mirror of
https://github.com/vanhauser-thc/thc-hydra.git
synced 2025-07-05 20:41:39 -07:00
van Hauser
GitHub
commit
09453c7be8
4 changed files with 137 additions and 3 deletions
|
|
@ -17,7 +17,7 @@ APPDIR = /share/applications
|
|||
SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \
|
||||
hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \
|
||||
hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \
|
||||
hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \
|
||||
hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-cobaltstrike.c hydra-xmpp.c \
|
||||
hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \
|
||||
hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \
|
||||
hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \
|
||||
|
|
@ -31,7 +31,7 @@ SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \
|
|||
OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \
|
||||
hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \
|
||||
hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \
|
||||
hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \
|
||||
hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \
|
||||
hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \
|
||||
hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \
|
||||
hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \
|
||||
|
|
|
|||
126
hydra-cobaltstrike.c
Normal file
126
hydra-cobaltstrike.c
Normal file
|
|
@ -0,0 +1,126 @@
|
|||
#include "hydra-mod.h"
|
||||
|
||||
#define CSLEN 256
|
||||
|
||||
extern char *HYDRA_EXIT;
|
||||
char *buf;
|
||||
|
||||
int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
|
||||
char *empty = "";
|
||||
char *pass, buffer[4 + 1 + 256];
|
||||
char cs_pass[CSLEN + 1];
|
||||
unsigned char len_pass;
|
||||
unsigned char reply_byte_0;
|
||||
unsigned char reply_byte_1;
|
||||
unsigned char reply_byte_2;
|
||||
unsigned char reply_byte_3;
|
||||
int32_t ret = -1;
|
||||
|
||||
if (strlen(pass = hydra_get_next_password()) == 0)
|
||||
pass = empty;
|
||||
if (strlen(pass) > CSLEN)
|
||||
pass[CSLEN - 1] = 0;
|
||||
len_pass = strlen(pass);
|
||||
memset(cs_pass, 0, CSLEN + 1);
|
||||
strcpy(cs_pass, pass);
|
||||
|
||||
memset(buffer, 0x41, sizeof(buffer));
|
||||
buffer[0] = 0x00;
|
||||
buffer[1] = 0x00;
|
||||
buffer[2] = 0xBE;
|
||||
buffer[3] = 0xEF;
|
||||
memcpy(buffer + 4, &len_pass, 1);
|
||||
memcpy(buffer + 5, cs_pass, len_pass);
|
||||
|
||||
if (hydra_send(s, buffer, sizeof(buffer), 0) < 0)
|
||||
return 1;
|
||||
|
||||
reply_byte_0 = 0x00;
|
||||
ret = hydra_recv_nb(s, &reply_byte_0, 1);
|
||||
if (ret <= 0)
|
||||
return 3;
|
||||
|
||||
reply_byte_1 = 0x00;
|
||||
ret = hydra_recv_nb(s, &reply_byte_1, 1);
|
||||
if (ret <= 0)
|
||||
return 3;
|
||||
|
||||
reply_byte_2 = 0x00;
|
||||
ret = hydra_recv_nb(s, &reply_byte_2, 1);
|
||||
if (ret <= 0)
|
||||
return 3;
|
||||
|
||||
reply_byte_3 = 0x00;
|
||||
ret = hydra_recv_nb(s, &reply_byte_3, 1);
|
||||
if (ret <= 0)
|
||||
return 3;
|
||||
|
||||
if (reply_byte_0 == 0x00 && reply_byte_1 == 0x00 && reply_byte_2 == 0xCA && reply_byte_3 == 0xFE) {
|
||||
hydra_report_found_host(port, ip, "cobaltstrike", fp);
|
||||
hydra_completed_pair_found();
|
||||
free(buf);
|
||||
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
|
||||
return 2;
|
||||
return 1;
|
||||
}
|
||||
|
||||
free(buf);
|
||||
hydra_completed_pair();
|
||||
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
|
||||
return 2;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
void service_cobaltstrike(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
|
||||
int32_t run = 1, next_run = 1, sock = -1;
|
||||
int32_t mysslport = PORT_COBALTSTRIKE_SSL;
|
||||
|
||||
hydra_register_socket(sp);
|
||||
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
|
||||
return;
|
||||
while (1) {
|
||||
switch (run) {
|
||||
case 1: /* connect and service init function */
|
||||
if (port != 0)
|
||||
mysslport = port;
|
||||
sock = hydra_connect_ssl(ip, mysslport, hostname);
|
||||
port = mysslport;
|
||||
if (sock < 0) {
|
||||
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
|
||||
hydra_child_exit(1);
|
||||
}
|
||||
next_run = start_cobaltstrike(sock, ip, port, options, miscptr, fp);
|
||||
hydra_disconnect(sock);
|
||||
break;
|
||||
case 2: /* clean exit */
|
||||
if (sock >= 0)
|
||||
sock = hydra_disconnect(sock);
|
||||
hydra_child_exit(0);
|
||||
return;
|
||||
case 3: /* clean exit */
|
||||
if (sock >= 0)
|
||||
sock = hydra_disconnect(sock);
|
||||
hydra_child_exit(2);
|
||||
return;
|
||||
default:
|
||||
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
|
||||
hydra_child_exit(2);
|
||||
}
|
||||
run = next_run;
|
||||
}
|
||||
}
|
||||
|
||||
int32_t service_cobaltstrike_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
|
||||
// called before the childrens are forked off, so this is the function
|
||||
// which should be filled if initial connections and service setup has to be
|
||||
// performed once only.
|
||||
//
|
||||
// fill if needed.
|
||||
//
|
||||
// return codes:
|
||||
// 0 all OK
|
||||
// -1 error, hydra will exit, so print a good error message here
|
||||
|
||||
return 0;
|
||||
}
|
||||
8
hydra.c
8
hydra.c
|
|
@ -78,6 +78,7 @@ extern void service_http_post_form(char *ip, int32_t sp, unsigned char options,
|
|||
extern void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
|
||||
extern void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
|
||||
extern void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
|
||||
extern void service_cobaltstrike(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
|
||||
extern void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
|
||||
extern void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
|
||||
extern void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
|
||||
|
|
@ -178,6 +179,7 @@ extern int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, ch
|
|||
extern int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
|
||||
extern int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
|
||||
extern int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
|
||||
extern int32_t service_cobaltstrike_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
|
||||
extern int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
|
||||
extern int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
|
||||
extern int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
|
||||
|
|
@ -202,7 +204,7 @@ extern int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, ch
|
|||
extern int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
|
||||
|
||||
// ADD NEW SERVICES HERE
|
||||
char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] "
|
||||
char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs firebird ftp[s] "
|
||||
"http[s]-{head|get|post} http[s]-{get|post}-form http-proxy "
|
||||
"http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] "
|
||||
"memcached mongodb mssql mysql ncp nntp oracle oracle-listener oracle-sid "
|
||||
|
|
@ -402,6 +404,7 @@ static const struct {
|
|||
{"memcached", service_mcached_init, service_mcached, NULL},
|
||||
#endif
|
||||
SERVICE(mssql),
|
||||
SERVICE(cobaltstrike),
|
||||
#ifdef LIBMONGODB
|
||||
SERVICE3("mongodb", mongodb),
|
||||
#endif
|
||||
|
|
@ -1344,6 +1347,7 @@ int32_t hydra_lookup_port(char *service) {
|
|||
{"memcached", PORT_MCACHED, PORT_MCACHED_SSL},
|
||||
{"mongodb", PORT_MONGODB, PORT_MONGODB},
|
||||
{"mssql", PORT_MSSQL, PORT_MSSQL_SSL},
|
||||
{"cobaltstrike", PORT_COBALTSTRIKE, PORT_COBALTSTRIKE_SSL},
|
||||
{"mysql", PORT_MYSQL, PORT_MYSQL_SSL},
|
||||
{"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL},
|
||||
{"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL},
|
||||
|
|
@ -2800,6 +2804,8 @@ int main(int argc, char *argv[]) {
|
|||
}
|
||||
if (strcmp(hydra_options.service, "mssql") == 0)
|
||||
i = 1;
|
||||
if (strcmp(hydra_options.service, "cobaltstrike") == 0)
|
||||
i = 2;
|
||||
if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) {
|
||||
i = 2;
|
||||
hydra_options.service = malloc(strlen("oracle-listener") + 1);
|
||||
|
|
|
|||
2
hydra.h
2
hydra.h
|
|
@ -101,6 +101,8 @@
|
|||
#define PORT_MYSQL_SSL 3306
|
||||
#define PORT_MSSQL 1433
|
||||
#define PORT_MSSQL_SSL 1433
|
||||
#define PORT_COBALTSTRIKE 50050
|
||||
#define PORT_COBALTSTRIKE_SSL 50050
|
||||
#define PORT_POSTGRES 5432
|
||||
#define PORT_POSTGRES_SSL 5432
|
||||
#define PORT_ORACLE 1521
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue