mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-26 23:42:32 +03:00
1 line
7.1 KiB
JavaScript
1 line
7.1 KiB
JavaScript
module.exports=function CreateAmtRedirect(a){var b={};b.m=a;a.parent=b;b.State=0;b.net=require("net");b.tls=require("tls");b.socket=null;b.host=null;b.port=0;b.user=null;b.pass=null;b.connectstate=0;b.protocol=a.protocol;b.xtlsoptions=null;b.amtaccumulator=null;b.amtsequence=1;b.amtkeepalivetimer=null;b.authuri="/RedirectionService";b.digestRealmMatch=null;b.onStateChanged=null;b.Debug=function(d){console.log(d)};var c=null;b.Start=function(d,f,k,e,g,h,j){b.host=d;b.port=f;b.user=k;b.pass=e;b.xtls=g;b.xtlsoptions=j;b.xtlsFingerprint=h;b.connectstate=0;if(g==true){b.socket=b.tls.connect({host:d,port:f,rejectUnauthorized:false,checkServerIdentity:b.onCheckServerIdentity},b.xxOnSocketConnected)}else{b.socket=b.net.createConnection({host:d,port:f},b.xxOnSocketConnected)}b.socket.on("data",b.xxOnSocketData);b.socket.on("close",b.xxOnSocketClosed);b.socket.on("error",b.xxOnSocketClosed);b.xxStateChange(1)};b.onCheckServerIdentity=function(d){var e=d[0].fingerprint.split(":").join("").toLowerCase();if((b.xtlsFingerprint!=null)&&(b.xtlsFingerprint!=e)){console.log("Invalid TLS Cert, SHA384: "+e);process.exit(2);return}else{if(b.xtlsFingerprint==null){b.xtlsFingerprint=e;console.log("TLS Cert SHA384: "+e)}}};b.xxOnSocketConnected=function(){if(b.socket==null){return}if(c&&c.redirtrace){console.log("REDIR-CONNECTED")}b.xxStateChange(2);if(b.protocol==1){b.xxSend(b.RedirectStartSol)}else{if(b.protocol==2){b.xxSend(b.RedirectStartKvm)}else{if(b.protocol==3){b.xxSend(b.RedirectStartIder)}}}};b.xxOnSocketData=function(n){if(!n||b.connectstate==-1){return}if(c&&c.redirtrace){console.log("REDIR-RECV("+n.length+"): "+n.toString("hex"))}if((b.protocol==2||b.protocol==3)&&b.connectstate==1){return b.m.ProcessData(n)}if(b.amtaccumulator==null){b.amtaccumulator=n}else{b.amtaccumulator=Buffer.concat(b.amtaccumulator,n)}while(b.amtaccumulator!=null){var j=0;switch(b.amtaccumulator[0]){case 17:if(b.amtaccumulator.length<4){return}var z=b.amtaccumulator[1];switch(z){case 0:if(b.amtaccumulator.length<13){return}var s=b.amtaccumulator[12];if(b.amtaccumulator.length<13+s){return}b.xxSend(String.fromCharCode(19,0,0,0,0,0,0,0,0));j=(13+s);break;default:b.Stop();break}break;case 20:if(b.amtaccumulator.length<9){return}var f=b.amtaccumulator.readInt32LE(5);if(b.amtaccumulator.length<9+f){return}var y=b.amtaccumulator[1];var g=b.amtaccumulator[4];var d=[];for(i=0;i<f;i++){d.push(b.amtaccumulator[9+i])}var e=b.amtaccumulator.slice(9,9+f);j=9+f;if(g==0){if(d.indexOf(4)>=0){b.xxSend(String.fromCharCode(19,0,0,0,4)+IntToStrX(b.user.length+b.authuri.length+8)+String.fromCharCode(b.user.length)+b.user+String.fromCharCode(0,0)+String.fromCharCode(b.authuri.length)+b.authuri+String.fromCharCode(0,0,0,0))}else{if(d.indexOf(3)>=0){b.xxSend(String.fromCharCode(19,0,0,0,3)+IntToStrX(b.user.length+b.authuri.length+7)+String.fromCharCode(b.user.length)+b.user+String.fromCharCode(0,0)+String.fromCharCode(b.authuri.length)+b.authuri+String.fromCharCode(0,0,0))}else{if(d.indexOf(1)>=0){b.xxSend(String.fromCharCode(19,0,0,0,1)+IntToStrX(b.user.length+b.pass.length+2)+String.fromCharCode(b.user.length)+b.user+String.fromCharCode(b.pass.length)+b.pass)}else{b.Stop()}}}}else{if((g==3||g==4)&&y==1){var m=0;var w=e[m];var v=e.slice(m+1,m+1+w).toString();m+=(w+1);if(b.digestRealmMatch&&(b.digestRealmMatch!=v)){b.Stop();return}var r=e[m];var q=e.slice(m+1,m+1+r).toString();m+=(r+1);var u=0;var t=null;var k=b.xxRandomValueHex(32);var x="00000002";var p="";if(g==4){u=e[m];t=e.slice(m+1,m+1+u).toString();m+=(u+1);p=x+":"+k+":"+t+":"}var o=hex_md5(hex_md5(b.user+":"+v+":"+b.pass)+":"+q+":"+p+hex_md5("POST:"+b.authuri));var A=b.user.length+v.length+q.length+b.authuri.length+k.length+x.length+o.length+7;if(g==4){A+=(t.length+1)}var h=Buffer.concat([new Buffer([19,0,0,0,g]),new Buffer([A&255,(A>>8)&255,0,0]),new Buffer([b.user.length]),new Buffer(b.user),new Buffer([v.length]),new Buffer(v),new Buffer([q.length]),new Buffer(q),new Buffer([b.authuri.length]),new Buffer(b.authuri),new Buffer([k.length]),new Buffer(k),new Buffer([x.length]),new Buffer(x),new Buffer([o.length]),new Buffer(o)]);if(g==4){h=Buffer.concat([h,new Buffer([t.length]),new Buffer(t)])}b.xxSend(h)}else{if(y==0){if(b.protocol==1){}if(b.protocol==2){b.xxSend(new Buffer([64,0,0,0,0,0,0,0]))}if(b.protocol==3){b.connectstate=1;b.xxStateChange(3)}}else{b.Stop()}}}break;case 33:if(b.amtaccumulator.length<23){break}j=23;b.xxSend(String.fromCharCode(39,0,0,0)+ToIntStr(b.amtsequence++)+String.fromCharCode(0,0,27,0,0,0));if(b.protocol==1){b.amtkeepalivetimer=setInterval(b.xxSendAmtKeepAlive,2000)}b.connectstate=1;b.xxStateChange(3);break;case 41:if(b.amtaccumulator.length<10){break}j=10;break;case 42:if(b.amtaccumulator.length<10){break}var l=(10+((b.amtaccumulator[9]&255)<<8)+(b.amtaccumulator[8]&255));if(b.amtaccumulator.length<l){break}b.m.ProcessData(b.amtaccumulator.substring(10,l));j=l;break;case 43:if(b.amtaccumulator.length<8){break}j=8;break;case 65:if(b.amtaccumulator.length<8){break}b.connectstate=1;b.m.Start();if(b.amtaccumulator.length>8){b.m.ProcessData(b.amtaccumulator.substring(8))}j=b.amtaccumulator.length;break;default:console.log("Unknown Intel AMT command: "+b.amtaccumulator[0]+" acclen="+b.amtaccumulator.length);b.Stop();return}if(j==0){return}if(j==b.amtaccumulator.length){b.amtaccumulator=null}else{b.amtaccumulator=b.amtaccumulator.slice(j)}}};b.xxSend=function(d){if(c&&c.redirtrace){console.log("REDIR-SEND("+d.length+"): "+rstr2hex(d))}if(typeof d=="string"){b.socket.write(new Buffer(d,"binary"))}else{b.socket.write(d)}};b.Send=function(d){if(b.socket==null||b.connectstate!=1){return}if(b.protocol==1){b.xxSend(String.fromCharCode(40,0,0,0)+ToIntStr(b.amtsequence++)+ToShortStr(d.length)+d)}else{b.xxSend(d)}};b.xxSendAmtKeepAlive=function(){if(b.socket==null){return}b.xxSend(String.fromCharCode(43,0,0,0)+ToIntStr(b.amtsequence++))};b.xxRandomValueHex=function(f){var g=[],e=Math.floor(f/2);for(var d=0;d<e;d++){g.push(b.tls.generateRandomInteger("0","255"))}return new Buffer(g).toString("hex")};b.xxOnSocketClosed=function(){b.socket=null;if(c&&c.redirtrace){console.log("REDIR-CLOSED")}b.Stop()};b.xxStateChange=function(d){if(b.State==d){return}b.State=d;b.m.xxStateChange(b.State);if(b.onStateChanged!=null){b.onStateChanged(b,b.State)}};b.Stop=function(){if(c&&c.redirtrace){console.log("REDIR-CLOSED")}b.xxStateChange(0);b.connectstate=-1;b.amtaccumulator="";if(b.socket!=null){b.socket.destroy();b.socket=null}if(b.amtkeepalivetimer!=null){clearInterval(b.amtkeepalivetimer);b.amtkeepalivetimer=null}};b.RedirectStartSol=new Buffer([16,0,0,0,83,79,76,32]);b.RedirectStartKvm=new Buffer([16,1,0,0,75,86,77,82]);b.RedirectStartIder=new Buffer([16,0,0,0,73,68,69,82]);return b};function ToIntStr(a){return String.fromCharCode((a&255),((a>>8)&255),((a>>16)&255),((a>>24)&255))}function ToShortStr(a){return String.fromCharCode((a&255),((a>>8)&255))}function ShortToStr(a){return String.fromCharCode((a>>8)&255,a&255)}function ShortToStrX(a){return String.fromCharCode(a&255,(a>>8)&255)}function IntToStr(a){return String.fromCharCode((a>>24)&255,(a>>16)&255,(a>>8)&255,a&255)}function IntToStrX(a){return String.fromCharCode(a&255,(a>>8)&255,(a>>16)&255,(a>>24)&255)}var md5hasher=require("MD5Stream").create();function hex_md5(b){return md5hasher.syncHash(b).toString("hex").toLowerCase()}; |