Wubi Posted September 28, 2012 Report Share Posted September 28, 2012 LFI ATTACK WITH FIMAP, target DVWA, arm BACKBOX LINUX.First you need to install DVWA*, then run Apache server (comes with BackBox Linux), then read how to use FIMAP (terminal fimap -h), one c99 shell script (to find one type inurl:c99.txt in Google search box).You will need to set Apache directory permissions, for this you can use this bash script : http://www.linux.re.rs/files/scripts/dirbash.sh.I will show you how to upload shell to vulnerable server and exploit the vulnerability.Za pocetak instalirajte DVWA aplikaciju, zatim pokrenite Apache server (koji se nalazi u sklopu BackBox Linuxa), zatim procitajte upustva za koriscenje FIMAP alata (za to je dovoljno u terminalu ukucati fimap -h). Preuzmite c99 shell skriptu sa interneta (da bi ste nasli jednu, dovoljno je ukucati inurl:c99.php, u polje Google pretrage). Potrebno je podesiti dozvole za foldere na Apache serveru, koristitie ovu bash skriptu : hhttp://www.linux.re.rs/files/scripts/dirbash.sh. Nakon toga cu Vam pokazati kako da izvrsite upload shell skripte na ranjivi server.* How to install DVWA with BackBox Linux / Kako instalirati DVWA na BackBox Linuxuhttp://www.anonimus.re.rs/6562Author / Autor- ZEROFAuthor site / Sajt autora - Pen TesterThanks / Zahvalnica - Home | BackBox LinuxTool / Alat : fimap - A little tool for local and remote file inclusion auditing and exploitation. - Google Project HostingSuesa YouTube Quote Link to comment Share on other sites More sharing options...
mad93 Posted September 30, 2012 Report Share Posted September 30, 2012 frumos , multumesc Wubi Quote Link to comment Share on other sites More sharing options...
