Backup_Repos/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2025-12-27 19:23:50 +01:00
Code Issues Projects Releases Wiki Activity

Specifying alternative access method through SSH

Browse source 
Specifying alternative access method through SSH since SSH is assumed to be running on the Linux machine. Read id_rsa for that user to obtain the SSH private key.
This commit is contained in:
Gorgamite 2020-10-25 02:51:07 -07:00 committed by GitHub
parent 955557d175
commit 1f96d34ddf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
File Inclusion/README.md
View file

@ -397,6 +397,9 @@ http://example.com/index.php?page=../../../../../../etc/shadow
Then crack the hashes inside in order to login via SSH on the machine.
Another way to gain SSH access to a Linux machine through LFI is by reading the private key file, id_rsa.
If SSH is active check which user is being used `/proc/self/status` and `/etc/passwd` and try to access `/<HOME>/.ssh/id_rsa`.
## References
* [OWASP LFI](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)