github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-06 04:51:40 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #569 from e2002e/master

Browse source 
Rain mode
This commit is contained in:
van Hauser 2020-11-30 13:56:15 +01:00 committed by GitHub
commit 53290bb5cc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 51 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

66
bfg.c
View file

@ -1,6 +1,6 @@
/* code original by Jan Dlabal <dlabaljan@gmail.com>, partially rewritten by vh /* code original by Jan Dlabal <dlabaljan@gmail.com>, partially rewritten by vh,
*/ rainy tweaks by owein <yvain29@gmail.com>*/
#include <ctype.h> #include <ctype.h>
#include <math.h> #include <math.h>
@ -59,12 +59,11 @@ static int32_t add_single_char(char ch, char flags, int32_t *crs_len) {
// note that we check for -x .:.:ab but not for -x .:.:ba // note that we check for -x .:.:ab but not for -x .:.:ba
// //
int32_t bf_init(char *arg) { int32_t bf_init(char *arg) {
bf_options.rain = 0;
int32_t i = 0; int32_t i = 0;
int32_t crs_len = 0; int32_t crs_len = 0;
char flags = 0; char flags = 0;
char *tmp = strchr(arg, ':'); char *tmp = strchr(arg, ':');
if (!tmp) { if (!tmp) {
fprintf(stderr, "Error: Invalid option format for -x\n"); fprintf(stderr, "Error: Invalid option format for -x\n");
return 1; return 1;
@ -172,10 +171,14 @@ int32_t bf_init(char *arg) {
} }
} }
} }
bf_options.crs_len = crs_len; bf_options.crs_len = crs_len;
bf_options.current = bf_options.from; bf_options.current = bf_options.from;
memset((char *)bf_options.state, 0, sizeof(bf_options.state)); bf_options.rain = 0;
bf_options.gcounter = 0;
memset((char *) bf_options.state, 0, sizeof(bf_options.state));
if (debug) if (debug)
printf("[DEBUG] bfg INIT: from %u, to %u, len: %u, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs); printf("[DEBUG] bfg INIT: from %u, to %u, len: %u, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs);
@ -199,12 +202,12 @@ uint64_t bf_get_pcount() {
return foo; return foo;
} }
int accu(int value) {
int i = 0, a; int accu(int x) {
for (a = 1; a <= value; ++a) { int a = 0, b;
i += a; for(b=1; b<x; ++b)
} a+=b;
return i; return a;
} }
char *bf_next(_Bool rainy) { char *bf_next(_Bool rainy) {
@ -218,20 +221,21 @@ char *bf_next(_Bool rainy) {
return NULL; return NULL;
} }
if (rainy) { if(rainy)
for (i = 0; i < bf_options.current; i++) { {
bf_options.ptr[i] = bf_options.crs[(bf_options.state[i] + bf_options.rain) % bf_options.crs_len]; bf_options.rain = bf_options.gcounter;
bf_options.rain += i + 1; bf_options.ptr[0] = bf_options.crs[bf_options.state[0]];
for(i=1; i<bf_options.current; ++i) {
bf_options.ptr[i] = bf_options.crs[(bf_options.state[i] + bf_options.rain) % bf_options.crs_len];
bf_options.rain -= bf_options.rain / bf_options.crs_len;
bf_options.gcounter+=i;
} }
if (bf_options.crs_len % 10 == 0) bf_options.gcounter -= accu(bf_options.current)-1;
bf_options.rain -= accu(bf_options.current) - 2; }
else if (bf_options.crs_len % 2 == 0) else
bf_options.rain -= accu(bf_options.current) - 4; for(i=0; i<bf_options.current; ++i)
else if (bf_options.crs_len % 2) bf_options.ptr[i] = bf_options.crs[bf_options.state[i]];
bf_options.rain -= accu(bf_options.current) - 1; //we don't subtract the same depending on wether the length is odd or even
} else
for (i = 0; i < bf_options.current; i++)
bf_options.ptr[i] = bf_options.crs[bf_options.state[i]];
bf_options.ptr[bf_options.current] = 0; bf_options.ptr[bf_options.current] = 0;
if (debug) { if (debug) {
@ -241,13 +245,23 @@ char *bf_next(_Bool rainy) {
printf(", x: %s\n", bf_options.ptr); printf(", x: %s\n", bf_options.ptr);
} }
//we revert the ordering of the bruteforce to fix the first static character
if(rainy) {
pos = 0;
while (pos < bf_options.current && (++bf_options.state[pos]) >= bf_options.crs_len) {
bf_options.state[pos] = 0;
pos++;
}
}
else
while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) {
bf_options.state[pos] = 0; bf_options.state[pos] = 0;
pos--; pos--;
} }
if (pos < 0) { if (pos < 0 || pos >= bf_options.current) {
bf_options.current++; bf_options.current++;
bf_options.rain = 0;
memset((char *)bf_options.state, 0, sizeof(bf_options.state)); memset((char *)bf_options.state, 0, sizeof(bf_options.state));
} }

3
bfg.h
View file

@ -43,7 +43,8 @@ typedef struct {
char *crs; /* internal representation of charset */ char *crs; /* internal representation of charset */
char *ptr; /* ptr to the last generated password */ char *ptr; /* ptr to the last generated password */
uint32_t disable_symbols; uint32_t disable_symbols;
uint64_t rain; /* accumulator for the rain */ uint64_t rain;
uint64_t gcounter;
} bf_option; } bf_option;
extern bf_option bf_options; extern bf_option bf_options;

3
hydra-http-form.c
View file

@ -1283,6 +1283,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
ptr++; ptr++;
if (*ptr != 0) if (*ptr != 0)
*ptr++ = 0; *ptr++ = 0;
cond = ptr; cond = ptr;
if ((ptr2 = index(ptr, ':')) != NULL) { if ((ptr2 = index(ptr, ':')) != NULL) {
@ -1341,7 +1342,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
// printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s // printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s
// (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); // (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond);
/* /*
* Parse the user-supplied options. * Parse the user-supplied options.
* Beware of the backslashes (\)! * Beware of the backslashes (\)!

9
hydra.c
View file

@ -505,7 +505,7 @@ void help(int32_t ext) {
" -x MIN:MAX:CHARSET password bruteforce generation, type " " -x MIN:MAX:CHARSET password bruteforce generation, type "
"\"-x -h\" to get help\n" "\"-x -h\" to get help\n"
" -y disable use of symbols in bruteforce, see above\n" " -y disable use of symbols in bruteforce, see above\n"
" -r rainy mode for password generation (-x)\n" " -r use a non-random shuffling method for option -x\n"
#endif #endif
" -e nsr try \"n\" null password, \"s\" login as pass " " -e nsr try \"n\" null password, \"s\" login as pass "
"and/or \"r\" reversed login\n" "and/or \"r\" reversed login\n"
@ -591,7 +591,9 @@ void help_bfg() {
" 'A' for uppercase letters, '1' for numbers, and for all " " 'A' for uppercase letters, '1' for numbers, and for all "
"others,\n" "others,\n"
" just add their real representation.\n" " just add their real representation.\n"
" -y disable the use of the above letters as placeholders\n\n" " -y disable the use of the above letters as placeholders\n"
" -r use a shuffling method called 'rain' to try to break\n"
" the linearity of the bruteforce\n"
"Examples:\n" "Examples:\n"
" -x 3:5:a generate passwords from length 3 to 5 with all " " -x 3:5:a generate passwords from length 3 to 5 with all "
"lowercase letters\n" "lowercase letters\n"
@ -3183,7 +3185,6 @@ int main(int argc, char *argv[]) {
printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP"));
use_proxy = 1; use_proxy = 1;
} }
if (strstr(hydra_options.miscptr, "\\:") != NULL) { if (strstr(hydra_options.miscptr, "\\:") != NULL) {
fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module " fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module "
"option, no parameter verification is performed.\n"); "option, no parameter verification is performed.\n");
@ -3212,6 +3213,7 @@ int main(int argc, char *argv[]) {
fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1);
exit(-1); exit(-1);
} }
switch (optional1[0]) { switch (optional1[0]) {
case 'C': // fall through case 'C': // fall through
case 'c': case 'c':
@ -3429,6 +3431,7 @@ int main(int argc, char *argv[]) {
#ifdef HAVE_MATH_H #ifdef HAVE_MATH_H
if (bf_init(bf_options.arg)) if (bf_init(bf_options.arg))
exit(-1); // error description is handled by bf_init exit(-1); // error description is handled by bf_init
pass_ptr = bf_next(hydra_options.rainy); pass_ptr = bf_next(hydra_options.rainy);
hydra_brains.countpass += bf_get_pcount(); hydra_brains.countpass += bf_get_pcount();
hydra_brains.sizepass += BF_BUFLEN; hydra_brains.sizepass += BF_BUFLEN;

2
hydra.h
View file

@ -206,7 +206,7 @@ typedef struct {
char *server; char *server;
char *service; char *service;
char bfg; char bfg;
_Bool rainy; int8_t rainy;
int32_t skip_redo; int32_t skip_redo;
} hydra_option; } hydra_option;