Anomalies

#include "STh.h" #include "mainResources.h" #include "externFunctions.h" #include "externData.h" #include "WebformWorker.h" #include "Connector.h" #include "BasicAuth.h" #include "FTPAuth.h" #include "SSHAuth.h" #include #include "FileUpdater.h" #include "IPCAuth.h" #include #include "HikvisionLogin.h" unsigned char tl(unsigned char d) { if (d >= 192 && d <= 223) { return (unsigned char)(d + 32); } else { return tolower(d); }; } std::string toLowerStr(const char *str) { if (str != NULL) { int tsz = strlen(str); char *strr = new char[tsz + 1]; ZeroMemory(strr, tsz); for (int i = 0; i < tsz; i++) { strr[i] = tl(str[i]); }; memset(strr + tsz, '\0', 1); std::string tstr = std::string(strr); delete[]strr; return tstr; } else return ""; } char* strstri(const char *_Str, const char *_SubStr) { if(_Str != NULL) { const std::string &_lowStr = toLowerStr(_Str); const std::string &_lowSubStr = toLowerStr(_SubStr); const char *resChar = strstr(_lowStr.c_str(), _lowSubStr.c_str()); if(resChar == 0) return NULL; else { return (char*)(_Str + (resChar - _lowStr.c_str())); } }; return 0; } bool gGlobalTrackLocked = false; char *_findFirst(const char *str, char *delim) { int sz = strlen(str); int dsz = strlen(delim); for(int i = 0; i < sz; ++i) { for(int j = 0; j < dsz; ++j) { if(str[i] == delim[j]) return (char *)(str + i); }; }; return NULL; } char *_findLast(char *str, char *delim) { int sz = strlen(str); int dsz = strlen(delim); int savedPosition = 0; for(int i = 0; i < sz; ++i) { for(int j = 0; j < dsz; ++j) { if(str[i] == delim[j]) savedPosition = i; }; }; return (char *)(str + savedPosition); } char *GetCodePage(const char *str) { char cdpg[32] = {0}; char *ptr1 = strstri(str, "charset="); if (ptr1 != NULL) { char *temp3 = _findFirst((char *)(ptr1 + 8), " \"'\n\r"); if (temp3 != NULL) { int ln = (int)(temp3 - ptr1 - 8); if (ln > 16) return "WTF?"; strncpy(cdpg, (char *)(ptr1 + 8), (ln > 32) ? 32 : ln); if (strstri(cdpg, "%s") != NULL) return "UTF-8"; return cdpg; } else { stt->doEmitionRedFoundData("[GetCodePage] [" + QString(temp3).mid(0, 16) + "]"); return "NULL"; }; } ptr1 = strstri(str, "\n\r"); if(temp4 != NULL) { int ln = (int)(temp4 - ptr2 - 8); if(ln > 16) return "WTF?"; strncpy(cdpg, (char *)(ptr2 + 8), (ln > 32) ? 32 : ln ); if(strstri(cdpg, "%s") != NULL) return "UTF-8"; return cdpg; } else { stt->doEmitionRedFoundData("[GetCodePage] [" + QString(ptr2).mid(0, 16) + "]"); return "NULL"; }; } ptr2 = strstri(ptr1 + 6, "charset = "); if(ptr2 != NULL) { char *temp4 = _findFirst((char *)(ptr2 + 10), " \"'>\n\r"); if(temp4 != NULL) { int ln = (int)(temp4 - ptr2 - 10); if(ln > 16) return "WTF?"; strncpy(cdpg, (char *)(ptr2 + 10), (ln > 32) ? 32 : ln ); if(strstri(cdpg, "%s") != NULL) return "UTF-8"; return cdpg; } else { stt->doEmitionRedFoundData("[GetCodePage] [" + QString(ptr2).mid(0, 16) + "]"); return "NULL"; }; } ptr2 = strstri(ptr1 + 6, "charset ="); if(ptr2 != NULL) { char *temp4 = _findFirst((char *)(ptr2 + 9), " \"'>\n\r"); if(temp4 != NULL) { int ln = (int)(temp4 - ptr2 - 9); if(ln > 16) return "WTF?"; strncpy(cdpg, (char *)(ptr2 + 9), (ln > 32) ? 32 : ln ); if(strstri(cdpg, "%s") != NULL) return "UTF-8"; return cdpg; } else { stt->doEmitionRedFoundData("[GetCodePage] [" + QString(ptr2).mid(0, 16) + "]"); return "NULL"; }; } else { if(strstri(str, "charset=") != NULL) { char *temp2 = strstri(str, "charset="); char *temp3 = _findFirst((char *)(temp2 + 8), " \"'>\n\r"); if(temp3 != NULL) { int ln = (int)(temp3 - temp2 - 8); if(ln > 16) return "WTF?"; strncpy(cdpg, (char *)(temp2 + 8), (ln > 32) ? 32 : ln ); if(strstri(cdpg, "%s") != NULL) return "UTF-8"; return cdpg; } else { stt->doEmitionRedFoundData("[GetCodePage] [" + QString(temp3).mid(0, 16) + "]"); return "NULL"; } } else return "NULL"; }; } else return "NULL"; } int globalSearchNeg(const std::string *buff, const char *ip, int port, const char *cp) { QTextCodec *codec; QString codedStr; if (strstri(cp, "shift_jis") != NULL) { codec = QTextCodec::codecForName("Shift-JIS"); codedStr = codec->toUnicode(buff->c_str()); } else if (strstri(cp, "utf") != NULL) { codec = QTextCodec::codecForName("UTF-8"); codedStr = codec->toUnicode(buff->c_str()); } else if (strstri(cp, "cp") != NULL || strstri(cp, "windows") != NULL) { codec = QTextCodec::codecForName("Windows-1251"); codedStr = codec->toUnicode(buff->c_str()); } else if (strstri(cp, "gb") != NULL) { codec = QTextCodec::codecForName("GB2312"); codedStr = codec->toUnicode(buff->c_str()); } else codedStr = QString(buff->c_str()); for (auto negEntry : FileUpdater::negativeVector) { FileUpdater::cv.wait(FileUpdater::lk, []{return FileUpdater::ready; }); if (!globalScanFlag) return -1; if (Utils::ustrstr(std::string(codedStr.toLocal8Bit().data()), negEntry) != -1){ if (gNegDebugMode) { QTextCodec *nCodec = QTextCodec::codecForName("Windows-1251"); stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "]\tNegative hit: \"" + nCodec->toUnicode(negEntry.c_str()).toHtmlEscaped() + "\""); } ++filtered; return -1; } } } int globalSearchPrnt(const std::string *buff) { if(Utils::ustrstr(buff, "en/_top.htm") != -1 || Utils::ustrstr(buff, "cannon http server") != -1 || Utils::ustrstr(buff, "konica minolta") != -1 || Utils::ustrstr(buff, "/eng/home_frm.htm") != -1 || Utils::ustrstr(buff, "networkScanner webserver") != -1 || Utils::ustrstr(buff, "/eng/htm/top.htm") != -1 || Utils::ustrstr(buff, "pages/t_ixdmy.htm") != -1 || Utils::ustrstr(buff, "/web/guest/") != -1 || Utils::ustrstr(buff, "printerInfo") != -1 || Utils::ustrstr(buff, "hp photosmart") != -1 || Utils::ustrstr(buff, "menu and") != -1 || Utils::ustrstr(buff, "hewlett packard") != -1 || Utils::ustrstr(buff, "laserjet") != -1 || Utils::ustrstr(buff, "supplies summary") != -1 || Utils::ustrstr(buff, "seiko epson") != -1 || Utils::ustrstr(buff, "ink_y.png") != -1 || Utils::ustrstr(buff, "epsonnet") != -1 || Utils::ustrstr(buff, "printer name") != -1 ) { if(gNegDebugMode) stt->doEmitionDebugFoundData("Printer detected."); return -1; }; return 0; } int sharedDetector(const char * ip, int port, const std::string *buffcpy, const char *cp) { int isDig = Utils::isDigest(buffcpy); if (isDig == 1) return 101; else if (isDig == 0) return 1; if(Utils::ustrstr(buffcpy, "401 authorization") != -1 || Utils::ustrstr(buffcpy, "401 unauthorized") != -1 || (Utils::ustrstr(buffcpy, "www-authenticate") != -1 && Utils::ustrstr(buffcpy, "401 ") != -1 ) || Utils::ustrstr(buffcpy, "401 unauthorized access denied") != -1 || Utils::ustrstr(buffcpy, "401 unauthorised") != -1 || (Utils::ustrstr(buffcpy, "www-authenticate") != -1 && Utils::ustrstr(buffcpy, " 401\r\n") != -1 ) ) { if(Utils::ustrstr(buffcpy, "digest realm") != -1 && Utils::ustrstr(buffcpy, "basic realm") == -1) { return 101; } else return 1; }; if (Utils::ustrstr(buffcpy, "netwave ip camera") != -1) return 11; if (Utils::ustrstr(buffcpy, "live view / - axis") != -1) return 12; if (Utils::ustrstr(buffcpy, "vilar ipcamera") != -1) return 13; if (Utils::ustrstr(buffcpy, "window.location = \"rdr.cgi\"") != -1) return 14; if (Utils::ustrstr(buffcpy, "httpfileserver") != -1) return 15; if(Utils::ustrstr(buffcpy, "real-time ip camera monitoring system") != -1 || Utils::ustrstr(buffcpy, "server push mode") != -1 ) return 17; //Real-time IP Camera Monitoring System if(Utils::ustrstr(buffcpy, "linksys.com") != -1 && Utils::ustrstr(buffcpy, "tm05") != -1) return 18; //linksys.com cameras if(Utils::ustrstr(buffcpy, "reecam ip camera") != -1) return 19; //reecam cameras if(Utils::ustrstr(buffcpy, "/view/viewer_index.shtml") != -1) return 20; //axis cameras if(Utils::ustrstr(buffcpy, "bridge eyeon") != -1) return 21; //Bridge Eyeon if(Utils::ustrstr(buffcpy, "ip camera control webpage") != -1 && Utils::ustrstr(buffcpy, "/main/cs_motion.asp") != -1) return 22; //ip camera control if(Utils::ustrstr(buffcpy, "network camera") != -1 && Utils::ustrstr(buffcpy, "/live/index2.html") != -1) return 23; //network camera BB-SC384 if(Utils::ustrstr(buffcpy, "network camera") != -1 && Utils::ustrstr(buffcpy, "/viewer/live/en/live.html") != -1) return 24; //Network Camera VB-M40 if(Utils::ustrstr(buffcpy, "panasonic ") != -1 && Utils::ustrstr(buffcpy, ":60002/snapshotjpeg") != -1) return 25; //Panasonic wtfidonteven-camera if(Utils::ustrstr(buffcpy, "sony network camera") != -1 && Utils::ustrstr(buffcpy, "/command/inquiry.cgi?") != -1) return 26; //Sony Network Camera if(Utils::ustrstr(buffcpy, "network camera") != -1 && Utils::ustrstr(buffcpy, "src=\"webs.cgi?") != -1) return 27; //UA Network Camera if(Utils::ustrstr(buffcpy, "network camera") != -1 && Utils::ustrstr(buffcpy, "/viewer/live/index.html") != -1) return 28; //Network Camera VB-M40 if(Utils::ustrstr(buffcpy, "lg smart ip device") != -1) return 29; //LG Smart IP Device Camera if(Utils::ustrstr(buffcpy, "/view/viewer_index.shtml") != -1) return 20; //axis cameras if(Utils::ustrstr(buffcpy, "nas") != -1 && Utils::ustrstr(buffcpy, "/cgi-bin/data/viostor-220/viostor/viostor.cgi") != -1) return 30; //NAX if(Utils::ustrstr(buffcpy, "ip camera") != -1 && Utils::ustrstr(buffcpy, "check_user.cgi") != -1) return 31; //axis cameras if(Utils::ustrstr(buffcpy, "ws(\"user\");") != -1 && Utils::ustrstr(buffcpy, "src=\"/tool.js") != -1 && Utils::ustrstr(buffcpy, "") != -1) return 32; //web ip cam if(Utils::ustrstr(buffcpy, "geovision") != -1 && (Utils::ustrstr(buffcpy, "ip camera") != -1 || Utils::ustrstr(buffcpy, "ssi.cgi/login.htm") != -1) ) return 33; //GEO web ip cam if(Utils::ustrstr(buffcpy, "hikvision-webs") != -1 || (Utils::ustrstr(buffcpy, "hikvision digital") != -1 && Utils::ustrstr(buffcpy, "dvrdvs-webs") != -1) || (Utils::ustrstr(buffcpy, "lapassword") != -1 && Utils::ustrstr(buffcpy, "lausername") != -1 && Utils::ustrstr(buffcpy, "dologin()") != -1) ) return 34; //hikvision cam if((Utils::ustrstr(buffcpy, "easy cam") != -1 && Utils::ustrstr(buffcpy, "easy life") != -1) || (Utils::ustrstr(buffcpy, "ipcamera") != -1 && Utils::ustrstr(buffcpy, "/tool.js") != -1) ) return 35; //EasyCam if(Utils::ustrstr(buffcpy, "/config/cam_portal.cgi") != -1 || Utils::ustrstr(buffcpy, "/config/easy_index.cgi") != -1) return 36; //Panasonic Cam if(Utils::ustrstr(buffcpy, "panasonic") != -1 && Utils::ustrstr(buffcpy, "/view/getuid.cgi") != -1) return 37; //Panasonic Cam WJ-HD180 if(Utils::ustrstr(buffcpy, "ipcam client") != -1 && Utils::ustrstr(buffcpy, "plugins.xpi") != -1 && Utils::ustrstr(buffcpy, "js/upfile.js") != -1) return 38; //Foscam if(Utils::ustrstr(buffcpy, "ip surveillance") != -1 && Utils::ustrstr(buffcpy, "customer login") != -1) return 39; //EagleEye if(Utils::ustrstr(buffcpy, "network camera") != -1 && Utils::ustrstr(buffcpy, "/admin/index.shtml?") != -1) return 40; //Network Camera VB-C300 if(Utils::ustrstr(buffcpy, "sq-webcam") != -1 && Utils::ustrstr(buffcpy, "liveview.html") != -1) return 41; //AVIOSYS-camera if(Utils::ustrstr(buffcpy, "nw_camera") != -1 && Utils::ustrstr(buffcpy, "/cgi-bin/getuid") != -1) return 42; //NW_camera if(Utils::ustrstr(buffcpy, "micros") != -1 && Utils::ustrstr(buffcpy, "/gui/gui_outer_frame.shtml") != -1) return 43; //NW_camera if(Utils::ustrstr(buffcpy, "lapassword") != -1 && Utils::ustrstr(buffcpy, "lausername") != -1 && Utils::ustrstr(buffcpy, "g_ologin.dologin()") != -1 ) return 44; //hikvision cam 2 if(Utils::ustrstr(buffcpy, "panasonic") != -1 && Utils::ustrstr(buffcpy, "/config/index.cgi") != -1) return 45; //Panasonic Cam BB-HG??? if(Utils::ustrstr(buffcpy, "/ui/") != -1 && Utils::ustrstr(buffcpy, "sencha-touch") != -1) return 46; //BUFFALO disk if(Utils::ustrstr(buffcpy, "digital video server") != -1 && Utils::ustrstr(buffcpy, "gui.css") != -1) return 47; //Digital Video Server if(Utils::ustrstr(buffcpy, "/ipcamerasetup.zip") != -1 && Utils::ustrstr(buffcpy, "download player") != -1 && Utils::ustrstr(buffcpy, "ipcam") != -1 ) return 48; //ipCam if(Utils::ustrstr(buffcpy, "dvr") != -1 && Utils::ustrstr(buffcpy, "ieorforefox") != -1 && Utils::ustrstr(buffcpy, "sofari") != -1 ) return 49; //IEORFOREFOX if (Utils::ustrstr(buffcpy, "seyeon") != -1 && (Utils::ustrstr(buffcpy, "/app/multi/single.asp") != -1 || Utils::ustrstr(buffcpy, "/app/live/sim/single.asp") != -1) ) return 50; //Network Video System if (Utils::ustrstr(buffcpy, "MASPRO DENKOH") != -1) return 51; //MASPRO if (Utils::ustrstr(buffcpy, "webcamXP") != -1 && Utils::ustrstr(buffcpy, "a valid username/password") != -1 ) return 52; //Webcamxp5 if (Utils::ustrstr(buffcpy, "NetSuveillance") != -1 && Utils::ustrstr(buffcpy, "l_bgm.gif") != -1 ) return 53; //Jassun (http://176.32.180.42/Login.htm) if (Utils::ustrstr(buffcpy, "WEB SERVICE") != -1 && Utils::ustrstr(buffcpy, "jsmain/liveview.js") != -1 ) return 54; //Beward (http://46.146.243.88:88/login.asp) if (Utils::ustrstr(buffcpy, "get_status.cgi") != -1 && Utils::ustrstr(buffcpy, "str_device+") != -1) return 55; //QCam (http://1.177.123.118:8080/) if(((Utils::ustrstr(buffcpy, "220") != -1) && (port == 21)) || (Utils::ustrstr(buffcpy, "220 diskStation ftp server ready") != -1) || (Utils::ustrstr(buffcpy, "220 ftp server ready") != -1) || Utils::ustrstr(buffcpy, "500 'get': command not understood") != -1 ) return 16; // 16 - FTP if((Utils::ustrstr(buffcpy, "camera web server") != -1 || Utils::ustrstr(buffcpy, "webcamxp 5") != -1 || Utils::ustrstr(buffcpy, "ip box camera") != -1 || Utils::ustrstr(buffcpy, "snaff") != -1 || Utils::ustrstr(buffcpy, "hfs /") != -1 || Utils::ustrstr(buffcpy, "httpfileserver") != -1 || Utils::ustrstr(buffcpy, "network camera") != -1 || Utils::ustrstr(buffcpy, "index of") != -1 || Utils::ustrstr(buffcpy, "$lock extended") != -1 || Utils::ustrstr(buffcpy, "ip camera") != -1 || Utils::ustrstr(buffcpy, "/viewer/video.jpg") != -1 || Utils::ustrstr(buffcpy, "smart ip device") != -1 || Utils::ustrstr(buffcpy, "sanpshot_icon") != -1 || Utils::ustrstr(buffcpy, "snapshot_icon") != -1 || Utils::ustrstr(buffcpy, "ipcam") != -1 ) && Utils::ustrstr(buffcpy, "customer") == -1 && Utils::ustrstr(buffcpy, "purchase") == -1 && Utils::ustrstr(buffcpy, "contac") == -1 && Utils::ustrstr(buffcpy, "company") == -1 ) return 0; if(globalSearchNeg(buffcpy, ip, port, cp) == -1) return -1; if(globalSearchPrnt(buffcpy) == -1) return -2; } // 500 < 1600 int _mainFinderFirst(const std::string *buffcpy, int f, int port, const char *ip, const char *cp) { int flag = sharedDetector(ip, port, buffcpy, cp); if(flag != -2) return flag; if(f) return 7; return 0; } //> 1600 int _mainFinderSecond(const std::string *buffcpy, int port, const char *ip, const char *cp) { int flag = sharedDetector(ip, port, buffcpy, cp); if(flag != -2) return flag; return 3; //Suspicious } int ContentFilter(const std::string *buff, int port, const char *ip, const char *cp, int sz) { int res = 0; if (sz <= 500) res = _mainFinderFirst(buff, 1, port, ip, cp); else if ((sz > 500 && sz <= 3500) || sz > 180000) res = _mainFinderFirst(buff, 0, port, ip, cp); else if (sz > 3500 && sz <= 180000) res = _mainFinderSecond(buff, port, ip, cp); return res; } void fillGlobalLogData(const char *ip, int port, const char *sz, char *title, const char *login, const char *pass, char *comment, char *cdpg, char *clss) { if(trackerOK == true) { while(gGlobalTrackLocked == true) Sleep(10); gGlobalTrackLocked = true; QJsonObject jsonData; if(gMode == 0 || gMode == -1) { if(strlen(ip) > 0) jsonData.insert("ip_addr", QJsonValue(QString(ip)) ); else jsonData.insert("ip_addr", QJsonValue(QString("")) ); jsonData.insert("hostname", QJsonValue(QString("")) ); } else { jsonData.insert("ip_addr", QJsonValue(QString("")) ); jsonData.insert("hostname", QJsonValue(QString(ip)) ); }; jsonData.insert("port", QJsonValue(QString::number(port)) ); jsonData.insert("recv", QJsonValue(QString(sz))); QString tt = QString(base64_encode((const unsigned char *)title, strlen(title)).c_str()); if(strlen(title) == 0) jsonData.insert("title", QJsonValue(QString("NULL")) ); else jsonData.insert("title", QJsonValue(QString(base64_encode((const unsigned char *)title, strlen(title)).c_str())) ); if(strlen(login) > 0) jsonData.insert("login", QJsonValue(QString(login)) ); else jsonData.insert("login", QJsonValue(QString("")) ); if(strlen(pass) > 0) jsonData.insert("pass", QJsonValue(QString(pass)) ); else jsonData.insert("pass", QJsonValue(QString("")) ); if(strlen(comment) > 0) jsonData.insert("other", QJsonValue(QString(comment)) ); else jsonData.insert("other", QJsonValue(QString("")) ); if(strlen(cdpg) > 0) jsonData.insert("encoding", QJsonValue(QString(cdpg)) ); else jsonData.insert("encoding", QJsonValue(QString("")) ); if(strlen(clss) > 0) jsonData.insert("Class", QJsonValue(QString(clss)) ); else jsonData.insert("Class", QJsonValue(QString("")) ); jsonArr->push_front(jsonData); gGlobalTrackLocked = false; }; } int __checkFileExistence(int flag) { char fileName[64] = {0}; if(flag == 666 || flag == 350) strcpy(fileName, RESULT_DIR_NAME"/STRANGE_ERROR.html"); else if(flag == -22) strcpy(fileName, RESULT_DIR_NAME"/ssh.html"); else if(flag == 0 || flag == 15 || flag == -10) strcpy(fileName, RESULT_DIR_NAME"/strange.html"); else if(flag == 3) strcpy(fileName, RESULT_DIR_NAME"/other.html"); else if(flag == 7) strcpy(fileName, RESULT_DIR_NAME"/low_loads.html"); else if(flag == 10) strcpy(fileName, RESULT_DIR_NAME"/LoginForms.html"); else if(flag == 16) strcpy(fileName, RESULT_DIR_NAME"/FTP.html"); else if(flag >= 17 || flag == 11 || flag == 12 || flag == 13 || flag == 14 || flag == 1) strcpy(fileName, RESULT_DIR_NAME"/Basicauth.html"); FILE *f = fopen(fileName, "r"); if(f == NULL) return true; else { fclose(f); return false; }; } bool ftsAnom = true; bool ftsOther = true; bool ftsSSH = true; bool ftsLL = true; bool ftsFTP = true; bool ftsBA = true; bool ftsLF = true; bool fOpened = false; char styleBuff[1024] = {""}; char topBuff[1024] = {"

.strange .other .BasicAuth .FTP .LowLoads .loginforms .SSH

"}; void fputsf(char *text, int flag, char *msg) { FILE *file = NULL; if(flag == 0 || flag == 15 || flag == -10) { if(ftsAnom) ftsAnom = __checkFileExistence(flag); file = fopen(RESULT_DIR_NAME"/strange.html", "a"); } else if(flag == 3) { if(ftsOther) ftsOther = __checkFileExistence(flag); file = fopen(RESULT_DIR_NAME"/other.html", "a"); } else if(flag == -22) { if(ftsSSH) ftsSSH = __checkFileExistence(flag); file = fopen(RESULT_DIR_NAME"/SSH.html", "a"); } else if(flag == 7) { if(ftsLL) ftsLL = __checkFileExistence(flag); file = fopen(RESULT_DIR_NAME"/low_loads.html", "a"); } else if(flag == 10) { if(ftsLF) ftsLF = __checkFileExistence(flag); file = fopen(RESULT_DIR_NAME"/LoginForms.html", "a"); } else if(flag == 16) { if(ftsFTP) ftsFTP = __checkFileExistence(flag); file = fopen(RESULT_DIR_NAME"/FTP.html", "a"); } else if(flag >= 17 || flag == 11 || flag == 12 || flag == 13 || flag == 14 || flag == 1 ) { if(ftsBA) ftsBA = __checkFileExistence(flag); file = fopen(RESULT_DIR_NAME"/Basicauth.html", "a"); } else stt->doEmitionRedFoundData("[WUT!?] Unknown flag [FLAG: " + QString::number(flag) + "]"); if(file != NULL) { time_t rtime; time(&rtime); if(horLineFlag == false) { horLineFlag = true; char delimiter[128] = {0}; char cdate[32] = {0}; strcpy (cdate, "["); strcat (cdate, ctime (&rtime)); memset (cdate + strlen(cdate) - 1, '\0', 1); strcat (cdate, "] "); strcpy(delimiter, "

"); strcat(delimiter, cdate); strcat(delimiter, "

"); fputs (delimiter, file); }; ++saved; char *string = new char[strlen(text) + 512]; if(flag != -22) { strcpy (string, "

"); char cdate[32] = {0}; strcat (cdate, "["); strcat (cdate, ctime (&rtime)); memset (cdate + strlen(cdate) - 1, '\0', 1); strcat (cdate, "] "); strcat (string, cdate); strcat (string, text); strcat (string, "

"); } else { strcpy (string, "

"); }; if(flag == 0 && ftsAnom) { char tmsg[1024] = {0}; ftsAnom = false; strcpy(tmsg, "Anomalies"); strcat(tmsg, msg); strcat(tmsg, styleBuff); fputs (tmsg, file); fputs ("

.strange .other .BasicAuth .FTP .LowLoads .loginforms .SSH

", file); }; if(flag == 3 && ftsOther) { char tmsg[1024] = {0}; ftsOther = false; strcpy(tmsg, "Suspicious"); strcat(tmsg, msg); strcat(tmsg, styleBuff); fputs (tmsg, file); fputs (topBuff, file); }; if(flag == -22 && ftsSSH) { char tmsg[1024] = {0}; ftsOther = false; strcpy(tmsg, "SSH"); strcat(tmsg, msg); strcat(tmsg, styleBuff); fputs (tmsg, file); fputs (topBuff, file); }; if(flag == 7 && ftsLL) { char tmsg[1024] = {0}; ftsLL = false; strcpy(tmsg, "Lowloads"); strcat(tmsg, msg); strcat(tmsg, styleBuff); fputs (tmsg, file); fputs (topBuff, file); }; if(flag == 16 && ftsFTP) { char tmsg[1024] = {0}; ftsFTP = false; strcpy(tmsg, "FTP"); strcat(tmsg, msg); strcat(tmsg, styleBuff); fputs (tmsg, file); fputs (topBuff, file); }; if(flag == 10 && ftsLF) { char tmsg[1024] = {0}; ftsLF = false; strcpy(tmsg, "LoginsForms"); strcat(tmsg, msg); strcat(tmsg, styleBuff); fputs (tmsg, file); fputs (topBuff, file); }; if((flag >= 17 || flag == 11 || flag == 12 || flag == 13 || flag == 14 || flag == 1) && ftsBA) { char tmsg[1024] = {0}; ftsBA = false; strcpy(tmsg, "BasicAuth"); strcat(tmsg, msg); strcat(tmsg, styleBuff); fputs (tmsg, file); fputs (topBuff, file); }; int innerCounter = 0; while(fOpened) { if(innerCounter > 20) { stt->doEmitionRedFoundData("\"fOpened\" loop detected!"); break; }; ++innerCounter; Sleep((rand() % 100 + 60)); }; fOpened = true; fputs (string, file); fclose (file); fOpened = false; delete []string; } else { stt->doEmitionRedFoundData("Cannot open file [FLAG: " + QString::number(flag) + "] " + QString::number(GetLastError())); MainStarter::createResultFiles(); }; } void putInFile(int flag, const char *ip, int port, int size, char *finalstr, char *cp) { char log[4096] = {0}, msg[512] = {0}; QTextCodec *codec; sprintf(msg, "%s:%d", ip, port, ip, port); QString resMes(msg); QString strf; if(strstri(cp, "shift_jis") != NULL) { codec = QTextCodec::codecForName("Shift-JIS"); strf = codec->toUnicode(finalstr); } else if(strstri(cp, "utf") != NULL) { codec = QTextCodec::codecForName("UTF-8"); strf = codec->toUnicode(finalstr); } else if (strstri(cp, "cp") != NULL || strstri(cp, "windows") != NULL) { codec = QTextCodec::codecForName("Windows-1251"); strf = codec->toUnicode(finalstr); } else if (strstri(cp, "gb") != NULL) { codec = QTextCodec::codecForName("GB2312"); strf = codec->toUnicode(finalstr); } else strf = QString(finalstr); if(flag != 6 && flag != 5 && flag != 4) { strcat(msg, " : "); int sz = strf.size(); strncat(msg, QString::fromLocal8Bit(finalstr).toHtmlEscaped().toLocal8Bit().data(), (sz < 128 ? sz : 128)); strcat(msg, ""); resMes += " : " + strf.toHtmlEscaped() + ""; }; stt->doEmitionFoundData(resMes); sprintf(log, "%s:%d; Received: %d", ip, port, ip, port, size); if(flag == 666 || flag == 350) { fillGlobalLogData(ip, port, std::to_string(size).c_str(), finalstr, "", "", "", cp, "Strange error"); ++PieAnomC1; ++AnomC1; } else if(flag == 0 || flag == 15 || flag == -10) { fillGlobalLogData(ip, port, std::to_string(size).c_str(), finalstr, "", "", "", cp, "Anomaly"); ++PieAnomC1; ++AnomC1; } else if(flag == 3) { fillGlobalLogData(ip, port, std::to_string(size).c_str(), finalstr, "", "", "", cp, "Suspicious"); ++PieSusp; ++Susp; } else if(flag == 7) { fillGlobalLogData(ip, port, std::to_string(size).c_str(), finalstr, "", "", "", cp, "Low load"); ++PieLowl; } else if(flag == 10) { fillGlobalLogData(ip, port, std::to_string(size).c_str(), finalstr, "", "", "", cp, "Login form"); ++PieWF; }; if(flag != 6 && flag != 5 && flag != 4) { strcat(log, "; T: "); strncat(log, QString::fromLocal8Bit(finalstr).toHtmlEscaped().toLocal8Bit().data(), 100); strcat(log, ""); }; strcat(log, "\n"); fputsf (log, flag, msg); ZeroMemory(msg, strlen(msg)); } void _specFillerBA(const char *ip, int port, char *finalstr, const char *login, const char *pass, int flag) { char log[512] = {0}; ++PieBA; if(strcmp(login, "NULL") != 0 && strcmp(pass, "NULL") != 0) { sprintf(log, "[BA]:%s:%s@%s:%d T: %s\n", login, pass, ip, port, login, pass, ip, port, finalstr); } else { sprintf(log, "[BA]:%s:%d T: %s\n", ip, port, ip, port, finalstr); } stt->doEmitionFoundData(QString::fromLocal8Bit(log)); fputsf (log , flag, "Basic Authorization"); } void _specFillerWF(const char *ip, int port, char *finalstr, char *login, char *pass, int flag) { char log[512] = {0}; ++PieWF; sprintf(log, "[WF]:%s:%s T: %s Pass: %s:%s\n", ip, port, ip, port, finalstr, login, pass); stt->doEmitionFoundData(QString::fromLocal8Bit(log)); fputsf (log , flag, "Web Form"); } void _getFormVal(char *data, char *result, char *key, char *path = NULL) { char parVal[256] = {0}; int psz = 0; char *pkeyResult1 = strstr(data, ">"); if(pkeyResult1 != NULL) { psz = pkeyResult1 - data + 1; strncpy(parVal, data, (psz < 256 ? psz : 256)); } else { strncpy(parVal, data, 256); }; int sz = 0; char parVal2[256] = {0}; char startPath[256] = {0}; if(strcmp(key, "action") == 0) { if(strstr(path, "./") == NULL) { char *ptrP1 = _findLast(path, "/"); if(ptrP1 != path) { int pSz = ptrP1 -path; strncpy(startPath, path, pSz); }; }; }; char *keyResult1 = strstri(parVal, key); if(keyResult1 != NULL) { char *pkeyResult2 = _findFirst(keyResult1, " >"); if(pkeyResult2 != NULL) { int psz2 = pkeyResult2 - keyResult1; strncpy(parVal2, keyResult1, (psz2 < 256 ? psz2 : 256)); char *keyResult2 = _findFirst(parVal2, "'\""); if(keyResult2 != NULL) { char *keyResult3 = _findFirst(keyResult2 + 1, "'\"> "); if(keyResult3 != NULL) { sz = keyResult3 - keyResult2 - 1; char tempRes[256] = {0}; if(strstr(keyResult2, "./") != NULL) { strcpy(result, startPath); strncpy(tempRes, keyResult2 + 2, sz - 1); if(tempRes[0] != '/') strcat(result, "/"); strcat(result, tempRes); } else if(strstr(keyResult2, "/") == NULL) { if(strcmp(key, "action") == 0) { strcpy(result, startPath); strncpy(tempRes, keyResult2 + 1, sz); if(tempRes[0] != '/') strcat(result, "/"); strcat(result, tempRes); } else { strncpy(result, keyResult2 + 1, sz); }; } else { strncpy(result, keyResult2 + 1, sz); }; }; } else { keyResult2 = _findFirst(parVal2, "="); if(keyResult2 != NULL) { char *keyResult3 = _findFirst(keyResult2, "'\"> "); if(keyResult3 != NULL ) { sz = keyResult3 - keyResult2 - 1; strncpy(result, keyResult2 + 1, sz); char tempRes[256] = {0}; if(strstr(keyResult2, "./") != NULL) { strcpy(result, startPath); strncpy(tempRes, keyResult2 + 2, sz - 1); if(tempRes[0] != '/') strcat(result, "/"); strcat(result, tempRes); } else if(strstr(keyResult2, "/") == NULL) { if(strcmp(key, "action") == 0) { strcpy(result, startPath); strncpy(tempRes, keyResult2 + 1, sz); if(tempRes[0] != '/') strcat(result, "/"); strcat(result, tempRes); } else { strncpy(result, keyResult2 + 1, sz); }; } else { strncpy(result, keyResult2 + 1, sz); }; } else { strcpy(result, startPath); strcat(result, keyResult2 + 1); }; } }; } else { stt->doEmitionFoundData("[WF]: GetParam - Cannot retrieve field."); }; }; } static const std::string arrUser[] = {"user", "usr", "username", "login", "lgn", "account", "acc", "param1", "param3", "id", "A1", "uname", "mail", "name"}; std::vector vecUser (arrUser, arrUser + sizeof(arrUser) / sizeof(arrUser[0]) ); static const std::string arrPass[] = {"pass", "pw", "password", "code", "param2", "param4", "secret", "login_p", "A2", "admin_pw", "pws", "secretkey"}; std::vector vecPass (arrPass, arrPass + sizeof(arrPass) / sizeof(arrPass[0]) ); char *_getAttribute(const char *str, char *attrib) { if(strstri(str, attrib) != NULL) { char res[1024] = {0}; char *ptrStart = strstri(str, attrib); char *ptrEnd = _findFirst(ptrStart, "\r\n"); if(ptrEnd != NULL) { int szAt = strlen(attrib); int sz = ptrEnd - ptrStart - szAt; if(sz != 0 && sz < 1024) strncpy(res, ptrStart + szAt, sz); else return ""; return res; } else return ""; } else return ""; } void _getInputVal(std::vector inputVec, char *buff, char *key) { char *pos = NULL; char field[256] = {0}; if(strcmp(key, "USER") == 0) { for(int i = 0; i < inputVec.size(); ++i) { ZeroMemory(field, 256); _getFormVal((char*)inputVec[i].data(), field, "name="); for(int j = 0; j < vecUser.size(); ++j) { pos = strstri(field, vecUser[j].data()); if(pos != NULL) { strncpy(buff, field, 256); return; }; }; }; } else { for(int i = 0; i < inputVec.size(); ++i) { ZeroMemory(field, 256); _getFormVal((char*)inputVec[i].data(), field, "name="); for(int j = 0; j < vecPass.size(); ++j) { pos = strstri(field, vecPass[j].data()); if(pos != NULL) { strncpy(buff, field, 256); return; }; }; }; }; } void _specWFBrute(const char *ip, int port, const char *buff, int flag, char *path, char *comment, char *tclass, char *cp, int size, char *title) { if(strstr(buff, "VER_CODE") != NULL || strstri(buff, "captcha") != NULL) { if(gNegDebugMode) { stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Ignoring: Captcha detected."); }; return; }; char methodVal[128] = {0}; char actionVal[512] = {0}; char userVal[128] = {0}; char passVal[128] = {0}; char frmBlock[4096] = {0}; char *fBlock = strstri(buff, ""); if(frmBlockEnd != NULL) { fbsz = frmBlockEnd - fBlock; strncpy(frmBlock, fBlock, (fbsz < 4096 ? fbsz : 4096)); } else { strncpy(frmBlock, fBlock, 4096); }; _getFormVal(frmBlock, methodVal, "method"); _getFormVal(frmBlock, actionVal, "action", path); if(actionVal[0] == '.') { char tmpBuff[512] = {0}; char *tempPtr1 = _findLast(path, "/"); int sz = tempPtr1 - path; if(sz > 0) { strncpy(tmpBuff, path, sz); strncat(tmpBuff, actionVal + 1, strlen(actionVal) - 1); ZeroMemory(actionVal, sizeof(actionVal)); strcpy(actionVal, tmpBuff); }; }; char *inptPtr1 = strstri(frmBlock, ""); if(inptPtrEnd != NULL) { ZeroMemory(tempInptStr, 256); insz = inptPtrEnd - inptPtr1 + 1; strncpy(tempInptStr, inptPtr1, (insz < 256 ? insz : 256)); inputVec.push_back(std::string(tempInptStr)); inptPtr1 = strstri(inptPtrEnd, "doEmitionFoundData("" + QString(ip) + ":" + QString::number(port) + " - [WF]: No text/password fields found."); ///fillGlobalLogData(ip, tport, std::to_string(size).c_str(), title, "NULL", "NULL", comment, cp, tclass); ///putInFile(flag, ip, tport, size, title, cp); }; } else { stt->doEmitionFoundData("" + QString(ip) + ":" + QString::number(port) + " - [WF]: Cannot find form block."); fillGlobalLogData(ip, port, std::to_string(size).c_str(), title, "NULL", "NULL", comment, cp, tclass); putInFile(flag, ip, port, size, title, cp); }; if(strlen(methodVal) == 0) { strcpy(methodVal, "GET"); }; if(strlen(actionVal) == 0) { strcpy(actionVal, "/"); } else { if(strstri(actionVal, "http") != NULL) { char tmp[128] = {0}; strncpy(tmp, actionVal, 128); if(strstr(tmp, "//") != NULL) { char *tmp1 = strstr(tmp, "//"); char *tmp2 = strstr(tmp1 + 2, "/"); ZeroMemory(actionVal, 128); if(tmp2 != NULL) { strncpy(actionVal, tmp2, strlen(tmp2)); } else { strcpy(actionVal, "/"); }; } else if(strstr(tmp, "%2f%2f") != NULL) { char *tmp1 = strstr(tmp, "%2f%2f"); char *tmp2 = strstr(tmp1 + 6, "%2f"); ZeroMemory(actionVal, 128); if(tmp2 != NULL) { strcpy(actionVal, "/"); strncpy(actionVal, tmp2 + 3, strlen(tmp2) - 3); } else { strcpy(actionVal, "/"); }; }; }; if(actionVal[0] != '/') { char temp[128] = {0}; strncpy(temp, actionVal, 128); strcpy(actionVal, "/"); strncat(actionVal, temp, strlen(temp)); }; }; if(inputVec.size() > 0) { if(strlen(userVal) != 0 && strlen(passVal) != 0) { WFClass WFC; lopaStr lps = WFC._WFBrute(ip, port, methodVal, actionVal, userVal, passVal, formVal); if(strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0) { _specFillerWF(ip, port, title, lps.login, lps.pass, flag); fillGlobalLogData(ip, port, std::to_string(size).c_str(), title, lps.login, lps.pass, comment, cp, tclass); putInFile(flag, ip, port, size, title, cp); }; } else { if(gNegDebugMode) stt->doEmitionFoundData("" + QString(ip) + ":" + QString::number(port) + " - [WF]: Cannot find user/pass field."); }; }; } void _specWEBIPCAMBrute(const char *ip, int port, char *finalstr, int flag, char *comment, char *cp, int size, char *SPEC) { IPC ipc; lopaStr lps = ipc.IPCLobby(ip, port, SPEC); if(strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0) { _specFillerBA(ip, port, finalstr, lps.login, lps.pass, flag); fillGlobalLogData(ip, port, std::to_string(size).c_str(), finalstr, lps.login, lps.pass, comment, cp, "Basic Authorization"); }; } int _specBrute(const char *ip, int port, char *finalstr, int flag, char *path, char *comment, char *cp, int size, const std::string *buffer) { int y = strcmp(comment, "[DIGEST]"); const lopaStr &lps = BA::BALobby((string(ip) + string(path)).c_str(), port, (strcmp(comment, "[DIGEST]") == 0 ? true : false)); if (strcmp(lps.other, "404") == 0) { stt->doEmitionRedFoundData("BA - 404 " + QString(ip).mid(0, QString(ip).indexOf("/")) + ":" + QString::number(port) + QString(path) + ""); return -1; } if(strstr(lps.login, "UNKNOWN") == NULL && strlen(lps.other) == 0) { _specFillerBA(ip, port, finalstr, lps.login, lps.pass, flag); fillGlobalLogData(ip, port, std::to_string(size).c_str(), finalstr, lps.login, lps.pass, comment, cp, "Basic Authorization"); }; } const char *GetTitle(const char* str) { char delimiterT[] = ""; char delimiterT2[] = "<title id=\"title\">"; const char *firstStr, *secondStr; char finalstr[512] = { 0 }; if (strstri(str, "realm") != NULL) { if (strstr(str, "\"") != NULL) { int hm; firstStr = strstr(str, "\""); if(strstr((firstStr+1), "\"") != NULL) { secondStr = strstr((firstStr+1), "\""); hm = (int)(secondStr-firstStr); } else hm = 10; if(hm > 127) hm = 20; strncat(finalstr, firstStr, hm+1); }; }; if(strlen(finalstr) != 0) strcat(finalstr, "::"); if(strstri(str, "<card") != NULL) { char *str1 = strstri(str, "<card"); if(strstri(str1, "title=") != NULL) { char *str2 = strstri(str1, "title="); if(strstri(str2, ">") != NULL) { char *str3 = strstri(str2, ">"); int y = str3 - str2; if(y > 256) { strcpy(finalstr, "[Strange title]"); } else { strncat(finalstr, (char*)(str2 + strlen("title=")), y); strcat(finalstr, " += "); }; }; }; }; if(strstri(str, "<title>") != NULL) { if(strstri(str, "<title>") != NULL) firstStr = strstri(str, "<title>"); if(strstri(firstStr, "") != NULL) secondStr = strstri(firstStr, ""); else { strcat(finalstr, "[Corrupted title]"); return finalstr; }; int hm = (int)(secondStr - firstStr); if(hm > 256) hm = 20; strncat(finalstr, firstStr + 7, hm - 7); if(strstri(finalstr, "index of /") != NULL) { int hm = 0; strcat(finalstr, " ("); if(strstri(firstStr, "description") != NULL) firstStr = strstri(firstStr, "description"); if(strstri(firstStr, "") != NULL && strlen(finalstr) < 480) { if(iterCount++ > 4 || strlen(finalstr) > 300) break; if(strstr(firstStr, "\">") != NULL) firstStr = strstr(firstStr, "\">"); else break; secondStr = strstri(firstStr, ""); hm = (int)(secondStr-firstStr); if(hm > 16) hm = 16; strncat(finalstr, firstStr + 2, hm - 2); strcat(finalstr, " "); if(strstri(firstStr, "") != NULL) secondStr = strstri(firstStr, ""); else { strcpy(finalstr, "[Corrupted title]"); return finalstr; }; int hm = (int)(secondStr-firstStr); if(hm > 127) hm = 30; strncat(finalstr, firstStr+18, hm-18); } else if(strstri(str, delimiterT) != NULL) { firstStr = strstri(str, delimiterT); if(strstri(firstStr, "") != NULL) secondStr = strstri(firstStr, ""); int hm = (int)(secondStr-firstStr); if(hm > 127) hm = 30; strncat(finalstr, firstStr+20, hm-20); }; return finalstr; } void _saveSSH(const char *ip, int port, int size, const char *buffcpy) { if(buffcpy != NULL) { char log[2048] = {0}; char logEmit[2048] = {0}; char goodStr[256] = {0}; char banner[256] = {0}; const char *ptr1 = strstr(buffcpy, "|+|"); if(ptr1 != NULL) { int gsz = ptr1 - buffcpy; strncpy(goodStr, buffcpy, gsz); if(strlen(ptr1 + 3) > 0) strcpy(banner, ptr1 + 3); sprintf(log, "[SSH] %s:%d ; Banner: %s ", goodStr, port, banner); sprintf(logEmit, "[SSH] %s:%d ", goodStr, port); ++PieSSH; fputsf (log, -22, "SSH"); char loginSSH[128] = {0}; char passSSH[128] = {0}; const char *ptrl1 = strstr(buffcpy, ":"); int lpsz = ptrl1 - buffcpy; strncpy(loginSSH, buffcpy, lpsz); const char *ptrl2 = strstr(buffcpy, "@"); lpsz = ptrl2 - ptrl1; strncpy(passSSH, ptrl1 + 1, lpsz); fillGlobalLogData(ip, port, std::to_string(size).c_str(), "[SSH service]", loginSSH, passSSH, "NULL", "UTF-8", "SSH"); stt->doEmitionFoundData(QString::fromLocal8Bit(logEmit)); } else { stt->doEmitionRedFoundData("[_saveSSH] Wrong format! [" + QString(ip) + ":" + QString::number(port) + "]"); }; } else { stt->doEmitionRedFoundData("[_saveSSH] Empty buffer! [" + QString(ip) + ":" + QString::number(port) + "]"); }; } int redirectReconnect(char *ip, int port, char *str, Lexems *ls, PathStr *ps, std::vector *redirStrLst) { if(ls->iterationCount++ == 5) { ls->iterationCount = 0; strcpy(ps->headr, "[!][Loop detected.]"); strcpy(ps->path, ""); return 0; }; char tempIP[MAX_ADDR_LEN] = {0}; strcpy(tempIP, ip); int tempPort = port; char tempPath[1024] = {0}; if(strstri(str, "https://") != NULL) { tempPort = 443; char *ptr1 = strstri(str, "https://"); char *ptr2 = _findFirst(ptr1 + 8, ":/?"); if(ptr2 != NULL) { int sz = ptr2 - ptr1 - 8; ZeroMemory(tempIP, MAX_ADDR_LEN); strncpy(tempIP, ptr1 + 8, sz < 128 ? sz : 128); if(ptr2[0] == ':') { char *ptrPath = strstr(ptr2, "/"); if(ptrPath != NULL) { sz = ptrPath - ptr2 - 1; char *pPth = strstr(ptr1 + 8, "/"); strcpy(tempPath, pPth); } else { strcpy(tempPath, "/"); sz = ptr2 - ptr1 - 9; }; char tPort[8] = {0}; strncpy(tPort, ptr2 + 1, sz < 8 ? sz : 5); tempPort = atoi(tPort); } else if(ptr2[0] == '/') { strncpy(tempPath, ptr2, strlen(ptr2)); } else if(ptr2[0] == '?') { strcpy(tempPath, "/"); strncat(tempPath, ptr2, strlen(ptr2)); } else { stt->doEmitionRedFoundData("[Redirect] Unknown protocol (" + QString(ip) + ":" + QString::number(port) + ")"); }; } else { ZeroMemory(tempIP, MAX_ADDR_LEN); strncpy(tempIP, ptr1 + 8, strlen(str) - 8); strcpy(tempPath, "/"); }; std::unique_ptr nip(new char[strlen(tempIP) + strlen(tempPath) + 1]); sprintf(nip.get(), "%s%s", tempIP, tempPath); std::string buffer; Connector con; int cSz = con.nConnect(nip.get(), tempPort, &buffer); if(cSz > -1) { strcpy(ps->codepage, GetCodePage(buffer.c_str())); ls->flag = ContentFilter(&buffer, tempPort, tempIP, ps->codepage, cSz); ps->flag = ls->flag; if(ls->flag == -1) { ps->flag = -1; strcpy(ps->path, tempPath); return -1; }; if(ls->flag >= 17 || ls->flag == 11 || ls->flag == 12 || ls->flag == 13 || ls->flag == 14 || ls->flag == 1 || ls->flag == 10) { strcat(ps->headr, GetTitle(buffer.c_str())); ps->flag = ls->flag; strcpy(ps->path, tempPath); ps->port = tempPort; strcpy(ps->ip, tempIP); return -2; }; if(ls->flag == 6) { ps->flag = ls->flag; ps->port = tempPort; return -2; }; strcat(ps->headr, " -> "); strcat(ps->headr, GetTitle(buffer.c_str())); if (ls->header(tempIP, tempPort, buffer.c_str(), ls, ps, redirStrLst, cSz) == -1) { ps->flag = -1; strcpy(ps->path, tempPath); return -1; }; ps->port = tempPort; } else { ps->flag = -1; ls->flag = -1; if(gNegDebugMode) stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Rejecting in _header::redirect [Dead host]."); }; return -2; } else if(strstr(str, "http://") != NULL) //http { tempPort = 80; char *ptr1 = strstri(str, "http://"); char *ptr2 = _findFirst(ptr1 + 7, ":/?"); if(ptr2 != NULL) { int sz = ptr2 - ptr1 - 7; ZeroMemory(tempIP, MAX_ADDR_LEN); strncpy(tempIP, ptr1 + 7, sz < 128 ? sz : 128); if(ptr2[0] == ':') { char *ptrPath = strstr(ptr2, "/"); if(ptrPath != NULL) { sz = ptrPath - ptr2 - 1; char *pPth = strstr(ptr1 + 7, "/"); strcpy(tempPath, pPth); } else { strcpy(tempPath, "/"); sz = ptr2 - ptr1 - 7; }; char tPort[8] = {0}; strncpy(tPort, ptr2 + 1, sz < 8 ? sz : 5); tempPort = atoi(tPort); } else if(ptr2[0] == '/') { strncpy(tempPath, ptr2, strlen(ptr2)); } else if(ptr2[0] == '?') { strcpy(tempPath, "/"); strncat(tempPath, ptr2, strlen(ptr2)); } else { stt->doEmitionRedFoundData("[Redirect] Unknown protocol (" + QString(ip) + ":" + QString::number(port) + ")"); }; } else { ZeroMemory(tempIP, MAX_ADDR_LEN); strncpy(tempIP, ptr1 + 7, strlen(str) - 7); strcpy(tempPath, "/"); }; std::unique_ptr nip(new char[strlen(tempIP) + strlen(tempPath) + 1]); sprintf(nip.get(), "%s%s", tempIP, tempPath); std::string buffer; Connector con; int cSz = con.nConnect(nip.get(), tempPort, &buffer); if(cSz > -1) { strcpy(ps->codepage, GetCodePage(buffer.c_str())); ls->flag = ContentFilter(&buffer, tempPort, tempIP, ps->codepage, cSz); ps->flag = ls->flag; if(ls->flag == -1) { ps->flag = -1; strcpy(ps->path, tempPath); return -1; }; if(ls->flag >= 17 || ls->flag == 11 || ls->flag == 12 || ls->flag == 13 || ls->flag == 14 || ls->flag == 1 || ls->flag == 10) { strcat(ps->headr, GetTitle(buffer.c_str())); ps->flag = ls->flag; strcpy(ps->path, tempPath); ps->port = tempPort; strcpy(ps->ip, tempIP); return -2; }; if(ls->flag == 6) { ps->flag = ls->flag; ps->port = tempPort; return -2; }; strcat(ps->headr, " -> "); strcat(ps->headr, GetTitle(buffer.c_str())); if (ls->header(tempIP, tempPort, buffer.c_str(), ls, ps, redirStrLst, cSz) == -1) { ps->flag = -1; strcpy(ps->path, tempPath); return -1; }; ps->port = tempPort; } else { ps->flag = -1; ls->flag = -1; if(gNegDebugMode) stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Rejecting in _header::redirect [Dead host]."); }; return -2; } else if(str[0] == '/' || (str[0] == '.' && str[1] == '/') || (str[0] == '.' && str[1] == '.' && str[2] == '/')) { if(str[0] == '.' && str[1] == '.') strcpy(tempPath, str + 2); else if(str[0] == '.') strcpy(tempPath, str + 1); else strcpy(tempPath, str); std::unique_ptr nip(new char[strlen(tempIP) + strlen(tempPath) + 1]); sprintf(nip.get(), "%s%s", tempIP, tempPath); std::string buffer; Connector con; int cSz = con.nConnect(nip.get(), tempPort, &buffer); if(cSz > -1) { strcpy(ps->codepage, GetCodePage(buffer.c_str())); ls->flag = ContentFilter(&buffer, port, ip, ps->codepage, cSz); ps->flag = ls->flag; if(ls->flag == -1) { ps->flag = -1; strcpy(ps->path, tempPath); return -2; }; if(ls->flag >= 17 || ls->flag == 11 || ls->flag == 12 || ls->flag == 13 || ls->flag == 14 || ls->flag == 1 || ls->flag == 10) { strcat(ps->headr, GetTitle(buffer.c_str())); ps->flag = ls->flag; strcpy(ps->path, tempPath); ps->port = port; strcpy(ps->ip, ip); return -2; }; if(ls->flag == 6) { ps->flag = ls->flag; ps->port = tempPort; return -2; }; strcat(ps->headr, "->"); strcat(ps->headr, GetTitle(buffer.c_str())); if (ls->header(tempIP, tempPort, buffer.c_str(), ls, ps, redirStrLst, cSz) == -1) { ps->flag = -1; strcpy(ps->path, tempPath); return -1; }; ps->port = tempPort; } else { ps->flag = -1; ls->flag = -1; if(gNegDebugMode) stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Rejecting in _header::redirect [Dead host]."); }; return -2; } else if(strlen(str) > 2) { std::unique_ptr nip(new char[strlen(ip) + strlen(str) + 1]); sprintf(nip.get(), "%s%s", ip, str); std::string buffer; Connector con; int cSz = con.nConnect(nip.get(), port, &buffer); if(cSz > -1) { strcpy(ps->codepage, GetCodePage(buffer.c_str())); ls->flag = ContentFilter(&buffer, port, ip, ps->codepage, cSz); ps->flag = ls->flag; if(ls->flag == -1) { ps->flag = -1; strcpy(ps->path, tempPath); return -1; }; if(ls->flag >= 17 || ls->flag == 11 || ls->flag == 12 || ls->flag == 13 || ls->flag == 14 || ls->flag == 1 || ls->flag == 10) { strcat(ps->headr, GetTitle(buffer.c_str())); ps->flag = ls->flag; strcpy(ps->path, tempPath); ps->port = port; strcpy(ps->ip, ip); return -2; }; if(ls->flag == 6) { ps->flag = ls->flag; ps->port = tempPort; return -2; }; strcat(ps->headr, " -> "); strcat(ps->headr, GetTitle(buffer.c_str())); ls->header(ip, port, buffer.c_str(), ls, ps, redirStrLst, cSz); ps->port = tempPort; } else { ps->flag = -1; ls->flag = -1; if(gNegDebugMode) stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Rejecting in _header::redirect [Dead host]."); }; return -2; }; return -1; } void _getPopupTitle(PathStr *ps, char *str) { strcat(ps->headr, "[Popup detected. Title: "); char *ptr1 = strstr(str, ","); if(ptr1 != NULL) { char *ptr2 = strstr(ptr1 + 1, ","); if(ptr2 != NULL) { int sz = ptr2 - ptr1 - 1; if(sz >= 32) sz = 32; strncat(ps->headr, ptr1 + 1, sz < 32 ? sz : 32); } else { strcat(ps->headr, "[BOUNDARY ERROR]"); }; } else { char temp[32] = {0}; if(strstr(str, "(") != NULL){ strncpy(temp, strstr(str, "("), 32); strcat(ps->headr, temp); } else { strcat(ps->headr, "[No title]"); }; }; strcat(ps->headr, "]"); } void _getLinkFromJSLocation(char *dataBuff, char *str, char *tag, char *ip, int port) { if (strstri(str, ".title") != NULL) return; char *ptr1 = strstr(str, tag); if(ptr1 != NULL) { char *ptr2 = _findFirst(ptr1, "=("); char *ptrSemi = _findFirst(ptr1 + strlen(tag), ".;"); if(ptrSemi == NULL) { ptrSemi = _findLast(ptr1 + strlen(tag) + 1, "'\""); } if(ptr2 != NULL && ptrSemi != NULL) { int sz = ptrSemi - ptr2; if(sz >= 2) { char *ptrQuote1 = _findFirst(ptr2, "\"'"); if(ptrQuote1 != NULL) { char *ptrQuoteTemp = _findFirst(ptrQuote1 + 1, ";\n}"); if(ptrQuoteTemp != NULL) { sz = ptrQuoteTemp - ptrQuote1 + 1; } else { ptrQuoteTemp = _findFirst(ptrQuote1 + 1, "\"'"); sz = ptrQuoteTemp - ptrQuote1 + 1; } char *tempBuff = new char[sz + 1]; ZeroMemory(tempBuff, sizeof(*tempBuff)); strncpy(tempBuff, ptrQuote1 + 1, sz); memset(tempBuff + sz, 0, 1); char delim[2] = {0}; ZeroMemory(delim, 1); delim[0] = ptrQuote1[0]; delim[1] = '\0'; char *ptrQuote2 = _findLast(tempBuff + 1, delim); if(ptrQuote2 != NULL) { sz = ptrQuote2 - tempBuff; if(sz < 511) { if (tempBuff[0] == '.' && tempBuff[1] == '/') { strncat(dataBuff, tempBuff + 1, sz - 1); } else if(tempBuff[0] != '/' && strstri(tempBuff, "http://") == NULL && strstri(tempBuff, "https://") == NULL ) { strcpy(dataBuff, "/"); strncat(dataBuff, tempBuff, sz); } else strncpy(dataBuff, tempBuff, sz); }; }; delete tempBuff; } else { ptrQuote1 = strstr(ptr2, "="); if(ptrQuote1 != NULL) { char *ptrQuote2 = _findFirst(ptr2, ";\n"); if(ptrQuote2 != NULL) { int sz = ptrQuote2 - ptr2 - 1; char link1[512] = {0}; strncpy(link1, ptr2 + 1, sz); char *ptrQuote3 = strstr(link1, "/"); if(ptrQuote3 != NULL) { strcpy(dataBuff, ptrQuote3); }; }; }; }; }; } else { stt->doEmitionRedFoundData("[JSLocator] Location extraction failed [" + QString(ip) + ":" + QString::number(port) + "]"); }; }; } int Lexems::header(char *ip, int port, const char *str, Lexems *l, PathStr *ps, std::vector *redirStrLst, int size) { std::string redirectStr = ""; strcpy(ps->codepage, GetCodePage(str)); char finalstr[512] = {0}; if(strstri(str, "notice auth :*** looking up your hostname...") || strstri(str, "451 * :You have not registered.") ) { strcpy(ps->headr, "[IRC server]"); strcpy(ps->path, "/"); return 1; }; if((strstri(str, "ip camera") != NULL || strstr(str, "+tm01+") != NULL || strstri(str, "camera web server") != NULL || strstri(str, "ipcam_language") != NULL || strstri(str, "/viewer/video.jpg") != NULL || strstri(str, "network camera") != NULL || strstri(str, "sanpshot_icon") != NULL || strstri(str, "snapshot_icon") != NULL || strstri(str, "lan camera") != NULL || strstri(str, "cgiuserlogin?") != NULL || strstri(str, "web camera") != NULL || strstri(str, "smart ip device") != NULL || strstri(str, "pan/tilt camera") != NULL || strstri(str, "/cgi-bin/viewer/getparam.cgi?") != NULL || strstri(str, "IPCam") != NULL || strstri(str, "/camera-cgi/admin") != NULL ) && strstr(str, "customer") == NULL && strstr(str, "purchase") == NULL && strstr(str, "contac") == NULL && strstr(str, "company") == NULL ) { if (strstr(str, "CgiStart?page=Single") != NULL) strcpy(ps->headr, "[IP Camera (Unibrowser)]"); else strcpy(ps->headr, "[IP Camera]"); l->flag = 0; ps->flag = 0; }; if(strstri(str, "get_status.cgi") != NULL) strcpy(ps->headr, "[It may be ip camera]"); if(strstri(str, "vo_logo.gif") != NULL || strstri(str, "vo logo.gif") != NULL ) strcpy(ps->headr, "[VIVOTEK camera detected?]"); if(strstri(str, "$lock extended") != NULL) { strcpy(ps->headr, "[DChub detected.]"); strcpy(ps->path, "/"); return 0; }; if(strstri(str, "top.htm?currenttime") != NULL || strstri(str, "top.htm?") != NULL ) strcat(finalstr, " [?][SecCam detected]"); if(strstri(str, "http-equiv=\"refresh\"") != NULL || strstri(str, "http-equiv=refresh") != NULL || strstri(str, "http-equiv='refresh'") != NULL ) { char *temp = NULL; char *strTmp = NULL; if(strstri(str, "http-equiv=\"refresh\"") != NULL) strTmp = strstri(str, "http-equiv=\"refresh\""); else if(strstri(str, "http-equiv=refresh") != NULL) strTmp = strstri(str, "http-equiv=refresh"); else if(strstri(str, "http-equiv='refresh'") != NULL) strTmp = strstri(str, "http-equiv='refresh'"); if(strstri(strTmp, "url=") != NULL ) { if((int)(strstri(strTmp, "url=") - strTmp) < 100) { temp = strstri(strTmp, "url="); char *temp2 = NULL, temp3[128] = {0}; int sz = 0; if(temp[4] == '"' || temp[4] == '\'' || temp[4] == ' ' || temp[4] == '\n' || temp[4] == '\r') { temp2 = _findFirst(temp + 6, " \n>\"'"); if(temp2 != NULL) { sz = (int)(temp2 - temp) - 5; strncpy(temp3, (char*)(temp + 5), (sz < 128 ? sz : 127)); }; } else { temp2 = _findFirst(temp + 4, " \n>\"'"); if(temp2 != NULL) { sz = (int)(temp2 - temp) - 4; strncpy(temp3, (char*)(temp + 4), sz < 128 ? sz : 127); }; }; if(strstri(temp3, "http://") == NULL && strstri(temp3, "https://") == NULL) { if(temp3[0] != '.') { if(temp3[0] != '/') { char temp4[128] = {0}; strcpy(temp4, "/"); strncat(temp4, temp3, 127); strncpy(temp3, temp4, 128); }; }; }; redirectStr = std::string(temp3); if(std::find(redirStrLst->begin(), redirStrLst->end(), redirectStr) == redirStrLst->end()) { redirStrLst->push_back(redirectStr); return redirectReconnect(ip, port, temp3, l, ps, redirStrLst); } return -1; strcat(ps->headr, " "); return -2; }; strcat(ps->headr, finalstr); strcat(ps->headr, " "); return 0; }; }; if(strstri(str, ""); if(ptr2 != NULL) { int sz = ptr2 - ptr1; char *scriptContainer = new char[sz + 1]; ZeroMemory(scriptContainer, sz + 1); strncpy(scriptContainer, ptr1, sz); memset(scriptContainer + sz, '\0', 1); ZeroMemory(linkPtr, 512); if(strstri(scriptContainer, "location.href") != NULL) _getLinkFromJSLocation(linkPtr, scriptContainer, "location.href", ip, port); else if(strstri(scriptContainer, "location.replace") != NULL) _getLinkFromJSLocation(linkPtr, scriptContainer, "location.replace", ip, port); else if(strstri(scriptContainer, "location.reload") != NULL) strcpy(linkPtr, "/"); else if(strstri(scriptContainer, "location") != NULL) _getLinkFromJSLocation(linkPtr, scriptContainer, "location", ip, port); if(strlen(linkPtr) != 0) { redirectStr = std::string(linkPtr); if(std::find(redirStrLst->begin(), redirStrLst->end(), redirectStr) == redirStrLst->end()) { redirStrLst->push_back(redirectStr); redirectReconnect(ip, port, linkPtr, l, ps, redirStrLst); }; }; delete []scriptContainer; if(ps->flag >= 17 || ps->flag == 11 || ps->flag == 12 || ps->flag == 13 || ps->flag == 14 || ps->flag == 1 || ps->flag == 10 ) return -2; else if(ps->flag == -1) return -1; } else { strcat(ps->headr, "[Cannot retrieve \"