Go4Expert - spy php picture

Go4Expert (http://www.go4expert.com/)

- Ethical hacking Tips (http://www.go4expert.com/forumdisplay.php?f=55)

- - spy php picture (http://www.go4expert.com/showthread.php?t=402)

A little trick we use to get info out of intented target...

For this you only need a webserver that works fine with php and the gd libary.

First create a new folder on the webserv and put this file in it: .htaccess with the text:

Code:

ForceType application/x-httpd-php

It tells the server to treat every file in the map as a php script.

Now we make the picture, just use paint or something. save it as a .jpg file and upload it also.

Next php script starts by typing:

Code: PHP

<?php
header("Content-type: image/jpeg");

It tells that it is a picture. now we go further and typ our script, this is an example:

Code: PHP

$ip = getenv("REMOTE_ADDR");
$date = date("d") . " " . date("F") . " " . date("Y");
$intofile = $ip . "\n" . $date;
$hfile = fopen("data.txt", "w");
fwrite($hfile, $intofile);
fclose($hfile);

Now we are going to load the origional picture so the user won't notice it:

Code: PHP

$BGImage = imagecreatefromjpeg("name.jpg");
imagejpeg($BGImage);
imagedestroy($BGImage);

and end it:

Code: PHP

?>

Now save it as something.jpg upload it, try to open it, look if it works and send it to whoever you want

Re: spy php picture

A very interesting post, may be you can post an article about .htaccess!

Re: spy php picture

i did not get theflow..please explain with an example

Re: spy php picture

All the is trying to do is spy on the user by saving his IP when he is try to view an image. A file with .jpg extension contains some PHP code, which saves the user's info and returns an image so that the user doesn't get to know that he is being tracked.

Re: spy php picture

very useful post , thanks

Re: spy php picture

cant copy files into the client's hard drive with php can u?.. lol that would have been powerful