From bbab443f8803ddad658a1378cdc26879fec13876 Mon Sep 17 00:00:00 2001 From: Geoffrey <11151445+g3offrey@users.noreply.github.com> Date: Fri, 2 Oct 2020 16:31:10 +0200 Subject: [PATCH 1/5] html_encode the + character --- hydra-http-form.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hydra-http-form.c b/hydra-http-form.c index eb5a4ce..db1e84e 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -576,6 +576,8 @@ char *html_encode(char *string) { ret = hydra_strrep(ret, "#", "%23"); if (index(ret, '=') != NULL) ret = hydra_strrep(ret, "=", "%3D"); + if (index(ret, '+') != NULL) + ret = hydra_strrep(ret, "+", "%2B"); return ret; } From 631a61be8e4a5907be6b91773dc3d04360ba7718 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 16 Oct 2020 13:49:07 +0200 Subject: [PATCH 2/5] fix http-post-form optional parameter parsing --- CHANGES | 8 +++++++- hydra-http-form.c | 36 +++++++++++++++++++----------------- hydra.c | 2 +- 3 files changed, 27 insertions(+), 19 deletions(-) diff --git a/CHANGES b/CHANGES index 8ca1b75..f537d9b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,8 +1,14 @@ Changelog for hydra ------------------- -Release 9.1-dev + +Release 9.2-dev +* fix for http-post-form optional parameters * enable gcc 10 support for xhydra too :) +* msys support + + +Release 9.1-dev * rdb: support for libfreerdp3 (thanks to animetauren) * new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!) * oracle: added success condition (thanks to kazkansouh), compile on Cygwin (thanks to maaaaz) diff --git a/hydra-http-form.c b/hydra-http-form.c index eb5a4ce..92d5a9f 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -400,6 +400,10 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { * Beware of the backslashes (\)! */ while (*miscptr != 0) { + if (strlen(miscptr) < 3 || miscptr[1] != '=') { + hydra_report(stderr, "[ERROR] optional parameters must have the format X=value: %s\n", miscptr); + return 0; + } switch (miscptr[0]) { case 'a': // fall through case 'A': // only for http, not http-form! @@ -504,7 +508,9 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { // Error: abort execution hydra_report(stderr, "[ERROR] Out of memory for HTTP headers (H).\n"); return 0; - // no default + default: + hydra_report(stderr, "[ERROR] no valid optional parameter type given: %c\n", miscptr[0]); + return 0; } } return 1; @@ -1197,7 +1203,7 @@ void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *mi service_http_form(ip, sp, options, miscptr, fp, port, hostname, "GET", &ptr_head, &ptr_cookie); else { hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(1); + hydra_child_exit(2); } } @@ -1209,7 +1215,7 @@ void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *m service_http_form(ip, sp, options, miscptr, fp, port, hostname, "POST", &ptr_head, &ptr_cookie); else { hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(1); + hydra_child_exit(2); } } @@ -1224,6 +1230,8 @@ int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char // 0 all OK // -1 error, hydra will exit, so print a good error message here + if (initialize(ip, options, miscptr) == NULL) return 1; + return 0; } @@ -1281,22 +1289,16 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr++; if (*ptr != 0) *ptr++ = 0; + cond = ptr; - if ((ptr2 = rindex(ptr, ':')) != NULL) { - cond = ptr2 + 1; - *ptr2 = 0; + if ((ptr2 = index(ptr, ':')) != NULL) { + *ptr2++ = 0; + if (*ptr2) + optional1 = ptr2; + else + optional1 = NULL; } else - cond = ptr; - /* - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - */ - if (ptr == cond) optional1 = NULL; - else - optional1 = ptr; if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { @@ -1332,7 +1334,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { sprintf(cookieurl, "%.1000s", url); // conditions now have to contain F or S to set the fail or success condition - if (*cond != 0 && (strpos(cond, "F=") == 0)) { + if (strpos(cond, "F=") == 0) { success_cond = 0; cond += 2; } else if (*cond != 0 && (strpos(cond, "S=") == 0)) { diff --git a/hydra.c b/hydra.c index 4971317..ac3511e 100644 --- a/hydra.c +++ b/hydra.c @@ -225,7 +225,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.1" +#define VERSION "v9.2-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From be654c6bac504dc4912f087b2025d3596c27f093 Mon Sep 17 00:00:00 2001 From: ddeka2910 <60925700+ddeka2910@users.noreply.github.com> Date: Tue, 20 Oct 2020 21:02:17 +0530 Subject: [PATCH 3/5] As is --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 19f1e15..7985412 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,4 @@ + language: c sudo: required dist: trusty From 2d0723b281da199bb539064bc8e48e21f13d7c31 Mon Sep 17 00:00:00 2001 From: ddeka2910 <60925700+ddeka2910@users.noreply.github.com> Date: Tue, 20 Oct 2020 21:04:31 +0530 Subject: [PATCH 4/5] Add architecture ppc64le to travis build --- .travis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 7985412..ad0b541 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,12 @@ - language: c sudo: required dist: trusty os: - linux - osx +arch: + - amd64 + - ppc64le compiler: - clang - gcc From 1df1d63c4fcc44d0cb1c0384a71120dfb0de3ff1 Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Wed, 11 Nov 2020 11:18:04 +0000 Subject: [PATCH 5/5] smb2: fix parsing of miscptr --- hydra-smb2.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/hydra-smb2.c b/hydra-smb2.c index a09490d..7c22bf1 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -126,8 +126,13 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { */ switch (errno) { + case ENOENT: + // Noticed this when connecting to older samba servers on linux + // where any credentials are accepted. + hydra_report(stderr, "[WARNING] %s might accept any credential\n", server); case EINVAL: // 22 - // probably password ok + // probably password ok, nominal case when connecting to a windows + // smb server with good credentials. smbc_free_context(ctx, 1); return true; break; @@ -147,6 +152,9 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { case ECONNREFUSED: // there are probably more codes that could be added here to // indicate connection errors. + hydra_report(stderr, + "[ERROR] Error %s (%d) while connecting to %s\n", + strerror(errno), errno, server); smbc_free_context(ctx, 1); EXIT_CONNECTION_ERROR; break; @@ -202,6 +210,11 @@ int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *mis continue; } if (CMP(tkn_workgroup, miscptr)) { + if (workgroup != default_workgroup) { + // miscptr has already been processed, goto end + miscptr += strlen(miscptr) + 1; + continue; + } miscptr += sizeof(tkn_workgroup) - 1; char *p = strchr(miscptr, '}'); if (p == NULL) { @@ -217,6 +230,11 @@ int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *mis continue; } if (CMP(tkn_netbios, miscptr)) { + if (netbios_name != NULL) { + // miscptr has already been processed, goto end + miscptr += strlen(miscptr) + 1; + continue; + } miscptr += sizeof(tkn_netbios) - 1; char *p = strchr(miscptr, '}'); if (p == NULL) {