Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5

Video Description

This lesson covers RFI. RFI allows an attacker to upload a custom malicious file onto web site or server and leads to poor validation checks in web sites as well as code execution which can be used to deface a web site.

Video Transcription

00:04
so local final inclusion is dangerous. Well about remote file inclusion.
00:08
Mo file inclusion is a whole nother. Ballgame is even more dangerous than local file inclusion.
00:14
Remote final inclusion allows an attacker to upload a custom malicious file onto a website or server.
00:20
Horrify Explorer's poor validation checks in the websites
00:24
and can lead to code execution on the server or website, which could be used to deface the Web page or gain access.
00:30
There is an amazing tool
00:32
that I like to use that I'm going to be showing a little bit later on here. That is fantastic for
00:40
remote file inclusion.
00:42
So one example of remote file inclusion
00:45
is calling a script from another website. So
00:51
his example dot com the vulnerable PHP page and is calling for a file. Well,
00:57
you can call
00:58
http Debbie, Debbie, Debbie, Dad. Bats like that can force us malicious,
01:03
and
01:07
this allows an attacker to run anything they want on the server, such as a back door or key logger, or allow for Mallory distribution. And ah can also allow for running a bott.
01:19
So if you're an attacker
01:23
or if you're running a red team type test on your own network and you don't want to be caught. You don't want to trace back to you this kind of bad to Dio because you have to host the Web, page yourself on something. Um,
01:38
and
01:40
sometimes it's really easy to trace this back if you're doing it incorrectly.
01:45
My favorite tool to use for a remote file inclusion is B 374 K. Go to the link that I have here and download that tool.
01:55
Was it too? Well, if executed properly, it will give you a PHP shell right in your browser. So we're gonna go check that out.
02:06
All right, so here we are, back in our environment again.
02:08
I'm gonna go to file upload.
02:10
So
02:12
say we're on a website.
02:14
We're testing it, and there's a an area to be able to upload and then view your file later on.
02:22
Seems innocent, right, people, one of you what they put in there Well,
02:28
that
02:30
can come back to bite you,
02:34
especially if you don't validate that it's an actual
02:38
proper file. So
02:40
really go over your brows
02:46
and we have the B 374 k,
02:52
and we're gonna send the file
02:54
and says, Hey, your uploads done. You can view the file here, but when you go to that file location,
03:01
it executes a shell.
03:05
And the password is B 37
03:08
four K
03:12
right click gal.
03:16
Now we're in the final structure for that Web server.
03:20
We can go anywhere we want
03:23
in this truck in this file structure
03:29
and ah,
03:30
yeah, view anything we want so we can go in tow.
03:35
Let's see if we wanted to and we give you
03:38
all the files here and we can
03:40
download the files. We can upload files. We can remove files. We can delete files.
03:49
This is an amazing tool, and it's a very, very dangerous tool. If an attacker was to get this tool onto
03:55
your server
03:58
and you didn't know,
04:00
you could be in for a very, very
04:03
a bad time,
04:13
No. And look, here's our past a B D file.
04:18
Now it's The shadow file is protected here,
04:21
So we're unable to get
04:25
anything from this etc. Shadow file
04:30
and the essay and the Shadow backup is protected as well.
04:35
So good on pen tester labs for that.
04:40
So it was covered. Well, we talked about what is Al if I were a cell. If I look like why is it dangerous
04:46
Wells? Or if I was our If I look like and why is it dangerous? And we also covered
04:50
some ways of exploiting it in some of the tools, happy acting, everyone.

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image
CyDefe
Instructor