http module a= option

2025-07-05 20:41:39 -07:00 · 2019-05-16 06:06:52 +02:00 · 2019-05-16 06:06:52 +02:00 · 0a0dd605ff
commit 0a0dd605ff
parent c57d78c42f
4 changed files with 24 additions and 4 deletions
--- a/3
+++ b/3
@ -3,7 +3,8 @@ Changelog for hydra

 Release 8.9-dev
 * your patch? :)
-* Revamped rdp module to use FreeRDP library (thanks to loianhtuan@github for the patch!)
+* http: http module now supports a= option to select http authentication type
+* rdp: Revamped rdp module to use FreeRDP library (thanks to loianhtuan@github for the patch!)
 * JSON output does now truncate the file if exists. Beware when using -R
 * Fixed svn module memory leaks
 * Fixed rtsp module potential buffer overflow
--- a/hydra-http-form.c
+++ b/hydra-http-form.c
@ -50,10 +50,12 @@ Added fail or success condition, getting cookies, and allow 5 redirections by da
 */

 #include "hydra-http.h"
+#include "sasl.h"

 extern char *HYDRA_EXIT;
 char *buf;
 char *cond;
+extern int32_t http_auth_mechanism;

 struct header_node {
  char *header;
@ -397,6 +399,18 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
   */
  while (*miscptr != 0) {
    switch (miscptr[0]) {
+    case 'a':                  // fall through
+    case 'A':                  // only for http, not http-form!
+      ptr = miscptr + 2;
+      if (strncasecmp(miscptr, "NTML", 4) == 0)
+        http_auth_mechanism = AUTH_NTLM;
+      else if (strncasecmp(miscptr, "MD5", 3) == 0 || strncasecmp(miscptr, "DIGEST", 6) == 0)
+        http_auth_mechanism = AUTH_DIGESTMD5;
+      else if (strncasecmp(miscptr, "BASIC", 4) == 0)
+        http_auth_mechanism = AUTH_BASIC;
+      else
+        fprintf(stderr, "[WARNING] unknown http auth type: %s\n", miscptr);
+      break;
    case 'c':                  // fall through
    case 'C':
      ptr = miscptr + 2;
--- a/hydra-http.c
+++ b/hydra-http.c
@ -6,7 +6,7 @@ char *webtarget = NULL;
 char *slash = "/";
 char *http_buf = NULL;
 int32_t webport, freemischttp = 0;
-int32_t http_auth_mechanism = AUTH_BASIC;
+int32_t http_auth_mechanism = AUTH_UNASSIGNED;

 int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *type, ptr_header_node ptr_head) {
  char *empty = "";
@ -314,9 +314,12 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
    *ptr++ = 0;
  optional1 = ptr;

-  if (!parse_options(optional1, &ptr_head))
+  if (!parse_options(optional1, &ptr_head)) // this function is in hydra-http-form.c !!
    run = 4;

+  if (http_auth_mechanism == AUTH_UNASSIGNED)
+    http_auth_mechanism = AUTH_BASIC;
+
  while (1) {
    next_run = 0;
    switch (run) {
@ -393,6 +396,7 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis
 void usage_http(const char* service) {
  printf("Module %s requires the page to authenticate.\n"
         "The following parameters are optional:\n"
+         " (a|A)=auth-type   specify authentication mechanism to use: BASIC, NTLM or MD5\n"
         " (h|H)=My-Hdr\\: foo   to send a user defined HTTP header with each request\n"
-         "For example:  \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: sessid=aaaa\" or \"https://test.com:8080/members\"\n\n", service);
+         "For example:  \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", service);
 }
--- a/sasl.h
+++ b/sasl.h
@ -19,6 +19,7 @@
 #define AUTH_BASIC 11
 #define AUTH_LM 12
 #define AUTH_LMv2 13
+#define AUTH_UNASSIGNED 14

 #if LIBIDN
 #include <stringprep.h>