diff --git a/CHANGES b/CHANGES index 29b5d7f..8774450 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,7 @@ Changelog for hydra ------------------- Release 8.2-pre +* Added new -O option to hydra to support SSL servers that do not suport TLS * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames * Better library finding in ./configure for SVN + support for Darwin Homebrew * Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting! diff --git a/hydra-mod.c b/hydra-mod.c index b2a25db..38369b4 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -47,6 +47,7 @@ int __first_connect = 1; char ipstring[64]; unsigned int colored_output = 1; char quiet = 0; +int old_ssl = 0; #ifdef LIBOPENSSL SSL *ssl = NULL; @@ -468,13 +469,23 @@ int internal__hydra_connect_to_ssl(int socket) { if (sslContext == NULL) { /* context: ssl2 + ssl3 is allowed, whatever the server demands */ -// if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) { - if ((sslContext = SSL_CTX_new(TLSv1_2_client_method())) == NULL) { - if (verbose) { - err = ERR_get_error(); - fprintf(stderr, "[ERROR] SSL allocating context: %s\n", ERR_error_string(err, NULL)); + if (old_ssl) { + if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) { + if (verbose) { + err = ERR_get_error(); + fprintf(stderr, "[ERROR] SSL allocating context: %s\n", ERR_error_string(err, NULL)); + } + return -1; + } + } else { +// if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) { + if ((sslContext = SSL_CTX_new(TLSv1_2_client_method())) == NULL) { + if (verbose) { + err = ERR_get_error(); + fprintf(stderr, "[ERROR] SSL allocating context: %s\n", ERR_error_string(err, NULL)); + } + return -1; } - return -1; } /* set the compatbility mode */ SSL_CTX_set_options(sslContext, SSL_OP_ALL); diff --git a/hydra.c b/hydra.c index 629b319..ea7a203 100644 --- a/hydra.c +++ b/hydra.c @@ -170,6 +170,7 @@ extern char *hydra_address2string(char *address); extern int colored_output; extern char quiet; extern int do_retry; +extern int old_ssl; void hydra_kill_head(int head_no, int killit, int fail); @@ -310,7 +311,7 @@ void help(int ext) { #ifdef HAVE_MATH_H " [-x MIN:MAX:CHARSET]" #endif - " [-SuvVd46] " + " [-SOuvVd46] " //"[server service [OPT]]|" "[service://server[:PORT][/OPT]]\n"); printf("\nOptions:\n"); @@ -346,7 +347,9 @@ void help(int ext) { if (ext) printf(" -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n"); if (ext) - printf(" -q do not print messages about connection erros\n"); + printf(" -O use old SSL v2 and v3\n"); + if (ext) + printf(" -q do not print messages about connection errors\n"); printf(" -U service module usage details\n"); if (ext == 0) printf(" -h more command line options (COMPLETE HELP)\n"); @@ -2186,7 +2189,7 @@ int main(int argc, char *argv[]) { help(1); if (argc < 2) help(0); - while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:P:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) { + while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:OP:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) { switch (i) { case 'h': help(1); @@ -2194,6 +2197,9 @@ int main(int argc, char *argv[]) { case 'q': quiet = 1; break; + case 'O': + old_ssl = 1; + break; case 'u': hydra_options.loop_mode = 1; break;