FIMAP Tool - local and remote file inclusion with BackBox Linux

[Wubi]

LFI ATTACK WITH FIMAP, target DVWA, arm BACKBOX LINUX.

First you need to install DVWA*, then run Apache server (comes with BackBox Linux), then read how to use FIMAP (terminal fimap -h), one c99 shell script (to find one type inurl:c99.txt in Google search box).You will need to set Apache directory permissions, for this you can use this bash script : http://www.linux.re.rs/files/scripts/dirbash.sh.I will show you how to upload shell to vulnerable server and exploit the vulnerability.


Za pocetak instalirajte DVWA aplikaciju, zatim pokrenite Apache server (koji se nalazi u sklopu BackBox Linuxa), zatim procitajte upustva za koriscenje FIMAP alata (za to je dovoljno u terminalu ukucati fimap -h). Preuzmite c99 shell skriptu sa interneta (da bi ste nasli jednu, dovoljno je ukucati inurl:c99.php, u polje Google pretrage). Potrebno je podesiti dozvole za foldere na Apache serveru, koristitie ovu bash skriptu : hhttp://www.linux.re.rs/files/scripts/dirbash.sh. Nakon toga cu Vam pokazati kako da izvrsite upload shell skripte na ranjivi server.




* How to install DVWA with BackBox Linux / Kako instalirati DVWA na BackBox Linuxu
http://www.anonimus.re.rs/6562

Author / Autor- ZEROF
Author site / Sajt autora - Pen Tester
Thanks / Zahvalnica - Home | BackBox Linux
Tool / Alat : fimap - A little tool for local and remote file inclusion auditing and exploitation. - Google Project Hosting

Suesa YouTube

[mad93]

frumos , multumesc Wubi