HACKER TRAPPER 2.5

[7h331337]

this is a simple app that lets you open up ports and if any one trys to connect to it it sets of a siren and adds the details to the log

hacker_trapper_2.5.rar

new_hacker_trapper_2.6.rar

Edited February 8, 2009 by 7h331337

[jvanegmond]

Very cool, .

[7h331337]

Very cool, .

ty i hope to add more features tonight

like automatic isp abuse forwarding

any one have a idea of any features i should add

[7h331337]

hacker trapper 2.6 now availably now has automatic isp emailing only works with gmail right now but you can still use it like normal without email

to use email click set email

if you want to test it just change the value of $to in intruder()

please tell me what u think

new_hacker_trapper_2.6.rar

[Jos]

You will hardly be portscanned when behind a LAT Router unless you define your PC as a DMZ host.

When defined like that you probably will go crazy with the number of hits you get ofcourse depending which port you open the trap for.

Jos

[Jos]

i ormly portfward to the internet and i will add some more script to it and make it so you have to type in to it something like a login and the alarm will only go off iff thay try o login so scanningshould not affect it

sure... that too.... (not the foggiest idea what you are saying here)

[7h331337]

sure... that too.... (not the foggiest idea what you are saying here)

soz about that wireless keyboard lol ran out of power

[James]

Wireless keyboard ran out of power so you typed half a sentence with no power erm ok...

[7h331337]

Wireless keyboard ran out of power so you typed half a sentence with no power erm ok...

it was running out of power

any way what i was trying to saying is if you scan the ports it will set it off

now it will only go off if someone types something in to it

here is the update:

expandcollapse popup

#include <GUIConstants.au3>
#include <inet.au3>
#include <String.au3>
Global $lis[100][100], $list[100], $ip, $sockaddr, $exit = False,$recv,$p
$lis[0][1] = 0
$email = 0
$Form1 = GUICreate("The Hacker Trapped BY 7H331337", 652, 314, 225, 63)
$input1 = GUICtrlCreateInput("you have been trapped by the hacker trapper 2.6 by 7h331337 and your ip has been logged and your isp has been notified", 72, 16, 289, 21)
$Label1 = GUICtrlCreateLabel("message", 8, 16, 46, 17)
$Group1 = GUICtrlCreateGroup("Ports listening", 8, 56, 353, 105)
$ListView1 = GUICtrlCreateListView("NAME|PORT|STATE", 16, 72, 329, 81)
GUICtrlCreateGroup("", -99, -99, 1, 1)
$Group2 = GUICtrlCreateGroup("PORTS", 368, 16, 273, 281)
$Checkbox1 = GUICtrlCreateCheckbox("FTP", 384, 48, 97, 17)
$Checkbox2 = GUICtrlCreateCheckbox("TELNET", 384, 80, 97, 17)
$Checkbox3 = GUICtrlCreateCheckbox("SSH", 384, 112, 97, 17)
$Checkbox4 = GUICtrlCreateCheckbox("HTTP", 384, 144, 97, 17)
$Checkbox5 = GUICtrlCreateCheckbox("SNMP", 384, 176, 97, 17)
$Checkbox6 = GUICtrlCreateCheckbox("POP3", 488, 48, 97, 17)
$Checkbox7 = GUICtrlCreateCheckbox("SMTP", 488, 80, 97, 17)
$Checkbox8 = GUICtrlCreateCheckbox("SOCKSPROXY", 488, 112, 97, 17)
$Checkbox9 = GUICtrlCreateCheckbox("FINGER", 488, 144, 97, 17)
$Checkbox10 = GUICtrlCreateCheckbox("DNS", 488, 176, 97, 17)
$Input2 = GUICtrlCreateInput("", 480, 224, 153, 21)
$Label2 = GUICtrlCreateLabel("ADD PORT (139)", 384, 224, 87, 25)
$Button4 = GUICtrlCreateButton("add port", 480, 256, 81, 17, 0)
GUICtrlCreateGroup("", -99, -99, 1, 1)
$Button1 = GUICtrlCreateButton("start", 8, 280, 97, 17, 0)
$Button2 = GUICtrlCreateButton("stop", 112, 280, 89, 17, 0)
$Button3 = GUICtrlCreateButton("set email (optional)", 216, 280, 89, 17, 0)
$Group3 = GUICtrlCreateGroup("log", 8, 176, 353, 97)
$ListView2 = GUICtrlCreateListView("Time  |ip             |name         |port", 16, 192, 329, 73)

GUICtrlCreateGroup("", -99, -99, 1, 1)
GUISetState(@SW_SHOW)

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit
        Case $Checkbox1
            If GUICtrlRead($Checkbox1) = 1 Then
                $lis[0][1] = 1
                $lis[$lis[0][1]][1] = "ftp"
                $lis[$lis[0][1]][0] = 21
                $list[0] = $list[0] + 1
                $list[1] = GUICtrlCreateListViewItem("ftp|21|stopped!!!", $ListView1)
            Else
                GUICtrlDelete($list[1])
                
            EndIf
            
        Case $Checkbox2
            If GUICtrlRead($Checkbox2) = 1 Then
                $lis[0][1] = 2
                $lis[$lis[0][1]][1] = "telnet"
                $lis[$lis[0][1]][0] = 23
                $list[0] = $list[0] + 1
                $list[2] = GUICtrlCreateListViewItem("telnet|23|stopped!!!", $ListView1)
            Else
                GUICtrlDelete($list[2])
                
            EndIf
        Case $Checkbox3
            If GUICtrlRead($Checkbox3) = 1 Then
                $lis[0][1] = 3
                $lis[$lis[0][1]][1] = "ssh"
                $lis[$lis[0][1]][0] = 22
                $list[0] = $list[0] + 1
                $list[3] = GUICtrlCreateListViewItem("ssh|22|stopped!!!", $ListView1)
            Else
                GUICtrlDelete($list[3])
                
            EndIf
        Case $Checkbox4
            If GUICtrlRead($Checkbox4) = 1 Then
                $lis[0][1] = 4
                $lis[$lis[0][1]][1] = "http"
                $lis[$lis[0][1]][0] = 80
                $list[0] = $list[0] + 1
                $list[4] = GUICtrlCreateListViewItem("http|80|stopped!!!", $ListView1)
            Else
                GUICtrlDelete($list[4])
                
            EndIf
        Case $Checkbox5
            If GUICtrlRead($Checkbox5) = 1 Then
                $lis[0][1] = 5
                $lis[$lis[0][1]][1] = "snmp"
                $lis[$lis[0][1]][0] = 161
                $list[0] = $list[0] + 1
                $list[5] = GUICtrlCreateListViewItem("snmp|161|stopped!!!", $ListView1)
            Else
                GUICtrlDelete($list[5])
                
            EndIf
        Case $Checkbox6
            If GUICtrlRead($Checkbox6) = 1 Then
                $lis[0][1] = 6
                $lis[$lis[0][1]][1] = "pop3"
                $lis[$lis[0][1]][0] = 110
                $list[0] = $list[0] + 1
                $list[6] = GUICtrlCreateListViewItem("pop3|110|stopped!!!", $ListView1)
                
            Else
                GUICtrlDelete($list[6])
            EndIf
            
        Case $Checkbox7
            If GUICtrlRead($Checkbox7) = 1 Then
                $lis[0][1] = 7
                $lis[$lis[0][1]][1] = "smtp"
                $lis[$lis[0][1]][0] = 25
                $list[0] = $list[0] + 1
                $list[7] = GUICtrlCreateListViewItem("smtp|25|stopped!!!", $ListView1)
            Else
                GUICtrlDelete($list[7])
                
            EndIf
        Case $Checkbox8
            If GUICtrlRead($Checkbox8) = 1 Then
                $lis[0][1] = 8
                $lis[$lis[0][1]][1] = "socksproxy"
                $lis[$lis[0][1]][0] = 1080
                $list[0] = $list[0] + 1
                $list[8] = GUICtrlCreateListViewItem("socksproxy|1080|stopped!!!", $ListView1)
            Else
                GUICtrlDelete($list[8])
                
            EndIf
        Case $Checkbox9
            If GUICtrlRead($Checkbox9) = 1 Then
                $lis[0][1] = 9
                $lis[$lis[0][1]][1] = "finger"
                $lis[$lis[0][1]][0] = 79
                $list[0] = $list[0] + 1
                $list[9] = GUICtrlCreateListViewItem("finger|79|stopped!!!", $ListView1)
            Else
                GUICtrlDelete($list[9])
                
            EndIf
        Case $Checkbox10
            If GUICtrlRead($Checkbox10) = 1 Then
                $lis[0][1] = 10
                $lis[$lis[0][1]][1] = "dns"
                $lis[$lis[0][1]][0] = 53
                $list[0] = $list[0] + 1
                $list[10] = GUICtrlCreateListViewItem("dns|53|stopped!!!", $ListView1)
            Else
                GUICtrlDelete($list[10])
                
            EndIf
            
            

        Case $Button4
            $lis[0][1] = $lis[0][1] + 1
            $lis[$lis[0][1]][1] = "user" & GUICtrlRead($Input2)
            $lis[$lis[0][1]][0] = GUICtrlRead($Input2)
            $list[0] = $list[0] + 1
            $list[$list[0]] = GUICtrlCreateListViewItem("user" & GUICtrlRead($Input2) & "|" & GUICtrlRead($Input2) & "|stopped!!!", $ListView1)
        Case $Button1
            start()
        Case $Button3
            $username = InputBox("username", "type gmail username (me@gmail;.com)")
            $password = InputBox("password", "type gmail password")

            $email = 1
    EndSwitch
WEnd


Func start()
    TCPStartup()
    For $i = 1 To $lis[0][1] + 1
        
        $lis[$i][3] = TCPListen(@IPAddress1, $lis[$i][0])
        
        If $lis[$i][3] < 0 Then
            GUICtrlSetData($list[$i], "||cant start")
        Else
            
            GUICtrlSetData($list[$i], "||ok")
        EndIf
        
        
    Next
    Do
        For $i = 1 To $lis[0][1]
            $acc = TCPAccept($lis[$i][3])
            If $acc >= 0 Then
                intruder($i, $acc)
            EndIf
            
            
            
        Next
        
        $msg = GUIGetMsg()
        If $msg = $Button2 Then
            $exit = True
        EndIf
        
        
    Until $exit = True
    $exit = False
    For $i = 1 To $lis[0][1] + 1
        
        GUICtrlSetData($list[$i], "||stoped!!!")
    Next

    TCPShutdown()
EndFunc   ;==>start

Func intruder($num, $acc)
    TCPSend($acc, "Username: ")
    
    do
        $recv = $recv & TCPRecv($acc, 100)
    sleep(5)
    $p = $p +1
    Until $recv > " " or $p >= 1000
    If $recv > " " Then
        TCPSend($acc,@crlf & GUICtrlRead($input1))
        $ip = SocketToIP($acc)
        $name = _TCPIpToName($ip)
        $data = @HOUR & ":" & @MIN & "|" & $ip & "|" & $name & "|" & $lis[$num][0] & " " & $lis[$num][1]
        GUICtrlCreateListViewItem($data, $ListView2)
        FileWriteLine("hacker traper log" & @HOUR, $data)
        SoundPlay("intruder.wav")
        SoundSetWaveVolume(100)

        $str = StringSplit(_TCPIpToName($ip), ".")
        $to = "abuse@" & $str[0] - 1 & $str[0]

        If $email = 1 Then
            _INetSmtpMailCom("smtp.gmail.com", @ComputerName, $username, $to, "hacking attempt from " & _TCPIpToName($ip), _TCPIpToName($ip) & " tried to hack in to my network at " & @HOUR & ":" & @MIN & " please resolve this issue asap " & @CRLF & "full description:" & @CRLF & $data, $username, $password)
        EndIf
    EndIf
        TCPCloseSocket($acc)
EndFunc   ;==>intruder

Func SocketToIP($SHOCKET)
    Local $sockaddr = DllStructCreate("short;ushort;uint;char[8]")

    Local $aRet = DllCall("Ws2_32.dll", "int", "getpeername", "int", $SHOCKET, _
            "ptr", DllStructGetPtr($sockaddr), "int*", DllStructGetSize($sockaddr))
    If Not @error And $aRet[0] = 0 Then
        $aRet = DllCall("Ws2_32.dll", "str", "inet_ntoa", "int", DllStructGetData($sockaddr, 3))
        If Not @error Then $aRet = $aRet[0]
    Else
        $aRet = 0
    EndIf

    $sockaddr = 0

    Return $aRet
EndFunc   ;==>SocketToIP



Func _INetSmtpMailCom($s_SmtpServer, $s_FromName, $s_FromAddress, $s_ToAddress, $s_Subject = "", $s_Body = "", $s_Username = "", $s_Password = "")
    $objEmail = ObjCreate("CDO.Message")
    $objEmail.From = '"' & $s_FromName & '" <' & $s_FromAddress & '>'
    $objEmail.To = $s_ToAddress
    $objEmail.Subject = $s_Subject
    $objEmail.Textbody = $s_Body & @CRLF
    $objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2

    $objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = $s_SmtpServer
    $objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
    $objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
    $objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusername") = $s_Username
    $objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendpassword") = $s_Password
    $objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = True
    $objEmail.Configuration.Fields.Update
    $objEmail.Send
    If @error Then
        SetError(2)

    EndIf
EndFunc   ;==>_INetSmtpMailCom

Edited February 8, 2009 by 7h331337

[Zachlr]

You will hardly be portscanned when behind a LAT Router unless you define your PC as a DMZ host.

When defined like that you probably will go crazy with the number of hits you get ofcourse depending which port you open the trap for.

Jos

I agree. First off, there is really no point for this if you are using a firewall (90% of everyone here) unless you set yourself as the DMZ which I don't recommend. Automatic abuse reporting won't really help unless someone actually gains unauthorized access to a service running on that port, in which case there would most likely be a port conflict. While it is illegal to port scan a node without its permission, as well as attempt to gain unauthorized access to one, the ISP will probably not do anything unless any real damage is done. And a lot of port scanners are web based, giving inaccurate reports, of them most are ISP's themselves. An ISP can detect if someone on its network is port scanning, it doesn't need the help of a hack trapper. Like Jos said, you will go crazy with the number of hits, and if there is an email being sent to the ISP for each one of them, you will be spamming the heck out of them, and they won't be happy. Just imagine a full port scan. 65535 emails in a few minutes (Obviously depends on listening ports, but you get the idea). I have a connection log and I get a few connections on each open port per day. Additionally, hack trappers are usually said to be less secure than a firewall, since it's like holding up a big sign "Come get me, hackers."

Now if you haven't shouted "Flamer alert!" and banned me by now, I want to say I think this script could be very useful in an environment such as a LAN cafe, hotel, or other public WiFi area where you are not behind a firewall. Imagine their reaction if a siren goes off when someone sitting next to you tries to NetBus you. I also think that it is a cool idea (minus the abuse reports and sirens) if you are just curious about who is out there. Really, no flaming intended.

If I may make a contribution, here are some ports you might want to add:

Built in, widely scanned for:

Windows Remote Desktop 3389 (obvious one)

Windows file sharing 445

NetBIOS 137-139

Trojans / Back doors:

Sub7 Spy 54283

Sub7 Screen Capture 2772

Sub7 Keylogger 2773

Sub7 general 6711

Mastersparadise 3129

Deepthroat 6670

NetBus 12345

Back Orifice 31337

Radmin 4899

Windows tini 7777

Other:

Alternate http 8080 (This is usually the default remote management port for routers)