Interesting Files for LFI

Linux

/etc/passwd

/etc/shadow

/etc/issue

/etc/group

/etc/hostname

Log Files 

 Apache access log: /var/log/apache/access.log
 
 Apache access log: /var/log/apache2/access.log
 
 Apache access log: /var/log/httpd/access_log
 
 Apache error log: /var/log/apache/error.log
 
 Apache error log: /var/log/apache2/error.log
 
 Apache error log: /var/log/httpd/error_log
 
 General messages and system related entries: /var/log/messages
 
 Cron logs: /var/log/cron.log
 
 Authentication logs: /var/log/secure or /var/log/auth.log

CMS configuration files

The following files are configuration files for popular content management systems. When a target is running any of these CMS systems you can try to include their configuration files as they often contain sensitive information, such as (root) credentials used to access the database.

Windows

To verify LFI on Windows systems a very common file we can attempt to include is the hosts file in the following directory:

From the privilege escalation chapter, we’ve learned that the ‘Unattended.xml’ files on Windows systems may contain credentials for privileged accounts, such as the administrator or even the domain administrator. If an attacker is able to include such files it could easily result in (domain) administrator access to the system or network, for example by using the credentials to authenticate with Remote Desktop Services.

The following files of interest can (sometimes) be found on Windows systems which may contain passwords and other sensitive information:

Another directory with potentially interesting files is the web root directory:

The following files of interest can (sometimes) be found on Windows systems:

XAMPP

PreviousLFI and RFINextNull Byte Injection

Last updated