Commit add11b5e authored by Devon Kearns's avatar Devon Kearns

Imported Upstream version 0.4-alpha

parents
This diff is collapsed.
/***************************************************************************
* Buf.h -- The Buf class is reponsible for I/O buffer manipulation *
* and is based on the buffer code used in OpenSSH. *
* *
***********************IMPORTANT NMAP LICENSE TERMS************************
* *
* The Nmap Security Scanner is (C) 1996-2011 Insecure.Com LLC. Nmap is *
* also a registered trademark of Insecure.Com LLC. This program is free *
* software; you may redistribute and/or modify it under the terms of the *
* GNU General Public License as published by the Free Software *
* Foundation; Version 2 with the clarifications and exceptions described *
* below. This guarantees your right to use, modify, and redistribute *
* this software under certain conditions. If you wish to embed Nmap *
* technology into proprietary software, we sell alternative licenses *
* (contact sales@insecure.com). Dozens of software vendors already *
* license Nmap technology such as host discovery, port scanning, OS *
* detection, and version detection. *
* *
* Note that the GPL places important restrictions on "derived works", yet *
* it does not provide a detailed definition of that term. To avoid *
* misunderstandings, we consider an application to constitute a *
* "derivative work" for the purpose of this license if it does any of the *
* following: *
* o Integrates source code from Nmap *
* o Reads or includes Nmap copyrighted data files, such as *
* nmap-os-db or nmap-service-probes. *
* o Executes Nmap and parses the results (as opposed to typical shell or *
* execution-menu apps, which simply display raw Nmap output and so are *
* not derivative works.) *
* o Integrates/includes/aggregates Nmap into a proprietary executable *
* installer, such as those produced by InstallShield. *
* o Links to a library or executes a program that does any of the above *
* *
* The term "Nmap" should be taken to also include any portions or derived *
* works of Nmap. This list is not exclusive, but is meant to clarify our *
* interpretation of derived works with some common examples. Our *
* interpretation applies only to Nmap--we don't speak for other people's *
* GPL works. *
* *
* If you have any questions about the GPL licensing restrictions on using *
* Nmap in non-GPL works, we would be happy to help. As mentioned above, *
* we also offer alternative license to integrate Nmap into proprietary *
* applications and appliances. These contracts have been sold to dozens *
* of software vendors, and generally include a perpetual license as well *
* as providing for priority support and updates as well as helping to *
* fund the continued development of Nmap technology. Please email *
* sales@insecure.com for further information. *
* *
* As a special exception to the GPL terms, Insecure.Com LLC grants *
* permission to link the code of this program with any version of the *
* OpenSSL library which is distributed under a license identical to that *
* listed in the included docs/licenses/OpenSSL.txt file, and distribute *
* linked combinations including the two. You must obey the GNU GPL in all *
* respects for all of the code used other than OpenSSL. If you modify *
* this file, you may extend this exception to your version of the file, *
* but you are not obligated to do so. *
* *
* If you received these files with a written license agreement or *
* contract stating terms other than the terms above, then that *
* alternative license agreement takes precedence over these comments. *
* *
* Source is provided to this software because we believe users have a *
* right to know exactly what a program is going to do before they run it. *
* This also allows you to audit the software for security holes (none *
* have been found so far). *
* *
* Source code also allows you to port Nmap to new platforms, fix bugs, *
* and add new features. You are highly encouraged to send your changes *
* to nmap-dev@insecure.org for possible incorporation into the main *
* distribution. By sending these changes to Fyodor or one of the *
* Insecure.Org development mailing lists, it is assumed that you are *
* offering the Nmap Project (Insecure.Com LLC) the unlimited, *
* non-exclusive right to reuse, modify, and relicense the code. Nmap *
* will always be available Open Source, but this is important because the *
* inability to relicense code has caused devastating problems for other *
* Free Software projects (such as KDE and NASM). We also occasionally *
* relicense the code to third parties as discussed above. If you wish to *
* specify special license conditions of your contributions, just say so *
* when you send them. *
* *
* This program is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
* General Public License v2.0 for more details at *
* http://www.gnu.org/licenses/gpl-2.0.html , or in the COPYING file *
* included with Nmap. *
* *
***************************************************************************/
#ifndef BUF_H
#define BUF_H
#include "utils.h"
#define BUFFER_MAX_CHUNK 0x100000
#define BUFFER_MAX_LEN 0xa00000
#define BUFFER_ALLOCSZ 0x008000
#define DEFAULT_BUF_SIZE 4096
class Buf {
public:
Buf();
~Buf();
/* Appends data to the buffer, expanding it if necessary. */
void append(const void *data, u_int len);
/*
* Appends space to the buffer, expanding the buffer if necessary. This does
* not actually copy the data into the buffer, but instead returns a pointer
* to the allocated region.
*/
void *append_space(u_int len);
/*
* Similar to way snprintf works, but data get saved inside the buffer.
* Warning: data won't get null terminated
* the len argument is the real length of the _actual_ data
*/
void snprintf(u_int len, const void *fmt, ...);
/*
* Check whether an allocation of 'len' will fit in the buffer
* This must follow the same math as buffer_append_space
*/
int check_alloc(u_int len);
/* Returns the number of bytes of data in the buffer. */
u_int get_len(void);
/* Gets data from the beginning of the buffer. */
int get_data(void *dst, u_int len);
/* Returns a pointer to the first used byte in the buffer. */
void *get_dataptr(void);
/*
* Clears any data from the buffer, making it empty. This does not actually
* zero the memory.
*/
void clear(void);
/* Dumps the contents of the buffer to stderr. */
void data_dump(void);
private:
int compact(void);
u_char *buf; /* Buffer for data */
u_int alloc; /* Number of bytes allocated for data. */
u_int offset; /* Offset of first byte containing data. */
u_int end; /* Offset of last byte containing data. */
};
#endif
~00000
00000000
,000$ 0$+~
$=0= .0+0
000 000
:000 0~0
0000. 0
00000 .
.000000
0?= +.,.
,?00.$000
00000~.:~0
.$+00~?~000
:00000.=0000
?00?00+=: ,0,
00000..0000~ 000000. $0
00..0~0?0::00,?0::?$0. 00 ~
.0. ,0?00000.0$,+,000.00 $00
0. 00.?00=00000~0+0:0000?0,~0?.
.0 +00 0+0000 0000=?~0000?00 00
.: .~~ .000=00000~00=000000+0.0~0$$.
00 , ?00.. 000~000000000000.:0.0:0~ 0$00.+
00.0 00 00?~000~000000000+00 + ~0000000000=$0000
$ 00 00. .00,000000000000$.00000. .0000+$+~00
0 00 .0 000000000?~0000000. 0. .0$000000+$0
0 0 0 000:$~0000=0.0000,$. 00 0000000000
0 00 ?.0000 $0 0 . .0000
. $ ?000. 0 0
0 +~?000
0. :000000?0 |=------=[ Ncrack ]=------=|
0000$?+00
00+0:~0$0+
.0$000?00
0?000000
.000~0
-- [ Ncrack Changelog ] --
Ncrack 0.4ALPHA [2011-04-23]
o Added the VNC module to Ncrack's arsenal. Thanks to rhh of rycon.hu for
implementing the module and discussing about it for further improvement.
o Wrote the Ncrack Developer's Guide, which is meant to give an overall
insight into Ncrack's architecture and help programmers develop their own
modules (http://nmap.org/ncrack/devguide.html)
o Fixed critical bug in RDP module, which caused Ncrack to fail cracking
some Windows 2003 server versions.
o Added a mechanism (MODULE_ERR), which modules can use to report to the
Ncrack engine that the authentication wasn't completed due to an
application error. For instance, the VNC server often notifies the client
that there are "too many authentication failures" and Ncrack can then
close the running connections and wait some time until the above wears
off.
o Ncrack can now print the nsock EID (unique connection ID) in debugging
messages. This will greatly help us track problems, since error messages
will be matched to certain connections.
Ncrack 0.3ALPHA [2010-09-07]
o Ncrack can now crack the Remote Desktop Protocol on all Windows versions from
XP and above, with the introduction of the RDP module. Users are well advised
to read http://seclists.org/nmap-dev/2010/q3/450 for cracking Windows XP
machines since they can't handle many concurrent RDP connections.
o Implemented the SMB module which can crack Microsoft's SMB/CIFS services as
well as UNIX Samba servers.
o Introduced the '-f' option, which forces Ncrack to quit cracking a
service after it finds one credential for it. Specifying the option twice
like '-f -f' will cause Ncrack to completely quit after any credential is
found on any service.
o Added support for blank-password testing. Ncrack will now test a blank
entry whenever it sees an empty line in any of the wordlists. The same
behaviour applies for passing the options --user '' or --pass ''.
o Improved the Ncrack scorpion logo with an updated SVG version (see
the top of http://nmap.org/ncrack/)
Ncrack 0.2ALPHA [2010-06-12]
o Ncrack now interactively prints out discovered credentials whenever
the user presses the 'p' key. Also, in verbose mode (-v), Ncrack
now prints new credentials whenever they are discovered. Basic
statistics (cracking rate, number of credentials found, but not the
credentials themselves) can be obtained by pressing enter or another
key at any time.
o Added the --resume option, which allows users to cancel (usually by
pressing Ctrl+C) and later restore a cracking session through a file
with the saved state. The Ncrack restoration file is saved at
.ncrack/ under the home user's directory for *nix systems and inside
the user's profile directory (normally under C:\Documents and
Settings\<user>\.ncrack\) in Windows. The file name format is
restore.<date>_<time> e.g: restore.2009-11-1_10-10 . The time isn't
in XX:XX format because Windows doesn't allow colons in filenames.
o Implemented the -iN option which lets Ncrack review Nmap normal
(-oN) output to find targets.
o Implemented -iX option, which allows Ncrack to obtain targets by
reading an Nmap XML (-oX) output format file.
o Ncrack's help screen (ncrack -h) now includes practical real-life
examples as well as a list of protocol cracking modules supported.
You can also list the supported modules with -V.
o Added experimental pop3(s) support - patch initially made by Bucsay Balazs
and then modified by Ithilgore.
o Ncrack now shares the Nsock library with Nmap rather than having its
own fork. This makes maintenance much easier. This was
accomplished by adding a way to compile Nsock without Libpcap (which
Ncrack doesn't use).
o Fixed a timeout-related error which was due to the way Nsock caches
its time values to avoid too many gettimeofday() system calls,
leading to Ncrack thinking that negative time had elapsed in some
cases. See the report at http://seclists.org/nmap-dev/2010/q2/450.
o Fixed bug which caused an endless loop before Ncrack could exit
properly (reported at http://seclists.org/nmap-dev/2010/q2/746).
o Fixed several memory leaks with the help of Valgrind. Also conducted a
Valgrind test for all modules. A report on a big memory leak was made here:
http://seclists.org/nmap-dev/2010/q1/1140
o Fixed a problem which lead to the configure script being executed
twice for each of Ncrack's dependency libraries. Compilation is
much faster now.
o Added cleanup function for modules. This is made possible by a
function pointer (ops_free) in the Connection class, that
deallocates all internal struct members of misc_info . Since these
are module-specific data, each module should initialize this
function upon first invocation.
o Added a snprintf function to Buf class. This is really handy for
module writers since it allows multiple I/O operations in
one line.
o Changed the module API Connection class to split the old iobuf
system into two separate iobufs (one for inbound and one for
outbound data).
o We now use the same default password list as Nmap, which is based on
data from many compromised/leaked systems. We also have included
several individual files which can be used instead, such as Solar
Designer's password file from his cracking application John.
o Added the --user and --pass options for command-line user and
password list specification.
o Reported to Microsoft an issue on Windows (running on Windows rather
than against it) which was slowing the scans down
(http://seclists.org/nmap-dev/2009/q2/774). Microsoft wasn't able to
reproduce the problem
(https://connect.microsoft.com/WNDP/feedback/ViewFeedback.aspx?FeedbackID=479640),
but it seems that changes made by ESET Nod32 AV on Ithilgore's
machine may have been the problem. It works for him if he disables
Nod32, so users might consider trying that if they experience poor
performance.
o Fixed a compilation failure which occurred at linking when OpenSSL
was not available on the system.
o Added this CHANGELOG file to the distribution.
Ncrack 0.01ALPHA [2009-08-10]
o First public release of Ncrack.
This diff is collapsed.
This diff is collapsed.
LICENSE ISSUES
==============
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts. Actually both licenses are BSD-style
Open Source licenses. In case of any license issues related to OpenSSL
please contact openssl-core@openssl.org.
OpenSSL License
---------------
/* ====================================================================
* Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
Original SSLeay License
-----------------------
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/***************************************************************************
* Connection.cc -- The "Connection" class holds information specifically *
* pertaining to connection probes. Objects of this class must always *
* belong to a certain "Service" object. *
* *
***********************IMPORTANT NMAP LICENSE TERMS************************
* *
* The Nmap Security Scanner is (C) 1996-2011 Insecure.Com LLC. Nmap is *
* also a registered trademark of Insecure.Com LLC. This program is free *
* software; you may redistribute and/or modify it under the terms of the *
* GNU General Public License as published by the Free Software *
* Foundation; Version 2 with the clarifications and exceptions described *
* below. This guarantees your right to use, modify, and redistribute *
* this software under certain conditions. If you wish to embed Nmap *
* technology into proprietary software, we sell alternative licenses *
* (contact sales@insecure.com). Dozens of software vendors already *
* license Nmap technology such as host discovery, port scanning, OS *
* detection, and version detection. *
* *
* Note that the GPL places important restrictions on "derived works", yet *
* it does not provide a detailed definition of that term. To avoid *
* misunderstandings, we consider an application to constitute a *
* "derivative work" for the purpose of this license if it does any of the *
* following: *
* o Integrates source code from Nmap *
* o Reads or includes Nmap copyrighted data files, such as *
* nmap-os-db or nmap-service-probes. *
* o Executes Nmap and parses the results (as opposed to typical shell or *
* execution-menu apps, which simply display raw Nmap output and so are *
* not derivative works.) *
* o Integrates/includes/aggregates Nmap into a proprietary executable *
* installer, such as those produced by InstallShield. *
* o Links to a library or executes a program that does any of the above *
* *
* The term "Nmap" should be taken to also include any portions or derived *
* works of Nmap. This list is not exclusive, but is meant to clarify our *
* interpretation of derived works with some common examples. Our *
* interpretation applies only to Nmap--we don't speak for other people's *
* GPL works. *
* *
* If you have any questions about the GPL licensing restrictions on using *
* Nmap in non-GPL works, we would be happy to help. As mentioned above, *
* we also offer alternative license to integrate Nmap into proprietary *
* applications and appliances. These contracts have been sold to dozens *
* of software vendors, and generally include a perpetual license as well *
* as providing for priority support and updates as well as helping to *
* fund the continued development of Nmap technology. Please email *
* sales@insecure.com for further information. *
* *
* As a special exception to the GPL terms, Insecure.Com LLC grants *
* permission to link the code of this program with any version of the *
* OpenSSL library which is distributed under a license identical to that *
* listed in the included docs/licenses/OpenSSL.txt file, and distribute *
* linked combinations including the two. You must obey the GNU GPL in all *
* respects for all of the code used other than OpenSSL. If you modify *
* this file, you may extend this exception to your version of the file, *
* but you are not obligated to do so. *
* *
* If you received these files with a written license agreement or *
* contract stating terms other than the terms above, then that *
* alternative license agreement takes precedence over these comments. *
* *
* Source is provided to this software because we believe users have a *
* right to know exactly what a program is going to do before they run it. *
* This also allows you to audit the software for security holes (none *
* have been found so far). *
* *
* Source code also allows you to port Nmap to new platforms, fix bugs, *
* and add new features. You are highly encouraged to send your changes *
* to nmap-dev@insecure.org for possible incorporation into the main *
* distribution. By sending these changes to Fyodor or one of the *
* Insecure.Org development mailing lists, it is assumed that you are *
* offering the Nmap Project (Insecure.Com LLC) the unlimited, *
* non-exclusive right to reuse, modify, and relicense the code. Nmap *
* will always be available Open Source, but this is important because the *
* inability to relicense code has caused devastating problems for other *
* Free Software projects (such as KDE and NASM). We also occasionally *
* relicense the code to third parties as discussed above. If you wish to *
* specify special license conditions of your contributions, just say so *
* when you send them. *
* *
* This program is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
* General Public License v2.0 for more details at *
* http://www.gnu.org/licenses/gpl-2.0.html , or in the COPYING file *
* included with Nmap. *
* *
***************************************************************************/
#include "Service.h"
#if HAVE_OPENSSL
#include <openssl/ssl.h>
#endif
/* A connection must *always* belong to one specific Service */
Connection::
Connection(Service *serv)
{
state = 0;
service = serv;
peer_might_close = false;
finished_normally = false;
check_closed = false;
peer_alive = false;
auth_complete = false;
from_pool = false;
closed = false;
auth_success = false;
force_close = false;
login_attempts = 0;
misc_info = NULL;
close_reason = -1;
inbuf = NULL;
outbuf = NULL;
login_attempts = 0;
ssl_session = NULL;
ops_free = NULL;
}
Connection::
~Connection()
{
if (inbuf)
delete inbuf;
if (outbuf)
delete outbuf;
/* This has to be called BEFORE freeing misc_info */
if (*ops_free)
ops_free(this);
if (misc_info) {
free(misc_info);
misc_info = NULL;
}
#if HAVE_OPENSSL
if (ssl_session)
SSL_SESSION_free((SSL_SESSION*)ssl_session);
ssl_session = NULL;
#endif