github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-19 21:03:52 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

cleanup of submitted code

Browse source
This commit is contained in:
van Hauser 2019-07-29 12:04:57 +02:00
commit 150d325027
2 changed files with 12 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CHANGES
View file

@ -2,7 +2,7 @@ Changelog for hydra
------------------- -------------------
Release 9.1-dev Release 9.1-dev
* your patch? :) * http module now supports F=/S= string matching conditions (thanks to poucz@github)
* changed mysql module not to use mysql db as a default. if the user has not access to this db auth fails ... * changed mysql module not to use mysql db as a default. if the user has not access to this db auth fails ...
* added -K command line switch to disable redo attempts (good for mass scanning) * added -K command line switch to disable redo attempts (good for mass scanning)
* forgot to have the -m option in the hydra help output * forgot to have the -m option in the hydra help output

28
hydra-http.c
View file

@ -31,8 +31,6 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (strcmp(type, "POST") == 0) if (strcmp(type, "POST") == 0)
add_header(&ptr_head, "Content-Length", "0", HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Content-Length", "0", HEADER_TYPE_DEFAULT);
header = stringify_headers(&ptr_head); header = stringify_headers(&ptr_head);
buffer_size = strlen(header) + 500; buffer_size = strlen(header) + 500;
@ -224,28 +222,21 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
return 3; return 3;
} }
if (debug) if (debug)
hydra_report(stderr, "S:%s\n", http_buf); hydra_report(stderr, "S:%s\n", http_buf);
ptr = ((char *) index(http_buf, ' ')); ptr = ((char *) index(http_buf, ' '));
if (ptr != NULL) if (ptr != NULL)
ptr++; ptr++;
if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) {
if (end_condition_type>=0 && hydra_string_match(http_buf,end_condition)!=end_condition_type) {
if(end_condition_type>=0 && hydra_string_match(http_buf,end_condition)!=end_condition_type){ if (debug) hydra_report(stderr, "End condition not match continue.\n");
if (debug)
hydra_report(stderr, "End condition not match continue.\n");
hydra_completed_pair(); hydra_completed_pair();
}else{ } else {
hydra_report(stderr, "END condition %s match.\n",end_condition); if (debug) hydra_report(stderr, "END condition %s match.\n",end_condition);
hydra_report_found_host(port, ip, "www", fp); hydra_report_found_host(port, ip, "www", fp);
hydra_completed_pair_found(); hydra_completed_pair_found();
} }
if (http_buf != NULL) { if (http_buf != NULL) {
free(http_buf); free(http_buf);
http_buf = NULL; http_buf = NULL;
@ -283,8 +274,6 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
// free(http_buf); // free(http_buf);
// http_buf = NULL; // http_buf = NULL;
free(buffer); free(buffer);
free(header); free(header);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -346,10 +335,6 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
if (http_auth_mechanism == AUTH_UNASSIGNED) if (http_auth_mechanism == AUTH_UNASSIGNED)
http_auth_mechanism = AUTH_BASIC; http_auth_mechanism = AUTH_BASIC;
while (1) { while (1) {
next_run = 0; next_run = 0;
switch (run) { switch (run) {
@ -465,7 +450,8 @@ void usage_http(const char* service) {
"The following parameters are optional:\n" "The following parameters are optional:\n"
" (a|A)=auth-type specify authentication mechanism to use: BASIC, NTLM or MD5\n" " (a|A)=auth-type specify authentication mechanism to use: BASIC, NTLM or MD5\n"
" (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n"
" (F|S)=Invalid condition login check can be preceded by \"F=\", successful condition\n" " (F|S)=check for text in the HTTP reply. S= means if this text is found, a\n"
" login check must be preceded by \"S=\". IMPORTANT this option must by last option.\n" " valid account has been found, F= means if this string is present the\n"
" combination is invalid. Note: this must be the last option supplied.\n"
"For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", service); "For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", service);
} }