Update LFI-gracefulsecurity-linux.txt

[abhishekmorla]

added a path which is used in retriving the password hash of the user

[g0tmi1k]

Thanks for the suggestion - is there a source to this?

[abhishekmorla]

Thanks for the suggestion - is there a source to this?

yes Hackthebox Topology machine

[ItsIgnacioPortal]

This is already present in Discovery/Web-Content/apache.txt.

If the attacker already has knowledge that there is a web server in the target machine, it might make more sense to make a manual wordlist appending the /var/www/dev/ prefix to every line in Discovery/Web-Content/common.txt, or any of the other web-content discovery wordlists.

[g0tmi1k]

@abhishekmorla Thanks for the suggestion - however I do feel this is the wrong file to add it.
As @ItsIgnacioPortal already said, its been added.

@ItsIgnacioPortal I do agree that would be a smart idea - fancy doing it? :D

[ItsIgnacioPortal]

@ItsIgnacioPortal I do agree that would be a smart idea - fancy doing it? :D

For the purpose of maintaining the wordlists, it's better to avoid making wordlists with duplicate content.