The Ethical Hacker Network - Analysis of "r00t 4 LFI Toolkit"

Latest Additions

Who's Online

MaXe

Hero Member

Offline

Posts: 669

I've just upgraded myself to a cyborg muahahaa!!1

Analysis of "r00t 4 LFI Toolkit"

« on: February 19, 2012, 11:06:20 AM »

Dear EH'netters,

Recently I saw a couple of people tweet about this newly released "tool", which in essence should be able to: "This tool is a php script that assists in performing local file inclusion attacks."

Unfortunately, it only performs one type of LFI attack (via /proc/self/environ), and furthermore, it is also backdoored.

Screenshot: http://i.imgur.com/PXcSX.png

Proof of Concept:

Code:

Referer: a1=iz&a2=&a3=&a4=&a5=&a6=&a7=&a8=&a0=cGhwaW5mbygpOw==

You can read the full analysis here: http://forum.intern0t.org/offensive-guides-information/4113-analysis-r00t-4-local-file-inclusion-toolkit.html

Best regards,
MaXe


	Logged

I'm an InterN0T'er

millwalll

Guest

Re: Analysis of "r00t 4 LFI Toolkit"

« Reply #1 on: February 19, 2012, 04:03:59 PM »

Thanks for the info


	Logged

nytfox

Newbie

Offline

Posts: 20

Re: Analysis of "r00t 4 LFI Toolkit"

« Reply #2 on: February 21, 2012, 02:09:06 PM »

Thanks for the update


	Logged

Unlike others I love NULLS
http://treasuresec.com

MaXe

Hero Member

Offline

Posts: 669

I've just upgraded myself to a cyborg muahahaa!!1

Re: Analysis of "r00t 4 LFI Toolkit"

« Reply #3 on: February 21, 2012, 02:13:33 PM »

No problem Grin

I found out today, that the tool has been removed from Packet Storm, preventing e.g., further infections of anyone using it. So that's great news, as I don't want to see people use a tool that contains backdoors, where the tool doesn't really do anything faster than you could do manually (which is also more fun and it provides more debugging info).