github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-19 21:03:52 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

david sadly cant help maintain hydra anymore

Browse source
This commit is contained in:
van Hauser 2014-09-11 20:34:44 +02:00
commit 0a07987392
6 changed files with 666 additions and 670 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CHANGES
View file

@ -2,6 +2,8 @@ Changelog for hydra
-------------------
Release 8.1-pre
* David Maciejak, my co-maintainer moved to a different job and country and can not help with Hydra anymore - sadly! Wish you all the best!
* Added patch Strunk18 which adds h/H header options for http-form-*, still buggy though
* Fixed for cisco-enable if an intial Login/Password is used (thanks to joswr1te for reporting)
* Added patch by tux-mind for better MySQL compilation and an Android patches and Makefile. Thanks!
* Added xhydra gtk patch by Petar Kaleychev to support -e r reverse login attempt, thanks!

2
README
View file

@ -3,7 +3,7 @@
(c) 2001-2014 by van Hauser / THC
<vh@thc.org> http://www.thc.org
co-maintained by David (dot) Maciejak @ gmail (dot) com
many modules were written by David (dot) Maciejak @ gmail (dot) com
BFG code by Jan Dlabal <dlabaljan@gmail.com>
Licensed under AGPLv3 (see LICENSE file)

142
hydra-http-form.c
View file

@ -1,4 +1,3 @@
/*
Hydra Form Module
@ -66,7 +65,7 @@ typedef struct header_node {
char *value;
char type;
struct header_node *next;
}t_header_node, *ptr_header_node;
} t_header_node, *ptr_header_node;
int success_cond = 0;
int getcookie = 1;
@ -92,17 +91,16 @@ char *cookie_request, *normal_request; // Buffers for HTTP headers
/*
* Function to perform some initial setup.
*/
ptr_header_node initialize(char * ip, unsigned char options, char * miscptr);
ptr_header_node initialize(char *ip, unsigned char options, char *miscptr);
/*
* Returns 1 if specified header exists, or 0 otherwise.
*/
ptr_header_node header_exists(ptr_header_node * ptr_head, char * header_name, char type){
ptr_header_node cur_ptr = *ptr_head,
found_header = NULL;
ptr_header_node header_exists(ptr_header_node * ptr_head, char *header_name, char type) {
ptr_header_node cur_ptr = *ptr_head, found_header = NULL;
for(cur_ptr = *ptr_head; cur_ptr && !found_header; cur_ptr = cur_ptr->next)
if(cur_ptr->header && strcmp(cur_ptr->header, header_name) == 0 && cur_ptr->type == type)
for (cur_ptr = *ptr_head; cur_ptr && !found_header; cur_ptr = cur_ptr->next)
if (cur_ptr->header && strcmp(cur_ptr->header, header_name) == 0 && cur_ptr->type == type)
found_header = cur_ptr;
return found_header;
@ -118,20 +116,20 @@ ptr_header_node header_exists(ptr_header_node * ptr_head, char * header_name, ch
*
* Returns 1 if success, or 0 otherwise (out of memory).
*/
int add_header(ptr_header_node * ptr_head, char *header, char *value, char type){
int add_header(ptr_header_node * ptr_head, char *header, char *value, char type) {
ptr_header_node cur_ptr = NULL;
ptr_header_node existing_hdr, new_ptr;
// get to the last header
for(cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next);
for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next);
char * new_header = strdup(header);
char * new_value = strdup(value);
char *new_header = strdup(header);
char *new_value = strdup(value);
if(new_header && new_value){
if((type == HEADER_TYPE_USERHEADER) ||
if (new_header && new_value) {
if ((type == HEADER_TYPE_USERHEADER) ||
(type == HEADER_TYPE_DEFAULT && !header_exists(ptr_head, new_header, HEADER_TYPE_USERHEADER_REPL)) ||
(type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))){
(type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))) {
/*
* We are in one of the following scenarios:
* 1. A default header with no user-supplied headers that replace it.
@ -142,27 +140,27 @@ int add_header(ptr_header_node * ptr_head, char *header, char *value, char type)
* In either case we just add the header to the list.
*/
new_ptr = (ptr_header_node) malloc(sizeof(t_header_node));
if(!new_ptr)
if (!new_ptr)
return 0;
new_ptr->header = new_header;
new_ptr->value = new_value;
new_ptr->type = type;
new_ptr->next = NULL;
if(cur_ptr)
if (cur_ptr)
cur_ptr->next = new_ptr;
else{
else {
// head is NULL, so the list is empty
*ptr_head = new_ptr;
}
}else if(type == HEADER_TYPE_USERHEADER_REPL && (existing_hdr = header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))){
} else if (type == HEADER_TYPE_USERHEADER_REPL && (existing_hdr = header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))) {
// It's a user-supplied header that must replace a default one
// Replace the default header's value with this new value
free(existing_hdr->value);
existing_hdr->value = new_value;
existing_hdr->type = type;
}
}else{
} else {
// we're out of memory, so forcefully end
return 0;
}
@ -174,15 +172,15 @@ int add_header(ptr_header_node * ptr_head, char *header, char *value, char type)
* Replace in all headers' values every occurrence of oldvalue by newvalue.
* Only user-defined headers are considered.
*/
void hdrrep(ptr_header_node * ptr_head, char * oldvalue, char * newvalue){
void hdrrep(ptr_header_node * ptr_head, char *oldvalue, char *newvalue) {
ptr_header_node cur_ptr = NULL;
for(cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next){
if((cur_ptr->type == HEADER_TYPE_USERHEADER || cur_ptr->type == HEADER_TYPE_USERHEADER_REPL) && strstr(cur_ptr->value, oldvalue)){
for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) {
if ((cur_ptr->type == HEADER_TYPE_USERHEADER || cur_ptr->type == HEADER_TYPE_USERHEADER_REPL) && strstr(cur_ptr->value, oldvalue)) {
cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(newvalue));
if(cur_ptr->value)
if (cur_ptr->value)
strcpy(cur_ptr->value, newvalue);
else{
else {
hydra_report(stderr, "[ERROR] Out of memory.");
hydra_child_exit(0);
}
@ -193,15 +191,15 @@ void hdrrep(ptr_header_node * ptr_head, char * oldvalue, char * newvalue){
/*
* Replace the value of the default header named 'hdrname'.
*/
void hdrrepv(ptr_header_node * ptr_head, char * hdrname, char * new_value){
void hdrrepv(ptr_header_node * ptr_head, char *hdrname, char *new_value) {
ptr_header_node cur_ptr = NULL;
for(cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next){
if((cur_ptr->type == HEADER_TYPE_DEFAULT) && strcmp(cur_ptr->header, hdrname) == 0){
for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) {
if ((cur_ptr->type == HEADER_TYPE_DEFAULT) && strcmp(cur_ptr->header, hdrname) == 0) {
cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(new_value));
if(cur_ptr->value)
if (cur_ptr->value)
strcpy(cur_ptr->value, new_value);
else{
else {
hydra_report(stderr, "[ERROR] Out of memory");
hydra_child_exit(0);
}
@ -209,10 +207,10 @@ void hdrrepv(ptr_header_node * ptr_head, char * hdrname, char * new_value){
}
}
void cleanup(ptr_header_node * ptr_head){
void cleanup(ptr_header_node * ptr_head) {
ptr_header_node cur_ptr = *ptr_head, next_ptr = cur_ptr;
while(next_ptr){
while (next_ptr) {
free(cur_ptr->header);
free(cur_ptr->value);
next_ptr = cur_ptr->next;
@ -225,19 +223,19 @@ void cleanup(ptr_header_node * ptr_head){
* Concat all the headers in the list in a single string.
* Leave the list itself intact: do not clean it here.
*/
char * stringify_headers(ptr_header_node * ptr_head){
char * headers_str = NULL;
char *stringify_headers(ptr_header_node * ptr_head) {
char *headers_str = NULL;
ptr_header_node cur_ptr = *ptr_head;
int ttl_size = 0;
for(; cur_ptr; cur_ptr = cur_ptr->next)
for (; cur_ptr; cur_ptr = cur_ptr->next)
ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 3;
headers_str = (char *) malloc(ttl_size + 1);
if(headers_str){
if (headers_str) {
memset(headers_str, 0, ttl_size + 1);
for(cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next){
for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) {
strcat(headers_str, cur_ptr->header);
strcat(headers_str, ":");
strcat(headers_str, cur_ptr->value);
@ -248,21 +246,21 @@ char * stringify_headers(ptr_header_node * ptr_head){
return headers_str;
}
char * prepare_http_request(char * type, char * path, char * params, char * headers){
char *prepare_http_request(char *type, char *path, char *params, char *headers) {
unsigned int reqlen = 0;
char * http_request = NULL;
char *http_request = NULL;
if(type && path && headers){
if (type && path && headers) {
reqlen = strlen(path) + strlen(headers) + 20;
if(params)
if (params)
reqlen += strlen(params);
http_request = (char *) malloc(reqlen);
if(http_request){
if (http_request) {
memset(http_request, 0, reqlen);
// append the request verb (GET or POST)
if(strcmp(type, "GET") == 0)
if (strcmp(type, "GET") == 0)
strcat(http_request, "GET ");
else
strcat(http_request, "POST ");
@ -271,18 +269,17 @@ char * prepare_http_request(char * type, char * path, char * params, char * head
strcat(http_request, path);
// if GET, append the params now
if(params && strcmp(type, "GET") == 0){
if (params && strcmp(type, "GET") == 0) {
strcat(http_request, "?");
strcat(http_request, params);
}
// append the headers
strcat(http_request, " HTTP/1.0\r\n");
strcat(http_request, headers);
strcat(http_request, "\r\n");
// if POST, append the params now
if(params && strcmp(type, "POST") == 0)
if (params && strcmp(type, "POST") == 0)
strcat(http_request, params);
}
}
@ -367,11 +364,11 @@ int analyze_server_response(int s) {
endcookie1 = strchr(str, '\n');
endcookie2 = strchr(str, ';');
//terminate string after cookie data
if (endcookie1 != NULL && ((endcookie1 < endcookie2) || (endcookie2 == NULL))){
if(*(endcookie1 - 1) == '\r')
if (endcookie1 != NULL && ((endcookie1 < endcookie2) || (endcookie2 == NULL))) {
if (*(endcookie1 - 1) == '\r')
endcookie1--;
*endcookie1 = 0;
}else if (endcookie2 != NULL)
} else if (endcookie2 != NULL)
*endcookie2 = 0;
// is the cookie already there? if yes, remove it!
if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) {
@ -440,7 +437,6 @@ void hydra_reconnect(int s, char *ip, int port, unsigned char options) {
int start_http_form(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type, ptr_header_node ptr_head) {
char *empty = "";
char * buffer;
char *login, *pass, clogin[256], cpass[256];
char header[8096], *upd3variables;
char *http_request;
@ -484,11 +480,11 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
memset(proxy_string, 0, sizeof(proxy_string));
snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url);
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables));
if(header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", content_length);
else
add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
if(!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
normal_request = stringify_headers(&ptr_head);
http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request);
@ -515,17 +511,16 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT);
hydra_reconnect(s, ip, port, options);
}
// now prepare for the "real" request
if (strcmp(type, "POST") == 0) {
memset(proxy_string, 0, sizeof(proxy_string));
snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url);
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables));
if(header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", content_length);
else
add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
if(!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
normal_request = stringify_headers(&ptr_head);
http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request);
@ -545,21 +540,20 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1;
i = analyze_server_response(s); // ignore result
if (strlen(cookie) > 0 && !header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)){
if (strlen(cookie) > 0 && !header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) {
add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT);
normal_request = stringify_headers(&ptr_head);
}
hydra_reconnect(s, ip, port, options);
}
// now prepare for the "real" request
if (strcmp(type, "POST") == 0) {
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables));
if(header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", content_length);
else
add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
if(!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
normal_request = stringify_headers(&ptr_head);
http_request = prepare_http_request("POST", url, upd3variables, normal_request);
@ -600,11 +594,11 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
redirected_cpt--;
redirected_flag = 0;
//check if the redirect page contains the fail/success condition
#ifdef HAVE_PCRE
#ifdef HAVE_PCRE
if (hydra_string_match(redirected_url_buff, cond) == 1) {
#else
#else
if (strstr(redirected_url_buff, cond) != NULL) {
#endif
#endif
found = success_cond;
} else {
//location could be either absolute http(s):// or / something
@ -796,9 +790,10 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F
void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
ptr_header_node ptr_head = initialize(ip, options, miscptr);
if(ptr_head)
if (ptr_head)
service_http_form(ip, sp, options, miscptr, fp, port, "GET", &ptr_head);
else{
else {
hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n");
hydra_child_exit(1);
}
@ -806,9 +801,10 @@ void service_http_get_form(char *ip, int sp, unsigned char options, char *miscpt
void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
ptr_header_node ptr_head = initialize(ip, options, miscptr);
if(ptr_head)
if (ptr_head)
service_http_form(ip, sp, options, miscptr, fp, port, "POST", &ptr_head);
else{
else {
hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n");
hydra_child_exit(1);
}
@ -828,10 +824,9 @@ int service_http_form_init(char *ip, int sp, unsigned char options, char *miscpt
return 0;
}
ptr_header_node initialize(char * ip, unsigned char options, char * miscptr) {
ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
ptr_header_node ptr_head = NULL;
char *ptr, *ptr2;
char *proxy_string;
char *ptr, *ptr2, *proxy_string;
if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) {
webtarget += strlen("://");
@ -922,7 +917,6 @@ ptr_header_node initialize(char * ip, unsigned char options, char * miscptr) {
success_cond = 0;
}
char *header = NULL, *value = NULL;
while ( /*(optional1 = strtok(NULL, ":")) != NULL */ *optional1 != 0) {
switch (optional1[0]) {
case 'c': // fall through
@ -952,7 +946,7 @@ ptr_header_node initialize(char * ip, unsigned char options, char * miscptr) {
* - (optional1 + 2) contains the header's name
* - ptr contains the header's value
*/
if(add_header(&ptr_head, optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER)){
if (add_header(&ptr_head, optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER)) {
// Success: break the switch and go ahead
optional1 = ptr2;
break;
@ -977,7 +971,7 @@ ptr_header_node initialize(char * ip, unsigned char options, char * miscptr) {
* - (optional1 + 2) contains the header's name
* - ptr contains the header's value
*/
if(add_header(&ptr_head, optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER_REPL)){
if (add_header(&ptr_head, optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER_REPL)) {
// Success: break the switch and go ahead
optional1 = ptr2;
break;
@ -995,11 +989,11 @@ ptr_header_node initialize(char * ip, unsigned char options, char * miscptr) {
add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT);
add_header(&ptr_head, "User-Agent", "Mozilla 5.0 (Hydra Proxy Auth)", HEADER_TYPE_DEFAULT);
proxy_string = (char *) malloc(strlen(proxy_authentication) + 6);
if(proxy_string) {
if (proxy_string) {
strcpy(proxy_string, "Basic ");
strncat(proxy_string, proxy_authentication, strlen(proxy_authentication) - 6);
add_header(&ptr_head, "Proxy-Authorization", proxy_string, HEADER_TYPE_DEFAULT);
}else{
} else {
hydra_report(stderr, "Out of memory for \"Proxy-Authorization\" header.");
return NULL;
}

2
hydra.1
View file

@ -113,7 +113,7 @@ Show summary of options.
.br
The programs are documented fully by van Hauser <vh@thc.org>
.SH AUTHOR
hydra was written by van Hauser / THC <vh@thc.org> and is co-maintained by David Maciejak <david.maciejak@gmail.com>.
hydra was written by van Hauser / THC <vh@thc.org>
.PP
This manual page was written by Daniel Echeverry <epsilon77@gmail.com>,

78
hydra.c
View file

@ -47,7 +47,8 @@ extern void service_http_proxy(char *ip, int sp, unsigned char options, char *mi
extern void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
extern void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
extern void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
extern void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
extern void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
// ADD NEW SERVICES HERE
#ifdef HAVE_MATH_H
@ -132,12 +133,14 @@ extern int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char optio
extern int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
extern int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
extern int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
extern int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
extern int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
// ADD NEW SERVICES HERE
// ADD NEW SERVICES HERE
char *SERVICES = "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp";
char *SERVICES =
"asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp";
#define MAXBUF 520
#define MAXLINESIZE ( ( MAXBUF / 2 ) - 4 )
@ -158,8 +161,6 @@ char *SERVICES = "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-
#define VERSION "v8.1-dev"
#define AUTHOR "van Hauser/THC"
#define EMAIL "<vh@thc.org>"
#define AUTHOR2 "David Maciejak"
#define EMAIL2 "<david.maciejak@gmail.com>"
#define RESOURCE "http://www.thc.org/thc-hydra"
extern char *hydra_strcasestr(const char *haystack, const char *needle);
@ -264,6 +265,7 @@ typedef struct {
// external vars
extern char HYDRA_EXIT[5];
#if !defined(ANDROID) && !defined(__BIONIC__)
extern int errno;
#endif
@ -353,9 +355,7 @@ void help(int ext) {
printf(" OPT some service modules support additional input (-U for module help)\n");
printf("\nSupported services: %s\n", SERVICES);
printf
("\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\nv3.0. The newest version is always available at %s\n",
PROGRAM, RESOURCE);
printf("\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\nv3.0. The newest version is always available at %s\n", PROGRAM, RESOURCE);
printf("Don't use in military or secret service organizations, or for illegal purposes.\n");
if (ext && strlen(unsupported) > 0) {
if (unsupported[strlen(unsupported) - 1] == ' ')
@ -565,15 +565,11 @@ void module_usage() {
" C=/page/uri to define a different page to gather initial cookies from\n"
" (h|H)=My-Hdr: foo to send a user defined HTTP header with each request\n"
" ^USER^ and ^PASS^ can also be put into these headers!\n"
" Note that 'h' and 'H' are not the same. The former will add the user-defined header at the end"
" regardless it's already being sent by Hydra or not. The latter will replace the value of that header"
" if it exists, by the one supplied by the user, or add the header at the end if it does not exist."
" For example: 'h=User-Agent: Googlebot' would send two 'User-Agent' headers, the one supplied by default"
" ('Mozilla/5.0 (Hydra)'), and the one supplied by the user ('Googlebot'). 'H=User-Agent: Googlebot' would"
" only send a single 'User-Agent' header with the value supplied, effectively replacing the default user agent."
" This is useful to pass hidden CSRF token fields that are tied to a previously issued cookie and are unique"
" for each session. Various C/H/h parameters can be specified separated by colons and optionally intermixed."
"Examples:\n"
" Note: 'h' will add the user-defined header at the end\n"
" regardless it's already being sent by Hydra or not.\n"
" 'H' will replace the value of that header if it exists, by the\n"
" one supplied by the user, or add the header at the end\n"
"\nExamples:\n"
" \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n"
" \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n"
" \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n"
@ -825,7 +821,7 @@ void hydra_restore_read() {
pass_ptr = csv_ptr = login_ptr;
}
hydra_targets = malloc((hydra_brains.targets + 3 )* sizeof(hydra_targets));
hydra_targets = malloc((hydra_brains.targets + 3) * sizeof(hydra_targets));
for (j = 0; j < hydra_brains.targets; j++) {
hydra_targets[j] = malloc(sizeof(hydra_target));
fck = (int) fread(hydra_targets[j], sizeof(hydra_target), 1, f);
@ -873,7 +869,7 @@ void hydra_restore_read() {
hydra_targets[j]->use_count = 0;
hydra_targets[j]->failed = 0;
}
hydra_heads = malloc((hydra_options.max_use + 2 ) * sizeof(int) + 8);
hydra_heads = malloc((hydra_options.max_use + 2) * sizeof(int) + 8);
for (j = 0; j < hydra_options.max_use; j++) {
hydra_heads[j] = malloc(sizeof(hydra_head));
fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f);
@ -976,7 +972,7 @@ unsigned long int countlines(FILE * fp, int colonmode) {
}
rewind(fp);
free(buf);
(void)fstat(fileno(fp), &st);
(void) fstat(fileno(fp), &st);
size_of_data = st.st_size + 1;
return lines;
}
@ -1339,7 +1335,8 @@ int hydra_spawn_head(int head_no, int target_no) {
service_sip(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
#endif
if (strcmp(hydra_options.service, "xmpp") == 0)
service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp,
hydra_targets[target_no]->port);
if (strcmp(hydra_options.service, "irc") == 0)
service_irc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
#ifdef LIBOPENSSL
@ -1356,7 +1353,7 @@ int hydra_spawn_head(int head_no, int target_no) {
child_head_no = -1;
if (hydra_heads[head_no]->pid > 0) {
fck = write(hydra_heads[head_no]->sp[1], "n", 1); // yes, a small "n" - this way we can distinguish later if the client successfully tested a pair and is requesting a new one or the mother did that
(void)fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK);
(void) fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK);
if (hydra_heads[head_no]->redo != 1)
hydra_heads[head_no]->target_no = target_no;
hydra_heads[head_no]->active = 1;
@ -1516,14 +1513,14 @@ void hydra_increase_fail_count(int target_no, int head_no) {
printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count,
MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5
&& hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks -
hydra_targets[target_no]->
failed) : 1) +
(hydra_targets[target_no]->ok ? 2 : -2));
hydra_targets
[target_no]->failed) : 1)
+ (hydra_targets[target_no]->ok ? 2 : -2));
if (hydra_targets[target_no]->fail_count >=
MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5
&& hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks -
hydra_targets[target_no]->
failed) : 1) +
hydra_targets
[target_no]->failed) : 1) +
(hydra_targets[target_no]->ok ? 2 : -2)
) {
k = 0;
@ -1943,8 +1940,8 @@ int hydra_send_next_pair(int target_no, int head_no) {
}
if (debug || hydra_options.showAttempt) {
printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %lu of %lu [child %d]\n",
hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr,
hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no);
hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr,
hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no);
}
loop_cnt = 0;
return 0;
@ -2045,7 +2042,7 @@ int main(int argc, char *argv[]) {
struct sockaddr_in6 *ipv6 = NULL;
struct sockaddr_in *ipv4 = NULL;
printf("%s %s (c) 2014 by %s & %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2);
printf("%s %s (c) 2014 by %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR);
#ifndef LIBPOSTGRES
SERVICES = hydra_string_replace(SERVICES, "postgres ", "");
strcat(unsupported, "postgres ");
@ -2929,7 +2926,8 @@ int main(int argc, char *argv[]) {
}
if (hydra_options.ssl == 1 && strncmp(hydra_options.service, "http-", 5 == 0) && hydra_options.port == 443)
fprintf(stderr, "[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n");
fprintf(stderr,
"[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n");
if (hydra_options.loop_mode && hydra_options.colonfile != NULL)
bail("The loop mode option (-u) works with all modes - except colon files (-C)\n");
@ -3125,11 +3123,11 @@ int main(int argc, char *argv[]) {
bail("Could not allocate enough memory for target data");
sizeinfile = size_of_data;
if (countinfile > MAX_LINES / 1000) {
fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int)countinfile);
fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int) countinfile);
exit(-1);
}
if (sizeinfile > MAX_BYTES / 1000) {
fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int)sizeinfile);
fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int) sizeinfile);
exit(-1);
}
if ((servers_ptr = malloc(sizeinfile + countservers + 8)) == NULL)
@ -3159,6 +3157,7 @@ int main(int argc, char *argv[]) {
unsigned int four_from, four_to, addr_cur, addr_cur2, k, l;
in_addr_t addr4;
struct sockaddr_in target;
hydra_options.cidr = 1;
do_retry = 0;
if ((tmpptr = malloc(strlen(hydra_options.server) + 1)) == NULL) {
@ -3193,7 +3192,7 @@ int main(int argc, char *argv[]) {
hydra_targets[i] = malloc(sizeof(hydra_target));
memset(hydra_targets[i], 0, sizeof(hydra_target));
addr_cur2 = htonl(addr_cur);
memcpy(&target.sin_addr.s_addr, (char*) &addr_cur2, 4);
memcpy(&target.sin_addr.s_addr, (char *) &addr_cur2, 4);
hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr) target.sin_addr));
hydra_targets[i]->port = hydra_options.port;
addr_cur++;
@ -3364,12 +3363,13 @@ int main(int argc, char *argv[]) {
if (hydra_options.ssl)
options = options | OPTION_SSL;
if (hydra_options.colonfile != NULL)
printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets,
hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, math2 == 1 ? "y" : "ies");
printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s",
hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2,
math2 == 1 ? "y" : "ies");
else
printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets,
hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", (unsigned long int) hydra_brains.countlogin,
(unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies");
printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s",
hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies",
(unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies");
printf("[DATA] attacking service %s on port %d\n", hydra_options.service, port);

2
xhydra.1
View file

@ -23,7 +23,7 @@ Currently this tool supports:
.BR pw-inspector (1).
.br
.SH AUTHOR
hydra was written by van Hauser <vh@thc.org> and co-maintained by David Maciejak <david.maciejak@gmail.com>.
hydra was written by van Hauser <vh@thc.org>
.PP
This manual page was written by Daniel Echeverry <epsilon77@gmail.com>,