Follow us on Twitter!
The measure of a mans life is not how well he dies, but how well he lives.
Wednesday, April 16, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 16
Guests Online: 13
Members Online: 3

Registered Members: 82810
Newest Member: TheDuke777
Latest Articles
View Thread

HellBound Hackers | Computer General | Increasing Security

Page 1 of 2 1 2 >
Author

Remote File Inclusion Scanner


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-10-08 16:33
Hi everybody,

I'm looking for a Remote File Inclusion Scanner, that scans my php documents and says if there is an vulnerability. Is there a tool which is possible to do that ?

Thank you for your answers

Greetz
NoPax
Author

RE: Remote File Inclusion Scanner


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-10-08 16:36
NoPax wrote:
Is there a tool which is possible to do that ?


Yeah its called your brain. Oh yeah and its free too.


Author

RE: Remote File Inclusion Scanner


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-10-08 16:42
Yeah funny and usefull =)
But if you have a lot php files it's to much work to look through everyone. Perhaps there is a tool which scanns the files and say ther is one or not.

Greetz
NoPax
Author

RE: Remote File Inclusion Scanner


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-10-08 16:54
Not that I'm aware of. Learn about RFI, then write a quick prog to regex search your PHP file for an include statement that contains $ (looking for variables, basically). Tweak as necessary.


Author

RE: Remote File Inclusion Scanner

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 23-10-08 17:00
NoPax wrote:
Yeah funny and usefull =)
But if you have a lot php files it's to much work to look through everyone. Perhaps there is a tool which scanns the files and say ther is one or not.

Greetz
NoPax


I believe that there isn't such thing. There are RFI scanners, which request the server with for instance the most common types of rfi, like http://google.com/index.php?page=, and then determine whether there is the vulnerability or not, but file scanner, I don't think so. Anyway why do you need it, just switch off register_globals in php.ini. And if you really want one, then just write something that looks for every include function in the file, and if found, checks whether it is properly sanitized...

dammit too lateGrin


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 23-10-08 17:01
clone_4@hotmail.com
Author

RE: Remote File Inclusion Scanner


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-10-08 17:03
I need it because it would save a lot of time if you look through new php projects and to find a vuln.

@Zaphir
I can try to programm it, but I'm pretty sure it will not work =)
And I have to read about this Regex in Wikipedia because I have never heard that before.

Greetz
NoPax
Author

RE: Remote File Inclusion Scanner


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-10-08 17:16
NoPax wrote:
@Zephyr
I can try to programm it, but I'm pretty sure it will not work =)
And I have to read about this Regex in Wikipedia because I have never heard that before.

Regex = Regular Expression

It wouldn't be difficult at all. Just look up some quick references to regex and throw something together until one works.


Author

RE: Remote File Inclusion Scanner


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-10-08 17:22
Yeah I will try it =)
Is it possible to write it in VB 6 ? At time I don't have any other programming language on my notebook.

Greetz
NoPax
Author

RE: Remote File Inclusion Scanner

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 23-10-08 17:31
NoPax wrote:
Yeah I will try it =)
Is it possible to write it in VB 6 ? At time I don't have any other programming language on my notebook.

Greetz
NoPax


Erh? You can just go ahead and download some stuff like, compilers, and such. You -could- do it in VB6.0, you -should- do it in Python/perl, or, PHP.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Remote File Inclusion Scanner


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-10-08 17:41
I found some scripts and one programm.

So here is the code if some one is interested in it:
http://snippets.dzone.com/posts/show/5094

And the prog:
http://sourceforge.net/projects/securityscanner/

Thank you for your help.

Greetz
NoPax
Author

RE: Remote File Inclusion Scanner

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 23-10-08 17:59
Bad scwipt kiddy.

Vewwy bad indeed.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Remote File Inclusion Scanner


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-10-08 18:47
cat filetoscan.php | grep -n include
cat filetoscan.php | grep -n require_once

etc.




Author

RE: Remote File Inclusion Scanner

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 23-10-08 18:49
I might have to work on one of these, I really like the idea of have an LFI/RFI scanner.


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: Remote File Inclusion Scanner

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 23-10-08 20:40
NoPax wrote:
I found some scripts and one programm.

You would benefit a LOT more by writing this yourself. Also, it's a very basic thing (just some file IO and recognizing keywords), so it's a good beginner project B)


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: Remote File Inclusion Scanner

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 23-10-08 21:03
Uber0n wrote:
so it's a good beginner project B)


Hey...

No I'm just kidding, I don't know tons about PHP so your right, That's one of the reasons I'm looking at making one. It seems like a good way to learn. Find something YOU want and would use, then learn what it takes to make it.


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: Remote File Inclusion Scanner


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-10-08 13:20
Yes I will write the prog. But I found some I possted it. And it's good for learning.

So I will post maybe my prog when it's ready.

Greetz
NoPax
Author

RE: Remote File Inclusion Scanner

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 24-10-08 13:22
NoPax wrote:
Yes I will write the prog. But I found some I possted it. And it's good for learning.

So I will post maybe my prog when it's ready.

Great. If you really do, respect B) ^^


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: Remote File Inclusion Scanner


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-10-08 13:26
It wouldn't have any sense only to use that. So it's really easy to program. I will start tomorrow programming it.
But next week I am away so it will be ready in two weeks =)
And it's always good to learn new stuff =)

Greetz
NoPax
Author

RE: Remote File Inclusion Scanner

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 24-10-08 15:13
NoPax wrote:
It wouldn't have any sense only to use that. So it's really easy to program. I will start tomorrow programming it.
But next week I am away so it will be ready in two weeks =)
And it's always good to learn new stuff =)

Exactly. I respect people who are ready to learn new things in order to solve their problems themselves, instead of just downloading premade tools ^^


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: Remote File Inclusion Scanner


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-10-08 16:22
japanesedude wrote:
cat filetoscan.php | grep -n include
cat filetoscan.php | grep -n require_once

etc.


cat filetoscan.php | egrep -n --color=auto "include|require_once"
grep uses regex. Why pound at the keyboard more than you need to. Smile


Page 1 of 2 1 2 >