1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

spy php picture

Discussion in 'Ethical hacking Tips' started by vishal sharma, Jul 29, 2005.

  1. vishal sharma

    vishal sharma New Member

    A little trick we use to get info out of intented target...

    For this you only need a webserver that works fine with php and the gd libary.

    First create a new folder on the webserv and put this file in it: .htaccess with the text:
    Code:
    ForceType application/x-httpd-php
    It tells the server to treat every file in the map as a php script.

    Now we make the picture, just use paint or something. save it as a .jpg file and upload it also.

    Next php script starts by typing:
    PHP:
    <?php
    header
    ("Content-type: image/jpeg");
    It tells that it is a picture. now we go further and typ our script, this is an example:
    PHP:
    $ip getenv("REMOTE_ADDR");
    $date date("d") . " " date("F") . " " date("Y");
    $intofile $ip "\n" $date;
    $hfile fopen("data.txt""w");
    fwrite($hfile$intofile);
    fclose($hfile);
    Now we are going to load the origional picture so the user won't notice it:
    PHP:
    $BGImage imagecreatefromjpeg("name.jpg");
    imagejpeg($BGImage);
    imagedestroy($BGImage);
    and end it:
    PHP:
    ?>
    Now save it as something.jpg upload it, try to open it, look if it works and send it to whoever you want
     
  2. pradeep

    pradeep Team Leader

    A very interesting post, may be you can post an article about .htaccess!
     
  3. zylyz

    zylyz New Member

    i did not get theflow..please explain with an example
     
  4. pradeep

    pradeep Team Leader

    All the is trying to do is spy on the user by saving his IP when he is try to view an image. A file with .jpg extension contains some PHP code, which saves the user's info and returns an image so that the user doesn't get to know that he is being tracked.
     
  5. SabeelWeb

    SabeelWeb New Member

    very useful post , thanks
     
  6. stylo_asif

    stylo_asif New Member

    thax bro
     
  7. Aryan_illsuion

    Aryan_illsuion New Member

    cant copy files into the client's hard drive with php can u?.. lol that would have been powerful
     

Share This Page