/etc/passwd

This is the most commonly used file to verify possibility of LFI vulnerability.

/etc/hosts

This is unix/linux default system file that contains about network informations. This file would be worth if there is a vulnerabilities like SSRF or you’re under situation that you must know about other host on a network.

/etc/<service>/<service>.conf

Common service’s configuration file path.

/home/<user>/.<shell>_history

This file contains user’s command histories.

/home/<user>/.ssh/known_hosts

This file contains host lists that checked with OpenSSH Stric keys.

/home/<user>/.ssh/id_rsa

This is the default RSA public key file name.

/proc/cpuinfo

This file is also unix/linux system default file. this file contains about CPU informations.

/proc/self/cmdline

This file contains the process’s arguments include argument zero.

/proc/self/environ

This file contains enviroment variables that is loded when the process started.

/proc/self/maps

This file contains memory map of the process.

/proc/self/fd/<seq>

This file contains file descripter of the process.

/proc/self/mem

You can’t read this file with nomal LFI vulnerability. If you handle to seek with Range header or something, you can dump part of the process’s memory.

/var/run/secrets/kubernetes.io/serviceaccount/token

This file contains Kubernetes API access token. You can check pods or ConfigMaps if you can access Kubernetes API with this token.