github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-06 04:51:40 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into master

Browse source
This commit is contained in:
e2002e 2020-11-14 13:22:53 +00:00 committed by GitHub
commit 026ea7017e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 53 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.travis.yml
View file

@ -4,6 +4,9 @@ dist: trusty
os: os:
- linux - linux
- osx - osx
arch:
- amd64
- ppc64le
compiler: compiler:
- clang - clang
- gcc - gcc

8
CHANGES
View file

@ -1,8 +1,14 @@
Changelog for hydra Changelog for hydra
------------------- -------------------
Release 9.1-dev
Release 9.2-dev
* fix for http-post-form optional parameters
* enable gcc 10 support for xhydra too :) * enable gcc 10 support for xhydra too :)
* msys support
Release 9.1-dev
* rdb: support for libfreerdp3 (thanks to animetauren) * rdb: support for libfreerdp3 (thanks to animetauren)
* new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!) * new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!)
* oracle: added success condition (thanks to kazkansouh), compile on Cygwin (thanks to maaaaz) * oracle: added success condition (thanks to kazkansouh), compile on Cygwin (thanks to maaaaz)

41
hydra-http-form.c
View file

@ -400,6 +400,10 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
* Beware of the backslashes (\)! * Beware of the backslashes (\)!
*/ */
while (*miscptr != 0) { while (*miscptr != 0) {
if (strlen(miscptr) < 3 || miscptr[1] != '=') {
hydra_report(stderr, "[ERROR] optional parameters must have the format X=value: %s\n", miscptr);
return 0;
}
switch (miscptr[0]) { switch (miscptr[0]) {
case 'a': // fall through case 'a': // fall through
case 'A': // only for http, not http-form! case 'A': // only for http, not http-form!
@ -504,7 +508,9 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
// Error: abort execution // Error: abort execution
hydra_report(stderr, "[ERROR] Out of memory for HTTP headers (H).\n"); hydra_report(stderr, "[ERROR] Out of memory for HTTP headers (H).\n");
return 0; return 0;
// no default default:
hydra_report(stderr, "[ERROR] no valid optional parameter type given: %c\n", miscptr[0]);
return 0;
} }
} }
return 1; return 1;
@ -576,6 +582,8 @@ char *html_encode(char *string) {
ret = hydra_strrep(ret, "#", "%23"); ret = hydra_strrep(ret, "#", "%23");
if (index(ret, '=') != NULL) if (index(ret, '=') != NULL)
ret = hydra_strrep(ret, "=", "%3D"); ret = hydra_strrep(ret, "=", "%3D");
if (index(ret, '+') != NULL)
ret = hydra_strrep(ret, "+", "%2B");
return ret; return ret;
} }
@ -1197,7 +1205,7 @@ void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *mi
service_http_form(ip, sp, options, miscptr, fp, port, hostname, "GET", &ptr_head, &ptr_cookie); service_http_form(ip, sp, options, miscptr, fp, port, hostname, "GET", &ptr_head, &ptr_cookie);
else { else {
hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n");
hydra_child_exit(1); hydra_child_exit(2);
} }
} }
@ -1209,7 +1217,7 @@ void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *m
service_http_form(ip, sp, options, miscptr, fp, port, hostname, "POST", &ptr_head, &ptr_cookie); service_http_form(ip, sp, options, miscptr, fp, port, hostname, "POST", &ptr_head, &ptr_cookie);
else { else {
hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n");
hydra_child_exit(1); hydra_child_exit(2);
} }
} }
@ -1224,6 +1232,8 @@ int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char
// 0 all OK // 0 all OK
// -1 error, hydra will exit, so print a good error message here // -1 error, hydra will exit, so print a good error message here
if (initialize(ip, options, miscptr) == NULL) return 1;
return 0; return 0;
} }
@ -1281,22 +1291,17 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
ptr++; ptr++;
if (*ptr != 0) if (*ptr != 0)
*ptr++ = 0; *ptr++ = 0;
if ((ptr2 = rindex(ptr, ':')) != NULL) { cond = ptr;
cond = ptr2 + 1;
*ptr2 = 0; if ((ptr2 = index(ptr, ':')) != NULL) {
*ptr2++ = 0;
if (*ptr2)
optional1 = ptr2;
else
optional1 = NULL;
} else } else
cond = ptr;
/*
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
ptr++;
if (*ptr != 0)
*ptr++ = 0;
*/
if (ptr == cond)
optional1 = NULL; optional1 = NULL;
else
optional1 = ptr;
if (strstr(url, "\\:") != NULL) { if (strstr(url, "\\:") != NULL) {
if ((ptr = malloc(strlen(url))) != NULL) { if ((ptr = malloc(strlen(url))) != NULL) {
@ -1332,7 +1337,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
sprintf(cookieurl, "%.1000s", url); sprintf(cookieurl, "%.1000s", url);
// conditions now have to contain F or S to set the fail or success condition // conditions now have to contain F or S to set the fail or success condition
if (*cond != 0 && (strpos(cond, "F=") == 0)) { if (strpos(cond, "F=") == 0) {
success_cond = 0; success_cond = 0;
cond += 2; cond += 2;
} else if (*cond != 0 && (strpos(cond, "S=") == 0)) { } else if (*cond != 0 && (strpos(cond, "S=") == 0)) {

20
hydra-smb2.c
View file

@ -126,8 +126,13 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) {
*/ */
switch (errno) { switch (errno) {
case ENOENT:
// Noticed this when connecting to older samba servers on linux
// where any credentials are accepted.
hydra_report(stderr, "[WARNING] %s might accept any credential\n", server);
case EINVAL: // 22 case EINVAL: // 22
// probably password ok // probably password ok, nominal case when connecting to a windows
// smb server with good credentials.
smbc_free_context(ctx, 1); smbc_free_context(ctx, 1);
return true; return true;
break; break;
@ -147,6 +152,9 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) {
case ECONNREFUSED: case ECONNREFUSED:
// there are probably more codes that could be added here to // there are probably more codes that could be added here to
// indicate connection errors. // indicate connection errors.
hydra_report(stderr,
"[ERROR] Error %s (%d) while connecting to %s\n",
strerror(errno), errno, server);
smbc_free_context(ctx, 1); smbc_free_context(ctx, 1);
EXIT_CONNECTION_ERROR; EXIT_CONNECTION_ERROR;
break; break;
@ -202,6 +210,11 @@ int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *mis
continue; continue;
} }
if (CMP(tkn_workgroup, miscptr)) { if (CMP(tkn_workgroup, miscptr)) {
if (workgroup != default_workgroup) {
// miscptr has already been processed, goto end
miscptr += strlen(miscptr) + 1;
continue;
}
miscptr += sizeof(tkn_workgroup) - 1; miscptr += sizeof(tkn_workgroup) - 1;
char *p = strchr(miscptr, '}'); char *p = strchr(miscptr, '}');
if (p == NULL) { if (p == NULL) {
@ -217,6 +230,11 @@ int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *mis
continue; continue;
} }
if (CMP(tkn_netbios, miscptr)) { if (CMP(tkn_netbios, miscptr)) {
if (netbios_name != NULL) {
// miscptr has already been processed, goto end
miscptr += strlen(miscptr) + 1;
continue;
}
miscptr += sizeof(tkn_netbios) - 1; miscptr += sizeof(tkn_netbios) - 1;
char *p = strchr(miscptr, '}'); char *p = strchr(miscptr, '}');
if (p == NULL) { if (p == NULL) {

2
hydra.c
View file

@ -225,7 +225,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] "
#define RESTOREFILE "./hydra.restore" #define RESTOREFILE "./hydra.restore"
#define PROGRAM "Hydra" #define PROGRAM "Hydra"
#define VERSION "v9.1" #define VERSION "v9.2-dev"
#define AUTHOR "van Hauser/THC" #define AUTHOR "van Hauser/THC"
#define EMAIL "<vh@thc.org>" #define EMAIL "<vh@thc.org>"
#define AUTHOR2 "David Maciejak" #define AUTHOR2 "David Maciejak"