Go4Expert (http://www.go4expert.com/)
-   Ethical hacking Tips (http://www.go4expert.com/articles/ethical-hacking-tutorials/)
-   -   spy php picture (http://www.go4expert.com/articles/spy-php-picture-t402/)

vishal sharma 29Jul2005 22:46

spy php picture
A little trick we use to get info out of intented target...

For this you only need a webserver that works fine with php and the gd libary.

First create a new folder on the webserv and put this file in it: .htaccess with the text:

ForceType application/x-httpd-php
It tells the server to treat every file in the map as a php script.

Now we make the picture, just use paint or something. save it as a .jpg file and upload it also.

Next php script starts by typing:
Code: PHP

header("Content-type: image/jpeg");

It tells that it is a picture. now we go further and typ our script, this is an example:
Code: PHP

$ip = getenv("REMOTE_ADDR");
$date = date("d") . " " . date("F") . " " . date("Y");
$intofile = $ip . "\n" . $date;
$hfile = fopen("data.txt", "w");
fwrite($hfile, $intofile);

Now we are going to load the origional picture so the user won't notice it:
Code: PHP

$BGImage = imagecreatefromjpeg("name.jpg");

and end it:
Code: PHP


Now save it as something.jpg upload it, try to open it, look if it works and send it to whoever you want

pradeep 30Aug2005 13:46

Re: spy php picture
A very interesting post, may be you can post an article about .htaccess!

zylyz 27Dec2006 02:53

Re: spy php picture
i did not get theflow..please explain with an example

pradeep 27Dec2006 10:59

Re: spy php picture
All the is trying to do is spy on the user by saving his IP when he is try to view an image. A file with .jpg extension contains some PHP code, which saves the user's info and returns an image so that the user doesn't get to know that he is being tracked.

SabeelWeb 30Jan2007 16:24

Re: spy php picture
very useful post , thanks

stylo_asif 4Apr2007 02:55

Re: spy php picture
thax bro

Aryan_illsuion 16Nov2007 16:57

Re: spy php picture
cant copy files into the client's hard drive with php can u?.. lol that would have been powerful

All times are GMT +5.5. The time now is 16:04.