OSCP Notes
  • Introduction
  • Port Scanning
  • Nmap Port Scanning
  • Nmap Scripts
  • Services Enumeration
    • SMB Enumeration (Port 139, 445)
    • SNMP Enumeraion (Port 161)
    • NFS Enumeration (Port 111, 2049)
    • SMTP Enumeration (Port 25)
    • DNS Enumeration (Port 53)
    • POP3 (Port 110, 25*)
    • MySQL (Port 3306)
    • Oracle (Port 1521)
    • MsSQL (Port 1433)
  • Web / HTTP
    • Web Scanning
    • CMS
    • Directory Fuzzing
    • File Upload
      • Bypass file upload filtering
      • Bruteforcing extensions
      • WebDAV
    • Bruteforce Authentication
    • LFI and RFI
      • Interesting Files for LFI
      • Null Byte Injection
      • PHP Wrappers
    • ShellShock
    • Post Requests
  • password attacks
    • Brute-force service password
    • Cracking Password
    • Custom Worldlist
  • Exploitaion
    • Searchsploit
    • Compiling the Exploit
  • shell
    • Bind and Reverse shell
    • Upgrading shell
    • msfvenom
  • Linux Post Exploitation
    • Linux Manual Exploitation
    • Linux post exploitation scripts
    • Kernel Exploitation
  • windows post exploitation
    • General
    • Manual Exploitaion
    • Dumping the sam file
    • SUDO SU
    • Automated enumeration script
    • Windows Exploit Suggester
  • file transfer
    • General
    • Linux
    • Windows
  • cheatsheets
    • Command injection Cheatsheet
    • Find Command Cheatsheet
    • Netcat
    • SQL Injection Bypass
    • CheckList
    • XSS Payload
Powered by GitBook
On this page
  • Linux
  • Log Files
  • CMS configuration files
  • Windows
  • XAMPP
  1. Web / HTTP
  2. LFI and RFI

Interesting Files for LFI

Linux

/etc/passwd

/etc/shadow

/etc/issue

/etc/group

/etc/hostname

Log Files

 Apache access log: /var/log/apache/access.log
 
 Apache access log: /var/log/apache2/access.log
 
 Apache access log: /var/log/httpd/access_log
 
 Apache error log: /var/log/apache/error.log
 
 Apache error log: /var/log/apache2/error.log
 
 Apache error log: /var/log/httpd/error_log
 
 General messages and system related entries: /var/log/messages
 
 Cron logs: /var/log/cron.log
 
 Authentication logs: /var/log/secure or /var/log/auth.log

CMS configuration files

The following files are configuration files for popular content management systems. When a target is running any of these CMS systems you can try to include their configuration files as they often contain sensitive information, such as (root) credentials used to access the database.

WordPress: /var/www/html/wp-config.php

Joomla: /var/www/configuration.php

Dolphin CMS: /var/www/html/inc/header.inc.php

Drupal: /var/www/html/sites/default/settings.php

Mambo: /var/www/configuration.php

PHPNuke: /var/www/config.php

PHPbb: /var/www/config.php

Windows

To verify LFI on Windows systems a very common file we can attempt to include is the hosts file in the following directory:

C:/Windows/System32/drivers/etc/hosts

From the privilege escalation chapter, we’ve learned that the ‘Unattended.xml’ files on Windows systems may contain credentials for privileged accounts, such as the administrator or even the domain administrator. If an attacker is able to include such files it could easily result in (domain) administrator access to the system or network, for example by using the credentials to authenticate with Remote Desktop Services.

The following files of interest can (sometimes) be found on Windows systems which may contain passwords and other sensitive information:

C:/Windows/Panther/Unattend/Unattended.xml

C:/Windows/Panther/Unattended.xml

C:/Windows/Panther/Unattend.txt

C:/Unattend.xml

C:/Autounattend.xml

C:/Windows/system32/sysprep

Another directory with potentially interesting files is the web root directory:

C:/inetpub/wwwroot/

C:/inetpub/wwwroot/web.config

C:/inetpub/logs/logfiles/

The following files of interest can (sometimes) be found on Windows systems:

C:/documents and settings/administrator/desktop/desktop.ini

C:/documents and settings/administrator/ntuser.dat

C:/documents and settings/administrator/ntuser.ini

C:/users/administrator/desktop/desktop.ini

C:/users/administrator/ntuser.dat

C:/users/administrator/ntuser.ini

C:/windows/windowsupdate.log

XAMPP

 C:/xampp/apache/conf/httpd.conf
 
 C:/xampp/security/webdav.htpasswd
 
 C:/xampp/apache/logs/access.log
 
 C:/xampp/apache/logs/error.log
 
 C:/xampp/tomcat/conf/tomcat-users.xml
 
 C:/xampp/tomcat/conf/web.xml
 
 C:/xampp/webalizer/webalizer.conf
 
 C:/xampp/webdav/webdav.txt
 
 C:/xampp/apache/bin/php.ini
 
 C:/xampp/apache/conf/httpd.conf
PreviousLFI and RFINextNull Byte Injection

Last updated 3 years ago