Home Forums Features Opinions Remote File Inclusion Tool Diagram

Remote File Inclusion Tool Diagram

Viewing 4 reply threads
  • Author
    Posts
    • March 23, 2012 at 5:26 am #7448
      fly_high
      Participant

      Hi everyone,

      After learning some scanning tools that can scan Remote File Inclusion vulnerability (fimap, w3af, uniscan, etc), I decided to draw a diagram to show the mechanism. So here is the picture.

      Note: if you cannot see the picture, please find at attachment

      Little description:
      Attacker box: the person can scan and exploit the RFI vulnerability. Some tool offer exploit mode to get victim shell in their tool; therefore, I decided to put it in.

      Variable setting box: allow the user to set parameter.

      Victim Server box: normal stuff inside a server

      Is it the right way to draw how scanning tool work? Is there some specific part that i need to modify?

      Feel free to post your opinion so I can learn from everyone and draw the right diagram.  🙂

      Thanks

    • March 26, 2012 at 7:13 am #46514
      erwinadi
      Participant

      Hi fly,
      I think you have demoed that there was a script that you used as payload, so that the attacker can control the victim. The picture need to be updated with the payload.

      The “Return Shell” looks ambiguous… Is the shell actually the effect of what the payload does? In that case the payload goes on to one direction, and the returned shell should be showing the other direction.

    • March 26, 2012 at 12:28 pm #46515
      fly_high
      Participant

      @erwinadi wrote:

      Hi fly,
      I think you have demoed that there was a script that you used as payload, so that the attacker can control the victim. The picture need to be updated with the payload.

      The “Return Shell” looks ambiguous… Is the shell actually the effect of what the payload does? In that case the payload goes on to one direction, and the returned shell should be showing the other direction.

      Hi Erwin,

      Thanks for the input.

      Yes, the “Return Shell” pipe is the result of what the payload does so let me revised the diagram a little bit.

      Cheers  ;D

    • April 2, 2012 at 6:41 am #46516
      erwinadi
      Participant

      In that case, perhaps a revised picture would help.

    • July 30, 2021 at 2:07 am #182038
      technologiesinindustry4
      Participant

      E-commerce accountants uk
      We are the E-commerce Accounting Specialist UK and Best Accountants in London concentrate on managing online retailers, E-commerce and SMEs to realize bigger and better. we’ve the resources to successfully free accounting advice to several clients, with services tailored exactly to your needs.

  • Author
    Posts
Viewing 4 reply threads
  • You must be logged in to reply to this topic.

EH-Net - New Member Offer - Free eLS PTS Barebone Ed

EH-Net TV - Column Header

Upcoming Webinars

EH-Net Live! Thurs Oct 29 @ 1:00 PM US ET. Details Coming Soon!

EH-Net Live! January 2019 - A Perfect Crime

Past Webinars

EH-Net Live! Sept – Video & Deck Available Now! for “Android Hacking Proving Ground!” w/ Kyle Benac from Sept 24.

EH-Net Live! AugVideo & Deck Available Now! for “TryHackMe – Behind the Curtain” w/ Ben Spring and Ashu Savani from Aug 27.

EH-Net Live! JuneVideo & Deck Available Now! for “CISO Underrepresented” w/ Mark Arnold and Steph Ihezukwu from June 30.

EH-Net Live! MayVideo & Deck Available Now! for “Bad As You Want To Be – Adversary Emulation Basics” w/ Jake Williams from May 28.

See all EH-Net Live! Videos

More on the EH-Net YouTube Channel

Upcoming Events

There are no upcoming events at this time.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?