Part 3 - LFI & RFI
Video Activity
This lesson covers RFI. RFI allows an attacker to upload a custom malicious file onto web site or server and leads to poor validation checks in web sites as well as code execution which can be used to deface a web site.
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
This lesson covers RFI. RFI allows an attacker to upload a custom malicious file onto web site or server and leads to poor validation checks in web sites as well as code execution which can be used to deface a web site.
Video Transcription
00:03
>> Local file inclusion is dangerous
00:03
what about remote file inclusion?
00:03
Remote file inclusion is a whole another ballgame.
00:03
It's even more dangerous than local file inclusion.
00:03
Remote file inclusion allows an attacker to upload
00:03
a custom malicious file onto a website or server.
00:03
RFI explores poor validation checks in
00:03
the websites and can lead to
00:03
code execution on the server or website,
00:03
which can be used to deface a webpage or gain access.
00:03
There is an amazing tool
00:03
that I like to use that I'm going to be showing a
00:03
little bit later on here that is
00:03
fantastic for remote file inclusion.
00:03
One example of a remote file inclusion is
00:03
calling a script from another website.
00:03
Here's an example.com, the vulnerable PHP page,
00:03
and it's calling for a file.
00:03
Well, you can call http:// www.badsite.com/malicious.
00:03
This allows an attacker
00:03
to run anything they want on a server,
00:03
such as a back door or key logger,
00:03
or allow for malware distribution
00:03
and can also allow for running a bot.
00:03
If you're an attacker or if you're running
00:03
a red team type test on your own network and
00:03
you don't want to be caught
00:03
and you don't want to trace back to you,
00:03
this kind bad to do
00:03
because you have to host the webpage yourself on
00:03
something and sometimes it's
00:03
really easy to trace
00:03
this back if you're doing it incorrectly.
00:03
My favorite tool to use for
00:03
remote file inclusion is B374K.
00:03
Go to the link that I have here and download that tool.
00:03
Was does it do? Well, if executed properly,
00:03
it will give you a PHP shell right in your browser.
00:03
So we're going to check that out.
00:03
Here we are back in our environment again.
00:03
We're going to ''File Upload''.
00:03
Say we're on a website and we're testing it and there's
00:03
an area to be able to
00:03
upload and then view your file later on.
00:03
Seems innocent. People want to
00:03
view what they put in there.
00:03
Well, that can come back to bite you,
00:03
especially if you don't validate that as
00:03
an actual proper file.
00:03
We are going to go over
00:03
your browse and we
00:03
have the B374K and we're going to send the file.
00:03
It says, "Hey, your upload is done,
00:03
you can view the file here."
00:03
Well, when you go to that file location,
00:03
it executes a shell and the password is B374K.
00:03
Click ''Go''. Now we
00:03
are in the file structure for that web server.
00:03
We can go anywhere we want in
00:03
this file structure and view anything we want.
00:03
We can go into ETC,
00:03
if we wanted to and we can view
00:03
all the files here and we can download the files,
00:03
we can upload files,
00:03
we can remove files,
00:03
we can delete files.
00:03
This is an amazing tool and it's a very,
00:03
very dangerous tool,
00:03
if an attacker was to get this tool
00:03
onto your server and you didn't know,
00:03
you could be in for a very, very bad time.
00:03
Now look here's our past, MED file.
00:03
Now, ETC shadow file is protected
00:03
here so we are unable to get
00:03
anything from this ETC shadow file
00:03
and the ETC and the shadow backup is protected as well.
00:03
Good on pen tester labs for that.
00:03
It was covered well, we talked about what it is LFI,
00:03
what does LFI look like, why is it dangerous?
00:03
What is RFI?
00:03
What does RFI look like and why is it dangerous?
00:03
and we also covered
00:03
some ways of exploiting in some of the tools.
00:03
Happy hacking everyone.
Up Next
Instructed By
Similar Content
