This is my problem with Path traversal on live sites is I never see file name. I see other points of entry I can fuzz or manually input but in the end I never see the root. What could I be doing wrong here ?
For this lab specifically Filename was just the name of the input, it could have been named literally anything. The purpose of path traversal is to find an endpoint that returns or has access to other files, it doesn't have to be named "Filename". For example, if you find an endpoint that takes in a parameter called "Test1234" and that parameter has access to files then thats a perfect place to start. A lot of vulnerabilities require pentesters to really know and understand the flow / logic of each endpoint. Additionally, if you are interested in finding files there are other tools that try and find "Hidden" files. One tool is Dirbuster, its a nice tool and you can fuzz by file extension which is helpful but this is different from path traversal. Hope I was helpful!
For the lab, you are only supposed to get to the /etc/passwd file and then it's considered complete. The /etc/passwd file contains passwords for every user that has access to that specific entity, but it's usually encrypted. Thats why you need to find the /etc/shadow file, which contains the passwords in a hashed format. Then when you have both the /etc/passwd AND /etc/shadow files you can use a tool like John the ripper to crack the passwords and get them in clear text.
![TEEDEE TADA - DIAMOND NARAKORN X LEGO LYKN [Special Dance Performance]](http://i.ytimg.com/vi/QgtZedFeumA/mqdefault.jpg)
This is my problem with Path traversal on live sites is I never see file name. I see other points of entry I can fuzz or manually input but in the end I never see the root. What could I be doing wrong here ?
For this lab specifically Filename was just the name of the input, it could have been named literally anything. The purpose of path traversal is to find an endpoint that returns or has access to other files, it doesn't have to be named "Filename". For example, if you find an endpoint that takes in a parameter called "Test1234" and that parameter has access to files then thats a perfect place to start. A lot of vulnerabilities require pentesters to really know and understand the flow / logic of each endpoint.
Additionally, if you are interested in finding files there are other tools that try and find "Hidden" files. One tool is Dirbuster, its a nice tool and you can fuzz by file extension which is helpful but this is different from path traversal.
Hope I was helpful!
@@M0ck3d Thank you I use very little scanners due to false positives I am trying to improve my manual testing this helps.
what to do after getting /etc/passwd file ?
For the lab, you are only supposed to get to the /etc/passwd file and then it's considered complete. The /etc/passwd file contains passwords for every user that has access to that specific entity, but it's usually encrypted. Thats why you need to find the /etc/shadow file, which contains the passwords in a hashed format. Then when you have both the /etc/passwd AND /etc/shadow files you can use a tool like John the ripper to crack the passwords and get them in clear text.
@@M0ck3d thank you. I needed to know this
No problem ! Happy to help!