Mutillidae — Lab 20 — Extracting User Accounts with Local File Inclusion
This lab can be found via: Labs > Insecure Direct Object Reference (IDOR) — Lab 20 — Extracting User Accounts with Local File Inclusion
For this one, lets browse to the following location
http://www.textfiles.com/ (To find the above articles, and others)
Lins to the above 5:
http://www.textfiles.com/hacking/auditool.txt
http://www.textfiles.com/hacking/atms
http://www.textfiles.com/hacking/backdoor.txt
http://www.textfiles.com/hacking/hack1.hac
http://www.textfiles.com/hacking/hacking101.hac
Let’s go ahead and Inspect the drop-down
We could just Edit the Node, but lets go ahead and Duplicate it instead
We can edit our duplicated node to the passwd file location
Now, let’s select our passwd location
The answer to this is ntp (had to check out the webpwnized video), not sure why my configuration is slightly wrong