Wall of Shame/Wall of Sheep PHP Script

You all have seen the Wall of Shame/Wall of Sheep that they run at various hacker cons right? What they do is set up a box on the gateway that sniffs for plaintext passwords and displays them. Well, I could not find any code to do this, so I made my own. You feed it with the output from Ettercap (ettercap -Tq -d -m ettertest.txt), read the comments in the code for details. Can anyone else test this out an see how it works for them? I hope to release it on my website on the 1st.

PHP Code:

<? /* Irongeek's Wall Of Shame Code ver. 0.5 Irongeek -at- irongeek.com [url]http://www.irongeek.com[/url] Just a fugly script I wrote to tage a logfile from Etthercap ad display passwords to a webpage. Ettercap supports: TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG (other protocols coming soon...) Some help from: [url]http://www.php.net/[/url] [url]http://www.theukwebdesigncompany.com/articles/article.php?article=165[/url] Consider this code GPLed, but it would be sweet of you to link back to Irongeek.com if you use it. */ ?> <HTML>  <META HTTP-EQUIV="Refresh" Content = "30; URL=shame.php" <TITLE>Irongeek's Wall Of Shame</TITLE> <BODY bgcolor="#FFFFCC"> <? function between($somestring, $ss1, $ss2){ if ($ss2 != "\0"){ return trim(substr($somestring, strpos($somestring, $ss1)+strlen($ss1), strpos($somestring, $ss2)-strpos($somestring, $ss1)-+strlen($ss1) ) ); } else { return trim(substr($somestring, strpos($somestring, $ss1)+strlen($ss1), strlen($somestring)-strpos($somestring, $ss1))); } } function showfirst($somestring, $chrnum ){ if ($chrnum != "all"){ //Swtich comments on the two lines below if you wan an * for every character in the password. //return str_pad(substr($somestring, 0, $chrnum), strlen($somestring), "*"); return str_pad(substr($somestring, 0, $chrnum), 10, "*"); } else { return $somestring; } } function PrintCapItem($fontcolor, $proto, $target, $user, $password, $info ){ echo "<TR><TD>$proto</TD><TD> $target</TD><TD> $user</TD><TD>$password</TD></TR> <TR><TD></TD><TD COLSPAN=\"3\">More Info: $info </TD></TR>\n"; } /*Point the line below to the log file you are creating with "ettercap -Tq -D -m ettertest.txt" if you get an error like: BUG at [ec_ui.c:ui_register:339] ops->input == NULL then try just "ettercap -Tq -m ettertest.txt" without the daemon option. Also, you could ARP poison the gateway if you like with a command like: ettercap -Tq -m /var/ettertest.txt -M arp /gateway-IP/ // */ $filename = "/var/ettertest.txt"; $fd = fopen ($filename, "r"); $contents = fread ($fd,filesize ($filename)); fclose ($fd); $delimiter = "\n"; //If you want only unique lines make sure the line below is uncommented. $splitcontents =array_reverse(array_unique(explode($delimiter, $contents))); //If you want all lines make sure the line below is uncommented. //$splitcontents = array_reverse(explode($delimiter, $contents)); /*Set the below to just show the first X characters of the password, "all" to show all. If you are going to set this, also change the location/name of the ettercap log tokeep folks from finding it. */ define("SHOWXCHR", "2"); ?> <CENTER>Irongeek's Wall Of Shame</CENTER> <hr> <hr> <? echo "<TABLE BORDER=\"1\" ALIGN=\"CENTER\" bgcolor=\"#FFFFFF\" bordercolorlight=\"#0000FF\" bordercolordark=\"#330099\" >"; echo "<TR><TD>Protocol</TD><TD>Target</TD><TD>User</TD> <TD>Password</TD></TR>"; foreach ( $splitcontents as $line ) { $line=str_replace(">",">",str_replace("<","<",$line)); $proto =trim(substr($line, 0, strpos($line, ":"))); switch ($proto): case "SNMP": $fontcolor="\"#009900\""; $target= between($line, " : ", " -> COMMUNITY:"); $user= "N/A"; $password=showfirst(between($line, " -> COMMUNITY: ", " INFO:"), SHOWXCHR); $info=between($line, "INFO:", "\0"); PrintCapItem($fontcolor, $proto, $target,$user,$password, $info ); break; case "HTTP": $fontcolor="\"#330099\""; $target= between($line, " : ", " -> USER: "); $user= between($line, "USER: ", " PASS:"); $password=showfirst(between($line, "PASS: ", " INFO:"), SHOWXCHR); $info=between($line, "INFO:", "\0"); PrintCapItem($fontcolor, $proto, $target,$user,$password, $info ); break; case "TELNET": $fontcolor="\"#CC33CC\""; $target= between($line, " : ", " -> USER:"); $user= between($line, "USER: ", " PASS:"); $password=showfirst(between($line, "PASS:", "\0"), SHOWXCHR); $info="N/A"; PrintCapItem($fontcolor, $proto, $target,$user,$password, $info ); break; case "POP": $fontcolor="\"#8888FF\""; $target= between($line, " : ", " -> USER:"); $user= between($line, "USER: ", " PASS:"); $password=showfirst(between($line, "PASS:", "\0"), SHOWXCHR); $info="N/A"; PrintCapItem($fontcolor, $proto, $target,$user,$password, $info ); break; case "FTP": $fontcolor="\"#004400\""; $target= between($line, " : ", " -> USER:"); $user= between($line, "USER: ", " PASS:"); $password=showfirst(between($line, "PASS:", "\0"), SHOWXCHR); $info="N/A"; PrintCapItem($fontcolor, $proto, $target,$user,$password, $info ); break; case "VNC": $fontcolor="\"#00708\""; $target= between($line, " : ", " ->"); $user="Challenge:"." ".between($line, " -> Challenge:", " Response:"); $password="Response:"." ".between($line, " Response:", "\0"); $info="N/A"; PrintCapItem($fontcolor, $proto, $target,$user,$password, $info ); break; case "IRC": $fontcolor="\"#FF3333\""; $target= between($line, " : ", " -> USER: "); $user= between($line, "USER: ", " PASS:"); $password=showfirst(between($line, "PASS: ", " INFO:"), SHOWXCHR); $info=between($line, "INFO:", "\0"); PrintCapItem($fontcolor, $proto, $target,$user,$password, $info ); break; case "YMSG": $fontcolor="\"#BBBB00\""; $target= between($line, " : ", " -> USER: "); $user= between($line, "USER: ", " HASH:"); $password=showfirst(between($line, "HASH: ", " - "), SHOWXCHR); $info=between($line, " - ", "\0"); PrintCapItem($fontcolor, $proto, $target,$user,$password, $info ); break; case "DHCP": break; default: if (strpos($line, " : ") != 0 && strpos($line, "PASS") != 0){ $fontcolor="\"#FF00FF\""; $target= between($line, " : ", " -> USER:"); $user= between($line, "USER: ", " PASS:"); $password=showfirst(between($line, "PASS:", "\0"), SHOWXCHR); $info="N/A"; PrintCapItem($fontcolor, $proto, $target,$user,$password, $info ); break; }else{ $trash=$trash."<TR><TD COLSPAN=\"4\">$proto $line</TD></TR>"; } endswitch ; } //Call the PHP script with a ?debug=1 on the end to see the trash lines. if ($_GET[debug]==1) echo $trash; echo "</TABLE>"; ?> <HR> <CENTER>Source code for this “Wall of Shame” script can be found at <A HREF="http://www.irongeek.com">[url]http://www.irongeek.com[/url]</A></CENTER> </BODY> </HTML>

Looks like a nice script, written in php too, my favorite. Make sure you just upload the text file, don't actually run ettercap on your webhost or datacenter server, they tend to frown on sniffers, lol.

Take it easy.
PuReWebDev

Thank. I've put a better version of the script here:
http://www.irongeek.com/i.php?page=security/wallofshame
With screenshots. :)

Getting it running in backtrack 2 final.

Irongeek,

Could you show how to get the php script up and running. I am running Backtrack 2 final and have ettercap working fine. I am capturing usernames and passwords but I am not familiar with php at all.

Thanks

Quote:

03-07-2006, 12:02 AM

Hmmm, see above?