LFISuite – Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack, listed in the section Features.Features

Works with Windows, Linux and OS X

Automatic Configuration

Automatic Update

Provides 8 different Local File Inclusion attack modalities:

/proc/self/environ

php://filter

php://input

/proc/self/fd

access log

phpinfo

data://

expect://

Provides a ninth modality, called Auto-Hack, which scans and exploits the target automatically by trying all the attacks one after the other without you having to do anything (except for providing, at the beginning, a list of paths to scan, which if you don’t have you can find in this project directory in two versions, small and huge).

Tor proxy support

Reverse Shell for Windows, Linux and OS X

How to use it?
Usage is extremely simple and LFI Suite has an easy-to-use user interface; just run it and let it lead you.Reverse Shell
When you got a LFI shell by using one of the available attacks, you can easily obtain a reverse shell by entering the command “reverseshell” (obviously you must put your system listening for the reverse connection, for instance using “nc -lvp port”).Dependencies

Python 2.7.x

Python extra modules: termcolor, requests

socks.py

When you run the script, in case you are missing some modules, it will check if you have pip installed and, in case you don’t, it will install it automatically, then using pip it will install also the missing modules and download the necessary file socks.py.
I tried it on different operating systems (Debian,Ubuntu,Fedora,Windows 10,OS X) and it worked great, but if something strange happens to you and the automatic installation of pip and other modules fails, please install missing modules manually and re-run the script. IMPORTANT: In order to allow the script to install missing modules (and in case pip) automatically, you MUST run the script as root (or, at least, with sufficient permissions) the first time.

Video

Download LFISuite

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s