Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Saturday, April 18, 2015
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 18
Guests Online: 18
TeamSpeak Online : 5 Members Online: 0

Registered Members: 87945
Newest Member: kean loft
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

RFI question

jmort47
Member

Your avatar

Posts: 22
Location:
Joined: 27.05.13
Rank:
God
Posted on 31-03-14 03:58
If you try an RFI using something like

/?file=C:\ftp\stuff\shell.php

would that grant reverse access to your local drive while you had your script running?

The reason I ask, is because I was trying an RFI in a few different places, and right after trying it on a particular page, my webcam turned on. My script definitely doesn't have anything to do with webcams. And I did open it or anything. It kinda spooked me.

Any thoughts?
timewastingclub.org
Author

RE: RFI question

rex_mundi
☆ Lucifer ☆



Posts: 1891
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 31-03-14 12:49
I'm not really sure what you're asking here man.

It would be inadvisable to try to exploit an RFI on some website, by using a shell that's traceable back to your own computer for sooooo many reasons.

Also, if you saved a shell.php in a local directory, that's accessible online via some server package you're running, then unless it's password protected, the whole internet can access it.
U N Ⓡⓔⓧ_Ⓜⓤⓝⓓⓘ
Author

RE: RFI question

jmort47
Member

Your avatar

Posts: 22
Location:
Joined: 27.05.13
Rank:
God
Posted on 01-04-14 05:46
I'll pm you
timewastingclub.org
Author

RE: RFI question

elmiguel
Member



Posts: 165
Location: Your Computer
Joined: 12.12.07
Rank:
God
Posted on 21-04-14 16:14
Beware of honeypots! Your RFI could have reverse affects in such that you executed a exploit that, without fully knowing, could be uploading the script that is being injected. This in return letting you exploit yourself to the so called "victim". If I was a malicious hacker I would do the following:

Create a honeypot to allow you to exploit my so called website. Allow you to use "RFI" and really be uploading the shell and gathering your info at the same time, thus using your exploit against you.

Since you have this locally, so bad by the way, and you do not fully understand the shell in which you are using you are basically telling the real attacker "Hey here I am, and go ahead and do what you will to my computer!"


The philosophy of one century is the common sense of the next. -Fortune Cookie

I would like to thank a few friends that I have made here that helped me and deserve to be mentioned:
System_Meltdown, Futility, nvrlivenvrdie, Mastergamer, TrueHacker, S1L3NTKn1GhT, Reelix, ynori7, Demons Halo, kryptor

oh and

Mordak, my long lost brother from across the pond!

elmiguel.site90.com/Avatar.png
<script>alert('XSS');</script>