github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-05 12:36:09 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

cleanup of submitted code

Browse source
This commit is contained in:
van Hauser 2019-07-29 12:04:57 +02:00
parent 91ced0fa40
commit 150d325027
2 changed files with 12 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CHANGES
View file

@ -2,7 +2,7 @@ Changelog for hydra
-------------------
Release 9.1-dev
* your patch? :)
* http module now supports F=/S= string matching conditions (thanks to poucz@github)
* changed mysql module not to use mysql db as a default. if the user has not access to this db auth fails ...
* added -K command line switch to disable redo attempts (good for mass scanning)
* forgot to have the -m option in the hydra help output

36
hydra-http.c
View file

@ -30,8 +30,6 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (strcmp(type, "POST") == 0)
add_header(&ptr_head, "Content-Length", "0", HEADER_TYPE_DEFAULT);
header = stringify_headers(&ptr_head);
@ -224,28 +222,21 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
return 3;
}
if (debug)
hydra_report(stderr, "S:%s\n", http_buf);
ptr = ((char *) index(http_buf, ' '));
if (ptr != NULL)
ptr++;
if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) {
if(end_condition_type>=0 && hydra_string_match(http_buf,end_condition)!=end_condition_type){
if (debug)
hydra_report(stderr, "End condition not match continue.\n");
hydra_completed_pair();
}else{
hydra_report(stderr, "END condition %s match.\n",end_condition);
hydra_report_found_host(port, ip, "www", fp);
hydra_completed_pair_found();
}
if (end_condition_type>=0 && hydra_string_match(http_buf,end_condition)!=end_condition_type) {
if (debug) hydra_report(stderr, "End condition not match continue.\n");
hydra_completed_pair();
} else {
if (debug) hydra_report(stderr, "END condition %s match.\n",end_condition);
hydra_report_found_host(port, ip, "www", fp);
hydra_completed_pair_found();
}
if (http_buf != NULL) {
free(http_buf);
http_buf = NULL;
@ -283,8 +274,6 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
// free(http_buf);
// http_buf = NULL;
free(buffer);
free(header);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -346,10 +335,6 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
if (http_auth_mechanism == AUTH_UNASSIGNED)
http_auth_mechanism = AUTH_BASIC;
while (1) {
next_run = 0;
switch (run) {
@ -465,7 +450,8 @@ void usage_http(const char* service) {
"The following parameters are optional:\n"
" (a|A)=auth-type specify authentication mechanism to use: BASIC, NTLM or MD5\n"
" (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n"
" (F|S)=Invalid condition login check can be preceded by \"F=\", successful condition\n"
" login check must be preceded by \"S=\". IMPORTANT this option must by last option.\n"
" (F|S)=check for text in the HTTP reply. S= means if this text is found, a\n"
" valid account has been found, F= means if this string is present the\n"
" combination is invalid. Note: this must be the last option supplied.\n"
"For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", service);
}