docs

[mirrors/Programs.git] / php / mac_hack.phps

<?php\r
//Harvie's MAC sniffing toolkit (2oo7)\r
//Vice informaci cesky: https://www.soom.cz/articles/print.php?aid=406\r
\r
/*\r
This if primary for MS Windows (may work at other system, depending on 3rd side programs' output)\r
3rd side programs:\r
- ping\r
- arp\r
- ngrep (requires WinPCap for Windows or LibPCap for Unixs)\r
*/\r
\r
///SETTINGS/////////////////////////////////////\r
$ngrep = "ngrep"; //NGREP binary\r
$ping = "ping -n 1"; //PING with arguments\r
$arp = "arp -a"; //ARP with arguments to show all ARP records\r
\r
///FUNCTIONS////////////////////////////////////\r
\r
//Get HW (MAC) address from IP address\r
function get_mac($ip) {\r
  $ip = trim($ip);\r
  shell_exec($GLOBALS["ping"]." ".$ip);\r
  $arp = shell_exec($GLOBALS["arp"]);\r
  $arp = explode("\n", $arp);\r
  foreach($arp as $line) {\r
    if(ereg(": $ip ---", $line)) { return("This is your adapter, to find MAC try \"ipconfig /all\""); }\r
    if(ereg("  $ip ", $line)) {\r
      //echo($line."\n"); //Debug\r
      $line = explode($ip, $line);\r
      $line = trim($line[1]);\r
      $line = explode("dynamic", $line);\r
      $line = trim($line[0]);\r
      //echo($line."\n"); //Debug\r
      return($line);\r
    }\r
  }\r
  return("Not found. Couldn't broadcast to IP.");\r
}\r
\r
//Passive scan for active computers (IPs) in network (it's 100% stealth),\r
//but you can use "nmap" (for example) for scanning more more quickly and efectively...\r
//This is waiting in infinite loop...\r
function sniff_ips($device = 1, $subnet = "") {\r
  $device = trim($device);\r
  $subnet = trim($subnet);\r
  $ngrep = ($GLOBALS["ngrep"]." -d ".$device);\r
  $fp = popen($ngrep, "r");\r
  \r
  $ips[0] = "";\r
  $i = 0;\r
  while($fp && !feof($fp)) {\r
    $line = fgets($fp);\r
    if(ereg("$subnet.*:.* -> .*:.*", $line)) {\r
      $line = explode(" ", $line);\r
      $line = explode(":", $line[1]);\r
      $ip = trim($line[0]);\r
      \r
      if(!in_array($ip, $ips)) {\r
        $ips[$i] = $ip;\r
        $i++;\r
        \r
        //You have $ip, you can do anything, that you want:\r
        echo($ip." = ".get_mac($ip)."\n"); //Get it's MAC and print it\r
        \r
      }\r
    }\r
  }\r
}\r
\r
//Quick active scan for MACs and IPS\r
function quick_ipmac_scan($subnet = "192.168.1") {\r
  for($i=1;$i<256;$i++) {\r
    //Mega threaded ( This will open 255 processes ;))\r
    $fp[$i] = popen($GLOBALS["ping"]." ".$subnet.".".$i, "r");\r
  }\r
  for($i=1;$i<256;$i++) {\r
    while( $fp[$i] && !feof($fp[$i]) ) { fgets($fp[$i]); }\r
  }\r
  system($GLOBALS["arp"]);\r
}\r
\r
///Examples of usage://///////////////////////////////////////////////////////\r
//You have to modify this script, to get that output format, that you want...\r
\r
\r
//Sniff for IPs:\r
echo("Sniffing for IP/MAC addresses\nC-c for stop\n\n");\r
//This will sniff on 3rd device ("ngrep -L" for device listing)\r
//And only IPs that starts with "192.168" will be accepted\r
sniff_ips(3, "192.168"); //ngrep -d 3 | grep 192.168.*:.* -> .*:.*\r
\r
/*\r
Example output:\r
Sniffing for IP/MAC addresses\r
C-c for stop\r
\r
192.168.15.82 = This is your adapter, to find MAC try "ipconfig /all"\r
192.168.15.65 = 00-00-24-c1-e7-e8\r
192.168.15.84 = 00-04-e2-cb-bc-6a\r
192.168.15.77 = Not found. Couldn't broadcast to IP.\r
192.168.15.80 = Not found. Couldn't broadcast to IP.\r
*/\r
\r
//--------------------------------------------------------------------------\r
\r
\r
//Quick active scan for MACs/IPs:\r
echo("Scanning for IP/MAC addresses\nC-c for stop\n");\r
quick_ipmac_scan("192.168.1");\r
\r
/*\r
Example output:\r
Scanning for IP/MAC addresses\r
C-c for stop\r
\r
Rozhrani: 192.168.15.82 --- 0x40003\r