gilles/cameradar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use older curl version to fix digest authentication (#252)

Browse Source
This commit is contained in:
Brendan Le Glaunec
2020-01-17 09:18:22 +01:00
committed by GitHub
parent d233fd850e
commit 04ab1cfc8d
3 changed files with 22 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+5 -1
View File
@@ -19,10 +19,14 @@ RUN go build -o cameradar
# Final stage # Final stage
FROM alpine FROM alpine
# Necessary to install curl v7.64.0-r3.
# Fix for https://github.com/Ullaakut/cameradar/issues/247
RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.9/main' >> /etc/apk/repositories
RUN apk --update add --no-cache nmap \ RUN apk --update add --no-cache nmap \
nmap-nselibs \ nmap-nselibs \
nmap-scripts \ nmap-scripts \
curl-dev curl-dev==7.64.0-r3
WORKDIR /app/cameradar WORKDIR /app/cameradar
COPY --from=build-env /go/src/github.com/Ullaakut/cameradar/dictionaries/ /app/dictionaries/ COPY --from=build-env /go/src/github.com/Ullaakut/cameradar/dictionaries/ /app/dictionaries/
README.md
+1 -1
View File
@@ -79,7 +79,7 @@ Only use this solution if for some reason using docker is not an option for you
### Dependencies ### Dependencies
* `go` (> `1.10`) * `go` (> `1.10`)
* `libcurl` development library * `libcurl` development library (**[version has to be <7.66.0](https://github.com/Ullaakut/cameradar/issues/247)**)
* For apt users: `apt install libcurl4-openssl-dev` * For apt users: `apt install libcurl4-openssl-dev`
### Steps to install ### Steps to install
attack.go
+16 -10
View File
@@ -191,17 +191,18 @@ func (s *Scanner) detectAuthMethod(stream Stream) int {
s.setCurlOptions(c) s.setCurlOptions(c)
_ = c.Setopt(curl.OPT_VERBOSE, 1)
// Send a request to the URL of the stream we want to attack. // Send a request to the URL of the stream we want to attack.
_ = c.Setopt(curl.OPT_URL, attackURL) _ = c.Setopt(curl.OPT_URL, attackURL)
// Set the RTSP STREAM URI as the stream URL. // Set the RTSP STREAM URI as the stream URL.
_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL) _ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
// 2 is CURL_RTSPREQ_DESCRIBE. _ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspDescribe)
_ = c.Setopt(curl.OPT_RTSP_REQUEST, 2)
// Perform the request. // Perform the request.
err := c.Perform() err := c.Perform()
if err != nil { if err != nil {
s.term.Errorf("Perform failed: %v", err) s.term.Errorf("Perform failed for %q (auth %d): %v", attackURL, stream.AuthenticationType, err)
return -1 return -1
} }
@@ -232,6 +233,8 @@ func (s *Scanner) routeAttack(stream Stream, route string) bool {
s.setCurlOptions(c) s.setCurlOptions(c)
_ = c.Setopt(curl.OPT_VERBOSE, 1)
// Set proper authentication type. // Set proper authentication type.
_ = c.Setopt(curl.OPT_HTTPAUTH, stream.AuthenticationType) _ = c.Setopt(curl.OPT_HTTPAUTH, stream.AuthenticationType)
_ = c.Setopt(curl.OPT_USERPWD, fmt.Sprint(stream.Username, ":", stream.Password)) _ = c.Setopt(curl.OPT_USERPWD, fmt.Sprint(stream.Username, ":", stream.Password))
@@ -240,13 +243,12 @@ func (s *Scanner) routeAttack(stream Stream, route string) bool {
_ = c.Setopt(curl.OPT_URL, attackURL) _ = c.Setopt(curl.OPT_URL, attackURL)
// Set the RTSP STREAM URI as the stream URL. // Set the RTSP STREAM URI as the stream URL.
_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL) _ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
// 2 is CURL_RTSPREQ_DESCRIBE.
_ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspDescribe) _ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspDescribe)
// Perform the request. // Perform the request.
err := c.Perform() err := c.Perform()
if err != nil { if err != nil {
s.term.Errorf("Perform failed: %v", err) s.term.Errorf("Perform failed for %q (auth %d): %v", attackURL, stream.AuthenticationType, err)
return false return false
} }
@@ -269,6 +271,10 @@ func (s *Scanner) routeAttack(stream Stream, route string) bool {
} }
func (s *Scanner) credAttack(stream Stream, username string, password string) bool { func (s *Scanner) credAttack(stream Stream, username string, password string) bool {
fmt.Println()
fmt.Println()
fmt.Println()
c := s.curl.Duphandle() c := s.curl.Duphandle()
attackURL := fmt.Sprintf( attackURL := fmt.Sprintf(
@@ -282,6 +288,8 @@ func (s *Scanner) credAttack(stream Stream, username string, password string) bo
s.setCurlOptions(c) s.setCurlOptions(c)
_ = c.Setopt(curl.OPT_VERBOSE, 1)
// Set proper authentication type. // Set proper authentication type.
_ = c.Setopt(curl.OPT_HTTPAUTH, stream.AuthenticationType) _ = c.Setopt(curl.OPT_HTTPAUTH, stream.AuthenticationType)
_ = c.Setopt(curl.OPT_USERPWD, fmt.Sprint(username, ":", password)) _ = c.Setopt(curl.OPT_USERPWD, fmt.Sprint(username, ":", password))
@@ -290,13 +298,12 @@ func (s *Scanner) credAttack(stream Stream, username string, password string) bo
_ = c.Setopt(curl.OPT_URL, attackURL) _ = c.Setopt(curl.OPT_URL, attackURL)
// Set the RTSP STREAM URI as the stream URL. // Set the RTSP STREAM URI as the stream URL.
_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL) _ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
// 2 is CURL_RTSPREQ_DESCRIBE. _ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspDescribe)
_ = c.Setopt(curl.OPT_RTSP_REQUEST, 2)
// Perform the request. // Perform the request.
err := c.Perform() err := c.Perform()
if err != nil { if err != nil {
s.term.Errorf("Perform failed: %v", err) s.term.Errorf("Perform failed for %q (auth %d): %v", attackURL, stream.AuthenticationType, err)
return false return false
} }
@@ -341,7 +348,6 @@ func (s *Scanner) validateStream(stream Stream) bool {
_ = c.Setopt(curl.OPT_URL, attackURL) _ = c.Setopt(curl.OPT_URL, attackURL)
// Set the RTSP STREAM URI as the stream URL. // Set the RTSP STREAM URI as the stream URL.
_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL) _ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
// 2 is CURL_RTSPREQ_SETUP.
_ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspSetup) _ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspSetup)
_ = c.Setopt(curl.OPT_RTSP_TRANSPORT, "RTP/AVP;unicast;client_port=33332-33333") _ = c.Setopt(curl.OPT_RTSP_TRANSPORT, "RTP/AVP;unicast;client_port=33332-33333")
@@ -349,7 +355,7 @@ func (s *Scanner) validateStream(stream Stream) bool {
// Perform the request. // Perform the request.
err := c.Perform() err := c.Perform()
if err != nil { if err != nil {
s.term.Errorf("Perform failed: %v", err) s.term.Errorf("Perform failed for %q (auth %d): %v", attackURL, stream.AuthenticationType, err)
return false return false
} }