> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# Remote File Inclusion (RFI)

> Cross-platform resources for Remote File Inclusion (RFI): curated HTB machines, PortSwigger labs and TryHackMe rooms with validated writeups and related skills.

# Remote File Inclusion (RFI)

This page aggregates **cross-platform resources to practice Remote File Inclusion (RFI)**: retired Hack The Box machines, PortSwigger Web Security Academy labs and TryHackMe rooms, plus curated resources (HackTricks, PortSwigger, etc.) and related skills.

## Curated resources

| Source     | Link                                                                                                                                                 |
| ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- |
| HackTricks | [https://book.hacktricks.wiki/en/pentesting-web/file-inclusion/index.html](https://book.hacktricks.wiki/en/pentesting-web/file-inclusion/index.html) |

## HTB machines practicing Remote File Inclusion (RFI) (4)

| Machine                                                 | OS      | Difficulty                                           |
| ------------------------------------------------------- | ------- | ---------------------------------------------------- |
| [Fulcrum](/en/htb/machines/linux/insano/fulcrum)        | Linux   | <span className="dbadge dbadge-insane">INSANE</span> |
| [Sniper](/en/htb/machines/windows/medio/sniper)         | Windows | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [StreamIO](/en/htb/machines/windows/medio/streamio)     | Windows | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [TartarSauce](/en/htb/machines/linux/medio/tartarsauce) | Linux   | <span className="dbadge dbadge-medium">MEDIUM</span> |

## TryHackMe rooms practicing Remote File Inclusion (RFI) (2)

| Room                                                               | Difficulty                                         | Type        | Access  | Official                                                     |
| ------------------------------------------------------------------ | -------------------------------------------------- | ----------- | ------- | ------------------------------------------------------------ |
| [File Inclusion](/en/tryhackme/rooms/fileinc)                      | <span className="dbadge dbadge-easy">MEDIUM</span> | Walkthrough | 🔵 VIP  | [Open](https://tryhackme.com/room/fileinc)                   |
| [The Bandit Surfer](/en/tryhackme/rooms/surfingyetiiscomingtotown) | <span className="dbadge dbadge-easy">HARD</span>   | Challenge   | 🟢 Free | [Open](https://tryhackme.com/room/surfingyetiiscomingtotown) |

## Related skills

* [/en/skills/lfi](/en/skills/lfi)
* [/en/skills/rce](/en/skills/rce)

***

← [Back to the full glossary](/en/glossary)

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"DefinedTerm","name":"Remote File Inclusion (RFI)","termCode":"rfi","inLanguage":"en","url":"https://rootea.es/en/skills/rfi","inDefinedTermSet":{"@type":"DefinedTermSet","name":"Tactical pentesting glossary","url":"https://rootea.es/en/glossary"}}`}
</script>

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"ItemList","name":"HTB machines practicing Remote File Inclusion (RFI)","numberOfItems":4,"itemListElement":[{"@type":"ListItem","position":1,"url":"https://rootea.es/en/htb/machines/linux/insano/fulcrum","name":"Fulcrum"},{"@type":"ListItem","position":2,"url":"https://rootea.es/en/htb/machines/windows/medio/sniper","name":"Sniper"},{"@type":"ListItem","position":3,"url":"https://rootea.es/en/htb/machines/windows/medio/streamio","name":"StreamIO"},{"@type":"ListItem","position":4,"url":"https://rootea.es/en/htb/machines/linux/medio/tartarsauce","name":"TartarSauce"}]}`}
</script>

*Last updated: 2026-05-09*
