<h1>Search networks</h1> <?php if (strlen($_GET['search']) >= 3) { require_once 'db.php'; require_once 'common.php'; $k = ''; if (isset($_COOKIE['key'])) { if (valid_key($_COOKIE['key'])) { $k = $_COOKIE['key']; } } if (valid_mac($_GET['search'])) { $bssid = mac2long($_GET['search']); if ($k == $bosskey) { $sql = 'SELECT hex(nets.mic) as mic, nets.bssid AS bssid, nets.ssid AS ssid, nets.pass AS pass, nets.hits, nets.ts FROM nets WHERE bssid = ? ORDER BY net_id DESC'; } else { $sql = 'SELECT hex(nets.mic) as mic, nets.bssid AS bssid, nets.ssid AS ssid, IF(n.u_id IS NULL, IF(nets.pass IS NULL,NULL, \'Found\'), nets.pass) AS pass, nets.hits, nets.ts FROM (SELECT * FROM nets WHERE bssid = ? ORDER BY nets.net_id DESC) AS nets LEFT JOIN (SELECT n2u.net_id AS net_id, users.u_id AS u_id FROM n2u, users WHERE n2u.u_id=users.u_id AND users.userkey=UNHEX(?)) AS n ON n.net_id=nets.net_id'; } $stmt = $mysql->stmt_init(); $stmt->prepare($sql); if ($k == $bosskey) { $stmt->bind_param('i', $bssid); } else { $stmt->bind_param('is', $bssid, $k); } } else {
<?php require_once 'db.php'; require_once 'common.php'; put_work($mysql); echo '<h1>My networks</h1>'; $limit = 20; $k = isset($_COOKIE['key']) && valid_key($_COOKIE['key']) ? $_COOKIE['key'] : ''; $offset = isset($_GET['page']) && is_numeric($_GET['page']) ? ((int) $_GET['page'] - 1) * $limit : 0; $page = $offset / $limit + 1; $sql = 'SELECT SQL_CALC_FOUND_ROWS hex(nets.mic) as mic, nets.bssid AS bssid, nets.ssid AS ssid, nets.pass AS pass, nets.hits, n2u.ts FROM nets, n2u, users WHERE nets.net_id=n2u.net_id AND users.u_id=n2u.u_id AND users.userkey=UNHEX(?) ORDER BY nets.net_id DESC LIMIT ?,?'; $total_sql = 'SELECT FOUND_ROWS()'; $stmt = $mysql->stmt_init(); $stmt->prepare($sql); $stmt->bind_param('sii', $k, $offset, $limit); $ab = $stmt->execute(); $data = array(); stmt_bind_assoc($stmt, $data); write_nets($stmt, $data); $stmt->close(); $stmt = $mysql->prepare($total_sql); $stmt->execute(); $stmt->bind_result($total); $stmt->fetch(); $stmt->close(); $mysql->close(); for ($i = 1; $i < ceil($total / $limit) + 1; ++$i) {
$mailer->Body = "Key to access results is: {$userkey}"; $mailer->Send(); $mailer->SmtpClose(); } catch (Exception $e) { } } } } //validate 32 char key function valid_key($key) { return preg_match('/^[a-f0-9]{32}$/', strtolower($key)); } //Set key if (isset($_POST['key'])) { if (valid_key($_POST['key'])) { require_once 'db.php'; $sql = 'SELECT HEX(userkey) FROM users WHERE userkey=UNHEX(?)'; $stmt = $mysql->stmt_init(); $stmt->prepare($sql); $stmt->bind_param('s', $_POST['key']); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows == 1) { setcookie('key', $_POST['key'], 2147483647, '', '', false, true); $_COOKIE['key'] = $_POST['key']; } else { $_POST['remkey'] = '1'; } $stmt->close(); }
function put_work($mysql) { if (empty($_POST)) { return false; } //get nets by bssid $sql = 'SELECT net_id, hccap FROM nets WHERE bssid = ? AND n_state=0'; $stmt = $mysql->stmt_init(); $stmt->prepare($sql); $data = array(); stmt_bind_assoc($stmt, $data); //get net by nhash $nsql = 'SELECT net_id, hccap FROM nets WHERE mic = unhex(?) AND n_state=0'; $nstmt = $mysql->stmt_init(); $nstmt->prepare($nsql); $ndata = array(); stmt_bind_assoc($nstmt, $ndata); //Update key stmt $usql = 'UPDATE nets SET pass=?, sip=?, n_state=1, sts=NOW() WHERE net_id=?'; $ustmt = $mysql->stmt_init(); $ustmt->prepare($usql); $mcount = 0; foreach ($_POST as $bssid_or_mic => $key) { if (strlen($key) < 8) { continue; } if (valid_mac($bssid_or_mic)) { //old style submission with bssid $ibssid = mac2long($bssid_or_mic); $stmt->bind_param('i', $ibssid); $stmt->execute(); while ($stmt->fetch()) { $hccap = gzinflate(substr($data['hccap'], 10)); if ($key == check_key($hccap, array($key))) { //put result in nets $stmt->free_result(); $iip = ip2long($_SERVER['REMOTE_ADDR']); $net_id = $data['net_id']; $ustmt->bind_param('sii', $key, $iip, $net_id); $ustmt->execute(); //delete from n2d $mysql->query("DELETE FROM n2d WHERE net_id={$net_id}"); } } } elseif (valid_key($bssid_or_mic)) { //hash submission $mic = strtolower($bssid_or_mic); $nstmt->bind_param('s', $mic); $nstmt->execute(); if ($nstmt->fetch()) { $hccap = gzinflate(substr($ndata['hccap'], 10)); if ($key == check_key($hccap, array($key))) { //put result in nets $nstmt->free_result(); $iip = ip2long($_SERVER['REMOTE_ADDR']); $net_id = $ndata['net_id']; $ustmt->bind_param('sii', $key, $iip, $net_id); $ustmt->execute(); //delete from n2d $mysql->query("DELETE FROM n2d WHERE net_id={$net_id}"); } } } if ($mcount++ > 20) { break; } } $stmt->close(); $ustmt->close(); $nstmt->close(); //Update cracked net stats $mysql->query("UPDATE stats SET pvalue = (SELECT count(net_id) FROM nets WHERE n_state=1) WHERE pname='cracked'"); //Create new cracked.txt.gz and update wcount $sql = 'SELECT pass FROM (SELECT pass, count(pass) AS c FROM nets WHERE n_state=1 GROUP BY pass) i ORDER BY i.c DESC'; $stmt = $mysql->stmt_init(); $stmt->prepare($sql); $data = array(); stmt_bind_assoc($stmt, $data); $stmt->execute(); $wl = ''; $i = 0; while ($stmt->fetch()) { $wl = "{$wl}{$data['pass']}\n"; $i += 1; } $stmt->close(); $gzdata = gzencode($wl, 9); $md5gzdata = md5($gzdata, True); $sem = sem_get(888); sem_acquire($sem); file_put_contents(CRACKED, $gzdata); sem_release($sem); //update wcount for cracked dict $cr = '%' . basename(CRACKED); $sql = 'UPDATE dicts SET wcount = ?, dhash = ? WHERE dpath LIKE ?'; $stmt = $mysql->stmt_init(); $stmt->prepare($sql); $stmt->bind_param('iss', $i, $md5gzdata, $cr); $stmt->execute(); $stmt->close(); return true; }