Non-members are welcome to access the full story here.
This is my write-up for the TryHackMe room on File Inclusion ↗ . Written in 2026, I hope this write-up helps others learn and practice cybersecurity.
Press enter or click to view image in full size
Task 1: Introduction
This section introduces File Inclusion vulnerabilities, specifically Local File Inclusion (LFI), Remote File Inclusion (RFI), and Directory Traversal. These vulnerabilities typically occur in web applications (often written in PHP) due to poor input validation, allowing users to manipulate URL parameters. If exploited, attackers can leak sensitive data or achieve Remote Command Execution (RCE).
Let’s continue to the next section to deploy the attached VM.
No answer needed
Task 2: Deploy the VM
Instructions are provided to deploy the target virtual machine. You need to connect to the TryHackMe network via OpenVPN or use the in-browser AttackBox to access the machine’s IP address and view the vulnerable web application.
Once you’ve deployed the VM, please wait a few minutes for the webserver to start, then progress to the next section!
No answer needed