What to look for

Key Files via LFI

• LFI for proc might require the RANGE HTTP Header
  • eg: Range: bytes=200-1000
• process related information

  /proc/net/tcp
  /proc/self/cmdline               # Current process
  /proc/self/environ               # Environment (may have creds)
  /proc/self/cwd                   # Working directory
  /proc/self/fd/                   # Open files
  /proc/sched_debug                # All running tasks
  /proc/[PID]/cmdline              # Specific process
  /proc/[PID]/environ              # Process environment
  

• websites related information

  /etc/nginx/sites-enabled/default
  /etc/apache2/sites-enabled/default
  /etc/php/X.Y/apache2/php.ini
  /etc/php/X.Y/fpm/php.ini
  /etc/nginx/nginx.conf
  

• logs

  /var/log/nginx/access.log
  /var/log/nginx/error.log