This is only a simple & easy kit, written in php that allow you looking for some file in a server, only upload it to a server web and you’ll be able to read or download files in the server where you have permissions to read, for example, the /etc/passwd file in a hosting web server.
You maybe came here and you have no idea how this can be usable to you, so, I recomend you read the paper called: “1&1 and 1831 vulnerabilities” you have belong.
This simple kit include:
- A direct script to download the /etc/passwd file.
- A script to download anything.
- A script allow you to exec any command.
- A index file to list the scripts in the folder.
- A phpinfo file.
- A script to read any file in the server.
- A script to read and navigate for the server paths and show folder and file permissions.
- A dirty c0w exploit source.
You have this paper in two languajes to free download:
Espanish (Published at: January 20, 2017):
English (Published at: February 1, 2017):
Link not abaible yet.