长亭百川云 - 文章详情

内网渗透信息搜集骚姿势

渊龙Sec安全团队

58

2024-07-13

微信公众号:渊龙Sec安全团队
为国之安全而奋斗,为信息安全而发声!
如有问题或建议,请在公众号后台留言
如果你觉得本文对你有帮助,欢迎在文章底部赞赏我们

0# 概述

哈哈,各位师傅好久不见啦,最近比较忙,抽空将本文写出来~

说到信息搜集,一般大家都会联想到Web外部打点的暴露面信息搜集。

但在内网渗透的过程中,信息搜集也是决定成败的决定性因素

特别是做持久化渗透中,对内网的信息搜集是尤其重要的,让我们来看看一些内网渗透之信息搜集骚姿势

1# 内网渗透信息搜集思路

因为是讲骚姿势,常规的查看系统信息之类的我就不写了,写写一些别人没写过的东西

内网渗透,主要分为三个阶段:权限提升、权限维持、横向移动

而三个阶段,所需要搜集的信息和作用各不相同,这里就大概列举一下:

1.1 权限提升阶段

权限提升阶段,信息搜集主要看以下几个内容:

  • 本机系统版本

  • 本机系统内核版本

  • 本机系统出网情况

  • 本机开启的服务和端口

  • 本机系统环境变量

  • 本机运行的应用和进程

  • 本机计划任务内容

  • 本机中间件环境利用

常见的骚思路:发现系统上安装的高权限服务-->查找配置文件或者命令行直接接管-->通过高权限服务进行提权。

1.2 权限维持阶段

权限维持阶段,信息搜集主要看以下几个内容:

  • 本机系统内核版本

  • 本机系统账号信息

  • 本机系统用户组信息

  • 本机系统出网情况

  • 本机计划任务内容

  • 本机运行的应用和进程

  • 注册表信息利用(Windows)

  • WMI利用、映像劫持(Windows)

  • SSH后门利用(Linux)

  • 本机中间件环境利用

常见的骚思路:上线免杀内存马和C2-->做进程迁移到系统进程-->同时运行一个潜伏C2进行维权;妥善利用常规的系统管理服务(如RDP/SSH/VNC)-->插入对应的影子账户和后门-->拿到机器的“合法”管理权限。

1.3 横向移动阶段

横向移动阶段,信息搜集主要看以下几个内容:

  • 本机系统网卡信息

  • 本机系统建立的网络连接

  • 抓取本机系统账户对应的密码

  • 本机服务和应用对应的密码

  • 本机服务和应用的配置文件

  • 对内网网段进行存活探测

  • 对存活网段内机器进行端口探测和服务探测

  • 抓取内网的流量(tcpdump抓包)

常见的骚思路:通过查看本机建立的网络连接(netstat -an)发现本机调用了内网其他机器的服务(如Redis)-->翻找本机上的配置文件或者命令行接管-->通过恶意利用内网其他机器上开放的服务(写入恶意SSH密钥等),成功横向。

2# 内网渗透信息搜集骚姿势

上面讲的都是大致骚思路,让我们看看具体的一些内网渗透之信息搜集骚姿势

2.1 针对文件内容的信息搜集

当对内网束手无策的时候,入口机器上面说不定藏着突破口,翻找本地的文件和建立的网络连接就是手法

这里也提供一个文件内容敏感词的字典,需要可以自己去整理,如下:

jdbc:  
user=  
password=  
key=  
ssh-  
ldap:  
mysqli_connect  
sk-  

通过快速遍历机器文件,去寻找这些关键词,可以找到突破口,这个代码我之前也分享给好几个朋友,在实战阶段效果不错,代码样例如下:

这是Python3的代码版本(支持Win和Linux)

#!/usr/bin/env python  
# coding=utf-8  
  
import os  
import argparse  
from tqdm import tqdm  
  
def logo():  
    logo0 = r'''  
    _______           ______  _____       ____        __   
   / ____(_)___  ____/ / __ \/ ___/      / __ \__  __/ /_  
  / /_  / / __ \/ __  / / / /\__ \______/ / / / / / / __/  
 / __/ / / / / / /_/ / /_/ /___/ /_____/ /_/ / /_/ / /_    
/_/   /_/_/ /_/\__,_/\____//____/      \____/\__,_/\__/    
'''  
    print(logo0)  
  
def search_files(directory, extensions):  
    files = []  
    for root, _, filenames in os.walk(directory):  
        for filename in filenames:  
            for extension in extensions:  
                if filename.endswith(extension):  
                    files.append(os.path.join(root, filename))  
    return files  
  
def search_content(file_path, content):  
    matching_lines = []  
    try:  
        with open(file_path, 'r', encoding='utf-8', errors='ignore') as file:  
            for line_num, line in enumerate(file, 1):  
                try:  
                    if content in line:  
                        matching_lines.append((line_num, line))  
                except UnicodeDecodeError as e:  
                    print(f"[-] Unicode decode error file {file_path}, line {line_num}: {e}")  
                    print()  
        return matching_lines  
    except:  
        print(f"[-] Error file {file_path}")  
        print()  
  
def write_to_file(output_file, file_path, matching_lines):  
    with open(output_file, 'a', encoding='utf-8') as f:  
        f.write(f"[+] File Path: {file_path}\n")  
        f.write(f"[=] Line Rows: {len(matching_lines)}\n")  
        for line_num, line in matching_lines:  
            f.write(f"[~] In Line {line_num}: {line.strip()}\n")  
        f.write("\n")  
  
def main():  
    parser = argparse.ArgumentParser(description="FindOS-Out")  
    parser.add_argument("-n", "--name", help="Specify the suffix", required=True)  
    parser.add_argument("-c", "--content", help="Specify file content", required=True)  
    parser.add_argument("-o", "--output", help="Specify output file", default="findout.txt")  
    parser.add_argument("-d", "--directory", help="Target directory", default="./")  
    args = parser.parse_args()  
  
    directory = args.directory  
    extensions = args.name.split(',')  
    content = args.content  
    output_file = args.output  
  
    files = search_files(directory, extensions)  
  
    for file_path in tqdm(files, desc="Searching files", unit="file"):  
        matching_lines = search_content(file_path, content)  
        if matching_lines:  
            write_to_file(output_file, file_path, matching_lines)  
  
if __name__ == "__main__":  
    logo()  
    print("[+] Runing Search..")  
    main()  
    print("[+] Out to findout.txt..")  

这是Python2的代码版本(支持Win和Linux)

import os  
import argparse  
  
def logo():  
    logo0 = '''  
    _______           ______  _____       ____        __   
   / ____(_)___  ____/ / __ \/ ___/      / __ \__  __/ /_  
  / /_  / / __ \/ __  / / / /\__ \______/ / / / / / / __/  
 / __/ / / / / / /_/ / /_/ /___/ /_____/ /_/ / /_/ / /_    
/_/   /_/_/ /_/\__,_/\____//____/      \____/\__,_/\__/    
'''  
    print(logo0)  
  
def search_files(directory, extensions):  
    files = []  
    for root, _, filenames in os.walk(directory):  
        for filename in filenames:  
            for extension in extensions:  
                if filename.endswith(extension):  
                    files.append(os.path.join(root, filename))  
    return files  
  
def search_content(file_path, content):  
    matching_lines = []  
    try:  
        with open(file_path, 'r') as file:  
            for line_num, line in enumerate(file, 1):  
                try:  
                    if content in line:  
                        matching_lines.append((line_num, line))  
                except UnicodeDecodeError as e:  
                    print("[-] Unicode decode error in file %s, line %d: %s" % (file_path, line_num, e))  
        return matching_lines  
    except:  
        print("[-] Error file %s" % (file_path))  
  
def write_to_file(output_file, file_path, matching_lines):  
    with open(output_file, 'a') as f:  
        f.write("[+] File Path: %s\n" % file_path)  
        f.write("[=] Line Rows: %d\n" % len(matching_lines))  
        for line_num, line in matching_lines:  
            f.write("[~] In Line %d: %s\n" % (line_num, line.strip()))  
        f.write("\n")  
  
def main():  
    parser = argparse.ArgumentParser(description="FindOS-Out")  
    parser.add_argument("-n", "--name", help="Specify the suffix", required=True)  
    parser.add_argument("-c", "--content", help="Specify file content", required=True)  
    parser.add_argument("-o", "--output", help="Specify output file", default="findout.txt")  
    parser.add_argument("-d", "--directory", help="Target directory", default="./")  
    args = parser.parse_args()  
  
    directory = args.directory  
    extensions = args.name.split(',')  
    content = args.content  
    output_file = args.output  
  
    files = search_files(directory, extensions)  
  
    for file_path in files:  
        matching_lines = search_content(file_path, content)  
        if matching_lines:  
            write_to_file(output_file, file_path, matching_lines)  
  
if __name__ == "__main__":  
    logo()  
    print("[+] Runing Search..")  
    main()  
    print("[+] Out to findout.txt..")  

怎么使用呢?如下:

python FindOS-Out.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql -d D:/  
python FindOS-Out.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql -o output.txt -d /  

为什么会采用Python进行编写呢?

因为DMZ的入口机器(通常是Linux服务器)都默认安装有Python3和Python2环境,我们可以直接利用环境来跑脚本,而且代码不需要额外的pip包,简单且报错少

2.2 针对数据库的信息搜集

当连上MySQL数据库的时候,要怎么快速确定包含user的字段在哪个库哪个表呢:

SELECT   
    TABLE_SCHEMA AS database_name,  
    TABLE_NAME AS table_name,  
    COLUMN_NAME AS column_name  
FROM   
    INFORMATION_SCHEMA.COLUMNS  
WHERE   
    COLUMN_NAME LIKE '%user%';  

当连上Oracle数据库的时候,要怎么快速确定包含user的字段在哪个库哪个表呢:

SELECT   
    owner AS database_name,  
    table_name,  
    column_name  
FROM   
    all_tab_columns  
WHERE   
    column_name LIKE '%USER%'  
ORDER BY   
    owner, table_name, column_name;  

注意:Oracle数据库查询是区分大小写的,而MySQL数据库查询是不区分大小写的,注意查询Oracle数据库时候的大小写

2.3 针对Win的信息搜集

常规的那些命令我这里就不贴了哈,别人写的已经够清楚了

查看启动程序信息:

wmic startup get command,caption  

查看连接过的Wifi名称:

netsh wlan show profiles  

查看指定Wifi的密码:

netsh wlan show profile name="wifi名称" key=clear  

远程桌面连接记录:

cmdkey /l  

探测网段存活(Ping):

for /l %i in (1,1,255) do @ping 192.168.123.%i -w 1 -n 1|find /i "ttl="  

关闭防火墙:

netsh firewall set opmode disable //Windows Server 2003 系统及之前的版本  
netsh advfirewall set allprofiles state off //Windows Server 2003 系统及之后的版本  

常见中间件及其配置目录(仅供参考):

中间件

目录1

目录2

MySQL

C:\ProgramData\MySQL\MySQL Server X.Y

C:\Program Files\MySQL\MySQL Server X.Y

SQL Server

C:\Program Files\Microsoft SQL Server\MSSQLXX.MSSQLSERVER\MSSQL

Oracle Database

C:\app\oracle\product\12.2.0\dbhome_1\database

PostgreSQL

C:\Program Files\PostgreSQL\XX\data

Redis

C:\Program Files\Redis

Apache

C:\Program Files\Apache Group\ApacheX.X\conf

C:\Program Files (x86)\Apache Software Foundation\ApacheX.X\conf

Nginx

C:\nginx\conf

C:\Program Files\Nginx\conf

Tomcat

C:\Program Files\Apache Software Foundation\TomcatX.X\conf

提权后,别忘了用户信息搜集:

C:\Users\XXX\Desktop  //用户桌面内容  
C:\Users\12816\Downloads  //用户下载内容  
C:\Users\12816\Documents  //用户文档内容  
C:\Users\12816\AppData\Local  //用户软件信息【仅个人安装选项】  

2.4 针对Linux的信息搜集

常规的那些命令我这里就不贴了哈,别人写的已经够清楚了

查看目前谁在登录,当前在干什么:

w  

最后登录用户的列表:

last  

查看用户敏感信息:

//列出所有的超级用户账户  
grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1}'  
//查看是否存在空口令用户  
awk -F: 'length($2)==0 {print $1}' /etc/shadow  
//查看远程登录的账号  
awk '/\$1|\$6/{print $1}' /etc/shadow           

查看其他用户的历史命令文件:

cat /home/user/.bash_history  
cat /root/.bash_history  

列出iptables的配置规则:

iptables -L  

查找当前可读可写可执行的目录到res.txt:

find / -type d -perm /u=rwx -user $(whoami) > res.txt  

搜索包含SSH密钥的文件(一般在 /home 下,但找不到可以全目录):

grep -ir "BEGIN DSA PRIVATE KEY" /home/*  
grep -ir "BEGIN DSA PRIVATE KEY" /*  
  
grep -ir "BEGIN RSA PRIVATE KEY" /home/*  
grep -ir "BEGIN RSA PRIVATE KEY" /*  
  
grep -ir "BEGIN OPENSSH PRIVATE KEY" /home/*  
grep -ir "BEGIN OPENSSH PRIVATE KEY" /*  

常见配置文件路径:

/apache/apache/conf/httpd.conf  
/apache/apache2/conf/httpd.conf  
/apache/php/php.ini  
/bin/php.ini  
/etc/apache/apache.conf  
/etc/apache/httpd.conf  
/etc/apache2/apache.conf  
/etc/apache2/httpd.conf  
/etc/apache2/sites-available/default  
/etc/apache2/vhosts.d/00_default_vhost.conf  
/etc/httpd/conf.d/httpd.conf  
/etc/httpd/conf.d/php.conf  
/etc/httpd/conf/httpd.conf  
/etc/httpd/php.ini  
/etc/init.d/httpd  
/etc/php.ini  
/etc/php/apache/php.ini  
/etc/php/apache2/php.ini  
/etc/php/cgi/php.ini  
/etc/php/php.ini  
/etc/php/php4/php.ini  
/etc/php4.4/fcgi/php.ini  
/etc/php4/apache/php.ini  
/etc/php4/apache2/php.ini  
/etc/php4/cgi/php.ini  
/etc/php5/apache/php.ini  
/etc/php5/apache2/php.ini  
/etc/php5/cgi/php.ini  
/etc/phpmyadmin/config.inc.php  
/home/apache/conf/httpd.conf  
/home/apache2/conf/httpd.conf  
/home/bin/stable/apache/php.ini  
/home2/bin/stable/apache/php.ini  
/NetServer/bin/stable/apache/php.ini  
/opt/www/conf/httpd.conf  
/opt/xampp/etc/php.ini  
/PHP/php.ini  
/php/php.ini  
/php4/php.ini  
/php5/php.ini  
/usr/lib/php.ini  
/etc/nginx/nginx.conf  
/usr/lib/php/php.ini  
/usr/local/apache/conf/httpd.conf  
/usr/local/apache/conf/php.ini  
/usr/local/apache2/conf/httpd.conf  
/usr/local/apache2/conf/php.ini  
/usr/local/etc/php.ini  
/usr/local/httpd/conf/httpd.conf  
/usr/local/lib/php.ini  
/usr/local/php/lib/php.ini  
/usr/local/php4/lib/php.ini  
/usr/local/php4/lib/php.ini  
/usr/local/php4/php.ini  
/usr/local/php5/etc/php.ini  
/usr/local/php5/lib/php.ini  
/usr/local/php5/php5.ini  
/usr/local/share/examples/php/php.ini  
/usr/local/share/examples/php4/php.ini  
/usr/local/Zend/etc/php.ini  
/var/apache2/config.inc  
/var/httpd/conf/httpd.conf  
/var/httpd/conf/php.ini  
/var/httpd/conf/php.ini  
/var/local/www/conf/httpd.conf  
/var/local/www/conf/php.ini  
/var/www/conf/httpd.conf  
/web/conf/php.ini  
/www/conf/httpd.conf  
/www/php/php.ini  
/www/php4/php.ini  
/www/php5/php.ini  
/xampp/apache/bin/php.ini  
/xampp/apache/conf/httpd.conf  

常见数据库文件路径:

/etc/init.d/mysql  
/etc/my.cnf  
/etc/mysql/my.cnf  
/etc/mysql/my.cnf  
/var/lib/mysql/my.cnf  
/var/lib/mysql/mysql/user.MYD  
/usr/local/mysql/bin/mysql  
/usr/local/mysql/my.cnf  
/usr/share/mysql/my.cnf  

2.5 敏感目录字典

我这里整理了一份敏感目录字典,感兴趣的师傅可以拿走:

[JBOSS]/server/default/conf/jboss-minimal.xml  
[JBOSS]/server/default/conf/jboss-service.xml  
[JBOSS]/server/default/conf/jndi.properties  
[JBOSS]/server/default/conf/log4j.xml  
[JBOSS]/server/default/conf/login-config.xml  
[JBOSS]/server/default/conf/server.log.properties  
[JBOSS]/server/default/conf/standardjaws.xml  
[JBOSS]/server/default/conf/standardjboss.xml  
[JBOSS]/server/default/deploy/jboss-logging.xml  
[JBOSS]/server/default/log/boot.log  
[JBOSS]/server/default/log/server.log  
apache/conf/httpd.conf  
apache/logs/access.log  
apache/logs/error.log  
apache/php/php.ini  
apache2/logs/access.log  
apache2/logs/error.log  
bin/php.ini  
boot.ini  
boot/grub/grub.cfg  
boot/grub/menu.lst  
C:/Program Files/[JBOSS]/server/default/conf/jboss-minimal.xml  
C:/Program Files/[JBOSS]/server/default/conf/jboss-service.xml  
C:/Program Files/[JBOSS]/server/default/conf/jndi.properties  
C:/Program Files/[JBOSS]/server/default/conf/log4j.xml  
C:/Program Files/[JBOSS]/server/default/conf/login-config.xml  
C:/Program Files/[JBOSS]/server/default/conf/server.log.properties  
C:/Program Files/[JBOSS]/server/default/conf/standardjaws.xml  
C:/Program Files/[JBOSS]/server/default/conf/standardjboss.xml  
C:/Program Files/[JBOSS]/server/default/deploy/jboss-logging.xml  
C:/Program Files/[JBOSS]/server/default/log/boot.log  
C:/Program Files/[JBOSS]/server/default/log/server.log  
C:/Program Files/Apache Group/Apache/apache.conf  
C:/Program Files/Apache Group/Apache/apache2.conf  
C:/Program Files/Apache Group/Apache/conf/apache.conf  
C:/Program Files/Apache Group/Apache/conf/apache2.conf  
C:/Program Files/Apache Group/Apache/conf/httpd.conf  
C:/Program Files/Apache Group/Apache/logs/access.log  
C:/Program Files/Apache Group/Apache/logs/error.log  
C:/Program Files/Apache Group/Apache2/conf/apache.conf  
C:/Program Files/Apache Group/Apache2/conf/apache2.conf  
C:/Program Files/Apache Group/Apache2/conf/httpd.conf  
C:/Program Files/Apache Software Foundation/Apache2.2/conf/httpd.conf  
C:/Program Files/Apache Software Foundation/Apache2.2/logs/access.log  
C:/Program Files/Apache Software Foundation/Apache2.2/logs/error.log  
C:/Program Files/MySQL/data/{HOST}.err  
C:/Program Files/MySQL/data/mysql.err  
C:/Program Files/MySQL/data/mysql.log  
C:/Program Files/MySQL/data/mysql-bin.index  
C:/Program Files/MySQL/data/mysql-bin.log  
C:/Program Files/MySQL/my.cnf  
C:/Program Files/MySQL/my.ini  
C:/Program Files/MySQL/MySQL Server 5.0/data/{HOST}.err  
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql.err  
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql.log  
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql-bin.index  
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql-bin.log  
C:/Program Files/MySQL/MySQL Server 5.0/my.cnf  
C:/Program Files/MySQL/MySQL Server 5.0/my.ini  
C:/Program Files/PostgreSQL/8.3/data/pg_hba.conf  
C:/Program Files/PostgreSQL/8.3/data/pg_ident.conf  
C:/Program Files/PostgreSQL/8.3/data/postgresql.conf  
C:/Program Files/PostgreSQL/8.4/data/pg_hba.conf  
C:/Program Files/PostgreSQL/8.4/data/pg_ident.conf  
C:/Program Files/PostgreSQL/8.4/data/postgresql.conf  
C:/Program Files/PostgreSQL/9.0/data/pg_hba.conf  
C:/Program Files/PostgreSQL/9.0/data/pg_ident.conf  
C:/Program Files/PostgreSQL/9.0/data/postgresql.conf  
C:/Program Files/PostgreSQL/9.1/data/pg_hba.conf  
C:/Program Files/PostgreSQL/9.1/data/pg_ident.conf  
C:/Program Files/PostgreSQL/9.1/data/postgresql.conf  
C:/Program Files/Vidalia Bundle/Polipo/polipo.conf  
C:/Program Files/xampp/apache/conf/apache.conf  
C:/Program Files/xampp/apache/conf/apache2.conf  
C:/Program Files/xampp/apache/conf/httpd.conf  
etc/adduser.conf  
etc/alias  
etc/apache/access.conf  
etc/apache/apache.conf  
etc/apache/conf/httpd.conf  
etc/apache/default-server.conf  
etc/apache/httpd.conf  
etc/apache2/apache.conf  
etc/apache2/apache2.conf  
etc/apache2/conf.d/charset  
etc/apache2/conf.d/phpmyadmin.conf  
etc/apache2/conf.d/security  
etc/apache2/conf/httpd.conf  
etc/apache2/default-server.conf  
etc/apache2/envvars  
etc/apache2/httpd.conf  
etc/apache2/httpd2.conf  
etc/apache2/mods-available/autoindex.conf  
etc/apache2/mods-available/deflate.conf  
etc/apache2/mods-available/dir.conf  
etc/apache2/mods-available/mem_cache.conf  
etc/apache2/mods-available/mime.conf  
etc/apache2/mods-available/proxy.conf  
etc/apache2/mods-available/setenvif.conf  
etc/apache2/mods-available/ssl.conf  
etc/apache2/mods-enabled/alias.conf  
etc/apache2/mods-enabled/deflate.conf  
etc/apache2/mods-enabled/dir.conf  
etc/apache2/mods-enabled/mime.conf  
etc/apache2/mods-enabled/negotiation.conf  
etc/apache2/mods-enabled/php5.conf  
etc/apache2/mods-enabled/status.conf  
etc/apache2/ports.conf  
etc/apache2/sites-available/default  
etc/apache2/sites-available/default-ssl  
etc/apache2/sites-enabled/000-default  
etc/apache2/sites-enabled/default  
etc/apache2/ssl-global.conf  
etc/apache2/vhosts.d/00_default_vhost.conf  
etc/apache2/vhosts.d/default_vhost.include  
etc/apache22/conf/httpd.conf  
etc/apache22/httpd.conf  
etc/apt/apt.conf  
etc/avahi/avahi-daemon.conf  
etc/bash.bashrc  
etc/bash_completion.d/debconf  
etc/bluetooth/input.conf  
etc/bluetooth/main.conf  
etc/bluetooth/network.conf  
etc/bluetooth/rfcomm.conf  
etc/ca-certificates.conf  
etc/ca-certificates.conf.dpkg-old  
etc/casper.conf  
etc/chkrootkit.conf  
etc/chrootUsers  
etc/clamav/clamd.conf  
etc/clamav/freshclam.conf  
etc/crontab  
etc/crypttab  
etc/cups/acroread.conf  
etc/cups/cupsd.conf  
etc/cups/cupsd.conf.default  
etc/cups/pdftops.conf  
etc/cups/printers.conf  
etc/cvs-cron.conf  
etc/cvs-pserver.conf  
etc/debconf.conf  
etc/debian_version  
etc/default/grub  
etc/deluser.conf  
etc/dhcp/dhclient.conf  
etc/dhcp3/dhclient.conf  
etc/dhcp3/dhcpd.conf  
etc/dns2tcpd.conf  
etc/e2fsck.conf  
etc/esound/esd.conf  
etc/etter.conf  
etc/exports  
etc/fedora-release  
etc/firewall.rules  
etc/foremost.conf  
etc/fstab  
etc/ftpchroot  
etc/ftphosts  
etc/ftpusers  
etc/fuse.conf  
etc/group  
etc/group-  
etc/hdparm.conf  
etc/host.conf  
etc/hostname  
etc/hosts  
etc/hosts.allow  
etc/hosts.deny  
etc/http/conf/httpd.conf  
etc/http/httpd.conf  
etc/httpd.conf  
etc/httpd/apache.conf  
etc/httpd/apache2.conf  
etc/httpd/conf  
etc/httpd/conf.d  
etc/httpd/conf.d/php.conf  
etc/httpd/conf.d/squirrelmail.conf  
etc/httpd/conf/apache.conf  
etc/httpd/conf/apache2.conf  
etc/httpd/conf/httpd.conf  
etc/httpd/extra/httpd-ssl.conf  
etc/httpd/httpd.conf  
etc/httpd/logs/access.log  
etc/httpd/logs/access_log  
etc/httpd/logs/error.log  
etc/httpd/logs/error_log  
etc/httpd/mod_php.conf  
etc/httpd/php.ini  
etc/inetd.conf  
etc/init.d  
etc/inittab  
etc/ipfw.conf  
etc/ipfw.rules  
etc/issue  
etc/issue.net  
etc/kbd/config  
etc/kernel-img.conf  
etc/kernel-pkg.conf  
etc/ld.so.conf  
etc/ldap/ldap.conf  
etc/lighttpd/lighthttpd.conf  
etc/login.defs  
etc/logrotate.conf  
etc/logrotate.d/ftp  
etc/logrotate.d/proftpd  
etc/logrotate.d/vsftpd.log  
etc/ltrace.conf  
etc/mail/sendmail.conf  
etc/mandrake-release  
etc/manpath.config  
etc/miredo.conf  
etc/miredo/miredo.conf  
etc/miredo/miredo-server.conf  
etc/miredo-server.conf  
etc/modprobe.d/vmware-tools.conf  
etc/modules  
etc/mono/1.0/machine.config  
etc/mono/2.0/machine.config  
etc/mono/2.0/web.config  
etc/mono/config  
etc/motd  
etc/mtab  
etc/mtools.conf  
etc/muddleftpd.com  
etc/muddleftpd/muddleftpd.conf  
etc/muddleftpd/muddleftpd.passwd  
etc/muddleftpd/mudlog  
etc/muddleftpd/mudlogd.conf  
etc/muddleftpd/passwd  
etc/my.cnf  
etc/mysql/conf.d/old_passwords.cnf  
etc/mysql/my.cnf  
etc/networks  
etc/newsyslog.conf  
etc/nginx/nginx.conf  
etc/openldap/ldap.conf  
etc/os-release  
etc/osxhttpd/osxhttpd.conf  
etc/pam.conf  
etc/pam.d/proftpd  
etc/passwd  
etc/passwd-  
etc/passwd~  
etc/password.master  
etc/php.ini  
etc/php/apache/php.ini  
etc/php/apache2/php.ini  
etc/php/cgi/php.ini  
etc/php/php.ini  
etc/php/php4/php.ini  
etc/php4.4/fcgi/php.ini  
etc/php4/apache/php.ini  
etc/php4/apache2/php.ini  
etc/php4/cgi/php.ini  
etc/php5/apache/php.ini  
etc/php5/apache2/php.ini  
etc/php5/cgi/php.ini  
etc/phpmyadmin/config.inc.php  
etc/postgresql/pg_hba.conf  
etc/postgresql/postgresql.conf  
etc/profile  
etc/proftp.conf  
etc/proftpd/modules.conf  
etc/protpd/proftpd.conf  
etc/pulse/client.conf  
etc/pure-ftpd.conf  
etc/pureftpd.passwd  
etc/pureftpd.pdb  
etc/pure-ftpd/pure-ftpd.conf  
etc/pure-ftpd/pureftpd.pdb  
etc/pure-ftpd/pure-ftpd.pdb  
etc/rc.conf  
etc/rc.d/rc.httpd  
etc/redhat-release  
etc/resolv.conf  
etc/resolvconf/update-libc.d/sendmail  
etc/samba/dhcp.conf  
etc/samba/netlogon  
etc/samba/private/smbpasswd  
etc/samba/samba.conf  
etc/samba/smb.conf  
etc/samba/smb.conf.user  
etc/samba/smbpasswd  
etc/samba/smbusers  
etc/security/access.conf  
etc/security/environ  
etc/security/failedlogin  
etc/security/group  
etc/security/group.conf  
etc/security/lastlog  
etc/security/limits  
etc/security/limits.conf  
etc/security/namespace.conf  
etc/security/opasswd  
etc/security/pam_env.conf  
etc/security/passwd  
etc/security/sepermit.conf  
etc/security/time.conf  
etc/security/user  
etc/sensors.conf  
etc/sensors3.conf  
etc/shadow  
etc/shadow-  
etc/shadow~  
etc/slackware-release  
etc/smb.conf  
etc/smbpasswd  
etc/smi.conf  
etc/squirrelmail/apache.conf  
etc/squirrelmail/config.php  
etc/squirrelmail/config/config.php  
etc/squirrelmail/config_default.php  
etc/squirrelmail/config_local.php  
etc/squirrelmail/default_pref  
etc/squirrelmail/filters_setup.php  
etc/squirrelmail/index.php  
etc/squirrelmail/sqspell_config.php  
etc/ssh/sshd_config  
etc/sso/sso_config.ini  
etc/stunnel/stunnel.conf  
etc/subversion/config  
etc/sudoers  
etc/SUSE-release  
etc/sw-cp-server/applications.d/00-sso-cpserver.conf  
etc/sw-cp-server/applications.d/plesk.conf  
etc/sysconfig/network-scripts/ifcfg-eth0  
etc/sysctl.conf  
etc/sysctl.d/10-console-messages.conf  
etc/sysctl.d/10-network-security.conf  
etc/sysctl.d/10-process-security.conf  
etc/sysctl.d/wine.sysctl.conf  
etc/syslog.conf  
etc/timezone  
etc/tinyproxy/tinyproxy.conf  
etc/tor/tor-tsocks.conf  
etc/tsocks.conf  
etc/updatedb.conf  
etc/updatedb.conf.BeforeVMwareToolsInstall  
etc/utmp  
etc/vhcs2/proftpd/proftpd.conf  
etc/vmware-tools/config  
etc/vmware-tools/tpvmlp.conf  
etc/vmware-tools/vmware-tools-libraries.conf  
etc/vsftpd.chroot_list  
etc/vsftpd.conf  
etc/vsftpd/vsftpd.conf  
etc/webmin/miniserv.conf  
etc/webmin/miniserv.users  
etc/wicd/dhclient.conf.template.default  
etc/wicd/manager-settings.conf  
etc/wicd/wired-settings.conf  
etc/wicd/wireless-settings.conf  
etc/wu-ftpd/ftpaccess  
etc/wu-ftpd/ftphosts  
etc/wu-ftpd/ftpusers  
etc/X11/xorg.conf  
etc/X11/xorg.conf.BeforeVMwareToolsInstall  
etc/X11/xorg.conf.orig  
etc/X11/xorg.conf-vesa  
etc/X11/xorg.conf-vmware  
home/bin/stable/apache/php.ini  
home/postgres/data/pg_hba.conf  
home/postgres/data/pg_ident.conf  
home/postgres/data/PG_VERSION  
home/postgres/data/postgresql.conf  
home/user/lighttpd/lighttpd.conf  
home2/bin/stable/apache/php.ini  
http/httpd.conf  
Library/WebServer/Documents/.htaccess  
Library/WebServer/Documents/default.htm  
Library/WebServer/Documents/default.html  
Library/WebServer/Documents/default.php  
Library/WebServer/Documents/index.htm  
Library/WebServer/Documents/index.html  
Library/WebServer/Documents/index.php  
logs/access.log  
logs/access_log  
logs/error.log  
logs/error_log  
logs/pure-ftpd.log  
logs/security_debug_log  
logs/security_log  
mysql/bin/my.ini  
MySQL/data/mysql.err  
MySQL/data/mysql.log  
MySQL/data/mysql-bin.index  
MySQL/data/mysql-bin.log  
MySQL/my.cnf  
MySQL/my.ini  
NetServer/bin/stable/apache/php.ini  
opt/[JBOSS]/server/default/conf/jboss-minimal.xml  
opt/[JBOSS]/server/default/conf/jboss-service.xml  
opt/[JBOSS]/server/default/conf/jndi.properties  
opt/[JBOSS]/server/default/conf/log4j.xml  
opt/[JBOSS]/server/default/conf/login-config.xml  
opt/[JBOSS]/server/default/conf/server.log.properties  
opt/[JBOSS]/server/default/conf/standardjaws.xml  
opt/[JBOSS]/server/default/conf/standardjboss.xml  
opt/[JBOSS]/server/default/deploy/jboss-logging.xml  
opt/[JBOSS]/server/default/log/boot.log  
opt/[JBOSS]/server/default/log/server.log  
opt/apache/apache.conf  
opt/apache/apache2.conf  
opt/apache/conf/apache.conf  
opt/apache/conf/apache2.conf  
opt/apache/conf/httpd.conf  
opt/apache2/apache.conf  
opt/apache2/apache2.conf  
opt/apache2/conf/apache.conf  
opt/apache2/conf/apache2.conf  
opt/apache2/conf/httpd.conf  
opt/apache22/conf/httpd.conf  
opt/httpd/apache.conf  
opt/httpd/apache2.conf  
opt/httpd/conf/apache.conf  
opt/httpd/conf/apache2.conf  
opt/lampp/etc/httpd.conf  
opt/lampp/logs/access.log  
opt/lampp/logs/access_log  
opt/lampp/logs/error.log  
opt/lampp/logs/error_log  
opt/lsws/conf/httpd_conf.xml  
opt/lsws/logs/access.log  
opt/lsws/logs/error.log  
opt/tomcat/logs/catalina.err  
opt/tomcat/logs/catalina.out  
opt/xampp/etc/php.ini  
opt/xampp/logs/access.log  
opt/xampp/logs/access_log  
opt/xampp/logs/error.log  
opt/xampp/logs/error_log  
php/php.ini  
PHP/php.ini  
php4/php.ini  
php5/php.ini  
PostgreSQL/log/pgadmin.log  
private/etc/httpd/apache.conf  
private/etc/httpd/apache2.conf  
private/etc/httpd/httpd.conf  
private/etc/httpd/httpd.conf.default  
private/etc/squirrelmail/config/config.php  
private/tmp/[JBOSS]/server/default/conf/jboss-minimal.xml  
private/tmp/[JBOSS]/server/default/conf/jboss-service.xml  
private/tmp/[JBOSS]/server/default/conf/jndi.properties  
private/tmp/[JBOSS]/server/default/conf/log4j.xml  
private/tmp/[JBOSS]/server/default/conf/login-config.xml  
private/tmp/[JBOSS]/server/default/conf/server.log.properties  
private/tmp/[JBOSS]/server/default/conf/standardjaws.xml  
private/tmp/[JBOSS]/server/default/conf/standardjboss.xml  
private/tmp/[JBOSS]/server/default/deploy/jboss-logging.xml  
private/tmp/[JBOSS]/server/default/log/boot.log  
private/tmp/[JBOSS]/server/default/log/server.log  
proc/cpuinfo  
proc/devices  
proc/meminfo  
proc/net/tcp  
proc/net/udp  
proc/self/cmdline  
proc/self/environ  
proc/self/fd/0  
proc/self/fd/1  
proc/self/fd/10  
proc/self/fd/11  
proc/self/fd/12  
proc/self/fd/13  
proc/self/fd/14  
proc/self/fd/15  
proc/self/fd/2  
proc/self/fd/3  
proc/self/fd/4  
proc/self/fd/5  
proc/self/fd/6  
proc/self/fd/7  
proc/self/fd/8  
proc/self/fd/9  
proc/self/mounts  
proc/self/stat  
proc/self/status  
proc/version  
root/.bash_config  
root/.bash_history  
root/.bash_logout  
root/.bashrc  
root/.ksh_history  
root/.Xauthority  
srv/www/htdos/squirrelmail/config/config.php  
System/Library/WebObjects/Adaptors/Apache2.2/apache.conf  
tmp/[JBOSS]/server/default/conf/jboss-minimal.xml  
tmp/[JBOSS]/server/default/conf/jboss-service.xml  
tmp/[JBOSS]/server/default/conf/jndi.properties  
tmp/[JBOSS]/server/default/conf/log4j.xml  
tmp/[JBOSS]/server/default/conf/login-config.xml  
tmp/[JBOSS]/server/default/conf/server.log.properties  
tmp/[JBOSS]/server/default/conf/standardjaws.xml  
tmp/[JBOSS]/server/default/conf/standardjboss.xml  
tmp/[JBOSS]/server/default/deploy/jboss-logging.xml  
tmp/[JBOSS]/server/default/log/boot.log  
tmp/[JBOSS]/server/default/log/server.log  
tmp/access.log  
usr/apache/conf/httpd.conf  
usr/apache2/conf/httpd.conf  
usr/etc/pure-ftpd.conf  
usr/home/user/lighttpd/lighttpd.conf  
usr/home/user/var/log/apache.log  
usr/home/user/var/log/lighttpd.error.log  
usr/internet/pgsql/data/pg_hba.conf  
usr/internet/pgsql/data/postmaster.log  
usr/lib/cron/log  
usr/lib/php.ini  
usr/lib/php/php.ini  
usr/lib/security/mkuser.default  
usr/local/[JBOSS]/server/default/conf/jboss-minimal.xml  
usr/local/[JBOSS]/server/default/conf/jboss-service.xml  
usr/local/[JBOSS]/server/default/conf/jndi.properties  
usr/local/[JBOSS]/server/default/conf/log4j.xml  
usr/local/[JBOSS]/server/default/conf/login-config.xml  
usr/local/[JBOSS]/server/default/conf/server.log.properties  
usr/local/[JBOSS]/server/default/conf/standardjaws.xml  
usr/local/[JBOSS]/server/default/conf/standardjboss.xml  
usr/local/[JBOSS]/server/default/deploy/jboss-logging.xml  
usr/local/[JBOSS]/server/default/log/boot.log  
usr/local/[JBOSS]/server/default/log/server.log  
usr/local/apache/apache.conf  
usr/local/apache/apache2.conf  
usr/local/apache/conf/access.conf  
usr/local/apache/conf/apache.conf  
usr/local/apache/conf/apache2.conf  
usr/local/apache/conf/httpd.conf  
usr/local/apache/conf/httpd.conf.default  
usr/local/apache/conf/modsec.conf  
usr/local/apache/conf/php.ini  
usr/local/apache/conf/vhosts.conf  
usr/local/apache/conf/vhosts-custom.conf  
usr/local/apache/httpd.conf  
usr/local/apache/logs/access.log  
usr/local/apache/logs/access_log  
usr/local/apache/logs/audit_log  
usr/local/apache/logs/error.log  
usr/local/apache/logs/error_log  
usr/local/apache/logs/lighttpd.error.log  
usr/local/apache/logs/lighttpd.log  
usr/local/apache/logs/mod_jk.log  
usr/local/apache1.3/conf/httpd.conf  
usr/local/apache2/apache.conf  
usr/local/apache2/apache2.conf  
usr/local/apache2/conf/apache.conf  
usr/local/apache2/conf/apache2.conf  
usr/local/apache2/conf/extra/httpd-ssl.conf  
usr/local/apache2/conf/httpd.conf  
usr/local/apache2/conf/modsec.conf  
usr/local/apache2/conf/ssl.conf  
usr/local/apache2/conf/vhosts.conf  
usr/local/apache2/conf/vhosts-custom.conf  
usr/local/apache2/httpd.conf  
usr/local/apache2/logs/access.log  
usr/local/apache2/logs/access_log  
usr/local/apache2/logs/audit_log  
usr/local/apache2/logs/error.log  
usr/local/apache2/logs/error_log  
usr/local/apache2/logs/lighttpd.error.log  
usr/local/apache2/logs/lighttpd.log  
usr/local/apache22/conf/httpd.conf  
usr/local/apache22/httpd.conf  
usr/local/apps/apache/conf/httpd.conf  
usr/local/apps/apache2/conf/httpd.conf  
usr/local/apps/apache22/conf/httpd.conf  
usr/local/cpanel/logs/access_log  
usr/local/cpanel/logs/error_log  
usr/local/cpanel/logs/license_log  
usr/local/cpanel/logs/login_log  
usr/local/cpanel/logs/stats_log  
usr/local/etc/apache/conf/httpd.conf  
usr/local/etc/apache/httpd.conf  
usr/local/etc/apache/vhosts.conf  
usr/local/etc/apache2/conf/httpd.conf  
usr/local/etc/apache2/httpd.conf  
usr/local/etc/apache2/vhosts.conf  
usr/local/etc/apache22/conf/httpd.conf  
usr/local/etc/apache22/httpd.conf  
usr/local/etc/httpd/conf  
usr/local/etc/httpd/conf/httpd.conf  
usr/local/etc/lighttpd.conf  
usr/local/etc/lighttpd.conf.new  
usr/local/etc/nginx/nginx.conf  
usr/local/etc/php.ini  
usr/local/etc/pure-ftpd.conf  
usr/local/etc/pureftpd.pdb  
usr/local/etc/smb.conf  
usr/local/etc/webmin/miniserv.conf  
usr/local/etc/webmin/miniserv.users  
usr/local/httpd/conf/httpd.conf  
usr/local/jakarta/dist/tomcat/conf/context.xml  
usr/local/jakarta/dist/tomcat/conf/jakarta.conf  
usr/local/jakarta/dist/tomcat/conf/logging.properties  
usr/local/jakarta/dist/tomcat/conf/server.xml  
usr/local/jakarta/dist/tomcat/conf/workers.properties  
usr/local/jakarta/dist/tomcat/logs/mod_jk.log  
usr/local/jakarta/tomcat/conf/context.xml  
usr/local/jakarta/tomcat/conf/jakarta.conf  
usr/local/jakarta/tomcat/conf/logging.properties  
usr/local/jakarta/tomcat/conf/server.xml  
usr/local/jakarta/tomcat/conf/workers.properties  
usr/local/jakarta/tomcat/logs/catalina.err  
usr/local/jakarta/tomcat/logs/catalina.out  
usr/local/jakarta/tomcat/logs/mod_jk.log  
usr/local/lib/php.ini  
usr/local/lighttpd/conf/lighttpd.conf  
usr/local/lighttpd/log/access.log  
usr/local/lighttpd/log/lighttpd.error.log  
usr/local/logs/access.log  
usr/local/logs/samba.log  
usr/local/lsws/conf/httpd_conf.xml  
usr/local/lsws/logs/error.log  
usr/local/mysql/data/{HOST}.err  
usr/local/mysql/data/mysql.err  
usr/local/mysql/data/mysql.log  
usr/local/mysql/data/mysql-bin.index  
usr/local/mysql/data/mysql-bin.log  
usr/local/mysql/data/mysqlderror.log  
usr/local/mysql/data/mysql-slow.log  
usr/local/nginx/conf/nginx.conf  
usr/local/pgsql/bin/pg_passwd  
usr/local/pgsql/data/passwd  
usr/local/pgsql/data/pg_hba.conf  
usr/local/pgsql/data/pg_log  
usr/local/pgsql/data/postgresql.conf  
usr/local/pgsql/data/postgresql.log  
usr/local/php/apache.conf  
usr/local/php/apache.conf.php  
usr/local/php/apache2.conf  
usr/local/php/apache2.conf.php  
usr/local/php/httpd.conf  
usr/local/php/httpd.conf.php  
usr/local/php/lib/php.ini  
usr/local/php4/apache.conf  
usr/local/php4/apache.conf.php  
usr/local/php4/apache2.conf  
usr/local/php4/apache2.conf.php  
usr/local/php4/httpd.conf  
usr/local/php4/httpd.conf.php  
usr/local/php4/lib/php.ini  
usr/local/php5/apache.conf  
usr/local/php5/apache.conf.php  
usr/local/php5/apache2.conf  
usr/local/php5/apache2.conf.php  
usr/local/php5/httpd.conf  
usr/local/php5/httpd.conf.php  
usr/local/php5/lib/php.ini  
usr/local/psa/admin/conf/php.ini  
usr/local/psa/admin/conf/site_isolation_settings.ini  
usr/local/psa/admin/htdocs/domains/databases/phpMyAdmin/libraries/config.default.php  
usr/local/psa/admin/logs/httpsd_access_log  
usr/local/psa/admin/logs/panel.log  
usr/local/pureftpd/etc/pure-ftpd.conf  
usr/local/pureftpd/etc/pureftpd.pdb  
usr/local/pureftpd/sbin/pure-config.pl  
usr/local/samba/lib/log.user  
usr/local/samba/lib/smb.conf.user  
usr/local/sb/config  
usr/local/squirrelmail/www/README  
usr/local/Zend/etc/php.ini  
usr/local/zeus/web/global.cfg  
usr/local/zeus/web/log/errors  
usr/pkg/etc/httpd/httpd.conf  
usr/pkg/etc/httpd/httpd-default.conf  
usr/pkg/etc/httpd/httpd-vhosts.conf  
usr/pkgsrc/net/pureftpd/pure-ftpd.conf  
usr/pkgsrc/net/pureftpd/pureftpd.passwd  
usr/pkgsrc/net/pureftpd/pureftpd.pdb  
usr/ports/contrib/pure-ftpd/pure-ftpd.conf  
usr/ports/contrib/pure-ftpd/pureftpd.passwd  
usr/ports/contrib/pure-ftpd/pureftpd.pdb  
usr/ports/ftp/pure-ftpd/pure-ftpd.conf  
usr/ports/ftp/pure-ftpd/pureftpd.passwd  
usr/ports/ftp/pure-ftpd/pureftpd.pdb  
usr/ports/net/pure-ftpd/pure-ftpd.conf  
usr/ports/net/pure-ftpd/pureftpd.passwd  
usr/ports/net/pure-ftpd/pureftpd.pdb  
usr/sbin/mudlogd  
usr/sbin/mudpasswd  
usr/sbin/pure-config.pl  
usr/share/adduser/adduser.conf  
usr/share/logs/catalina.err  
usr/share/logs/catalina.out  
usr/share/squirrelmail/config/config.php  
usr/share/squirrelmail/plugins/squirrel_logger/setup.php  
usr/share/tomcat/logs/catalina.err  
usr/share/tomcat/logs/catalina.out  
usr/share/tomcat6/conf/context.xml  
usr/share/tomcat6/conf/logging.properties  
usr/share/tomcat6/conf/server.xml  
usr/share/tomcat6/conf/workers.properties  
usr/share/tomcat6/logs/catalina.err  
usr/share/tomcat6/logs/catalina.out  
usr/spool/lp/log  
usr/spool/mqueue/syslog  
var/adm/acct/sum/loginlog  
var/adm/aculog  
var/adm/aculogs  
var/adm/crash/unix  
var/adm/crash/vmcore  
var/adm/cron/log  
var/adm/dtmp  
var/adm/lastlog/username  
var/adm/log/asppp.log  
var/adm/log/xferlog  
var/adm/loginlog  
var/adm/lp/lpd-errs  
var/adm/messages  
var/adm/pacct  
var/adm/qacct  
var/adm/ras/bootlog  
var/adm/ras/errlog  
var/adm/sulog  
var/adm/SYSLOG  
var/adm/utmp  
var/adm/utmpx  
var/adm/vold.log  
var/adm/wtmp  
var/adm/wtmpx  
var/adm/X0msgs  
var/apache/conf/httpd.conf  
var/cpanel/cpanel.config  
var/cpanel/tomcat.options  
var/cron/log  
var/data/mysql-bin.index  
var/lib/mysql/my.cnf  
var/lib/pgsql/data/postgresql.conf  
var/lib/squirrelmail/prefs/squirrelmail.log  
var/lighttpd.log  
var/local/www/conf/php.ini  
var/log/access.log  
var/log/access_log  
var/log/apache/access.log  
var/log/apache/access_log  
var/log/apache/error.log  
var/log/apache/error_log  
var/log/apache2/access.log  
var/log/apache2/access_log  
var/log/apache2/error.log  
var/log/apache2/error_log  
var/log/apache2/squirrelmail.err.log  
var/log/apache2/squirrelmail.log  
var/log/auth.log  
var/log/authlog  
var/log/boot.log  
var/log/cron/var/log/postgres.log  
var/log/daemon.log  
var/log/daemon.log.1  
var/log/data/mysql-bin.index  
var/log/error.log  
var/log/error_log  
var/log/exim/mainlog  
var/log/exim/paniclog  
var/log/exim/rejectlog  
var/log/exim_mainlog  
var/log/exim_paniclog  
var/log/exim_rejectlog  
var/log/ftplog  
var/log/ftp-proxy  
var/log/ftp-proxy/ftp-proxy.log  
var/log/httpd/access.log  
var/log/httpd/access_log  
var/log/httpd/error.log  
var/log/httpd/error_log  
var/log/ipfw  
var/log/ipfw.log  
var/log/ipfw.today  
var/log/ipfw/ipfw.log  
var/log/kern.log  
var/log/kern.log.1  
var/log/lighttpd.access.log  
var/log/lighttpd.error.log  
var/log/lighttpd/  
var/log/lighttpd/{DOMAIN}/access.log  
var/log/lighttpd/{DOMAIN}/error.log  
var/log/lighttpd/access.log  
var/log/lighttpd/access.www.log  
var/log/lighttpd/error.log  
var/log/lighttpd/error.www.log  
var/log/log.smb  
var/log/mail.err  
var/log/mail.info  
var/log/mail.log  
var/log/mail.log  
var/log/mail.warn  
var/log/maillog  
var/log/messages  
var/log/messages.1  
var/log/muddleftpd  
var/log/muddleftpd.conf  
var/log/mysql.err  
var/log/mysql.log  
var/log/mysql/data/mysql-bin.index  
var/log/mysql/mysql.log  
var/log/mysql/mysql-bin.index  
var/log/mysql/mysql-bin.log  
var/log/mysql/mysql-slow.log  
var/log/mysql-bin.index  
var/log/mysqlderror.log  
var/log/news.all  
var/log/news/news.all  
var/log/news/news.crit  
var/log/news/news.err  
var/log/news/news.notice  
var/log/news/suck.err  
var/log/news/suck.notice  
var/log/nginx.access_log  
var/log/nginx.error_log  
var/log/nginx/access.log  
var/log/nginx/access_log  
var/log/nginx/error.log  
var/log/nginx/error_log  
var/log/pgsql/pgsql.log  
var/log/pgsql_log  
var/log/pgsql8.log  
var/log/pm-powersave.log  
var/log/POPlog  
var/log/postgres/pg_backup.log  
var/log/postgres/postgres.log  
var/log/postgresql.log  
var/log/postgresql/main.log  
var/log/postgresql/postgres.log  
var/log/postgresql/postgresql.log  
var/log/postgresql/postgresql-8.1-main.log  
var/log/postgresql/postgresql-8.3-main.log  
var/log/postgresql/postgresql-8.4-main.log  
var/log/postgresql/postgresql-9.0-main.log  
var/log/postgresql/postgresql-9.1-main.log  
var/log/proftpd  
var/log/proftpd.access_log  
var/log/proftpd.xferlog  
var/log/proftpd/xferlog.legacy  
var/log/pureftpd.log  
var/log/pure-ftpd/pure-ftpd.log  
var/log/samba.log  
var/log/samba.log1  
var/log/samba.log2  
var/log/samba/log.nmbd  
var/log/samba/log.smbd  
var/log/squirrelmail.log  
var/log/sso/sso.log  
var/log/sw-cp-server/error_log  
var/log/syslog  
var/log/syslog.1  
var/log/tomcat6/catalina.out  
var/log/ufw.log  
var/log/user.log  
var/log/user.log.1  
var/log/vmware/hostd.log  
var/log/vmware/hostd-1.log  
var/log/vsftpd.log  
var/log/webmin/miniserv.log  
var/log/xferlog  
var/log/Xorg.0.log  
var/logs/access.log  
var/lp/logs/lpNet  
var/lp/logs/lpsched  
var/lp/logs/requests  
var/mysql.log  
var/mysql-bin.index  
var/nm2/postgresql.conf  
var/postgresql/db/postgresql.conf  
var/postgresql/log/postgresql.log  
var/saf/_log  
var/saf/port/log  
var/www/.lighttpdpassword  
var/www/conf  
var/www/conf/httpd.conf  
var/www/html/squirrelmail/config/config.php  
var/www/html/squirrelmail-1.2.9/config/config.php  
var/www/logs/access.log  
var/www/logs/access_log  
var/www/logs/error.log  
var/www/logs/error_log  
var/www/squirrelmail/config/config.php  
Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf  
Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf  
Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf  
Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php  
Volumes/Macintosh_HD1/usr/local/php/lib/php.ini  
Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php  
Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php  
Volumes/webBackup/opt/apache2/conf/httpd.conf  
Volumes/webBackup/private/etc/httpd/httpd.conf  
Volumes/webBackup/private/etc/httpd/httpd.conf.default  
wamp/bin/apache/apache2.2.21/conf/httpd.conf  
wamp/bin/apache/apache2.2.21/logs/access.log  
wamp/bin/apache/apache2.2.21/logs/error.log  
wamp/bin/apache/apache2.2.21/wampserver.conf  
wamp/bin/apache/apache2.2.22/conf/httpd.conf  
wamp/bin/apache/apache2.2.22/conf/wampserver.conf  
wamp/bin/apache/apache2.2.22/logs/access.log  
wamp/bin/apache/apache2.2.22/logs/error.log  
wamp/bin/apache/apache2.2.22/wampserver.conf  
wamp/bin/mysql/mysql5.5.16/data/mysql-bin.index  
wamp/bin/mysql/mysql5.5.16/my.ini  
wamp/bin/mysql/mysql5.5.16/wampserver.conf  
wamp/bin/mysql/mysql5.5.24/data/mysql-bin.index  
wamp/bin/mysql/mysql5.5.24/my.ini  
wamp/bin/mysql/mysql5.5.24/wampserver.conf  
wamp/bin/php/php5.3.8/php.ini  
wamp/bin/php/php5.4.3/php.ini  
wamp/logs/access.log  
wamp/logs/apache_error.log  
wamp/logs/genquery.log  
wamp/logs/mysql.log  
wamp/logs/slowquery.log  
web/conf/php.ini  
WINDOWS/comsetup.log  
WINDOWS/Debug/NetSetup.LOG  
WINDOWS/ODBC.INI  
WINDOWS/php.ini  
WINDOWS/repair/setup.log  
WINDOWS/setupact.log  
WINDOWS/setupapi.log  
WINDOWS/setuperr.log  
WINDOWS/system32/drivers/etc/hosts  
WINDOWS/system32/drivers/etc/lmhosts.sam  
WINDOWS/system32/drivers/etc/networks  
WINDOWS/system32/drivers/etc/protocol  
WINDOWS/system32/drivers/etc/services  
WINDOWS/system32/logfiles/Firewall/pfirewall.log  
WINDOWS/system32/logfiles/Firewall/pfirewall.log.old  
WINDOWS/system32/logfiles/MSFTPSVC  
WINDOWS/system32/logfiles/MSFTPSVC1  
WINDOWS/system32/logfiles/MSFTPSVC2  
WINDOWS/system32/logfiles/SMTPSVC  
WINDOWS/system32/logfiles/SMTPSVC1  
WINDOWS/system32/logfiles/SMTPSVC2  
WINDOWS/system32/logfiles/SMTPSVC3  
WINDOWS/system32/logfiles/SMTPSVC4  
WINDOWS/system32/logfiles/SMTPSVC5  
WINDOWS/system32/logfiles/W3SVC/inetsvn1.log  
WINDOWS/system32/logfiles/W3SVC1/inetsvn1.log  
WINDOWS/system32/logfiles/W3SVC2/inetsvn1.log  
WINDOWS/system32/logfiles/W3SVC3/inetsvn1.log  
WINDOWS/system32/Macromed/Flash/FlashInstall.log  
WINDOWS/system32/Macromed/Flash/install.log  
WINDOWS/updspapi.log  
WINDOWS/WindowsUpdate.log  
WINDOWS/wmsetup.log  
WINNT/php.ini  
WINNT/system32/logfiles/Firewall/pfirewall.log  
WINNT/system32/logfiles/Firewall/pfirewall.log.old  
WINNT/system32/logfiles/MSFTPSVC  
WINNT/system32/logfiles/MSFTPSVC1  
WINNT/system32/logfiles/MSFTPSVC2  
WINNT/system32/logfiles/SMTPSVC  
WINNT/system32/logfiles/SMTPSVC1  
WINNT/system32/logfiles/SMTPSVC2  
WINNT/system32/logfiles/SMTPSVC3  
WINNT/system32/logfiles/SMTPSVC4  
WINNT/system32/logfiles/SMTPSVC5  
WINNT/system32/logfiles/W3SVC/inetsvn1.log  
WINNT/system32/logfiles/W3SVC1/inetsvn1.log  
WINNT/system32/logfiles/W3SVC2/inetsvn1.log  
WINNT/system32/logfiles/W3SVC3/inetsvn1.log  
www/apache/conf/httpd.conf  
www/conf/httpd.conf  
www/logs/freebsddiary-access_log  
www/logs/freebsddiary-error.log  
www/logs/proftpd.system.log  
xampp/apache/bin/php.ini  
xampp/apache/conf/httpd.conf  
xampp/apache/logs/access.log  
xampp/apache/logs/error.log  
xampp/FileZillaFTP/FileZilla Server.xml  
xampp/htdocs/aca.txt  
xampp/htdocs/admin.php  
xampp/htdocs/leer.txt  
xampp/MercuryMail/mercury.ini  
xampp/mysql/data/{HOST}.err  
xampp/mysql/data/mysql.err  
xampp/mysql/data/mysql-bin.index  
xampp/php/php.ini  
xampp/phpMyAdmin/config.inc.php  
xampp/sendmail/sendmail.ini  
xampp/sendmail/sendmail.log  
xampp/webalizer/webalizer.conf  

3# 总结

在内网渗透阶段毫无头绪的时候,不妨在入口机器上仔细翻找,通过这种如同“翻垃圾”的行为,说不定能够打开突破口,从而成功横向到其他内网机器上面

如果您有其他的一些内网渗透信息搜集骚姿势,可以加我好友交流交流哈哈~

事在人为休言万般都是命,境由心造退后一步自然宽


我是曾哥,我在渊龙Sec安全团队等你
微信公众号:渊龙Sec安全团队
欢迎关注我,一起学习,一起进步~
本篇文章为团队成员原创文章,请不要擅自盗取!

相关推荐
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服

Copyright ©2024 北京长亭科技有限公司
icon
京ICP备 2024055124号-2