Author Topic: FIMAP Tool - local and remote file inclusion with BackBox Linux  (Read 46181 times)

ZEROF

  • Hero Member
  • *****
  • Posts: 1245
    • View Profile
    • Pen Tester

LFI ATTACK WITH FIMAP, target DVWA, arm BACKBOX LINUX.

First you need to install DVWA*, then run Apache server (comes with BackBox Linux), then read how to use FIMAP (terminal fimap -h), one c99 shell script (to find one type inurl:c99.txt in Google search box).You will need to set Apache directory permissions, for this you can use this bash script : http://www.linux.re.rs/files/scripts/dirbash.sh.I will show you how to upload shell to vulnerable server and exploit the vulnerability.

* How to install DVWA with BackBox Linux
 http://www.anonimus.re.rs/6562

VIDEO

http://youtu.be/WRc0yWLG7BU?hd=1
« Last Edit: October 23, 2017, 09:53:11 PM by ZEROF »


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


Hagopian

  • Newbie
  • *
  • Posts: 3
    • View Profile
Thanks ! I did not know you had a YouTube channel, I will subscribe !

La programmation aujourd’hui est une course entre les développeurs tâchant de concevoir des programmes de plus en plus nombreux et efficaces, convenant même aux imbéciles, et l’univers essayant de produire des idiots de plus en plus nombreux et efficaces. Jusqu’à présent, c’est l’univers qui gagne.


marcioni

  • Newbie
  • *
  • Posts: 1
    • View Profile
Reply #2 on: October 10, 2017, 10:52:29 AM
I didn't know as well, very useful, it's easier to get something done with video I think, thanks