Description: LFI ATTACK WITH FIMAP, target DVWA, arm BACKBOX LINUX.
First you need to install DVWA*, then run Apache server (comes with BackBox Linux), then read how to use FIMAP (terminal fimap -h), one c99 shell script (to find one type inurl:c99.txt in Google search box).You will need to set Apache directory permissions, for this you can use this bash script : http://www.linux.re.rs/files/scripts/dirbash.sh. I will show you how to upload shell to vulnerable server and exploit the vulnerability.
* How to install DVWA with BackBox Linux !
Author : Nenad Marjanovic
IT nick : ZEROF
Author site : http://www.pentester.iz.rs
Latest from the SecurityTube Blog:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Original Source: http://www.youtube.com/watch?v=WRc0yWLG7BU&hd=1