diff --git a/hydra-http.c b/hydra-http.c index 8b19b28..4fba1f9 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -70,8 +70,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha fooptr = buffer2; sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); if (fooptr == NULL) { - free(buffer); - free(header); + free(buffer); + free(header); return 3; } @@ -96,38 +96,37 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha //send the first.. if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) - sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, buf1, header); else - sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, + sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, buf1, header); } if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - free(buffer); - free(header); + free(buffer); + free(header); return 1; } //receive challenge if (http_buf != NULL) free(http_buf); + http_buf = hydra_receive_line(s); - while (http_buf != NULL && (pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM ")) == NULL) { - free(http_buf); - http_buf = hydra_receive_line(s); - } - if (http_buf == NULL) { - free(buffer); - free(header); - return 1; + if (verbose) + hydra_report(stderr, "[ERROR] Server did not answer\n"); + free(buffer); + free(header); + return 3; } + pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM "); if (pos != NULL) { char *str; @@ -138,7 +137,11 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha if ((str = strchr(pos, '\n')) != NULL) { pos[str - pos] = 0; } + } else { + hydra_report(stderr, "[ERROR] It is not NTLM authentication type\n"); + return 3; } + //recover challenge from64tobits((char *) buf1, pos); free(http_buf); @@ -151,14 +154,14 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha //create the auth response if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) - sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, buf1, header); else - sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, + sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, buf1, header); } @@ -231,7 +234,7 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha //the first authentication type failed, check the type from server header if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) { - //seems the auth supported is not Basic shceme so testing further + //seems the auth supported is not Basic scheme so testing further int32_t find_auth = 0; if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) { @@ -248,8 +251,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha if (find_auth) { // free(http_buf); // http_buf = NULL; - free(buffer); - free(header); + free(buffer); + free(header); return 1; } } diff --git a/hydra-mod.c b/hydra-mod.c index 5d07e27..b53390a 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -935,74 +935,73 @@ int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length) { } char *hydra_receive_line(int32_t socket) { - char buf[1024], *buff, *buff2, text[64]; - int32_t i, j = 1, k, got = 0; + char buf[1024], *buff, *buff2, pid[64]; + int32_t i, j, k, got = 0; if ((buff = malloc(sizeof(buf))) == NULL) { fprintf(stderr, "[ERROR] could not malloc\n"); return NULL; } + memset(buff, 0, sizeof(buf)); + if (debug) printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, pid: %d\n", waittime, conwait, socket, getpid()); if ((i = hydra_data_ready_timed(socket, (long) waittime, 0)) > 0) { - if ((got = internal__hydra_recv(socket, buff, sizeof(buf) - 1)) < 0) { + do { + j = internal__hydra_recv(socket, buf, sizeof(buf) - 1); + if (j > 0) { + for (k = 0; k < j; k++) + if (buf[k] == 0) + buf[k] = 32; + + buf[j] = 0; + + if ((buff2 = realloc(buff, got + j + 1)) == NULL) { + free(buff); + return NULL; + } + + buff = buff2; + memcpy(buff + got, &buf, j + 1); + got += j; + buff[got] = 0; + } else if (j < 0) { + // some error occured + got = -1; + } + } while (hydra_data_ready(socket) > 0 && j > 0 +#ifdef LIBOPENSSL + || use_ssl && SSL_pending(ssl) +#endif + ); + + if (got > 0) { + if (debug) { + sprintf(pid, "[DEBUG] RECV [pid:%d]", getpid()); + hydra_dump_data(buff, got, pid); + //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END", getpid(), got, buff); + } + } else { + if (got < 0) { + if (debug) { + sprintf(pid, "[DEBUG] RECV [pid:%d]", getpid()); + hydra_dump_data((unsigned char*)"", -1, pid); + //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]", getpid(), i); + perror("recv"); + } + } free(buff); return NULL; } + + usleepn(100); } else { if (debug) printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, socket: %d\n", i, waittime, conwait, socket); } - if (got < 0) { - if (debug) { - sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); - hydra_dump_data((unsigned char*)"", -1, text); - //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]", getpid(), i); - perror("recv"); - } - free(buff); - return NULL; - } else { - if (got > 0) { - for (k = 0; k < got; k++) - if (buff[k] == 0) - buff[k] = 32; - buff[got] = 0; - usleepn(100); - } - } - - while (hydra_data_ready(socket) > 0 && j > 0) { - j = internal__hydra_recv(socket, buf, sizeof(buf) - 1); - if (j > 0) { - for (k = 0; k < j; k++) - if (buf[k] == 0) - buf[k] = 32; - buf[j] = 0; - if ((buff2 = realloc(buff, got + j + 1)) == NULL) { - free(buff); - return NULL; - } else - buff = buff2; - memcpy(buff + got, &buf, j + 1); - got += j; - buff[got] = 0; - } - usleepn(100); - } - - if (debug) { - sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); - hydra_dump_data(buff, got, text); - //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END", getpid(), got, buff); - } - if (got == 0) { - free(buff); - return NULL; - } return buff; }