Saturday, 30 May 2015

Web for Pentester - File Inclusion


There are two types of File inclusion
Local and Remote


Example 1.



Below is an example of Local File Inclusion, Remote is also an option, however i will cover that in Example 2.





Example 2.



I decided to use a Pentest Monkey`s php reverse shell 

after a quick edit, it was good to go.



I used pythons inbuilt simplehttpserver hosting the script on my machine, and setup a simple netcat listener for it to connect back to.




Alas!

Remote File Include, a php-reverse-shell which connected back to my netcat listener.

I wont cover escalating, that is for another day.
For now a foothold will suffice  =)




Thanks for reading.

Web for Pentester - Directory Traversal

There are 3 Examples to complete.

Viewing the Source shows these better.



1. No real issues.


2. A different approach, as the first method didnt work.

  

3. This was much harder, after trying a few options, i decided to employ DotDotPwn to find it.

 perl dotdotpwn.pl -m http-url -h 192.168.56.101 -u http://192.168.56.101/dirtrav/example3.php?file=TRAVERSAL -o unix -b -k root



Found! 
Now to test it in a browser.



Further Reading can be found here:



Thanks for reading.


Web for Pentester VM - Pentesterlab

Web for Pentester

 


Pentesterlab Course

VulnHub.com link

This VM is a very nice collection of the different web vulnerabilities.

 

 The Pre-write up bit

Note: I dont do any of this for a living, and I dont claim to be all knowing.

 

Any finding`s will be very brief, and sometimes incomplete.

And of course, its gonna be back to front.

I`ll decide on formatting it later on, but at the moment, i cant be bothered =)

 

Directory Traversal 

Thursday, 7 May 2015