spy php picture

vishal sharma's Avatar author of spy php picture
This is an article on spy php picture in Ethical hacking Tips.
A little trick we use to get info out of intented target...

For this you only need a webserver that works fine with php and the gd libary.

First create a new folder on the webserv and put this file in it: .htaccess with the text:
Code:
ForceType application/x-httpd-php
It tells the server to treat every file in the map as a php script.

Now we make the picture, just use paint or something. save it as a .jpg file and upload it also.

Next php script starts by typing:
Code: PHP
<?php
header("Content-type: image/jpeg");
It tells that it is a picture. now we go further and typ our script, this is an example:
Code: PHP
$ip = getenv("REMOTE_ADDR");
$date = date("d") . " " . date("F") . " " . date("Y");
$intofile = $ip . "\n" . $date;
$hfile = fopen("data.txt", "w");
fwrite($hfile, $intofile);
fclose($hfile);
Now we are going to load the origional picture so the user won't notice it:
Code: PHP
$BGImage = imagecreatefromjpeg("name.jpg");
imagejpeg($BGImage);
imagedestroy($BGImage);
and end it:
Code: PHP
?>
Now save it as something.jpg upload it, try to open it, look if it works and send it to whoever you want
pradeep's Avatar, Join Date: Apr 2005
Team Leader
A very interesting post, may be you can post an article about .htaccess!
zylyz's Avatar, Join Date: Dec 2006
Newbie Member
i did not get theflow..please explain with an example
pradeep's Avatar, Join Date: Apr 2005
Team Leader
All the is trying to do is spy on the user by saving his IP when he is try to view an image. A file with .jpg extension contains some PHP code, which saves the user's info and returns an image so that the user doesn't get to know that he is being tracked.
SabeelWeb's Avatar, Join Date: Jan 2007
Light Poster
very useful post , thanks
stylo_asif's Avatar, Join Date: Apr 2007
Newbie Member
thax bro
Aryan_illsuion's Avatar, Join Date: Nov 2007
Newbie Member
cant copy files into the client's hard drive with php can u?.. lol that would have been powerful