Hello Sir, I am big fan you and i had watched you on LinkedIn, It Pro Tv. And your way of teaching is amazing. I am requesting you to just be continued in this series.
Thanks for your comments! I'm so glad to hear that you enjoy my content! I'm also happy to inform you that I will be making a walkthrough video for every lab in the Portswigger Web Academy lab in the Apprentice track, so hit that notification bell so that you get an alert when the next video is available. 👍
Okay love the explanation but what i can do with that information like in real time if I am doing a pentest how would I move forward with investigating what i can find further
I LOVE this question!!! The quick answer is this...if I can find and abuse a path traversal vulnerability, then I probably also have found a Local File Inclusion(LFI) vulnerability, which is what we did in this video, and we can then abuse those vulnerabilities to read system files. Let me elaborate on the consequences of that. In the lab, we were able to switch the file requested by the web app from a .jpg file to the /etc/passwd file. We then used the path-traversal and LFI vulnerabilities to READ SYSTEM FILES (not yelling, just emphasizing). If I can read files on the host operating system, then, as an attacker, I'm really interested in all the files I could possibly read. Like, can I read the code in the files of the web app itself? Maybe there are some juicy creds or api keys that are hard-coded in one of those files. I've literally discovered creds to backend databases in config files and .php files. I've also found ssh keys using this technique. You'd be surprised what admins leave laying around when they assume that no one other than admins can access their server's filesystem. Also, you could possibly chain attacks together to get shell like with an LFI2RCE attack. (read more about that here... book.hacktricks.xyz/pentesting-web/file-inclusion/lfi2rce-via-phpinfo ) Whew! Well I hope that helps clear things up a bit for you. Cheers!
Great question! The short answer is 'no'. The man page for nologin explains it like this... "nologin displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field to deny login access to an account." "If the file /etc/nologin.txt exists, nologin displays its contents to the user instead of the default message." I hope that helps clear things up for you. Cheers!
