spy php picture

Discussion in 'Ethical hacking Tips' started by vishal sharma, Jul 29, 2005.

  1. vishal sharma

    vishal sharma New Member

    Joined:
    Jul 23, 2004
    Messages:
    106
    Likes Received:
    6
    Trophy Points:
    0
    A little trick we use to get info out of intented target...

    For this you only need a webserver that works fine with php and the gd libary.

    First create a new folder on the webserv and put this file in it: .htaccess with the text:
    Code:
    ForceType application/x-httpd-php
    It tells the server to treat every file in the map as a php script.

    Now we make the picture, just use paint or something. save it as a .jpg file and upload it also.

    Next php script starts by typing:
    PHP:
    <?php
    header
    ("Content-type: image/jpeg");
    It tells that it is a picture. now we go further and typ our script, this is an example:
    PHP:
    $ip getenv("REMOTE_ADDR");
    $date date("d") . " " date("F") . " " date("Y");
    $intofile $ip "\n" $date;
    $hfile fopen("data.txt""w");
    fwrite($hfile$intofile);
    fclose($hfile);
    Now we are going to load the origional picture so the user won't notice it:
    PHP:
    $BGImage imagecreatefromjpeg("name.jpg");
    imagejpeg($BGImage);
    imagedestroy($BGImage);
    and end it:
    PHP:
    ?>
    Now save it as something.jpg upload it, try to open it, look if it works and send it to whoever you want
     
  2. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,645
    Likes Received:
    87
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    http://blog.pradeep.net.in
    A very interesting post, may be you can post an article about .htaccess!
     
  3. zylyz

    zylyz New Member

    Joined:
    Dec 26, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    i did not get theflow..please explain with an example
     
  4. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,645
    Likes Received:
    87
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    http://blog.pradeep.net.in
    All the is trying to do is spy on the user by saving his IP when he is try to view an image. A file with .jpg extension contains some PHP code, which saves the user's info and returns an image so that the user doesn't get to know that he is being tracked.
     
  5. SabeelWeb

    SabeelWeb New Member

    Joined:
    Jan 30, 2007
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    SabeelWeb Inc.
    Home Page:
    http://www.SabeelWeb.com
    very useful post , thanks
     
  6. stylo_asif

    stylo_asif New Member

    Joined:
    Apr 3, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
  7. Aryan_illsuion

    Aryan_illsuion New Member

    Joined:
    Nov 16, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    cant copy files into the client's hard drive with php can u?.. lol that would have been powerful
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice