Jump to content
DuTy^

LFI Suite

Recommended Posts

screen.png?raw=true

What is LFI Suite?

LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack, listed in the section Features.


Features

  • Works with Windows, Linux and OS X

  • Automatic Configuration

  • Automatic Update

  • Provides 8 different Local File Inclusion attack modalities:

    • /proc/self/environ
    • php://filter
    • php://input
    • /proc/self/fd
    • access log
    • phpinfo
    • data://
    • expect://
  • Provides a ninth modality, called Auto-Hack, which scans and exploits the target automatically by trying all the attacks one after the other without you having to do anything (except for providing, at the beginning, a list of paths to scan, which if you don't have you can find in this project directory in two versions, small and huge).

  • Tor proxy support

  • Reverse Shell for Windows, Linux and OS X

How to use it?

Usage is extremely simple and LFI Suite has an easy-to-use user interface; just run it and let it lead you.

Reverse Shell

When you got a LFI shell by using one of the available attacks, you can easily obtain a reverse shell by entering the command "reverseshell" (obviously you must put your system listening for the reverse connection, for instance using "nc -lvp port").

Dependencies

  • Python 2.7.x
  • Python extra modules: termcolor, requests
  • socks.py

 

Tool: https://github.com/D35m0nd142/LFISuite

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...