added -O option to support SSL servers that are SSLv3 only

2025-08-20 13:23:57 -07:00 · 2015-03-29 13:43:40 +02:00 · 2015-03-29 13:43:40 +02:00 · 3cde13d4f3
commit 3cde13d4f3
parent 1965e69d92
3 changed files with 27 additions and 9 deletions
--- a/1
+++ b/1
@ -2,6 +2,7 @@ Changelog for hydra
 -------------------

 Release 8.2-pre
+* Added new -O option to hydra to support SSL servers that do not suport TLS
 * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames
 * Better library finding in ./configure for SVN + support for Darwin Homebrew
 * Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting!
--- a/hydra-mod.c
+++ b/hydra-mod.c
@ -47,6 +47,7 @@ int __first_connect = 1;
 char ipstring[64];
 unsigned int colored_output = 1;
 char quiet = 0;
+int old_ssl = 0;

 #ifdef LIBOPENSSL
 SSL *ssl = NULL;
@ -468,6 +469,15 @@ int internal__hydra_connect_to_ssl(int socket) {

  if (sslContext == NULL) {
    /* context: ssl2 + ssl3 is allowed, whatever the server demands */
+    if (old_ssl) {
+      if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) {
+        if (verbose) {
+          err = ERR_get_error();
+          fprintf(stderr, "[ERROR] SSL allocating context: %s\n", ERR_error_string(err, NULL));
+        }
+        return -1;
+      }
+    } else {
 //    if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) {
      if ((sslContext = SSL_CTX_new(TLSv1_2_client_method())) == NULL) {
        if (verbose) {
@ -476,6 +486,7 @@ int internal__hydra_connect_to_ssl(int socket) {
        }
        return -1;
      }
+    }
    /* set the compatbility mode */
    SSL_CTX_set_options(sslContext, SSL_OP_ALL);
 //    SSL_CTX_set_options(sslContext, SSL_OP_NO_SSLv2);
--- a/hydra.c
+++ b/hydra.c
@ -170,6 +170,7 @@ extern char *hydra_address2string(char *address);
 extern int colored_output;
 extern char quiet;
 extern int do_retry;
+extern int old_ssl;

 void hydra_kill_head(int head_no, int killit, int fail);

@ -310,7 +311,7 @@ void help(int ext) {
 #ifdef HAVE_MATH_H
         " [-x MIN:MAX:CHARSET]"
 #endif
-         " [-SuvVd46] "
+         " [-SOuvVd46] "
         //"[server service [OPT]]|"
         "[service://server[:PORT][/OPT]]\n");
  printf("\nOptions:\n");
@ -346,7 +347,9 @@ void help(int ext) {
  if (ext)
    printf("  -v / -V / -d  verbose mode / show login+pass for each attempt / debug mode \n");
  if (ext)
-    printf("  -q        do not print messages about connection erros\n");
+    printf("  -O        use old SSL v2 and v3\n");
+  if (ext)
+    printf("  -q        do not print messages about connection errors\n");
  printf("  -U        service module usage details\n");
  if (ext == 0)
    printf("  -h        more command line options (COMPLETE HELP)\n");
@ -2186,7 +2189,7 @@ int main(int argc, char *argv[]) {
    help(1);
  if (argc < 2)
    help(0);
-  while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:P:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) {
+  while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:OP:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) {
    switch (i) {
    case 'h':
      help(1);
@ -2194,6 +2197,9 @@ int main(int argc, char *argv[]) {
    case 'q':
      quiet = 1;
      break;
+    case 'O':
+      old_ssl = 1;
+      break;
    case 'u':
      hydra_options.loop_mode = 1;
      break;