Help with PHP fusking anyone? (Topic)

:[ Offline ]:

welcome, please log-in:

About: Remember Me

Ticking this box will make the site remember you for 24 hours. However, each time you visit the site this time is renewed, so if you are a regular visitor you will stay logged in.

:[ Forums ]:

Latest Post In:
Challenge Help
Topic:
Challenge 5
By:
Tiffyish

:[ Like ]:

:[ Alexa ]:

:[ Forums ]:

Thisislegal Forums → Help → Help with PHP fusking anyone?

Topic: Help with PHP fusking anyone?

Pages:

Author:	Message:
xyberz09 Offline Forum Rank: Contributor Posts: 50 Thanks: 9 Contributor	If you could write it, that'd really helpful. I'm new to PHP and I looked around for some tutorials on cURL and wget to see if it could be solved using that. I'm convinced cURL can get the job done and I'm gonna try and make my own script but I'm not really sure if I'll get it right. If I do, I'll share it here for sure.
#6 Back To Top
xyberz09 Offline Forum Rank: Contributor Posts: 50 Thanks: 9 Contributor	Hi, I think I've successfully created an early version of my fusker script. Here's the code that the script will exploit: Filename: test.php Code: <br /> <html><br /> <head><br /> <title>Target PHP Page</title><br /> </head><br /> <br /> <body><br /> <?php<br /> $filenm = isset($_GET['file'])?$_GET['file']:NULL;<br /> $index = isset($_GET['index'])?$_GET['index']:NULL;<br /> $filenm==NULL?$filenm="default" AND $index="00":$filenm;<br /> $index==NULL?$index="00" AND $filenm="default":$index;<br /> <br /> $path = $filenm.$index.".jpg";<br /> echo "<tt><center>Filename: $path</tt><br><br>";<br /> echo "<img src=\"$path\"</center>";<br /> ?> <br /> </body><br /> </html><br /> <br />
#7 Back To Top
xyberz09 Offline Forum Rank: Contributor Posts: 50 Thanks: 9 Contributor	Here's the code for my fusker script: Filename: fusker.php Code: <br /> <html><br /> <head><br /> <title>PHP Fusker BETA</title><br /> </head><br /> <body><br /> <STYLE TYPE="text/css"><br /> <!--<br /> BODY<br /> {<br /> color<img src='/shout/shout/smilies/o.gif'>range;<br /> background-color:black;<br /> font-family<img src='/shout/shout/smilies/s.gif'>ans-serif;<br /> }<br /> A:link{color:blue}<br /> A:visited{color<img src='/shout/shout/smilies/tongue.png'>urple}<br /> --><br /> </STYLE><br /> <?php<br /> echo "<h1><center>PHP Fusker <tt><small>BETA</tt></small></center></h1>";<br /> function get_web_page( $url )<br /> {<br /> // This function was retrieved from:<br /> // http://nadeausoftware.com/articles/2007/06/php_tip_how_get_web_page_using_curl<br /> // http://www.php.net/manual/en/function.curl-setopt-array.php#89850<br /> <br /> <br /> $options = array(<br /> CURLOPT_RETURNTRANSFER => true, // return web page<br /> CURLOPT_HEADER => false, // don't return headers<br /> CURLOPT_FOLLOWLOCATION => true, // follow redirects<br /> CURLOPT_ENCODING => "", // handle all encodings<br /> CURLOPT_USERAGENT => "spider", // who am i<br /> CURLOPT_AUTOREFERER => true, // set referer on redirect<br /> CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect<br /> CURLOPT_TIMEOUT => 120, // timeout on response<br /> CURLOPT_MAXREDIRS => 10, // stop after 10 redirects<br /> );<br /> <br /> $ch = curl_init( $url );<br /> curl_setopt_array( $ch, $options );<br /> $content = curl_exec( $ch );<br /> $err = curl_errno( $ch );<br /> $errmsg = curl_error( $ch );<br /> $header = curl_getinfo( $ch );<br /> curl_close( $ch );<br /> <br /> $header['errno'] = $err;<br /> $header['errmsg'] = $errmsg;<br /> $header['contents'] = $content;<br /> return $header;<br /> }<br /> echo "<br>";<br /> echo "<hr>";<br /> <br /> $startidx = isset($_GET['start'])?$_GET['start']:1;<br /> $endidx = isset($_GET['end'])?$_GET['end']:24;<br /> $endidx<$startidx?$endidx=24:$endidx;<br /> $startidx<=0?$startidx=1:$startidx;<br /> $imgnum=1;<br /> //$endidx<0?$endidx=24:$endidx;<br /> <br /> for($i=$startidx; $i<=$endidx; $i++, $imgnum++)<br /> {<br /> $page_info = (get_web_page("http://localhost:82/test.php?file=Picture&index=$i"));<br /> $html = $page_info['contents'];<br /> $html = str_replace("<img src=\"", "<img src=\"http://localhost:82/", $html);<br /> echo "<center><h2>Image Number: $imgnum</h2></center><hr>";<br /> echo $html;<br /> echo "<hr>";<br /> }<br /> echo "<center><tt>PHP Fusker *BETA</tt></center>";<br /> ?><br /> </body><br /> </html><br />
#8 Back To Top
xyberz09 Offline Forum Rank: Contributor Posts: 50 Thanks: 9 Contributor	This is how it works (for anyone who's interested): You need to setup a web server and configure a virtual host so that it can host two sites at once (it's very easy to do that using WAMP) (more info here: http://www.eggheadcafe.com/tutorials/aspnet/05de3a63-7a96-4e65-94d9-c090896290e8/creating-multiple-virtual-sites-on-a-wamp-server-installation.aspx) The target site must run in "c:\wamp\www\target\test.php" The fusker site is hosted at "c:\wamp\www\fusker.php" After the virtual hosts are properly set up, typing http://localhost/fusker.php should show the PHP fusker page. And typing http://localhost:82/test.php should show the target site (to one that's to be fusked) Now the target page shows different images to the user using this format: http://localhost:82/test.php?file=FILENAME&index=INDEX_NUMBER FILENAME will be concatenated with INDEX_NUMBER and the result is added the '.jpg' extension and loaded from the site's root dir. If the file doesn't exist, no image will be shown. If either FILENAME or INDEX_NUMBER values are missing, a default picture (hardcoded as 'default00.jpg' will be shown)
#9 Back To Top
xyberz09 Offline Forum Rank: Contributor Posts: 50 Thanks: 9 Contributor	Here's how the fusker page works: To fusk the target PHP page, visit http://localhost/fusker.php (this automatically fusks images 1-24 from the target site. The names of the images are hardcoded as Picture1, Picture2, Picture3, etc. This can easily be changed) A range of the pictures to be fusked can be specified by the 'start' and 'end' parameters in this way: http://localhost/fusker.php?start=5&end=19 There is some basic error checking to see that 'end' is never less that 'start' and that 'start' is always a positive value or 0.
#10 Back To Top

Pages:

Locked.

Online (last 15 mins): metallover

:[ Sponsored ]:

:[ ShoutBox ]:

Guest - Login to post comments

shoutbox bot:
no more proxy
iS33stars:
It helps if you read the tutorials before you attempt a challenge.
howboutdemboyzz:
wheres the proxy they offer?
mejizz420:
uh... i got lucky with the first challenge... dont really get the second challenge..
Nutu2000:
man, what are you doing here if you can't look at the source code of a web page?
adapt760:
whts the pass word for the 1st challenege
zurenarrh:
Nobody really uses the forums :/

Pages: 1, 2...343