Solved

about download.php

Posted on 2003-12-07
13
326 Views
Last Modified: 2008-03-06
hello

i've been to several websites that required me to download the file through their download.php

for ex : http://www.toriyamaworld.com/download.php?filename=hxh-15-12.zip

however, i wanna skip this process by trying get the file from a direct llink
which i need to get the address from those line in the download.php

however, i believe that we can't download "download.php" manualy, we may need to use some trick
but i don't really know how to?

anybody know aobut this?

Thx
Tom
0
Comment
Question by:tom_mk
  • 3
  • 2
  • 2
  • +2
13 Comments
 
LVL 1

Accepted Solution

by:
Rayni earned 168 total points
ID: 9894793
If the script is secure enough it will be a tack to obtain such a thing, you can instead download the file using a download program and trace it back to its original link and hope that that file or all the files are stored in the same folder and just copy and paste the file name with the link.

Many of these scipts and made secure so that people have to register to DL the file. With the link you gave it redirects you so that means they are using permissions to access the file which is something hard to get around unless you have the file or access.

- Daniel
0
 
LVL 13

Assisted Solution

by:lozloz
lozloz earned 166 total points
ID: 9896111
adding to what rayni said, if the script is written well, it could be impossible to get the file because the file could be stored below the root or in a location that a user can't access from outside the server. this would then be read in, a header sent and the file output in the script

cheers,

loz
0
 
LVL 6

Expert Comment

by:aolXFT
ID: 9897739
Why do you want to do this?

It also depends on what download.php does, does it stream the file, or does it redirect  you to the file.

If it redirects you, then all you have to do is get the redirection url.

If it streams you you can simply pass the correct arguments to download.php

Things get more complex if they require you to register.
0
 
LVL 6

Expert Comment

by:aolXFT
ID: 9897740
Are you trying to use wget?
0
 

Author Comment

by:tom_mk
ID: 9900378
what's wget?

btw..i thik it just redirect me to the dowload place la..
and it may have some script that block user to be able to d/l 1 file in 10 mins..
but i'm not sure..

this is the page i mentioned.. http://www.brainfart.org/hxh/

can u guys take a look at it?



Tom
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 13

Expert Comment

by:lozloz
ID: 9900643
sorry but i agree with what they say - use bittorrent if you're on broadband, or if you're on 56k then the wait shouldn't be long between downloading chapters..

loz
0
 

Author Comment

by:tom_mk
ID: 9901454
oh man..
for my curiosity ...i need to know the process ..

i know it's not right thing to do..but i wanna know how to crack that download.php out ah..

let's say..it's for my education ..la

TOm
0
 
LVL 6

Assisted Solution

by:aolXFT
aolXFT earned 166 total points
ID: 9906647
We can show you how to do something similar, but under no circumstances can we tell you how to circumvent someones security. Which is what that is. It is a method for them to secure their bandwidth.

If you wanted to recreate something like that, you could simply generate a hash that identifys your visitors.

If you have that hash in a db as having viewed in the last 10 minutes, refuse the download. Otherwise Open the file, and print the relevent headers, and output the files contents.




0
 
LVL 2

Expert Comment

by:sandoshvr
ID: 9948408
Hi,

You can use CURL to find out.
You can follow each and every hop to reach the final file...and hence find the path of the file.

code:
$ch = curl_init($url); //$url -> download url
curl_setopt($ch,CURLOPT_FOLLOWLOCATION,0); //to follow hops. start from 0
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$data = curl_exec($ch);
curl_close($ch);
print($data);

in the header part you can easily find out.
eg:
Location: http://www.saarang.org/new
0
 
LVL 2

Expert Comment

by:sandoshvr
ID: 9948417
eg: using the above script i found that it is at

http://www.vault-thirteen.com/tw/hxh-15-12.zip

for eg: visit http://www.saarang.org/in.php

hope you found the soln.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now