What to do once obtained

You might have reached some type of path traversal and be able to access files but what good is that for getting into the system?

List of files to check

• /etc/passwd

  • This is the first file and easiest to check since it probably won't have permission issues related with it

  • After being able to look at the valid users in the file, write them down and check their home directories for anything important if you can read it

• /home/$USER/.ssh/id_rsa

  • Check for ssh keys for valid users (id >= 1000)

  • If there are any readable private keys, save to a file and then you can do ssh -i privkey_file user@ip

• /etc/shadow

  • This is usually world unreadable but you never know who is the one configuring the servers

  • If you are able to read, grab the hashes and store in a file for possible cracking

Other things to check

• /proc/(pid)/cmdline

  • Enumerate the processes running on the system with burpsuite or some other software

  • There might be a useful suspicious command running that may help you get into the system