ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-18 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #273 from Gorgamite/master

Browse Source 
Specifying alternative access method through SSH
This commit is contained in:
Swissky 2020-10-25 11:50:01 +01:00 committed by GitHub
commit 9e61eb91be
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
File Inclusion/README.md
View File

@ -397,6 +397,9 @@ http://example.com/index.php?page=../../../../../../etc/shadow
Then crack the hashes inside in order to login via SSH on the machine.
Another way to gain SSH access to a Linux machine through LFI is by reading the private key file, id_rsa.
If SSH is active check which user is being used `/proc/self/status` and `/etc/passwd` and try to access `/<HOME>/.ssh/id_rsa`.
## References
* [OWASP LFI](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)