|
Title: Analysis of "r00t 4 LFI Toolkit" Post by: MaXe on February 19, 2012, 11:06:20 AM Dear EH'netters,
Recently I saw a couple of people tweet about this newly released "tool", which in essence should be able to: "This tool is a php script that assists in performing local file inclusion attacks." Unfortunately, it only performs one type of LFI attack (via /proc/self/environ), and furthermore, it is also backdoored. Screenshot: http://i.imgur.com/PXcSX.png Proof of Concept: Code: Referer: a1=iz&a2=&a3=&a4=&a5=&a6=&a7=&a8=&a0=cGhwaW5mbygpOw== You can read the full analysis here: http://forum.intern0t.org/offensive-guides-information/4113-analysis-r00t-4-local-file-inclusion-toolkit.html Best regards, MaXe Title: Re: Analysis of "r00t 4 LFI Toolkit" Post by: millwalll on February 19, 2012, 04:03:59 PM Thanks for the info
Title: Re: Analysis of "r00t 4 LFI Toolkit" Post by: nytfox on February 21, 2012, 02:09:06 PM Thanks for the update
Title: Re: Analysis of "r00t 4 LFI Toolkit" Post by: MaXe on February 21, 2012, 02:13:33 PM No problem ;D I found out today, that the tool has been removed from Packet Storm, preventing e.g., further infections of anyone using it. So that's great news, as I don't want to see people use a tool that contains backdoors, where the tool doesn't really do anything faster than you could do manually (which is also more fun and it provides more debugging info). :)
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |