内网渗透信息搜集骚姿势
微信公众号:渊龙Sec安全团队
为国之安全而奋斗,为信息安全而发声!
如有问题或建议,请在公众号后台留言
如果你觉得本文对你有帮助,欢迎在文章底部赞赏我们
0# 概述
哈哈,各位师傅好久不见啦,最近比较忙,抽空将本文写出来~
说到信息搜集,一般大家都会联想到Web外部打点的暴露面信息搜集。
但在内网渗透的过程中,信息搜集也是决定成败的决定性因素
特别是做持久化渗透中,对内网的信息搜集是尤其重要的,让我们来看看一些内网渗透之信息搜集骚姿势
1# 内网渗透信息搜集思路
因为是讲骚姿势,常规的查看系统信息之类的我就不写了,写写一些别人没写过的东西
内网渗透,主要分为三个阶段:权限提升、权限维持、横向移动
而三个阶段,所需要搜集的信息和作用各不相同,这里就大概列举一下:
1.1 权限提升阶段
权限提升阶段,信息搜集主要看以下几个内容:
-
本机系统版本
-
本机系统内核版本
-
本机系统出网情况
-
本机开启的服务和端口
-
本机系统环境变量
-
本机运行的应用和进程
-
本机计划任务内容
-
本机中间件环境利用
常见的骚思路:发现系统上安装的高权限服务-->查找配置文件或者命令行直接接管-->通过高权限服务进行提权。
1.2 权限维持阶段
权限维持阶段,信息搜集主要看以下几个内容:
-
本机系统内核版本
-
本机系统账号信息
-
本机系统用户组信息
-
本机系统出网情况
-
本机计划任务内容
-
本机运行的应用和进程
-
注册表信息利用(Windows)
-
WMI利用、映像劫持(Windows)
-
SSH后门利用(Linux)
-
本机中间件环境利用
常见的骚思路:上线免杀内存马和C2-->做进程迁移到系统进程-->同时运行一个潜伏C2进行维权;妥善利用常规的系统管理服务(如RDP/SSH/VNC)-->插入对应的影子账户和后门-->拿到机器的“合法”管理权限。
1.3 横向移动阶段
横向移动阶段,信息搜集主要看以下几个内容:
-
本机系统网卡信息
-
本机系统建立的网络连接
-
抓取本机系统账户对应的密码
-
本机服务和应用对应的密码
-
本机服务和应用的配置文件
-
对内网网段进行存活探测
-
对存活网段内机器进行端口探测和服务探测
-
抓取内网的流量(tcpdump抓包)
常见的骚思路:通过查看本机建立的网络连接(netstat -an)发现本机调用了内网其他机器的服务(如Redis)-->翻找本机上的配置文件或者命令行接管-->通过恶意利用内网其他机器上开放的服务(写入恶意SSH密钥等),成功横向。
2# 内网渗透信息搜集骚姿势
上面讲的都是大致骚思路,让我们看看具体的一些内网渗透之信息搜集骚姿势
2.1 针对文件内容的信息搜集
当对内网束手无策的时候,入口机器上面说不定藏着突破口,翻找本地的文件和建立的网络连接就是手法
这里也提供一个文件内容敏感词的字典,需要可以自己去整理,如下:
jdbc:
user=
password=
key=
ssh-
ldap:
mysqli_connect
sk-
通过快速遍历机器文件,去寻找这些关键词,可以找到突破口,这个代码我之前也分享给好几个朋友,在实战阶段效果不错,代码样例如下:
这是Python3的代码版本(支持Win和Linux)
#!/usr/bin/env python
# coding=utf-8
import os
import argparse
from tqdm import tqdm
def logo():
logo0 = r'''
_______ ______ _____ ____ __
/ ____(_)___ ____/ / __ \/ ___/ / __ \__ __/ /_
/ /_ / / __ \/ __ / / / /\__ \______/ / / / / / / __/
/ __/ / / / / / /_/ / /_/ /___/ /_____/ /_/ / /_/ / /_
/_/ /_/_/ /_/\__,_/\____//____/ \____/\__,_/\__/
'''
print(logo0)
def search_files(directory, extensions):
files = []
for root, _, filenames in os.walk(directory):
for filename in filenames:
for extension in extensions:
if filename.endswith(extension):
files.append(os.path.join(root, filename))
return files
def search_content(file_path, content):
matching_lines = []
try:
with open(file_path, 'r', encoding='utf-8', errors='ignore') as file:
for line_num, line in enumerate(file, 1):
try:
if content in line:
matching_lines.append((line_num, line))
except UnicodeDecodeError as e:
print(f"[-] Unicode decode error file {file_path}, line {line_num}: {e}")
print()
return matching_lines
except:
print(f"[-] Error file {file_path}")
print()
def write_to_file(output_file, file_path, matching_lines):
with open(output_file, 'a', encoding='utf-8') as f:
f.write(f"[+] File Path: {file_path}\n")
f.write(f"[=] Line Rows: {len(matching_lines)}\n")
for line_num, line in matching_lines:
f.write(f"[~] In Line {line_num}: {line.strip()}\n")
f.write("\n")
def main():
parser = argparse.ArgumentParser(description="FindOS-Out")
parser.add_argument("-n", "--name", help="Specify the suffix", required=True)
parser.add_argument("-c", "--content", help="Specify file content", required=True)
parser.add_argument("-o", "--output", help="Specify output file", default="findout.txt")
parser.add_argument("-d", "--directory", help="Target directory", default="./")
args = parser.parse_args()
directory = args.directory
extensions = args.name.split(',')
content = args.content
output_file = args.output
files = search_files(directory, extensions)
for file_path in tqdm(files, desc="Searching files", unit="file"):
matching_lines = search_content(file_path, content)
if matching_lines:
write_to_file(output_file, file_path, matching_lines)
if __name__ == "__main__":
logo()
print("[+] Runing Search..")
main()
print("[+] Out to findout.txt..")
这是Python2的代码版本(支持Win和Linux)
import os
import argparse
def logo():
logo0 = '''
_______ ______ _____ ____ __
/ ____(_)___ ____/ / __ \/ ___/ / __ \__ __/ /_
/ /_ / / __ \/ __ / / / /\__ \______/ / / / / / / __/
/ __/ / / / / / /_/ / /_/ /___/ /_____/ /_/ / /_/ / /_
/_/ /_/_/ /_/\__,_/\____//____/ \____/\__,_/\__/
'''
print(logo0)
def search_files(directory, extensions):
files = []
for root, _, filenames in os.walk(directory):
for filename in filenames:
for extension in extensions:
if filename.endswith(extension):
files.append(os.path.join(root, filename))
return files
def search_content(file_path, content):
matching_lines = []
try:
with open(file_path, 'r') as file:
for line_num, line in enumerate(file, 1):
try:
if content in line:
matching_lines.append((line_num, line))
except UnicodeDecodeError as e:
print("[-] Unicode decode error in file %s, line %d: %s" % (file_path, line_num, e))
return matching_lines
except:
print("[-] Error file %s" % (file_path))
def write_to_file(output_file, file_path, matching_lines):
with open(output_file, 'a') as f:
f.write("[+] File Path: %s\n" % file_path)
f.write("[=] Line Rows: %d\n" % len(matching_lines))
for line_num, line in matching_lines:
f.write("[~] In Line %d: %s\n" % (line_num, line.strip()))
f.write("\n")
def main():
parser = argparse.ArgumentParser(description="FindOS-Out")
parser.add_argument("-n", "--name", help="Specify the suffix", required=True)
parser.add_argument("-c", "--content", help="Specify file content", required=True)
parser.add_argument("-o", "--output", help="Specify output file", default="findout.txt")
parser.add_argument("-d", "--directory", help="Target directory", default="./")
args = parser.parse_args()
directory = args.directory
extensions = args.name.split(',')
content = args.content
output_file = args.output
files = search_files(directory, extensions)
for file_path in files:
matching_lines = search_content(file_path, content)
if matching_lines:
write_to_file(output_file, file_path, matching_lines)
if __name__ == "__main__":
logo()
print("[+] Runing Search..")
main()
print("[+] Out to findout.txt..")
怎么使用呢?如下:
python FindOS-Out.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql -d D:/
python FindOS-Out.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql -o output.txt -d /
为什么会采用Python进行编写呢?
因为DMZ的入口机器(通常是Linux服务器)都默认安装有Python3和Python2环境,我们可以直接利用环境来跑脚本,而且代码不需要额外的pip包,简单且报错少
2.2 针对数据库的信息搜集
当连上MySQL数据库的时候,要怎么快速确定包含user的字段在哪个库哪个表呢:
SELECT
TABLE_SCHEMA AS database_name,
TABLE_NAME AS table_name,
COLUMN_NAME AS column_name
FROM
INFORMATION_SCHEMA.COLUMNS
WHERE
COLUMN_NAME LIKE '%user%';
当连上Oracle数据库的时候,要怎么快速确定包含user的字段在哪个库哪个表呢:
SELECT
owner AS database_name,
table_name,
column_name
FROM
all_tab_columns
WHERE
column_name LIKE '%USER%'
ORDER BY
owner, table_name, column_name;
注意:Oracle数据库查询是区分大小写的,而MySQL数据库查询是不区分大小写的,注意查询Oracle数据库时候的大小写
2.3 针对Win的信息搜集
常规的那些命令我这里就不贴了哈,别人写的已经够清楚了
查看启动程序信息:
wmic startup get command,caption
查看连接过的Wifi名称:
netsh wlan show profiles
查看指定Wifi的密码:
netsh wlan show profile name="wifi名称" key=clear
远程桌面连接记录:
cmdkey /l
探测网段存活(Ping):
for /l %i in (1,1,255) do @ping 192.168.123.%i -w 1 -n 1|find /i "ttl="
关闭防火墙:
netsh firewall set opmode disable //Windows Server 2003 系统及之前的版本
netsh advfirewall set allprofiles state off //Windows Server 2003 系统及之后的版本
常见中间件及其配置目录(仅供参考):
中间件
目录1
目录2
MySQL
C:\ProgramData\MySQL\MySQL Server X.Y
C:\Program Files\MySQL\MySQL Server X.Y
SQL Server
C:\Program Files\Microsoft SQL Server\MSSQLXX.MSSQLSERVER\MSSQL
无
Oracle Database
C:\app\oracle\product\12.2.0\dbhome_1\database
无
PostgreSQL
C:\Program Files\PostgreSQL\XX\data
无
Redis
C:\Program Files\Redis
无
Apache
C:\Program Files\Apache Group\ApacheX.X\conf
C:\Program Files (x86)\Apache Software Foundation\ApacheX.X\conf
Nginx
C:\nginx\conf
C:\Program Files\Nginx\conf
Tomcat
C:\Program Files\Apache Software Foundation\TomcatX.X\conf
无
提权后,别忘了用户信息搜集:
C:\Users\XXX\Desktop //用户桌面内容
C:\Users\12816\Downloads //用户下载内容
C:\Users\12816\Documents //用户文档内容
C:\Users\12816\AppData\Local //用户软件信息【仅个人安装选项】
2.4 针对Linux的信息搜集
常规的那些命令我这里就不贴了哈,别人写的已经够清楚了
查看目前谁在登录,当前在干什么:
w
最后登录用户的列表:
last
查看用户敏感信息:
//列出所有的超级用户账户
grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1}'
//查看是否存在空口令用户
awk -F: 'length($2)==0 {print $1}' /etc/shadow
//查看远程登录的账号
awk '/\$1|\$6/{print $1}' /etc/shadow
查看其他用户的历史命令文件:
cat /home/user/.bash_history
cat /root/.bash_history
列出iptables的配置规则:
iptables -L
查找当前可读可写可执行的目录到res.txt:
find / -type d -perm /u=rwx -user $(whoami) > res.txt
搜索包含SSH密钥的文件(一般在 /home 下,但找不到可以全目录):
grep -ir "BEGIN DSA PRIVATE KEY" /home/*
grep -ir "BEGIN DSA PRIVATE KEY" /*
grep -ir "BEGIN RSA PRIVATE KEY" /home/*
grep -ir "BEGIN RSA PRIVATE KEY" /*
grep -ir "BEGIN OPENSSH PRIVATE KEY" /home/*
grep -ir "BEGIN OPENSSH PRIVATE KEY" /*
常见配置文件路径:
/apache/apache/conf/httpd.conf
/apache/apache2/conf/httpd.conf
/apache/php/php.ini
/bin/php.ini
/etc/apache/apache.conf
/etc/apache/httpd.conf
/etc/apache2/apache.conf
/etc/apache2/httpd.conf
/etc/apache2/sites-available/default
/etc/apache2/vhosts.d/00_default_vhost.conf
/etc/httpd/conf.d/httpd.conf
/etc/httpd/conf.d/php.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/php.ini
/etc/init.d/httpd
/etc/php.ini
/etc/php/apache/php.ini
/etc/php/apache2/php.ini
/etc/php/cgi/php.ini
/etc/php/php.ini
/etc/php/php4/php.ini
/etc/php4.4/fcgi/php.ini
/etc/php4/apache/php.ini
/etc/php4/apache2/php.ini
/etc/php4/cgi/php.ini
/etc/php5/apache/php.ini
/etc/php5/apache2/php.ini
/etc/php5/cgi/php.ini
/etc/phpmyadmin/config.inc.php
/home/apache/conf/httpd.conf
/home/apache2/conf/httpd.conf
/home/bin/stable/apache/php.ini
/home2/bin/stable/apache/php.ini
/NetServer/bin/stable/apache/php.ini
/opt/www/conf/httpd.conf
/opt/xampp/etc/php.ini
/PHP/php.ini
/php/php.ini
/php4/php.ini
/php5/php.ini
/usr/lib/php.ini
/etc/nginx/nginx.conf
/usr/lib/php/php.ini
/usr/local/apache/conf/httpd.conf
/usr/local/apache/conf/php.ini
/usr/local/apache2/conf/httpd.conf
/usr/local/apache2/conf/php.ini
/usr/local/etc/php.ini
/usr/local/httpd/conf/httpd.conf
/usr/local/lib/php.ini
/usr/local/php/lib/php.ini
/usr/local/php4/lib/php.ini
/usr/local/php4/lib/php.ini
/usr/local/php4/php.ini
/usr/local/php5/etc/php.ini
/usr/local/php5/lib/php.ini
/usr/local/php5/php5.ini
/usr/local/share/examples/php/php.ini
/usr/local/share/examples/php4/php.ini
/usr/local/Zend/etc/php.ini
/var/apache2/config.inc
/var/httpd/conf/httpd.conf
/var/httpd/conf/php.ini
/var/httpd/conf/php.ini
/var/local/www/conf/httpd.conf
/var/local/www/conf/php.ini
/var/www/conf/httpd.conf
/web/conf/php.ini
/www/conf/httpd.conf
/www/php/php.ini
/www/php4/php.ini
/www/php5/php.ini
/xampp/apache/bin/php.ini
/xampp/apache/conf/httpd.conf
常见数据库文件路径:
/etc/init.d/mysql
/etc/my.cnf
/etc/mysql/my.cnf
/etc/mysql/my.cnf
/var/lib/mysql/my.cnf
/var/lib/mysql/mysql/user.MYD
/usr/local/mysql/bin/mysql
/usr/local/mysql/my.cnf
/usr/share/mysql/my.cnf
2.5 敏感目录字典
我这里整理了一份敏感目录字典,感兴趣的师傅可以拿走:
[JBOSS]/server/default/conf/jboss-minimal.xml
[JBOSS]/server/default/conf/jboss-service.xml
[JBOSS]/server/default/conf/jndi.properties
[JBOSS]/server/default/conf/log4j.xml
[JBOSS]/server/default/conf/login-config.xml
[JBOSS]/server/default/conf/server.log.properties
[JBOSS]/server/default/conf/standardjaws.xml
[JBOSS]/server/default/conf/standardjboss.xml
[JBOSS]/server/default/deploy/jboss-logging.xml
[JBOSS]/server/default/log/boot.log
[JBOSS]/server/default/log/server.log
apache/conf/httpd.conf
apache/logs/access.log
apache/logs/error.log
apache/php/php.ini
apache2/logs/access.log
apache2/logs/error.log
bin/php.ini
boot.ini
boot/grub/grub.cfg
boot/grub/menu.lst
C:/Program Files/[JBOSS]/server/default/conf/jboss-minimal.xml
C:/Program Files/[JBOSS]/server/default/conf/jboss-service.xml
C:/Program Files/[JBOSS]/server/default/conf/jndi.properties
C:/Program Files/[JBOSS]/server/default/conf/log4j.xml
C:/Program Files/[JBOSS]/server/default/conf/login-config.xml
C:/Program Files/[JBOSS]/server/default/conf/server.log.properties
C:/Program Files/[JBOSS]/server/default/conf/standardjaws.xml
C:/Program Files/[JBOSS]/server/default/conf/standardjboss.xml
C:/Program Files/[JBOSS]/server/default/deploy/jboss-logging.xml
C:/Program Files/[JBOSS]/server/default/log/boot.log
C:/Program Files/[JBOSS]/server/default/log/server.log
C:/Program Files/Apache Group/Apache/apache.conf
C:/Program Files/Apache Group/Apache/apache2.conf
C:/Program Files/Apache Group/Apache/conf/apache.conf
C:/Program Files/Apache Group/Apache/conf/apache2.conf
C:/Program Files/Apache Group/Apache/conf/httpd.conf
C:/Program Files/Apache Group/Apache/logs/access.log
C:/Program Files/Apache Group/Apache/logs/error.log
C:/Program Files/Apache Group/Apache2/conf/apache.conf
C:/Program Files/Apache Group/Apache2/conf/apache2.conf
C:/Program Files/Apache Group/Apache2/conf/httpd.conf
C:/Program Files/Apache Software Foundation/Apache2.2/conf/httpd.conf
C:/Program Files/Apache Software Foundation/Apache2.2/logs/access.log
C:/Program Files/Apache Software Foundation/Apache2.2/logs/error.log
C:/Program Files/MySQL/data/{HOST}.err
C:/Program Files/MySQL/data/mysql.err
C:/Program Files/MySQL/data/mysql.log
C:/Program Files/MySQL/data/mysql-bin.index
C:/Program Files/MySQL/data/mysql-bin.log
C:/Program Files/MySQL/my.cnf
C:/Program Files/MySQL/my.ini
C:/Program Files/MySQL/MySQL Server 5.0/data/{HOST}.err
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql.err
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql.log
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql-bin.index
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql-bin.log
C:/Program Files/MySQL/MySQL Server 5.0/my.cnf
C:/Program Files/MySQL/MySQL Server 5.0/my.ini
C:/Program Files/PostgreSQL/8.3/data/pg_hba.conf
C:/Program Files/PostgreSQL/8.3/data/pg_ident.conf
C:/Program Files/PostgreSQL/8.3/data/postgresql.conf
C:/Program Files/PostgreSQL/8.4/data/pg_hba.conf
C:/Program Files/PostgreSQL/8.4/data/pg_ident.conf
C:/Program Files/PostgreSQL/8.4/data/postgresql.conf
C:/Program Files/PostgreSQL/9.0/data/pg_hba.conf
C:/Program Files/PostgreSQL/9.0/data/pg_ident.conf
C:/Program Files/PostgreSQL/9.0/data/postgresql.conf
C:/Program Files/PostgreSQL/9.1/data/pg_hba.conf
C:/Program Files/PostgreSQL/9.1/data/pg_ident.conf
C:/Program Files/PostgreSQL/9.1/data/postgresql.conf
C:/Program Files/Vidalia Bundle/Polipo/polipo.conf
C:/Program Files/xampp/apache/conf/apache.conf
C:/Program Files/xampp/apache/conf/apache2.conf
C:/Program Files/xampp/apache/conf/httpd.conf
etc/adduser.conf
etc/alias
etc/apache/access.conf
etc/apache/apache.conf
etc/apache/conf/httpd.conf
etc/apache/default-server.conf
etc/apache/httpd.conf
etc/apache2/apache.conf
etc/apache2/apache2.conf
etc/apache2/conf.d/charset
etc/apache2/conf.d/phpmyadmin.conf
etc/apache2/conf.d/security
etc/apache2/conf/httpd.conf
etc/apache2/default-server.conf
etc/apache2/envvars
etc/apache2/httpd.conf
etc/apache2/httpd2.conf
etc/apache2/mods-available/autoindex.conf
etc/apache2/mods-available/deflate.conf
etc/apache2/mods-available/dir.conf
etc/apache2/mods-available/mem_cache.conf
etc/apache2/mods-available/mime.conf
etc/apache2/mods-available/proxy.conf
etc/apache2/mods-available/setenvif.conf
etc/apache2/mods-available/ssl.conf
etc/apache2/mods-enabled/alias.conf
etc/apache2/mods-enabled/deflate.conf
etc/apache2/mods-enabled/dir.conf
etc/apache2/mods-enabled/mime.conf
etc/apache2/mods-enabled/negotiation.conf
etc/apache2/mods-enabled/php5.conf
etc/apache2/mods-enabled/status.conf
etc/apache2/ports.conf
etc/apache2/sites-available/default
etc/apache2/sites-available/default-ssl
etc/apache2/sites-enabled/000-default
etc/apache2/sites-enabled/default
etc/apache2/ssl-global.conf
etc/apache2/vhosts.d/00_default_vhost.conf
etc/apache2/vhosts.d/default_vhost.include
etc/apache22/conf/httpd.conf
etc/apache22/httpd.conf
etc/apt/apt.conf
etc/avahi/avahi-daemon.conf
etc/bash.bashrc
etc/bash_completion.d/debconf
etc/bluetooth/input.conf
etc/bluetooth/main.conf
etc/bluetooth/network.conf
etc/bluetooth/rfcomm.conf
etc/ca-certificates.conf
etc/ca-certificates.conf.dpkg-old
etc/casper.conf
etc/chkrootkit.conf
etc/chrootUsers
etc/clamav/clamd.conf
etc/clamav/freshclam.conf
etc/crontab
etc/crypttab
etc/cups/acroread.conf
etc/cups/cupsd.conf
etc/cups/cupsd.conf.default
etc/cups/pdftops.conf
etc/cups/printers.conf
etc/cvs-cron.conf
etc/cvs-pserver.conf
etc/debconf.conf
etc/debian_version
etc/default/grub
etc/deluser.conf
etc/dhcp/dhclient.conf
etc/dhcp3/dhclient.conf
etc/dhcp3/dhcpd.conf
etc/dns2tcpd.conf
etc/e2fsck.conf
etc/esound/esd.conf
etc/etter.conf
etc/exports
etc/fedora-release
etc/firewall.rules
etc/foremost.conf
etc/fstab
etc/ftpchroot
etc/ftphosts
etc/ftpusers
etc/fuse.conf
etc/group
etc/group-
etc/hdparm.conf
etc/host.conf
etc/hostname
etc/hosts
etc/hosts.allow
etc/hosts.deny
etc/http/conf/httpd.conf
etc/http/httpd.conf
etc/httpd.conf
etc/httpd/apache.conf
etc/httpd/apache2.conf
etc/httpd/conf
etc/httpd/conf.d
etc/httpd/conf.d/php.conf
etc/httpd/conf.d/squirrelmail.conf
etc/httpd/conf/apache.conf
etc/httpd/conf/apache2.conf
etc/httpd/conf/httpd.conf
etc/httpd/extra/httpd-ssl.conf
etc/httpd/httpd.conf
etc/httpd/logs/access.log
etc/httpd/logs/access_log
etc/httpd/logs/error.log
etc/httpd/logs/error_log
etc/httpd/mod_php.conf
etc/httpd/php.ini
etc/inetd.conf
etc/init.d
etc/inittab
etc/ipfw.conf
etc/ipfw.rules
etc/issue
etc/issue.net
etc/kbd/config
etc/kernel-img.conf
etc/kernel-pkg.conf
etc/ld.so.conf
etc/ldap/ldap.conf
etc/lighttpd/lighthttpd.conf
etc/login.defs
etc/logrotate.conf
etc/logrotate.d/ftp
etc/logrotate.d/proftpd
etc/logrotate.d/vsftpd.log
etc/ltrace.conf
etc/mail/sendmail.conf
etc/mandrake-release
etc/manpath.config
etc/miredo.conf
etc/miredo/miredo.conf
etc/miredo/miredo-server.conf
etc/miredo-server.conf
etc/modprobe.d/vmware-tools.conf
etc/modules
etc/mono/1.0/machine.config
etc/mono/2.0/machine.config
etc/mono/2.0/web.config
etc/mono/config
etc/motd
etc/mtab
etc/mtools.conf
etc/muddleftpd.com
etc/muddleftpd/muddleftpd.conf
etc/muddleftpd/muddleftpd.passwd
etc/muddleftpd/mudlog
etc/muddleftpd/mudlogd.conf
etc/muddleftpd/passwd
etc/my.cnf
etc/mysql/conf.d/old_passwords.cnf
etc/mysql/my.cnf
etc/networks
etc/newsyslog.conf
etc/nginx/nginx.conf
etc/openldap/ldap.conf
etc/os-release
etc/osxhttpd/osxhttpd.conf
etc/pam.conf
etc/pam.d/proftpd
etc/passwd
etc/passwd-
etc/passwd~
etc/password.master
etc/php.ini
etc/php/apache/php.ini
etc/php/apache2/php.ini
etc/php/cgi/php.ini
etc/php/php.ini
etc/php/php4/php.ini
etc/php4.4/fcgi/php.ini
etc/php4/apache/php.ini
etc/php4/apache2/php.ini
etc/php4/cgi/php.ini
etc/php5/apache/php.ini
etc/php5/apache2/php.ini
etc/php5/cgi/php.ini
etc/phpmyadmin/config.inc.php
etc/postgresql/pg_hba.conf
etc/postgresql/postgresql.conf
etc/profile
etc/proftp.conf
etc/proftpd/modules.conf
etc/protpd/proftpd.conf
etc/pulse/client.conf
etc/pure-ftpd.conf
etc/pureftpd.passwd
etc/pureftpd.pdb
etc/pure-ftpd/pure-ftpd.conf
etc/pure-ftpd/pureftpd.pdb
etc/pure-ftpd/pure-ftpd.pdb
etc/rc.conf
etc/rc.d/rc.httpd
etc/redhat-release
etc/resolv.conf
etc/resolvconf/update-libc.d/sendmail
etc/samba/dhcp.conf
etc/samba/netlogon
etc/samba/private/smbpasswd
etc/samba/samba.conf
etc/samba/smb.conf
etc/samba/smb.conf.user
etc/samba/smbpasswd
etc/samba/smbusers
etc/security/access.conf
etc/security/environ
etc/security/failedlogin
etc/security/group
etc/security/group.conf
etc/security/lastlog
etc/security/limits
etc/security/limits.conf
etc/security/namespace.conf
etc/security/opasswd
etc/security/pam_env.conf
etc/security/passwd
etc/security/sepermit.conf
etc/security/time.conf
etc/security/user
etc/sensors.conf
etc/sensors3.conf
etc/shadow
etc/shadow-
etc/shadow~
etc/slackware-release
etc/smb.conf
etc/smbpasswd
etc/smi.conf
etc/squirrelmail/apache.conf
etc/squirrelmail/config.php
etc/squirrelmail/config/config.php
etc/squirrelmail/config_default.php
etc/squirrelmail/config_local.php
etc/squirrelmail/default_pref
etc/squirrelmail/filters_setup.php
etc/squirrelmail/index.php
etc/squirrelmail/sqspell_config.php
etc/ssh/sshd_config
etc/sso/sso_config.ini
etc/stunnel/stunnel.conf
etc/subversion/config
etc/sudoers
etc/SUSE-release
etc/sw-cp-server/applications.d/00-sso-cpserver.conf
etc/sw-cp-server/applications.d/plesk.conf
etc/sysconfig/network-scripts/ifcfg-eth0
etc/sysctl.conf
etc/sysctl.d/10-console-messages.conf
etc/sysctl.d/10-network-security.conf
etc/sysctl.d/10-process-security.conf
etc/sysctl.d/wine.sysctl.conf
etc/syslog.conf
etc/timezone
etc/tinyproxy/tinyproxy.conf
etc/tor/tor-tsocks.conf
etc/tsocks.conf
etc/updatedb.conf
etc/updatedb.conf.BeforeVMwareToolsInstall
etc/utmp
etc/vhcs2/proftpd/proftpd.conf
etc/vmware-tools/config
etc/vmware-tools/tpvmlp.conf
etc/vmware-tools/vmware-tools-libraries.conf
etc/vsftpd.chroot_list
etc/vsftpd.conf
etc/vsftpd/vsftpd.conf
etc/webmin/miniserv.conf
etc/webmin/miniserv.users
etc/wicd/dhclient.conf.template.default
etc/wicd/manager-settings.conf
etc/wicd/wired-settings.conf
etc/wicd/wireless-settings.conf
etc/wu-ftpd/ftpaccess
etc/wu-ftpd/ftphosts
etc/wu-ftpd/ftpusers
etc/X11/xorg.conf
etc/X11/xorg.conf.BeforeVMwareToolsInstall
etc/X11/xorg.conf.orig
etc/X11/xorg.conf-vesa
etc/X11/xorg.conf-vmware
home/bin/stable/apache/php.ini
home/postgres/data/pg_hba.conf
home/postgres/data/pg_ident.conf
home/postgres/data/PG_VERSION
home/postgres/data/postgresql.conf
home/user/lighttpd/lighttpd.conf
home2/bin/stable/apache/php.ini
http/httpd.conf
Library/WebServer/Documents/.htaccess
Library/WebServer/Documents/default.htm
Library/WebServer/Documents/default.html
Library/WebServer/Documents/default.php
Library/WebServer/Documents/index.htm
Library/WebServer/Documents/index.html
Library/WebServer/Documents/index.php
logs/access.log
logs/access_log
logs/error.log
logs/error_log
logs/pure-ftpd.log
logs/security_debug_log
logs/security_log
mysql/bin/my.ini
MySQL/data/mysql.err
MySQL/data/mysql.log
MySQL/data/mysql-bin.index
MySQL/data/mysql-bin.log
MySQL/my.cnf
MySQL/my.ini
NetServer/bin/stable/apache/php.ini
opt/[JBOSS]/server/default/conf/jboss-minimal.xml
opt/[JBOSS]/server/default/conf/jboss-service.xml
opt/[JBOSS]/server/default/conf/jndi.properties
opt/[JBOSS]/server/default/conf/log4j.xml
opt/[JBOSS]/server/default/conf/login-config.xml
opt/[JBOSS]/server/default/conf/server.log.properties
opt/[JBOSS]/server/default/conf/standardjaws.xml
opt/[JBOSS]/server/default/conf/standardjboss.xml
opt/[JBOSS]/server/default/deploy/jboss-logging.xml
opt/[JBOSS]/server/default/log/boot.log
opt/[JBOSS]/server/default/log/server.log
opt/apache/apache.conf
opt/apache/apache2.conf
opt/apache/conf/apache.conf
opt/apache/conf/apache2.conf
opt/apache/conf/httpd.conf
opt/apache2/apache.conf
opt/apache2/apache2.conf
opt/apache2/conf/apache.conf
opt/apache2/conf/apache2.conf
opt/apache2/conf/httpd.conf
opt/apache22/conf/httpd.conf
opt/httpd/apache.conf
opt/httpd/apache2.conf
opt/httpd/conf/apache.conf
opt/httpd/conf/apache2.conf
opt/lampp/etc/httpd.conf
opt/lampp/logs/access.log
opt/lampp/logs/access_log
opt/lampp/logs/error.log
opt/lampp/logs/error_log
opt/lsws/conf/httpd_conf.xml
opt/lsws/logs/access.log
opt/lsws/logs/error.log
opt/tomcat/logs/catalina.err
opt/tomcat/logs/catalina.out
opt/xampp/etc/php.ini
opt/xampp/logs/access.log
opt/xampp/logs/access_log
opt/xampp/logs/error.log
opt/xampp/logs/error_log
php/php.ini
PHP/php.ini
php4/php.ini
php5/php.ini
PostgreSQL/log/pgadmin.log
private/etc/httpd/apache.conf
private/etc/httpd/apache2.conf
private/etc/httpd/httpd.conf
private/etc/httpd/httpd.conf.default
private/etc/squirrelmail/config/config.php
private/tmp/[JBOSS]/server/default/conf/jboss-minimal.xml
private/tmp/[JBOSS]/server/default/conf/jboss-service.xml
private/tmp/[JBOSS]/server/default/conf/jndi.properties
private/tmp/[JBOSS]/server/default/conf/log4j.xml
private/tmp/[JBOSS]/server/default/conf/login-config.xml
private/tmp/[JBOSS]/server/default/conf/server.log.properties
private/tmp/[JBOSS]/server/default/conf/standardjaws.xml
private/tmp/[JBOSS]/server/default/conf/standardjboss.xml
private/tmp/[JBOSS]/server/default/deploy/jboss-logging.xml
private/tmp/[JBOSS]/server/default/log/boot.log
private/tmp/[JBOSS]/server/default/log/server.log
proc/cpuinfo
proc/devices
proc/meminfo
proc/net/tcp
proc/net/udp
proc/self/cmdline
proc/self/environ
proc/self/fd/0
proc/self/fd/1
proc/self/fd/10
proc/self/fd/11
proc/self/fd/12
proc/self/fd/13
proc/self/fd/14
proc/self/fd/15
proc/self/fd/2
proc/self/fd/3
proc/self/fd/4
proc/self/fd/5
proc/self/fd/6
proc/self/fd/7
proc/self/fd/8
proc/self/fd/9
proc/self/mounts
proc/self/stat
proc/self/status
proc/version
root/.bash_config
root/.bash_history
root/.bash_logout
root/.bashrc
root/.ksh_history
root/.Xauthority
srv/www/htdos/squirrelmail/config/config.php
System/Library/WebObjects/Adaptors/Apache2.2/apache.conf
tmp/[JBOSS]/server/default/conf/jboss-minimal.xml
tmp/[JBOSS]/server/default/conf/jboss-service.xml
tmp/[JBOSS]/server/default/conf/jndi.properties
tmp/[JBOSS]/server/default/conf/log4j.xml
tmp/[JBOSS]/server/default/conf/login-config.xml
tmp/[JBOSS]/server/default/conf/server.log.properties
tmp/[JBOSS]/server/default/conf/standardjaws.xml
tmp/[JBOSS]/server/default/conf/standardjboss.xml
tmp/[JBOSS]/server/default/deploy/jboss-logging.xml
tmp/[JBOSS]/server/default/log/boot.log
tmp/[JBOSS]/server/default/log/server.log
tmp/access.log
usr/apache/conf/httpd.conf
usr/apache2/conf/httpd.conf
usr/etc/pure-ftpd.conf
usr/home/user/lighttpd/lighttpd.conf
usr/home/user/var/log/apache.log
usr/home/user/var/log/lighttpd.error.log
usr/internet/pgsql/data/pg_hba.conf
usr/internet/pgsql/data/postmaster.log
usr/lib/cron/log
usr/lib/php.ini
usr/lib/php/php.ini
usr/lib/security/mkuser.default
usr/local/[JBOSS]/server/default/conf/jboss-minimal.xml
usr/local/[JBOSS]/server/default/conf/jboss-service.xml
usr/local/[JBOSS]/server/default/conf/jndi.properties
usr/local/[JBOSS]/server/default/conf/log4j.xml
usr/local/[JBOSS]/server/default/conf/login-config.xml
usr/local/[JBOSS]/server/default/conf/server.log.properties
usr/local/[JBOSS]/server/default/conf/standardjaws.xml
usr/local/[JBOSS]/server/default/conf/standardjboss.xml
usr/local/[JBOSS]/server/default/deploy/jboss-logging.xml
usr/local/[JBOSS]/server/default/log/boot.log
usr/local/[JBOSS]/server/default/log/server.log
usr/local/apache/apache.conf
usr/local/apache/apache2.conf
usr/local/apache/conf/access.conf
usr/local/apache/conf/apache.conf
usr/local/apache/conf/apache2.conf
usr/local/apache/conf/httpd.conf
usr/local/apache/conf/httpd.conf.default
usr/local/apache/conf/modsec.conf
usr/local/apache/conf/php.ini
usr/local/apache/conf/vhosts.conf
usr/local/apache/conf/vhosts-custom.conf
usr/local/apache/httpd.conf
usr/local/apache/logs/access.log
usr/local/apache/logs/access_log
usr/local/apache/logs/audit_log
usr/local/apache/logs/error.log
usr/local/apache/logs/error_log
usr/local/apache/logs/lighttpd.error.log
usr/local/apache/logs/lighttpd.log
usr/local/apache/logs/mod_jk.log
usr/local/apache1.3/conf/httpd.conf
usr/local/apache2/apache.conf
usr/local/apache2/apache2.conf
usr/local/apache2/conf/apache.conf
usr/local/apache2/conf/apache2.conf
usr/local/apache2/conf/extra/httpd-ssl.conf
usr/local/apache2/conf/httpd.conf
usr/local/apache2/conf/modsec.conf
usr/local/apache2/conf/ssl.conf
usr/local/apache2/conf/vhosts.conf
usr/local/apache2/conf/vhosts-custom.conf
usr/local/apache2/httpd.conf
usr/local/apache2/logs/access.log
usr/local/apache2/logs/access_log
usr/local/apache2/logs/audit_log
usr/local/apache2/logs/error.log
usr/local/apache2/logs/error_log
usr/local/apache2/logs/lighttpd.error.log
usr/local/apache2/logs/lighttpd.log
usr/local/apache22/conf/httpd.conf
usr/local/apache22/httpd.conf
usr/local/apps/apache/conf/httpd.conf
usr/local/apps/apache2/conf/httpd.conf
usr/local/apps/apache22/conf/httpd.conf
usr/local/cpanel/logs/access_log
usr/local/cpanel/logs/error_log
usr/local/cpanel/logs/license_log
usr/local/cpanel/logs/login_log
usr/local/cpanel/logs/stats_log
usr/local/etc/apache/conf/httpd.conf
usr/local/etc/apache/httpd.conf
usr/local/etc/apache/vhosts.conf
usr/local/etc/apache2/conf/httpd.conf
usr/local/etc/apache2/httpd.conf
usr/local/etc/apache2/vhosts.conf
usr/local/etc/apache22/conf/httpd.conf
usr/local/etc/apache22/httpd.conf
usr/local/etc/httpd/conf
usr/local/etc/httpd/conf/httpd.conf
usr/local/etc/lighttpd.conf
usr/local/etc/lighttpd.conf.new
usr/local/etc/nginx/nginx.conf
usr/local/etc/php.ini
usr/local/etc/pure-ftpd.conf
usr/local/etc/pureftpd.pdb
usr/local/etc/smb.conf
usr/local/etc/webmin/miniserv.conf
usr/local/etc/webmin/miniserv.users
usr/local/httpd/conf/httpd.conf
usr/local/jakarta/dist/tomcat/conf/context.xml
usr/local/jakarta/dist/tomcat/conf/jakarta.conf
usr/local/jakarta/dist/tomcat/conf/logging.properties
usr/local/jakarta/dist/tomcat/conf/server.xml
usr/local/jakarta/dist/tomcat/conf/workers.properties
usr/local/jakarta/dist/tomcat/logs/mod_jk.log
usr/local/jakarta/tomcat/conf/context.xml
usr/local/jakarta/tomcat/conf/jakarta.conf
usr/local/jakarta/tomcat/conf/logging.properties
usr/local/jakarta/tomcat/conf/server.xml
usr/local/jakarta/tomcat/conf/workers.properties
usr/local/jakarta/tomcat/logs/catalina.err
usr/local/jakarta/tomcat/logs/catalina.out
usr/local/jakarta/tomcat/logs/mod_jk.log
usr/local/lib/php.ini
usr/local/lighttpd/conf/lighttpd.conf
usr/local/lighttpd/log/access.log
usr/local/lighttpd/log/lighttpd.error.log
usr/local/logs/access.log
usr/local/logs/samba.log
usr/local/lsws/conf/httpd_conf.xml
usr/local/lsws/logs/error.log
usr/local/mysql/data/{HOST}.err
usr/local/mysql/data/mysql.err
usr/local/mysql/data/mysql.log
usr/local/mysql/data/mysql-bin.index
usr/local/mysql/data/mysql-bin.log
usr/local/mysql/data/mysqlderror.log
usr/local/mysql/data/mysql-slow.log
usr/local/nginx/conf/nginx.conf
usr/local/pgsql/bin/pg_passwd
usr/local/pgsql/data/passwd
usr/local/pgsql/data/pg_hba.conf
usr/local/pgsql/data/pg_log
usr/local/pgsql/data/postgresql.conf
usr/local/pgsql/data/postgresql.log
usr/local/php/apache.conf
usr/local/php/apache.conf.php
usr/local/php/apache2.conf
usr/local/php/apache2.conf.php
usr/local/php/httpd.conf
usr/local/php/httpd.conf.php
usr/local/php/lib/php.ini
usr/local/php4/apache.conf
usr/local/php4/apache.conf.php
usr/local/php4/apache2.conf
usr/local/php4/apache2.conf.php
usr/local/php4/httpd.conf
usr/local/php4/httpd.conf.php
usr/local/php4/lib/php.ini
usr/local/php5/apache.conf
usr/local/php5/apache.conf.php
usr/local/php5/apache2.conf
usr/local/php5/apache2.conf.php
usr/local/php5/httpd.conf
usr/local/php5/httpd.conf.php
usr/local/php5/lib/php.ini
usr/local/psa/admin/conf/php.ini
usr/local/psa/admin/conf/site_isolation_settings.ini
usr/local/psa/admin/htdocs/domains/databases/phpMyAdmin/libraries/config.default.php
usr/local/psa/admin/logs/httpsd_access_log
usr/local/psa/admin/logs/panel.log
usr/local/pureftpd/etc/pure-ftpd.conf
usr/local/pureftpd/etc/pureftpd.pdb
usr/local/pureftpd/sbin/pure-config.pl
usr/local/samba/lib/log.user
usr/local/samba/lib/smb.conf.user
usr/local/sb/config
usr/local/squirrelmail/www/README
usr/local/Zend/etc/php.ini
usr/local/zeus/web/global.cfg
usr/local/zeus/web/log/errors
usr/pkg/etc/httpd/httpd.conf
usr/pkg/etc/httpd/httpd-default.conf
usr/pkg/etc/httpd/httpd-vhosts.conf
usr/pkgsrc/net/pureftpd/pure-ftpd.conf
usr/pkgsrc/net/pureftpd/pureftpd.passwd
usr/pkgsrc/net/pureftpd/pureftpd.pdb
usr/ports/contrib/pure-ftpd/pure-ftpd.conf
usr/ports/contrib/pure-ftpd/pureftpd.passwd
usr/ports/contrib/pure-ftpd/pureftpd.pdb
usr/ports/ftp/pure-ftpd/pure-ftpd.conf
usr/ports/ftp/pure-ftpd/pureftpd.passwd
usr/ports/ftp/pure-ftpd/pureftpd.pdb
usr/ports/net/pure-ftpd/pure-ftpd.conf
usr/ports/net/pure-ftpd/pureftpd.passwd
usr/ports/net/pure-ftpd/pureftpd.pdb
usr/sbin/mudlogd
usr/sbin/mudpasswd
usr/sbin/pure-config.pl
usr/share/adduser/adduser.conf
usr/share/logs/catalina.err
usr/share/logs/catalina.out
usr/share/squirrelmail/config/config.php
usr/share/squirrelmail/plugins/squirrel_logger/setup.php
usr/share/tomcat/logs/catalina.err
usr/share/tomcat/logs/catalina.out
usr/share/tomcat6/conf/context.xml
usr/share/tomcat6/conf/logging.properties
usr/share/tomcat6/conf/server.xml
usr/share/tomcat6/conf/workers.properties
usr/share/tomcat6/logs/catalina.err
usr/share/tomcat6/logs/catalina.out
usr/spool/lp/log
usr/spool/mqueue/syslog
var/adm/acct/sum/loginlog
var/adm/aculog
var/adm/aculogs
var/adm/crash/unix
var/adm/crash/vmcore
var/adm/cron/log
var/adm/dtmp
var/adm/lastlog/username
var/adm/log/asppp.log
var/adm/log/xferlog
var/adm/loginlog
var/adm/lp/lpd-errs
var/adm/messages
var/adm/pacct
var/adm/qacct
var/adm/ras/bootlog
var/adm/ras/errlog
var/adm/sulog
var/adm/SYSLOG
var/adm/utmp
var/adm/utmpx
var/adm/vold.log
var/adm/wtmp
var/adm/wtmpx
var/adm/X0msgs
var/apache/conf/httpd.conf
var/cpanel/cpanel.config
var/cpanel/tomcat.options
var/cron/log
var/data/mysql-bin.index
var/lib/mysql/my.cnf
var/lib/pgsql/data/postgresql.conf
var/lib/squirrelmail/prefs/squirrelmail.log
var/lighttpd.log
var/local/www/conf/php.ini
var/log/access.log
var/log/access_log
var/log/apache/access.log
var/log/apache/access_log
var/log/apache/error.log
var/log/apache/error_log
var/log/apache2/access.log
var/log/apache2/access_log
var/log/apache2/error.log
var/log/apache2/error_log
var/log/apache2/squirrelmail.err.log
var/log/apache2/squirrelmail.log
var/log/auth.log
var/log/authlog
var/log/boot.log
var/log/cron/var/log/postgres.log
var/log/daemon.log
var/log/daemon.log.1
var/log/data/mysql-bin.index
var/log/error.log
var/log/error_log
var/log/exim/mainlog
var/log/exim/paniclog
var/log/exim/rejectlog
var/log/exim_mainlog
var/log/exim_paniclog
var/log/exim_rejectlog
var/log/ftplog
var/log/ftp-proxy
var/log/ftp-proxy/ftp-proxy.log
var/log/httpd/access.log
var/log/httpd/access_log
var/log/httpd/error.log
var/log/httpd/error_log
var/log/ipfw
var/log/ipfw.log
var/log/ipfw.today
var/log/ipfw/ipfw.log
var/log/kern.log
var/log/kern.log.1
var/log/lighttpd.access.log
var/log/lighttpd.error.log
var/log/lighttpd/
var/log/lighttpd/{DOMAIN}/access.log
var/log/lighttpd/{DOMAIN}/error.log
var/log/lighttpd/access.log
var/log/lighttpd/access.www.log
var/log/lighttpd/error.log
var/log/lighttpd/error.www.log
var/log/log.smb
var/log/mail.err
var/log/mail.info
var/log/mail.log
var/log/mail.log
var/log/mail.warn
var/log/maillog
var/log/messages
var/log/messages.1
var/log/muddleftpd
var/log/muddleftpd.conf
var/log/mysql.err
var/log/mysql.log
var/log/mysql/data/mysql-bin.index
var/log/mysql/mysql.log
var/log/mysql/mysql-bin.index
var/log/mysql/mysql-bin.log
var/log/mysql/mysql-slow.log
var/log/mysql-bin.index
var/log/mysqlderror.log
var/log/news.all
var/log/news/news.all
var/log/news/news.crit
var/log/news/news.err
var/log/news/news.notice
var/log/news/suck.err
var/log/news/suck.notice
var/log/nginx.access_log
var/log/nginx.error_log
var/log/nginx/access.log
var/log/nginx/access_log
var/log/nginx/error.log
var/log/nginx/error_log
var/log/pgsql/pgsql.log
var/log/pgsql_log
var/log/pgsql8.log
var/log/pm-powersave.log
var/log/POPlog
var/log/postgres/pg_backup.log
var/log/postgres/postgres.log
var/log/postgresql.log
var/log/postgresql/main.log
var/log/postgresql/postgres.log
var/log/postgresql/postgresql.log
var/log/postgresql/postgresql-8.1-main.log
var/log/postgresql/postgresql-8.3-main.log
var/log/postgresql/postgresql-8.4-main.log
var/log/postgresql/postgresql-9.0-main.log
var/log/postgresql/postgresql-9.1-main.log
var/log/proftpd
var/log/proftpd.access_log
var/log/proftpd.xferlog
var/log/proftpd/xferlog.legacy
var/log/pureftpd.log
var/log/pure-ftpd/pure-ftpd.log
var/log/samba.log
var/log/samba.log1
var/log/samba.log2
var/log/samba/log.nmbd
var/log/samba/log.smbd
var/log/squirrelmail.log
var/log/sso/sso.log
var/log/sw-cp-server/error_log
var/log/syslog
var/log/syslog.1
var/log/tomcat6/catalina.out
var/log/ufw.log
var/log/user.log
var/log/user.log.1
var/log/vmware/hostd.log
var/log/vmware/hostd-1.log
var/log/vsftpd.log
var/log/webmin/miniserv.log
var/log/xferlog
var/log/Xorg.0.log
var/logs/access.log
var/lp/logs/lpNet
var/lp/logs/lpsched
var/lp/logs/requests
var/mysql.log
var/mysql-bin.index
var/nm2/postgresql.conf
var/postgresql/db/postgresql.conf
var/postgresql/log/postgresql.log
var/saf/_log
var/saf/port/log
var/www/.lighttpdpassword
var/www/conf
var/www/conf/httpd.conf
var/www/html/squirrelmail/config/config.php
var/www/html/squirrelmail-1.2.9/config/config.php
var/www/logs/access.log
var/www/logs/access_log
var/www/logs/error.log
var/www/logs/error_log
var/www/squirrelmail/config/config.php
Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf
Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf
Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf
Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php
Volumes/Macintosh_HD1/usr/local/php/lib/php.ini
Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php
Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php
Volumes/webBackup/opt/apache2/conf/httpd.conf
Volumes/webBackup/private/etc/httpd/httpd.conf
Volumes/webBackup/private/etc/httpd/httpd.conf.default
wamp/bin/apache/apache2.2.21/conf/httpd.conf
wamp/bin/apache/apache2.2.21/logs/access.log
wamp/bin/apache/apache2.2.21/logs/error.log
wamp/bin/apache/apache2.2.21/wampserver.conf
wamp/bin/apache/apache2.2.22/conf/httpd.conf
wamp/bin/apache/apache2.2.22/conf/wampserver.conf
wamp/bin/apache/apache2.2.22/logs/access.log
wamp/bin/apache/apache2.2.22/logs/error.log
wamp/bin/apache/apache2.2.22/wampserver.conf
wamp/bin/mysql/mysql5.5.16/data/mysql-bin.index
wamp/bin/mysql/mysql5.5.16/my.ini
wamp/bin/mysql/mysql5.5.16/wampserver.conf
wamp/bin/mysql/mysql5.5.24/data/mysql-bin.index
wamp/bin/mysql/mysql5.5.24/my.ini
wamp/bin/mysql/mysql5.5.24/wampserver.conf
wamp/bin/php/php5.3.8/php.ini
wamp/bin/php/php5.4.3/php.ini
wamp/logs/access.log
wamp/logs/apache_error.log
wamp/logs/genquery.log
wamp/logs/mysql.log
wamp/logs/slowquery.log
web/conf/php.ini
WINDOWS/comsetup.log
WINDOWS/Debug/NetSetup.LOG
WINDOWS/ODBC.INI
WINDOWS/php.ini
WINDOWS/repair/setup.log
WINDOWS/setupact.log
WINDOWS/setupapi.log
WINDOWS/setuperr.log
WINDOWS/system32/drivers/etc/hosts
WINDOWS/system32/drivers/etc/lmhosts.sam
WINDOWS/system32/drivers/etc/networks
WINDOWS/system32/drivers/etc/protocol
WINDOWS/system32/drivers/etc/services
WINDOWS/system32/logfiles/Firewall/pfirewall.log
WINDOWS/system32/logfiles/Firewall/pfirewall.log.old
WINDOWS/system32/logfiles/MSFTPSVC
WINDOWS/system32/logfiles/MSFTPSVC1
WINDOWS/system32/logfiles/MSFTPSVC2
WINDOWS/system32/logfiles/SMTPSVC
WINDOWS/system32/logfiles/SMTPSVC1
WINDOWS/system32/logfiles/SMTPSVC2
WINDOWS/system32/logfiles/SMTPSVC3
WINDOWS/system32/logfiles/SMTPSVC4
WINDOWS/system32/logfiles/SMTPSVC5
WINDOWS/system32/logfiles/W3SVC/inetsvn1.log
WINDOWS/system32/logfiles/W3SVC1/inetsvn1.log
WINDOWS/system32/logfiles/W3SVC2/inetsvn1.log
WINDOWS/system32/logfiles/W3SVC3/inetsvn1.log
WINDOWS/system32/Macromed/Flash/FlashInstall.log
WINDOWS/system32/Macromed/Flash/install.log
WINDOWS/updspapi.log
WINDOWS/WindowsUpdate.log
WINDOWS/wmsetup.log
WINNT/php.ini
WINNT/system32/logfiles/Firewall/pfirewall.log
WINNT/system32/logfiles/Firewall/pfirewall.log.old
WINNT/system32/logfiles/MSFTPSVC
WINNT/system32/logfiles/MSFTPSVC1
WINNT/system32/logfiles/MSFTPSVC2
WINNT/system32/logfiles/SMTPSVC
WINNT/system32/logfiles/SMTPSVC1
WINNT/system32/logfiles/SMTPSVC2
WINNT/system32/logfiles/SMTPSVC3
WINNT/system32/logfiles/SMTPSVC4
WINNT/system32/logfiles/SMTPSVC5
WINNT/system32/logfiles/W3SVC/inetsvn1.log
WINNT/system32/logfiles/W3SVC1/inetsvn1.log
WINNT/system32/logfiles/W3SVC2/inetsvn1.log
WINNT/system32/logfiles/W3SVC3/inetsvn1.log
www/apache/conf/httpd.conf
www/conf/httpd.conf
www/logs/freebsddiary-access_log
www/logs/freebsddiary-error.log
www/logs/proftpd.system.log
xampp/apache/bin/php.ini
xampp/apache/conf/httpd.conf
xampp/apache/logs/access.log
xampp/apache/logs/error.log
xampp/FileZillaFTP/FileZilla Server.xml
xampp/htdocs/aca.txt
xampp/htdocs/admin.php
xampp/htdocs/leer.txt
xampp/MercuryMail/mercury.ini
xampp/mysql/data/{HOST}.err
xampp/mysql/data/mysql.err
xampp/mysql/data/mysql-bin.index
xampp/php/php.ini
xampp/phpMyAdmin/config.inc.php
xampp/sendmail/sendmail.ini
xampp/sendmail/sendmail.log
xampp/webalizer/webalizer.conf
3# 总结
在内网渗透阶段毫无头绪的时候,不妨在入口机器上仔细翻找,通过这种如同“翻垃圾”的行为,说不定能够打开突破口,从而成功横向到其他内网机器上面
如果您有其他的一些内网渗透信息搜集骚姿势,可以加我好友交流交流哈哈~
事在人为休言万般都是命,境由心造退后一步自然宽
我是曾哥,我在渊龙Sec安全团队等你
微信公众号:渊龙Sec安全团队
欢迎关注我,一起学习,一起进步~
本篇文章为团队成员原创文章,请不要擅自盗取!
相关推荐
