diff --git a/hydra-asterisk.c b/hydra-asterisk.c index f93209b..530c0d2 100644 --- a/hydra-asterisk.c +++ b/hydra-asterisk.c @@ -28,8 +28,8 @@ int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscp memset(buffer, 0, sizeof(buffer)); sprintf(buffer, "Action: Login\r\nUsername: %.250s\r\nSecret: %.250s\r\n\r\n", login, pass); - if (verbose || debug) - hydra_report(stderr, "[VERBOSE] C: %s\n", buffer); + if (debug) + hydra_report(stderr, "[DEBUG] C: %s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; @@ -37,8 +37,8 @@ int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscp if ((buf = hydra_receive_line(s)) == NULL) return 1; - if (verbose || debug) - hydra_report(stderr, "[VERBOSE] S: %s\n", buf); + if (debug) + hydra_report(stderr, "[DEBUG] S: %s\n", buf); if (buf == NULL || (strstr(buf, "Response: ") == NULL)) { hydra_report(stderr, "[ERROR] Asterisk Call Manager protocol error or service shutdown: %s\n", buf); diff --git a/hydra-cisco-enable.c b/hydra-cisco-enable.c index 0e194dc..db4d756 100644 --- a/hydra-cisco-enable.c +++ b/hydra-cisco-enable.c @@ -107,6 +107,8 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr } if (miscptr != NULL) { + if (buf != NULL) + free(buf); while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) { if (hydra_strcasestr(buf, "ress ENTER") != NULL) hydra_send(sock, "\r\n", 2, 0); diff --git a/hydra-cisco.c b/hydra-cisco.c index dac825d..1725237 100644 --- a/hydra-cisco.c +++ b/hydra-cisco.c @@ -25,7 +25,8 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, } sleep(1); do { - buf = hydra_receive_line(s); + if ((buf = hydra_receive_line(s)) == NULL) + return 3; if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') @@ -49,7 +50,9 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } do { - buf = hydra_receive_line(s); + free(buf); + if ((buf = hydra_receive_line(s)) == NULL) + return 3; if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') diff --git a/hydra-http-proxy-urlenum.c b/hydra-http-proxy-urlenum.c index c9c4252..6828ad3 100644 --- a/hydra-http-proxy-urlenum.c +++ b/hydra-http-proxy-urlenum.c @@ -116,6 +116,7 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c return 1; //receive challenge + free(buf); buf = hydra_receive_line(s); while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) { free(buf); diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index 344a864..0768af3 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -53,6 +53,7 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis if (debug) hydra_report(stderr, "S:%s\n", http_proxy_buf); + free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) { free(http_proxy_buf); diff --git a/hydra-imap.c b/hydra-imap.c index 1668a2e..6ce7791 100644 --- a/hydra-imap.c +++ b/hydra-imap.c @@ -198,14 +198,14 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, from64tobits((char *) buffer, buf); free(buf); - if (verbose) + if (debug) hydra_report(stderr, "DEBUG S: %s\n", buffer); fooptr = buffer2; sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); if (fooptr == NULL) return 3; - if (verbose) + if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer2); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s\r\n", buffer2); diff --git a/hydra-irc.c b/hydra-irc.c index 0008200..d3ffec6 100644 --- a/hydra-irc.c +++ b/hydra-irc.c @@ -145,7 +145,7 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * } buffer[0] = 0; - if ((ret = hydra_recv(sock, buffer, sizeof(buffer))) >= 0) + if ((ret = hydra_recv(sock, buffer, sizeof(buffer) - 1)) >= 0) buffer[ret] = 0; /* ERROR :Bad password */ diff --git a/hydra-mysql.c b/hydra-mysql.c index 0c045e0..20c36c4 100644 --- a/hydra-mysql.c +++ b/hydra-mysql.c @@ -55,7 +55,7 @@ char *hydra_mysql_receive_line(int socket) { } if (i <= 0) { if (debug) - hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END\n", buff); + hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END\n"); free(buff); return NULL; } diff --git a/hydra-nntp.c b/hydra-nntp.c index 9cb759c..acad22d 100644 --- a/hydra-nntp.c +++ b/hydra-nntp.c @@ -169,14 +169,14 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, from64tobits((char *) buffer, buf + 4); free(buf); - if (verbose) + if (debug) hydra_report(stderr, "DEBUG S: %s\n", buffer); fooptr = buffer2; sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); if (fooptr == NULL) return 3; - if (verbose) + if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer2); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s\r\n", buffer2); diff --git a/hydra-pcanywhere.c b/hydra-pcanywhere.c index 0f4f93c..4e30000 100644 --- a/hydra-pcanywhere.c +++ b/hydra-pcanywhere.c @@ -140,7 +140,7 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis return 1; } - ret = hydra_recv(s, buffer, sizeof(buffer)); + ret = hydra_recv(s, buffer, sizeof(buffer) - 1); if (ret == -1) { return 1; } @@ -148,17 +148,21 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis if (i == 3) { if (ret == 3) { /*one more to get the login prompt */ - ret = hydra_recv(s, buffer, sizeof(buffer)); + ret = hydra_recv(s, buffer, sizeof(buffer) - 1); } } + if (ret >= 0) + buffer[ret] = 0; + if (i == 0 || i == 3) clean_buffer(buffer, ret); - /*show_buffer(buffer,ret); */ + if (debug) show_buffer(buffer, ret); if (i == 2) { clean_buffer(buffer, ret); + buffer[sizeof(buffer) - 1] = 0; if (strstr(buffer, server[i + 2]) != NULL) { fprintf(stderr, "[ERROR] PC Anywhere host denying connection because you have requested a lower encrypt level\n"); return 3; @@ -176,10 +180,11 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis if (send_cstring(s, clogin) < 0) { return 1; } - ret = hydra_recv(s, buffer, sizeof(buffer)); - if (ret == -1) { + ret = hydra_recv(s, buffer, sizeof(buffer) - 1); + if (ret < 0) { return 1; } + buffer[ret] = 0; clean_buffer(buffer, ret); /*show_buffer(buffer,ret); */ if (strstr(buffer, "Enter password:") == NULL) { diff --git a/hydra-pop3.c b/hydra-pop3.c index 66c1f27..7841ce4 100644 --- a/hydra-pop3.c +++ b/hydra-pop3.c @@ -301,16 +301,16 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, from64tobits((char *) buffer, buf); free(buf); - if (verbose) - hydra_report(stderr, "[VERBOSE] S: %s\n", buffer); + if (debug) + hydra_report(stderr, "[DEBUG] S: %s\n", buffer); fooptr = buffer2; sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); if (fooptr == NULL) return 3; - if (verbose) - hydra_report(stderr, "[VERBOSE] C: %s\n", buffer2); + if (debug) + hydra_report(stderr, "[DEBUG] C: %s\n", buffer2); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s\r\n", buffer2); } diff --git a/hydra-rexec.c b/hydra-rexec.c index 8fadfdd..f424823 100644 --- a/hydra-rexec.c +++ b/hydra-rexec.c @@ -32,7 +32,7 @@ int start_rexec(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } - ret = hydra_recv(s, buffer, sizeof(buffer)); + ret = hydra_recv(s, buffer, sizeof(buffer) - 1); if (ret > 0 && buffer[0] == 0) { hydra_report_found_host(port, ip, "rexec", fp); diff --git a/hydra-rlogin.c b/hydra-rlogin.c index be6b645..ab26abb 100644 --- a/hydra-rlogin.c +++ b/hydra-rlogin.c @@ -38,13 +38,14 @@ int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(login) + strlen(TERM), 0) < 0) { return 4; } - ret = hydra_recv(s, buffer, sizeof(buffer)); + buffer[0] = 0; + ret = hydra_recv(s, buffer, sizeof(buffer) - 1); /* 0x00 is sent but hydra_recv transformed it */ if (strlen(buffer) == 0) { ret = hydra_recv(s, buffer, sizeof(buffer) - 1); - if (ret >= 0) - buffer[ret] = 0; } + if (ret >= 0) + buffer[ret] = 0; if (ret > 0 && (strstr(buffer, "rlogind:") != NULL)) return 1; diff --git a/hydra-rsh.c b/hydra-rsh.c index 0fc93af..2ed6996 100644 --- a/hydra-rsh.c +++ b/hydra-rsh.c @@ -37,7 +37,7 @@ int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, F } buffer[0] = 0; - if ((ret = hydra_recv(s, buffer, sizeof(buffer))) >= 0) + if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) >= 0) buffer[ret] = 0; /* 0x00 is sent but hydra_recv transformed it */ if (strlen(buffer) == 0) diff --git a/hydra-s7-300.c b/hydra-s7-300.c index 734a7d3..e45207b 100644 --- a/hydra-s7-300.c +++ b/hydra-s7-300.c @@ -6,26 +6,13 @@ extern char *HYDRA_EXIT; -unsigned char p_cotp[] = - "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" - "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" - "\x01\x0a"; +unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" "\x01\x0a"; -unsigned char p_s7_negotiate_pdu[] = - "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" - "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" - "\x01\x00\x01\x01\xe0"; +unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" "\x01\x00\x01\x01\xe0"; -unsigned char p_s7_read_szl[] = - "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" - "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" - "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" - "\x32\x00\x04"; +unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" "\x32\x00\x04"; -unsigned char p_s7_password_request[] = - "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" - "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" - "\x04\x11\x45\x01\x00\xff\x09\x00\x08"; +unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" "\x04\x11\x45\x01\x00\xff\x09\x00\x08"; int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { @@ -43,7 +30,7 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr memset(context, 0, sizeof(context)); if (strlen(pass) < S7PASSLEN) { strncpy(context, pass, strlen(pass)); - strncat(context, spaces, S7PASSLEN - strlen(pass) ); + strncat(context, spaces, S7PASSLEN - strlen(pass)); } else { strncpy(context, pass, S7PASSLEN); } @@ -52,65 +39,66 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr encoded_password[0] = context[0] ^ 0x55; encoded_password[1] = context[1] ^ 0x55; int i; + for (i = 2; i < S7PASSLEN; i++) { - encoded_password[i] = context[i] ^ encoded_password[i-2] ^ 0x55 ; + encoded_password[i] = context[i] ^ encoded_password[i - 2] ^ 0x55; } // send p_cotp and check first 2 bytes of answer if (hydra_send(s, (char *) p_cotp, 22, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); - ret=hydra_recv_nb(s, buffer, sizeof(buffer)); + ret = hydra_recv_nb(s, buffer, sizeof(buffer)); if (ret <= 0) return 3; - if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) ) + if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) return 3; // send p_s7_negotiate_pdu and check first 2 bytes of answer if (hydra_send(s, (char *) p_s7_negotiate_pdu, 25, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); - ret=hydra_recv_nb(s, buffer, sizeof(buffer)); + ret = hydra_recv_nb(s, buffer, sizeof(buffer)); if (ret <= 0) return 3; - if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) ) + if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) return 3; - + // send p_s7_read_szl and check first 2 bytes of answer if (hydra_send(s, (char *) p_s7_read_szl, 33, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); - ret=hydra_recv_nb(s, buffer, sizeof(buffer)); + ret = hydra_recv_nb(s, buffer, sizeof(buffer)); if (ret <= 0) return 3; - if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) ) + if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) return 3; - + // so now add encoded_password to p_s7_password_request and send memset(buffer, 0, sizeof(buffer)); memcpy(buffer, p_s7_password_request, 29); memcpy(buffer + 29, encoded_password, S7PASSLEN); - if (hydra_send(s, buffer, 29 + S7PASSLEN , 0) < 0) + if (hydra_send(s, buffer, 29 + S7PASSLEN, 0) < 0) return 1; - + memset(buffer, 0, sizeof(buffer)); - ret=hydra_recv_nb(s, buffer, sizeof(buffer)); + ret = hydra_recv_nb(s, buffer, sizeof(buffer)); if (ret <= 0) return 3; - + // now check answer // 0x0000 - valid password // 0xd605 - no password // 0xd602 - wrong password - if (ret > 30 ) { + if (ret > 30) { if (buffer[27] == '\x00' && buffer[28] == '\x00') { hydra_report_found_host(port, ip, "s7-300", fp); hydra_completed_pair_found(); @@ -175,7 +163,7 @@ void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { +int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. @@ -219,7 +207,7 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, encoded_password[0] = context[0] ^ 0x55; encoded_password[1] = context[1] ^ 0x55; for (i = 2; i < S7PASSLEN; i++) { - encoded_password[i] = context[i] ^ encoded_password[i-2] ^ 0x55 ; + encoded_password[i] = context[i] ^ encoded_password[i - 2] ^ 0x55; } // send p_cotp and check first 2 bytes of answer @@ -237,7 +225,6 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, fprintf(stderr, "[ERROR] invalid reply to init packet\n"); return 3; } - // send p_s7_negotiate_pdu and check first 2 bytes of answer if (hydra_send(sock, (char *) p_s7_negotiate_pdu, 25, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service (2)\n"); @@ -253,7 +240,6 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, fprintf(stderr, "[ERROR] invalid reply to init packet (2)\n"); return 3; } - // send p_s7_read_szl and check first 2 bytes of answer if (hydra_send(sock, (char *) p_s7_read_szl, 33, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service (3)\n"); @@ -265,27 +251,25 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, return 3; } - if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) ) { + if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) { fprintf(stderr, "[ERROR] invalid reply to init packet (3)\n"); return 3; } - // so now add encoded_password to p_s7_password_request and send memset(buffer, 0, sizeof(buffer)); memcpy(buffer, p_s7_password_request, 29); memcpy(buffer + 29, encoded_password, S7PASSLEN); - if (hydra_send(sock, buffer, 29 + S7PASSLEN , 0) < 0) { + if (hydra_send(sock, buffer, 29 + S7PASSLEN, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service (4)\n"); return 3; } - + memset(buffer, 0, sizeof(buffer)); if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) { fprintf(stderr, "[ERROR] did not received data from the service (4)\n"); return 3; } - // now check answer // 0x0000 - valid password // 0xd605 - no password diff --git a/hydra-sip.c b/hydra-sip.c index a071e81..db1c74b 100644 --- a/hydra-sip.c +++ b/hydra-sip.c @@ -75,8 +75,9 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt while (try < 2 && !has_sip_cred) { try++; if (hydra_data_ready_timed(s, 3, 0) > 0) { - i = hydra_recv(s, (char *) buf, sizeof(buf)); - buf[sizeof(buf) - 1] = '\0'; + i = hydra_recv(s, (char *) buf, sizeof(buf) - 1); + if (i > 0) + buf[i] = '\0'; if (strncmp(buf, "SIP/2.0 404", 11) == 0) { hydra_report(stdout, "[ERROR] Get error code 404 : user '%s' not found\n", login); return 2; @@ -124,7 +125,7 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt hydra_report(stderr, "[ERROR] no www-authenticate header found!\n"); return -1; } - if (verbose) + if (debug) hydra_report(stderr, "[INFO] S: %s\n", buf); char buffer2[512]; @@ -139,7 +140,7 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt "Call-ID: 1337@%s\n" "CSeq: %i REGISTER\n" "Authorization: Digest %s\n" "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2); cseq++; - if (verbose) + if (debug) hydra_report(stderr, "[INFO] C: %s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 3; @@ -152,9 +153,9 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt try++; if (hydra_data_ready_timed(s, 5, 0) > 0) { memset(buf, 0, sizeof(buf)); - if ((i = hydra_recv(s, (char *) buf, sizeof(buf))) >= 0) + if ((i = hydra_recv(s, (char *) buf, sizeof(buf) - 1)) >= 0) buf[i] = 0; - if (verbose) + if (debug) hydra_report(stderr, "[INFO] S: %s\n", buf); sip_code = get_sip_code(buf); if (sip_code >= 200 && sip_code < 300) { diff --git a/hydra-smb.c b/hydra-smb.c index 0c1c2f9..23319df 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -978,7 +978,7 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *) challenge); if (ret == -1) { - free(LMv2hash); + free(LMhash); return -1; } diff --git a/hydra-smtp.c b/hydra-smtp.c index 11f95ae..6e65578 100644 --- a/hydra-smtp.c +++ b/hydra-smtp.c @@ -125,7 +125,7 @@ int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, from64tobits((char *) buffer, buf + 4); free(buf); - if (verbose) + if (debug) hydra_report(stderr, "DEBUG S: %s\n", buffer); fooptr = buffer2; @@ -133,7 +133,7 @@ int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, if (fooptr == NULL) return 3; - if (verbose) + if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer2); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s\r\n", buffer2);