Included demonstrates a sophisticated LFI-to-RCE chain. A Local File Inclusion vulnerability in a PHP application is weaponised by first uploading a PHP webshell via TFTP (Trivial File Transfer Protocol) to a writable directory, then using the LFI to include and execute that file. Privilege escalation abuses membership in the lxd group to mount the host filesystem inside a privileged container. This is a full attack chain from unauthenticated to root.
Tools: nmap · tftp · curl · lxc · Difficulty: Easy · OS: Linux
01 — What You Will Learn
02 — Reconnaissance
03 — Identifying the LFI
04 — Uploading a Webshell via TFTP
05 — Triggering RCE via LFI
06 — Privilege Escalation via lxd Group
07 — LFI-to-RCE Methods Compared
08 — Key Takeaways