
Anonymous
Anonymous
- Anonymous
Attacks on ecrypted files aoc2025 asdfghj123
Attacks on ecrypted files aoc2025 asdfghj123
- Attacks on ecrypted files aoc2025 asdfghj123
Auditingandmonitoringse
Auditingandmonitoringse
- Auditingandmonitoringse
Authenticationbypass
Authenticationbypass
- Authenticationbypass
Azuresentinel aoc2025 a7d3h9k0p2
Azuresentinel aoc2025 a7d3h9k0p2
- Azuresentinel aoc2025 a7d3h9k0p2
Blaster
Blaster
- Blaster
Blue
Blue
- Blue
Bof1
Bof1
- Bof1
Breachingad
Breachingad
- Breachingad
Breakrsa
Breakrsa
- Breakrsa
Burpsuitebasics
Burpsuitebasics
- Burpsuitebasics
Burpsuiteintruder
Burpsuiteintruder
- Burpsuiteintruder
Burpsuiteom
Burpsuiteom
- Burpsuiteom
Burpsuiterepeater
Burpsuiterepeater
- Burpsuiterepeater
Cloudenum aoc2025 y4u7i0o3p6
Cloudenum aoc2025 y4u7i0o3p6
- Cloudenum aoc2025 y4u7i0o3p6
Codeanalysis
Codeanalysis
- Codeanalysis
Commonlinuxprivesc
Commonlinuxprivesc
- Commonlinuxprivesc
Container security aoc2025 z0x3v6n9m2
Container security aoc2025 z0x3v6n9m2
- Container security aoc2025 z0x3v6n9m2
Contentdiscovery
Contentdiscovery
- Contentdiscovery
Cowboyhacker
Cowboyhacker
- Cowboyhacker
Crackthehash
Crackthehash
- Crackthehash
Cryptographyintro
Cryptographyintro
- Cryptographyintro
Cybergovernanceregulation
Cybergovernanceregulation
- Cybergovernanceregulation
Dastzap
Dastzap
- Dastzap
Dataxexfilt
Dataxexfilt
- Dataxexfilt
Detecting c2 with rita aoc2025 m9n2b5v8c1
Detecting c2 with rita aoc2025 m9n2b5v8c1
- Detecting c2 with rita aoc2025 m9n2b5v8c1
Easyctf
Easyctf
- Easyctf
Encoding decoding aoc2025 s1a4z7x0c3
Encoding decoding aoc2025 s1a4z7x0c3
- Encoding decoding aoc2025 s1a4z7x0c3
Encryptioncrypto101
Encryptioncrypto101
- Encryptioncrypto101
Enumerationpe
Enumerationpe
- Enumerationpe
Exploitingad
Exploitingad
- Exploitingad
Fileinc
Fileinc
- Fileinc Fileinc
  Table of contents
  - Table of contents
    
    Path Traversal
    
    Local File Inclusion - LFI
    
    Local File Inclusion - LFI #2
    
    Challenge
First shift ctf
First shift ctf
- First shift ctf
Htapowershell aoc2025 p2l5k8j1h4
Htapowershell aoc2025 p2l5k8j1h4
- Htapowershell aoc2025 p2l5k8j1h4
Hydra
Hydra
- Hydra
Ice
Ice
- Ice
idor aoc2025 zl6MywQid9
idor aoc2025 zl6MywQid9
- idor aoc2025 zl6MywQid9
Intronetworksecurity
Intronetworksecurity
- Intronetworksecurity
Johntheripper0
Johntheripper0
- Johntheripper0
Kenobi
Kenobi
- Kenobi
Lateralmovementandpivoting
Lateralmovementandpivoting
- Lateralmovementandpivoting
Linprivesc
Linprivesc
- Linprivesc
Linuxcli aoc2025 o1fpqkvxti
Linuxcli aoc2025 o1fpqkvxti
- Linuxcli aoc2025 o1fpqkvxti
Linuxfundamentalspart1
Linuxfundamentalspart1
- Linuxfundamentalspart1
Linuxfundamentalspart2
Linuxfundamentalspart2
- Linuxfundamentalspart2
Linuxfundamentalspart3
Linuxfundamentalspart3
- Linuxfundamentalspart3
Linuxprivesc
Linuxprivesc
- Linuxprivesc
Linuxsystemhardening
Linuxsystemhardening
- Linuxsystemhardening
Malmalintroductory
Malmalintroductory
- Malmalintroductory
malware sandbox aoc2025 SD1zn4fZQt
malware sandbox aoc2025 SD1zn4fZQt
- malware sandbox aoc2025 SD1zn4fZQt
Metasploitexploitation
Metasploitexploitation
- Metasploitexploitation
Meterpreter
Meterpreter
- Meterpreter
Netsecchallenge
Netsecchallenge
- Netsecchallenge
Networkservices aoc2025 jnsoqbxgky
Networkservices aoc2025 jnsoqbxgky
- Networkservices aoc2025 jnsoqbxgky
Obfuscation aoc2025 e5r8t2y6u9
Obfuscation aoc2025 e5r8t2y6u9
- Obfuscation aoc2025 e5r8t2y6u9
Ohsint
Ohsint
- Ohsint
Operatingsystemsecurity
Operatingsystemsecurity
- Operatingsystemsecurity
Owaspjuiceshop
Owaspjuiceshop
- Owaspjuiceshop
Owasptop102021
Owasptop102021
- Owasptop102021
Passwordattacks
Passwordattacks
- Passwordattacks
Persistingad
Persistingad
- Persistingad
phishing aoc2025 h2tkye9fzU
phishing aoc2025 h2tkye9fzU
- phishing aoc2025 h2tkye9fzU
Picklerick
Picklerick
- Picklerick
Postexploit
Postexploit
- Postexploit
Powershell
Powershell
- Powershell
Printerhacking101
Printerhacking101
- Printerhacking101
promptinjection aoc2025 sxUMnCkvLO
promptinjection aoc2025 sxUMnCkvLO
- promptinjection aoc2025 sxUMnCkvLO
Race conditions aoc2025 d7f0g3h6j9
Race conditions aoc2025 d7f0g3h6j9
- Race conditions aoc2025 d7f0g3h6j9
Redteamrecon
Redteamrecon
- Redteamrecon
Registry forensics aoc2025 h6k9j2l5p8
Registry forensics aoc2025 h6k9j2l5p8
- Registry forensics aoc2025 h6k9j2l5p8
Rpnessusredux
Rpnessusredux
- Rpnessusredux
Rrootme
Rrootme
- Rrootme
Sast
Sast
- Sast
Seriskmanagement
Seriskmanagement
- Seriskmanagement
Shodan
Shodan
- Shodan
Splunkforloganalysis aoc2025 x8fj2k4rqp
Splunkforloganalysis aoc2025 x8fj2k4rqp
- Splunkforloganalysis aoc2025 x8fj2k4rqp
Spottingphishing aoc2025 r2g4f6s8l0
Spottingphishing aoc2025 r2g4f6s8l0
- Spottingphishing aoc2025 r2g4f6s8l0
Sql injection
Sql injection
- Sql injection
Steelmountain
Steelmountain
- Steelmountain
Thelayoftheland
Thelayoftheland
- Thelayoftheland
Threatmodelling
Threatmodelling
- Threatmodelling
Traverse
Traverse
- Traverse
Uploadvulns
Uploadvulns
- Uploadvulns
Vulnerabilitycapstone
Vulnerabilitycapstone
- Vulnerabilitycapstone
Vulnerabilitymanagementkj
Vulnerabilitymanagementkj
- Vulnerabilitymanagementkj
Vulnversity
Vulnversity
- Vulnversity
Walkinganapplication
Walkinganapplication
- Walkinganapplication
Weaponization
Weaponization
- Weaponization
Webattackforensics aoc2025 b4t7c1d5f8
Webattackforensics aoc2025 b4t7c1d5f8
- Webattackforensics aoc2025 b4t7c1d5f8
Webhackingusingcurl aoc2025 w8q1a4s7d0
Webhackingusingcurl aoc2025 w8q1a4s7d0
- Webhackingusingcurl aoc2025 w8q1a4s7d0
Winadbasics
Winadbasics
- Winadbasics
Windows10privesc
Windows10privesc
- Windows10privesc
Windowsfundamentals1
Windowsfundamentals1
- Windowsfundamentals
Windowsfundamentals2
Windowsfundamentals2
- Windowsfundamentals2
Windowsfundamentals3
Windowsfundamentals3
- Windowsfundamentals3
Windowslocalpersistence
Windowslocalpersistence
- Windowslocalpersistence
Windowsprivesc20
Windowsprivesc20
- Windowsprivesc20
Wiresharkpacketoperations
Wiresharkpacketoperations
- Wiresharkpacketoperations
Wiresharkthebasics
Wiresharkthebasics
- Wiresharkthebasics
Wonderland
Wonderland
- Wonderland
Xss aoc2025 c5j8b1m4t6
Xss aoc2025 c5j8b1m4t6
- Xss aoc2025 c5j8b1m4t6
Yara aoc2025 q9w1e3y5u7
Yara aoc2025 q9w1e3y5u7
- Yara aoc2025 q9w1e3y5u7

File Inclusion Banner

File Inclusion Logo

File Inclusion

This guide contains the answer and steps necessary to get to them for the File Inclusion room.

Table of contents

Path Traversal
Local File Inclusion - LFI
Local File Inclusion - LFI #2
Challenge

Path Traversal

What function causes path traversal vulnerabilities in PHP?

The answer can be found in the text.

Click for answer
get_file_contents

Local File Inclusion - LFI

Passwd

Give Lab #1 a try to read /etc/passwd. What would the request URI be?

Passwd 2

Click for answer
/lab1.php?file=/etc/passwd

In Lab #2, what is the directory specified in the include function?

Directory

Click for answer
includes

Local File Inclusion - LFI #2

Give Lab #3 a try to read /etc/passwd. What is the request look like?

Passwd 1

Click for answer
lab3.php?file=../../../../etc/passwd%00

Which function is causing the directory traversal in Lab #4?

The answer is the same as for the previous task.

Click for answer
get_file_contents

Try out Lab #6 and check what is the directory that has to be in the input field?

Folder Passwd

Click for answer
THM-profile

Try out Lab #6 and read /etc/os-release. What is the VERSION_ID value?

Click for answer
12.04

Challenge

Challenges 3 Challenges 3 Body Challenges Admin Challenges Admin Cookie

Capture Flag1 at /etc/flag1

Challenges Flag 1

Click for answer
F1x3d-iNpu7-f0rrn

Capture Flag2 at /etc/flag2

Challenges Flag 2

Click for answer
c00k13_i5_yuMmy1

Capture Flag3 at /etc/flag3

Challenges Flag 3

Click for answer
P0st_1s_w0rk1in9

Gain RCE in Lab #Playground /playground.php with RFI to execute the hostname command. What is the output?

Click for answer
lfi-vm-thm-f8c5b1a78692