Open-AudIT
https://www.open-audit.org/phpBB3/

MAC bug in admin_nmap_input.php
https://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=3421
Page 1 of 1

Author:  seraphielx [ Tue Sep 22, 2009 11:01 pm ]
Post subject:  MAC bug in admin_nmap_input.php

Lo there,
I was scanning my network and noticed that after a scan and audit that I was missing things there were listed 10 mins ago.
I noticed that if a nmap scan is returning a mac address of 00:00:00:00:00:00 that it would remove all things listed with a mac address of 00:00:00:00:00:00.
If you are on one IP range and scan another one it will not return a MAC address and the script will freak out a bit.
Here is what I changed to make this work on my network thus far.

[code]
<?php
$page = "add_pc";
include "include.php";
echo "<td valign=\"top\">\n";
echo "<div class=\"main_each\">";

echo "<p class=\"contenthead\">".__("NMap")."</p>\n";
//
// Avoid undeclared vars warnings (AJH).
//
$device_type="unknown";
$running="unknown";
$ip_address="000.000.000.000";
$manufacturer="unknown";
$mac="00:00:00:00:00:00";
//
$timestamp = date("YmdHis");
$uuid = "";
$process = "";
if (isset($_POST["submit"])){
$input = $_POST['add'];
$input = explode("\n", $input);
//add in my debug : seraphielx
echo "<fieldset><legend>POST DATA DEBUG</legend><div>".$_POST['add']."</div>";
echo "</fieldset><br>";
//add in the input debug : seraphielx
echo "<fieldset><legend>Input DEBUG</legend><div>";
print_r($input);
echo "</div></fieldset><br>";


foreach ($input as $split) {
//lets add in some logic and see if we can make this work
if (substr($split, 0, 12) == "MAC Address:") {
// OK - we have a hit.
$mac = substr($split,13,17);
echo "Mac Address: " . $mac . "<br />";
$temp = explode(")",substr($split, strpos($split, "(")+1));
$manufacturer = $temp[0];
echo "Manufacturer: " . $manufacturer . "<br />";
}


if (substr($split, 0, 12) == "Device type:") {
// OK - we have a hit.
$temp = explode(":", $split);
$temp2 = explode("|",$temp[1]);
$device_type = ltrim(rtrim($temp2[0]));
echo "Device Type: " . $device_type . "<br />";
}

if (substr($split, 0, 8) == "Running:") {
// OK - we have a hit.
$temp = explode(":", $split);
$running = ltrim(rtrim($temp[1]));
echo "Running: " . $running . "<br />";
}

if (substr($split, 0, 20) == "Interesting ports on") {
// OK - we have a hit.
if (strpos($split, ")") !== false){
// Name resolution succeeded
$temp = explode(")",substr($split, strpos($split, "(")+1));
$ip_address = $temp[0];
echo "IP Address: " . $ip_address . "<br />";
$temp = explode(" ", $split);
$temp2 = explode(".", $temp[3]);
$name = $temp2[0];
echo "Name: " . $name . "<br />";
} else {
// No name resolution
$temp = explode(" ",$split);
$temp2 = $temp[3];
$temp = explode(":",$temp2);
$ip_address = $temp[0];
$ip_explode = explode(".",$ip_address);
if (strlen($ip_explode[0]) < 2){$ip_explode[0] = "0" . $ip_explode[0];}
if (strlen($ip_explode[0]) < 3){$ip_explode[0] = "0" . $ip_explode[0];}
if (strlen($ip_explode[1]) < 2){$ip_explode[1] = "0" . $ip_explode[1];}
if (strlen($ip_explode[1]) < 3){$ip_explode[1] = "0" . $ip_explode[1];}
if (strlen($ip_explode[2]) < 2){$ip_explode[2] = "0" . $ip_explode[2];}
if (strlen($ip_explode[2]) < 3){$ip_explode[2] = "0" . $ip_explode[2];}
if (strlen($ip_explode[3]) < 2){$ip_explode[3] = "0" . $ip_explode[3];}
if (strlen($ip_explode[3]) < 3){$ip_explode[3] = "0" . $ip_explode[3];}
$ip_address = $ip_explode[0] . "." . $ip_explode[1] . "." . $ip_explode[2] . "." . $ip_explode[3];
echo "IP Address: " . $ip_address . "<br />";
$name = $ip_address;
echo "Name: " . $name . "<br />";
}
}
//if ((substr($split, 0, 25) == "All 3199 scanned ports on") or (substr($split, 0, 25) == "All 3185 scanned ports on") or (substr($split, 0, 25) == "All 1711 scanned ports on") or (substr($split, 0, 25) == "All 1697 scanned ports on") or (substr($split, 0, 25) == "All 1488 scanned ports on")) {
if (preg_match("/^All (\d)* scanned ports on/",$split)){
// OK - we have a hit (but all scanned ports are closed or filtered).
$temp = explode(" ", $split);
$temp2 = $temp[6];
if (strpos($temp2, ")") !== false){
// Name resolution succeeded
$temp = explode(")",substr($split, strpos($split, "(")+1));
$ip_address = $temp[0];
echo "IP Address: " . $ip_address . "<br />";
$temp = explode(" ", $split);
$temp2 = explode(".", $temp[5]);
$name = $temp2[0];
echo "Name: " . $name . "<br />";
} else {
// No name resolution
$temp = explode(" ",$split);
$ip_address = $temp[5];
$ip_explode = explode(".",$ip_address);
if (strlen($ip_explode[0]) < 2){$ip_explode[0] = "0" . $ip_explode[0];}
if (strlen($ip_explode[0]) < 3){$ip_explode[0] = "0" . $ip_explode[0];}
if (strlen($ip_explode[1]) < 2){$ip_explode[1] = "0" . $ip_explode[1];}
if (strlen($ip_explode[1]) < 3){$ip_explode[1] = "0" . $ip_explode[1];}
if (strlen($ip_explode[2]) < 2){$ip_explode[2] = "0" . $ip_explode[2];}
if (strlen($ip_explode[2]) < 3){$ip_explode[2] = "0" . $ip_explode[2];}
if (strlen($ip_explode[3]) < 2){$ip_explode[3] = "0" . $ip_explode[3];}
if (strlen($ip_explode[3]) < 3){$ip_explode[3] = "0" . $ip_explode[3];}
$ip_address = $ip_explode[0] . "." . $ip_explode[1] . "." . $ip_explode[2] . "." . $ip_explode[3];
echo "IP Address: " . $ip_address . "<br />";
$name = $ip_address;
echo "Name: " . $name . "<br />";
}
}
} // End of for each



//if device type in blank make it a unknown
if ($device_type == ""){$device_type = "unknown";}
//if running is blank make it unknown
if ($running == ""){$running = "unknown";}
//now to check on the device type again and see what is running
if (substr_count($device_type, "general purpose") > "0"){
if (substr_count($running, "Linux") > "0") { $device_type = "os_linux";}
if (substr_count($running, "Windows") > "0") { $device_type = "os_windows"; echo "Windows.<br />";}
if (substr_count($running, "unix") > "0") { $device_type = "os_unix";}
if (substr_count($running, "MAC") > "0") { $device_type = "os_mac";}
if (substr_count($running, "AIX") > "0") { $device_type = "os_unix";}
if (substr_count($running, "SCO UnixWare") > "0"){ $device_type = "os_unix";}
} else {
//lets add in other things to see if this will work : seraphielx
if (substr_count($running, "Cisco IOS 12.X") > "0") { $device_type = "broadband_router"; echo "Cisco router.<br />";}
}


if (isset($mac) AND $mac <> "00:00:00:00:00:00"){
// First check the network_card table
$sql = "SELECT net_uuid FROM network_card WHERE net_mac_address = '" . $mac . "'";
echo $sql . "<br />";
$result = mysql_query($sql) or die ('Query Failed: <br />$sql<br />' . mysql_error() . '<br />' . $sql);
$myrow = mysql_fetch_array($result);
if (isset($myrow["net_uuid"])){
$process = "network_mac";
$uuid = $myrow["net_uuid"];
} else {
// Not in network_card - check other table
$sql = "SELECT other_id, other_mac_address FROM other WHERE other_mac_address = '" . $mac . "' OR other_ip_address = '" . ip_trans_to($ip_address) . "' ORDER BY other_timestamp";
echo $sql . "<br />";
$result = mysql_query($sql) or die ('Query Failed: <br />$sql<br />' . mysql_error() . '<br />' . $sql);
$myrow = mysql_fetch_array($result);
if (isset($myrow["other_id"])){
$process = "other_mac";
$uuid = $myrow["other_id"];
//now for the fun of updateing the mac address with my crazy network : seraphielx
if ($myrow["other_mac_address"] == "00:00:00:00:00:00" ){
$mac = $mac;
}else{
$mac = $myrow["other_mac_address"];
}
}
}
} else {}

if ($mac == "00:00:00:00:00:00"){
echo "The mac address is ".$mac."<br>";
$sql = "SELECT net_uuid FROM network_card WHERE net_ip_address = '" . ip_trans_to($ip_address) . "'";
echo $sql . "<br />";
$result = mysql_query($sql) or die ('Query Failed: <br />$sql<br />' . mysql_error() . '<br />' . $sql);
$myrow = mysql_fetch_array($result);
if (isset($myrow["net_uuid"])){
$process = "network_ip";
$uuid = $myrow["net_uuid"];
} else {
$sql = "SELECT other_id FROM other WHERE other_ip_address = '" . ip_trans_to($ip_address) . "'";
echo $sql . "<br />";
$result = mysql_query($sql) or die ('Query Failed: <br />$sql<br />' . mysql_error() . '<br />' . $sql);
$myrow = mysql_fetch_array($result);
if (isset($myrow["other_id"])){
$process = "other_ip";
$uuid = $myrow["other_id"];
} else {}
}
} else {}



if ($uuid == "" and $mac <> "00:00:00:00:00:00") {
// Insert into other table
$sql = "INSERT INTO other (other_network_name, other_ip_address, other_mac_address, ";
$sql .= "other_description, other_manufacturer, other_type, ";
$sql .= "other_timestamp, other_first_timestamp) VALUES (";
$sql .= "'$name','" . ip_trans_to($ip_address) . "','$mac',";
$sql .= "'$running','$manufacturer','$device_type',";
$sql .= "'$timestamp','$timestamp')";
$result = mysql_query($sql) or die ('Insert Failed: <br />' . $sql . '<br />' . mysql_error());
$uuid = mysql_insert_id();
$process = "new_other";
echo $sql . "<br />";
} else {}

//add this to add in the cicso router and other things so we do not add in blank records : seraphielx
if ($uuid == "" and $mac == "00:00:00:00:00:00" and $ip_address <> "000.000.000.000") {
// Insert into other table
$sql = "INSERT INTO other (other_network_name, other_ip_address, other_mac_address, ";
$sql .= "other_description, other_manufacturer, other_type, ";
$sql .= "other_timestamp, other_first_timestamp) VALUES (";
$sql .= "'$name','" . ip_trans_to($ip_address) . "','$mac',";
$sql .= "'$running','$manufacturer','$device_type',";
$sql .= "'$timestamp','$timestamp')";
$result = mysql_query($sql) or die ('Insert Failed: <br />' . $sql . '<br />' . mysql_error());
$uuid = mysql_insert_id();
$process = "new_other";
echo $sql . "<br />";
} else {}
//end add

if ($process == "other_mac"){
$sql = "UPDATE other SET other_ip_address = '". ip_trans_to($ip_address) . "', ";
$sql .= "other_mac_address = '$mac', other_timestamp = '$timestamp' ";
$sql .= "WHERE other_id = '$uuid'";
$result = mysql_query($sql) or die ('Insert Failed: <br />' . $sql . '<br />' . mysql_error());
//$uuid = mysql_insert_id();
$process = "update_other";
echo $sql . "<br />\n";
} else {}

if ($process <> ""){
// Process the file
echo "UUID: " . $uuid . "<br />";
echo "Process: " . $process . "<br />";
$sql = "DELETE FROM nmap_ports WHERE nmap_other_id = '" . $uuid . "'";
echo $sql . "<br />\n";
$result = mysql_query($sql) or die ('Delete Failed: <br />' . $sql . '<br />' . mysql_error());
foreach ($input as $split) {
// Search every row for tcp/udp open or open|filtered ports
if (strpos($split, "open") === false) {
} else if ((strpos($split, "/tcp") === false) and (strpos($split, "/udp") === false)) {
} else {
$temp = explode(" ", $split);
$temp1 = explode("/", $temp[0]);
$port_number = $temp1[0];
$port_proto = $temp1[1];
$pos = strlen($temp[0]) + 1;
while (substr($split, $pos, 1) == " ") {
$pos++; }
$temp = substr($split, $pos);
$temp1 = explode(" ", $temp);
$port_state = $temp1[0];
$pos = $pos + strlen($port_state);
while (substr($split, $pos, 1) == " ") {
$pos++; }
$temp = substr($split, $pos);
$temp1 = explode(" ", $temp);
$port_name = $temp1[0];
$pos = $pos + strlen($port_name);
while (substr($split, $pos, 1) == " ") {
$pos++; }
$port_version = rtrim(substr($split, $pos));
if ($port_version == "") {
$port_version = "Not detected"; }
else { }

echo "<br /> Port found. <br />";
echo "Port: " . $port_number . "<br />";
echo "Protocol: " . $port_proto . "<br />";
echo "State: " . $port_state . "<br />";
echo "Service: " . $port_name . "<br />";
echo "Version: " . $port_version . "<br />";

$sql = "INSERT INTO nmap_ports (nmap_other_id, nmap_port_number, nmap_port_proto, nmap_port_name, nmap_port_version, nmap_timestamp) VALUES (";
$sql .= "'" . $uuid . "','" . $port_number . "','" . $port_proto . "','" . $port_name . "','" . $port_version . "','" . $timestamp . "')";
$result = mysql_query($sql) or die ('Insert Failed: <br />' . $sql . '<br />' . mysql_error());
echo "<br />" . $sql . "<br />";
}
}// End of foreach
}//End of if ($process <> "")


//echo "<br />" .$sql . "<br />";


} // End of isset($_POST["submit"])
else {

echo "<form action=\"admin_nmap_input.php\" method=\"post\">\n";
echo "<table>\n";
echo "<tr><td colspan=\"2\"><textarea rows=\"20\" name=\"add\" cols=\"90\" class=\"for_forms\"></textarea></td></tr>\n";
echo "<tr><td colspan=\"2\"><input name=\"submit\" value=\"".__("Save")."\" type=\"submit\" /></td></tr>\n";
echo "</table>\n";
echo "</form>\n";

}

echo "</div>\n";
echo "</div>\n";
echo "</td>\n";
echo "</body>\n";
echo "</html>\n";
?>


[/code]

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/