Navigation

← Previous Changeset
Next Changeset →

Changeset 836

Timestamp:

02/06/07 16:16:50 (2 years ago)

Author:

common

Message:

nepenthes

make hexdump an Event, idea from daniel.frasnelli@verizonbusiness.com, will improve performance on high load sensors

Files:

nepenthes/trunk/modules/dnsresolve-adns/dnsresolve-adns.cpp (modified) (1 diff)
nepenthes/trunk/modules/download-creceive/CReceiveDialogue.cpp (modified) (1 diff)
nepenthes/trunk/modules/download-http/HTTPDialogue.cpp (modified) (1 diff)
nepenthes/trunk/modules/download-link/LinkDialogue.cpp (modified) (1 diff)
nepenthes/trunk/modules/module-portwatch/WatchDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/modules/shellcode-generic/sch_generic_cmd.cpp (modified) (1 diff)
nepenthes/trunk/modules/shellcode-generic/sch_generic_leimbach_url_xor.cpp (modified) (1 diff)
nepenthes/trunk/modules/shellcode-generic/sch_generic_url.cpp (modified) (1 diff)
nepenthes/trunk/modules/shellemu-winnt/VFSCommandFTP.cpp (modified) (1 diff)
nepenthes/trunk/modules/submit-gotek/gotekCTRLDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/modules/submit-gotek/gotekDATADialogue.cpp (modified) (1 diff)
nepenthes/trunk/modules/vuln-asn1/IISDialogue.cpp (modified) (3 diffs)
nepenthes/trunk/modules/vuln-asn1/SMBDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/modules/vuln-bagle/BagleDialogue.cpp (modified) (1 diff)
nepenthes/trunk/modules/vuln-dameware/DWDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/modules/vuln-dcom/DCOMDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/modules/vuln-ftpd/vuln-ftpd.cpp (modified) (3 diffs)
nepenthes/trunk/modules/vuln-iis/IISDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/modules/vuln-lsass/LSASSDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/modules/vuln-msdtc/MSDTCDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/modules/vuln-msmq/MSMQDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/modules/vuln-mssql/MSSQLDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/modules/vuln-netbiosname/SMBNameDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/modules/vuln-netdde/NETDDEDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/modules/vuln-optix/OPTIXShellDialogue.cpp (modified) (1 diff)
nepenthes/trunk/modules/vuln-pnp/PNPDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/modules/vuln-realvnc/vuln-realvnc.cpp (modified) (3 diffs)
nepenthes/trunk/modules/vuln-sasserftpd/SasserFTPDDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/modules/vuln-upnp/UPNPDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/modules/vuln-veritas/VERITASDialogue.cpp (modified) (3 diffs)
nepenthes/trunk/modules/vuln-wins/WINSDialogue.cpp (modified) (2 diffs)
nepenthes/trunk/nepenthes-core/include/DNSQuery.hpp (modified) (1 diff)
nepenthes/trunk/nepenthes-core/include/Event.hpp (modified) (1 diff)
nepenthes/trunk/nepenthes-core/include/SocketEvent.hpp (modified) (1 diff)
nepenthes/trunk/nepenthes-core/include/Utilities.hpp (modified) (1 diff)
nepenthes/trunk/nepenthes-core/src/DNSQuery.cpp (modified) (1 diff)
nepenthes/trunk/nepenthes-core/src/DNSResult.cpp (modified) (1 diff)
nepenthes/trunk/nepenthes-core/src/LogManager.cpp (modified) (1 diff)
nepenthes/trunk/nepenthes-core/src/Utilities.cpp (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

nepenthes/trunk/modules/dnsresolve-adns/dnsresolve-adns.cpp

r550 r836

48 48
49 49 #include "EventManager.hpp"
50 #include "Nepenthes.hpp"
50 51
51 52 using namespace std;

nepenthes/trunk/modules/download-creceive/CReceiveDialogue.cpp

r630	r836
88	88	CReceiveDialogue::~CReceiveDialogue()
89	89	{
90		// ~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *)m_Buffer->getData(),m_Buffer->getSize());
	90	// HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize());
91	91	// delete m_Buffer;
92	92	delete m_Download;

nepenthes/trunk/modules/download-http/HTTPDialogue.cpp

r550	r836
179	179	{
180	180	logWarn("HTTP ERROR header found %i\n", size);
181		g_Nepenthes->getUtilities()->hexdump((byte *)start,size);
	181	// g_Nepenthes->getUtilities()->hexdump((byte *)start,size);
182	182	return CL_DROP;
183	183	}else

nepenthes/trunk/modules/download-link/LinkDialogue.cpp

r550	r836
123	123	{
124	124	m_Buffer->add(msg->getMsg(),msg->getSize());
125		// ~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *)m_Buffer->getData(),m_Buffer->getSize());
	125	// HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize());
126	126	msg->getResponder()->doRespond((char *)&m_Challenge,4);
127	127

nepenthes/trunk/modules/module-portwatch/WatchDialogue.cpp

r332	r836
48	48	#include "Utilities.hpp"
49	49
	50	#include "EventManager.hpp"
	51	#include "SocketEvent.hpp"
	52
50	53	#ifdef STDTAGS
51	54	#undef STDTAGS
…	…
78	81	{
79	82	logWarn("Unknown WatchDialogue %i bytes, port %i\n",m_Buffer->getSize(), m_Socket->getLocalPort());
80		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *) m_Buffer->getData(), m_Buffer->getSize());
	83	HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize());
81	84	delete m_Buffer;
82	85	}

nepenthes/trunk/modules/shellcode-generic/sch_generic_cmd.cpp

r550	r836
96	96	{
97	97	// logDebug("GenricCMD (improve pcre debug) (%i bytes)\n",(*msg)->getSize());
98		// ~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte )(msg)->getMsg(),(*msg)->getSize());
	98	// HEXDUMP(m_Socket,(byte )(msg)->getMsg(),(*msg)->getSize());
99	99
100	100	const char * pRemoteCommand;

nepenthes/trunk/modules/shellcode-generic/sch_generic_leimbach_url_xor.cpp

r341	r836
204	204	pcre_free_substring(xordecoder);
205	205
206		g_Nepenthes->getUtilities()->hexdump(l_crit,(byte *)newshellcode, len);
	206	// g_Nepenthes->getUtilities()->hexdump(l_crit,(byte *)newshellcode, len);
207	207
208	208	Message newMessage = new Message((char )newshellcode, len, (msg)->getLocalPort(), (msg)->getRemotePort(),

nepenthes/trunk/modules/shellcode-generic/sch_generic_url.cpp

r341	r836
120	120	if((iResult = pcre_exec(m_pcre, 0, (char ) shellcode, len, 0, 0, (int )piOutput, sizeof(piOutput)/sizeof(int32_t))) > 0)
121	121	{
122		// ~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,shellcode,len);
	122	// HEXDUMP(m_Socket,shellcode,len);
123	123	const char * pUrl;
124	124

nepenthes/trunk/modules/shellemu-winnt/VFSCommandFTP.cpp

r555	r836
426	426	remotehost = m_VFS->getDialogue()->getSocket()->getRemoteHost();
427	427	localhost = m_VFS->getDialogue()->getSocket()->getLocalHost();
428
429	428	}
430	429

nepenthes/trunk/modules/submit-gotek/gotekCTRLDialogue.cpp

r550	r836
113	113	unsigned char sessionkey[8];
114	114	memcpy((char )sessionkey,(char )m_Buffer->getData(),8);
115		g_Nepenthes->getUtilities()->hexdump(sessionkey,8);
	115	// g_Nepenthes->getUtilities()->hexdump(sessionkey,8);
116	116
117	117
…	…
129	129	memset(hashme,0,1032);
130	130
131		g_Nepenthes->getUtilities()->hexdump(g_GotekSubmitHandler->getCommunityKey(),1024);
	131	// g_Nepenthes->getUtilities()->hexdump(g_GotekSubmitHandler->getCommunityKey(),1024);
132	132	memcpy(hashme,g_GotekSubmitHandler->getCommunityKey(),1024);
133	133	memcpy(hashme+1024,sessionkey,8);
134		g_Nepenthes->getUtilities()->hexdump(hashme, 1032);
	134	// g_Nepenthes->getUtilities()->hexdump(hashme, 1032);
135	135
136	136	g_Nepenthes->getUtilities()->sha512(hashme, 1032, hash);
137		g_Nepenthes->getUtilities()->hexdump(hash,64);
	137	// g_Nepenthes->getUtilities()->hexdump(hash,64);
138	138
139	139	m_Socket->doRespond((char *)hash,64);

nepenthes/trunk/modules/submit-gotek/gotekDATADialogue.cpp

r515	r836
174	174	memset(hashme,0,1032);
175	175
176		g_Nepenthes->getUtilities()->hexdump(g_GotekSubmitHandler->getCommunityKey(),1024);
	176	// g_Nepenthes->getUtilities()->hexdump(g_GotekSubmitHandler->getCommunityKey(),1024);
177	177	memcpy(hashme,g_GotekSubmitHandler->getCommunityKey(),1024);
178	178	memcpy(hashme+1024,&sessionkey,8);

nepenthes/trunk/modules/vuln-asn1/IISDialogue.cpp

r332	r836
44	44	#include "Socket.hpp"
45	45
	46	#include "EventManager.hpp"
	47	#include "SocketEvent.hpp"
	48
46	49	#ifdef STDTAGS
47	50	#undef STDTAGS
…	…
80	83	case IIS_GET:
81	84	logWarn("Unknown IIS %i bytes State %i\n",m_Buffer->getSize(), m_State);
82		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *) m_Buffer->getData(), m_Buffer->getSize());
	85	HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize());
83	86	break;
84	87
…	…
103	106	{
104	107	m_Buffer->add(msg->getMsg(),msg->getSize());
105		// ~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *) m_Buffer->getData(), m_Buffer->getSize());
	108	// HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize());
106	109
107	110	// FIXME this can only recognize urldownloadtofile foobar

nepenthes/trunk/modules/vuln-asn1/SMBDialogue.cpp

r550	r836
44	44	#include "ShellcodeManager.hpp"
45	45
	46	#include "EventManager.hpp"
	47	#include "SocketEvent.hpp"
	48
46	49	#include "vuln-asn1.hpp"
	50
	51
47	52
48	53	#ifdef STDTAGS
…	…
228	233	{
229	234	logWarn("Unknown %s Shellcode (Buffer %i bytes) (State %i)\n","ASN1_SMB",m_Buffer->getSize(),m_State);
230		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *)m_Buffer->getData(),m_Buffer->getSize());
231		}
	235	HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize());
	236	}

nepenthes/trunk/modules/vuln-bagle/BagleDialogue.cpp

r538	r836
125	125
126	126	logCrit("Unknown Bagle Auth (%i)\n",m_Buffer->getSize());
127		g_Nepenthes->getUtilities()->hexdump(l_crit \| STDTAGS ,(byte *)m_Buffer->getData(),m_Buffer->getSize());
	127	// g_Nepenthes->getUtilities()->hexdump(l_crit \| STDTAGS ,(byte *)m_Buffer->getData(),m_Buffer->getSize());
128	128	if (m_Buffer->getSize() > 128 )
129	129	return CL_DROP;

nepenthes/trunk/modules/vuln-dameware/DWDialogue.cpp

r332	r836
48	48
49	49	#include "Utilities.hpp"
	50
	51	#include "EventManager.hpp"
	52	#include "SocketEvent.hpp"
50	53
51	54	#ifdef STDTAGS
…	…
210	213	{
211	214	logWarn("Unknown %s Shellcode (Buffer %i bytes) (State %i)\n","DameWare",m_Buffer->getSize(),m_State);
212		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *)m_Buffer->getData(),m_Buffer->getSize());
213		}
	215	HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize());
	216	}

nepenthes/trunk/modules/vuln-dcom/DCOMDialogue.cpp

r550	r836
40	40
41	41
	42	#include "EventManager.hpp"
	43	#include "SocketEvent.hpp"
	44
	45
42	46	#ifdef STDTAGS
43	47	#undef STDTAGS
…	…
235	239	{
236	240	logWarn("Unknown %s Shellcode (Buffer %i bytes) (State %i)\n","DCOM",m_Buffer->getSize(),m_State);
237		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *)m_Buffer->getData(),m_Buffer->getSize());
238		}
	241	HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize());
	242	}

nepenthes/trunk/modules/vuln-ftpd/vuln-ftpd.cpp

r550	r836
56	56	#include "Utilities.hpp"
57	57
	58	#include "EventManager.hpp"
	59	#include "SocketEvent.hpp"
	60
58	61	#ifdef STDTAGS
59	62	#undef STDTAGS
…	…
221	224	bool buffercut=false;
222	225
223		g_Nepenthes->getUtilities()->hexdump((byte *) m_Buffer->getData(),m_Buffer->getSize());
	226	// g_Nepenthes->getUtilities()->hexdump((byte *) m_Buffer->getData(),m_Buffer->getSize());
224	227	while ( i < m_Buffer->getSize() )
225	228	{
…	…
419	422	{
420	423	logWarn("Unknown exploit %i bytes \n",m_Shellcode->getSize());
421		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *) m_Shellcode->getData(), m_Shellcode->getSize());
	424	HEXDUMP(m_Socket,(byte *) m_Shellcode->getData(), m_Shellcode->getSize());
422	425	}
423	426

nepenthes/trunk/modules/vuln-iis/IISDialogue.cpp

r332	r836
50	50	#include "Message.cpp"
51	51
	52	#include "EventManager.hpp"
	53	#include "SocketEvent.hpp"
	54
52	55	#ifdef STDTAGS
53	56	#undef STDTAGS
…	…
86	89	case IIS_SSL:
87	90	logWarn("Unknown IIS SSL exploit %i bytes State %i\n",m_Buffer->getSize(), m_State);
88		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *) m_Buffer->getData(), m_Buffer->getSize());
	91	HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize());
89	92	break;
90	93

nepenthes/trunk/modules/vuln-lsass/LSASSDialogue.cpp

r332	r836
47	47	#include "Buffer.cpp"
48	48
	49	#include "EventManager.hpp"
	50	#include "SocketEvent.hpp"
49	51
50	52	#ifdef STDTAGS
…	…
282	284	{
283	285	logWarn("Unknown %s Shellcode (Buffer %i bytes) (State %i)\n","LSASS",m_Buffer->getSize(),m_State);
284		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *)m_Buffer->getData(),m_Buffer->getSize());
285		}
286
	286	HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize());
	287	}
	288

nepenthes/trunk/modules/vuln-msdtc/MSDTCDialogue.cpp

r339	r836
39	39	#include "Utilities.hpp"
40	40
	41	#include "EventManager.hpp"
	42	#include "SocketEvent.hpp"
41	43
42	44	#ifdef STDTAGS
…	…
182	184	{
183	185	logWarn("Unknown %s Shellcode (Buffer %i bytes) (State %i)\n","MSDTC",m_Buffer->getSize(),m_State);
184		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *)m_Buffer->getData(),m_Buffer->getSize());
	186	HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize());
185	187	}

nepenthes/trunk/modules/vuln-msmq/MSMQDialogue.cpp

r332	r836
44	44	#include "LogManager.hpp"
45	45
	46	#include "EventManager.hpp"
	47	#include "SocketEvent.hpp"
46	48
47	49	using namespace nepenthes;
…	…
74	76	case MSMQ_SHELLCODE:
75	77	logWarn("Unknown MSMQ exploit %i bytes State %i\n",m_Buffer->getSize(), m_State);
76		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *) m_Buffer->getData(), m_Buffer->getSize());
	78	HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize());
77	79	break;
78	80

nepenthes/trunk/modules/vuln-mssql/MSSQLDialogue.cpp

r550	r836
41	41
42	42	#include "Utilities.hpp"
	43
	44	#include "EventManager.hpp"
	45	#include "SocketEvent.hpp"
43	46
44	47	#ifdef STDTAGS
…	…
116	119	else
117	120	{ // hexdump it
118		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte*)msg->getMsg(),msg->getSize());
	121	HEXDUMP(m_Socket,(byte*)msg->getMsg(),msg->getSize());
119	122
120	123	}

nepenthes/trunk/modules/vuln-netbiosname/SMBNameDialogue.cpp

r332	r836
50	50	#include "Utilities.hpp"
51	51
	52	#include "EventManager.hpp"
	53	#include "SocketEvent.hpp"
52	54
53	55	#ifdef STDTAGS
…	…
147	149	case SMBName_NULL:
148	150	logWarn("Unknown SMBName exploit %i bytes State %i\n",m_Buffer->getSize(), m_State);
149		// ~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *) m_Buffer->getData(), m_Buffer->getSize());
	151	// HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize());
150	152	break;
151	153

nepenthes/trunk/modules/vuln-netdde/NETDDEDialogue.cpp

r332	r836
50	50	#include "Utilities.hpp"
51	51
	52	#include "EventManager.hpp"
	53	#include "SocketEvent.hpp"
52	54
53	55	#ifdef STDTAGS
…	…
202	204	{
203	205	logWarn("Unknown NETDDE exploit %i bytes State %i\n",m_Buffer->getSize(), m_State);
204		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *) m_Buffer->getData(), m_Buffer->getSize());
205		}
	206	HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize());
	207	}

nepenthes/trunk/modules/vuln-optix/OPTIXShellDialogue.cpp

r332	r836
108	108	if (m_Buffer->getSize() >= 6)
109	109	{
110		g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize());
	110	// g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize());
111	111	// we could do this with pcre ...
112	112	if (memcmp(m_Buffer->getData(),"019¬\r\n",6) == 0)

nepenthes/trunk/modules/vuln-pnp/PNPDialogue.cpp

r332	r836
48	48	#include "Buffer.cpp"
49	49
	50	#include "EventManager.hpp"
	51	#include "SocketEvent.hpp"
50	52
51	53	#ifdef STDTAGS
…	…
277	279	{
278	280	logWarn("Unknown %s Shellcode (Buffer %i bytes) (State %i)\n","PNP",m_Buffer->getSize(),m_State);
279		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *)m_Buffer->getData(),m_Buffer->getSize());
280		}
	281	HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize());
	282	}

nepenthes/trunk/modules/vuln-realvnc/vuln-realvnc.cpp

r618	r836
247	247
248	248	logSpam("VNC_HANDSHAKE\n");
249		g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize());
	249	// g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize());
250	250	if (m_Buffer->getSize() >= strlen(rfb_version_003_008) &&
251	251	memcmp(m_Buffer->getData(),rfb_version_003_008,strlen(rfb_version_003_008)) == 0)
…	…
263	263	{
264	264	logSpam("VNC_AUTH\n");
265		g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize());
	265	// g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize());
266	266	if (m_Buffer->getSize() >= 1 )
267	267	{
…	…
547	547	case 6:
548	548	logSpam("ClientReq: CutEvent\n");
549		g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize());
	549	// g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize());
550	550	if (m_Buffer->getSize() >= 8 )
551	551	{

nepenthes/trunk/modules/vuln-sasserftpd/SasserFTPDDialogue.cpp

r332	r836
50	50	#include "Utilities.hpp"
51	51
	52	#include "EventManager.hpp"
	53	#include "SocketEvent.hpp"
52	54
53	55	#ifdef STDTAGS
…	…
220	222	{
221	223	logWarn("Unknown SasserFTPD exploit %i bytes State %i\n",m_Buffer->getSize(), m_State);
222		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *) m_Buffer->getData(), m_Buffer->getSize());
223		}
	224	HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize());
	225	}

nepenthes/trunk/modules/vuln-upnp/UPNPDialogue.cpp

r332	r836
50	50	#include "Utilities.hpp"
51	51
	52	#include "EventManager.hpp"
	53	#include "SocketEvent.hpp"
52	54
53	55	#ifdef STDTAGS
…	…
191	193	{
192	194	logWarn("Unknown UPNP exploit %i bytes State %i\n",m_Buffer->getSize(), m_State);
193		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *) m_Buffer->getData(), m_Buffer->getSize());
	195	HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize());
194	196	}

nepenthes/trunk/modules/vuln-veritas/VERITASDialogue.cpp

r332	r836
50	50	#include "Utilities.hpp"
51	51
	52	#include "EventManager.hpp"
	53	#include "SocketEvent.hpp"
52	54
53	55	#ifdef STDTAGS
…	…
99	101
100	102	logInfo("Traffic for VERITAS (%i bytes)\n",msg->getSize());
101		g_Nepenthes->getUtilities()->hexdump(STDTAGS\|l_warn,(byte *) m_Buffer->getData(), m_Buffer->getSize());
	103	// g_Nepenthes->getUtilities()->hexdump(STDTAGS\|l_warn,(byte *) m_Buffer->getData(), m_Buffer->getSize());
102	104
103	105	/*
…	…
190	192	{
191	193	logWarn("Unknown VERITAS exploit %i bytes State %i\n",m_Buffer->getSize(), m_State);
192		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *) m_Buffer->getData(), m_Buffer->getSize());
	194	HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize());
193	195	}

nepenthes/trunk/modules/vuln-wins/WINSDialogue.cpp

r332	r836
41	41
42	42	#include "Socket.hpp"
	43
	44	#include "EventManager.hpp"
	45	#include "SocketEvent.hpp"
43	46
44	47	#ifdef STDTAGS
…	…
124	127
125	128	logWarn("WINS unknown shellcode %i bytes State 0\n",m_Buffer->getSize());
126		~~g_Nepenthes->getUtilities()->hexdump(STDTAGS~~,(byte *) m_Buffer->getData(), m_Buffer->getSize());
	129	HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize());
127	130	}

nepenthes/trunk/nepenthes-core/include/DNSQuery.hpp

r332	r836
57	57
58	58	virtual DNSCallback *getCallback();
	59	virtual void cancelCallback();
59	60	virtual string getDNS();
60	61	virtual uint16_t getQueryType();

nepenthes/trunk/nepenthes-core/include/Event.hpp

r332	r836
72	72	#define EV_SHELLCODE_DONE 24
73	73
	74	#define EV_HEXDUMP 25
	75
74	76	class Event
75	77	{

nepenthes/trunk/nepenthes-core/include/SocketEvent.hpp

r332	r836
138	138	};
139	139
	140	#ifdef HAVE_DEBUG_LOGGING
	141	#define HEXDUMP(socket,data,size) \
	142	{ \
	143	HexdumpEvent *he = new HexdumpEvent(socket,data,size); \
	144	g_Nepenthes->getEventMgr()->handleEvent(he); \
	145	delete he; \
	146	}
	147	#else // HAVE_DEBUG_LOGGING
	148	#define HEXDUMP(socket,data,size)
	149	#endif // HAVE_DEBUG_LOGGING
	150
	151
	152
	153	class HexdumpEvent : public Event
	154	{
	155	public:
	156	HexdumpEvent(Socket s, void data, uint32_t size)
	157	{
	158	m_EventType = EV_HEXDUMP;
	159	m_Socket = s;
	160	m_Size = size;
	161	m_Data = data;
	162	}
	163
	164	virtual Socket *getSocket()
	165	{
	166	return m_Socket;
	167	}
	168
	169	virtual void *getData()
	170	{
	171	return m_Data;
	172	}
	173
	174	virtual uint32_t getSize()
	175	{
	176	return m_Size;
	177	}
	178
	179	private:
	180	Socket *m_Socket;
	181	void *m_Data;
	182	uint32_t m_Size;
	183	};
	184
140	185
141	186	}

nepenthes/trunk/nepenthes-core/include/Utilities.hpp

r332	r836
131	131	void MD5Update(struct MD5Context context, unsigned char const buf,unsigned len);
132	132	void MD5Final(unsigned char digest[16], struct MD5Context *context);
133
	133	/*
134	134	virtual void hexdump(byte *data, uint32_t len);
135	135	virtual void hexdump(uint32_t mask, byte *data, uint32_t len);
136
	136	*/
137	137	virtual unsigned char b64encode_alloc(unsigned char in);
138	138	virtual unsigned char b64encode_alloc(unsigned char in, int32_t inlen);

nepenthes/trunk/nepenthes-core/src/DNSQuery.cpp

r332	r836
55	55	}
56	56
	57
	58	/**
	59	* chancel the callback
	60	*/
	61	void DNSQuery::cancelCallback()
	62	{
	63	m_Callback = NULL;
	64	}
	65
57	66	/**
58	67	* get the dns to resolve

nepenthes/trunk/nepenthes-core/src/DNSResult.cpp

r332	r836
90	90	{
91	91	m_TXT.append(test->str,test->i);
92		g_Nepenthes->getUtilities()->hexdump((byte *)test->str,test->i);
	92	// g_Nepenthes->getUtilities()->hexdump((byte *)test->str,test->i);
93	93	test++;
94	94	}

nepenthes/trunk/nepenthes-core/src/LogManager.cpp

r675	r836
147	147	if ( m_Loggers.size() == 0)
148	148	{
149		printf("%s",message);
	149	// printf("%s",message);
150	150	return;
151	151	}

nepenthes/trunk/nepenthes-core/src/Utilities.cpp

r550	r836
340	340	// ENDOF MD5Sum
341	341
342
	342	/*
343	343
344	344	void Utilities::hexdump(byte *data, uint32_t len)
…	…
431	431	}
432	432
433
	433	*/
434	434
435	435

r550	r836
48	48
49	49	#include "EventManager.hpp"
	50	#include "Nepenthes.hpp"
50	51
51	52	using namespace std;

Navigation

Changeset 836

Legend:

Download in other formats: