|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 36
Members: 0
Total: 36
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
exploiting LFI |
|
Posted: Sun Jul 06, 2008 3:15 pm |
|
|
badrh0 |
Active user |
|
|
Joined: Jul 06, 2008 |
Posts: 32 |
|
|
|
|
|
|
|
Hi everybody,
I'm a newbie and I've found a hole but I cannot exploit it,
I was able to include the /etc/passwd file and to display it, of course passwords were not readable, instead it displays a cross x:
Code: |
man:x:6:12:man:/var/cache/man:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
www-data:x:99:99:www-data:/var/www:/bin/sh
ocuser:x:43:600:oneclick-user:/:/bin/false
sshd:x:100:65534::/var/run/sshd:/usr/sbin/nologin
mysql:x:111:101:MySQL:/usr/local/mysql:
dummywwwexecuser:x:1000:600:Dummy WWW User:/nonexistent:/bin/false
nobody:x:655:65534:nobody:/nonexistent:/bin/sh
u40301295:x:5302:600::/****/homepages/2/d161589151/htdocs:/usr/bin/rssh
u40319623:x:16453:600::/****/homepages/28/d161851672/htdocs:/usr/bin/rssh
u40326842:x:20960:600:1816:/****/homepages/28/d161956106/htdocs:/usr/bin/rssh
......
|
Than I go to /etc/shadow but nothing on it, I've tried all the other possibilities that I found on the net but I could not display theme, even hashed !!! I tried /proc/version to see the version:
Code: | Linux version 2.6.16.33-20070131a-areca-filemon-3ware-e1000 (root@doslog) (gcc version 3.3.5 (Debian 1:3.3.5-13)) #1 SMP Wed Jan 31 02:48:22 CET 2007 |
So my questions are:
- Can I retrieve any password ?
- Can I browse for example database tables to see admin password ? If yes, what are possibles paths to do it ?
- If there is another possibility ?!!!!
Thanx |
|
|
|
|
|
|
|
|
Posted: Sun Jul 06, 2008 5:01 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
There are many many posibility with LFI.You don't have root perm's to read /etc/shadow.No you can't read tables with LFI.Try to find httpd.conf.Inside you can find full path's to site on this server.And then,well use your imagination. |
|
|
|
|
Posted: Sun Jul 06, 2008 5:29 pm |
|
|
badrh0 |
Active user |
|
|
Joined: Jul 06, 2008 |
Posts: 32 |
|
|
|
|
|
|
|
hello,
I tried:
Code: | /etc/httpd/conf/httpd.conf |
but it doesn't exist
But I know that:
exists.
but why I have to know the path of my site ? I can include locale files of the site but there is no forum or something like this on the site so I can upload shells, etc...
But I know neighboring sites that possess forum, perhaps I can use them !!!?
Which re-bring me to my question, which are possible paths to httpd.conf ??? |
|
|
|
|
Posted: Sun Jul 06, 2008 7:07 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
First you need to find path's to your neighbour's.If /etc/apache exists try /etc/apache/conf/httpd.conf
Other possible location's
/usr/local/apache/conf/httpd.conf
/usr/local/apache/httpd.conf
/www/apache/conf/httpd.conf
/etc/apache/conf/httpd.conf
/etc/httpd/conf/httpd.conf
....
....
.... etc |
|
|
|
|
Posted: Sun Jul 06, 2008 8:50 pm |
|
|
badrh0 |
Active user |
|
|
Joined: Jul 06, 2008 |
Posts: 32 |
|
|
|
|
|
|
|
I tried all possibilitie found on the net !!!! but ничего !!!!
the only file I could display in the apache/ folder is:
Code: | /etc/apache/conf.d/fastcgi.conf |
but:
Code: | /etc/apache/conf.d/httpd.conf |
does not exist !!!! nor
Code: | /etc/apache/httpd.conf |
|
|
|
|
|
Posted: Sun Jul 06, 2008 11:06 pm |
|
|
badrh0 |
Active user |
|
|
Joined: Jul 06, 2008 |
Posts: 32 |
|
|
|
|
|
|
|
One question please:
If there exist no forum and no other manner to upload shells to the site, must I stop searching or is there any other method ???? and is the httpd.conf folder the only way to hack the site !!! please help me, I have 3 sites waiting to be hacked ! |
|
|
|
|
Posted: Mon Jul 07, 2008 4:32 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
Ето адвайзинг сайт,а не школа хакинга.Через любой софт на других сайтах можно искать путь к заливанию шеллов.httpd.conf навеное там но просто у тебя нету прав почитать его. |
|
|
|
|
Posted: Mon Jul 07, 2008 9:12 am |
|
|
badrh0 |
Active user |
|
|
Joined: Jul 06, 2008 |
Posts: 32 |
|
|
|
|
|
|
|
Sorry I don't speak Russian !!
|
|
|
|
|
Posted: Mon Jul 07, 2008 4:03 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
Use google |
|
|
|
|
Posted: Mon Jul 07, 2008 9:39 pm |
|
|
badrh0 |
Active user |
|
|
Joined: Jul 06, 2008 |
Posts: 32 |
|
|
|
|
|
|
|
Hi,
Google said:
Code: | Ето advayzing site, rather than school hakinga.Cherez any software on other sites you can find a way to fill the shell. Httpd.conf navenoe there but you do not simply read his rights. |
I understood that I must search a neighbor site, OK, but without finding the httpd.conf file how can I include the uploaded shell !!!! I must concentrate on httpd.conf !!!!
Thnx |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|