Problem 
We arrive at a page with some hyperlinks.
Solution 
Upon clicking on one of the links, we notice that we’re not moving to another file, instead we just sort of include another file into the current file.
Notice in the URL that we can see what we’re includeing, if we try and change it we get this error message.
Looks like we’re trying to include a file that doesn’t exist, and the filename is the one we specified in the URL. Let’s not forget to view the page source.
Now we know where the password file is, we know that we need to include it into our main file with the vulnerability. After a bit of googling, we find that this vulnerabilty is called Local File Inclusion, so now let’s include our password file into our index.php file to basically “copy and paste” the contents of /etc/natas_webpass/natas8 into /var/www/natas/natas7/index.php at runtime.
Flag 
DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe
Takeaway 
- Always look for possible LFI vuln in the URL
| ‹ Previous in Web exploitation: Natas6 | Next in Web exploitation: Natas8 › |