tag:blogger.com,1999:blog-8671806905307905831.post2094454163405034310..comments2024-03-15T02:29:43.904-05:00Comments on Kaotic Creations: AUTOMATED LFI/RFI SCANNING & EXPLOITING WITH FIMAPHRhttp://www.blogger.com/profile/05957795383670307007noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-8671806905307905831.post-91427642153561292672022-04-09T07:22:55.041-05:002022-04-09T07:22:55.041-05:00Hey, man thank you so much for doing this write up...Hey, man thank you so much for doing this write up. You really saved me a couple of hours here :)DoDohttps://www.blogger.com/profile/10247438412513390083noreply@blogger.comtag:blogger.com,1999:blog-8671806905307905831.post-48562248919624283952022-01-14T13:47:28.824-06:002022-01-14T13:47:28.824-06:00This is hinting to it needing to be run using pyth...This is hinting to it needing to be run using python2.<br /><br />TLDR... On a modern kali do this:<br />1) apt install virtualenv<br />2) virtualenv -p /usr/bin/python2 venv<br />3) source venv/bin/activate<br />4) pip install --index-url https://test.pypi.org/simple/ 'httplib2==0.17.5'<br /><br />You should now be able to use the script.<br /><br />Notes:<br />As you are in a virtual env <br />"python -V" should now show python2<br />"pip --version" should now show version 2<br /><br />Without pip install "python fimap.py" would show the error "no module found named httplib2"<br /><br />you could try to install it using "pip install httplib2" but that will fail as well showing the error "can't find '___main___' module"<br /><br />Using the suggestions on a githubpage someone found for me (https://github.com/httplib2/httplib2/issues/171) I was able to install it using the following command mentioned in step 4.<br /><br />After doing all those steps the script did indeed run.<br />I was able to scrape a CTF target but I was not able to find even very simple LFI's. Not sure what part of this did not work out as I have not yet found the time to do further digging into the tools innerworkings.<br /><br />Maybe you will have more luck.<br /><br />Keep in mind that using google searches can have you tread on dangerous grounds faster then you'd like. USE WITH CARE AND ONLY WHERE YOU ARE LEGALLY ALLOWED TO. REVIEW THE SCRAPED LINKS FOR OUT OF SCOPE TARGETS BEFORE LFI SCANNING THEM! :)orihttps://www.blogger.com/profile/10291686205627589121noreply@blogger.comtag:blogger.com,1999:blog-8671806905307905831.post-86362508119658555812021-11-07T10:17:07.422-06:002021-11-07T10:17:07.422-06:00/fimap.py --url 'https://----?redirectUrl=http.../fimap.py --url 'https://----?redirectUrl=https%3A%2F%2Fdemo.authore.com%2F' 1 ⨯<br /> File "/home/kali/Downloads/fimap-master/src/./fimap.py", line 51<br /> print "Usage: ./fimap.py [options]"<br /> ^<br />SyntaxError: Missing parentheses in call to 'print'. Did you mean print("Usage: ./fimap.py [options]")?Anonymoushttps://www.blogger.com/profile/15242007963542274459noreply@blogger.comtag:blogger.com,1999:blog-8671806905307905831.post-28794387351569049172016-12-08T05:13:15.815-06:002016-12-08T05:13:15.815-06:00Hey HR how can i get the HR's fun house vuln w...Hey HR how can i get the HR's fun house vuln webapplication. Thanks in advance.BOLUDO.https://www.blogger.com/profile/15210050047940970509noreply@blogger.comtag:blogger.com,1999:blog-8671806905307905831.post-25633168777604680362015-05-05T15:14:36.657-05:002015-05-05T15:14:36.657-05:00Hey,
I am trying to use the tool which needs user...Hey,<br /><br />I am trying to use the tool which needs username and password to enter the site. I have access to do so and know the credentials. How to do so?Anonymoushttps://www.blogger.com/profile/03507331977505489332noreply@blogger.comtag:blogger.com,1999:blog-8671806905307905831.post-78943582828747002772014-09-04T17:55:04.297-05:002014-09-04T17:55:04.297-05:00hey missed "LFI Present!" on >>>...hey missed "LFI Present!" on >>> if ($response->is_success && $response->content =~ /root:x:/) { $msg = LFI PRESENT!;}<br /><br />and Dr-Hackhttps://www.blogger.com/profile/00256197327200620497noreply@blogger.comtag:blogger.com,1999:blog-8671806905307905831.post-37139009837615740332011-08-22T11:12:22.350-05:002011-08-22T11:12:22.350-05:00Thanks for the great feedback Iman, you just made ...Thanks for the great feedback Iman, you just made my day! I appreciate your hard work on this great tool and look forward to future updates to come. If you ever need a hand with anything just shoot me a note.HRhttps://www.blogger.com/profile/05957795383670307007noreply@blogger.comtag:blogger.com,1999:blog-8671806905307905831.post-86641024719607527262011-08-22T10:41:31.714-05:002011-08-22T10:41:31.714-05:00Hey HR,
Really good tutorial about fimap.
I have ...Hey HR,<br /><br />Really good tutorial about fimap.<br />I have put a link on the fimap homepage to this post. <br />Thank you for taking your time and making this tutorial :) <br />I was always to lazy to make something like that :O<br /><br />-imax.Iman Karimhttps://www.blogger.com/profile/17581617890721287695noreply@blogger.com