iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
LFI in IIS 6
  • Hardcore-Gabber
    Posts: 118
    I have founde an LFI vuln in a Microsoft IIS 6 server ..

    My question is how to upload a shell or read files on the server ..
    I am not so good in IIS ..
  • Xin
    Posts: 3,251
    LFI means local file inclusion so you can read local files, i believe there is a way you can write to a shell il try google it, meanwhile see if you can read any .conf files, /etc/passwd or anything that contains valueable data. When you say found, does it already exist?
    Xin
  • m0rph
    Posts: 332
    well if it was a linux box, and proc/self/environ was accessible from the lfi, you could have injected php code in the user-agent field of an http header.

    look up how IIS works, see if you can find any interesting IIS config files, and try including those.
    while( !(succeed = try() ) );
  • peann
    Posts: 14
    said:


    LFI means local file inclusion so you can read local files, i believe there is a way you can write to a shell il try google it, meanwhile see if you can read any .conf files, /etc/passwd or anything that contains valueable data. When you say found, does it already exist?



    /etc/passwd does not exist on Microsoft servers.

    OP - Try include C:\boot.ini and see if it loads to make sure you have full read access to the system. Also check to see if WebDAV is installed if it's IIS 6.0. There's a strong possibility you can exploit it if it exists.
  • dR.sqL
    Posts: 23
    Try to guess the configuration file of the CMS used in website, then try to login in admincp and upload a shell. Thats the only way i have. Idk for others !
Add a Comment