- #1
Jamin2112
- 986
- 12
Here's the setup:
I'm trying to write a PHP script to spam my buddy's website. He has given me full permission to try and do so. I have a very rudimentary understanding of HTTP protocols and am probably doing something wrong, because my attempt hasn't been working.
Here's my PHP script:
Since that's probably unreadable, here's a link to a pretty version:
https://gist.github.com/anonymous/22457214c34564647eea
The code, as is, attempts to generate 10 random comments (Once I get this working, I'll change that number to 1,000,000,000,000 hahah) using random strings for the 3 fields that need to be filled out in a comment, author, email and comment. Those correspond to 3 names of input elements inside a
element with action wp-comments-post.php and method post.
So the crucial parts of the code are where I try to use a cURL object to issue post requests:
and
and
and
and
That sequence should do what I want, no? I was trying to following this documentation: http://codular.com/curl-with-php
Any help greatly appreciated.
I'm trying to write a PHP script to spam my buddy's website. He has given me full permission to try and do so. I have a very rudimentary understanding of HTTP protocols and am probably doing something wrong, because my attempt hasn't been working.
Here's my PHP script:
Code:
<!DOCTYPE html>
<html>
<head>
<title>attack script</title>
</head>
<body>
<?php
/* ------------ Functions needed for attack --------------------- */
function rand_str($len)
{
$str = "";
while ($len-- > 0)
{
$val = rand(0,1) ? rand(ord("A"),ord("Z")) : rand(ord("a"),ord("z"));
$str .= chr($val);
}
return $str;
}
/* ----------------- Misc. preprocessing -------------------- */
date_default_timezone_set('America/Los_Angeles');
/* ----------------- Initialize new cURL session -------------------- */
$curl = curl_init();
$page_url = "[PLAIN]http://feucht.us/blog";[/PLAIN]
$funct_url = "[PLAIN]http://feucht.us/blog/wp-comments-post.php";[/PLAIN]
curl_setopt($curl, CURLOPT_URL, $funct_url);
/* ---------------------- Begin attack ----------------------------- */
echo("<h1>Comment spam run on <i>". $page_url . "</i> on " . date("d-m-Y h:i:s") . "</h1>");
echo("<h3><b>RESULTS:</b></h3>");
$num_coms = 10; /* # of comments to post */
$wait_period = 1; /* # of seconds to wait between posting each comment */
$name_length_bounds = array(5,20); /* min and max length of random name to be generated */
$alias_length_bounds = array(8,15); /* min and max length of random email prefix to be generated */
$email_length_bounds = array(3,10); /* min and max length of random email provider to be generated */
$comment_length_bounds = array(5, 40); /* min and max length of random comment to be generated */
while ($num_coms-- > 0)
{
/* Pause between the posting of comments: */
sleep($wait_period);
/* Initialize random names, email addresses and comments: */
$rname = rand_str(rand($name_length_bounds[0], $name_length_bounds[1]));
$remail = rand_str(rand($alias_length_bounds[0], $alias_length_bounds[1])) . "@" . rand_str(rand($email_length_bounds[0], $email_length_bounds[1])) . ".com";
$rcomment = rand_str(rand($comment_length_bounds[0], $comment_length_bounds[1]));
/* Create POST request string from random text and add to cURL object */
$post_string = "author=" . $rname . "&email=" . $remail . "&comment=" . $rcomment;
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_string);
/* Execute the request and print out whether it succeeded or failed. */
echo(curl_exec($curl) ? "<hr><p><span style='color:green'>Successfully submitted</span>" : "<hr><p><span style='color:red'>Did not successfully submit</span>");
echo(" POST request <b>" . $post_string . "</b></p><p>to</p><p><b>" . $funct_url . "</b></p>");
}
?>
</body>
</html>
Since that's probably unreadable, here's a link to a pretty version:
https://gist.github.com/anonymous/22457214c34564647eea
The code, as is, attempts to generate 10 random comments (Once I get this working, I'll change that number to 1,000,000,000,000 hahah) using random strings for the 3 fields that need to be filled out in a comment, author, email and comment. Those correspond to 3 names of input elements inside a
Code:
form
So the crucial parts of the code are where I try to use a cURL object to issue post requests:
Code:
$curl = curl_init();
and
Code:
$funct_url = "[PLAIN]http://feucht.us/blog/wp-comments-post.php";[/PLAIN]
and
Code:
curl_setopt($curl, CURLOPT_URL, $funct_url);
and
Code:
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_string);
and
Code:
curl_exec($curl)
That sequence should do what I want, no? I was trying to following this documentation: http://codular.com/curl-with-php
Any help greatly appreciated.
Last edited by a moderator: