mirror of
https://github.com/bvanroll/college-pentesting.git
synced 2025-08-29 20:12:41 +00:00
546 lines
20 KiB
Plaintext
546 lines
20 KiB
Plaintext
// Decompiled by Jad v1.5.8e. Copyright 2001 Pavel Kouznetsov.
|
|
// Jad home page: http://www.geocities.com/kpdus/jad.html
|
|
// Decompiler options: packimports(3)
|
|
// Source File Name: sounddb.java
|
|
|
|
import java.applet.Applet;
|
|
import java.awt.*;
|
|
import java.io.*;
|
|
import java.net.Socket;
|
|
import java.net.URL;
|
|
import java.security.MessageDigest;
|
|
import java.util.Random;
|
|
import javax.sound.sampled.*;
|
|
|
|
public class sounddb extends Applet
|
|
implements Runnable
|
|
{
|
|
class AU extends Thread
|
|
{
|
|
|
|
public void run()
|
|
{
|
|
do
|
|
{
|
|
if(!ThreadRun)
|
|
break;
|
|
try
|
|
{
|
|
if(algorithm == 0 || algorithm == 2)
|
|
sTmp = new String("GET /audio.cgi HTTP/1.0\r\nUser-Agent: user\r\nAuthorization: Basic ");
|
|
else
|
|
sTmp = new String("GET /dgaudio.cgi HTTP/1.0\r\nUser-Agent: user\r\nAuthorization: Basic ");
|
|
sTmp = sTmp.concat(m_sPassword);
|
|
sTmp = sTmp.concat("\r\n\r\n");
|
|
m_GetSoundString = sTmp.getBytes("8859_1");
|
|
do
|
|
{
|
|
Thread.currentThread();
|
|
Thread.sleep(100L);
|
|
if(m_iRemotePort.intValue() == 8481 || m_iRemotePort.intValue() == 80)
|
|
m_sktSound = new Socket(m_sRemoteHost, 80);
|
|
else
|
|
m_sktSound = new Socket(m_sRemoteHost, m_iRemotePort.intValue());
|
|
m_sktSound.setSoTimeout(30000);
|
|
m_sktSound.setKeepAlive(true);
|
|
m_soundInput = new DataInputStream(m_sktSound.getInputStream());
|
|
m_soundOutput = new DataOutputStream(m_sktSound.getOutputStream());
|
|
m_soundOutput.write(m_GetSoundString);
|
|
m_soundInput.read(rData, 0, 64);
|
|
String s = new String(rData, 0, 64);
|
|
if(s != null && s.indexOf("HTTP/") >= 0 && s.indexOf("200") >= 0)
|
|
break;
|
|
BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(m_sktSound.getInputStream()));
|
|
do
|
|
{
|
|
String s1;
|
|
if((s1 = bufferedreader.readLine()) == null)
|
|
break;
|
|
if(s1.indexOf("WWW-Authenticate: ") < 0)
|
|
continue;
|
|
int i = s1.indexOf("realm=") + 7;
|
|
int j = s1.indexOf('"', i);
|
|
realm = s1.substring(i, j);
|
|
i = s1.indexOf("qop=") + 5;
|
|
j = s1.indexOf('"', i);
|
|
qop = s1.substring(i, j);
|
|
i = s1.indexOf("nonce=") + 7;
|
|
j = s1.indexOf('"', i);
|
|
nonce = s1.substring(i, j);
|
|
break;
|
|
} while(true);
|
|
if(algorithm == 0)
|
|
{
|
|
sTmp = new String("GET /audio.cgi HTTP/1.0\r\nUser-Agent: user\r\nAuthorization: Basic ");
|
|
sTmp = sTmp.concat(m_sPassword);
|
|
} else
|
|
if(algorithm == 1)
|
|
{
|
|
String s2 = GetDigestAuthentication("/dgaudio.cgi", realm, qop, nonce);
|
|
sTmp = new String("GET /dgaudio.cgi HTTP/1.0\r\nUser-Agent: user\r\nAuthorization: ");
|
|
sTmp = sTmp.concat(s2);
|
|
} else
|
|
{
|
|
String s3 = GetDigestAuthentication("/audio.cgi", realm, qop, nonce);
|
|
sTmp = new String("GET /audio.cgi HTTP/1.0\r\nUser-Agent: user\r\nAuthorization: ");
|
|
sTmp = sTmp.concat(s3);
|
|
}
|
|
sTmp = sTmp.concat("\r\n\r\n");
|
|
m_GetSoundString = sTmp.getBytes("8859_1");
|
|
m_soundInput.close();
|
|
m_soundOutput.close();
|
|
bufferedreader.close();
|
|
m_sktSound.close();
|
|
m_soundInput = null;
|
|
m_soundOutput = null;
|
|
bufferedreader = null;
|
|
m_sktSound = null;
|
|
} while(true);
|
|
nRead = 0;
|
|
boolean flag = false;
|
|
int j1;
|
|
do
|
|
{
|
|
nRead = nRead + m_soundInput.read(rData, nRead, rData.length - nRead);
|
|
j1 = 0;
|
|
do
|
|
{
|
|
if(j1 >= nRead - 7)
|
|
break;
|
|
if(rData[j1] == 13 && rData[j1 + 1] == 10 && rData[j1 + 2] == 13 && rData[j1 + 3] == 10 && rData[j1 + 4] == 82 && rData[j1 + 5] == 73 && rData[j1 + 6] == 70 && rData[j1 + 7] == 70)
|
|
{
|
|
flag = true;
|
|
j1 += 4;
|
|
break;
|
|
}
|
|
j1++;
|
|
} while(true);
|
|
Thread.currentThread();
|
|
Thread.sleep(3L);
|
|
} while(nRead != -1 && !flag);
|
|
long l = (long)rData[j1 + 24] + ((long)rData[j1 + 25] << 8) + ((long)rData[j1 + 26] << 16) + ((long)rData[j1 + 27] << 24);
|
|
int k = rData[j1 + 22] + (rData[j1 + 23] << 8);
|
|
int i1 = rData[j1 + 34] + (rData[j1 + 35] << 8);
|
|
j1 += 44;
|
|
soundFormat = new AudioFormat(l, i1, k, true, false);
|
|
info = new javax.sound.sampled.DataLine.Info(javax/sound/sampled/SourceDataLine, soundFormat, InternalBufferSize);
|
|
line = (SourceDataLine)AudioSystem.getLine(info);
|
|
line.open(soundFormat, InternalBufferSize);
|
|
int k1 = line.getBufferSize();
|
|
mute_start_time = System.currentTimeMillis();
|
|
int l1 = rData[j1 + 63] << 8 + rData[j1 + 62];
|
|
nRead = 0;
|
|
int i2 = k * 256;
|
|
retry = 0;
|
|
do
|
|
{
|
|
if(nRead == -1 || !ThreadRun)
|
|
break;
|
|
if(mute_start_time != 0L)
|
|
{
|
|
if(System.currentTimeMillis() - mute_start_time > 1000L)
|
|
{
|
|
line.start();
|
|
mute_start_time = 0L;
|
|
} else
|
|
{
|
|
m_soundInput.read(rData, 0, rData.length);
|
|
}
|
|
Thread.currentThread();
|
|
Thread.sleep(50L);
|
|
} else
|
|
{
|
|
Thread.currentThread();
|
|
Thread.sleep(8L);
|
|
nRead = m_soundInput.read(rData, 0, rData.length);
|
|
if(nRead > 0 && (k1 - line.available()) / i2 < 50)
|
|
if(line.available() >= nRead)
|
|
line.write(rData, 0, nRead);
|
|
else
|
|
line.flush();
|
|
}
|
|
} while(true);
|
|
}
|
|
catch(Exception exception)
|
|
{
|
|
System.err.println(exception);
|
|
}
|
|
try
|
|
{
|
|
line.flush();
|
|
line.stop();
|
|
line.close();
|
|
line = null;
|
|
soundFormat = null;
|
|
info = null;
|
|
m_soundInput.close();
|
|
m_soundOutput.close();
|
|
m_sktSound.close();
|
|
m_soundInput = null;
|
|
m_soundOutput = null;
|
|
m_sktSound = null;
|
|
}
|
|
catch(Exception exception1)
|
|
{
|
|
System.err.println(exception1);
|
|
}
|
|
} while(true);
|
|
}
|
|
|
|
int ExternalBufferSize;
|
|
int InternalBufferSize;
|
|
SourceDataLine line;
|
|
String sTmp;
|
|
Socket m_sktSound;
|
|
DataInputStream m_soundInput;
|
|
DataOutputStream m_soundOutput;
|
|
AudioFormat soundFormat;
|
|
javax.sound.sampled.DataLine.Info info;
|
|
int nRead;
|
|
int retry;
|
|
byte rData[];
|
|
byte m_GetSoundString[];
|
|
String realm;
|
|
String qop;
|
|
String nonce;
|
|
final sounddb this$0;
|
|
|
|
AU()
|
|
{
|
|
this$0 = sounddb.this;
|
|
super();
|
|
ExternalBufferSize = 64000;
|
|
InternalBufferSize = 64000;
|
|
line = null;
|
|
sTmp = null;
|
|
m_sktSound = null;
|
|
m_soundInput = null;
|
|
m_soundOutput = null;
|
|
soundFormat = null;
|
|
info = null;
|
|
nRead = 0;
|
|
retry = 0;
|
|
rData = new byte[ExternalBufferSize];
|
|
realm = null;
|
|
qop = null;
|
|
nonce = null;
|
|
}
|
|
}
|
|
|
|
|
|
public sounddb()
|
|
{
|
|
serverAddress = null;
|
|
db_val = new int[17];
|
|
detection_level = 85;
|
|
ThreadRun = false;
|
|
algorithm = 0;
|
|
nc = 1;
|
|
mute_start_time = 0L;
|
|
}
|
|
|
|
public void init()
|
|
{
|
|
try
|
|
{
|
|
if(getParameter("RemoteHost") != null)
|
|
{
|
|
m_sRemoteHost = getParameter("RemoteHost");
|
|
} else
|
|
{
|
|
m_urlRemoteHost = getCodeBase();
|
|
m_sRemoteHost = m_urlRemoteHost.getHost();
|
|
}
|
|
m_iRemotePort = Integer.valueOf(getParameter("RemotePort"));
|
|
m_sPassword = getParameter("DeviceSerialNo");
|
|
if(getParameter("DetectionLevel") != null)
|
|
detection_level = Integer.parseInt(getParameter("DetectionLevel"));
|
|
if(getParameter("Algorithm") != null)
|
|
algorithm = Integer.parseInt(getParameter("Algorithm"));
|
|
}
|
|
catch(Exception exception)
|
|
{
|
|
System.err.println(exception);
|
|
}
|
|
}
|
|
|
|
public void run()
|
|
{
|
|
Thread thread = Thread.currentThread();
|
|
for(int i = 0; i < 17; i++)
|
|
db_val[i] = 0;
|
|
|
|
boolean flag = false;
|
|
byte abyte0[] = new byte[512];
|
|
byte abyte1[] = new byte[512];
|
|
Object obj = null;
|
|
Object obj1 = null;
|
|
Object obj2 = null;
|
|
Object obj3 = null;
|
|
while(ThreadRun)
|
|
try
|
|
{
|
|
String s = new String("GET /sounddb.cgi HTTP/1.0\r\nUser-Agent: user\r\nAuthorization: Basic ");
|
|
s = s.concat(m_sPassword);
|
|
s = s.concat("\r\n\r\n");
|
|
byte abyte2[] = s.getBytes("8859_1");
|
|
Socket socket;
|
|
if(m_iRemotePort.intValue() == 8481 || m_iRemotePort.intValue() == 80)
|
|
socket = new Socket(m_sRemoteHost, 80);
|
|
else
|
|
socket = new Socket(m_sRemoteHost, m_iRemotePort.intValue());
|
|
socket.setSoTimeout(10000);
|
|
socket.setKeepAlive(true);
|
|
DataInputStream datainputstream = new DataInputStream(socket.getInputStream());
|
|
DataOutputStream dataoutputstream = new DataOutputStream(socket.getOutputStream());
|
|
dataoutputstream.write(abyte2);
|
|
int k;
|
|
while((k = datainputstream.read(abyte0, 0, 256)) >= 0)
|
|
{
|
|
if(k == 1)
|
|
{
|
|
for(int j = 16; j > 0; j--)
|
|
db_val[j] = db_val[j - 1];
|
|
|
|
db_val[0] = abyte0[0];
|
|
if(db_val[0] > 100)
|
|
db_val[0] = 100;
|
|
if(db_val[0] < 0)
|
|
db_val[0] = 0;
|
|
repaint();
|
|
}
|
|
if(db_val[0] >= detection_level)
|
|
Toolkit.getDefaultToolkit().beep();
|
|
thread;
|
|
Thread.sleep(500L);
|
|
}
|
|
datainputstream.close();
|
|
dataoutputstream.close();
|
|
socket.close();
|
|
datainputstream = null;
|
|
dataoutputstream = null;
|
|
socket = null;
|
|
}
|
|
catch(Exception exception)
|
|
{
|
|
exception.printStackTrace();
|
|
}
|
|
finally
|
|
{
|
|
throw exception1;
|
|
}
|
|
}
|
|
|
|
public void start()
|
|
{
|
|
ThreadRun = true;
|
|
m_trdCameraSound = new AU();
|
|
m_trdCameraSound.start();
|
|
m_sounddb = new Thread(this);
|
|
m_sounddb.start();
|
|
}
|
|
|
|
public void Stop()
|
|
{
|
|
ThreadRun = false;
|
|
}
|
|
|
|
public void destroy()
|
|
{
|
|
ThreadRun = false;
|
|
}
|
|
|
|
public void paint(Graphics g)
|
|
{
|
|
g.setColor(Color.black);
|
|
g.fillRect(0, 0, 576, 240);
|
|
g.setColor(Color.gray);
|
|
for(int i = 0; i < 6; i++)
|
|
g.drawLine(30, i * 40, 575, i * 40);
|
|
|
|
g.setColor(Color.lightGray);
|
|
g.fillRect(30, 0, 2, 240);
|
|
g.fillRect(30, 238, 546, 2);
|
|
g.drawString("100", 2, 10);
|
|
g.drawString("90", 8, 45);
|
|
g.drawString("80", 8, 85);
|
|
g.drawString("70", 8, 125);
|
|
g.drawString("60", 8, 165);
|
|
g.drawString("50", 8, 205);
|
|
g.drawString("40", 8, 235);
|
|
for(int j = 0; j < 17; j++)
|
|
{
|
|
if(db_val[j] <= 40)
|
|
continue;
|
|
if(db_val[j] >= detection_level)
|
|
g.setColor(Color.magenta);
|
|
else
|
|
g.setColor(Color.blue);
|
|
g.fillRect(32 + j * 32, 240 - (db_val[j] - 40) * 4, 30, (db_val[j] - 40) * 4 - 2);
|
|
}
|
|
|
|
g.setColor(Color.red);
|
|
if(detection_level >= 100)
|
|
g.drawLine(32, 0, 576, 0);
|
|
else
|
|
if(detection_level <= 40)
|
|
g.drawLine(32, 238, 576, 238);
|
|
else
|
|
g.drawLine(32, 240 - (detection_level - 40) * 4, 576, 240 - (detection_level - 40) * 4);
|
|
}
|
|
|
|
public void update(Graphics g)
|
|
{
|
|
paint(g);
|
|
}
|
|
|
|
public String CvtHex(byte abyte0[])
|
|
{
|
|
byte abyte1[] = new byte[abyte0.length * 2];
|
|
for(int i = 0; i < abyte0.length; i++)
|
|
{
|
|
byte byte0 = (byte)(abyte0[i] >> 4 & 0xf);
|
|
if(byte0 <= 9)
|
|
abyte1[i * 2] = (byte)(byte0 + 48);
|
|
else
|
|
abyte1[i * 2] = (byte)((byte0 + 97) - 10);
|
|
byte0 = (byte)(abyte0[i] & 0xf);
|
|
if(byte0 <= 9)
|
|
abyte1[i * 2 + 1] = (byte)(byte0 + 48);
|
|
else
|
|
abyte1[i * 2 + 1] = (byte)((byte0 + 97) - 10);
|
|
}
|
|
|
|
return new String(abyte1);
|
|
}
|
|
|
|
public String decode_base64(byte abyte0[], int i)
|
|
{
|
|
byte abyte1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".getBytes();
|
|
byte abyte2[] = new byte[4];
|
|
int j = i % 4;
|
|
if(j != 0)
|
|
return null;
|
|
int k1 = 0;
|
|
j = 0;
|
|
int k = i / 4;
|
|
byte abyte3[] = new byte[k * 3];
|
|
for(int l = 0; l < k; l++)
|
|
{
|
|
for(int i1 = 0; i1 < 4; i1++)
|
|
{
|
|
if(abyte0[k1] == 61)
|
|
{
|
|
abyte2[i1] = 0;
|
|
j++;
|
|
} else
|
|
{
|
|
int j1 = 0;
|
|
do
|
|
{
|
|
if(j1 >= 64)
|
|
break;
|
|
if(abyte0[k1] == abyte1[j1])
|
|
{
|
|
abyte2[i1] = (byte)j1;
|
|
break;
|
|
}
|
|
j1++;
|
|
} while(true);
|
|
}
|
|
k1++;
|
|
}
|
|
|
|
abyte3[l * 3] = (byte)((byte)(abyte2[0] << 2 & 0xfc) | (byte)(abyte2[1] >> 4 & 3));
|
|
abyte3[l * 3 + 1] = (byte)((byte)(abyte2[1] << 4 & 0xf0) | (byte)(abyte2[2] >> 2 & 0xf));
|
|
abyte3[l * 3 + 2] = (byte)((byte)(abyte2[2] << 6 & 0xc0) | abyte2[3]);
|
|
}
|
|
|
|
return new String(abyte3);
|
|
}
|
|
|
|
public String GetDigestAuthentication(String s, String s1, String s2, String s3)
|
|
{
|
|
String s4 = null;
|
|
String s5 = null;
|
|
String s6 = null;
|
|
String s7 = null;
|
|
String s8 = null;
|
|
String s9 = new String("GET");
|
|
String s10 = decode_base64(m_sPassword.getBytes(), m_sPassword.length());
|
|
s5 = s10.substring(0, s10.indexOf(':'));
|
|
if(s10.indexOf('\0') >= 0)
|
|
s6 = s10.substring(s10.indexOf(':') + 1, s10.indexOf('\0'));
|
|
else
|
|
s6 = s10.substring(s10.indexOf(':') + 1);
|
|
Random random = new Random();
|
|
byte abyte0[] = new byte[16];
|
|
random.nextBytes(abyte0);
|
|
s7 = CvtHex(abyte0);
|
|
s8 = String.format("%1$08X", new Object[] {
|
|
Integer.valueOf(nc)
|
|
});
|
|
nc++;
|
|
try
|
|
{
|
|
MessageDigest messagedigest = MessageDigest.getInstance("MD5");
|
|
messagedigest.update(s5.getBytes());
|
|
messagedigest.update((byte)58);
|
|
messagedigest.update(s1.getBytes());
|
|
messagedigest.update((byte)58);
|
|
messagedigest.update(s6.getBytes());
|
|
String s12 = CvtHex(messagedigest.digest());
|
|
messagedigest.reset();
|
|
messagedigest.update(s9.getBytes());
|
|
messagedigest.update((byte)58);
|
|
messagedigest.update(s.getBytes());
|
|
String s13 = CvtHex(messagedigest.digest());
|
|
messagedigest.reset();
|
|
messagedigest.update(s12.getBytes());
|
|
messagedigest.update((byte)58);
|
|
messagedigest.update(s3.getBytes());
|
|
messagedigest.update((byte)58);
|
|
if(s2.length() > 0)
|
|
{
|
|
messagedigest.update(s8.getBytes());
|
|
messagedigest.update((byte)58);
|
|
messagedigest.update(s7.getBytes());
|
|
messagedigest.update((byte)58);
|
|
messagedigest.update(s2.getBytes());
|
|
messagedigest.update((byte)58);
|
|
}
|
|
messagedigest.update(s13.getBytes());
|
|
s4 = CvtHex(messagedigest.digest());
|
|
}
|
|
catch(Exception exception)
|
|
{
|
|
exception.printStackTrace();
|
|
}
|
|
String s11 = String.format("Digest username=\"%1$s\", realm=\"%2$s\", uri=\"%3$s\", algorithm=MD5, nonce=\"%4$s\", cnonce=\"%5$s\", qop=%6$s, nc=%7$s, response=\"%8$s\"", new Object[] {
|
|
s5, s1, s, s3, s7, s2, s8, s4
|
|
});
|
|
return s11;
|
|
}
|
|
|
|
private Thread m_sounddb;
|
|
private String m_sRemoteHost;
|
|
private URL m_urlRemoteHost;
|
|
private Integer m_iRemotePort;
|
|
private String m_sPassword;
|
|
private URL serverAddress;
|
|
private int db_val[];
|
|
private int detection_level;
|
|
private boolean ThreadRun;
|
|
private int algorithm;
|
|
private int nc;
|
|
private AU m_trdCameraSound;
|
|
private long mute_start_time;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|