Author: T.Mable (26 Dec 13 4:03pm)
> Why do you care? I am not afraid.
You are not a security guy, aren't you?
1. Make a php file below, save as "test.php".
---start---
<?php
$postvars=array();
//php data
$postvars["tag4"] = md5(preg_replace("/[^a-zA-Z0-9]/","",$contents));
$postvars["ip"] = $_SERVER["REMOTE_ADDR"];
$postvars["svrn"] = $_SERVER["SERVER_NAME"];
$postvars["svp"] = $_SERVER["SERVER_PORT"];
$postvars["svip"] = isset($_SERVER["SERVER_ADDR"]) ? $_SERVER["SERVER_ADDR"] : "";
$postvars["rquri"] = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : "";
$postvars["phpself"] = str_replace(' ','%20',$_SERVER["PHP_SELF"]);
$postvars["version"] = "php-".phpversion();
$postvars["sn"] = str_replace(' ','%20',$_SERVER["SCRIPT_NAME"]);
$postvars["ref"] = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "";
$postvars["uagnt"] = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : "";
//yell
print_r($postvars);
?>
---end---
2. Upload it to your honeypot location.
ex. If you uploaded your honeypot to /yum/, test.php goes there too.
3. Access it from your browser.
ex. hxxp://www.com/x/test.php
If you see your network's IP address, server's real name, php path which is hidden,
you should remove honeypot right away.
|