.

Analysis of "r00t 4 LFI Toolkit"

<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sun Feb 19, 2012 12:06 pm

Analysis of "r00t 4 LFI Toolkit"

Dear EH'netters,


Recently I saw a couple of people tweet about this newly released "tool", which in essence should be able to: "This tool is a php script that assists in performing local file inclusion attacks."

Unfortunately, it only performs one type of LFI attack (via /proc/self/environ), and furthermore, it is also backdoored.

Screenshot: http://i.imgur.com/PXcSX.png

Proof of Concept:
  Code:
Referer: a1=iz&a2=&a3=&a4=&a5=&a6=&a7=&a8=&a0=cGhwaW5mbygpOw==



You can read the full analysis here: http://forum.intern0t.org/offensive-gui ... olkit.html


Best regards,
MaXe
I'm an InterN0T'er
<<

millwalll

Post Sun Feb 19, 2012 5:03 pm

Re: Analysis of "r00t 4 LFI Toolkit"

Thanks for the info
<<

nytfox

User avatar

Newbie
Newbie

Posts: 20

Joined: Mon Nov 28, 2011 1:54 am

Post Tue Feb 21, 2012 3:09 pm

Re: Analysis of "r00t 4 LFI Toolkit"

Thanks for the update
Unlike others I love NULLS
http://treasuresec.com
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Feb 21, 2012 3:13 pm

Re: Analysis of "r00t 4 LFI Toolkit"

No problem  ;D I found out today, that the tool has been removed from Packet Storm, preventing e.g., further infections of anyone using it. So that's great news, as I don't want to see people use a tool that contains backdoors, where the tool doesn't really do anything faster than you could do manually (which is also more fun and it provides more debugging info).  :)
I'm an InterN0T'er

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software