# File Info Gathering & Script Abuse

## **Gather info from script or file**

If it's a file we can't read like a binary file we might be able to still gather some info of how it works or maybe even credentials.

**Examples**

[valley](https://jeffgthompsons-organization.gitbook.io/red-team/walkthroughs/tryhackme/valley "mention")

**Kali**

```
strings $FILE > out.txt
```

## Abusing Library paths 

**Examples**

[wonderland](https://jeffgthompsons-organization.gitbook.io/red-team/walkthroughs/tryhackme/wonderland "mention")[opacity](https://jeffgthompsons-organization.gitbook.io/red-team/walkthroughs/tryhackme/opacity "mention")[valley](https://jeffgthompsons-organization.gitbook.io/red-team/walkthroughs/tryhackme/valley "mention")

If a script is using libraries check if the paths can be abused. It may be possible to instead of importing the library to go to a script we create instead or modify the existing one if we have access to do so.

Check the script and which libraries it uses.

<figure><img src="https://1447300783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHtr6mVUoafpQhzSYJEjI%2Fuploads%2FMlBIIcKlcR5ArqbvziCA%2Fimage.png?alt=media&#x26;token=e29f1256-5c61-41da-917e-427f7ca82033" alt=""><figcaption></figcaption></figure>

Check to see what takes precedence. For example in the screenshot below it says ' ' has the highest priority which means the current working directory.

**Victim**

```
python3 -c 'import sys; print (sys.path)'
locate $FILE
```

<figure><img src="https://1447300783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHtr6mVUoafpQhzSYJEjI%2Fuploads%2F5onA3Ri4kuxUhGQd4Ct3%2Fimage.png?alt=media&#x26;token=39ef6be2-c63a-4c69-9651-07a83c25db6e" alt=""><figcaption></figcaption></figure>

Check if we have access to modify any of the libraries' that the script uses.

**Victim**

```
locate $FILE
ls -lah /path/to/file/$FILE
groups
```

**Kali**

```
cd db
cat joomladb.sql | grep admin
```

## Ghidra

[#ghidra](https://jeffgthompsons-organization.gitbook.io/red-team/walkthroughs/tryhackme/madeyes-castle#ghidra "mention")[#ghidra](https://jeffgthompsons-organization.gitbook.io/red-team/walkthroughs/tryhackme/wonderland#ghidra "mention")[finish-linux-agency](https://jeffgthompsons-organization.gitbook.io/red-team/walkthroughs/tryhackme/finish-linux-agency "mention")[#ghidra](https://jeffgthompsons-organization.gitbook.io/red-team/walkthroughs/tryhackme/tokyo-ghoul#ghidra "mention")[#ghidra](https://jeffgthompsons-organization.gitbook.io/red-team/walkthroughs/tryhackme/bookstore#ghidra "mention")[obscure](https://jeffgthompsons-organization.gitbook.io/red-team/walkthroughs/tryhackme/obscure "mention")