Wednesday, November 2, 2011

Local File Inclusion Tutorial Part 4 of 4

For the last part of our series, I have put together this list to go beyond /etc/passwd where we can find an LFI


/proc/
In the /proc/ can view information about the kernel, system, hardware etc..
Paths:
/proc/version
/proc/interrupts
/proc/meminfo
/proc/mounts
/proc/modules
/proc/partitions
/proc/filesystems
/proc/kallsyms
/proc/cpuinfo
/proc/cmdline


/proc/self/
The /proc/self is a link to the running process.
Paths:
/proc/self/environ


/proc/sys
The /proc/sys provides information but also (being an administrator) can enable or disable kernel features
Paths:
/proc/sys/fs
/proc/sys/dev/
/proc/sys/kernel/
/proc/sys/kernel/acct
/proc/sys/kernel/cap-bound
/proc/sys/kernel/domainname
/proc/sys/kernel/exec-shield
/proc/sys/kernel/exec-shield-randomize
/proc/sys/kernel/hostname
/proc/sys/kernel/hotplug
/proc/sys/kernel/modprobe
/proc/sys/kernel/version
/proc/sys/kernel/sysrq
/proc/sys/net/core/
/proc/sys/net/ipv4/
/proc/sys/vm/
/proc/sysvipc


/proc/net
The /proc/net displays information about the system's network configuration.
Paths:
/proc/net/arp
/proc/net/atm
/proc/net/dev
/proc/net/dev_mcast
/proc/net/igmp
/proc/net/ip_conntrack
/proc/net/ip_tables_names
/proc/net/ip_mr_cache
/proc/net/ip_mr_vif
/proc/net/netstat
/proc/net/psched
/proc/net/raw
/proc/net/route
/proc/net/rt_cache
/proc/net/snmp
/proc/net/sockstat
/proc/net/tcp
/proc/net/tr_rif
/proc/net/udp
/proc/net/unix
/proc/net/wireless



/proc/driver
The /proc/driver contains information about drivers that are being used in the system.

Other interesting paths
/proc/bus/
/proc/bus/usb/
/proc/bus/usb/devices
/proc/fs/nfsd/exports
/proc/tty/
/proc/tty/driver/serial
/proc/scsi/
/proc/ide/piix
/proc/ide/


Bonus :

You can also add to the list the following:

/etc/resolv.conf
/etc/hosts
/etc/postifx/main.cf ... (there are a few

Also, you can look for anti-rootkit and security stuff, for example:

/etc/rkhunter.conf
/etc/ossec-init.cnf
/etc/snort/rules/snort.conf
...

Startup scripts:

/etc/init.d/clamd
/etc/init.d/snortd
..


Good luck and happy pwning! :) 

2 comments:

  1. its nice post about the security thanks for providing such useful information actually there should be proper councling about the Security Course it provides a better security tricks along with to brighten someone's career.....

    ReplyDelete
  2. thanks for the input sesilia, i will post tips on how to brighten everyone's career on security and not just focus on the technical aspects from now on :)

    ReplyDelete

Certified Ethical Hacker Network Security Internet Security Computer Security Wireless Network Security