spy php picture

vishal sharma's Avatar author of spy php picture
This is an article on spy php picture in Ethical hacking Tips.
A little trick we use to get info out of intented target...

For this you only need a webserver that works fine with php and the gd libary.

First create a new folder on the webserv and put this file in it: .htaccess with the text:
Code:
ForceType application/x-httpd-php
It tells the server to treat every file in the map as a php script.

Now we make the picture, just use paint or something. save it as a .jpg file and upload it also.

Next php script starts by typing:
Code: PHP
<?php
header("Content-type: image/jpeg");
It tells that it is a picture. now we go further and typ our script, this is an example:
Code: PHP
$ip = getenv("REMOTE_ADDR");
$date = date("d") . " " . date("F") . " " . date("Y");
$intofile = $ip . "\n" . $date;
$hfile = fopen("data.txt", "w");
fwrite($hfile, $intofile);
fclose($hfile);
Now we are going to load the origional picture so the user won't notice it:
Code: PHP
$BGImage = imagecreatefromjpeg("name.jpg");
imagejpeg($BGImage);
imagedestroy($BGImage);
and end it:
Code: PHP
?>
Now save it as something.jpg upload it, try to open it, look if it works and send it to whoever you want
0
pradeep's Avatar, Join Date: Apr 2005
Team Leader
A very interesting post, may be you can post an article about .htaccess!
0
zylyz's Avatar, Join Date: Dec 2006
Newbie Member
i did not get theflow..please explain with an example
0
pradeep's Avatar, Join Date: Apr 2005
Team Leader
All the is trying to do is spy on the user by saving his IP when he is try to view an image. A file with .jpg extension contains some PHP code, which saves the user's info and returns an image so that the user doesn't get to know that he is being tracked.
0
SabeelWeb's Avatar, Join Date: Jan 2007
Light Poster
very useful post , thanks
0
stylo_asif's Avatar, Join Date: Apr 2007
Newbie Member
thax bro
0
Aryan_illsuion's Avatar, Join Date: Nov 2007
Newbie Member
cant copy files into the client's hard drive with php can u?.. lol that would have been powerful