LFI-Labs Logo

LFI-Labs

0
Free
Updated 14 August 2025
Visit Website

A small set of PHP scripts designed for practicing exploiting LFI, RFI, and CMD injection vulnerabilities, primarily used for training and testing purposes. It allows users to test detection products, exploit tools, etc., by adding them to an Apache VirtualHost directive for testing purposes. Can be set up on UN*X + Apache + PHP, run as a Docker instance using the Dockerfile, or as a Vagrant instance using the Vagrantfile. Inspired by Jose Nazario, it provides useful links for LFI/RFI/CMD injection background.

FEATURES

SIMILAR TOOLS

Boston Key Party CTF 2013 - cybersecurity competition with challenges in various domains.

A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.

A university course focused on vulnerability research, reverse engineering, and binary exploitation to teach practical offensive security skills.

Markdown version of OWASP Testing Checklist v4 for various platforms.

A platform offering hacking missions to test and enhance skills.

A cybersecurity challenge where you play the role of an incident response consultant investigating an intrusion at Precision Widgets of North Dakota.

A non-profit organization providing live-fire cyber warfare ranges for training and up-skilling cybersecurity professionals.

A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.

A workshop on hacking Bluetooth Smart locks, covering architecture, vulnerabilities, and exploitation techniques.

CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

VAT: NL005301434B12

Copyright © 2025 - All rights reserved