Pages: 1 [2] 3

Author Topic: Evilzone's official RFI training script  (Read 31876 times)

0 Members and 2 Guests are viewing this topic.

Offline ceewwb

  • NULL
  • Posts: 3
  • Reputation: +0
    • View Profile
Re: Evilzone's official RFI training script
« Reply #15 on: July 11, 2011, 03:17:26 pm »
ahh now works thank you ;)

so why people activate that option "allow remote inclusion" in the PHP config?
Logged

Offline ande

  • Administrator
  • King
  • *
  • Posts: 2175
  • Reputation: +178
  • Gender: Male
    • View Profile
Re: Evilzone's official RFI training script
« Reply #16 on: July 11, 2011, 03:20:33 pm »
Quote from: ceewwb on July 11, 2011, 03:17:26 pm
ahh now works thank you ;)

so why people activate that option "allow remote inclusion" in the PHP config?

Some scripts require it in order to work, but to be honest. New or and updated servers does not got this option on.
« Last Edit: July 11, 2011, 03:20:44 pm by ande »
Logged

Offline ceewwb

  • NULL
  • Posts: 3
  • Reputation: +0
    • View Profile
Re: Evilzone's official RFI training script
« Reply #17 on: July 11, 2011, 04:46:53 pm »
Quote from: ande on July 11, 2011, 03:20:33 pm
Some scripts require it in order to work, but to be honest. New or and updated servers does not got this option on.

Thanks, you helped me a lot  :)
Logged

Offline eyMz19

  • NULL
  • Posts: 4
  • Reputation: +0
    • View Profile
Re: Evilzone's official RFI training script
« Reply #18 on: July 22, 2011, 02:32:25 am »
Bluntly, this is truly useless. Come on ande, don't you already know that we have passed the age of people having an include vulnerability (specially a remote include) on their scripts? What is past is past, we should simply forget about this flaw like we forgot how to crack windows 95 passwords.
Logged

Offline ande

  • Administrator
  • King
  • *
  • Posts: 2175
  • Reputation: +178
  • Gender: Male
    • View Profile
Re: Evilzone's official RFI training script
« Reply #19 on: July 22, 2011, 09:43:00 am »
Quote from: eyMz19 on July 22, 2011, 02:32:25 am
Bluntly, this is truly useless. Come on ande, don't you already know that we have passed the age of people having an include vulnerability (specially a remote include) on their scripts? What is past is past, we should simply forget about this flaw like we forgot how to crack windows 95 passwords.

Statement does not make sense.

Forget old knowledge? What would the world have come to then? You should always remember this type of flaw, you never know when you will encounter such a vulnerability. To bad for you if you just decided to forget it.
Logged

Offline undead

  • NULL
  • Posts: 4
  • Reputation: +0
  • echo dead |sed 's/d/und/'
    • View Profile
Re: Evilzone's official RFI training script
« Reply #20 on: July 29, 2011, 11:40:42 am »
I usually create my own scripts but I'll try this out. Thanks for sharing it ;)
« Last Edit: July 29, 2011, 04:16:39 pm by undead »
Logged

Offline drago

  • NULL
  • Posts: 5
  • Reputation: +0
  • Gender: Male
  • programmer in python....
    • View Profile
Re: Evilzone's official RFI training script
« Reply #21 on: November 11, 2011, 03:50:35 am »
thanks for info....
trying to catch the php , RFI and LFI....




but my doubt is that .....   is it to include your own php script to a host who is vulnerable to RFI or something else... just to know am i in right path or not
« Last Edit: November 11, 2011, 03:51:50 am by drago »
Logged
dd

Offline ande

  • Administrator
  • King
  • *
  • Posts: 2175
  • Reputation: +178
  • Gender: Male
    • View Profile
Re: Evilzone's official RFI training script
« Reply #22 on: November 11, 2011, 12:13:57 pm »
Quote from: drago on November 11, 2011, 03:50:35 am
thanks for info....
trying to catch the php , RFI and LFI....




but my doubt is that .....   is it to include your own php script to a host who is vulnerable to RFI or something else... just to know am i in right path or not

That is exactly what it is, you include your own PHP code on a host who was never ment to run your code. That is called a RFI (Remote File Inclusion) vulnerability. Read up on my RFI tutorial if you are unsure.
Logged

Offline bluephantom

  • Serf
  • *
  • Posts: 24
  • Reputation: +0
  • Gender: Male
  • MHL-Team
    • View Profile
Re: Evilzone's official RFI training script
« Reply #23 on: March 20, 2012, 07:51:09 pm »
thx for share ande  ;D
Logged
“Maybe there are no right moments, right guys, right answers, maybe sometimes you just to say what’s in your heart”

Offline sahariar

  • NULL
  • Posts: 3
  • Reputation: +0
    • View Profile
Re: Evilzone's official RFI training script
« Reply #24 on: May 30, 2012, 02:16:51 pm »
should i edit PHP.INI file ???
Logged

Offline ande

  • Administrator
  • King
  • *
  • Posts: 2175
  • Reputation: +178
  • Gender: Male
    • View Profile
Re: Evilzone's official RFI training script
« Reply #25 on: May 30, 2012, 04:18:23 pm »
Quote from: sahariar on May 30, 2012, 02:16:51 pm
should i edit PHP.INI file ???

Shouldent be necessary.
Logged

Offline Ullen

  • Peasant
  • *
  • Posts: 68
  • Reputation: +9
  • Gender: Male
  • I may be down, but i'm not out!!
    • View Profile
Re: Evilzone's official RFI training script
« Reply #26 on: September 11, 2012, 09:30:09 am »
Thanks buddy.

Logged
"The only real wisdom is knowing you know nothing"

Offline c0de.3mperor

  • NULL
  • Posts: 2
  • Reputation: +0
  • Gender: Male
    • View Profile
Re: Evilzone's official RFI training script
« Reply #27 on: October 03, 2012, 11:38:09 am »
This is really cool idea to make a training script.  It's good work guys.
Logged

Offline kingboo

  • NULL
  • Posts: 5
  • Reputation: +0
    • View Profile
Re: Evilzone's official RFI training script
« Reply #28 on: November 26, 2012, 08:53:00 pm »
This is pretty sweet. Can't wait to check it out. Thanks.
Logged
"In the long history of humankind (and animal kind, too) those who learned to collaborate and improvise most effectively have prevailed."
- Charles Darwin

Offline Fur

  • Peasant
  • *
  • Posts: 78
  • Reputation: +17
  • Disregard the constabulary.
    • View Profile
Re: Evilzone's official RFI training script
« Reply #29 on: February 05, 2013, 02:50:41 am »
Quote from: strong115 on February 05, 2013, 02:24:48 am
hello everybody , first i want to thank Ande for his tutorial about RFI
i am a beginner , a noobie and I want to learn how to write a shell for RFI

can anyone , please guide me to an easy site where it TEACHES HOW TO WRITE A SHELL like c99????????

any help will be appreciated
Learn PHP.
One cannot simply write a shell, one needs to know a programming language.

http://www.php.net/
http://www.w3schools.com/php/default.asp
« Last Edit: February 05, 2013, 02:57:39 am by Fur »
Logged
Hey hey hey, stay outta my shed.
Pages: 1 [2] 3
 



Intern0t SoldierX py1337 SecurityOverride programisiai iExploit
Want to be here? Contact Ande, Bluechill or Kulverstukas on the forum or at IRC.