From 0a0dd605ffa94d9ad291b02db5e1cecc94a8941b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 16 May 2019 06:06:52 +0200 Subject: [PATCH] http module a= option --- CHANGES | 3 ++- hydra-http-form.c | 14 ++++++++++++++ hydra-http.c | 10 +++++++--- sasl.h | 1 + 4 files changed, 24 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index e7a85e0..c9a75e1 100644 --- a/CHANGES +++ b/CHANGES @@ -3,7 +3,8 @@ Changelog for hydra Release 8.9-dev * your patch? :) -* Revamped rdp module to use FreeRDP library (thanks to loianhtuan@github for the patch!) +* http: http module now supports a= option to select http authentication type +* rdp: Revamped rdp module to use FreeRDP library (thanks to loianhtuan@github for the patch!) * JSON output does now truncate the file if exists. Beware when using -R * Fixed svn module memory leaks * Fixed rtsp module potential buffer overflow diff --git a/hydra-http-form.c b/hydra-http-form.c index 10d08b4..f322fe6 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -50,10 +50,12 @@ Added fail or success condition, getting cookies, and allow 5 redirections by da */ #include "hydra-http.h" +#include "sasl.h" extern char *HYDRA_EXIT; char *buf; char *cond; +extern int32_t http_auth_mechanism; struct header_node { char *header; @@ -397,6 +399,18 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { */ while (*miscptr != 0) { switch (miscptr[0]) { + case 'a': // fall through + case 'A': // only for http, not http-form! + ptr = miscptr + 2; + if (strncasecmp(miscptr, "NTML", 4) == 0) + http_auth_mechanism = AUTH_NTLM; + else if (strncasecmp(miscptr, "MD5", 3) == 0 || strncasecmp(miscptr, "DIGEST", 6) == 0) + http_auth_mechanism = AUTH_DIGESTMD5; + else if (strncasecmp(miscptr, "BASIC", 4) == 0) + http_auth_mechanism = AUTH_BASIC; + else + fprintf(stderr, "[WARNING] unknown http auth type: %s\n", miscptr); + break; case 'c': // fall through case 'C': ptr = miscptr + 2; diff --git a/hydra-http.c b/hydra-http.c index 4fba1f9..61f7c65 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -6,7 +6,7 @@ char *webtarget = NULL; char *slash = "/"; char *http_buf = NULL; int32_t webport, freemischttp = 0; -int32_t http_auth_mechanism = AUTH_BASIC; +int32_t http_auth_mechanism = AUTH_UNASSIGNED; int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *type, ptr_header_node ptr_head) { char *empty = ""; @@ -314,9 +314,12 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI *ptr++ = 0; optional1 = ptr; - if (!parse_options(optional1, &ptr_head)) + if (!parse_options(optional1, &ptr_head)) // this function is in hydra-http-form.c !! run = 4; + if (http_auth_mechanism == AUTH_UNASSIGNED) + http_auth_mechanism = AUTH_BASIC; + while (1) { next_run = 0; switch (run) { @@ -393,6 +396,7 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis void usage_http(const char* service) { printf("Module %s requires the page to authenticate.\n" "The following parameters are optional:\n" + " (a|A)=auth-type specify authentication mechanism to use: BASIC, NTLM or MD5\n" " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" - "For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: sessid=aaaa\" or \"https://test.com:8080/members\"\n\n", service); + "For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", service); } diff --git a/sasl.h b/sasl.h index 29622d7..459a5ab 100644 --- a/sasl.h +++ b/sasl.h @@ -19,6 +19,7 @@ #define AUTH_BASIC 11 #define AUTH_LM 12 #define AUTH_LMv2 13 +#define AUTH_UNASSIGNED 14 #if LIBIDN #include