HACKING

If you've got some experience hacking and if you've been trying or have tried LFI exploitation in a fair manner, you'll know you will fail in most cases. You'll end up on a dead end most of the time. In those cases there is actually nothing much to do to advance anymore and all you can do is leave the site. But here I'll show a very interesting method that you can use to bypass most of the problems you face in common LFI attacks. All the following problems can often be bypassed using this method:
No acces to any logs including Apache.
No file upload vulnerability on the server.
No e-mail possibility on the server.
Remote URL's are completely disallowed.
Unable to interpret any files in the /etc/ or /var/ paths.
Have security measures to prevent LFI.
These are some of the most common problems you'll encounter. And if you bypass them, 95% of the LFI vulnerable sites can be hacked. There are not much ways to bypass them. You can try and encode your payload but it won't work sadly. Now finally, here is how you do it. You are going to use Wrapper protocols in PHP. So using these protocols, you will tell the PHP file to use POST data as the entry point to the HTML file. Say:

Code:
http://www.example.net/?id=php%3A%2F%2FInputHere

Now you can use any of those php functions on the above link. For example <?php phpinfo(); ?> can be used to get the post data. But in some cases, the above code won't work. Why because url_include is turned on, it won't work sadly. So to bypass this, we will alter the stream through encryption before it makes the call to the function. So you can use the command below to achieve what I've said:

Code:
http://www.example.net/?id=php%3A%2F%2Ffilter%2Fconvert.base64-encode%2Fresource%3Din.php

Now you can go about using any of your favorite methods to try and find vulnerabilities in the PHP file. The output is Base64 encoded so you've got a clear road ahead of you. I hope this helps someone. I know what I've said is kinda complex and might be hard to understand. But if you're good enough, this should certainly help you. To beginners, all I can say is learn the basics properly and you can easily grasp all the things I've said in here. Thanks for reading.