file access auditing
+ Reply to Thread
Results 1 to 5 of 5

Thread: FBI, CIA, NASA Spy Alerter

  1. #1
    Join Date
    Jan 2005
    Posts
    623

    FBI, CIA, NASA Spy Alerter

    Has the FBI, CIA, or NASA been visiting your website? Well now you can easily find out with the software I created. You will need the following programs installed to use the software:

    *. PHP
    2. MySQL

    I will divide this tutorial up into sections in order to simplify the process. I will also give a detailed explanation for every step. The sections will include the following:

    *. Text File
    2. PHP File
    *. Website Include File

    TEXT FILE
    This is a list of agencies that could be browsing through your website. This list is a just a starter list to give an example of how the software works. I ran across this while reading a few articles on phrack.org. You can create your own list with new IP ranges and new agencies. It would be awesome if we can keep this thread alive by updating the list often for other visitors to use.

    Directions:
    *. Copy the following list and paste it in a text editor
    2. Save the file as agency_list.txt

    Rules:
    *. Agency name cannot contain a hyphen because the PHP script uses the hyphens to explode the data into arrays.

    Current Agencies (Src: Phrack.org)

    agency_list.txt
    Code:
    **.0.0.0 - **.255.255.255 - 	DoD Network Information Center
    *44.2**.0.0 - *44.2**.255.255 - Defense Intelligence Agency
    *44.2*4.0.0 - *44.2*4.255.255 - Defense Intelligence Agency
    *44.2*6.0.0 - *44.2*6.255.255 - Defense Intelligence Agency
    *44.2*7.0.0 - *44.2*7.255.255 - Defense Intelligence Agency
    *44.2*8.0.0 - *44.2*8.255.255 - Defense Intelligence Agency
    *44.2**.0.0 - *44.2**.255.255 - Defense Intelligence Agency
    *44.240.0.0 - *44.240.255.255 - Defense Intelligence Agency
    *44.24*.0.0 - *44.24*.255.255 - Defense Intelligence Agency
    *44.242.0.0 - *44.242.255.255 - Defense Intelligence Agency
    *62.45.0.0 - *62.45.255.255 - 	Central Intelligence Agency
    *62.46.0.0 - *62.46.255.255 - 	Central Intelligence Agency
    **0.*6.0.0 - **0.*6.255.255 - 	The Pentagon
    **4.**.0.0 - **4.**.255.255 - 	The Pentagon
    **4.*52.0.0 - **4.*52.255.255 - The Pentagon
    **4.205.0.0 - **4.205.255.255 - The Pentagon
    *40.*85.0.0 - *40.*85.255.255 - The Pentagon
    *4*.**6.0.0 - *4*.**6.255.255 - Army Information Systems Command Pentagon
    6.0.0.0 - 6.255.255.255 - DoD 	Network Information Center
    *28.20.0.0 - *28.20.255.255 - 	U.S. Army Research Laboratory
    *28.6*.0.0 - *28.6*.255.255 - 	U.S. Army Research Laboratory
    *2*.22*.0.0 - *2*.22*.255.255 - United States Army Corps of Engineers
    ***.2*8.0.0 - ***.2*8.255.255 - U.S. Army Research Laboratory
    **4.**4.0.0 - **4.**4.255.255 - DoD Network Information Center
    **4.2*2.0.0 - **4.2*2.255.255 - DoD Network Information Center
    **7.*28.0.0 - **7.*28.255.255 - U.S. ARMY Tank Automotive Command
    *44.252.0.0 - *44.252.255.255 - DoD Network Information Center
    *55.8.0.0 - *55.8.255.255 - 	DoD Network Information Center
    *58.*.0.0 - *58.*.255.255 - 	Headquarters, USAAISC
    *58.*2.0.0 - *58.*2.255.255 - 	U.S. Army Research Laboratory
    *64.225.0.0 - *64.225.255.255 - DoD Network Information Center
    *40.*7*.0.0 - *40.*7*.255.255 - DARPA ISTO
    *58.6*.0.0 - *58.6*.255.255 - 	Defense Advanced Research Projects Agency
    *45.2*7.0.0 - *45.2*7.255.255 - POLFIN ( Ministry of Finance Poland)
    *6*.**.0.0 - *6*.*2.255.255 - 	Ministry of Education Computer Center Taiwan
    *68.*87.0.0 - *68.*87.255.255 - Kuwait Ministry of Communications
    *7*.**.0.0 - *7*.**.255.255 - 	Ministry of Interior Hungary
    *64.4*.0.0 - *64.4*.255.255 - 	United States Army Space and Strategic Defense
    *65.27.0.0 - *65.27.255.255 - 	United States Cellular Telephone
    *52.*52.0.0 - *52.*52.255.255 - NATO Headquarters
    *28.*02.0.0 - *28.*02.255.255 - NASA
    *28.*4*.0.0 - *28.*4*.255.255 - NASA
    *28.*54.0.0 - *28.*54.255.255 - NASA
    *28.*55.0.0 - *28.*55.255.255 - NASA
    *28.*56.0.0 - *28.*56.255.255 - NASA
    *28.*57.0.0 - *28.*57.255.255 - NASA
    *28.*58.0.0 - *28.*58.255.255 - NASA
    *28.*5*.0.0 - *28.*5*.255.255 - NASA
    *28.*6*.0.0 - *28.*6*.255.255 - NASA
    *28.*8*.0.0 - *28.*8*.255.255 - NASA
    *28.2*7.0.0 - *28.2*7.255.255 - NASA
    *2*.50.0.0 - *2*.50.255.255 - 	NASA
    *5*.**.0.0 - *5*.**.255.255 - 	FBI Criminal Justice Information Systems
    **8.**7.0.0 - **8.**7.255.255 - Navy Regional Data Automation Center
    **8.*4*.0.0 - **8.*4*.255.255 - Navy Regional Data Automation Center
    **8.*4*.0.0 - **8.*4*.255.255 - Navy Regional Data Automation Center
    *6*.*04.0.0 - *6*.*04.255.255 - France Telecom R&D
    *6*.*05.0.0 - *6*.*05.255.255 - France Telecom R&D
    *6*.*06.0.0 - *6*.*06.255.255 - France Telecom R&D
    *5*.2*7.0.0 - *5*.2*7.255.255 - Alcanet International (Alcatel)
    *58.**0.0.0 - *58.**0.255.255 - ****** Agricole
    *58.***.0.0 - *58.***.255.255 - ****** Agricole
    *58.**2.0.0 - *58.**2.255.255 - ****** Agricole
    *65.*2.0.0 - *65.48.255.255 - 	**** of America
    *7*.*28.0.0 - *7*.206.255.255 - **** of America
    *67.84.0.0 - *67.84.255.255 - 	The Chase Manhattan ****
    *5*.50.0.0 - *5*.50.255.255 - 	Banque Nationale de Paris
    *5*.22.0.0 - *5*.22.255.255 - 	Swiss Federal Military Dept.
    *6*.*2.0.0 - *6*.*2.255.255 - 	navy aviation supply office
    *6*.24*.0.0 - *6*.24*.255.255 - Commanding Officer Navy Ships Parts
    *64.*4.0.0 - *64.*4.255.255 - 	Navy Personnel Research
    *64.224.0.0 - *64.224.255.255 - Secretary of the Navy
    *4.0.0.0 - *4.255.255.255 - 	Halliburton Company
    ***.*2*.0.0 - ***.*2*.255.255 - Science Applications International Corporation
    PHP FILE
    This is a pretty complex PHP file I created that does several operations. First it reads through the agency list you created placing each line of code in an array location. Second it separates each array location into pieces formatting those pieces for database entry. Finally it enters the data into your MySQL database. Detailed information is documented in the PHP file.

    install.php
    [php]<?PHP

    /* ONLY RUN THIS ONCE. THIS SCRIPT WILL READ IN A TEXT
    FILE WITH HYPHEN DELIMITED DATA, FORMAT THE DATA, AND
    ENTER THE DATA INTO A MYSQL DATABASE */


    /* THIS FUNCTION WILL CONVERT AN IP TO A DECIMAL. THIS IS
    REQUIRED FOR THE MYSQL DATABASE. IF YOU ARE NOT FAMILIAR
    WITH NUMBER SYSTEM CONVERSIONS IGNORE THIS SCRIPT. YOU
    CAN NOT COMPARE IP ADDRESSES IN A DATABASE. YOU CAN
    COMPARE DECIMAL NUMBERS. */
    function convert_ip_to_decimal($ip){
    $full_binary=NULL;
    $ip=explode(".",$ip);
    foreach($ip as $decimal){
    $new_binary=decbin($decimal);
    while(strlen($new_binary)!=8){
    $new_binary= "0" . $new_binary;
    }
    $full_binary .= $new_binary;
    }
    return(bindec($full_binary));
    }


    /* CONNECT TO MYSQL SERVER. IF THE DATABASE IS ON THE SERVER
    YOU WILL BE RUNNING THIS SCRIPT ON, THEN ENTER LOCALHOST IN
    PLACE OF SERVERNAME. IF YOU RUN THIS SCRIPT ELSEWHERE YOU
    SHOULD ENTER THE IP AND PORT OF THE SERVER YOU ARE CONNECTING
    TO IN THE FOLLOWING FORMAT: ipaddressort
    ENTER YOUR MYSQL USERNAME AND PASSWORD IN THE DOCUMENTED LOCATIONS

    EXAMPLE OF LOCALHOST: mysql_connect("localhost","USERNAME","PASSWORD");
    EXAMPLE OF ELSEWHERE: mysql_connect("*27.0.0.*:**06","USERNAME","PASSWORD"); */

    mysql_connect("SERVERNAME","USERNAME","PASSWORD");

    /* CREATE THE DATABASE `*****ER` */
    $query = 'CREATE DATABASE *****er';
    $result = mysql_query($query);

    /* CREATE THE TABLE `SPIES` AND FIELDS NEEDED FOR THE DATABASE
    FILEDS: ip_start, ip_stop, agency_name */
    mysql_select_db('*****er') or die('Cannot select database');

    $query = 'CREATE TABLE spies( '.
    'ip_start INT UNSIGNED NOT NULL, '.
    'ip_end INT UNSIGNED NOT NULL, '.
    'agency TINYTEXT NOT NULL)';

    mysql_query($query);

    /* THIS SECTION READS IN THE FILE YOU CREATED FOR AGENCY_LIST.TXT
    AND CREATED AN ARRAY WITH EACH LINE STORED AS $RESULTS[0,*,2,...N] */

    /* EDIT THIS PATH TO POINT TO YOUR FILE. DOUBLE BACK SPACES ARE
    REQUIRED FOR ESCAPE CHARACTERS */
    $file="C:\\Users\\syntax******\\Documents\\Word\\Programming\\agency_list.txt";
    $handle=fopen($file,"rb");
    $contents = fread($handle, filesize($file));
    fclose($handle);

    /* ARRAY CREATED TO HOLD EACH LINE FEED IN ITS OWN LOCATION */
    $results=explode("\r",$contents);

    /* LOOK AT EACH RESULT */
    foreach($results as $item){
    // REMOVE NEWLINE CHARACTERS AND CARRIAGE RETURNS
    $remove_characters=array("\r","\n");
    $item=str_replace($remove_characters,"",$item);

    /* SEPARATE EACH ELEMENT OF THE ARRAY INTO THREE PARTS
    [0]=STARTING IP
    [*]=ENDING IP
    [2]=AGENCY */
    $item=explode("-",htmlentities($item,ENT_QUOTES));

    if(isset($item[0],$item[*],$item[2])){
    // CONVERT THE STARTING IP TO A DECIMAL
    $item[0]=convert_ip_to_decimal(trim($item[0]));
    // CONVERT THE ENDING IP TO A DECIMAL
    $item[*]=convert_ip_to_decimal(trim($item[*]));
    // REMOVE TABS AND SPACES FROM AGENCY
    $item[2]=trim($item[2],"\t ");
    }

    /* GLUE TOGETHER ARRAY WITH ',' FOR DATABASE ENTRY AND PLACE
    SINGLE QUOTES ON THE OUTSIDES OF STRING TO COMPLETE DATABASE
    INSERT FORMAT.
    ENDING STRING: 'STARTING_IP','ENDING_IP','AGENCY' */
    $item_pieces = "'" . implode("','",$item) . "'";
    $query="INSERT INTO `spies` VALUES(" . $item_pieces . ")";

    // ENTER AGENCY INFORMATION INTO DATABASE
    mysql_query($query);
    }
    mysql_close();
    ?>
    [/php]
    Last edited by SyntaXmasteR; 01-14-2008 at 01:13 PM.
    [url=http://www.syntax******.info/tools/services.php]Speed Up Windows XP[/url]
    [url=http://www.syntax******.info/tools/ip.php]Get An Ip Address[/url]
    [url=http://www.syntax******.info/tools/base_converter.php]Base Converter[/url]
    --------------------------------
    [URL=http://www.boninroad.com/syntax******/]Old Site[/URL]
    [URL=http://www.syntax******.info]Comming Soon[/URL]

  2. #2
    Join Date
    Jan 2005
    Posts
    623
    WEBSITE INCLUDE FILE
    The file agency_include.php can be included on every page of your website. This file checks a visitors IP Address and compares it to the agencies in your database. If a match is made you will recieve an instant text message alert with the agency name, the timestamp, and ip address of the visitor.

    agency_include.php
    [php]<?PHP

    /* THIS SCRIPT CAN BE INCLUDED ON EVERY PAGE OF YOUR
    WEBSITE TO CHECK FOR AGENCIES STORED IN YOUR DATABASE.
    A TEXT MESSAGE ALERT WILL BE SENT TO YOU INSTANTLY UPON
    VISIT BY AN AGENCY */


    /* THIS FUNCTION WILL CONVERT AN IP TO A DECIMAL. THIS IS
    REQUIRED FOR THE MYSQL DATABASE. IF YOU ARE NOT FAMILIAR
    WITH NUMBER SYSTEM CONVERSIONS IGNORE THIS SCRIPT. YOU
    CAN NOT COMPARE IP ADDRESSES IN A DATABASE. YOU CAN
    COMPARE DECIMAL NUMBERS. */
    function convert_ip_to_decimal($ip){
    $full_binary=NULL;
    $ip=explode(".",$ip);
    foreach($ip as $decimal){
    $new_binary=decbin($decimal);
    while(strlen($new_binary)!=8){
    $new_binary= "0" . $new_binary;
    }
    $full_binary .= $new_binary;
    }
    return(bindec($full_binary));
    }


    function check_agency(){
    $ip=$_SERVER['REMOTE_ADDR'];
    $decimal=convert_ip_to_decimal($ip);

    /* CONNECT TO MYSQL SERVER. IF THE DATABASE IS ON THE SERVER
    YOU WILL BE RUNNING THIS SCRIPT ON, THEN ENTER LOCALHOST IN
    PLACE OF SERVERNAME. IF YOU RUN THIS SCRIPT ELSEWHERE YOU
    SHOULD ENTER THE IP AND PORT OF THE SERVER YOU ARE CONNECTING
    TO IN THE FOLLOWING FORMAT: ipaddressort
    ENTER YOUR MYSQL USERNAME AND PASSWORD IN THE DOCUMENTED LOCATIONS

    EXAMPLE OF LOCALHOST: mysql_connect("localhost","USERNAME","PASSWORD");
    EXAMPLE OF ELSEWHERE: mysql_connect("*27.0.0.*:**06","USERNAME","PASSWORD"); */

    mysql_connect('SERVERNAME','USERNAME','PASSWORD');
    mysql_select_db('*****er') or die('Cannot select database *****er');

    /* QUERY DATABASE FOR AGENCY FALLING IN VISITORS IP RANGE */
    $query="SELECT agency FROM spies WHERE ip_start<='" . $decimal . "' AND ip_end>='" . $decimal . "'";
    $query_array=mysql_query($query);
    if($query_data=mysql_fetch_assoc($query_array)){
    // SEND TEXT MESSAGE ALERT WITH TIMESTAMP
    $message="AGENCY ALERT: " . $query_data['agency'] . " Spotted on " . date('Y-m-d') . " at " . date('H:i:s') . " IP: " . $ip;
    $from="FROM: AgencyAlert@Script.com";
    /* ENTER CELL PHONE NUMBER IN EMAIL FORMAT. I GIVE THE EXAMPLE
    USING CINGULAR. YOU MUST LOOK UP YOUR OWN PHONE PROVIDERS
    FULL ADDRESS.
    Example: cingular=********xx@mobile.mycingular.net */
    $to="********xx@mobile.mycingular.net";
    $subject="Agency Alert";

    mail($to,$subject,$message,$from);

    }
    mysql_close();
    }

    // CHECK TO SEE IF CURRENT VISITOR IS FROM AN AGENCY
    check_agency();


    ?>
    [/php]
    [url=http://www.syntax******.info/tools/services.php]Speed Up Windows XP[/url]
    [url=http://www.syntax******.info/tools/ip.php]Get An Ip Address[/url]
    [url=http://www.syntax******.info/tools/base_converter.php]Base Converter[/url]
    --------------------------------
    [URL=http://www.boninroad.com/syntax******/]Old Site[/URL]
    [URL=http://www.syntax******.info]Comming Soon[/URL]

  3. #3
    Join Date
    Jan 2008
    Posts
    140

    congrats

    congrats on getting this file out lol hope fully they themselves wont catch this
    Yes..i do wear a grey hat... and don't plan on changing to white or black..

  4. #4
    Join Date
    Sep 2006
    Posts
    1,649
    Lol, SytanX, any *ahem* particular reason you decided to come up with this?

    All suspicious aside, nice work. The code formatting is nice, and pretty much fully commented.
    "Workers of the world unite; you have nothing to lose but your chains." -Karl Marx

  5. #5
    Join Date
    Jan 2005
    Posts
    623
    Actually I just came up with this last Friday when I saw the list of agencies while reading some articles on Phrack.org. Most of that information (on Phrack.org) is completely out of my realm of knowledge, but its always good to read information that reminds you that you don't know S**T.

    Anyways... I've built a few sites that completely expose government corruption in certain areas. I wanted something to correlate press releases with government visitors to get an inside idea of who cares about what.
    [url=http://www.syntax******.info/tools/services.php]Speed Up Windows XP[/url]
    [url=http://www.syntax******.info/tools/ip.php]Get An Ip Address[/url]
    [url=http://www.syntax******.info/tools/base_converter.php]Base Converter[/url]
    --------------------------------
    [URL=http://www.boninroad.com/syntax******/]Old Site[/URL]
    [URL=http://www.syntax******.info]Comming Soon[/URL]

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts