Netbus detektor
Netbus detektor.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html> <!-- Version 1.1, November 29 1998. --> <!-- Latest version is at http://www.mdb.ku.dk/tarvin/netbus-detector/ --> <head><title>Netbus detector</title> <meta name="description" content="Online Netbus detection utility - see if Netbus is installed on your computer"> <meta name="keywords" content="detection, netbus"> <style type="text/css"> <!-- body { background-color: white; color: black; } strong.bad { color: red; font-weight: bold; } strong.good { color: green; font-weight: bold; } input.submit { background-color: teal; color: white; } h1 { color: teal; } h2 { color: teal; } .permit { background-color: yellow; } pre { background-color: yellow; } p.note { font-size: smaller; } --> </style> </head> <body> <h1>Netbus detector</h1> <?php function connectToPort ($host, $port) { // This function is the interesting part of the script. // It may be called from the 'MAIN' // part of the script further down. // Not declared ill unless we find something $status = 0; print "<p>Trying port $port at $host..."; // Open a socket to the user's computer (or proxy; in // this case, the result can't be trusted) $socket = fsockopen($host, $port, &$errno, &$errstr); if ($socket) { // A connection could be made. Poor user; this is probably // Netbus answering... print "<br>Port $port connection established - BAD!</p>"; $status = 1; // Let's see if it's speaking // To make sure that we will not be listening for ever // in case of a silent (but open) port set_socket_blocking($socket, 0); $count = 0; $portOutput = ""; // We will not keep trying for ever; let's stop after // 10000 glances while ($count < 10000) { if ($readString = fread($socket, 1)) { // Convert <, >, " and & to HTML entities $readString = htmlspecialchars($readString); // Add the output to the sum of output $portOutput .= $readString; } $count++; } // Enough of this. Close the connection. fclose($socket); if ($portOutput != "") { print "<p>Output:</p><pre>$portOutput</pre>"; } } else { // In case we have good news: print "<br>Port $port connection refused - good</p>"; } // Return status for the port we just examined return $status; } function printForm ($host, $uri) { // Make sure the user knows what's going on. // This should not be dangerous in any way, but let's ask anyway print " <form method=post action=\"$uri\"> <p>Permission to <span class=permit>connect to ports 12345 and 12346 at host $host</span> granted: <input type=checkbox name=permission value=\"ok\"></p> <p><input class=submit type=submit></p> </form> "; } // ********** // MAIN // ********** // Some definitions - the standard Netbus ports $netBusPortA = 12345; $netBusPortB = 12346; // This may seem stupid; but if PHP is running in 'safe mode', // the SCRIPT_URI environment variable doesn't seem to // be readily available $uri = "http://" . $SERVER_NAME . $REQUEST_URI; // Standard CGI environment variable; we are not using CGI, but // fortunately, the variable is still avaliable $host = gethostbyaddr($REMOTE_ADDR); // Requesting host innocent until otherwise proven $netBusStatus = 0; // Trying to make sure that the user actually wants me // to scan his/her ports. - And trying to make sure that nobody is // directly linking to the script. if (!(($permission == "ok") && ($REQUEST_METHOD == "POST") && ($HTTP_REFERER == $uri))) { // Write the permission-asking form - i.e. call the // previously defined 'printForm' function printForm($host, $uri); } else { // Paranoia checks OK. Let's do it print " <h2>Processing host $host...</h2> <table border=1 cellpadding=5> "; print "<tr><td>"; // Call script and add the status to the sum of status // codes. The function 'connectToPort' is defined above $netBusStatus += connectToPort($host, $netBusPortA); print "</td></tr>"; print "<tr><td>"; // Call the connect-function again for the other port $netBusStatus += connectToPort($host, $netBusPortB); print "</td></tr>"; print "</table>"; // Summarize results print "<h2>Conclusion</h2>"; if ($netBusStatus > 0) { // Damn. The sum of status codes should be zero. // User probably has Netbus installed. print " <p>Connection to at least one Netbus port succeeded. That's a <strong class=bad>bad</strong> sign!</p> <p>This means that you probably have Netbus installed on your computer. See <a href=\"http://www.iss.net/xforce/alerts/advise8.html\">ISS' alert summary</a> for removal instructions.</p> "; } else { // It's nice to bring good news print " <p>No Netbus ports responded at host $host. Congratulations - that's a <strong class=good>good</strong> sign!</p> <p>This may not be a definitive test, though: <br> - If Netbus is installed at non-standard ports or <br> - if you are sitting behind a firewall, <br>this utility will fail to detect Netbus.</p> <p>You may <a href=\"$uri\">try again</a>.</p> "; } } ?> </body> </html>