diff --git a/Connector.cpp b/Connector.cpp index 0e3af28..8ef100e 100644 --- a/Connector.cpp +++ b/Connector.cpp @@ -241,7 +241,7 @@ int pConnect(const char* ip, const int port, std::string *buffer, if (res == 6) return -2; else if (res != 13 && res != 67 && - res != 52 && + res != CURLE_GOT_NOTHING && res != 56 && res != 35 && res != 19 && diff --git a/FTPAuth.cpp b/FTPAuth.cpp index 7f96a69..9270928 100644 --- a/FTPAuth.cpp +++ b/FTPAuth.cpp @@ -45,9 +45,12 @@ lopaStr FTPA::FTPBrute(const char *ip, const int port, PathStr *ps) { return lps; } else if (res != -1) { - if (buffer.find("syslog") != -1 || buffer.find("CFG-PAGE") != -1) { + if (buffer.find("syslog") != -1 || buffer.find("CFG-PAGE") != -1 + || buffer.find("L3_default") != -1 + || buffer.find("avpport") != -1 + ) { if (gNegDebugMode) { - stt->doEmitionDebugFoundData("Ignoring " + QString(ip) + " (syslog or CFG-PAGE)"); + stt->doEmitionDebugFoundData("Ignoring " + QString(ip) + " (syslog or CFG-PAGE or L3_default or avpport)"); } return lps; } diff --git a/IPCAuth.cpp b/IPCAuth.cpp index 641350b..1d8eb36 100644 --- a/IPCAuth.cpp +++ b/IPCAuth.cpp @@ -3,6 +3,31 @@ #include "BruteUtils.h" #include "FileUpdater.h" +#include +#include +std::string urlEncode(const string &value) { + ostringstream escaped; + escaped.fill('0'); + escaped << hex; + + for (string::const_iterator i = value.begin(), n = value.end(); i != n; ++i) { + string::value_type c = (*i); + + // Keep alphanumeric and other accepted characters intact + if (isalnum(c) || c == '-' || c == '_' || c == '.' || c == '~') { + escaped << c; + continue; + } + + // Any other characters are percent-encoded + escaped << uppercase; + escaped << '%' << setw(2) << int((unsigned char)c); + escaped << nouppercase; + } + + return escaped.str(); +} + lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC, const std::string *cookie) { lopaStr lps = {"UNKNOWN", "", ""}; @@ -195,8 +220,10 @@ lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC, const std::string *c } else if (strcmp(SPEC, "JUAN") == 0) { + std::string &encodedLogin = urlEncode(std::string(login)); + std::string &encodedPass = urlEncode(std::string(pass)); sprintf(request, "%s/cgi-bin/gw.cgi?xml=%%3Cjuan%%20ver=%%22%%22%%20squ=%%22%%22%%20dir=%%22%%22%%3E%%3Cenvload%%20type=%%220%%22%%20usr=%%22%s%%22%%20pwd=%%22%s%%22/%%3E%%3C/juan%%3E&_=1450923182693", - ip, login, pass); + ip, encodedLogin.c_str(), encodedPass.c_str()); } else if (strcmp(SPEC, "ACTi") == 0) { diff --git a/finder.cpp b/finder.cpp index de51a75..413dde9 100644 --- a/finder.cpp +++ b/finder.cpp @@ -482,9 +482,9 @@ int sharedDetector(const char * ip, int port, const std::string *buffcpy, const && Utils::ustrstr(buffcpy, "login.html?pg=index.html") != -1) return 1; //https NAS (https://90.224.187.151/) if(((Utils::ustrstr(buffcpy, "220") != -1) && (port == 21)) || - (Utils::ustrstr(buffcpy, "220 diskStation ftp server ready") != -1) || - (Utils::ustrstr(buffcpy, "220 ftp server ready") != -1) - || Utils::ustrstr(buffcpy, "500 'get': command not understood") != -1 + Utils::ustrstr(buffcpy, "220 diskStation ftp server ready") != -1 || + Utils::ustrstr(buffcpy, "220 ftp server ready") != -1 + || Utils::ustrstr(buffcpy, "500 'get': command not understood") != -1 ) return 3; // 3 - FTP if (Utils::ustrstr(buffcpy, "camera") != -1 || @@ -2753,7 +2753,11 @@ std::string equivRedirectHandler(std::string *buff, char* ip, int port, Lexems * buff->clear(); buff->assign(buffcpy); } - + + if (location.size() > 0 && location.at(0) != '/') { + location.insert(0, "/"); + } + return location; } std::string getScriptField(std::string *buff) { @@ -2893,6 +2897,9 @@ std::string getHeader(const std::string *buffcpy, const int flag) { if (STRSTR(buffcpy, "