nesca/SSHAuth.cpp

#include "SSHAuth.h"
#include "FileUpdater.h"

int _sshConnect(const char *user, const char *pass, const char *host, int port) {

    CURL *curl = curl_easy_init();
    char hostStr[128] = {0};
    strcpy(hostStr, user);
    strcat(hostStr, "@");
    strcat(hostStr, host);
    int sshTimeout = gTimeOut + 1;

    if (curl)
    {
		curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L);
        curl_easy_setopt(curl, CURLOPT_URL, host);
        curl_easy_setopt(curl, CURLOPT_PORT, port);
        curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
        curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
        int proxyPort = std::atoi(gProxyPort);
        if(strlen(gProxyIP) != 0 && (proxyPort > 0 && proxyPort < 65535)) {
            curl_easy_setopt(curl, CURLOPT_PROXY, gProxyIP);
            curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxyPort);
        } else curl_easy_setopt(curl, CURLOPT_PROXY, "");
		curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, sshTimeout);
		curl_easy_setopt(curl, CURLOPT_TIMEOUT, sshTimeout);
        curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L);

        int res = curl_easy_perform(curl);
		if (res != CURLE_OK) {
			curl_easy_cleanup(curl);
			return -2;
		}
        socket_t sock = -1;
        res = curl_easy_getinfo(curl, CURLINFO_LASTSOCKET, &sock);

        if(sock != -1) {
            ssh_session ssh_session = ssh_new();
            if (ssh_session == NULL)
            {
                ssh_free(ssh_session);
                curl_easy_cleanup(curl);
                return -1;
            };

			ssh_options_set(ssh_session, SSH_OPTIONS_HOST, hostStr);
            ssh_options_set(ssh_session, SSH_OPTIONS_STRICTHOSTKEYCHECK, 0);
            ssh_options_set(ssh_session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, 0);
            ssh_options_set(ssh_session, SSH_OPTIONS_TIMEOUT, &sshTimeout);

            //Fails to work on libssh-4.5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688700
            res = ssh_options_set(ssh_session, SSH_OPTIONS_FD, &sock);
			
            res = ssh_connect(ssh_session);

            if (res != SSH_OK) //Offline
            {
                ssh_disconnect(ssh_session);
                ssh_free(ssh_session);
                curl_easy_cleanup(curl);
                return -2;
            }
            else
            {
                res = ssh_userauth_password(ssh_session, NULL, pass);
                if (res != SSH_AUTH_SUCCESS)
                {
                    ssh_disconnect(ssh_session);
                    ssh_free(ssh_session);
                    curl_easy_cleanup(curl);
                    return -1;
                };
            };

            ssh_disconnect(ssh_session);
            ssh_free(ssh_session);
        } else {
            stt->doEmitionRedFoundData("[SSH]Socket = -1 " + QString(host) + ":" + QString::number(port));
        }
    }

    ++ssh;
    return 0;
}

int check_ssh_pass(const int rowIndex, const char *user, const char *pass,
                   const char *userPass, const char *host, int port,
                   std::string *buffer, const char *banner) {
    int res = _sshConnect(user, pass, host, port);

    if(res == 0)
    {
		if (rowIndex == -1) {
			nesca_3::addBARow(QString(host) + ":" + QString::number(port), QString(userPass) + "@" + QString(host), "OK");
		}
		else {
			stt->doEmitionChangeBARow(rowIndex, QString(userPass) + "@" + QString(host), "OK");
		}
        buffer->append(userPass);
        buffer->append("@");
        buffer->append(host);
        buffer->append("|+|");
        buffer->append(banner);
        return 0;
    };

    return res;
}

int SSHBrute(const char* host, int port, std::string *buffer, const char *banner) {
    char login[32] = {0};
    char pass[32] = {0};
    char temp[64] = {0};
    char *ptr1 = 0;
    int res = -1;
	int rowIndex = -1;
	int passCounter = 0;

    for(int i = 0; i < MaxSSHPass; ++i)
    {
        if(!globalScanFlag) break;
        strcpy(temp, sshlpLst[i]);
        ptr1 = strstr(temp, ":");

        if (ptr1 == NULL) {
            stt->doEmitionRedFoundData("[SSH]Wrong format: " + QString(temp));
            return -1;
        }

        strncpy(login, temp, ptr1 - temp);
        strcpy(pass, ptr1 + 1);

		if (BALogSwitched) {
			if (rowIndex == -1) {
				rowIndex = nesca_3::addBARow(QString(host) + ":" + QString::number(port),
					QString(login) + ":" + QString(pass),
					QString::number((passCounter / (double)(MaxSSHPass)) * 100).mid(0, 4) + "%");
			}
			else {
				stt->doEmitionChangeBARow(rowIndex, QString(login) + ":" + QString(pass),
					QString::number((passCounter / (double)(MaxSSHPass)) * 100).mid(0, 4) + "%");
			}
		}
		else { rowIndex = -1; }
		++passCounter;

        res = check_ssh_pass(rowIndex, login, pass, temp, host, port, buffer, banner);
        //ZeroMemory(login, sizeof(login));
        //ZeroMemory(pass, sizeof(pass));
        //ZeroMemory(temp, sizeof(temp));
		login[0] = 0;
		pass[0] = 0;
		temp[0] = 0;

        if(res == 0)
        {
			if (i == 0) {
				if (rowIndex == -1) {
					nesca_3::addBARow(QString(host) + ":" + QString::number(port), "--", "FAILHIT");
				}
				else {
					stt->doEmitionChangeBARow(rowIndex, "--", "FAILHIT");
				}
				return -2; //Failhit
			}
            return 1;
        }
        else if(res == -2)
		{
			if (rowIndex == -1) {
				nesca_3::addBARow(QString(host) + ":" + QString::number(port), "--", "FAIL");
			}
			else {
				stt->doEmitionChangeBARow(rowIndex, "--", "FAIL");
			}
            return -2;
        };

        Sleep(500);
	};

	if (rowIndex == -1) {
		nesca_3::addBARow(QString(host) + ":" + QString::number(port), "--", "FAIL");
	}
	else {
		stt->doEmitionChangeBARow(rowIndex, "--", "FAIL");
	}
    return -1;
}

int SSHAuth::SSHLobby(const char *ip, int port, std::string *buffer)
{
    if(gMaxBrutingThreads > 0) {

        while(BrutingThrds >= gMaxBrutingThreads) Sleep(1000);

		std::string sshBanner;
		Connector con;
		con.nConnect(ip, port, &sshBanner);

		if (strlen(sshBanner.c_str()) > 0)
        {
			++BrutingThrds;
			stt->doEmitionUpdateArc(gTargets);
			int res = SSHBrute(ip, port, buffer, sshBanner.c_str());
			--BrutingThrds;

            return res;
        }
    }
	
	return -1;
}
Minor refactorings 2015-03-23 13:54:40 +00:00			`#include "SSHAuth.h"`
Fixed ignoing of first string in negative list. 2015-03-27 10:38:38 +00:00			`#include "FileUpdater.h"`
Minor refactorings 2015-03-23 13:54:40 +00:00
Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00			`int _sshConnect(const char user, const char pass, const char *host, int port) {`

			`CURL *curl = curl_easy_init();`
Minor refactorings 2015-03-23 13:54:40 +00:00			`char hostStr[128] = {0};`
			`strcpy(hostStr, user);`
			`strcat(hostStr, "@");`
			`strcat(hostStr, host);`
Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00			`int sshTimeout = gTimeOut + 1;`
Minor refactorings 2015-03-23 13:54:40 +00:00
Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00			`if (curl)`
Minor refactorings 2015-03-23 13:54:40 +00:00			`{`
Multiple connection issues fixes. 2015-04-30 19:21:12 +00:00			`curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L);`
Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00			`curl_easy_setopt(curl, CURLOPT_URL, host);`
			`curl_easy_setopt(curl, CURLOPT_PORT, port);`
			`curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);`
			`curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);`
			`int proxyPort = std::atoi(gProxyPort);`
			`if(strlen(gProxyIP) != 0 && (proxyPort > 0 && proxyPort < 65535)) {`
			`curl_easy_setopt(curl, CURLOPT_PROXY, gProxyIP);`
			`curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxyPort);`
Multiple connection issues fixes. 2015-04-30 19:21:12 +00:00			`} else curl_easy_setopt(curl, CURLOPT_PROXY, "");`
			`curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, sshTimeout);`
			`curl_easy_setopt(curl, CURLOPT_TIMEOUT, sshTimeout);`
Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00			`curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L);`
Minor refactorings 2015-03-23 13:54:40 +00:00
Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00			`int res = curl_easy_perform(curl);`
Multiple connection issues fixes. 2015-04-30 19:21:12 +00:00			`if (res != CURLE_OK) {`
			`curl_easy_cleanup(curl);`
			`return -2;`
			`}`
			`socket_t sock = -1;`
			`res = curl_easy_getinfo(curl, CURLINFO_LASTSOCKET, &sock);`
Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00
			`if(sock != -1) {`
			`ssh_session ssh_session = ssh_new();`
			`if (ssh_session == NULL)`
			`{`
			`ssh_free(ssh_session);`
			`curl_easy_cleanup(curl);`
			`return -1;`
			`};`

Multiple connection issues fixes. 2015-04-30 19:21:12 +00:00			`ssh_options_set(ssh_session, SSH_OPTIONS_HOST, hostStr);`
Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00			`ssh_options_set(ssh_session, SSH_OPTIONS_STRICTHOSTKEYCHECK, 0);`
			`ssh_options_set(ssh_session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, 0);`
			`ssh_options_set(ssh_session, SSH_OPTIONS_TIMEOUT, &sshTimeout);`

			`//Fails to work on libssh-4.5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688700`
			`res = ssh_options_set(ssh_session, SSH_OPTIONS_FD, &sock);`
Multiple connection issues fixes. 2015-04-30 19:21:12 +00:00
Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00			`res = ssh_connect(ssh_session);`

			`if (res != SSH_OK) //Offline`
			`{`
			`ssh_disconnect(ssh_session);`
			`ssh_free(ssh_session);`
			`curl_easy_cleanup(curl);`
			`return -2;`
			`}`
			`else`
			`{`
			`res = ssh_userauth_password(ssh_session, NULL, pass);`
			`if (res != SSH_AUTH_SUCCESS)`
			`{`
			`ssh_disconnect(ssh_session);`
			`ssh_free(ssh_session);`
			`curl_easy_cleanup(curl);`
			`return -1;`
			`};`
			`};`

			`ssh_disconnect(ssh_session);`
			`ssh_free(ssh_session);`
			`} else {`
			`stt->doEmitionRedFoundData("[SSH]Socket = -1 " + QString(host) + ":" + QString::number(port));`
			`}`
Minor refactorings 2015-03-23 13:54:40 +00:00			`}`
Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00
Minor refactorings 2015-03-23 13:54:40 +00:00			`++ssh;`
			`return 0;`
			`}`

Shuffle visualizer 2015-08-07 22:37:28 +00:00			`int check_ssh_pass(const int rowIndex, const char user, const char pass,`
Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00			`const char userPass, const char host, int port,`
			`std::string buffer, const char banner) {`
Shuffle visualizer 2015-08-07 22:37:28 +00:00			`int res = _sshConnect(user, pass, host, port);`
Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00
Minor refactorings 2015-03-23 13:54:40 +00:00			`if(res == 0)`
			`{`
Shuffle visualizer 2015-08-07 22:37:28 +00:00			`if (rowIndex == -1) {`
			`nesca_3::addBARow(QString(host) + ":" + QString::number(port), QString(userPass) + "@" + QString(host), "OK");`
			`}`
			`else {`
			`stt->doEmitionChangeBARow(rowIndex, QString(userPass) + "@" + QString(host), "OK");`
			`}`
Minor refactorings 2015-03-23 13:54:40 +00:00			`buffer->append(userPass);`
			`buffer->append("@");`
			`buffer->append(host);`
			`buffer->append("\|+\|");`
			`buffer->append(banner);`
			`return 0;`
			`};`
Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00
Minor refactorings 2015-03-23 13:54:40 +00:00			`return res;`
			`}`

Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00			`int SSHBrute(const char* host, int port, std::string buffer, const char banner) {`
Minor refactorings 2015-03-23 13:54:40 +00:00			`char login[32] = {0};`
			`char pass[32] = {0};`
			`char temp[64] = {0};`
			`char *ptr1 = 0;`
			`int res = -1;`
Shuffle visualizer 2015-08-07 22:37:28 +00:00			`int rowIndex = -1;`
			`int passCounter = 0;`
Minor refactorings 2015-03-23 13:54:40 +00:00
			`for(int i = 0; i < MaxSSHPass; ++i)`
			`{`
			`if(!globalScanFlag) break;`
			`strcpy(temp, sshlpLst[i]);`
			`ptr1 = strstr(temp, ":");`
Fixed ignoing of first string in negative list. 2015-03-27 10:38:38 +00:00
			`if (ptr1 == NULL) {`
Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00			`stt->doEmitionRedFoundData("[SSH]Wrong format: " + QString(temp));`
			`return -1;`
			`}`
Fixed ignoing of first string in negative list. 2015-03-27 10:38:38 +00:00
Partially implemented ssh over socks 2015-03-27 13:38:53 +00:00			`strncpy(login, temp, ptr1 - temp);`
Minor refactorings 2015-03-23 13:54:40 +00:00			`strcpy(pass, ptr1 + 1);`
Shuffle visualizer 2015-08-07 22:37:28 +00:00
			`if (BALogSwitched) {`
			`if (rowIndex == -1) {`
			`rowIndex = nesca_3::addBARow(QString(host) + ":" + QString::number(port),`
			`QString(login) + ":" + QString(pass),`
			`QString::number((passCounter / (double)(MaxSSHPass)) * 100).mid(0, 4) + "%");`
			`}`
			`else {`
			`stt->doEmitionChangeBARow(rowIndex, QString(login) + ":" + QString(pass),`
			`QString::number((passCounter / (double)(MaxSSHPass)) * 100).mid(0, 4) + "%");`
			`}`
			`}`
			`else { rowIndex = -1; }`
			`++passCounter;`

			`res = check_ssh_pass(rowIndex, login, pass, temp, host, port, buffer, banner);`
ip randomization 2015-12-08 16:53:54 +00:00			`//ZeroMemory(login, sizeof(login));`
			`//ZeroMemory(pass, sizeof(pass));`
			`//ZeroMemory(temp, sizeof(temp));`
			`login[0] = 0;`
			`pass[0] = 0;`
			`temp[0] = 0;`
Minor refactorings 2015-03-23 13:54:40 +00:00
			`if(res == 0)`
			`{`
Shuffle visualizer 2015-08-07 22:37:28 +00:00			`if (i == 0) {`
			`if (rowIndex == -1) {`
			`nesca_3::addBARow(QString(host) + ":" + QString::number(port), "--", "FAILHIT");`
			`}`
			`else {`
			`stt->doEmitionChangeBARow(rowIndex, "--", "FAILHIT");`
			`}`
			`return -2; //Failhit`
			`}`
Minor refactorings 2015-03-23 13:54:40 +00:00			`return 1;`
			`}`
			`else if(res == -2)`
Shuffle visualizer 2015-08-07 22:37:28 +00:00			`{`
			`if (rowIndex == -1) {`
			`nesca_3::addBARow(QString(host) + ":" + QString::number(port), "--", "FAIL");`
			`}`
			`else {`
			`stt->doEmitionChangeBARow(rowIndex, "--", "FAIL");`
			`}`
Minor refactorings 2015-03-23 13:54:40 +00:00			`return -2;`
			`};`

			`Sleep(500);`
Shuffle visualizer 2015-08-07 22:37:28 +00:00			`};`

			`if (rowIndex == -1) {`
			`nesca_3::addBARow(QString(host) + ":" + QString::number(port), "--", "FAIL");`
			`}`
			`else {`
			`stt->doEmitionChangeBARow(rowIndex, "--", "FAIL");`
			`}`
Minor refactorings 2015-03-23 13:54:40 +00:00			`return -1;`
			`}`

			`int SSHAuth::SSHLobby(const char ip, int port, std::string buffer)`
			`{`
Brute-disabling option added 2015-04-02 12:33:49 +00:00			`if(gMaxBrutingThreads > 0) {`

			`while(BrutingThrds >= gMaxBrutingThreads) Sleep(1000);`

Multiple connection issues fixes. 2015-04-30 19:21:12 +00:00			`std::string sshBanner;`
			`Connector con;`
			`con.nConnect(ip, port, &sshBanner);`

			`if (strlen(sshBanner.c_str()) > 0)`
Brute-disabling option added 2015-04-02 12:33:49 +00:00			`{`
Threadpool refactoring. 2015-04-04 12:43:22 +00:00			`++BrutingThrds;`
Multiple fixes, QLikView added. 2016-01-24 19:03:28 +00:00			`stt->doEmitionUpdateArc(gTargets);`
Multiple connection issues fixes. 2015-04-30 19:21:12 +00:00			`int res = SSHBrute(ip, port, buffer, sshBanner.c_str());`
Threadpool refactoring. 2015-04-04 12:43:22 +00:00			`--BrutingThrds;`
Multiple connection issues fixes. 2015-04-30 19:21:12 +00:00
Brute-disabling option added 2015-04-02 12:33:49 +00:00			`return res;`
Multiple connection issues fixes. 2015-04-30 19:21:12 +00:00			`}`
			`}`

			`return -1;`
Minor refactorings 2015-03-23 13:54:40 +00:00			`}`