mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-20 19:36:11 +00:00
Merge pull request #273 from Gorgamite/master
Specifying alternative access method through SSH
This commit is contained in:
commit
9e61eb91be
@ -397,6 +397,9 @@ http://example.com/index.php?page=../../../../../../etc/shadow
|
||||
|
||||
Then crack the hashes inside in order to login via SSH on the machine.
|
||||
|
||||
Another way to gain SSH access to a Linux machine through LFI is by reading the private key file, id_rsa.
|
||||
If SSH is active check which user is being used `/proc/self/status` and `/etc/passwd` and try to access `/<HOME>/.ssh/id_rsa`.
|
||||
|
||||
## References
|
||||
|
||||
* [OWASP LFI](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
|
||||
|
Loading…
Reference in New Issue
Block a user