Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
FTP server in one PHP file
Posted by: WhiteAcid
Date: September 02, 2006 09:50PM

I haven't implemented anything regarding this project, just an idea at the moment. I was thinking about using sockets in PHP to run an FTP server. This could be used to easily do a file transfer if no FTP server currently exists or you don't have access to it. Say you have managed to upload and execute a PHP file, sure you can create a form which uploads a file, but making PHP run an FTP server would just be so much better.

What would you guys think? I'm not saying I'd implement this, just throwing the idea out there.

Last minute though; how about a TFTP server, generally you'd only upload small files anyway.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: FTP server in one PHP file
Posted by: id
Date: September 03, 2006 08:53AM

TFTP doesn't allow directory listings, and the file you write to has to exist (even if it is 0 bytes, the name has to be on the filesystem you are writing to). Maybe you could add those features, but then you might as well go ahead and implement ftp.

Another interesting hack would be to write netcat in php, you could transfer files, pop up a shell, redirect traffic, etc with it.

-id

Options: ReplyQuote
Re: FTP server in one PHP file
Posted by: WhiteAcid
Date: September 03, 2006 10:07AM

I suppose, of course plenty of web hosts don't allow sockets to de used in the first place, still would be handy though me thinks.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: FTP server in one PHP file
Posted by: rsnake
Date: September 03, 2006 02:52PM

Are you thinking about this in terms of a backdoor or something else? Of course file uploading is part of a lot of software, so there must be some other reason you'd want this...

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: FTP server in one PHP file
Posted by: WhiteAcid
Date: September 03, 2006 03:28PM

Yes, mainly as a back door to be honest.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: FTP server in one PHP file
Posted by: rsnake
Date: September 03, 2006 06:54PM

Have you ever seen KIS? Really what you should be looking for is covert channels.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: FTP server in one PHP file
Posted by: WhiteAcid
Date: September 03, 2006 07:03PM

Sorry.. what's KIS?

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: FTP server in one PHP file
Posted by: maluc
Date: September 03, 2006 08:25PM

hrm, why do you want to use an FTP server instead of the standard c99.php and r57.php shells? A cPanel style script works quite well for me, through http .. although i admit the one i wrote runs more sluggish than i'd like - but transfer speed is all the same.

-maluc

Options: ReplyQuote
Re: FTP server in one PHP file
Posted by: rsnake
Date: September 03, 2006 08:39PM

http://packetstormsecurity.org/UNIX/penetration/rootkits/index3.html

KIS is Kernel Intrusion System. It never binds to a open socket so there is nothing to scan for. It looks like broken network "noise" when it's communicating. It was written in 2001. I'm sure there are better ones out there now, but last time I checked this was the best at hiding itself by moving itself around in memory, etc...

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: FTP server in one PHP file
Posted by: WhiteAcid
Date: September 04, 2006 06:19AM

Thanks, I'll have a look.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: FTP server in one PHP file
Posted by: rsnake
Date: September 04, 2006 01:47PM

Maybe I'll ask Optyx to come on here and post something. He's the guy who wrote it. I think he was working on something more advanced after that - I'm not sure though.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote


Sorry, only registered users may post in this forum.