<?php $pgtitle = "Services: Strikeback"; // TomSchaefer.org strikeback package 2011 // // Notes: Find: ^(.*)$ // Replace: ob_start();\n$results = exec("cat countries.txt | grep XX");\nob_end_clean();\n\tif ($results == 'XX')\n\t\techo "\1";\n\telse\n\t\techo "\1";\n // // // // //require_once('config.inc'); require_once("functions.inc"); require("guiconfig.inc"); include("head.inc"); //set the config as a global variable global $config; $global_usage = '/usr/local/www/packages/strikeback/global_usage'; //$fh = fopen($global_usage, 'r'); //phpinfo(); /* read DB into array */ function strikeback_read_db() { global $g; $sbdb = array(); $sbdblck = lock('strikebackdb'); $fd = @fopen("{$g['vardb_path']}/strikeback.db", "r"); if ($fd) { while (!feof($fd)) { $line = trim(fgets($fd)); if ($line) $sbdb[] = explode(",", $line); } fclose($fd); } unlock($sbdblck); return $sbdb; } /* write DB */ function strikeback_write_db($sbdb) { global $g; $sbdblck = lock('strikebackdb', LOCK_EX); $fd = @fopen("{$g['vardb_path']}/strikeback.db", "w"); if ($fd) { //foreach ($sbdb as $cpent) { //fwrite($fd, join(",", $cpent) . "\n"); fwrite($fd, join(",", $sbdb) . "\n"); //} fclose($fd); } unlock($sbdblck); } if(isset($_GET[target])) { mwexec("mkdir /usr/local/www/packages/strikeback/reports"); //mwexec("/usr/local/bin/nmap -oX /usr/local/www/packages/strikeback/reports/".$_GET[target].".xml -vvsS -sU -sY -O ".$_GET[target]."> /dev/null 2>&1 &"); mwexec("/usr/local/bin/nmap -oX /usr/local/www/packages/strikeback/reports/".$_GET[target].".xml -vv -sS -sU -sY -O ".$_GET[target]); echo "<script type=\"text/javascript\">\n"; echo "\n"; echo "window.open( \"parse.php\" )\n"; echo "</script> \n"; } if (count($_POST)>0) { conf_mount_rw(); $ent = array(); if ($_POST['enable'] == 1) { //echo "enabled"; $config['installedpackages']['strikeback_settings']['config'][0]['enable'] = 1; mwexec("/usr/bin/sed -i -e 's/iplog_enable=\"NO\"/iplog_enable=\"YES\"/g' /usr/local/etc/rc.d/iplog"); mwexec("rm /usr/local/etc/rc.d/iplog-e"); mwexec("/usr/local/etc/rc.d/iplog start"); mwexec("touch /usr/local/www/packages/strikeback/ENABLED"); } else { //echo "disabled"; $config['installedpackages']['strikeback_settings']['config'][0]['enable'] = 0; mwexec("/usr/bin/sed -i -e 's/iplog_enable=\"YES\"/iplog_enable=\"NO\"/g' /usr/local/etc/rc.d/iplog"); mwexec("rm /usr/local/etc/rc.d/iplog-e"); mwexec("/usr/local/etc/rc.d/iplog stop"); mwexec("rm /usr/local/www/packages/strikeback/ENABLED"); } //write_config(); //services_dnsmasq_configure(); sleep(1); $savemsg_cb = "strikeback settings have been saved/updated. "; conf_mount_ro(); } ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if ($savemsg) print_info_box($savemsg); ?> <form method=POST action=""> <?php if (file_exists("/usr/local/www/packages/strikeback/ENABLED")){ echo "<input name='enable' type='checkbox' value='1' checked>\n"; } else { echo "<input name='enable' type='checkbox' value='1'>\n"; } //if ($config['installedpackages']['strikeback_settings']['config'][0]['enable'] == 1) { //echo('enabled'); //echo "<input name='enable' type='checkbox' value='1' checked>\n"; //} //elseif ($resultstop > '0') { //echo "<input name='enable' type='checkbox' value='1' checked>\n"; //} //else { // echo "<input name='enable' type='checkbox' value='1'>\n"; //} ?><strong>Enable Strikeback</strong><br><br> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> <?php $tab_array = array(); $tab_array[0] = array("Log Viewer", true, "strikeback.php"); $tab_array[1] = array("Settings", false, "settings.php"); //$tab_array[2] = array("Whitelist", false, "whitelist.php"); //$tab_array[3] = array("Interfaces", false, "strikeback_if.php"); $tab_array[4] = array("Help", false, "help.php"); //$tab_array[5] = array("Email", false, "email.php"); $tab_array[6] = array("Results", false, "parse.php\" target=\"_blank\""); display_top_tabs($tab_array); ?> </td></tr> <tr> <td> <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="listhdrr">Main</td> </tr> <tr> <td class="listlr" valign="middle"> <?php conf_mount_rw(); if (file_exists("/var/log/iplog")){ }else{ echo("iplog not started"); } if(isset($_POST['formSubmit'])) { mwexec("mkdir /var/run/iplog"); mwexec("rm /var/log/iplog"); mwexec("touch /var/log/iplog"); mwexec("/usr/local/etc/rc.d/iplog restart"); } conf_mount_ro(); ?> <style type="text/css"> a img {border:none; } </style> </head> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td > </form> <form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post"> <p> </p> <h3><p style="font-family:Arial, Helvetica, sans-serif"> <?php //TESTING AREA //echo("testing AREA <br />"); $sbdb = strikeback_read_db(); //print just one element out of db //print_r($sbdb[0][1]); //print line out of db //print_r($sbdb[0]); //$cpdbtest = array("blueT","yellow","testing","enddblineTom"); //print_r($cpdbtest); //strikeback_write_db($cpdbtest); //echo("<br />END testing AREA <br />"); //END TESTING //mwexec("touch /var/log/iplog"); //suppress errors so noobs on forums won't bother me if (file_exists("/var/log/iplog")){ $lines = file('/var/log/iplog'); } //arrays to catch the things you need $ssh = array(); $port_scan = array(); $ip_addr = array(); // fill the arrays if (file_exists("/var/log/iplog")){ foreach($lines as $line){ if(preg_match('/ssh connection attempt/',$line)){ $ssh[] = $line; } if(preg_match('/(\d+).(\d+).(\d+).(\d+)/',$line)){ $ip_addr[] = $line; } } foreach($lines as $line){ if(preg_match('/ssh connection attempt/',$line)){ echo("<font color='#" . $sbdb[0][14] . "'>"); echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); echo("</font>"); } elseif(preg_match('/port.scan/',$line)){ echo("<font color='#" . $sbdb[0][12] . "'>"); echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); echo("</font>"); echo("<a href=strikeback.php?target="); $ipaddress = preg_match_all('/(\d+)\.(\d+)\.(\d+)\.(\d+)/', $line, $out); print_r($out[0][0]); echo("><font style='text-decoration:underline;' color='#9933CC'>Execute Strikeback</font></a>"); //echo($out[0]); } elseif(preg_match('/dgram/',$line)){ echo("<font color='#" . $sbdb[0][13] . "'>"); echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); echo("</font>"); } elseif(preg_match('/https/',$line)){ echo("<font color='#" . $sbdb[0][0] . "'>"); echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); echo("</font>"); } elseif(preg_match('/imaps/',$line)){ echo("<font color='#" . $sbdb[0][1] . "'>"); echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); echo("</font>"); } elseif(preg_match('/ftp/',$line)){ echo("<font color='#" . $sbdb[0][2] . "'>"); echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); echo("</font>"); } elseif(preg_match('/submission/',$line)){ echo("<font color='#" . $sbdb[0][3] . "'>"); echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); echo("</font>"); } elseif(preg_match('/auth.connection/',$line)){ echo("<font color='#" . $sbdb[0][4] . "'>"); echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); echo("</font>"); } elseif(preg_match('/netbios-ssn/',$line)){ echo("<font color='#" . $sbdb[0][5] . "'>"); echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); echo("</font>"); } elseif(preg_match('/smtp/',$line)){ echo("<font color='#" . $sbdb[0][6] . "'>"); echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); echo("</font>"); } elseif(preg_match('/pop3/',$line)){ echo("<font color='#" . $sbdb[0][7] . "'>"); echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); echo("</font>"); } elseif(preg_match('/telnet/',$line)){ echo("<font color='#" . $sbdb[0][8] . "'>"); echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); echo("</font>"); } elseif(preg_match('/blackjack/',$line)){ echo("<font color='#" . $sbdb[0][9] . "'>"); echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); echo("</font>"); } elseif(preg_match('/rap.connection/',$line)){ echo("<font color='#" . $sbdb[0][10] . "'>"); echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); echo("</font>"); } elseif(preg_match('/port.3389/',$line)){ echo("<font color='#" . $sbdb[0][11] . "'>"); echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); echo("</font>"); } else { echo preg_replace('/(\d+)\.(\d+)\.(\d+)\.(\d+)/','<a target="_blank" href=\'http://dnstools.com/?count=1&lookup=on&wwwhois=on&portNum=80&all=on&target=$1.$2.$3.$4&submit=Go%21\'>$1.$2.$3.$4</a>',$line); } echo("<br />"); } } ?> <font color="#9933CC" > <br/><br/> <input type="submit" name="formSubmit" value="Clear Log" /> </p> </h3> </form> <br/> </div> <?php //This input guarantees that a POST is sent echo "<input type='hidden' name='zzz' value='required'>"; ?> </td> </tr> </table> </td> </tr> </table> </div> <br> <br><br> <input type="submit" value="Save"><br><br> <p> </p> </td> </tr> </table> </form> <?php include("fend.inc"); ?> </body> </html>