Jump to content
Wubi

FIMAP Tool - local and remote file inclusion with BackBox Linux

Recommended Posts

Posted



LFI ATTACK WITH FIMAP, target DVWA, arm BACKBOX LINUX.

First you need to install DVWA*, then run Apache server (comes with BackBox Linux), then read how to use FIMAP (terminal fimap -h), one c99 shell script (to find one type inurl:c99.txt in Google search box).You will need to set Apache directory permissions, for this you can use this bash script : http://www.linux.re.rs/files/scripts/dirbash.sh.I will show you how to upload shell to vulnerable server and exploit the vulnerability.


Za pocetak instalirajte DVWA aplikaciju, zatim pokrenite Apache server (koji se nalazi u sklopu BackBox Linuxa), zatim procitajte upustva za koriscenje FIMAP alata (za to je dovoljno u terminalu ukucati fimap -h). Preuzmite c99 shell skriptu sa interneta (da bi ste nasli jednu, dovoljno je ukucati inurl:c99.php, u polje Google pretrage). Potrebno je podesiti dozvole za foldere na Apache serveru, koristitie ovu bash skriptu : hhttp://www.linux.re.rs/files/scripts/dirbash.sh. Nakon toga cu Vam pokazati kako da izvrsite upload shell skripte na ranjivi server.




* How to install DVWA with BackBox Linux / Kako instalirati DVWA na BackBox Linuxu
http://www.anonimus.re.rs/6562

Author / Autor- ZEROF
Author site / Sajt autora - Pen Tester
Thanks / Zahvalnica - Home | BackBox Linux
Tool / Alat : fimap - A little tool for local and remote file inclusion auditing and exploitation. - Google Project Hosting


Suesa YouTube

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...