github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-06 04:51:40 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #569 from e2002e/master

Browse source 
Rain mode
This commit is contained in:
van Hauser 2020-11-30 13:56:15 +01:00 committed by GitHub
commit 53290bb5cc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 51 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

56
bfg.c
View file

@ -1,6 +1,6 @@
/* code original by Jan Dlabal <dlabaljan@gmail.com>, partially rewritten by vh
*/
/* code original by Jan Dlabal <dlabaljan@gmail.com>, partially rewritten by vh,
rainy tweaks by owein <yvain29@gmail.com>*/
#include <ctype.h>
#include <math.h>
@ -59,7 +59,6 @@ static int32_t add_single_char(char ch, char flags, int32_t *crs_len) {
// note that we check for -x .:.:ab but not for -x .:.:ba
//
int32_t bf_init(char *arg) {
bf_options.rain = 0;
int32_t i = 0;
int32_t crs_len = 0;
char flags = 0;
@ -175,7 +174,11 @@ int32_t bf_init(char *arg) {
bf_options.crs_len = crs_len;
bf_options.current = bf_options.from;
bf_options.rain = 0;
bf_options.gcounter = 0;
memset((char *) bf_options.state, 0, sizeof(bf_options.state));
if (debug)
printf("[DEBUG] bfg INIT: from %u, to %u, len: %u, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs);
@ -199,12 +202,12 @@ uint64_t bf_get_pcount() {
return foo;
}
int accu(int value) {
int i = 0, a;
for (a = 1; a <= value; ++a) {
i += a;
}
return i;
int accu(int x) {
int a = 0, b;
for(b=1; b<x; ++b)
a+=b;
return a;
}
char *bf_next(_Bool rainy) {
@ -218,20 +221,21 @@ char *bf_next(_Bool rainy) {
return NULL;
}
if (rainy) {
for (i = 0; i < bf_options.current; i++) {
if(rainy)
{
bf_options.rain = bf_options.gcounter;
bf_options.ptr[0] = bf_options.crs[bf_options.state[0]];
for(i=1; i<bf_options.current; ++i) {
bf_options.ptr[i] = bf_options.crs[(bf_options.state[i] + bf_options.rain) % bf_options.crs_len];
bf_options.rain += i + 1;
bf_options.rain -= bf_options.rain / bf_options.crs_len;
bf_options.gcounter+=i;
}
if (bf_options.crs_len % 10 == 0)
bf_options.rain -= accu(bf_options.current) - 2;
else if (bf_options.crs_len % 2 == 0)
bf_options.rain -= accu(bf_options.current) - 4;
else if (bf_options.crs_len % 2)
bf_options.rain -= accu(bf_options.current) - 1;
} else
for (i = 0; i < bf_options.current; i++)
bf_options.gcounter -= accu(bf_options.current)-1;
}
else
for(i=0; i<bf_options.current; ++i)
bf_options.ptr[i] = bf_options.crs[bf_options.state[i]];
//we don't subtract the same depending on wether the length is odd or even
bf_options.ptr[bf_options.current] = 0;
if (debug) {
@ -241,13 +245,23 @@ char *bf_next(_Bool rainy) {
printf(", x: %s\n", bf_options.ptr);
}
//we revert the ordering of the bruteforce to fix the first static character
if(rainy) {
pos = 0;
while (pos < bf_options.current && (++bf_options.state[pos]) >= bf_options.crs_len) {
bf_options.state[pos] = 0;
pos++;
}
}
else
while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) {
bf_options.state[pos] = 0;
pos--;
}
if (pos < 0) {
if (pos < 0 || pos >= bf_options.current) {
bf_options.current++;
bf_options.rain = 0;
memset((char *)bf_options.state, 0, sizeof(bf_options.state));
}

3
bfg.h
View file

@ -43,7 +43,8 @@ typedef struct {
char *crs; /* internal representation of charset */
char *ptr; /* ptr to the last generated password */
uint32_t disable_symbols;
uint64_t rain; /* accumulator for the rain */
uint64_t rain;
uint64_t gcounter;
} bf_option;
extern bf_option bf_options;

1
hydra-http-form.c
View file

@ -1283,6 +1283,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
ptr++;
if (*ptr != 0)
*ptr++ = 0;
cond = ptr;
if ((ptr2 = index(ptr, ':')) != NULL) {

9
hydra.c
View file

@ -505,7 +505,7 @@ void help(int32_t ext) {
" -x MIN:MAX:CHARSET password bruteforce generation, type "
"\"-x -h\" to get help\n"
" -y disable use of symbols in bruteforce, see above\n"
" -r rainy mode for password generation (-x)\n"
" -r use a non-random shuffling method for option -x\n"
#endif
" -e nsr try \"n\" null password, \"s\" login as pass "
"and/or \"r\" reversed login\n"
@ -591,7 +591,9 @@ void help_bfg() {
" 'A' for uppercase letters, '1' for numbers, and for all "
"others,\n"
" just add their real representation.\n"
" -y disable the use of the above letters as placeholders\n\n"
" -y disable the use of the above letters as placeholders\n"
" -r use a shuffling method called 'rain' to try to break\n"
" the linearity of the bruteforce\n"
"Examples:\n"
" -x 3:5:a generate passwords from length 3 to 5 with all "
"lowercase letters\n"
@ -3183,7 +3185,6 @@ int main(int argc, char *argv[]) {
printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP"));
use_proxy = 1;
}
if (strstr(hydra_options.miscptr, "\\:") != NULL) {
fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module "
"option, no parameter verification is performed.\n");
@ -3212,6 +3213,7 @@ int main(int argc, char *argv[]) {
fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1);
exit(-1);
}
switch (optional1[0]) {
case 'C': // fall through
case 'c':
@ -3429,6 +3431,7 @@ int main(int argc, char *argv[]) {
#ifdef HAVE_MATH_H
if (bf_init(bf_options.arg))
exit(-1); // error description is handled by bf_init
pass_ptr = bf_next(hydra_options.rainy);
hydra_brains.countpass += bf_get_pcount();
hydra_brains.sizepass += BF_BUFLEN;

2
hydra.h
View file

@ -206,7 +206,7 @@ typedef struct {
char *server;
char *service;
char bfg;
_Bool rainy;
int8_t rainy;
int32_t skip_redo;
} hydra_option;