|I'm not really sure what you're asking here man.|
It would be inadvisable to try to exploit an RFI on some website, by using a shell that's traceable back to your own computer for sooooo many reasons.
Also, if you saved a shell.php in a local directory, that's accessible online via some server package you're running, then unless it's password protected, the whole internet can access it.
|Beware of honeypots! Your RFI could have reverse affects in such that you executed a exploit that, without fully knowing, could be uploading the script that is being injected. This in return letting you exploit yourself to the so called "victim". If I was a malicious hacker I would do the following: |
Create a honeypot to allow you to exploit my so called website. Allow you to use "RFI" and really be uploading the shell and gathering your info at the same time, thus using your exploit against you.
Since you have this locally, so bad by the way, and you do not fully understand the shell in which you are using you are basically telling the real attacker "Hey here I am, and go ahead and do what you will to my computer!"
The philosophy of one century is the common sense of the next. -Fortune Cookie
I would like to thank a few friends that I have made here that helped me and deserve to be mentioned:
System_Meltdown, Futility, nvrlivenvrdie, Mastergamer, TrueHacker, S1L3NTKn1GhT, Reelix, ynori7, Demons Halo, kryptor
Mordak, my long lost brother from across the pond!