so local final inclusion is dangerous. Well about remote file inclusion.
Mo file inclusion is a whole nother. Ballgame is even more dangerous than local file inclusion.
Remote final inclusion allows an attacker to upload a custom malicious file onto a website or server.
Horrify Explorer's poor validation checks in the websites
and can lead to code execution on the server or website, which could be used to deface the Web page or gain access.
There is an amazing tool
that I like to use that I'm going to be showing a little bit later on here. That is fantastic for
remote file inclusion.
So one example of remote file inclusion
is calling a script from another website. So
his example dot com the vulnerable PHP page and is calling for a file. Well,
http Debbie, Debbie, Debbie, Dad. Bats like that can force us malicious,
this allows an attacker to run anything they want on the server, such as a back door or key logger, or allow for Mallory distribution. And ah can also allow for running a bott.
So if you're an attacker
or if you're running a red team type test on your own network and you don't want to be caught. You don't want to trace back to you this kind of bad to Dio because you have to host the Web, page yourself on something. Um,
sometimes it's really easy to trace this back if you're doing it incorrectly.
My favorite tool to use for a remote file inclusion is B 374 K. Go to the link that I have here and download that tool.
Was it too? Well, if executed properly, it will give you a PHP shell right in your browser. So we're gonna go check that out.
All right, so here we are, back in our environment again.
I'm gonna go to file upload.
say we're on a website.
We're testing it, and there's a an area to be able to upload and then view your file later on.
Seems innocent, right, people, one of you what they put in there Well,
can come back to bite you,
especially if you don't validate that it's an actual
really go over your brows
and we have the B 374 k,
and we're gonna send the file
and says, Hey, your uploads done. You can view the file here, but when you go to that file location,
it executes a shell.
And the password is B 37
Now we're in the final structure for that Web server.
We can go anywhere we want
in this truck in this file structure
yeah, view anything we want so we can go in tow.
Let's see if we wanted to and we give you
all the files here and we can
download the files. We can upload files. We can remove files. We can delete files.
This is an amazing tool, and it's a very, very dangerous tool. If an attacker was to get this tool onto
and you didn't know,
you could be in for a very, very
No. And look, here's our past a B D file.
Now it's The shadow file is protected here,
So we're unable to get
anything from this etc. Shadow file
and the essay and the Shadow backup is protected as well.
So good on pen tester labs for that.
So it was covered. Well, we talked about what is Al if I were a cell. If I look like why is it dangerous
Wells? Or if I was our If I look like and why is it dangerous? And we also covered
some ways of exploiting it in some of the tools, happy acting, everyone.