URL Bruteforce I guess

[blk.Sith0]

Will this work if I do without the webserver? From the command line?

Do I need a framework?



How can I add a slash to my charset?
$charset .= abcdefghijlmnopqrstuvwxyz0123456789
Thanks for the help guys

[ande]

Will this work if I do without the webserver? From the command line?

Do I need a framework?



How can I add a slash to my charset?
$charset .= abcdefghijlmnopqrstuvwxyz0123456789
Thanks for the help guys

You CAN run PHP by command line, yes.

To add slash:
$charset .= "abcdefghijlmnopqrstuvwxyz0123456789\\";

[blk.Sith0]

Now when I create a project, it gives me all these other files.

Do I need them, or can I use only the main php file? (index)

[ande]

What kind of gay IDE are you using? You only need the index.php unless your IDE stuffs lots of code in the other files for some crazy ass reason

[blk.Sith0]

Yeah I uninstalled that IDE just now and switched to another lol

I get an error when trying to do this line in PHP.

for(int i=0; i<sizeof(mycharset); i++){

So first I did this and made a variable called i.

$i = 0;

But I'm pretty sure that the "sizeof" is only in C++, so what is the equivalent in PHP?

And for some reason, getting an error from this line.

$i = 0;

Unexpected T_Variable. I dont see what I did wrong.

This is annoying, Im still getting an error just from this.

for ($i=0; $i<=; $i++);

Its saying unexpected semicolon, with AND without the semicolon at the end. So I just dont know.

[ande]

You just quadposted... Also you should learn PHP from the start before you try something like this. Non the less, here is your solution:

Code: [Select]

for($i=0; $i<sizeof($mycharset); $i++){
     // Code logic here
}


[blk.Sith0]

Is this right? Change:

Code: [Select]

myget= "GET /users/" + mycharset[a] + mycharset[b] +"\r\n";(Thats the C++ version)
change it to this:

Code: [Select]

$myget = $_"GET /users/" + mycharset[a] + mycharset[b] +"\r\n";I thought of this after reading this.
I'm doing good, right, right?

[ande]

Is this right? Change:

Code: [Select]

myget= "GET /users/" + mycharset[a] + mycharset[b] +"\r\n";(Thats the C++ version)
change it to this:

Code: [Select]

$myget = $_"GET /users/" + mycharset[a] + mycharset[b] +"\r\n";I thought of this after reading this.
I'm doing good, right, right?

The "+" sign in PHP means pluss as in math. To add multiple characters you use the "."
Also. All variables starts with $

Code: [Select]

$myget = $_"GET /users/" . $mycharset[$a] . $mycharset[$b] . \r\n";

[blk.Sith0]

Thanks, I forgot about that, but I mean replacing the GET with $_GET.

[ande]

Thanks, I forgot about that, but I mean replacing the GET with $_GET.

Not quiet sure I understand what you mean. The $_ part of the code in this case would cause an error. This is correct:

Code: [Select]

$myget = "GET /users/" . $mycharset[$a] . $mycharset[$b] . \r\n";


[I_Learning_I]

I believe what blk was saying is that he was doing something like $_GET[$mycharset[$a].$mycharset[$b]].
However that code is used on a PHP server and not on a client, when you're a client you need to send a HTTP request, in this case you'll request the page site.com/asdsdasd.html since you're bruteforcing the URL, it means you're using the GET method and not the POST, therefore a HTTP request would be like:
GET site.com/asdsdasd.html\r\n

When you're working on a PHP server and handling a website you can use $_GET["id"] to detect the value the client sent to you on that variable using the GET method.
For instance, on a forum, you can access the forum.php?section=31 which would display Hacking and Security

In PHP the code would be something like:

Code: [Select]

if("$_GET["section"]){
       showsection($_GET["section"]);
}
The show section doesn't exist, I just used it so you can understand the theory.

Anyways, what matters to you is to work as a client, which means to make HTTP requests, and not to handle PHP requests.

[blk.Sith0]

Code: [Select]

Hey in this line.
[codeif(bigfile.find("Course")!=string::npos){Where does the bigfile part come from?

[ande]

Code: [Select]

Hey in this line.
[codeif(bigfile.find("Course")!=string::npos){Where does the bigfile part come from?

If you tell us where you are getting all this random code from, it will be alot easier to help you

[I_Learning_I]

If you tell us where you are getting all this random code from, it will be alot easier to help you

Indeed!
But I'm starting to think Satan was right and that you really should do some light-reading first.
I don't know what you have so far, but doesn't look to me that you're understanding your own code, which is awful a in the future you might wanna go back to it, and still you won't understand.

[blk.Sith0]

Thats your code that YOU posted here lol. You started write "buff" and "bigfile" and thats where you lost me.