// archives

rfi

This tag is associated with 7 posts

VopCrew Multi Scanner v5.0

By David June 25, 2009 Post a comment

IRC bot scanner coded in PERL and developed by Vrs-hCk. This tool checks for LFI, RFI, SQL Injections and other types of injections on a IRC environment.
It’s also combined with a injector code that uses the usual gzinflate and base64 plus a few extra str_rot13 php function.
By the way, I already saw this in action [...]

Joomla RFI Scanner

By David June 9, 2009 5 comments

Khaled sent me another Joomla vulnerability scanner.
This time,  also a Python programmed tool, scans for public RFI flaws. It has proxy support and it’s already full disclosed.
Some of this tools (you also have this one)  can be a good thing to have next to you just to search for public Joomla vulnerabilities on your clients [...]

RTFM RFI script kiddie

By David May 19, 2009 One comment

Today I got some funny attempts on RFI on my honey(net) website. I only want to say to the script kiddie who tried this to RTFM (Read The Fuc**** Manual). Why? He didn’t know for sure what was the correct syntax for uname command. He tried a lot without getting it and maybe he gave [...]

d3v1l-sh3ll RFI cmd

By David May 11, 2009 One comment

For many months this was a really private cmd, but it’s already public and being used in many botnets.
It’s a pretty complete tool with a very detailed programming, you can check it by the use of comments on every step. I don’t know if there is a recent version of it but this is the [...]

Fx29ID cmd

By David May 8, 2009 2 comments

FeeLCoMz RFI scanner is again scanning for possible injection on a couple of my websites.
This time using the following IPs :
210.68.188.206 (Taiwan)
125.251.133.3 (Republic of Korea)
And a possible hacked website for hosting the cmd file remember.txt
After searching a bit, I found out 969 search results for the infected website so is has been busy for a [...]

RFI Scanner Bot and Spreader

By David May 1, 2009 One comment

I dunno if you guys already got this trying to sniff your servers but on mine is the plate of the day.
Everyday new cmds, new bots, new malware knocking at the door…
Bots are getting smarter and smarter upgraded every day… Just take a look into the new FeeLCoMz RFI Scanner Bot v5.0 – last updated [...]

Another RFI bites the dust

By David April 19, 2009 Post a comment

Just checked my logs today and noticed a new attempt of attack of a cmd shell for remote file inclusion (RFI) – damn bots calling for RFI on text files. I will call it Coracore, the string that the script echos so…
It’s not another variant, the guy who made this, just changed the name on it [...]