Friday, February 3, 2017

PHP Remote File Inclusion Example

attacker ip:
target ip :

1- allow url include by change the option below in /etc/php/apache2/php.ini

2- create a php file with the following content and host it in a website.
$incfile = $_REQUEST["file"];
echo "Welcome Here!";

3- on attacker host, also need to host a php shell as well, download the file from the link below and host it in a website.

4- then we can use the following url to gain shell on target host.

below is the screenshot of the shell, and we  use it to read /etc/passwd on target host.

No comments:

Post a Comment