Web panel draft

webpanel/css/min.css

@@ -0,0 +1 @@
+/* Copyright 2014 Owen Versteeg; MIT licensed */body,textarea,input,select{background:0;border-radius:0;font:16px sans-serif;margin:0}.smooth{transition:all .2s}.btn,.nav a{text-decoration:none}.container{margin:0 20px;width:auto}label>*{display:inline}form>*{display:block;margin-bottom:10px}.btn{background:#999;border-radius:6px;border:0;color:#fff;cursor:pointer;display:inline-block;margin:2px 0;padding:12px 30px 14px}.btn:hover{background:#888}.btn:active,.btn:focus{background:#777}.btn-a{background:#0ae}.btn-a:hover{background:#09d}.btn-a:active,.btn-a:focus{background:#08b}.btn-b{background:#3c5}.btn-b:hover{background:#2b4}.btn-b:active,.btn-b:focus{background:#2a4}.btn-c{background:#d33}.btn-c:hover{background:#c22}.btn-c:active,.btn-c:focus{background:#b22}.btn-sm{border-radius:4px;padding:10px 14px 11px}.row{margin:1% 0;overflow:auto}.col{float:left}.table,.c12{width:100%}.c11{width:91.66%}.c10{width:83.33%}.c9{width:75%}.c8{width:66.66%}.c7{width:58.33%}.c6{width:50%}.c5{width:41.66%}.c4{width:33.33%}.c3{width:25%}.c2{width:16.66%}.c1{width:8.33%}h1{font-size:3em}.btn,h2{font-size:2em}.ico{font:33px Arial Unicode MS,Lucida Sans Unicode}.addon,.btn-sm,.nav,textarea,input,select{outline:0;font-size:14px}textarea,input,select{padding:8px;border:1px solid #ccc}textarea:focus,input:focus,select:focus{border-color:#5ab}textarea,input[type=text]{-webkit-appearance:none;width:13em}.addon{padding:8px 12px;box-shadow:0 0 0 1px #ccc}.nav,.nav .current,.nav a:hover{background:#000;color:#fff}.nav{height:24px;padding:11px 0 15px}.nav a{color:#aaa;padding-right:1em;position:relative;top:-1px}.nav .pagename{font-size:22px;top:1px}.btn.btn-close{background:#000;float:right;font-size:25px;margin:-54px 7px;display:none}@media(min-width:1310px){.container{margin:auto;width:1270px}}@media(max-width:870px){.row .col{width:100%}}@media(max-width:500px){.btn.btn-close{display:block}.nav{overflow:hidden}.pagename{margin-top:-11px}.nav:active,.nav:focus{height:auto}.nav div:before{background:#000;border-bottom:10px double;border-top:3px solid;content:'';float:right;height:4px;position:relative;right:3px;top:14px;width:20px}.nav a{padding:.5em 0;display:block;width:50%}}.table th,.table td{padding:.5em;text-align:left}.table tbody>:nth-child(2n-1){background:#ddd}.msg{padding:1.5em;background:#def;border-left:5px solid #59d}

webpanel/includes/config.php

@@ -0,0 +1,7 @@
+<?php
+$site = "crOS";
+$flag = "ccIT{my_super_flag_1}";
+$interface = "eth0";
+$blacklist = array(';', '#', '(', ')', '|', '&', ' ', "\t", '<', '>');
+
+?>

webpanel/includes/header.php

@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+	<head>
+		<meta charset="UTF-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+
+		<title><?php echo $site ?> | <?php echo $title ?></title>
+
+		<link href="css/min.css" rel="stylesheet" type="text/css">
+	</head>
+	<body>

webpanel/includes/nav.php

@@ -0,0 +1,9 @@
+		<nav class="nav" tabindex="-1" onclick="this.focus()">
+			<div class="container">
+				<a class="pagename current" href="#">ccOS</a>
+				<a href="index.php">Index</a>
+				<a href="utils.php">Utils</a> 
+				<a href="update.php">Update</a>
+			</div>
+		</nav>
+		<button class="btn-close btn btn-sm">×</button>

webpanel/index.php

@@ -0,0 +1,75 @@
+<?php
+$title = "Index";
+require_once("includes/config.php");
+require_once("includes/header.php");
+require_once("includes/nav.php");
+?>
+		<div class="container">
+			<h3>Flag</h3>
+			<p><?php echo $flag ?></p>
+			<h2>System</h2>
+			<h3>Info</h3>
+			<table class="table">
+				<tbody>
+					<tr>
+						<td>Kernel</td>
+						<td><?php $uname = posix_uname(); echo $uname['nodename'].' '.$uname['release'] ?></td>
+					</tr>
+					<tr>
+						<td>Uptime</td>
+						<td><?php echo file_get_contents('/proc/uptime'); ?></td>
+					</tr>
+					<tr>
+						<td>Memory</td>
+						<td><?php $meminfo = explode("\n", file_get_contents('/proc/meminfo')); echo $meminfo[0].'/'.$meminfo[1] ?></td>
+					</tr>
+				</tbody>
+			</table>
+			<h2>Network</h2>
+			<h3>Info</h3>
+			<table class="table">
+				<tbody>
+					<tr>
+						<td>Wifi</td>
+						<td><?php $hostapod = file_get_contents('/etc/hostapd.conf'); ?></td>
+					</tr>
+					<tr>
+						<td>Ip Address</td>
+						<td><?php $dhcpd = file_get_contents('/etc/dhcpd.conf'); ?></td>
+					</tr>
+					<tr>
+						<td>Stats</td>
+						<td><?php $rx = file_get_contents('/sys/class/net/'.$interface.'/statistics/rx_bytes'); $tx = file_get_contents('/sys/class/net/'.$interface.'/statistics/tx_bytes'); echo ($rx/1024/1024).'MB RX / '.($tx/1024/1024).'MB TX'; ?></td>
+					</tr>
+				</tbody>
+			</table>
+			<h3>Client List</h3>
+			<table class="table">
+				<thead>
+					<tr>
+						<th>Ip Address</th>
+						<th>MAC</th>
+						<th>Hostname</th>
+					</tr>
+				</thead>
+				<tbody>
+					<tr>
+						<td>192.168.77.2</td>
+						<td>00:11:22:AA:BB:CC</td>
+						<td>desktop-ab2846ad</td>
+					</tr>
+					<tr>
+						<td>192.168.77.2</td>
+						<td>00:11:22:AA:BB:DD</td>
+						<td>android-deadbeef</td>
+					</tr>
+					<tr>
+						<td>192.168.77.4</td>
+						<td>00:11:22:AA:BB:EE</td>
+						<td>windows-laptop</td>
+					</tr>
+				</tbody>
+			</table>			
+		</div>
+	</body>
+</html>

webpanel/update.php

@@ -0,0 +1,27 @@
+<?php
+$title = "Update";
+require_once("includes/config.php");
+require_once("includes/header.php");
+require_once("includes/nav.php");
+
+//update code
+
+?>
+		<div class="container">
+			<h2>System Update</h2>
+			<form id="update" enctype="multipart/form-data" method="post" action="">
+				<fieldset>
+					<input type="file" name="image">
+					<input type="submit" class="btn btn-b btn-sm smooth" value="Upload">
+					<p>
+						<ul>
+							<li>Please select the file <i>ccOS-ver-xxxx.tgz.cc</i></li>
+							<li>The update will take about 2 minutes</li>
+							<li>Updates are cryptographically signed for integrity and authenticity</li>
+						</ul>
+					</p>
+				</fieldset>
+			</form>
+		</div>
+	</body>
+</html>

webpanel/utils.php

@@ -0,0 +1,53 @@
+<?php
+$title = "Utils";
+require_once("includes/config.php");
+require_once("includes/header.php");
+require_once("includes/nav.php");
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && ($_POST['action'] === 'ping' || $_POST['action'] === 'traceroute') && isset($_POST['host']) && !empty($_POST['host'])) {
+	switch ($_POST['action']) {
+		case 'ping':
+			$cmd = '/usr/bin/'.$_POST['action']. ' -c 4';
+		break;
+		case 'traceroute':
+			$cmd = '/usr/bin/'.$_POST['action'];
+		break;
+		
+	}
+	$action = $_POST['action'];
+	$host = str_replace($blacklist, '', $_POST['host']);
+	exec($cmd.' '.$host, $result);
+}
+
+?>
+		<div class="container">
+			<h2>Utils</h2>
+			<h3>Ping</h3>
+			<form id="ping" method="post" action="">
+				<fieldset>
+					<input type="hidden" name="action" value="ping">
+					<input type="text" name="host" required>
+					<input type="submit" class="btn btn-b btn-sm smooth" value="Run">
+				</fieldset>
+			</form>
+			<?php
+			if (isset($action) && $action === "ping" && isset($result)) {
+				echo '<pre>'; foreach($result as $line) { echo $line."\n"; } echo '</pre>';
+			} 
+			?>
+			<h3>Traceroute</h3>
+			<form id="traceroute" method="post" action="">
+				<fieldset>
+					<input type="hidden" name="action" value="traceroute" required>
+					<input type="text" name="host">
+					<input type="submit" class="btn btn-b btn-sm smooth" value="Run">
+				</fieldset>
+			</form>
+			<?php
+			if (isset($action) && $action === "traceroute" && isset($result)) {
+				echo '<pre>'; foreach($result as $line) { echo $line."\n"; } echo '</pre>';
+			} 
+			?>
+		</div>
+	</body>
+</html>