TryHackMe

Overview Lo-Fi is an easy TryHackMe machine made by cmnatic. This machine hosts a website on port 80 (http). On this site, we exploit a vulnerable parameter in a PHP page to obtain LFI on the host machine, and we use this to read the flag. Nmap ScanI’ll run nmap on all open TCP ports with NSE script and Service Version enumeration, this finds ports: 80,22. 1234567891011121314151617181920💫 ~/thm/Lo-Fi/enumeration ➜ nmap -sCV -p 80,22 -v 10.10.228.244Starting Nmap 7.95 ( https://nmap.org ) at 2025-06-13 00:25 EDTNSE: Loaded 157 scripts for scanning.NSE: Script Pre-scanning.Initiating NSE at 00:25Nmap scan report for 10.10.228.244Host is up (0.18s latency).PORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0)| ssh-hostkey:| 3072 84:a3:dc:a8:a4:21:a1:b0:e5:01:77:d8:a9:43:31:39 (RSA)| 256 ee:db:67:aa:b9:3a:4b:fb:a9:ee:d6:fe:24:30:00:72 (ECDSA)|_ 256 a6:f1:97:cf:d4:60:c5:fe:47:f5:da:2b:c3:e9:78:37 (ED25519)80/tcp open http ...