Follow us on Twitter!
Capitalism is an Island of wealth in a sea of poverty
Wednesday, April 16, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 18
Guests Online: 14
Members Online: 4

Registered Members: 82813
Newest Member: VesuviusSentinel
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Page 1 of 2 1 2 >
Author

How to view a php script.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-01-11 06:05
How can I view the php in a .php file? Nothing is there to look at? I know php does that, but is there anyway to see the php?

Thanks
Author

RE: How to view a php script.

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 18-01-11 06:16
If the PHP file is being viewed over the web (HTTP), then no, it is not designed to be able to be viewed. The PHP document is supposed to be interpreted, and then the output sent to the browser, and you are not supposed to be able to see the source.

Although, just because you're not supposed to, doesn't mean that there aren't vulnerabilities in some websites that allow you to.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: How to view a php script.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-01-11 06:26
is there any way I could download it? can you tell me more?
Author

RE: How to view a php script.

techb
Member



Posts: 384
Location:
Joined: 15.02.09
Rank:
Moderate
Posted on 18-01-11 06:50
ctrl+s


www.userbars.com/74460/665255/337-7865-ubda3219.gif
kbcarte.wordpress.com
Author

RE: How to view a php script.

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 18-01-11 06:54
techb wrote:
ctrl+s


Lol, that'll only work for the output of the PHP script (HTML usually), not the actual PHP source code.

No, like I said, the only way to download it is to have access to the webserver (like FTP, or SSH), or to find a vulnerability (like LFI).


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: How to view a php script.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-01-11 06:54
I may be wrong but I remember something about server side includes from one of the challenges. Getting one page to print the source of another.

Edit:Ah stealth's post was what i was thinking. LFI not SSI.

Edited by on 18-01-11 08:43
Author

RE: How to view a php script.

techb
Member



Posts: 384
Location:
Joined: 15.02.09
Rank:
Moderate
Posted on 18-01-11 06:59
stealth- wrote:
techb wrote:
ctrl+s


Lol, that'll only work for the output of the PHP script (HTML usually), not the actual PHP source code.

No, like I said, the only way to download it is to have access to the webserver (like FTP, or SSH), or to find a vulnerability (like LFI).


Oh. :xx:

Shows how little web stuff I do lol.


www.userbars.com/74460/665255/337-7865-ubda3219.gif
kbcarte.wordpress.com
Author

RE: How to view a php script.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-01-11 07:37
techb wrote:
Oh. :xx:

Shows how little web stuff I do lol.

Hah, and here I thought you were just being an ass because of the stupid question Pfft


Author

RE: How to view a php script.

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 18-01-11 20:21
If the server serves http 1.0 you can grab the PHP source with that.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s

Edited by spyware on 18-01-11 20:28
http://bitsofspy.net
Author

RE: How to view a php script.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-01-11 23:39
spyware wrote:
If the server serves http 1.0 you can grab the PHP source with that.


Vulnerability in the old protocol or it simply doesn't parse?


Author

RE: How to view a php script.

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 18-01-11 23:48
DigitalFire wrote:
Vulnerability in the old protocol or it simply doesn't parse?


Must be a configuration error in a httpd.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: How to view a php script.

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 19-01-11 03:26
MoshBat wrote:
As said, you need to actually find an exploit to view the contents of the PHP file, other than the contents that are sent to you, of course.
For example, if you can find a way of halting script execution (like a Null byte or something), then the file should spit out everything after it stopped executing.


Could you provide an example of this? I can't tell if you are referring to having a null byte in a string that PHP is trying to read, because afaik that would simply force PHP to stop reading the string (unless you configured PHP properly, like you should, in which case nothing would happen). The only other case I could think you are referring to is having a null byte in the actual PHP source itself, but in the case you are able to do that then you must have access to the source already.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: How to view a php script.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-01-11 18:58
spyware wrote:
If the server serves http 1.0 you can grab the PHP source with that.


hmm i did not know that... got any good links to where i could read up on this subject?

and yes i have used google(a long time ago GrinGrinGrinGrin)
Author

RE: How to view a php script.

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 19-01-11 19:10
Shazrah wrote:
hmm i did not know that... got any good links to where i could read up on this subject?


It's not worth it, really. This "exploit" is outdated and useless by now. To perform it, grab your favourite shell and do this:

telnet
open
website.com 80
GET file.php HTTP/1.0 <ret>
Host: www.website.com <ret><ret>


You'll now be served with some HTML, CSS and JS, because this "exploit" won't ever work.

Edit: whoops, thanks for pointing that out, COM.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s

Edited by spyware on 20-01-11 01:10
http://bitsofspy.net
Author

RE: How to view a php script.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-01-11 00:59
spyware wrote:
GET HTTP/1.0 index.php <ret><ret>

That sure looks strange to me.


Author

RE: How to view a php script.

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 20-01-11 01:06
COM wrote:
That sure looks strange to me.


Erh, you're right. What I meant to say was something more along the lines of;

GET file.php HTTP/1.0
Host: www.website.com
<ret><ret>



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: How to view a php script.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-01-11 01:28
spyware wrote:
GET file.php HTTP/1.0
Host: www.website.com
<ret><ret>

Now that looks a lot better, although last I checked, http 1.0 did not have the host header. But I suppose it can't hurt to include it anyhow, might be better off trying a full path in the request part though.
But enough about obsolete shit.


Author

RE: How to view a php script.

t0xikc0mputer
Member



Posts: 112
Location: t0xik waste dump
Joined: 07.01.11
Rank:
Newbie
Posted on 20-01-11 23:03
Depends how you plan to use the php, but one option is to just simply contact the host, and ask them to email you the php file(s). Unless of course, you want to go in stealth mode... :ninja::ninja::ninja:


Author

RE: How to view a php script.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-01-11 14:52
awesomekid211 wrote:
is there any way I could download it? can you tell me more?


you can only download it if you are already in the system. ssh, any shell on the system, ftp with the webroot account etc

or moshbat's null byte suggestion-(anybody made this work? )


Author

RE: How to view a php script.

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 22-01-11 01:14
t0xikc0mputer wrote:
Depends how you plan to use the php, but one option is to just simply contact the host, and ask them to email you the php file(s). Unless of course, you want to go in stealth mode... :ninja::ninja::ninja:


Lol, what?

"Hey, I know your PHP script has the database password in it, and it's significantly easier for me to find vulnerabilities this way, but can you go out of your way so I can have full access to your code anyways please?"

If it's not already publicly available, they probably don't want it to be.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Page 1 of 2 1 2 >