diff --git a/bfg.c b/bfg.c index 89b115b..a3a1dad 100644 --- a/bfg.c +++ b/bfg.c @@ -45,6 +45,7 @@ static int32_t add_single_char(char ch, char flags, int32_t* crs_len) { bf_options.crs[*crs_len - 1] = ch; bf_options.crs[*crs_len] = '\0'; } + return 0; } // return values : 0 on success, 1 on error // diff --git a/hydra-adam6500.c b/hydra-adam6500.c index de8ca15..9382fd1 100644 --- a/hydra-adam6500.c +++ b/hydra-adam6500.c @@ -91,7 +91,7 @@ int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, } void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; + int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_ADAM6500, mysslport = PORT_ADAM6500_SSL; hydra_register_socket(sp); @@ -102,9 +102,6 @@ void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr switch (run) { case 1: /* connect and service init function */ { - unsigned char *buf2; - int32_t f = 0; - if (sock >= 0) sock = hydra_disconnect(sock); // usleepn(275); diff --git a/hydra-http-form.c b/hydra-http-form.c index 58f0ddf..ca039d6 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -197,8 +197,7 @@ success: */ int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char * cookie_expr) { - ptr_cookie_node cur_ptr = NULL, new_ptr = NULL; - char * cookie = strdup(cookie_expr); + ptr_cookie_node cur_ptr = NULL; char * cookie_name = NULL, * cookie_value = strstr(cookie_expr, "="); if (cookie_value) { diff --git a/hydra-ldap.c b/hydra-ldap.c index c14d20a..a2100c5 100644 --- a/hydra-ldap.c +++ b/hydra-ldap.c @@ -451,6 +451,10 @@ int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *mis // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here + if (strlen(miscptr) > 220) { + fprintf(stderr, "[ERROR] the option string to this module may not be larger than 220 bytes\n"); + return -1; + } return 0; } diff --git a/hydra-mod.c b/hydra-mod.c index 2f86963..88229a1 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -317,7 +317,7 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t protocol, int3 hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); err = 1; } - if ((uint32_t) buf[1] == SOCKS_NOMETHOD) { + if ((unsigned char) buf[1] == SOCKS_NOMETHOD) { hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n"); err = 1; } @@ -329,7 +329,7 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t protocol, int3 char *login = strtok(proxy_authentication[selected_proxy], ":"); char *pass = strtok(NULL, ":"); - snprintf(buf, sizeof(buf), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); + snprintf(buf, 4096, "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); cnt = hydra_send(s, buf, strlen(buf), 0); if (cnt != strlen(buf)) { @@ -584,7 +584,7 @@ int32_t internal__hydra_connect_ssl(char *host, int32_t port, int32_t protocol, } #endif -int32_t internal__hydra_recv(int32_t socket, char *buf, int32_t length) { +int32_t internal__hydra_recv(int32_t socket, char *buf, uint32_t length) { #ifdef LIBOPENSSL if (use_ssl) { return SSL_read(ssl, buf, length); @@ -593,7 +593,7 @@ int32_t internal__hydra_recv(int32_t socket, char *buf, int32_t length) { return recv(socket, buf, length, 0); } -int32_t internal__hydra_send(int32_t socket, char *buf, int32_t size, int32_t options) { +int32_t internal__hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options) { #ifdef LIBOPENSSL if (use_ssl) { return SSL_write(ssl, buf, size); @@ -708,7 +708,7 @@ void hydra_report_debug(FILE * st, char *format, ...) { for (i = 0; i < len; i++) { memset(temp, 0, 6); cTemp = (unsigned char) buf[i]; - if ((cTemp < 32 && cTemp >= 0) || cTemp > 126) { + if (cTemp < 32 || cTemp > 126) { sprintf(temp, "[%02X]", cTemp); } else sprintf(temp, "%c", cTemp); @@ -893,7 +893,7 @@ int32_t hydra_data_ready(int32_t socket) { return (hydra_data_ready_timed(socket, 0, 100)); } -int32_t hydra_recv(int32_t socket, char *buf, int32_t length) { +int32_t hydra_recv(int32_t socket, char *buf, uint32_t length) { int32_t ret; char text[64]; @@ -906,7 +906,7 @@ int32_t hydra_recv(int32_t socket, char *buf, int32_t length) { return ret; } -int32_t hydra_recv_nb(int32_t socket, char *buf, int32_t length) { +int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length) { int32_t ret = -1; char text[64]; @@ -1001,7 +1001,7 @@ char *hydra_receive_line(int32_t socket) { return buff; } -int32_t hydra_send(int32_t socket, char *buf, int32_t size, int32_t options) { +int32_t hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options) { char text[64]; if (debug) { @@ -1102,15 +1102,15 @@ unsigned char hydra_conv64(unsigned char in) { } } -void hydra_tobase64(unsigned char *buf, int32_t buflen, int32_t bufsize) { +void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize) { unsigned char small[3] = { 0, 0, 0 }; unsigned char big[5]; unsigned char *ptr = buf; - int32_t i = bufsize; + uint32_t i = bufsize; uint32_t len = 0; unsigned char bof[i]; - if (buf == NULL || strlen((char *) buf) == 0) + if (buf == NULL || strlen((char *) buf) == 0 || buflen == 0) return; bof[0] = 0; memset(big, 0, sizeof(big)); diff --git a/hydra-mod.h b/hydra-mod.h index c4032fd..bf72b7c 100644 --- a/hydra-mod.h +++ b/hydra-mod.h @@ -24,13 +24,13 @@ extern int32_t hydra_connect_tcp(char *host, int32_t port); extern int32_t hydra_connect_udp(char *host, int32_t port); extern int32_t hydra_disconnect(int32_t socket); extern int32_t hydra_data_ready(int32_t socket); -extern int32_t hydra_recv(int32_t socket, char *buf, int32_t length); -extern int32_t hydra_recv_nb(int32_t socket, char *buf, int32_t length); +extern int32_t hydra_recv(int32_t socket, char *buf, uint32_t length); +extern int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length); extern char *hydra_receive_line(int32_t socket); -extern int32_t hydra_send(int32_t socket, char *buf, int32_t size, int32_t options); +extern int32_t hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options); extern int32_t make_to_lower(char *buf); extern unsigned char hydra_conv64(unsigned char in); -extern void hydra_tobase64(unsigned char *buf, int32_t buflen, int32_t bufsize); +extern void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize); extern void hydra_dump_asciihex(unsigned char *string, int32_t length); extern void hydra_set_srcport(int32_t port); extern char *hydra_address2string(char *address); diff --git a/hydra-oracle-listener.c b/hydra-oracle-listener.c index f10d72d..4f32997 100644 --- a/hydra-oracle-listener.c +++ b/hydra-oracle-listener.c @@ -1,4 +1,3 @@ - /* david: @@ -18,7 +17,7 @@ void dummy_oracle_listener() { printf("\n"); } #else -#include +#include "sasl.h" #include #define HASHSIZE 17 diff --git a/hydra-rdp.c b/hydra-rdp.c index f8cf084..af281a4 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -1831,7 +1831,7 @@ static void process_rect(STREAM s, RECT_ORDER * os, uint32 present, BOOL delta) /* Process a desktop save order */ static void process_desksave(STREAM s, DESKSAVE_ORDER * os, uint32 present, BOOL delta) { - int32_t width, height; + //int32_t width, height; if (present & 0x01) in_uint32_le(s, os->offset); @@ -1853,8 +1853,8 @@ static void process_desksave(STREAM s, DESKSAVE_ORDER * os, uint32 present, BOOL DEBUG(("DESKSAVE(l=%d,t=%d,r=%d,b=%d,off=%d,op=%d)\n", os->left, os->top, os->right, os->bottom, os->offset, os->action)); - width = os->right - os->left + 1; - height = os->bottom - os->top + 1; + //width = os->right - os->left + 1; + //height = os->bottom - os->top + 1; } /* Process a memory blt order */ @@ -1999,13 +1999,13 @@ static void process_secondary_order(STREAM s) { * For very compact orders the length becomes negative * so a signed integer must be used. */ uint16 length; - uint16 flags; - uint8 type; + //uint16 flags; + //uint8 type; uint8 *next_order; in_uint16_le(s, length); - in_uint16_le(s, flags); /* used by bmpcache2 */ - in_uint8(s, type); + //in_uint16_le(s, flags); /* used by bmpcache2 */ + //in_uint8(s, type); next_order = s->p + (sint16) length + 7; @@ -2148,7 +2148,7 @@ void rdp_disconnect(void) { void rdp5_process(STREAM s) { uint16 length, count; - uint8 type, ctype; + uint8 type/*, ctype*/; uint8 *next; struct stream *ts; @@ -2156,11 +2156,11 @@ void rdp5_process(STREAM s) { while (s->p < s->end) { in_uint8(s, type); if (type & RDP5_COMPRESSED) { - in_uint8(s, ctype); + //in_uint8(s, ctype); in_uint16_le(s, length); type ^= RDP5_COMPRESSED; } else { - ctype = 0; + //ctype = 0; in_uint16_le(s, length); } g_next_packet = next = s->p + length; @@ -3178,14 +3178,14 @@ void process_disconnect_pdu(STREAM s, uint32 * ext_disc_reason) { /* Process data PDU */ static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason) { uint8 data_pdu_type; - uint8 ctype; + //uint8 ctype; uint16 clen; - uint32 len; + //uint32 len; in_uint8s(s, 6); /* shareid, pad, streamid */ - in_uint16_le(s, len); + //in_uint16_le(s, len); in_uint8(s, data_pdu_type); - in_uint8(s, ctype); + //in_uint8(s, ctype); in_uint16_le(s, clen); clen -= 18; diff --git a/hydra-rlogin.c b/hydra-rlogin.c index b29ee5d..5819250 100644 --- a/hydra-rlogin.c +++ b/hydra-rlogin.c @@ -61,8 +61,7 @@ int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, c memset(buffer, 0, sizeof(buffer)); ret = hydra_recv(s, buffer, sizeof(buffer)); if (strcmp(buffer, "\r\n")) - ret = hydra_recv(s, buffer, sizeof(buffer) - 1); - if (ret >= 0) + if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) buffer[ret] = 0; } /* Authentication failure */ diff --git a/hydra-rsh.c b/hydra-rsh.c index 90496cc..67c5e5b 100644 --- a/hydra-rsh.c +++ b/hydra-rsh.c @@ -37,13 +37,11 @@ int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char } buffer[0] = 0; - if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) >= 0) + if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) buffer[ret] = 0; - /* 0x00 is sent but hydra_recv transformed it */ - if (strlen(buffer) == 0) - ret = hydra_recv(s, buffer, sizeof(buffer) - 1); - if (ret >= 0) - buffer[ret] = 0; + else /* 0x00 is sent but hydra_recv transformed it */ + if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) + buffer[ret] = 0; #ifdef HAVE_PCRE if (ret > 0 && (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)"))) { #else diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 41836ad..e0eb6b5 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -64,8 +64,6 @@ int32_t use_Digest_Auth(char *s) { void create_core_packet(int32_t control, char *ip, int32_t port) { - - char buffer[500]; char *target = hydra_address2string(ip); if (control == 0) { @@ -125,8 +123,7 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha } if (use_Digest_Auth(lresp) == 1) { - char *dbuf; - char dbuffer[500] = ""; + char *dbuf = NULL; char aux[500] = ""; char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); @@ -182,8 +179,7 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; - int32_t myport = PORT_RTSP, mysslport = PORT_RTSP_SSL; - char *ptr, *ptr2; + int32_t myport = PORT_RTSP/*, mysslport = PORT_RTSP_SSL*/; hydra_register_socket(sp); diff --git a/hydra-snmp.c b/hydra-snmp.c index 0579ddb..f3235e0 100644 --- a/hydra-snmp.c +++ b/hydra-snmp.c @@ -198,7 +198,7 @@ void password_to_key_sha(u_char * password, /* IN */ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256] = "", salt[8] = ""; - int32_t i, j, k, size, off = 0, off2 = 0, done = 0; + int32_t i, j, k, size, off = 0, off2 = 0; unsigned char initVect[8], privacy_params[8]; int32_t engine_boots = 0; @@ -316,7 +316,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha /* //PrivDES::encrypt(const unsigned char *key, - // const uint32_t /*key_len*///, +// const uint32_t key_len, // const unsigned char *buffer, // const uint32_t buffer_len, // unsigned char *out_buffer, @@ -324,7 +324,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha // unsigned char *privacy_params, // uint32_t *privacy_params_len, // const unsigned long engine_boots, -// const unsigned long /*engine_time*/) +// const unsigned long engine_time) // last 8 bytes of key are used as base for initialization vector */ k = 0; memcpy((char *) initVect, key + 8, 8); diff --git a/hydra-svn.c b/hydra-svn.c index cdee8ec..207b32f 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -51,7 +51,7 @@ static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, vo } int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { - int32_t ipv6 = 0; + //int32_t ipv6 = 0; char URL[1024]; char URLBRANCH[256]; const char *canonical; @@ -71,8 +71,8 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char if (svn_cmdline_init("hydra", stderr) != EXIT_SUCCESS) return 4; - if (ip[0] == 16) - ipv6 = 1; + //if (ip[0] == 16) + // ipv6 = 1; pool = svn_pool_create(NULL); diff --git a/hydra-time.c b/hydra-time.c index 734e3c2..bbd068d 100644 --- a/hydra-time.c +++ b/hydra-time.c @@ -9,7 +9,7 @@ int32_t sleepn(time_t seconds) ts.tv_nsec = 0; return nanosleep(&ts, NULL); } -int32_t usleepn(int64_t milisec) { +int32_t usleepn(uint64_t milisec) { struct timespec ts; ts.tv_sec = milisec / 1000; ts.tv_nsec = (milisec % 1000) * 1000000L; diff --git a/hydra.c b/hydra.c index edd71de..4171d29 100644 --- a/hydra.c +++ b/hydra.c @@ -412,7 +412,7 @@ static const struct { SERVICE3("firebird", firebird), #endif SERVICE(ftp), - { "ftps", service_ftp_init, service_ftps }, + { "ftps", service_ftp_init, service_ftps, NULL }, { "http-get", service_http_init, service_http_get, usage_http }, { "http-get-form", service_http_form_init, service_http_get_form, usage_http_form }, { "http-head", service_http_init, service_http_head, NULL }, @@ -472,7 +472,7 @@ static const struct { SERVICE3("snmp", snmp), SERVICE(socks5), #ifdef LIBSSH - { "ssh", NULL, service_ssh }, + { "ssh", NULL, service_ssh, NULL }, SERVICE3("sshkey", sshkey), #endif #ifdef LIBSVN @@ -907,7 +907,7 @@ void hydra_restore_read() { hydra_targets[j]->pass_ptr = malloc(strlen(out) + 1); strcpy(hydra_targets[j]->pass_ptr, out); } - if (hydra_targets[j]->redo > 0) + if (hydra_targets[j]->redo > 0) { if (debug) printf("[DEBUG] target %d redo %d\n", j, hydra_targets[j]->redo); for (i = 0; i < hydra_targets[j]->redo; i++) { sck = fgets(out, sizeof(out), f); @@ -921,6 +921,7 @@ void hydra_restore_read() { hydra_targets[j]->redo_pass[i] = malloc(strlen(out) + 1); strcpy(hydra_targets[j]->redo_pass[i], out); } + } if (hydra_targets[j]->skipcnt >= hydra_brains.countlogin) hydra_targets[j]->skipcnt = 0; if (hydra_targets[j]->skipcnt > 0) @@ -1395,7 +1396,7 @@ void hydra_kill_head(int32_t head_no, int32_t killit, int32_t fail) { } void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { - int32_t i, k, ok, maxfail = 0; + int32_t i, k, maxfail = 0; if (target_no < 0) return; @@ -3947,7 +3948,7 @@ int32_t main(int32_t argc, char *argv[]) { bail("[BUG] Weird bug detected where more tests were performed than possible. Please rerun with -d command line switch and post all output plus command line here: https://github.com/vanhauser-thc/thc-hydra/issues/113 or send it in an email to vh@thc.org"); } */ - printf("[STATUS] %.2f tries/min, %llu tries in %02llu:%02lluh, %llu to do in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min + printf("[STATUS] %.2f tries/min, %llu tries in %02llu:%02lluh, %llu to do in %02llu:%02lluh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min hydra_brains.sent, // tries (uint64_t) ((elapsed_status - starttime) / 3600), // hours (uint64_t) (((elapsed_status - starttime) % 3600) / 60), // minutes diff --git a/hydra.h b/hydra.h index cece25c..62560d2 100644 --- a/hydra.h +++ b/hydra.h @@ -155,7 +155,7 @@ #ifndef _WIN32 int32_t sleepn(time_t seconds); - int32_t usleepn(int64_t useconds); + int32_t usleepn(uint64_t useconds); #else int32_t sleepn(uint32_t seconds); int32_t usleepn(uint32_t useconds); diff --git a/performance.h b/performance.h index 2d4a682..10759f8 100644 --- a/performance.h +++ b/performance.h @@ -31,7 +31,7 @@ int32_t my_select(int32_t fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, ssize_t read_safe(int32_t fd, void *buffer, size_t len) { int32_t r = 0; int32_t total = 0; - int32_t toread = len; + uint32_t toread = len; fd_set fr; struct timeval tv; int32_t ret = 0; diff --git a/sasl.c b/sasl.c index cf2234e..ba08978 100644 --- a/sasl.c +++ b/sasl.c @@ -321,7 +321,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * while ((array[i] != NULL) && (array[i][0] == ' ')) { char *tmp = strdup(array[i]); - memset(array[i], 0, sizeof(array[i])); + //memset(array[i], 0, sizeof(array[i])); strcpy(array[i], tmp + 1); free(tmp); }