automation/sendCommand.php at master · as00paf/automation · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
<?php
function sendMsg($args)
{
    $fp = fsockopen($args["host"],$args["port"], $errno, $errstr, 10);

    if (!$fp)
    { //Something didn't work....
        echo "ERROR: $errno - $errstr\n";
        return FALSE;

    } else {

        // First wake up the server, for security reasons it does not
        // respond by it self it needs this string, why this odd word ?
        // well if someone is scanning ports "connect" would be very obvious
        // this one you'd never guess :-)

        fputs($fp, "quintessence\n\r");

        // The server now returns a cookie, the protocol works like the
        // APOP protocol. The server gives you a cookie you add :<password>
        // calculate the md5 digest out of this and send it back
        // if the digests match you are in.
        // We do this so that noone can listen in on our password exchange
        // much safer then plain text.

        $cookie = fgets($fp, 400);

        // Trim all enters and whitespaces off
        $cookie = trim($cookie);

        // Combine the token <cookie>:$args[pword]
        $token = $cookie . ":" . $args["password"];

        // Calculate the digest
        $digest = md5($token);

        // add the enters
        $digest = $digest . "\n";

        // Send it to the server
        fputs($fp, $digest );

        // Get the answer
        $res = fgets($fp, 400);

        // If the password was correct and you are allowed to connect
        // to the server, you'll get "accept"
        if ( trim($res) != "accept" )
        {
             fclose($fp);
             return FALSE;
        }

        if (isset($args['payload']))
        {
            if (is_array($args['payload']))
            {
                foreach($args['payload'] as $key => $value)
                    fputs($fp, "payload " . $value . "\n");
            }else
            {
                if ( $args["payload"] <> "" )
                    fputs($fp, "payload ".$args["payload"]."\n");
            }
        }
        // now just pipe those commands to the server
        fputs($fp, $args["eventstring"]."\n");

        // tell the server that we are done nicely.
        fputs($fp, "close\n");

        fclose($fp);

        return TRUE;
    }
}


if (isset($_GET))
{
    if(isset($_GET['host']))
        $args['host'] = urldecode($_GET['host']);
    else
        $args['host'] = '127.0.0.1';
    $args['port'] = 2886;
    //$args['password'] = 'pass';
    $args['eventstring'] =  urldecode($_GET['event']);
    foreach($_GET as $key => $value)
        if(strcasecmp(substr($key, 0, 3), 'pld') == 0)
            $args['payload'][] = urldecode($value);
    sendMsg($args);
    if(!isset($_GET['REFERER']))
        $_GET['REFERER'] = "index.html";
    header("Location: http://".$_SERVER['HTTP_HOST']
           . dirname($_SERVER['PHP_SELF'])
           ."/".$_GET["REFERER"]);
}

?>