Tutorial: Local File Inclusion to Command Execution
Now I want to know if Apache logs are readable -Right click --> open image in new tab for enlarged view.[clear]As you can see logs are readable, so we can try an injection.
I will use burpsuite as a proxy to intercept the request and try the injection...a nice injection point is the User-Agent.[clear]
Also for learning purposes lets ssh the 'victims' box and tail the logs to see what happened in real time.[clear]As we can see are injection seems to happen without a problem.
Lets now navigate again to apache logs and see what happend[clear]We can see at the end of the logs we have a system warning:"Cannot execute a blank command in /var/log/apache2/access.log"
That means our injection work but it has nothing to execute at this point.What we have to do at this point is to add the '&cmd=' at the end of the link and execute the command we wish.
As we already know linux systems comes with netcat pre-installed so lets use that for our advantage and create a reverse shell to our system.[clear]And that's it we have our shell !!!Hope you like it , please add you comments below.