Using php to download file to remote comp?

I know this is possible, or at least I'm pretty sure it is but I'm not sure how to go about it, could anyone help me on how I can use PHP to save files or a file to someones computer without them knowing? And what are the possibilities? Can I execute the file as well?

hmm.. idk i'm not very good but i don't think you can do that with PHP php is server side or w.e and i think you can only modify the server.. if you talking about adding files to a server you can do that but to someones computer itself i don't know for sure C++ you can :p

b/c cpp teh reet fo sho nigguh.

EDIT:

What I find interesting is how much you guys don't think things through before you post them. It's perfectly understandable if you say something stupid, because once it's said there's no turning back. On a forum however you have to type it, look at the monitor, see what you have typed, hit the button to post it, and not edit it until someone makes you realize what you are saying.

PHP is a language, a means to an end if you wish to see it that way. There is no predefined way to upload files on someone's computer. If there was, it would mean that anyone who was able to type a few lines and can understand basic function calling would be able to compromise the security of any computer on the net.

C++ doesn't define how one should upload files to another computer, that at best is third party library based, not platform, and certainly not language.

Well then in what language would this be possible?

give up.

haha, way to post this on totse too. :D

I'm pretty sure it won't work. Otherwise, there'd be malicious webpages all over the place that could download things to your computer quickly and silently.

Yes I know I just had a trojan downloaded to my computer without my knowledge, and it was from a site with an extension that read .php. Now I'm intrigued. :(

lesserlightsofheaven wrote: haha, way to post this on totse too. :D

I'm pretty sure it won't work. Otherwise, there'd be malicious webpages all over the place that could download things to your computer quickly and silently.

No, not really. PHP is just commonly used as a way to provide dynamic content on the web. You could have a html page with a .php extension and there would be no real way to tell a difference.. so long as that page is intended to not output dynamic content. PHP is not what you are given, rather the technology that gives you what you are given. Also, it need not be a website.

Chinchilla3k wrote: [quote]lesserlightsofheaven wrote: haha, way to post this on totse too. :D

I'm pretty sure it won't work. Otherwise, there'd be malicious webpages all over the place that could download things to your computer quickly and silently.

No, not really. PHP is just commonly used as a way to provide dynamic content on the web. You could have a html page with a .php extension and there would be no real way to tell a difference.. so long as that page is intended to not output dynamic content. PHP is not what you are given, rather the technology that gives you what you are given. Also, it need not be a website.[/quote]

You seem to know a lot for someone that has only completed basic web hacking 1 and 2 :right: :o :|

I know nothing.

Chinchilla3k wrote: I know nothing.

:mindfuck: :o:@:xx::whoa::wow::vamp::right::evil:

slpctrl wrote: Yes I know I just had a trojan downloaded to my computer without my knowledge, and it was from a site with an extension that read .php. Now I'm intrigued. :(

1. YOU downloaded the file. probably came along with some other program you downloaded
2. HBH RANK HAS NOTHING TO DO WITH KNOWLEDGE!!!!!!!!!!!!!!!!!! You could be the best programmer in the world but not know how to beat some of the challenges here. Maybe he is the best hacker in the world but doesnt feel like wasting time on the challenges.

bigggnick wrote: [quote]slpctrl wrote: Yes I know I just had a trojan downloaded to my computer without my knowledge, and it was from a site with an extension that read .php. Now I'm intrigued. :(

1. YOU downloaded the file. probably came along with some other program you downloaded
2. HBH RANK HAS NOTHING TO DO WITH KNOWLEDGE!!!!!!!!!!!!!!!!!! You could be the best programmer in the world but not know how to beat some of the challenges here. Maybe he is the best hacker in the world but doesnt feel like wasting time on the challenges. [/quote]

For one I was just playing with him, and I think I would know if I downloaded it myself, I did not. As the page loaded avast instantly popped up that a trojan had been detected, I had it removed. But I do know for a FACT that I didn't download it. Oh well fuck it this thread sux and will get me nowhere :(

You THINK your sure you didn't download it. The only other way this could have happened is if someone rooted you and installed it them self. This, however, is very unlikely. Few people would bother to take the time to root some random person, only to install a crappy trojan that gets picked up. Many programs that seem completely safe can have something bad in them. You know abel, as in cain and abel? That program that most members here at hbh have? Ya, theres a trojan in that. Many many many "safe" programs have bad stuff in them. It doesnt even have to be a program, it could be that song you just downloaded from limewire or that movie from bittorrent.

bigggnick wrote: You THINK your sure you didn't download it. The only other way this could have happened is if someone rooted you and installed it them self. This, however, is very unlikely. Few people would bother to take the time to root some random person, only to install a crappy trojan that gets picked up. Many programs that seem completely safe can have something bad in them. You know abel, as in cain and abel? That program that most members here at hbh have? Ya, theres a trojan in that. Many many many "safe" programs have bad stuff in them. It doesnt even have to be a program, it could be that song you just downloaded from limewire or that movie from bittorrent.

Yea I use it, and are you sure it has a REAL trojan in it or do virus software suites just detect it as one? I know for me zonealarm has never asked me to grant it any access to the internet. But yea, maybe I did just pick it up some other way and got confused because after doing some googling it very obviously is not possible so bleh :|

It is possible.

OK….. why has no one pointed 0out to him that PHP is SERVER SIDE! no PHP gets sexecuted on yopur end…… so really no it is actually impossible to do that with PHP…it may be possible to genereate a page that doesthtat with PHP, but if that were possible you could just as easily do it with a html or xhtml extension

The browser automatically saves images in your cache, right. Your browser always stores files when you visit a site, I bet you can hide a trojan in there.

richohealey wrote: OK….. why has no one pointed 0out to him that PHP is SERVER SIDE! no PHP gets sexecuted on yopur end…… so really no it is actually impossible to do that with PHP…it may be possible to genereate a page that doesthtat with PHP, but if that were possible you could just as easily do it with a html or xhtml extension

I did mention that. In his original question he was referring to the language as a whole - not just as a server side dynamic content provider. Also, it is possible to get exploited by a php script by just visiting a website. Consider this scenario.

Prior to the public release of the DCOM RPC vulnerability a website administrator wanted to own all the people that visited his website. He could just create a php script that when requested from the website would check the source of the request and attempt to compromise the computer via the DCOM RPC vulnerability. To prevent additional network overhead he could store the source ips in a database and have flags that either list that ip as not possible to compromise with that vulnerability or already compromised with that vulnerability.

The only thing one can slip onto another computer with php would be a cookie. And even those can easily be blocked. So, no, it's not possible.

It's so funny, but people:

If you don't know it's possible, don't say it isn't. Maybe there are techniques you never heard from gasp, could that be true :wow:

Yes it is possible. I know a few sites, where I need to have my firewall on when visiting otherwise they put nasty scripts in my pc.

Automatically.

bigggnick wrote:

2. HBH RANK HAS NOTHING TO DO WITH KNOWLEDGE!!!!!!!!!!!!!!!!!! You could be the best programmer in the world but not know how to beat some of the challenges here. Maybe he is the best hacker in the world but doesnt feel like wasting time on the challenges.

this is very true, I've only seen three of this guy's posts, and based on his word choice/diction and the way he explains things, it's clear that he's quite intelligent. (note that I'm using guy as a general thing, I have no idea about gender, so don't take offense if you happen to be female :p).

and:

spyware wrote: It is possible.

now I'm interested. so would it be possible to trick someones computer into downloading malicious script into the cache the you mentioned by somehow hiding the script in an image? I've read about injecting php and whatnot into images before, nothing like this, though. do elaborate.

all I'm saying is that it happened to me quite a few times, so yes it's possible. I however don't know how to do it, sadly :/

I wish I could help you, but all I know is that images get cached, so that could be what you are looking for.

heh, you guys are thinking about this the wrong way. PHP is a server side language. In other words it won't directly affect your computer. This is the same reason why you can't steal PHP source code without a vulnerability. So how do we go around this? You need not to look into PHP, rather you need to look into client side languages. There are quite a few. The object here is not to exploit the website, rather the web browser [Internet Explorer, Fire-Fox, Safari, Opera, etc.] using client side scripting languages, these would include but are not limited to ActiveX, VBS, and JavaScript, I would say flash but to be honest I don't know enough about it's client side functions to know if it has those abilities.

So why would PHP pages be sending you these exploits?

This is probably because PHP is what is used to distribute said exploits, it happens to be that the programmer of the site preferred PHP as the language for the site, and just included the exploit in there.

I hope this explains a bit more.

i think its possible using javascript, but PHP, i highly doubt.

mr noob wrote: i think its possible using javascript, but PHP, i highly doubt.

well as we speak/type, my antivirus software alerted me of a recent quarantine involving a .js file intended to exploit IE (which is strange/amusing, seeing that i'm on FF). crazy stuff. :happy:

Soulhunter wrote: The only thing one can slip onto another computer with php would be a cookie. And even those can easily be blocked. So, no, it's not possible.

I think this is about the third time I've mentioned this. PHP is a language. It has alot of the capabilities other languages have. One such capability is the ability to connect to a remote host via TCP.

http://www.php.net/function.fsockopen

Another such capability is the ability to send data on a particular connection a PHP script has opened.

http://www.php.net/manual/en/function.fwrite.php

Now reread the scenario I mentioned in my previous post and think carefully if it's possible.

http://dictionary.reference.com/browse/possible

I would also like to point out that you do not need a web server to run PHP scripts, you can just throw it through a command line interpreter.

Even if PHP did not have any way of doing something esoteric you could just code in whatever function you want into PHP, recompile it, and use it.

As for being compromised by visiting a website that uses PHP. It is entirely possible, but unlikely that PHP did the actual exploiting. It's far more likely that they fed you malformed data, like a flash file that exploits a vulnerability in a flash player or an image that exploits a particular image library or something that exploits the browser you use.

ref http://www.kb.cert.org/vuls/id/388984