From 0a0798739231237c9dde37cd6dad35d7b3d674ca Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 11 Sep 2014 20:34:44 +0200 Subject: [PATCH] david sadly cant help maintain hydra anymore --- CHANGES | 2 + README | 2 +- hydra-http-form.c | 1226 ++++++++++++++++++++++----------------------- hydra.1 | 2 +- hydra.c | 102 ++-- xhydra.1 | 2 +- 6 files changed, 666 insertions(+), 670 deletions(-) diff --git a/CHANGES b/CHANGES index 45c2b43..819ae41 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,8 @@ Changelog for hydra ------------------- Release 8.1-pre +* David Maciejak, my co-maintainer moved to a different job and country and can not help with Hydra anymore - sadly! Wish you all the best! +* Added patch Strunk18 which adds h/H header options for http-form-*, still buggy though * Fixed for cisco-enable if an intial Login/Password is used (thanks to joswr1te for reporting) * Added patch by tux-mind for better MySQL compilation and an Android patches and Makefile. Thanks! * Added xhydra gtk patch by Petar Kaleychev to support -e r reverse login attempt, thanks! diff --git a/README b/README index d53fbbf..369c182 100644 --- a/README +++ b/README @@ -3,7 +3,7 @@ (c) 2001-2014 by van Hauser / THC http://www.thc.org - co-maintained by David (dot) Maciejak @ gmail (dot) com + many modules were written by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal Licensed under AGPLv3 (see LICENSE file) diff --git a/hydra-http-form.c b/hydra-http-form.c index b818311..e2d0a8e 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1,4 +1,3 @@ - /* Hydra Form Module @@ -62,11 +61,11 @@ char *buf; char *cond; typedef struct header_node { - char *header; - char *value; - char type; - struct header_node *next; -}t_header_node, *ptr_header_node; + char *header; + char *value; + char type; + struct header_node *next; +} t_header_node, *ptr_header_node; int success_cond = 0; int getcookie = 1; @@ -81,28 +80,27 @@ char bufferurl[1024], cookieurl[1024] = "", userheader[1024] = "", *url, *variab #define MAX_REDIRECT 8 #define MAX_CONTENT_LENGTH 20 -#define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2 +#define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2 char redirected_url_buff[2048] = ""; int redirected_flag = 0; int redirected_cpt = MAX_REDIRECT; -char *cookie_request, *normal_request; // Buffers for HTTP headers +char *cookie_request, *normal_request; // Buffers for HTTP headers /* * Function to perform some initial setup. */ -ptr_header_node initialize(char * ip, unsigned char options, char * miscptr); +ptr_header_node initialize(char *ip, unsigned char options, char *miscptr); /* * Returns 1 if specified header exists, or 0 otherwise. */ -ptr_header_node header_exists(ptr_header_node * ptr_head, char * header_name, char type){ - ptr_header_node cur_ptr = *ptr_head, - found_header = NULL; +ptr_header_node header_exists(ptr_header_node * ptr_head, char *header_name, char type) { + ptr_header_node cur_ptr = *ptr_head, found_header = NULL; - for(cur_ptr = *ptr_head; cur_ptr && !found_header; cur_ptr = cur_ptr->next) - if(cur_ptr->header && strcmp(cur_ptr->header, header_name) == 0 && cur_ptr->type == type) + for (cur_ptr = *ptr_head; cur_ptr && !found_header; cur_ptr = cur_ptr->next) + if (cur_ptr->header && strcmp(cur_ptr->header, header_name) == 0 && cur_ptr->type == type) found_header = cur_ptr; return found_header; @@ -118,51 +116,51 @@ ptr_header_node header_exists(ptr_header_node * ptr_head, char * header_name, ch * * Returns 1 if success, or 0 otherwise (out of memory). */ -int add_header(ptr_header_node * ptr_head, char *header, char *value, char type){ +int add_header(ptr_header_node * ptr_head, char *header, char *value, char type) { ptr_header_node cur_ptr = NULL; ptr_header_node existing_hdr, new_ptr; // get to the last header - for(cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next); + for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next); - char * new_header = strdup(header); - char * new_value = strdup(value); + char *new_header = strdup(header); + char *new_value = strdup(value); - if(new_header && new_value){ - if((type == HEADER_TYPE_USERHEADER) || - (type == HEADER_TYPE_DEFAULT && !header_exists(ptr_head, new_header, HEADER_TYPE_USERHEADER_REPL)) || - (type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))){ - /* - * We are in one of the following scenarios: - * 1. A default header with no user-supplied headers that replace it. - * 2. A user-supplied header that must be appended (option 'h'). - * 3. A user-supplied header that must replace a default header (option 'h'), - * but no default headers exist with that name. - * - * In either case we just add the header to the list. - */ - new_ptr = (ptr_header_node) malloc(sizeof(t_header_node)); - if(!new_ptr) - return 0; - new_ptr->header = new_header; - new_ptr->value = new_value; - new_ptr->type = type; - new_ptr->next = NULL; + if (new_header && new_value) { + if ((type == HEADER_TYPE_USERHEADER) || + (type == HEADER_TYPE_DEFAULT && !header_exists(ptr_head, new_header, HEADER_TYPE_USERHEADER_REPL)) || + (type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))) { + /* + * We are in one of the following scenarios: + * 1. A default header with no user-supplied headers that replace it. + * 2. A user-supplied header that must be appended (option 'h'). + * 3. A user-supplied header that must replace a default header (option 'h'), + * but no default headers exist with that name. + * + * In either case we just add the header to the list. + */ + new_ptr = (ptr_header_node) malloc(sizeof(t_header_node)); + if (!new_ptr) + return 0; + new_ptr->header = new_header; + new_ptr->value = new_value; + new_ptr->type = type; + new_ptr->next = NULL; - if(cur_ptr) - cur_ptr->next = new_ptr; - else{ - // head is NULL, so the list is empty - *ptr_head = new_ptr; - } - }else if(type == HEADER_TYPE_USERHEADER_REPL && (existing_hdr = header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))){ - // It's a user-supplied header that must replace a default one - // Replace the default header's value with this new value - free(existing_hdr->value); - existing_hdr->value = new_value; - existing_hdr->type = type; - } - }else{ + if (cur_ptr) + cur_ptr->next = new_ptr; + else { + // head is NULL, so the list is empty + *ptr_head = new_ptr; + } + } else if (type == HEADER_TYPE_USERHEADER_REPL && (existing_hdr = header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))) { + // It's a user-supplied header that must replace a default one + // Replace the default header's value with this new value + free(existing_hdr->value); + existing_hdr->value = new_value; + existing_hdr->type = type; + } + } else { // we're out of memory, so forcefully end return 0; } @@ -174,120 +172,119 @@ int add_header(ptr_header_node * ptr_head, char *header, char *value, char type) * Replace in all headers' values every occurrence of oldvalue by newvalue. * Only user-defined headers are considered. */ -void hdrrep(ptr_header_node * ptr_head, char * oldvalue, char * newvalue){ - ptr_header_node cur_ptr = NULL; +void hdrrep(ptr_header_node * ptr_head, char *oldvalue, char *newvalue) { + ptr_header_node cur_ptr = NULL; - for(cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next){ - if((cur_ptr->type == HEADER_TYPE_USERHEADER || cur_ptr->type == HEADER_TYPE_USERHEADER_REPL) && strstr(cur_ptr->value, oldvalue)){ - cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(newvalue)); - if(cur_ptr->value) - strcpy(cur_ptr->value, newvalue); - else{ - hydra_report(stderr, "[ERROR] Out of memory."); - hydra_child_exit(0); - } - } - } + for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { + if ((cur_ptr->type == HEADER_TYPE_USERHEADER || cur_ptr->type == HEADER_TYPE_USERHEADER_REPL) && strstr(cur_ptr->value, oldvalue)) { + cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(newvalue)); + if (cur_ptr->value) + strcpy(cur_ptr->value, newvalue); + else { + hydra_report(stderr, "[ERROR] Out of memory."); + hydra_child_exit(0); + } + } + } } /* * Replace the value of the default header named 'hdrname'. */ -void hdrrepv(ptr_header_node * ptr_head, char * hdrname, char * new_value){ - ptr_header_node cur_ptr = NULL; +void hdrrepv(ptr_header_node * ptr_head, char *hdrname, char *new_value) { + ptr_header_node cur_ptr = NULL; - for(cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next){ - if((cur_ptr->type == HEADER_TYPE_DEFAULT) && strcmp(cur_ptr->header, hdrname) == 0){ - cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(new_value)); - if(cur_ptr->value) - strcpy(cur_ptr->value, new_value); - else{ - hydra_report(stderr, "[ERROR] Out of memory"); - hydra_child_exit(0); - } - } - } + for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { + if ((cur_ptr->type == HEADER_TYPE_DEFAULT) && strcmp(cur_ptr->header, hdrname) == 0) { + cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(new_value)); + if (cur_ptr->value) + strcpy(cur_ptr->value, new_value); + else { + hydra_report(stderr, "[ERROR] Out of memory"); + hydra_child_exit(0); + } + } + } } -void cleanup(ptr_header_node * ptr_head){ - ptr_header_node cur_ptr = *ptr_head, next_ptr = cur_ptr; +void cleanup(ptr_header_node * ptr_head) { + ptr_header_node cur_ptr = *ptr_head, next_ptr = cur_ptr; - while(next_ptr){ - free(cur_ptr->header); - free(cur_ptr->value); - next_ptr = cur_ptr->next; - } + while (next_ptr) { + free(cur_ptr->header); + free(cur_ptr->value); + next_ptr = cur_ptr->next; + } - *ptr_head = NULL; + *ptr_head = NULL; } /* * Concat all the headers in the list in a single string. * Leave the list itself intact: do not clean it here. */ -char * stringify_headers(ptr_header_node * ptr_head){ - char * headers_str = NULL; +char *stringify_headers(ptr_header_node * ptr_head) { + char *headers_str = NULL; ptr_header_node cur_ptr = *ptr_head; int ttl_size = 0; - for(; cur_ptr; cur_ptr = cur_ptr->next) - ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 3; + for (; cur_ptr; cur_ptr = cur_ptr->next) + ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 3; - headers_str = (char *) malloc(ttl_size + 1); + headers_str = (char *) malloc(ttl_size + 1); - if(headers_str){ - memset(headers_str, 0, ttl_size + 1); - for(cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next){ - strcat(headers_str, cur_ptr->header); - strcat(headers_str, ":"); - strcat(headers_str, cur_ptr->value); - strcat(headers_str, "\r\n"); - } - } + if (headers_str) { + memset(headers_str, 0, ttl_size + 1); + for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { + strcat(headers_str, cur_ptr->header); + strcat(headers_str, ":"); + strcat(headers_str, cur_ptr->value); + strcat(headers_str, "\r\n"); + } + } return headers_str; } -char * prepare_http_request(char * type, char * path, char * params, char * headers){ - unsigned int reqlen = 0; - char * http_request = NULL; +char *prepare_http_request(char *type, char *path, char *params, char *headers) { + unsigned int reqlen = 0; + char *http_request = NULL; - if(type && path && headers){ - reqlen = strlen(path) + strlen(headers) + 20; - if(params) - reqlen += strlen(params); + if (type && path && headers) { + reqlen = strlen(path) + strlen(headers) + 20; + if (params) + reqlen += strlen(params); - http_request = (char *) malloc(reqlen); - if(http_request){ - memset(http_request, 0, reqlen); + http_request = (char *) malloc(reqlen); + if (http_request) { + memset(http_request, 0, reqlen); - // append the request verb (GET or POST) - if(strcmp(type, "GET") == 0) - strcat(http_request, "GET "); - else - strcat(http_request, "POST "); + // append the request verb (GET or POST) + if (strcmp(type, "GET") == 0) + strcat(http_request, "GET "); + else + strcat(http_request, "POST "); - // append the request path - strcat(http_request, path); + // append the request path + strcat(http_request, path); - // if GET, append the params now - if(params && strcmp(type, "GET") == 0){ - strcat(http_request, "?"); - strcat(http_request, params); - } + // if GET, append the params now + if (params && strcmp(type, "GET") == 0) { + strcat(http_request, "?"); + strcat(http_request, params); + } + // append the headers + strcat(http_request, " HTTP/1.0\r\n"); + strcat(http_request, headers); + strcat(http_request, "\r\n"); - // append the headers - strcat(http_request, " HTTP/1.0\r\n"); - strcat(http_request, headers); - strcat(http_request, "\r\n"); + // if POST, append the params now + if (params && strcmp(type, "POST") == 0) + strcat(http_request, params); + } + } - // if POST, append the params now - if(params && strcmp(type, "POST") == 0) - strcat(http_request, params); - } - } - - return http_request; + return http_request; } int strpos(char *str, char *target) { @@ -367,11 +364,11 @@ int analyze_server_response(int s) { endcookie1 = strchr(str, '\n'); endcookie2 = strchr(str, ';'); //terminate string after cookie data - if (endcookie1 != NULL && ((endcookie1 < endcookie2) || (endcookie2 == NULL))){ - if(*(endcookie1 - 1) == '\r') - endcookie1--; - *endcookie1 = 0; - }else if (endcookie2 != NULL) + if (endcookie1 != NULL && ((endcookie1 < endcookie2) || (endcookie2 == NULL))) { + if (*(endcookie1 - 1) == '\r') + endcookie1--; + *endcookie1 = 0; + } else if (endcookie2 != NULL) *endcookie2 = 0; // is the cookie already there? if yes, remove it! if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) { @@ -439,8 +436,7 @@ void hydra_reconnect(int s, char *ip, int port, unsigned char options) { } int start_http_form(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type, ptr_header_node ptr_head) { - char *empty = ""; - char * buffer; + char *empty = ""; char *login, *pass, clogin[256], cpass[256]; char header[8096], *upd3variables; char *http_request; @@ -450,267 +446,265 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc memset(header, 0, sizeof(header)); cookie[0] = 0; // reset cookies from potential previous attempt - // Take the next login/pass pair - if (strlen(login = hydra_get_next_login()) == 0) - login = empty; - if (strlen(pass = hydra_get_next_password()) == 0) - pass = empty; - strncpy(clogin, html_encode(login), sizeof(clogin) - 1); - clogin[sizeof(clogin) - 1] = 0; - strncpy(cpass, html_encode(pass), sizeof(cpass) - 1); - cpass[sizeof(cpass) - 1] = 0; + // Take the next login/pass pair + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + strncpy(clogin, html_encode(login), sizeof(clogin) - 1); + clogin[sizeof(clogin) - 1] = 0; + strncpy(cpass, html_encode(pass), sizeof(cpass) - 1); + cpass[sizeof(cpass) - 1] = 0; upd3variables = hydra_strrep(variables, "^USER^", clogin); upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); - // Replace the user/pass placeholders in the user-supplied headers - hdrrep(&ptr_head, "^USER^", clogin); - hdrrep(&ptr_head, "^PASS^", cpass); + // Replace the user/pass placeholders in the user-supplied headers + hdrrep(&ptr_head, "^USER^", clogin); + hdrrep(&ptr_head, "^PASS^", cpass); - /* again: no snprintf to be portable. dont worry, buffer cant overflow */ - if (use_proxy == 1 && proxy_authentication != NULL) { - if (getcookie) { - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); - http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - i = analyze_server_response(s); // ignore result - if (strlen(cookie) > 0) - add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); - hydra_reconnect(s, ip, port, options); - } - // now prepare for the "real" request - if (strcmp(type, "POST") == 0) { - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); - if(header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - if(!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - normal_request = stringify_headers(&ptr_head); - http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - } else { - normal_request = stringify_headers(&ptr_head); - http_request = prepare_http_request("GET", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - } - } else { - if (use_proxy == 1) { - // proxy without authentication - if (getcookie) { - //doing a GET to get cookies - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); - http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - i = analyze_server_response(s); // ignore result - if (strlen(cookie) > 0) - add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); - hydra_reconnect(s, ip, port, options); - } + /* again: no snprintf to be portable. dont worry, buffer cant overflow */ + if (use_proxy == 1 && proxy_authentication != NULL) { + if (getcookie) { + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); + http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + i = analyze_server_response(s); // ignore result + if (strlen(cookie) > 0) + add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); + hydra_reconnect(s, ip, port, options); + } + // now prepare for the "real" request + if (strcmp(type, "POST") == 0) { + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + normal_request = stringify_headers(&ptr_head); + http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + } else { + normal_request = stringify_headers(&ptr_head); + http_request = prepare_http_request("GET", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + } + } else { + if (use_proxy == 1) { + // proxy without authentication + if (getcookie) { + //doing a GET to get cookies + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); + http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + i = analyze_server_response(s); // ignore result + if (strlen(cookie) > 0) + add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); + hydra_reconnect(s, ip, port, options); + } + // now prepare for the "real" request + if (strcmp(type, "POST") == 0) { + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + normal_request = stringify_headers(&ptr_head); + http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + } else { + normal_request = stringify_headers(&ptr_head); + http_request = prepare_http_request("GET", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + } + } else { + // direct web server, no proxy + if (getcookie) { + //doing a GET to save cookies + http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + i = analyze_server_response(s); // ignore result + if (strlen(cookie) > 0 && !header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) { + add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); + normal_request = stringify_headers(&ptr_head); + } + hydra_reconnect(s, ip, port, options); + } + // now prepare for the "real" request + if (strcmp(type, "POST") == 0) { + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + normal_request = stringify_headers(&ptr_head); + http_request = prepare_http_request("POST", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + } else { + normal_request = stringify_headers(&ptr_head); + http_request = prepare_http_request("GET", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + } + } + } - // now prepare for the "real" request - if (strcmp(type, "POST") == 0) { - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); - if(header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - if(!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - normal_request = stringify_headers(&ptr_head); - http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - } else { - normal_request = stringify_headers(&ptr_head); - http_request = prepare_http_request("GET", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - } - } else { - // direct web server, no proxy - if (getcookie) { - //doing a GET to save cookies - http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - i = analyze_server_response(s); // ignore result - if (strlen(cookie) > 0 && !header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)){ - add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); - normal_request = stringify_headers(&ptr_head); - } - hydra_reconnect(s, ip, port, options); - } + found = analyze_server_response(s); - // now prepare for the "real" request - if (strcmp(type, "POST") == 0) { - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); - if(header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - if(!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - normal_request = stringify_headers(&ptr_head); - http_request = prepare_http_request("POST", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - } else { - normal_request = stringify_headers(&ptr_head); - http_request = prepare_http_request("GET", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - } - } - } + if (auth_flag) { // we received a 401 error - user using wrong module + hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP error code 401. Use module \"http%s-get\" instead.\n", + (options & OPTION_SSL) > 0 ? "s" : ""); + return 4; + } - found = analyze_server_response(s); + if (strlen(cookie) > 0 && !header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); - if (auth_flag) { // we received a 401 error - user using wrong module - hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP error code 401. Use module \"http%s-get\" instead.\n", - (options & OPTION_SSL) > 0 ? "s" : ""); - return 4; - } + //if page was redirected, follow the location header + redirected_cpt = MAX_REDIRECT; + if (debug) + printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); - if (strlen(cookie) > 0 && !header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); + while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { + //we have to split the location + char *startloc, *endloc; + char str[2048]; + char str2[2048]; + char str3[2048]; - //if page was redirected, follow the location header - redirected_cpt = MAX_REDIRECT; - if (debug) - printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); + redirected_cpt--; + redirected_flag = 0; + //check if the redirect page contains the fail/success condition +#ifdef HAVE_PCRE + if (hydra_string_match(redirected_url_buff, cond) == 1) { +#else + if (strstr(redirected_url_buff, cond) != NULL) { +#endif + found = success_cond; + } else { + //location could be either absolute http(s):// or / something + //or relative + startloc = strstr(redirected_url_buff, "://"); + if (startloc != NULL) { + startloc += strlen("://"); - while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { - //we have to split the location - char *startloc, *endloc; - char str[2048]; - char str2[2048]; - char str3[2048]; + if ((endloc = strchr(startloc, '\r')) != NULL) { + startloc[endloc - startloc] = 0; + } + if ((endloc = strchr(startloc, '\n')) != NULL) { + startloc[endloc - startloc] = 0; + } + strcpy(str, startloc); - redirected_cpt--; - redirected_flag = 0; - //check if the redirect page contains the fail/success condition - #ifdef HAVE_PCRE - if (hydra_string_match(redirected_url_buff, cond) == 1) { - #else - if (strstr(redirected_url_buff, cond) != NULL) { - #endif - found = success_cond; - } else { - //location could be either absolute http(s):// or / something - //or relative - startloc = strstr(redirected_url_buff, "://"); - if (startloc != NULL) { - startloc += strlen("://"); + endloc = strchr(str, '/'); + if (endloc != NULL) { + strncpy(str2, str, endloc - str); + str2[endloc - str] = 0; + } else + strncpy(str2, str, sizeof(str)); - if ((endloc = strchr(startloc, '\r')) != NULL) { - startloc[endloc - startloc] = 0; - } - if ((endloc = strchr(startloc, '\n')) != NULL) { - startloc[endloc - startloc] = 0; - } - strcpy(str, startloc); + if (strlen(str) - strlen(str2) == 0) { + strcpy(str3, "/"); + } else { + strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2) - 1); + str3[strlen(str) - strlen(str2) - 1] = 0; + } + } else { + strncpy(str2, webtarget, sizeof(str2)); + if (redirected_url_buff[0] != '/') { + //it's a relative path, so we have to concatenate it + //with the path from the first url given + char *urlpath; + char urlpath_extracted[2048]; - endloc = strchr(str, '/'); - if (endloc != NULL) { - strncpy(str2, str, endloc - str); - str2[endloc - str] = 0; - } else - strncpy(str2, str, sizeof(str)); + memset(urlpath_extracted, 0, sizeof(urlpath_extracted)); - if (strlen(str) - strlen(str2) == 0) { - strcpy(str3, "/"); - } else { - strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2) - 1); - str3[strlen(str) - strlen(str2) - 1] = 0; - } - } else { - strncpy(str2, webtarget, sizeof(str2)); - if (redirected_url_buff[0] != '/') { - //it's a relative path, so we have to concatenate it - //with the path from the first url given - char *urlpath; - char urlpath_extracted[2048]; + urlpath = strrchr(url, '/'); + if (urlpath != NULL) { + strncpy(urlpath_extracted, url, urlpath - url); + sprintf(str3, "%.1000s/%.1000s", urlpath_extracted, redirected_url_buff); + } else { + sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff); + } + } else + strncpy(str3, redirected_url_buff, sizeof(str3)); + if (debug) + hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url); + } + if (str3[0] != '/') { + j = strlen(str3); + str3[j + 1] = 0; + for (i = j; i > 0; i--) + str3[i] = str3[i - 1]; + str3[0] = '/'; + } - memset(urlpath_extracted, 0, sizeof(urlpath_extracted)); + if (verbose) + hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3); - urlpath = strrchr(url, '/'); - if (urlpath != NULL) { - strncpy(urlpath_extracted, url, urlpath - url); - sprintf(str3, "%.1000s/%.1000s", urlpath_extracted, redirected_url_buff); - } else { - sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff); - } - } else - strncpy(str3, redirected_url_buff, sizeof(str3)); - if (debug) - hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url); - } - if (str3[0] != '/') { - j = strlen(str3); - str3[j + 1] = 0; - for (i = j; i > 0; i--) - str3[i] = str3[i - 1]; - str3[0] = '/'; - } + //re-use the code above to check for proxy use + if (use_proxy == 1 && proxy_authentication != NULL) { + // proxy with authentication + hdrrepv(&ptr_head, "Host", str2); + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); + normal_request = stringify_headers(&ptr_head); + http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); + } else { + if (use_proxy == 1) { + // proxy without authentication + hdrrepv(&ptr_head, "Host", str2); + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); + normal_request = stringify_headers(&ptr_head); + http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); + } else { + //direct web server, no proxy + hdrrepv(&ptr_head, "Host", str2); + normal_request = stringify_headers(&ptr_head); + http_request = prepare_http_request("GET", str3, NULL, normal_request); + } + } - if (verbose) - hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3); + hydra_reconnect(s, ip, port, options); - //re-use the code above to check for proxy use - if (use_proxy == 1 && proxy_authentication != NULL) { - // proxy with authentication - hdrrepv(&ptr_head, "Host", str2); - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); - normal_request = stringify_headers(&ptr_head); - http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); - } else { - if (use_proxy == 1) { - // proxy without authentication - hdrrepv(&ptr_head, "Host", str2); - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); - normal_request = stringify_headers(&ptr_head); - http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); - } else { - //direct web server, no proxy - hdrrepv(&ptr_head, "Host", str2); - normal_request = stringify_headers(&ptr_head); - http_request = prepare_http_request("GET", str3, NULL, normal_request); - } - } + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; - hydra_reconnect(s, ip, port, options); + found = analyze_server_response(s); + if (strlen(cookie) > 0 && !header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); + } + } - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; + //if the last status is still 3xx, set it as a false + if (found != -1 && found == success_cond && (redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { + hydra_report_found_host(port, ip, "www-form", fp); + hydra_completed_pair_found(); + } else { + hydra_completed_pair(); + } - found = analyze_server_response(s); - if (strlen(cookie) > 0 && !header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); - } - } - - //if the last status is still 3xx, set it as a false - if (found != -1 && found == success_cond && (redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { - hydra_report_found_host(port, ip, "www-form", fp); - hydra_completed_pair_found(); - } else { - hydra_completed_pair(); - } - - return 1; + return 1; } void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type, ptr_header_node * ptr_head) { @@ -722,10 +716,10 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F /* * Iterate through the runs. Possible values are the following: - * - 1 -> Open connection to remote server. - * - 2 -> Run password attempts. - * - 3 -> Disconnect and end with success. - * - 4 -> Disconnect and end with error. + * - 1 -> Open connection to remote server. + * - 2 -> Run password attempts. + * - 3 -> Disconnect and end with success. + * - 4 -> Disconnect and end with error. */ while (1) { if (run == 2) { @@ -738,30 +732,30 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F } switch (run) { case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int) getpid()); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; - hydra_child_exit(1); - } - next_run = 2; - break; - } + { + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int) getpid()); + if (freemischttpform) + free(miscptr); + freemischttpform = 0; + hydra_child_exit(1); + } + next_run = 2; + break; + } case 2: /* run the cracking function */ next_run = start_http_form(sock, ip, port, options, miscptr, fp, type, *ptr_head); break; @@ -795,23 +789,25 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F } void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - ptr_header_node ptr_head = initialize(ip, options, miscptr); - if(ptr_head) - service_http_form(ip, sp, options, miscptr, fp, port, "GET", &ptr_head); - else{ - hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(1); - } + ptr_header_node ptr_head = initialize(ip, options, miscptr); + + if (ptr_head) + service_http_form(ip, sp, options, miscptr, fp, port, "GET", &ptr_head); + else { + hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); + hydra_child_exit(1); + } } void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - ptr_header_node ptr_head = initialize(ip, options, miscptr); - if(ptr_head) - service_http_form(ip, sp, options, miscptr, fp, port, "POST", &ptr_head); - else{ - hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(1); - } + ptr_header_node ptr_head = initialize(ip, options, miscptr); + + if (ptr_head) + service_http_form(ip, sp, options, miscptr, fp, port, "POST", &ptr_head); + else { + hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); + hydra_child_exit(1); + } } int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { @@ -828,208 +824,206 @@ int service_http_form_init(char *ip, int sp, unsigned char options, char *miscpt return 0; } -ptr_header_node initialize(char * ip, unsigned char options, char * miscptr) { - ptr_header_node ptr_head = NULL; - char *ptr, *ptr2; - char *proxy_string; +ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { + ptr_header_node ptr_head = NULL; + char *ptr, *ptr2, *proxy_string; - if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) { - webtarget += strlen("://"); - if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ - *ptr2 = 0; - ptr2++; - ptr = ptr2; - if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) - miscptr = ptr; - else - miscptr = slash; /* to make things easier to user */ - } else if ((ptr2 = index(webtarget, '/')) != NULL) { - if (freemischttpform == 0) { - freemischttpform = 1; - miscptr = malloc(strlen(ptr2) + 1); - strcpy(miscptr, ptr2); - *ptr2 = 0; - } - } else - webtarget = NULL; - } - if (cmdlinetarget != NULL && webtarget == NULL) - webtarget = cmdlinetarget; - else if (webtarget == NULL && cmdlinetarget == NULL) - webtarget = hydra_address2string(ip); - if (port != 0) - webport = port; - else if ((options & OPTION_SSL) == 0) - webport = PORT_HTTP; - else - webport = PORT_HTTP_SSL; + if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) { + webtarget += strlen("://"); + if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ + *ptr2 = 0; + ptr2++; + ptr = ptr2; + if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) + miscptr = ptr; + else + miscptr = slash; /* to make things easier to user */ + } else if ((ptr2 = index(webtarget, '/')) != NULL) { + if (freemischttpform == 0) { + freemischttpform = 1; + miscptr = malloc(strlen(ptr2) + 1); + strcpy(miscptr, ptr2); + *ptr2 = 0; + } + } else + webtarget = NULL; + } + if (cmdlinetarget != NULL && webtarget == NULL) + webtarget = cmdlinetarget; + else if (webtarget == NULL && cmdlinetarget == NULL) + webtarget = hydra_address2string(ip); + if (port != 0) + webport = port; + else if ((options & OPTION_SSL) == 0) + webport = PORT_HTTP; + else + webport = PORT_HTTP_SSL; - sprintf(bufferurl, "%.1000s", miscptr); - url = bufferurl; - ptr = url; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - variables = ptr; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - cond = ptr; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - optional1 = ptr; - if (strstr(url, "\\:") != NULL) { - if ((ptr = malloc(strlen(url))) != NULL) { - strcpy(ptr, hydra_strrep(url, "\\:", ":")); - url = ptr; - } - } - if (strstr(variables, "\\:") != NULL) { - if ((ptr = malloc(strlen(variables))) != NULL) { - strcpy(ptr, hydra_strrep(variables, "\\:", ":")); - variables = ptr; - } - } - if (strstr(cond, "\\:") != NULL) { - if ((ptr = malloc(strlen(cond))) != NULL) { - strcpy(ptr, hydra_strrep(cond, "\\:", ":")); - cond = ptr; - } - } - if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ ) - hydra_child_exit(2); + sprintf(bufferurl, "%.1000s", miscptr); + url = bufferurl; + ptr = url; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + variables = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + cond = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + optional1 = ptr; + if (strstr(url, "\\:") != NULL) { + if ((ptr = malloc(strlen(url))) != NULL) { + strcpy(ptr, hydra_strrep(url, "\\:", ":")); + url = ptr; + } + } + if (strstr(variables, "\\:") != NULL) { + if ((ptr = malloc(strlen(variables))) != NULL) { + strcpy(ptr, hydra_strrep(variables, "\\:", ":")); + variables = ptr; + } + } + if (strstr(cond, "\\:") != NULL) { + if ((ptr = malloc(strlen(cond))) != NULL) { + strcpy(ptr, hydra_strrep(cond, "\\:", ":")); + cond = ptr; + } + } + if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ ) + hydra_child_exit(2); - if (*cond == 0) { - fprintf(stderr, "[ERROR] invalid number of parameters in module option\n"); - return NULL; - } + if (*cond == 0) { + fprintf(stderr, "[ERROR] invalid number of parameters in module option\n"); + return NULL; + } - sprintf(cookieurl, "%.1000s", url); + sprintf(cookieurl, "%.1000s", url); - //conditions now have to contain F or S to set the fail or success condition - if (*cond != 0 && (strpos(cond, "F=") == 0)) { - success_cond = 0; - cond += 2; - } else if (*cond != 0 && (strpos(cond, "S=") == 0)) { - success_cond = 1; - cond += 2; - } else { - //by default condition is a fail - success_cond = 0; - } + //conditions now have to contain F or S to set the fail or success condition + if (*cond != 0 && (strpos(cond, "F=") == 0)) { + success_cond = 0; + cond += 2; + } else if (*cond != 0 && (strpos(cond, "S=") == 0)) { + success_cond = 1; + cond += 2; + } else { + //by default condition is a fail + success_cond = 0; + } - char *header = NULL, *value = NULL; - while ( /*(optional1 = strtok(NULL, ":")) != NULL */ *optional1 != 0) { - switch (optional1[0]) { - case 'c': // fall through - case 'C': - ptr = optional1 + 2; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - sprintf(cookieurl, "%.1000s", hydra_strrep(optional1 + 2, "\\:", ":")); - optional1 = ptr; - break; - case 'h': - // add a new header at the end - ptr = optional1 + 2; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - ptr2 = ptr; - while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) - ptr2++; - if (*ptr2 != 0) - *ptr2++ = 0; - /* - * At this point: - * - (optional1 + 2) contains the header's name - * - ptr contains the header's value - */ - if(add_header(&ptr_head, optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER)){ - // Success: break the switch and go ahead - optional1 = ptr2; - break; - } - // Error: abort execution - hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); - return NULL; - case 'H': - // add a new header, or replace an existing one's value - ptr = optional1 + 2; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - ptr2 = ptr; - while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) - ptr2++; - if (*ptr2 != 0) - *ptr2++ = 0; - /* - * At this point: - * - (optional1 + 2) contains the header's name - * - ptr contains the header's value - */ - if(add_header(&ptr_head, optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER_REPL)){ - // Success: break the switch and go ahead - optional1 = ptr2; - break; - } - // Error: abort execution - hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); - return NULL; - // no default - } - } + while ( /*(optional1 = strtok(NULL, ":")) != NULL */ *optional1 != 0) { + switch (optional1[0]) { + case 'c': // fall through + case 'C': + ptr = optional1 + 2; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + sprintf(cookieurl, "%.1000s", hydra_strrep(optional1 + 2, "\\:", ":")); + optional1 = ptr; + break; + case 'h': + // add a new header at the end + ptr = optional1 + 2; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + ptr2 = ptr; + while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) + ptr2++; + if (*ptr2 != 0) + *ptr2++ = 0; + /* + * At this point: + * - (optional1 + 2) contains the header's name + * - ptr contains the header's value + */ + if (add_header(&ptr_head, optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER)) { + // Success: break the switch and go ahead + optional1 = ptr2; + break; + } + // Error: abort execution + hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); + return NULL; + case 'H': + // add a new header, or replace an existing one's value + ptr = optional1 + 2; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + ptr2 = ptr; + while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) + ptr2++; + if (*ptr2 != 0) + *ptr2++ = 0; + /* + * At this point: + * - (optional1 + 2) contains the header's name + * - ptr contains the header's value + */ + if (add_header(&ptr_head, optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER_REPL)) { + // Success: break the switch and go ahead + optional1 = ptr2; + break; + } + // Error: abort execution + hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); + return NULL; + // no default + } + } - /* again: no snprintf to be portable. dont worry, buffer cant overflow */ - if (use_proxy == 1 && proxy_authentication != NULL) { - // proxy with authentication - add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); - add_header(&ptr_head, "User-Agent", "Mozilla 5.0 (Hydra Proxy Auth)", HEADER_TYPE_DEFAULT); - proxy_string = (char *) malloc(strlen(proxy_authentication) + 6); - if(proxy_string) { - strcpy(proxy_string, "Basic "); - strncat(proxy_string, proxy_authentication, strlen(proxy_authentication) - 6); - add_header(&ptr_head, "Proxy-Authorization", proxy_string, HEADER_TYPE_DEFAULT); - }else{ - hydra_report(stderr, "Out of memory for \"Proxy-Authorization\" header."); - return NULL; - } - if (getcookie) { - //doing a GET to save cookies - cookie_request = stringify_headers(&ptr_head); - } - normal_request = stringify_headers(&ptr_head); - } else { - if (use_proxy == 1) { - // proxy without authentication - add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); - add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra Proxy)", HEADER_TYPE_DEFAULT); - if (getcookie) { - //doing a GET to get cookies - cookie_request = stringify_headers(&ptr_head); - } - normal_request = stringify_headers(&ptr_head); - } else { - // direct web server, no proxy - add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); - add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra)", HEADER_TYPE_DEFAULT); + /* again: no snprintf to be portable. dont worry, buffer cant overflow */ + if (use_proxy == 1 && proxy_authentication != NULL) { + // proxy with authentication + add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); + add_header(&ptr_head, "User-Agent", "Mozilla 5.0 (Hydra Proxy Auth)", HEADER_TYPE_DEFAULT); + proxy_string = (char *) malloc(strlen(proxy_authentication) + 6); + if (proxy_string) { + strcpy(proxy_string, "Basic "); + strncat(proxy_string, proxy_authentication, strlen(proxy_authentication) - 6); + add_header(&ptr_head, "Proxy-Authorization", proxy_string, HEADER_TYPE_DEFAULT); + } else { + hydra_report(stderr, "Out of memory for \"Proxy-Authorization\" header."); + return NULL; + } + if (getcookie) { + //doing a GET to save cookies + cookie_request = stringify_headers(&ptr_head); + } + normal_request = stringify_headers(&ptr_head); + } else { + if (use_proxy == 1) { + // proxy without authentication + add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); + add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra Proxy)", HEADER_TYPE_DEFAULT); + if (getcookie) { + //doing a GET to get cookies + cookie_request = stringify_headers(&ptr_head); + } + normal_request = stringify_headers(&ptr_head); + } else { + // direct web server, no proxy + add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); + add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra)", HEADER_TYPE_DEFAULT); - if (getcookie) { - //doing a GET to save cookies - cookie_request = stringify_headers(&ptr_head); - } + if (getcookie) { + //doing a GET to save cookies + cookie_request = stringify_headers(&ptr_head); + } - normal_request = stringify_headers(&ptr_head); - } - } - return ptr_head; + normal_request = stringify_headers(&ptr_head); + } + } + return ptr_head; } diff --git a/hydra.1 b/hydra.1 index fc0bc1e..268f7f3 100644 --- a/hydra.1 +++ b/hydra.1 @@ -113,7 +113,7 @@ Show summary of options. .br The programs are documented fully by van Hauser .SH AUTHOR -hydra was written by van Hauser / THC and is co-maintained by David Maciejak . +hydra was written by van Hauser / THC .PP This manual page was written by Daniel Echeverry , diff --git a/hydra.c b/hydra.c index dcb6f83..61e8254 100644 --- a/hydra.c +++ b/hydra.c @@ -47,7 +47,8 @@ extern void service_http_proxy(char *ip, int sp, unsigned char options, char *mi extern void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); +extern void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); + // ADD NEW SERVICES HERE #ifdef HAVE_MATH_H @@ -132,12 +133,14 @@ extern int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char optio extern int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); +extern int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); + // ADD NEW SERVICES HERE // ADD NEW SERVICES HERE -char *SERVICES = "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; +char *SERVICES = + "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; #define MAXBUF 520 #define MAXLINESIZE ( ( MAXBUF / 2 ) - 4 ) @@ -158,8 +161,6 @@ char *SERVICES = "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]- #define VERSION "v8.1-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" -#define AUTHOR2 "David Maciejak" -#define EMAIL2 "" #define RESOURCE "http://www.thc.org/thc-hydra" extern char *hydra_strcasestr(const char *haystack, const char *needle); @@ -264,6 +265,7 @@ typedef struct { // external vars extern char HYDRA_EXIT[5]; + #if !defined(ANDROID) && !defined(__BIONIC__) extern int errno; #endif @@ -353,9 +355,7 @@ void help(int ext) { printf(" OPT some service modules support additional input (-U for module help)\n"); printf("\nSupported services: %s\n", SERVICES); - printf - ("\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\nv3.0. The newest version is always available at %s\n", - PROGRAM, RESOURCE); + printf("\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\nv3.0. The newest version is always available at %s\n", PROGRAM, RESOURCE); printf("Don't use in military or secret service organizations, or for illegal purposes.\n"); if (ext && strlen(unsupported) > 0) { if (unsupported[strlen(unsupported) - 1] == ' ') @@ -565,15 +565,11 @@ void module_usage() { " C=/page/uri to define a different page to gather initial cookies from\n" " (h|H)=My-Hdr: foo to send a user defined HTTP header with each request\n" " ^USER^ and ^PASS^ can also be put into these headers!\n" - " Note that 'h' and 'H' are not the same. The former will add the user-defined header at the end" - " regardless it's already being sent by Hydra or not. The latter will replace the value of that header" - " if it exists, by the one supplied by the user, or add the header at the end if it does not exist." - " For example: 'h=User-Agent: Googlebot' would send two 'User-Agent' headers, the one supplied by default" - " ('Mozilla/5.0 (Hydra)'), and the one supplied by the user ('Googlebot'). 'H=User-Agent: Googlebot' would" - " only send a single 'User-Agent' header with the value supplied, effectively replacing the default user agent." - " This is useful to pass hidden CSRF token fields that are tied to a previously issued cookie and are unique" - " for each session. Various C/H/h parameters can be specified separated by colons and optionally intermixed." - "Examples:\n" + " Note: 'h' will add the user-defined header at the end\n" + " regardless it's already being sent by Hydra or not.\n" + " 'H' will replace the value of that header if it exists, by the\n" + " one supplied by the user, or add the header at the end\n" + "\nExamples:\n" " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" @@ -825,7 +821,7 @@ void hydra_restore_read() { pass_ptr = csv_ptr = login_ptr; } - hydra_targets = malloc((hydra_brains.targets + 3 )* sizeof(hydra_targets)); + hydra_targets = malloc((hydra_brains.targets + 3) * sizeof(hydra_targets)); for (j = 0; j < hydra_brains.targets; j++) { hydra_targets[j] = malloc(sizeof(hydra_target)); fck = (int) fread(hydra_targets[j], sizeof(hydra_target), 1, f); @@ -873,7 +869,7 @@ void hydra_restore_read() { hydra_targets[j]->use_count = 0; hydra_targets[j]->failed = 0; } - hydra_heads = malloc((hydra_options.max_use + 2 ) * sizeof(int) + 8); + hydra_heads = malloc((hydra_options.max_use + 2) * sizeof(int) + 8); for (j = 0; j < hydra_options.max_use; j++) { hydra_heads[j] = malloc(sizeof(hydra_head)); fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f); @@ -976,7 +972,7 @@ unsigned long int countlines(FILE * fp, int colonmode) { } rewind(fp); free(buf); - (void)fstat(fileno(fp), &st); + (void) fstat(fileno(fp), &st); size_of_data = st.st_size + 1; return lines; } @@ -1153,7 +1149,7 @@ void hydra_service_init(int target_no) { if (strcmp(hydra_options.service, "xmpp") == 0) x = service_xmpp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "s7-300") == 0) - x = service_s7_300_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + x = service_s7_300_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); // ADD NEW SERVICES HERE if (x != 0 && x != 99) { @@ -1339,15 +1335,16 @@ int hydra_spawn_head(int head_no, int target_no) { service_sip(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif if (strcmp(hydra_options.service, "xmpp") == 0) - service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, + hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "irc") == 0) service_irc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL if (strcmp(hydra_options.service, "rdp") == 0) service_rdp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "s7-300") == 0) - service_s7_300(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "s7-300") == 0) + service_s7_300(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); // ADD NEW SERVICES HERE // just in case a module returns (which it shouldnt) we let it exit here @@ -1356,7 +1353,7 @@ int hydra_spawn_head(int head_no, int target_no) { child_head_no = -1; if (hydra_heads[head_no]->pid > 0) { fck = write(hydra_heads[head_no]->sp[1], "n", 1); // yes, a small "n" - this way we can distinguish later if the client successfully tested a pair and is requesting a new one or the mother did that - (void)fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); + (void) fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); if (hydra_heads[head_no]->redo != 1) hydra_heads[head_no]->target_no = target_no; hydra_heads[head_no]->active = 1; @@ -1516,14 +1513,14 @@ void hydra_increase_fail_count(int target_no, int head_no) { printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count, MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - - hydra_targets[target_no]-> - failed) : 1) + - (hydra_targets[target_no]->ok ? 2 : -2)); + hydra_targets + [target_no]->failed) : 1) + + (hydra_targets[target_no]->ok ? 2 : -2)); if (hydra_targets[target_no]->fail_count >= MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - - hydra_targets[target_no]-> - failed) : 1) + + hydra_targets + [target_no]->failed) : 1) + (hydra_targets[target_no]->ok ? 2 : -2) ) { k = 0; @@ -1943,8 +1940,8 @@ int hydra_send_next_pair(int target_no, int head_no) { } if (debug || hydra_options.showAttempt) { printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %lu of %lu [child %d]\n", - hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, - hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no); + hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, + hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no); } loop_cnt = 0; return 0; @@ -2045,7 +2042,7 @@ int main(int argc, char *argv[]) { struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - printf("%s %s (c) 2014 by %s & %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); + printf("%s %s (c) 2014 by %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR); #ifndef LIBPOSTGRES SERVICES = hydra_string_replace(SERVICES, "postgres ", ""); strcat(unsupported, "postgres "); @@ -2396,7 +2393,7 @@ int main(int argc, char *argv[]) { hydra_options.port = port = atoi(port_pos); if (param_pos != NULL) { if (strstr(hydra_options.service, "http") != NULL && strstr(hydra_options.service, "http-proxy") == NULL && param_pos[1] != '/') - *--param_pos = '/'; + *--param_pos = '/'; hydra_options.miscptr = param_pos; } //printf("target: %s service: %s port: %s opt: %s\n", target_pos, hydra_options.service, port_pos, param_pos); @@ -2768,7 +2765,7 @@ int main(int argc, char *argv[]) { i = 2; if (hydra_options.login == NULL) { //hydra_options.login = empty_login; - i = 1; // login will be the initial Username: login, or line Password: + i = 1; // login will be the initial Username: login, or line Password: } if (hydra_options.miscptr == NULL) { fprintf(stderr, "[WARNING] You did not supply the initial support to the Cisco via -l, assuming direct console access\n"); @@ -2929,7 +2926,8 @@ int main(int argc, char *argv[]) { } if (hydra_options.ssl == 1 && strncmp(hydra_options.service, "http-", 5 == 0) && hydra_options.port == 443) - fprintf(stderr, "[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n"); + fprintf(stderr, + "[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n"); if (hydra_options.loop_mode && hydra_options.colonfile != NULL) bail("The loop mode option (-u) works with all modes - except colon files (-C)\n"); @@ -3125,11 +3123,11 @@ int main(int argc, char *argv[]) { bail("Could not allocate enough memory for target data"); sizeinfile = size_of_data; if (countinfile > MAX_LINES / 1000) { - fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int)countinfile); + fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int) countinfile); exit(-1); } if (sizeinfile > MAX_BYTES / 1000) { - fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int)sizeinfile); + fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int) sizeinfile); exit(-1); } if ((servers_ptr = malloc(sizeinfile + countservers + 8)) == NULL) @@ -3144,9 +3142,9 @@ int main(int argc, char *argv[]) { hydra_targets[i]->target = tmpptr; if ((tmpptr2 = index(hydra_targets[i]->target, ':')) != NULL) { *tmpptr2++ = 0; - hydra_targets[i]->port = atoi(tmpptr2); - if (hydra_targets[i]->port < 1 || hydra_targets[i]->port > 65535) - hydra_targets[i]->port = 0; + hydra_targets[i]->port = atoi(tmpptr2); + if (hydra_targets[i]->port < 1 || hydra_targets[i]->port > 65535) + hydra_targets[i]->port = 0; } if (hydra_targets[i]->port == 0) hydra_targets[i]->port = hydra_options.port; @@ -3159,6 +3157,7 @@ int main(int argc, char *argv[]) { unsigned int four_from, four_to, addr_cur, addr_cur2, k, l; in_addr_t addr4; struct sockaddr_in target; + hydra_options.cidr = 1; do_retry = 0; if ((tmpptr = malloc(strlen(hydra_options.server) + 1)) == NULL) { @@ -3193,7 +3192,7 @@ int main(int argc, char *argv[]) { hydra_targets[i] = malloc(sizeof(hydra_target)); memset(hydra_targets[i], 0, sizeof(hydra_target)); addr_cur2 = htonl(addr_cur); - memcpy(&target.sin_addr.s_addr, (char*) &addr_cur2, 4); + memcpy(&target.sin_addr.s_addr, (char *) &addr_cur2, 4); hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr) target.sin_addr)); hydra_targets[i]->port = hydra_options.port; addr_cur++; @@ -3202,7 +3201,7 @@ int main(int argc, char *argv[]) { if (verbose) printf("[VERBOSE] CIDR attack from %s to %s\n", hydra_targets[0]->target, hydra_targets[l - 1]->target); printf("[WARNING] The CIDR attack mode is still beta. Please report issues.\n"); - } else { // standard: single target on command line + } else { // standard: single target on command line countservers = hydra_brains.targets = 1; hydra_targets = malloc(sizeof(int) * 4); hydra_targets[0] = malloc(sizeof(hydra_target)); @@ -3364,12 +3363,13 @@ int main(int argc, char *argv[]) { if (hydra_options.ssl) options = options | OPTION_SSL; if (hydra_options.colonfile != NULL) - printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, - hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, math2 == 1 ? "y" : "ies"); + printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", + hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, + math2 == 1 ? "y" : "ies"); else - printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, - hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", (unsigned long int) hydra_brains.countlogin, - (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); + printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", + hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", + (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); printf("[DATA] attacking service %s on port %d\n", hydra_options.service, port); @@ -3494,8 +3494,8 @@ int main(int argc, char *argv[]) { // should we do the init centrally or should each child do that? // that depends largely on the number of targets and maximum tasks // if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) - for (i = 0; i < hydra_brains.targets; i++) - hydra_service_init(i); + for (i = 0; i < hydra_brains.targets; i++) + hydra_service_init(i); starttime = elapsed_status = elapsed_restore = time(NULL); fflush(stdout); @@ -3683,7 +3683,7 @@ int main(int argc, char *argv[]) { hydra_brains.sent, // tries (long unsigned int) ((elapsed_status - starttime) / 3600), // hours (long unsigned int) (((elapsed_status - starttime) % 3600) / 60), // minutes - hydra_brains.todo_all - hydra_brains.sent <= 0 ? 1 : hydra_brains.todo_all - hydra_brains.sent, // left todo + hydra_brains.todo_all - hydra_brains.sent <= 0 ? 1 : hydra_brains.todo_all - hydra_brains.sent, // left todo (long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) ) / 3600, // hours (((long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) diff --git a/xhydra.1 b/xhydra.1 index a16b0c1..0c5e740 100644 --- a/xhydra.1 +++ b/xhydra.1 @@ -23,7 +23,7 @@ Currently this tool supports: .BR pw-inspector (1). .br .SH AUTHOR -hydra was written by van Hauser and co-maintained by David Maciejak . +hydra was written by van Hauser .PP This manual page was written by Daniel Echeverry ,