 really Adam, Adam Bresson. And I've actually been doing PHP for about five years in my SQL. Last year I spoke on Palm Security as well, which my grandfather got really upset with me about because about a month afterwards the stock dove because all the viruses came out and stuff. But I had nothing to do with it. I had set the record straight. He's watching this on the web. So now I'll feel really good, you know, and he'll put me back in his will and stuff, which is really important. All right, so we're gonna start off with talking about what we're gonna learn today so that if it's not something you want to learn or it makes you sad or it hurts you in some way, you can walk out. We're gonna learn PHP basics and uses. PHP is a web programming language. It's very simple. It lets you make dynamic web pages. It's free. It's not by Microsoft and it's not ASP. So these are all very good reasons to use it. Yeah, that's how we're out of a plaza! Yeah! Yeah! Yeah! All right, we're gonna talk about how to secure, I feel so tall right now. We're gonna talk about how to secure PHP installations and how to use encryption with PHP so that you guys can protect your PHP scripts and the information you store. We're also gonna talk about how to make a link and email grabber, which is the data mining. So I give you guys code. You can expand it, make it look really, put your little elite conversation in it, you know, put your little hacker name on the top of it and run wild with it, wild with it. We're gonna talk about how to make a live search engine, a lot like Asta Levista, but it's really fast, it runs in PHP, it's super quick. You can basically search any web pages you want to and get information on them. We're gonna make a port scanner with PHP. Do you guys know what that is? We're gonna emulate TCPIP traffic using PHP sockets. It actually has a full implementation of sockets in it. You can do, you can actually set up sessions and communicate directly with a socket any server in the world. I'm gonna give you guys some ideas for your own expansion of this code. I know that this is just for you. This will make you feel good about yourselves. I want you to take what I did, make it like I said, look crazy, you know, add your little hacker speak to it, stuff, you know. Send it out on the internet, let the world see it, get the feds upset. And the last part we're gonna learn today is how to last an hour in a hot conference room without dinner. Without dinner, there won't be any dinner served, unfortunately. Oh my gosh. There we go. All right, quick overview. From the PHP manual, PHP is an HTML embedded scripting language. Much of its syntax is borrowed from C, Java, and Perl with a couple of unique PHP features thrown in. Basically what they did is they, when they originally created the language, they just wanted to be able to put, you know, use variables on a webpage to be able to customize it. So they wanted to be able to set it up so that you could put any name on the page, any information, draw it out of a database. That came second. They want web developers to write dynamically generated pages. Let me show you guys an example of a dynamically generated page. Casey never saw one before. He said sarcastically. All right, the beauty of PHP is that it outputs HTML. So you can dynamically shape web pages. Its output is just HTML. And you get to use the variables and the structures in it and the different aspects of it to make customize HTML. In addition, it can build images with the GD library. This is like one of the coolest things in the world. It has a built-in library that you can create your own images, much like Logo, for anyone who used to use that on the Apple 2e. Woo, Logo rules! Then it became a weird Christian bookstore. But yeah, so you could build your own graphics and images using PHP. It interacts directly with 15 plus databases. It has native C support for 15 databases. Not like an ODBC, although it has that module in it. Direct interfaces to very popular databases, FileMaker, Microsoft, and MSSQL and Postgres. It competes against ASP and JSP to give you guys some example. It's in use now on 1.75 million websites, which is a lot for free technology that has basically no commercial company behind it until about seven months ago when the two people who wrote it decided to form Zen, which is the commercial company. Typical uses, e-commerce. People love using it for e-commerce because it's so well suited for things like a shopping cart. Basically grab a bunch of information out of a database, total it up, do a few little mathematics on it, put like a smiley face on it, little shopping cart icon. Everyone's happy in the world. I created a commercial website two years ago called recommendo.com. This is not a pitch. Jehovah starts with an I. And so recommendo actually uses the customization. It uses MySQL to do the database work on it, creates the pages from templates. The whole site is literally five pages and I use PHP to customize it with includes and modules and things like that. I'm gonna start with the basics of PHP. Can I just get a show of hands here because this is like what you do when you talk? How many people here have coded PHP before? Fantastic, that's so awesome. When you go on Yahoo's job board and you put in PHP, there's like 10 jobs. When you go to like guru.net, I found like maybe like 30 jobs there, but I knew that there's a larger community of people out there using it. And so we're gonna use a few features that you probably weren't familiar with before. I'll stop for questions if you guys have them, but make sure they're relevant to what I'm talking about. At the end of it, if you want, we can sit down and talk about how to do all the fun stuff with it, how to do database, how to do fake transactions, whatever you wanna talk about. But if you wanna ask questions, make sure it's relevant to what we're talking about. Okay, since you guys have some experience with PHP before, I'll go over the basics for those who haven't. Basically, you announce PHP in the webpage. So you start with two tags, beginning and ending tag, much like JavaScript and much like JSP and ASP. It's less than question mark PHP, question mark greater than to close it. All PHP lines end with the terminator, that's the semicolon. Semicolon doesn't get much work out in life, but it gets much work out in programming languages. PHP is compiled at run time, so you get to control its speed and execution directly. What's nice about that is it's not a byte code language like Java. It's actually compiled as you run it. So you say you can use the world famous four next loops to put pauses in the middle of your program, have it accomplish things and have it seem like it's waiting. But you get to control the program flow, which is important. PHP doesn't output anything until you tell it to with print or echo. It's not like ASP, which has some basic procedures in it and things that will automatically output to print. You have to tell it to output the data. I use UltraEdit to code PHP, and this is a plug, because this is like the coolest software in the world, and the second most thefted software in the world next to Winzip. I thought you'd like to know that statistic. But it has a PHP word file, which is context highlighting and tag finishing for you too. Quick technique, how to do output. You use print or echo. What is the difference between print or echo? You don't care. They both do the exact same thing. Except that when you use print or echo, you're really using a function, so you have to use a quotation mark, and it depends how it processes the variables when it outputs it. It always outputs a standard out. It's usually the browser. Print F, neat function. It prints formatted text according to regex expressions. So if you want to format your text, and you want to put commas in the numbers, or the right amount of decimal points, you can do it from that. You can escape in and out of PHP. For example, you could use at the top, the title tag in HTML, and you could do start PHP, dollar sign foo, and PHP, parentheses home page. They love this. When you do a page for a business website, and at the top it says you sign in, and you're like, oh, my user name's Adam, and then it says Adam's webpage after it. That's darling, isn't it? That's why. That's like a lot of PHP and ASP. It's like, oh, that's so sweet. That's so darling. All right, quick technique, how to do variables here. Okay, I'm looking right now. Is anyone asleep? Is anyone asleep? I just started. Okay, you do not need to declare variables. PHP has automatic memory allocation and typing do do do. That's like the coolest thing. You don't have to type your variables. You don't have to declare them at the beginning. PHP takes care of all your typing for you. In fact, there's a whole series of commands that let you get the type for a variable, that let you change the type of a variable, and touch poke and prod variables. It's fantastic stuff. You initialize a variable simply by using it as an expression. For example, dollar sign foo equals Adam. Oh, where do you get that value from? It establishes the variable foo as a string with the value of Adam. Use get type to determine the type of your variable. It's either boolean, integer, double string, array object, resource, null, which is new in PHP 4, or a known type. Yes, sir. Yes, you can. In fact, you can actually declare variables with a function and automatically say it can only hold doubles, or it can only hold integer numbers. And then, like I said, as a PHP 4, you can actually have it be null, not just empty, but null. And it's using a lot of database support, yes. Right, you can use, right, yeah. They accept a few, I ran into that problem. He's saying that when you start your PHP, you can actually do less than question mark, and you don't need to put less than question mark PHP. But I found some server incompatibilities between using that, like on Windows sometimes, it thinks it's ASP, and it sends it to the wrong, like when you use iSappy with, what's the lovely Microsoft web serving product? Blank now, blank. Yes, IIS, when you use it with IIS 5, sometimes it'll try to process it as ASP. And then it, like, Microsoft gets mad and they report you to the feds. We have this kid in. That last part, I'm totally lying about that. Quick technique, arrays. Arrays are the coolest part of PHP to me, because you can do a lot of stuff with it. You basically can read the contents of a database into an array, sort it, play with it, manipulate it, send it home to your mom, because it's been bad. You declare an array simply by saying, dollar sign foo equals array, parentheses, and you give it values. It defines the variable foo as a two-element array. When you refer to that variable, how cool, how quaint. You just do dollar sign foo, element one, element two, element three, yes. Excellent question. He asks if you run into buffer overflows when you, because PHP takes care of your typing and memory allocation. I haven't run into any problems, except when basically if you don't, when you do a while loop and you're running around inside of a while loop and you keep incrementing, like your index variable, like i or something, and you forget to increment it, then basically it outputs like 3,000 times, shuts down the Apache thread, gets really mad. So that would be an example of it. You just have to make sure to terminate your loops, just like if you're using basic even. It has a really neat sort function called NATsort in it, PHP that lets you sort your array naturally. So instead of one, two, three, four, instead of zero one, zero two, zero three, zero four, and also you could shuffle and randomize the elements of array. This is really cute for kids games, like when you're a kid and you do your flashcards, whoa, giddy up, when you do your flashcards out there and it would actually, oh that was cool. Okay, when you do your flashcards you actually shuffle your array. So you can do that, yes. Yes, I'm missing quotes there, you're absolutely right. I'm very bad. I'm just pointing out here that I did it in my presentation. You're supposed to do quote, X1, quote, comma, quote, X2, quote. Oh God, I'm worthless. All right, how to handle flow in PHP. Your while loop, it's the greatest, it's the strongest, it's the coolest thing in the world. I'm gonna get up and flex over it. Oh, while loops are the greatest thing in the entire universe. They execute while a given, until or while a given condition exists. So like until I equals 10, keep executing. It's much quicker than a for next loop and more flexible. They have a new construct in PHP 4, which is basically like for next else, which uses while. They also have if, else if, and else, which is conditional. You guys probably know this from other programming language. If conditioned, then do this. Else if conditioned to, do this. Else do this. PHP has switch and case, which is really cool. So like a great example is it, so you could say on day, do these things. And if cases Monday, do this. If cases Tuesday, do this. It's kind of a modified if and else if and else. But it really looks very clean when you code it. You have break and exit. Break pops you out of a while loop or a for next loop. And it's useful for searching and sorting like if you're doing a bubble sort. And then also exit, which terminates the script. So this is how you can implement basic security in PHP. So basically you can check the session or the user credential at the top of the page and then exit out of the script so nothing else goes on. Yeah, I'll show you a while loop there. Oh, you don't need it done. It's implied, but you can use done. Quick techniques that it has. Oh, bye, I'm sorry. I'm really sorry. Go, go, get out of here. All right, MySQL, free database. Just like Microsoft and SQL, except it lacks transaction support, which is not a problem because you can actually emulate transactions using PHP. Postgres SQL, SQL more robust. It actually has transactions in it. It's usually free, but it's less supported. Like two reasons why you should use MySQL with PHP. Number one, almost every single company that provides PHP web hosting offers MySQL and not Postgres SQL. And number two, as a PHP 4, that MySQL commands are natively compiled into the programming language so that it's much faster, actually. It has an ODBC connector so you can connect to Bob's XYZ database as long as it uses ODBC. And PHP, as I mentioned before, supports over 15 plus databases natively through modules. All right, we're gonna talk about the atypical uses for PHP, not like the mom and pop programming site shop in cart where you go out and you shop for a few things and then you have your little cookie come up and oh, it gets all confused and unhappy. We're gonna talk about securing PHP and using encryption. We're gonna talk about data mining, which is basically grabbing assets off other people's websites from PHP for a PHP server. And we're gonna talk about web security. Before I do, I'm gonna show you guys a basic PHP script now at my website. Yes, this is running on Windows. So everyone can go, oh my God, why is he using Windows? That's so bad. Windows is so horrible. All right, all you social engineers, look at the name I named for my hard drive. What is the significance of that? Could it be a reference to Jack Kerak's On The Road? Who knows? It's crazy. Okay, I use PHP with Xtami on Windows. I don't actually use IIS. And it's a good thing because it runs much more quickly. Oh yeah, I like that. Okay, I crossed the country. I've been gone for a month. I decided to end my road trip in Las Vegas. This isn't just for show. This is something I've actually done. And I made this website so my parents knew I was alive along the way. So what I did, I was that sweet, come on. Oh, what a mama's boy. Yeah, that would be okay if she weren't dead. No, I'm just kidding. I'm just kidding. Mom, you're out there somewhere. So I took a trip across the country in US-15. I kept a website along the way. And I wanted to very easily, I wanted to be able to update my website when I'm on the road. And I wanted to do two important things. First, my mom should hear all the stories about the happy people I met and all the national parks I went to. Second, my mom shouldn't hear all the other stories about the people I met along the way. You know what I'm saying? Those people you meet, you know their first name, and you're in a bar and they're like, let's dance. So you're like, okay, let's dance. I'm in the middle of nowhere. And they don't give me your real name. So the key was to actually prevent those stories from getting to my mom. So what did I use? PHP. I used it mostly because it was cheap and free and easy. So this is my website. This is where I went across the country. Doesn't look too harmful or anything. Okay. First thing I did was, these are links up here, hidden links at the top left and top right. This is the link to the super secret stuff that I don't want my mom to hear. So of course I, uh-oh, whoa, there it goes. I'll tell you, Windows is a beautiful thing. So I protect this with the following code here. Let's switch. PHP is very, very efficient. I point this out to everyone. And I will be using UltraEdit, which in the spirit of my road trip, I got for free. Okay, here's the basics of it. I know it's gonna be hard to see from the back because it's really, really tiny and small. Basically, PHP can do HTTP authentication. So what you can actually do is use a database of user names and passwords. And, you know, the blue sites, the porn sites, they really like this. You can actually do, darn, darn, I clicked the wrong file here. Let's do, let's see here, this one, okay. At the top of the page, so does everyone here, since Microsoft employs most of us, the reason is because they're right, you can't hate Microsoft that much, right? They make us all, okay, everyone hates Microsoft. Basically, you do the PHP HTTP authentication. You can use the database to do it at the top of the page. And I have it here, secretly also in my little gas section, actually. There's a difference between PHP on Windows and Unix, ladies and gentlemen. Right, when you run it on Windows, you have to actually, you don't have to declare the variable, but when you make a comparison on a variable to see if it has a contents or not, you have to use is set. But when you run it on Linux, you can just say if parentheses variable, then do these things. So I set up a little section here where I could upload my file from the web. So I wouldn't have to actually set my laptop up and go crazy with it. And I use PHP to actually do things like, stepping over here. I use PHP to set up which leg of my trip I was on. So if I was on the US 50 section, or if I was on the Route 66 section, it would show a different map to people. It would show a different set of my journals and it would show different information, hopefully not the secret stuff to my mom. So that's a typical use of PHP. Now we're gonna get into the atypical use of PHP. And let's start this up again. Do, do, do, do, do, do, do, do, do. Okay. Securing PHP and encryption. This is the general model of how you'll see PHP implemented. Time check. Anyone raise their hand and give me the time. 6.35, we'll be done in 15 minutes. All right, on the left side you have Apache. You run the PHP as a module. Please don't run PHP as CGI. Please don't, when you were talking about buffer overflows earlier and memory allocation problems, basically every single CGI spawns its own process off the Apache, off the Apache kernel. And it's just a mess for PHP. It slows down your scripts for you significantly. So you'll have SSL and you'll have Perlin there too. And then you can see I have PHP and MySQL. When you install PHP on Linux, make sure you do the dash dash with Apache switch. That's how you compile it as a module in Apache. Installation on Windows. They have a nice new setup program for PHP that they just debuted with PHP 4.0.5. But normally you just unzip it to a directory. Like I said, two things. Don't run it as CGI. And don't run it on Windows 2000 as an ISAPI module. Securing installation. Verify that PHP is running under the nobody Linux user. PHP 3 didn't do that by default. You had to set it. Always clean HTML out of form input. Make sure, please, that you take the actual, you can do a strip HTML. And actually strip HTML out of form input because otherwise you're gonna get people putting their own little links there and the crazy stuff. Never let a user directly execute a system command based on input. This is practical sense for most of us, but you can actually use exec to execute commands on a Unix box from PHP. So don't do something stupid like, here, enter your system command in this form and I'll execute it on my box. Right, bad idea. I'm telling you right now, even if you're my mom, filter, she's dead, you know. Filter uploads. Filter uploads and partition your directories out. One very handy trick I found is that you should not put all your scripts in one single directory because once they know that that's the location of it, they can reference your scripts directly. And some Apache configurations actually output PHP as text if you reference the file directly. So then they can look at your passwords, et cetera. And always run the latest build. There's a vulnerability in 4.0.1. I have to point this out because it's really, that it basically forgets to encrypt your data and you can't use SOC, it's right. And there was a small mistake on there part. A few words about MySQL and PHP. Use PHP includes to partition your databases, username and passwords. What that means is include simply takes a file, sticks it into the middle of your executing application. So put your username and password in an include file and then step it up and take your PHP file that contains your username and password, put it above the www tree. So that it's just a precaution so that one time when you forget and you name your index.php page, index slash slash.php and decides to do a directory listing for you, that they can't find out that file that says name of my database, username and password. Set up your security properly to limit full access to certain user names in MySQL and set up separate read and write users. Yes, pardon me? Oh yes, you can actually, like I said, you can execute UNIX commands from PHP. So you mean, is it insecure in that you could set yourself as root and go ahead and execute a few things? Yes, you could. If you had control of your own server and it, but most of the commercial installations that you'll find out there in the web hosts like PHP web hosting, which is a plug for them because they're awesome, they're 10 bucks and they have unlimited databases and everything. They usually will lock it down so you can't execute system commands from PHP. You just want to change the user that you're running the command on it? Yes, you can do that from exec is the command and you could run set UID on it and back up your SQL data. All right, use encryption to hash as there are two types. Encrypt and encrypt and encrypt decrypt uses Cypher key data and mode to encrypt by directional. So you can actually encrypt and decrypt and then there's one way encryption in PHP, which is MD5. Everyone knows MD5 by now, it's the fucking coolest thing. Or did I just swear, right? It generates a message to I just 32 character representation of strings of any length. It's useful for storing passwords. It's useful for creating hashes. Always store passwords and credit cards with an MD5 hash of it. PHP has global variables, it reports every time. You run PHP info to dump all the global variables and port ones, HTTP refer their last location, their browser and user agent, remote address, their IP address, which is something I use when I set up that security on my website. I was telling a story earlier, one of my friends thought it'd be so cool to try to hack the HTTP authentication, because apparently that's all the time he has in his world is to go into my website and read about where I've been. And so what I did is I set up a little script there to every time he tried it, to email me the passwords he would try and his IP address, so I could watch him every time and then I'd call him on the phone right after he did because I had to email to my little, like my Panasonic phone, I go, stop trying to hack my website. Stop it. I'll tell you what's there. You know it's all stories about your mom. I can do that every single time. And then, H-U-B cookie verse, which is an associated array of all the cookies that are past. Okay, data mining. Just like our little, just like our little DigDug friend would. Okay, we're gonna basically use pattern matching, regular expressions to grab data from websites. Now this is a code example. You guys can write it down or afterwards. I'm gonna have this little pad up here and if you wanna write me your email, you know, and your fake name, your crazy hacker name if you want. I'll email you guys out my presentation or any of the code you want. I'm gonna step through it really quickly for you guys. This is it. This will let you grab links or email of people's page. The first step is set the URL. The second step is PHP can read HTTP and FTP by default. How cool is that? So the first thing you do is you grab a file which is the URL, the file command recognizes HTTP and then you implode it. As you see there, I implode it on nothingness so I grab everything out of it and then I use a pattern match here. You'll see here. H reference equals, which is a link for everyone who programs HTML. On the page, get the number of matches, then run a while. This is the while and list construct which I think is kinda cool. It'll separate everything out into a list and then it will grab all your matches for you and then it will print them out for you. See, those two lines are tied there. Set your desired URL. Quickly grab the contents of a page, match all AAH references for links, cycle through the matches and then print them formatted with the URL. Well, hopefully this is just the germ of an idea because what I'd like to see people do is to use regular expressions or P-regular expressions which are POSIX compatible to match email addresses. I'd like to see the URLs be written to a file which would be very handy to have. So you go about your work day and you come home and you find an entire website's links cataloged or any other asset for that matter. You can match images, you can match email addresses, you can match references to their mom, whatever you wanna do. Pass an array of URLs to open and pattern match while through them. So maybe you wanna match several, maybe you want it to go out and do a report on several of the top websites and you wanna go to hp.com and search everywhere on every one of their pages for email addresses. Write them to a little file for yourself and have them. You can do that with the magic of PHP. You can also follow URLs off of the HTTP so you can go three or four levels deep. My live search engine that I designed, these are pretty basic PHP concepts. Once you step beyond the regular database and variables and arrays and things, basically I do two arrays there. I wild through the arrays. I grab the contents of a URL. I'm essentially reading the entire chunk of a web page into a variable so I can play around with it. And then I go ahead and I do a little pattern matching there and say I wanna match for the word cookie, the word cute, the word sexy. That's right, sexy. I'll go through and loop through the whole page and look for the word sexy there and do a pattern match. So at the bottom, an array of URLs to check out, initialize the index variable, loop as long as there are URLs yet to read, which is in my URL array at the top. Read an entire page into a variable, dump the number of matches that contain the pattern, space or plus space. In this case, I look for the word or on the page and print the result as a formatted URL with number of matches and loop through it. Ideas I have for this, link to a database of submitted URLs and then read into an array. That's what Ocelavista does. This is pretty much what they do exactly. They let people submit their security and cracking URLs and then they live search, except lately they've been kind of modifying it so there's about like a day or two lag where they actually perform the searches using a cron job and then they keep the index there. It's useful for news and info searches. You like that? News and info searches. You wanna save your matches into a database and you can maybe create a simple index just like Ocelavista does. Just make sure to refresh it. Web security. Oh, this is one of those phrases when you mention it like everyone's ears perk up and they start to think about the dump. Okay, I gotta point out there's a guy up here. I don't know. He's not wearing a shirt. I can't look over on this side. I'm a little distracted. Like I know it's hot in here but we all have to cover up. But you know what? I'm just taking my shirt off too now. Yeah, come on. It depends how much applause and dollars I get shoved in my drawers. Okay, PHP with socket read rights can monitor websites and servers. There's a company out there called InternetSeer. Has anyone heard of this company? They do free monitoring of your website to make sure it's up and they charge you. They monitor it every hour but they charge you if you wanna do it every 15 minutes. That's kind of a cool idea but you can make your own in about five seconds. Yeah, three maybe even. And we're gonna look here and you can basically search your server for exploits. This is pretty exciting to me I think. GRC.com does it with, they're using com objects to go out and check your ports and it's really, really slow. It's not slow just because it's Microsoft, it's slow because it requires like tremendous server overload to do it. I'd like to really try and that's one of my goals maybe for the rest of the year to write an open source security scanner using PHP but I invite everyone here to do it because they're inspired. All right, Windows and web scanner. I do something very simple at the top. I set up an array of the ports I wanna check. Port 80, web, port 443, SSL, web and port 139 which happens to be the net BIOS port. Oh, what's that for? Okay, I equals zero, I set up my index variable and I wild through it and I use the shortcut as was pointed out earlier. Fsock open, Fsock open opens a socket. Now it's a shortcut because it actually takes care of the negotiation. Based on what you feed it, here I'm feeding it www.yahoo.com. Have I fed it ftp.yahoo.com? It would take care of the initialization, you know the little hello string, hey I'm so happy to see you and takes care of closing it for you. It's a good little shortcut. I feed it a port from my array and then I just simply output whether the ports open or the ports close. This is lightning fast when it does this. You could scan, you know, you could scan your, would be a really nice idea is everyone who owns their own consulting company here would basically set up their own little security scanner and PHP that would go out to their clients' websites all the time and make sure that while you were gone, no one's stupid took that firewall off the edge of their machines. You initialize the index variable, create an array of ports to scan, start a loop through the ports, open a socket to the ports with Fsock open, set up a report output. So if you wanna write to a file, if you wanna email it to your friends, like I did with mine, and oh, that's the other thing I did. After he started like hacking into it and he tried to guess my password, which by the way, it's not that sophisticated of a password. I'm not using like letters, numbers, and crazy symbols. He's just a pretty dumb guy. Right, I started to email him the reports that my website sent me of him hacking into it. That like stopped him real quickly. So I loop back through the end. Ideas, loop through low-range ports. So maybe you wanna go 1024 and below. Maybe you wanna look for sub seven. Maybe you wanna look for a Napster running. Idea, output results to an HTML formatted email. Send it to the webmaster. That's what internet seer does. In PHP, it handles MIME types and you can actually generate HTML emails with it. So it's really cool, you can send out reports to people. Output your results to a text file and loop through several URLs. So modify my code and instead of just looping through the ports, do a higher level while loop and loop through different URLs. Also scan a range of IP addresses for vulnerabilities. Wow, what does that mean? Well, you're in the Uberhackster track. Figure it out for yourselves. Okay, the last one is the TCPIP activator. That's right, one night only TCPIP activator. First you start with an FSOC open at the top and then you go ahead and say, oh, can you connect if not die? You can feed any strings via PHP to the desired server. You could emulate a browser of your choosing. You could emulate an entire web page that's being sent to a page. Plus you can use it to read, like I said, and communicate in raw sockets using the sockets implementation in PHP. So I simply here send a variety of useless information out of a file and I grab useless information off their server. Open a socket to a host with timeout. If no access to the port and the execution. So that way you pretty much die if you can't open a web connection. Form a standard HTTP start request and loop through the file that you want into the end. Grab some of their lines, display them and you can write to it with F put and F get. I use F get and F put here. You'll see I put the header there and I get the information off their web page but you can also put information to someone's. You could send it to directly to their IP address if you want. You could spoof your browser version by writing the correct Mozilla version in the header. Everyone here knows that internet explorer calls itself Netscape when it actually goes to a web server. Either that's really cool. It's another innovation from Microsoft. Write that one down. Another idea is through the timeout feature create a mini TCP or IP server. Since you can control the execution of your PHP scripts set up your own little PHP web server. There you go, it'd be fairly undetectable. It wouldn't show up as Apache if someone were to query it. You can make it show up as anything you wanted. Test the number of simultaneous HTTP or FTB connections your host can handle. Very cool. Or you can just try to flood it and see if it shuts down. And lastly, send malformed headers to the page. This is the conclusion. Thus ends our fun, our trip here. I talked about data mining and web security today. How to secure PHP. Tune up your PHP installation and use encryption. Please, please, PHP is new. It's happy. People are loving it. People are starting to get that PHP vibe. You hear people whispering on the street. Hey, you hear about PHP? So let's not create a bunch of really insecure, crappy scripts that have a lot of holes in them so that you can go get your latest server for $1 because you changed the form header and variable from page to page. Please use security. Please filter out HTML. Please don't set the user ID to root and then delete an entire directory just because you want to. Data mining. How to use PHP's regular expressions and the fact that it native writes HTTP and FTP to collect URLs, email addresses, and anything else you want. Make it pictures of the star of your choice. All throughout the web. Web security. Create a simple port scanner and that scans for Windows or web supports. I did an example of both. And then also TCP client server. What's next? I'd like to see a full featured TCP IP server handling multiple sockets and streams. It can be done. PHP's really fast. Run it on your box at home. PHP version of grc.com shields up. You guys know who Steve Gibson is, right? He's in this latest flap with Microsoft over, right? The raw sockets implementation in Windows XP. He's like this kind of, my personal opinion of him is he's kind of this glory hound. He's kind of like, you know, just happy that someone's listening to him. He probably is holed up in some room somewhere. You know, his mom didn't love him when he was a kid and he's happy because everyone raises their hand and goes, I've been to shields up. It's so cool. Okay, I hate him. I hate him. So if he's in this room, I want to spot him right now. Okay, you can improve the speed of searches and execution in my script. I mean, obviously I don't cache searches. I don't, you know, check to see if there are other processes running. I don't lock down the database or do any of those things in it. This is very simple. PHP front ends to TCP IP clients like Windows Messenger and Amster. Windows Messenger is the MSN Messenger that comes with Windows XP. It's like the integrated net meeting meets. Hello, sir. Okay, take your seat. It's the integrated client for it. There's a product called PHP Groupware, which is an open source Groupware product that's intended to compete with Exchange. It's kind of in its infancy, but it's a really cool project. It's at phpgroupware.org and they basically did a Napster emulation in PHP using the raw sockets in PHP. Very, very cool. And you can get it there. It's at SourceForge too, because it's so cool. Resources for further exploration. PHP.net, it's the main website for PHP. The commercial company is Zen Technologies. Zen started by the two guys who recoded it. They used the Zen engine for free in PHP 4. And PHP homepage has a full language reference and it has kind of an integrated user community. So you can get a lot of your questions answered. PHP wizard.net. They have an application there called PHP MyAdmin, which lets you basically admin your MySQL databases from a web-based interface. So don't code that on your own because it's already been done and it's awesome. And they also have code examples there, including a PHP chat client. PHPbuilder.com, which was just purchased by internet.com. So it may suck today, I don't know. But it was a really great reference source. They would have weekly articles on kind of pushing the boundaries of PHP. So PHPbuilder.com is a really good site. And devshed.com. They have a lot of great articles from beginner to advanced. They have a complete walkthrough how to set up your own PHP, Apache, MySQL, and SSL implementation. They have a lot of different information on using Postgres SQL as well as MySQL. All right, I wanna take a time at the end for questions. First, were there any questions about my presentation? Okay, yes, one. Yes, yeah. That's a good point. That's a good point. If we're doing a commercial website, you might wanna have a company that handles your credit card processing for you so you don't have that liability on your website. And if anyone has $100,000, I have a couple really good concepts for companies. So I'm gonna wrap up. Thank you guys very much for sitting here. You can eat now. Anyone who has any questions about PHP, please come up here. My name's Adam. Thank you very much. Ah! Thank.