logo-honeynet.cz

RFI in action

2007-09-09 12:42:47

We prepared screenshots with most common used RFI scripts These scripts are used for basic work with vulnerable server. Most common scripts are r57 shell and c99 shell. There exists also other versions and modifications of these two scripts.

R57 shell - maid by russion group, contains functions for searching, command execution, file upload, select from mysql, reverse shell and other.
http://www.honeynet.cz/img/rfi-r57.jpg

C99 shell - contains functions for searching, command execurion, file upload and other.
http://www.honeynet.cz/img/rfi-c99.jpg

Other examples of RFI scripts.
http://www.honeynet.cz/img/rfi-simple.jpg
http://www.honeynet.cz/img/rfi-simple2.jpg

Running on c&c irc server, attacker write scheme of url for machines used as scanners.
http://www.honeynet.cz/img/rfi-irc-run4.jpg

Examples of output follow:
http://www.honeynet.cz/img/rfi-irc-run.jpg
http://www.honeynet.cz/img/rfi-irc-etc.jpg

And black market.<
http://www.honeynet.cz/img/rfi-black.jpg

Back

©2005-2010  Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Czech Republic License. info_at_honeynet_dot_cz, irc.honeynet.cz #honeynet.cz