github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-06 04:51:40 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #414 from rmaksimov/ntlm-auth-fix

Browse source 
fix NTLM authentication
This commit is contained in:
van Hauser 2019-05-13 08:12:10 +02:00 committed by GitHub
commit 451e3d3edd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 73 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

45
hydra-http.c
View file

@ -70,8 +70,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
fooptr = buffer2; fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header);
if (fooptr == NULL) { if (fooptr == NULL) {
free(buffer); free(buffer);
free(header); free(header);
return 3; return 3;
} }
@ -96,38 +96,37 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
//send the first.. //send the first..
if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
sprintf(buffer, sprintf(buffer,
"%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
else { else {
if (use_proxy == 1) if (use_proxy == 1)
sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, header); type, webtarget, webport, miscptr, webtarget, buf1, header);
else else
sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget,
buf1, header); buf1, header);
} }
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
free(buffer); free(buffer);
free(header); free(header);
return 1; return 1;
} }
//receive challenge //receive challenge
if (http_buf != NULL) if (http_buf != NULL)
free(http_buf); free(http_buf);
http_buf = hydra_receive_line(s); http_buf = hydra_receive_line(s);
while (http_buf != NULL && (pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM ")) == NULL) {
free(http_buf);
http_buf = hydra_receive_line(s);
}
if (http_buf == NULL) { if (http_buf == NULL) {
free(buffer); if (verbose)
free(header); hydra_report(stderr, "[ERROR] Server did not answer\n");
return 1; free(buffer);
free(header);
return 3;
} }
pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM ");
if (pos != NULL) { if (pos != NULL) {
char *str; char *str;
@ -138,7 +137,11 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
if ((str = strchr(pos, '\n')) != NULL) { if ((str = strchr(pos, '\n')) != NULL) {
pos[str - pos] = 0; pos[str - pos] = 0;
} }
} else {
hydra_report(stderr, "[ERROR] It is not NTLM authentication type\n");
return 3;
} }
//recover challenge //recover challenge
from64tobits((char *) buf1, pos); from64tobits((char *) buf1, pos);
free(http_buf); free(http_buf);
@ -151,14 +154,14 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
//create the auth response //create the auth response
if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
sprintf(buffer, sprintf(buffer,
"%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
else { else {
if (use_proxy == 1) if (use_proxy == 1)
sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, header); type, webtarget, webport, miscptr, webtarget, buf1, header);
else else
sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget,
buf1, header); buf1, header);
} }
@ -231,7 +234,7 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
//the first authentication type failed, check the type from server header //the first authentication type failed, check the type from server header
if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) { if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) {
//seems the auth supported is not Basic shceme so testing further //seems the auth supported is not Basic scheme so testing further
int32_t find_auth = 0; int32_t find_auth = 0;
if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) { if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) {
@ -248,8 +251,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (find_auth) { if (find_auth) {
// free(http_buf); // free(http_buf);
// http_buf = NULL; // http_buf = NULL;
free(buffer); free(buffer);
free(header); free(header);
return 1; return 1;
} }
} }

99
hydra-mod.c
View file

@ -935,74 +935,73 @@ int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length) {
} }
char *hydra_receive_line(int32_t socket) { char *hydra_receive_line(int32_t socket) {
char buf[1024], *buff, *buff2, text[64]; char buf[1024], *buff, *buff2, pid[64];
int32_t i, j = 1, k, got = 0; int32_t i, j, k, got = 0;
if ((buff = malloc(sizeof(buf))) == NULL) { if ((buff = malloc(sizeof(buf))) == NULL) {
fprintf(stderr, "[ERROR] could not malloc\n"); fprintf(stderr, "[ERROR] could not malloc\n");
return NULL; return NULL;
} }
memset(buff, 0, sizeof(buf)); memset(buff, 0, sizeof(buf));
if (debug) if (debug)
printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, pid: %d\n", waittime, conwait, socket, getpid()); printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, pid: %d\n", waittime, conwait, socket, getpid());
if ((i = hydra_data_ready_timed(socket, (long) waittime, 0)) > 0) { if ((i = hydra_data_ready_timed(socket, (long) waittime, 0)) > 0) {
if ((got = internal__hydra_recv(socket, buff, sizeof(buf) - 1)) < 0) { do {
j = internal__hydra_recv(socket, buf, sizeof(buf) - 1);
if (j > 0) {
for (k = 0; k < j; k++)
if (buf[k] == 0)
buf[k] = 32;
buf[j] = 0;
if ((buff2 = realloc(buff, got + j + 1)) == NULL) {
free(buff);
return NULL;
}
buff = buff2;
memcpy(buff + got, &buf, j + 1);
got += j;
buff[got] = 0;
} else if (j < 0) {
// some error occured
got = -1;
}
} while (hydra_data_ready(socket) > 0 && j > 0
#ifdef LIBOPENSSL
|| use_ssl && SSL_pending(ssl)
#endif
);
if (got > 0) {
if (debug) {
sprintf(pid, "[DEBUG] RECV [pid:%d]", getpid());
hydra_dump_data(buff, got, pid);
//hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END", getpid(), got, buff);
}
} else {
if (got < 0) {
if (debug) {
sprintf(pid, "[DEBUG] RECV [pid:%d]", getpid());
hydra_dump_data((unsigned char*)"", -1, pid);
//hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]", getpid(), i);
perror("recv");
}
}
free(buff); free(buff);
return NULL; return NULL;
} }
usleepn(100);
} else { } else {
if (debug) if (debug)
printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, socket: %d\n", i, waittime, conwait, socket); printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, socket: %d\n", i, waittime, conwait, socket);
} }
if (got < 0) {
if (debug) {
sprintf(text, "[DEBUG] RECV [pid:%d]", getpid());
hydra_dump_data((unsigned char*)"", -1, text);
//hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]", getpid(), i);
perror("recv");
}
free(buff);
return NULL;
} else {
if (got > 0) {
for (k = 0; k < got; k++)
if (buff[k] == 0)
buff[k] = 32;
buff[got] = 0;
usleepn(100);
}
}
while (hydra_data_ready(socket) > 0 && j > 0) {
j = internal__hydra_recv(socket, buf, sizeof(buf) - 1);
if (j > 0) {
for (k = 0; k < j; k++)
if (buf[k] == 0)
buf[k] = 32;
buf[j] = 0;
if ((buff2 = realloc(buff, got + j + 1)) == NULL) {
free(buff);
return NULL;
} else
buff = buff2;
memcpy(buff + got, &buf, j + 1);
got += j;
buff[got] = 0;
}
usleepn(100);
}
if (debug) {
sprintf(text, "[DEBUG] RECV [pid:%d]", getpid());
hydra_dump_data(buff, got, text);
//hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END", getpid(), got, buff);
}
if (got == 0) {
free(buff);
return NULL;
}
return buff; return buff;
} }