diff --git a/.gitbook/assets/lfi2.txt b/.gitbook/assets/lfi2.txt new file mode 100644 index 00000000..9944f6cd --- /dev/null +++ b/.gitbook/assets/lfi2.txt @@ -0,0 +1,1008 @@ +/apache2/logs/access.log +/apache2/logs/error.log +/apache/conf/httpd.conf +/apache/logs/access.log +/apache/logs/error.log +/apache/php/php.ini +/apache\php\php.ini +/bin/php.ini +/boot/grub/grub.cfg +/boot/grub/menu.lst +/etc/adduser.conf +/etc/alias +/etc/apache22/conf/httpd.conf +/etc/apache22/httpd.conf +/etc/apache2/apache2.conf +/etc/apache2/apache.conf +/etc/apache2/conf/httpd.conf +/etc/apache2/default-server.conf +/etc/apache2/envvars +/etc/apache2/httpd2.conf +/etc/apache2/httpd.conf +/etc/apache2/mods-available/autoindex.conf +/etc/apache2/mods-available/deflate.conf +/etc/apache2/mods-available/dir.conf +/etc/apache2/mods-available/mem_cache.conf +/etc/apache2/mods-available/mime.conf +/etc/apache2/mods-available/proxy.conf +/etc/apache2/mods-available/setenvif.conf +/etc/apache2/mods-available/ssl.conf +/etc/apache2/mods-enabled/alias.conf +/etc/apache2/mods-enabled/deflate.conf +/etc/apache2/mods-enabled/dir.conf +/etc/apache2/mods-enabled/mime.conf +/etc/apache2/mods-enabled/negotiation.conf +/etc/apache2/mods-enabled/php5.conf +/etc/apache2/mods-enabled/status.conf +/etc/apache2/ports.conf +/etc/apache2/sites-available/default +/etc/apache2/sites-available/default-ssl +/etc/apache2/sites-enabled/000-default +/etc/apache2/sites-enabled/default +/etc/apache2/ssl-global.conf +/etc/apache/access.conf +/etc/apache/apache.conf +/etc/apache/conf/httpd.conf +/etc/apache/default-server.conf +/etc/apache/httpd.conf +/etc/apt/apt.conf +/etc/avahi/avahi-daemon.conf +/etc/bash.bashrc +/etc/bluetooth/input.conf +/etc/bluetooth/main.conf +/etc/bluetooth/network.conf +/etc/bluetooth/rfcomm.conf +/etc/ca-certificates.conf +/etc/ca-certificates.conf.dpkg-old +/etc/casper.conf +/etc/chkrootkit.conf +/etc/chrootUsers +/etc/clamav/clamd.conf +/etc/clamav/freshclam.conf +/etc/crontab +/etc/crypttab +/etc/cups/acroread.conf +/etc/cups/cupsd.conf +/etc/cups/cupsd.conf.default +/etc/cups/pdftops.conf +/etc/cups/printers.conf +/etc/cvs-cron.conf +/etc/cvs-pserver.conf +/etc/debconf.conf +/etc/debian_version +/etc/default/grub +/etc/deluser.conf +/etc/dhcp3/dhclient.conf +/etc/dhcp3/dhcpd.conf +/etc/dhcp/dhclient.conf +/etc/dns2tcpd.conf +/etc/e2fsck.conf +/etc/esound/esd.conf +/etc/etter.conf +/etc/exports +/etc/fedora-release +/etc/firewall.rules +/etc/foremost.conf +/etc/fstab +/etc/ftpchroot +/etc/ftphosts +/etc/ftpusers +/etc/fuse.conf +/etc/group +/etc/group- +/etc/hdparm.conf +/etc/host.conf +/etc/hostname +/etc/hosts +/etc/hosts.allow +/etc/hosts.deny +/etc/http/conf/httpd.conf +/etc/httpd/apache2.conf +/etc/httpd/apache.conf +/etc/httpd.conf +/etc/httpd/conf +/etc/httpd/conf/apache2.conf +/etc/httpd/conf/apache.conf +/etc/httpd/conf.d +/etc/httpd/conf/httpd.conf +/etc/httpd/extra/httpd-ssl.conf +/etc/httpd/httpd.conf +/etc/httpd/logs/acces.log +/etc/httpd/logs/acces_log +/etc/httpd/logs/access.log +/etc/httpd/logs/access_log +/etc/httpd/logs/error.log +/etc/httpd/logs/error_log +/etc/httpd/mod_php.conf +/etc/httpd/php.ini +/etc/http/httpd.conf +/etc/inetd.conf +/etc/init.d +/etc/inittab +/etc/ipfw.conf +/etc/ipfw.rules +/etc/issue +/etc/issue.net +/etc/kbd/config +/etc/kernel-img.conf +/etc/kernel-pkg.conf +/etc/ldap/ldap.conf +/etc/ld.so.conf +/etc/lighttpd/lighthttpd.conf +/etc/login.defs +/etc/logrotate.conf +/etc/ltrace.conf +/etc/mail/sendmail.conf +/etc/mandrake-release +/etc/manpath.config +/etc/miredo.conf +/etc/miredo/miredo.conf +/etc/miredo/miredo-server.conf +/etc/miredo-server.conf +/etc/modules +/etc/mono/config +/etc/motd +/etc/mtab +/etc/mtools.conf +/etc/muddleftpd.com +/etc/muddleftpd/muddleftpd.conf +/etc/muddleftpd/muddleftpd.passwd +/etc/muddleftpd/mudlog +/etc/muddleftpd/mudlogd.conf +/etc/muddleftpd/passwd +/etc/my.cnf +/etc/mysql/my.cnf +/etc/networks +/etc/nginx/nginx.conf +/etc/openldap/ldap.conf +/etc/os-release +/etc/osxhttpd/osxhttpd.conf +/etc/pam.conf +/etc/passwd +/etc/passwd- +/etc/passwd~ +/etc/password.master +/etc/php4/apache2/php.ini +/etc/php4/apache/php.ini +/etc/php4/cgi/php.ini +/etc/php5/apache2/php.ini +/etc/php5/apache/php.ini +/etc/php5/cgi/php.ini +/etc/php/apache2/php.ini +/etc/php/apache/php.ini +/etc/php/cgi/php.ini +/etc/php.ini +/etc/phpmyadmin/config.inc.php +/etc/php/php4/php.ini +/etc/php/php.ini +/etc/postgresql/pg_hba.conf +/etc/postgresql/postgresql.conf +/etc/profile +/etc/proftp.conf +/etc/proftpd/modules.conf +/etc/protpd/proftpd.conf +/etc/pulse/client.conf +/etc/pure-ftpd.conf +/etc/pureftpd.passwd +/etc/pureftpd.pdb +/etc/pure-ftpd/pure-ftpd.conf +/etc/pure-ftpd/pure-ftpd.pdb +/etc/pure-ftpd/pureftpd.pdb +/etc/rc.conf +/etc/redhat-release +/etc/resolv.conf +/etc/samba/dhcp.conf +/etc/samba/netlogon +/etc/samba/private/smbpasswd +/etc/samba/samba.conf +/etc/samba/smb.conf +/etc/samba/smb.conf.user +/etc/samba/smbpasswd +/etc/samba/smbusers +/etc/security/access.conf +/etc/security/environ +/etc/security/failedlogin +/etc/security/group +/etc/security/group.conf +/etc/security/lastlog +/etc/security/limits +/etc/security/limits.conf +/etc/security/namespace.conf +/etc/security/opasswd +/etc/security/pam_env.conf +/etc/security/passwd +/etc/security/passwd +/etc/security/sepermit.conf +/etc/security/time.conf +/etc/security/user +/etc/sensors3.conf +/etc/sensors.conf +/etc/shadow +/etc/shadow- +/etc/shadow~ +/etc/slackware-release +/etc/smb.conf +/etc/smbpasswd +/etc/smi.conf +/etc/squirrelmail/apache.conf +/etc/squirrelmail/config/config.php +/etc/squirrelmail/config_default.php +/etc/squirrelmail/config_local.php +/etc/squirrelmail/config.php +/etc/squirrelmail/default_pref +/etc/squirrelmail/filters_setup.php +/etc/squirrelmail/index.php +/etc/squirrelmail/sqspell_config.php +/etc/ssh/sshd_config +/etc/sso/sso_config.ini +/etc/stunnel/stunnel.conf +/etc/sudoers +/etc/SUSE-release +/etc/sysconfig/network-scripts/ifcfg-eth0 +/etc/sysctl.conf +/etc/syslog.conf +/etc/timezone +/etc/tinyproxy/tinyproxy.conf +/etc/tor/tor-tsocks.conf +/etc/tsocks.conf +/etc/updatedb.conf +/etc/updatedb.conf.BeforeVMwareToolsInstall +/etc/utmp +/etc/vhcs2/proftpd/proftpd.conf +/etc/vmware-tools/config +/etc/vmware-tools/tpvmlp.conf +/etc/vmware-tools/vmware-tools-libraries.conf +/etc/vsftpd.chroot_list +/etc/vsftpd.conf +/etc/vsftpd/vsftpd.conf +/etc/webmin/miniserv.conf +/etc/webmin/miniserv.users +/etc/wicd/dhclient.conf.template.default +/etc/wicd/manager-settings.conf +/etc/wicd/wired-settings.conf +/etc/wicd/wireless-settings.conf +/etc/wu-ftpd/ftpaccess +/etc/wu-ftpd/ftphosts +/etc/wu-ftpd/ftpusers +/etc/X11/xorg.conf +/etc/X11/xorg.conf.BeforeVMwareToolsInstall +/etc/X11/xorg.conf.orig +/etc/X11/xorg.conf-vesa +/etc/X11/xorg.conf-vmware +/home2/bin/stable/apache/php.ini +/home2\bin\stable\apache\php.ini +/home/bin/stable/apache/php.ini +/home\bin\stable\apache\php.ini +/home/postgres/data/pg_hba.conf +/home/postgres/data/pg_ident.conf +/home/postgres/data/PG_VERSION +/home/postgres/data/postgresql.conf +/home/user/lighttpd/lighttpd.conf +/http/httpd.conf +/[JBOSS]/server/default/conf/jboss-minimal.xml +/[JBOSS]/server/default/conf/jboss-service.xml +/[JBOSS]/server/default/conf/jndi.properties +/[JBOSS]/server/default/conf/log4j.xml +/[JBOSS]/server/default/conf/login-config.xml +/[JBOSS]/server/default/conf/server.log.properties +/[JBOSS]/server/default/conf/standardjaws.xml +/[JBOSS]/server/default/conf/standardjboss.xml +/[JBOSS]/server/default/deploy/jboss-logging.xml +/[JBOSS]/server/default/log/boot.log +/[JBOSS]/server/default/log/server.log +/Library/WebServer/Documents/default.htm +/Library/WebServer/Documents/default.html +/Library/WebServer/Documents/default.php +/Library/WebServer/Documents/.htaccess +/Library/WebServer/Documents/index.htm +/Library/WebServer/Documents/index.html +/Library/WebServer/Documents/index.php +/logs/access.log +/logs/access_log +/logs/error.log +/logs/error_log +/logs/pure-ftpd.log +/logs/security_debug_log +/logs/security_log +/mysql/bin/my.ini +/MySQL/data/{HOST}.err +/MySQL/data/mysql-bin.index +/MySQL/data/mysql-bin.log +/MySQL/data/mysql.err +/MySQL/data/mysql.log +/MySQL/my.cnf +/MySQL/my.ini +/NetServer/bin/stable/apache/php.ini +/NetServer\bin\stable\apache\php.ini +/opt/apache22/conf/httpd.conf +/opt/apache2/apache2.conf +/opt/apache2/apache.conf +/opt/apache2/conf/apache2.conf +/opt/apache2/conf/apache.conf +/opt/apache2/conf/httpd.conf +/opt/apache/apache2.conf +/opt/apache/apache.conf +/opt/apache/conf/apache2.conf +/opt/apache/conf/apache.conf +/opt/apache/conf/httpd.conf +/opt/httpd/apache2.conf +/opt/httpd/apache.conf +/opt/httpd/conf/apache2.conf +/opt/httpd/conf/apache.conf +/opt/[JBOSS]/server/default/conf/jboss-minimal.xml +/opt/[JBOSS]/server/default/conf/jboss-service.xml +/opt/[JBOSS]/server/default/conf/jndi.properties +/opt/[JBOSS]/server/default/conf/log4j.xml +/opt/[JBOSS]/server/default/conf/login-config.xml +/opt/[JBOSS]/server/default/conf/server.log.properties +/opt/[JBOSS]/server/default/conf/standardjaws.xml +/opt/[JBOSS]/server/default/conf/standardjboss.xml +/opt/[JBOSS]/server/default/deploy/jboss-logging.xml +/opt/[JBOSS]/server/default/log/boot.log +/opt/[JBOSS]/server/default/log/server.log +/opt/lampp/etc/httpd.conf +/opt/lampp/logs/access.log +/opt/lampp/logs/access_log +/opt/lampp/logs/error.log +/opt/lampp/logs/error_log +/opt/lsws/conf/httpd_conf.xml +/opt/lsws/logs/access.log +/opt/lsws/logs/error.log +/opt/tomcat/logs/catalina.err +/opt/tomcat/logs/catalina.out +/opt/xampp/etc/php.ini +/opt/xampp/logs/access.log +/opt/xampp/logs/access_log +/opt/xampp/logs/error.log +/opt/xampp/logs/error_log +/private/etc/httpd/apache2.conf +/private/etc/httpd/apache.conf +/private/etc/httpd/httpd.conf +/private/etc/httpd/httpd.conf.default +/private/etc/squirrelmail/config/config.php +/private/tmp/[JBOSS]/server/default/conf/jboss-minimal.xml +/private/tmp/[JBOSS]/server/default/conf/jboss-service.xml +/private/tmp/[JBOSS]/server/default/conf/jndi.properties +/private/tmp/[JBOSS]/server/default/conf/log4j.xml +/private/tmp/[JBOSS]/server/default/conf/login-config.xml +/private/tmp/[JBOSS]/server/default/conf/server.log.properties +/private/tmp/[JBOSS]/server/default/conf/standardjaws.xml +/private/tmp/[JBOSS]/server/default/conf/standardjboss.xml +/private/tmp/[JBOSS]/server/default/deploy/jboss-logging.xml +/private/tmp/[JBOSS]/server/default/log/boot.log +/private/tmp/[JBOSS]/server/default/log/server.log +/proc/cpuinfo +/proc/devices +/proc/meminfo +/proc/net/tcp +/proc/net/udp +/proc/self/cmdline +/proc/self/environ +/proc/self/mounts +/proc/self/stat +/proc/self/status +/proc/version +/Program Files/Apache Group/Apache2/conf/apache2.conf +/Program Files/Apache Group/Apache2/conf/apache.conf +/Program Files/Apache Group/Apache2/conf/httpd.conf +/Program Files\Apache Group\Apache2\conf\httpd.conf +/Program Files/Apache Group/Apache/apache2.conf +/Program Files/Apache Group/Apache/apache.conf +/Program Files/Apache Group/Apache/conf/apache2.conf +/Program Files/Apache Group/Apache/conf/apache.conf +/Program Files/Apache Group/Apache/conf/httpd.conf +/Program Files\Apache Group\Apache\conf\httpd.conf +/Program Files/Apache Group/Apache/logs/access.log +/Program Files\Apache Group\Apache\logs\access.log +/Program Files/Apache Group/Apache/logs/error.log +/Program Files\Apache Group\Apache\logs\error.log +/Program Files/[JBOSS]/server/default/conf/jboss-minimal.xml +/Program Files/[JBOSS]/server/default/conf/jboss-service.xml +/Program Files/[JBOSS]/server/default/conf/jndi.properties +/Program Files/[JBOSS]/server/default/conf/log4j.xml +/Program Files/[JBOSS]/server/default/conf/login-config.xml +/Program Files/[JBOSS]/server/default/conf/server.log.properties +/Program Files/[JBOSS]/server/default/conf/standardjaws.xml +/Program Files/[JBOSS]/server/default/conf/standardjboss.xml +/Program Files/[JBOSS]/server/default/deploy/jboss-logging.xml +/Program Files/[JBOSS]/server/default/log/boot.log +/Program Files/[JBOSS]/server/default/log/server.log +/Program Files/MySQL/data/{HOST}.err +/Program Files/MySQL/data/mysql-bin.index +/Program Files/MySQL/data/mysql-bin.log +/Program Files/MySQL/data/mysql.err +/Program Files/MySQL/data/mysql.log +/Program Files/MySQL/my.cnf +/Program Files/MySQL/my.ini +/Program Files/Vidalia Bundle/Polipo/polipo.conf +/Program Files/xampp/apache/conf/apache2.conf +/Program Files/xampp/apache/conf/apache.conf +/Program Files/xampp/apache/conf/httpd.conf +/Program Files\xampp\apache\conf\httpd.conf +/root/.bash_config +/root/.bash_history +/root/.bash_logout +/root/.bashrc +/root/.ksh_history +/root/.Xauthority +/srv/www/htdos/squirrelmail/config/config.php +/tmp/access.log +/tmp/[JBOSS]/server/default/conf/jboss-minimal.xml +/tmp/[JBOSS]/server/default/conf/jboss-service.xml +/tmp/[JBOSS]/server/default/conf/jndi.properties +/tmp/[JBOSS]/server/default/conf/log4j.xml +/tmp/[JBOSS]/server/default/conf/login-config.xml +/tmp/[JBOSS]/server/default/conf/server.log.properties +/tmp/[JBOSS]/server/default/conf/standardjaws.xml +/tmp/[JBOSS]/server/default/conf/standardjboss.xml +/tmp/[JBOSS]/server/default/deploy/jboss-logging.xml +/tmp/[JBOSS]/server/default/log/boot.log +/tmp/[JBOSS]/server/default/log/server.log +/usr/apache2/conf/httpd.conf +/usr/apache/conf/httpd.conf +/usr/etc/pure-ftpd.conf +/usr/home/user/lighttpd/lighttpd.conf +/usr/home/user/var/log/apache.log +/usr/home/user/var/log/lighttpd.error.log +/usr/internet/pgsql/data/pg_hba.conf +/usr/internet/pgsql/data/postmaster.log +/usr/lib/cron/log +/usr/lib/php.ini +/usr/lib/php/php.ini +/usr/lib/security/mkuser.default +/usr/local/apache22/conf/httpd.conf +/usr/local/apache22/httpd.conf +/usr/local/apache2/apache2.conf +/usr/local/apache2/apache.conf +/usr/local/apache2/conf/apache2.conf +/usr/local/apache2/conf/apache.conf +/usr/local/apache2/conf/extra/httpd-ssl.conf +/usr/local/apache2/conf/httpd.conf +/usr/local/apache2/conf/modsec.conf +/usr/local/apache2/conf/ssl.conf +/usr/local/apache2/conf/vhosts.conf +/usr/local/apache2/conf/vhosts-custom.conf +/usr/local/apache2/httpd.conf +/usr/local/apache2/logs/access.log +/usr/local/apache2/logs/access_log +/usr/local/apache2/logs/audit_log +/usr/local/apache2/logs/error.log +/usr/local/apache2/logs/error_log +/usr/local/apache2/logs/lighttpd.error.log +/usr/local/apache2/logs/lighttpd.log +/usr/local/apache/apache2.conf +/usr/local/apache/apache.conf +/usr/local/apache/conf/access.conf +/usr/local/apache/conf/apache2.conf +/usr/local/apache/conf/apache.conf +/usr/local/apache/conf/httpd.conf +/usr/local/apache/conf/httpd.conf.default +/usr/local/apache/conf/modsec.conf +/usr/local/apache/conf/php.ini +/usr/local/apache/conf/vhosts.conf +/usr/local/apache/conf/vhosts-custom.conf +/usr/local/apache/httpd.conf +/usr/local/apache/logs/access.log +/usr/local/apache/logs/access_log +/usr/local/apache/logs/audit_log +/usr/local/apache/logs/error.log +/usr/local/apache/logs/error_log +/usr/local/apache/logs/lighttpd.error.log +/usr/local/apache/logs/lighttpd.log +/usr/local/apache/logs/mod_jk.log +/usr/local/apps/apache22/conf/httpd.conf +/usr/local/apps/apache2/conf/httpd.conf +/usr/local/apps/apache/conf/httpd.conf +/usr/local/cpanel/logs +/usr/local/cpanel/logs/access_log +/usr/local/cpanel/logs/error_log +/usr/local/cpanel/logs/license_log +/usr/local/cpanel/logs/login_log +/usr/local/cpanel/logs/stats_log +/usr/local/etc/apache22/conf/httpd.conf +/usr/local/etc/apache22/httpd.conf +/usr/local/etc/apache2/conf/httpd.conf +/usr/local/etc/apache2/httpd.conf +/usr/local/etc/apache2/vhosts.conf +/usr/local/etc/apache/conf/httpd.conf +/usr/local/etc/apache/httpd.conf +/usr/local/etc/apache/vhosts.conf +/usr/local/etc/httpd/conf +/usr/local/etc/httpd/conf/httpd.conf +/usr/local/etc/lighttpd.conf +/usr/local/etc/lighttpd.conf.new +/usr/local/etc/nginx/nginx.conf +/usr/local/etc/php.ini +/usr/local/etc/pure-ftpd.conf +/usr/local/etc/pureftpd.pdb +/usr/local/etc/smb.conf +/usr/local/etc/webmin/miniserv.conf +/usr/local/etc/webmin/miniserv.users +/usr/local/httpd/conf/httpd.conf +/usr/local/jakarta/dist/tomcat/conf/context.xml +/usr/local/jakarta/dist/tomcat/conf/jakarta.conf +/usr/local/jakarta/dist/tomcat/conf/logging.properties +/usr/local/jakarta/dist/tomcat/conf/server.xml +/usr/local/jakarta/dist/tomcat/conf/workers.properties +/usr/local/jakarta/dist/tomcat/logs/mod_jk.log +/usr/local/jakarta/tomcat/conf/context.xml +/usr/local/jakarta/tomcat/conf/jakarta.conf +/usr/local/jakarta/tomcat/conf/logging.properties +/usr/local/jakarta/tomcat/conf/server.xml +/usr/local/jakarta/tomcat/conf/workers.properties +/usr/local/jakarta/tomcat/logs/catalina.err +/usr/local/jakarta/tomcat/logs/catalina.out +/usr/local/jakarta/tomcat/logs/mod_jk.log +/usr/local/[JBOSS]/server/default/conf/jboss-minimal.xml +/usr/local/[JBOSS]/server/default/conf/jboss-service.xml +/usr/local/[JBOSS]/server/default/conf/jndi.properties +/usr/local/[JBOSS]/server/default/conf/log4j.xml +/usr/local/[JBOSS]/server/default/conf/login-config.xml +/usr/local/[JBOSS]/server/default/conf/server.log.properties +/usr/local/[JBOSS]/server/default/conf/standardjaws.xml +/usr/local/[JBOSS]/server/default/conf/standardjboss.xml +/usr/local/[JBOSS]/server/default/deploy/jboss-logging.xml +/usr/local/[JBOSS]/server/default/log/boot.log +/usr/local/[JBOSS]/server/default/log/server.log +/usr/local/lib/php.ini +/usr/local/lighttpd/conf/lighttpd.conf +/usr/local/lighttpd/log/access.log +/usr/local/lighttpd/log/lighttpd.error.log +/usr/local/logs/access.log +/usr/local/logs/samba.log +/usr/local/lsws/conf/httpd_conf.xml +/usr/local/lsws/logs/error.log +/usr/local/mysql/data/{HOST}.err +/usr/local/mysql/data/mysql-bin.index +/usr/local/mysql/data/mysql-bin.log +/usr/local/mysql/data/mysqlderror.log +/usr/local/mysql/data/mysql.err +/usr/local/mysql/data/mysql.log +/usr/local/mysql/data/mysql-slow.log +/usr/local/nginx/conf/nginx.conf +/usr/local/pgsql/bin/pg_passwd +/usr/local/pgsql/data/passwd +/usr/local/pgsql/data/pg_hba.conf +/usr/local/pgsql/data/pg_log +/usr/local/pgsql/data/postgresql.conf +/usr/local/pgsql/data/postgresql.log +/usr/local/php4/apache2.conf +/usr/local/php4/apache2.conf.php +/usr/local/php4/apache.conf +/usr/local/php4/apache.conf.php +/usr/local/php4/httpd.conf +/usr/local/php4/httpd.conf.php +/usr/local/php4/lib/php.ini +/usr/local/php5/apache2.conf +/usr/local/php5/apache2.conf.php +/usr/local/php5/apache.conf +/usr/local/php5/apache.conf.php +/usr/local/php5/httpd.conf +/usr/local/php5/httpd.conf.php +/usr/local/php5/lib/php.ini +/usr/local/php/apache2.conf +/usr/local/php/apache2.conf.php +/usr/local/php/apache.conf +/usr/local/php/apache.conf.php +/usr/local/php/httpd.conf +/usr/local/php/httpd.conf.php +/usr/local/php/lib/php.ini +/usr/local/psa/admin/conf/php.ini +/usr/local/psa/admin/conf/site_isolation_settings.ini +/usr/local/psa/admin/htdocs/domains/databases/phpMyAdmin/libraries/config.default.php +/usr/local/psa/admin/logs/httpsd_access_log +/usr/local/psa/admin/logs/panel.log +/usr/local/pureftpd/etc/pure-ftpd.conf +/usr/local/pureftpd/etc/pureftpd.pdb +/usr/local/pureftpd/sbin/pure-config.pl +/usr/local/samba/lib/log.user +/usr/local/samba/lib/smb.conf.user +/usr/local/sb/config +/usr/local/Zend/etc/php.ini +/usr/local/zeus/web/global.cfg +/usr/local/zeus/web/log/errors +/usr/pkg/etc/httpd/httpd.conf +/usr/pkg/etc/httpd/httpd-default.conf +/usr/pkg/etc/httpd/httpd-vhosts.conf +/usr/pkgsrc/net/pureftpd/ +/usr/pkgsrc/net/pureftpd/pure-ftpd.conf +/usr/pkgsrc/net/pureftpd/pureftpd.passwd +/usr/pkgsrc/net/pureftpd/pureftpd.pdb +/usr/ports/contrib/pure-ftpd/ +/usr/ports/contrib/pure-ftpd/pure-ftpd.conf +/usr/ports/contrib/pure-ftpd/pureftpd.passwd +/usr/ports/contrib/pure-ftpd/pureftpd.pdb +/usr/ports/ftp/pure-ftpd/ +/usr/ports/ftp/pure-ftpd/pure-ftpd.conf +/usr/ports/ftp/pure-ftpd/pureftpd.passwd +/usr/ports/ftp/pure-ftpd/pureftpd.pdb +/usr/ports/net/pure-ftpd/ +/usr/ports/net/pure-ftpd/pure-ftpd.conf +/usr/ports/net/pure-ftpd/pureftpd.passwd +/usr/ports/net/pure-ftpd/pureftpd.pdb +/usr/sbin/mudlogd +/usr/sbin/mudpasswd +/usr/sbin/pure-config.pl +/usr/share/adduser/adduser.conf +/usr/share/logs/catalina.err +/usr/share/logs/catalina.out +/usr/share/squirrelmail/config/config.php +/usr/share/squirrelmail/plugins/squirrel_logger/setup.php +/usr/share/tomcat6/conf/context.xml +/usr/share/tomcat6/conf/logging.properties +/usr/share/tomcat6/conf/server.xml +/usr/share/tomcat6/conf/workers.properties +/usr/share/tomcat6/logs/catalina.err +/usr/share/tomcat6/logs/catalina.out +/usr/share/tomcat/logs/catalina.err +/usr/share/tomcat/logs/catalina.out +/usr/spool/lp/log +/usr/spool/mqueue/syslog +/var/adm/acct/sum/loginlog +/var/adm/aculog +/var/adm/aculogs +/var/adm/crash/unix +/var/adm/crash/vmcore +/var/adm/cron/log +/var/adm/dtmp +/var/adm/lastlog/username +/var/adm/log/asppp.log +/var/adm/loginlog +/var/adm/log/xferlog +/var/adm/lp/lpd-errs +/var/adm/messages +/var/adm/pacct +/var/adm/qacct +/var/adm/ras/bootlog +/var/adm/ras/errlog +/var/adm/sulog +/var/adm/SYSLOG +/var/adm/utmp +/var/adm/utmpx +/var/adm/vold.log +/var/adm/wtmp +/var/adm/wtmpx +/var/adm/X0msgs +/var/apache/conf/httpd.conf +/var/cpanel/cpanel.config +/var/cpanel/tomcat.options +/var/cron/log +/var/data/mysql-bin.index +/var/lib/mysql/my.cnf +/var/lib/pgsql/data/postgresql.conf +/var/lib/squirrelmail/prefs/squirrelmail.log +/var/lighttpd.log +/var/local/www/conf/php.ini +/var/log/access.log +/var/log/access_log +/var/log/apache2/access.log +/var/log/apache2/access_log +/var/log/apache2/error.log +/var/log/apache2/error_log +/var/log/apache2/squirrelmail.err.log +/var/log/apache2/squirrelmail.log +/var/log/apache/access.log +/var/log/apache/access_log +/var/log/apache/error.log +/var/log/apache/error_log +/var/log/auth.log +/var/log/authlog +/var/log/boot.log +/var/log/cron/var/log/postgres.log +/var/log/daemon.log +/var/log/daemon.log.1 +/var/log/data/mysql-bin.index +/var/log/dmessage +/var/log/error.log +/var/log/error_log +/var/log/exim/mainlog +/var/log/exim_mainlog +/var/log/exim/paniclog +/var/log/exim_paniclog +/var/log/exim/rejectlog +/var/log/exim_rejectlog +/var/log/ftplog +/var/log/ftp-proxy +/var/log/ftp-proxy/ftp-proxy.log +/var/log/httpd-access.log +/var/log/httpd/access.log +/var/log/httpd/access_log +/var/log/httpd/error.log +/var/log/httpd/error_log +/var/log/ipfw +/var/log/ipfw/ipfw.log +/var/log/ipfw.log +/var/log/ipfw.today +/var/log/kern.log +/var/log/kern.log.1 +/var/log/lighttpd/ +/var/log/lighttpd.access.log +/var/log/lighttpd/access.log +/var/log/lighttpd/access.www.log +/var/log/lighttpd/{DOMAIN}/access.log +/var/log/lighttpd/{DOMAIN}/error.log +/var/log/lighttpd.error.log +/var/log/lighttpd/error.log +/var/log/lighttpd/error.www.log +/var/log/log.smb +/var/log/mail.err +/var/log/mail.info +/var/log/mail.log +/var/log/maillog +/var/log/mail.warn +/var/log/messages +/var/log/messages.1 +/var/log/muddleftpd +/var/log/muddleftpd.conf +/var/log/mysql-bin.index +/var/log/mysql/data/mysql-bin.index +/var/log/mysqlderror.log +/var/log/mysql.err +/var/log/mysql.log +/var/log/mysql/mysql-bin.index +/var/log/mysql/mysql-bin.log +/var/log/mysql/mysql.log +/var/log/mysql/mysql-slow.log +/var/log/news.all +/var/log/news/news.all +/var/log/news/news.crit +/var/log/news/news.err +/var/log/news/news.notice +/var/log/news/suck.err +/var/log/news/suck.notice +/var/log/nginx.access_log +/var/log/nginx/access.log +/var/log/nginx/access_log +/var/log/nginx.error_log +/var/log/nginx/error.log +/var/log/nginx/error_log +/var/log/pgsql8.log +/var/log/pgsql_log +/var/log/pgsql/pgsql.log +/var/log/pm-powersave.log +/var/log/POPlog +/var/log/postgres/pg_backup.log +/var/log/postgres/postgres.log +/var/log/postgresql.log +/var/log/postgresql/main.log +/var/log/postgresql/postgres.log +/var/log/postgresql/postgresql-8.1-main.log +/var/log/postgresql/postgresql-8.3-main.log +/var/log/postgresql/postgresql-8.4-main.log +/var/log/postgresql/postgresql-9.0-main.log +/var/log/postgresql/postgresql-9.1-main.log +/var/log/postgresql/postgresql.log +/var/log/proftpd +/var/log/proftpd.access_log +/var/log/proftpd.xferlog +/var/log/proftpd/xferlog.legacy +/var/log/pureftpd.log +/var/log/pure-ftpd/pure-ftpd.log +/var/logs/access.log +/var/log/samba.log +/var/log/samba.log1 +/var/log/samba.log2 +/var/log/samba/log.nmbd +/var/log/samba/log.smbd +/var/log/squirrelmail.log +/var/log/sso/sso.log +/var/log/sw-cp-server/error_log +/var/log/syslog +/var/log/syslog.1 +/var/log/tomcat6/catalina.out +/var/log/ufw.log +/var/log/user.log +/var/log/user.log.1 +/var/log/vmware/hostd-1.log +/var/log/vmware/hostd.log +/var/log/vsftpd.log +/var/log/webmin/miniserv.log +/var/log/xferlog +/var/log/Xorg.0.log +/var/lp/logs/lpNet +/var/lp/logs/lpsched +/var/lp/logs/requests +/var/mail/root +/var/mysql-bin.index +/var/mysql.log +/var/nm2/postgresql.conf +/var/postgresql/db/postgresql.conf +/var/postgresql/log/postgresql.log +/var/saf/_log +/var/saf/port/log +/var/spool/cron/crontabs/root +/var/spool/cron/crontabs/root +/var/www/conf +/var/www/conf/httpd.conf +/var/www/html/squirrelmail/config/config.php +/var/www/.lighttpdpassword +/var/www/logs/access.log +/var/www/logs/access_log +/var/www/logs/error.log +/var/www/logs/error_log +/var/www/squirrelmail/config/config.php +/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf +/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf +/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf +/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php +/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php +/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php +/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini +/Volumes/webBackup/opt/apache2/conf/httpd.conf +/Volumes/webBackup/private/etc/httpd/httpd.conf +/Volumes/webBackup/private/etc/httpd/httpd.conf.default +/wamp/bin/apache/apache2.2.21/conf/httpd.conf +/wamp/bin/apache/apache2.2.21/logs/access.log +/wamp/bin/apache/apache2.2.21/logs/error.log +/wamp/bin/apache/apache2.2.21/wampserver.conf +/wamp/bin/apache/apache2.2.22/conf/httpd.conf +/wamp/bin/apache/apache2.2.22/conf/wampserver.conf +/wamp/bin/apache/apache2.2.22/logs/access.log +/wamp/bin/apache/apache2.2.22/logs/error.log +/wamp/bin/apache/apache2.2.22/wampserver.conf +/wamp/bin/mysql/mysql5.5.16/data/mysql-bin.index +/wamp/bin/mysql/mysql5.5.16/my.ini +/wamp/bin/mysql/mysql5.5.16/wampserver.conf +/wamp/bin/mysql/mysql5.5.24/data/mysql-bin.index +/wamp/bin/mysql/mysql5.5.24/my.ini +/wamp/bin/mysql/mysql5.5.24/wampserver.conf +/wamp/logs/access.log +/wamp/logs/apache_error.log +/wamp/logs/genquery.log +/wamp/logs/mysql.log +/wamp/logs/slowquery.log +/web/conf/php.ini +/WINDOWS/php.ini +/WINDOWS\php.ini +/WINDOWS/system32/logfiles/MSFTPSVC +/WINDOWS/system32/logfiles/MSFTPSVC1 +/WINDOWS/system32/logfiles/MSFTPSVC2 +/WINDOWS/system32/logfiles/SMTPSVC +/WINDOWS/system32/logfiles/SMTPSVC1 +/WINDOWS/system32/logfiles/SMTPSVC2 +/WINDOWS/system32/logfiles/SMTPSVC3 +/WINDOWS/system32/logfiles/SMTPSVC4 +/WINDOWS/system32/logfiles/SMTPSVC5 +/WINDOWS/system32/logfiles/W3SVC1/inetsvn1.log +/WINDOWS/system32/logfiles/W3SVC2/inetsvn1.log +/WINDOWS/system32/logfiles/W3SVC3/inetsvn1.log +/WINDOWS/system32/logfiles/W3SVC/inetsvn1.log +/WINNT/php.ini +/WINNT\php.ini +/WINNT/system32/logfiles/MSFTPSVC +/WINNT/system32/logfiles/MSFTPSVC1 +/WINNT/system32/logfiles/MSFTPSVC2 +/WINNT/system32/logfiles/SMTPSVC +/WINNT/system32/logfiles/SMTPSVC1 +/WINNT/system32/logfiles/SMTPSVC2 +/WINNT/system32/logfiles/SMTPSVC3 +/WINNT/system32/logfiles/SMTPSVC4 +/WINNT/system32/logfiles/SMTPSVC5 +/WINNT/system32/logfiles/W3SVC1/inetsvn1.log +/WINNT/system32/logfiles/W3SVC2/inetsvn1.log +/WINNT/system32/logfiles/W3SVC3/inetsvn1.log +/WINNT/system32/logfiles/W3SVC/inetsvn1.log +/www/apache/conf/httpd.conf +/www/conf/httpd.conf +/www/logs/freebsddiary-access_log +/www/logs/freebsddiary-error.log +/www/logs/proftpd.system.log +/xampp/apache/bin/php.ini +/xampp\apache\bin\php.ini +/xampp/apache/conf/httpd.conf +/xampp/apache/logs/access.log +/xampp/apache/logs/error.log +/xampp/FileZillaFTP/FileZilla Server.xml +/xampp/htdocs/aca.txt +/xampp/htdocs/admin.php +/xampp/htdocs/leer.txt +/xampp/MercuryMail/mercury.ini +/xampp/mysql/data/{HOST}.err +/xampp/mysql/data/mysql-bin.index +/xampp/mysql/data/mysql.err +/xampp/phpMyAdmin/config.inc.php +/xampp/php/php.ini +/xampp/sendmail/sendmail.ini +/xampp/sendmail/sendmail.log +/xampp/webalizer/webalizer.conf +/proc/self/fd/0 +/proc/self/fd/1 +/proc/self/fd/2 +/proc/self/fd/3 +/proc/self/fd/4 +/proc/self/fd/5 +/proc/self/fd/6 +/proc/self/fd/7 +/proc/self/fd/8 +/proc/self/fd/9 +/proc/self/fd/10 +/proc/self/fd/11 +/proc/self/fd/12 +/proc/self/fd/13 +/proc/self/fd/14 +/proc/self/fd/15 +/proc/self/fd/16 +/proc/self/fd/17 +/proc/self/fd/18 +/proc/self/fd/19 +/proc/self/fd/20 +/proc/self/fd/21 +/proc/self/fd/22 +/proc/self/fd/23 +/proc/self/fd/24 +/proc/self/fd/25 +/proc/self/fd/26 +/proc/self/fd/27 +/proc/self/fd/28 +/proc/self/fd/29 +/proc/self/fd/30 +/proc/self/fd/31 +/proc/self/fd/32 +/proc/self/fd/33 +/proc/self/fd/34 +/proc/self/fd/35 +/proc/self/fd/36 +/proc/self/fd/37 +/proc/self/fd/38 +/proc/self/fd/39 +/proc/self/fd/40 +/proc/self/fd/41 +/proc/self/fd/42 +/proc/self/fd/43 +/proc/self/fd/44 +/proc/self/fd/45 +/proc/self/fd/46 +/proc/self/fd/47 +/proc/self/fd/48 +/proc/self/fd/49 +/proc/self/fd/50 +/proc/self/fd/51 +/proc/self/fd/52 +/proc/self/fd/53 +/proc/self/fd/54 +/proc/self/fd/55 +/proc/self/fd/56 +/proc/self/fd/57 +/proc/self/fd/58 +/proc/self/fd/59 +/proc/self/fd/60 +/proc/self/fd/61 +/proc/self/fd/62 +/proc/self/fd/63 +/proc/self/fd/64 +/proc/self/fd/65 +/proc/self/fd/66 +/proc/self/fd/67 +/proc/self/fd/68 +/proc/self/fd/69 +/proc/self/fd/70 +/proc/self/fd/71 +/proc/self/fd/72 +/proc/self/fd/73 +/proc/self/fd/74 +/proc/self/fd/75 +/proc/self/fd/76 +/proc/self/fd/77 +/proc/self/fd/78 +/proc/self/fd/79 +/proc/self/fd/80 +/proc/self/fd/81 +/proc/self/fd/82 +/proc/self/fd/83 +/proc/self/fd/84 +/proc/self/fd/85 +/proc/self/fd/86 +/proc/self/fd/87 +/proc/self/fd/88 +/proc/self/fd/89 +/proc/self/fd/90 +/proc/self/fd/91 +/proc/self/fd/92 +/proc/self/fd/93 +/proc/self/fd/94 +/proc/self/fd/95 +/proc/self/fd/96 +/proc/self/fd/97 +/proc/self/fd/98 +/proc/self/fd/99 +/proc/self/fd/100 diff --git a/pentesting-web/file-inclusion.md b/pentesting-web/file-inclusion.md index 0eef3ced..7e92ed62 100644 --- a/pentesting-web/file-inclusion.md +++ b/pentesting-web/file-inclusion.md @@ -17,7 +17,7 @@ A interesting tool to exploit this vulnerability: [https://github.com/kurobeats/ **Mixing several \*nix LFI lists and adding more paths I have created this one:** -{% file src="../.gitbook/assets/lfi \(2\).txt" %} +{% file src="../.gitbook/assets/lfi2.txt" %} A list that uses several techniques to find the file /etc/password \(to check if the vulnerability exists\) can be found [here](https://github.com/xmendez/wfuzz/blob/master/wordlist/vulns/dirTraversal-nix.txt)