Hack$Notes
  • Hack$Notes
  • Enumeration
    • NMAP Scanning
    • Hping3 Scanning
      • IDLE SCAN
    • DNS Enum
    • SMB Enum
    • SMTP Enum
    • POP3
    • SNMP Enum
    • LDAP Enum
    • HTTP Enum
      • CheckList
    • FTP Enum
    • SSH Enum
    • MySQL Enum
    • Oracle Enum
    • NFS Enum
    • Internet Relay Chat (IRC)
    • Telnet
    • Kerberos
    • Finger
    • Ports Open/Close
    • ident
    • Postgresl
  • Transferring Files
  • Metasploit Framework
    • Msfvenom tutorial
    • Msfvenom Payloads
  • Reverse Shells
  • Buffer Overflow
    • B.O Steps
    • SLmail B.O
  • Spawning a Shell
  • Password Attacks
    • Passing the Hash
    • SAM/SYSTEM
    • Passwords
    • Hydra
    • Medusa
    • Ncrack
    • Unshadow
    • Hashcat
    • John The Ripper
    • fcrackzip
  • Privilege Escalation
    • Windows
      • Kernel Exploits
      • Stored Credentials
      • Unquoted Service Path
      • Always Install Elevated
      • Weak Permissions
      • Schedule Tasks
      • AutoRun Executables
      • Startup Apps
      • Passwords
      • Win PrivEsc Tools
    • Linux
      • Kernel Exploits
      • Service Exploits
      • PATH Variable
      • SUID/GUID files
      • CronJobs
      • Sudo
      • Custom Executable
      • Linux PrivEsc Tools
  • Port Forwarding
  • Tools / Techniques
    • General Check List
    • Misc. Commands
    • Steganography
    • Evasion Techniques
    • SQL Injection Payloads
    • LFI / RFI
    • Recover contents
    • JAR Files
    • Strace/Ltrace
    • Port Knocking
    • Screenshots in Kali
    • Curl
  • Resources
    • Books
    • Links
Powered by GitBook
On this page
  • Local File Inclusion
  • php://filter
  • Remote File Inclusion

Was this helpful?

  1. Tools / Techniques

LFI / RFI

Interesting Files for LFI

Local File Inclusion

Linux

/etc/passwd
/etc/shadow
/etc/issue
/etc/group
/etc/hostname

# Log Files
/var/log/apache/access.log
/var/log/apache2/access.log
/var/log/httpd/access_log
/var/log/apache/error.log
/var/log/apache2/error.log
/var/log/httpd/error_log
/var/log/messages
/var/log/cron.log
/var/log/auth.log

/var/www/html/wp-config.php                <-- Wordpress
/var/www/configuration.php                 <-- Joomla
/var/www/html/inc/header.inc.php           <-- Dolphin
/var/www/html/sites/default/settings.php   <-- Drupal
/var/www/configuration.php                 <-- Mambo
/var/www/config.php                        <-- PHP

Windows

C:/Windows/System32/drivers/etc/hosts
C:/Windows/Panther/Unattend/Unattended.xml
C:/Windows/Panther/Unattended.xml
C:/Windows/Panther/Unattend.txt
C:/Unattend.xml
C:/Autounattend.xml
C:/Windows/system32/sysprep

C:/inetpub/wwwroot
C:/inetpub/wwwroot/web.config
C:/inetpub/logs/logfiles

# XAMPP
C:/xampp/apache/conf/httpd.conf
C:/xampp/security/webdav.htpasswd
C:/xampp/apache/logs/access.log
C:/xampp/apache/logs/error.log
C:/xampp/tomcat/conf/web.xml
C:/xampp/tomcat/conf/tomcat-users.xml
C:/xampp/webalizer/webalizer.conf
C:/xampp/webalizer/webdav.txt
C:/xampp/apache/bin/php.ini
C:/xampp/apache/conf/httpd.conf

php://filter

php://filter/convert.base64-encode/resource=/var/www/html/wordpress/wp-config.php

Remote File Inclusion

# Both the below settings need to be enabled for RFI to be successful. 
allow_url_fopen = On
allow_url_include = On

PreviousSQL Injection PayloadsNextRecover contents

Last updated 3 years ago

Was this helpful?