github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-05 20:41:39 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

smbv1 check

Browse source
This commit is contained in:
van Hauser 2017-07-07 18:05:59 +02:00
parent 1a72fe023e
commit 15e534fbbf
2 changed files with 60 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGES
View file

@ -2,6 +2,7 @@ Changelog for hydra
-------------------
Release 8.6-dev
* smb module now checks if SMBv1 is supported by the server
* http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch)
* Fix for SSL connections that failed with error:00000000:lib(0):func(0):reason(0) (thanks gaia@github for reporting)
* Added new command line option:

59
hydra-smb.c
View file

@ -1437,7 +1437,66 @@ int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *misc
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
time_t ctime;
int ready = 0, sock = hydra_connect_tcp(ip, port);
unsigned char buf[] = {
0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42,
0x72, 0x00, 0x00, 0x00, 0x00, 0x18, 0x43, 0xc8,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe, 0xff,
0x00, 0x00, 0x00, 0x00, 0x00, 0x9b, 0x00, 0x02,
0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f,
0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52,
0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02,
0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46,
0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52,
0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00,
0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f,
0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f,
0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00,
0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31,
0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e,
0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x44,
0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41,
0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41,
0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00,
0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02,
0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41,
0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e,
0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31,
0x32, 0x00 };
if (sock < 0) {
fprintf(stderr, "[ERROR] could not connect to target smb://%s:%d/\n", hostname, port);
return -1;
}
if (send(sock, buf, sizeof(buf), 0) < 0) {
fprintf(stderr, "[ERROR] unable to send to target smb://%s:%d/\n", hostname, port);
return -1;
}
ctime = time(NULL);
do {
usleepn(300);
} while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 < time(NULL));
if (ready <= 0) {
fprintf(stderr, "[ERROR] no reply from target smb://%s:%d/\n", hostname, port);
return -1;
}
if ((ready = recv(sock, buf, sizeof(buf), 0)) < 40) {
fprintf(stderr, "[ERROR] invalid reply from target smb://%s:%d/\n", hostname, port);
return -1;
}
if (buf[37] == buf[38] && buf[38] == 0xff) {
fprintf(stderr, "[ERROR] target smb://%s:%d/ does not support SMBv1\n", hostname, port);
return -1;
}
return 0;
}