github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-20 21:33:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1 from vanhauser-thc/master

Browse source 
merge upstream
This commit is contained in:
Ruslan Makhmatkhanov 2021-03-17 13:02:07 +03:00 committed by GitHub
commit 2cbbc53692
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
147 changed files with 20284 additions and 19476 deletions
Download patch file Download diff file Expand all files Collapse all files

117
.clang-format Normal file
View file

@ -0,0 +1,117 @@
---
Language: Cpp
AccessModifierOffset: -2
AlignAfterOpenBracket: Align
AlignConsecutiveAssignments: false
AlignConsecutiveDeclarations: false
AlignEscapedNewlines: Right
AlignOperands: true
AlignTrailingComments: true
AllowAllParametersOfDeclarationOnNextLine: true
AllowShortBlocksOnASingleLine: false
AllowShortCaseLabelsOnASingleLine: false
AllowShortFunctionsOnASingleLine: All
AllowShortIfStatementsOnASingleLine: false
AllowShortLoopsOnASingleLine: false
AlwaysBreakAfterDefinitionReturnType: None
AlwaysBreakAfterReturnType: None
AlwaysBreakBeforeMultilineStrings: false
AlwaysBreakTemplateDeclarations: false
BinPackArguments: true
BinPackParameters: true
BraceWrapping:
AfterClass: false
AfterControlStatement: false
AfterEnum: false
AfterFunction: false
AfterNamespace: false
AfterObjCDeclaration: false
AfterStruct: false
AfterUnion: false
AfterExternBlock: false
BeforeCatch: false
BeforeElse: false
IndentBraces: false
SplitEmptyFunction: true
SplitEmptyRecord: true
SplitEmptyNamespace: true
BreakBeforeBinaryOperators: None
BreakBeforeBraces: Attach
BreakBeforeInheritanceComma: false
BreakInheritanceList: BeforeColon
BreakBeforeTernaryOperators: true
BreakConstructorInitializersBeforeComma: false
BreakConstructorInitializers: BeforeColon
BreakAfterJavaFieldAnnotations: false
BreakStringLiterals: true
ColumnLimit: 512
CommentPragmas: '^ IWYU pragma:'
CompactNamespaces: true
ConstructorInitializerAllOnOneLineOrOnePerLine: false
ConstructorInitializerIndentWidth: 4
ContinuationIndentWidth: 4
Cpp11BracedListStyle: true
DerivePointerAlignment: false
DisableFormat: false
ExperimentalAutoDetectBinPacking: false
FixNamespaceComments: true
ForEachMacros:
- foreach
- Q_FOREACH
- BOOST_FOREACH
IncludeBlocks: Preserve
IncludeCategories:
- Regex: '^"(llvm|llvm-c|clang|clang-c)/'
Priority: 2
- Regex: '^(<|"(gtest|gmock|isl|json)/)'
Priority: 3
- Regex: '.*'
Priority: 1
IncludeIsMainRegex: '(Test)?$'
IndentCaseLabels: false
IndentPPDirectives: None
IndentWidth: 2
IndentWrappedFunctionNames: false
JavaScriptQuotes: Leave
JavaScriptWrapImports: true
KeepEmptyLinesAtTheStartOfBlocks: false
MacroBlockBegin: ''
MacroBlockEnd: ''
MaxEmptyLinesToKeep: 1
NamespaceIndentation: None
ObjCBinPackProtocolList: Auto
ObjCBlockIndentWidth: 2
ObjCSpaceAfterProperty: false
ObjCSpaceBeforeProtocolList: true
PenaltyBreakAssignment: 2
PenaltyBreakBeforeFirstCallParameter: 19
PenaltyBreakComment: 300
PenaltyBreakFirstLessLess: 120
PenaltyBreakString: 1000
PenaltyBreakTemplateDeclaration: 10
PenaltyExcessCharacter: 1000000
PenaltyReturnTypeOnItsOwnLine: 60
PointerAlignment: Right
ReflowComments: true
SortIncludes: true
SortUsingDeclarations: true
SpaceAfterCStyleCast: false
SpaceAfterTemplateKeyword: true
SpaceBeforeAssignmentOperators: true
SpaceBeforeCpp11BracedList: false
SpaceBeforeCtorInitializerColon: true
SpaceBeforeInheritanceColon: true
SpaceBeforeParens: ControlStatements
SpaceBeforeRangeBasedForLoopColon: true
SpaceInEmptyParentheses: false
SpacesBeforeTrailingComments: 1
SpacesInAngles: false
SpacesInContainerLiterals: true
SpacesInCStyleCastParentheses: false
SpacesInParentheses: false
SpacesInSquareBrackets: false
Standard: Cpp11
TabWidth: 2
UseTab: Never
...

37
.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View file

@ -0,0 +1,37 @@
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
**IMPORTANT**
This is just for reporting *BUGS* not help on how to hack, how to use hydra, command line options or how to get it compiled. Please search for help via search engines. Issues asking for this here will be closed.
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
* Ensure that you have tested the bug to be present in the current github code. You might be using an outdated version that comes with your Linux distribution!
* You must provide full command line options.
Steps to reproduce the behavior:
1. ...
2. ...
3. ...
**Expected behavior**
A clear and concise description of what you expected to happen.
**Screenshots**
If applicable, add screenshots to help explain your problem.
Note that all messages must be in *English*, not in Chinese, Russian, etc.
**Desktop (please complete the following information):**
- OS: [e.g. Ubuntu 20.04]
- hydra version [e.g. current github state]
**Additional context**
Add any other context about the problem here.

23
.github/ISSUE_TEMPLATE/feature_request.md vendored Normal file
View file

@ -0,0 +1,23 @@
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: ''
assignees: ''
---
**IMPORTANT**
Please note that hydra is still maintained however not actively developed. If you would like to see specific feature here it it recommended implement it yourself and send a pull request - or look for someone to do that for you :-)
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.

16
.gitignore vendored Normal file
View file

@ -0,0 +1,16 @@
Makefile
Makefile.in
*.o
hydra
hydra.exe
xhydra
xhydra.exe
hydra-gtk/config.log
hydra-gtk/config.status
hydra-gtk/errors
hydra-gtk/src/.deps/
hydra-gtk/stamp-h
pw-inspector
pw-inspector.exe
hydra.restore
*~

19
.travis.yml Normal file
View file

@ -0,0 +1,19 @@
language: c
sudo: required
dist: trusty
os:
- linux
- osx
arch:
- amd64
- ppc64le
compiler:
- clang
- gcc
matrix:
before_install:
- if [ "$TRAVIS_OS_NAME" == "osx" ];then brew install libgcrypt; fi
before_script:
./configure
script:
- make

20
Android.mk
View file

@ -1,9 +1,9 @@
LOCAL_PATH:= $(call my-dir) LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS) include $(CLEAR_VARS)
LOCAL_CFLAGS:= -O3 -DLIBOPENSSL -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE \ LOCAL_CFLAGS:= -O3 -DLIBOPENSSL -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE \
-DLIBMYSQLCLIENT -DLIBNCP -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DNO_RINDEX \ -DLIBNCP -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DNO_RINDEX \
-DHAVE_MATH_H -DHAVE_MYSQL_H -DOPENSSL_NO_DEPRECATED -DNO_RSA_LEGACY \ -DHAVE_MATH_H -DOPENSSL_NO_DEPRECATED -DNO_RSA_LEGACY \
-fdata-sections -ffunction-sections -fdata-sections -ffunction-sections
LOCAL_LDFLAGS:=-Wl,--gc-sections LOCAL_LDFLAGS:=-Wl,--gc-sections
@ -13,10 +13,8 @@ LOCAL_C_INCLUDES:= \
external/openssl/include\ external/openssl/include\
external/libssh/include\ external/libssh/include\
external/libidn/lib\ external/libidn/lib\
external/libmysqlclient/include\
external/subversion/subversion/include\ external/subversion/subversion/include\
external/apr/include\ external/apr/include\
external/firebird/include\
external/libncp/include\ external/libncp/include\
external/libpcre external/libpcre
@ -42,6 +40,8 @@ LOCAL_SRC_FILES:= \
hydra-irc.c\ hydra-irc.c\
hydra-ldap.c\ hydra-ldap.c\
hydra-mod.c\ hydra-mod.c\
hydra-memcached.c\
hydra-mongodb.c\
hydra-mssql.c\ hydra-mssql.c\
hydra-mysql.c\ hydra-mysql.c\
hydra-ncp.c\ hydra-ncp.c\
@ -58,6 +58,7 @@ LOCAL_SRC_FILES:= \
hydra-rexec.c\ hydra-rexec.c\
hydra-rlogin.c\ hydra-rlogin.c\
hydra-rsh.c\ hydra-rsh.c\
hydra-rtsp.c\
hydra-s7-300.c\ hydra-s7-300.c\
hydra-sapr3.c\ hydra-sapr3.c\
hydra-sip.c\ hydra-sip.c\
@ -78,9 +79,7 @@ LOCAL_SRC_FILES:= \
sasl.c sasl.c
LOCAL_STATIC_LIBRARIES := \ LOCAL_STATIC_LIBRARIES := \
libfbclient \
libidn \ libidn \
libmysqlclient \
libncp \ libncp \
libpcre \ libpcre \
libpcrecpp \ libpcrecpp \
@ -91,11 +90,12 @@ LOCAL_STATIC_LIBRARIES := \
libapr-1 \ libapr-1 \
libaprutil-1 \ libaprutil-1 \
libiconv\ libiconv\
libneon libneon\
libssl_static\
libcrypto_static\
libmemcached
LOCAL_SHARED_LIBRARIES := \ LOCAL_SHARED_LIBRARIES := \
libcrypto\
libssl\
libsqlite\ libsqlite\
libexpat libexpat

123
CHANGES
View file

@ -1,14 +1,135 @@
Changelog for hydra Changelog for hydra
------------------- -------------------
Release 8.2-pre
Release 9.2
* fix for http-post-form optional parameters
* enable gcc 10 support for xhydra too :)
* msys support
* removed rain mode (-r) because of inefficiency
* IPv6 support for Host: header for http based modules
Release 9.1
* rdb: support for libfreerdp3 (thanks to animetauren)
* new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!)
* oracle: added success condition (thanks to kazkansouh), compile on Cygwin (thanks to maaaaz)
* rtsp: fixed crash in MD5 auth
* svn: updated to support past and new API
* http: now supports F=/S= string matching conditions (thanks to poucz@github)
* http-proxy: buffer fix, 404 success condition (thanks to kazkansouh)
* mysql: changed not to use mysql db as a default. if the user has not access to this db auth fails ...
* sasl: buffer fix (thanks to TenGbps)
* fixed help for https modules (thanks to Jab2870)
* added -K command line switch to disable redo attempts (good for mass scanning)
* forgot to have the -m option in the hydra help output
* gcc-10 support and various cleanups by Jeroen Roovers, thanks!
* added .clang-format and formatted all code
Release 9.0
* rdp: Revamped rdp module to use FreeRDP library (thanks to loianhtuan@github for the patch!)
* Added memcached module
* Added mongodb module
* http: http module now supports a= option to select http authentication type
* JSON output does now truncate the file if exists.
* Fixed svn module memory leaks
* Fixed rtsp module potential buffer overflow
* Fixed http module DIGEST-MD5 mode
Release 8.9.1
* Clarification for rdp error message
* CIDR notation (hydra -l test -p test 192.168.0.0/24 ftp) was not detected, fixed
Release 8.8
* New web page: https://github.com/vanhauser-thc/thc-hydra
* added PROBLEMS file with known issues
* rdp: disabled the module as it does not support the current protocol. If you want to add it contact me
* ldap: fixed a dumb strlen on a potential null pointer
* http-get/http-post:
- now supports H=/h= parameters same as http-form (thanks to mathewmarcus@github for the patch)
- 403/404 errors are now always registered as failed attempts
* mysql module: a non-default port was not working, fixed
* added -w timeout support to ssh module
* fixed various memory leaks in http-form module
* corrected hydra return code to be 0 on success
* added patch from debian maintainers which fixes spellings
* fixed weird crash on x64 systems
* many warning fixes by crondaemon
Release 8.6
* added radmin2 module by catatonic prime - great work!
* smb module now checks if SMBv1 is supported by the server and if signing is required
* http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch)
* Fix for SSL connections that failed with error:00000000:lib(0):func(0):reason(0) (thanks gaia@github for reporting)
* Added new command line option:
-c TIME: seconds between login attempts (over all threads, so -t 1 is recommended)
* Options put after -R (for loading a restore file) are now honored (and were disallowed before)
* merged several patches by Diadlo@github to make the code easier readable. thanks for that!
* merged a patch by Diadlo@github that moves the help output to the invididual module
Release 8.5
* New command line option:
-b : format option for -o output file (json only so far, happy for patches supporting others :) ) - thanks to veggiespam for the patch
* ./configure now honors the CC enviroment variable if present
* Fix for the restore file crash on some x64 platforms (finally! thanks to lukas227!)
* Changed the format of the restore file to detect cross platform copies
* Fixed a bug in the NCP module
* Favor strrchr() over rindex()
* Added refactoring patch by diadlo
* Updated man page with missing command line options
Release 8.4
! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix
* Proxy support re-implemented:
- HYDRA_PROXY[_HTTP] environment can be a text file with up to 64 entries
- HYDRA_PROXY_AUTH was deprecated, set login/password in HTTP_PROXY[_HTTP]
* New protocol: adam6500 - this one is work in progress, please test and report
* New protocol: rpcap - thanks to Petar Kaleychev <petar.kaleychev@gmail.com>
* New command line options:
-y : disables -x 1aA interpretation, thanks to crondaemon for the patch
-I : ignore an existing hydra.restore file (don't wait for 10 seconds)
* hydra-svn: works now with the current libsvn version
* hydra-ssh: initial check for password auth support now uses login supplied
* Fixed dpl4hydra to be able to update from the web again
* Fixed crash when -U was used without any service (thanks to thecarterb for reporting)
* Updated default password lists
* The protocols vnc, xmpp, telnet, imap, nntp and pcanywhere got accidentially long sleep commands due a patch in 8.2, fixed
* Added special error message for clueless users :)
Release 8.3
* Support for upcoming OpenSSL 1.1 added. needs testing.
* Fixed hydra redo bug (issue #113)
* Updated xhydra for new hydra features and options
* Some more command line error checking
* Ensured unneeded sockets are closed
Release 8.2
* Added RTSP module, thanks to jjavi89 for supplying!
* Added patch for ssh that fixes hydra stopping to connect, thanks to ShantonRU for the patch
* Added new -O option to hydra to support SSL servers that do not suport TLS * Added new -O option to hydra to support SSL servers that do not suport TLS
* Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames
* Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot!
* Added support in hydra-http for http-post (content length 0)
* Fixed important bug in http-*://server/url command line processing
* Added SSL SNI support
* Fixed bug in HTTP Form redirection following - thanks for everyone who reported and especially to Hayden Young for setting up a test page for debugging
* Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced) * Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced)
* Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting! * Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting!
* Fixed for SSL connection to support TLSv1.2 etc. * Fixed for SSL connection to support TLSv1.2 etc.
* Support for different RSA keylengths, thanks to fann95 for the patch * Support for different RSA keylengths, thanks to fann95 for the patch
* Fixed a bug where the cisco-enable module was not working with the password-only logon mode * Fixed a bug where the cisco-enable module was not working with the password-only logon mode
* Fixed an out of memory bug in http-form
* Fixed imap PLAIN method
* Fixed -x option to bail if it would generate too many passwords (more than 4 billion)
* Added warning if HYDRA_PROXY_CONNECT environment is detected, that is an outdated setting
* Added --fhs switch to configure (for Linux distribution usage)
* ... your patch? * ... your patch?

2
INSTALL Executable file → Normal file
View file

@ -2,7 +2,7 @@ type "./configure", then "make" and finally "sudo make install"
For special modules you need to install software packages before For special modules you need to install software packages before
you run "./configure": you run "./configure":
Ubuntu/Debian: apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev libncurses5-dev Ubuntu/Debian: apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird-dev libncurses5-dev
Redhat/Fedora: yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel Redhat/Fedora: yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel
OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel

0
LICENSE Executable file → Normal file
View file

12
LICENSE.OPENSSL Executable file → Normal file
View file

@ -13,8 +13,16 @@
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, * Foundation, Inc.
* MA 02111-1307, USA. *
* Free Software Foundation
* 51 Franklin Street, Fifth Floor
* Boston, MA 02110-1335
* USA
*
* Telephone: +1-617-542-5942
* Fax: +1-617-542-2652
* General email: info@fsf.org
* *
* In addition, as a special exception, the copyright holders give * In addition, as a special exception, the copyright holders give
* permission to link the code of portions of this program with the * permission to link the code of portions of this program with the

66
Makefile.am
View file

@ -1,33 +1,45 @@
# #
# Makefile for Hydra - (c) 2001-2014 by van Hauser / THC <vh@thc.org> # Makefile for Hydra - (c) 2001-2020 by van Hauser / THC <vh@thc.org>
# #
OPTS=-I. -O3 WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations
WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align
CFLAGS ?= -g
OPTS=-I. -O3 $(CFLAGS) -fcommon -Wl,--allow-multiple-definition
# -Wall -g -pedantic # -Wall -g -pedantic
LIBS=-lm LIBS=-lm
DIR=/bin DESTDIR ?=
BINDIR = /bin
MANDIR = /man/man1/
DATADIR = /etc
SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \
hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \
hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \
hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \ hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \
hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c \ hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \
hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \ hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \
hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \ hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \
hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \ hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \
hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \
hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \
hydra-rdp.c hydra-s7-300.c hydra-redis.c \ hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \
crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c hydra-rpcap.c hydra-radmin2.c \
hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \
hydra-smb2.c
OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \
hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \
hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \
hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \ hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \
hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o \ hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \
hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \ hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \
hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \ hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \
hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \ hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \
hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \ hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \
hydra-rdp.o hydra-s7-300.c \ hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \
crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \
hydra-rpcap.o hydra-radmin2.o \
crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \
hydra-smb2.o
BINS = hydra pw-inspector BINS = hydra pw-inspector
EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \
@ -57,15 +69,15 @@ strip: all
-echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null
install: strip install: strip
-mkdir -p $(PREFIX)$(DIR) -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR)
cp -f hydra-wizard.sh $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 hydra-wizard.sh $(BINS) cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS)
-echo OK > /dev/null && test -x xhydra && cp xhydra $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 xhydra || echo OK > /dev/null -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null
-sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh > $(PREFIX)/bin/dpl4hydra.sh -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh
-chmod 755 $(PREFIX)/bin/dpl4hydra.sh -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh
-mkdir -p $(PREFIX)/etc/ -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR)
-cp -f *.csv $(PREFIX)/etc/ -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR)
-mkdir -p $(PREFIX)/man/man1 -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR)
-cp -f hydra.1 xhydra.1 pw-inspector.1 $(PREFIX)/man/man1 -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR)
clean: clean:
rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile

1
Makefile.unix
View file

@ -1,2 +1 @@
CC=gcc
STRIP=strip STRIP=strip

5
PROBLEMS Normal file
View file

@ -0,0 +1,5 @@
List of known issues:
=====================
* Cygwin: more than 30 tasks (-t 31 or more) will lead to a stack smash
* OS X: brew installed modules are not compiled correctly and will crash hydra

250
README → README.md
View file

@ -1,8 +1,8 @@
H Y D R A H Y D R A
(c) 2001-2014 by van Hauser / THC (c) 2001-2021 by van Hauser / THC
<vh@thc.org> http://www.thc.org <vh@thc.org> https://github.com/vanhauser-thc/thc-hydra
many modules were written by David (dot) Maciejak @ gmail (dot) com many modules were written by David (dot) Maciejak @ gmail (dot) com
BFG code by Jan Dlabal <dlabaljan@gmail.com> BFG code by Jan Dlabal <dlabaljan@gmail.com>
@ -10,6 +10,9 @@
Please do not use in military or secret service organizations, Please do not use in military or secret service organizations,
or for illegal purposes. or for illegal purposes.
(This is the wish of the author and non-binding. Many people working
in these organizations do not care for laws and ethics anyways.
You are not one of the "good" ones if you ignore this.)
@ -18,26 +21,27 @@ INTRODUCTION
Number one of the biggest security holes are passwords, as every password Number one of the biggest security holes are passwords, as every password
security study shows. security study shows.
This tool is a proof of concept code, to give researchers and security This tool is a proof of concept code, to give researchers and security
consultants the possiblity to show how easy it would be to gain unauthorized consultants the possibility to show how easy it would be to gain unauthorized
access from remote to a system. access from remote to a system.
THIS TOOL IS FOR LEGAL PURPOSES ONLY! THIS TOOL IS FOR LEGAL PURPOSES ONLY!
There are already several login hacker tools available, however none does There are already several login hacker tools available, however, none does
either support more than one protocol to attack or support parallized either support more than one protocol to attack or support parallelized
connects. connects.
It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris,
FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX. FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS.
Currently this tool supports the following protocols: Currently this tool supports the following protocols:
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY,
HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST,
MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener,
PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin,
SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5,
Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth,
VNC and XMPP.
However the module engine for new services is very easy so it won't take a However the module engine for new services is very easy so it won't take a
long time until even more services are supported. long time until even more services are supported.
@ -48,12 +52,12 @@ Your help in writing, enhancing or fixing modules is highly appreciated!! :-)
WHERE TO GET WHERE TO GET
------------ ------------
You can always find the newest release/production version of hydra at its You can always find the newest release/production version of hydra at its
project page at https://www.thc.org/thc-hydra project page at https://github.com/vanhauser-thc/thc-hydra/releases
If you are interested in the current development state, the public development If you are interested in the current development state, the public development
repository is at Github: repository is at Github:
svn co https://github.com/vanhauser-thc/thc-hydra svn co https://github.com/vanhauser-thc/thc-hydra
or or
git clone https://github.com/vanhauser-thc/thc-hydra.git git clone https://github.com/vanhauser-thc/thc-hydra
Use the development version at your own risk. It contains new features and Use the development version at your own risk. It contains new features and
new bugs. Things might not work! new bugs. Things might not work!
@ -63,57 +67,68 @@ HOW TO COMPILE
-------------- --------------
To configure, compile and install hydra, just type: To configure, compile and install hydra, just type:
```
./configure ./configure
make make
make install make install
```
If you want the ssh module, you have to setup libssh (not libssh2!) on your If you want the ssh module, you have to setup libssh (not libssh2!) on your
system, get it from http://www.libssh.org, for ssh v1 support you also need system, get it from http://www.libssh.org, for ssh v1 support you also need
to add "-DWITH_SSH1=On" option in the cmake command line. to add "-DWITH_SSH1=On" option in the cmake command line.
IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew!
If you use Ubuntu/Debian, this will install supplementary libraries needed If you use Ubuntu/Debian, this will install supplementary libraries needed
for a few optional modules: for a few optional modules (note that some might not be available on your distribution):
```
apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
firebird2.1-dev libncp-dev firebird-dev libmemcached-dev libgpg-error-dev \
libgcrypt11-dev libgcrypt20-dev
```
This enables all optional modules and features with the exception of Oracle, This enables all optional modules and features with the exception of Oracle,
SAP R/3 and the apple filing protocol - which you will need to download and SAP R/3, NCP and the apple filing protocol - which you will need to download and
install from the vendor's web sites. install from the vendor's web sites.
For all other Linux derivates and BSD based systems, use the system For all other Linux derivates and BSD based systems, use the system
software installer and look for similar named libraries like in the software installer and look for similarly named libraries like in the
comand above. In all other cases you have to download all source libraries command above. In all other cases, you have to download all source libraries
and compile them manually. and compile them manually.
SUPPORTED PLATFORMS SUPPORTED PLATFORMS
------------------- -------------------
All UNIX platforms (linux, *bsd, solaris, etc.) - All UNIX platforms (Linux, *BSD, Solaris, etc.)
Mac OS/X - MacOS (basically a BSD clone)
Windows with Cygwin (both IPv4 and IPv6) - Windows with Cygwin (both IPv4 and IPv6)
Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) - Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
HOW TO USE HOW TO USE
---------- ----------
If you just enter "hydra", you will see a short summary of the important If you just enter `hydra`, you will see a short summary of the important
options available. options available.
Type "./hydra -h" to see all available command line options. Type `./hydra -h` to see all available command line options.
Note that NO login/password file is included. Generate them yourself. Note that NO login/password file is included. Generate them yourself.
A default password list is hoever present, use "dpl4hydra.sh" to generate A default password list is however present, use "dpl4hydra.sh" to generate
a list. a list.
For Linux users, a GTK gui is available, try "./xhydra" For Linux users, a GTK GUI is available, try `./xhydra`
For the command line usage, the syntax is as follows: For the command line usage, the syntax is as follows:
For attacking one target or a network, you can use the new "://" style: For attacking one target or a network, you can use the new "://" style:
hydra [some command line options] PROTOCOL://TARGET:PORT/OPTIONS hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS
The old mode can be used for these too, and additionally if you want to The old mode can be used for these too, and additionally if you want to
specify your targets from a text file, you *must* use this one: specify your targets from a text file, you *must* use this one:
hydra [some command line options] [-s port] TARGET PROTOCOL OPTIONS
```
hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS]
```
Via the command line options you specify which logins to try, which passwords, Via the command line options you specify which logins to try, which passwords,
if SSL should be used, how many parallel tasks to use for attacking, etc. if SSL should be used, how many parallel tasks to use for attacking, etc.
@ -121,7 +136,7 @@ if SSL should be used, how many parallel tasks to use for attacking, etc.
PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp,
http-get or many others are available http-get or many others are available
TARGET is the target you want to attack TARGET is the target you want to attack
OPTIONS are optional values which are special per PROTOCOL module MODULE-OPTIONS are optional values which are special per PROTOCOL module
FIRST - select your target FIRST - select your target
you have three options on how to specify the target you want to attack: you have three options on how to specify the target you want to attack:
@ -138,7 +153,7 @@ THIRD - check if the module has optional parameters
e.g. hydra -U smtp e.g. hydra -U smtp
FOURTH - the destination port FOURTH - the destination port
this is optional! if no port is supplied the default common port for the this is optional, if no port is supplied the default common port for the
PROTOCOL is used. PROTOCOL is used.
If you specify SSL to use ("-S" option), the SSL common port is used by default. If you specify SSL to use ("-S" option), the SSL common port is used by default.
@ -146,7 +161,7 @@ FOURTH - the destination port
If you use "://" notation, you must use "[" "]" brackets if you want to supply If you use "://" notation, you must use "[" "]" brackets if you want to supply
IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack:
hydra [some command line options] ftp://[192.168.0.0/24]/ hydra [some command line options] ftp://[192.168.0.0/24]/
hydra [some command line options] -6 smtp://[2001:db8::1]/NTLM hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM
Note that everything hydra does is IPv4 only! Note that everything hydra does is IPv4 only!
If you want to attack IPv6 addresses, you must add the "-6" command line option. If you want to attack IPv6 addresses, you must add the "-6" command line option.
@ -155,24 +170,29 @@ All attacks are then IPv6 only!
If you want to supply your targets via a text file, you can not use the :// If you want to supply your targets via a text file, you can not use the ://
notation but use the old style and just supply the protocol (and module options): notation but use the old style and just supply the protocol (and module options):
hydra [some command line options] -M targets.txt ftp hydra [some command line options] -M targets.txt ftp
You can supply also port for each target entry by adding ":<port>" after a You can also supply the port for each target entry by adding ":<port>" after a
target entry in the file, e.g.: target entry in the file, e.g.:
```
foo.bar.com foo.bar.com
target.com:21 target.com:21
unusual.port.com:2121 unusual.port.com:2121
default.used.here.com default.used.here.com
127.0.0.1 127.0.0.1
127.0.0.1:2121 127.0.0.1:2121
```
Note that if you want to attach IPv6 targets, you must supply the -6 option Note that if you want to attach IPv6 targets, you must supply the -6 option
and *must* put IPv6 addresses in brackets in the file(!) like this: and *must* put IPv6 addresses in brackets in the file(!) like this:
```
foo.bar.com foo.bar.com
target.com:21 target.com:21
[fe80::1%eth0] [fe80::1%eth0]
[2001::1] [2001::1]
[2002::2]:8080 [2002::2]:8080
[2a01:24a:133:0:00:123:ff:1a] [2a01:24a:133:0:00:123:ff:1a]
```
LOGINS AND PASSWORDS LOGINS AND PASSWORDS
-------------------- --------------------
@ -181,45 +201,68 @@ With -l for login and -p for password you tell hydra that this is the only
login and/or password to try. login and/or password to try.
With -L for logins and -P for passwords you supply text files with entries. With -L for logins and -P for passwords you supply text files with entries.
e.g.: e.g.:
```
hydra -l admin -p password ftp://localhost/ hydra -l admin -p password ftp://localhost/
hydra -L default_logins.txt -p test ftp://localhost/ hydra -L default_logins.txt -p test ftp://localhost/
hydra -l admin -P common_passwords.txt ftp://localhost/ hydra -l admin -P common_passwords.txt ftp://localhost/
hydra -L logins.txt -P passwords.txt ftp://localhost/ hydra -L logins.txt -P passwords.txt ftp://localhost/
```
Additionally, you can try passwords based on the login via the "-e" option. Additionally, you can try passwords based on the login via the "-e" option.
The "-e" option has three parameters: The "-e" option has three parameters:
```
s - try the login as password s - try the login as password
n - try an empty password n - try an empty password
r - reverse the login and try it as password r - reverse the login and try it as password
```
If you want to, e.g. try "try login as password and "empty password", you If you want to, e.g. try "try login as password and "empty password", you
specify "-e sn" on the command line. specify "-e sn" on the command line.
But there are two more modes for trying passwords than -p/-P: But there are two more modes for trying passwords than -p/-P:
You can use text file which where a login and password pair is seperated by a colon, You can use text file which where a login and password pair is separated by a colon,
e.g.: e.g.:
```
admin:password admin:password
test:test test:test
foo:bar foo:bar
```
This is a common default account style listing, that is also generated by the This is a common default account style listing, that is also generated by the
dpl4hydra.sh default account file generator supplied with hydra. dpl4hydra.sh default account file generator supplied with hydra.
You use such a text file with the -C option - note that in this mode you You use such a text file with the -C option - note that in this mode you
can not use -l/-L/-p/-P options (-e nsr however you can). can not use -l/-L/-p/-P options (-e nsr however you can).
Example: Example:
```
hydra -C default_accounts.txt ftp://localhost/ hydra -C default_accounts.txt ftp://localhost/
```
And finally, there is a bruteforce mode with the -x option (which you can not And finally, there is a bruteforce mode with the -x option (which you can not
use with -p/-P/-C): use with -p/-P/-C):
```
-x minimum_length:maximum_length:charset -x minimum_length:maximum_length:charset
the charset definition is 'a' for lowercase letters, 'A' for uppercase letters, ```
'1' for numbers and for anything else you supply it is their real representation.
the charset definition is `a` for lowercase letters, `A` for uppercase letters,
`1` for numbers and for anything else you supply it is their real representation.
Examples: Examples:
```
-x 1:3:a generate passwords from length 1 to 3 with all lowercase letters -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
-x 2:5:/ generate passwords from length 2 to 5 containing only slashes -x 2:5:/ generate passwords from length 2 to 5 containing only slashes
-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
```
Example: Example:
```
hydra -l ftp -x 3:3:a ftp://localhost/ hydra -l ftp -x 3:3:a ftp://localhost/
```
SPECIAL OPTIONS FOR MODULES SPECIAL OPTIONS FOR MODULES
--------------------------- ---------------------------
@ -228,47 +271,61 @@ commandline option, you can pass one option to a module.
Many modules use this, a few require it! Many modules use this, a few require it!
To see the special option of a module, type: To see the special option of a module, type:
hydra -U <module> hydra -U <module>
e.g. e.g.
./hydra -U http-post-form ./hydra -U http-post-form
The special options can be passed via the -m parameter, as 3rd command line The special options can be passed via the -m parameter, as 3rd command line
option or in the service://target/option format. option or in the service://target/option format.
Examples (they are all equal): Examples (they are all equal):
```
./hydra -l test -p test -m PLAIN 127.0.0.1 imap ./hydra -l test -p test -m PLAIN 127.0.0.1 imap
./hydra -l test -p test 127.0.0.1 imap PLAIN ./hydra -l test -p test 127.0.0.1 imap PLAIN
./hydra -l test -p test imap://127.0.0.1/PLAIN ./hydra -l test -p test imap://127.0.0.1/PLAIN
```
RESTORING AN ABORTED/CRASHED SESSION RESTORING AN ABORTED/CRASHED SESSION
------------------------------------ ------------------------------------
When hydra is aborted with Control-C, killed or crashs, it leavs a When hydra is aborted with Control-C, killed or crashes, it leaves a
"hydra.restore" file behind which contains all necessary information to "hydra.restore" file behind which contains all necessary information to
restore the session. This session file is written every 5 minutes. restore the session. This session file is written every 5 minutes.
NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. NOTE: the hydra.restore file can NOT be copied to a different platform (e.g.
from little indian to big indian, or from solaris to aix) from little endian to big endian, or from Solaris to AIX)
HOW TO SCAN/CRACK OVER A PROXY HOW TO SCAN/CRACK OVER A PROXY
------------------------------ ------------------------------
The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works
just for the http/www service!). just for the http services!).
The following syntax is valid: The following syntax is valid:
```
HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
For all other services, use the HYDRA_PROXY variable to scan/crack HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/"
via by default a web proxy's CONNECT call. It uses the same syntax. eg: HYDRA_PROXY_HTTP="proxylist.txt"
HYDRA_PROXY=[http|socks4|socks5]://proxy_addr:proxy_port ```
The last example is a text file containing up to 64 proxies (in the same
format definition as the other examples).
For all other services, use the HYDRA_PROXY variable to scan/crack.
It uses the same syntax. eg:
```
HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port
```
for example: for example:
HYDRA_PROXY=http://proxy.anonymizer.com:8000
If you require authentication for the proxy, use the HYDRA_PROXY_AUTH
environment variable:
HYDRA_PROXY_AUTH="the_login:the_password"
```
HYDRA_PROXY=connect://proxy.anonymizer.com:8000
HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080
HYDRA_PROXY=socksproxylist.txt
```
ADDITIONAL HINTS ADDITIONAL HINTS
---------------- ----------------
@ -277,16 +334,87 @@ ADDITIONAL HINTS
* uniq your dictionary files! this can save you a lot of time :-) * uniq your dictionary files! this can save you a lot of time :-)
cat words.txt | sort | uniq > dictionary.txt cat words.txt | sort | uniq > dictionary.txt
* if you know that the target is using a password policy (allowing users * if you know that the target is using a password policy (allowing users
only to choose password with a minimum length of 6, containing a least one only to choose a password with a minimum length of 6, containing a least one
letter and one number, etc. use the tool pw-inspector which comes along letter and one number, etc. use the tool pw-inspector which comes along
with the hydra package to reduce the password list: with the hydra package to reduce the password list:
cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt
RESULTS OUTPUT
--------------
The results are output to stdio along with the other information. Via the -o
command line option, the results can also be written to a file. Using -b,
the format of the output can be specified. Currently, these are supported:
* `text` - plain text format
* `jsonv1` - JSON data using version 1.x of the schema (defined below).
* `json` - JSON data using the latest version of the schema, currently there
is only version 1.
If using JSON output, the results file may not be valid JSON if there are
serious errors in booting Hydra.
JSON Schema
-----------
Here is an example of the JSON output. Notes on some of the fields:
* `errormessages` - an array of zero or more strings that are normally printed
to stderr at the end of the Hydra's run. The text is very free form.
* `success` - indication if Hydra ran correctly without error (**NOT** if
passwords were detected). This parameter is either the JSON value `true`
or `false` depending on completion.
* `quantityfound` - How many username+password combinations discovered.
* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00,
2.03, etc. Hydra will make second tuple of the version to always be two
digits to make it easier for downstream processors (as opposed to v1.1 vs
v1.10). The minor-level versions are additive, so 1.02 will contain more
fields than version 1.00 and will be backward compatible. Version 2.x will
break something from version 1.x output.
Version 1.00 example:
```
{
"errormessages": [
"[ERROR] Error Message of Something",
"[ERROR] Another Message",
"These are very free form"
],
"generator": {
"built": "2021-03-01 14:44:22",
"commandline": "hydra -b jsonv1 -o results.json ... ...",
"jsonoutputversion": "1.00",
"server": "127.0.0.1",
"service": "http-post-form",
"software": "Hydra",
"version": "v8.5"
},
"quantityfound": 2,
"results": [
{
"host": "127.0.0.1",
"login": "bill@example.com",
"password": "bill",
"port": 9999,
"service": "http-post-form"
},
{
"host": "127.0.0.1",
"login": "joe@example.com",
"password": "joe",
"port": 9999,
"service": "http-post-form"
}
],
"success": false
}
```
SPEED SPEED
----- -----
through the parallizing feature, this password cracker tool can be very through the parallelizing feature, this password cracker tool can be very
fast, however it depends on the protocol. The fastest are generally POP3 fast, however it depends on the protocol. The fastest are generally POP3
and FTP. and FTP.
Experiment with the task option (-t) to speed things up! The higher - the Experiment with the task option (-t) to speed things up! The higher - the
@ -300,6 +428,7 @@ Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing
295 entries (294 tries invalid logins, 1 valid). Every test was run three 295 entries (294 tries invalid logins, 1 valid). Every test was run three
times (only for "1 task" just once), and the average noted down. times (only for "1 task" just once), and the average noted down.
```
P A R A L L E L T A S K S P A R A L L E L T A S K S
SERVICE 1 4 8 16 32 50 64 100 128 SERVICE 1 4 8 16 32 50 64 100 128
------- -------------------------------------------------------------------- ------- --------------------------------------------------------------------
@ -307,6 +436,7 @@ telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55*
ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32
pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50
imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21
```
(*) (*)
Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with
@ -314,9 +444,11 @@ Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with
The reason for this is unknown... The reason for this is unknown...
guesses per task (rounded up): guesses per task (rounded up):
295 74 38 19 10 6 5 3 3 295 74 38 19 10 6 5 3 3
guesses possible per connect (depends on the server software and config): guesses possible per connect (depends on the server software and config):
telnet 4 telnet 4
ftp 6 ftp 6
pop3 1 pop3 1
@ -333,6 +465,7 @@ vh@thc.org (and put "antispam" in the subject line)
You should use PGP to encrypt emails to vh@thc.org : You should use PGP to encrypt emails to vh@thc.org :
```
-----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v3.3.3 (vh@thc.org) Version: GnuPG v3.3.3 (vh@thc.org)
@ -398,3 +531,4 @@ zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni
zB3yrr+vYBT0uDWmxwPjiJs= zB3yrr+vYBT0uDWmxwPjiJs=
=ytEf =ytEf
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----
```

9
TODO
View file

@ -1,5 +1,11 @@
./configure:
- add test for -march=native
--- this is old ---
Prio 1: Prio 1:
* add cookie support to hydra-http.c
* hydra-smb more than 1 connection? * hydra-smb more than 1 connection?
* add help hints? * add help hints?
* test teamspeak, icq * test teamspeak, icq
@ -9,6 +15,9 @@ Prio 1:
* add snmpv3 privacy support * add snmpv3 privacy support
* http: option to specify an url for testing if the login was right or wrong * http: option to specify an url for testing if the login was right or wrong
* does hydra-oracle work with service names? (often SIDs do not work anymore) * does hydra-oracle work with service names? (often SIDs do not work anymore)
* fix crash for -R on x64
* IPv6 addresses in txt file does not work
* prot://ipv6addr:port does not have []
Prio 2: Prio 2:

121
bfg.c
View file

@ -1,26 +1,65 @@
/* code original by Jan Dlabal <dlabaljan@gmail.com>, partially rewritten by vh */ /* code original by Jan Dlabal <dlabaljan@gmail.com>, partially rewritten by vh. */
#include <ctype.h>
#include <math.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <math.h> #ifdef __sun
#include <ctype.h> #include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#else
#include <stdint.h>
#endif
#include "bfg.h" #include "bfg.h"
bf_option bf_options; bf_option bf_options;
#ifdef HAVE_MATH_H #ifdef HAVE_MATH_H
extern int debug; extern int32_t debug;
static int32_t add_single_char(char ch, char flags, int32_t *crs_len) {
if ((ch >= '2' && ch <= '9') || ch == '0') {
if ((flags & BF_NUMS) > 0) {
printf("[ERROR] character %c defined in -x although the whole number "
"range was already defined by '1', ignored\n",
ch);
return 0;
}
// printf("[WARNING] adding character %c for -x, note that '1' will add all
// numbers from 0-9\n", ch);
}
if (tolower((int32_t)ch) >= 'b' && tolower((int32_t)ch) <= 'z') {
if ((ch <= 'Z' && (flags & BF_UPPER) > 0) || (ch > 'Z' && (flags & BF_UPPER) > 0)) {
printf("[ERROR] character %c defined in -x although the whole letter "
"range was already defined by '%c', ignored\n",
ch, ch <= 'Z' ? 'A' : 'a');
return 0;
}
// printf("[WARNING] adding character %c for -x, note that '%c' will add all
// %scase letters\n", ch, ch <= 'Z' ? 'A' : 'a', ch <= 'Z' ? "up" : "low");
}
(*crs_len)++;
if (BF_CHARSMAX - *crs_len < 1) {
free(bf_options.crs);
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
return 1;
} else {
bf_options.crs[*crs_len - 1] = ch;
bf_options.crs[*crs_len] = '\0';
}
return 0;
}
// return values : 0 on success, 1 on error // return values : 0 on success, 1 on error
// //
// note that we check for -x .:.:ab but not for -x .:.:ba // note that we check for -x .:.:ab but not for -x .:.:ba
// //
int bf_init(char *arg) { int32_t bf_init(char *arg) {
int i = 0; int32_t i = 0;
int crs_len = 0; int32_t crs_len = 0;
char flags = 0; char flags = 0;
char *tmp = strchr(arg, ':'); char *tmp = strchr(arg, ':');
@ -32,7 +71,8 @@ int bf_init(char *arg) {
} }
bf_options.from = atoi(arg); bf_options.from = atoi(arg);
if (bf_options.from < 1 || bf_options.from > 127) { if (bf_options.from < 1 || bf_options.from > 127) {
fprintf(stderr, "Error: minimum length must be between 1 and 127, format: -x min:max:types\n"); fprintf(stderr, "Error: minimum length must be between 1 and 127, format: "
"-x min:max:types\n");
return 1; return 1;
} }
arg = tmp + 1; arg = tmp + 1;
@ -52,7 +92,8 @@ int bf_init(char *arg) {
tmp++; tmp++;
if (bf_options.from > bf_options.to) { if (bf_options.from > bf_options.to) {
fprintf(stderr, "Error: you specified a minimum length higher than the maximum length!\n"); fprintf(stderr, "Error: you specified a minimum length higher than the "
"maximum length!\n");
return 1; return 1;
} }
@ -69,6 +110,10 @@ int bf_init(char *arg) {
bf_options.crs[0] = 0; bf_options.crs[0] = 0;
for (; tmp[i]; i++) { for (; tmp[i]; i++) {
if (bf_options.disable_symbols) {
if (add_single_char(tmp[i], flags, &crs_len) == -1)
return 1;
} else {
switch (tmp[i]) { switch (tmp[i]) {
case 'a': case 'a':
crs_len += 26; crs_len += 26;
@ -119,55 +164,43 @@ int bf_init(char *arg) {
break; break;
default: default:
if ((tmp[i] >= '2' && tmp[i] <= '9') || tmp[i] == '0') { if (add_single_char(tmp[i], flags, &crs_len) == -1)
if ((flags & BF_NUMS) > 0) {
printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", tmp[i]);
continue;
}
printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", tmp[i]);
}
if (tolower((int) tmp[i]) >= 'b' && tolower((int) tmp[i]) <= 'z') {
if ((tmp[i] <= 'Z' && (flags & BF_UPPER) > 0) || (tmp[i] > 'Z' && (flags & BF_UPPER) > 0)) {
printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a');
continue;
}
printf("[WARNING] adding character %c for -x, note that '%c' will add all %scase letters\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a', tmp[i] <= 'Z' ? "up" : "low");
}
crs_len++;
if (BF_CHARSMAX - crs_len < 1) {
free(bf_options.crs);
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
return 1; return 1;
} else {
bf_options.crs[crs_len - 1] = tmp[i];
bf_options.crs[crs_len] = '\0';
}
break; break;
} }
} }
}
bf_options.crs_len = crs_len; bf_options.crs_len = crs_len;
bf_options.current = bf_options.from; bf_options.current = bf_options.from;
memset((char *)bf_options.state, 0, sizeof(bf_options.state)); memset((char *)bf_options.state, 0, sizeof(bf_options.state));
if (debug) if (debug)
printf("[DEBUG] bfg INIT: from %d, to %d, len: %d, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs); printf("[DEBUG] bfg INIT: from %u, to %u, len: %u, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs);
return 0; return 0;
} }
uint64_t bf_get_pcount() {
unsigned long int bf_get_pcount() { int32_t i;
int i; double count = 0;
unsigned long int count = 0; uint64_t foo;
for (i = bf_options.from; i <= bf_options.to; i++) for (i = bf_options.from; i <= bf_options.to; i++)
count += (unsigned long int) (pow((float) bf_options.crs_len, (float) i)); count += (pow((double)bf_options.crs_len, (double)i));
return count; if (count >= 0xffffffff) {
fprintf(stderr, "\n[ERROR] definition for password bruteforce (-x) "
"generates more than 4 billion passwords - this is not a bug in the program, it is just not feasible to try so many attempts. Try a calculator how long that would take. duh.\n");
exit(-1);
} }
foo = count / 1;
return foo;
}
char *bf_next() { char *bf_next() {
int i, pos = bf_options.current - 1; int32_t i, pos = bf_options.current - 1;
if (bf_options.current > bf_options.to) if (bf_options.current > bf_options.to)
return NULL; // we are done return NULL; // we are done
@ -177,23 +210,25 @@ char *bf_next() {
return NULL; return NULL;
} }
for (i = 0; i < bf_options.current; i++) for (i = 0; i < bf_options.current; ++i)
bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; bf_options.ptr[i] = bf_options.crs[bf_options.state[i]];
// we don't subtract the same depending on wether the length is odd or even
bf_options.ptr[bf_options.current] = 0; bf_options.ptr[bf_options.current] = 0;
if (debug) { if (debug) {
printf("[DEBUG] bfg IN: len %d, from %d, current %d, to %d, state:", bf_options.crs_len, bf_options.from, bf_options.current, bf_options.to); printf("[DEBUG] bfg IN: len %u, from %u, current %u, to %u, state:", bf_options.crs_len, bf_options.from, bf_options.current, bf_options.to);
for (i = 0; i < bf_options.current; i++) for (i = 0; i < bf_options.current; i++)
printf(" %d", bf_options.state[i]); printf(" %u", bf_options.state[i]);
printf(", x: %s\n", bf_options.ptr); printf(", x: %s\n", bf_options.ptr);
} }
// we revert the ordering of the bruteforce to fix the first static character
while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) {
bf_options.state[pos] = 0; bf_options.state[pos] = 0;
pos--; pos--;
} }
if (pos < 0) { if (pos < 0 || pos >= bf_options.current) {
bf_options.current++; bf_options.current++;
memset((char *)bf_options.state, 0, sizeof(bf_options.state)); memset((char *)bf_options.state, 0, sizeof(bf_options.state));
} }

9
bfg.h
View file

@ -24,7 +24,9 @@
#define BF_WEBSITE "http://houbysoft.com/bfg/" #define BF_WEBSITE "http://houbysoft.com/bfg/"
#define BF_BUFLEN 1024 #define BF_BUFLEN 1024
#define BF_CHARSMAX 256 /* how many max possibilities there are for characters, normally it's 2^8 = 256 */ #define BF_CHARSMAX \
256 /* how many max possibilities there are for characters, normally it's \
2^8 = 256 */
#define BF_LOWER 1 #define BF_LOWER 1
#define BF_UPPER 2 #define BF_UPPER 2
@ -40,13 +42,14 @@ typedef struct {
char *arg; /* argument received for bfg commandline option */ char *arg; /* argument received for bfg commandline option */
char *crs; /* internal representation of charset */ char *crs; /* internal representation of charset */
char *ptr; /* ptr to the last generated password */ char *ptr; /* ptr to the last generated password */
uint32_t disable_symbols;
} bf_option; } bf_option;
extern bf_option bf_options; extern bf_option bf_options;
#ifdef HAVE_MATH_H #ifdef HAVE_MATH_H
extern unsigned long int bf_get_pcount(); extern uint64_t bf_get_pcount();
extern int bf_init(char *arg); extern int32_t bf_init(char *arg);
extern char *bf_next(); extern char *bf_next();
#endif #endif

684
configure vendored
View file

@ -1,20 +1,30 @@
#!/bin/sh #!/bin/sh
# #
# uname -s = Linux | OpenBSD | FreeBSD # uname -s = Linux | OpenBSD | FreeBSD | Darwin
# uname -m = i636 or x86_64 # uname -m = i636 or x86_64
if [ "$1" = "-h" -o "$1" = "--help" ]; then if [ "$1" = "-h" -o "$1" = "--help" ]; then
echo Options: echo Options:
echo " --prefix=path path to install hydra and its datafiles to" echo " --prefix=path path to install hydra and its datafiles to"
echo " --fhs install according to the File System Hierarchy Standard"
echo " --with-oracle=prefix prefix for oracle include dir" echo " --with-oracle=prefix prefix for oracle include dir"
echo " --with-oracle-lib=prefix prefix for oracle lib dir" echo " --with-oracle-lib=prefix prefix for oracle lib dir"
echo " --with-ssl=prefix prefix for SSL headers"
echo " --with-ssl-lib=prefix prefix for SSL libraries"
echo " --disable-xhydra disable compilation of hydra GUI" echo " --disable-xhydra disable compilation of hydra GUI"
echo " --nostrip do not per default strip binaries before install" echo " --nostrip do not per default strip binaries before install"
echo " --debug show debug output to trace errors" echo " --debug show debug output to trace errors"
echo " --help this here" echo " --help this here"
echo
echo If the CC environment variable is set, this is used as the compiler for the configure tests. The default is \"gcc\" otherwise.
echo You can also set PKG_CONFIG if necessary.
exit 0 exit 0
fi fi
test -z "$CC" && CC=gcc
test -z "$PKG_CONFIG" && PKG_CONFIG=pkg-config
FHS=""
SIXFOUR="" SIXFOUR=""
DEBUG="" DEBUG=""
PREFIX="" PREFIX=""
@ -25,9 +35,12 @@ WORACLE_PATH=""
WORACLE_LIB_PATH="" WORACLE_LIB_PATH=""
SSL_PATH="" SSL_PATH=""
SSL_IPATH="" SSL_IPATH=""
WSSL_PATH=""
WSSL_LIB_PATH=""
CURSES_PATH="" CURSES_PATH=""
CURSES_IPATH="" CURSES_IPATH=""
CRYPTO_PATH="" CRYPTO_PATH=""
GPGERROR_IPATH=""
IDN_PATH="" IDN_PATH=""
IDN_IPATH="" IDN_IPATH=""
PR29_IPATH="" PR29_IPATH=""
@ -38,6 +51,12 @@ FIREBIRD_PATH=""
FIREBIRD_IPATH="" FIREBIRD_IPATH=""
MYSQL_PATH="" MYSQL_PATH=""
MYSQL_IPATH="" MYSQL_IPATH=""
MCACHED_PATH=""
MCACHED_IPATH=""
MONGODB_PATH=""
MONGODB_IPATH=""
BSON_PATH=""
BSON_IPATH=""
AFP_PATH="" AFP_PATH=""
AFP_IPATH="" AFP_IPATH=""
NCP_PATH="" NCP_PATH=""
@ -53,6 +72,12 @@ NSL_PATH=""
SOCKET_PATH="" SOCKET_PATH=""
MANDIR="" MANDIR=""
XHYDRA_SUPPORT="" XHYDRA_SUPPORT=""
FREERDP2_PATH=""
WINPR2_PATH=""
FREERDP3_PATH=""
WINPR3_PATH=""
SMBC_PATH=""
SMBC_IPATH=""
if [ '!' "X" = "X$*" ]; then if [ '!' "X" = "X$*" ]; then
while [ $# -gt 0 ] ; do while [ $# -gt 0 ] ; do
@ -68,6 +93,12 @@ if [ '!' "X" = "X$*" ]; then
NOSTRIP="yes" NOSTRIP="yes"
fi fi
fi fi
if [ "X" = "X$FHS" ]; then
FHS_TMP=`echo "$1"|sed 's/.*--fhs//'`
if [ -z "$FHS_TMP" ]; then
FHS="yes"
fi
fi
if [ "X" = "X$DEBUG" ]; then if [ "X" = "X$DEBUG" ]; then
DEBUG_TMP=`echo "$1"|sed 's/.*--debug//'` DEBUG_TMP=`echo "$1"|sed 's/.*--debug//'`
if [ -z "$DEBUG_TMP" ]; then if [ -z "$DEBUG_TMP" ]; then
@ -101,6 +132,7 @@ echo "Starting hydra auto configuration ..."
rm -f Makefile.in rm -f Makefile.in
SYSS=`uname -s 2> /dev/null` SYSS=`uname -s 2> /dev/null`
SYSO=`uname -o 2> /dev/null` SYSO=`uname -o 2> /dev/null`
SYSM=`uname -m 2> /dev/null`
if [ "$SYSS" = "Linux" -o "$SYSS" = "OpenBSD" -o "$SYSS" = "FreeBSD" -o "$SYSS" = "NetBSD" -o "$SYSS" = "Darwin" ]; then if [ "$SYSS" = "Linux" -o "$SYSS" = "OpenBSD" -o "$SYSS" = "FreeBSD" -o "$SYSS" = "NetBSD" -o "$SYSS" = "Darwin" ]; then
SF=`uname -m | grep 64` SF=`uname -m | grep 64`
if [ `uname -m` = "s390x" ]; then if [ `uname -m` = "s390x" ]; then
@ -114,6 +146,12 @@ if [ "$SYSS" = "Linux" -o "$SYSS" = "OpenBSD" -o "$SYSS" = "FreeBSD" -o "$SYSS"
echo Detected 64 Bit $SYSS OS echo Detected 64 Bit $SYSS OS
fi fi
fi fi
# On macOS /usr/include only exists if one has installed the Command Line Tools package.
# If this is an Xcode-only system we need to look inside the SDK for headers.
SDK_PATH=""
if [ "$SYSS" = "Darwin" -a ! -d "/usr/include" ]; then
SDK_PATH=`xcrun --show-sdk-path`
fi
LIBDIRS=`cat /etc/ld.so.conf /etc/ld.so.conf.d/* 2> /dev/null | grep -v '^#' | sort | uniq` LIBDIRS=`cat /etc/ld.so.conf /etc/ld.so.conf.d/* 2> /dev/null | grep -v '^#' | sort | uniq`
if [ "$SIXFOUR" = "64" ]; then if [ "$SIXFOUR" = "64" ]; then
LIBDIRS="$LIBDIRS /lib64 /usr/lib64 /usr/local/lib64 /opt/local/lib64" LIBDIRS="$LIBDIRS /lib64 /usr/lib64 /usr/local/lib64 /opt/local/lib64"
@ -121,17 +159,42 @@ fi
if [ -d "/Library/Developer/CommandLineTools/usr/lib" ]; then if [ -d "/Library/Developer/CommandLineTools/usr/lib" ]; then
LIBDIRS="$LIBDIRS /Library/Developer/CommandLineTools/usr/lib /Library/Developer/CommandLineTools/lib" LIBDIRS="$LIBDIRS /Library/Developer/CommandLineTools/usr/lib /Library/Developer/CommandLineTools/lib"
fi fi
LIBDIRS="$LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib" LIBDIRS="$LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib /mingw64/lib /mingw64/bin"
INCDIRS="/usr/include /usr/local/include /opt/include /opt/local/include" INCDIRS="$SDK_PATH/usr/include /usr/local/include /opt/include /opt/local/include /mingw64/include"
if [ -n "$PREFIX" ]; then
if [ -d "$PREFIX/lib" ]; then
LIBDIRS="$LIBDIRS $PREFIX/lib"
fi
if [ -d "$PREFIX/include" ]; then
INCDIRS="$INCDIRS $PREFIX/include"
fi
fi
STRIP="strip" STRIP="strip"
echo echo
echo "Checking for openssl (libssl, libcrypto, ssl.h, sha.h) ..." echo "Checking for zlib (libz/zlib.h) ..."
for i in $INCDIRS; do
if [ -f "$i/zlib.h" ]; then
HAVE_ZLIB="y"
fi
done
if [ -n "$HAVE_ZLIB" ]; then
echo " ... found"
else
echo " ... zlib not found, gzip support disabled"
fi
echo "Checking for openssl (libssl/libcrypto/ssl.h/sha.h) ..."
if [ "X" != "X$DEBUG" ]; then if [ "X" != "X$DEBUG" ]; then
echo DEBUG: SSL_LIB=$LIBDIRS `ls -d /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib 2> /dev/null` echo DEBUG: SSL_LIB=$LIBDIRS `ls -d /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib 2> /dev/null`
echo DEBUG: SSL_INC=$INCDIRS `ls -d /*ssl/include /opt/*ssl/include /usr/*ssl/include /usr/local/*ssl/include 2> /dev/null` echo DEBUG: SSL_INC=$INCDIRS `ls -d /*ssl/include /opt/*ssl/include /usr/*ssl/include /usr/local/*ssl/include 2> /dev/null`
fi fi
if [ "X" != "X$WSSL_LIB_PATH" ]; then
SSL_PATH="$i"
CRYPTO_PATH="$i"
else
for i in $LIBDIRS \ for i in $LIBDIRS \
/*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl \ /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl \
/*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib
@ -159,8 +222,13 @@ do
fi fi
fi fi
done done
fi
SSLNEW="" SSLNEW=""
if [ "X" = "X$SSL_PATH" ]; then
SSL_PATH="$i"
SSLNEW=`grep SHA256_CTX $i/openssl/sha.h 2> /dev/null`
else
for i in $INCDIRS /*ssl/include /opt/*ssl/include /usr/*ssl/include /usr/local/*ssl/include for i in $INCDIRS /*ssl/include /opt/*ssl/include /usr/*ssl/include /usr/local/*ssl/include
do do
if [ "X" = "X$SSL_IPATH" ]; then if [ "X" = "X$SSL_IPATH" ]; then
@ -170,6 +238,7 @@ do
fi fi
fi fi
done done
fi
if [ "X" != "X$DEBUG" ]; then if [ "X" != "X$DEBUG" ]; then
echo DEBUG: SSL_PATH=$SSL_PATH/libssl echo DEBUG: SSL_PATH=$SSL_PATH/libssl
echo DEBUG: CRYPTO_PATH=$CRYPTO_PATH/libcrypto echo DEBUG: CRYPTO_PATH=$CRYPTO_PATH/libcrypto
@ -199,7 +268,34 @@ if [ "$SSL_IPATH" = "/usr/include" ]; then
SSL_IPATH="" SSL_IPATH=""
fi fi
echo "Checking for idn (libidn.so) ..." echo "Checking for gcrypt (libgcrypt/gpg-error.h) ..."
for i in $LIBDIRS ; do
if [ -f "$i/libgcrypt.so" -o -f "$i/libgcrypt.dylib" -o -f "$i/libgcrypt.a" -o -f "$i/libgcrypt.dll.a" -o -f "$i/libgcrypt.la" ]; then
HAVE_GCRYPT="y"
fi
done
for i in $INCDIRS ; do
if [ "X" = "X$GPGERROR_IPATH" ]; then
TMP_PATH=`/bin/ls $i/$SYSM*/gpg-error.h 2> /dev/null`
if [ -n "$TMP_PATH" ]; then
GPGERROR_IPATH="$i"
else
if [ -f "$i/gpg-error.h" ]; then
GPGERROR_IPATH="$i"
fi
fi
fi
done
if [ -n "$HAVE_GCRYPT" -a "X" != "X$GPGERROR_IPATH" ]; then
echo " ... found"
else
echo " ... gcrypt not found, radmin2 module disabled"
HAVE_GCRYPT=""
fi
echo "Checking for idn (libidn) ..."
for i in $LIBDIRS ; do for i in $LIBDIRS ; do
if [ "X" = "X$IDN_PATH" ]; then if [ "X" = "X$IDN_PATH" ]; then
if [ -f "$i/libidn.so" -o -f "$i/libidn.dylib" -o -f "$i/libidn.a" -o -f "$i/libidn.dll.a" -o -f "$i/libidn.la" ]; then if [ -f "$i/libidn.so" -o -f "$i/libidn.dylib" -o -f "$i/libidn.a" -o -f "$i/libidn.dll.a" -o -f "$i/libidn.la" ]; then
@ -241,7 +337,7 @@ if [ "X" = "X$IDN_PATH" -o "X" = "X$IDN_IPATH" ]; then
PR29_IPATH="" PR29_IPATH=""
fi fi
echo "Checking for curses (libcurses.so / term.h) ..." echo "Checking for curses (libcurses/term.h) ..."
for i in $LIBDIRS; do for i in $LIBDIRS; do
if [ "X" = "X$CURSES_PATH" ]; then if [ "X" = "X$CURSES_PATH" ]; then
if [ -f "$i/libcurses.so" -o -f "$i/libcurses.dylib" -o -f "$i/libcurses.a" ]; then if [ -f "$i/libcurses.so" -o -f "$i/libcurses.dylib" -o -f "$i/libcurses.a" ]; then
@ -284,7 +380,7 @@ if [ "X" = "X$CURSES_PATH" -o "X" = "X$CURSES_IPATH" ]; then
CURSES_IPATH="" CURSES_IPATH=""
fi fi
echo "Checking for pcre (libpcre.so, pcre.h) ..." echo "Checking for pcre (libpcre/pcre.h) ..."
for i in $LIBDIRS ; do for i in $LIBDIRS ; do
if [ "X" = "X$PCRE_PATH" ]; then if [ "X" = "X$PCRE_PATH" ]; then
if [ -f "$i/libpcre.so" -o -f "$i/libpcre.dylib" -o -f "$i/libpcre.a" ]; then if [ -f "$i/libpcre.so" -o -f "$i/libpcre.dylib" -o -f "$i/libpcre.a" ]; then
@ -324,7 +420,7 @@ if [ "X" = "X$PCRE_PATH" -o "X" = "X$PCRE_IPATH" ]; then
PCRE_IPATH="" PCRE_IPATH=""
fi fi
echo "Checking for Postgres (libpq.so, libpq-fe.h) ..." echo "Checking for Postgres (libpq/libpq-fe.h) ..."
#if [ "$SYSO" = "Cygwin" ]; then #if [ "$SYSO" = "Cygwin" ]; then
# echo " ... DISABLED - postgres is buggy in Cygwin at the moment" # echo " ... DISABLED - postgres is buggy in Cygwin at the moment"
# POSTGRES_PATH="" # POSTGRES_PATH=""
@ -351,7 +447,7 @@ echo "Checking for Postgres (libpq.so, libpq-fe.h) ..."
done done
POSTGRES_IPATH= POSTGRES_IPATH=
for i in $INCDIRS \ for i in $INCDIRS \
/opt/p*sql*/include /usr/*p*sql*/include /usr/local/*psql*/include /opt/p*sql*/include /usr/*p*sql*/include /usr/local/*psql*/include /mingw64/include
do do
if [ "X" = "X$POSTGRES_IPATH" ]; then if [ "X" = "X$POSTGRES_IPATH" ]; then
if [ -f "$i/libpq-fe.h" ]; then if [ -f "$i/libpq-fe.h" ]; then
@ -380,7 +476,7 @@ fi
fi fi
#fi #fi
echo "Checking for SVN (libsvn_client-1 libapr-1.so libaprutil-1.so) ..." echo "Checking for SVN (libsvn_client-1/libapr-1/libaprutil-1) ..."
for i in $LIBDIRS ; do for i in $LIBDIRS ; do
if [ "X" = "X$SVN_PATH" ]; then if [ "X" = "X$SVN_PATH" ]; then
if [ -f "$i/libsvn_client-1.so" ]; then if [ -f "$i/libsvn_client-1.so" ]; then
@ -480,6 +576,10 @@ for i in $INCDIRS ; do
fi fi
fi fi
done done
SYS_PARAM=""
if [ -f "$SDK_PATH/usr/include/sys/param.h" ]; then
SYS_PARAM=-DHAVE_SYS_PARAM_H
fi
if [ "X" != "X$DEBUG" ]; then if [ "X" != "X$DEBUG" ]; then
echo DEBUG: SVN_PATH=$SVN_PATH/libsvn_client-1 echo DEBUG: SVN_PATH=$SVN_PATH/libsvn_client-1
echo DEBUG: APR_PATH=$APR_PATH/libapr echo DEBUG: APR_PATH=$APR_PATH/libapr
@ -506,7 +606,7 @@ if [ "X" = "X$SVN_PATH" -o "X" = "X$APR_PATH" ]; then
echo " ... NOT found, module svn disabled" echo " ... NOT found, module svn disabled"
fi fi
echo "Checking for firebird (libfbclient.so) ..." echo "Checking for firebird (libfbclient) ..."
for i in $LIBDIRS ; do for i in $LIBDIRS ; do
if [ "X" = "X$FIREBIRD_PATH" ]; then if [ "X" = "X$FIREBIRD_PATH" ]; then
if [ -f "$i/libfbclient.so" -o -f "$i/libfbclient.dylib" -o -f "$i/libfbclient.a" ]; then if [ -f "$i/libfbclient.so" -o -f "$i/libfbclient.dylib" -o -f "$i/libfbclient.a" ]; then
@ -531,6 +631,9 @@ for i in $INCDIRS ; do
if [ -f "$i/ibase.h" ]; then if [ -f "$i/ibase.h" ]; then
FIREBIRD_IPATH="$i" FIREBIRD_IPATH="$i"
fi fi
if [ -f "$i/firebird/ibase.h" ]; then
FIREBIRD_IPATH="$i/firebird"
fi
fi fi
done done
if [ "X" != "X$DEBUG" ]; then if [ "X" != "X$DEBUG" ]; then
@ -546,7 +649,7 @@ if [ "X" = "X$FIREBIRD_PATH" -o "X" = "X$FIREBIRD_IPATH" ]; then
FIREBIRD_IPATH="" FIREBIRD_IPATH=""
fi fi
echo "Checking for MYSQL client (libmysqlclient.so, math.h) ..." echo "Checking for MYSQL client (libmysqlclient/math.h) ..."
for i in $LIBDIRS ; do for i in $LIBDIRS ; do
if [ "X" = "X$MYSQL_PATH" ]; then if [ "X" = "X$MYSQL_PATH" ]; then
if [ -f "$i/libmysqlclient.so" -o -f "$i/libmysqlclient.dylib" -o -f "$i/libmysqlclient.a" ]; then if [ -f "$i/libmysqlclient.so" -o -f "$i/libmysqlclient.dylib" -o -f "$i/libmysqlclient.a" ]; then
@ -583,7 +686,7 @@ if [ "X" != "X$DEBUG" ]; then
echo DEBUG: MYSQL_IPATH=$MYSQL_IPATH/mysql.h echo DEBUG: MYSQL_IPATH=$MYSQL_IPATH/mysql.h
fi fi
MATH="" MATH=""
if [ -f "/usr/include/math.h" ]; then if [ -f "$SDK_PATH/usr/include/math.h" ]; then
MATH="-DHAVE_MATH_H" MATH="-DHAVE_MATH_H"
if [ -n "$MYSQL_PATH" -a -n "$MYSQL_IPATH" -a -n "$MATH" ]; then if [ -n "$MYSQL_PATH" -a -n "$MYSQL_IPATH" -a -n "$MATH" ]; then
echo " ... found" echo " ... found"
@ -595,7 +698,7 @@ if [ -f "/usr/include/math.h" ]; then
else else
echo " ... math.h not found, module Mysql disabled" echo " ... math.h not found, module Mysql disabled"
fi fi
echo "Checking for AFP (libafpclient.so) ..." echo "Checking for AFP (libafpclient) ..."
for i in $LIBDIRS ; do for i in $LIBDIRS ; do
if [ "X" = "X$AFP_PATH" ]; then if [ "X" = "X$AFP_PATH" ]; then
if [ -f "$i/libafpclient.so" -o -f "$i/libafpclient.so" -o -f "$i/libafpclient.a" ]; then if [ -f "$i/libafpclient.so" -o -f "$i/libafpclient.so" -o -f "$i/libafpclient.a" ]; then
@ -635,7 +738,7 @@ if [ "X" = "X$AFP_PATH" -o "X" = "X$AFP_IPATH" ]; then
AFP_IPATH="" AFP_IPATH=""
fi fi
echo "Checking for NCP (libncp.so / nwcalls.h) ..." echo "Checking for NCP (libncp/nwcalls.h) ..."
for i in $LIBDIRS ; do for i in $LIBDIRS ; do
if [ "X" = "X$NCP_PATH" ]; then if [ "X" = "X$NCP_PATH" ]; then
if [ -f "$i/libncp.so" -o -f "$i/libncp.dylib" -o -f "$i/libncp.a" ]; then if [ -f "$i/libncp.so" -o -f "$i/libncp.dylib" -o -f "$i/libncp.a" ]; then
@ -765,7 +868,7 @@ if [ "$SSH_IPATH" = "/usr/include" ]; then
SSH_IPATH="" SSH_IPATH=""
fi fi
echo "Checking for Oracle (libocci.so libclntsh.so / oci.h and libaio.so) ..." echo "Checking for Oracle (libocci/libclntsh/oci.h/libaio/liboci) ..."
#assume if we find oci.h other headers should also be in that dir #assume if we find oci.h other headers should also be in that dir
#for libs we will test the 2 #for libs we will test the 2
if [ "X" != "X$WORACLE_PATH" ]; then if [ "X" != "X$WORACLE_PATH" ]; then
@ -795,6 +898,11 @@ for i in $LIBDIRS ; do
ORACLE_PATH="$i" ORACLE_PATH="$i"
fi fi
fi fi
if [ "X" = "X$ORACLE_PATH" ]; then
if [ -f "$i/liboci.a" -a -f "$i/oci.dll" ]; then
ORACLE_PATH="$i"
fi
fi
if [ "X" = "X$ORACLE_PATH" ]; then if [ "X" = "X$ORACLE_PATH" ]; then
TMP_LIB=`/bin/ls $i/libocci.so.* 2> /dev/null | grep occi.` TMP_LIB=`/bin/ls $i/libocci.so.* 2> /dev/null | grep occi.`
if [ -n "$TMP_LIB" ]; then if [ -n "$TMP_LIB" ]; then
@ -808,23 +916,17 @@ for i in $LIBDIRS ; do
fi fi
fi fi
if [ "X" = "X$ORACLE_PATH" ]; then if [ "X" = "X$ORACLE_PATH" ]; then
TMP_LIB=`/bin/ls $i/libocci.dll* 2> /dev/null | grep occi.` TMP_LIB=`/bin/ls $i/oci.dll* 2> /dev/null | grep occi.`
if [ -n "$TMP_LIB" ]; then if [ -n "$TMP_LIB" ]; then
ORACLE_PATH="$i" ORACLE_PATH="$i"
fi fi
if [ "X" != "X$ORACLE_PATH" ]; then
TMP_LIB=`/bin/ls $i/libclntsh.dll* 2> /dev/null | grep clntsh.`
if [ -z "$TMP_LIB" ]; then
ORACLE_PATH=""
fi
fi
fi fi
done done
if [ "X" != "X$DEBUG" ]; then if [ "X" != "X$DEBUG" ]; then
echo DEBUG: ORACLE_PATH=$ORACLE_PATH/libocci echo DEBUG: ORACLE_PATH=$ORACLE_PATH/libocci
fi fi
#check for Kernel Asynchronous I/O (AIO) lib support #check for Kernel Asynchronous I/O (AIO) lib support, no need on Cygwin
if [ "X" != "X$ORACLE_PATH" ]; then if [ "X" != "X$ORACLE_PATH" -a "$SYSO" != "Cygwin" ]; then
LIBAIO="" LIBAIO=""
for i in $LIBDIRS ; do for i in $LIBDIRS ; do
if [ "X" = "X$LIBAIO" ]; then if [ "X" = "X$LIBAIO" ]; then
@ -852,11 +954,9 @@ if [ "X" != "X$DEBUG" ]; then
fi fi
for i in $INCDIRS ; do for i in $INCDIRS ; do
if [ "X" != "X$ORACLE_PATH" ]; then
if [ -f "$i/oci.h" ]; then if [ -f "$i/oci.h" ]; then
ORACLE_IPATH="$i" ORACLE_IPATH="$i"
fi fi
fi
done done
if [ "X" != "X$DEBUG" ]; then if [ "X" != "X$DEBUG" ]; then
echo DEBUG: ORACLE_IPATH=$ORACLE_IPATH/oci.h echo DEBUG: ORACLE_IPATH=$ORACLE_IPATH/oci.h
@ -871,12 +971,345 @@ if [ "X" = "X$ORACLE_PATH" -o "X" = "X$ORACLE_IPATH" ]; then
ORACLE_IPATH="" ORACLE_IPATH=""
fi fi
echo "Checking for Memcached (libmemcached/memcached.h) ..."
for i in $LIBDIRS ; do
if [ "X" = "X$MCACHED_PATH" ]; then
if [ -f "$i/libmemcached.so" -o -f "$i/libmemcached.dylib" -o -f "$i/libmemcached.a" ]; then
MCACHED_PATH="$i"
fi
fi
if [ "X" = "X$MCACHED_PATH" ]; then
TMP_LIB=`/bin/ls $i/libmemcached.so* 2> /dev/null | grep memcached`
if [ -n "$TMP_LIB" ]; then
MCACHED_PATH="$i"
fi
fi
if [ "X" = "X$MCACHED_PATH" ]; then
TMP_LIB=`/bin/ls $i/libmemcached.dll* 2> /dev/null | grep memcached`
if [ -n "$TMP_LIB" ]; then
MCACHED_PATH="$i"
fi
fi
done
MCACHED_IPATH=
for i in $INCDIRS ; do
if [ "X" = "X$MCACHED_IPATH" ]; then
if [ -f "$i/memcached.h" ]; then
MCACHED_IPATH="$i"
fi
if [ -f "$i/libmemcached/memcached.h" ]; then
MCACHED_IPATH="$i/libmemcached"
fi
if [ -f "$i/libmemcached-1.0/memcached.h" ]; then
MCACHED_IPATH="$i/libmemcached-1.0"
fi
fi
done
if [ "X" != "X$DEBUG" ]; then
echo DEBUG: MCACHED_PATH=$MCACHED_PATH/libmemcached
echo DEBUG: MCACHED_IPATH=$MCACHED_IPATH/memcached.h
fi
if [ -n "$MCACHED_PATH" -a -n "$MCACHED_IPATH" ]; then
echo " ... found"
fi
if [ "X" = "X$MCACHED_PATH" -o "X" = "X$MCACHED_IPATH" ]; then
echo " ... NOT found, module memcached disabled"
MCACHED_PATH=""
MCACHED_IPATH=""
fi
echo "Checking for Freerdp3 (libfreerdp3/freerdp.h/libwinpr3/winpr.h) ..."
for i in $LIBDIRS ; do
if [ "X" = "X$FREERDP3_PATH" ]; then
if [ -f "$i/libfreerdp3.so" -o -f "$i/libfreerdp3.dylib" -o -f "$i/libfreerdp3.a" -o -f "$i/libfreerdp3.dll.a" ]; then
FREERDP3_PATH="$i"
fi
fi
if [ "X" = "X$FREERDP3_PATH" ]; then
TMP_LIB=`/bin/ls $i/libfreerdp3*.so* 2> /dev/null | grep libfreerdp3`
if [ -n "$TMP_LIB" ]; then
FREERDP3_PATH="$i"
fi
fi
done
FREERDP3_IPATH=
for i in $INCDIRS ; do
if [ "X" = "X$FREERDP3_IPATH" ]; then
if [ -f "$i/freerdp/freerdp.h" ]; then
FREERDP3_IPATH="$i/freerdp3"
fi
if [ -f "$i/freerdp3/freerdp/freerdp.h" ]; then
FREERDP3_IPATH="$i/freerdp3"
fi
fi
done
for i in $LIBDIRS ; do
if [ "X" = "X$WINPR3_PATH" ]; then
if [ -f "$i/libwinpr3.so" -o -f "$i/libwinpr3.dylib" -o -f "$i/libwinpr3.a" ]; then
WINPR3_PATH="$i"
fi
fi
if [ "X" = "X$WINPR3_PATH" ]; then
TMP_LIB=`/bin/ls $i/libwinpr3.dll.a 2> /dev/null | grep winpr`
if [ -n "$TMP_LIB" ]; then
WINPR3_PATH="$i"
fi
fi
done
WINPR3_IPATH=
for i in $INCDIRS ; do
if [ "X" = "X$WINPR3_IPATH" ]; then
if [ -f "$i/winpr.h" ]; then
WINPR3_IPATH="$i"
fi
if [ -f "$i/winpr3/winpr/winpr.h" ]; then
WINPR3_IPATH="$i/winpr3"
fi
fi
done
if [ "X" != "X$DEBUG" ]; then
echo DEBUG: FREERDP3_PATH=$FREERDP3_PATH/
echo DEBUG: FREERDP3_IPATH=$FREERDP3_IPATH/
echo DEBUG: WINPR3_PATH=$WINPR3_PATH/
echo DEBUG: WINPR3_IPATH=$WINPR3_IPATH/
fi
if [ -n "$FREERDP3_PATH" -a -n "$FREERDP3_IPATH" -a -n "$WINPR3_PATH" -a -n "$WINPR3_IPATH" ]; then
echo " ... found"
fi
if [ "X" = "X$FREERDP3_PATH" -o "X" = "X$FREERDP3_IPATH" -o "X" = "X$WINPR3_PATH" -o "X" = "X$WINPR3_IPATH" ]; then
echo " ... NOT found, checking for freerdp2 module next..."
FREERDP3_PATH=""
FREERDP3_IPATH=""
WINPR3_PATH=""
WINPR3_IPATH=""
fi
if [ "X" = "X$FREERDP3_PATH" -o "X" = "X$FREERDP3_IPATH" -o "X" = "X$WINPR3_PATH" -o "X" = "X$WINPR3_IPATH" ]; then
echo "Checking for Freerdp2 (libfreerdp2/freerdp.h/libwinpr2/winpr.h) ..."
for i in $LIBDIRS ; do
if [ "X" = "X$FREERDP2_PATH" ]; then
if [ -f "$i/libfreerdp2.so" -o -f "$i/libfreerdp2.dylib" -o -f "$i/libfreerdp2.a" -o -f "$i/libfreerdp2.dll.a" ]; then
FREERDP2_PATH="$i"
fi
fi
if [ "X" = "X$FREERDP2_PATH" ]; then
TMP_LIB=`/bin/ls $i/libfreerdp2*.so* 2> /dev/null | grep libfreerdp2`
if [ -n "$TMP_LIB" ]; then
FREERDP2_PATH="$i"
fi
fi
done
FREERDP2_IPATH=
for i in $INCDIRS ; do
if [ "X" = "X$FREERDP2_IPATH" ]; then
if [ -f "$i/freerdp/freerdp.h" ]; then
FREERDP2_IPATH="$i/freerdp2"
fi
if [ -f "$i/freerdp2/freerdp/freerdp.h" ]; then
FREERDP2_IPATH="$i/freerdp2"
fi
fi
done
for i in $LIBDIRS ; do
if [ "X" = "X$WINPR2_PATH" ]; then
if [ -f "$i/libwinpr2.so" -o -f "$i/libwinpr2.dylib" -o -f "$i/libwinpr2.a" ]; then
WINPR2_PATH="$i"
fi
fi
if [ "X" = "X$WINPR2_PATH" ]; then
TMP_LIB=`/bin/ls $i/libwinpr2.dll.a 2> /dev/null | grep winpr`
if [ -n "$TMP_LIB" ]; then
WINPR2_PATH="$i"
fi
fi
done
WINPR2_IPATH=
for i in $INCDIRS ; do
if [ "X" = "X$WINPR2_IPATH" ]; then
if [ -f "$i/winpr.h" ]; then
WINPR2_IPATH="$i"
fi
if [ -f "$i/winpr2/winpr/winpr.h" ]; then
WINPR2_IPATH="$i/winpr2"
fi
fi
done
if [ "X" != "X$DEBUG" ]; then
echo DEBUG: FREERDP2_PATH=$FREERDP2_PATH/
echo DEBUG: FREERDP2_IPATH=$FREERDP2_IPATH/
echo DEBUG: WINPR2_PATH=$WINPR2_PATH/
echo DEBUG: WINPR2_IPATH=$WINPR2_IPATH/
fi
if [ -n "$FREERDP2_PATH" -a -n "$FREERDP2_IPATH" -a -n "$WINPR2_PATH" -a -n "$WINPR2_IPATH" ]; then
echo " ... found"
fi
if [ "X" = "X$FREERDP2_PATH" -o "X" = "X$FREERDP2_IPATH" -o "X" = "X$WINPR2_PATH" -o "X" = "X$WINPR2_IPATH" ]; then
echo " ... NOT found, module rdp disabled"
FREERDP2_PATH=""
FREERDP2_IPATH=""
WINPR2_PATH=""
WINPR2_IPATH=""
fi
fi
echo "Checking for Mongodb (libmongoc-1.0/mongoc.h/libbson-1.0/bson.h) ..."
for i in $LIBDIRS ; do
if [ "X" = "X$MONGODB_PATH" ]; then
if [ -f "$i/libmongoc-1.0.so" -o -f "$i/libmongoc-1.0.dylib" -o -f "$i/libmongoc-1.0.a" ]; then
MONGODB_PATH="$i"
fi
fi
if [ "X" = "X$MONGODB_PATH" ]; then
TMP_LIB=`/bin/ls $i/libmongoc-*.so* 2> /dev/null | grep mongoc`
if [ -n "$TMP_LIB" ]; then
MONGODB_PATH="$i"
fi
fi
if [ "X" = "X$MONGODB_PATH" ]; then
TMP_LIB=`/bin/ls $i/libmongoc.dll* 2> /dev/null | grep mongoc`
if [ -n "$TMP_LIB" ]; then
MONGODB_PATH="$i"
fi
fi
done
MONGODB_IPATH=
for i in $INCDIRS ; do
if [ "X" = "X$MONGODB_IPATH" ]; then
if [ -f "$i/mongoc.h" ]; then
MONGODB_IPATH="$i"
fi
if [ -f "$i/libmongoc/mongoc.h" ]; then
MONGODB_IPATH="$i/libmongoc"
fi
if [ -f "$i/libmongoc-1.0/mongoc.h" ]; then
MONGODB_IPATH="$i/libmongoc-1.0"
fi
fi
done
for i in $LIBDIRS ; do
if [ "X" = "X$BSON_PATH" ]; then
if [ -f "$i/libbson-1.0.so" -o -f "$i/libbson-1.0.dylib" -o -f "$i/libbson-1.0.a" ]; then
BSON_PATH="$i"
fi
fi
if [ "X" = "X$BSON_PATH" ]; then
TMP_LIB=`/bin/ls $i/libbson-*.so* 2> /dev/null | grep mongoc`
if [ -n "$TMP_LIB" ]; then
BSON_PATH="$i"
fi
fi
if [ "X" = "X$BSON_PATH" ]; then
TMP_LIB=`/bin/ls $i/libbson.dll* 2> /dev/null | grep mongoc`
if [ -n "$TMP_LIB" ]; then
BSON_PATH="$i"
fi
fi
done
BSON_IPATH=
for i in $INCDIRS ; do
if [ "X" = "X$BSON_IPATH" ]; then
if [ -f "$i/bson.h" ]; then
BSON_IPATH="$i"
fi
if [ -f "$i/libbson/bson.h" ]; then
BSON_IPATH="$i/libbson"
fi
if [ -f "$i/libbson-1.0/bson.h" ]; then
BSON_IPATH="$i/libbson-1.0"
fi
fi
done
if [ "X" != "X$DEBUG" ]; then
echo DEBUG: MONGODB_PATH=$MONGODB_PATH/libmongoc
echo DEBUG: MONGODB_IPATH=$MONGODB_IPATH/libmongoc.h
echo DEBUG: BSON_PATH=$BSON_PATH/libbson
echo DEBUG: BSON_IPATH=$BSON_IPATH/libbson.h
fi
if [ -n "$MONGODB_PATH" -a -n "$MONGODB_IPATH" -a -n "$BSON_PATH" -a -n "$BSON_IPATH" ]; then
echo " ... found"
fi
if [ "X" = "X$MONGODB_PATH" -o "X" = "X$MONGODB_IPATH" -o "X" = "X$BSON_PATH" -o "X" = "X$BSON_IPATH" ]; then
echo " ... NOT found, module mongodb disabled"
MONGODB_PATH=""
MONGODB_IPATH=""
BSON_PATH=""
BSON_IPATH=""
fi
echo "Checking for smbclient (libsmbclient/libsmbclient.h) ..."
for i in $LIBDIRS ; do
if [ "X" = "X$SMBC_PATH" ]; then
if [ -f "$i/libsmbclient.so" -o -f "$i/libsmbclient.dylib" -o -f "$i/libsmbclient.a" ]; then
SMBC_PATH="$i"
fi
fi
if [ "X" = "X$SMBC_PATH" ]; then
TMP_LIB=`/bin/ls $i/libsmbclient.so* 2> /dev/null | grep smbclient`
if [ -n "$TMP_LIB" ]; then
SMBC_PATH="$i"
fi
fi
if [ "X" = "X$SMBC_PATH" ]; then
TMP_LIB=`/bin/ls $i/libsmbclient.dll* 2> /dev/null | grep smbclient`
if [ -n "$TMP_LIB" ]; then
SMBC_PATH="$i"
fi
fi
done
SMBC_IPATH=
for i in $INCDIRS ; do
if [ "X" = "X$SMBC_IPATH" ]; then
if [ -f "$i/libsmbclient.h" ]; then
SMBC_IPATH="$i"
fi
if [ -f "$i/samba-4.0/libsmbclient.h" ]; then
SMBC_IPATH="$i/samba-4.0"
fi
fi
done
if [ "X" != "X$DEBUG" ]; then
echo DEBUG: SMBC_PATH=$SMBC_PATH/libsmbclient
echo DEBUG: SMBC_IPATH=$SMBC_IPATH/libsmbclient.h
fi
if [ -n "$SMBC_PATH" -a -n "$SMBC_IPATH" ]; then
echo " ... found"
fi
if [ "X" = "X$SMBC_PATH" -o "X" = "X$SMBC_IPATH" ]; then
echo " ... NOT found, module smb2 disabled"
SMBC_PATH=""
SMBC_IPATH=""
fi
if [ "X" = "X$XHYDRA_SUPPORT" ]; then if [ "X" = "X$XHYDRA_SUPPORT" ]; then
echo "Checking for GUI req's (pkg-config, gtk+-2.0) ..." echo "Checking for GUI req's (pkg-config/gtk+-2.0) ..."
XHYDRA_SUPPORT=`pkg-config --help > /dev/null 2>&1 || echo disabled` XHYDRA_SUPPORT=`$PKG_CONFIG --help > /dev/null 2>&1 || echo disabled`
if [ "X" = "X$XHYDRA_SUPPORT" ]; then if [ "X" = "X$XHYDRA_SUPPORT" ]; then
XHYDRA_SUPPORT=`pkg-config --modversion gtk+-2.0 2> /dev/null` XHYDRA_SUPPORT=`$PKG_CONFIG --modversion gtk+-2.0 2> /dev/null`
else else
XHYDRA_SUPPORT="" XHYDRA_SUPPORT=""
fi fi
@ -923,37 +1356,37 @@ fi
echo "Checking for Android specialities ..." echo "Checking for Android specialities ..."
TMPC=comptest$$ TMPC=comptest$$
RINDEX=" not" STRRCHR=" not"
echo '#include <stdio.h>' > $TMPC.c echo '#include <stdio.h>' > $TMPC.c
echo '#include <strings.h>' >> $TMPC.c echo '#include <strings.h>' >> $TMPC.c
echo "int main() { char *x = rindex(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c echo "int main() { char *x = strrchr(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c
gcc -o $TMPC $TMPC.c > /dev/null 2>&1 $CC -o $TMPC $TMPC.c > /dev/null 2>&1
test -x $TMPC && RINDEX="" test -x $TMPC && STRRCHR=""
rm -f $TMPC $TMPC.c rm -f $TMPC $TMPC.c
echo " ... rindex()$RINDEX found" echo " ... strrchr()$STRRCHR found"
if [ -n "$CRYPTO_PATH" ]; then if [ -n "$CRYPTO_PATH" ]; then
RSA=" not" RSA=" not"
echo '#include <stdio.h>' > $TMPC.c echo '#include <stdio.h>' > $TMPC.c
echo '#include <openssl/rsa.h>' >> $TMPC.c echo '#include <openssl/rsa.h>' >> $TMPC.c
echo "int main() { RSA *rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c echo "int main() { RSA *rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c
#echo "int main() { RSA *rsa; RSA_generate_key_ex(rsa, 1024, 0, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c #echo "int main() { RSA *rsa; RSA_generate_key_ex(rsa, 1024, 0, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c
gcc -o $TMPC $TMPC.c -lssl -lcrypto > /dev/null 2>&1 $CC -o $TMPC $TMPC.c -lssl -lcrypto > /dev/null 2>&1
test -x $TMPC && RSA="" test -x $TMPC && RSA=""
rm -f $TMPC $TMPC.c rm -f $TMPC $TMPC.c
echo " ... RSA_generate_key()$RSA found" echo " ... RSA_generate_key()$RSA found"
fi fi
echo "Checking for secure compile option support in gcc ..." echo "Checking for secure compile option support in $CC ..."
GCCSEC="no" GCCSEC="no"
LDSEC="no" LDSEC="no"
GCCSECOPT="-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2" GCCSECOPT="-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
echo '#include <stdio.h>' > $TMPC.c echo '#include <stdio.h>' > $TMPC.c
echo 'int main() { printf(""); return 0; }' >> $TMPC.c echo 'int main() { printf(""); return 0; }' >> $TMPC.c
gcc -pie -fPIE $GCCSEPOPT -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err $CC -pie -fPIE $GCCSEPOPT -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err
test -x $TMPC && GCCSEC="yes" test -x $TMPC && GCCSEC="yes"
grep -q fPI $TMPC.c.err || GCCSECOPT="-pie -fPIE $GCCSECOPT" grep -q fPI $TMPC.c.err || GCCSECOPT="-pie -fPIE $GCCSECOPT"
rm -f "$TMPC" rm -f "$TMPC"
gcc $GCCSECOPT -Wl,-z,now -Wl,-z,relro -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err $CC $GCCSECOPT -Wl,-z,now -Wl,-z,relro -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err
test -x $TMPC && { LDSEC="yes" ; GCCSECOPT="$GCCSECOPT -Wl,-z,now -Wl,-z,relro" ; } test -x $TMPC && { LDSEC="yes" ; GCCSECOPT="$GCCSECOPT -Wl,-z,now -Wl,-z,relro" ; }
rm -f $TMPC $TMPC.c $TMPC.c.err rm -f $TMPC $TMPC.c $TMPC.c.err
echo " Compiling... $GCCSEC" echo " Compiling... $GCCSEC"
@ -965,9 +1398,42 @@ XLIBS=""
XLIBPATHS="" XLIBPATHS=""
XIPATHS="" XIPATHS=""
if [ -n "$FIREBIRD_PATH" -o -n "$PCRE_PATH" -o -n "$IDN_PATH" -o -n "$SSL_PATH" -o -n "$CRYPTO_PATH" -o -n "$NSL_PATH" -o -n "$SOCKET_PATH" -o -n "$RESOLV_PATH" -o -n "$SAPR3_PATH" -o -n "$SSH_PATH" -o -n "$POSTGRES_PATH" -o -n "$SVN_PATH" -o -n "$NCP_PATH" -o -n "$CURSES_PATH" -o -n "$ORACLE_PATH" -o -n "$AFP_PATH" -o -n "$MYSQL_PATH" ]; then if [ -n "$FIREBIRD_PATH" -o \
-n "$PCRE_PATH" -o \
-n "$IDN_PATH" -o \
-n "$SSL_PATH" -o \
-n "$CRYPTO_PATH" -o \
-n "$NSL_PATH" -o \
-n "$SOCKET_PATH" -o \
-n "$RESOLV_PATH" -o \
-n "$SAPR3_PATH" -o \
-n "$SSH_PATH" -o \
-n "$POSTGRES_PATH" -o \
-n "$SVN_PATH" -o \
-n "$NCP_PATH" -o \
-n "$CURSES_PATH" -o \
-n "$ORACLE_PATH" -o \
-n "$AFP_PATH" -o \
-n "$MYSQL_PATH" -o \
-n "$MCACHED_PATH" -o \
-n "$MONGOD_PATH" -o \
-n "$FREERDP2_PATH" -o \
-n "$WINPR2_PATH" -o \
-n "$FREERDP3_PATH" -o \
-n "$WINPR3_PATH" -o \
-n "$SMBC_PATH" \
]; then
if [ "$SYSS" = "Darwin" -a ! -d "/lib" ]; then
#for libraries installed with MacPorts
if [ -d "/opt/local/lib" ]; then
XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/opt/local/lib"
else
XLIBPATHS="-L/usr/lib -L/usr/local/lib"
fi
else
XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/lib" XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/lib"
fi fi
fi
if [ -n "$MYSQL_IPATH" ]; then if [ -n "$MYSQL_IPATH" ]; then
XIPATHS="$XIPATHS -I$MYSQL_IPATH" XIPATHS="$XIPATHS -I$MYSQL_IPATH"
if [ -n "$MYSQLINSUBDIR" ]; then if [ -n "$MYSQLINSUBDIR" ]; then
@ -1017,14 +1483,70 @@ fi
if [ -n "$SSH_PATH" ]; then if [ -n "$SSH_PATH" ]; then
XDEFINES="$XDEFINES -DLIBSSH" XDEFINES="$XDEFINES -DLIBSSH"
fi fi
if [ -n "$RINDEX" ]; then if [ -n "$STRRCHR" ]; then
XDEFINES="$XDEFINES -DNO_RINDEX" XDEFINES="$XDEFINES -DNO_STRRCHR"
fi fi
if [ -n "$RSA" ]; then if [ -n "$RSA" ]; then
XDEFINES="$XDEFINES -DNO_RSA_LEGACY" XDEFINES="$XDEFINES -DNO_RSA_LEGACY"
fi fi
if [ -n "$HAVE_ZLIB" ]; then
XDEFINES="$XDEFINES -DHAVE_ZLIB"
fi
if [ -n "$HAVE_GCRYPT" ]; then
XDEFINES="$XDEFINES -DHAVE_GCRYPT"
fi
if [ -n "$MCACHED_PATH" ]; then
XDEFINES="$XDEFINES -DLIBMCACHED"
fi
if [ -n "$MONGODB_PATH" ]; then
XDEFINES="$XDEFINES -DLIBMONGODB"
fi
if [ -n "$BSON_PATH" ]; then
XDEFINES="$XDEFINES -DLIBBSON"
fi
if [ -n "$FREERDP2_PATH" ]; then
XDEFINES="$XDEFINES -DLIBFREERDP"
fi
if [ -n "$WINPR2_PATH" ]; then
XDEFINES="$XDEFINES -DLIBWINPR2"
fi
if [ -n "$FREERDP3_PATH" ]; then
XDEFINES="$XDEFINES -DLIBFREERDP"
fi
if [ -n "$WINPR3_PATH" ]; then
XDEFINES="$XDEFINES -DLIBWINPR3"
fi
if [ -n "$SMBC_PATH" ]; then
XDEFINES="$XDEFINES -DLIBSMBCLIENT"
fi
OLDPATH="" OLDPATH=""
for i in $SSL_PATH $FIREBIRD_PATH $WORACLE_LIB_PATH $PCRE_PATH $IDN_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH $NCP_PATH $CURSES_PATH $ORACLE_PATH $AFP_PATH $MYSQL_PATH; do for i in $SSL_PATH \
$FIREBIRD_PATH \
$WORACLE_LIB_PATH \
$PCRE_PATH \
$IDN_PATH \
$CRYPTO_PATH \
$SSH_PATH \
$NSL_PATH \
$SOCKET_PATH \
$RESOLV_PATH \
$SAPR3_PATH \
$POSTGRES_PATH \
$SVN_PATH \
$NCP_PATH \
$CURSES_PATH \
$ORACLE_PATH \
$AFP_PATH \
$MYSQL_PATH \
$MCACHED_PATH \
$MONGODB_PATH \
$BSON_PATH \
$FREERDP2_PATH \
$WINPR2_PATH \
$FREERDP3_PATH \
$WINPR3_PATH \
$SMBC_PATH; do
if [ "$OLDPATH" = "$i" ]; then if [ "$OLDPATH" = "$i" ]; then
OLDPATH="$i" OLDPATH="$i"
else else
@ -1077,6 +1599,27 @@ fi
if [ -n "$ORACLE_IPATH" ]; then if [ -n "$ORACLE_IPATH" ]; then
XIPATHS="$XIPATHS -I$ORACLE_IPATH" XIPATHS="$XIPATHS -I$ORACLE_IPATH"
fi fi
if [ -n "$MCACHED_IPATH" ]; then
XIPATHS="$XIPATHS -I$MCACHED_IPATH"
fi
if [ -n "$MONGODB_IPATH" ]; then
XIPATHS="$XIPATHS -I$MONGODB_IPATH -I$BSON_IPATH"
fi
if [ -n "$FREERDP2_IPATH" ]; then
XIPATHS="$XIPATHS -I$FREERDP2_IPATH -I$WINPR2_IPATH"
fi
if [ -n "$FREERDP3_IPATH" ]; then
XIPATHS="$XIPATHS -I$FREERDP3_IPATH -I$WINPR3_IPATH"
fi
if [ -n "$SMBC_IPATH" ]; then
XIPATHS="$XIPATHS -I$SMBC_IPATH"
fi
if [ -n "$HAVE_GCRYPT" ]; then
XLIBS="$XLIBS -lgcrypt"
fi
if [ -n "$HAVE_ZLIB" ]; then
XLIBS="$XLIBS -lz"
fi
if [ -n "$CURSES_PATH" ]; then if [ -n "$CURSES_PATH" ]; then
XLIBS="$XLIBS -lcurses" XLIBS="$XLIBS -lcurses"
fi fi
@ -1086,9 +1629,12 @@ fi
if [ -n "$NCP_PATH" ]; then if [ -n "$NCP_PATH" ]; then
XLIBS="$XLIBS -lncp" XLIBS="$XLIBS -lncp"
fi fi
if [ -n "$ORACLE_PATH" ]; then if [ -n "$ORACLE_PATH" -a "$SYSO" != "Cygwin" ]; then
XLIBS="$XLIBS -locci -lclntsh" XLIBS="$XLIBS -locci -lclntsh"
fi fi
if [ -n "$ORACLE_PATH" -a "$SYSO" = "Cygwin" ]; then
XLIBS="$XLIBS -loci"
fi
if [ -n "$FIREBIRD_PATH" ]; then if [ -n "$FIREBIRD_PATH" ]; then
XLIBS="$XLIBS -lfbclient" XLIBS="$XLIBS -lfbclient"
fi fi
@ -1134,7 +1680,30 @@ fi
if [ -n "$RESOLV_PATH" ]; then if [ -n "$RESOLV_PATH" ]; then
XLIBS="$XLIBS -lresolv" XLIBS="$XLIBS -lresolv"
fi fi
if [ -n "$MCACHED_PATH" ]; then
XLIBS="$XLIBS -lmemcached"
fi
if [ -n "$MONGODB_PATH" ]; then
XLIBS="$XLIBS -lmongoc-1.0"
fi
if [ -n "$BSON_PATH" ]; then
XLIBS="$XLIBS -lbson-1.0"
fi
if [ -n "$FREERDP2_PATH" ]; then
XLIBS="$XLIBS -lfreerdp2"
fi
if [ -n "$WINPR2_PATH" ]; then
XLIBS="$XLIBS -lwinpr2"
fi
if [ -n "$FREERDP3_PATH" ]; then
XLIBS="$XLIBS -lfreerdp3"
fi
if [ -n "$WINPR3_PATH" ]; then
XLIBS="$XLIBS -lwinpr3"
fi
if [ -n "$SMBC_PATH" ]; then
XLIBS="$XLIBS -lsmbclient"
fi
if [ -d /usr/kerberos/include ]; then if [ -d /usr/kerberos/include ]; then
XIPATHS="$XIPATHS -I/usr/kerberos/include" XIPATHS="$XIPATHS -I/usr/kerberos/include"
fi fi
@ -1149,12 +1718,19 @@ else
XHYDRA_SUPPORT="xhydra" XHYDRA_SUPPORT="xhydra"
fi fi
if [ "X" != "X$FHS" ]; then
PREFIX=/usr
echo "Hydra will be installed into .../bin of: $PREFIX"
echo " (according to the File System Hierarchy Standard)"
echo
else
echo "Hydra will be installed into .../bin of: $PREFIX" echo "Hydra will be installed into .../bin of: $PREFIX"
echo " (change this by running ./configure --prefix=path)" echo " (change this by running ./configure --prefix=path)"
echo echo
fi
if [ "X" != "X$DEBUG" ]; then if [ "X" != "X$DEBUG" ]; then
echo DEBUG: XDEFINES=$XDEFINES $MATH echo DEBUG: XDEFINES=$XDEFINES $MATH $SYS_PARAM
echo DEBUG: XLIBS=$XLIBS echo DEBUG: XLIBS=$XLIBS
echo DEBUG: XLIBPATHS=$XLIBPATHS echo DEBUG: XLIBPATHS=$XLIBPATHS
echo DEBUG: XIPATHS=$XIPATHS echo DEBUG: XIPATHS=$XIPATHS
@ -1163,8 +1739,16 @@ if [ "X" != "X$DEBUG" ]; then
echo DEBUG: STRIP=$STRIP echo DEBUG: STRIP=$STRIP
fi fi
if [ "$SYSS" = "SunOS" ]; then
XLIBS="$XLIBS -lrt"
fi
echo "Writing Makefile.in ..." echo "Writing Makefile.in ..."
echo "XDEFINES=$XDEFINES $MATH" >> Makefile.in if [ "X" != "X$FHS" ]; then
echo "MANDIR = /share/man/man1" >> Makefile.in
echo "DATADIR = /share/hydra" >> Makefile.in
fi
echo "XDEFINES=$XDEFINES $MATH $SYS_PARAM" >> Makefile.in
echo "XLIBS=$XLIBS" >> Makefile.in echo "XLIBS=$XLIBS" >> Makefile.in
echo "XLIBPATHS=$XLIBPATHS" >> Makefile.in echo "XLIBPATHS=$XLIBPATHS" >> Makefile.in
echo "XIPATHS=$XIPATHS" >> Makefile.in echo "XIPATHS=$XIPATHS" >> Makefile.in
@ -1179,9 +1763,9 @@ cat Makefile.in >> Makefile
# ignore errors if this uname call fails # ignore errors if this uname call fails
### Current Cygwin is up to speed :-) ### Current Cygwin is up to speed :-)
WINDRES="" WINDRES=""
if [ "$SYSO" = "Cygwin" ]; then if [ "$SYSO" = "Cygwin" -o "$SYSO" = "Msys" ]; then
echo echo
echo "Cygwin detected, if compilation fails just update your installation." echo "Cygwin/MSYS2 detected, if compilation fails just update your installation."
echo echo
WINDRES=`which windres` WINDRES=`which windres`
test -x "$WINDRES" && { test -x "$WINDRES" && {
@ -1202,7 +1786,7 @@ if [ "x$WINDRES" = "x" ]; then
echo HYDRA_LOGO= >> Makefile echo HYDRA_LOGO= >> Makefile
echo PWI_LOGO= >> Makefile echo PWI_LOGO= >> Makefile
fi fi
if [ "$GCCSEC" = "yes" ]; then if [ "$GCCSEC" = "yes" -a "$SYSS" != "SunOS" -a "$SYSS" != "Darwin" ]; then
echo "SEC=$GCCSECOPT" >> Makefile echo "SEC=$GCCSECOPT" >> Makefile
else else
echo "SEC=" >> Makefile echo "SEC=" >> Makefile

68
crc32.c
View file

@ -1,4 +1,3 @@
/*- /*-
* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or
* code or tables extracted from it, as desired without restriction. * code or tables extracted from it, as desired without restriction.
@ -42,56 +41,27 @@
*/ */
#include <sys/types.h> #include <sys/types.h>
#ifdef __sun
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#else
#include <stdint.h>
#endif
unsigned int crc32_tab[] = { uint32_t crc32_tab[] = {0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 0x3c03e4d1,
0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934,
0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5, 0xaa0a4c5f,
0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe,
0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe,
0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d};
0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
};
unsigned int crc32(const void *buf, unsigned int size) { #ifndef HAVE_ZLIB
uint32_t crc32(const void *buf, uint32_t size) {
const unsigned char *p; const unsigned char *p;
unsigned int crc; uint32_t crc;
p = buf; p = buf;
crc = ~0U; crc = ~0U;
@ -101,3 +71,5 @@ unsigned int crc32(const void *buf, unsigned int size) {
return crc ^ ~0U; return crc ^ ~0U;
} }
#endif

4
crc32.h
View file

@ -3,6 +3,8 @@
#include <sys/types.h> #include <sys/types.h>
unsigned int crc32(const void *buf, unsigned int size); #ifndef HAVE_ZLIB
uint32_t crc32(const void *buf, uint32_t size);
#endif
#endif #endif

218
d3des.c
View file

@ -1,4 +1,3 @@
/* 2001 van Hauser for Hydra: commented out KnR Kn3 and Df_Key to remove /* 2001 van Hauser for Hydra: commented out KnR Kn3 and Df_Key to remove
compiler warnings for unused definitions. compiler warnings for unused definitions.
*/ */
@ -49,44 +48,23 @@ static unsigned long KnL[32] = { 0L };
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 };
*/ */
static unsigned short bytebit[8] = { static unsigned short bytebit[8] = {01, 02, 04, 010, 020, 040, 0100, 0200};
01, 02, 04, 010, 020, 040, 0100, 0200
};
static unsigned long bigbyte[24] = { static unsigned long bigbyte[24] = {0x800000L, 0x400000L, 0x200000L, 0x100000L, 0x80000L, 0x40000L, 0x20000L, 0x10000L, 0x8000L, 0x4000L, 0x2000L, 0x1000L, 0x800L, 0x400L, 0x200L, 0x100L, 0x80L, 0x40L, 0x20L, 0x10L, 0x8L, 0x4L, 0x2L, 0x1L};
0x800000L, 0x400000L, 0x200000L, 0x100000L,
0x80000L, 0x40000L, 0x20000L, 0x10000L,
0x8000L, 0x4000L, 0x2000L, 0x1000L,
0x800L, 0x400L, 0x200L, 0x100L,
0x80L, 0x40L, 0x20L, 0x10L,
0x8L, 0x4L, 0x2L, 0x1L
};
/* Use the key schedule specified in the Standard (ANSI X3.92-1981). */ /* Use the key schedule specified in the Standard (ANSI X3.92-1981). */
static unsigned char pc1[56] = { static unsigned char pc1[56] = {56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3};
56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17,
9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35,
62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21,
13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3
};
static unsigned char totrot[16] = { static unsigned char totrot[16] = {1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28};
1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28
};
static unsigned char pc2[48] = { static unsigned char pc2[48] = {13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31};
13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9,
22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1,
40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47,
43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31
};
void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */
unsigned char *key; unsigned char *key;
int edf; int32_t edf;
{ {
register int i, j, l, m, n; register int32_t i, j, l, m, n;
unsigned char pc1m[56], pcr[56]; unsigned char pc1m[56], pcr[56];
unsigned long kn[32]; unsigned long kn[32];
@ -127,12 +105,11 @@ void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */
return; return;
} }
static void cookey(raw1) static void cookey(raw1) register unsigned long *raw1;
register unsigned long *raw1;
{ {
register unsigned long *cook, *raw0; register unsigned long *cook, *raw0;
unsigned long dough[32]; unsigned long dough[32];
register int i; register int32_t i;
cook = dough; cook = dough;
for (i = 0; i < 16; i++, raw1++) { for (i = 0; i < 16; i++, raw1++) {
@ -150,8 +127,7 @@ static void cookey(raw1)
return; return;
} }
void cpkey(into) void cpkey(into) register unsigned long *into;
register unsigned long *into;
{ {
register unsigned long *from, *endp; register unsigned long *from, *endp;
@ -161,8 +137,7 @@ void cpkey(into)
return; return;
} }
void usekey(from) void usekey(from) register unsigned long *from;
register unsigned long *from;
{ {
register unsigned long *to, *endp; register unsigned long *to, *endp;
@ -181,8 +156,7 @@ void des(unsigned char *inblock, unsigned char *outblock) {
return; return;
} }
static void scrunch(outof, into) static void scrunch(outof, into) register unsigned char *outof;
register unsigned char *outof;
register unsigned long *into; register unsigned long *into;
{ {
*into = (*outof++ & 0xffL) << 24; *into = (*outof++ & 0xffL) << 24;
@ -196,8 +170,7 @@ static void scrunch(outof, into)
return; return;
} }
static void unscrun(outof, into) static void unscrun(outof, into) register unsigned long *outof;
register unsigned long *outof;
register unsigned char *into; register unsigned char *into;
{ {
*into++ = (*outof >> 24) & 0xffL; *into++ = (*outof >> 24) & 0xffL;
@ -211,163 +184,34 @@ static void unscrun(outof, into)
return; return;
} }
static unsigned long SP1[64] = { static unsigned long SP1[64] = {0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L,
0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L};
0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L,
0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L,
0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L,
0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L,
0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L,
0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L,
0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L,
0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L,
0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L,
0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L,
0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L,
0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L,
0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L,
0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L,
0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L
};
static unsigned long SP2[64] = { static unsigned long SP2[64] = {0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L,
0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L};
0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L,
0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L,
0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L,
0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L,
0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L,
0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L,
0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L,
0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L,
0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L,
0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L,
0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L,
0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L,
0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L,
0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L,
0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L
};
static unsigned long SP3[64] = { static unsigned long SP3[64] = {0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L,
0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L};
0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L,
0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L,
0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L,
0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L,
0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L,
0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L,
0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L,
0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L,
0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L,
0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L,
0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L,
0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L,
0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L,
0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L,
0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L
};
static unsigned long SP4[64] = { static unsigned long SP4[64] = {0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L,
0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L};
0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L,
0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L,
0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L,
0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L,
0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L,
0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L,
0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L,
0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L,
0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L,
0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L,
0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L,
0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L,
0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L,
0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L
};
static unsigned long SP5[64] = { static unsigned long SP5[64] = {0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L,
0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L};
0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L,
0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L,
0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L,
0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L,
0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L,
0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L,
0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L,
0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L,
0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L,
0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L,
0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L,
0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L,
0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L,
0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L,
0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L
};
static unsigned long SP6[64] = { static unsigned long SP6[64] = {0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L,
0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L};
0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L,
0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L,
0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L,
0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L,
0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L,
0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L,
0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L,
0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L,
0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L,
0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L,
0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L,
0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L,
0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L,
0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L,
0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L
};
static unsigned long SP7[64] = { static unsigned long SP7[64] = {0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L,
0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L};
0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L,
0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L,
0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L,
0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L,
0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L,
0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L,
0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L,
0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L,
0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L,
0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L,
0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L,
0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L,
0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L,
0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L,
0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L
};
static unsigned long SP8[64] = { static unsigned long SP8[64] = {0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L,
0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L};
0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L,
0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L,
0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L,
0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L,
0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L,
0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L,
0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L,
0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L,
0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L,
0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L,
0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L,
0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L,
0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L,
0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L,
0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L
};
static void desfunc(block, keys) static void desfunc(block, keys) register unsigned long *block, *keys;
register unsigned long *block, *keys;
{ {
register unsigned long fval, work, right, leftt; register unsigned long fval, work, right, leftt;
register int round; register int32_t round;
leftt = block[0]; leftt = block[0];
right = block[1]; right = block[1];

9
d3des.h
View file

@ -1,3 +1,10 @@
#ifdef __sun
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#else
#include <stdint.h>
#endif
/* /*
* This is D3DES (V5.09) by Richard Outerbridge with the double and * This is D3DES (V5.09) by Richard Outerbridge with the double and
@ -23,7 +30,7 @@
#define EN0 0 /* MODE == encrypt */ #define EN0 0 /* MODE == encrypt */
#define DE1 1 /* MODE == decrypt */ #define DE1 1 /* MODE == decrypt */
extern void deskey(unsigned char *, int); extern void deskey(unsigned char *, int32_t);
/* hexkey[8] MODE /* hexkey[8] MODE
* Sets the internal key register according to the hexadecimal * Sets the internal key register according to the hexadecimal

15
dpl4hydra.sh
View file

@ -64,7 +64,7 @@ refresh ()
echo "done." echo "done."
echo echo
cat $INDEXSITE | grep td | awk -F"\"" '{ print $8 }' | grep http > $SUBSITES cat $INDEXSITE | grep -i 'href=./passwd-' | sed 's/.*href=.\/passwd-/\/passwd-/' | sed 's/".*//' > $SUBSITES
rm $INDEXSITE rm $INDEXSITE
if [ -r $FULLFILE ]; then if [ -r $FULLFILE ]; then
@ -74,14 +74,13 @@ refresh ()
fi fi
for SUBSITE in `cat $SUBSITES`; do for SUBSITE in `cat $SUBSITES`; do
VENDOR=`echo $SUBSITE | awk -F"-" '{ print $3 }' | sed 's/.htm//'` VENDOR=`echo $SUBSITE | sed 's/\.htm*//' | sed 's/.*-//'`
echo "Downloading default passwords for ${VENDOR} ... " | tr -d "\n" echo "Downloading default passwords for ${VENDOR} ... " | tr -d "\n"
$FETCH $SUBSITE | grep -i tr | grep -i td | grep -i celltext | sed 's/<[^>]*>/,/g' | sed 's/,,*/,/g' | sed 's/^,//g' | tr -d "\r" >dpl4hydra_${VENDOR}.tmp || { echo "not found - skipping... " | tr -d "\n" ; } $FETCH "${SITE}${SUBSITE}" | tr -d '\n\r' | sed 's/<tr/\n/gi' | sed 's/<\/tr/\n/gi' | \
grep -iw celltext | sed 's/.*celltext">/,/i' | sed 's/<\/td>/,/g' | sed 's/<[a-z =/":;-]*>//gi' | \
sed 's/[\t ]*,[\t ]*/,/g' | sed 's/&[a-z]*;//gi' | sed 's/(unknown)//gi' | sed 's/(none)//gi' | sed 's/,unknown,/,,/gi' | sed 's/,none,/,,/gi' > dpl4hydra_${VENDOR}.tmp
while read SYSTEM; do cat dpl4hydra_${VENDOR}.tmp | awk -F, '{print"'$VENDOR',"$2","$3","$4","$5","$6","$7","$8","$9}' >> $FULLFILE
echo "${VENDOR}," | tr -d "\n" >> $FULLFILE
echo "$SYSTEM" >> $FULLFILE
done < dpl4hydra_${VENDOR}.tmp
rm dpl4hydra_${VENDOR}.tmp rm dpl4hydra_${VENDOR}.tmp
echo "done." echo "done."
@ -163,7 +162,7 @@ LOCALFILE="$DPLPATH/dpl4hydra_local.csv"
INDEXSITE="$DPLPATH/dpl4hydra_index.tmp" INDEXSITE="$DPLPATH/dpl4hydra_index.tmp"
SUBSITES="$DPLPATH/dpl4hydra_subs.tmp" SUBSITES="$DPLPATH/dpl4hydra_subs.tmp"
CLEANFILE="$DPLPATH/dpl4hydra_clean.tmp" CLEANFILE="$DPLPATH/dpl4hydra_clean.tmp"
SITE="http://open-sez.me/passwd.htm" SITE="http://open-sez.me"
case $# in case $# in
0) usage 0) usage

6053
dpl4hydra_full.csv Executable file → Normal file
View file

File diff suppressed because it is too large Load diff

6053
dpl4hydra_local.csv Executable file → Normal file
View file

File diff suppressed because it is too large Load diff

30
hmacmd5.c
View file

@ -17,7 +17,16 @@
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Foundation, Inc.
Free Software Foundation
51 Franklin Street, Fifth Floor
Boston, MA 02110-1335
USA
Telephone: +1-617-542-5942
Fax: +1-617-542-2652
General email: info@fsf.org
*/ */
/* taken direct from rfc2104 implementation and modified for suitable use /* taken direct from rfc2104 implementation and modified for suitable use
@ -25,8 +34,8 @@
*/ */
#ifdef LIBOPENSSL #ifdef LIBOPENSSL
#include <string.h>
#include "hmacmd5.h" #include "hmacmd5.h"
#include <string.h>
#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
@ -34,8 +43,8 @@
the rfc 2104 version of hmac_md5 initialisation. the rfc 2104 version of hmac_md5 initialisation.
***********************************************************************/ ***********************************************************************/
void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context * ctx) { void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx) {
int i; int32_t i;
unsigned char tk[16]; unsigned char tk[16];
/* if key is longer than 64 bytes reset it to key=MD5(key) */ /* if key is longer than 64 bytes reset it to key=MD5(key) */
@ -70,8 +79,8 @@ void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context
the microsoft version of hmac_md5 initialisation. the microsoft version of hmac_md5 initialisation.
***********************************************************************/ ***********************************************************************/
void hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, HMACMD5Context * ctx) { void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx) {
int i; int32_t i;
/* if key is longer than 64 bytes truncate it */ /* if key is longer than 64 bytes truncate it */
if (key_len > 64) { if (key_len > 64) {
@ -98,15 +107,12 @@ void hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, HMACMD5Cont
update hmac_md5 "inner" buffer update hmac_md5 "inner" buffer
***********************************************************************/ ***********************************************************************/
void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context * ctx) { void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context *ctx) { MD5_Update(&ctx->ctx, (void *)text, text_len); /* then text of datagram */ }
MD5_Update(&ctx->ctx, (void *) text, text_len); /* then text of datagram */
}
/*********************************************************************** /***********************************************************************
finish off hmac_md5 "inner" buffer and generate outer one. finish off hmac_md5 "inner" buffer and generate outer one.
***********************************************************************/ ***********************************************************************/
void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx) void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx) {
{
MD5_CTX ctx_o; MD5_CTX ctx_o;
MD5_Final(digest, &ctx->ctx); MD5_Final(digest, &ctx->ctx);
@ -122,7 +128,7 @@ void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx)
use the microsoft hmacmd5 init method because the key is 16 bytes. use the microsoft hmacmd5 init method because the key is 16 bytes.
************************************************************/ ************************************************************/
void hmac_md5(unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest) { void hmac_md5(unsigned char key[16], unsigned char *data, int32_t data_len, unsigned char *digest) {
HMACMD5Context ctx; HMACMD5Context ctx;
hmac_md5_init_limK_to_64(key, 16, &ctx); hmac_md5_init_limK_to_64(key, 16, &ctx);

30
hmacmd5.h
View file

@ -16,9 +16,26 @@
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Foundation, Inc.
Free Software Foundation
51 Franklin Street, Fifth Floor
Boston, MA 02110-1335
USA
Telephone: +1-617-542-5942
Fax: +1-617-542-2652
General email: info@fsf.org
*/ */
#ifdef __sun
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#else
#include <stdint.h>
#endif
#include <openssl/md5.h> #include <openssl/md5.h>
#ifndef _HMAC_MD5_H #ifndef _HMAC_MD5_H
@ -30,11 +47,8 @@ typedef struct {
#endif /* _HMAC_MD5_H */ #endif /* _HMAC_MD5_H */
void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx);
void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context *ctx); void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx);
void hmac_md5_init_limK_to_64(const unsigned char* key, int key_len,HMACMD5Context *ctx); void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context *ctx);
void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context *ctx);
void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx); void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx);
void hmac_md5( unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest); void hmac_md5(unsigned char key[16], unsigned char *data, int32_t data_len, unsigned char *digest);

118
hydra-adam6500.c Normal file
View file

@ -0,0 +1,118 @@
#ifdef PALM
#include "palm/hydra-mod.h"
#else
#include "hydra-mod.h"
#endif
extern char *HYDRA_EXIT;
unsigned char adam6500_req1[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x01, 0x10, 0x27, 0x0f, 0x00, 0x08, 0x10, 0x24, 0x30, 0x31, 0x50, 0x57, 0x30, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x0d, 0x00};
unsigned char adam6500_resp1[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x10, 0x27, 0x0f, 0x00, 0x08};
unsigned char adam6500_req2[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x03, 0x27, 0x0f, 0x00, 0x7d};
unsigned char adam6500_resp2[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0xfd, 0x01, 0x03, 0xfa, 0x3f, 0x30, 0x31, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *pass;
unsigned char buffer[300];
int32_t i;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
memcpy(buffer, adam6500_req1, sizeof(adam6500_req1));
for (i = 0; i < 8 && i < strlen(pass); i++)
buffer[19 + i] = pass[i] ^ 0x3f;
if (hydra_send(s, buffer, sizeof(adam6500_req1), 0) < 0)
return 1;
if (recv(s, buffer, sizeof(buffer), 0) == 12 && memcmp(buffer, adam6500_resp1, sizeof(adam6500_resp1)) == 0) {
if (hydra_send(s, adam6500_req2, sizeof(adam6500_req2), 0) < 0)
return 1;
if (recv(s, buffer, sizeof(buffer), 0) == 259 && memcmp(buffer, adam6500_resp2, sizeof(adam6500_resp2)) == 0) {
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
}
hydra_report_found_host(port, ip, "adam6500", fp);
hydra_completed_pair_found();
return 1;
}
void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_ADAM6500, mysslport = PORT_ADAM6500_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_adam6500(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
#ifdef PALM
return;
#else
hydra_child_exit(2);
#endif
}
run = next_run;
}
}
int32_t service_adam6500_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

35
hydra-afp.c
View file

@ -1,4 +1,3 @@
/* /*
* Apple Filing Protocol Support - by David Maciejak @ GMAIL dot com * Apple Filing Protocol Support - by David Maciejak @ GMAIL dot com
* *
@ -10,9 +9,7 @@
#include "hydra-mod.h" #include "hydra-mod.h"
#ifndef LIBAFP #ifndef LIBAFP
void dummy_afp() { void dummy_afp() { printf("\n"); }
printf("\n");
}
#else #else
#define FREE(x) \ #define FREE(x) \
@ -21,13 +18,13 @@ void dummy_afp() {
x = NULL; \ x = NULL; \
} }
#include <stdio.h>
#include <afpfs-ng/afp.h> #include <afpfs-ng/afp.h>
#include <afpfs-ng/libafpclient.h> #include <afpfs-ng/libafpclient.h>
#include <stdio.h>
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
void stdout_fct(void *priv, enum loglevels loglevel, int logtype, const char *message) { void stdout_fct(void *priv, enum loglevels loglevel, int32_t logtype, const char *message) {
// fprintf(stderr, "[ERROR] Caught unknown error %s\n", message); // fprintf(stderr, "[ERROR] Caught unknown error %s\n", message);
} }
@ -39,7 +36,7 @@ static struct libafpclient afpclient = {
.loop_started = NULL, .loop_started = NULL,
}; };
static int server_subconnect(struct afp_url url) { static int32_t server_subconnect(struct afp_url url) {
struct afp_connection_request *conn_req; struct afp_connection_request *conn_req;
struct afp_server *server = NULL; struct afp_server *server = NULL;
@ -51,11 +48,12 @@ static int server_subconnect(struct afp_url url) {
conn_req->url = url; conn_req->url = url;
conn_req->url.requested_version = 31; conn_req->url.requested_version = 31;
//fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n", url.username, url.password, url.servername); // fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n",
// url.username, url.password, url.servername);
if (strlen(url.uamname) > 0) { if (strlen(url.uamname) > 0) {
if ((conn_req->uam_mask = find_uam_by_name(url.uamname)) == 0) { if ((conn_req->uam_mask = find_uam_by_name(url.uamname)) == 0) {
fprintf(stderr, "[ERROR] Unknown UAM: %s", url.uamname); fprintf(stderr, "[ERROR] Unknown UAM: %s\n", url.uamname);
FREE(conn_req); FREE(conn_req);
FREE(server); FREE(server);
return -1; return -1;
@ -70,7 +68,8 @@ static int server_subconnect(struct afp_url url) {
// FREE(server); // FREE(server);
return -1; return -1;
} }
//fprintf(stderr, "Connected to server: %s via UAM: %s\n", server->server_name_printable, uam_bitmap_to_string(server->using_uam)); // fprintf(stderr, "Connected to server: %s via UAM: %s\n",
// server->server_name_printable, uam_bitmap_to_string(server->using_uam));
FREE(conn_req); FREE(conn_req);
FREE(server); FREE(server);
@ -78,7 +77,7 @@ static int server_subconnect(struct afp_url url) {
return 0; return 0;
} }
int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "";
char *login, *pass, mlogin[AFP_MAX_USERNAME_LEN], mpass[AFP_MAX_PASSWORD_LEN]; char *login, *pass, mlogin[AFP_MAX_USERNAME_LEN], mpass[AFP_MAX_PASSWORD_LEN];
struct afp_url tmpurl; struct afp_url tmpurl;
@ -89,7 +88,6 @@ int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, F
init_uams(); init_uams();
afp_default_url(&tmpurl); afp_default_url(&tmpurl);
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
if (strlen(pass = hydra_get_next_password()) == 0) if (strlen(pass = hydra_get_next_password()) == 0)
@ -111,7 +109,6 @@ int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 3; return 3;
return 2; return 2;
} else { } else {
hydra_completed_pair(); hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2; return 2;
@ -119,16 +116,15 @@ int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 1; return 1;
} }
void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_AFP; int32_t myport = PORT_AFP;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return; return;
while (1) { while (1) {
switch (run) { switch (run) {
case 1: /* connect and service init function */ case 1: /* connect and service init function */
if (sock >= 0) if (sock >= 0)
@ -140,7 +136,8 @@ void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
port = myport; port = myport;
} }
if (sock < 0) { if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
@ -173,7 +170,7 @@ void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
#endif #endif
int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_afp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.

28
hydra-asterisk.c
View file

@ -6,12 +6,11 @@
#include "hydra-mod.h" #include "hydra-mod.h"
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf; char *buf;
int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "\"\""; char *empty = "\"\"";
char *login, *pass, buffer[1024]; char *login, *pass, buffer[1024];
@ -41,7 +40,10 @@ int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscp
hydra_report(stderr, "[DEBUG] S: %s\n", buf); hydra_report(stderr, "[DEBUG] S: %s\n", buf);
if (buf == NULL || (strstr(buf, "Response: ") == NULL)) { if (buf == NULL || (strstr(buf, "Response: ") == NULL)) {
hydra_report(stderr, "[ERROR] Asterisk Call Manager protocol error or service shutdown: %s\n", buf); hydra_report(stderr,
"[ERROR] Asterisk Call Manager protocol error or service "
"shutdown: %s\n",
buf);
free(buf); free(buf);
return 4; return 4;
} }
@ -62,9 +64,9 @@ int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscp
return 2; return 2;
} }
void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_ASTERISK, mysslport = PORT_ASTERISK_SSL; int32_t myport = PORT_ASTERISK, mysslport = PORT_ASTERISK_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -74,7 +76,7 @@ void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FI
case 1: /* connect and service init function */ case 1: /* connect and service init function */
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(300000); // usleepn(300);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -83,13 +85,13 @@ void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FI
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
if (verbose || debug) if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
buf = hydra_receive_line(sock); buf = hydra_receive_line(sock);
@ -100,7 +102,10 @@ void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FI
if (buf == NULL || strstr(buf, "Asterisk Call Manager/") == NULL) { if (buf == NULL || strstr(buf, "Asterisk Call Manager/") == NULL) {
/* check the first line */ /* check the first line */
if (verbose || debug) if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an Asterisk Call Manager protocol or service shutdown: %s\n", buf); hydra_report(stderr,
"[ERROR] Not an Asterisk Call Manager protocol or "
"service shutdown: %s\n",
buf);
hydra_child_exit(2); hydra_child_exit(2);
} }
free(buf); free(buf);
@ -114,6 +119,7 @@ void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FI
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
hydra_child_exit(0); hydra_child_exit(0);
break;
default: default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2); hydra_child_exit(2);
@ -122,7 +128,7 @@ void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FI
} }
} }
int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_asterisk_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.

62
hydra-cisco-enable.c
View file

@ -3,7 +3,7 @@
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf; char *buf;
int start_cisco_enable(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "";
char *pass, buffer[300]; char *pass, buffer[300];
@ -42,8 +42,7 @@ int start_cisco_enable(int s, char *ip, int port, unsigned char options, char *m
} }
} }
if (buf != NULL if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) {
&& (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) {
free(buf); free(buf);
hydra_completed_pair(); hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -58,9 +57,9 @@ int start_cisco_enable(int s, char *ip, int port, unsigned char options, char *m
return 3; return 3;
} }
void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1;
int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL;
char buffer[300]; char buffer[300];
char *login; char *login;
@ -74,7 +73,7 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
{ {
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(275000); // usleepn(275);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -83,11 +82,12 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
@ -101,7 +101,8 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
sprintf(buffer, "%.250s\r\n", login); sprintf(buffer, "%.250s\r\n", login);
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t)getpid());
hydra_child_exit(2); hydra_child_exit(2);
} }
} }
@ -117,7 +118,8 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
sprintf(buffer, "%.250s\r\n", miscptr); sprintf(buffer, "%.250s\r\n", miscptr);
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t)getpid());
hydra_child_exit(2); hydra_child_exit(2);
} }
} }
@ -132,7 +134,11 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
} }
if (strstr(buf, "assw") != NULL) { if (strstr(buf, "assw") != NULL) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int) getpid()); if (quiet != 1)
fprintf(stderr,
"[ERROR] Child with pid %d terminating - can not login, can "
"not login\n",
(int32_t)getpid());
hydra_child_exit(2); hydra_child_exit(2);
} }
free(buf); free(buf);
@ -143,11 +149,12 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
case 2: /* run the cracking function */ case 2: /* run the cracking function */
{ {
unsigned char *buf2; unsigned char *buf2;
int f = 0; int32_t f = 0;
sprintf(buffer, "%.250s\r\n", "ena"); sprintf(buffer, "%.250s\r\n", "ena");
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int32_t)getpid());
hydra_child_exit(2); hydra_child_exit(2);
} }
@ -160,11 +167,15 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
if (failc < retry) { if (failc < retry) {
next_run = 1; next_run = 1;
failc++; failc++;
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); if (quiet != 1)
fprintf(stderr,
"[ERROR] Child with pid %d was disconnected - retrying "
"(%d of %d retries)\n",
(int32_t)getpid(), failc, retry);
sleep(3); sleep(3);
break; break;
} else { } else {
fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid()); fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t)getpid());
hydra_child_exit(0); hydra_child_exit(0);
} }
} }
@ -180,7 +191,8 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
case 3: /* clean exit */ case 3: /* clean exit */
sprintf(buffer, "%.250s\r\n", "exit"); sprintf(buffer, "%.250s\r\n", "exit");
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int32_t)getpid());
hydra_child_exit(0); hydra_child_exit(0);
} }
if (sock >= 0) if (sock >= 0)
@ -196,7 +208,7 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
} }
} }
int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -209,3 +221,17 @@ int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *mis
return 0; return 0;
} }
void usage_cisco_enable(const char *service) {
printf("Module cisco-enable is optionally taking the logon password for the "
"cisco device\n"
"Note: if AAA authentication is used, use the -l option for the "
"username\n"
"and the optional parameter for the password of the user.\n"
"Examples:\n"
" hydra -P pass.txt target cisco-enable (direct console access)\n"
" hydra -P pass.txt -m cisco target cisco-enable (Logon password "
"cisco)\n"
" hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login "
"foo, password bar)\n");
}

43
hydra-cisco.c
View file

@ -7,7 +7,7 @@
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf = NULL; char *buf = NULL;
int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "";
char *pass, buffer[300]; char *pass, buffer[300];
@ -95,7 +95,6 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr,
} }
} while (buf != NULL && strlen(buf) <= 1); } while (buf != NULL && strlen(buf) <= 1);
} }
} }
if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "ailur") != NULL)) { if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "ailur") != NULL)) {
@ -115,9 +114,9 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1; return 1;
} }
void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1;
int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -127,12 +126,12 @@ void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE
switch (run) { switch (run) {
case 1: /* connect and service init function */ case 1: /* connect and service init function */
{ {
unsigned char *buf2; unsigned char *buf2 = NULL;
int f = 0; int32_t f = 0;
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(275000); // usleepn(275);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -143,33 +142,39 @@ void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
do { do {
if (f != 0) if (f != 0) {
free(buf2); free(buf2);
else buf2 = NULL;
} else
f = 1; f = 1;
if ((buf2 = (unsigned char *)hydra_receive_line(sock)) == NULL) { if ((buf2 = (unsigned char *)hydra_receive_line(sock)) == NULL) {
if (failc < retry) { if (failc < retry) {
next_run = 1; next_run = 1;
failc++; failc++;
if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); if (quiet != 1)
hydra_report(stderr,
"[ERROR] Child with pid %d was disconnected - "
"retrying (%d of %d retries)\n",
(int32_t)getpid(), failc, retry);
sleep(3); sleep(3);
break; break;
} else { } else {
if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid()); if (quiet != 1)
hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t)getpid());
hydra_child_exit(0); hydra_child_exit(0);
} }
} }
if (buf2 != NULL && hydra_strcasestr((char *)buf2, "ress ENTER") != NULL) if (buf2 != NULL && hydra_strcasestr((char *)buf2, "ress ENTER") != NULL)
hydra_send(sock, "\r\n", 2, 0); hydra_send(sock, "\r\n", 2, 0);
} while (strstr((char *) buf2, "assw") == NULL); } while (buf2 != NULL && strstr((char *)buf2, "assw") == NULL);
free(buf2); free(buf2);
if (next_run != 0) if (next_run != 0)
break; break;
@ -198,7 +203,7 @@ void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE
} }
} }
int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -211,3 +216,9 @@ int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, F
return 0; return 0;
} }
void usage_cisco(const char *service) {
printf("Module cisco is optionally taking the keyword ENTER, it then sends "
"an initial\n"
"ENTER when connecting to the service.\n");
}

35
hydra-cvs.c
View file

@ -1,14 +1,14 @@
#include "hydra-mod.h" #include "hydra-mod.h"
extern int hydra_data_ready_timed(int socket, long sec, long usec); extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf; char *buf;
int start_cvs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_cvs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "";
char *login, *pass, buffer[1024], pass2[513]; char *login, *pass, buffer[1024], pass2[513];
int i; int32_t i;
char *directory = miscptr; char *directory = miscptr;
/* evil cvs encryption sheme... /* evil cvs encryption sheme...
@ -30,13 +30,7 @@ int start_cvs(int s, char *ip, int port, unsigned char options, char *miscptr, F
/ 87 ? 105 O 35 _ 56 o 48 / 87 ? 105 O 35 _ 56 o 48
*/ */
char key[] = { 0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87, char key[] = {0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87, 111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105, 0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35, 125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56, 0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48, 58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62};
111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105,
0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35,
125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56,
0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48,
58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62
};
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
@ -69,7 +63,7 @@ int start_cvs(int s, char *ip, int port, unsigned char options, char *miscptr, F
} }
} else if (strstr(buf, "no such user") || strstr(buf, "E PAM start error: Critical error - immediate abort\n")) { } else if (strstr(buf, "no such user") || strstr(buf, "E PAM start error: Critical error - immediate abort\n")) {
if (verbose) { if (verbose) {
hydra_report(stderr, "[VERBOSE] User %s does not exist\n", login); hydra_report(stderr, "[INFO] User %s does not exist, skipping\n", login);
} }
hydra_completed_pair_skip(); hydra_completed_pair_skip();
free(buf); free(buf);
@ -85,9 +79,9 @@ int start_cvs(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 3; return 3;
} }
void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_CVS, mysslport = PORT_CVS_SSL; int32_t myport = PORT_CVS, mysslport = PORT_CVS_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
@ -104,7 +98,7 @@ void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE *
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(300000); // usleepn(300);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -113,12 +107,12 @@ void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
next_run = start_cvs(sock, ip, port, options, miscptr, fp); next_run = start_cvs(sock, ip, port, options, miscptr, fp);
@ -136,7 +130,7 @@ void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} }
} }
int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -149,3 +143,8 @@ int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FIL
return 0; return 0;
} }
void usage_cvs(const char *service) {
printf("Module cvs is optionally taking the repository name to attack, "
"default is \"/root\"\n\n");
}

29
hydra-firebird.c
View file

@ -1,4 +1,3 @@
/* /*
Firebird Support - by David Maciejak @ GMAIL dot com Firebird Support - by David Maciejak @ GMAIL dot com
@ -15,19 +14,17 @@ the msg: "no permission for direct access to security database"
#include "hydra-mod.h" #include "hydra-mod.h"
#ifndef LIBFIREBIRD #ifndef LIBFIREBIRD
void dummy_firebird() { void dummy_firebird() { printf("\n"); }
printf("\n");
}
#else #else
#include <stdio.h>
#include <ibase.h> #include <ibase.h>
#include <stdio.h>
#define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb" #define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb"
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
int start_firebird(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "";
char *login, *pass; char *login, *pass;
char database[256]; char database[256];
@ -87,16 +84,15 @@ int start_firebird(int s, char *ip, int port, unsigned char options, char *miscp
return 1; return 1;
} }
void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL; int32_t myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return; return;
while (1) { while (1) {
switch (run) { switch (run) {
case 1: /* connect and service init function */ case 1: /* connect and service init function */
if (sock >= 0) if (sock >= 0)
@ -109,11 +105,12 @@ void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FI
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
@ -146,7 +143,7 @@ void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FI
#endif #endif
int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -159,3 +156,9 @@ int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr
return 0; return 0;
} }
void usage_firebird(const char *service) {
printf("Module firebird is optionally taking the database path to attack,\n"
"default is \"C:\\Program "
"Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n");
}

35
hydra-ftp.c
View file

@ -3,7 +3,7 @@
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf; char *buf;
int start_ftp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "\"\""; char *empty = "\"\"";
char *login, *pass, buffer[510]; char *login, *pass, buffer[510];
@ -20,8 +20,11 @@ int start_ftp(int s, char *ip, int port, unsigned char options, char *miscptr, F
buf = hydra_receive_line(s); buf = hydra_receive_line(s);
if (buf == NULL) if (buf == NULL)
return 1; return 1;
/* special hack to identify 530 user unknown msg. suggested by Jean-Baptiste.BEAUFRETON@turbomeca.fr */ /* special hack to identify 530 user unknown msg. suggested by
* Jean-Baptiste.BEAUFRETON@turbomeca.fr */
if (buf[0] == '5' && buf[1] == '3' && buf[2] == '0') { if (buf[0] == '5' && buf[1] == '3' && buf[2] == '0') {
if (verbose)
printf("[INFO] user %s does not exist, skipping\n", login);
hydra_completed_pair_skip(); hydra_completed_pair_skip();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 4; return 4;
@ -72,9 +75,9 @@ int start_ftp(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 2; return 2;
} }
void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, int tls) { void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, int32_t tls) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_FTP, mysslport = PORT_FTP_SSL; int32_t myport = PORT_FTP, mysslport = PORT_FTP_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -84,7 +87,7 @@ void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FI
case 1: /* connect and service init function */ case 1: /* connect and service init function */
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(300000); // usleepn(300);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -93,15 +96,15 @@ void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FI
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
if (verbose || debug) if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
usleep(250); usleepn(250);
buf = hydra_receive_line(sock); buf = hydra_receive_line(sock);
if (buf == NULL || buf[0] != '2') { /* check the first line */ if (buf == NULL || buf[0] != '2') { /* check the first line */
if (verbose || debug) if (verbose || debug)
@ -130,7 +133,7 @@ void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FI
hydra_child_exit(2); hydra_child_exit(2);
} }
if (buf[0] == '2') { if (buf[0] == '2') {
if ((hydra_connect_to_ssl(sock) == -1) && verbose) { if ((hydra_connect_to_ssl(sock, hostname) == -1) && verbose) {
hydra_report(stderr, "[ERROR] Can't use TLS\n"); hydra_report(stderr, "[ERROR] Can't use TLS\n");
hydra_child_exit(2); hydra_child_exit(2);
} else { } else {
@ -153,10 +156,12 @@ void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FI
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
hydra_child_exit(2); hydra_child_exit(2);
break;
case 4: /* clean exit */ case 4: /* clean exit */
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
hydra_child_exit(0); hydra_child_exit(0);
break;
default: default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2); hydra_child_exit(2);
@ -165,15 +170,11 @@ void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FI
} }
} }
void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 0); }
service_ftp_core(ip, sp, options, miscptr, fp, port, 0);
}
void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 1); }
service_ftp_core(ip, sp, options, miscptr, fp, port, 1);
}
int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.

0
hydra-gtk/AUTHORS Executable file → Normal file
View file

0
hydra-gtk/COPYING Executable file → Normal file
View file

0
hydra-gtk/ChangeLog Executable file → Normal file
View file

0
hydra-gtk/INSTALL Executable file → Normal file
View file

0
hydra-gtk/Makefile.am Executable file → Normal file
View file

5
hydra-gtk/Makefile.in Executable file → Normal file
View file

@ -61,8 +61,9 @@ CC = @CC@
MAINT = @MAINT@ MAINT = @MAINT@
MAKEINFO = @MAKEINFO@ MAKEINFO = @MAKEINFO@
PACKAGE = @PACKAGE@ PACKAGE = @PACKAGE@
PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ -fcommon -Wl,--allow-multiple-definition
PACKAGE_LIBS = @PACKAGE_LIBS@ PACKAGE_LDFLAGS = -fcommon -Wl,--allow-multiple-definition
PACKAGE_LIBS = -fcommon -Wl,--allow-multiple-definition @PACKAGE_LIBS@
PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG = @PKG_CONFIG@
VERSION = @VERSION@ VERSION = @VERSION@

0
hydra-gtk/NEWS Executable file → Normal file
View file

0
hydra-gtk/README Executable file → Normal file
View file

0
hydra-gtk/acconfig.h Executable file → Normal file
View file

0
hydra-gtk/aclocal.m4 vendored Executable file → Normal file
View file

0
hydra-gtk/config.h Executable file → Normal file
View file

0
hydra-gtk/config.h.in Executable file → Normal file
View file

8
hydra-gtk/configure vendored
View file

@ -2233,15 +2233,15 @@ if test "$ac_test_CFLAGS" = set; then
CFLAGS=$ac_save_CFLAGS CFLAGS=$ac_save_CFLAGS
elif test $ac_cv_prog_cc_g = yes; then elif test $ac_cv_prog_cc_g = yes; then
if test "$GCC" = yes; then if test "$GCC" = yes; then
CFLAGS="-g -O2" CFLAGS="-g -O2 -fcommon -Wl,--allow-multiple-definition"
else else
CFLAGS="-g" CFLAGS="-g -fcommon -Wl,--allow-multiple-definition"
fi fi
else else
if test "$GCC" = yes; then if test "$GCC" = yes; then
CFLAGS="-O2" CFLAGS="-O2 -fcommon -Wl,--allow-multiple-definition"
else else
CFLAGS= CFLAGS="-fcommon -Wl,--allow-multiple-definition"
fi fi
fi fi
echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5

2
hydra-gtk/make_xhydra.sh
View file

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/opt/gnome/lib/pkgconfig PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/opt/gnome/lib/pkgconfig
export PKG_CONFIG_PATH export PKG_CONFIG_PATH
echo "Trying to compile xhydra now (hydra gtk gui) - dont worry if this fails, this is really optional ..." echo "Trying to compile xhydra now (hydra gtk gui) - don't worry if this fails, this is really optional ..."
./configure > /dev/null 2> errors ./configure > /dev/null 2> errors
test -e Makefile || { test -e Makefile || {
echo "Error: configure wasnt happy. Analyse this:" echo "Error: configure wasnt happy. Analyse this:"

0
hydra-gtk/missing Executable file → Normal file
View file

0
hydra-gtk/mkinstalldirs Executable file → Normal file
View file

0
hydra-gtk/src/Makefile.am Executable file → Normal file
View file

4
hydra-gtk/src/Makefile.in Executable file → Normal file
View file

@ -61,8 +61,8 @@ CC = @CC@
MAINT = @MAINT@ MAINT = @MAINT@
MAKEINFO = @MAKEINFO@ MAKEINFO = @MAKEINFO@
PACKAGE = @PACKAGE@ PACKAGE = @PACKAGE@
PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ -fcommon -Wl,--allow-multiple-definition
PACKAGE_LIBS = @PACKAGE_LIBS@ PACKAGE_LIBS = -fcommon -Wl,--allow-multiple-definition @PACKAGE_LIBS@
PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG = @PKG_CONFIG@
VERSION = @VERSION@ VERSION = @VERSION@

93
hydra-gtk/src/callbacks.c Executable file → Normal file
View file

@ -15,30 +15,27 @@
#include "interface.h" #include "interface.h"
#include "support.h" #include "support.h"
#include <sys/types.h> #include <sys/stat.h>
#include <sys/wait.h>
#include <sys/time.h> #include <sys/time.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/wait.h>
#include <fcntl.h>
#include <signal.h> #include <signal.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h> #include <string.h>
#include <unistd.h>
int hydra_pid = 0; int hydra_pid = 0;
char port[10]; char port[10];
char tasks[10]; char tasks[10];
char timeout[10]; char timeout[10];
char smbparm[12]; char smbparm[128];
char snmpparm[4];
char sapr3id[4]; char sapr3id[4];
char passLoginNull[4]; char passLoginNull[4];
#define BUF_S 1024 #define BUF_S 1024
void hydra_select_file(GtkEntry *widget, char *text) { void hydra_select_file(GtkEntry *widget, char *text) {
@ -46,8 +43,7 @@ void hydra_select_file(GtkEntry * widget, char *text) {
GtkWidget *dialog; GtkWidget *dialog;
char *filename; char *filename;
dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_OPEN, dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *)wndMain, GTK_FILE_CHOOSER_ACTION_OPEN, GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);
GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);
if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) { if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) {
filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog)); filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog));
@ -90,6 +86,12 @@ int hydra_get_options(char *options[]) {
options[i++] = "-S"; options[i++] = "-S";
} }
/* use old SSL? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkOldSSL");
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-O";
}
/* be verbose? */ /* be verbose? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkVerbose"); widget = lookup_widget(GTK_WIDGET(wndMain), "chkVerbose");
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
@ -269,7 +271,7 @@ int hydra_get_options(char *options[]) {
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
} else if (!strcmp(tmp, "smb")) { } else if (!strcmp(tmp, "smb")) {
memset(smbparm, 0, 12); memset(smbparm, 0, sizeof(smbparm));
widget = lookup_widget(GTK_WIDGET(wndMain), "chkDomain"); widget = lookup_widget(GTK_WIDGET(wndMain), "chkDomain");
widget2 = lookup_widget(GTK_WIDGET(wndMain), "chkLocal"); widget2 = lookup_widget(GTK_WIDGET(wndMain), "chkLocal");
@ -295,7 +297,18 @@ int hydra_get_options(char *options[]) {
strcat(smbparm, "Hash"); strcat(smbparm, "Hash");
} }
options[i++] = smbparm; options[i++] = smbparm;
} else if (!strcmp(tmp, "smb2")) {
memset(smbparm, 0, sizeof(smbparm));
options[i++] = "-m";
options[i++] = smbparm;
widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM");
int pth = gtk_toggle_button_get_active((GtkToggleButton *)widget);
widget = lookup_widget(GTK_WIDGET(wndMain), "entSMB2Workgroup");
snprintf(smbparm, sizeof(smbparm) - 1, "nthash:%s workgroup:{%s}", pth ? "true" : "false", (char *)gtk_entry_get_text((GtkEntry *)widget));
} else if (!strcmp(tmp, "sapr3")) { } else if (!strcmp(tmp, "sapr3")) {
widget = lookup_widget(GTK_WIDGET(wndMain), "spnSAPR3"); widget = lookup_widget(GTK_WIDGET(wndMain), "spnSAPR3");
j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget); j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget);
@ -309,23 +322,10 @@ int hydra_get_options(char *options[]) {
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
} else if (!strcmp(tmp, "snmp")) { } else if (!strcmp(tmp, "snmp")) {
memset(snmpparm, 0, 4); widget = lookup_widget(GTK_WIDGET(wndMain), "entSNMP");
widget = lookup_widget(GTK_WIDGET(wndMain), "radioSNMPVer1");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
snmpparm[0] = '1';
} else {
snmpparm[0] = '2';
}
widget = lookup_widget(GTK_WIDGET(wndMain), "radioSNMPWrite");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
snmpparm[0] = 'w';
} else {
snmpparm[0] = 'r';
}
options[i++] = "-m"; options[i++] = "-m";
options[i++] = snmpparm; options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
} else if (!strcmp(tmp, "telnet")) { } else if (!strcmp(tmp, "telnet")) {
widget = lookup_widget(GTK_WIDGET(wndMain), "entTelnet"); widget = lookup_widget(GTK_WIDGET(wndMain), "entTelnet");
if ((char *)gtk_entry_get_text((GtkEntry *)widget) != NULL) { if ((char *)gtk_entry_get_text((GtkEntry *)widget) != NULL) {
@ -343,7 +343,6 @@ int hydra_get_options(char *options[]) {
widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy"); widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy");
if (!gtk_toggle_button_get_active((GtkToggleButton *)widget)) { if (!gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
widget2 = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxy"); widget2 = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxy");
widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy2"); widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy2");
@ -397,7 +396,6 @@ int update_statusbar() {
i = hydra_get_options(options); i = hydra_get_options(options);
for (j = 1; j < i; j++) { for (j = 1; j < i; j++) {
statustext = g_string_append(statustext, options[j]); statustext = g_string_append(statustext, options[j]);
statustext = g_string_append_c(statustext, ' '); statustext = g_string_append_c(statustext, ' ');
} }
@ -440,7 +438,6 @@ int read_into(int fd) {
gtk_text_buffer_get_iter_at_offset(outputbuf, &outputiter, -1); gtk_text_buffer_get_iter_at_offset(outputbuf, &outputiter, -1);
if ((passline = strstr(in_buf, "password: ")) == NULL) { if ((passline = strstr(in_buf, "password: ")) == NULL) {
gtk_text_buffer_insert(outputbuf, &outputiter, in_buf, result); gtk_text_buffer_insert(outputbuf, &outputiter, in_buf, result);
} else { } else {
@ -458,10 +455,8 @@ int read_into(int fd) {
if (end - in_buf - result > 0) { if (end - in_buf - result > 0) {
gtk_text_buffer_insert(outputbuf, &outputiter, end + 1, -1); gtk_text_buffer_insert(outputbuf, &outputiter, end + 1, -1);
} }
} }
if (strstr(in_buf, " finished at ") != NULL) { if (strstr(in_buf, " finished at ") != NULL) {
gtk_text_buffer_insert_with_tags_by_name(outputbuf, &outputiter, "<finished>\n\n", -1, "bold", NULL); gtk_text_buffer_insert_with_tags_by_name(outputbuf, &outputiter, "<finished>\n\n", -1, "bold", NULL);
} }
@ -523,7 +518,6 @@ static int wait_hydra_output(gpointer data) {
return TRUE; return TRUE;
} }
/* assumes a successfull pipe() won't set the fd's to -1 */ /* assumes a successfull pipe() won't set the fd's to -1 */
static void close_pipe(int *pipe) { static void close_pipe(int *pipe) {
if (-1 != pipe[0]) { if (-1 != pipe[0]) {
@ -543,11 +537,11 @@ static void close_pipe(int *pipe) {
*/ */
int *popen_re_unbuffered(char *command) { int *popen_re_unbuffered(char *command) {
static int p_r[2] = { -1, -1 }, p_e[2] = { static int p_r[2] = {-1, -1}, p_e[2] = {-1, -1};
-1, -1};
static int *pfd = NULL; static int *pfd = NULL;
char *options[128]; char *options[128];
hydra_pid = 0; hydra_pid = 0;
update_statusbar(); update_statusbar();
@ -570,6 +564,7 @@ int *popen_re_unbuffered(char *command) {
return NULL; return NULL;
} else if (hydra_pid == 0) { /* child */ } else if (hydra_pid == 0) { /* child */
int k; int k;
if (setpgid(getpid(), getpid()) < 0) if (setpgid(getpid(), getpid()) < 0)
g_warning("popen_rw_unbuffered: setpgid() failed"); g_warning("popen_rw_unbuffered: setpgid() failed");
if (close(p_r[0]) < 0) if (close(p_r[0]) < 0)
@ -611,21 +606,15 @@ int *popen_re_unbuffered(char *command) {
return pfd; return pfd;
} }
void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data) { void on_quit1_activate(GtkMenuItem *menuitem, gpointer user_data) { gtk_main_quit(); }
gtk_main_quit();
}
void on_about1_activate(GtkMenuItem *menuitem, gpointer user_data) {}
void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data) {
}
void on_btnStart_clicked(GtkButton *button, gpointer user_data) { void on_btnStart_clicked(GtkButton *button, gpointer user_data) {
int *fd = NULL; int *fd = NULL;
fd = popen_re_unbuffered(NULL); fd = popen_re_unbuffered(NULL);
g_timeout_add(200, wait_hydra_output, fd); g_timeout_add(200, wait_hydra_output, fd);
} }
void on_btnStop_clicked(GtkButton *button, gpointer user_data) { void on_btnStop_clicked(GtkButton *button, gpointer user_data) {
@ -635,7 +624,6 @@ void on_btnStop_clicked(GtkButton * button, gpointer user_data) {
} }
} }
void on_wndMain_destroy(GtkObject *object, gpointer user_data) { void on_wndMain_destroy(GtkObject *object, gpointer user_data) {
if (hydra_pid != 0) { if (hydra_pid != 0) {
kill(hydra_pid, SIGTERM); kill(hydra_pid, SIGTERM);
@ -644,22 +632,18 @@ void on_wndMain_destroy(GtkObject * object, gpointer user_data) {
gtk_main_quit(); gtk_main_quit();
} }
gboolean on_entTargetFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) { gboolean on_entTargetFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) {
hydra_select_file((GtkEntry *)widget, "Select target list"); hydra_select_file((GtkEntry *)widget, "Select target list");
gtk_widget_grab_focus(widget); gtk_widget_grab_focus(widget);
return TRUE; return TRUE;
} }
gboolean on_entUsernameFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) { gboolean on_entUsernameFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) {
hydra_select_file((GtkEntry *)widget, "Select username list"); hydra_select_file((GtkEntry *)widget, "Select username list");
gtk_widget_grab_focus(widget); gtk_widget_grab_focus(widget);
return TRUE; return TRUE;
} }
gboolean on_entPassFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) { gboolean on_entPassFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) {
hydra_select_file((GtkEntry *)widget, "Select password list"); hydra_select_file((GtkEntry *)widget, "Select password list");
gtk_widget_grab_focus(widget); gtk_widget_grab_focus(widget);
@ -683,8 +667,7 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) {
GtkTextIter start; GtkTextIter start;
GtkTextIter end; GtkTextIter end;
dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_SAVE, dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *)wndMain, GTK_FILE_CHOOSER_ACTION_SAVE, GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);
GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);
if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) { if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) {
filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog)); filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog));
@ -696,7 +679,7 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) {
text = gtk_text_buffer_get_text(outputbuf, &start, &end, TRUE); text = gtk_text_buffer_get_text(outputbuf, &start, &end, TRUE);
fd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, 0644); fd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, 0644);
if (fd > 0) { if (fd >= 0) {
write(fd, text, strlen(text)); write(fd, text, strlen(text));
close(fd); close(fd);
} }
@ -709,7 +692,9 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) {
void on_chkColon_toggled(GtkToggleButton *togglebutton, gpointer user_data) { void on_chkColon_toggled(GtkToggleButton *togglebutton, gpointer user_data) {
GtkWidget *user, *pass; GtkWidget *user, *pass;
user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername");;
user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername");
;
pass = lookup_widget(GTK_WIDGET(wndMain), "frmPass"); pass = lookup_widget(GTK_WIDGET(wndMain), "frmPass");
if (gtk_toggle_button_get_active(togglebutton)) { if (gtk_toggle_button_get_active(togglebutton)) {
@ -723,7 +708,9 @@ void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) {
void on_chkDisUser_toggled(GtkToggleButton *togglebutton, gpointer user_data) { void on_chkDisUser_toggled(GtkToggleButton *togglebutton, gpointer user_data) {
GtkWidget *radioUsername1, *radioUsername2, *entUsername, *entUsernameFile; GtkWidget *radioUsername1, *radioUsername2, *entUsername, *entUsernameFile;
radioUsername1 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1");;
radioUsername1 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1");
;
radioUsername2 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername2"); radioUsername2 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername2");
entUsername = lookup_widget(GTK_WIDGET(wndMain), "entUsername"); entUsername = lookup_widget(GTK_WIDGET(wndMain), "entUsername");
entUsernameFile = lookup_widget(GTK_WIDGET(wndMain), "entUsernameFile"); entUsernameFile = lookup_widget(GTK_WIDGET(wndMain), "entUsernameFile");

0
hydra-gtk/src/callbacks.h Executable file → Normal file
View file

142
hydra-gtk/src/interface.c Executable file → Normal file
View file

@ -7,13 +7,13 @@
#include <config.h> #include <config.h>
#endif #endif
#include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/types.h>
#ifdef HAVE_UNISTD_H #ifdef HAVE_UNISTD_H
#include <unistd.h> #include <unistd.h>
#endif #endif
#include <string.h>
#include <stdio.h> #include <stdio.h>
#include <string.h>
#include <gdk/gdkkeysyms.h> #include <gdk/gdkkeysyms.h>
#include <gtk/gtk.h> #include <gtk/gtk.h>
@ -22,12 +22,9 @@
#include "interface.h" #include "interface.h"
#include "support.h" #include "support.h"
#define GLADE_HOOKUP_OBJECT(component,widget,name) \ #define GLADE_HOOKUP_OBJECT(component, widget, name) g_object_set_data_full(G_OBJECT(component), name, gtk_widget_ref(widget), (GDestroyNotify)gtk_widget_unref)
g_object_set_data_full (G_OBJECT (component), name, \
gtk_widget_ref (widget), (GDestroyNotify) gtk_widget_unref)
#define GLADE_HOOKUP_OBJECT_NO_REF(component,widget,name) \ #define GLADE_HOOKUP_OBJECT_NO_REF(component, widget, name) g_object_set_data(G_OBJECT(component), name, widget)
g_object_set_data (G_OBJECT (component), name, widget)
GtkWidget *create_wndMain(void) { GtkWidget *create_wndMain(void) {
GtkWidget *wndMain; GtkWidget *wndMain;
@ -60,6 +57,7 @@ GtkWidget *create_wndMain(void) {
GtkWidget *chkSSL; GtkWidget *chkSSL;
GtkWidget *chkServiceDetails; GtkWidget *chkServiceDetails;
GtkWidget *chkCompleteHelp; GtkWidget *chkCompleteHelp;
GtkWidget *chkOldSSL;
GtkWidget *label29; GtkWidget *label29;
GtkWidget *label1; GtkWidget *label1;
GtkWidget *vbox2; GtkWidget *vbox2;
@ -154,13 +152,7 @@ GtkWidget *create_wndMain(void) {
GtkWidget *entTelnet; GtkWidget *entTelnet;
GtkWidget *label36; GtkWidget *label36;
GtkWidget *frame16; GtkWidget *frame16;
GtkWidget *table11; GtkWidget *entSNMP;
GtkWidget *radioSNMPRead;
GSList *radioSNMPRead_group = NULL;
GtkWidget *radioSNMPWrite;
GtkWidget *radioSNMPVer2;
GSList *radioSNMPVer2_group = NULL;
GtkWidget *radioSNMPVer1;
GtkWidget *label35; GtkWidget *label35;
GtkWidget *label14; GtkWidget *label14;
GtkWidget *vbox3; GtkWidget *vbox3;
@ -176,6 +168,9 @@ GtkWidget *create_wndMain(void) {
GtkWidget *btnClear; GtkWidget *btnClear;
GtkWidget *label4; GtkWidget *label4;
GtkWidget *statusbar; GtkWidget *statusbar;
GtkWidget *lblSMB2;
GtkWidget *entSMB2Workgroup;
GtkWidget *fraSMB2;
GtkAccelGroup *accel_group; GtkAccelGroup *accel_group;
GtkTooltips *tooltips; GtkTooltips *tooltips;
@ -227,6 +222,7 @@ GtkWidget *create_wndMain(void) {
gtk_widget_set_name(cmbProtocol, "cmbProtocol"); gtk_widget_set_name(cmbProtocol, "cmbProtocol");
gtk_widget_show(cmbProtocol); gtk_widget_show(cmbProtocol);
gtk_table_attach(GTK_TABLE(table8), cmbProtocol, 1, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_table_attach(GTK_TABLE(table8), cmbProtocol, 1, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "adam6500");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "afp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "afp");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "asterisk"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "asterisk");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "cisco"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "cisco");
@ -252,6 +248,8 @@ GtkWidget *create_wndMain(void) {
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3-crammd5"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3-crammd5");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3-digestmd5"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3-digestmd5");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "memcached");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "mongodb");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "mssql"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "mssql");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "mysql"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "mysql");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ncp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ncp");
@ -263,15 +261,19 @@ GtkWidget *create_wndMain(void) {
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "pop3"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "pop3");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "pcanywhere"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "pcanywhere");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "postgres"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "postgres");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "radmin2");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rdp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rdp");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "redis"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "redis");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rexec"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rexec");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rlogin"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rlogin");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rpcap");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rsh"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rsh");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rtsp");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "s7-300"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "s7-300");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sapr3"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sapr3");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sip"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sip");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smb"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smb");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smb2");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smtp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smtp");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "snmp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "snmp");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "socks5"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "socks5");
@ -310,7 +312,6 @@ GtkWidget *create_wndMain(void) {
gtk_table_attach(GTK_TABLE(table8), label6, 0, 1, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_table_attach(GTK_TABLE(table8), label6, 0, 1, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_misc_set_alignment(GTK_MISC(label6), 0, 0.5); gtk_misc_set_alignment(GTK_MISC(label6), 0, 0.5);
chkIPV6 = gtk_check_button_new_with_mnemonic("Prefer IPV6"); chkIPV6 = gtk_check_button_new_with_mnemonic("Prefer IPV6");
gtk_widget_set_name(chkIPV6, "chkIPV6"); gtk_widget_set_name(chkIPV6, "chkIPV6");
gtk_widget_show(chkIPV6); gtk_widget_show(chkIPV6);
@ -355,7 +356,7 @@ GtkWidget *create_wndMain(void) {
gtk_widget_show(frame12); gtk_widget_show(frame12);
gtk_box_pack_start(GTK_BOX(vbox5), frame12, TRUE, TRUE, 0); gtk_box_pack_start(GTK_BOX(vbox5), frame12, TRUE, TRUE, 0);
table9 = gtk_table_new(3, 2, FALSE); table9 = gtk_table_new(3, 3, FALSE);
gtk_widget_set_name(table9, "table9"); gtk_widget_set_name(table9, "table9");
gtk_widget_show(table9); gtk_widget_show(table9);
gtk_container_add(GTK_CONTAINER(frame12), table9); gtk_container_add(GTK_CONTAINER(frame12), table9);
@ -363,43 +364,45 @@ GtkWidget *create_wndMain(void) {
chkVerbose = gtk_check_button_new_with_mnemonic("Be Verbose"); chkVerbose = gtk_check_button_new_with_mnemonic("Be Verbose");
gtk_widget_set_name(chkVerbose, "chkVerbose"); gtk_widget_set_name(chkVerbose, "chkVerbose");
gtk_widget_show(chkVerbose); gtk_widget_show(chkVerbose);
gtk_table_attach(GTK_TABLE(table9), chkVerbose, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_table_attach(GTK_TABLE(table9), chkVerbose, 2, 3, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkVerbose, "be verbose", NULL); gtk_tooltips_set_tip(tooltips, chkVerbose, "be verbose", NULL);
chkDebug = gtk_check_button_new_with_mnemonic("Debug"); chkDebug = gtk_check_button_new_with_mnemonic("Debug");
gtk_widget_set_name(chkDebug, "chkDebug"); gtk_widget_set_name(chkDebug, "chkDebug");
gtk_widget_show(chkDebug); gtk_widget_show(chkDebug);
gtk_table_attach(GTK_TABLE(table9), chkDebug, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_table_attach(GTK_TABLE(table9), chkDebug, 2, 3, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkDebug, "Enable debug mode", NULL); gtk_tooltips_set_tip(tooltips, chkDebug, "Enable debug mode", NULL);
chkAttempts = gtk_check_button_new_with_mnemonic("Show Attempts"); chkAttempts = gtk_check_button_new_with_mnemonic("Show Attempts");
gtk_widget_set_name(chkAttempts, "chkAttempts"); gtk_widget_set_name(chkAttempts, "chkAttempts");
gtk_widget_show(chkAttempts); gtk_widget_show(chkAttempts);
gtk_table_attach(GTK_TABLE(table9), chkAttempts, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_table_attach(GTK_TABLE(table9), chkAttempts, 0, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkAttempts, "Show attempts", NULL); gtk_tooltips_set_tip(tooltips, chkAttempts, "Show attempts", NULL);
chkSSL = gtk_check_button_new_with_mnemonic("Use SSL"); chkSSL = gtk_check_button_new_with_mnemonic("Use SSL");
gtk_widget_set_name(chkSSL, "chkSSL"); gtk_widget_set_name(chkSSL, "chkSSL");
gtk_widget_show(chkSSL); gtk_widget_show(chkSSL);
gtk_table_attach(GTK_TABLE(table9), chkSSL, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_table_attach(GTK_TABLE(table9), chkSSL, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkSSL, "Enable to use SSL (the target must have SSL enabled!", NULL); gtk_tooltips_set_tip(tooltips, chkSSL, "Enable to use SSL (the target must have SSL enabled!)", NULL);
chkServiceDetails = gtk_check_button_new_with_mnemonic("Service Module Usage Details"); chkServiceDetails = gtk_check_button_new_with_mnemonic("Service Module Usage Details");
gtk_widget_set_name(chkServiceDetails, "chkServiceDetails"); gtk_widget_set_name(chkServiceDetails, "chkServiceDetails");
gtk_widget_show(chkServiceDetails); gtk_widget_show(chkServiceDetails);
gtk_table_attach (GTK_TABLE (table9), chkServiceDetails, 1, 2, 2, 3, gtk_table_attach(GTK_TABLE(table9), chkServiceDetails, 2, 3, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
(GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkServiceDetails, "Service Module Usage Details", NULL); gtk_tooltips_set_tip(tooltips, chkServiceDetails, "Service Module Usage Details", NULL);
chkCompleteHelp = gtk_check_button_new_with_mnemonic("COMPLETE HELP"); chkCompleteHelp = gtk_check_button_new_with_mnemonic("COMPLETE HELP");
gtk_widget_set_name(chkCompleteHelp, "chkCompleteHelp"); gtk_widget_set_name(chkCompleteHelp, "chkCompleteHelp");
gtk_widget_show(chkCompleteHelp); gtk_widget_show(chkCompleteHelp);
gtk_table_attach (GTK_TABLE (table9), chkCompleteHelp, 0, 1, 2, 3, gtk_table_attach(GTK_TABLE(table9), chkCompleteHelp, 0, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
(GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkCompleteHelp, "Complete Help", NULL); gtk_tooltips_set_tip(tooltips, chkCompleteHelp, "Complete Help", NULL);
chkOldSSL = gtk_check_button_new_with_mnemonic("Use old SSL");
gtk_widget_set_name(chkOldSSL, "chkOldSSL");
gtk_widget_show(chkOldSSL);
gtk_table_attach(GTK_TABLE(table9), chkOldSSL, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkOldSSL, "Enable to use old SSL (the target must have SSL enabled!)", NULL);
label29 = gtk_label_new("Output Options"); label29 = gtk_label_new("Output Options");
gtk_widget_set_name(label29, "label29"); gtk_widget_set_name(label29, "label29");
gtk_widget_show(label29); gtk_widget_show(label29);
@ -510,18 +513,14 @@ GtkWidget *create_wndMain(void) {
radioGenerate = gtk_radio_button_new_with_mnemonic(NULL, "Generate"); radioGenerate = gtk_radio_button_new_with_mnemonic(NULL, "Generate");
gtk_widget_set_name(radioGenerate, "radioGenerate"); gtk_widget_set_name(radioGenerate, "radioGenerate");
gtk_widget_show(radioGenerate); gtk_widget_show(radioGenerate);
gtk_table_attach (GTK_TABLE (table3), radioGenerate, 0, 1, 2, 3, gtk_table_attach(GTK_TABLE(table3), radioGenerate, 0, 1, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0);
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioGenerate), radioPass1_group); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioGenerate), radioPass1_group);
radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioGenerate)); radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioGenerate));
entGeneration = gtk_entry_new(); entGeneration = gtk_entry_new();
gtk_widget_set_name(entGeneration, "entGeneration"); gtk_widget_set_name(entGeneration, "entGeneration");
gtk_widget_show(entGeneration); gtk_widget_show(entGeneration);
gtk_table_attach (GTK_TABLE (table3), entGeneration, 1, 2, 2, 3, gtk_table_attach(GTK_TABLE(table3), entGeneration, 1, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0);
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_tooltips_set_tip(tooltips, entGeneration, "Generate passwords", NULL); gtk_tooltips_set_tip(tooltips, entGeneration, "Generate passwords", NULL);
gtk_entry_set_text(GTK_ENTRY(entGeneration), "1:1:a"); gtk_entry_set_text(GTK_ENTRY(entGeneration), "1:1:a");
@ -730,17 +729,13 @@ GtkWidget *create_wndMain(void) {
chkExitF = gtk_check_button_new_with_mnemonic("Exit after first found pair (global)"); chkExitF = gtk_check_button_new_with_mnemonic("Exit after first found pair (global)");
gtk_widget_set_name(chkExitF, "chkExitF"); gtk_widget_set_name(chkExitF, "chkExitF");
gtk_widget_show(chkExitF); gtk_widget_show(chkExitF);
gtk_table_attach (GTK_TABLE (table10), chkExitF, 0, 2, 3, 4, gtk_table_attach(GTK_TABLE(table10), chkExitF, 0, 2, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
(GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkExitF, "Enable this to stop all attacking processes once a valid login/password pair is found (global)", NULL); gtk_tooltips_set_tip(tooltips, chkExitF, "Enable this to stop all attacking processes once a valid login/password pair is found (global)", NULL);
chkNoErr = gtk_check_button_new_with_mnemonic("Do not print messages about connection errors"); chkNoErr = gtk_check_button_new_with_mnemonic("Do not print messages about connection errors");
gtk_widget_set_name(chkNoErr, "chkNoErr"); gtk_widget_set_name(chkNoErr, "chkNoErr");
gtk_widget_show(chkNoErr); gtk_widget_show(chkNoErr);
gtk_table_attach (GTK_TABLE (table10), chkNoErr, 0, 2, 4, 5, gtk_table_attach(GTK_TABLE(table10), chkNoErr, 0, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
(GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkNoErr, "Do not print messages about connection errors", NULL); gtk_tooltips_set_tip(tooltips, chkNoErr, "Do not print messages about connection errors", NULL);
label30 = gtk_label_new("Performance Options"); label30 = gtk_label_new("Performance Options");
@ -840,25 +835,42 @@ GtkWidget *create_wndMain(void) {
gtk_widget_set_name(chkLocal, "chkLocal"); gtk_widget_set_name(chkLocal, "chkLocal");
gtk_widget_show(chkLocal); gtk_widget_show(chkLocal);
gtk_box_pack_start(GTK_BOX(hbox2), chkLocal, TRUE, TRUE, 0); gtk_box_pack_start(GTK_BOX(hbox2), chkLocal, TRUE, TRUE, 0);
gtk_tooltips_set_tip(tooltips, chkLocal, "Just attack local accounts", NULL); gtk_tooltips_set_tip(tooltips, chkLocal, "Just attack local accounts (only valid for smb module)", NULL);
chkDomain = gtk_check_button_new_with_mnemonic("domain accounts"); chkDomain = gtk_check_button_new_with_mnemonic("domain accounts");
gtk_widget_set_name(chkDomain, "chkDomain"); gtk_widget_set_name(chkDomain, "chkDomain");
gtk_widget_show(chkDomain); gtk_widget_show(chkDomain);
gtk_box_pack_start(GTK_BOX(hbox2), chkDomain, TRUE, TRUE, 0); gtk_box_pack_start(GTK_BOX(hbox2), chkDomain, TRUE, TRUE, 0);
gtk_tooltips_set_tip(tooltips, chkDomain, "Attack domain and local accounts", NULL); gtk_tooltips_set_tip(tooltips, chkDomain, "Attack domain and local accounts (only valid for smb module)", NULL);
chkNTLM = gtk_check_button_new_with_mnemonic("Interpret passes as NTLM hashes"); chkNTLM = gtk_check_button_new_with_mnemonic("Interpret passes as NTLM hashes");
gtk_widget_set_name(chkNTLM, "chkNTLM"); gtk_widget_set_name(chkNTLM, "chkNTLM");
gtk_widget_show(chkNTLM); gtk_widget_show(chkNTLM);
gtk_box_pack_start(GTK_BOX(hbox2), chkNTLM, FALSE, FALSE, 0); gtk_box_pack_start(GTK_BOX(hbox2), chkNTLM, FALSE, FALSE, 0);
gtk_tooltips_set_tip(tooltips, chkNTLM, "Interpret passes as NTML hashes", NULL); gtk_tooltips_set_tip(tooltips, chkNTLM, "Interpret passes as NTML hashes (valid for both smb and smb2 modules)", NULL);
label18 = gtk_label_new("SMB"); label18 = gtk_label_new("SMB");
gtk_widget_set_name(label18, "label18"); gtk_widget_set_name(label18, "label18");
gtk_widget_show(label18); gtk_widget_show(label18);
gtk_frame_set_label_widget(GTK_FRAME(frame6), label18); gtk_frame_set_label_widget(GTK_FRAME(frame6), label18);
fraSMB2 = gtk_frame_new(NULL);
gtk_widget_set_name(fraSMB2, "fraSMB2");
gtk_widget_show(fraSMB2);
gtk_box_pack_start(GTK_BOX(vbox4), fraSMB2, TRUE, TRUE, 0);
entSMB2Workgroup = gtk_entry_new();
gtk_widget_set_name(entSMB2Workgroup, "entSMB2Workgroup");
gtk_widget_show(entSMB2Workgroup);
gtk_container_add(GTK_CONTAINER(fraSMB2), entSMB2Workgroup);
gtk_tooltips_set_tip(tooltips, entSMB2Workgroup, "Workgroup to use for SMB authentication (only valid for smb2 module)", NULL);
gtk_entry_set_text(GTK_ENTRY(entSMB2Workgroup), "WORKGROUP");
lblSMB2 = gtk_label_new("SMB2 Workgroup");
gtk_widget_set_name(lblSMB2, "lblSMB2");
gtk_widget_show(lblSMB2);
gtk_frame_set_label_widget(GTK_FRAME(fraSMB2), lblSMB2);
frame7 = gtk_frame_new(NULL); frame7 = gtk_frame_new(NULL);
gtk_widget_set_name(frame7, "frame7"); gtk_widget_set_name(frame7, "frame7");
gtk_widget_show(frame7); gtk_widget_show(frame7);
@ -907,7 +919,7 @@ GtkWidget *create_wndMain(void) {
gtk_widget_set_name(entTelnet, "entTelnet"); gtk_widget_set_name(entTelnet, "entTelnet");
gtk_widget_show(entTelnet); gtk_widget_show(entTelnet);
gtk_container_add(GTK_CONTAINER(alignment1), entTelnet); gtk_container_add(GTK_CONTAINER(alignment1), entTelnet);
gtk_tooltips_set_tip(tooltips, entTelnet, "Insert the return string for a succesfull login", NULL); gtk_tooltips_set_tip(tooltips, entTelnet, "Insert the return string for a successful login", NULL);
label36 = gtk_label_new("Telnet - Successful Login String"); label36 = gtk_label_new("Telnet - Successful Login String");
gtk_widget_set_name(label36, "label36"); gtk_widget_set_name(label36, "label36");
@ -920,38 +932,12 @@ GtkWidget *create_wndMain(void) {
gtk_widget_show(frame16); gtk_widget_show(frame16);
gtk_box_pack_start(GTK_BOX(vbox4), frame16, TRUE, TRUE, 0); gtk_box_pack_start(GTK_BOX(vbox4), frame16, TRUE, TRUE, 0);
table11 = gtk_table_new(2, 2, FALSE); entSNMP = gtk_entry_new();
gtk_widget_set_name(table11, "table11"); gtk_widget_set_name(entSNMP, "entSNMP");
gtk_widget_show(table11); gtk_widget_show(entSNMP);
gtk_container_add(GTK_CONTAINER(frame16), table11); gtk_container_add(GTK_CONTAINER(frame16), entSNMP);
gtk_tooltips_set_tip(tooltips, entSNMP, "SNMP options", NULL);
radioSNMPRead = gtk_radio_button_new_with_mnemonic(NULL, "Write Password"); gtk_entry_set_text(GTK_ENTRY(entSNMP), "3:SHA:AES:READ");
gtk_widget_set_name(radioSNMPRead, "radioSNMPRead");
gtk_widget_show(radioSNMPRead);
gtk_table_attach(GTK_TABLE(table11), radioSNMPRead, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPRead), radioSNMPRead_group);
radioSNMPRead_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPRead));
radioSNMPWrite = gtk_radio_button_new_with_mnemonic(NULL, "Read Password");
gtk_widget_set_name(radioSNMPWrite, "radioSNMPWrite");
gtk_widget_show(radioSNMPWrite);
gtk_table_attach(GTK_TABLE(table11), radioSNMPWrite, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPWrite), radioSNMPRead_group);
radioSNMPRead_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPWrite));
radioSNMPVer2 = gtk_radio_button_new_with_mnemonic(NULL, "Version 2");
gtk_widget_set_name(radioSNMPVer2, "radioSNMPVer2");
gtk_widget_show(radioSNMPVer2);
gtk_table_attach(GTK_TABLE(table11), radioSNMPVer2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPVer2), radioSNMPVer2_group);
radioSNMPVer2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPVer2));
radioSNMPVer1 = gtk_radio_button_new_with_mnemonic(NULL, "Version 1");
gtk_widget_set_name(radioSNMPVer1, "radioSNMPVer1");
gtk_widget_show(radioSNMPVer1);
gtk_table_attach(GTK_TABLE(table11), radioSNMPVer1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPVer1), radioSNMPVer2_group);
radioSNMPVer2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPVer1));
label35 = gtk_label_new("SNMP"); label35 = gtk_label_new("SNMP");
gtk_widget_set_name(label35, "label35"); gtk_widget_set_name(label35, "label35");
@ -1075,6 +1061,7 @@ GtkWidget *create_wndMain(void) {
GLADE_HOOKUP_OBJECT(wndMain, chkSSL, "chkSSL"); GLADE_HOOKUP_OBJECT(wndMain, chkSSL, "chkSSL");
GLADE_HOOKUP_OBJECT(wndMain, chkServiceDetails, "chkServiceDetails"); GLADE_HOOKUP_OBJECT(wndMain, chkServiceDetails, "chkServiceDetails");
GLADE_HOOKUP_OBJECT(wndMain, chkCompleteHelp, "chkCompleteHelp"); GLADE_HOOKUP_OBJECT(wndMain, chkCompleteHelp, "chkCompleteHelp");
GLADE_HOOKUP_OBJECT(wndMain, chkOldSSL, "chkOldSSL");
GLADE_HOOKUP_OBJECT(wndMain, label29, "label29"); GLADE_HOOKUP_OBJECT(wndMain, label29, "label29");
GLADE_HOOKUP_OBJECT(wndMain, label1, "label1"); GLADE_HOOKUP_OBJECT(wndMain, label1, "label1");
GLADE_HOOKUP_OBJECT(wndMain, vbox2, "vbox2"); GLADE_HOOKUP_OBJECT(wndMain, vbox2, "vbox2");
@ -1163,11 +1150,7 @@ GtkWidget *create_wndMain(void) {
GLADE_HOOKUP_OBJECT(wndMain, entTelnet, "entTelnet"); GLADE_HOOKUP_OBJECT(wndMain, entTelnet, "entTelnet");
GLADE_HOOKUP_OBJECT(wndMain, label36, "label36"); GLADE_HOOKUP_OBJECT(wndMain, label36, "label36");
GLADE_HOOKUP_OBJECT(wndMain, frame16, "frame16"); GLADE_HOOKUP_OBJECT(wndMain, frame16, "frame16");
GLADE_HOOKUP_OBJECT(wndMain, table11, "table11"); GLADE_HOOKUP_OBJECT(wndMain, entSNMP, "entSNMP");
GLADE_HOOKUP_OBJECT(wndMain, radioSNMPRead, "radioSNMPRead");
GLADE_HOOKUP_OBJECT(wndMain, radioSNMPWrite, "radioSNMPWrite");
GLADE_HOOKUP_OBJECT(wndMain, radioSNMPVer2, "radioSNMPVer2");
GLADE_HOOKUP_OBJECT(wndMain, radioSNMPVer1, "radioSNMPVer1");
GLADE_HOOKUP_OBJECT(wndMain, label35, "label35"); GLADE_HOOKUP_OBJECT(wndMain, label35, "label35");
GLADE_HOOKUP_OBJECT(wndMain, label14, "label14"); GLADE_HOOKUP_OBJECT(wndMain, label14, "label14");
GLADE_HOOKUP_OBJECT(wndMain, vbox3, "vbox3"); GLADE_HOOKUP_OBJECT(wndMain, vbox3, "vbox3");
@ -1184,6 +1167,7 @@ GtkWidget *create_wndMain(void) {
GLADE_HOOKUP_OBJECT(wndMain, label4, "label4"); GLADE_HOOKUP_OBJECT(wndMain, label4, "label4");
GLADE_HOOKUP_OBJECT(wndMain, statusbar, "statusbar"); GLADE_HOOKUP_OBJECT(wndMain, statusbar, "statusbar");
GLADE_HOOKUP_OBJECT_NO_REF(wndMain, tooltips, "tooltips"); GLADE_HOOKUP_OBJECT_NO_REF(wndMain, tooltips, "tooltips");
GLADE_HOOKUP_OBJECT(wndMain, entSMB2Workgroup, "entSMB2Workgroup");
gtk_window_add_accel_group(GTK_WINDOW(wndMain), accel_group); gtk_window_add_accel_group(GTK_WINDOW(wndMain), accel_group);

0
hydra-gtk/src/interface.h Executable file → Normal file
View file

14
hydra-gtk/src/main.c Executable file → Normal file
View file

@ -8,19 +8,21 @@
#include <config.h> #include <config.h>
#endif #endif
#include <gtk/gtk.h> #include "callbacks.h"
#include <string.h>
#include "interface.h" #include "interface.h"
#include "support.h" #include "support.h"
#include "callbacks.h" #include <gtk/gtk.h>
#include <string.h>
char *hydra_path1 = "./hydra"; char *hydra_path1 = "./hydra";
char *hydra_path2 = "/usr/local/bin/hydra"; char *hydra_path2 = "/usr/local/bin/hydra";
char *hydra_path3 = "/usr/bin/hydra"; char *hydra_path3 = "/usr/bin/hydra";
GtkWidget *wndMain;
char *HYDRA_BIN;
guint message_id;
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
extern GtkWidget *wndMain;
int i; int i;
extern guint message_id; extern guint message_id;
GtkWidget *output; GtkWidget *output;
@ -60,8 +62,7 @@ int main(int argc, char *argv[]) {
wndMain = create_wndMain(); wndMain = create_wndMain();
gtk_widget_show(wndMain); gtk_widget_show(wndMain);
/* if we can't use the new cool file chooser, the save button gets disabled */
/* if we cant use the new cool file chooser, the save button gets disabled */
#ifndef GTK_TYPE_FILE_CHOOSER #ifndef GTK_TYPE_FILE_CHOOSER
GtkWidget *btnSave; GtkWidget *btnSave;
@ -69,7 +70,6 @@ int main(int argc, char *argv[]) {
gtk_widget_set_sensitive(btnSave, FALSE); gtk_widget_set_sensitive(btnSave, FALSE);
#endif #endif
/* update the statusbar every now and then */ /* update the statusbar every now and then */
g_timeout_add(600, update_statusbar, NULL); g_timeout_add(600, update_statusbar, NULL);

15
hydra-gtk/src/support.c Executable file → Normal file
View file

@ -7,11 +7,11 @@
#include <config.h> #include <config.h>
#endif #endif
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h> #include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <gtk/gtk.h> #include <gtk/gtk.h>
@ -41,9 +41,7 @@ GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) {
static GList *pixmaps_directories = NULL; static GList *pixmaps_directories = NULL;
/* Use this function to set the directory containing installed pixmaps. */ /* Use this function to set the directory containing installed pixmaps. */
void add_pixmap_directory(const gchar * directory) { void add_pixmap_directory(const gchar *directory) { pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory)); }
pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory));
}
/* This is an internally used function to find pixmap files. */ /* This is an internally used function to find pixmap files. */
static gchar *find_pixmap_file(const gchar *filename) { static gchar *find_pixmap_file(const gchar *filename) {
@ -52,8 +50,7 @@ static gchar *find_pixmap_file(const gchar * filename) {
/* We step through each of the pixmaps directory to find it. */ /* We step through each of the pixmaps directory to find it. */
elem = pixmaps_directories; elem = pixmaps_directories;
while (elem) { while (elem) {
gchar *pathname = g_strdup_printf("%s%s%s", (gchar *) elem->data, gchar *pathname = g_strdup_printf("%s%s%s", (gchar *)elem->data, G_DIR_SEPARATOR_S, filename);
G_DIR_SEPARATOR_S, filename);
if (g_file_test(pathname, G_FILE_TEST_EXISTS)) if (g_file_test(pathname, G_FILE_TEST_EXISTS))
return pathname; return pathname;

9
hydra-gtk/src/support.h Executable file → Normal file
View file

@ -21,11 +21,9 @@
*/ */
GtkWidget *lookup_widget(GtkWidget *widget, const gchar *widget_name); GtkWidget *lookup_widget(GtkWidget *widget, const gchar *widget_name);
/* Use this function to set the directory containing installed pixmaps. */ /* Use this function to set the directory containing installed pixmaps. */
void add_pixmap_directory(const gchar *directory); void add_pixmap_directory(const gchar *directory);
/* /*
* Private Functions. * Private Functions.
*/ */
@ -39,7 +37,6 @@ GdkPixbuf *create_pixbuf(const gchar * filename);
/* This is used to set ATK action descriptions. */ /* This is used to set ATK action descriptions. */
void glade_set_atk_action_description(AtkAction *action, const gchar *action_name, const gchar *description); void glade_set_atk_action_description(AtkAction *action, const gchar *action_name, const gchar *description);
extern GtkWidget *wndMain;
GtkWidget *wndMain; extern char *HYDRA_BIN;
char *HYDRA_BIN; extern guint message_id;
guint message_id;

0
hydra-gtk/stamp-h.in Executable file → Normal file
View file

22
hydra-gtk/xhydra.glade Executable file → Normal file
View file

@ -549,6 +549,26 @@
<property name="label" translatable="yes">xmpp</property> <property name="label" translatable="yes">xmpp</property>
</widget> </widget>
</child> </child>
<child>
<widget class="GtkListItem" id="listitem2120">
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="label" translatable="yes">adam6500</property>
</widget>
</child>
<child>
<widget class="GtkListItem" id="listitem2121">
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="label" translatable="yes">rpcap</property>
</widget>
</child>
<widget class="GtkListItem" id="listitem2122">
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="label" translatable="yes">rtsp</property>
</widget>
</child>
</widget> </widget>
</child> </child>
@ -2320,7 +2340,7 @@ addresses and/or DNS names.</property>
<child> <child>
<widget class="GtkEntry" id="entTelnet"> <widget class="GtkEntry" id="entTelnet">
<property name="visible">True</property> <property name="visible">True</property>
<property name="tooltip" translatable="yes">Insert the return string for a succesfull login</property> <property name="tooltip" translatable="yes">Insert the return string for a successful login</property>
<property name="can_focus">True</property> <property name="can_focus">True</property>
<property name="editable">True</property> <property name="editable">True</property>
<property name="visibility">True</property> <property name="visibility">True</property>

0
hydra-gtk/xhydra.gladep Executable file → Normal file
View file

721
hydra-http-form.c
View file

File diff suppressed because it is too large Load diff

69
hydra-http-proxy-urlenum.c
View file

@ -3,15 +3,15 @@
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf; char *buf;
static int http_proxy_auth_mechanism = AUTH_ERROR; static int32_t http_proxy_auth_mechanism = AUTH_ERROR;
int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) {
char *empty = ""; char *empty = "";
char *login, *pass, buffer[500], buffer2[500], mlogin[260], mpass[260], mhost[260]; char *login, *pass, buffer[500], buffer2[500], mlogin[260], mpass[260], mhost[260];
char url[260], host[30]; char url[260], host[30];
char *header = ""; /* XXX TODO */ char *header = ""; /* XXX TODO */
char *ptr; char *ptr;
int auth = 0; int32_t auth = 0;
login = hydra_get_next_login(); login = hydra_get_next_login();
if (login == NULL || strlen(login) == 0 || strstr(login, "://") == NULL) { if (login == NULL || strlen(login) == 0 || strstr(login, "://") == NULL) {
@ -66,7 +66,7 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
s = hydra_connect_tcp(ip, port); s = hydra_connect_tcp(ip, port);
} else { } else {
s = hydra_connect_ssl(ip, port); s = hydra_connect_ssl(ip, port, hostname);
} }
} }
@ -75,7 +75,10 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c
http_proxy_auth_mechanism = AUTH_BASIC; http_proxy_auth_mechanism = AUTH_BASIC;
sprintf(buffer2, "%.50s:%.50s", login, pass); sprintf(buffer2, "%.50s:%.50s", login, pass);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header); sprintf(buffer,
"GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic "
"%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
url, host, buffer2, header);
if (debug) if (debug)
hydra_report(stderr, "C:%s\n", buffer); hydra_report(stderr, "C:%s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
@ -105,14 +108,18 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c
http_proxy_auth_mechanism = AUTH_NTLM; http_proxy_auth_mechanism = AUTH_NTLM;
// send auth and receive challenge // send auth and receive challenge
//send auth request: let the server send it's own hostname and domainname // send auth request: let the server send it's own hostname and
// domainname
buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2));
/* to be portable, no snprintf, buffer is big enough so it cant overflow */ /* to be portable, no snprintf, buffer is big enough so it can't
* overflow */
// send the first.. // send the first..
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, sprintf(buffer,
header); "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: "
"Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n",
url, host, buf1, header);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1; return 1;
@ -143,8 +150,10 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c
// Send response // Send response
buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, sprintf(buffer,
header); "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: "
"Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n",
url, host, buf1, header);
if (debug) if (debug)
hydra_report(stderr, "C:%s\n", buffer); hydra_report(stderr, "C:%s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
@ -161,7 +170,7 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c
} else { } else {
#ifdef LIBOPENSSL #ifdef LIBOPENSSL
if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) { if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) {
char *pbuffer; char *pbuffer, *result;
http_proxy_auth_mechanism = AUTH_DIGESTMD5; http_proxy_auth_mechanism = AUTH_DIGESTMD5;
pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest "); pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest ");
@ -169,8 +178,8 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c
buffer[sizeof(buffer) - 1] = '\0'; buffer[sizeof(buffer) - 1] = '\0';
pbuffer = buffer2; pbuffer = buffer2;
sasl_digest_md5(pbuffer, login, pass, buffer, miscptr, "proxy", host, 0, header); result = sasl_digest_md5(pbuffer, login, pass, buffer, miscptr, "proxy", host, 0, header);
if (pbuffer == NULL) if (result == NULL)
return 3; return 3;
if (debug) if (debug)
@ -210,8 +219,8 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c
if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) { if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) {
hydra_report_found_host(port, ip, "http-proxy", fp); hydra_report_found_host(port, ip, "http-proxy", fp);
if (fp != stdout) if (fp != stdout)
fprintf(fp, "[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url); fprintf(fp, "[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string_beautiful(ip), url);
printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url); printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string_beautiful(ip), url);
hydra_completed_pair_found(); hydra_completed_pair_found();
} else { } else {
if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */) { if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */) {
@ -228,9 +237,9 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c
return 1; return 1;
} }
void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; int32_t myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -243,7 +252,7 @@ void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *m
{ {
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(275000); // usleepn(275);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -252,18 +261,19 @@ void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *m
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
next_run = 2; next_run = 2;
break; break;
} }
case 2: /* run the cracking function */ case 2: /* run the cracking function */
next_run = start_http_proxy_urlenum(sock, ip, port, options, miscptr, fp); next_run = start_http_proxy_urlenum(sock, ip, port, options, miscptr, fp, hostname);
break; break;
case 3: /* clean exit */ case 3: /* clean exit */
if (sock >= 0) if (sock >= 0)
@ -278,7 +288,7 @@ void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *m
} }
} }
int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -291,3 +301,14 @@ int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, cha
return 0; return 0;
} }
void usage_http_proxy_urlenum(const char *service) {
printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P "
"option.\n"
"The -L loginfile must contain the URL list to try through the proxy.\n"
"The proxy credentials cann be put as the optional parameter, e.g.\n"
" hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum "
"user:pass\n"
" hydra -L urllist.txt "
"http-proxy-urlenum://target.com:3128/user:pass\n\n");
}

108
hydra-http-proxy.c
View file

@ -2,15 +2,15 @@
#include "sasl.h" #include "sasl.h"
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
static int http_proxy_auth_mechanism = AUTH_ERROR; static int32_t http_proxy_auth_mechanism = AUTH_ERROR;
char *http_proxy_buf = NULL; char *http_proxy_buf = NULL;
int start_http_proxy(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) {
char *empty = ""; char *empty = "";
char *login, *pass, buffer[500], buffer2[500]; char *login, *pass, buffer[5000], buffer2[4500];
char url[210], host[30]; char url[510], host[60];
char *header = ""; /* XXX TODO */ char *header = ""; /* XXX TODO */
char *ptr, *fooptr; char *ptr, *fooptr, *auth_hdr;
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
@ -21,9 +21,9 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
strcpy(url, "http://www.microsoft.com/"); strcpy(url, "http://www.microsoft.com/");
strcpy(host, "Host: www.microsoft.com\r\n"); strcpy(host, "Host: www.microsoft.com\r\n");
} else { } else {
sprintf(url, "%.200s", miscptr); sprintf(url, "%.500s", miscptr);
ptr = strstr(miscptr, "://"); // :// check is in hydra.c ptr = strstr(miscptr, "://"); // :// check is in hydra.c
sprintf(host, "Host: %.200s", ptr + 3); sprintf(host, "Host: %.50s", ptr + 3);
if ((ptr = index(host, '/')) != NULL) if ((ptr = index(host, '/')) != NULL)
*ptr = 0; *ptr = 0;
if ((ptr = index(host + 6, ':')) != NULL && host[0] != '[') if ((ptr = index(host + 6, ':')) != NULL && host[0] != '[')
@ -50,39 +50,43 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
return 3; return 3;
} }
if (debug) if (debug) {
hydra_report(stderr, "S:%s\n", http_proxy_buf); hydra_report(stderr, "S:%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), http_proxy_buf);
}
free(http_proxy_buf); while (http_proxy_buf != NULL && (auth_hdr = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:")) == NULL) {
http_proxy_buf = hydra_receive_line(s);
while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) {
free(http_proxy_buf); free(http_proxy_buf);
http_proxy_buf = hydra_receive_line(s); http_proxy_buf = hydra_receive_line(s);
} }
if (http_proxy_buf == NULL) { if (auth_hdr == NULL) {
if (verbose) if (verbose)
hydra_report(stderr, "[ERROR] Proxy seems not to require authentication\n"); hydra_report(stderr, "[ERROR] Proxy seems not to require authentication\n");
return 3; return 3;
} }
if (debug) if (debug) {
hydra_report(stderr, "S:%s\n", http_proxy_buf); hydra_report(stderr, "S:%-.*s\n", (int)(strchr(auth_hdr, '\r') - auth_hdr), auth_hdr);
}
// after the first query we should have been disconnected from web server // after the first query we should have been disconnected from web server
s = hydra_disconnect(s); s = hydra_disconnect(s);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
s = hydra_connect_tcp(ip, port); s = hydra_connect_tcp(ip, port);
} else { } else {
s = hydra_connect_ssl(ip, port); s = hydra_connect_ssl(ip, port, hostname);
} }
} }
if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Basic") != NULL) { if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(auth_hdr, "Proxy-Authenticate: Basic") != NULL) {
http_proxy_auth_mechanism = AUTH_BASIC; http_proxy_auth_mechanism = AUTH_BASIC;
auth_hdr = NULL;
sprintf(buffer2, "%.50s:%.50s", login, pass); sprintf(buffer2, "%.50s:%.50s", login, pass);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header); sprintf(buffer,
"GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: "
"Mozilla/4.0 (Hydra)\r\n%s\r\n",
url, host, buffer2, header);
if (debug) if (debug)
hydra_report(stderr, "C:%s\n", buffer); hydra_report(stderr, "C:%s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
@ -102,24 +106,29 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
return 3; return 3;
} }
if (debug) if (debug) {
hydra_report(stderr, "S:%s\n", http_proxy_buf); hydra_report(stderr, "S:%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), http_proxy_buf);
}
} else { } else {
if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM") != NULL) { if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(auth_hdr, "Proxy-Authenticate: NTLM") != NULL) {
unsigned char buf1[4096]; unsigned char buf1[4096];
unsigned char buf2[4096]; unsigned char buf2[4096];
char *pos = NULL; char *pos = NULL;
http_proxy_auth_mechanism = AUTH_NTLM; http_proxy_auth_mechanism = AUTH_NTLM;
auth_hdr = NULL;
// send auth and receive challenge // send auth and receive challenge
// send auth request: let the server send it's own hostname and domainname // send auth request: let the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2));
/* to be portable, no snprintf, buffer is big enough so it cant overflow */ /* to be portable, no snprintf, buffer is big enough so it can't overflow
*/
// send the first.. // send the first..
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); sprintf(buffer,
"GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: "
"Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n",
url, host, buf1, header);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 3; return 3;
@ -151,7 +160,10 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
// Send response // Send response
buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); sprintf(buffer,
"GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: "
"Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n",
url, host, buf1, header);
if (debug) if (debug)
hydra_report(stderr, "C:%s\n", buffer); hydra_report(stderr, "C:%s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
@ -169,19 +181,19 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
return 3; return 3;
} else { } else {
#ifdef LIBOPENSSL #ifdef LIBOPENSSL
if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) { if (hydra_strcasestr(auth_hdr, "Proxy-Authenticate: Digest") != NULL) {
char *pbuffer, *result;
char *pbuffer;
http_proxy_auth_mechanism = AUTH_DIGESTMD5; http_proxy_auth_mechanism = AUTH_DIGESTMD5;
auth_hdr == NULL;
pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest "); pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest ");
strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer));
buffer[sizeof(buffer) - 1] = '\0'; buffer[sizeof(buffer) - 1] = '\0';
pbuffer = NULL; pbuffer = NULL;
fooptr = buffer2; fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "proxy", host, 0, header); result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "proxy", host, 0, header);
if (fooptr == NULL) if (result == NULL)
return 3; return 3;
if (debug) if (debug)
@ -196,8 +208,9 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
http_proxy_buf = hydra_receive_line(s); http_proxy_buf = hydra_receive_line(s);
} }
if (debug && http_proxy_buf != NULL) if (debug && http_proxy_buf != NULL) {
hydra_report(stderr, "S:%s\n", http_proxy_buf); hydra_report(stderr, "S:%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), http_proxy_buf);
}
if (http_proxy_buf == NULL) if (http_proxy_buf == NULL)
return 3; return 3;
@ -205,9 +218,10 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
} else } else
#endif #endif
{ {
if (http_proxy_buf != NULL) { if (auth_hdr != NULL) {
// buf[strlen(http_proxy_buf) - 1] = '\0'; // buf[strlen(http_proxy_buf) - 1] = '\0';
hydra_report(stderr, "Unsupported Auth type:\n%s\n", http_proxy_buf); hydra_report(stderr, "Unsupported Auth type:\n%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - auth_hdr), auth_hdr);
auth_hdr = NULL;
free(http_proxy_buf); free(http_proxy_buf);
http_proxy_buf = NULL; http_proxy_buf = NULL;
} else { } else {
@ -219,7 +233,7 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
} }
ptr = ((char *)index(http_proxy_buf, ' ')) + 1; ptr = ((char *)index(http_proxy_buf, ' ')) + 1;
if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) { if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2') || (*ptr == '4' && *(ptr + 2) == '4')) {
hydra_report_found_host(port, ip, "http-proxy", fp); hydra_report_found_host(port, ip, "http-proxy", fp);
hydra_completed_pair_found(); hydra_completed_pair_found();
free(http_proxy_buf); free(http_proxy_buf);
@ -246,9 +260,9 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
return 1; return 1;
} }
void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; int32_t myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -263,7 +277,7 @@ void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr,
free(http_proxy_buf); free(http_proxy_buf);
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(275000); // usleepn(275);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -272,19 +286,20 @@ void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr,
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
next_run = 2; next_run = 2;
break; break;
} }
case 2: /* run the cracking function */ case 2: /* run the cracking function */
next_run = start_http_proxy(sock, ip, port, options, miscptr, fp); next_run = start_http_proxy(sock, ip, port, options, miscptr, fp, hostname);
break; break;
case 3: /* clean exit */ case 3: /* clean exit */
if (sock >= 0) if (sock >= 0)
@ -299,7 +314,7 @@ void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr,
} }
} }
int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -312,3 +327,10 @@ int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscp
return 0; return 0;
} }
void usage_http_proxy(const char *service) {
printf("Module http-proxy is optionally taking the page to authenticate at.\n"
"Default is http://www.microsoft.com/)\n"
"Basic, DIGEST-MD5 and NTLM are supported and negotiated "
"automatically.\n\n");
}

317
hydra-http.c
View file

@ -1,19 +1,24 @@
#include "hydra-mod.h" #include "hydra-http.h"
#include "sasl.h" #include "sasl.h"
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *webtarget = NULL; char *webtarget = NULL;
char *slash = "/"; char *slash = "/";
char *http_buf = NULL; char *http_buf = NULL;
int webport, freemischttp = 0;
int http_auth_mechanism = AUTH_BASIC;
int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) { #define END_CONDITION_MAX_LEN 100
static char end_condition[END_CONDITION_MAX_LEN];
int end_condition_type = -1;
int32_t webport;
int32_t http_auth_mechanism = AUTH_UNASSIGNED;
int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *type, ptr_header_node ptr_head) {
char *empty = ""; char *empty = "";
char *login, *pass, buffer[500], buffer2[500]; char *login, *pass, *buffer, buffer2[500];
char *header = ""; /* XXX TODO */ char *header;
char *ptr, *fooptr; char *ptr, *fooptr;
int complete_line = 0; int32_t complete_line = 0, buffer_size;
char tmpreplybuf[1024] = "", *tmpreplybufptr; char tmpreplybuf[1024] = "", *tmpreplybufptr;
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
@ -21,25 +26,49 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
if (strlen(pass = hydra_get_next_password()) == 0) if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty; pass = empty;
if (strcmp(type, "POST") == 0)
add_header(&ptr_head, "Content-Length", "0", HEADER_TYPE_DEFAULT);
header = stringify_headers(&ptr_head);
buffer_size = strlen(header) + 500;
if (!(buffer = malloc(buffer_size))) {
free(header);
return 3;
}
// we must reset this if buf is NULL and we do MD5 digest // we must reset this if buf is NULL and we do MD5 digest
if (http_buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5) if (http_buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5)
http_auth_mechanism = AUTH_BASIC; http_auth_mechanism = AUTH_BASIC;
if (use_proxy > 0 && proxy_count > 0)
selected_proxy = random() % proxy_count;
switch (http_auth_mechanism) { switch (http_auth_mechanism) {
case AUTH_BASIC: case AUTH_BASIC:
sprintf(buffer2, "%.50s:%.50s", login, pass); sprintf(buffer2, "%.50s:%.50s", login, pass);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
/* again: no snprintf to be portable. dont worry, buffer cant overflow */ /* again: no snprintf to be portable. don't worry, buffer can't overflow */
if (use_proxy == 1 && proxy_authentication != NULL) if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", sprintf(buffer,
type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication, header); "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: "
"close\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic "
"%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication[selected_proxy], header);
else { else {
if (use_proxy == 1) if (use_proxy == 1)
sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", sprintf(buffer,
"%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: "
"close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 "
"(Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buffer2, header); type, webtarget, webport, miscptr, webtarget, buffer2, header);
else else
sprintf(buffer, "%s %.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, buffer2, header); sprintf(buffer,
"%s %.250s HTTP/1.1\r\nHost: %s\r\nConnection: "
"close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 "
"(Hydra)\r\n%s\r\n",
type, miscptr, webtarget, buffer2, header);
} }
if (debug) if (debug)
hydra_report(stderr, "C:%s\n", buffer); hydra_report(stderr, "C:%s\n", buffer);
@ -47,23 +76,24 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
#ifdef LIBOPENSSL #ifdef LIBOPENSSL
case AUTH_DIGESTMD5: { case AUTH_DIGESTMD5: {
char *pbuffer; char *pbuffer, *result;
pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest "); pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest ");
strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer)); strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), buffer_size - 1);
buffer[sizeof(buffer) - 1] = '\0'; buffer[buffer_size - 1] = '\0';
fooptr = buffer2; fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header);
if (fooptr == NULL) { if (result == NULL) {
free(buffer);
free(header);
return 3; return 3;
} }
if (debug) if (debug)
hydra_report(stderr, "C:%s\n", buffer2); hydra_report(stderr, "C:%s\n", buffer2);
strcpy(buffer, buffer2); strcpy(buffer, buffer2);
} } break;
break;
#endif #endif
case AUTH_NTLM: { case AUTH_NTLM: {
@ -76,36 +106,47 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2));
/* to be portable, no snprintf, buffer is big enough so it cant overflow */ /* to be portable, no snprintf, buffer is big enough so it can't overflow */
// send the first.. // send the first..
if (use_proxy == 1 && proxy_authentication != NULL) if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
sprintf(buffer, sprintf(buffer,
"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header); "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 "
"(Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
else { else {
if (use_proxy == 1) if (use_proxy == 1)
sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", sprintf(buffer,
"%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
"%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, header); type, webtarget, webport, miscptr, webtarget, buf1, header);
else else
sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, sprintf(buffer,
buf1, header); "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
"%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, miscptr, webtarget, buf1, header);
} }
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
free(buffer);
free(header);
return 1; return 1;
}
// receive challenge // receive challenge
if (http_buf != NULL) if (http_buf != NULL)
free(http_buf); free(http_buf);
http_buf = hydra_receive_line(s); http_buf = hydra_receive_line(s);
while (http_buf != NULL && (pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM ")) == NULL) { if (http_buf == NULL) {
free(http_buf); if (verbose)
http_buf = hydra_receive_line(s); hydra_report(stderr, "[ERROR] Server did not answer\n");
free(buffer);
free(header);
return 3;
} }
if (http_buf == NULL) pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM ");
return 1;
if (pos != NULL) { if (pos != NULL) {
char *str; char *str;
@ -116,7 +157,11 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
if ((str = strchr(pos, '\n')) != NULL) { if ((str = strchr(pos, '\n')) != NULL) {
pos[str - pos] = 0; pos[str - pos] = 0;
} }
} else {
hydra_report(stderr, "[ERROR] It is not NTLM authentication type\n");
return 3;
} }
// recover challenge // recover challenge
from64tobits((char *)buf1, pos); from64tobits((char *)buf1, pos);
free(http_buf); free(http_buf);
@ -127,26 +172,33 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
// create the auth response // create the auth response
if (use_proxy == 1 && proxy_authentication != NULL) if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
sprintf(buffer, sprintf(buffer,
"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header); "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 "
"(Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
else { else {
if (use_proxy == 1) if (use_proxy == 1)
sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", sprintf(buffer,
"%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
"%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, header); type, webtarget, webport, miscptr, webtarget, buf1, header);
else else
sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, sprintf(buffer,
buf1, header); "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
"%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, miscptr, webtarget, buf1, header);
} }
if (debug) if (debug)
hydra_report(stderr, "C:%s\n", buffer); hydra_report(stderr, "C:%s\n", buffer);
} } break;
break;
} }
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
free(buffer);
free(header);
return 1; return 1;
} }
@ -157,7 +209,8 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
tmpreplybuf[0] = 0; tmpreplybuf[0] = 0;
while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (index(http_buf, '\n') == NULL && complete_line == 0))) { while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (index(http_buf, '\n') == NULL && complete_line == 0))) {
if (debug) printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf); if (debug)
printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf);
if (tmpreplybuf[0] == 0 && strstr(http_buf, "HTTP/1.") != NULL) { if (tmpreplybuf[0] == 0 && strstr(http_buf, "HTTP/1.") != NULL) {
strncpy(tmpreplybuf, http_buf, sizeof(tmpreplybuf) - 1); strncpy(tmpreplybuf, http_buf, sizeof(tmpreplybuf) - 1);
tmpreplybuf[sizeof(tmpreplybuf) - 1] = 0; tmpreplybuf[sizeof(tmpreplybuf) - 1] = 0;
@ -170,7 +223,8 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
strcat(tmpreplybufptr, http_buf); strcat(tmpreplybufptr, http_buf);
free(http_buf); free(http_buf);
http_buf = tmpreplybufptr; http_buf = tmpreplybufptr;
if (debug) printf("http_buf now: %s\n", http_buf); if (debug)
printf("http_buf now: %s\n", http_buf);
} }
} else { } else {
free(http_buf); free(http_buf);
@ -183,28 +237,44 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
if (http_buf == NULL) { if (http_buf == NULL) {
if (verbose) if (verbose)
hydra_report(stderr, "[ERROR] Server did not answer\n"); hydra_report(stderr, "[ERROR] Server did not answer\n");
free(buffer);
free(header);
return 3; return 3;
} }
if (debug) if (debug)
hydra_report(stderr, "S:%s\n", http_buf); hydra_report(stderr, "S:%s\n", http_buf);
ptr = ((char *) index(http_buf, ' ')) + 1; ptr = ((char *)index(http_buf, ' '));
if (ptr != NULL)
ptr++;
if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) {
#ifdef HAVE_PCRE
if (end_condition_type >= 0 && hydra_string_match(http_buf, end_condition) != end_condition_type) {
#else
if (end_condition_type >= 0 && (strstr(http_buf, end_condition) == NULL ? 0 : 1) != end_condition_type) {
#endif
if (debug)
hydra_report(stderr, "End condition not match continue.\n");
hydra_completed_pair();
} else {
if (debug)
hydra_report(stderr, "END condition %s match.\n", end_condition);
hydra_report_found_host(port, ip, "www", fp); hydra_report_found_host(port, ip, "www", fp);
hydra_completed_pair_found(); hydra_completed_pair_found();
}
if (http_buf != NULL) { if (http_buf != NULL) {
free(http_buf); free(http_buf);
http_buf = NULL; http_buf = NULL;
} }
} else { } else {
if (ptr != NULL && *ptr != '4') if (ptr != NULL && *ptr != '4')
fprintf(stderr, "[WARNING] Unusual return code: %c for %s:%s\n", (char) *(index(http_buf, ' ') + 1), login, pass); fprintf(stderr, "[WARNING] Unusual return code: %.3s for %s:%s\n", (char *)ptr, login, pass);
// the first authentication type failed, check the type from server header // the first authentication type failed, check the type from server header
if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) { if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) {
//seems the auth supported is not Basic shceme so testing further // seems the auth supported is not Basic scheme so testing further
int find_auth = 0; int32_t find_auth = 0;
if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) { if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) {
http_auth_mechanism = AUTH_NTLM; http_auth_mechanism = AUTH_NTLM;
@ -220,6 +290,8 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
if (find_auth) { if (find_auth) {
// free(http_buf); // free(http_buf);
// http_buf = NULL; // http_buf = NULL;
free(buffer);
free(header);
return 1; return 1;
} }
} }
@ -227,42 +299,30 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
} }
// free(http_buf); // free(http_buf);
// http_buf = NULL; // http_buf = NULL;
free(buffer);
free(header);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3; return 3;
return 1; return 1;
} }
void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) { void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char *type) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL;
char *ptr, *ptr2; char *ptr, *ptr2;
ptr_header_node ptr_head = NULL;
#ifdef AF_INET6
unsigned char addr6[sizeof(struct in6_addr)];
#endif
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return; return;
if ((webtarget = strstr(miscptr, "://")) != NULL) { if (strlen(miscptr) == 0)
webtarget += strlen("://"); miscptr = strdup("/");
if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */
*ptr2 = 0;
ptr2++;
ptr = ptr2;
if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL)
miscptr = ptr;
else
miscptr = slash; /* to make things easier to user */
} else if ((ptr2 = index(webtarget, '/')) != NULL) {
miscptr = malloc(strlen(ptr2) + 1);
freemischttp = 1;
strcpy(miscptr, ptr2);
*ptr2 = 0;
} else
webtarget = NULL;
}
if (cmdlinetarget != NULL && webtarget == NULL)
webtarget = cmdlinetarget;
else if (webtarget == NULL && cmdlinetarget == NULL)
webtarget = hydra_address2string(ip);
if (port != 0) if (port != 0)
webport = port; webport = port;
else if ((options & OPTION_SSL) == 0) else if ((options & OPTION_SSL) == 0)
@ -270,6 +330,42 @@ void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE *
else else
webport = mysslport; webport = mysslport;
/* normalise the webtarget for ipv6/port number */
webtarget = malloc(strlen(hostname) + 1 /* null */ + 6 /* :65535 */
#ifdef AF_INET6
+ 2 /* [] */
#endif
);
#ifdef AF_INET6
/* let libc decide if target is an ipv6 address */
if (inet_pton(AF_INET6, hostname, addr6)) {
ptr = webtarget + sprintf(webtarget, "[%s]", hostname);
} else {
#endif
ptr = webtarget + sprintf(webtarget, "%s", hostname);
#ifdef AF_INET6
}
#endif
if (options & OPTION_SSL && webport != PORT_HTTP_SSL || !(options & OPTION_SSL) && webport != PORT_HTTP) {
sprintf(ptr, ":%d", webport);
}
ptr = NULL;
/* Advance to options string */
ptr = miscptr;
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
ptr++;
if (*ptr != 0)
*ptr++ = 0;
optional1 = ptr;
if (!parse_options(optional1,
&ptr_head)) // this function is in hydra-http-form.c !!
run = 4;
if (http_auth_mechanism == AUTH_UNASSIGNED)
http_auth_mechanism = AUTH_BASIC;
while (1) { while (1) {
next_run = 0; next_run = 0;
switch (run) { switch (run) {
@ -285,31 +381,26 @@ void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
if (freemischttp) if (quiet != 1)
free(miscptr); fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
next_run = 2; next_run = 2;
break; break;
} }
case 2: /* run the cracking function */ case 2: /* run the cracking function */
next_run = start_http(sock, ip, port, options, miscptr, fp, type); next_run = start_http(sock, ip, port, options, miscptr, fp, type, ptr_head);
break; break;
case 3: /* clean exit */ case 3: /* clean exit */
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
if (freemischttp)
free(miscptr);
hydra_child_exit(0); hydra_child_exit(0);
return; return;
default: default:
if (freemischttp)
free(miscptr);
fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0); hydra_child_exit(0);
} }
@ -317,15 +408,13 @@ void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} }
} }
void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "GET"); }
service_http(ip, sp, options, miscptr, fp, port, "GET");
}
void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "POST"); }
service_http(ip, sp, options, miscptr, fp, port, "HEAD");
}
int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "HEAD"); }
int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -336,5 +425,55 @@ int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FI
// 0 all OK // 0 all OK
// -1 error, hydra will exit, so print a good error message here // -1 error, hydra will exit, so print a good error message here
/*POU CODE */
char *start = strstr(miscptr, "F=");
if (start == NULL)
start = strstr(miscptr, "S=");
if (start != NULL) {
if (start[0] == 'F')
end_condition_type = 0;
else
end_condition_type = 1;
int condition_len = strlen(start);
memset(end_condition, 0, END_CONDITION_MAX_LEN);
if (condition_len >= END_CONDITION_MAX_LEN) {
hydra_report(stderr, "Condition string cannot be bigger than %u.", END_CONDITION_MAX_LEN);
return -1;
}
// copy condition witout starting string (F= or S= 2char)
strncpy(end_condition, start + 2, condition_len - 2);
if (debug)
hydra_report(stderr, "End condition is %s, mod is %d\n", end_condition, end_condition_type);
if (*(start - 1) == ' ')
start--;
memset(start, '\0', condition_len);
if (debug)
hydra_report(stderr, "Modificated options:%s\n", miscptr);
} else {
if (debug)
hydra_report(stderr, "Condition not found\n");
}
return 0; return 0;
} }
void usage_http(const char *service) {
printf("Module %s requires the page to authenticate.\n"
"The following parameters are optional:\n"
" (a|A)=auth-type specify authentication mechanism to use: BASIC, "
"NTLM or MD5\n"
" (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each "
"request\n"
" (F|S)=check for text in the HTTP reply. S= means if this text is "
"found, a\n"
" valid account has been found, F= means if this string is "
"present the\n"
" combination is invalid. Note: this must be the last option "
"supplied.\n"
"For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: "
"sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n",
service);
}

21
hydra-http.h Normal file
View file

@ -0,0 +1,21 @@
#ifndef _HYDRA_HTTP_H
#define _HYDRA_HTTP_H
#include "hydra-mod.h"
/* HTTP Header Types */
#define HEADER_TYPE_USERHEADER 'h'
#define HEADER_TYPE_USERHEADER_REPL 'H'
#define HEADER_TYPE_DEFAULT 'D'
#define HEADER_TYPE_DEFAULT_REPL 'd'
typedef struct header_node t_header_node, *ptr_header_node;
extern char *webtarget;
extern char *slash;
extern char *optional1;
extern int32_t parse_options(char *miscptr, ptr_header_node *ptr_head);
extern int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char type);
extern char *stringify_headers(ptr_header_node *ptr_head);
#endif

72
hydra-icq.c
View file

@ -1,40 +1,18 @@
#include "hydra-mod.h" #include "hydra-mod.h"
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
extern int child_head_no; extern int32_t child_head_no;
int seq = 1; int32_t seq = 1;
const unsigned char icq5_table[] = { const unsigned char icq5_table[] = {0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C, 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F, 0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64, 0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48,
0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C, 0x33, 0x31, 0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A, 0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35,
0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F, 0x5A, 0x4A, 0x62, 0x66, 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44, 0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x3E,
0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50, 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A, 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67, 0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D, 0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35, 0x5A, 0x00, 0x00};
0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64,
0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C,
0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48, 0x33, 0x31,
0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48,
0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A,
0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F,
0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64,
0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50,
0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35, 0x5A, 0x4A, 0x62, 0x66,
0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58,
0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C,
0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44,
0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C,
0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59,
0x60, 0x57, 0x5B, 0x3D, 0x3E, 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A,
0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B,
0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67,
0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D,
0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43,
0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35,
0x5A, 0x00, 0x00
};
void fix_packet(char *buf, int len) { void fix_packet(char *buf, int32_t len) {
unsigned long c1, c2; unsigned long c1, c2;
unsigned long r1, r2; unsigned long r1, r2;
int pos, key, k; int32_t pos, key, k;
c1 = buf[8]; c1 = buf[8];
c1 <<= 8; c1 <<= 8;
@ -83,10 +61,10 @@ void icq_header(char *buf, unsigned short cmd, unsigned long uin) {
buf[9] = (uin >> 24) & 0xff; buf[9] = (uin >> 24) & 0xff;
} }
int icq_login(int s, char *login, char *pass) { int32_t icq_login(int32_t s, char *login, char *pass) {
unsigned long uin = strtoul(login, NULL, 10); unsigned long uin = strtoul(login, NULL, 10);
char buf[256]; char buf[256];
int len; int32_t len;
bzero(buf, sizeof(buf)); bzero(buf, sizeof(buf));
@ -103,7 +81,7 @@ int icq_login(int s, char *login, char *pass) {
return (hydra_send(s, buf, 43 + len, 0)); return (hydra_send(s, buf, 43 + len, 0));
} }
int icq_login_1(int s, char *login) { int32_t icq_login_1(int32_t s, char *login) {
unsigned long uin = strtoul(login, NULL, 10); unsigned long uin = strtoul(login, NULL, 10);
char buf[64]; char buf[64];
@ -111,7 +89,7 @@ int icq_login_1(int s, char *login) {
return (hydra_send(s, buf, 10, 0)); return (hydra_send(s, buf, 10, 0));
} }
int icq_disconnect(int s, char *login) { int32_t icq_disconnect(int32_t s, char *login) {
unsigned long uin = strtoul(login, NULL, 10); unsigned long uin = strtoul(login, NULL, 10);
char buf[64]; char buf[64];
@ -123,7 +101,7 @@ int icq_disconnect(int s, char *login) {
return (hydra_send(s, buf, 34, 0)); return (hydra_send(s, buf, 34, 0));
} }
int icq_ack(int s, char *login) { int32_t icq_ack(int32_t s, char *login) {
unsigned long uin = strtoul(login, NULL, 10); unsigned long uin = strtoul(login, NULL, 10);
char buf[64]; char buf[64];
@ -141,11 +119,11 @@ int icq_ack(int s, char *login) {
return (hydra_send(s, buf, 10, 0)); return (hydra_send(s, buf, 10, 0));
} }
int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * fp) { int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE *output, char *miscptr, FILE *fp) {
unsigned char buf[1024]; unsigned char buf[1024];
char *login, *pass; char *login, *pass;
char *empty = ""; char *empty = "";
int i, r; int32_t i, r;
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
return 2; return 2;
@ -153,7 +131,7 @@ int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE *
pass = empty; pass = empty;
for (i = 0; login[i]; i++) for (i = 0; login[i]; i++)
if (!isdigit((int) login[i])) { if (!isdigit((int32_t)login[i])) {
fprintf(stderr, "[ERROR] Invalid UIN %s\n, ignoring.", login); fprintf(stderr, "[ERROR] Invalid UIN %s\n, ignoring.", login);
hydra_completed_pair(); hydra_completed_pair();
return 2; return 2;
@ -168,7 +146,7 @@ int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE *
if (r < 0) { if (r < 0) {
if (verbose) if (verbose)
fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int) getpid()); fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int32_t)getpid());
return 3; return 3;
} }
@ -188,7 +166,8 @@ int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE *
break; break;
} }
/* if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0)) */ /* if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0))
*/
} }
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -196,9 +175,9 @@ int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE *
return 1; return 1;
} }
void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_ICQ; int32_t myport = PORT_ICQ;
if (port) if (port)
myport = port; myport = port;
@ -221,7 +200,8 @@ void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE *
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
sock = hydra_connect_udp(ip, myport); sock = hydra_connect_udp(ip, myport);
if (sock < 0) { if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
next_run = 2; next_run = 2;
@ -233,15 +213,17 @@ void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE *
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
hydra_child_exit(2); hydra_child_exit(2);
break;
default: default:
fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2); hydra_child_exit(2);
break;
} }
run = next_run; run = next_run;
} }
} }
int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_icq_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.

120
hydra-imap.c
View file

@ -3,13 +3,13 @@
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf; char *buf;
int counter; int32_t counter;
int imap_auth_mechanism = AUTH_CLEAR; int32_t imap_auth_mechanism = AUTH_CLEAR;
char *imap_read_server_capacity(int sock) { char *imap_read_server_capacity(int32_t sock) {
char *ptr = NULL; char *ptr = NULL;
int resp = 0; int32_t resp = 0;
char *buf = NULL; char *buf = NULL;
do { do {
@ -19,8 +19,9 @@ char *imap_read_server_capacity(int sock) {
if (buf != NULL) { if (buf != NULL) {
if (strstr(buf, "CAPABILITY") != NULL && buf[0] == '*') { if (strstr(buf, "CAPABILITY") != NULL && buf[0] == '*') {
resp = 1; resp = 1;
usleep(300000); usleepn(300);
/* we got the capability info then get the completed warning info from server */ /* we got the capability info then get the completed warning info from
* server */
while (hydra_data_ready(sock)) { while (hydra_data_ready(sock)) {
free(buf); free(buf);
buf = hydra_receive_line(sock); buf = hydra_receive_line(sock);
@ -30,7 +31,7 @@ char *imap_read_server_capacity(int sock) {
buf[strlen(buf) - 1] = 0; buf[strlen(buf) - 1] = 0;
if (buf[strlen(buf) - 1] == '\r') if (buf[strlen(buf) - 1] == '\r')
buf[strlen(buf) - 1] = 0; buf[strlen(buf) - 1] = 0;
if (isdigit((int) *ptr) && *(ptr + 1) == ' ') { if (isdigit((int32_t)*ptr) && *(ptr + 1) == ' ') {
resp = 1; resp = 1;
} }
} }
@ -39,8 +40,8 @@ char *imap_read_server_capacity(int sock) {
return buf; return buf;
} }
int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "", *result = NULL;
char *login, *pass, buffer[500], buffer2[500], *fooptr; char *login, *pass, buffer[500], buffer2[500], *fooptr;
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
@ -102,16 +103,18 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr,
} }
free(buf); free(buf);
memset(buffer, 0, sizeof(buffer)); memset(buffer2, 0, sizeof(buffer2));
sasl_plain(buffer, login, pass); result = sasl_plain(buffer2, login, pass);
sprintf(buffer, "%.250s\r\n", buffer); if (result == NULL)
return 3;
sprintf(buffer, "%.250s\r\n", buffer2);
break; break;
#ifdef LIBOPENSSL #ifdef LIBOPENSSL
case AUTH_CRAMMD5: case AUTH_CRAMMD5:
case AUTH_CRAMSHA1: case AUTH_CRAMSHA1:
case AUTH_CRAMSHA256: { case AUTH_CRAMSHA256: {
int rc = 0; int32_t rc = 0;
char *preplogin; char *preplogin;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
@ -120,7 +123,6 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr,
} }
switch (imap_auth_mechanism) { switch (imap_auth_mechanism) {
case AUTH_CRAMMD5: case AUTH_CRAMMD5:
sprintf(buffer, "%d AUTHENTICATE CRAM-MD5\r\n", counter); sprintf(buffer, "%d AUTHENTICATE CRAM-MD5\r\n", counter);
break; break;
@ -161,26 +163,32 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr,
switch (imap_auth_mechanism) { switch (imap_auth_mechanism) {
case AUTH_CRAMMD5: { case AUTH_CRAMMD5: {
sasl_cram_md5(buffer2, pass, buffer); result = sasl_cram_md5(buffer2, pass, buffer);
if (result == NULL)
return 3;
sprintf(buffer, "%s %.250s", preplogin, buffer2); sprintf(buffer, "%s %.250s", preplogin, buffer2);
} } break;
break;
case AUTH_CRAMSHA1: { case AUTH_CRAMSHA1: {
sasl_cram_sha1(buffer2, pass, buffer); result = sasl_cram_sha1(buffer2, pass, buffer);
if (result == NULL)
return 3;
sprintf(buffer, "%s %.250s", preplogin, buffer2); sprintf(buffer, "%s %.250s", preplogin, buffer2);
} } break;
break;
case AUTH_CRAMSHA256: { case AUTH_CRAMSHA256: {
sasl_cram_sha256(buffer2, pass, buffer); result = sasl_cram_sha256(buffer2, pass, buffer);
if (result == NULL)
return 3;
sprintf(buffer, "%s %.250s", preplogin, buffer2); sprintf(buffer, "%s %.250s", preplogin, buffer2);
} } break;
break;
} }
hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer));
sprintf(buffer, "%.250s\r\n", buffer);
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
strcpy(buffer, tmp_buffer);
free(preplogin); free(preplogin);
} } break;
break;
case AUTH_DIGESTMD5: { case AUTH_DIGESTMD5: {
sprintf(buffer, "%d AUTHENTICATE DIGEST-MD5\r\n", counter); sprintf(buffer, "%d AUTHENTICATE DIGEST-MD5\r\n", counter);
@ -202,21 +210,20 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr,
hydra_report(stderr, "DEBUG S: %s\n", buffer); hydra_report(stderr, "DEBUG S: %s\n", buffer);
fooptr = buffer2; fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL);
if (fooptr == NULL) if (result == NULL)
return 3; return 3;
if (debug) if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer2); hydra_report(stderr, "DEBUG C: %s\n", buffer2);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2); sprintf(buffer, "%s\r\n", buffer2);
} } break;
break;
case AUTH_SCRAMSHA1: { case AUTH_SCRAMSHA1: {
char clientfirstmessagebare[200]; char clientfirstmessagebare[200];
char serverfirstmessage[200]; char serverfirstmessage[200];
char *preplogin; char *preplogin;
int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) { if (rc) {
return 3; return 3;
@ -263,16 +270,15 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr,
memset(buffer2, 0, sizeof(buffer2)); memset(buffer2, 0, sizeof(buffer2));
fooptr = buffer2; fooptr = buffer2;
sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); result = sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage);
if (fooptr == NULL) { if (result == NULL) {
hydra_report(stderr, "[ERROR] Can't compute client response\n"); hydra_report(stderr, "[ERROR] Can't compute client response\n");
return 1; return 1;
} }
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2); sprintf(buffer, "%s\r\n", buffer2);
} }
} } break;
break;
#endif #endif
case AUTH_NTLM: { case AUTH_NTLM: {
unsigned char buf1[4096]; unsigned char buf1[4096];
@ -316,8 +322,7 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr,
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
sprintf(buffer, "%s\r\n", buf1); sprintf(buffer, "%s\r\n", buf1);
} } break;
break;
default: default:
// clear authentication // clear authentication
sprintf(buffer, "%d LOGIN \"%.100s\" \"%.100s\"\r\n", counter, login, pass); sprintf(buffer, "%d LOGIN \"%.100s\" \"%.100s\"\r\n", counter, login, pass);
@ -349,9 +354,9 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1; return 1;
} }
void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 1; int32_t myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 1;
char *buffer1 = "1 CAPABILITY\r\n"; char *buffer1 = "1 CAPABILITY\r\n";
hydra_register_socket(sp); hydra_register_socket(sp);
@ -362,7 +367,7 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
case 1: /* connect and service init function */ case 1: /* connect and service init function */
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(275000); // usleepn(275);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -371,12 +376,12 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
if (verbose || debug) if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
buf = hydra_receive_line(sock); buf = hydra_receive_line(sock);
@ -400,28 +405,30 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} }
if ((miscptr != NULL) && (strlen(miscptr) > 0)) { if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
int i; int32_t i;
for (i = 0; i < strlen(miscptr); i++) for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]); miscptr[i] = (char)toupper((int32_t)miscptr[i]);
if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) { if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) {
disable_tls = 0; disable_tls = 0;
} }
} }
#ifdef LIBOPENSSL #ifdef LIBOPENSSL
if (!disable_tls) { if (!disable_tls) {
/* check for STARTTLS, if available we may have access to more basic auth methods */ /* check for STARTTLS, if available we may have access to more basic
* auth methods */
if (strstr(buf, "STARTTLS") != NULL) { if (strstr(buf, "STARTTLS") != NULL) {
hydra_send(sock, "2 STARTTLS\r\n", strlen("2 STARTTLS\r\n"), 0); hydra_send(sock, "2 STARTTLS\r\n", strlen("2 STARTTLS\r\n"), 0);
counter++; counter++;
free(buf); free(buf);
buf = hydra_receive_line(sock); buf = hydra_receive_line(sock);
if (buf == NULL || (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL)) { if (buf == NULL || (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL)) {
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer "
"received from STARTTLS request\n");
} else { } else {
free(buf); free(buf);
if ((hydra_connect_to_ssl(sock) == -1)) { if ((hydra_connect_to_ssl(sock, hostname) == -1)) {
if (verbose) if (verbose)
hydra_report(stderr, "[ERROR] Can't use TLS\n"); hydra_report(stderr, "[ERROR] Can't use TLS\n");
disable_tls = 1; disable_tls = 1;
@ -440,7 +447,8 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
hydra_child_exit(2); hydra_child_exit(2);
} }
} else } else
hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is "
"not supported by the server\n");
} }
#endif #endif
@ -483,7 +491,6 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
free(buf); free(buf);
if ((miscptr != NULL) && (strlen(miscptr) > 0)) { if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
if (strstr(miscptr, "CLEAR")) if (strstr(miscptr, "CLEAR"))
imap_auth_mechanism = AUTH_CLEAR; imap_auth_mechanism = AUTH_CLEAR;
@ -567,7 +574,7 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} }
} }
int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -580,3 +587,12 @@ int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FI
return 0; return 0;
} }
void usage_imap(const char *service) {
printf("Module imap is optionally taking one authentication type of:\n"
" CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
" CRAM-SHA256, DIGEST-MD5, NTLM\n"
"Additionally TLS encryption via STARTTLS can be enforced with the "
"TLS option.\n\n"
"Example: imap://target/TLS:PLAIN\n");
}

61
hydra-irc.c
View file

@ -7,14 +7,13 @@ RFC 1459: Internet Relay Chat Protocol
*/ */
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf;
char buffer[300] = ""; char buffer[300] = "";
int myport = PORT_IRC, mysslport = PORT_IRC_SSL; int32_t myport = PORT_IRC, mysslport = PORT_IRC_SSL;
int start_oper_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_oper_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "";
char *login, *pass; char *login, *pass;
int ret; int32_t ret;
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
@ -42,7 +41,7 @@ int start_oper_irc(int s, char *ip, int port, unsigned char options, char *miscp
return 2; return 2;
} }
int send_nick(int s, char *ip, char *pass) { int32_t send_nick(int32_t s, char *ip, char *pass) {
if (strlen(pass) > 0) { if (strlen(pass) > 0) {
sprintf(buffer, "PASS %s\r\n", pass); sprintf(buffer, "PASS %s\r\n", pass);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
@ -53,17 +52,17 @@ int send_nick(int s, char *ip, char *pass) {
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return -1; return -1;
} }
sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int) getpid(), (int) getpid(), hydra_address2string(ip)); sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int32_t)getpid(), (int32_t)getpid(), hydra_address2string(ip));
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return -1; return -1;
} }
return 0; return 0;
} }
int irc_server_connect(char *ip, int sock, int port, unsigned char options) { int32_t irc_server_connect(char *ip, int32_t sock, int32_t port, unsigned char options, char *hostname) {
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(275000); // usleepn(275);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -72,23 +71,23 @@ int irc_server_connect(char *ip, int sock, int port, unsigned char options) {
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
return sock; return sock;
} }
int start_pass_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) {
char *empty = ""; char *empty = "";
char *pass; char *pass;
int ret; int32_t ret;
if (strlen(pass = hydra_get_next_password()) == 0) if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty; pass = empty;
s = irc_server_connect(ip, s, port, options); s = irc_server_connect(ip, s, port, options, hostname);
if (s < 0) { if (s < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
return 3; return 3;
} }
@ -106,10 +105,16 @@ int start_pass_irc(int s, char *ip, int port, unsigned char options, char *miscp
#endif #endif
hydra_report_pass_found(port, ip, "irc", fp); hydra_report_pass_found(port, ip, "irc", fp);
hydra_completed_pair_found(); hydra_completed_pair_found();
hydra_report(stderr, "[INFO] Server password '%s' is working, you can pass it as argument\nto irc module to then try login/password oper mode\n", pass); hydra_report(stderr,
"[INFO] Server password '%s' is working, you can pass it as "
"argument\nto irc module to then try login/password oper mode\n",
pass);
} else { } else {
if (verbose && (miscptr != NULL)) if (verbose && (miscptr != NULL))
hydra_report(stderr, "[VERBOSE] Server is requesting a general password, '%s' you entered is not working\n", miscptr); hydra_report(stderr,
"[VERBOSE] Server is requesting a general password, '%s' "
"you entered is not working\n",
miscptr);
hydra_completed_pair(); hydra_completed_pair();
} }
@ -118,8 +123,8 @@ int start_pass_irc(int s, char *ip, int port, unsigned char options, char *miscp
return 4; return 4;
} }
void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1, ret; int32_t run = 1, next_run = 1, sock = -1, ret;
char *buf; char *buf;
hydra_register_socket(sp); hydra_register_socket(sp);
@ -131,9 +136,9 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE *
switch (run) { switch (run) {
case 1: /* connect and service init function */ case 1: /* connect and service init function */
sock = irc_server_connect(ip, sock, port, options); sock = irc_server_connect(ip, sock, port, options, hostname);
if (sock < 0) { if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
@ -181,10 +186,14 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE *
hydra_child_exit(0); hydra_child_exit(0);
} }
/* ERROR :Bad password is returned from ngircd when it s waiting for a server password */ /* ERROR :Bad password is returned from ngircd when it s waiting for a
* server password */
if ((ret > 0) && (strstr(buffer, " 001 ") == NULL)) { if ((ret > 0) && (strstr(buffer, " 001 ") == NULL)) {
/* seems we not successfully connected */ /* seems we not successfully connected */
hydra_report(stderr, "[ERROR] should not be able to identify server msg, please report it\n%s\n", buffer); hydra_report(stderr,
"[ERROR] should not be able to identify server msg, "
"please report it\n%s\n",
buffer);
hydra_child_exit(0); hydra_child_exit(0);
} }
@ -199,7 +208,7 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE *
hydra_child_exit(0); hydra_child_exit(0);
return; return;
case 4: case 4:
next_run = start_pass_irc(sock, ip, port, options, miscptr, fp); next_run = start_pass_irc(sock, ip, port, options, miscptr, fp, hostname);
break; break;
default: default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
@ -209,7 +218,7 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} }
} }
int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -222,3 +231,9 @@ int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FIL
return 0; return 0;
} }
void usage_irc(const char *service) {
printf("Module irc is optionally taking the general server password, if the "
"server is requiring one, and if none is passed the password from "
"-p/-P will be used\n\n");
}

97
hydra-ldap.c
View file

@ -4,15 +4,15 @@
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
unsigned char *buf; unsigned char *buf;
int counter; int32_t counter;
int tls_required = 0; int32_t tls_required = 0;
int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char version, int auth_method) { int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char version, int32_t auth_method) {
char *empty = ""; char *empty = "", *result = NULL;
char *login = "", *pass, *fooptr = ""; char *login = "", *pass, *fooptr = "";
unsigned char buffer[512]; unsigned char buffer[512];
int length = 0; int32_t length = 0;
int ldap_auth_mechanism = auth_method; int32_t ldap_auth_mechanism = auth_method;
/* /*
The LDAP "simple" method has three modes of operation: The LDAP "simple" method has three modes of operation:
@ -123,8 +123,8 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr,
ptr = strstr((char *)buf, "<"); ptr = strstr((char *)buf, "<");
fooptr = buf2; fooptr = buf2;
sasl_cram_md5(fooptr, pass, ptr); result = sasl_cram_md5(fooptr, pass, ptr);
if (fooptr == NULL) if (result == NULL)
return 1; return 1;
counter++; counter++;
if (strstr(miscptr, "^USER^") != NULL) { if (strstr(miscptr, "^USER^") != NULL) {
@ -170,7 +170,7 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr,
if (ldap_auth_mechanism == AUTH_DIGESTMD5) { if (ldap_auth_mechanism == AUTH_DIGESTMD5) {
char *ptr; char *ptr;
char buffer2[500]; char buffer2[500];
int ind = 0; int32_t ind = 0;
ptr = strstr((char *)buf, "realm="); ptr = strstr((char *)buf, "realm=");
@ -180,8 +180,8 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr,
} }
fooptr = buffer2; fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL); result = sasl_digest_md5(fooptr, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL);
if (fooptr == NULL) { if (result == NULL) {
free(buf); free(buf);
return 3; return 3;
} }
@ -306,13 +306,19 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr,
if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 53) { if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 53) {
if (verbose) if (verbose)
hydra_report(stderr, "[VERBOSE] Server unwilling to perform action, maybe deny by server config or too busy when tried login: %s password: %s\n", login, pass); hydra_report(stderr,
"[VERBOSE] Server unwilling to perform action, maybe deny by server "
"config or too busy when tried login: %s password: %s\n",
login, pass);
free(buf); free(buf);
return 1; return 1;
} }
if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 2) { if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 2) {
hydra_report(stderr, "[ERROR] Invalid protocol version, you tried ldap%c, better try ldap%c\n", version + '0', version == 2 ? '3' : '2'); hydra_report(stderr,
"[ERROR] Invalid protocol version, you tried ldap%c, better "
"try ldap%c\n",
version + '0', version == 2 ? '3' : '2');
free(buf); free(buf);
hydra_child_exit(2); hydra_child_exit(2);
sleep(1); sleep(1);
@ -335,7 +341,6 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr,
} }
} }
} else { } else {
if (buf[9] != 49 && buf[9] != 2 && buf[9] != 53) { if (buf[9] != 49 && buf[9] != 2 && buf[9] != 53) {
hydra_report(stderr, "[ERROR] Uh, unknown LDAP response! Please report this: \n"); hydra_report(stderr, "[ERROR] Uh, unknown LDAP response! Please report this: \n");
print_hex((unsigned char *)buf, 24); print_hex((unsigned char *)buf, 24);
@ -351,9 +356,9 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr,
return 2; return 2;
} }
void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char version, int auth_method) { void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char version, int32_t auth_method) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_LDAP, mysslport = PORT_LDAP_SSL; int32_t myport = PORT_LDAP, mysslport = PORT_LDAP_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -363,7 +368,7 @@ void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
case 1: /* connect and service init function */ case 1: /* connect and service init function */
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(275000); // usleepn(275);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -372,18 +377,20 @@ void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
if (verbose || debug) if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
counter = 1; counter = 1;
if (tls_required) { if (tls_required) {
/* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC 2830 */ /* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC
char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37"; * 2830 */
char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31"
"\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37";
if (hydra_send(sock, confidentiality_required, strlen(confidentiality_required), 0) < 0) if (hydra_send(sock, confidentiality_required, strlen(confidentiality_required), 0) < 0)
hydra_child_exit(1); hydra_child_exit(1);
@ -393,7 +400,8 @@ void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) { if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) {
/* TLS option negociation goes well, now trying to connect */ /* TLS option negociation goes well, now trying to connect */
if ((hydra_connect_to_ssl(sock) == -1) && verbose) { free(buf);
if ((hydra_connect_to_ssl(sock, hostname) == -1) && verbose) {
hydra_report(stderr, "[ERROR] Can't use TLS\n"); hydra_report(stderr, "[ERROR] Can't use TLS\n");
hydra_child_exit(1); hydra_child_exit(1);
} else { } else {
@ -403,13 +411,14 @@ void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} }
} else { } else {
hydra_report(stderr, "[ERROR] Can't use TLS %s\n", buf); hydra_report(stderr, "[ERROR] Can't use TLS %s\n", buf);
free(buf);
hydra_child_exit(1); hydra_child_exit(1);
} }
} }
next_run = 2; next_run = 2;
break; break;
case 2: /* run the cracking function */ case 2: /* run the cracking function */
next_run = start_ldap(sock, ip, port, options, miscptr, fp, version, auth_method); next_run = start_ldap(sock, ip, port, options, miscptr, fp, hostname, version, auth_method);
counter++; counter++;
break; break;
case 3: /* clean exit */ case 3: /* clean exit */
@ -425,23 +434,15 @@ void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} }
} }
void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 2, AUTH_CLEAR); }
service_ldap(ip, sp, options, miscptr, fp, port, 2, AUTH_CLEAR);
}
void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CLEAR); }
service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_CLEAR);
}
void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CRAMMD5); }
service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_CRAMMD5);
}
void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_DIGESTMD5); }
service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_DIGESTMD5);
}
int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -451,6 +452,28 @@ int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FI
// return codes: // return codes:
// 0 all OK // 0 all OK
// -1 error, hydra will exit, so print a good error message here // -1 error, hydra will exit, so print a good error message here
if (miscptr != NULL && strlen(miscptr) > 220) {
fprintf(stderr, "[ERROR] the option string to this module may not be "
"larger than 220 bytes\n");
return -1;
}
return 0; return 0;
} }
void usage_ldap(const char *service) {
printf("Module %s is optionally taking the DN (depending of the auth method "
"choosed\n"
"Note: you can also specify the DN as login when Simple auth method "
"is used).\n"
"The keyword \"^USER^\" is replaced with the login.\n"
"Special notes for Simple method has 3 operation modes: anonymous, "
"(no user no pass),\n"
"unauthenticated (user but no pass), user/pass authenticated (user "
"and pass).\n"
"So don't forget to set empty string as user/pass to test all modes.\n"
"Hint: to authenticate to a windows active directory ldap, this is "
"usually\n"
" cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n",
service);
}

176
hydra-memcached.c Normal file
View file

@ -0,0 +1,176 @@
// This plugin was written by <david dot maciejak at gmail D O T com>
// Tested on memcached 1.5.6-0ubuntu1
#ifdef LIBMCACHED
#include <libmemcached/memcached.h>
#endif
#include "hydra-mod.h"
#ifndef LIBMCACHED
void dummy_mcached() { printf("\n"); }
#else
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
extern char *HYDRA_EXIT;
int mcached_send_com_quit(int32_t sock) {
char *com_quit = "quit\r\n";
if (hydra_send(sock, com_quit, strlen(com_quit), 0) < 0)
return 1;
return 0;
}
int mcached_send_com_version(int32_t sock) {
char *com_version = "version\r\n";
if (hydra_send(sock, com_version, strlen(com_version), 0) < 0)
return 1;
return 0;
}
int32_t start_mcached(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass;
memcached_server_st *servers = NULL;
memcached_return_t rc;
memcached_st *cache;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
cache = memcached_create(NULL);
rc = memcached_set_sasl_auth_data(cache, login, pass);
if (rc != MEMCACHED_SUCCESS) {
if (verbose)
hydra_report(stderr, "[ERROR] Couldn't setup SASL auth: %s\n", memcached_strerror(cache, rc));
memcached_free(cache);
return 3;
}
rc = memcached_behavior_set(cache, MEMCACHED_BEHAVIOR_BINARY_PROTOCOL, 1);
if (rc != MEMCACHED_SUCCESS) {
if (verbose)
hydra_report(stderr, "[ERROR] Couldn't use the binary protocol: %s\n", memcached_strerror(cache, rc));
memcached_destroy_sasl_auth_data(cache);
memcached_free(cache);
return 3;
}
rc = memcached_behavior_set(cache, MEMCACHED_BEHAVIOR_CONNECT_TIMEOUT, 10000);
if (rc != MEMCACHED_SUCCESS) {
if (verbose)
hydra_report(stderr, "[ERROR] Couldn't set the connect timeout: %s\n", memcached_strerror(cache, rc));
memcached_destroy_sasl_auth_data(cache);
memcached_free(cache);
return 3;
}
servers = memcached_server_list_append(servers, hydra_address2string(ip), port, &rc);
rc = memcached_server_push(cache, servers);
if (rc != MEMCACHED_SUCCESS) {
if (verbose)
hydra_report(stderr, "[ERROR] Couldn't add server: %s\n", memcached_strerror(cache, rc));
memcached_destroy_sasl_auth_data(cache);
memcached_free(cache);
return 3;
}
rc = memcached_stat_execute(cache, "", NULL, NULL);
if (rc != MEMCACHED_SUCCESS) {
if (verbose)
hydra_report(stderr, "[ERROR] Couldn't get server stats: %s\n", memcached_strerror(cache, rc));
memcached_destroy_sasl_auth_data(cache);
memcached_free(cache);
hydra_completed_pair_skip();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
return 3;
}
return 2;
}
memcached_destroy_sasl_auth_data(cache);
memcached_free(cache);
hydra_report_found_host(port, ip, "memcached", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp);
while (1) {
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
switch (run) {
case 1:
next_run = start_mcached(sock, ip, port, options, miscptr, fp);
break;
case 2:
hydra_child_exit(0);
return;
default:
if (!verbose)
hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose "
"option for more details\n");
hydra_child_exit(2);
}
run = next_run;
}
}
int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
int32_t sock = -1;
int32_t myport = PORT_MCACHED;
char *buf;
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Can not connect\n");
return -1;
}
if (mcached_send_com_version(sock)) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Can not send request\n");
return -1;
}
if (hydra_data_ready_timed(sock, 0, 1000) > 0) {
buf = hydra_receive_line(sock);
if (strstr(buf, "VERSION ")) {
hydra_report_found_host(port, ip, "memcached", fp);
mcached_send_com_quit(sock);
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_report(stderr, "[ERROR] Memcached server does not require any authentication\n");
}
free(buf);
return -1;
}
if (sock >= 0)
sock = hydra_disconnect(sock);
return 0;
}
#endif

574
hydra-mod.c
View file

File diff suppressed because it is too large Load diff

79
hydra-mod.h
View file

@ -3,60 +3,71 @@
#include "hydra.h" #include "hydra.h"
#ifdef __sun
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#else
#include <stdint.h>
#endif
extern char quiet; extern char quiet;
extern void hydra_child_exit(int code); extern void hydra_child_exit(int32_t code);
extern void hydra_register_socket(int s); extern void hydra_register_socket(int32_t s);
extern char *hydra_get_next_pair(); extern char *hydra_get_next_pair();
extern char *hydra_get_next_login(); extern char *hydra_get_next_login();
extern char *hydra_get_next_password(); extern char *hydra_get_next_password();
extern void hydra_completed_pair(); extern void hydra_completed_pair();
extern void hydra_completed_pair_found(); extern void hydra_completed_pair_found();
extern void hydra_completed_pair_skip(); extern void hydra_completed_pair_skip();
extern void hydra_report_found(int port, char *svc, FILE * fp); extern void hydra_report_found(int32_t port, char *svc, FILE *fp);
extern void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp); extern void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE *fp);
extern void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp); extern void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE *fp);
extern void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg); extern void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE *fp, char *msg);
extern void hydra_report_debug(FILE *st, char *format, ...); extern void hydra_report_debug(FILE *st, char *format, ...);
extern int hydra_connect_to_ssl(int socket); extern int32_t hydra_connect_to_ssl(int32_t socket, char *hostname);
extern int hydra_connect_ssl(char *host, int port); extern int32_t hydra_connect_ssl(char *host, int32_t port, char *hostname);
extern int hydra_connect_tcp(char *host, int port); extern int32_t hydra_connect_tcp(char *host, int32_t port);
extern int hydra_connect_udp(char *host, int port); extern int32_t hydra_connect_udp(char *host, int32_t port);
extern int hydra_disconnect(int socket); extern int32_t hydra_disconnect(int32_t socket);
extern int hydra_data_ready(int socket); extern int32_t hydra_data_ready(int32_t socket);
extern int hydra_recv(int socket, char *buf, int length); extern int32_t hydra_recv(int32_t socket, char *buf, uint32_t length);
extern int hydra_recv_nb(int socket, char *buf, int length); extern int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length);
extern char *hydra_receive_line(int socket); extern char *hydra_receive_line(int32_t socket);
extern int hydra_send(int socket, char *buf, int size, int options); extern int32_t hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options);
extern int make_to_lower(char *buf); extern int32_t make_to_lower(char *buf);
extern unsigned char hydra_conv64(unsigned char in); extern unsigned char hydra_conv64(unsigned char in);
extern void hydra_tobase64(unsigned char *buf, int buflen, int bufsize); extern void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize);
extern void hydra_dump_asciihex(unsigned char *string, int length); extern void hydra_dump_asciihex(unsigned char *string, int32_t length);
extern void hydra_set_srcport(int port); extern void hydra_set_srcport(int32_t port);
extern char *hydra_address2string(char *address); extern char *hydra_address2string(char *address);
extern char *hydra_address2string_beautiful(char *address);
extern char *hydra_strcasestr(const char *haystack, const char *needle); extern char *hydra_strcasestr(const char *haystack, const char *needle);
extern void hydra_dump_data(unsigned char *buf, int len, char *text); extern void hydra_dump_data(unsigned char *buf, int32_t len, char *text);
extern int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen); extern int32_t hydra_memsearch(char *haystack, int32_t hlen, char *needle, int32_t nlen);
extern char *hydra_strrep(char *string, char *oldpiece, char *newpiece); extern char *hydra_strrep(char *string, char *oldpiece, char *newpiece);
#ifdef HAVE_PCRE #ifdef HAVE_PCRE
int hydra_string_match(char *str, const char *regex); int32_t hydra_string_match(char *str, const char *regex);
#endif #endif
char *hydra_string_replace(const char *string, const char *substr, const char *replacement); char *hydra_string_replace(const char *string, const char *substr, const char *replacement);
int debug; int32_t debug;
int verbose; int32_t verbose;
int waittime; int32_t waittime;
int port; int32_t port;
int use_proxy; int32_t found;
int found; int32_t proxy_count;
char proxy_string_ip[36]; int32_t use_proxy;
int proxy_string_port; int32_t selected_proxy;
char proxy_string_type[10]; char proxy_string_ip[MAX_PROXY_COUNT][36];
char *proxy_authentication; int32_t proxy_string_port[MAX_PROXY_COUNT];
char proxy_string_type[MAX_PROXY_COUNT][10];
char *proxy_authentication[MAX_PROXY_COUNT];
char *cmdlinetarget; char *cmdlinetarget;
typedef int BOOL; typedef int32_t BOOL;
#define hydra_report fprintf #define hydra_report fprintf

185
hydra-mongodb.c Normal file
View file

@ -0,0 +1,185 @@
// This plugin was written by <david dot maciejak at gmail D O T com>
// Tested on mongodb-server 1:3.6.3-0ubuntu1
// MONGODB-CR is been deprecated
#ifdef LIBMONGODB
#include <mongoc.h>
#endif
#include "hydra-mod.h"
#ifndef LIBMONGODB
void dummy_mongodb() { printf("\n"); }
#else
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
extern char *HYDRA_EXIT;
char *buf;
#define DEFAULT_DB "admin"
int is_error_msg(char *msg) {
if (strstr(msg, "errmsg ")) {
if (debug)
hydra_report(stderr, "[ERROR] %s\n", msg);
return 1;
}
return 0;
}
int require_auth(int32_t sock) {
unsigned char m_hdr[] = "\x3f\x00\x00\x00" // messageLength (63)
"\x00\x00\x00\x41" // requestID
"\xff\xff\xff\xff" // responseTo
"\xd4\x07\x00\x00" // opCode (2004 OP_QUERY)
"\x00\x00\x00\x00" // flags
"\x61\x64\x6d\x69\x6e\x2e\x24\x63\x6d\x64\x00" // fullCollectionName
// (admin.$cmd)
"\x00\x00\x00\x00" // numberToSkip (0)
"\x01\x00\x00\x00" // numberToReturn (1)
"\x18\x00\x00\x00\x10\x6c\x69\x73\x74\x44\x61\x74\x61\x62\x61\x73\x65\x73"
"\x00\x01\x00\x00\x00\x00"; // query ({"listDatabases"=>1})
if (hydra_send(sock, m_hdr, sizeof(m_hdr), 0) > 0) {
if (hydra_data_ready_timed(sock, 0, 1000) > 0) {
buf = hydra_receive_line(sock);
return is_error_msg(buf);
}
}
return 2;
}
int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass;
char uri[256];
mongoc_client_t *client;
mongoc_database_t *database;
mongoc_collection_t *collection;
mongoc_cursor_t *cursor;
bson_t q;
const bson_t *doc;
bson_error_t error;
bool r;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
mongoc_init();
mongoc_log_set_handler(NULL, NULL);
bson_init(&q);
snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s/?authSource=%s", login, pass, hydra_address2string(ip), miscptr);
client = mongoc_client_new(uri);
if (!client)
return 3;
mongoc_client_set_appname(client, "hydra");
collection = mongoc_client_get_collection(client, miscptr, "test");
cursor = mongoc_collection_find_with_opts(collection, &q, NULL, NULL);
r = mongoc_cursor_next(cursor, &doc);
if (!r) {
r = mongoc_cursor_error(cursor, &error);
if (r) {
if (verbose)
hydra_report(stderr, "[ERROR] Can not read document: %s\n", error.message);
mongoc_cursor_destroy(cursor);
mongoc_collection_destroy(collection);
mongoc_client_destroy(client);
mongoc_cleanup();
hydra_completed_pair_skip();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
return 3;
}
return 2;
}
}
mongoc_cursor_destroy(cursor);
mongoc_collection_destroy(collection);
mongoc_client_destroy(client);
mongoc_cleanup();
hydra_report_found_host(port, ip, "mongodb", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
if (!miscptr) {
if (verbose)
hydra_report(stderr, "[INFO] Using default database \"admin\"\n");
miscptr = DEFAULT_DB;
}
hydra_register_socket(sp);
while (1) {
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
switch (run) {
case 1:
next_run = start_mongodb(sock, ip, port, options, miscptr, fp);
break;
case 2:
hydra_child_exit(0);
return;
default:
if (!verbose)
hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose "
"option for more details\n");
hydra_child_exit(2);
}
run = next_run;
}
}
int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
int32_t myport = PORT_MONGODB;
int32_t sock = -1;
if (port != 0)
myport = port;
if ((options & OPTION_SSL) == 0)
sock = hydra_connect_tcp(ip, myport);
else
sock = hydra_connect_ssl(ip, myport, hostname);
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Can not connect\n");
return -1;
}
if (!require_auth(sock)) {
hydra_report_found_host(port, ip, "mongodb", fp);
hydra_report(stderr, "[ERROR] Mongodb server does not require any authentication\n");
if (sock >= 0)
sock = hydra_disconnect(sock);
return -1;
}
if (sock >= 0)
sock = hydra_disconnect(sock);
return 0;
}
#endif
void usage_mongodb(const char *service) {
printf("Module mongodb is optionally taking a database name to attack, "
"default is \"admin\"\n\n");
}

44
hydra-mssql.c
View file

@ -5,19 +5,22 @@
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf; char *buf;
unsigned char p_hdr[] = unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00"
"\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
unsigned char p_pk2[] = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00";
unsigned char p_pk2[] = "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03" "\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03"
"\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00" "\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61" "\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61"
"\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00" "\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00"; "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00"
unsigned char p_pk3[] =
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00";
unsigned char p_pk3[] = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
@ -38,20 +41,25 @@ unsigned char p_pk3[] =
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44" "\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44"
"\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00"; "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00"
unsigned char p_lng[] = "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00"
"\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00";
unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00"
"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" "\x00\x03\x00\x00\x00"; "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00"
"\x00\x03\x00\x00\x00";
int start_mssql(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "";
char *login, *pass, buffer[1024]; char *login, *pass, buffer[1024];
char ms_login[MSLEN + 1]; char ms_login[MSLEN + 1];
char ms_pass[MSLEN + 1]; char ms_pass[MSLEN + 1];
unsigned char len_login, len_pass; unsigned char len_login, len_pass;
int ret = -1; int32_t ret = -1;
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
@ -107,9 +115,9 @@ int start_mssql(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1; return 1;
} }
void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -125,11 +133,11 @@ void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
next_run = start_mssql(sock, ip, port, options, miscptr, fp); next_run = start_mssql(sock, ip, port, options, miscptr, fp);
@ -153,7 +161,7 @@ void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE
} }
} }
int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.

81
hydra-mysql.c
View file

@ -1,19 +1,16 @@
/* mysql 3.2x.x to 4.x support - by mcbethh (at) u-n-f (dot) com */ /* mysql 3.2x.x to 4.x support - by mcbethh (at) u-n-f (dot) com */
/* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev, adding support for mysql version 5.x */ /* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev,
* adding support for mysql version 5.x */
#include "hydra-mod.h" #include "hydra-mod.h"
#ifndef HAVE_MATH_H #ifndef HAVE_MATH_H
#include <stdio.h> #include <stdio.h>
void dummy_mysql() { void dummy_mysql() { printf("\n"); }
printf("\n");
}
void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { printf("\n"); }
printf("\n");
}
#else #else
#include <math.h> #include <math.h>
@ -35,16 +32,17 @@ MYSQL *mysql = NULL;
void hydra_hash_password(unsigned long *result, const char *password); void hydra_hash_password(unsigned long *result, const char *password);
char *hydra_scramble(char *to, const char *message, const char *password); char *hydra_scramble(char *to, const char *message, const char *password);
extern int internal__hydra_recv(int socket, char *buf, int length); extern int32_t internal__hydra_recv(int32_t socket, char *buf, int32_t length);
extern int hydra_data_ready_timed(int socket, long sec, long usec); extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char mysqlsalt[9]; char mysqlsalt[9];
/* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */ /* modified hydra_receive_line, I've striped code which changed every 0x00 to
char *hydra_mysql_receive_line(int socket) { * 0x20 */
char *hydra_mysql_receive_line(int32_t socket) {
char buf[300], *buff, *buff2; char buf[300], *buff, *buff2;
int i = 0, j = 0, buff_size = 300; int32_t i = 0, j = 0, buff_size = 300;
buff = malloc(buff_size); buff = malloc(buff_size);
if (buff == NULL) if (buff == NULL)
@ -87,7 +85,7 @@ char *hydra_mysql_receive_line(int socket) {
} }
/* check if valid mysql protocol, mysql version and read salt */ /* check if valid mysql protocol, mysql version and read salt */
char hydra_mysql_init(int sock) { char hydra_mysql_init(int32_t sock) {
char *server_version, *pos, *buf; char *server_version, *pos, *buf;
unsigned char protocol; unsigned char protocol;
@ -108,7 +106,10 @@ char hydra_mysql_init(int sock) {
return 2; return 2;
} }
if (protocol > 10) { if (protocol > 10) {
fprintf(stderr, "[INFO] This is protocol version %d, only v10 is supported, not sure if it will work\n", protocol); fprintf(stderr,
"[INFO] This is protocol version %d, only v10 is supported, not "
"sure if it will work\n",
protocol);
} }
server_version = &buf[5]; server_version = &buf[5];
pos = buf + strlen(server_version) + 10; pos = buf + strlen(server_version) + 10;
@ -116,7 +117,8 @@ char hydra_mysql_init(int sock) {
if (!strstr(server_version, "3.") && !strstr(server_version, "4.") && strstr(server_version, "5.")) { if (!strstr(server_version, "3.") && !strstr(server_version, "4.") && strstr(server_version, "5.")) {
#ifndef LIBMYSQLCLIENT #ifndef LIBMYSQLCLIENT
hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck configure to see if libmysql is found\n"); hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck "
"configure to see if libmysql is found\n");
#endif #endif
free(buf); free(buf);
return 2; return 2;
@ -130,10 +132,7 @@ char hydra_mysql_init(int sock) {
char *hydra_mysql_prepare_auth(char *login, char *pass) { char *hydra_mysql_prepare_auth(char *login, char *pass) {
unsigned char *response; unsigned char *response;
unsigned long login_len = strlen(login) > 32 ? 32 : strlen(login); unsigned long login_len = strlen(login) > 32 ? 32 : strlen(login);
unsigned long response_len = 4 /* header */ + unsigned long response_len = 4 /* header */ + 2 /* client flags */ + 3 /* max packet len */ + login_len + 1 + 8 /* scrambled password len */;
2 /* client flags */ +
3 /* max packet len */ +
login_len + 1 + 8 /* scrambled password len */ ;
response = (unsigned char *)malloc(response_len + 4); response = (unsigned char *)malloc(response_len + 4);
if (response == NULL) { if (response == NULL) {
@ -169,30 +168,24 @@ char hydra_mysql_parse_response(unsigned char *response) {
return 0; return 0;
} }
char hydra_mysql_send_com_quit(int sock) { char hydra_mysql_send_com_quit(int32_t sock) {
char com_quit_packet[5] = {0x01, 0x00, 0x00, 0x00, 0x01}; char com_quit_packet[5] = {0x01, 0x00, 0x00, 0x00, 0x01};
hydra_send(sock, com_quit_packet, 5, 0); hydra_send(sock, com_quit_packet, 5, 0);
return 0; return 0;
} }
int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *response = NULL, *login = NULL, *pass = NULL; char *response = NULL, *login = NULL, *pass = NULL;
unsigned long response_len; unsigned long response_len;
char res = 0; char res = 0;
char database[256]; char *database = NULL;
login = hydra_get_next_login(); login = hydra_get_next_login();
pass = hydra_get_next_password(); pass = hydra_get_next_password();
if (miscptr) if (miscptr)
strncpy(database, miscptr, sizeof(database) - 1); database = miscptr;
else {
strncpy(database, DEFAULT_DB, sizeof(database) - 1);
if (verbose)
hydra_report(stderr, "[VERBOSE] using default db 'mysql'\n");
}
database[sizeof(database) - 1] = 0;
/* read server greeting */ /* read server greeting */
res = hydra_mysql_init(sock); res = hydra_mysql_init(sock);
@ -212,8 +205,8 @@ int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscp
} }
} }
/*mysql_options(&mysql,MYSQL_OPT_COMPRESS,0); */ /*mysql_options(&mysql,MYSQL_OPT_COMPRESS,0); */
if (!mysql_real_connect(mysql, hydra_address2string(ip), login, pass, database, 0, NULL, 0)) { if (!mysql_real_connect(mysql, hydra_address2string(ip), login, pass, database, port, NULL, 0)) {
int my_errno = mysql_errno(mysql); int32_t my_errno = mysql_errno(mysql);
if (debug) if (debug)
hydra_report(stderr, "[ERROR] Failed to connect to database: %s\n", mysql_error(mysql)); hydra_report(stderr, "[ERROR] Failed to connect to database: %s\n", mysql_error(mysql));
@ -227,7 +220,8 @@ int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscp
} }
if (my_errno == 1251) { if (my_errno == 1251) {
hydra_report(stderr, "[ERROR] Client does not support authentication protocol requested by server\n"); hydra_report(stderr, "[ERROR] Client does not support authentication "
"protocol requested by server\n");
} }
/* /*
@ -308,9 +302,9 @@ int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscp
return 1; return 1;
} }
void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_MYSQL; int32_t myport = PORT_MYSQL;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -322,7 +316,7 @@ void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE
hydra_mysql_send_com_quit(sock); hydra_mysql_send_com_quit(sock);
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
} }
// usleep(300000); // usleepn(300);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -330,7 +324,8 @@ void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE
port = myport; port = myport;
} }
if (sock < 0) { if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
next_run = 2; next_run = 2;
@ -355,8 +350,6 @@ void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE
#ifndef LIBMYSQLCLIENT #ifndef LIBMYSQLCLIENT
#endif #endif
/************************************************************************/ /************************************************************************/
@ -397,7 +390,8 @@ void hydra_hash_password(unsigned long *result, const char *password) {
nr2 += (nr2 << 8) ^ nr; nr2 += (nr2 << 8) ^ nr;
add += tmp; add += tmp;
} }
result[0] = nr & (((unsigned long) 1L << 31) - 1L); /* Don't use sign bit (str2int) */ ; result[0] = nr & (((unsigned long)1L << 31) - 1L); /* Don't use sign bit (str2int) */
;
result[1] = nr2 & (((unsigned long)1L << 31) - 1L); result[1] = nr2 & (((unsigned long)1L << 31) - 1L);
return; return;
} }
@ -424,7 +418,7 @@ char *hydra_scramble(char *to, const char *message, const char *password) {
} }
#endif #endif
int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -437,3 +431,8 @@ int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, F
return 0; return 0;
} }
void usage_mysql(const char *service) {
printf("Module mysql is optionally taking the database to attack, default is "
"\"mysql\"\n\n");
}

45
hydra-ncp.c
View file

@ -1,4 +1,3 @@
/* /*
* Novell Network Core Protocol Support - by David Maciejak @ GMAIL dot com * Novell Network Core Protocol Support - by David Maciejak @ GMAIL dot com
* Tested on Netware 6.5 * Tested on Netware 6.5
@ -11,22 +10,19 @@
* *
*/ */
#include "hydra-mod.h" #include "hydra-mod.h"
#ifndef LIBNCP #ifndef LIBNCP
void dummy_ncp() { void dummy_ncp() { printf("\n"); }
printf("\n");
}
#else #else
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ncp/nwcalls.h> #include <ncp/nwcalls.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
extern int child_head_no; extern int32_t child_head_no;
typedef struct __NCP_DATA { typedef struct __NCP_DATA {
struct ncp_conn_spec spec; struct ncp_conn_spec spec;
@ -37,24 +33,21 @@ typedef struct __NCP_DATA {
// uncomment line below to see more trace stack // uncomment line below to see more trace stack
//#define NCP_DEBUG //#define NCP_DEBUG
int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *login; char *login;
char *pass; char *pass;
char context[256]; char context[256];
unsigned int ncp_lib_error_code; uint32_t ncp_lib_error_code;
char *empty = ""; char *empty = "";
int object_type = NCP_BINDERY_USER; int32_t object_type = NCP_BINDERY_USER;
_NCP_DATA *session; _NCP_DATA *session;
session = malloc(sizeof(_NCP_DATA)); session = malloc(sizeof(_NCP_DATA));
memset(session, 0, sizeof(_NCP_DATA)); memset(session, 0, sizeof(_NCP_DATA));
login = empty; login = empty;
pass = empty; pass = empty;
if (strlen(login = hydra_get_next_login()) == 0) { if (strlen(login = hydra_get_next_login()) == 0) {
login = empty; login = empty;
} else { } else {
@ -64,8 +57,10 @@ int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 4; return 4;
} }
memset(context, 0, sizeof(context)); memset(context, 0, sizeof(context));
strncpy(context, login, strlen(login)); strncpy(context, login, sizeof(context) - 2);
strncpy(context + strlen(login), miscptr, sizeof(miscptr) + 1); context[sizeof(context) - 2] = 0;
strncpy(context + strlen(login), miscptr, sizeof(context) - strlen(login) - 1);
context[sizeof(context) - 1] = 0;
login = context; login = context;
} }
} }
@ -133,9 +128,9 @@ int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 1; // reconnect return 1; // reconnect
} }
void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_NCP; int32_t myport = PORT_NCP;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -151,7 +146,8 @@ void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
sock = hydra_connect_tcp(ip, myport); sock = hydra_connect_tcp(ip, myport);
port = myport; port = myport;
if (sock < 0) { if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
next_run = 2; next_run = 2;
@ -182,7 +178,7 @@ void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
#endif #endif
int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -195,3 +191,8 @@ int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FIL
return 0; return 0;
} }
void usage_ncp(const char *service) {
printf("Module ncp is optionally taking the full context, for example "
"\".O=cx\"\n\n");
}

88
hydra-nntp.c
View file

@ -10,14 +10,14 @@ RFC 4643: Network News Transfer Protocol (NNTP) Extension for Authentication
*/ */
int nntp_auth_mechanism = AUTH_CLEAR; int32_t nntp_auth_mechanism = AUTH_CLEAR;
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf; char *buf;
char *nntp_read_server_capacity(int sock) { char *nntp_read_server_capacity(int32_t sock) {
char *ptr = NULL; char *ptr = NULL;
int resp = 0; int32_t resp = 0;
char *buf = NULL; char *buf = NULL;
do { do {
@ -25,20 +25,20 @@ char *nntp_read_server_capacity(int sock) {
free(buf); free(buf);
ptr = buf = hydra_receive_line(sock); ptr = buf = hydra_receive_line(sock);
if (buf != NULL) { if (buf != NULL) {
if (isdigit((int) buf[0]) && buf[3] == ' ') if (isdigit((int32_t)buf[0]) && buf[3] == ' ')
resp = 1; resp = 1;
else { else {
if (buf[strlen(buf) - 1] == '\n') if (buf[strlen(buf) - 1] == '\n')
buf[strlen(buf) - 1] = 0; buf[strlen(buf) - 1] = 0;
if (buf[strlen(buf) - 1] == '\r') if (buf[strlen(buf) - 1] == '\r')
buf[strlen(buf) - 1] = 0; buf[strlen(buf) - 1] = 0;
#ifdef NO_RINDEX #ifdef NO_STRRCHR
if ((ptr = strrchr(buf, '\n')) != NULL) {
#else
if ((ptr = rindex(buf, '\n')) != NULL) { if ((ptr = rindex(buf, '\n')) != NULL) {
#else
if ((ptr = strrchr(buf, '\n')) != NULL) {
#endif #endif
ptr++; ptr++;
if (isdigit((int) *ptr) && *(ptr + 3) == ' ') if (isdigit((int32_t)*ptr) && *(ptr + 3) == ' ')
resp = 1; resp = 1;
} }
} }
@ -47,10 +47,10 @@ char *nntp_read_server_capacity(int sock) {
return buf; return buf;
} }
int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "\"\""; char *empty = "\"\"", *result = NULL;
char *login, *pass, buffer[500], buffer2[500], *fooptr; char *login, *pass, buffer[500], buffer2[500], *fooptr;
int i = 1; int32_t i = 1;
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
@ -112,12 +112,18 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr,
free(buf); free(buf);
memset(buffer, 0, sizeof(buffer)); memset(buffer, 0, sizeof(buffer));
sasl_plain(buffer, login, pass); result = sasl_plain(buffer, login, pass);
sprintf(buffer, "%.250s\r\n", buffer); if (result == NULL)
return 3;
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
strcpy(buffer, tmp_buffer);
break; break;
#ifdef LIBOPENSSL #ifdef LIBOPENSSL
case AUTH_CRAMMD5: { case AUTH_CRAMMD5: {
int rc = 0; int32_t rc = 0;
char *preplogin; char *preplogin;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
@ -143,14 +149,18 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr,
free(buf); free(buf);
memset(buffer2, 0, sizeof(buffer2)); memset(buffer2, 0, sizeof(buffer2));
sasl_cram_md5(buffer2, pass, buffer); result = sasl_cram_md5(buffer2, pass, buffer);
if (result == NULL)
return 3;
sprintf(buffer, "%s %.250s", preplogin, buffer2); sprintf(buffer, "%s %.250s", preplogin, buffer2);
hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer));
sprintf(buffer, "%.250s\r\n", buffer);
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
strcpy(buffer, tmp_buffer);
free(preplogin); free(preplogin);
} } break;
break;
case AUTH_DIGESTMD5: { case AUTH_DIGESTMD5: {
sprintf(buffer, "AUTHINFO SASL DIGEST-MD5\r\n"); sprintf(buffer, "AUTHINFO SASL DIGEST-MD5\r\n");
@ -172,16 +182,15 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr,
if (debug) if (debug)
hydra_report(stderr, "DEBUG S: %s\n", buffer); hydra_report(stderr, "DEBUG S: %s\n", buffer);
fooptr = buffer2; fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL);
if (fooptr == NULL) if (result == NULL)
return 3; return 3;
if (debug) if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer2); hydra_report(stderr, "DEBUG C: %s\n", buffer2);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2); sprintf(buffer, "%s\r\n", buffer2);
} } break;
break;
#endif #endif
@ -210,8 +219,7 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr,
buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
sprintf(buffer, "%s\r\n", (char *)buf1); sprintf(buffer, "%s\r\n", (char *)buf1);
} } break;
break;
default: { default: {
sprintf(buffer, "AUTHINFO USER %.250s\r\n", login); sprintf(buffer, "AUTHINFO USER %.250s\r\n", login);
@ -230,10 +238,8 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr,
} }
free(buf); free(buf);
sprintf(buffer, "AUTHINFO PASS %.250s\r\n", pass); sprintf(buffer, "AUTHINFO PASS %.250s\r\n", pass);
} break;
} }
break;
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1; return 1;
@ -259,9 +265,9 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr,
return 2; return 2;
} }
void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int i = 0, run = 1, next_run = 1, sock = -1; int32_t i = 0, run = 1, next_run = 1, sock = -1;
int myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0; int32_t myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0;
char *buffer1 = "CAPABILITIES\r\n"; char *buffer1 = "CAPABILITIES\r\n";
hydra_register_socket(sp); hydra_register_socket(sp);
@ -272,7 +278,7 @@ void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
case 1: /* connect and service init function */ case 1: /* connect and service init function */
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(300000); // usleepn(300);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -281,15 +287,15 @@ void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
if (verbose || debug) if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
// usleep(300000); // usleepn(300);
buf = hydra_receive_line(sock); buf = hydra_receive_line(sock);
if (buf == NULL || buf[0] != '2') { /* check the first line */ if (buf == NULL || buf[0] != '2') { /* check the first line */
if (verbose || debug) if (verbose || debug)
@ -320,7 +326,7 @@ void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
hydra_report(stderr, "[VERBOSE] TLS negotiation failed\n"); hydra_report(stderr, "[VERBOSE] TLS negotiation failed\n");
} else { } else {
free(buf); free(buf);
if ((hydra_connect_to_ssl(sock) == -1)) { if ((hydra_connect_to_ssl(sock, hostname) == -1)) {
if (verbose) if (verbose)
hydra_report(stderr, "[ERROR] Can't use TLS\n"); hydra_report(stderr, "[ERROR] Can't use TLS\n");
disable_tls = 1; disable_tls = 1;
@ -398,7 +404,7 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5
if ((miscptr != NULL) && (strlen(miscptr) > 0)) { if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
for (i = 0; i < strlen(miscptr); i++) for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]); miscptr[i] = (char)toupper((int32_t)miscptr[i]);
if (strncmp(miscptr, "USER", 4) == 0) if (strncmp(miscptr, "USER", 4) == 0)
nntp_auth_mechanism = AUTH_CLEAR; nntp_auth_mechanism = AUTH_CLEAR;
@ -419,7 +425,6 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5
if (strncmp(miscptr, "NTLM", 4) == 0) if (strncmp(miscptr, "NTLM", 4) == 0)
nntp_auth_mechanism = AUTH_NTLM; nntp_auth_mechanism = AUTH_NTLM;
} }
if (verbose) { if (verbose) {
switch (nntp_auth_mechanism) { switch (nntp_auth_mechanism) {
@ -445,7 +450,7 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5
break; break;
} }
} }
usleep(25000); usleepn(25);
free(buf); free(buf);
next_run = 2; next_run = 2;
break; break;
@ -465,7 +470,7 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5
} }
} }
int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -478,3 +483,8 @@ int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FI
return 0; return 0;
} }
void usage_nntp(const char *service) {
printf("Module nntp is optionally taking one authentication type of:\n"
" USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n");
}

79
hydra-oracle-listener.c
View file

@ -1,4 +1,3 @@
/* /*
david: david:
@ -14,22 +13,20 @@ at http://marcellmajor.com/frame_listenerhash.html
#include "hydra-mod.h" #include "hydra-mod.h"
#ifndef LIBOPENSSL #ifndef LIBOPENSSL
#include <stdio.h> #include <stdio.h>
void dummy_oracle_listener() { void dummy_oracle_listener() { printf("\n"); }
printf("\n");
}
#else #else
#include <sasl.h> #include "sasl.h"
#include <openssl/des.h> #include <openssl/des.h>
#define HASHSIZE 17 #define HASHSIZE 17
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf; char *buf;
unsigned char *hash; unsigned char *hash;
int sid_mechanism = AUTH_PLAIN; int32_t sid_mechanism = AUTH_PLAIN;
int initial_permutation(unsigned char **result, char *p_str, int *sz) { int32_t initial_permutation(unsigned char **result, char *p_str, int32_t *sz) {
int k = 0; int32_t k = 0;
int i = strlen(p_str); int32_t i = strlen(p_str);
char *buff; char *buff;
// expand the string with zero so that length is a multiple of 4 // expand the string with zero so that length is a multiple of 4
@ -67,8 +64,8 @@ int initial_permutation(unsigned char **result, char *p_str, int *sz) {
return 0; return 0;
} }
int ora_hash(unsigned char **orahash, unsigned char *buf, int len) { int32_t ora_hash(unsigned char **orahash, unsigned char *buf, int32_t len) {
int i; int32_t i;
if ((*orahash = malloc(HASHSIZE)) == NULL) { if ((*orahash = malloc(HASHSIZE)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n"); hydra_report(stderr, "[ERROR] Can't allocate memory\n");
@ -81,8 +78,8 @@ int ora_hash(unsigned char **orahash, unsigned char *buf, int len) {
return 0; return 0;
} }
int convert_byteorder(unsigned char **result, int size) { int32_t convert_byteorder(unsigned char **result, int32_t size) {
int i = 0; int32_t i = 0;
char *buff; char *buff;
if ((buff = malloc(size)) == NULL) { if ((buff = malloc(size)) == NULL) {
@ -103,10 +100,10 @@ int convert_byteorder(unsigned char **result, int size) {
return 0; return 0;
} }
int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) { int32_t ora_descrypt(unsigned char **rs, unsigned char *result, int32_t siz) {
int i = 0; int32_t i = 0;
char lastkey[8]; char lastkey[8];
des_key_schedule ks1; DES_key_schedule ks1;
unsigned char key1[8] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}; unsigned char key1[8] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF};
unsigned char ivec1[] = {0, 0, 0, 0, 0, 0, 0, 0}; unsigned char ivec1[] = {0, 0, 0, 0, 0, 0, 0, 0};
unsigned char *desresult; unsigned char *desresult;
@ -116,17 +113,17 @@ int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n"); hydra_report(stderr, "[ERROR] Can't allocate memory\n");
return 1; return 1;
} }
des_key_sched((C_Block *) key1, ks1); DES_key_sched((const_DES_cblock *)key1, &ks1);
des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); DES_ncbc_encrypt(result, desresult, siz, &ks1, &ivec1, DES_ENCRYPT);
for (i = 0; i < 8; i++) { for (i = 0; i < 8; i++) {
lastkey[i] = desresult[siz - 8 + i]; lastkey[i] = desresult[siz - 8 + i];
} }
des_key_sched((C_Block *) lastkey, ks1); DES_key_sched((const_DES_cblock *)lastkey, &ks1);
memset(desresult, 0, siz); memset(desresult, 0, siz);
memset(ivec1, 0, sizeof(ivec1)); memset(ivec1, 0, sizeof(ivec1));
des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); DES_ncbc_encrypt(result, desresult, siz, &ks1, &ivec1, DES_ENCRYPT);
if ((*rs = malloc(siz)) == NULL) { if ((*rs = malloc(siz)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n"); hydra_report(stderr, "[ERROR] Can't allocate memory\n");
@ -138,9 +135,9 @@ int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) {
return 0; return 0;
} }
int ora_hash_password(char *pass) { int32_t ora_hash_password(char *pass) {
// secret hash function comes here, and written to char *hash // secret hash function comes here, and written to char *hash
int siz = 0; int32_t siz = 0;
unsigned char *desresult; unsigned char *desresult;
unsigned char *result; unsigned char *result;
char buff[strlen(pass) + 5]; char buff[strlen(pass) + 5];
@ -180,19 +177,17 @@ int ora_hash_password(char *pass) {
return 0; return 0;
} }
int start_oracle_listener(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
unsigned char tns_packet_begin[22] = { unsigned char tns_packet_begin[22] = {"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e"
"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00" "\x00\x00\x01\x00"};
}; unsigned char tns_packet_end[32] = {"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
unsigned char tns_packet_end[32] = { "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"};
"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"
};
char *empty = ""; char *empty = "";
char *pass; char *pass;
char connect_string[200]; char connect_string[200];
char buffer2[260]; char buffer2[260];
int siz = 0; int32_t siz = 0;
memset(connect_string, 0, sizeof(connect_string)); memset(connect_string, 0, sizeof(connect_string));
memset(buffer2, 0, sizeof(buffer2)); memset(buffer2, 0, sizeof(buffer2));
@ -213,7 +208,10 @@ int start_oracle_listener(int s, char *ip, int port, unsigned char options, char
} }
pass = (char *)hash; pass = (char *)hash;
} }
snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)(PASSWORD=%s)(SERVICE=)(VERSION=169869568)))", pass); snprintf(connect_string, sizeof(connect_string),
"(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)("
"PASSWORD=%s)(SERVICE=)(VERSION=169869568)))",
pass);
if (hash != NULL) if (hash != NULL)
free(hash); free(hash);
@ -258,9 +256,9 @@ int start_oracle_listener(int s, char *ip, int port, unsigned char options, char
return 1; return 1;
} }
void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; int32_t myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -287,7 +285,7 @@ void service_oracle_listener(char *ip, int sp, unsigned char options, char *misc
case 1: /* connect and service init function */ case 1: /* connect and service init function */
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(300000); // usleepn(300);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -296,12 +294,12 @@ void service_oracle_listener(char *ip, int sp, unsigned char options, char *misc
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
if (verbose || debug) if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
/* run the cracking function */ /* run the cracking function */
@ -325,7 +323,7 @@ void service_oracle_listener(char *ip, int sp, unsigned char options, char *misc
} }
} }
int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -339,4 +337,9 @@ int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *
return 0; return 0;
} }
void usage_oracle_listener(const char *service) {
printf("Module oracle-listener / tns is optionally taking the mode the "
"password is stored as, could be PLAIN (default) or CLEAR\n\n");
}
#endif #endif

42
hydra-oracle-sid.c
View file

@ -11,9 +11,7 @@ find a big list on the Internet
#include "hydra-mod.h" #include "hydra-mod.h"
#ifndef LIBOPENSSL #ifndef LIBOPENSSL
#include <stdio.h> #include <stdio.h>
void dummy_oracle_sid() { void dummy_oracle_sid() { printf("\n"); }
printf("\n");
}
#else #else
#include <openssl/des.h> #include <openssl/des.h>
#define HASHSIZE 16 #define HASHSIZE 16
@ -22,24 +20,21 @@ extern char *HYDRA_EXIT;
char *buf; char *buf;
unsigned char *hash; unsigned char *hash;
int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
/* /*
PP is the packet length PP is the packet length
XX is the length of connect data XX is the length of connect data
PP + tns_packet_begin + XX + tns_packet_end PP + tns_packet_begin + XX + tns_packet_end
*/ */
unsigned char tns_packet_begin[22] = { unsigned char tns_packet_begin[22] = {"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e"
"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00" "\x00\x00\x01\x00"};
}; unsigned char tns_packet_end[32] = {"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
unsigned char tns_packet_end[32] = { "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"};
"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"
};
char *empty = ""; char *empty = "";
char *login; char *login;
char connect_string[200]; char connect_string[200];
char buffer2[260]; char buffer2[260];
int siz = 0; int32_t siz = 0;
memset(connect_string, 0, sizeof(connect_string)); memset(connect_string, 0, sizeof(connect_string));
memset(buffer2, 0, sizeof(buffer2)); memset(buffer2, 0, sizeof(buffer2));
@ -47,8 +42,10 @@ int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *mis
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", login, snprintf(connect_string, sizeof(connect_string),
hydra_address2string(ip), port); "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)("
"USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))",
login, hydra_address2string(ip), port);
siz = 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string); siz = 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string);
if (siz > 255) { if (siz > 255) {
buffer2[0] = 1; buffer2[0] = 1;
@ -72,7 +69,8 @@ int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *mis
if ((buf = hydra_receive_line(s)) == NULL) if ((buf = hydra_receive_line(s)) == NULL)
return 1; return 1;
//if no error reported. it should be a resend packet type 00 08 00 00 0b 00 00 00, 4 is refuse // if no error reported. it should be a resend packet type 00 08 00 00 0b 00
// 00 00, 4 is refuse
if ((strstr(buf, "ERR=") == NULL) && (buf[4] != 4)) { if ((strstr(buf, "ERR=") == NULL) && (buf[4] != 4)) {
hydra_report_found_host(port, ip, "oracle-sid", fp); hydra_report_found_host(port, ip, "oracle-sid", fp);
hydra_completed_pair_found(); hydra_completed_pair_found();
@ -85,9 +83,9 @@ int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *mis
return 1; return 1;
} }
void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; int32_t myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -97,7 +95,7 @@ void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr,
case 1: /* connect and service init function */ case 1: /* connect and service init function */
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(300000); // usleepn(300);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -106,11 +104,11 @@ void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr,
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
/* run the cracking function */ /* run the cracking function */
@ -134,7 +132,7 @@ void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr,
} }
} }
int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.

106
hydra-oracle.c
View file

@ -1,12 +1,11 @@
/* /*
david: code is based on SNORT spo_database.c david: code is based on SNORT spo_database.c
tested with : tested with :
-instantclient_10_2 on Oracle 10.2.0 -instantclient_10_2 on Oracle 10.2.0
-instantclient-basic-linux.*-11.2.0.3.0.zip + instantclient-sdk-linux.*-11.2.0.3.0.zip -instantclient-basic-linux.*-11.2.0.3.0.zip +
on Oracle 9i and on Oracle 11g instantclient-sdk-linux.*-11.2.0.3.0.zip on Oracle 9i and on Oracle 11g
*/ */
@ -14,13 +13,12 @@ on Oracle 9i and on Oracle 11g
#ifndef LIBORACLE #ifndef LIBORACLE
void dummy_oracle() { void dummy_oracle() { printf("\n"); }
printf("\n");
}
#else #else
#include <oci.h> #include <oci.h>
#include <stdbool.h>
#include <sys/types.h> #include <sys/types.h>
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
@ -41,7 +39,7 @@ void print_oracle_error(char *err) {
} }
} }
int start_oracle(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "";
char *login, *pass, buffer[200], sid[100]; char *login, *pass, buffer[200], sid[100];
@ -56,14 +54,17 @@ int start_oracle(int s, char *ip, int port, unsigned char options, char *miscptr
/* /*
To use the Easy Connect naming method, PHP must be linked with Oracle 10g or greater Client libraries. To use the Easy Connect naming method, PHP must be linked with Oracle 10g
The Easy Connect string for Oracle 10g is of the form: [//]host_name[:port][/service_name]. or greater Client libraries. The Easy Connect string for Oracle 10g is of
With Oracle 11g, the syntax is: [//]host_name[:port][/service_name][:server_type][/instance_name]. the form: [//]host_name[:port][/service_name]. With Oracle 11g, the syntax
Service names can be found by running the Oracle utility lsnrctl status on the database server machine. is: [//]host_name[:port][/service_name][:server_type][/instance_name].
Service names can be found by running the Oracle utility lsnrctl status on
the database server machine.
The tnsnames.ora file can be in the Oracle Net search path, which includes $ORACLE_HOME/network/admin The tnsnames.ora file can be in the Oracle Net search path, which includes
and /etc. Alternatively set TNS_ADMIN so that $TNS_ADMIN/tnsnames.ora is read. Make sure the web $ORACLE_HOME/network/admin and /etc. Alternatively set TNS_ADMIN so that
daemon has read access to the file. $TNS_ADMIN/tnsnames.ora is read. Make sure the web daemon has read access
to the file.
*/ */
@ -84,51 +85,56 @@ int start_oracle(int s, char *ip, int port, unsigned char options, char *miscptr
return 4; return 4;
} }
bool success = true;
if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *)login, strlen(login), (const OraText *)pass, strlen(pass), (const OraText *)buffer, strlen(buffer))) { if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *)login, strlen(login), (const OraText *)pass, strlen(pass), (const OraText *)buffer, strlen(buffer))) {
success = false;
OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR); OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR);
//database: oracle_error: ORA-01017: invalid username/password; logon denied // database: oracle_error: ORA-01017: invalid username/password; logon
//database: oracle_error: ORA-12514: TNS:listener does not currently know of service requested in connect descriptor // denied database: oracle_error: ORA-12514: TNS:listener does not currently
//database: oracle_error: ORA-28000: the account is locked // know of service requested in connect descriptor database: oracle_error:
//Failed login attempts is set to 10 by default // ORA-28000: the account is locked Failed login attempts is set to 10 by
// default
if (verbose) { if (verbose) {
hydra_report(stderr, "[VERBOSE] database: oracle_error: %s\n", o_errormsg); hydra_report(stderr, "[VERBOSE] database: oracle_error: %s\n", o_errormsg);
} }
if (strstr((const char *)o_errormsg, "ORA-12514") != NULL) { if (strstr((const char *)o_errormsg, "ORA-12514") != NULL) {
hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to enumerate them.\n"); hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to "
"enumerate them.\n");
hydra_completed_pair();
return 3;
} }
if (strstr((const char *)o_errormsg, "ORA-28000") != NULL) { if (strstr((const char *)o_errormsg, "ORA-28000") != NULL) {
hydra_report(stderr, "[ERROR] ORACLE account %s is locked.\n", login); hydra_report(stderr, "[INFO] ORACLE account %s is locked.\n", login);
} hydra_completed_pair_skip();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
if (o_error) { return 3;
OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR);
}
hydra_completed_pair();
//by default, set in sqlnet.ora, the trace file is generated in pwd to log any errors happening,
//as we don't care, we are deleting the file
//set these parameters to not generate the file
//LOG_DIRECTORY_CLIENT = /dev/null
//LOG_FILE_CLIENT = /dev/null
unlink("sqlnet.log");
return 2; return 2;
} else {
OCILogoff(o_servicecontext, o_error);
if (o_error) {
OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR);
} }
// ORA-28002: the password will expire within 7 days
if (strstr((const char *)o_errormsg, "ORA-28002") != NULL) {
hydra_report(stderr, "[INFO] ORACLE account %s password will expire soon.\n", login);
success = true;
}
}
if (success) {
OCILogoff(o_servicecontext, o_error);
hydra_report_found_host(port, ip, "oracle", fp); hydra_report_found_host(port, ip, "oracle", fp);
hydra_completed_pair_found(); hydra_completed_pair_found();
} else {
hydra_completed_pair();
}
if (o_error) {
OCIHandleFree((dvoid *)o_error, OCI_HTYPE_ERROR);
} }
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3; return 3;
return 1; return success ? 1 : 2;
} }
void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_ORACLE; int32_t myport = PORT_ORACLE;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -152,18 +158,23 @@ void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE
if (sock < 0) { if (sock < 0) {
if (verbose || debug) if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
next_run = 2; next_run = 2;
break; break;
case 2: case 2:
next_run = start_oracle(sock, ip, port, options, miscptr, fp); next_run = start_oracle(sock, ip, port, options, miscptr, fp);
hydra_child_exit(0);
break; break;
case 3: /* clean exit */ case 3: /* clean exit */
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// by default, set in sqlnet.ora, the trace file is generated in pwd to log
// any errors happening, as we don't care, we are deleting the file set
// these parameters to not generate the file LOG_DIRECTORY_CLIENT =
// /dev/null LOG_FILE_CLIENT = /dev/null
unlink("sqlnet.log");
hydra_child_exit(0); hydra_child_exit(0);
return; return;
default: default:
@ -176,7 +187,7 @@ void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE
#endif #endif
int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -189,3 +200,8 @@ int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr,
return 0; return 0;
} }
void usage_oracle(const char *service) {
printf("Module oracle / ora is optionally taking the ORACLE SID, default is "
"\"ORCL\"\n\n");
}

50
hydra-pcanywhere.c
View file

@ -8,9 +8,9 @@
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
int pcadebug = 0; int32_t pcadebug = 0;
int send_cstring(int s, char *crypted_string) { int32_t send_cstring(int32_t s, char *crypted_string) {
char buffer2[100], *bptr = buffer2; char buffer2[100], *bptr = buffer2;
char clientcryptheader[] = "\x06"; char clientcryptheader[] = "\x06";
@ -25,8 +25,8 @@ int send_cstring(int s, char *crypted_string) {
return hydra_send(s, buffer2, 2 + strlen(crypted_string), 0); return hydra_send(s, buffer2, 2 + strlen(crypted_string), 0);
} }
void show_buffer(char *buffer, int size) { void show_buffer(char *buffer, int32_t size) {
int i; int32_t i;
printf("size: %d, buffer:\n", size); printf("size: %d, buffer:\n", size);
for (i = 0; i < size; i++) { for (i = 0; i < size; i++) {
@ -35,11 +35,11 @@ void show_buffer(char *buffer, int size) {
printf("\n"); printf("\n");
} }
void clean_buffer(char *buf, int size) { void clean_buffer(char *buf, int32_t size) {
int i; int32_t i;
for (i = 0; i < size; i++) { for (i = 0; i < size; i++) {
int pos = buf[i]; int32_t pos = buf[i];
if (pos < 32 || pos > 126) { if (pos < 32 || pos > 126) {
// . char // . char
@ -49,7 +49,7 @@ void clean_buffer(char *buf, int size) {
} }
void print_encrypted_str(char *str) { void print_encrypted_str(char *str) {
int i; int32_t i;
printf("encode string: "); printf("encode string: ");
for (i = 0; i < strlen(str); i++) { for (i = 0; i < strlen(str); i++) {
@ -60,7 +60,7 @@ void print_encrypted_str(char *str) {
void pca_encrypt(char *cleartxt) { void pca_encrypt(char *cleartxt) {
char passwd[128]; char passwd[128];
int i; int32_t i;
strncpy(passwd, cleartxt, sizeof(passwd) - 1); strncpy(passwd, cleartxt, sizeof(passwd) - 1);
passwd[sizeof(passwd) - 1] = 0; passwd[sizeof(passwd) - 1] = 0;
@ -71,12 +71,11 @@ void pca_encrypt(char *cleartxt) {
passwd[strlen(passwd)] = '\0'; passwd[strlen(passwd)] = '\0';
strcpy(cleartxt, passwd); strcpy(cleartxt, passwd);
} }
} }
void pca_decrypt(char *password) { void pca_decrypt(char *password) {
char cleartext[128]; char cleartext[128];
int i; int32_t i;
if (strlen(password) > 0) { if (strlen(password) > 0) {
cleartext[0] = password[0] ^ 0xab; cleartext[0] = password[0] ^ 0xab;
@ -92,17 +91,17 @@ void debugprintf(char *msg) {
printf("debug: %s\n", msg); printf("debug: %s\n", msg);
} }
int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "";
char *login, *pass; char *login, *pass;
char buffer[2048] = ""; char buffer[2048] = "";
char clogin[128] = ""; char clogin[128] = "";
char cpass[128] = ""; char cpass[128] = "";
int ret, i; int32_t ret, i;
char *client[4]; char *client[4];
char *server[5]; char *server[5];
int clientsize[4]; int32_t clientsize[4];
client[0] = "\x00\x00\x00\x00"; client[0] = "\x00\x00\x00\x00";
clientsize[0] = 4; clientsize[0] = 4;
@ -119,7 +118,6 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis
server[3] = "Enter login name"; server[3] = "Enter login name";
server[4] = "denying connection"; server[4] = "denying connection";
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
if (strlen(pass = hydra_get_next_password()) == 0) if (strlen(pass = hydra_get_next_password()) == 0)
@ -158,13 +156,15 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis
if (i == 0 || i == 3) if (i == 0 || i == 3)
clean_buffer(buffer, ret); clean_buffer(buffer, ret);
if (debug) show_buffer(buffer, ret); if (debug)
show_buffer(buffer, ret);
if (i == 2) { if (i == 2) {
clean_buffer(buffer, ret); clean_buffer(buffer, ret);
buffer[sizeof(buffer) - 1] = 0; buffer[sizeof(buffer) - 1] = 0;
if (strstr(buffer, server[i + 2]) != NULL) { if (strstr(buffer, server[i + 2]) != NULL) {
fprintf(stderr, "[ERROR] PC Anywhere host denying connection because you have requested a lower encrypt level\n"); fprintf(stderr, "[ERROR] PC Anywhere host denying connection because "
"you have requested a lower encrypt level\n");
return 3; return 3;
} }
} }
@ -224,21 +224,20 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis
return 1; return 1;
} }
void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_PCANYWHERE, mysslport = PORT_PCANYWHERE_SSL; int32_t myport = PORT_PCANYWHERE, mysslport = PORT_PCANYWHERE_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return; return;
while (1) { while (1) {
switch (run) { switch (run) {
case 1: /* connect and service init function */ case 1: /* connect and service init function */
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
usleep(275000); usleepn(275);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -247,11 +246,12 @@ void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr,
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
@ -278,7 +278,7 @@ void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr,
} }
} }
int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.

17
hydra-pcnfs.c
View file

@ -33,7 +33,7 @@ struct pr_auth_args {
/* Lets start ... */ /* Lets start ... */
int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "";
char *login, *pass, buffer[LEN_HDR_RPC + LEN_AUTH_UNIX + LEN_HDR_PCN_AUTH]; char *login, *pass, buffer[LEN_HDR_RPC + LEN_AUTH_UNIX + LEN_HDR_PCN_AUTH];
char *ptr, *pkt = buffer; char *ptr, *pkt = buffer;
@ -66,7 +66,9 @@ int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr,
prh->len_passwd = htonl(63); prh->len_passwd = htonl(63);
prh->len_comments = htonl(254); prh->len_comments = htonl(254);
strcpy(prh->comments, " Hydra - THC password cracker - visit http://www.thc.org - use only allowed for legal purposes "); strcpy(prh->comments, " Hydra - THC password cracker - visit "
"https://github.com/vanhauser-thc/thc-hydra - use only "
"allowed for legal purposes ");
strcpy(prh->name, "localhost"); strcpy(prh->name, "localhost");
ptr = prh->id; ptr = prh->id;
@ -136,8 +138,8 @@ int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1; return 1;
} }
void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp); hydra_register_socket(sp);
if (port == 0) { if (port == 0) {
@ -159,9 +161,10 @@ void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE
{ {
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(275000); // usleepn(275);
if ((sock = hydra_connect_udp(ip, port)) < 0) { if ((sock = hydra_connect_udp(ip, port)) < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
next_run = 2; next_run = 2;
@ -183,7 +186,7 @@ void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE
} }
} }
int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.

159
hydra-pop3.c
View file

@ -6,9 +6,9 @@
typedef struct pool_str { typedef struct pool_str {
char ip[36]; char ip[36];
/* int port;*/// not needed /* int32_t port;*/ // not needed
int pop3_auth_mechanism; int32_t pop3_auth_mechanism;
int disable_tls; int32_t disable_tls;
struct pool_str *next; struct pool_str *next;
} pool; } pool;
@ -18,7 +18,7 @@ char apop_challenge[300] = "";
pool *plist = NULL, *p = NULL; pool *plist = NULL, *p = NULL;
/* functions */ /* functions */
int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
pool *list_create(pool data) { pool *list_create(pool data) {
pool *p; pool *p;
@ -59,9 +59,9 @@ pool *list_find(char *ip) {
/* how to know when to release the mem ? /* how to know when to release the mem ?
-> well, after _start has determined which pool number it is */ -> well, after _start has determined which pool number it is */
int list_remove(pool * node) { int32_t list_remove(pool *node) {
pool *save, *list = plist; pool *save, *list = plist;
int ok = -1; int32_t ok = -1;
if (list == NULL || node == NULL) if (list == NULL || node == NULL)
return -2; return -2;
@ -78,9 +78,9 @@ int list_remove(pool * node) {
return ok; return ok;
} }
char *pop3_read_server_capacity(int sock) { char *pop3_read_server_capacity(int32_t sock) {
char *ptr = NULL; char *ptr = NULL;
int resp = 0; int32_t resp = 0;
char *buf = NULL; char *buf = NULL;
do { do {
@ -88,7 +88,6 @@ char *pop3_read_server_capacity(int sock) {
free(buf); free(buf);
ptr = buf = hydra_receive_line(sock); ptr = buf = hydra_receive_line(sock);
if (buf != NULL) { if (buf != NULL) {
/* /*
exchange capa: exchange capa:
@ -99,7 +98,8 @@ STLS
*/ */
if (strstr(buf, "\r\n.\r\n") != NULL && buf[0] == '+') { if (strstr(buf, "\r\n.\r\n") != NULL && buf[0] == '+') {
resp = 1; resp = 1;
/* we got the capability info then get the completed warning info from server */ /* we got the capability info then get the completed warning info from
* server */
while (hydra_data_ready(sock)) { while (hydra_data_ready(sock)) {
free(buf); free(buf);
buf = hydra_receive_line(sock); buf = hydra_receive_line(sock);
@ -117,8 +117,8 @@ STLS
return buf; return buf;
} }
int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "\"\""; char *empty = "\"\"", *result = NULL;
char *login, *pass, buffer[500], buffer2[500], *fooptr; char *login, *pass, buffer[500], buffer2[500], *fooptr;
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
@ -137,7 +137,7 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr,
case AUTH_APOP: { case AUTH_APOP: {
MD5_CTX c; MD5_CTX c;
unsigned char md5_raw[MD5_DIGEST_LENGTH]; unsigned char md5_raw[MD5_DIGEST_LENGTH];
int i; int32_t i;
char *pbuffer = buffer2; char *pbuffer = buffer2;
MD5_Init(&c); MD5_Init(&c);
@ -150,8 +150,7 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr,
pbuffer += 2; pbuffer += 2;
} }
sprintf(buffer, "APOP %s %s\r\n", login, buffer2); sprintf(buffer, "APOP %s %s\r\n", login, buffer2);
} } break;
break;
#endif #endif
case AUTH_LOGIN: { case AUTH_LOGIN: {
@ -186,8 +185,7 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr,
strcpy(buffer2, pass); strcpy(buffer2, pass);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2); sprintf(buffer, "%.250s\r\n", buffer2);
} } break;
break;
case AUTH_PLAIN: { case AUTH_PLAIN: {
sprintf(buffer, "AUTH PLAIN\r\n"); sprintf(buffer, "AUTH PLAIN\r\n");
@ -204,16 +202,20 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr,
free(buf); free(buf);
memset(buffer, 0, sizeof(buffer)); memset(buffer, 0, sizeof(buffer));
sasl_plain(buffer, login, pass); result = sasl_plain(buffer, login, pass);
sprintf(buffer, "%.250s\r\n", buffer); if (result == NULL)
} return 3;
break;
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
strcpy(buffer, tmp_buffer);
} break;
#ifdef LIBOPENSSL #ifdef LIBOPENSSL
case AUTH_CRAMMD5: case AUTH_CRAMMD5:
case AUTH_CRAMSHA1: case AUTH_CRAMSHA1:
case AUTH_CRAMSHA256: { case AUTH_CRAMSHA256: {
int rc = 0; int32_t rc = 0;
char *preplogin; char *preplogin;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
@ -263,26 +265,31 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr,
switch (p->pop3_auth_mechanism) { switch (p->pop3_auth_mechanism) {
case AUTH_CRAMMD5: { case AUTH_CRAMMD5: {
sasl_cram_md5(buffer2, pass, buffer); result = sasl_cram_md5(buffer2, pass, buffer);
if (result == NULL)
return 3;
sprintf(buffer, "%s %.250s", preplogin, buffer2); sprintf(buffer, "%s %.250s", preplogin, buffer2);
} } break;
break;
case AUTH_CRAMSHA1: { case AUTH_CRAMSHA1: {
sasl_cram_sha1(buffer2, pass, buffer); result = sasl_cram_sha1(buffer2, pass, buffer);
if (result == NULL)
return 3;
sprintf(buffer, "%s %.250s", preplogin, buffer2); sprintf(buffer, "%s %.250s", preplogin, buffer2);
} } break;
break;
case AUTH_CRAMSHA256: { case AUTH_CRAMSHA256: {
sasl_cram_sha256(buffer2, pass, buffer); result = sasl_cram_sha256(buffer2, pass, buffer);
if (result == NULL)
return 3;
sprintf(buffer, "%s %.250s", preplogin, buffer2); sprintf(buffer, "%s %.250s", preplogin, buffer2);
} } break;
break;
} }
hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer));
sprintf(buffer, "%.250s\r\n", buffer);
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
strcpy(buffer, tmp_buffer);
free(preplogin); free(preplogin);
} } break;
break;
case AUTH_DIGESTMD5: { case AUTH_DIGESTMD5: {
sprintf(buffer, "AUTH DIGEST-MD5\r\n"); sprintf(buffer, "AUTH DIGEST-MD5\r\n");
@ -305,16 +312,15 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr,
hydra_report(stderr, "[DEBUG] S: %s\n", buffer); hydra_report(stderr, "[DEBUG] S: %s\n", buffer);
fooptr = buffer2; fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL);
if (fooptr == NULL) if (result == NULL)
return 3; return 3;
if (debug) if (debug)
hydra_report(stderr, "[DEBUG] C: %s\n", buffer2); hydra_report(stderr, "[DEBUG] C: %s\n", buffer2);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2); sprintf(buffer, "%s\r\n", buffer2);
} } break;
break;
#endif #endif
case AUTH_NTLM: { case AUTH_NTLM: {
@ -355,8 +361,7 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr,
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
sprintf(buffer, "%s\r\n", buf1); sprintf(buffer, "%s\r\n", buf1);
} } break;
break;
default: default:
sprintf(buffer, "USER %.250s\r\n", login); sprintf(buffer, "USER %.250s\r\n", login);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
@ -391,6 +396,8 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr,
} }
/* special AS/400 hack */ /* special AS/400 hack */
if (strstr(buf, "CPF2204") != NULL || strstr(buf, "CPF22E3") != NULL || strstr(buf, "CPF22E4") != NULL || strstr(buf, "CPF22E5") != NULL) { if (strstr(buf, "CPF2204") != NULL || strstr(buf, "CPF22E3") != NULL || strstr(buf, "CPF22E4") != NULL || strstr(buf, "CPF22E5") != NULL) {
if (verbose)
printf("[INFO] user %s does not exist, skipping\n", login);
hydra_completed_pair_skip(); hydra_completed_pair_skip();
free(buf); free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -405,13 +412,13 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr,
return 2; return 2;
} }
void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
char *ptr = NULL; char *ptr = NULL;
// extract data from the pool, ip is the key // extract data from the pool, ip is the key
if (plist == NULL) if (plist == NULL)
if (service_pop3_init(ip, sp, options, miscptr, fp, port) != 0) if (service_pop3_init(ip, sp, options, miscptr, fp, port, hostname) != 0)
hydra_child_exit(2); hydra_child_exit(2);
p = list_find(ip); p = list_find(ip);
if (p == NULL) { if (p == NULL) {
@ -425,22 +432,21 @@ void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE *
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return; return;
while (1) { while (1) {
switch (run) { switch (run) {
case 1: /* connect and service init function */ case 1: /* connect and service init function */
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(300000); // usleepn(300);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
sock = hydra_connect_tcp(ip, port); sock = hydra_connect_tcp(ip, port);
} else { } else {
sock = hydra_connect_ssl(ip, port); sock = hydra_connect_ssl(ip, port, hostname);
} }
if (sock < 0) { if (sock < 0) {
if (verbose || debug) if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
buf = hydra_receive_line(sock); buf = hydra_receive_line(sock);
@ -462,14 +468,16 @@ void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE *
#ifdef LIBOPENSSL #ifdef LIBOPENSSL
if (!p->disable_tls) { if (!p->disable_tls) {
/* check for STARTTLS, if available we may have access to more basic auth methods */ /* check for STARTTLS, if available we may have access to more basic
* auth methods */
hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0);
buf = hydra_receive_line(sock); buf = hydra_receive_line(sock);
if (buf[0] != '+') { if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer "
"received from STARTTLS request\n");
} else { } else {
free(buf); free(buf);
if ((hydra_connect_to_ssl(sock) == -1)) { if ((hydra_connect_to_ssl(sock, hostname) == -1)) {
if (verbose) if (verbose)
hydra_report(stderr, "[ERROR] Can't use TLS\n"); hydra_report(stderr, "[ERROR] Can't use TLS\n");
p->disable_tls = 1; p->disable_tls = 1;
@ -504,22 +512,19 @@ void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} }
} }
int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t myport = PORT_POP3, mysslport = PORT_POP3_SSL;
int myport = PORT_POP3, mysslport = PORT_POP3_SSL;
char *ptr = NULL; char *ptr = NULL;
int sock = -1; int32_t sock = -1;
char *capa_str = "CAPA\r\n"; char *capa_str = "CAPA\r\n";
char *quit_str = "QUIT\r\n"; char *quit_str = "QUIT\r\n";
pool p; pool p;
p.pop3_auth_mechanism = AUTH_CLEAR; p.pop3_auth_mechanism = AUTH_CLEAR;
p.disable_tls = 1; p.disable_tls = 1;
p.next = NULL;
memcpy(p.ip, ip, 36); memcpy(p.ip, ip, 36);
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -527,11 +532,11 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(p.ip, mysslport); sock = hydra_connect_ssl(p.ip, mysslport, hostname);
} }
if (sock < 0) { if (sock < 0) {
if (verbose || debug) if (verbose || debug)
hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int32_t)getpid());
return -1; return -1;
} }
buf = hydra_receive_line(sock); buf = hydra_receive_line(sock);
@ -566,28 +571,30 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI
} }
if ((miscptr != NULL) && (strlen(miscptr) > 0)) { if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
int i; int32_t i;
for (i = 0; i < strlen(miscptr); i++) for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]); miscptr[i] = (char)toupper((int32_t)miscptr[i]);
if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) { if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) {
p.disable_tls = 0; p.disable_tls = 0;
} }
} }
#ifdef LIBOPENSSL #ifdef LIBOPENSSL
if (!p.disable_tls) { if (!p.disable_tls) {
/* check for STARTTLS, if available we may have access to more basic auth methods */ /* check for STARTTLS, if available we may have access to more basic auth
* methods */
if (strstr(buf, "STLS") != NULL) { if (strstr(buf, "STLS") != NULL) {
hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0);
free(buf); free(buf);
buf = hydra_receive_line(sock); buf = hydra_receive_line(sock);
if (buf[0] != '+') { if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer "
"received from STARTTLS request\n");
} else { } else {
free(buf); free(buf);
if ((hydra_connect_to_ssl(sock) == -1)) { if ((hydra_connect_to_ssl(sock, hostname) == -1)) {
if (verbose) if (verbose)
hydra_report(stderr, "[ERROR] Can't use TLS\n"); hydra_report(stderr, "[ERROR] Can't use TLS\n");
p.disable_tls = 1; p.disable_tls = 1;
@ -610,16 +617,16 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI
} }
} }
} else } else
hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not "
"supported by the server\n");
} }
#endif #endif
if (hydra_send(sock, quit_str, strlen(quit_str), 0) < 0) { if (hydra_send(sock, quit_str, strlen(quit_str), 0) < 0) {
//we dont care if the server is not receiving the quit msg // we don't care if the server is not receiving the quit msg
} }
hydra_disconnect(sock); hydra_disconnect(sock);
if (verbose) if (verbose)
hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf);
@ -642,7 +649,8 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI
which are supported. which are supported.
*/ */
/* which mean threre will *always* have a space before the LOGIN auth keyword */ /* which mean threre will *always* have a space before the LOGIN auth keyword
*/
if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) { if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) {
p.pop3_auth_mechanism = AUTH_NTLM; p.pop3_auth_mechanism = AUTH_NTLM;
} }
@ -682,12 +690,10 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI
#else #else
p.pop3_auth_mechanism = AUTH_CLEAR; p.pop3_auth_mechanism = AUTH_CLEAR;
#endif #endif
} }
free(buf); free(buf);
if ((miscptr != NULL) && (strlen(miscptr) > 0)) { if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
if (strstr(miscptr, "CLEAR")) if (strstr(miscptr, "CLEAR"))
p.pop3_auth_mechanism = AUTH_CLEAR; p.pop3_auth_mechanism = AUTH_CLEAR;
@ -716,7 +722,6 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI
if (strstr(miscptr, "NTLM")) if (strstr(miscptr, "NTLM"))
p.pop3_auth_mechanism = AUTH_NTLM; p.pop3_auth_mechanism = AUTH_NTLM;
} }
if (verbose) { if (verbose) {
@ -759,7 +764,6 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI
case AUTH_NTLM: case AUTH_NTLM:
hydra_report(stderr, "[VERBOSE] using POP3 NTLM AUTH mechanism\n"); hydra_report(stderr, "[VERBOSE] using POP3 NTLM AUTH mechanism\n");
break; break;
} }
} }
@ -770,3 +774,12 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI
return 0; return 0;
} }
void usage_pop3(const char *service) {
printf("Module pop3 is optionally taking one authentication type of:\n"
" CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
" CRAM-SHA256, DIGEST-MD5, NTLM.\n"
"Additionally TLS encryption via STLS can be enforced with the TLS "
"option.\n\n"
"Example: pop3://target/TLS:PLAIN\n");
}

29
hydra-postgres.c
View file

@ -1,4 +1,3 @@
/* /*
* PostgresSQL Support - by Diaul (at) devilopers.org * PostgresSQL Support - by Diaul (at) devilopers.org
* *
@ -9,9 +8,7 @@
#include "hydra-mod.h" #include "hydra-mod.h"
#ifndef LIBPOSTGRES #ifndef LIBPOSTGRES
void dummy_postgres() { void dummy_postgres() { printf("\n"); }
printf("\n");
}
#else #else
#include "libpq-fe.h" // Postgres connection functions #include "libpq-fe.h" // Postgres connection functions
@ -21,7 +18,7 @@ void dummy_postgres() {
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
int start_postgres(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "";
char *login, *pass; char *login, *pass;
char database[256]; char database[256];
@ -43,7 +40,6 @@ int start_postgres(int s, char *ip, int port, unsigned char options, char *miscp
* Building the connection string * Building the connection string
*/ */
snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass); snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass);
if (verbose) if (verbose)
@ -66,21 +62,20 @@ int start_postgres(int s, char *ip, int port, unsigned char options, char *miscp
return 1; return 1;
} }
void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_POSTGRES, mysslport = PORT_POSTGRES_SSL; int32_t myport = PORT_POSTGRES, mysslport = PORT_POSTGRES_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return; return;
while (1) { while (1) {
switch (run) { switch (run) {
case 1: /* connect and service init function */ case 1: /* connect and service init function */
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(275000); // usleepn(275);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -89,11 +84,12 @@ void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FI
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
next_run = 2; next_run = 2;
@ -119,7 +115,7 @@ void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FI
#endif #endif
int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -132,3 +128,8 @@ int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr
return 0; return 0;
} }
void usage_postgres(const char *service) {
printf("Module postgres is optionally taking the database to attack, default "
"is \"template1\"\n\n");
}

385
hydra-radmin2.c Normal file
View file

@ -0,0 +1,385 @@
#include "hydra-mod.h"
#include <arpa/inet.h>
#include <unistd.h>
#ifdef HAVE_GCRYPT
#include <gcrypt.h>
#endif
extern char *HYDRA_EXIT;
// RAdmin 2.x
struct rmessage {
uint8_t magic; // Indicates version, probably?
uint32_t length; // Total message size of data.
uint32_t checksum; // Checksum from type to end of data.
uint8_t type; // Command type, table below.
unsigned char data[32]; // data to be sent.
};
/*
* Usage: sum = checksum(message);
* Function: Returns a 4 byte little endian sum of the messages typecode+data.
* This data is zero padded for alignment. Example message (big endian):
* [01][00000021][0f43d461] sum([1b6e779a f37189bb c1b22982 c80d1f4d 66678ff9
* 4b10f0ce eabff6e8 f4fb8338 3b] + zeropad(3)]) Sum: is 0f43d461 (big endian)
*/
uint32_t checksum(struct rmessage *msg) {
int32_t blen;
uint8_t *stream;
uint32_t sum;
blen = msg->length; // Get the real length.
blen += (4 - (blen % 4));
// Allocate a worksapce.
stream = calloc(blen, sizeof(uint8_t));
memcpy(stream, &msg->type, sizeof(uint8_t));
memcpy(stream + 1, msg->data, blen - 1);
sum = 0;
for (blen -= sizeof(uint32_t); blen > 0; blen -= sizeof(uint32_t)) {
sum += *(uint32_t *)(stream + blen);
}
sum += *(uint32_t *)stream;
// Free the workspace.
free(stream);
return sum;
}
/*
* Usage: challenge_request(message);
* Function: Modifies message to reflect a request for a challenge. Updates the
* checksum as appropriate.
*/
void challenge_request(struct rmessage *msg) {
msg->magic = 0x01;
msg->length = 0x01;
msg->type = 0x1b;
msg->checksum = checksum(msg);
}
/*
* Usage: challenge_request(message);
* Function: Modifies message to reflect a response to a challenge. Updates the
* checksum as appropriate.
*/
void challenge_response(struct rmessage *msg, unsigned char *solution) {
msg->magic = 0x01;
msg->length = 0x21;
msg->type = 0x09;
memcpy(msg->data, solution, 0x20);
msg->checksum = checksum(msg);
}
/*
* Usage: buffer = message2buffer(message); send(buffer, message->length + 10);
* free(buffer) Function: Allocates a buffer for transmission and fills the
* buffer with message data such that it is ready to transmit.
*/
// TODO: conver to a sendMessage() function?
char *message2buffer(struct rmessage *msg) {
char *data;
if (msg == NULL) {
hydra_report(stderr, "rmessage is null\n");
hydra_child_exit(0);
return NULL;
}
switch (msg->type) {
case 0x1b: // Challenge request
data = (char *)calloc(10, sizeof(char));
if (data == NULL) {
hydra_report(stderr, "calloc failure\n");
hydra_child_exit(0);
}
memcpy(data, &msg->magic, sizeof(char));
*((int32_t *)(data + 1)) = htonl(msg->length);
*((int32_t *)(data + 5)) = htonl(msg->checksum);
memcpy((data + 9), &msg->type, sizeof(char));
break;
case 0x09:
data = (char *)calloc(42, sizeof(char));
if (data == NULL) {
hydra_report(stderr, "calloc failure\n");
hydra_child_exit(0);
}
memcpy(data, &msg->magic, sizeof(char));
*((int32_t *)(data + 1)) = htonl(msg->length);
*((int32_t *)(data + 5)) = htonl(msg->checksum);
memcpy((data + 9), &msg->type, sizeof(char));
memcpy((data + 10), msg->data, sizeof(char) * 32);
break;
default:
hydra_report(stderr, "unknown rmessage type\n");
hydra_child_exit(0);
return NULL;
}
return data;
}
struct rmessage *buffer2message(char *buffer) {
struct rmessage *msg;
msg = calloc(1, sizeof(struct rmessage));
if (msg == NULL) {
hydra_report(stderr, "calloc failure\n");
hydra_child_exit(0);
}
// Start parsing...
msg->magic = buffer[0];
buffer += sizeof(char);
msg->length = ntohl(*((uint32_t *)(buffer)));
buffer += sizeof(uint32_t);
msg->checksum = ntohl(*((uint32_t *)(buffer)));
buffer += sizeof(uint32_t);
msg->type = buffer[0];
buffer += sizeof(char);
// Verify known fields...
if (msg->magic != 0x01) {
hydra_report(stderr, "Bad magic\n");
hydra_child_exit(0);
return NULL;
}
switch (msg->type) {
case 0x1b:
if (msg->length != 0x21) {
hydra_report(stderr, "Bad length...%08x\n", msg->length);
hydra_child_exit(0);
return NULL;
}
memcpy(msg->data, buffer, 32);
break;
case 0x0a:
// Win!
case 0x0b:
// Lose!
break;
default:
hydra_report(stderr, "unknown rmessage type");
hydra_child_exit(0);
return NULL;
}
return msg;
}
int32_t start_radmin2(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { return 0; }
void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
#ifdef HAVE_GCRYPT
int32_t sock = -1;
int32_t index;
int32_t bytecount;
char *request;
struct rmessage *msg;
int32_t myport = PORT_RADMIN2;
char buffer[42];
char password[101];
uint8_t rawkey[16];
uint8_t *IV = "\xFE\xDC\xBA\x98\x76\x54\x32\x10\xA3\x9D\x4A\x18\xF8\x5B\x4A\x52";
uint8_t encrypted[32];
gcry_error_t err;
gcry_cipher_hd_t cipher;
gcry_md_hd_t md;
if (port != 0) {
myport = port;
}
gcry_check_version(NULL);
memset(buffer, 0x00, sizeof(buffer));
// Phone the mother ship
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
return;
}
while (1) {
/* Typical conversation goes as follows...
0) connect to server
1) request challenge
2) receive 32 byte challenge response
3) send 32 byte challenge solution
4) receive 1 byte auth success/fail message
*/
// 0) Connect to the server
sock = hydra_connect_tcp(ip, myport);
if (sock < 0) {
hydra_report(stderr, "Error: Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
// 1) request challenge (working)
msg = calloc(1, sizeof(struct rmessage));
challenge_request(msg);
request = message2buffer(msg);
hydra_send(sock, request, 10, 0);
free(msg);
free(request);
// 2) receive response (working)
index = 0;
while (index < 42) { // We're always expecting back a 42 byte buffer from a
// challenge request.
switch (hydra_data_ready(sock)) {
case -1:
hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno));
hydra_child_exit(1);
break;
case 0:
// keep waiting...
break;
default:
bytecount = hydra_recv(sock, buffer + index, 42 - index);
if (bytecount < 0) {
hydra_report(stderr,
"Error: Child with pid %d terminating, receive "
"error\nerror:\t%s\n",
(int32_t)getpid(), strerror(errno));
hydra_child_exit(1);
}
index += bytecount;
}
}
// 3) Send challenge solution.
// Get a password to work with.
memset(password, 0x00, sizeof(password));
memset(encrypted, 0x00, sizeof(encrypted));
hydra_get_next_pair();
strncpy(password, hydra_get_next_password(), sizeof(password) - 1);
// MD5 the password to generate the password key, this is used with twofish
// below.
err = gcry_md_open(&md, GCRY_MD_MD5, 0);
if (err) {
hydra_report(stderr,
"Error: Child with pid %d terminating, gcry_md_open error "
"(%08x)\n%s/%s",
(int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
hydra_child_exit(1);
}
gcry_md_reset(md);
gcry_md_write(md, password, 100);
if (gcry_md_read(md, 0) == NULL) {
hydra_report(stderr, "Error: Child with pid %d terminating, gcry_md_read error (%08x)\n", (int32_t)getpid(), index);
hydra_child_exit(1);
}
memcpy(rawkey, gcry_md_read(md, 0), 16);
gcry_md_close(md);
// 3.a) generate a new message from the buffer
msg = buffer2message(buffer);
// 3.b) encrypt data received using pkey & known IV
err = gcry_cipher_open(&cipher, GCRY_CIPHER_TWOFISH128, GCRY_CIPHER_MODE_CBC, 0);
if (err) {
hydra_report(stderr,
"Error: Child with pid %d terminating, gcry_cipher_open "
"error (%08x)\n%s/%s",
(int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
hydra_child_exit(1);
}
err = gcry_cipher_setiv(cipher, IV, 16);
if (err) {
hydra_report(stderr,
"Error: Child with pid %d terminating, gcry_cipher_setiv "
"error (%08x)\n%s/%s",
(int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
hydra_child_exit(1);
}
err = gcry_cipher_setkey(cipher, rawkey, 16);
if (err) {
hydra_report(stderr,
"Error: Child with pid %d terminating, gcry_cipher_setkey "
"error (%08x)\n%s/%s",
(int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
hydra_child_exit(1);
}
err = gcry_cipher_encrypt(cipher, encrypted, 32, msg->data, 32);
if (err) {
hydra_report(stderr,
"Error: Child with pid %d terminating, gcry_cipher_encrypt "
"error (%08x)\n%s/%s",
(int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
hydra_child_exit(1);
}
gcry_cipher_close(cipher);
// 3.c) half sum - this is the solution to the challenge.
for (index = 0; index < 16; index++) {
*(encrypted + index) += *(encrypted + index + 16);
}
memset((encrypted + 16), 0x00, 16);
// 3.d) send half sum
challenge_response(msg, encrypted);
request = message2buffer(msg);
hydra_send(sock, request, 42, 0);
free(msg);
free(request);
// 4) receive auth success/failure
index = 0;
while (index < 10) { // We're always expecting back a 42 byte buffer from a
// challenge request.
switch (hydra_data_ready(sock)) {
case -1:
hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno));
hydra_child_exit(1);
break;
case 0:
// keep waiting...
break;
default:
bytecount = hydra_recv(sock, buffer + index, 10 - index);
if (bytecount < 0) {
hydra_report(stderr,
"Error: Child with pid %d terminating, receive "
"error\nerror:\t%s\n",
(int32_t)getpid(), strerror(errno));
hydra_child_exit(1);
}
index += bytecount;
}
}
msg = buffer2message(buffer);
switch (msg->type) {
case 0x0a:
hydra_completed_pair_found();
break;
case 0x0b:
hydra_completed_pair();
hydra_disconnect(sock);
break;
default:
hydra_report(stderr, "Error: Child with pid %d terminating, protocol error\n", (int32_t)getpid());
hydra_child_exit(2);
}
}
#endif
}
int32_t service_radmin2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

3230
hydra-rdp.c
View file

File diff suppressed because it is too large Load diff

122
hydra-redis.c
View file

@ -3,14 +3,22 @@
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf; char *buf;
int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *pass, buffer[510]; char *pass, buffer[510];
char *empty = ""; char *empty = "";
if (strlen(pass = hydra_get_next_password()) == 0) if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty; pass = empty;
sprintf(buffer, "AUTH %.250s\r\n", pass); char pass_num[50];
int32_t pass_len = strlen(pass);
snprintf(pass_num, 50, "%d", pass_len);
memset(buffer, 0, sizeof(buffer));
sprintf(buffer, "*2\r\n$4\r\nAUTH\r\n$%.50s\r\n%.250s\r\n", pass_num, pass);
if (debug)
hydra_report(stderr, "[DEBUG] Auth:\n %s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1; return 1;
@ -21,21 +29,31 @@ int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr,
hydra_completed_pair_found(); hydra_completed_pair_found();
free(buf); free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3; return 4;
return 1; return 1;
} }
if (buf[0] == '-') {
if (verbose > 1) if (verbose > 1)
hydra_report(stderr, "[VERBOSE] Authentication failed for password %s\n", pass); hydra_report(stderr, "[VERBOSE] Authentication failed for password %s\n", pass);
hydra_completed_pair(); hydra_completed_pair();
free(buf); free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 4;
return 2;
} else {
hydra_report(stderr, "[ERROR] Redis service shutdown.\n");
free(buf);
return 3;
}
/* not reached */
return 1; return 1;
} }
void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, int tls) { void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, int32_t tls) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -54,15 +72,15 @@ void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr,
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
if (verbose || debug) if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
usleep(250); usleepn(250);
next_run = 2; next_run = 2;
break; break;
case 2: /* run the cracking function */ case 2: /* run the cracking function */
@ -72,10 +90,12 @@ void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr,
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
hydra_child_exit(2); hydra_child_exit(2);
break;
case 4: /* clean exit */ case 4: /* clean exit */
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
hydra_child_exit(0); hydra_child_exit(0);
break;
default: default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2); hydra_child_exit(2);
@ -84,20 +104,84 @@ void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr,
} }
} }
void service_redis(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_redis_core(ip, sp, options, miscptr, fp, port, hostname, 0); }
service_redis_core(ip, sp, options, miscptr, fp, port, 0);
}
int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { /*
* Initial password authentication test and response test for the redis server,
* added by Petar Kaleychev <petar.kaleychev@gmail.com>
* The service_redis_init function is generating ping request as redis-cli
* (command line interface). You can use redis-cli to connect with Redis. After
* start of the redis-server in another terminal the following: % ./redis-cli
* redis> ping
* when the server does not require password, leads to:
* PONG
* when the server requires password, leads to:
* (error) NOAUTH Authentication required.
* or
* (error) ERR operation not permitted (for older redis versions)
* That is used for initial password authentication and redis server response
* tests in service_redis_init
*/
int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
//
// fill if needed.
//
// return codes: // return codes:
// 0 all OK // 0 - when the server is redis and it requires password
// -1 error, hydra will exit, so print a good error message here // n - when the server is not redis or when the server does not require
// password
int32_t sock = -1;
int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL;
char buffer[] = "*1\r\n$4\r\nping\r\n";
hydra_register_socket(sp);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (verbose)
printf("[VERBOSE] Initial redis password authentication test and response "
"test ...\n");
if (sock < 0) {
hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", myport);
return 3;
}
// generating ping request as redis-cli
if (debug)
printf("[DEBUG] buffer = %s\n", buffer);
// [debug mode]: buffer is:
// *1
// $4
// ping
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
return 2;
}
buf = hydra_receive_line(sock);
if (debug)
printf("[DEBUG] buf = %s\n", buf);
// authentication test
if (strstr(buf, "+PONG") != NULL) { // the server does not require password
hydra_report(stderr, "[!] The server %s does not require password.\n", hostname);
free(buf);
return 2;
}
// server response test
if (strstr(buf, "-NOAUTH Authentication required") == NULL && strstr(buf, "-ERR operation not permitted") == NULL) {
hydra_report(stderr, "[ERROR] The server is not redis, exit.\n");
free(buf);
return 2;
}
if (verbose)
printf("[VERBOSE] The redis server requires password.\n");
free(buf);
sock = hydra_disconnect(sock);
return 0; return 0;
} }

20
hydra-rexec.c
View file

@ -5,12 +5,11 @@
#define COMMAND "/bin/ls /" #define COMMAND "/bin/ls /"
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf;
int start_rexec(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_rexec(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "";
char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2;
int ret; int32_t ret;
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
@ -45,9 +44,9 @@ int start_rexec(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1; return 1;
} }
void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_REXEC, mysslport = PORT_REXEC_SSL; int32_t myport = PORT_REXEC, mysslport = PORT_REXEC_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -59,7 +58,7 @@ void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE
{ {
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(275000); // usleepn(275);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -68,11 +67,11 @@ void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
next_run = 2; next_run = 2;
@ -89,13 +88,12 @@ void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE
default: default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0); hydra_child_exit(0);
} }
run = next_run; run = next_run;
} }
} }
int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_rexec_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.

26
hydra-rlogin.c
View file

@ -8,16 +8,14 @@ client have to use port from 512 -> 1023 or server is denying the connection
no memleaks found on 110425 no memleaks found on 110425
*/ */
#define TERM "vt100/9600" #define TERM "vt100/9600"
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf;
int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "";
char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2;
int ret; int32_t ret;
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
@ -61,8 +59,7 @@ int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr
memset(buffer, 0, sizeof(buffer)); memset(buffer, 0, sizeof(buffer));
ret = hydra_recv(s, buffer, sizeof(buffer)); ret = hydra_recv(s, buffer, sizeof(buffer));
if (strcmp(buffer, "\r\n")) if (strcmp(buffer, "\r\n"))
ret = hydra_recv(s, buffer, sizeof(buffer) - 1); if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0)
if (ret >= 0)
buffer[ret] = 0; buffer[ret] = 0;
} }
/* Authentication failure */ /* Authentication failure */
@ -80,7 +77,8 @@ int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr
hydra_completed_pair(); hydra_completed_pair();
} }
} else { } else {
/* if password is asked a second time, it means the pass we provided is wrong */ /* if password is asked a second time, it means the pass we provided is
* wrong */
hydra_completed_pair(); hydra_completed_pair();
} }
@ -89,9 +87,9 @@ int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr
return 1; return 1;
} }
void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL; int32_t myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
@ -106,7 +104,7 @@ void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE
hydra_set_srcport(1023); hydra_set_srcport(1023);
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(275000); // usleepn(275);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -115,11 +113,11 @@ void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
next_run = 2; next_run = 2;
@ -141,7 +139,7 @@ void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE
} }
} }
int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.

166
hydra-rpcap.c Normal file
View file

@ -0,0 +1,166 @@
// rpcap
// Petar Kaleychev
#include "hydra-mod.h"
extern char *HYDRA_EXIT;
char *buf;
int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, buffer[1024];
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
char bfr1[] = "\x00";
char bfr2[] = "\x08";
char bfr3[] = "\x00\x00\x00\x00\x00";
char bfr4[] = " ";
bfr4[0] = strlen(login) + strlen(pass) + 8;
char bfr5[] = "\x00";
char bfr6[] = "\x01"; // x01 - when a password is required, x00 - when no need
// of password
char bfr7[] = "\x00\x00\x00";
char bfr8[] = " ";
bfr8[0] = strlen(login);
char bfr9[] = "\x00";
char bfr10[] = " ";
bfr10[0] = strlen(pass);
memset(buffer, 0, sizeof(buffer));
memcpy(buffer, bfr1, 1);
memcpy(buffer + 1, bfr2, 1);
memcpy(buffer + 2, bfr3, 5);
memcpy(buffer + 7, bfr4, 1);
memcpy(buffer + 8, bfr5, 1);
memcpy(buffer + 9, bfr6, 1);
memcpy(buffer + 10, bfr7, 3);
memcpy(buffer + 13, bfr8, 1);
memcpy(buffer + 14, bfr9, 1);
memcpy(buffer + 15, bfr10, 1);
memcpy(buffer + 16, login, strlen(login));
memcpy(buffer + 16 + strlen(login), pass, strlen(pass));
if (hydra_send(s, buffer, 16 + strlen(login) + strlen(pass), 0) < 0) {
return 1;
}
buf = hydra_receive_line(s);
if (buf[1] == '\x88') {
hydra_report_found_host(port, ip, "rpcap", fp);
hydra_completed_pair_found();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
/*
if (strstr(buf, "Logon failure") == NULL) {
hydra_report(stderr, "[ERROR] rpcap error or service shutdown: %s\n",
buf); free(buf); return 4;
}
*/
free(buf);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_RPCAP, mysslport = PORT_RPCAP_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_rpcap(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
break;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, performed once only.
// return codes:
// 0 - rpcap with authentication
// 1 - rpcap error or no need of authentication
int32_t sock = -1;
int32_t myport = PORT_RPCAP, mysslport = PORT_RPCAP_SSL;
char buffer[] = "\x00\x08\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00";
hydra_register_socket(sp);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", myport);
hydra_child_exit(1);
}
if (hydra_send(sock, buffer, 16, 0) < 0) {
return 1;
}
buf = hydra_receive_line(sock);
if (strstr(buf, "NULL authentication not permitted") == NULL) {
hydra_report(stderr, "[!] rpcap error or no need of authentication!\n");
free(buf);
return 1;
}
free(buf);
sock = hydra_disconnect(sock);
return 0;
}

27
hydra-rsh.c
View file

@ -11,12 +11,11 @@ no memleaks found on 110425
*/ */
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf;
int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "";
char *login, buffer[300] = "", buffer2[100], *bptr = buffer2; char *login, buffer[300] = "", buffer2[100], *bptr = buffer2;
int ret; int32_t ret;
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
@ -37,12 +36,10 @@ int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, F
} }
buffer[0] = 0; buffer[0] = 0;
if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) >= 0) if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0)
buffer[ret] = 0; buffer[ret] = 0;
/* 0x00 is sent but hydra_recv transformed it */ else /* 0x00 is sent but hydra_recv transformed it */
if (strlen(buffer) == 0) if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0)
ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
if (ret >= 0)
buffer[ret] = 0; buffer[ret] = 0;
#ifdef HAVE_PCRE #ifdef HAVE_PCRE
if (ret > 0 && (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)"))) { if (ret > 0 && (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)"))) {
@ -60,9 +57,9 @@ int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 1; return 1;
} }
void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_RSH, mysslport = PORT_RSH_SSL; int32_t myport = PORT_RSH, mysslport = PORT_RSH_SSL;
hydra_register_socket(sp); hydra_register_socket(sp);
@ -76,7 +73,7 @@ void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE *
hydra_set_srcport(1023); hydra_set_srcport(1023);
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(275000); // usleepn(275);
if ((options & OPTION_SSL) == 0) { if ((options & OPTION_SSL) == 0) {
if (port != 0) if (port != 0)
myport = port; myport = port;
@ -85,11 +82,11 @@ void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
next_run = 2; next_run = 2;
@ -111,7 +108,7 @@ void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} }
} }
int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_rsh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.

240
hydra-rtsp.c Normal file
View file

@ -0,0 +1,240 @@
//
// hydra-rtsp.c
// hydra-rtsp
//
// Created by Javier Sánchez on 18/04/15.
//
//
#include "hydra-mod.h"
#include "sasl.h"
#include <stdio.h>
#include <string.h>
extern char *HYDRA_EXIT;
char packet[500];
char packet2[500];
int32_t is_Unauthorized(char *s) {
if (strstr(s, "401 Unauthorized") != NULL) {
return 1;
} else {
return 0;
}
}
int32_t is_NotFound(char *s) {
if (strstr(s, "404 Stream Not Found") != NULL) {
return 1;
} else {
return 0;
}
}
int32_t is_Authorized(char *s) {
if (strstr(s, "200 OK") != NULL) {
return 1;
} else {
return 0;
}
}
int32_t use_Basic_Auth(char *s) {
if (strstr(s, "WWW-Authenticate: Basic") != NULL) {
return 1;
} else {
return 0;
}
}
int32_t use_Digest_Auth(char *s) {
if (strstr(s, "WWW-Authenticate: Digest") != NULL) {
return 1;
} else {
return 0;
}
}
void create_core_packet(int32_t control, char *ip, int32_t port) {
char *target = hydra_address2string(ip);
if (control == 0) {
if (strlen(packet) <= 0) {
sprintf(packet, "DESCRIBE rtsp://%.260s:%i RTSP/1.0\r\nCSeq: 2\r\n\r\n", target, port);
}
} else {
if (strlen(packet2) <= 0) {
sprintf(packet2, "DESCRIBE rtsp://%.260s:%i RTSP/1.0\r\nCSeq: 3\r\n", target, port);
}
}
}
int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, buffer[1030], buffer2[500];
char *lresp;
memset(buffer, 0, sizeof(buffer));
memset(buffer2, 0, sizeof(buffer2));
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
create_core_packet(0, ip, port);
if (hydra_send(s, packet, strlen(packet), 0) < 0) {
return 1;
}
lresp = hydra_receive_line(s);
if (lresp == NULL) {
hydra_report(stderr, "[ERROR] no server reply\n");
return 1;
}
if (is_NotFound(lresp)) {
free(lresp);
hydra_report(stderr, "[INFO] Server does not need credentials\n");
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
return 3;
}
return 1;
} else {
create_core_packet(1, ip, port);
if (use_Basic_Auth(lresp) == 1) {
free(lresp);
sprintf(buffer2, "%.249s:%.249s", login, pass);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.500sAuthorization: : Basic %.500s\r\n\r\n", packet2, buffer2);
if (debug) {
hydra_report(stderr, "C:%s\n", buffer);
}
} else {
if (use_Digest_Auth(lresp) == 1) {
char aux[500] = "", dbuf[500] = "", *result = NULL;
char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest ");
strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(aux));
aux[sizeof(aux) - 1] = '\0';
free(lresp);
#ifdef LIBOPENSSL
result = sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, "");
#else
hydra_report(stderr, "[ERROR] Digest auth required but compiled "
"without OpenSSL/MD5 support\n");
return 3;
#endif
if (result == NULL) {
hydra_report(stderr, "[ERROR] digest generation failed\n");
return 3;
}
sprintf(buffer, "%.500sAuthorization: Digest %.500s\r\n\r\n", packet2, dbuf);
if (debug) {
hydra_report(stderr, "C:%s\n", buffer);
}
}
}
if (strlen(buffer) == 0) {
hydra_report(stderr, "[ERROR] could not identify HTTP authentication used\n");
return 1;
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
lresp = NULL;
lresp = hydra_receive_line(s);
if (lresp == NULL) {
hydra_report(stderr, "[ERROR] no server reply\n");
return 1;
}
if ((is_NotFound(lresp))) {
free(lresp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
return 3;
}
return 1;
}
free(lresp);
hydra_completed_pair();
}
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
// not rechead
return 2;
}
void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_RTSP /*, mysslport = PORT_RTSP_SSL*/;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0) {
sock = hydra_disconnect(sock);
}
if ((options & OPTION_SSL) == 0) {
if (port != 0) {
myport = port;
}
sock = hydra_connect_tcp(ip, myport);
port = myport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_rtsp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0) {
sock = hydra_disconnect(sock);
}
hydra_child_exit(0);
break;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

53
hydra-s7-300.c
View file

@ -1,4 +1,5 @@
// submitted by Alexander Timorin <ATimorin@ptsecurity.com> and Sergey Gordeychik // submitted by Alexander Timorin <ATimorin@ptsecurity.com> and Sergey
// Gordeychik
#include "hydra-mod.h" #include "hydra-mod.h"
@ -6,22 +7,30 @@
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" "\x01\x0a"; unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17"
"\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0"
"\x01\x0a";
unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" "\x01\x00\x01\x01\xe0"; unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00"
"\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00"
"\x01\x00\x01\x01\xe0";
unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" "\x32\x00\x04"; unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00"
"\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12"
"\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01"
"\x32\x00\x04";
unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" "\x04\x11\x45\x01\x00\xff\x09\x00\x08"; unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00"
"\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12"
"\x04\x11\x45\x01\x00\xff\x09\x00\x08";
int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = ""; char *empty = "";
char *pass, buffer[1024]; char *pass, buffer[1024];
char context[S7PASSLEN + 1]; char context[S7PASSLEN + 1];
unsigned char encoded_password[S7PASSLEN]; unsigned char encoded_password[S7PASSLEN];
char *spaces = " "; char *spaces = " ";
int ret = -1; int32_t ret = -1;
if (strlen(pass = hydra_get_next_password()) == 0) if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty; pass = empty;
@ -38,7 +47,7 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr
// encode password // encode password
encoded_password[0] = context[0] ^ 0x55; encoded_password[0] = context[0] ^ 0x55;
encoded_password[1] = context[1] ^ 0x55; encoded_password[1] = context[1] ^ 0x55;
int i; int32_t i;
for (i = 2; i < S7PASSLEN; i++) { for (i = 2; i < S7PASSLEN; i++) {
encoded_password[i] = context[i] ^ encoded_password[i - 2] ^ 0x55; encoded_password[i] = context[i] ^ encoded_password[i - 2] ^ 0x55;
@ -124,9 +133,9 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr
return 1; return 1;
} }
void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int s7port = PORT_S7_300; int32_t s7port = PORT_S7_300;
if (port != 0) if (port != 0)
s7port = port; s7port = port;
@ -139,7 +148,7 @@ void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE
case 1: /* connect and service init function */ case 1: /* connect and service init function */
sock = hydra_connect_tcp(ip, s7port); sock = hydra_connect_tcp(ip, s7port);
if (sock < 0) { if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
next_run = start_s7_300(sock, ip, s7port, options, miscptr, fp); next_run = start_s7_300(sock, ip, s7port, options, miscptr, fp);
@ -163,7 +172,7 @@ void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE
} }
} }
int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -175,15 +184,15 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr,
// 1 skip target without generating an error // 1 skip target without generating an error
// 2 skip target because of protocol problems // 2 skip target because of protocol problems
// 3 skip target because its unreachable // 3 skip target because its unreachable
int sock = -1; int32_t sock = -1;
int s7port = PORT_S7_300; int32_t s7port = PORT_S7_300;
char *empty = ""; char *empty = "";
char *pass, buffer[1024]; char *pass, buffer[1024];
char context[S7PASSLEN + 1]; char context[S7PASSLEN + 1];
unsigned char encoded_password[S7PASSLEN]; unsigned char encoded_password[S7PASSLEN];
char *spaces = " "; char *spaces = " ";
int ret = -1; int32_t ret = -1;
int i; int32_t i;
if (port != 0) if (port != 0)
s7port = port; s7port = port;
@ -276,7 +285,8 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr,
// 0xd602 - wrong password // 0xd602 - wrong password
if (ret > 30) { if (ret > 30) {
if ((buffer[27] == '\x00' && buffer[28] == '\x00') || (buffer[27] == '\xd6' && buffer[28] == '\x05')) { if ((buffer[27] == '\x00' && buffer[28] == '\x00') || (buffer[27] == '\xd6' && buffer[28] == '\x05')) {
hydra_report(stderr, "[INFO] No password protection enabled, no password tests are necessary!\n"); hydra_report(stderr, "[INFO] No password protection enabled, no password "
"tests are necessary!\n");
return 1; return 1;
} }
} }
@ -285,3 +295,8 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr,
return 0; return 0;
} }
void usage_s7_300(const char *service) {
printf("Module S7-300 is for a special Siemens PLC. It either requires only a "
"password or no authentication, so just use the -p or -P option.\n\n");
}

32
hydra-sapr3.c
View file

@ -1,34 +1,33 @@
#include "hydra-mod.h" #include "hydra-mod.h"
// checked for memleaks on 110425, none found // checked for memleaks on 110425, none found
#ifndef LIBSAPR3 #ifndef LIBSAPR3
void dummy_sapr3() { void dummy_sapr3() { printf("\n"); }
printf("\n");
}
#else #else
#include <saprfc.h>
#include <ctype.h> #include <ctype.h>
#include <saprfc.h>
/* temporary workaround fix */ /* temporary workaround fix */
const int *__ctype_tolower; const int32_t *__ctype_tolower;
const int *__ctype_toupper; const int32_t *__ctype_toupper;
const int *__ctype_b; const int32_t *__ctype_b;
extern void flood(); /* for -lm */ extern void flood(); /* for -lm */
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
RFC_ERROR_INFO_EX error_info; RFC_ERROR_INFO_EX error_info;
int start_sapr3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
RFC_HANDLE handle; RFC_HANDLE handle;
char *empty = ""; char *empty = "";
char *login, *pass, buffer[1024]; char *login, *pass, buffer[1024];
char *buf; char *buf;
int i; int32_t i;
int sysnr = port % 100; int32_t sysnr = port % 100;
char opts[] = "RFCINI=N RFCTRACE=N BALANCE=N DEBUG=N TRACE=0 ABAP_DEBUG=0"; char opts[] = "RFCINI=N RFCTRACE=N BALANCE=N DEBUG=N TRACE=0 ABAP_DEBUG=0";
// char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y ABAP_DEBUG=Y"; // char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y
// ABAP_DEBUG=Y";
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
@ -66,7 +65,8 @@ int start_sapr3(int s, char *ip, int port, unsigned char options, char *miscptr,
// printf ("DEBUG: %d Connectstring \"%s\"\n",sizeof(error_info),buffer); // printf ("DEBUG: %d Connectstring \"%s\"\n",sizeof(error_info),buffer);
handle = RfcOpenEx(buffer, &error_info); handle = RfcOpenEx(buffer, &error_info);
//printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key, error_info.message); // printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key,
// error_info.message);
if (handle <= RFC_HANDLE_NULL) if (handle <= RFC_HANDLE_NULL)
return 3; return 3;
@ -89,8 +89,8 @@ int start_sapr3(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1; return 1;
} }
void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp); hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -117,7 +117,7 @@ void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE
#endif #endif
int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -130,3 +130,5 @@ int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, F
return 0; return 0;
} }
void usage_sapr3(const char *service) { printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); }

102
hydra-sip.c
View file

@ -1,4 +1,3 @@
/* simple sip digest auth (md5) module 2009/02/19 /* simple sip digest auth (md5) module 2009/02/19
* written by gh0st 2005 * written by gh0st 2005
* modified by Jean-Baptiste Aviat <jba [at] hsc [dot] `french tld`> - should * modified by Jean-Baptiste Aviat <jba [at] hsc [dot] `french tld`> - should
@ -6,37 +5,41 @@
* *
* 05042011 david: modified to use sasl lib * 05042011 david: modified to use sasl lib
*/ */
#include "hydra-mod.h"
#ifndef LIBOPENSSL #ifndef LIBOPENSSL
#include <stdio.h> #include <stdio.h>
void dummy_sip() { void dummy_sip() { printf("\n"); }
printf("\n");
}
#else #else
#include "sasl.h" #include "sasl.h"
#include "hydra-mod.h" #include <stdint.h>
extern int hydra_data_ready_timed(int socket, long sec, long usec); extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
char external_ip_addr[17] = ""; char external_ip_addr[17] = "";
char *get_iface_ip(unsigned long int ip); char *get_iface_ip(uint64_t ip);
int cseq; int32_t cseq;
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
#define SIP_MAX_BUF 1024 #define SIP_MAX_BUF 1024
void empty_register(char *buf, char *host, char *lhost, int port, int lport, char *user) { void empty_register(char *buf, char *host, char *lhost, int32_t port, int32_t lport, char *user) {
memset(buf, 0, SIP_MAX_BUF); memset(buf, 0, SIP_MAX_BUF);
snprintf(buf, SIP_MAX_BUF, snprintf(buf, SIP_MAX_BUF,
"REGISTER sip:%s SIP/2.0\r\n" "REGISTER sip:%s SIP/2.0\r\n"
"Via: SIP/2.0/UDP %s:%i\r\n" "Via: SIP/2.0/UDP %s:%i\r\n"
"From: <sip:%s@%s>\r\n" "From: <sip:%s@%s>\r\n"
"To: <sip:%s@%s>\r\n" "Call-ID: 1337@%s\r\n" "CSeq: %i REGISTER\r\n" "Content-Length: 0\r\n\r\n", host, lhost, lport, user, host, user, host, host, cseq); "To: <sip:%s@%s>\r\n"
"Call-ID: 1337@%s\r\n"
"CSeq: %i REGISTER\r\n"
"Content-Length: 0\r\n\r\n",
host, lhost, lport, user, host, user, host, host, cseq);
} }
int get_sip_code(char *buf) { int32_t get_sip_code(char *buf) {
int code; int32_t code;
char tmpbuf[SIP_MAX_BUF], word[SIP_MAX_BUF]; char tmpbuf[SIP_MAX_BUF], word[SIP_MAX_BUF];
if (sscanf(buf, "%s %i %s", tmpbuf, &code, word) != 3) if (sscanf(buf, "%s %i %s", tmpbuf, &code, word) != 3)
@ -44,13 +47,13 @@ int get_sip_code(char *buf) {
return code; return code;
} }
int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char options, char *miscptr, FILE * fp) { int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, unsigned char options, char *miscptr, FILE *fp) {
char *login, *pass, *host, buffer[SIP_MAX_BUF]; char *login, *pass, *host, buffer[SIP_MAX_BUF], *result = NULL;
int i; int32_t i;
char buf[SIP_MAX_BUF]; char buf[SIP_MAX_BUF];
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = NULL; return 3;
if (strlen(pass = hydra_get_next_password()) == 0) if (strlen(pass = hydra_get_next_password()) == 0)
pass = NULL; pass = NULL;
@ -67,13 +70,15 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
return 3; return 3;
} }
int has_sip_cred = 0; int32_t has_sip_cred = 0;
int try = 0; int32_t try
= 0;
/* We have to check many times because server may begin to send "100 Trying" /* We have to check many times because server may begin to send "100 Trying"
* before "401 Unauthorized" */ * before "401 Unauthorized" */
while (try < 2 && !has_sip_cred) { while (try < 2 && !has_sip_cred) {
try++; try
++;
if (hydra_data_ready_timed(s, 3, 0) > 0) { if (hydra_data_ready_timed(s, 3, 0) > 0) {
i = hydra_recv(s, (char *)buf, sizeof(buf) - 1); i = hydra_recv(s, (char *)buf, sizeof(buf) - 1);
if (i > 0) if (i > 0)
@ -84,17 +89,21 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
} }
if (strncmp(buf, "SIP/2.0 606", 11) == 0) { if (strncmp(buf, "SIP/2.0 606", 11) == 0) {
char *ptr = NULL; char *ptr = NULL;
int i = 0; int32_t i = 0;
// if we already tried to connect, exit // if we already tried to connect, exit
if (external_ip_addr[0]) { if (external_ip_addr[0]) {
hydra_report(stdout, "[ERROR] Get error code 606 : session is not acceptable by the server\n"); hydra_report(stdout, "[ERROR] Get error code 606 : session is not "
"acceptable by the server\n");
return 2; return 2;
} }
if (verbose) if (verbose)
hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not acceptable by the server,\n" hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not "
"maybe it's an addressing issue as you are using NAT, trying to reconnect\n" "using addr from the server reply\n"); "acceptable by the server,\n"
"maybe it's an addressing issue as you are "
"using NAT, trying to reconnect\n"
"using addr from the server reply\n");
/* /*
SIP/2.0 606 Not Acceptable SIP/2.0 606 Not Acceptable
Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137 Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137
@ -129,7 +138,9 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
hydra_report(stderr, "[INFO] S: %s\n", buf); hydra_report(stderr, "[INFO] S: %s\n", buf);
char buffer2[512]; char buffer2[512];
sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL); result = sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL);
if (result == NULL)
return 3;
memset(buffer, 0, SIP_MAX_BUF); memset(buffer, 0, SIP_MAX_BUF);
snprintf(buffer, SIP_MAX_BUF, snprintf(buffer, SIP_MAX_BUF,
@ -137,7 +148,11 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
"Via: SIP/2.0/UDP %s:%i\n" "Via: SIP/2.0/UDP %s:%i\n"
"From: <sip:%s@%s>\n" "From: <sip:%s@%s>\n"
"To: <sip:%s@%s>\n" "To: <sip:%s@%s>\n"
"Call-ID: 1337@%s\n" "CSeq: %i REGISTER\n" "Authorization: Digest %s\n" "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2); "Call-ID: 1337@%s\n"
"CSeq: %i REGISTER\n"
"Authorization: Digest %s\n"
"Content-Length: 0\n\n",
host, lip, lport, login, host, login, host, host, cseq, buffer2);
cseq++; cseq++;
if (debug) if (debug)
@ -145,12 +160,14 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 3; return 3;
} }
try = 0; try
int has_resp = 0; = 0;
int sip_code = 0; int32_t has_resp = 0;
int32_t sip_code = 0;
while (try < 2 && !has_resp) { while (try < 2 && !has_resp) {
try++; try
++;
if (hydra_data_ready_timed(s, 5, 0) > 0) { if (hydra_data_ready_timed(s, 5, 0) > 0) {
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
if ((i = hydra_recv(s, (char *)buf, sizeof(buf) - 1)) >= 0) if ((i = hydra_recv(s, (char *)buf, sizeof(buf) - 1)) >= 0)
@ -176,24 +193,25 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
return 1; return 1;
} }
void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int myport = PORT_SIP, mysslport = PORT_SIP_SSL; int32_t myport = PORT_SIP, mysslport = PORT_SIP_SSL;
char *lip = get_iface_ip((int) *(&ip[1])); char *lip = get_iface_ip((int32_t) * (&ip[1]));
hydra_register_socket(sp); hydra_register_socket(sp);
// FIXME IPV6 // FIXME IPV6
if (ip[0] != 4) { if (ip[0] != 4) {
fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are appreciated.\n"); fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are "
"appreciated.\n");
hydra_child_exit(2); hydra_child_exit(2);
} }
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
run = 3; run = 3;
int lport = 0; int32_t lport = 0;
while (1) { while (1) {
switch (run) { switch (run) {
@ -212,13 +230,13 @@ void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} else { } else {
if (port != 0) if (port != 0)
mysslport = port; mysslport = port;
sock = hydra_connect_ssl(ip, mysslport); sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport; port = mysslport;
} }
if (sock < 0) { if (sock < 0) {
if (verbose || debug) if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
free(lip); free(lip);
hydra_child_exit(1); hydra_child_exit(1);
} }
@ -246,8 +264,8 @@ void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} }
} }
char *get_iface_ip(unsigned long int ip) { char *get_iface_ip(uint64_t ip) {
int sfd; int32_t sfd;
sfd = socket(AF_INET, SOCK_DGRAM, 0); sfd = socket(AF_INET, SOCK_DGRAM, 0);
@ -263,7 +281,7 @@ char *get_iface_ip(unsigned long int ip) {
return NULL; return NULL;
} }
struct sockaddr_in *local = malloc(sizeof(struct sockaddr_in)); struct sockaddr_in *local = malloc(sizeof(struct sockaddr_in));
int size = sizeof(struct sockaddr_in); int32_t size = sizeof(struct sockaddr_in);
if (getsockname(sfd, (void *)local, (socklen_t *)&size)) { if (getsockname(sfd, (void *)local, (socklen_t *)&size)) {
perror("getsockname"); perror("getsockname");
@ -289,7 +307,7 @@ char *get_iface_ip(unsigned long int ip) {
#endif #endif
int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.

510
hydra-smb.c
View file

@ -1,17 +1,14 @@
#include "hydra-mod.h" #include "hydra-mod.h"
#ifndef LIBOPENSSL #ifndef LIBOPENSSL
void dummy_smb() { void dummy_smb() { printf("\n"); }
printf("\n");
}
#else #else
#include <openssl/md4.h>
#include <openssl/des.h>
#include "hmacmd5.h" #include "hmacmd5.h"
#include "sasl.h" #include "sasl.h"
#include <openssl/des.h>
#include <openssl/md4.h>
// FIXME XXX BUG: several malloc()s without return code checking // FIXME XXX BUG: several malloc()s without return code checking
/* /*
http://technet.microsoft.com/en-us/library/cc960646.aspx http://technet.microsoft.com/en-us/library/cc960646.aspx
@ -80,43 +77,38 @@ http://technet.microsoft.com/en-us/library/cc960646.aspx
#define WIN2000_NATIVEMODE 1 #define WIN2000_NATIVEMODE 1
#define WIN_NETBIOSMODE 2 #define WIN_NETBIOSMODE 2
#define PLAINTEXT 10 #define PLAINTEXT 10
#define ENCRYPTED 11 #define ENCRYPTED 11
#ifndef CHAR_BIT #ifndef CHAR_BIT
#define CHAR_BIT 8 #define CHAR_BIT 8
#endif #endif
#ifndef TIME_T_MIN #ifndef TIME_T_MIN
#define TIME_T_MIN ((time_t)0 < (time_t) -1 ? (time_t) 0 \ #define TIME_T_MIN ((time_t)0 < (time_t)-1 ? (time_t)0 : ~(time_t)0 << (sizeof(time_t) * CHAR_BIT - 1))
: ~ (time_t) 0 << (sizeof (time_t) * CHAR_BIT - 1))
#endif #endif
#ifndef TIME_T_MAX #ifndef TIME_T_MAX
#define TIME_T_MAX (~(time_t)0 - TIME_T_MIN) #define TIME_T_MAX (~(time_t)0 - TIME_T_MIN)
#endif #endif
#define IVAL_NC(buf,pos) (*(unsigned int *)((char *)(buf) + (pos))) /* Non const version of above. */ #define IVAL_NC(buf, pos) (*(uint32_t *)((char *)(buf) + (pos))) /* Non const version of above. */
#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((unsigned int)(val)) #define SIVAL(buf, pos, val) IVAL_NC(buf, pos) = ((uint32_t)(val))
#define TIME_FIXUP_CONSTANT_INT 11644473600LL #define TIME_FIXUP_CONSTANT_INT 11644473600LL
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
static unsigned char challenge[8]; static unsigned char challenge[8];
static unsigned char workgroup[16]; static unsigned char workgroup[16];
static unsigned char domain[16]; static unsigned char domain[16];
static unsigned char machine_name[16]; static unsigned char machine_name[16];
int hashFlag, accntFlag, protoFlag; int32_t hashFlag, accntFlag, protoFlag;
int smb_auth_mechanism = AUTH_NTLM; int32_t smb_auth_mechanism = AUTH_NTLM;
int security_mode = ENCRYPTED; int32_t security_mode = ENCRYPTED;
static size_t UTF8_UTF16LE(unsigned char *in, int insize, unsigned char *out, int outsize) static size_t UTF8_UTF16LE(unsigned char *in, int32_t insize, unsigned char *out, int32_t outsize) {
{ int32_t i = 0, j = 0;
int i=0,j=0; uint64_t ch;
unsigned long int ch;
if (debug) { if (debug) {
hydra_report(stderr, "[DEBUG] UTF8_UTF16LE in:\n"); hydra_report(stderr, "[DEBUG] UTF8_UTF16LE in:\n");
hydra_dump_asciihex(in, insize); hydra_dump_asciihex(in, insize);
@ -145,7 +137,8 @@ static size_t UTF8_UTF16LE(unsigned char *in, int insize, unsigned char *out, in
j = j + 4; j = j + 4;
i = i + 3; i = i + 3;
} }
if ( j-2 > outsize) break; if (j - 2 > outsize)
break;
} }
if (debug) { if (debug) {
hydra_report(stderr, "[DEBUG] UTF8_UTF16LE out:\n"); hydra_report(stderr, "[DEBUG] UTF8_UTF16LE out:\n");
@ -154,8 +147,8 @@ static size_t UTF8_UTF16LE(unsigned char *in, int insize, unsigned char *out, in
return j; return j;
} }
static unsigned char Get7Bits(unsigned char *input, int startBit) { static unsigned char Get7Bits(unsigned char *input, int32_t startBit) {
register unsigned int word; register uint32_t word;
word = (unsigned)input[startBit / 8] << 8; word = (unsigned)input[startBit / 8] << 8;
word |= (unsigned)input[startBit / 8 + 1]; word |= (unsigned)input[startBit / 8 + 1];
@ -166,27 +159,27 @@ static unsigned char Get7Bits(unsigned char *input, int startBit) {
} }
/* Make the key */ /* Make the key */
static void MakeKey(unsigned char *key, unsigned char *des_key) { static void MakeKey(unsigned char *key, unsigned char *DES_key) {
des_key[0] = Get7Bits(key, 0); DES_key[0] = Get7Bits(key, 0);
des_key[1] = Get7Bits(key, 7); DES_key[1] = Get7Bits(key, 7);
des_key[2] = Get7Bits(key, 14); DES_key[2] = Get7Bits(key, 14);
des_key[3] = Get7Bits(key, 21); DES_key[3] = Get7Bits(key, 21);
des_key[4] = Get7Bits(key, 28); DES_key[4] = Get7Bits(key, 28);
des_key[5] = Get7Bits(key, 35); DES_key[5] = Get7Bits(key, 35);
des_key[6] = Get7Bits(key, 42); DES_key[6] = Get7Bits(key, 42);
des_key[7] = Get7Bits(key, 49); DES_key[7] = Get7Bits(key, 49);
des_set_odd_parity((des_cblock *) des_key); DES_set_odd_parity((DES_cblock *)DES_key);
} }
/* Do the DesEncryption */ /* Do the DesEncryption */
void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) { void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) {
des_cblock des_key; DES_cblock DES_key;
des_key_schedule key_schedule; DES_key_schedule key_schedule;
MakeKey(key, des_key); MakeKey(key, DES_key);
des_set_key(&des_key, key_schedule); DES_set_key(&DES_key, &key_schedule);
des_ecb_encrypt((des_cblock *) clear, (des_cblock *) cipher, key_schedule, 1); DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, &key_schedule, 1);
} }
/* /*
@ -197,15 +190,15 @@ void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher)
pass = users password pass = users password
challenge = the challenge recieved from the server challenge = the challenge recieved from the server
*/ */
int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) { int32_t HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) {
static unsigned char magic[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; static unsigned char magic[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
unsigned char password[14 + 1]; unsigned char password[14 + 1];
unsigned char lm_hash[21]; unsigned char lm_hash[21];
unsigned char lm_response[24]; unsigned char lm_response[24];
int i = 0, j = 0; int32_t i = 0, j = 0;
unsigned char *p = NULL; unsigned char *p = NULL;
char HexChar; char HexChar;
int HexValue; int32_t HexValue;
memset(password, 0, 14 + 1); memset(password, 0, 14 + 1);
memset(lm_hash, 0, 21); memset(lm_hash, 0, 21);
@ -295,24 +288,24 @@ int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge
return 0; return 0;
} }
/* /*
MakeNTLM MakeNTLM
Function: Create a NTLM hash from the password Function: Create a NTLM hash from the password
*/ */
int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) {
MD4_CTX md4Context; MD4_CTX md4Context;
unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */
unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */ unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */
int i = 0, j = 0; int32_t i = 0, j = 0;
int mdlen; int32_t mdlen;
unsigned char *p = NULL; unsigned char *p = NULL;
char HexChar; char HexChar;
int HexValue; int32_t HexValue;
/* Use NTLM Hash instead of password */ /* Use NTLM Hash instead of password */
if (hashFlag == 1) { if (hashFlag == 1) {
/* 1000:D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2::: */ /* 1000:D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2:::
*/
p = pass; p = pass;
while ((*p != '\0') && (i < 1)) { while ((*p != '\0') && (i < 1)) {
if (*p == ':') if (*p == ':')
@ -379,9 +372,9 @@ int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) {
/* /*
HashLMv2 HashLMv2
This function implements the LMv2 response algorithm. The LMv2 response is used to This function implements the LMv2 response algorithm. The LMv2 response is
provide pass-through authentication compatibility with older servers. The response used to provide pass-through authentication compatibility with older servers.
is based on the NTLM password hash and is exactly 24 bytes. The response is based on the NTLM password hash and is exactly 24 bytes.
The below code is based heavily on the following resources: The below code is based heavily on the following resources:
@ -389,14 +382,14 @@ int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) {
samba-3.0.28a - libsmb/smbencrypt.c samba-3.0.28a - libsmb/smbencrypt.c
jcifs - packet capture of LMv2-only connection jcifs - packet capture of LMv2-only connection
*/ */
int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *szPassword) { int32_t HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *szPassword) {
unsigned char ntlm_hash[16]; unsigned char ntlm_hash[16];
unsigned char lmv2_response[24]; unsigned char lmv2_response[24];
unsigned char unicodeUsername[20 * 2]; unsigned char unicodeUsername[20 * 2];
unsigned char unicodeTarget[256 * 2]; unsigned char unicodeTarget[256 * 2];
HMACMD5Context ctx; HMACMD5Context ctx;
unsigned char kr_buf[16]; unsigned char kr_buf[16];
int ret, i; int32_t ret, i;
unsigned char client_challenge[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}; unsigned char client_challenge[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88};
memset(ntlm_hash, 0, 16); memset(ntlm_hash, 0, 16);
@ -411,16 +404,17 @@ int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *sz
return -1; return -1;
/* /*
The Unicode uppercase username is concatenated with the Unicode authentication target The Unicode uppercase username is concatenated with the Unicode
(the domain or server name specified in the Target Name field of the Type 3 message). authentication target (the domain or server name specified in the Target
Note that this calculation always uses the Unicode representation, even if OEM encoding Name field of the Type 3 message). Note that this calculation always uses
has been negotiated; also note that the username is converted to uppercase, while the the Unicode representation, even if OEM encoding has been negotiated; also
authentication target is case-sensitive and must match the case presented in the Target note that the username is converted to uppercase, while the authentication
target is case-sensitive and must match the case presented in the Target
Name field. Name field.
The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to The HMAC-MD5 message authentication code algorithm (described in RFC 2104)
this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the is applied to this value using the 16-byte NTLM hash as the key. This
NTLMv2 hash. results in a 16-byte value - the NTLMv2 hash.
*/ */
/* Initialize the Unicode version of the username and target. */ /* Initialize the Unicode version of the username and target. */
@ -445,9 +439,10 @@ int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *sz
/* --- HMAC #2 Calculations --- */ /* --- HMAC #2 Calculations --- */
/* /*
The challenge from the Type 2 message is concatenated with our fixed client nonce. The HMAC-MD5 The challenge from the Type 2 message is concatenated with our fixed client
message authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash nonce. The HMAC-MD5 message authentication code algorithm is applied to
(calculated above) as the key. This results in a 16-byte output value. this value using the 16-byte NTLMv2 hash (calculated above) as the key.
This results in a 16-byte output value.
*/ */
hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); hmac_md5_init_limK_to_64(kr_buf, 16, &ctx);
@ -468,12 +463,13 @@ int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *sz
/* /*
HashNTLMv2 HashNTLMv2
This function implements the NTLMv2 response algorithm. Support for this algorithm This function implements the NTLMv2 response algorithm. Support for this
was added with Microsoft Windows with NT 4.0 SP4. It should be noted that code doesn't algorithm was added with Microsoft Windows with NT 4.0 SP4. It should be noted
currently work with Microsoft Vista. While NTLMv2 authentication with Samba and Windows that code doesn't currently work with Microsoft Vista. While NTLMv2
2003 functions as expected, Vista systems respond with the oh-so-helpful authentication with Samba and Windows 2003 functions as expected, Vista
"INVALID_PARAMETER" error code. LMv2-only authentication appears to work against Vista systems respond with the oh-so-helpful "INVALID_PARAMETER" error code.
in cases where LM and NTLM are refused. LMv2-only authentication appears to work against Vista in cases where LM and
NTLM are refused.
The below code is based heavily on the following two resources: The below code is based heavily on the following two resources:
@ -486,14 +482,14 @@ int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *sz
GPO: "Network Security: LAN Manager authentication level" GPO: "Network Security: LAN Manager authentication level"
Setting: "Send NTLMv2 response only\refuse LM & NTLM" Setting: "Send NTLMv2 response only\refuse LM & NTLM"
*/ */
int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLogin, unsigned char *szPassword) { int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned char *szLogin, unsigned char *szPassword) {
unsigned char ntlm_hash[16]; unsigned char ntlm_hash[16];
unsigned char ntlmv2_response[56 + 20 * 2 + 256 * 2]; unsigned char ntlmv2_response[56 + 20 * 2 + 256 * 2];
unsigned char unicodeUsername[20 * 2]; unsigned char unicodeUsername[20 * 2];
unsigned char unicodeTarget[256 * 2]; unsigned char unicodeTarget[256 * 2];
HMACMD5Context ctx; HMACMD5Context ctx;
unsigned char kr_buf[16]; unsigned char kr_buf[16];
int ret, i, iTargetLen; int32_t ret, i, iTargetLen;
unsigned char client_challenge[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}; unsigned char client_challenge[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88};
/* /*
@ -503,20 +499,15 @@ int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLog
[16] Header: Blob Signature [01 01 00 00] (4 bytes) [16] Header: Blob Signature [01 01 00 00] (4 bytes)
[20] Reserved: [00 00 00 00] (4 bytes) [20] Reserved: [00 00 00 00] (4 bytes)
[24] Time: Little-endian, 64-bit signed value representing the number of [24] Time: Little-endian, 64-bit signed value representing the number
tenths of a microsecond since January 1, 1601. (8 bytes) of tenths of a microsecond since January 1, 1601. (8 bytes) [32] Client
[32] Client Nonce: (8 bytes) Nonce: (8 bytes) [40] Unknown: 00 00 00 00 (4 bytes) [44] Target
[40] Unknown: 00 00 00 00 (4 bytes) Information (from the Type 2 message) NetBIOS domain/workgroup: Type:
[44] Target Information (from the Type 2 message) domain 02 00 (2 bytes) Length: 12 00 (2 bytes) Name: WORKGROUP [NULL
NetBIOS domain/workgroup: spacing -> 57 00 4f 00 ...] (18 bytes) End-of-list: 00 00 00 00 (4 bytes)
Type: domain 02 00 (2 bytes)
Length: 12 00 (2 bytes)
Name: WORKGROUP [NULL spacing -> 57 00 4f 00 ...] (18 bytes)
End-of-list: 00 00 00 00 (4 bytes)
Termination: 00 00 00 00 (4 bytes) Termination: 00 00 00 00 (4 bytes)
*/ */
iTargetLen = 2 * strlen((char *)workgroup); iTargetLen = 2 * strlen((char *)workgroup);
memset(ntlm_hash, 0, 16); memset(ntlm_hash, 0, 16);
@ -531,16 +522,17 @@ int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLog
return -1; return -1;
/* /*
The Unicode uppercase username is concatenated with the Unicode authentication target The Unicode uppercase username is concatenated with the Unicode
(the domain or server name specified in the Target Name field of the Type 3 message). authentication target (the domain or server name specified in the Target
Note that this calculation always uses the Unicode representation, even if OEM encoding Name field of the Type 3 message). Note that this calculation always uses
has been negotiated; also note that the username is converted to uppercase, while the the Unicode representation, even if OEM encoding has been negotiated; also
authentication target is case-sensitive and must match the case presented in the Target note that the username is converted to uppercase, while the authentication
target is case-sensitive and must match the case presented in the Target
Name field. Name field.
The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to The HMAC-MD5 message authentication code algorithm (described in RFC 2104)
this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the is applied to this value using the 16-byte NTLM hash as the key. This
NTLMv2 hash. results in a 16-byte value - the NTLMv2 hash.
*/ */
/* Initialize the Unicode version of the username and target. */ /* Initialize the Unicode version of the username and target. */
@ -606,7 +598,8 @@ int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLog
0x0300 Fully-qualified DNS host name 0x0300 Fully-qualified DNS host name
0x0400 DNS domain name 0x0400 DNS domain name
TODO: Need to rework negotiation code to correctly extract target information TODO: Need to rework negotiation code to correctly extract target
information
*/ */
memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */ memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */
@ -623,9 +616,10 @@ int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLog
/* --- HMAC #2 Caculations --- */ /* --- HMAC #2 Caculations --- */
/* /*
The challenge from the Type 2 message is concatenated with the blob. The HMAC-MD5 message The challenge from the Type 2 message is concatenated with the blob. The
authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash HMAC-MD5 message authentication code algorithm is applied to this value
(calculated above) as the key. This results in a 16-byte output value. using the 16-byte NTLMv2 hash (calculated above) as the key. This results
in a 16-byte output value.
*/ */
hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); hmac_md5_init_limK_to_64(kr_buf, 16, &ctx);
@ -650,8 +644,8 @@ int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLog
pass = users password pass = users password
challenge = the challenge recieved from the server challenge = the challenge recieved from the server
*/ */
int HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) { int32_t HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) {
int ret; int32_t ret;
unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */
unsigned char p21[21]; unsigned char p21[21];
unsigned char ntlm_response[24]; unsigned char ntlm_response[24];
@ -677,13 +671,13 @@ int HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *chall
Function: Request a new session from the server Function: Request a new session from the server
Returns: TRUE on success else FALSE. Returns: TRUE on success else FALSE.
*/ */
int NBSSessionRequest(int s) { int32_t NBSSessionRequest(int32_t s) {
char nb_name[32]; /* netbiosname */ char nb_name[32]; /* netbiosname */
char nb_local[32]; /* netbios localredirector */ char nb_local[32]; /* netbios localredirector */
unsigned char rqbuf[7] = {0x81, 0x00, 0x00, 0x44, 0x20, 0x00, 0x20}; unsigned char rqbuf[7] = {0x81, 0x00, 0x00, 0x44, 0x20, 0x00, 0x20};
char *buf; char *buf;
unsigned char rbuf[400]; unsigned char rbuf[400];
int k; int32_t k;
/* if we are running in native mode (aka port 445) don't do netbios */ /* if we are running in native mode (aka port 445) don't do netbios */
if (protoFlag == WIN2000_NATIVEMODE) if (protoFlag == WIN2000_NATIVEMODE)
@ -716,7 +710,6 @@ int NBSSessionRequest(int s) {
return -1; /* failed */ return -1; /* failed */
} }
/* /*
SMBNegProt SMBNegProt
Function: Negotiate protocol with server ... Function: Negotiate protocol with server ...
@ -726,33 +719,11 @@ int NBSSessionRequest(int s) {
The challenge is retrieved from the answer The challenge is retrieved from the answer
No error checking is performed i.e cross your fingers.... No error checking is performed i.e cross your fingers....
*/ */
int SMBNegProt(int s) { int32_t SMBNegProt(int32_t s) {
unsigned char buf[] = { unsigned char buf[] = {
0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x7d, 0x00, 0x00, 0x01, 0x00, 0x00, 0x9b, 0x00, 0x02, 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4d,
0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, 0x32, 0x58,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x7d,
0x00, 0x00, 0x01, 0x00, 0x00, 0x9b, 0x00, 0x02,
0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f,
0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52,
0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02,
0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46,
0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52,
0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00,
0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f,
0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f,
0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00,
0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31,
0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e,
0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x44,
0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41,
0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41,
0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00,
0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02,
0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41,
0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e,
0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31,
0x32, 0x00
/* /*
0x02, 0x02,
@ -778,9 +749,9 @@ int SMBNegProt(int s) {
unsigned char rbuf[400]; unsigned char rbuf[400];
unsigned char sess_key[2]; unsigned char sess_key[2];
unsigned char userid[2] = {0xCD, 0xEF}; unsigned char userid[2] = {0xCD, 0xEF};
int i = 0, j = 0, k; int32_t i = 0, j = 0, k;
int iLength = 194; int32_t iLength = 194;
int iResponseOffset = 73; int32_t iResponseOffset = 73;
memset((char *)rbuf, 0, 400); memset((char *)rbuf, 0, 400);
@ -799,7 +770,6 @@ int SMBNegProt(int s) {
iResponseOffset = 65; iResponseOffset = 65;
} }
hydra_send(s, (char *)buf, iLength, 0); hydra_send(s, (char *)buf, iLength, 0);
k = hydra_recv(s, (char *)rbuf, sizeof(rbuf)); k = hydra_recv(s, (char *)rbuf, sizeof(rbuf));
if (k == 0) if (k == 0)
@ -807,10 +777,11 @@ int SMBNegProt(int s) {
/* retrieve the security mode */ /* retrieve the security mode */
/* /*
[0] Mode: (0) ? (1) USER security mode [0] Mode: (0) ? (1) USER security
[1] Password: (0) PLAINTEXT password (1) ENCRYPTED password. Use challenge/response mode [1] Password: (0) PLAINTEXT password (1) ENCRYPTED
[2] Signatures: (0) Security signatures NOT enabled (1) ENABLED password. Use challenge/response [2] Signatures: (0) Security signatures
[3] Sig Req: (0) Security signatures NOT required (1) REQUIRED NOT enabled (1) ENABLED [3] Sig Req: (0) Security signatures NOT
required (1) REQUIRED
SAMBA: 0x01 (default) SAMBA: 0x01 (default)
WinXP: 0x0F (default) WinXP: 0x0F (default)
@ -825,18 +796,21 @@ int SMBNegProt(int s) {
if (hashFlag == 1) { if (hashFlag == 1) {
if (verbose) if (verbose)
hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH password mode not supported for this configuration.\n"); hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH "
"password mode not supported for this configuration.\n");
return 3; return 3;
} }
if (hashFlag == 2) { if (hashFlag == 2) {
if (verbose) if (verbose)
hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE password mode not supported for this configuration.\n"); hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE "
"password mode not supported for this configuration.\n");
return 3; return 3;
} }
break; break;
case 0x03: case 0x03:
if (verbose) if (verbose)
hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password without security signatures.\n"); hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password "
"without security signatures.\n");
security_mode = ENCRYPTED; security_mode = ENCRYPTED;
break; break;
case 0x07: case 0x07:
@ -847,7 +821,10 @@ int SMBNegProt(int s) {
break; break;
default: default:
if (verbose) if (verbose)
hydra_report(stderr, "[VERBOSE] Unknown security mode request: %2.2X. Proceeding using ENCRYPTED password mode.\n", rbuf[39]); hydra_report(stderr,
"[VERBOSE] Unknown security mode request: %2.2X. Proceeding "
"using ENCRYPTED password mode.\n",
rbuf[39]);
security_mode = ENCRYPTED; security_mode = ENCRYPTED;
break; break;
} }
@ -886,26 +863,24 @@ int SMBNegProt(int s) {
return 2; return 2;
} }
/* /*
SMBSessionSetup SMBSessionSetup
Function: Send username + response to the challenge from Function: Send username + response to the challenge from
the server. the server.
Returns: TRUE on success else FALSE. Returns: TRUE on success else FALSE.
*/ */
unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *miscptr) { unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char *miscptr) {
unsigned char buf[512]; unsigned char buf[512];
unsigned char *LMv2hash = NULL; unsigned char *LMv2hash = NULL;
unsigned char *NTLMv2hash = NULL; unsigned char *NTLMv2hash = NULL;
unsigned char *NTLMhash = NULL; unsigned char *NTLMhash = NULL;
unsigned char *LMhash = NULL; unsigned char *LMhash = NULL;
// unsigned char unicodeLogin[32 * 2]; // unsigned char unicodeLogin[32 * 2];
int j; int32_t j;
char bufReceive[512]; char bufReceive[512];
int nReceiveBufferSize = 0; int32_t nReceiveBufferSize = 0;
int ret; int32_t ret;
int iByteCount = 0, iOffset = 0; int32_t iByteCount = 0, iOffset = 0;
if (accntFlag == 0) { if (accntFlag == 0) {
strcpy((char *)workgroup, "localhost"); strcpy((char *)workgroup, "localhost");
@ -927,18 +902,39 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc
/* SMB Header */ /* SMB Header */
unsigned char szSMB[32] = { unsigned char szSMB[32] = {
0xff, 0x53, 0x4d, 0x42, /* Server Component */ 0xff,
0x53,
0x4d,
0x42, /* Server Component */
0x73, /* SMB Command: Session Setup AndX */ 0x73, /* SMB Command: Session Setup AndX */
0x00, 0x00, 0x00, 0x00, /* NT Status: STATUS_SUCCESS */ 0x00,
0x00,
0x00,
0x00, /* NT Status: STATUS_SUCCESS */
0x08, /* Flags */ 0x08, /* Flags */
0x01, 0xc0, /* Flags2 */ /* add Unicode */ 0x01,
0x00, 0x00, /* Process ID High */ 0xc0,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Signature */ /* Flags2 */ /* add Unicode */
0x00, 0x00, /* Reserved */ 0x00,
0x00, 0x00, /* Tree ID */ 0x00, /* Process ID High */
0x13, 0x37, /* Process ID */ 0x00,
0x00, 0x00, /* User ID */ 0x00,
0x01, 0x00 /* Multiplx ID */ 0x00,
0x00,
0x00,
0x00,
0x00,
0x00, /* Signature */
0x00,
0x00, /* Reserved */
0x00,
0x00, /* Tree ID */
0x13,
0x37, /* Process ID */
0x00,
0x00, /* User ID */
0x01,
0x00 /* Multiplx ID */
}; };
memset(buf, 0, 512); memset(buf, 0, 512);
@ -993,16 +989,33 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc
0x0d, /* Word Count */ 0x0d, /* Word Count */
0xff, /* AndXCommand: No further commands */ 0xff, /* AndXCommand: No further commands */
0x00, /* Reserved */ 0x00, /* Reserved */
0x00, 0x00, /* AndXOffset */ 0x00,
0xff, 0xff, /* Max Buffer */ 0x00, /* AndXOffset */
0x02, 0x00, /* Max Mpx Count */ 0xff,
0x3c, 0x7d, /* VC Number */ 0xff, /* Max Buffer */
0x00, 0x00, 0x00, 0x00, /* Session Key */ 0x02,
0x18, 0x00, /* LAN Manager Password Hash Length */ 0x00, /* Max Mpx Count */
0x18, 0x00, /* NT LAN Manager Password Hash Length */ 0x3c,
0x00, 0x00, 0x00, 0x00, /* Reserved */ 0x7d, /* VC Number */
0x5c, 0x00, 0x00, 0x00, /* Capabilities */ /* Add Unicode */ 0x00,
0x49, 0x00 /* Byte Count -- MUST SET */ 0x00,
0x00,
0x00, /* Session Key */
0x18,
0x00, /* LAN Manager Password Hash Length */
0x18,
0x00, /* NT LAN Manager Password Hash Length */
0x00,
0x00,
0x00,
0x00, /* Reserved */
0x5c,
0x00,
0x00,
0x00,
/* Capabilities */ /* Add Unicode */
0x49,
0x00 /* Byte Count -- MUST SET */
}; };
iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ iOffset = 65; /* szNBSS + szSMB + szSessionRequest */
@ -1016,7 +1029,8 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc
return -1; return -1;
memset(NTLMhash, 0, 24); memset(NTLMhash, 0, 24);
/* We don't need to actually calculated a LM hash for this mode, only NTLM */ /* We don't need to actually calculated a LM hash for this mode, only NTLM
*/
ret = HashNTLM(&NTLMhash, (unsigned char *)szPassword, (unsigned char *)challenge, miscptr); ret = HashNTLM(&NTLMhash, (unsigned char *)szPassword, (unsigned char *)challenge, miscptr);
if (ret == -1) if (ret == -1)
return -1; return -1;
@ -1134,7 +1148,8 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc
memcpy(buf + 36, szSessionRequest, 23); memcpy(buf + 36, szSessionRequest, 23);
/* Calculate and set password length */ /* Calculate and set password length */
/* Samba appears to append NULL characters equal to the password length plus 2 */ /* Samba appears to append NULL characters equal to the password length plus
* 2 */
// iByteCount = 2 * strlen(szPassword) + 2; // iByteCount = 2 * strlen(szPassword) + 2;
iByteCount = strlen(szPassword) + 1; iByteCount = strlen(szPassword) + 1;
buf[iOffset - 8] = (iByteCount) % 256; buf[iOffset - 8] = (iByteCount) % 256;
@ -1142,19 +1157,22 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc
/* set ANSI password */ /* set ANSI password */
/* /*
Depending on the SAMBA server configuration, multiple passwords may be successful Depending on the SAMBA server configuration, multiple passwords may be
when dealing with mixed-case values. The SAMBA parameter "password level" appears successful when dealing with mixed-case values. The SAMBA parameter
to determine how many characters within a password are tested by the server both "password level" appears to determine how many characters within a
upper and lower case. For example, assume a SAMBA account has a password of "Fred" password are tested by the server both upper and lower case. For example,
and the server is configured with "password level = 2". Medusa sends the password assume a SAMBA account has a password of "Fred" and the server is
"FRED". The SAMBA server will brute-force test this value for us with values configured with "password level = 2". Medusa sends the password "FRED".
like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default setting The SAMBA server will brute-force test this value for us with values
is "password level = 0". This results in only two attempts to being made by the like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default
remote server; the password as is and the password in all-lower case. setting is "password level = 0". This results in only two attempts to
being made by the remote server; the password as is and the password in
all-lower case.
*/ */
strncpy((char *)(buf + iOffset), szPassword, 256); strncpy((char *)(buf + iOffset), szPassword, 256);
} else { } else {
hydra_report(stderr, "[ERROR] Security_mode was not properly set. This should not happen.\n"); hydra_report(stderr, "[ERROR] Security_mode was not properly set. This "
"should not happen.\n");
return -1; return -1;
} }
@ -1197,10 +1215,10 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc
return (((bufReceive[41] & 0x01) << 24) | ((bufReceive[11] & 0xFF) << 16) | ((bufReceive[10] & 0xFF) << 8) | (bufReceive[9] & 0xFF)); return (((bufReceive[41] & 0x01) << 24) | ((bufReceive[11] & 0xFF) << 16) | ((bufReceive[10] & 0xFF) << 8) | (bufReceive[9] & 0xFF));
} }
int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = ""; char *empty = "";
char *login, *pass; char *login, *pass;
int SMBerr, SMBaction; int32_t SMBerr, SMBaction;
unsigned long SMBSessionRet; unsigned long SMBSessionRet;
char ipaddr_str[64]; char ipaddr_str[64];
char ErrorCode[10]; char ErrorCode[10];
@ -1212,7 +1230,7 @@ int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, F
if (strlen(pass = hydra_get_next_password()) == 0) if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty; pass = empty;
strcpy(ipaddr_str, hydra_address2string(ip)); strncpy(ipaddr_str, hydra_address2string(ip), sizeof(ipaddr_str) - 1);
SMBSessionRet = SMBSessionSetup(s, login, pass, miscptr); SMBSessionRet = SMBSessionSetup(s, login, pass, miscptr);
if (SMBSessionRet == -1) if (SMBSessionRet == -1)
@ -1221,7 +1239,7 @@ int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, F
SMBaction = ((unsigned long)SMBSessionRet & 0xFF000000) >> 24; SMBaction = ((unsigned long)SMBSessionRet & 0xFF000000) >> 24;
if (verbose) if (verbose)
hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (unsigned int) SMBSessionRet, SMBerr, SMBaction); hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (uint32_t)SMBSessionRet, SMBerr, SMBaction);
/* /*
some error code are available here: some error code are available here:
@ -1230,48 +1248,63 @@ int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, F
if (SMBerr == 0x000000) { /* success */ if (SMBerr == 0x000000) { /* success */
if (SMBaction == 0x01) { /* invalid account - anonymous connection */ if (SMBaction == 0x01) { /* invalid account - anonymous connection */
fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Invalid account (Anonymous success)\n", port, ipaddr_str, login); fprintf(stderr,
"[%d][smb] Host: %s Account: %s Error: Invalid account "
"(Anonymous success)\n",
port, ipaddr_str, login);
hydra_completed_pair_skip(); hydra_completed_pair_skip();
} else { /* valid account */ } else { /* valid account */
hydra_report_found_host(port, ip, "smb", fp); hydra_report_found_host(port, ip, "smb", fp);
hydra_completed_pair_found(); hydra_completed_pair_found();
} }
} else if ((SMBerr == 0x00000D) && (SMBaction == 0x00)) { } else if ((SMBerr == 0x00000D) && (SMBaction == 0x00)) {
hydra_report(stderr, "[ERROR] Invalid parameter status received, either the account or the method used are not valid\n"); hydra_report(stderr, "[ERROR] Invalid parameter status received, either "
"the account or the method used are not valid\n");
hydra_completed_pair_skip(); hydra_completed_pair_skip();
} else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote Connections Using NULL Passwords */ } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote
if (verbose) Connections Using NULL Passwords */
hydra_report(stderr, "[VERBOSE] Valid password, GPO Disabling Remote Connections Using NULL Passwords\n"); hydra_report(stdout,
"[%d][smb] Host: %s Account: %s Valid password, GPO Disabling "
"Remote Connections Using NULL Passwords\n",
port, ipaddr_str, login);
hydra_report_found_host(port, ip, "smb", fp); hydra_report_found_host(port, ip, "smb", fp);
hydra_completed_pair_found(); hydra_completed_pair_found();
} else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this computer from the network" */ } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this
if (verbose) computer from the network" */
hydra_report(stderr, "[VERBOSE] Valid password, GPO Deny access to this computer from the network\n"); hydra_report(stdout,
"[%d][smb] Host: %s Account: %s Valid password, GPO Deny "
"access to this computer from the network\n",
port, ipaddr_str, login);
hydra_report_found_host(port, ip, "smb", fp); hydra_report_found_host(port, ip, "smb", fp);
hydra_completed_pair_found(); hydra_completed_pair_found();
} else if (SMBerr == 0x000193) { /* Valid password, account expired */ } else if (SMBerr == 0x000193) { /* Valid password, account expired */
if (verbose) hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, account expired\n", port, ipaddr_str, login);
hydra_report(stderr, "[VERBOSE] Valid password, account expired\n");
hydra_report_found_host(port, ip, "smb", fp); hydra_report_found_host(port, ip, "smb", fp);
hydra_completed_pair_found(); hydra_completed_pair_found();
} else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */ } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */
if (verbose) hydra_report(stdout,
hydra_report(stderr, "[VERBOSE] Valid password, password expired and must be changed on next logon\n"); "[%d][smb] Host: %s Account: %s Valid password, password "
"expired and must be changed on next logon\n",
port, ipaddr_str, login);
hydra_report_found_host(port, ip, "smb", fp); hydra_report_found_host(port, ip, "smb", fp);
hydra_completed_pair_found(); hydra_completed_pair_found();
} else if ((SMBerr == 0x00006F) || (SMBerr == 0xC10002)) { /* Invalid logon hours */ } else if ((SMBerr == 0x00006F) || (SMBerr == 0xC10002)) { /* Invalid logon hours */
if (verbose) hydra_report(stdout,
hydra_report(stderr, "[VERBOSE] Valid password, but logon hours invalid\n"); "[%d][smb] Host: %s Account: %s Valid password, but logon "
"hours invalid\n",
port, ipaddr_str, login);
hydra_report_found_host(port, ip, "smb", fp); hydra_report_found_host(port, ip, "smb", fp);
hydra_completed_pair_found(); hydra_completed_pair_found();
} else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */ } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */
if (verbose) hydra_report(stdout,
fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Incorrect password or account disabled\n", port, ipaddr_str, login); "[%d][smb] Host: %s Account: %s Error: Incorrect password or "
"account disabled\n",
port, ipaddr_str, login);
if ((miscptr) && (strstr(miscptr, "LM"))) if ((miscptr) && (strstr(miscptr, "LM")))
hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n"); hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n");
hydra_completed_pair_skip(); hydra_completed_pair_skip();
} else if (SMBerr == 0x000024) { /* change password on next login [success] */ } else if (SMBerr == 0x000024) { /* change password on next login [success] */
fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login); hydra_report(stdout, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login);
hydra_completed_pair_found(); hydra_completed_pair_found();
} else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */ } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */
hydra_completed_pair(); hydra_completed_pair();
@ -1289,7 +1322,10 @@ int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, F
hydra_completed_pair_skip(); hydra_completed_pair_skip();
} else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership */ } else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership */
if (verbose) if (verbose)
fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE\n", port, ipaddr_str, login); fprintf(stderr,
"[%d][smb] Host: %s Account: %s Error: "
"NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE\n",
port, ipaddr_str, login);
hydra_completed_pair(); hydra_completed_pair();
} else { /* failed */ } else { /* failed */
if (verbose) if (verbose)
@ -1303,8 +1339,8 @@ int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 1; return 1;
} }
void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
// default is both (local and domain) checks and normal passwd // default is both (local and domain) checks and normal passwd
accntFlag = 2; // BOTH accntFlag = 2; // BOTH
@ -1316,7 +1352,7 @@ void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE *
strupper(miscptr); strupper(miscptr);
if (strstr(miscptr, "OTHER_DOMAIN:") != NULL) { if (strstr(miscptr, "OTHER_DOMAIN:") != NULL) {
char *tmpdom; char *tmpdom;
int err = 0; int32_t err = 0;
accntFlag = 4; // OTHER DOMAIN accntFlag = 4; // OTHER DOMAIN
tmpdom = strstr(miscptr, "OTHER_DOMAIN:"); tmpdom = strstr(miscptr, "OTHER_DOMAIN:");
@ -1375,7 +1411,7 @@ void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE *
case 1: /* connect and service init function */ case 1: /* connect and service init function */
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(300000); // usleepn(300);
if (port != 0) { if (port != 0) {
sock = hydra_connect_tcp(ip, port); sock = hydra_connect_tcp(ip, port);
@ -1394,14 +1430,16 @@ void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE *
port = PORT_SMBNT; port = PORT_SMBNT;
protoFlag = WIN2000_NATIVEMODE; protoFlag = WIN2000_NATIVEMODE;
} else { } else {
hydra_report(stderr, "Failed to establish WIN2000_NATIVE mode. Attempting WIN_NETBIOS mode.\n"); hydra_report(stderr, "Failed to establish WIN2000_NATIVE mode. "
"Attempting WIN_NETBIOS mode.\n");
port = PORT_SMB; port = PORT_SMB;
protoFlag = WIN_NETBIOSMODE; protoFlag = WIN_NETBIOSMODE;
sock = hydra_connect_tcp(ip, PORT_SMB); sock = hydra_connect_tcp(ip, PORT_SMB);
} }
} }
if (sock < 0) { if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1); hydra_child_exit(1);
} }
if (NBSSessionRequest(sock) < 0) { if (NBSSessionRequest(sock) < 0) {
@ -1427,7 +1465,7 @@ void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} }
#endif #endif
int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be
// performed once only. // performed once only.
@ -1437,6 +1475,68 @@ int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FIL
// return codes: // return codes:
// 0 all OK // 0 all OK
// -1 error, hydra will exit, so print a good error message here // -1 error, hydra will exit, so print a good error message here
time_t ctime;
int ready = 0, sock = hydra_connect_tcp(ip, port);
unsigned char buf[] = {0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, 0x72, 0x00, 0x00, 0x00, 0x00, 0x18, 0x43, 0xc8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x9b, 0x00, 0x02, 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4d,
0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, 0x32, 0x58,
0x30, 0x30, 0x32, 0x00, 0x02, 0x44, 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00};
if (sock < 0) {
fprintf(stderr, "[ERROR] could not connect to target smb://%s:%d/\n", hostname, port);
return -1;
}
if (send(sock, buf, sizeof(buf), 0) < 0) {
fprintf(stderr, "[ERROR] unable to send to target smb://%s:%d/\n", hostname, port);
return -1;
}
ctime = time(NULL);
do {
usleepn(300);
} while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 <= time(NULL));
if (ready <= 0) {
fprintf(stderr, "[ERROR] no reply from target smb://%s:%d/\n", hostname, port);
return -1;
}
if ((ready = recv(sock, buf, sizeof(buf), 0)) < 40) {
fprintf(stderr, "[ERROR] invalid reply from target smb://%s:%d/\n", hostname, port);
return -1;
}
close(sock);
if (buf[37] == buf[38] && buf[38] == 0xff) {
fprintf(stderr, "[ERROR] target smb://%s:%d/ does not support SMBv1\n", hostname, port);
return -1;
}
if ((buf[15] & 16) == 16) {
fprintf(stderr,
"[ERROR] target smb://%s:%d/ requires signing which we do not "
"support\n",
hostname, port);
return -1;
}
return 0; return 0;
} }
void usage_smb(const char *service) {
printf("Module smb default value is set to test both local and domain account, "
"using a simple password with NTLM dialect.\n"
"Note: you can set the group type using LOCAL or DOMAIN keyword\n"
" or other_domain:{value} to specify a trusted domain.\n"
" you can set the password type using HASH or MACHINE keyword\n"
" (to use the Machine's NetBIOS name as the password).\n"
" you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n"
"Example: \n"
" hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n"
" hydra smb://microsoft.com -l admin -p "
"D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m "
"\"local hash\"\n"
" hydra smb://microsoft.com -l admin -p tooeasy -m "
"\"other_domain:SECONDDOMAIN\"\n\n");
}

308
hydra-smb2.c Normal file
View file

@ -0,0 +1,308 @@
/**
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*
* Copyright (C) 2021 Karim Kanso, all rights reserved.
* kaz 'dot' kanso 'at' g mail 'dot' com
*/
#if defined(LIBSMBCLIENT)
#include "hydra-mod.h"
#include <errno.h>
#include <libsmbclient.h>
#include <stdbool.h>
#include <stdio.h>
#include <string.h>
extern char *HYDRA_EXIT;
typedef struct creds {
const char *workgroup;
const char *user;
const char *pass;
} creds_t;
const char default_workgroup[] = "WORKGROUP";
bool use_nt_hash = false;
const char *workgroup = default_workgroup;
const char *netbios_name = NULL;
#define EXIT_PROTOCOL_ERROR hydra_child_exit(2)
#define EXIT_CONNECTION_ERROR hydra_child_exit(1)
#define EXIT_NORMAL hydra_child_exit(0)
void smb2_auth_provider(SMBCCTX *c, const char *srv, const char *shr, char *wg, int wglen, char *un, int unlen, char *pw, int pwlen) {
creds_t *cr = (creds_t *)smbc_getOptionUserData(c);
strncpy(wg, cr->workgroup, wglen);
strncpy(un, cr->user, unlen);
strncpy(pw, cr->pass, pwlen);
wg[wglen - 1] = 0;
un[unlen - 1] = 0;
pw[pwlen - 1] = 0;
}
bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) {
SMBCCTX *ctx = smbc_new_context();
if (ctx == NULL) {
hydra_report(stderr, "[ERROR] failed to create context\n");
EXIT_PROTOCOL_ERROR;
}
// samba internal debugging will be dumped to stderr
smbc_setDebug(ctx, debug ? 7 : 0);
smbc_setOptionDebugToStderr(ctx, true);
smbc_setFunctionAuthDataWithContext(ctx, smb2_auth_provider);
smbc_setOptionUserData(ctx, cr);
// 0 will use default port
smbc_setPort(ctx, port);
smbc_setOptionNoAutoAnonymousLogin(ctx, false);
smbc_setOptionUseNTHash(ctx, use_nt_hash);
if (netbios_name) {
smbc_setNetbiosName(ctx, (char *)netbios_name);
}
ctx = smbc_init_context(ctx);
if (!ctx) {
hydra_report(stderr, "[ERROR] smbc_init_context fail\n");
smbc_free_context(ctx, 1);
EXIT_PROTOCOL_ERROR;
}
char uri[2048];
snprintf(uri, sizeof(uri) - 1, "smb://%s/IPC$", server);
uri[sizeof(uri) - 1] = 0;
if (verbose) {
printf("[INFO] Connecting to: %s with %s\\%s%%%s\n", uri, cr->workgroup, cr->user, cr->pass);
}
SMBCFILE *fd = smbc_getFunctionOpendir(ctx)(ctx, uri);
if (fd) {
hydra_report(stderr, "[WARNING] Unexpected open on IPC$\n");
smbc_getFunctionClosedir(ctx)(ctx, fd);
smbc_free_context(ctx, 1);
fd = NULL;
return true;
}
/*
errno is set to 22 (EINVAL) when IPC$ as been opened but can not
be opened like a normal share. This corresponds to samba error
NT_STATUS_INVALID_INFO_CLASS, however this precise error code is
not available outside of the library. Thus, instead the library
sets a generic error (EINVAL) which can also correspond to other
cases (see below test).
This is not ideal, but appears to be the best that the
libsmbclient library offers as detailed state information is
internalised and not available. Further, it is also not possible
from the api to separate the connection, authentication and
authorisation.
The following text is taken from the libsmbclient header file for
the return value of the smbc_getFunctionOpendir function:
Valid directory handle. < 0 on error with errno set:
- EACCES Permission denied.
- EINVAL A NULL file/URL was passed, or the URL would
not parse, or was of incorrect form or smbc_init not
called.
- ENOENT durl does not exist, or name is an
- ENOMEM Insufficient memory to complete the
operation.
- ENOTDIR name is not a directory.
- EPERM the workgroup could not be found.
- ENODEV the workgroup or server could not be found.
*/
switch (errno) {
case ENOENT:
// Noticed this when connecting to older samba servers on linux
// where any credentials are accepted.
hydra_report(stderr, "[WARNING] %s might accept any credential\n", server);
case EINVAL: // 22
// probably password ok, nominal case when connecting to a windows
// smb server with good credentials.
smbc_free_context(ctx, 1);
return true;
break;
case EPERM:
// Probably this means access denied inspite of mention above
// about being related to wrong workgroup. I have observed
// libsmbclient emitting this when connecting to a vanilla install
// of Windows 2019 server (non-domain) with wrong credentials. It
// appears related to a fallback null session being rejected after
// the library tries with provided credentials. If the null
// session is accepted, EACCES is returned.
case EACCES:
// 100% access denied
break;
case EHOSTUNREACH:
case ETIMEDOUT:
case ECONNREFUSED:
// there are probably more codes that could be added here to
// indicate connection errors.
hydra_report(stderr, "[ERROR] Error %s (%d) while connecting to %s\n", strerror(errno), errno, server);
smbc_free_context(ctx, 1);
EXIT_CONNECTION_ERROR;
break;
default:
// unexpected error
hydra_report(stderr, "[ERROR] %s (%d)\n", strerror(errno), errno);
smbc_free_context(ctx, 1);
EXIT_PROTOCOL_ERROR;
}
smbc_free_context(ctx, 1);
return false;
}
void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
hydra_register_socket(sp);
while (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT))) {
char *login, *pass;
login = hydra_get_next_login();
pass = hydra_get_next_password();
creds_t cr = {
.user = login,
.pass = pass,
.workgroup = workgroup,
};
if (smb2_run_test(&cr, hydra_address2string(ip), port & 0xffff)) {
hydra_completed_pair_found();
} else {
hydra_completed_pair();
}
}
EXIT_NORMAL;
}
// constants used by option parser
const char tkn_workgroup[] = "workgroup:{";
const char tkn_nthash_true[] = "nthash:true";
const char tkn_nthash_false[] = "nthash:false";
const char tkn_netbios[] = "netbios:{";
#define CMP(s1, s2) (strncmp(s1, s2, sizeof(s1) - 1) == 0)
int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
if (!miscptr)
return 0;
while (*miscptr) {
if (isspace(*miscptr)) {
miscptr++;
continue;
}
if (CMP(tkn_workgroup, miscptr)) {
if (workgroup != default_workgroup) {
// miscptr has already been processed, goto end
miscptr += strlen(miscptr) + 1;
continue;
}
miscptr += sizeof(tkn_workgroup) - 1;
char *p = strchr(miscptr, '}');
if (p == NULL) {
hydra_report(stderr, "[ERROR] missing closing brace in workgroup\n");
return -1;
}
*p = '\0';
workgroup = miscptr;
miscptr = p + 1;
if (verbose || debug) {
printf("[VERBOSE] Set workgroup to: %s\n", workgroup);
}
continue;
}
if (CMP(tkn_netbios, miscptr)) {
if (netbios_name != NULL) {
// miscptr has already been processed, goto end
miscptr += strlen(miscptr) + 1;
continue;
}
miscptr += sizeof(tkn_netbios) - 1;
char *p = strchr(miscptr, '}');
if (p == NULL) {
hydra_report(stderr, "[ERROR] missing closing brace in netbios name\n");
return -1;
}
*p = '\0';
netbios_name = miscptr;
miscptr = p + 1;
if (verbose || debug) {
printf("[VERBOSE] Set netbios name to: %s\n", netbios_name);
}
continue;
}
if (CMP(tkn_nthash_true, miscptr)) {
miscptr += sizeof(tkn_nthash_true) - 1;
use_nt_hash = true;
if (verbose || debug) {
printf("[VERBOSE] Enabled nthash.\n");
}
continue;
}
if (CMP(tkn_nthash_false, miscptr)) {
miscptr += sizeof(tkn_nthash_false) - 1;
use_nt_hash = false;
if (verbose || debug) {
printf("[VERBOSE] Disabled nthash.\n");
}
continue;
}
hydra_report(stderr, "[ERROR] unable to parse: %s\n", miscptr);
return -1;
}
return 0;
}
void usage_smb2(const char *service) {
puts("Module is a thin wrapper over the Samba client library (libsmbclient).\n"
"Thus, is capable of negotiating v1, v2 and v3 of the protocol.\n"
"\n"
"As this relies on Samba libraries, the system smb.conf will be parsed\n"
"when library starts up. It is possible to add configuration options\n"
"into that file that affect this module (such as min/max supported\n"
"protocol version).\n"
"\n"
"Caution: due to the high-level libsmbclient api (compared the smb\n"
"Hydra module), the accuracy is reduced. That is, this module works by\n"
"attempting to open the IPC$ share, which is reported as an error,\n"
"e.g. try this with the smbclient tool and it will raise the\n"
"NT_STATUS_INVALID_INFO_CLASS error). Sadly, the level of feedback\n"
"from the api does not distinguish this error from general/unknown\n"
"errors, so it might be possible to have false positives due to this\n"
"fact. One example of this is when the library can not parse the uri\n"
"correctly. On the other hand, false negatives could occur when a\n"
"valid credential is unable to open the share due to access control,\n"
"e.g. a locked/suspended account.\n"
"\n"
"There are three module options available:\n"
" workgroup:{XXX} - set the users workgroup\n"
" netbios:{XXX} - set the recipients netbios name\n"
" nthash:true or nthash:false - threat password as an nthash\n"
"\n"
"Examples: \n"
" hydra smb2://abc.com -l admin -p xxx -m workgroup:{OFFICE}\n"
" hydra smb2://1.2.3.4 -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 -m "
"'workgroup:{OFFICE} nthash:true'\n"
" hydra -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 "
"'smb2://1.2.3.4/workgroup:{OFFICE} nthash:true'\n");
}
#endif // LIBSMBCLIENT

Some files were not shown because too many files have changed in this diff Show more