mirror of
https://github.com/vanhauser-thc/thc-hydra.git
synced 2025-08-20 13:23:57 -07:00
more pre-8.0 fixes
This commit is contained in:
vanhauser-thc
parent
ebbd664e07
commit
163a499bfe
18 changed files with 74 additions and 76 deletions
|
|
@ -28,8 +28,8 @@ int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscp
|
||||||
memset(buffer, 0, sizeof(buffer));
|
memset(buffer, 0, sizeof(buffer));
|
||||||
sprintf(buffer, "Action: Login\r\nUsername: %.250s\r\nSecret: %.250s\r\n\r\n", login, pass);
|
sprintf(buffer, "Action: Login\r\nUsername: %.250s\r\nSecret: %.250s\r\n\r\n", login, pass);
|
||||||
|
|
||||||
if (verbose || debug)
|
if (debug)
|
||||||
hydra_report(stderr, "[VERBOSE] C: %s\n", buffer);
|
hydra_report(stderr, "[DEBUG] C: %s\n", buffer);
|
||||||
|
|
||||||
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
|
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
|
||||||
return 1;
|
return 1;
|
||||||
|
|
@ -37,8 +37,8 @@ int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscp
|
||||||
if ((buf = hydra_receive_line(s)) == NULL)
|
if ((buf = hydra_receive_line(s)) == NULL)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
if (verbose || debug)
|
if (debug)
|
||||||
hydra_report(stderr, "[VERBOSE] S: %s\n", buf);
|
hydra_report(stderr, "[DEBUG] S: %s\n", buf);
|
||||||
|
|
||||||
if (buf == NULL || (strstr(buf, "Response: ") == NULL)) {
|
if (buf == NULL || (strstr(buf, "Response: ") == NULL)) {
|
||||||
hydra_report(stderr, "[ERROR] Asterisk Call Manager protocol error or service shutdown: %s\n", buf);
|
hydra_report(stderr, "[ERROR] Asterisk Call Manager protocol error or service shutdown: %s\n", buf);
|
||||||
|
|
|
||||||
|
|
@ -107,6 +107,8 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
|
||||||
}
|
}
|
||||||
|
|
||||||
if (miscptr != NULL) {
|
if (miscptr != NULL) {
|
||||||
|
if (buf != NULL)
|
||||||
|
free(buf);
|
||||||
while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) {
|
while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) {
|
||||||
if (hydra_strcasestr(buf, "ress ENTER") != NULL)
|
if (hydra_strcasestr(buf, "ress ENTER") != NULL)
|
||||||
hydra_send(sock, "\r\n", 2, 0);
|
hydra_send(sock, "\r\n", 2, 0);
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,8 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr,
|
||||||
}
|
}
|
||||||
sleep(1);
|
sleep(1);
|
||||||
do {
|
do {
|
||||||
buf = hydra_receive_line(s);
|
if ((buf = hydra_receive_line(s)) == NULL)
|
||||||
|
return 3;
|
||||||
if (buf[strlen(buf) - 1] == '\n')
|
if (buf[strlen(buf) - 1] == '\n')
|
||||||
buf[strlen(buf) - 1] = 0;
|
buf[strlen(buf) - 1] = 0;
|
||||||
if (buf[strlen(buf) - 1] == '\r')
|
if (buf[strlen(buf) - 1] == '\r')
|
||||||
|
|
@ -49,7 +50,9 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr,
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
do {
|
do {
|
||||||
buf = hydra_receive_line(s);
|
free(buf);
|
||||||
|
if ((buf = hydra_receive_line(s)) == NULL)
|
||||||
|
return 3;
|
||||||
if (buf[strlen(buf) - 1] == '\n')
|
if (buf[strlen(buf) - 1] == '\n')
|
||||||
buf[strlen(buf) - 1] = 0;
|
buf[strlen(buf) - 1] = 0;
|
||||||
if (buf[strlen(buf) - 1] == '\r')
|
if (buf[strlen(buf) - 1] == '\r')
|
||||||
|
|
|
||||||
|
|
@ -116,6 +116,7 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
//receive challenge
|
//receive challenge
|
||||||
|
free(buf);
|
||||||
buf = hydra_receive_line(s);
|
buf = hydra_receive_line(s);
|
||||||
while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) {
|
while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) {
|
||||||
free(buf);
|
free(buf);
|
||||||
|
|
|
||||||
|
|
@ -53,6 +53,7 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
|
||||||
if (debug)
|
if (debug)
|
||||||
hydra_report(stderr, "S:%s\n", http_proxy_buf);
|
hydra_report(stderr, "S:%s\n", http_proxy_buf);
|
||||||
|
|
||||||
|
free(http_proxy_buf);
|
||||||
http_proxy_buf = hydra_receive_line(s);
|
http_proxy_buf = hydra_receive_line(s);
|
||||||
while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) {
|
while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) {
|
||||||
free(http_proxy_buf);
|
free(http_proxy_buf);
|
||||||
|
|
|
||||||
|
|
@ -198,14 +198,14 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr,
|
||||||
from64tobits((char *) buffer, buf);
|
from64tobits((char *) buffer, buf);
|
||||||
free(buf);
|
free(buf);
|
||||||
|
|
||||||
if (verbose)
|
if (debug)
|
||||||
hydra_report(stderr, "DEBUG S: %s\n", buffer);
|
hydra_report(stderr, "DEBUG S: %s\n", buffer);
|
||||||
|
|
||||||
fooptr = buffer2;
|
fooptr = buffer2;
|
||||||
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL);
|
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL);
|
||||||
if (fooptr == NULL)
|
if (fooptr == NULL)
|
||||||
return 3;
|
return 3;
|
||||||
if (verbose)
|
if (debug)
|
||||||
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
|
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
|
||||||
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
|
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
|
||||||
sprintf(buffer, "%s\r\n", buffer2);
|
sprintf(buffer, "%s\r\n", buffer2);
|
||||||
|
|
|
||||||
|
|
@ -145,7 +145,7 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE *
|
||||||
}
|
}
|
||||||
|
|
||||||
buffer[0] = 0;
|
buffer[0] = 0;
|
||||||
if ((ret = hydra_recv(sock, buffer, sizeof(buffer))) >= 0)
|
if ((ret = hydra_recv(sock, buffer, sizeof(buffer) - 1)) >= 0)
|
||||||
buffer[ret] = 0;
|
buffer[ret] = 0;
|
||||||
|
|
||||||
/* ERROR :Bad password */
|
/* ERROR :Bad password */
|
||||||
|
|
|
||||||
|
|
@ -55,7 +55,7 @@ char *hydra_mysql_receive_line(int socket) {
|
||||||
}
|
}
|
||||||
if (i <= 0) {
|
if (i <= 0) {
|
||||||
if (debug)
|
if (debug)
|
||||||
hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END\n", buff);
|
hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END\n");
|
||||||
free(buff);
|
free(buff);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -169,14 +169,14 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr,
|
||||||
from64tobits((char *) buffer, buf + 4);
|
from64tobits((char *) buffer, buf + 4);
|
||||||
free(buf);
|
free(buf);
|
||||||
|
|
||||||
if (verbose)
|
if (debug)
|
||||||
hydra_report(stderr, "DEBUG S: %s\n", buffer);
|
hydra_report(stderr, "DEBUG S: %s\n", buffer);
|
||||||
fooptr = buffer2;
|
fooptr = buffer2;
|
||||||
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL);
|
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL);
|
||||||
if (fooptr == NULL)
|
if (fooptr == NULL)
|
||||||
return 3;
|
return 3;
|
||||||
|
|
||||||
if (verbose)
|
if (debug)
|
||||||
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
|
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
|
||||||
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
|
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
|
||||||
sprintf(buffer, "%s\r\n", buffer2);
|
sprintf(buffer, "%s\r\n", buffer2);
|
||||||
|
|
|
||||||
|
|
@ -140,7 +140,7 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = hydra_recv(s, buffer, sizeof(buffer));
|
ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
|
||||||
if (ret == -1) {
|
if (ret == -1) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
@ -148,17 +148,21 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis
|
||||||
if (i == 3) {
|
if (i == 3) {
|
||||||
if (ret == 3) {
|
if (ret == 3) {
|
||||||
/*one more to get the login prompt */
|
/*one more to get the login prompt */
|
||||||
ret = hydra_recv(s, buffer, sizeof(buffer));
|
ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ret >= 0)
|
||||||
|
buffer[ret] = 0;
|
||||||
|
|
||||||
if (i == 0 || i == 3)
|
if (i == 0 || i == 3)
|
||||||
clean_buffer(buffer, ret);
|
clean_buffer(buffer, ret);
|
||||||
|
|
||||||
/*show_buffer(buffer,ret); */
|
if (debug) show_buffer(buffer, ret);
|
||||||
|
|
||||||
if (i == 2) {
|
if (i == 2) {
|
||||||
clean_buffer(buffer, ret);
|
clean_buffer(buffer, ret);
|
||||||
|
buffer[sizeof(buffer) - 1] = 0;
|
||||||
if (strstr(buffer, server[i + 2]) != NULL) {
|
if (strstr(buffer, server[i + 2]) != NULL) {
|
||||||
fprintf(stderr, "[ERROR] PC Anywhere host denying connection because you have requested a lower encrypt level\n");
|
fprintf(stderr, "[ERROR] PC Anywhere host denying connection because you have requested a lower encrypt level\n");
|
||||||
return 3;
|
return 3;
|
||||||
|
|
@ -176,10 +180,11 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis
|
||||||
if (send_cstring(s, clogin) < 0) {
|
if (send_cstring(s, clogin) < 0) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
ret = hydra_recv(s, buffer, sizeof(buffer));
|
ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
|
||||||
if (ret == -1) {
|
if (ret < 0) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
buffer[ret] = 0;
|
||||||
clean_buffer(buffer, ret);
|
clean_buffer(buffer, ret);
|
||||||
/*show_buffer(buffer,ret); */
|
/*show_buffer(buffer,ret); */
|
||||||
if (strstr(buffer, "Enter password:") == NULL) {
|
if (strstr(buffer, "Enter password:") == NULL) {
|
||||||
|
|
|
||||||
|
|
@ -301,16 +301,16 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr,
|
||||||
from64tobits((char *) buffer, buf);
|
from64tobits((char *) buffer, buf);
|
||||||
free(buf);
|
free(buf);
|
||||||
|
|
||||||
if (verbose)
|
if (debug)
|
||||||
hydra_report(stderr, "[VERBOSE] S: %s\n", buffer);
|
hydra_report(stderr, "[DEBUG] S: %s\n", buffer);
|
||||||
|
|
||||||
fooptr = buffer2;
|
fooptr = buffer2;
|
||||||
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL);
|
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL);
|
||||||
if (fooptr == NULL)
|
if (fooptr == NULL)
|
||||||
return 3;
|
return 3;
|
||||||
|
|
||||||
if (verbose)
|
if (debug)
|
||||||
hydra_report(stderr, "[VERBOSE] C: %s\n", buffer2);
|
hydra_report(stderr, "[DEBUG] C: %s\n", buffer2);
|
||||||
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
|
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
|
||||||
sprintf(buffer, "%s\r\n", buffer2);
|
sprintf(buffer, "%s\r\n", buffer2);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,7 @@ int start_rexec(int s, char *ip, int port, unsigned char options, char *miscptr,
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = hydra_recv(s, buffer, sizeof(buffer));
|
ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
|
||||||
|
|
||||||
if (ret > 0 && buffer[0] == 0) {
|
if (ret > 0 && buffer[0] == 0) {
|
||||||
hydra_report_found_host(port, ip, "rexec", fp);
|
hydra_report_found_host(port, ip, "rexec", fp);
|
||||||
|
|
|
||||||
|
|
@ -38,13 +38,14 @@ int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr
|
||||||
if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(login) + strlen(TERM), 0) < 0) {
|
if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(login) + strlen(TERM), 0) < 0) {
|
||||||
return 4;
|
return 4;
|
||||||
}
|
}
|
||||||
ret = hydra_recv(s, buffer, sizeof(buffer));
|
buffer[0] = 0;
|
||||||
|
ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
|
||||||
/* 0x00 is sent but hydra_recv transformed it */
|
/* 0x00 is sent but hydra_recv transformed it */
|
||||||
if (strlen(buffer) == 0) {
|
if (strlen(buffer) == 0) {
|
||||||
ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
|
ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
|
||||||
|
}
|
||||||
if (ret >= 0)
|
if (ret >= 0)
|
||||||
buffer[ret] = 0;
|
buffer[ret] = 0;
|
||||||
}
|
|
||||||
|
|
||||||
if (ret > 0 && (strstr(buffer, "rlogind:") != NULL))
|
if (ret > 0 && (strstr(buffer, "rlogind:") != NULL))
|
||||||
return 1;
|
return 1;
|
||||||
|
|
|
||||||
|
|
@ -37,7 +37,7 @@ int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, F
|
||||||
}
|
}
|
||||||
|
|
||||||
buffer[0] = 0;
|
buffer[0] = 0;
|
||||||
if ((ret = hydra_recv(s, buffer, sizeof(buffer))) >= 0)
|
if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) >= 0)
|
||||||
buffer[ret] = 0;
|
buffer[ret] = 0;
|
||||||
/* 0x00 is sent but hydra_recv transformed it */
|
/* 0x00 is sent but hydra_recv transformed it */
|
||||||
if (strlen(buffer) == 0)
|
if (strlen(buffer) == 0)
|
||||||
|
|
|
||||||
|
|
@ -6,26 +6,13 @@
|
||||||
|
|
||||||
extern char *HYDRA_EXIT;
|
extern char *HYDRA_EXIT;
|
||||||
|
|
||||||
unsigned char p_cotp[] =
|
unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" "\x01\x0a";
|
||||||
"\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17"
|
|
||||||
"\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0"
|
|
||||||
"\x01\x0a";
|
|
||||||
|
|
||||||
unsigned char p_s7_negotiate_pdu[] =
|
unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" "\x01\x00\x01\x01\xe0";
|
||||||
"\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00"
|
|
||||||
"\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00"
|
|
||||||
"\x01\x00\x01\x01\xe0";
|
|
||||||
|
|
||||||
unsigned char p_s7_read_szl[] =
|
unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" "\x32\x00\x04";
|
||||||
"\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00"
|
|
||||||
"\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12"
|
|
||||||
"\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01"
|
|
||||||
"\x32\x00\x04";
|
|
||||||
|
|
||||||
unsigned char p_s7_password_request[] =
|
unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" "\x04\x11\x45\x01\x00\xff\x09\x00\x08";
|
||||||
"\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00"
|
|
||||||
"\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12"
|
|
||||||
"\x04\x11\x45\x01\x00\xff\x09\x00\x08";
|
|
||||||
|
|
||||||
|
|
||||||
int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
|
int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
|
||||||
|
|
@ -43,7 +30,7 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr
|
||||||
memset(context, 0, sizeof(context));
|
memset(context, 0, sizeof(context));
|
||||||
if (strlen(pass) < S7PASSLEN) {
|
if (strlen(pass) < S7PASSLEN) {
|
||||||
strncpy(context, pass, strlen(pass));
|
strncpy(context, pass, strlen(pass));
|
||||||
strncat(context, spaces, S7PASSLEN - strlen(pass) );
|
strncat(context, spaces, S7PASSLEN - strlen(pass));
|
||||||
} else {
|
} else {
|
||||||
strncpy(context, pass, S7PASSLEN);
|
strncpy(context, pass, S7PASSLEN);
|
||||||
}
|
}
|
||||||
|
|
@ -52,44 +39,45 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr
|
||||||
encoded_password[0] = context[0] ^ 0x55;
|
encoded_password[0] = context[0] ^ 0x55;
|
||||||
encoded_password[1] = context[1] ^ 0x55;
|
encoded_password[1] = context[1] ^ 0x55;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
for (i = 2; i < S7PASSLEN; i++) {
|
for (i = 2; i < S7PASSLEN; i++) {
|
||||||
encoded_password[i] = context[i] ^ encoded_password[i-2] ^ 0x55 ;
|
encoded_password[i] = context[i] ^ encoded_password[i - 2] ^ 0x55;
|
||||||
}
|
}
|
||||||
|
|
||||||
// send p_cotp and check first 2 bytes of answer
|
// send p_cotp and check first 2 bytes of answer
|
||||||
if (hydra_send(s, (char *) p_cotp, 22, 0) < 0)
|
if (hydra_send(s, (char *) p_cotp, 22, 0) < 0)
|
||||||
return 1;
|
return 1;
|
||||||
memset(buffer, 0, sizeof(buffer));
|
memset(buffer, 0, sizeof(buffer));
|
||||||
ret=hydra_recv_nb(s, buffer, sizeof(buffer));
|
ret = hydra_recv_nb(s, buffer, sizeof(buffer));
|
||||||
|
|
||||||
if (ret <= 0)
|
if (ret <= 0)
|
||||||
return 3;
|
return 3;
|
||||||
|
|
||||||
if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) )
|
if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00))
|
||||||
return 3;
|
return 3;
|
||||||
|
|
||||||
// send p_s7_negotiate_pdu and check first 2 bytes of answer
|
// send p_s7_negotiate_pdu and check first 2 bytes of answer
|
||||||
if (hydra_send(s, (char *) p_s7_negotiate_pdu, 25, 0) < 0)
|
if (hydra_send(s, (char *) p_s7_negotiate_pdu, 25, 0) < 0)
|
||||||
return 1;
|
return 1;
|
||||||
memset(buffer, 0, sizeof(buffer));
|
memset(buffer, 0, sizeof(buffer));
|
||||||
ret=hydra_recv_nb(s, buffer, sizeof(buffer));
|
ret = hydra_recv_nb(s, buffer, sizeof(buffer));
|
||||||
|
|
||||||
if (ret <= 0)
|
if (ret <= 0)
|
||||||
return 3;
|
return 3;
|
||||||
|
|
||||||
if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) )
|
if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00))
|
||||||
return 3;
|
return 3;
|
||||||
|
|
||||||
// send p_s7_read_szl and check first 2 bytes of answer
|
// send p_s7_read_szl and check first 2 bytes of answer
|
||||||
if (hydra_send(s, (char *) p_s7_read_szl, 33, 0) < 0)
|
if (hydra_send(s, (char *) p_s7_read_szl, 33, 0) < 0)
|
||||||
return 1;
|
return 1;
|
||||||
memset(buffer, 0, sizeof(buffer));
|
memset(buffer, 0, sizeof(buffer));
|
||||||
ret=hydra_recv_nb(s, buffer, sizeof(buffer));
|
ret = hydra_recv_nb(s, buffer, sizeof(buffer));
|
||||||
|
|
||||||
if (ret <= 0)
|
if (ret <= 0)
|
||||||
return 3;
|
return 3;
|
||||||
|
|
||||||
if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) )
|
if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00))
|
||||||
return 3;
|
return 3;
|
||||||
|
|
||||||
// so now add encoded_password to p_s7_password_request and send
|
// so now add encoded_password to p_s7_password_request and send
|
||||||
|
|
@ -97,11 +85,11 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr
|
||||||
memcpy(buffer, p_s7_password_request, 29);
|
memcpy(buffer, p_s7_password_request, 29);
|
||||||
memcpy(buffer + 29, encoded_password, S7PASSLEN);
|
memcpy(buffer + 29, encoded_password, S7PASSLEN);
|
||||||
|
|
||||||
if (hydra_send(s, buffer, 29 + S7PASSLEN , 0) < 0)
|
if (hydra_send(s, buffer, 29 + S7PASSLEN, 0) < 0)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
memset(buffer, 0, sizeof(buffer));
|
memset(buffer, 0, sizeof(buffer));
|
||||||
ret=hydra_recv_nb(s, buffer, sizeof(buffer));
|
ret = hydra_recv_nb(s, buffer, sizeof(buffer));
|
||||||
|
|
||||||
if (ret <= 0)
|
if (ret <= 0)
|
||||||
return 3;
|
return 3;
|
||||||
|
|
@ -110,7 +98,7 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr
|
||||||
// 0x0000 - valid password
|
// 0x0000 - valid password
|
||||||
// 0xd605 - no password
|
// 0xd605 - no password
|
||||||
// 0xd602 - wrong password
|
// 0xd602 - wrong password
|
||||||
if (ret > 30 ) {
|
if (ret > 30) {
|
||||||
if (buffer[27] == '\x00' && buffer[28] == '\x00') {
|
if (buffer[27] == '\x00' && buffer[28] == '\x00') {
|
||||||
hydra_report_found_host(port, ip, "s7-300", fp);
|
hydra_report_found_host(port, ip, "s7-300", fp);
|
||||||
hydra_completed_pair_found();
|
hydra_completed_pair_found();
|
||||||
|
|
@ -175,7 +163,7 @@ void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
|
int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
|
||||||
// called before the childrens are forked off, so this is the function
|
// called before the childrens are forked off, so this is the function
|
||||||
// which should be filled if initial connections and service setup has to be
|
// which should be filled if initial connections and service setup has to be
|
||||||
// performed once only.
|
// performed once only.
|
||||||
|
|
@ -219,7 +207,7 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr,
|
||||||
encoded_password[0] = context[0] ^ 0x55;
|
encoded_password[0] = context[0] ^ 0x55;
|
||||||
encoded_password[1] = context[1] ^ 0x55;
|
encoded_password[1] = context[1] ^ 0x55;
|
||||||
for (i = 2; i < S7PASSLEN; i++) {
|
for (i = 2; i < S7PASSLEN; i++) {
|
||||||
encoded_password[i] = context[i] ^ encoded_password[i-2] ^ 0x55 ;
|
encoded_password[i] = context[i] ^ encoded_password[i - 2] ^ 0x55;
|
||||||
}
|
}
|
||||||
|
|
||||||
// send p_cotp and check first 2 bytes of answer
|
// send p_cotp and check first 2 bytes of answer
|
||||||
|
|
@ -237,7 +225,6 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr,
|
||||||
fprintf(stderr, "[ERROR] invalid reply to init packet\n");
|
fprintf(stderr, "[ERROR] invalid reply to init packet\n");
|
||||||
return 3;
|
return 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
// send p_s7_negotiate_pdu and check first 2 bytes of answer
|
// send p_s7_negotiate_pdu and check first 2 bytes of answer
|
||||||
if (hydra_send(sock, (char *) p_s7_negotiate_pdu, 25, 0) < 0) {
|
if (hydra_send(sock, (char *) p_s7_negotiate_pdu, 25, 0) < 0) {
|
||||||
fprintf(stderr, "[ERROR] can not send data to service (2)\n");
|
fprintf(stderr, "[ERROR] can not send data to service (2)\n");
|
||||||
|
|
@ -253,7 +240,6 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr,
|
||||||
fprintf(stderr, "[ERROR] invalid reply to init packet (2)\n");
|
fprintf(stderr, "[ERROR] invalid reply to init packet (2)\n");
|
||||||
return 3;
|
return 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
// send p_s7_read_szl and check first 2 bytes of answer
|
// send p_s7_read_szl and check first 2 bytes of answer
|
||||||
if (hydra_send(sock, (char *) p_s7_read_szl, 33, 0) < 0) {
|
if (hydra_send(sock, (char *) p_s7_read_szl, 33, 0) < 0) {
|
||||||
fprintf(stderr, "[ERROR] can not send data to service (3)\n");
|
fprintf(stderr, "[ERROR] can not send data to service (3)\n");
|
||||||
|
|
@ -265,17 +251,16 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr,
|
||||||
return 3;
|
return 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) ) {
|
if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) {
|
||||||
fprintf(stderr, "[ERROR] invalid reply to init packet (3)\n");
|
fprintf(stderr, "[ERROR] invalid reply to init packet (3)\n");
|
||||||
return 3;
|
return 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
// so now add encoded_password to p_s7_password_request and send
|
// so now add encoded_password to p_s7_password_request and send
|
||||||
memset(buffer, 0, sizeof(buffer));
|
memset(buffer, 0, sizeof(buffer));
|
||||||
memcpy(buffer, p_s7_password_request, 29);
|
memcpy(buffer, p_s7_password_request, 29);
|
||||||
memcpy(buffer + 29, encoded_password, S7PASSLEN);
|
memcpy(buffer + 29, encoded_password, S7PASSLEN);
|
||||||
|
|
||||||
if (hydra_send(sock, buffer, 29 + S7PASSLEN , 0) < 0) {
|
if (hydra_send(sock, buffer, 29 + S7PASSLEN, 0) < 0) {
|
||||||
fprintf(stderr, "[ERROR] can not send data to service (4)\n");
|
fprintf(stderr, "[ERROR] can not send data to service (4)\n");
|
||||||
return 3;
|
return 3;
|
||||||
}
|
}
|
||||||
|
|
@ -285,7 +270,6 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr,
|
||||||
fprintf(stderr, "[ERROR] did not received data from the service (4)\n");
|
fprintf(stderr, "[ERROR] did not received data from the service (4)\n");
|
||||||
return 3;
|
return 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
// now check answer
|
// now check answer
|
||||||
// 0x0000 - valid password
|
// 0x0000 - valid password
|
||||||
// 0xd605 - no password
|
// 0xd605 - no password
|
||||||
|
|
|
||||||
13
hydra-sip.c
13
hydra-sip.c
|
|
@ -75,8 +75,9 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
|
||||||
while (try < 2 && !has_sip_cred) {
|
while (try < 2 && !has_sip_cred) {
|
||||||
try++;
|
try++;
|
||||||
if (hydra_data_ready_timed(s, 3, 0) > 0) {
|
if (hydra_data_ready_timed(s, 3, 0) > 0) {
|
||||||
i = hydra_recv(s, (char *) buf, sizeof(buf));
|
i = hydra_recv(s, (char *) buf, sizeof(buf) - 1);
|
||||||
buf[sizeof(buf) - 1] = '\0';
|
if (i > 0)
|
||||||
|
buf[i] = '\0';
|
||||||
if (strncmp(buf, "SIP/2.0 404", 11) == 0) {
|
if (strncmp(buf, "SIP/2.0 404", 11) == 0) {
|
||||||
hydra_report(stdout, "[ERROR] Get error code 404 : user '%s' not found\n", login);
|
hydra_report(stdout, "[ERROR] Get error code 404 : user '%s' not found\n", login);
|
||||||
return 2;
|
return 2;
|
||||||
|
|
@ -124,7 +125,7 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
|
||||||
hydra_report(stderr, "[ERROR] no www-authenticate header found!\n");
|
hydra_report(stderr, "[ERROR] no www-authenticate header found!\n");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (verbose)
|
if (debug)
|
||||||
hydra_report(stderr, "[INFO] S: %s\n", buf);
|
hydra_report(stderr, "[INFO] S: %s\n", buf);
|
||||||
char buffer2[512];
|
char buffer2[512];
|
||||||
|
|
||||||
|
|
@ -139,7 +140,7 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
|
||||||
"Call-ID: 1337@%s\n" "CSeq: %i REGISTER\n" "Authorization: Digest %s\n" "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2);
|
"Call-ID: 1337@%s\n" "CSeq: %i REGISTER\n" "Authorization: Digest %s\n" "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2);
|
||||||
|
|
||||||
cseq++;
|
cseq++;
|
||||||
if (verbose)
|
if (debug)
|
||||||
hydra_report(stderr, "[INFO] C: %s\n", buffer);
|
hydra_report(stderr, "[INFO] C: %s\n", buffer);
|
||||||
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
|
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
|
||||||
return 3;
|
return 3;
|
||||||
|
|
@ -152,9 +153,9 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
|
||||||
try++;
|
try++;
|
||||||
if (hydra_data_ready_timed(s, 5, 0) > 0) {
|
if (hydra_data_ready_timed(s, 5, 0) > 0) {
|
||||||
memset(buf, 0, sizeof(buf));
|
memset(buf, 0, sizeof(buf));
|
||||||
if ((i = hydra_recv(s, (char *) buf, sizeof(buf))) >= 0)
|
if ((i = hydra_recv(s, (char *) buf, sizeof(buf) - 1)) >= 0)
|
||||||
buf[i] = 0;
|
buf[i] = 0;
|
||||||
if (verbose)
|
if (debug)
|
||||||
hydra_report(stderr, "[INFO] S: %s\n", buf);
|
hydra_report(stderr, "[INFO] S: %s\n", buf);
|
||||||
sip_code = get_sip_code(buf);
|
sip_code = get_sip_code(buf);
|
||||||
if (sip_code >= 200 && sip_code < 300) {
|
if (sip_code >= 200 && sip_code < 300) {
|
||||||
|
|
|
||||||
|
|
@ -978,7 +978,7 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc
|
||||||
|
|
||||||
ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *) challenge);
|
ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *) challenge);
|
||||||
if (ret == -1) {
|
if (ret == -1) {
|
||||||
free(LMv2hash);
|
free(LMhash);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -125,7 +125,7 @@ int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr,
|
||||||
from64tobits((char *) buffer, buf + 4);
|
from64tobits((char *) buffer, buf + 4);
|
||||||
free(buf);
|
free(buf);
|
||||||
|
|
||||||
if (verbose)
|
if (debug)
|
||||||
hydra_report(stderr, "DEBUG S: %s\n", buffer);
|
hydra_report(stderr, "DEBUG S: %s\n", buffer);
|
||||||
|
|
||||||
fooptr = buffer2;
|
fooptr = buffer2;
|
||||||
|
|
@ -133,7 +133,7 @@ int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr,
|
||||||
if (fooptr == NULL)
|
if (fooptr == NULL)
|
||||||
return 3;
|
return 3;
|
||||||
|
|
||||||
if (verbose)
|
if (debug)
|
||||||
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
|
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
|
||||||
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
|
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
|
||||||
sprintf(buffer, "%s\r\n", buffer2);
|
sprintf(buffer, "%s\r\n", buffer2);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue