Just a fugly script I wrote to take a logfile from Etthercap and display
passwords to a webpage.
Ettercap supports:
TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB,
MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC,
LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG (other protocols coming
soon...)
Some help from:
http://www.php.net/
http://www.theukwebdesigncompany.com/articles/article.php?article=165
Consider this code GPLed, but it would be sweet of you to link back to
Irongeek.com if you use it.
*/
//// Configuration settings
// Refresh time (in seconds), set to 0 to disable
$refresh = 30;
/*Point the line below to the log file you are creating with:
"ettercap -Tq -D -m ettertest.log".
if you get an error like:
BUG at [ec_ui.c:ui_register:339]
ops->input == NULL
then try just "ettercap -Tq -m ettertest.log" without the daemon option..
Also, you could ARP poison the gateway if you like with a command like:
ettercap -Tq -m /tmp/ettercap.log -M arp /gateway-IP/ //.
*/
// Logfile generated by ettercap
$logfile = '/tmp/ettercap.log';
// Show duplicate entries?
$showdupes = false;
/*Set the below to just show the first X characters of the password, "all" to
show all, or none to show all *'s */
//$showxchar = 3;
$showxchar = 'all';
//$showxchar = 'none';
// Show service names (instead of port numbers)
$showservnames = true;
// Do a reverse DNS query of target (WARNING! use only with a good local DNS cache)
$resolvetarget = false;
?>
0) { ?>
Irongeek's Wall Of Shame
(' . $server[1] . ')';
}
if ($resolvetarget) {
$host = gethostbyaddr($server[0]);
if (strlen($host) < 1) {
$host = $server[0];
} else {
$host .= ' (' . $ip . ')';
}
}
?>
|
|
|
|
|
|
More Info: |
\1',$text);
}
$contents = file($logfile);
if ($contents === false) {
echo 'Ettercap logfile could not be opened.';
die();
}
$contents = array_reverse($contents);
// Note we want the latest entries first, by reversing first old values do show up, move the above line below the if to change this behaviour
if (!$showdupes) {
$contents = array_unique($contents);
}
?>
Irongeek's
Wall Of Shame
Using protocols that pass your credentials insecurely at a hacker con? Shame on you! Keep away from protocols like authenticated FTP, POP3, TELNET and Basic HTTP non-anonymous without SSL/TLS when you can. Try encrypted tunnels like SSH or a VPN to get through possibly hostile networks when you have to use such insecure protocols. Have a nice day.
Your buddy,
Irongeek
| Protocol |
Target |
User |
Password
|
' . $proto . ' | ' . $line . ' | ';
}
}
}
//Call the PHP script with a ?debug on the end to see the trash lines.
if (isset($_GET[debug])) {
?>
| Debug messages |
|---|
Source code for this "Wall of Shame" script can be found at
http://www.irongeek.com/