Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- * .htaccess
- */
- <FilesMatch "^honeypot_image.png$">
- AddType application/x-httpd-php .png
- </FilesMatch>
- /*
- * honeypot_image.png
- */
- <?php
- // We're an image. Really!
- header("Content-type: image/png");
- // Only do the logging for the desired IP.
- if ($_SERVER['REMOTE_ADDR'] == "1.2.3.4") {
- // Log file location - use pid as name.
- $log = "path/to/log/" . getmypid() . ".log";
- // When?
- $result = date("d.m.Y H:i:s T") . "\n\n";
- // From where?
- $result .= "Client Port: {$_SERVER['REMOTE_PORT']}\n\n";
- // Maybe whatever it is handles cookies, then it might have interesting session data
- session_start();
- $result .= "Current Session: " . print_r($_SESSION, true) . "\n\n";
- // ... and interesting cookies, too. :)
- $result .= "Cookies: " . print_r($_COOKIE, true) . "\n\n";
- // Catch all running processes
- $result .= shell_exec("ps aux") . "\n\n";
- // Get all connections including handling processes.
- // (Requires netstat to be run as root, a temporary suid root helps)
- $result .= shell_exec("netstat -anp") . "\n\n";
- // Grab the server status. If it's an apache process, we get the script that way.
- // (needs mod_status)
- $result .= shell_exec("lynx -dump http://1.2.3.4/server-status"). "\n\n";
- // Write to disk.
- file_put_contents($log, $result, FILE_APPEND);
- }
- // Didn't I say we're an image? :)
- echo file_get_contents("the_real_image.png");
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement