<h1>Search networks</h1>
<?php
if (strlen($_GET['search']) >= 3) {
require_once 'db.php';
require_once 'common.php';
$k = '';
if (isset($_COOKIE['key'])) {
if (valid_key($_COOKIE['key'])) {
$k = $_COOKIE['key'];
}
}
if (valid_mac($_GET['search'])) {
$bssid = mac2long($_GET['search']);
if ($k == $bosskey) {
$sql = 'SELECT hex(nets.mic) as mic, nets.bssid AS bssid, nets.ssid AS ssid, nets.pass AS pass, nets.hits, nets.ts
FROM nets
WHERE bssid = ?
ORDER BY net_id DESC';
} else {
$sql = 'SELECT hex(nets.mic) as mic, nets.bssid AS bssid, nets.ssid AS ssid, IF(n.u_id IS NULL, IF(nets.pass IS NULL,NULL, \'Found\'), nets.pass) AS pass, nets.hits, nets.ts
FROM (SELECT * FROM nets WHERE bssid = ? ORDER BY nets.net_id DESC) AS nets
LEFT JOIN (SELECT n2u.net_id AS net_id, users.u_id AS u_id FROM n2u, users WHERE n2u.u_id=users.u_id AND users.userkey=UNHEX(?)) AS n ON n.net_id=nets.net_id';
}
$stmt = $mysql->stmt_init();
$stmt->prepare($sql);
if ($k == $bosskey) {
$stmt->bind_param('i', $bssid);
} else {
$stmt->bind_param('is', $bssid, $k);
}
} else {
<?php
require_once 'db.php';
require_once 'common.php';
put_work($mysql);
echo '<h1>My networks</h1>';
$limit = 20;
$k = isset($_COOKIE['key']) && valid_key($_COOKIE['key']) ? $_COOKIE['key'] : '';
$offset = isset($_GET['page']) && is_numeric($_GET['page']) ? ((int) $_GET['page'] - 1) * $limit : 0;
$page = $offset / $limit + 1;
$sql = 'SELECT SQL_CALC_FOUND_ROWS hex(nets.mic) as mic, nets.bssid AS bssid, nets.ssid AS ssid, nets.pass AS pass, nets.hits, n2u.ts
FROM nets, n2u, users
WHERE nets.net_id=n2u.net_id AND users.u_id=n2u.u_id AND users.userkey=UNHEX(?)
ORDER BY nets.net_id DESC
LIMIT ?,?';
$total_sql = 'SELECT FOUND_ROWS()';
$stmt = $mysql->stmt_init();
$stmt->prepare($sql);
$stmt->bind_param('sii', $k, $offset, $limit);
$ab = $stmt->execute();
$data = array();
stmt_bind_assoc($stmt, $data);
write_nets($stmt, $data);
$stmt->close();
$stmt = $mysql->prepare($total_sql);
$stmt->execute();
$stmt->bind_result($total);
$stmt->fetch();
$stmt->close();
$mysql->close();
for ($i = 1; $i < ceil($total / $limit) + 1; ++$i) {
$mailer->Body = "Key to access results is: {$userkey}";
$mailer->Send();
$mailer->SmtpClose();
} catch (Exception $e) {
}
}
}
}
//validate 32 char key
function valid_key($key)
{
return preg_match('/^[a-f0-9]{32}$/', strtolower($key));
}
//Set key
if (isset($_POST['key'])) {
if (valid_key($_POST['key'])) {
require_once 'db.php';
$sql = 'SELECT HEX(userkey) FROM users WHERE userkey=UNHEX(?)';
$stmt = $mysql->stmt_init();
$stmt->prepare($sql);
$stmt->bind_param('s', $_POST['key']);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
setcookie('key', $_POST['key'], 2147483647, '', '', false, true);
$_COOKIE['key'] = $_POST['key'];
} else {
$_POST['remkey'] = '1';
}
$stmt->close();
}
function put_work($mysql)
{
if (empty($_POST)) {
return false;
}
//get nets by bssid
$sql = 'SELECT net_id, hccap FROM nets WHERE bssid = ? AND n_state=0';
$stmt = $mysql->stmt_init();
$stmt->prepare($sql);
$data = array();
stmt_bind_assoc($stmt, $data);
//get net by nhash
$nsql = 'SELECT net_id, hccap FROM nets WHERE mic = unhex(?) AND n_state=0';
$nstmt = $mysql->stmt_init();
$nstmt->prepare($nsql);
$ndata = array();
stmt_bind_assoc($nstmt, $ndata);
//Update key stmt
$usql = 'UPDATE nets SET pass=?, sip=?, n_state=1, sts=NOW() WHERE net_id=?';
$ustmt = $mysql->stmt_init();
$ustmt->prepare($usql);
$mcount = 0;
foreach ($_POST as $bssid_or_mic => $key) {
if (strlen($key) < 8) {
continue;
}
if (valid_mac($bssid_or_mic)) {
//old style submission with bssid
$ibssid = mac2long($bssid_or_mic);
$stmt->bind_param('i', $ibssid);
$stmt->execute();
while ($stmt->fetch()) {
$hccap = gzinflate(substr($data['hccap'], 10));
if ($key == check_key($hccap, array($key))) {
//put result in nets
$stmt->free_result();
$iip = ip2long($_SERVER['REMOTE_ADDR']);
$net_id = $data['net_id'];
$ustmt->bind_param('sii', $key, $iip, $net_id);
$ustmt->execute();
//delete from n2d
$mysql->query("DELETE FROM n2d WHERE net_id={$net_id}");
}
}
} elseif (valid_key($bssid_or_mic)) {
//hash submission
$mic = strtolower($bssid_or_mic);
$nstmt->bind_param('s', $mic);
$nstmt->execute();
if ($nstmt->fetch()) {
$hccap = gzinflate(substr($ndata['hccap'], 10));
if ($key == check_key($hccap, array($key))) {
//put result in nets
$nstmt->free_result();
$iip = ip2long($_SERVER['REMOTE_ADDR']);
$net_id = $ndata['net_id'];
$ustmt->bind_param('sii', $key, $iip, $net_id);
$ustmt->execute();
//delete from n2d
$mysql->query("DELETE FROM n2d WHERE net_id={$net_id}");
}
}
}
if ($mcount++ > 20) {
break;
}
}
$stmt->close();
$ustmt->close();
$nstmt->close();
//Update cracked net stats
$mysql->query("UPDATE stats SET pvalue = (SELECT count(net_id) FROM nets WHERE n_state=1) WHERE pname='cracked'");
//Create new cracked.txt.gz and update wcount
$sql = 'SELECT pass FROM (SELECT pass, count(pass) AS c FROM nets WHERE n_state=1 GROUP BY pass) i ORDER BY i.c DESC';
$stmt = $mysql->stmt_init();
$stmt->prepare($sql);
$data = array();
stmt_bind_assoc($stmt, $data);
$stmt->execute();
$wl = '';
$i = 0;
while ($stmt->fetch()) {
$wl = "{$wl}{$data['pass']}\n";
$i += 1;
}
$stmt->close();
$gzdata = gzencode($wl, 9);
$md5gzdata = md5($gzdata, True);
$sem = sem_get(888);
sem_acquire($sem);
file_put_contents(CRACKED, $gzdata);
sem_release($sem);
//update wcount for cracked dict
$cr = '%' . basename(CRACKED);
$sql = 'UPDATE dicts SET wcount = ?, dhash = ? WHERE dpath LIKE ?';
$stmt = $mysql->stmt_init();
$stmt->prepare($sql);
$stmt->bind_param('iss', $i, $md5gzdata, $cr);
$stmt->execute();
$stmt->close();
return true;
}
