Monday, December 22, 2014 Login · Register
    Login
Username

Password


Remember Me

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

 

    Users Online
  • · Members on IRC: 21   
  • · Total Members: 17,624
  • · Newest Member: jackfrost91
  •  

     

        Related Ads
     

     

     

        Top 10 Forum Posters
    UserPosts
    bluechill1411   
    madf0x1297   
    cruizrisner1062   
    Qwexotic1034   
    Null Set872   
    Override604   
    auditorsec603   
    godofcereal599   
    TurboBorland585   
    Teddy477   
     

        Affiliates




  • iExploit


  • iExploit


  • WeChall





  • Thisislegal.com

  •  

        Related Ads
     

    View Thread
         
    Security Override Hacking Website Hacking
    Local File Inclusion
    Register FAQ Members List Today's Posts Search

    Print Thread
    02-06-2014 08:04 AM Local File Inclusion | Edited by buglu 02-06-2014 08:05 AM
    Hey,

    Since I liked local file inclusion so much, I have spend my last week on gathering information and trying to find some exploits my self. But then I came to the conclusion that I actually didnt really understand how it actually worked... I also have a good understanding of PHP.
    Because this community has some great hackers, I hope someone could help me with a good Tutorial that will explain the exact process of uploading and executing to me.

    The things that I do understand about local file inclusion are the following:

    - It is used to execute a code (like PHP) on a website, that can be executed by a function like include();
    - When a '.php' extension is added to the url, you can avoid it by using the nullbyte trick.
    - Images are used to avoid filters like, extension filters and filters that will check if the file contains the right image header.

    I think most of the better hackers will laugh at me, for knowing just a little as this :P

    But I think it's good enough for a start.

    The things I would like to learn is:
    - How does the image exactly execute the PHP code? I have read the tutorial on imperva (Posted by Teddy), wich explained the working of LFI quite well to me.

    I also tested LFI on my own server, it worked when I used include $_GET['page'];, but it failed when I added '.php' at the end of the include and used a NULLbyte (%00) in my page URL. The page echoed this error:

    URL :
    Edit: Yes remote.jpg is in the same folder as index.php.
    Download source  Code
    http://localhost/hack/index.php?pagina=remote.jpg%00




    Error:

    Download source  Code
    Warning: include(): Failed opening 'remote.jpg' for inclusion (include_path='.;C:\xampp\php\PEAR') in C:\xampp\htdocs\hack\index.php on line 3




    As you can see the nullbyte terminated the string so .php wasnt added.

    But I just dont know why the page wont display remote.jpg?

    I hope someone could help me, so I will have a good understanding of the LFI exploitation :)


    - For the people that will say: There is already a tutorial.

    Yes I know and i have read it, but it doesnt explain enough to me, to have a full understanding of the exact working of it.

    And yes I have read many pages on google, but they all give me almost the exact same information..

    Thanks in advance,

    Buglu
     
    Offline
    02-06-2014 09:04 AM RE: Local File Inclusion
    Maybe an explanation or not

    The null byte string vulnerability was fixed as of 5.3.4.
    http://stackoverflow.com/questions/13766453/null-byte-injection-not-happening
    Join our IRC channal! irc.evilzone.org #Evilzone #SecurityOverride

    This dude doesn't answer to PM..no matter how special you think you are...sry

    "With great power comes great responsibility"
     
    Offline
    02-06-2014 01:49 PM RE: Local File Inclusion | Edited by buglu 02-06-2014 01:51 PM
    The null byte string vulnerability was fixed as of 5.3.4.


    Okay, so a phpinfo will be a Must..
    Then I still have a question on how php reads the image, so it executes the php in it. Cuz in the tutorial on impeva, the guy splitted the code up over 2 lines, and it still worked. Now I tried exact the same, and I get errors like illegal offset in string... Is it just my code

    Download source  Code
    <?php echo 'exploit'; ?>




    (then it's just me) or does the image filters or handles some characters different?
     
    Offline
    02-06-2014 02:00 PM RE: Local File Inclusion
    In theory the include() function call will justs search inside the file for the php opening and will start to interpret it then. So the line splitting should work.

    However if you uploaded the file over a PHP function it could be that it filteres out some characters. But to be honest I don't know!
    Join our IRC channal! irc.evilzone.org #Evilzone #SecurityOverride

    This dude doesn't answer to PM..no matter how special you think you are...sry

    "With great power comes great responsibility"
     
    Offline
    02-07-2014 03:11 AM RE: Local File Inclusion | Edited by buglu 02-07-2014 03:13 AM
    Thank you Teddy!

    Do you or someone else know if there are any other options as the nullbyte termination?

    As I said, the only function I have read about was the nullbyte... But as far as I have learned about hacking, there is always a work around Wink
     
    Offline
    02-07-2014 04:04 AM RE: Local File Inclusion
    I posted another method on this forum before.

    On most PHP installations, if the filename is longer than 4096 bytes, it will be silently truncated and everything after the first 4096 bytes will be discarded. No error is triggered: the excess characters are simply thrown away and PHP happily continues on.


    http://security.stackexchange.com/questions/17407/how-can-i-use-this-path-bypass-exploit-local-file-inclusion


    Next time pls use google uself
    Join our IRC channal! irc.evilzone.org #Evilzone #SecurityOverride

    This dude doesn't answer to PM..no matter how special you think you are...sry

    "With great power comes great responsibility"
     
    Offline
    02-07-2014 04:07 AM RE: Local File Inclusion
    Just to avoid confusion. I meant I posted on SecurityOverride about that method before...
    Join our IRC channal! irc.evilzone.org #Evilzone #SecurityOverride

    This dude doesn't answer to PM..no matter how special you think you are...sry

    "With great power comes great responsibility"
     
    Offline
    02-07-2014 05:40 AM RE: Local File Inclusion | Edited by buglu 02-07-2014 05:43 AM
    Next time pls use google uself


    I have searched this whole forum for any threads on local file inclusion (through the search option). And none of them explained a method that didnt use the nullbyte.

    And no I didnt find your thread about that. method
     
    Offline
    02-07-2014 07:14 AM RE: Local File Inclusion
    buglu wrote:
    Next time pls use google uself


    I have searched this whole forum for any threads on local file inclusion (through the search option). And none of them explained a method that didnt use the nullbyte.

    And no I didnt find your thread about that. method


    edit: Hey teddy i have read your article, I remembered it from reading it a while ago, didnt quite understand the working of it, but thanks for reminding me of that method, will have a look on it ;)
     
    Offline
    Jump to Forum:
    Forum powered by fusionBoard