Welcome to our OffSec Live clip of Slort, a PG Practice machine: portal.offsec....
We demonstrated using HTTP and IP address manipulation to confirm a machine's vulnerability to Remote File Inclusion (RFI).
We explained the process of dumping text to confirm RFI vulnerability, alongside a discussion about Local File Inclusion (LFI).
Input sanitization was highlighted as a crucial measure to prevent RFI attacks.
We showed how to create a reverse shell using MS Venom payloads for PHP, emphasizing the difference between multi-handler and Metasploit.
We concluded by hosting a web server, generating a shell, and successfully receiving and executing a web shell to confirm command execution.
Join OffSec Live on Fridays: / offsecofficial
We do demonstrations and walkthroughs of course topics and Proving Grounds machines. Additionally, sessions offer career guidance, including how to build a resume, how to break into #cybersecurity, and interview tips.