Forums » General Hacking Topics

Tutorial in an old mission

    • 13 posts
    June 2, 2016 2:37 PM EDT

    Hey Guys,

    in EG4 there was a realistic mission with a tutorial on how to show the ip on screen in the browser. i cant find the right code for it on google. can someone pls send me the code for it? i want that people think that i h4x0r3D them. no just kidding, there is an idiot who thinks he is safe and i want to show him how easy it is to get his ip

    • 20 posts
    June 2, 2016 5:07 PM EDT

    Well here's the php to get their ip address:

     

    <?

    echo $_SERVER["REMOTE_ADDR"];

    ?>

     

    * The REMOTE_ values are guaranteed to be the valid address of the client, as verified by a TCP/IP handshake. This is the address where any response will be sent to. This value may be "wrong" if they are using a proxy or vpn.

    I'll leave this here too: http://security.stackexchange.com/questions/32299/is-server-a-safe-source-of-data-in-php

    p.s. the php code hosted so you can see it works:

    http://testingspace.eu.pn/enigma/ip.php

    p.p.s There may be a better method that I'm unaware of (im pretty newish to php) so feel free to correct me if anyone has a better method :)


    This post was edited by Galagatron at June 2, 2016 5:09 PM EDT
    • 13 posts
    June 3, 2016 7:10 AM EDT

    Thank you so much!

     

    • 20 posts
    June 3, 2016 8:58 AM EDT

    Just a heads up on this part 

    "there is an idiot who thinks he is safe and i want to show him how easy it is to get his ip"

    Knowing someone's IP address isn't exactly super useful. I mean sure you can geolocate them to a certain accuracy but people knowing my ip address doesn't mean I'm not safe. In general people don't want to disclose their ip address due to their activity hence the use of VPN's etc but knowing someone's ip address doesn't mean theyre not safe. I would say it's more a hiding from authorities thing.

     

    ps The more experienced people on this site feel free to correct me if im wrong :)

    • 13 posts
    June 3, 2016 11:04 AM EDT

    Ok i think a bit more info is needed :D On a site there was a post about some assholes stealing bikes and someone said "police gonna find your ip adress and will fuck you" and a replie was that the police can't get someones ip. i wanted to show him that EVERYONE can get his ip. so it was all about geolocating someone.

    But one thing about knowing someones ip is good: if you can get access to their network you can get access to their system with ssh.

    • 117 posts
    June 3, 2016 10:12 PM EDT

    An IP address is not a Social Security number or a fingerprint.

    It, in the words of Judge Gary Brown of the U.S. District Court for the Eastern District of New York

    "provides only the location at which one of any number of computer devices may be deployed, much like a telephone number can be used for any number of telephones."

     

    Means, they cant say "this ip belongs to john doe, lets arrest him for blah"  

    All they can do is sieze equipment and look for evidence there, at which point, they can in fact tie the evidence to you.

     

    Although theres another law that states, for national security reasons, they can detain that person if they are a suspected terrorists or anarchists without evidence, without reason, and for any peroid of time. 

     

    Theres always a loophole, but they wont use it over some bull shit.  Perhaps your friend knows this, and therefor comes off as cocky.

     


    This post was edited by psychomarine at June 3, 2016 10:15 PM EDT
    • 117 posts
    June 3, 2016 10:17 PM EDT

    id also like to point out to Galagatron

     

    <? for php tags == no

     

    most php configurations wont even parse it anymore. you have to enable short tags.

     

    Always use  <?php   to start with unless its absolutely necessary to not.

     

     

    • 20 posts
    June 3, 2016 10:24 PM EDT

    Oh yeah, sorry that was me being lazy. I normally use the <?php. I just noticed the other day that <? worked on my server so I assumed it was just shorthand and started using it although thanks for the info. I wasn't aware that most configs wouldnt parse it. Also out of curiousity, when would it be necessary to not use <?php..

    • 117 posts
    June 3, 2016 10:26 PM EDT

    when you are trying to inject code in a header or UA or anything, and they parse out PHP or <?php   sometimes they miss <? by itself

     

    perhaps I should make a challenge like that ;)

    • 13 posts
    June 4, 2016 10:26 AM EDT

    [blockquote][b]psychomarine said:[/b] Perhaps your friend knows this, and therefor comes off as cocky.[/blockquote]
    Nha he is not a friend. But the thing is: even if the police wont do anything there are people like us. i dont learn to hack because im a dude who thinks he can hack a bank and get millions of dollars, i learn to hack for helping people.
    at least this is why I want and do learn hacking.

    • 36 posts
    June 12, 2016 7:29 PM EDT

    Heck egv4 we could hide a line of code that would appear as something. When people would visit that post or profile, it would send out your IP.. If somebody really wants it, they can get it.


    This post was edited by Darkvoid at June 12, 2016 7:30 PM EDT
    • 2 posts
    June 16, 2016 7:11 PM EDT

    Thank you so much!

    • 14 posts
    June 20, 2016 11:24 AM EDT

    @Darkvoid, are you implying php embedded in an image or something different? Also, it's been 5 years since I used it, but is the php embedded image trick still practicle? And what are there any other newer, neat tricks like that which are in the wild?