Version: 1.1
Type: Full Script
Category: Networking
License: GNU Library Public License
Description: Uses smbclient to send a message to selectable, predefined hosts running Samba or Windows.
Designed to be accessed by HTTP from an HTML form but can be modified easily for other purposes.
See http://frell.ambush.de/
<?php // SMB popup script // uses smbclient to send a message to predefined SMB hosts // $Id: popup.php,v 1.1 2002/06/19 03:03:22 packbart Exp $ // // Parameters: // redirok: (optional) URL to redirect to if popup was sent successfully // defaults to HTTP Referer: value // no redirection if empty // redirerr: (optional) URL to redirect to if an error was encountered // no redirection if omitted or empty // to: selects, which predefined host the msg will be sent to // message: the message text itself // // Configuration: // - define destinations: // - NETBIOS: the netbios (SMB) server name // or a user name on windows clients // - HOSTNAME: (optional) IP address or hostname, can speed up delivery // (no NMB lookups) // - change defaults // // Caveats: // - message body is unfiltered, can probably pass exploit code to // vulnerable servers or popup clients // - doesn't check if $redir* are valid URLs (protocol://host/path) // - maybe vulnerable to Cross Site Scripting attacks, depends on // browser (output is text/plain) // // Notes: // - What is the maximum length for a SMB popup message? // - and how do I strip CRs more efficient than using str_replace? // - uses PHP 4.1 $_SERVER array instead of $HTTP_SERVER_VARS // // Hauke Lampe - <[email protected]> - http://frell.ambush.de/ // $redirect = ""; header("Cache-Control: no-cache"); header("Content-Type: text/plain"); // CONFIG START // path to smbclient binary define(SMBCLIENT, "/usr/bin/smbclient"); // defaults if (!isset($to) or $to == "") $to = "packbart"; if (!isset($redirok)) if ($_SERVER[HTTP_REFERER] == "" or $_SERVER[HTTP_REFERER] == "http://".$_SERVER[SERVER_NAME]."/".$_SERVER[REQUEST_URI]) $redirok = ""; else $redirok = $_SERVER[HTTP_REFERER]; if (!isset($redirerr)) $redirerr = ""; if (!isset($message) or $message == "") $message = "(no text)"; // destinations switch ($to) { case "packbart": define(NETBIOS, "drow"); define(HOSTNAME, "drow.dmz.frell.ambush.de"); break; case "patman": define(NETBIOS, "patman"); define(HOSTNAME, "patman.guest-dhcp.frell.ambush.de"); break; case "mobile": define(NETBIOS, "talyn"); # define(HOSTNAME, "talyn.wvlan.frell.ambush.de"); break; default: echo "Sorry, unknown destination."; exit; } // CONFIG END $output = "Message: ".$message."nn". "Status : "; $smbpar = "-M "".escapeshellcmd(NETBIOS).""".((defined("HOSTNAME") and HOSTNAME != "") ? (" -I "".escapeshellcmd(HOSTNAME).""") : ("")). " -U "".escapeshellcmd($_SERVER[REMOTE_ADDR])."" -n Internet"; if (!$popup = popen(SMBCLIENT." $smbpar", "w")) { $redirect = $redirerr; $output .= "open failed (invalid path?)"; } else { if ((fwrite($popup, "(from: ".(($_SERVER[REMOTE_HOST] == "") ? ($_SERVER[REMOTE_ADDR]) : ($_SERVER[REMOTE_HOST])).")nn". str_replace("r", "", stripslashes($message)), 2048) == -1) or (pclose($popup))) { $redirect = $redirerr; $output .= "send failed (host down?)"; } else { $redirect = $redirok; $output .= "OK"; } } if ($redirect != "") { header("HTTP/1.0 302 Moved"); header("Location: ".$redirect); } echo "$output"; ?>
