I guess you could call this bad.

malware_writer · Post by **malware_writer** » 15 Jun 2007, 20:34

I am trying to write a overwriting virus in php, please read with an open mind. I am not copying code, I am trying to write mine from scratch.

Description:
A virus that overwrites a non infected file with the virus code, and every time one of the infected files is executed, it will execute the embedded virus code.

How it works:
Selects a target, and checks for the virus code, if found then it skips this file, if not found then it replaces all of the current code with the virus code. It will recursively search the entire server for any php files that can be infected. If no more are found then it executes its payload. The virus finds the index.php file and overwrites the virus code with a script to redirect you to a chosen site. How would I go about this?

Post by **ayu** » 16 Jun 2007, 05:18

Well.... if you don't already know PHP....you should start with that maybe ^^

http://www.w3schools.com/php/default.asp

http://www.freewebmasterhelp.com/tutorials/php

Appart from that...i can't help you

malware_writer · Post by **malware_writer** » 16 Jun 2007, 08:53

neo130 wrote: Appart from that...i can't help you

Why not?

bubzuru · Post by **bubzuru** » 16 Jun 2007, 09:07

maybe he doesnt know php or because doing that would be writeing a full virus for you

i dont know if this helps but in vb you have to open the file for binary acces then write your code into the exe maybe the same in php

Post by **bad_brain** » 16 Jun 2007, 09:11

maybe because it's impossible?

first of all the target system would need to run a websever with php enabled, but web servers don't run with root permissions so you couldn't access/modify anything outside the document root.

A virus that overwrites a non infected file with the virus code, and every time one of the infected files is executed, it will execute the embedded virus code.

what? shellcode in a php script? how should that work?

this seems more like a skiddie's wet dream than a concept, so use the links neo posted and learn about the basics first.

Post by **pseudo_opcode** » 16 Jun 2007, 11:19

ok
it seems obvious but actually he never mentioned any webserver, anyway if you're trying to write a virus in php that would corrupt remote systems then the answer is "NOWAY", the people who made php are not fools, so its impossible to do that and there are a lot of reasons for that..

But taking php as a language, not thinking that it is installed as an apache module, but as an interpreted language, you may go a little further, you can randomly scan files and directories and possibly modify them, but as with most HLLs(high level languages) its power is limited to its environment and set of rules and scope decided by compiler or interpretor, that's why we prefer viruses(or virii) in assembly, which gives awesome power, i have really discussed a lot about it and really dont wanna tell all that again,
but virus in php is bad idea, even if its possible, it cant really do much,
the only HLL i would think of coding a virus in would be C or C++,gotta love the "asm" directive and function....

sidenote:shellcode in php? jeez its very very unlikely, unless someone desperately does so... its a weakly typed language and for godsake leave some things for good ol' C

and also i wont call him an skiddie, atleast he's trying something original and trying to be creative..that's the way to go, a little more knowledge and he can be a good hacker...

malware_writer · Post by **malware_writer** » 17 Jun 2007, 19:55

pseudo_opcode wrote:ok
it seems obvious but actually he never mentioned any webserver, anyway if you're trying to write a virus in php that would corrupt remote systems then the answer is "NOWAY", the people who made php are not fools, so its impossible to do that and there are a lot of reasons for that..

But taking php as a language, not thinking that it is installed as an apache module, but as an interpreted language, you may go a little further, you can randomly scan files and directories and possibly modify them, but as with most HLLs(high level languages) its power is limited to its environment and set of rules and scope decided by compiler or interpretor, that's why we prefer viruses(or virii) in assembly, which gives awesome power, i have really discussed a lot about it and really dont wanna tell all that again,
but virus in php is bad idea, even if its possible, it cant really do much,
the only HLL i would think of coding a virus in would be C or C++,gotta love the "asm" directive and function....

sidenote:shellcode in php? jeez its very very unlikely, unless someone desperately does so... its a weakly typed language and for godsake leave some things for good ol' C

and also i wont call him an skiddie, atleast he's trying something original and trying to be creative..that's the way to go, a little more knowledge and he can be a good hacker...

Would you teach me assembly using the fasm dialect? I would greatly appreciate it.

Post by **pseudo_opcode** » 17 Jun 2007, 21:38

malware_writer wrote:Would you teach me assembly using the fasm dialect? I would greatly appreciate it.

Sorry bro but i hardly have any time left after my "other" work.. so i wont be able to be a good teacher. But there are so many online resources, so you should not have any problem... If you have any problems, you can always post here..

malware_writer · Post by **malware_writer** » 18 Jun 2007, 09:59

pseudo_opcode wrote:
malware_writer wrote:Would you teach me assembly using the fasm dialect? I would greatly appreciate it.
Sorry bro but i hardly have any time left after my "other" work.. so i wont be able to be a good teacher. But there are so many online resources, so you should not have any problem... If you have any problems, you can always post here..

I do have a problem, there is not a "solid" tutorial on using fasm. I can look at code samples, but that is mostly it. However there are some tutorials.

Post by **Big-E** » 18 Jun 2007, 13:16

malware_writer wrote:
I do have a problem, there is not a "solid" tutorial on using fasm. I can look at code samples, but that is mostly it. However there are some tutorials.

I use http://www.devshed.com/ for all my tutorial needs. I find it very resourceful. Give it a try, not sure if it has fasm but a good bookmark none the less.

EDIT:

Also with a quick google I came up with the following resources:
http://flatassembler.net/docs.php
http://decard.net
http://board.flatassembler.net - Which is a messageboard with fasm programmers as their target audience. Don't mean to push people off to other sites, but it would be a good place to look.

malware_writer · Post by **malware_writer** » 18 Jun 2007, 16:35

Big-E wrote:
malware_writer wrote:
I do have a problem, there is not a "solid" tutorial on using fasm. I can look at code samples, but that is mostly it. However there are some tutorials.
I use http://www.devshed.com/ for all my tutorial needs. I find it very resourceful. Give it a try, not sure if it has fasm but a good bookmark none the less.

EDIT:

Also with a quick google I came up with the following resources:
http://flatassembler.net/docs.php
http://decard.net
http://board.flatassembler.net - Which is a messageboard with fasm programmers as their target audience. Don't mean to push people off to other sites, but it would be a good place to look.

I have started using HLA, by Randall Hyde. I will use that to learn the basics, then once I know how assembly works, I will move to pure low level asm. I will probaly use fasm, but nasm is nice because it is simple and therefore small (for downloads). I do however really like fasm, and may use that instead. Depends on which one will be the better for me.

Dont say that HLA is not assembly, it is just a high level front end for introduction, and is designed to help beginners into low level asm slowly.