PDA

View Full Version : FBI, CIA, NASA Spy Alerter



SyntaXmasteR
01-11-2008, 11:32 AM
Has the FBI, CIA, or NASA been visiting your website? Well now you can easily find out with the software I created. You will need the following programs installed to use the software:

*. PHP
2. MySQL

I will divide this tutorial up into sections in order to simplify the process. I will also give a detailed explanation for every step. The sections will include the following:

*. Text File
2. PHP File
*. Website Include File

TEXT FILE
This is a list of agencies that could be browsing through your website. This list is a just a starter list to give an example of how the software works. I ran across this while reading a few articles on phrack.org. You can create your own list with new IP ranges and new agencies. It would be awesome if we can keep this thread alive by updating the list often for other visitors to use.

Directions:
*. Copy the following list and paste it in a text editor
2. Save the file as agency_list.txt

Rules:
*. Agency name cannot contain a hyphen because the PHP script uses the hyphens to explode the data into arrays.

Current Agencies (Src: Phrack.org)

agency_list.txt

**.0.0.0 - **.255.255.255 - DoD Network Information Center
*44.2**.0.0 - *44.2**.255.255 - Defense Intelligence Agency
*44.2*4.0.0 - *44.2*4.255.255 - Defense Intelligence Agency
*44.2*6.0.0 - *44.2*6.255.255 - Defense Intelligence Agency
*44.2*7.0.0 - *44.2*7.255.255 - Defense Intelligence Agency
*44.2*8.0.0 - *44.2*8.255.255 - Defense Intelligence Agency
*44.2**.0.0 - *44.2**.255.255 - Defense Intelligence Agency
*44.240.0.0 - *44.240.255.255 - Defense Intelligence Agency
*44.24*.0.0 - *44.24*.255.255 - Defense Intelligence Agency
*44.242.0.0 - *44.242.255.255 - Defense Intelligence Agency
*62.45.0.0 - *62.45.255.255 - Central Intelligence Agency
*62.46.0.0 - *62.46.255.255 - Central Intelligence Agency
**0.*6.0.0 - **0.*6.255.255 - The Pentagon
**4.**.0.0 - **4.**.255.255 - The Pentagon
**4.*52.0.0 - **4.*52.255.255 - The Pentagon
**4.205.0.0 - **4.205.255.255 - The Pentagon
*40.*85.0.0 - *40.*85.255.255 - The Pentagon
*4*.**6.0.0 - *4*.**6.255.255 - Army Information Systems Command Pentagon
6.0.0.0 - 6.255.255.255 - DoD Network Information Center
*28.20.0.0 - *28.20.255.255 - U.S. Army Research Laboratory
*28.6*.0.0 - *28.6*.255.255 - U.S. Army Research Laboratory
*2*.22*.0.0 - *2*.22*.255.255 - United States Army Corps of Engineers
***.2*8.0.0 - ***.2*8.255.255 - U.S. Army Research Laboratory
**4.**4.0.0 - **4.**4.255.255 - DoD Network Information Center
**4.2*2.0.0 - **4.2*2.255.255 - DoD Network Information Center
**7.*28.0.0 - **7.*28.255.255 - U.S. ARMY Tank Automotive Command
*44.252.0.0 - *44.252.255.255 - DoD Network Information Center
*55.8.0.0 - *55.8.255.255 - DoD Network Information Center
*58.*.0.0 - *58.*.255.255 - Headquarters, USAAISC
*58.*2.0.0 - *58.*2.255.255 - U.S. Army Research Laboratory
*64.225.0.0 - *64.225.255.255 - DoD Network Information Center
*40.*7*.0.0 - *40.*7*.255.255 - DARPA ISTO
*58.6*.0.0 - *58.6*.255.255 - Defense Advanced Research Projects Agency
*45.2*7.0.0 - *45.2*7.255.255 - POLFIN ( Ministry of Finance Poland)
*6*.**.0.0 - *6*.*2.255.255 - Ministry of Education Computer Center Taiwan
*68.*87.0.0 - *68.*87.255.255 - Kuwait Ministry of Communications
*7*.**.0.0 - *7*.**.255.255 - Ministry of Interior Hungary
*64.4*.0.0 - *64.4*.255.255 - United States Army Space and Strategic Defense
*65.27.0.0 - *65.27.255.255 - United States Cellular Telephone
*52.*52.0.0 - *52.*52.255.255 - NATO Headquarters
*28.*02.0.0 - *28.*02.255.255 - NASA
*28.*4*.0.0 - *28.*4*.255.255 - NASA
*28.*54.0.0 - *28.*54.255.255 - NASA
*28.*55.0.0 - *28.*55.255.255 - NASA
*28.*56.0.0 - *28.*56.255.255 - NASA
*28.*57.0.0 - *28.*57.255.255 - NASA
*28.*58.0.0 - *28.*58.255.255 - NASA
*28.*5*.0.0 - *28.*5*.255.255 - NASA
*28.*6*.0.0 - *28.*6*.255.255 - NASA
*28.*8*.0.0 - *28.*8*.255.255 - NASA
*28.2*7.0.0 - *28.2*7.255.255 - NASA
*2*.50.0.0 - *2*.50.255.255 - NASA
*5*.**.0.0 - *5*.**.255.255 - FBI Criminal Justice Information Systems
**8.**7.0.0 - **8.**7.255.255 - Navy Regional Data Automation Center
**8.*4*.0.0 - **8.*4*.255.255 - Navy Regional Data Automation Center
**8.*4*.0.0 - **8.*4*.255.255 - Navy Regional Data Automation Center
*6*.*04.0.0 - *6*.*04.255.255 - France Telecom R&D
*6*.*05.0.0 - *6*.*05.255.255 - France Telecom R&D
*6*.*06.0.0 - *6*.*06.255.255 - France Telecom R&D
*5*.2*7.0.0 - *5*.2*7.255.255 - Alcanet International (Alcatel)
*58.**0.0.0 - *58.**0.255.255 - ****** Agricole
*58.***.0.0 - *58.***.255.255 - ****** Agricole
*58.**2.0.0 - *58.**2.255.255 - ****** Agricole
*65.*2.0.0 - *65.48.255.255 - **** of America
*7*.*28.0.0 - *7*.206.255.255 - **** of America
*67.84.0.0 - *67.84.255.255 - The Chase Manhattan ****
*5*.50.0.0 - *5*.50.255.255 - Banque Nationale de Paris
*5*.22.0.0 - *5*.22.255.255 - Swiss Federal Military Dept.
*6*.*2.0.0 - *6*.*2.255.255 - navy aviation supply office
*6*.24*.0.0 - *6*.24*.255.255 - Commanding Officer Navy Ships Parts
*64.*4.0.0 - *64.*4.255.255 - Navy Personnel Research
*64.224.0.0 - *64.224.255.255 - Secretary of the Navy
*4.0.0.0 - *4.255.255.255 - Halliburton Company
***.*2*.0.0 - ***.*2*.255.255 - Science Applications International Corporation

PHP FILE
This is a pretty complex PHP file I created that does several operations. First it reads through the agency list you created placing each line of code in an array location. Second it separates each array location into pieces formatting those pieces for database entry. Finally it enters the data into your MySQL database. Detailed information is documented in the PHP file.

install.php

<?PHP

/* ONLY RUN THIS ONCE. THIS SCRIPT WILL READ IN A TEXT
FILE WITH HYPHEN DELIMITED DATA, FORMAT THE DATA, AND
ENTER THE DATA INTO A MYSQL DATABASE */


/* THIS FUNCTION WILL CONVERT AN IP TO A DECIMAL. THIS IS
REQUIRED FOR THE MYSQL DATABASE. IF YOU ARE NOT FAMILIAR
WITH NUMBER SYSTEM CONVERSIONS IGNORE THIS SCRIPT. YOU
CAN NOT COMPARE IP ADDRESSES IN A DATABASE. YOU CAN
COMPARE DECIMAL NUMBERS. */
function convert_ip_to_decimal($ip){
$full_binary=NULL;
$ip=explode(".",$ip);
foreach($ip as $decimal){
$new_binary=decbin($decimal);
while(strlen($new_binary)!=8){
$new_binary= "0" . $new_binary;
}
$full_binary .= $new_binary;
}
return(bindec($full_binary));
}


/* CONNECT TO MYSQL SERVER. IF THE DATABASE IS ON THE SERVER
YOU WILL BE RUNNING THIS SCRIPT ON, THEN ENTER LOCALHOST IN
PLACE OF SERVERNAME. IF YOU RUN THIS SCRIPT ELSEWHERE YOU
SHOULD ENTER THE IP AND PORT OF THE SERVER YOU ARE CONNECTING
TO IN THE FOLLOWING FORMAT: ipaddress:port
ENTER YOUR MYSQL USERNAME AND PASSWORD IN THE DOCUMENTED LOCATIONS

EXAMPLE OF LOCALHOST: mysql_connect("localhost","USERNAME","PASSWORD");
EXAMPLE OF ELSEWHERE: mysql_connect("*27.0.0.*:**06","USERNAME","PASSWORD"); */

mysql_connect("SERVERNAME","USERNAME","PASSWORD");

/* CREATE THE DATABASE `*****ER` */
$query = 'CREATE DATABASE *****er';
$result = mysql_query($query);

/* CREATE THE TABLE `SPIES` AND FIELDS NEEDED FOR THE DATABASE
FILEDS: ip_start, ip_stop, agency_name */
mysql_select_db('*****er') or die('Cannot select database');

$query = 'CREATE TABLE spies( '.
'ip_start INT UNSIGNED NOT NULL, '.
'ip_end INT UNSIGNED NOT NULL, '.
'agency TINYTEXT NOT NULL)';

mysql_query($query);

/* THIS SECTION READS IN THE FILE YOU CREATED FOR AGENCY_LIST.TXT
AND CREATED AN ARRAY WITH EACH LINE STORED AS $RESULTS[0,*,2,...N] */

/* EDIT THIS PATH TO POINT TO YOUR FILE. DOUBLE BACK SPACES ARE
REQUIRED FOR ESCAPE CHARACTERS */
$file="C:\\Users\\syntax******\\Documents\\Word\\Programming\\agency_list.txt";
$handle=fopen($file,"rb");
$contents = fread($handle, filesize($file));
fclose($handle);

/* ARRAY CREATED TO HOLD EACH LINE FEED IN ITS OWN LOCATION */
$results=explode("\r",$contents);

/* LOOK AT EACH RESULT */
foreach($results as $item){
// REMOVE NEWLINE CHARACTERS AND CARRIAGE RETURNS
$remove_characters=array("\r","\n");
$item=str_replace($remove_characters,"",$item);

/* SEPARATE EACH ELEMENT OF THE ARRAY INTO THREE PARTS
[0]=STARTING IP
[*]=ENDING IP
[2]=AGENCY */
$item=explode("-",htmlentities($item,ENT_QUOTES));

if(isset($item[0],$item[*],$item[2])){
// CONVERT THE STARTING IP TO A DECIMAL
$item[0]=convert_ip_to_decimal(trim($item[0]));
// CONVERT THE ENDING IP TO A DECIMAL
$item[*]=convert_ip_to_decimal(trim($item[*]));
// REMOVE TABS AND SPACES FROM AGENCY
$item[2]=trim($item[2],"\t ");
}

/* GLUE TOGETHER ARRAY WITH ',' FOR DATABASE ENTRY AND PLACE
SINGLE QUOTES ON THE OUTSIDES OF STRING TO COMPLETE DATABASE
INSERT FORMAT.
ENDING STRING: 'STARTING_IP','ENDING_IP','AGENCY' */
$item_pieces = "'" . implode("','",$item) . "'";
$query="INSERT INTO `spies` VALUES(" . $item_pieces . ")";

// ENTER AGENCY INFORMATION INTO DATABASE
mysql_query($query);
}
mysql_close();
?>

SyntaXmasteR
01-11-2008, 11:32 AM
WEBSITE INCLUDE FILE
The file agency_include.php can be included on every page of your website. This file checks a visitors IP Address and compares it to the agencies in your database. If a match is made you will recieve an instant text message alert with the agency name, the timestamp, and ip address of the visitor.

agency_include.php

<?PHP

/* THIS SCRIPT CAN BE INCLUDED ON EVERY PAGE OF YOUR
WEBSITE TO CHECK FOR AGENCIES STORED IN YOUR DATABASE.
A TEXT MESSAGE ALERT WILL BE SENT TO YOU INSTANTLY UPON
VISIT BY AN AGENCY */


/* THIS FUNCTION WILL CONVERT AN IP TO A DECIMAL. THIS IS
REQUIRED FOR THE MYSQL DATABASE. IF YOU ARE NOT FAMILIAR
WITH NUMBER SYSTEM CONVERSIONS IGNORE THIS SCRIPT. YOU
CAN NOT COMPARE IP ADDRESSES IN A DATABASE. YOU CAN
COMPARE DECIMAL NUMBERS. */
function convert_ip_to_decimal($ip){
$full_binary=NULL;
$ip=explode(".",$ip);
foreach($ip as $decimal){
$new_binary=decbin($decimal);
while(strlen($new_binary)!=8){
$new_binary= "0" . $new_binary;
}
$full_binary .= $new_binary;
}
return(bindec($full_binary));
}


function check_agency(){
$ip=$_SERVER['REMOTE_ADDR'];
$decimal=convert_ip_to_decimal($ip);

/* CONNECT TO MYSQL SERVER. IF THE DATABASE IS ON THE SERVER
YOU WILL BE RUNNING THIS SCRIPT ON, THEN ENTER LOCALHOST IN
PLACE OF SERVERNAME. IF YOU RUN THIS SCRIPT ELSEWHERE YOU
SHOULD ENTER THE IP AND PORT OF THE SERVER YOU ARE CONNECTING
TO IN THE FOLLOWING FORMAT: ipaddress:port
ENTER YOUR MYSQL USERNAME AND PASSWORD IN THE DOCUMENTED LOCATIONS

EXAMPLE OF LOCALHOST: mysql_connect("localhost","USERNAME","PASSWORD");
EXAMPLE OF ELSEWHERE: mysql_connect("*27.0.0.*:**06","USERNAME","PASSWORD"); */

mysql_connect('SERVERNAME','USERNAME','PASSWORD');
mysql_select_db('*****er') or die('Cannot select database *****er');

/* QUERY DATABASE FOR AGENCY FALLING IN VISITORS IP RANGE */
$query="SELECT agency FROM spies WHERE ip_start<='" . $decimal . "' AND ip_end>='" . $decimal . "'";
$query_array=mysql_query($query);
if($query_data=mysql_fetch_assoc($query_array)){
// SEND TEXT MESSAGE ALERT WITH TIMESTAMP
$message="AGENCY ALERT: " . $query_data['agency'] . " Spotted on " . date('Y-m-d') . " at " . date('H:i:s') . " IP: " . $ip;
$from="FROM: AgencyAlert@Script.com";
/* ENTER CELL PHONE NUMBER IN EMAIL FORMAT. I GIVE THE EXAMPLE
USING CINGULAR. YOU MUST LOOK UP YOUR OWN PHONE PROVIDERS
FULL ADDRESS.
Example: cingular=********xx@mobile.mycingular.net */
$to="********xx@mobile.mycingular.net";
$subject="Agency Alert";

mail($to,$subject,$message,$from);

}
mysql_close();
}

// CHECK TO SEE IF CURRENT VISITOR IS FROM AN AGENCY
check_agency();


?>

teknicalissue
01-11-2008, 12:26 PM
congrats on getting this file out:cool: lol hope fully they themselves wont catch this:rolleyes:

Moonbat
01-11-2008, 03:49 PM
Lol, SytanX, any *ahem* particular reason you decided to come up with this? :D

All suspicious aside, nice work. The code formatting is nice, and pretty much fully commented. :)

SyntaXmasteR
01-13-2008, 10:02 AM
Actually I just came up with this last Friday when I saw the list of agencies while reading some articles on Phrack.org. Most of that information (on Phrack.org) is completely out of my realm of knowledge, but its always good to read information that reminds you that you don't know S**T.

Anyways... I've built a few sites that completely expose government corruption in certain areas. I wanted something to correlate press releases with government visitors to get an inside idea of who cares about what.