Hey Friends I am back with a new tutorials on how to hack a web server using LFI attack or Local File Inclusion Attack.
LFI is an attack by which a attacker can access files in directory by including them in the web pages . This happens due to flaws in coding and careless ways of coding.Here I will demonstrate how you can hack a website and get root level access to a server
Now some word of caution. You should never perform such activity without the permission of the site owner. This is completely illegal. I am showing you this demo for educational purpose only. I won't be be responsible if you get in trouble after misusing these techniques. Here I will be showing a demo on a training website of enigmagroup for demo purpose only.
What do u need to know ?
Step 1
Use port scan and determine which OS the server is using. You need to know this because the directory architecture is different in different OS.
Now browse the website and modify the URL in such ways
http://www.site.com/dir/?page=../etc/passwd
http://www.site.com/dir/?page=../../etc/passwd
http://www.site.com/dir/?page=../../../etc/passwd
Keep doing till you find something like this
Step 2.Now examine the contents that appears on the screen
You can see all the list of valid users and their encrypted passwords in the text above.It is in DES encryption.Now I need to decrypt the encrypted codes.
Step 3. Open Command Prompt and Access John the Ripper Folder.
Make a file in the run directory inside John The Ripper Folder and paste the encrpted text.
Like I will use password of the user so the text I will decrypt is 4doxGUy8UpD0o
Save the file and now from command line type
john passwordfile.txt and wait for some time .You will see the decrypted password
Now we have the password n00bs
Step 4.Now we need to find open ports in the server .We need to perform a port scan to find open ports.
Now that we find that the ports are open for http is 8080 and 8008.
Now go the address bar and type www.vunerablesite.com:8080 or www.vunerablesite.com:8008 and will enter the username and password at the login panel and we have an access now :) :) .
LFI is an attack by which a attacker can access files in directory by including them in the web pages . This happens due to flaws in coding and careless ways of coding.Here I will demonstrate how you can hack a website and get root level access to a server
Now some word of caution. You should never perform such activity without the permission of the site owner. This is completely illegal. I am showing you this demo for educational purpose only. I won't be be responsible if you get in trouble after misusing these techniques. Here I will be showing a demo on a training website of enigmagroup for demo purpose only.
What do u need to know ?
- Linux Directory Architecture.
- About the location of passwd files and its encryption files.
- Techniques of file traversal in Linux ( use forward slash /).
- Working with Command Line in linux or windows.
- Knowledge on using port scanner and password crackers.
- GET methods.
- Idea about various ports
What tools are required ?
- John The Ripper(password Cracker)-for password scanning
- Nmap - For searching and scanning open ports
Note: This type of attack is only possible in websites vulnerable to LFI attack and not necessarily every site is vulnerable to this type pf attack.
They usually have this type of url or something like below:
http://www.site.com/dir/?page=intro
Step 1
Use port scan and determine which OS the server is using. You need to know this because the directory architecture is different in different OS.
Now browse the website and modify the URL in such ways
http://www.site.com/dir/?page=../etc/passwd
http://www.site.com/dir/?page=../../etc/passwd
http://www.site.com/dir/?page=../../../etc/passwd
Keep doing till you find something like this
Step 2.Now examine the contents that appears on the screen
You can see all the list of valid users and their encrypted passwords in the text above.It is in DES encryption.Now I need to decrypt the encrypted codes.
Step 3. Open Command Prompt and Access John the Ripper Folder.
Make a file in the run directory inside John The Ripper Folder and paste the encrpted text.
Like I will use password of the user so the text I will decrypt is 4doxGUy8UpD0o
john passwordfile.txt and wait for some time .You will see the decrypted password
Now we have the password n00bs
Step 4.Now we need to find open ports in the server .We need to perform a port scan to find open ports.
Now that we find that the ports are open for http is 8080 and 8008.
Now go the address bar and type www.vunerablesite.com:8080 or www.vunerablesite.com:8008 and will enter the username and password at the login panel and we have an access now :) :) .