Technical Report

Detailed analysis for technical teams, covering methodologies, tools, and findings.

Technical Security Report: "Lofi" System

Purpose of the Report

This document provides a detailed technical assessment of the "Lofi" system. The objective is to describe, in a structured manner, the vulnerabilities identified and the methodologies used to exploit them. Additionally, this report offers actionable recommendations to mitigate security risks.

Methodology

The security evaluation was conducted using a structured approach, consisting of the following phases:

  1. Reconnaissance: Identifying open ports and running services through automated scanning tools.

  2. Enumeration: Exploring public directories and files to extract valuable information.

  3. Exploitation: Utilizing known vulnerabilities to gain unauthorized access.

  4. Flag Extraction: Accessing and retrieving sensitive data.

Detailed Findings

1. Reconnaissance

Using nmap, an initial scan was conducted to identify open ports:

sudo nmap -sCV -F -T5 <target_ip>

Results:

  • Port 22: SSH Service

  • Port 80: HTTP Service

Impact: These open ports indicate potential entry points for an attacker. Given that port 80 serves a web application, it was prioritized for analysis.

2. Web Application Analysis

Accessing http://<target_ip> revealed a music streaming site. A manual inspection of the source code and robots.txt did not yield useful information.

Navigating through the "Discography" section, the URL structure changed to:

http://<target_ip>/?page=relax.php

This indicated a potential Local File Inclusion (LFI) vulnerability

3. Exploiting LFI

By modifying the page parameter, it was possible to access system files:

Attempting to read /etc/shadow

http://<target_ip>/?page=../../../../etc/shadow

Result: Empty response (processed, but no readable content)

Attempting to read /etc/passwd

http://<target_ip>/?page=../../../../etc/passwd

Result: Successfully retrieved user account information.

Interesting user found: games (but SSH access was restricted due to missing keys).

4. Flag Discovery

Attempts to access the games home directory failed. However, by directly requesting flag.txt, the flag was successfully retrieved:

http://<target_ip>/?page=../../../../flag.txt

Recommendations

Short-Term Actions

  1. Implement strict input validation to prevent arbitrary file inclusion.

  2. Restrict the use of include() and require() functions to prevent unauthorized file access.

  3. Limit access permissions to sensitive files.

  4. Deploy a Web Application Firewall to detect and block LFI attacks.

Long-Term Actions

  1. Conduct periodic security audits to identify and mitigate configuration issues.

  2. Train personnel in secure development and cybersecurity best practices.

  3. Deploy continuous monitoring systems to detect suspicious activity in real-time.

Conclusion

The LOFI machine provided an excellent exercise in identifying and exploiting Local File Inclusion (LFI) vulnerabilities. Key takeaways:

  • LFI can be leveraged to read system files and access sensitive information.

  • Path traversal techniques can bypass certain access restrictions.

  • Security measures should be implemented to sanitize user input and prevent arbitrary file inclusion.

This challenge was engaging, featuring a well-structured vulnerability and an enjoyable music theme.

PreviousWrite-upNextExecutive Report

Last updated