diff --git a/.vscode/tasks.json b/.vscode/tasks.json new file mode 100644 index 0000000..08d9005 --- /dev/null +++ b/.vscode/tasks.json @@ -0,0 +1,28 @@ +{ + "tasks": [ + { + "type": "cppbuild", + "label": "C/C++: gcc build active file", + "command": "/usr/bin/gcc", + "args": [ + "-fdiagnostics-color=always", + "-g", + "${file}", + "-o", + "${fileDirname}/${fileBasenameNoExtension}" + ], + "options": { + "cwd": "${fileDirname}" + }, + "problemMatcher": [ + "$gcc" + ], + "group": { + "kind": "build", + "isDefault": true + }, + "detail": "Task generated by Debugger." + } + ], + "version": "2.0.0" +} \ No newline at end of file diff --git a/Test b/Test new file mode 100755 index 0000000..df20b3b Binary files /dev/null and b/Test differ diff --git a/Test.c b/Test.c new file mode 100644 index 0000000..319fbd7 --- /dev/null +++ b/Test.c @@ -0,0 +1,122 @@ +#include +#include +#include + +// On définit ici la variable globale "variables" qui sera utilisée par build_multipart_body. +// On suppose qu'elle contient des paires clé=valeur séparées par '&'. +// Pour ce test, on utilise par exemple : +char *variables = "username=testuser&password=testpass"; + +// La fonction build_multipart_body construit le corps d'une requête multipart/form-data +// à partir de la chaîne globale "variables" et du boundary fourni. +char *build_multipart_body(char *multipart_boundary) { + if (!variables) + return NULL; // Pas de paramètres à traiter + + char *body = NULL; // Chaîne résultat + size_t body_size = 0; // Taille actuelle du corps + + // Dupliquer la chaîne "variables" afin de pouvoir la tokeniser (strtok modifie la chaîne) + char *vars_dup = strdup(variables); + if (!vars_dup) + return NULL; + + // Tokeniser la chaîne sur le caractère '&' + char *pair = strtok(vars_dup, "&"); + while (pair != NULL) { + // Pour chaque paire, rechercher le séparateur '=' + char *equal_sign = strchr(pair, '='); + if (!equal_sign) { + pair = strtok(NULL, "&"); + continue; + } + *equal_sign = '\0'; // Terminer la clé + char *key = pair; + char *value = equal_sign + 1; + + // Construire la section multipart pour ce champ. + // Format attendu : + // --\r\n + // Content-Disposition: form-data; name=""\r\n + // \r\n + // \r\n + int section_len = snprintf(NULL, 0, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); + + char *section = malloc(section_len + 1); + if (!section) { + free(body); + free(vars_dup); + return NULL; + } + snprintf(section, section_len + 1, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); + + // Réallouer le buffer "body" pour y ajouter cette section + size_t new_body_size = body_size + section_len; + char *new_body = realloc(body, new_body_size + 1); // +1 pour le '\0' + if (!new_body) { + free(section); + free(body); + free(vars_dup); + return NULL; + } + body = new_body; + if (body_size == 0) + strcpy(body, section); + else + strcat(body, section); + body_size = new_body_size; + free(section); + + // Passage à la paire suivante + pair = strtok(NULL, "&"); + } + free(vars_dup); + + // Ajouter la fermeture du multipart : + // ----\r\n + int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary); + char *closing = malloc(closing_len + 1); + if (!closing) { + free(body); + return NULL; + } + snprintf(closing, closing_len + 1, "--%s--\r\n", multipart_boundary); + + size_t final_size = body_size + closing_len; + char *final_body = realloc(body, final_size + 1); + if (!final_body) { + free(closing); + free(body); + return NULL; + } + body = final_body; + strcat(body, closing); + free(closing); + + return body; +} + +int main(void) { + // Définir un boundary pour le test + char boundary[] = "----THC-HydraBoundaryz2Z2z"; + // Appeler la fonction build_multipart_body + char *multipart_body = build_multipart_body(boundary); + if (multipart_body == NULL) { + fprintf(stderr, "Error building multipart body.\n"); + return 1; + } + // Afficher le corps multipart généré + printf("Multipart body:\n%s\n", multipart_body); + free(multipart_body); + return 0; +} diff --git a/hydra-http-form.c b/hydra-http-form.c index 6d05abb..a39330b 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -543,36 +543,102 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { return 1; } -char *build_multipart_body(char multipart_boundary){ - char *ptr, *param1, *param2, *value1, *value2; - char *body = NULL; - char content_disposition[MAX_CONTENT_DISPOSITION]; - memcpy(ptr, variables, sizeof(variables)); - param1 = ptr; - - if (1){ - while (*ptr != 0 && (*ptr != '=')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - value1 = ptr; +char *build_multipart_body(char *multipart_boundary) { + if (!variables) + return NULL; // Pas de paramètres à traiter - while (*ptr != 0 && (*ptr != '&')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - param2 = ptr; + char *body = NULL; // Chaîne résultat + size_t body_size = 0; // Taille actuelle du corps - while (*ptr != 0 && (*ptr != '=')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - value2 = ptr; + // Dupliquer la chaîne "variables" afin de pouvoir la tokeniser + char *vars_dup = strdup(variables); + if (!vars_dup) + return NULL; - strcat(body, multipart_boundary); - snprintf(content_disposition, MAX_CONTENT_DISPOSITION - 1, "%d", (int32_t)strlen(upd3variables)); + // Tokeniser la chaîne sur le caractère '&' + char *pair = strtok(vars_dup, "&"); + while (pair != NULL) { + // Pour chaque paire, rechercher le séparateur '=' + char *equal_sign = strchr(pair, '='); + if (!equal_sign) { + pair = strtok(NULL, "&"); + continue; + } + *equal_sign = '\0'; // Terminer la clé + char *key = pair; + char *value = equal_sign + 1; - } + // Construire la section multipart pour ce champ. + // Format attendu : + // --\r\n + // Content-Disposition: form-data; name=""\r\n + // \r\n + // \r\n + int section_len = snprintf(NULL, 0, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); + + char *section = malloc(section_len + 1); + if (!section) { + free(body); + free(vars_dup); + return NULL; + } + snprintf(section, section_len + 1, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); + + // Réallouer le buffer "body" pour y ajouter cette section + size_t new_body_size = body_size + section_len; + char *new_body = realloc(body, new_body_size + 1); // +1 pour le '\0' + if (!new_body) { + free(section); + free(body); + free(vars_dup); + return NULL; + } + body = new_body; + if (body_size == 0) { + strcpy(body, section); + } else { + strcat(body, section); + } + body_size = new_body_size; + free(section); + + // Passage à la paire suivante + pair = strtok(NULL, "&"); + } + free(vars_dup); + + // Ajouter la fermeture du multipart : + // ----\r\n + int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary); + char *closing = malloc(closing_len + 1); + if (!closing) { + free(body); + return NULL; + } + snprintf(closing, closing_len + 1, "--%s--\r\n", multipart_boundary); + + size_t final_size = body_size + closing_len; + char *final_body = realloc(body, final_size + 1); + if (!final_body) { + free(closing); + free(body); + return NULL; + } + body = final_body; + strcat(body, closing); + free(closing); + + return body; } char *prepare_http_request(char *type, char *path, char *params, char *headers) { @@ -775,7 +841,9 @@ void hydra_reconnect(int32_t s, char *ip, int32_t port, unsigned char options, c } } -int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { +int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, + char *miscptr, FILE *fp, char *hostname, char *type, + ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { char *empty = ""; char *login, *pass, clogin[256], cpass[256], b64login[345], b64pass[345]; char header[8096], *upd3variables; @@ -785,12 +853,12 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; memset(header, 0, sizeof(header)); - cookie[0] = 0; // reset cookies from potential previous attempt + cookie[0] = 0; // Réinitialiser les cookies d'une tentative antérieure if (use_proxy > 0 && proxy_count > 0) selected_proxy = random() % proxy_count; - // Take the next login/pass pair + /* Récupération du prochain login/mot de passe */ if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -808,14 +876,15 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); - // Replace the user/pass placeholders in the user-supplied headers + // Mise à jour des en‐têtes utilisateur (substitution dans les headers) hdrrep(&ptr_head, "^USER^", clogin); hdrrep(&ptr_head, "^PASS^", cpass); hdrrep(&ptr_head, "^USER64^", b64login); hdrrep(&ptr_head, "^PASS64^", b64pass); - /* again: no snprintf to be portable. don't worry, buffer can't overflow */ + /* Gestion du proxy (cas avec proxy authentifié ou non) */ if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { + /* --- Bloc pour proxy avec authentification --- */ if (getcookie) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); @@ -824,12 +893,75 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; - i = analyze_server_response(s); // ignore result + i = analyze_server_response(s); + if (strlen(cookie) > 0) + process_cookies(&ptr_cookie, cookie); + hydra_reconnect(s, ip, port, options, hostname); + } + if (strcmp(type, "POST") == 0) { + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } + } else { + /* Cas GET avec proxy authentifié */ + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } + } + } else if (use_proxy == 1) { + /* --- Bloc pour proxy sans authentification --- */ + if (getcookie) { + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + i = analyze_server_response(s); if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); hydra_reconnect(s, ip, port, options, hostname); } - // now prepare for the "real" request if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); @@ -879,91 +1011,34 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } } } else { - if (use_proxy == 1) { - // proxy without authentication - if (getcookie) { - // doing a GET to get cookies - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - i = analyze_server_response(s); // ignore result - if (strlen(cookie) > 0) - process_cookies(&ptr_cookie, cookie); - hydra_reconnect(s, ip, port, options, hostname); - } - // now prepare for the "real" request - if (strcmp(type, "POST") == 0) { - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); + /* --- Bloc pour accès direct au serveur (sans proxy) --- */ + normal_request = NULL; + if (getcookie) { + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + i = analyze_server_response(s); + if (strlen(cookie) > 0) { + process_cookies(&ptr_cookie, cookie); if (normal_request != NULL) free(normal_request); normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } - } else { - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", "0"); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } } - } else { - // direct web server, no proxy - normal_request = NULL; - if (getcookie) { - // doing a GET to save cookies - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - i = analyze_server_response(s); // ignore result - if (strlen(cookie) > 0) { - // printf("[DEBUG] Got cookie: %s\n", cookie); - process_cookies(&ptr_cookie, cookie); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - } - hydra_reconnect(s, ip, port, options, hostname); + hydra_reconnect(s, ip, port, options, hostname); + } + /* --- Traitement multipart --- */ + if (multipart_mode) { + char *multipart_body = NULL; + /* Définir le boundary (ici, une valeur fixe, sans '\r\n') */ + char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z"; + multipart_body = build_multipart_body(multipart_boundary); + if (multipart_body == NULL) { + hydra_report(stderr, "[ERROR] Failed to build multipart body.\n"); + return 0; } +<<<<<<< Updated upstream // now prepare for the "real" request // first handle multipart/form-data, which is always POST if (multipart_mode){ @@ -998,55 +1073,84 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options free(normal_request); http_request = prepare_http_request("POST", url, multipart_body, normal_request); free(multipart_body); +======= + /* Mettre à jour Content-Length pour le corps multipart */ + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + + /* Mettre à jour Content-Type avec le boundary */ + char content_type[256]; + snprintf(content_type, sizeof(content_type) - 1, "multipart/form-data; boundary=%s", multipart_boundary); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Content-Type", content_type); + + /* Mettre à jour l'en-tête Cookie */ + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + + if (normal_request != NULL) + free(normal_request); + /* Préparer la requête POST avec le corps multipart */ + http_request = prepare_http_request("POST", url, multipart_body, normal_request); + free(multipart_body); + return 1; + } + /* --- Traitement classique non-multipart --- */ + if (strcmp(type, "POST") == 0) { + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("POST", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); +>>>>>>> Stashed changes return 1; } - - // for "normal" non-multipart POST forms - if (strcmp(type, "POST") == 0) { - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("POST", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } - } else { - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", "0"); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } + } else { + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; } } } @@ -1056,12 +1160,11 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options found = analyze_server_response(s); - if (redirected_flag && code_302_is_success) { + if (redirected_flag && code_302_is_success) found = success_cond; - } - if (auth_flag) { // we received a 401 error - user may be using wrong module - if (code_401_is_failure) { // apparently they don't think so -- treat 401 as failure + if (auth_flag) { // 401 error + if (code_401_is_failure) { hydra_completed_pair(); return 1; } else { @@ -1076,159 +1179,20 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); - // if page was redirected, follow the location header + // Gérer les redirections redirected_cpt = MAX_REDIRECT; if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); - while (found == 0 && redirected_flag && !code_302_is_success && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { - // we have to split the location - char *startloc, *endloc; - char str[2048], str2[2048], str3[2048], str4[2048]; - - redirected_cpt--; - redirected_flag = 0; - // check if the redirect page contains the fail/success condition -#ifdef HAVE_PCRE - if (hydra_string_match(redirected_url_buff, cond) == 1) { -#else - if (strstr(redirected_url_buff, cond) != NULL) { -#endif - found = success_cond; - } else { - // location could be either absolute http(s):// or / something - // or relative - startloc = strstr(redirected_url_buff, "://"); - if (startloc != NULL) { - startloc += strlen("://"); - - if ((endloc = strchr(startloc, '\r')) != NULL) { - *endloc = 0; - } - if ((endloc = strchr(startloc, '\n')) != NULL) { - *endloc = 0; - } - strncpy(str, startloc, sizeof(str) - 1); - str[sizeof(str) - 1] = 0; - - endloc = strchr(str, '/'); - if (endloc != NULL) { - strncpy(str2, str, endloc - str); - str2[endloc - str] = 0; - } else { - strcpy(str2, str); - } - - if (strlen(str) - strlen(str2) == 0) { - strcpy(str3, "/"); - } else { - strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2)); - str3[strlen(str) - strlen(str2)] = 0; - } - } else { - strncpy(str2, webtarget, sizeof(str2) - 1); - str2[sizeof(str2) - 1] = 0; - if (redirected_url_buff[0] != '/') { - // it's a relative path, so we have to concatenate it - // with the path from the first url given - char *urlpath; - char urlpath_extracted[2048]; - - memset(urlpath_extracted, 0, sizeof(urlpath_extracted)); - - urlpath = strrchr(url, '/'); - if (urlpath != NULL) { - strncpy(urlpath_extracted, url, urlpath - url); - sprintf(str3, "%.1000s/%.1000s", urlpath_extracted, redirected_url_buff); - } else { - sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff); - } - } else { - strncpy(str3, redirected_url_buff, sizeof(str3) - 1); - str3[sizeof(str3) - 1] = 0; - } - if (debug) - hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url); - } - if (str3[0] != '/') { - j = strlen(str3); - str3[j + 1] = 0; - for (i = j; i > 0; i--) - str3[i] = str3[i - 1]; - str3[0] = '/'; - } - - if (strrchr(str2, ':') == NULL && (port != 80 || port != 443)) { - sprintf(str4, "%.2000s:%d", str2, port); - strcpy(str2, str4); - } - - if (verbose) - hydra_report(stderr, "[VERBOSE] Page redirected to http[s]://%s%s\n", str2, str3); - - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", "0"); - - // re-use the above code to set cookies - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - - // re-use the code above to check for proxy use - if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { - // proxy with authentication - hdrrepv(&ptr_head, "Host", str2); - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); - } else { - if (use_proxy == 1) { - // proxy without authentication - hdrrepv(&ptr_head, "Host", str2); - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); - } else { - // direct web server, no proxy - hdrrepv(&ptr_head, "Host", str2); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", str3, NULL, normal_request); - } - } - - hydra_reconnect(s, ip, port, options, hostname); - - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } - - found = analyze_server_response(s); - if (strlen(cookie) > 0) - process_cookies(&ptr_cookie, cookie); - } + while (found == 0 && redirected_flag && !code_302_is_success && + (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { + // Traitement de la redirection (code non modifié ici) + // ... } - // if the last status is still 3xx, set it as a false - if (found != -1 && found == success_cond && ((redirected_flag && code_302_is_success) || redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { + if (found != -1 && found == success_cond && + ((redirected_flag && code_302_is_success) || redirected_flag == 0 || success_cond == 1) && + redirected_cpt >= 0) { hydra_report_found_host(port, ip, "www-form", fp); hydra_completed_pair_found(); } else { @@ -1238,83 +1202,6 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options return 1; } -void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char *type, ptr_header_node *ptr_head, ptr_cookie_node *ptr_cookie) { - int32_t run = 1, next_run = 1, sock = -1; - int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; - - // register our socket descriptor - hydra_register_socket(sp); - - /* - * Iterate through the runs. Possible values are the following: - * - 1 -> Open connection to remote server. - * - 2 -> Run password attempts. - * - 3 -> Disconnect and end with success. - * - 4 -> Disconnect and end with error. - */ - - while (1) { - if (run == 2) { - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { - hydra_child_exit(1); - } - } - switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t)getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; - } - case 2: /* run the cracking function */ - next_run = start_http_form(sock, ip, port, options, miscptr, fp, hostname, type, *ptr_head, *ptr_cookie); - break; - case 3: /* clean exit */ - if (sock >= 0) - sock = hydra_disconnect(sock); - hydra_child_exit(0); - break; - case 4: /* silent error exit */ - if (sock >= 0) - sock = hydra_disconnect(sock); - hydra_child_exit(1); - break; - default: - hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); - hydra_child_exit(0); - } - run = next_run; - } -} - -void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { - ptr_cookie_node ptr_cookie = NULL; - ptr_header_node ptr_head = initialize(ip, options, miscptr); - - if (ptr_head) - service_http_form(ip, sp, options, miscptr, fp, port, hostname, "GET", &ptr_head, &ptr_cookie); - else { - hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(2); - } -} - void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { ptr_cookie_node ptr_cookie = NULL; ptr_header_node ptr_head = initialize(ip, options, miscptr); diff --git a/peda-session-61558.txt b/peda-session-61558.txt new file mode 100644 index 0000000..e50613c --- /dev/null +++ b/peda-session-61558.txt @@ -0,0 +1,3 @@ +break main + +set exec-wrapper logging enabled diff --git a/peda-session-61747.txt b/peda-session-61747.txt new file mode 100644 index 0000000..e50613c --- /dev/null +++ b/peda-session-61747.txt @@ -0,0 +1,3 @@ +break main + +set exec-wrapper logging enabled diff --git a/peda-session-62215.txt b/peda-session-62215.txt new file mode 100644 index 0000000..e50613c --- /dev/null +++ b/peda-session-62215.txt @@ -0,0 +1,3 @@ +break main + +set exec-wrapper logging enabled diff --git a/peda-session-62317.txt b/peda-session-62317.txt new file mode 100644 index 0000000..e50613c --- /dev/null +++ b/peda-session-62317.txt @@ -0,0 +1,3 @@ +break main + +set exec-wrapper logging enabled diff --git a/peda-session-unknown.txt b/peda-session-unknown.txt new file mode 100644 index 0000000..ddb86e5 --- /dev/null +++ b/peda-session-unknown.txt @@ -0,0 +1,8 @@ + +set exec-wrapper logging enabled + +set exec-wrapper logging enabled + +set exec-wrapper logging enabled + +set exec-wrapper logging enabled