mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-20 19:36:11 +00:00
Merge pull request #273 from Gorgamite/master
Specifying alternative access method through SSH
This commit is contained in:
commit
9e61eb91be
@ -397,6 +397,9 @@ http://example.com/index.php?page=../../../../../../etc/shadow
|
|||||||
|
|
||||||
Then crack the hashes inside in order to login via SSH on the machine.
|
Then crack the hashes inside in order to login via SSH on the machine.
|
||||||
|
|
||||||
|
Another way to gain SSH access to a Linux machine through LFI is by reading the private key file, id_rsa.
|
||||||
|
If SSH is active check which user is being used `/proc/self/status` and `/etc/passwd` and try to access `/<HOME>/.ssh/id_rsa`.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
* [OWASP LFI](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
|
* [OWASP LFI](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
|
||||||
|
Loading…
Reference in New Issue
Block a user