LadyCaldlow
My name is Terry Amondi and I am thrilled by offensive security
LinkedInPath Traversal Lab
The objective of this lab is to perform a path traversal such that you are able to retrieve the contents of the /etc/passwd file.
Before attempting the lab, you should have a good understanding of what path traversal is.
A path traversal vulnerability is one whereby an attcker can access arbitrary files on a webserver that they should not have access to. This can be achieved by effectively using two dots (..) and a forward slash (/) in Linux-based servers. You can use the same in Windows-based servers, you can use the same or a backward slash () in place of the forward slash.
In Linux, the two dots (..) moves one a step up to the previous directory. You can try this on your terminal as shown below.
The forward slash (/), on the other hand, indicates a directory. In the Path Traversal Lab, we have access to a shopping site as shown below.
The url to the site is;
When you click on any of the images, you see that the url changes to;
where the Id number will change depending on the image that is being referenced. You can get more specific information on the location of the image by Inspecting the image. You can do this by right-clicking on the image and then clicking Inspect
The highlighted section shows that the particular filename of the image is 54.jpg. You do not know in what exact directory this file is located but you can make several attempts to get to the filesystem root and then access etc/passwd.
Close this Inspection window and then right-click on the image and open it in a new tab. Note the url of the image.
Now move up one directory and see if this gives you access to /etc/passwd
You get the response that this file does not exist. This means that in whatever directory you are in right now, there is no passwd file. Knowing that the passwd file is in the etc directory, this means that the etc directory is not here as well.
You get the same response if you traverse up another directory again meaning that /etc/passwd is not here as well. When you traverse up another directory, however, you get the response;
The response shows that /etc/passwd file exists but you cannot read it because it is a text file as opposed to an image file. This means that you have indeed been able to traverse to /etc/passwd.