diff options
-rw-r--r-- | README.md | 16 | ||||
-rwxr-xr-x | fetcheveryone.php | 18 | ||||
-rwxr-xr-x | jsontohtml.php | 8 | ||||
-rw-r--r-- | main.php | 231 |
4 files changed, 273 insertions, 0 deletions
@@ -1 +1,17 @@ # itisclient + +to get everyone in iTIS directory as a json file: + +``` +./fetcheveryone.php +``` + +and let it run for a couple of minutes (?) + +registration not added yet, no captcha=>should be simple, but a SMTP listener client will have to be implemented + +# exploits!!! + +yes, exploits indeed. Every. Single. Aspx. Site. Exploits. I mean what do they think (ASP.NET devs in general)? + +/exploits coming soon!/ diff --git a/fetcheveryone.php b/fetcheveryone.php new file mode 100755 index 0000000..7222729 --- /dev/null +++ b/fetcheveryone.php @@ -0,0 +1,18 @@ +#!/usr/bin/env php +<?php +require_once "main.php"; +$i = new itisClient(); +$i->setusername("subidubi"); +$i->setpassword("T2J7QCZWCF"); +$slovenija = array(); +foreach($i->fetchregije() as $regija) { + $slovenija[$regija] = array(); + foreach($i->fetchkontakti(0, $regija) as $kontakt) { + $slovenija[$regija][] = $i->fetchoseba($kontakt); + } +} +file_put_contents(date("d.m.Y-H.i.s").".json", json_encode($slovenija)); + + + + diff --git a/jsontohtml.php b/jsontohtml.php new file mode 100755 index 0000000..6412c75 --- /dev/null +++ b/jsontohtml.php @@ -0,0 +1,8 @@ +#!/usr/bin/env php +<?php +class jsonHtml { +public function jsonToDebug($jsonText = ''){ $arr = json_decode($jsonText, true); $html = ""; if ($arr && is_array($arr)) { $html .= self::_arrayToHtmlTableRecursive($arr); } return $html;} +public function _arrayToHtmlTableRecursive($arr) { $str = "<style>table,td,tr,th{border:1px solid black;}</style><table><tbody>"; foreach ($arr as $key => $val) { $str .= "<tr>"; $str .= "<td>$key</td>"; $str .= "<td>"; if (is_array($val)) { if (!empty($val)) { $str .= self::_arrayToHtmlTableRecursive($val); } } else { $str .= "<strong>$val</strong>"; } $str .= "</td></tr>"; } $str .= "</tbody></table>"; return $str;} +} +file_put_contents($argv[2], jsonHtml::jsonToDebug(file_get_contents($argv[1]))); +?> diff --git a/main.php b/main.php new file mode 100644 index 0000000..37fcbfa --- /dev/null +++ b/main.php @@ -0,0 +1,231 @@ +<?php +function strip_tags_content($text, $tags = '', $invert = FALSE) { + preg_match_all('/<(.+?)[\s]*\/?[\s]*>/si', trim($tags), $tags); + $tags = array_unique($tags[1]); + if(is_array($tags) AND count($tags) > 0) { + if($invert == FALSE) { + return preg_replace('@<(?!(?:'. implode('|', $tags) .')\b)(\w+)\b.*?>.*?</\1>@si', '', $text); + } + else { + return preg_replace('@<('. implode('|', $tags) .')\b.*?>.*?</\1>@si', '', $text); + } + } + elseif($invert == FALSE) { + return preg_replace('@<(\w+)\b.*?>.*?</\1>@si', '', $text); + } + return $text; +} +function DOMinnerHTML(DOMNode $element) { + $innerHTML = ""; + $children = $element->childNodes; + foreach ($children as $child) { + $innerHTML .= $element->ownerDocument->saveHTML($child); + } + return $innerHTML; +} +function endsWith($haystack, $needle) { + $length = strlen($needle); + if ($length == 0) { + return true; + } + return (substr($haystack, -$length) === $needle); +} +function startsWith ($string, $startString) { + $len = strlen($startString); + return (substr($string, 0, $len) === $startString); +} +function get_string_between($string, $start, $end){ + $string = ' ' . $string; + $ini = strpos($string, $start); + if ($ini == 0) return ''; + $ini += strlen($start); + $len = strpos($string, $end, $ini) - $ini; + return substr($string, $ini, $len); +} +/* +Errors: + -1 username or password not specified (aj blin dis a mast sou dej hev jor informejšon) + -2 you are not logged in (aj blin trms of srvis bi neseseri) + -3 bad username and/or password (diplomatski odgovor ;-) + -4 not written yet (suka bljet) + -5 session exists in another system (sucky) + -6 +*/ + class itisClient { + private $username; + private $password; + public $version = array(0, 0, 1); + private $programname = "itisclient"; + private $programdomain = 'itisclient.sijanec.tk'; + private $cookiedir; // set at runtime, ker je get_curerent_user, v login() + private $mainpage = "https://www.itis.si/"; + private $mainpageaction = "https://www.itis.si/?rw=1"; + private $iskanjestran = "https://www.itis.si/iskanje/stran-"; + public function setusername($value) { + $this->username = $value; + } + public function setpassword($value) { + $this->password = $value; + } + private function get($property) { + return $this->$property; + } + public function getversion() { + return $this->version; + } + private function login() { + if (empty($this->username) || empty($this->password)) { + return -1; + } + $this->cookiedir = '/tmp/'.posix_getuid().'/'.$this->programdomain.'/cookiedir/'; + if (!is_dir($this->cookiedir.$this->username)) { + if (!mkdir($this->cookiedir.$this->username, 0700, true)) { // x permišn mora bit', da lahko dela poddirektorije, hence true, hence 0700; group in others pa je 0, da ne morejo brati piškotkov!!! zeloo pomembno! + return -5; + } + } + $ch = curl_init(); + // curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0); + curl_setopt($ch, CURLOPT_COOKIESESSION, true ); + curl_setopt($ch, CURLOPT_COOKIEJAR, $this->cookiedir.$this->username."/cookie.txt" ); // cookiejar + curl_setopt($ch, CURLOPT_COOKIEFILE, $this->cookiedir.$this->username."/cookie.txt" ); // coolie file // this scuks + // curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); + // curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); + // curl_setopt($ch, CURLOPT_HEADER, 1); // return headers? + curl_setopt($ch, CURLOPT_VERBOSE, TRUE); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // return transfer? + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // follow 3xx redirects? + curl_setopt($ch, CURLOPT_MAXREDIRS, 10); // max 3xx redirectas? + curl_setopt($ch, CURLOPT_USERAGENT, $this->programdomain."/".implode(".", $this->version)); + curl_setopt($ch, CURLOPT_AUTOREFERER, 1); // auto send refereres? + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); // timeout for tcp connection + curl_setopt($ch, CURLOPT_TIMEOUT, 10); // timeout for http response + curl_setopt($ch, CURLOPT_URL, $this->mainpage); + curl_setopt($ch, CURLOPT_POST, 0); + $login_page = curl_exec($ch); + $xmlDoc = new DOMDocument(); + $xmlDoc->loadHTML( $login_page ); + $formNode = $xmlDoc->getElementsByTagName( "form" )[0]; // only one form + $searchNode = $formNode->getElementsByTagName("input"); + foreach( $searchNode as $sn ) { + if($sn->getAttribute('name') != 'ctl00$navigationLogin$tbUsername' && $sn->getAttribute('name') != 'ctl00$navigationLogin$tbPassword' && + $sn->getAttribute("type") != "submit") + $postvars .= urlencode($sn->getAttribute('name'))."=".urlencode($sn->getAttribute('value'))."&"; + } + curl_setopt($ch, CURLOPT_URL, $this->mainpageaction); + curl_setopt($ch, CURLOPT_POST, 1); + $postbody = $postvars.urlencode('ctl00$navigationLogin$tbUsername')."=".urlencode($this->username)."&". + urlencode('ctl00$navigationLogin$tbPassword')."=".urlencode($this->password)."&".urlencode('ctl00$navigationLogin$btnLogin')."=". + urlencode("PRIJAVA"); + curl_setopt($ch, CURLOPT_POSTFIELDS, $postbody); + $login_output = curl_exec($ch); + $xmlDoc = new DOMDocument(); + $xmlDoc->loadHTML( $login_output ); + $searchNode = $xmlDoc->getElementsByTagName( "div" ); + foreach( $searchNode as $sn ) { + if($sn->getAttribute('id') == 'navigationLogin_divNapaka') { + if (DOMinnerHTML($sn) == 'Napačno uporabniško ime in/ali geslo.') { + return -3; + } else if(DOMinnerHTML($sn) == + 'To uporabniško ime je v že v uporabi na drugem računalniku. Odjavite se iz drugega računalnika ali počakajte, da vam poteče seja.') { + return -5; // holy shit u fukkin kill.d her, TSMedia! + } + } + } + return $ch; + } + public function fetchregije() { + $ch = $this->login(); + if(!curl_getinfo($ch)) { + if(!empty($ch)){return $ch;}else{return -2;} + } + curl_setopt($ch, CURLOPT_URL, $this->mainpage); + curl_setopt($ch, CURLOPT_POST, 0); + $request_output = curl_exec($ch); + $xmlDoc = new DOMDocument(); + $xmlDoc->loadHTML( $request_output ); + $searchNode = $xmlDoc->getElementById( "search_ddlRegion" )->getElementsByTagName("option"); + $regije=array(); + foreach( $searchNode as $sn ) { + if(!empty($sn->getAttribute("value"))) $regije[] = $sn->getAttribute("value"); + } + return $regije; + } + public function fetchkontakti($kajsplohiscemo = 0, $regija = "GORENJSKA") { // kajsplohiscemo-bool=[0-osebe]/1-podjetja regija-string=[GORENJSKA]/... + $ch = $this->login(); + if(!curl_getinfo($ch)) { + if(!empty($ch)){return $ch;}else{return -2;} + } + if($kajsplohiscemo) { + $barva = "yellow"; // wtf, Adacta + return -4; + } else {$barva = "white";} + curl_setopt($ch, CURLOPT_POST, 0); + curl_setopt($ch, CURLOPT_URL, $this->mainpage); + $request_init_output = curl_exec($ch); + $xmlDoc = new DOMDocument($request_init_output); + $xmlDoc->loadHTML( $request_init_output ); + $searchNode = $xmlDoc->getElementsByTagName("form")[0]->getElementsByTagName( "input" ); + foreach( $searchNode as $sn ) { + if($sn->getAttribute("name") != 'ctl00$search$hfSearchMode' && $sn->getAttribute("name") != 'ctl00$search$ddlRegion') { + $postvars .= urlencode($sn->getAttribute('name'))."=".urlencode($sn->getAttribute('value')).'&'; + } + } + curl_setopt($ch, CURLOPT_POST, 1); + // curl_setopt($ch, CURLOPT_HEADER, array('array("Content-Type: multipart/form-data")')); + curl_setopt($ch, CURLOPT_URL, $this->mainpageaction); + $postbody=$postvars.urlencode('ctl00$search$hfSearchMode').'='.urlencode($barva).'&'.urlencode('ctl00$search$ddlRegion').'='. + urlencode($regija).'&__EVENTTARGET=&__EVENTARGUMENT=&ctl00%24search%24hfSearchFormMode=2&ctl00%24search%24ddlAreaCode=&ctl00%24search%24ddlWorkingHoursDay=&ctl00%24search%24ddlWorkingHoursFrom=&ctl00%24search%24ddlWorkingHoursTo=&ctl00%24search%24ddlAdditionalOptions=&hiddenInputToUpdateATBuffer_CommonToolkitScripts=1'; // (-; + if($kajsplohiscemo){ $postbody .= '&'.urlencode('ctl00$search$btnSearchAlt').'='.urlencode('NAJDI');} // THIS FINNALY WORKS BUT ONLY FOR + else {$postbody .= '&'.urlencode('ctl00$search$btnSearch').'='.urlencode('IŠČI');} // LOGGED IN USERS! DON'T TOUCH + curl_setopt($ch, CURLOPT_POSTFIELDS, $postbody); // THE ANCIENT CODE! + $request_output = curl_exec($ch); // https://www.reddit.com/r/ProgrammerHumor/comments/9xat04/the_ancient_code/ + curl_setopt($ch, CURLOPT_POST, 0); + curl_setopt($ch, CURLOPT_URL, $this->iskanjestran."064176345"); // just a big intager + $request_after_output = curl_exec($ch); + $xmlDoc = new DOMDocument($request_after_output); + $xmlDoc->loadHTML($request_after_output); + $zadnjastran = explode("-", $xmlDoc->getElementById("CPH_bodyMain_SearchResultsStatic1_ResultsPagerStatic1_aLastPage")->getAttribute("href"))[1]; + $kontakti = array(); + for($i = 1; $i <= $zadnjastran; $i++) { + curl_setopt($ch, CURLOPT_POST, 0); + curl_setopt($ch, CURLOPT_URL, $this->iskanjestran.$i); // just a bing intager + $request_loop_output = curl_exec($ch); + $xmlDoc = new DOMDocument($request_loop_output); + $xmlDoc->loadHTML($request_loop_output); + $searchNode = $xmlDoc->getElementById('CPH_bodyMain_SearchResultsStatic1_UpdatePanelSearchResults')->getElementsByTagName("a"); + foreach($searchNode as $sn) { + if(startsWith($sn->getAttribute("href"), "/oseba/")) $kontakti[] = filter_var("https://www.itis.si".$sn->getAttribute("href"), FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_HIGH); // just don't change your domain + } + } + return $kontakti; + } + public function fetchoseba($personlink) { // personlink, začenjši z https://www.itis.si/oseba/ + $ch = $this->login(); + if(!curl_getinfo($ch)) { + if(!empty($ch)){return $ch;}else{return -2;} + } + curl_setopt($ch, CURLOPT_URL, $personlink); + curl_setopt($ch, CURLOPT_POST, 0); + $request_output = curl_exec($ch); + file_put_contents("/tmp/69.txt", $request_output); + $xmlDoc = new DOMDocument($request_output); + $xmlDoc->loadHTML($request_output); + $oseba = array(); + $oseba['name'] = DOMinnerHTML($xmlDoc->getElementsByTagName("h1")[0]); + foreach ($xmlDoc->getElementsByTagName('a') as $ej) { + if (endsWith($ej->getAttribute("id"), "hlMapAddress")) { + $addresstext = $ej; + } + } + $oseba['address'] = explode('<br>', str_replace("\n", null, str_replace("\r", null, str_replace(" ", null, DOMinnerHTML($addresstext))))); + $oseba['nr'] = array(); + foreach($xmlDoc->getElementsByTagName("div") as $sn) { + if($sn->getAttribute("class") == "nr") $oseba['nr'][] = str_replace(" ", null, strip_tags_content(DOMinnerHTML($sn))); + } + $oseba['nr'] = array_unique($oseba['nr']); + $oseba['gps'] = get_string_between($ej->getAttribute("href"), 'javascript:openMap(', + ",'".$oseba['name']); + return $oseba; + } + } +?> |