SHOW:
|
|
- or go back to the newest paste.
1 | /* | |
2 | * .htaccess | |
3 | */ | |
4 | <FilesMatch "^honeypot_image.png$"> | |
5 | AddType application/x-httpd-php .png | |
6 | </FilesMatch> | |
7 | ||
8 | /* | |
9 | * honeypot_image.png | |
10 | */ | |
11 | <?php | |
12 | // We're an image. Really! | |
13 | header("Content-type: image/png"); | |
14 | ||
15 | // Only do the logging for the desired IP. | |
16 | if ($_SERVER['REMOTE_ADDR'] == "1.2.3.4") { | |
17 | ||
18 | // Log file location - use pid as name. | |
19 | $log = "path/to/log/" . getmypid() . ".log"; | |
20 | ||
21 | // When? | |
22 | $result = date("d.m.Y H:i:s T") . "\n\n"; | |
23 | ||
24 | // From where? | |
25 | $result .= "Client Port: {$_SERVER['REMOTE_PORT']}\n\n"; | |
26 | ||
27 | // Maybe whatever it is handles cookies, then it might have interesting session data | |
28 | session_start(); | |
29 | $result .= "Current Session: " . print_r($_SESSION, true) . "\n\n"; | |
30 | // ... and interesting cookies, too. :) | |
31 | $result .= "Cookies: " . print_r($_COOKIE, true) . "\n\n"; | |
32 | ||
33 | // Catch all running processes | |
34 | $result .= shell_exec("ps aux") . "\n\n"; | |
35 | ||
36 | - | // Get all connections including handling processes. (Requires netstat to be run as root, a temporary suid root helps) |
36 | + | // Get all connections including handling processes. |
37 | // (Requires netstat to be run as root, a temporary suid root helps) | |
38 | $result .= shell_exec("netstat -anp") . "\n\n"; | |
39 | - | // Grab the server status. If it's an apache process, we get the script that way. (needs mod_status) |
39 | + | |
40 | // Grab the server status. If it's an apache process, we get the script that way. | |
41 | // (needs mod_status) | |
42 | $result .= shell_exec("lynx -dump http://1.2.3.4/server-status"). "\n\n"; | |
43 | ||
44 | // Write to disk. | |
45 | file_put_contents($log, $result, FILE_APPEND); | |
46 | } | |
47 | ||
48 | // Didn't I say we're an image? :) | |
49 | echo file_get_contents("the_real_image.png"); |