← Back to search

Test LFI and Path Traversal

reconchecklist

Summary

Look for users and try .ssh under /home/<USER>/.ssh/

Walkthrough

If LFI is suspected, traverse paths to read sensitive files such as SSH keys or /etc/passwd. A hit is file contents returned in the response instead of the normal page—enumerate usernames from /etc/passwd and target /home/<USER>/.ssh/.

Commands

bash

curl 'http://<IP>/page=../../../../home/<USER>/.ssh/id_rsa'