Member-only story
THM - Lo-Fi
2 min readMar 28, 2025
A writeup for the room Lo-Fi on TryHackMe
Want to hear some lo-fi beats, to relax or study to? We’ve got you covered!
Climb the filesystem to find the flag!
Once we open the website, we can see a video and the possibility to switch to others.
By taking a quick look at the url, we can see that the page is loaded using a query param.
Since the description of the room also suggests path traversal, we can test for this vulnerability.
A simple injection like the one below will highlight the presence of the LFI vulnerability.
?page=../../../etc/passwd
We can use the following payload to print the flag.
?page=../../../flag.txt
I hope you enjoyed this article.
Let me know in the comments if you have any doubts or questions.
Happy hacking! 🧑💻
