Thursday, February 9, 2012
LFI Hacking Ebook
Published :
8:21 PM
Author :
shwekoyantaw
ဒီေန႔ေတာ့ LFI Hacking Ebook လည္းၾကည့္ရေအာင္ဗ် မဆိုးဘူး မိုက္တယ္ ကၽြန္ေတာ္လည္း LFI ကိုအေပၚယံေလာက္သိတာ.ဟက္တတ္လား ဟတ္တတ္တယ္ ဒါပဲ တကယ္ေစ့ေစ့ေပါက္ေပါက္ မသိဘူးဗ် ဒီစာအုပ္ကေတာ့ ေစ့ေစ့ေပါေပါက္ကိုေရးထားတယ္ တစ္ခ်က္ၾကည့္ၾကည့္လုိက္ပါဦး
Introduction
During assessments it is still common to find LFI vulnerabilities when testing PHP applications. Depending
on the server configuration it is often possible to convert these into code execution primitives through known
techniques such as;
/proc/self/environ
/proc/self/fd/…
/var/log/…
/var/lib/php/session/ (PHP Sessions)
/tmp/ (PHP Sessions)
php://input wrapper
php://filter wrapper
data: wrapper
The research in this whitepaper is an extension of the published work by Gynvael Coldwind in the paper
“PHP LFI to arbitratry code execution via rfc1867 file upload temporary files”
http://www.exploit-db.com/download_pdf/17010/
In that paper, the author documents information related to how the PHP file upload feature works. In
particular he notes that if file_uploads = on is set in the PHP configuration file, then PHP will accept a file
upload post to any PHP file. He also notes that the upload file will be stored in the tmp location, until the
requested PHP page is fully processed.
This is also included in the PHP documentation;
http://www.php.net/manual/en/features.file-upload.post-method.php
The file will be deleted from the temporary directory at the end of the request if it has not been
moved away or renamed.
In the paper, Gynvael Coldwind, includes a method of exploiting this behaviour on Windows systems through
the use of the FindFirstFile quirk. This behaviour is documented in the paper;
Oddities of PHP file access in Windows®. Cheat-sheet, 2011 (Vladimir Vorontsov, Arthur Gerkis)
http://onsec.ru/onsec.whitepaper-02.eng.pdf
Although unrelated to LFI research, the following paper is interesting reading material for PHP web
application security researchers. It documents a behavioural issue with PHP scripts handling when invoked
through the HEAD HTTP verb;
HTTP HEAD method trick in php scripts (Adam Iwaniuk)
https://students.mimuw.edu.pl/~ai292615/php_head_trick.pdf
The FindFirstFile quirk does not affect the PHP engine on GNU/Linux; however under certain conditions
exploitation of the PHP file upload feature is still possible. This paper details one of these conditions, which
becomes available when access to a script that outputs the results of a phpinfo() call, is available on the
target server.
Download
Post by Ghost Area
Pageviewers
CBOX
Manutd-Results
LINK
Label
Android
(3)
autorun
(3)
Backtrack
(8)
batch file
(19)
blogger
(10)
Botnet
(2)
browser
(5)
Brute Force
(6)
cafezee
(2)
cmd
(5)
Cookies
(2)
crack
(12)
Cracking
(2)
crypter
(7)
DDos
(20)
deepfreeze
(4)
defacing
(1)
defence
(16)
domain
(4)
Dos
(9)
downloader
(4)
ebomb
(2)
ebook
(48)
Exploit
(26)
firewall
(3)
game
(2)
gmail
(11)
google hack
(16)
Hacking Show
(3)
Hash
(4)
hosting
(1)
icon changer
(1)
ip adress
(6)
Keygen
(1)
keylogger
(8)
knowledge
(67)
locker
(1)
maintainence
(8)
network
(17)
news
(31)
other
(35)
passwoard viewer
(7)
password
(12)
Philosophy
(6)
Phishing
(8)
premium account
(2)
proxy
(7)
RAT
(10)
run commands
(4)
script
(27)
Shell code
(10)
shortcut Key
(2)
SMTP ports
(1)
social engineering
(7)
spammer
(1)
SQL Injection
(30)
Stealer.crack
(5)
tools
(125)
Tools Pack
(4)
tutorial
(107)
USB
(3)
virus
(32)
website
(84)
WiFi
(4)
word list
(2)
HOW IS MY SITE?
Powered by Blogger.
Blog Archive
-
▼
2012
(210)
-
▼
February
(38)
- How to Hack Gmail, Facebook with Backtrack 5
- Joomla Administrator Panel BruteForcer python script
- Shell Uploading By Passing Security Checks
- RFI Hacking Technique
- Web Developing Necessary for Begineers
- What is Cross-Site-Scripting & Cookie Stealing wit...
- Template ေျပာင္းလဲမည္။
- super virus code
- Local File Inclusion Tutorial
- XPath Injection Tutorial
- List of All Google Domains
- bsqlhacker (Tool)
- Cisco Router Password cracking
- ေၾကညာခ်က္
- Types of search engine
- ယေန႔ေခတ္စား လာတဲ့ ျမန္မာႏုိင္ငံကိုခ်ိန္းေျခာက္ေနေသ...
- ဆူပါဟက္ကာအေၾကာင္း
- Defacing လုပ္တယ္ဆိုတာ
- Hacker's Black Book
- Google hacking ဆုိတာ
- hacker အဖြဲ့ တစ္ခုရဲ ေျကညာခ်က္
- Calculate Binary Code --> MD5 Decrypter
- Google hacker guide (ebook)
- Google dorks for finding admin page
- Net Tools 5.0 (Net Tools 5.x)
- LFI Hacking Ebook
- How to learn Hacking
- D@ngerous google se@rching
- The-secret-of-hacking
- Virus Knowledge and Tutorial Ebook
- Interview with Blink Hacker Group Ex-Admin
- Hacking:the Art of Exploitation
- Free Download : Havij 1.15 pro Final
- FCKeditor v2 remote File Upload Exploit
- CEH:7 Review
- automated-sql-injection-with-pangolin
- KindEdior Remote File Upload exploit
- How to make flash songs
-
▼
February
(38)
Followers
About Me
Popular Posts
-
SQL Dorks အသစ္ေလးေတြလို႔ထင္ပါတယ္..ဒီက ဟက္ကာေတြအတြက္ေတာ့ ေဟာင္းခ်င္ေဟာင္းေနမွာေပါ့..ကၽြန္ေတာ့္ဆီရွိတာေလးေတြပါ..မၾကိဳက္လဲ ေနေပါ့. :P inurl...
-
အေကာင္းစားမွန္ဘီလူး (မ်တ္ခ်က္။ ။ရွားေလာ့ဟုန္းဆီကမဟုတ္ပါ) ကၽြန္ေတာ္မွန္ဘီလူးေလးတစ္လက္ရထားတယ္။ ဘယ္ႏွယ္ဗ်ာ ကၽြန္ေတာ့္မွန္ဘီလူးကိုမ်ာ...
-
အဓိက က ေတာ့ forums ေတြပဲ. Register လုပ္မွ ၀င္ေရာက္ၾကည့္ရွဳ ႏိုင္မယ္.. bypass လုပ္ဖုိ႔ ကေတာ့ SQL injection ကေတာ့ အေကာင္းဆံုးေပါ့.. အခုေတာ့ ...
-
အသိပညာ ဗဟုသုတသည္ ဟက္ကာတုိ႔ရန္မွ ကာကြယ္ရန္ စြမ္းအားတစ္ခုၿဖစ္ေပသည္။ ယေန႔ေခတ္ အုိင္တီနယ္ပယ္ဆုိင္ရာ စီမံခန္႔ခြဲမႈတြင္ တာ၀န္ရွိသူမ်ားသည္ ၄င္းတ...
-
ဘာရယ္လို႕မဟုတ္ပါဘူး ဒီေန႕ဘာတင္ရ မလဲစဥ္းစားရင္း အေျခခံကစၾကတာေပါ့။ ပထမဆံုး notepad ကိုေခၚပါ။batch file ေရးနည္းက programmingအာလံုး .bat...
-
ကဲဆိုက္တစ္ခုကရတာျပန္ျပီးေတာ့ေ၀မွ်လိုက္ပါတယ္။စမ္းသပ္ခ်င္သူေတြအတြက္ပါ။ သံုးခ်င္ရင္ သံုးပါ။စည္ကမ္းေတာ့ရိွပါေစ။ code: http://13campaign.org...
-
LFI Local File Inclusion ေလး အေၾကာင္းေျပာခ်င္ပါတယ္ ညီကိုတို႔.... Online မွာ LFI ေပါက္ေနတဲ့ဆိုက္ေတြ သန္းခ်ီပီးရွိေနပါတယ္.... Web Hacking ေ...
-
ဒီပိုစ့္ေလးဟာ LFI ေပၚမွာဆင့္ကဲေျပာင္းလဲထားတာျဖစ္ျပီးေတာ့ BASE 64 php filter ကိုအသံုးျပဳမွာျဖစ္ပါတယ္....။ဆာဗာမွာရိွတဲ့ connect.php / conf...
-
၀ိကိလိခ္၏ အတြင္းေရးမ်ား ဆိုတဲ႔ စာအုပ္ကို MCM မွ ကို Giacomo က ဘာသာၿပန္ၿပီး တင္ေပးထားတာၿဖစ္ပါတယ္ ။ ဒီလိုစာအုပ္မ်ိဳးကို ဘာသာၿပန္ၿပီး တ...
-
Fg Power DDOSER This tool is primarily a “hostbooter” and is aimed at giving unscrupulous gamers an advantage by flooding oppon...
Labels
- Android (3)
- autorun (3)
- Backtrack (8)
- batch file (19)
- blogger (10)
- Botnet (2)
- browser (5)
- Brute Force (6)
- cafezee (2)
- cmd (5)
- Cookies (2)
- crack (12)
- Cracking (2)
- crypter (7)
- DDos (20)
- deepfreeze (4)
- defacing (1)
- defence (16)
- domain (4)
- Dos (9)
- downloader (4)
- ebomb (2)
- ebook (48)
- Exploit (26)
- firewall (3)
- game (2)
- gmail (11)
- google hack (16)
- Hacking Show (3)
- Hash (4)
- hosting (1)
- icon changer (1)
- ip adress (6)
- Keygen (1)
- keylogger (8)
- knowledge (67)
- locker (1)
- maintainence (8)
- network (17)
- news (31)
- other (35)
- passwoard viewer (7)
- password (12)
- Philosophy (6)
- Phishing (8)
- premium account (2)
- proxy (7)
- RAT (10)
- run commands (4)
- script (27)
- Shell code (10)
- shortcut Key (2)
- SMTP ports (1)
- social engineering (7)
- spammer (1)
- SQL Injection (30)
- Stealer.crack (5)
- tools (125)
- Tools Pack (4)
- tutorial (107)
- USB (3)
- virus (32)
- website (84)
- WiFi (4)
- word list (2)
Labels
- Android (3)
- autorun (3)
- Backtrack (8)
- batch file (19)
- blogger (10)
- Botnet (2)
- browser (5)
- Brute Force (6)
- cafezee (2)
- cmd (5)
- Cookies (2)
- crack (12)
- Cracking (2)
- crypter (7)
- DDos (20)
- deepfreeze (4)
- defacing (1)
- defence (16)
- domain (4)
- Dos (9)
- downloader (4)
- ebomb (2)
- ebook (48)
- Exploit (26)
- firewall (3)
- game (2)
- gmail (11)
- google hack (16)
- Hacking Show (3)
- Hash (4)
- hosting (1)
- icon changer (1)
- ip adress (6)
- Keygen (1)
- keylogger (8)
- knowledge (67)
- locker (1)
- maintainence (8)
- network (17)
- news (31)
- other (35)
- passwoard viewer (7)
- password (12)
- Philosophy (6)
- Phishing (8)
- premium account (2)
- proxy (7)
- RAT (10)
- run commands (4)
- script (27)
- Shell code (10)
- shortcut Key (2)
- SMTP ports (1)
- social engineering (7)
- spammer (1)
- SQL Injection (30)
- Stealer.crack (5)
- tools (125)
- Tools Pack (4)
- tutorial (107)
- USB (3)
- virus (32)
- website (84)
- WiFi (4)
- word list (2)
Archive
-
▼
2012
(210)
-
▼
February
(38)
- How to Hack Gmail, Facebook with Backtrack 5
- Joomla Administrator Panel BruteForcer python script
- Shell Uploading By Passing Security Checks
- RFI Hacking Technique
- Web Developing Necessary for Begineers
- What is Cross-Site-Scripting & Cookie Stealing wit...
- Template ေျပာင္းလဲမည္။
- super virus code
- Local File Inclusion Tutorial
- XPath Injection Tutorial
- List of All Google Domains
- bsqlhacker (Tool)
- Cisco Router Password cracking
- ေၾကညာခ်က္
- Types of search engine
- ယေန႔ေခတ္စား လာတဲ့ ျမန္မာႏုိင္ငံကိုခ်ိန္းေျခာက္ေနေသ...
- ဆူပါဟက္ကာအေၾကာင္း
- Defacing လုပ္တယ္ဆိုတာ
- Hacker's Black Book
- Google hacking ဆုိတာ
- hacker အဖြဲ့ တစ္ခုရဲ ေျကညာခ်က္
- Calculate Binary Code --> MD5 Decrypter
- Google hacker guide (ebook)
- Google dorks for finding admin page
- Net Tools 5.0 (Net Tools 5.x)
- LFI Hacking Ebook
- How to learn Hacking
- D@ngerous google se@rching
- The-secret-of-hacking
- Virus Knowledge and Tutorial Ebook
- Interview with Blink Hacker Group Ex-Admin
- Hacking:the Art of Exploitation
- Free Download : Havij 1.15 pro Final
- FCKeditor v2 remote File Upload Exploit
- CEH:7 Review
- automated-sql-injection-with-pangolin
- KindEdior Remote File Upload exploit
- How to make flash songs
-
▼
February
(38)