|
| 1 | + |
1 | 2 | # Linux Blind Files |
2 | 3 |
|
3 | 4 | In some cases during exploitation you as an attacker gain the ability to read arbitrary files. As an attacker you need go-to files that cover as many different OS versions as possible in order to either confirm exploitation or gather intelligence on the exploited system. For this we use a "blind file". |
4 | 5 |
|
5 | 6 | The files below are things to pull when all you can do is to blindly read. Examples of vulnerabilities or situations where this would be helpful might be: local file includes (LFI), directory traversals or remote file share instances like SMB, FTP, NFS or otherwise. |
6 | 7 |
|
7 | | -## Examples |
8 | | - |
9 | | -### passwd |
10 | | -* **Files**: /etc/passwd |
11 | | -* **Description**: List of account names, groups, home directory, and shell (should be globally readable). |
12 | | - |
13 | | -### shadow |
14 | | -* **Files**: /etc/shadow |
15 | | -* **Description**: List of all user's password hashes (requires root). |
16 | | - |
17 | | -### resolv.conf |
18 | | -* **File**: /etc/resolv.conf |
19 | | -* **Description**: Contains the current name servers (DNS) for the system. This is a globally readable file that is less likely to trigger IDS alerts than /etc/passwd. |
20 | | - |
21 | | -### motd |
22 | | -* **File**: /etc/motd |
23 | | -* **Description**: Message of the Day. |
24 | | - |
25 | | -### issue |
26 | | -* **File**: /etc/issue |
27 | | -* **Description**: A message or system identification to be printed before the login prompt. |
28 | | - |
29 | | -### .bash_history |
30 | | -* **File**: /home/xxx/.bash_history |
31 | | -* **Description**: Shell history for user 'xxx' (requires valid user). |
32 | | - |
33 | | -### version |
34 | | -* **File**: /proc/version |
35 | | -* **Description**: Linux kernel version information. |
36 | | - |
| 8 | +| File | Description / Importance | |
| 9 | +| -------- | ------------------------ | |
| 10 | +| `/etc/issue` | A message or system identification to be printed before the login prompt. | |
| 11 | +| `/etc/motd` | Message of the day banner content. Can contain information about the system owners or use of the system. | |
| 12 | +| `/etc/passwd` | List of account names, groups, home directory, and shell (should be globally readable). | |
| 13 | +| `/etc/resolv.conf` | Contains the current name servers (DNS) for the system. This is a globally readable file that is less likely to trigger IDS alerts than `/etc/passwd`. | |
| 14 | +| `/etc/shadow` | List of all user's password hashes (requires root). | |
| 15 | +| `/home/[USERNAME]/.bash_history`<br>`~/.bash_history`<br>`/root/.bash_history` | Shell history for [USERNAME], the current user or root respectively. This file can contain passwords and other sensitive commands and content. | |
0 commit comments