|
|
|
|
|
|
| |
Abstract
This article explains how to write a port scanner in php. The purpose of this article is to demonstrate how easily a malicious individual can use php to begin an intrusion into your computer. In future articles we will cover doing this in a Trojan php script and doing a trickle port scan to avoid intrusion detection systems.
Section I: What is a port scanner?
A port scanner is a piece of software that allows someone to see what ports are open on your system. Different ports are used for different protocols. Most tcp/ip ports are not assigned to services. If you want to allow a service to be accessed on a server then the port that service uses must be open.
Example: Every time you request a URL that starts with http:// you open a connection to port 80.
Section II: How is a port scanner used?
After a hacker runs a port scanner on your system they know what services you have accepting connections. With this information they can begin attempting to exploit those services to obtain unauthorized access to your system.
Example: If the port scanner tells a hacker that you have port 21 open then the hacker knows that you allow ftp. They can then see if you allow anonymous uploads and if you do they can upload malicious scripts to your system.
Conversely a security specialist can use a port scanner as well. Legitimate uses of port scanners include seeing if people on your network are running software they should not be, making sure that servers are appropriately sealed off and many other things.
Section III: The Necessary Functions
Now that we know what a port scanner is and what it is used for it is time to take a look at the php functions which can be used to implement one. We only need the fsockopen function. This function allows a programmer to open a socket connection to another server. One of the parameters that this function accepts is the port on which the connection should be opened. It is this parameter that allows us to implement a port scanner.
Section IV: The Actual Code
Here is the actual code to implement a very simple port scanner in php.
|
|
<?
$host = "www.suryvial.com";
for($i=0;$i<500;$i++) {
$fp = fsockopen($host,$i,$errno,$errstr,10);
if($fp)
{
echo "port " . $i . " open on " . $host . "\n";
fclose($fp);
}
else
{
echo "port " . $i . " closed on " . $host . "\n";
}
flush();
} //end for
?>
|
|
|
Let’s take a look at this code. Using a host variable makes it easy to change what machine we are going to scan. The for loop tells us what ports to scan, there are better ways but this is the simplest. Next is the line that really does the work so we will analyze that in depth.
As I mentioned before fsockopen opens a connection to a remote server on a user specified port. What this particular implementation does is open a connection to $host on port $i. The $errno and $errstr parameters are variables that will hold the error number and error string respectively if the connection failed. We do not use them in this particular implementation but for a more robust port scanner they could be. The number 10 is the number of seconds to wait for a response before assuming failure.
After the fsockopen we test if the operation was successful by testing the value of $fp. We then report the status to the user and close the connection if necessary. After this we flush the buffers to avoid a gateway timeout in the user’s web browser.
It really is that simple to write a port scanner in php. These simple nine lines of code and we have the tool that a hacker will use as a first line of attack against your system.
Section V: Stopping Port Scanning
Almost every Intrusion Detection System (IDS) will detect a port scan and take the action you specify when it does. Additionally most firewalls can also detect port scans and block them. Some firewalls use something called black hole technology, which does not respond to unwanted queries. This makes it look like there is not a computer at your ip address. Zone Alarm is one such firewall and is a very good solution for desktop protection in a windows environment.
Section VI: In Summary
In Summary it is very simple to write a port scanner in php. In nine lines of code we can implement a simple port scanner that someone with no programming experience can run if they have access to a computer that executes php.
This is the first in a series of articles on how a hacker can use php to build the tools of their trade. This series of articles intends to inform people of the security holes that exist in php and aid them in sealing up these holes.
|
|
|
|
| Protecting PHP Scripts with HTTP Authorization
Categories : PHP, HTTP, Security, Authentication | | | Referer Statistics
Categories : PHP, MySQL, HTTP, Databases | | | PHP5: Designing And Using Interfaces
Categories : PHP, Object Oriented, Interfaces, PHP Classes, Security | | | Send SMS Thru HTTP
Categories : PHP, SMS, HTTP | | | Working with Permissions in PHP, Part 1
Categories : PHP, Security | | | Uploading files to the server with PHP
Categories : PHP, File System, HTML and PHP, HTTP | | | User Authentication With patUser (part 2)
Categories : PHP, Authentication, Security | | | Watching The Web
Categories : PHP, Databases, MySQL, HTTP, MD5 | | | Exploring Session Security In PHP Web Applications
Categories : PHP, Security, Sessions, Web Applications | | | 10 PHP Functions I Bet You Didn't Know About!
Categories : PHP, PHP Functions, Filesystem, Arrays, Errors and Logging | | | Developing a Security Policy, by Anna Johnson
Categories : Other, Security, Site Planning | | | Generating One-Time URLs with PHP
Categories : PHP, URLs | | | Data, its presentation and user interface forms
Categories : PHP, XML, User Interface | | | Using the .NET Assembly in PHP
Categories : PHP, .NET | | | PHP 101 Part 8 of 15 : Databases and Other Animals
Categories : PHP, Beginner Guides, Databases | |
| | | Sarah King wrote : 371
I added the error and errornumber to the output string where
the scan failed.
port 0 closed on http://www.sitename.com: 2|No such file or
directory
port 1 closed on http://www.sitename.com: 0|Success
but mostly, it seems that webhosts know to close their ports.
Well, mine do anyway, so I`m safe, right? | |
|
|
|
