Thursday, 1 April 2010

Fyury's challenge - Keygenme

This dude saved me the life. I though I would get rusty for ever with only PHP. I was wrong! In this night of 6th Jan. 2009 I decided to visit his blog. And then, I can see this (The original message is in French. So I translate it):
After a little call-up by Xylitol (thx), I decided to post my FooMe.

I presented it on FC and so I didn't saw any importance to dispose on the blog (according to the commentary).

level : 0.5 || 1
secure : no package ..
Anti debugger (bad implemented)

Goals :

- Make a keygen. ( 1 )
- Find a serial for your own pseudo. (0.5 )


The article in question is actualy down. But we'll try to go on without it. You can download the executable here: http://venom630.free.fr/geo/autre_chose/foome__fyuw/foome%20%7bpart%20I%7d.exe!

I download the package without wondering. I only focus on this:
- Make a keygen. ( 1 )
- Find a serial for your own pseudo. (0.5 )


I though I would never manage to do the keygen. After severals tentatives because I'm someone of very pressed. :)

So, I extract the package's content into a folder, and I run foome.exe :
C:\Documents and Settings\Geoffrey\Bureau\foome>"foome {part I}.exe"
[ foome part I by fyuw]

Login : Geo0w
pwd : 15612


I entered a random password. Then a wonderful MessageBox appears and tells me "You're a tapz". Fucking bullshit. I'll show you.

I rush in order to open this fucking software with OllyDbg. I don't delay to find the most important code chunk:

00401431  |> C70424 2C30400>MOV DWORD PTR SS:[ESP],foome_{p.0040302C ; ||||ASCII "                 [ foome part I by fyuw]

Login : "
00401438  |. E8 C7060000    CALL                 ; |||\printf
0040143D  |. 8D85 88FEFFFF  LEA EAX,DWORD PTR SS:[EBP-178]           ; |||
00401443  |. 894424 04      MOV DWORD PTR SS:[ESP+4],EAX             ; |||
00401447  |. C70424 5F30400>MOV DWORD PTR SS:[ESP],foome_{p.0040305F ; |||ASCII "%s"
0040144E  |. E8 A9060000    CALL                  ; ||\scanf
00401453  |. 8D85 88FEFFFF  LEA EAX,DWORD PTR SS:[EBP-178]           ; ||
00401459  |. 890424         MOV DWORD PTR SS:[ESP],EAX               ; ||
0040145C  |. E8 93060000    CALL 
00401461  |. 83F8 04        CMP EAX,4                                ; |
00401464  |. 77 1B          JA SHORT foome_{p.00401481               ; |
00401466  |. C70424 6230400>MOV DWORD PTR SS:[ESP],foome_{p.00403062 ; |ASCII "Need more 5 char..."
0040146D  |. E8 92060000    CALL                 ; \printf
00401472  |. C785 84FEFFFF >MOV DWORD PTR SS:[EBP-17C],0
0040147C  |. E9 F5000000    JMP foome_{p.00401576
00401481  |> 8D85 88FEFFFF  LEA EAX,DWORD PTR SS:[EBP-178]           ; ||
00401487  |. 890424         MOV DWORD PTR SS:[ESP],EAX               ; ||
0040148A  |. E8 65060000    CALL 
0040148F  |. 83F8 0B        CMP EAX,0B                               ; |
00401492  |. 76 1B          JBE SHORT foome_{p.004014AF              ; |
00401494  |. C70424 7630400>MOV DWORD PTR SS:[ESP],foome_{p.00403076 ; |ASCII "Need less 10 char..."
0040149B  |. E8 64060000    CALL                 ; \printf
004014A0  |. C785 84FEFFFF >MOV DWORD PTR SS:[EBP-17C],0
004014AA  |. E9 C7000000    JMP foome_{p.00401576
004014AF  |> C70424 8B30400>MOV DWORD PTR SS:[ESP],foome_{p.0040308B ; |||||ASCII "pwd : "
004014B6  |. E8 49060000    CALL                 ; ||||\printf
004014BB  |. 8D85 B4FEFFFF  LEA EAX,DWORD PTR SS:[EBP-14C]           ; ||||
004014C1  |. 894424 04      MOV DWORD PTR SS:[ESP+4],EAX             ; ||||
004014C5  |. C70424 9230400>MOV DWORD PTR SS:[ESP],foome_{p.00403092 ; ||||ASCII "%d"
004014CC  |. E8 2B060000    CALL                  ; |||\scanf
004014D1  |. 0FBE9D 8AFEFFF>MOVSX EBX,BYTE PTR SS:[EBP-176]          ; |||
004014D8  |. 8D85 88FEFFFF  LEA EAX,DWORD PTR SS:[EBP-178]           ; |||
004014DE  |. 890424         MOV DWORD PTR SS:[ESP],EAX               ; |||
004014E1  |. E8 0E060000    CALL 
004014E6  |. 89C2           MOV EDX,EAX                              ; ||
004014E8  |. 89D0           MOV EAX,EDX                              ; ||
004014EA  |. 01C0           ADD EAX,EAX                              ; ||
004014EC  |. 01D0           ADD EAX,EDX                              ; ||
004014EE  |. C1E0 09        SHL EAX,9                                ; ||
004014F1  |. 01D0           ADD EAX,EDX                              ; ||
004014F3  |. 01C3           ADD EBX,EAX                              ; ||
004014F5  |. 8B85 A0FEFFFF  MOV EAX,DWORD PTR SS:[EBP-160]           ; ||
004014FB  |. 890424         MOV DWORD PTR SS:[ESP],EAX               ; ||
004014FE  |. E8 F1050000    CALL                 ; |\strlen
00401503  |. 29C3           SUB EBX,EAX                              ; |
00401505  |. 89D8           MOV EAX,EBX                              ; |
00401507  |. 83C0 0C        ADD EAX,0C                               ; |
0040150A  |. 3985 B4FEFFFF  CMP DWORD PTR SS:[EBP-14C],EAX           ; |
00401510  |. 74 33          JE SHORT foome_{p.00401545               ; |
00401512  |. C74424 0C 0000>MOV DWORD PTR SS:[ESP+C],0               ; |
0040151A  |. C74424 08 9530>MOV DWORD PTR SS:[ESP+8],foome_{p.004030>; |ASCII "Iz N0t da g00d password"
00401522  |. C74424 04 2730>MOV DWORD PTR SS:[ESP+4],foome_{p.004030>; |ASCII "t4pZ"
0040152A  |. C70424 0000000>MOV DWORD PTR SS:[ESP],0                 ; |
00401531  |. E8 06060000    CALL            ; \MessageBoxA
00401536  |. 83EC 10        SUB ESP,10
00401539  |. C785 84FEFFFF >MOV DWORD PTR SS:[EBP-17C],0
00401543  |. EB 31          JMP SHORT foome_{p.00401576
00401545  |> C74424 0C 0000>MOV DWORD PTR SS:[ESP+C],0               ; |
0040154D  |. C74424 08 AD30>MOV DWORD PTR SS:[ESP+8],foome_{p.004030>; |ASCII "U win.. make a keygen"
00401555  |. C74424 04 2730>MOV DWORD PTR SS:[ESP+4],foome_{p.004030>; |ASCII "t4pZ"
0040155D  |. C70424 0000000>MOV DWORD PTR SS:[ESP],0                 ; |
00401564  |. E8 D3050000    CALL            ; \MessageBoxA


I set a breakpoint on the address 004014CC, which calls the scanf() function in order to get the password from the standart input stream - the keyboard, if you life. I launch, and then, another MessageBox(), with a "U sUck" title, tells me once again I'm a tapz. BITCH!

I wonder - without having read that there was anti-debuging protection - that there are a protection to bypass. Great, I discover this:
00401324  |. C785 98FEFFFF >MOV DWORD PTR SS:[EBP-168],foome_{p.0040>; |ASCII "OLLYDBG.EXE"
0040132E  |. C785 9CFEFFFF >MOV DWORD PTR SS:[EBP-164],foome_{p.0040>; |ASCII "idag.exe"
00401338  |. C785 A0FEFFFF >MOV DWORD PTR SS:[EBP-160],foome_{p.0040>; |ASCII "windbg.exe"


Without hesitating, I modify the values in the dump:
- "OLLYDBG.EXE" becomes "yourmom.EXE" ;
- "idag.exe" becomes "stfu.exe" ;
- "windbg.exe" becomes "azerty.exe".

I launch again, and there are no window. Who is the tapz? HAHA!

Then I enter Geo0w as a login and 2151 as password (randomly).

I'm going on...

Without entering into details, I arrive on this ligne, after many tracings over several calls:
0040150A  |. 3985 B4FEFFFF  CMP DWORD PTR SS:[EBP-14C],EAX


I look for eax, it contents 00001E76. In Decimal, we have 7798.
I close ollydbg and all the brothel, then I launch foome.exe in command line:

C:\Documents and Settings\Geoffrey\Bureau\foome>"foome {part I}.exe"
[ foome part I by fyuw]

Login : Geo0w
pwd : 7798


A MessageBox() comes again, but its title is different. "U win.. make a keygen", and still a "t4pZ". This fucking bitch deserve that I insult badly, like DR_KILLER. Go making me a fucking sandwich!

I do apologize for talking dirty. It's emotional because it's the first keygen of my life. Yes, I'm going on my nervs and I have forgotten that I though I would never manage to do this. I rush headlong.

I open up again my friend OllyDbg and I modify again the values in the dump so the anti-debuger would not make me shit.

And then, I set a breakpoint on:
004014CC  |. E8 2B060000    CALL <JMP.&msvcrt.scanf>


This line corresponds to the call just after the input of the password. So, I launch, I enter "albert" as a login and "11111" as a password. Then the programs pauses at my breakpoint. I trace the code:
004014E6  |. 89C2           MOV EDX,EAX                              ; ||
004014E8  |. 89D0           MOV EAX,EDX                              ; ||
004014EA  |. 01C0           ADD EAX,EAX                              ; ||
004014EC  |. 01D0           ADD EAX,EDX                              ; ||
004014EE  |. C1E0 09        SHL EAX,9                                ; ||
004014F1  |. 01D0           ADD EAX,EDX                              ; ||
004014F3  |. 01C3           ADD EBX,EAX                              ; ||
004014F5  |. 8B85 A0FEFFFF  MOV EAX,DWORD PTR SS:[EBP-160]           ; ||
004014FB  |. 890424         MOV DWORD PTR SS:[ESP],EAX               ; ||
004014FE  |. E8 F1050000    CALL <JMP.&msvcrt.strlen>                ; |\strlen
00401503  |. 29C3           SUB EBX,EAX                              ; |
00401505  |. 89D8           MOV EAX,EBX                              ; |
00401507  |. 83C0 0C        ADD EAX,0C                               ; |
0040150A  |. 3985 B4FEFFFF  CMP DWORD PTR SS:[EBP-14C],EAX           ; |


This is a the last line that our password entered is compared to the true key. So, I analyze the assembler code above of this instruction, and I translate it in pseudo-algorithmic language (after several debuging sessions):

keygen >- length(login)
keygen >- keygen * 3
keygen >- keygen * 512
keygen >- keygen + length(login) (I thanks UnKnOwN*DrAgOoN for having reported to me this forget)
keygen >- keygen + (integer value)login[3]
keygen >- keygen - longueur_chaine("windbg.exe")
keygen >- keygen + 12


Finally I programmed my Keygen in C: http://venom630.free.fr/geo/autre_chose/foome__fyuw/keygen_c.txt. And it works.

Conclusion


Very experiencing. I thanks Fyury a lot for this very interesting challenge. The proverb is clear, unequivocally: In practice makes perfect.

Geo
Posted by at 1 comment:

Monday, 29 March 2010

"Bambalam!" or "compile PHP for me!"

This simple article will talk about Bambalam. This is not music. Here is the site of the project:
http://www.bambalam.se/bamcompile/


We can see, in big letters, on the page:
Bambalam PHP EXE Compiler/Embedder


Though PHP is supposed to be a scripting and interpreted language, we can compile it in order to:
- hide code;
- make windows applications and exempt someone to have PHP on his computer;
- (in theory) increase the speed execution.

Life is beautiful, isn't it?!

Concerning the "linuxians", don't worry, you can download the Bambalam source code.

Let's fetch the project's archive, extract it into a folder, and see the content:
- readme.txt : don't care;
- project_template.bcp : don't care;
- bamcompile.exe : the executable which will receive arguments in order to generate executables by php;
- examples: a folder containing full of interestings... examples! :)

To put us at ease, let's crate a "project" directory. In this directory, let's create a "hello" folder. Now, in this last folder, let's create a file called "hello.php". Let's write our code:
<?php
echo 'Hello!';
?>


We will now compile it. First of all, you have the choice between the following options:
- Using the command line in order to place you to the bambalam's folder then entering your options manually;
- Making a batch file which will execute sequentially your commands and keeping from them a trace.

For my part, I choose the second option.

On the project's web-site, we are told this:
Usage:
bamcompile [-options] infile.php [outfile.exe]
bamcompile [-options] project_directory mainfile.php [outfile.exe]
bamcompile projectfile.bcp

Options:
-w Hide console window for windowed applications
-c Compress output exe (using UPX)
-d Do not encode PHP files
-e:extension.dll Embed and use PHP extension
-i:icon.ico Add icon to exe


Let's try the first line in order to compile our unique php file! We will create a batch file called "make.bat" in the working directory and write the following lines:

@echo off
"../../bamcompile.exe" hello.php
rem The next instruction prevent console from closing itself
pause


Yeah, we have to put "../../" because we have to get back in the tree. I don't consider you as idiots, but we have to think about it by reflex.

Then we launch make.bat and we don't have the time to say "Leek". (I love leeks).

Bambalam PHP EXE Compiler/Embedder 1.21

Mainfile: hello.php
Outfile: hello.exe

Encoding and embedding hello.php

hello.exe created successfully!
Appuyez sur une touche pour continuer...


Concerning the last line, it is in French because it's my windows's language. It means "Press a key to continue". :)

Finally, we have a wonderful executable which has been created in the same directory. If we launch it by a double click, it immediately shuts; normal.

Let's see what does it give in command line:
C:\bamcompile1.21\projects\hello>hello.exe

Hello!


Great!

Well, ok, there is an empty line over our "Hello!", but we don't really care.

Now, let's come back in the "projects" folder and create two files into it :
- main.php
<?php
require_once('age.php');
if($_SERVER['argc'] < 2) {
    echo "Usage: ".$_SERVER['argv'][0]." [number]\n";
    exit(-1);
}
echo ShowFollowingAge(abs($_SERVER['argv'][1]));
?>


I will sum up the code. Firstly we begin in including the "age.php" file (that we'll write after this), we check we've entered an argument in the command line - which corresponds to an age of any person - and next we call the ShowFollowingAge() function. This function is defined in the "age.php" file. Finally, the "intval()" function let us to ensure that the argument is an integer value, and abs() a positive value.

Let's handle the "age.php" file:
<?php
if(!defined("AGE_PHP")) {
    define("AGE_PHP",TRUE);
    function ShowFollowingAge($var) {
        return $var >= 18 ? "You're major" : "You're minor";
    }
}
?>


Briefly, I prevent the file from being multi-included (even if it doesn't really care here) and then I define my function(s). The define is here because if we define a function several times - with the same name - the scripts doesn't run. Normal.

The function returns a string: "You're major" if the age is above or equal to 18, "You're minor" in the opposite.

Concerning guys who does not understand the ternary expression, it consists to affect a variable a value following a condition. Example:
$variable = condition ? "value if true" : "value if false";


This code is equal to the following one:
if(condition)
$variable = "value if true";
else
$variable = "value if false";


The last code takes four lines whereas the ternary expression just takes one line. That's why I use this last.

But we shouldn't go away from the main topic!!

Now, we will go back to the bamcompile executable's folder. The we create a "make_age.bat" file and write into it:
@echo off
bamcompile.exe projects/age main.php projects/age/age.exe
pause


Indeed, in the Bambalam's web-site, We are told that we can use:
bamcompile [-options] project_directory mainfile.php [outfile.exe]


By identifying:
project_directory = projects/age ;
mainfile.php = main.php ;
outfile.exe (optional argument) = projects/age/age.exe

Then we launch our batch file and it's the ecstasy (normally)!

Bambalam PHP EXE Compiler/Embedder 1.21

Mainfile: main.php
Outfile: projects/age/age.exe
Project dir: projects/age

Embedding age.exe
Encoding and embedding age.php
Encoding and embedding main.php

projects/age/age.exe created successfully!
Appuyez sur une touche pour continuer...


We execute age.exe with the command line:
C:\bamcompile1.21\projects\age>age.exe 18
You're major
C:\bamcompile1.21\projects\age>age.exe 16
You're minor
C:\bamcompile1.21\projects\age>age.exe aaa
You're minor
C:\bamcompile1.21\projects\age>age.exe -4
You're minor
C:\bamcompile1.21\projects\age>age.exe -18
You're major
C:\bamcompile1.21\projects\age>age.exe 32
You're major


Since the program has'nt a real interest, this is a simple example.

I regret to announce that the fairground ride ends up here. We could say this article busy me in order to present you a tool that I love much; I sent nice executables to friend thanks to it. Funny.

Take a look in the "examples" folder, it's worth it! There are even a calculator programmed with the winbinder extension (http://www.winbinder.org) which let us to make GUI programs. Anyway, It worth it for those who make php scripts and who would like to share with other persons that, themselves, haven't PHP set up in their computer.

That's all. See you soon.

Geo
Posted by at 2 comments:

phpsploitclass.php

Click here to download the latest version of phpsploitclass

I will begin slowly with an article which studies the phpsploit class, coded by Darkfig. Indeed, he told me that only three people were using this class in order to develop their web-based exploits, tools etc... Before, I used to write entire algorithm by my hands to get the webserver's response. All of this ends. Though an English description is included in the content of the file (because we have to offer an easy understanding for everyone) I decided to explain some features in French (But there, we only speak English :]), in order to convince readers!

I'll suppose you dispose PHP 5 with a CLI - Command Line Interface - because I run my scripts with this tool. If you've a web-server, this is fine, but I mostly find the prompt more convenient.

Let's go. We begin by including the class definition (until there, it's not complicated!) :

<?php
require_once('./phpsploitclass.php');
?>


By exploring the file, we can see this line:
class phpsploit {


So we will make our script like :

<?php
require_once('./phpsploitclass.php');
$object = new phpsploit();
?>


I imagine that, concerning most of you, you already have programmed in Oriented-Object Programming. As a consequence, you will know that our instance owns:
- attributes: kinds of variables internals to the class. These attributes are, for most of the cases, privates: it means that the user cannot modify them directly;
- methods: they are "under-tools" for manipulating instances. They are commonly publics - the user can call them - but some of them are privates (the phpsploitclass contains some).

get()



The first method that we should use is the get() method. This method take just one and only one argument: the source address of the web-page from which we want to get informations; I mean the response's header with the HTML content. This method returns the entire response from the server (header with two newlines and carriages return) :

<?php
require_once('./phpsploitclass.php');
$object = new phpsploit();
echo $object->get("http://geo0w.blogspot.com/");
?>


Let's take a try:


C:\php>php phpsploit1.php
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Last-Modified: Sun, 04 Jan 2009 15:05:21 GMT
Cache-Control: max-age=0 private
ETag: "5b0762bd-de9c-4df7-830f-8fe7e1b4f4ef"
Transfer-Encoding: chunked
Date: Sun, 04 Jan 2009 15:07:09 GMT
X-Content-Type-Options: nosniff
Server: GFE/1.3
Connection: Close

7006
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html dir='ltr' xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='http://www.google.com/2005/gml/expr'>
<head>

[...]


Be careful: it will probably scroll speedy in the console. You may use the stream operator ">" in order to write the echo of the script into a file in order to consult it. For my part, the response has a size of 37 kB and rubbishes!

Anyway, we have the server response.

Let's code a tool for ourselves: It will let us to get the source of any page. The argument, which corresponds to the URI, is defined in the command line.

<?php
require_once('./phpsploitclass.php');
if(!empty($_SERVER['argv'][1])) {
$object = new phpsploit();
echo $object->get($_SERVER['argv'][1]);
} else {
echo "Usage: ".$argv[0]." [url]\n";
}
?>


Let's try:

C:\php>php phpsploit2.php http://www.google.fr/
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Date: Sun, 04 Jan 2009 15:20:40 GMT
Expires: -1
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=584abc4a64322246:TM=1231082440:LM=1231082440:S=Zvx70flgh8_ZY
o5V; expires=Tue, 04-Jan-2011 15:20:40 GMT; path=/; domain=.google.fr
Server: gws
Transfer-Encoding: chunked
Connection: Close

1785
<html><head><meta http-equiv="content-type" content="text/html; charset=ISO-8859
-1"><title>Google</title><style>body,td,a,p,.h{font-family:arial,sans-serif}.h{c
olor:#36c;font-size:20px}.q{color:#00c}.ts td{padding:0}.ts{border-collapse:coll
apse}#gbar{height:22px;padding-left:2px}.gbh,.gbd{border-top:1px solid #c9d7f1;f
ont-size:1px}.gbh{height:0;position:absolute;top:24px;width:100%}#gbi,#gbs{backg
[...]


We may now get both headers and body response from any page, provided it is available. You understand me.



post()



Almost equals to the get() method. However, this method takes exactly two arguments:
- the target page of the post request - until there, nothing of different;
- the data to send to the server, coded like "variable1=value1&variable2=value2"...

An example is better than a sloppy speech. Let's make a php script that waits for post-datas (you'll have to set this script onto your web-server).

<?php
if(!empty($_POST)) {
echo "You have posted :\n";
readfile("php://input");
} else {
echo "You don't have posted anything.";
}
?>


We save it into target.php and we suppose that we can access it by http://localhost/target.php. Here is, as consequent, a script example to execute in CLI:

<?php
require_once('./phpsploitclass.php');
$object = new phpsploit();
echo $object->post("http://localhost/target.php","pseudo=Geo&pass=greatdad");
?>


We try it on the console:

C:\php>php phpsploit3.php
HTTP/1.1 200 OK
Date: Mon, 05 Jan 2009 12:30:21 GMT
Server: Apache/2.2.6 (Win32) PHP/5.2.5
X-Powered-By: PHP/5.2.5
Content-Length: 39
Connection: close
Content-Type: text/html

You have posted :
pseudo=Geo&pass=superpapi


Magic! \o/
It goes up a gear.

addcookie(), agent(), addheader()



Three important methods. They let us to build our http request.

The addcookie() method takes exactly two arguments, which represent, respectively, the variable and its value. For example:
<?php
require_once('./phpsploitclass.php');
$obj = new phpsploit();
$obj->addcookie('admin',1);

// Now we can send our requests
$response = $obj->get("http://localhost/page.php");
// etc...
?>


Then each time we would "visit" the page by using the get() method, the cookie will be inserted into our headers. Sure you can call the addcookie() method as necessary as you want.

The agent() method specifies a value for the "User-Agent" field of your http request. This serve to specify a browser's name with which you want to get the page. A kind of falsification; indeed, it exists sites that interacts differently when we use an empty field or a non-existent agent.

The method takes exactly one argument: the "User-Agent" value that you want. Here is an example using this method:
<?php
require_once('./phpsploitclass.php');
$obj = new phpsploit();
$obj->agent("Mozilla Firefox");

// We can send our requests...
$reponse = $obj->get("http://localhost/page.php");
// etc...
?>


the addheader() method let us to add some filed into our headers. It takes exactly two arguments which are, respectively, the field name and the field value.

<?php
require_once('./phpsploitclass.php');
$obj = new phpsploit();
$obj->addheader("X-Forwarded-For","127.0.0.1");
$obj->addheader("Referer","http://www.google.fr");

// We can do our queries...
?>


Note : Although some methods, which let us to manipulate cookies with the user-agent, are implemented, it's not forbidden to do this:

$obj->addheader("User-Agent","Mozilla Firefox");
$obj->addheader("Cookie","PHPSESSID=ANotVeryCorrectPHPSESSID; admin=1; pseudo=Geo");


We realize that the class is complete. And it's not over! If I had to demonstrate it entirely, then I could not finish...

reset()



It is important to talk about this method. It either take one argument or none. If it doesn't receive any, it reset all headers, cookie and other parameters, in the other case it reset the header value corresponding to the header name that we passed into our argument. The call is easy:

$obj->reset();


Conclusion



As a conclusion, this article aims to sensitive you. I confess that I was going far while presenting briefly several method of the phpsploit class. There are many others:
- you can get the "Set-Cookie" field's value automatically and use it into your next request via the cookiejar() method;
- you can print separately the headers from the HTML, and vice versa;
- you can upload a file;
- ...

Don't hesitate to read phpsploitclass.php! All of this is explained in English.

Concerning the French version, I have an example which uses the phpsploitclass. You can find it there: http://venom630.free.fr/geo/tutz/securite_informatique/injections_sql_imbriquees/. But I do not have anyone in English. Sorry guys.

When I wrote this article, I had to review my article. So it might be confused. Moreover, I'm not English, so I'll bless you if you forgive my many errors. :)

Geo
Posted by at No comments:

Beginning

Hi there!

I created this blog in order to translate my french own, which is available here. So, I will try to make a translation of quality for each article that I wrote.

So I'm importing many articles, but not every. At least, I don't think so for the moment.

I ask you to forgive me from my various mistakes. :)

Geo
Posted by at No comments:
Subscribe to: Posts (Atom)