View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001415 | Kali Linux | New Tool Requests | public | 2014-06-12 22:36 | 2020-02-10 18:15 |
Reporter | saberzaid | Assigned To | |||
Priority | normal | Severity | feature | Reproducibility | have not tried |
Status | closed | Resolution | won't fix | ||
Summary | 0001415: Liffy - Local File Inclusion Exploitation Tool | ||||
Description | Liffy is a tool written in Python designed to exploit local file inclusion vulnerabilities using three different techniques that will get you a working web shell. The first two make use of the built-in PHP wrappers php://input and data://. The third makes use of the process control extension called 'expect'. For those unfamiliar I've included some links that highlight the usage of these techniques in LFI exploitation. The tool will create a PHP Meterpreter payload using msfpayload and drop it into your /tmp directory. It will then attempt to use the PHP wrapper to download the generated shell which you should have hosted by either using Node or Python's HTTP web servers. If all this works you should see a GET request to your shell, which is then downloaded to the working directory on the target webserver. From there a Metasploit resource file is created for you to spawn up a listening handler for inbound connections from the reverse PHP Meterpreter. Now you simply curl the location of your webshell and you should get see a new Meterpreter session spawn download: | ||||
Nice one Mr saberzaid... I've never readed about Local File Inclusion Exploitation Tool, maybe metasploitable will give positives?!? |
|
To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):
|
|
How is the tool say better than LFISuite? 0004305 |
|
Project now 404's |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2014-06-12 22:36 | saberzaid | New Issue | |
2014-06-29 19:52 |
|
Issue cloned: 0001467 | |
2014-07-24 22:39 | jaimechiquita111 | Note Added: 0002371 | |
2014-07-24 22:40 | jaimechiquita111 | Note Edited: 0002371 | |
2014-07-24 22:40 | jaimechiquita111 | Note Edited: 0002371 | |
2018-01-29 15:20 | g0tmi1k | Note Added: 0008509 | |
2018-03-13 10:51 | g0tmi1k | Note Added: 0008920 | |
2019-12-09 13:30 | g0tmi1k | Severity | minor => feature |
2020-02-10 18:15 | g0tmi1k | Note Added: 0012196 | |
2020-02-10 18:15 | g0tmi1k | Status | new => closed |
2020-02-10 18:15 | g0tmi1k | Resolution | open => won't fix |