- HOPM can now detect Dreamboxes with default root passwords. Patch by Gavin Hanover...

git-svn-id: svn://svn.ircd-hybrid.org/svnroot/hopm/branches/1.0.x@5997 82007160-df01-0410-b94d-b575c5fd34c7

diff --git a/NEWS b/NEWS
index d5844179726f03ac6fe3b3ad3c604106f6beb8ee..7aca2ec81d0cedcf29e1ad95e6fccdaca7223bc8 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+-- Noteworthy changes in version 1.0.7 (2015-??-??)
+o) HOPM can now detect Dreamboxes with default root passwords
+
+
 -- Noteworthy changes in version 1.0.6 (2015-05-27)
 o) HOPM now catches MikroTik HttpProxies
 

diff --git a/doc/reference.conf b/doc/reference.conf
index 7e6b5cd6a2a2a5b891ff85e5b6ce6fdd109c66b6..4319bb3f834edd2b00c71a2a65a456dc89e91a12 100644 (file)
--- a/doc/reference.conf
+++ b/doc/reference.conf
@@ -476,6 +476,8 @@ scanner {
         */
        protocol = WINGATE:23;
 
+       protocol = DREAMBOX:23;
+
        /*
         * The HTTP POST protocol, often dismissed when writing the access
         * controls for proxies, but sadly can still be used to abused.

diff --git a/src/config-lexer.l b/src/config-lexer.l
index 1d17e2db922ee1f969e7cdc1e185ab1cc62e294f..c5ae27f31b265577a3467f3fd7ebfee27aedb782 100644 (file)
--- a/src/config-lexer.l
+++ b/src/config-lexer.l
@@ -192,6 +192,12 @@ ROUTER                  {
                           return PROTOCOLTYPE;
                         }
 
+DREAMBOX                {
+                          yylval.number = OPM_TYPE_DREAMBOX;
+                          return PROTOCOLTYPE;
+                        }
+
+
 
 [0-9]+                  {
                            yylval.number=atoi(yytext);

diff --git a/src/libopm/src/libopm.c b/src/libopm/src/libopm.c
index e91594e197303f9049032e015dcd0bb6591c866a..45984bc8bbdbe58b20f4d4dcd01a8460c216bee4 100644 (file)
--- a/src/libopm/src/libopm.c
+++ b/src/libopm/src/libopm.c
@@ -89,7 +89,8 @@ static OPM_PROTOCOL_T OPM_PROTOCOLS[] =
   { OPM_TYPE_SOCKS5,   libopm_proxy_socks5_write,   NULL },
   { OPM_TYPE_ROUTER,   libopm_proxy_router_write,   NULL },
   { OPM_TYPE_WINGATE,  libopm_proxy_wingate_write,  NULL },
-  { OPM_TYPE_HTTPPOST, libopm_proxy_httppost_write, NULL }
+  { OPM_TYPE_HTTPPOST, libopm_proxy_httppost_write, NULL },
+  { OPM_TYPE_DREAMBOX, libopm_proxy_dreambox_write, NULL }
 };
 
 /* opm_create

diff --git a/src/libopm/src/opm_types.h b/src/libopm/src/opm_types.h
index b83a40a371bc7cdfd315d8d76cc971336c36957e..d01ccaaa785d0d540d1b727bb140f1a191583a83 100644 (file)
--- a/src/libopm/src/opm_types.h
+++ b/src/libopm/src/opm_types.h
@@ -24,6 +24,7 @@
 #define OPM_TYPE_WINGATE         4
 #define OPM_TYPE_ROUTER          5
 #define OPM_TYPE_HTTPPOST        6
+#define OPM_TYPE_DREAMBOX        7
 
 /* States */
 #define OPM_STATE_UNESTABLISHED  1

diff --git a/src/libopm/src/proxy.c b/src/libopm/src/proxy.c
index 92a770f945d0526c10bc5ad7f72fa05836d08853..e69a62229b8f1b33c9826337a578dc1dc3eee5b1 100644 (file)
--- a/src/libopm/src/proxy.c
+++ b/src/libopm/src/proxy.c
@@ -239,3 +239,34 @@ libopm_proxy_httppost_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *
 
   return OPM_SUCCESS;
 }
+
+/*
+ * Dreambox scanning
+ *
+ * Some dreambox machines have 'dreambox' as the password, and would allow
+ * full root access to telnet or install bouncers.
+ */
+int
+libopm_proxy_dreambox_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
+{
+  size_t len;
+  int scan_port;
+  char *scan_ip;
+
+  scan_ip = (char *)libopm_config(scanner->config, OPM_CONFIG_SCAN_IP);
+  scan_port = *(int *)libopm_config(scanner->config, OPM_CONFIG_SCAN_PORT);
+
+  len = snprintf(SENDBUF, SENDBUFLEN, "root\r\n");
+  send(conn->fd, SENDBUF, len, 0);
+
+  len = snprintf(SENDBUF, SENDBUFLEN, "dreambox\r\n");
+  send(conn->fd, SENDBUF, len, 0);
+
+  len = snprintf(SENDBUF, SENDBUFLEN, "telnet %s %d\r\n", scan_ip, scan_port);
+  send(conn->fd, SENDBUF, len, 0);
+
+  len = snprintf(SENDBUF, SENDBUFLEN, "nc %s %d\r\n", scan_ip, scan_port);
+  send(conn->fd, SENDBUF, len, 0);
+
+  return OPM_SUCCESS;
+}

diff --git a/src/libopm/src/proxy.h b/src/libopm/src/proxy.h
index dae8bc3b001c6020b86d698b1ae89fc97cde96d3..4fbc1e8b787524bc195fdf7a644d4b6cd815160f 100644 (file)
--- a/src/libopm/src/proxy.h
+++ b/src/libopm/src/proxy.h
@@ -9,4 +9,5 @@ int libopm_proxy_socks5_write(OPM_T *, OPM_SCAN_T *, OPM_CONNECTION_T *);
 int libopm_proxy_wingate_write(OPM_T *, OPM_SCAN_T *, OPM_CONNECTION_T *);
 int libopm_proxy_router_write(OPM_T *, OPM_SCAN_T *, OPM_CONNECTION_T *);
 int libopm_proxy_httppost_write(OPM_T *, OPM_SCAN_T *, OPM_CONNECTION_T *);
+int libopm_proxy_dreambox_write(OPM_T *, OPM_SCAN_T *, OPM_CONNECTION_T *);
 #endif /* PROXY_H */

diff --git a/src/scan.c b/src/scan.c
index 5faf22274d201245277cd2fcd985c4db1d0da835..1e9df6519ae7b5d53fe167991ac5810a5a4afe1c 100644 (file)
--- a/src/scan.c
+++ b/src/scan.c
@@ -150,7 +150,8 @@ scan_gettype(int protocol)
     { OPM_TYPE_SOCKS4,   "SOCKS4"   },
     { OPM_TYPE_SOCKS5,   "SOCKS5"   },
     { OPM_TYPE_WINGATE,  "WINGATE"  },
-    { OPM_TYPE_ROUTER,   "ROUTER"   }
+    { OPM_TYPE_ROUTER,   "ROUTER"   },
+    { OPM_TYPE_DREAMBOX, "DREAMBOX" }
   };
 
   for (unsigned int i = 0; i < (sizeof(protocols) / sizeof(struct protocol_assoc)); ++i)

diff --git a/src/stats.c b/src/stats.c
index 1f490b61c997aaa631bf4408601eacbd626168d5..3bb096bf60b1dcd04d5fb6a82d7ea67c96565ceb 100644 (file)
--- a/src/stats.c
+++ b/src/stats.c
@@ -52,7 +52,8 @@ static struct StatsHash STATS_PROXIES[] =
   { OPM_TYPE_SOCKS4,   0, "SOCKS4"   },
   { OPM_TYPE_SOCKS5,   0, "SOCKS5"   },
   { OPM_TYPE_ROUTER,   0, "ROUTER"   },
-  { OPM_TYPE_WINGATE,  0, "WINGATE"  }
+  { OPM_TYPE_WINGATE,  0, "WINGATE"  },
+  { OPM_TYPE_DREAMBOX, 0, "DREAMBOX" }
 };