LFI Escalation Lab

IT staff reported unusual behavior on a workstation running a web application, triggered by an antivirus detection of a suspicious file. Early indicators suggest the website may have served as the entry point. Your task is to investigate the full scope of the compromise—tracing how the attacker gained access, what actions they performed, and how they established persistence on the system.