Snippets Networking
Networking
SMB/WinPopup message
by: Hauke Lampe
|
June 27, 2002
Version: 1.1
Type: Full Script
Category: Networking
License: GNU Library Public License
Description: Uses smbclient to send a message to selectable, predefined hosts running Samba or Windows. Designed to be accessed by HTTP from an HTML form but can be modified easily for other purposes. See http://frell.ambush.de/
<?php
// SMB popup script
// uses smbclient to send a message to predefined SMB hosts
// $Id: popup.php,v 1.1 2002/06/19 03:03:22 packbart Exp $
//
// Parameters:
// redirok: (optional) URL to redirect to if popup was sent successfully
// defaults to HTTP Referer: value
// no redirection if empty
// redirerr: (optional) URL to redirect to if an error was encountered
// no redirection if omitted or empty
// to: selects, which predefined host the msg will be sent to
// message: the message text itself
//
// Configuration:
// - define destinations:
// - NETBIOS: the netbios (SMB) server name
// or a user name on windows clients
// - HOSTNAME: (optional) IP address or hostname, can speed up delivery
// (no NMB lookups)
// - change defaults
//
// Caveats:
// - message body is unfiltered, can probably pass exploit code to
// vulnerable servers or popup clients
// - doesn't check if $redir* are valid URLs (protocol://host/path)
// - maybe vulnerable to Cross Site Scripting attacks, depends on
// browser (output is text/plain)
//
// Notes:
// - What is the maximum length for a SMB popup message?
// - and how do I strip CRs more efficient than using str_replace?
// - uses PHP 4.1 $_SERVER array instead of $HTTP_SERVER_VARS
//
// Hauke Lampe - <packbart@frell.ambush.de> - http://frell.ambush.de/
//
$redirect = "";
header("Cache-Control: no-cache");
header("Content-Type: text/plain");
// CONFIG START
// path to smbclient binary
define(SMBCLIENT, "/usr/bin/smbclient");
// defaults
if (!isset($to) or $to == "")
$to = "packbart";
if (!isset($redirok))
if ($_SERVER[HTTP_REFERER] == "" or $_SERVER[HTTP_REFERER] == "http://".$_SERVER[SERVER_NAME]."/".$_SERVER[REQUEST_URI])
$redirok = "";
else
$redirok = $_SERVER[HTTP_REFERER];
if (!isset($redirerr))
$redirerr = "";
if (!isset($message) or $message == "")
$message = "(no text)";
// destinations
switch ($to) {
case "packbart": define(NETBIOS, "drow");
define(HOSTNAME, "drow.dmz.frell.ambush.de");
break;
case "patman": define(NETBIOS, "patman");
define(HOSTNAME, "patman.guest-dhcp.frell.ambush.de");
break;
case "mobile": define(NETBIOS, "talyn");
# define(HOSTNAME, "talyn.wvlan.frell.ambush.de");
break;
default: echo "Sorry, unknown destination.";
exit;
}
// CONFIG END
$output = "Message: ".$message."\n\n".
"Status : ";
$smbpar = "-M \"".escapeshellcmd(NETBIOS)."\"".((defined("HOSTNAME")
and HOSTNAME != "") ?
(" -I \"".escapeshellcmd(HOSTNAME)."\"") : ("")).
" -U \"".escapeshellcmd($_SERVER[REMOTE_ADDR])."\" -n Internet";
if (!$popup = popen(SMBCLIENT." $smbpar", "w")) {
$redirect = $redirerr;
$output .= "open failed (invalid path?)";
} else {
if ((fwrite($popup, "(from: ".(($_SERVER[REMOTE_HOST] == "") ? ($_SERVER[REMOTE_ADDR]) : ($_SERVER[REMOTE_HOST])).")\n\n".
str_replace("\r", "", stripslashes($message)), 2048) == -1) or
(pclose($popup))) {
$redirect = $redirerr;
$output .= "send failed (host down?)";
} else {
$redirect = $redirok;
$output .= "OK";
}
}
if ($redirect != "") {
header("HTTP/1.0 302 Moved");
header("Location: ".$redirect);
}
echo "$output";
?>
PHPBuilder
Policies
PHP Developer
Topics
PHP Developer
Resources
PHP Developer
References
