Liffy : Local File Inclusion Exploitation Tool

Liffy is a local file inclusion exploitation tool. A little python tool to perform Local file inclusion.

Liffy-v2.0 is the improved version of it which was originally created by rotlogix/liffy. The latter is no longer available and the former hasn’t seen any development for a long time.

Main feature

  • data:// for code execution
  • expect:// for code execution
  • input:// for code execution
  • filter:// for arbitrary file reads
  • /proc/self/environ for code execution in CGI mode
  • Apache access.log poisoning
  • Linux auth.log SSH poisoning
  • Direct payload delivery with no stager
  • Support for absolute and relative path traversal
  • Support for cookies for authentication

Installation

Make sure you are using python3 for the Installation process. liffy doesn't support python2

  • Clone the repository

git clone http://github.com/mzfr/liffy

  • Make a virtual environment

python3 -m venv Ex: python3 -m venv liffy

  • Activate the venv

source liffy/bin/activate

  • Install dependencies

pip3 install -r requirements.txt

NOTE -It uses msfvenom for generating php payload, So you should have metasploit installed

Also Read – Metabigor : Intelligence Tool But Without API Key

Usage

usage: liffy.py [-h] [-d] [-i] [-e] [-f] [-p] [-a]
[-ns] [-r] [–ssh] [-l LOCATION] [–cookies COOKIES]
url

Positional Arguments:
url URL to test for LFI

Optional Arguments:
-h, –help show this help message and exit
-d, –data Use data:// technique
-i, –input Use input:// technique
-e, –expect Use expect:// technique
-f, –filter Use filter:// technique
-p, –proc Use /proc/self/environ technique
-a, –access access logs technique
-ns, –nostager execute payload directly, do not use stager
-r, –relative use path traversal sequences for attack
–ssh SSH auth log poisoning
-l LOCATION, –location LOCATION
path to the target file (access log, auth log, etc.)
–cookies COOKIES session cookies for authentication

  • Check the URL with data://

Option: -d or --data

Ex: python liffy.py http://example.com/?id= -d

  • Check the URL with input://

Option: -i or --input

Ex: python liffy.py http://example.com/?id= -i

  • Check the URL with expect://

Option: -e or --expect

Ex: python liffy.py http://example.com/?id= -e

  • Check the URL with filter://

Option: -f or --filter

Ex: python liffy.py http://example.com/?id= -f

  • Use /proc/self/environ for code execution

Option: -p or --proc

Ex: python liffy.py http://example.com/?id= -p

  • Using Apache access.log poisoning

Option: -a or --access

Ex: python liffy.py http://example.com/?id= -a

  • Using SSH auth.log poisoning

Option: -s or --ssh

Ex: python liffy.py http://example.com/?id= -s

  • Relatively traverse directories

Option: -r

This option can be used along with other options so relatively traverse the directories.

EX:

python liffy.py http://example.com/?id= -s -r
python liffy.py http://example.com/?id= -p -r
python liffy.py http://example.com/?id= -a -r

  • Specify log path

Option: -l or --location

This option has to be used either with all the log techniques like authlogsshlog

EX:

python liffy.py http://example.com/?id= -s -l /var/auth.log
python liffy.py http://example.com/?id= -a -l /var/apache2/access.log

By default the following location is used:

  • For SSH auth.log – /var/log/auth.log
  • For apache2 access.log – /var/log/apache2/access.log

Credits:

  • All the exploitation techniques are taken from it.
  • Logo for this project is taken from renderforest
R K

Recent Posts

WID_LoadLibrary : The Intricacies Of DLL Management In Windows

WID_LoadLibrary is a custom implementation inspired by the Windows API function LoadLibrary, which is used…

15 hours ago

Locksmith : A Tool For Securing Active Directory Certificate Services

Locksmith is a specialized tool designed to identify and remediate vulnerabilities in Active Directory Certificate…

15 hours ago

Uscrapper Vanta : A Cutting-Edge OSINT Tool For Advanced Data Extraction

Uscrapper Vanta is a powerful open-source intelligence (OSINT) tool designed to revolutionize web scraping and…

15 hours ago

Pake : Transforming Webpages Into Desktop Applications

Pake is an innovative tool designed to convert any webpage into a desktop application with…

19 hours ago

Bevy : Exploring The Frontier Of Game Development With Rust

Bevy is an open-source, data-driven game engine built in Rust, designed to simplify game development…

19 hours ago

AppFlowy Cloud : Enhancing Collaboration With Secure Cloud Infrastructure

AppFlowy Cloud is a robust component of the AppFlowy ecosystem, designed to provide secure user…

2 days ago