Advertisement
Guest User

Untitled

a guest
Feb 13th, 2013
874
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /*
  2.  * .htaccess
  3.  */
  4. <FilesMatch "^honeypot_image.png$">
  5.     AddType application/x-httpd-php .png
  6. </FilesMatch>
  7.  
  8. /*
  9.  * honeypot_image.png
  10.  */
  11. <?php
  12. // We're an image. Really!
  13. header("Content-type: image/png");
  14.  
  15. // Only do the logging for the desired IP.
  16. if ($_SERVER['REMOTE_ADDR'] == "1.2.3.4") {
  17.  
  18.     // Log file location - use pid as name.
  19.     $log = "path/to/log/" . getmypid() . ".log";
  20.  
  21.     // When?
  22.     $result = date("d.m.Y H:i:s T") . "\n\n";
  23.    
  24.     // From where?
  25.     $result .= "Client Port: {$_SERVER['REMOTE_PORT']}\n\n";
  26.    
  27.     // Maybe whatever it is handles cookies, then it might have interesting session data
  28.     session_start();
  29.     $result .= "Current Session: " . print_r($_SESSION, true) . "\n\n";
  30.     // ... and interesting cookies, too. :)
  31.     $result .= "Cookies: " . print_r($_COOKIE, true) . "\n\n";
  32.  
  33.     // Catch all running processes
  34.     $result .= shell_exec("ps aux") . "\n\n";
  35.    
  36.     // Get all connections including handling processes.
  37.     // (Requires netstat to be run as root, a temporary suid root helps)
  38.     $result .= shell_exec("netstat -anp") . "\n\n";
  39.    
  40.     // Grab the server status. If it's an apache process, we get the script that way.
  41.     // (needs mod_status)
  42.     $result .= shell_exec("lynx -dump http://1.2.3.4/server-status"). "\n\n";
  43.  
  44.     // Write to disk.
  45.     file_put_contents($log, $result, FILE_APPEND);
  46. }
  47.  
  48. // Didn't I say we're an image? :)
  49. echo file_get_contents("the_real_image.png");
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement