2015-03-22 00:43:15 +00:00
|
|
|
|
#include "BasicAuth.h"
|
2015-03-13 14:27:21 +00:00
|
|
|
|
|
2015-03-22 00:43:15 +00:00
|
|
|
|
bool BA::checkOutput(const string *buffer, const char *ip, const int port) {
|
|
|
|
|
if((Utils::ci_find_substr(*buffer, "200 ok") != -1 ||
|
2015-03-16 14:29:34 +00:00
|
|
|
|
Utils::ci_find_substr(*buffer, "http/1.0 200") != -1 ||
|
2015-03-22 00:43:15 +00:00
|
|
|
|
Utils::ci_find_substr(*buffer, "http/1.1 200") != -1)
|
|
|
|
|
&& Utils::ci_find_substr(*buffer, "http/1.1 401 ") == -1
|
|
|
|
|
&& Utils::ci_find_substr(*buffer, "http/1.0 401 ") == -1
|
|
|
|
|
&& Utils::ci_find_substr(*buffer, "<statusValue>401</statusValue>") == -1
|
|
|
|
|
&& Utils::ci_find_substr(*buffer, "<statusString>Unauthorized</statusString>") == -1
|
|
|
|
|
&& Utils::ci_find_substr(*buffer, "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>") == -1
|
|
|
|
|
&& Utils::ci_find_substr(*buffer, "Неправильны") == -1
|
2015-03-16 14:29:34 +00:00
|
|
|
|
) {
|
|
|
|
|
return true;
|
2015-03-22 00:43:15 +00:00
|
|
|
|
}
|
|
|
|
|
else if (Utils::ci_find_substr(*buffer, "503 service unavailable") != -1
|
|
|
|
|
|| Utils::ci_find_substr(*buffer, "http/1.1 503") != -1
|
|
|
|
|
|| Utils::ci_find_substr(*buffer, "http/1.0 503") != -1
|
|
|
|
|
|| Utils::ci_find_substr(*buffer, "400 BAD_REQUEST") != -1
|
|
|
|
|
|| Utils::ci_find_substr(*buffer, "400 bad request") != -1
|
|
|
|
|
|| Utils::ci_find_substr(*buffer, "403 Forbidden") != -1
|
|
|
|
|
)
|
|
|
|
|
{
|
|
|
|
|
stt->doEmition_BARedData("[.] 503/400/403 - Waiting 30sec (" + QString(ip) + ":" + QString::number(port) + ")");
|
|
|
|
|
|
|
|
|
|
Sleep(30000);
|
|
|
|
|
}
|
2015-03-16 14:29:34 +00:00
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-23 13:54:40 +00:00
|
|
|
|
lopaStr BA::BABrute(const char *ip, const int port) {
|
2015-03-16 14:29:34 +00:00
|
|
|
|
string buffer;
|
|
|
|
|
string lpString;
|
|
|
|
|
lopaStr lps;
|
|
|
|
|
ZeroMemory(lps.login, sizeof(lps.login));
|
|
|
|
|
ZeroMemory(lps.pass, sizeof(lps.pass));
|
|
|
|
|
ZeroMemory(lps.other, sizeof(lps.other));
|
2015-03-22 10:13:17 +00:00
|
|
|
|
int passCounter = 0;
|
2015-03-16 14:29:34 +00:00
|
|
|
|
|
|
|
|
|
strcpy(lps.login, "UNKNOWN");
|
|
|
|
|
|
|
|
|
|
for(int i = 0; i < MaxLogin; ++i) {
|
|
|
|
|
for (int j = 0; j < MaxPass; ++j) {
|
|
|
|
|
if (!globalScanFlag) return lps;
|
|
|
|
|
|
|
|
|
|
lpString = string(loginLst[i]) + ":" + string(passLst[j]);
|
|
|
|
|
|
2015-03-22 00:43:15 +00:00
|
|
|
|
if (Connector::nConnect(ip, port, &buffer, NULL, NULL, &lpString) == -2) return lps;
|
2015-03-16 14:29:34 +00:00
|
|
|
|
|
2015-03-22 00:43:15 +00:00
|
|
|
|
if(checkOutput(&buffer, ip, port)) {
|
2015-03-16 14:29:34 +00:00
|
|
|
|
strcpy(lps.login, loginLst[i]);
|
|
|
|
|
strcpy(lps.pass, passLst[j]);
|
|
|
|
|
return lps;
|
|
|
|
|
};
|
|
|
|
|
|
2015-03-23 17:47:48 +00:00
|
|
|
|
if (BALogSwitched) stt->doEmitionBAData("BA: " + QString(ip) + ":" + QString::number(port) +
|
2015-03-22 10:13:17 +00:00
|
|
|
|
"; l/p: " + QString(loginLst[i]) + ":" + QString(passLst[j]) + "; - Progress: (" +
|
|
|
|
|
QString::number((++passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%)");
|
|
|
|
|
|
2015-03-22 00:43:15 +00:00
|
|
|
|
Sleep(100);
|
2015-03-16 14:29:34 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
2015-03-13 14:27:21 +00:00
|
|
|
|
|
2015-03-16 14:29:34 +00:00
|
|
|
|
return lps;
|
2015-03-13 14:27:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
2015-03-23 13:54:40 +00:00
|
|
|
|
lopaStr BA::BALobby(const char *ip, const int port) {
|
2015-03-17 14:30:53 +00:00
|
|
|
|
while(BrutingThrds >= gMaxBrutingThreads) Sleep(1000);
|
2015-03-13 14:27:21 +00:00
|
|
|
|
|
|
|
|
|
BruteUtils::BConInc();
|
2015-03-23 13:54:40 +00:00
|
|
|
|
const lopaStr &lps = BABrute(ip, port);
|
2015-03-13 14:27:21 +00:00
|
|
|
|
BruteUtils::BConDec();
|
|
|
|
|
|
2015-03-17 14:30:53 +00:00
|
|
|
|
return lps;
|
2015-03-13 14:27:21 +00:00
|
|
|
|
}
|