Mutillidae — Lab 20 — Extracting User Accounts with Local File Inclusion

This lab can be found via: Labs > Insecure Direct Object Reference (IDOR) — Lab 20 — Extracting User Accounts with Local File Inclusion

For this one, lets browse to the following location

http://www.textfiles.com/ (To find the above articles, and others)

Lins to the above 5:

http://www.textfiles.com/hacking/auditool.txt
http://www.textfiles.com/hacking/atms
http://www.textfiles.com/hacking/backdoor.txt
http://www.textfiles.com/hacking/hack1.hac
http://www.textfiles.com/hacking/hacking101.hac

Let’s go ahead and Inspect the drop-down

We could just Edit the Node, but lets go ahead and Duplicate it instead

We can edit our duplicated node to the passwd file location

Now, let’s select our passwd location

The answer to this is ntp (had to check out the webpwnized video), not sure why my configuration is slightly wrong