# Local File Inclusion ![[Responder Write-up#^capa1e]] ![[Responder Write-up#^39wj5o]] Auto_Wordlists maintains a list of interesting files to try for both [Linux](https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/file_inclusion_linux.txt) and [Windows](https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/file_inclusion_windows.txt). [Hacktricks](https://book.hacktricks.wiki/en/pentesting-web/file-inclusion/index.html?highlight=file%20inclusion#file-inclusion) has a nice breakdown of attack vectors. [PayloadAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion) has a section for LFI. If you can guess a user name present on the current machine, try getting their private ssh key from their user folder! You can then try to access the machine using ssh and `-i <PATH to identity file>`. ## Hack The Box Machines - [[Responder Write-up|Responder]] - [[Markup Write-up|Markup]]