#!/usr/bin/perl -w
# 
# Copyright (c) 2002 Robert Waldner <waldner+nph-trace@waldner.priv.at>
#
#   This program is free software; you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 2 of the License, or
#   any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
# A copy of the GNU General Public License should have been available
# whereever you got this program from, and you should have been
# encouraged to get and read it. If not, you can get it from 
# <URL:http://www.gnu.org/licenses/gpl.txt> or
# <URL:http://www.waldner.priv.at/scripts/gpl.txt>, or write to the
# Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
# 
# Please note that other licenses (especially the Artistic License
# for the PERL-language/-interpreter) may also apply. It is solely your
# responsibility to abide by the terms of whatever licenses apply.
# 
# An up-to-date version of this script should be available via
# <URL:http://ka.graffl.net/scripts/>.
# 
# Note that per default this script will mail the original author (me ;-) )
# a copy of each attempted exploit, if you do not want that, go edit the
# code (look for "$cc"). It also relies heavily on Debian'isms and Apache.

# make output unbuffered
select STDERR; $| = 1;
select STDIN;  $| = 1;
select STDOUT; $| = 1;

use CGI;
use FileHandle;

my $query = new CGI;

print <<EOF;
HTTP/1.1 200 OK
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<HTML><HEAD><TITLE>traceroute from ka.graffl.net</TITLE>
</HEAD><BODY>
EOF
print ("\n");
print ("<hr>\n");
print <<EOF;
<div align="right">
support my beer-consumption<br>
with ad-clicking 
<script type="text/javascript"><!--
google_ad_client = "pub-4248379243844996";
google_ad_width = 180;
google_ad_height = 150;
google_ad_format = "180x150_as";
google_ad_channel ="";
google_ad_type = "text";
google_color_border = "336699";
google_color_bg = "FFFFFF";
google_color_link = "0000FF";
google_color_url = "008000";
google_color_text = "000000";
//--></script>
<script type="text/javascript"
  src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
if you please
</div>
EOF

my $params = $query->param();

if (defined $query->param("trace_to"))
  { $destination = $query->param("trace_to");
    # cut off leading and trailing spaces
    while ($destination =~ /^\ /)
      { $destination =~ s/^\ //g; }
    while ($destination =~ /\ $/)
      { $destination =~ s/\ $//g; }
    while ($destination =~ /\/$/)
      { $destination =~ s/\///g; }

    while ($destination =~ /http/)
      { $destination =~ s/http//g; }

    while ($destination =~ /:/)
      { $destination =~ s/://g; }

    while ($destination =~ /.*\//)
      { $destination =~ s/"^.*\/"//g; }

     if ($destination !~ /^[0-9a-z\.\-]+$/i)
      { print ("<h3 align=\"center\">Illegal character detected in input</h3>\n");
        print ("I could pare it down to $destination, but that's about it.<br>\n");
        print ("What characters are allowed?<br>\n");
        print ("<tt>a-z A-Z 0-9 . -</tt><br>\n");
        print ("<strong>No URLs</strong> (eg http://...)!<br>\n");
        $file = new FileHandle;
        if ($file->open(">/tmp/x.x"))
          { print $file "Here is what I could gather:\n\n";
            foreach(sort keys(%ENV))
              { print $file "$_: $ENV{$_}\n";
              }
            print $file "\n\n";
            print $file "The offending string was: \"", $destination, "\"\n";
          }
        $file->close;
        my $rcpt = $ENV{"SERVER_ADMIN"};
        my $cc = "waldner+trace.pl-exploit\@waldner.priv.at";
        system ("cat /tmp/x.x \| /usr/bin/mail -s \"nph-trace.pl exploit attempt\" -c $cc $rcpt");
        system ("rm /tmp/x.x");
        my $host = $ENV{"REMOTE_ADDR"};
        print $query->end_html;
        die "$host tried to hack us...\n";
      }
    print ("<h1>Tracing route to ",$destination,".</h1><br>\n");
    print ("Be patient, this <strong>will</strong> take a while ");
    print ("(there is intentional slow-down to prevent abuse)...<br>\n");
    print ("<hr>\n");
    my $host = $destination;
    open TR, "/usr/sbin/traceroute -p 33434 $host 2>&1 |" or die "Error executing traceroute";
    while(<TR>)
      { chomp $_;
        $_ =~ s/\ /\&nbsp\;/g;
        print ("$_<br>\n");
        sleep 1;
      }
    close TR;
    print ("<hr>\n");
#    print ("<h1>Now for something completely different</h1>\n");
#    $host = $ENV{"REMOTE_ADDR"};
#    print ("<h2>What RIPE knows about <strong>your</strong> host ($host)</h2>\n");
#    my $line = "/usr/bin/whois -a -h whois.ripe.net $host";
#    open TR, "$line 2>&1 |" or die "Cannot open pipe";
#    print ("<pre>\n");
#    while(<TR>)  
#      { chomp $_;
#        print ("$_\n");
#      }
#    close TR;
#    print ("</pre><hr>\n");
    print ("<h2>Some credentials your browser sent</h2>\n"); sleep 1;
    print ("Your address: ", $ENV{"REMOTE_ADDR"}, "<br>\n"); sleep 1;
    print ("Your host: ", $ENV{"REMOTE_HOST"}, "<br>\n"); sleep 1;
    print ("Your user-agent: ", $ENV{"HTTP_USER_AGENT"}, "<br>\n"); sleep 1;
    print ("Port your query originated from: ", $ENV{"REMOTE_PORT"}, "<br>\n"); sleep 1;
    print ("Encodings your browser accepts: ", $ENV{"HTTP_ACCEPT_ENCODING"}, "<br>\n"); sleep 1;
    print ("Content-types your browser pretends to understand: ", $ENV{"HTTP_ACCEPT"}, "<br>\n"); sleep 1;

  }
else
  { # print ($query->start_form);
    print ("<FORM METHOD=\"POST\" ACTION=\"/cgi-bin/nph-trace.pl\" ENCTYPE=\"application/x-www-form-urlencoded\">\n");
    print ("Enter <a href=\"http://www.med.unibs.it/~marchesi/pps97/course/section1/network.html\">");
    print ("IP-address (dotted quad) or FQDN</a> to trace: ");
    print ($query->textfield(-name=>"trace_to", -default=>$ENV{"remote_addr"}, -size=>30, -maxlength=>30), "\n");
    print ($query->submit("Start","Start"));
    print ("&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;<font color=\"red\">IDN is NOT supported! Use the punycoded (xn-- ..)  version.</font>");
    print ($query->end_form);
  } # if (defined params)

print <<EOF;
<hr>
<table width="100%" border="0">
 <tr>
   <td align="left" width="33%">
      <a href="http://www.gnu.org/licenses/gpl.txt">GPL
      </a>ed software.
      <a href="http://www.waldner.priv.at/stuff/nph-trace.pl">Source
      </a> code.
   </td>
   <td align="center" width="34%">
      <a href="http://validator.w3.org/check/referer">
        <img border="0" src="http://www.w3.org/Icons/valid-html401"
            alt="Valid HTML 4.01!" height="31" width="88">
      </a>
   </td>
   <td align="right" width="33%">
      Copyright (c) 2002 by
         <a href="mailto:waldner+nph-trace.pl\@waldner.priv.at">
           Robert Waldner
         </a>.
   </td>
 </tr>
</table>
EOF
print $query->end_html;