github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-20 21:33:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #232 from Diadlo/usage_service

Browse source 
Usage service
This commit is contained in:
van Hauser 2017-06-22 01:02:27 +02:00 committed by GitHub
commit 5bcc39c6a4
1 changed files with 354 additions and 324 deletions
Download patch file Download diff file Expand all files Collapse all files

420
hydra.c
View file

@ -15,6 +15,37 @@
#include <term.h> #include <term.h>
#endif #endif
void usage_oracle(const char* service);
void usage_oracle_listener(const char* service);
void usage_cvs(const char* service);
void usage_xmpp(const char* service);
void usage_pop3(const char* service);
void usage_rdp(const char* service);
void usage_s7_300(const char* service);
void usage_nntp(const char* service);
void usage_imap(const char* service);
void usage_smtp_enum(const char* service);
void usage_smtp(const char* service);
void usage_svn(const char* service);
void usage_ncp(const char* service);
void usage_firebird(const char* service);
void usage_mysql(const char* service);
void usage_irc(const char* service);
void usage_postgres(const char* service);
void usage_telnet(const char* service);
void usage_sapr3(const char* service);
void usage_sshkey(const char* service);
void usage_cisco_enable(const char* service);
void usage_cisco(const char* service);
void usage_ldap(const char* service);
void usage_smb(const char* service);
void usage_http_form(const char* service);
void usage_http_proxy(const char* service);
void usage_http_proxy_urlenum(const char* service);
void usage_snmp(const char* service);
void usage_http(const char* service);
extern void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); extern void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname);
extern void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); extern void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname);
extern void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); extern void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname);
@ -347,6 +378,106 @@ int snpdone, snp_is_redo, snpbuflen, snpi, snpj, snpdont;
#include "performance.h" #include "performance.h"
typedef void (*service_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname);
typedef int (*service_init_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname);
typedef void (*service_usage_t)(const char* service);
#define SERVICE2(name, func) { name, service_##func##_init, service_##func, NULL }
#define SERVICE(name) { #name, service_##name##_init, service_##name, NULL }
#define SERVICE3(name, func) { name, service_##func##_init, service_##func, usage_##func }
static const struct {
const char* name;
service_init_t init;
service_t exec;
service_usage_t usage;
} services[] = {
SERVICE(adam6500),
#ifdef LIBAFP
SERVICE(afp),
#endif
SERVICE(asterisk),
SERVICE3("cisco", cisco),
SERVICE3("cisco-enable", cisco_enable),
SERVICE3("cvs", cvs),
#ifdef LIBFIREBIRD
SERVICE3("firebird", firebird),
#endif
SERVICE(ftp),
{ "ftps", service_ftp_init, service_ftps },
{ "http-get", service_http_init, service_http_get, usage_http },
{ "http-get-form", service_http_form_init, service_http_get_form, usage_http_form },
{ "http-head", service_http_init, service_http_head, NULL },
{ "http-form", service_http_form_init, NULL, usage_http_form },
{ "http-post", NULL, service_http_post, usage_http },
{ "http-post-form", service_http_form_init, service_http_post_form, usage_http_form },
SERVICE3("http-proxy", http_proxy),
SERVICE3("http-proxy-urlenum", http_proxy_urlenum),
SERVICE(icq),
SERVICE3("imap", imap),
SERVICE3("irc", irc),
{ "ldap2", service_ldap_init, service_ldap2, usage_ldap },
{ "ldap3", service_ldap_init, service_ldap3, usage_ldap },
{ "ldap3-crammd5", service_ldap_init, service_ldap3_cram_md5, usage_ldap },
{ "ldap3-digestmd5", service_ldap_init, service_ldap3_digest_md5, usage_ldap },
SERVICE(mssql),
#ifdef HAVE_MATH_H
SERVICE3("mysql", mysql),
#endif
#ifdef LIBNCP
SERVICE3("ncp", ncp),
#endif
SERVICE3("nntp", nntp),
#ifdef LIBORACLE
SERVICE3("oracle", oracle),
#endif
#ifdef LIBOPENSSL
SERVICE3("oracle-listener", oracle_listener),
SERVICE2("oracle-sid", oracle_sid),
#endif
SERVICE(pcanywhere),
SERVICE(pcnfs),
SERVICE3("pop3", pop3),
#ifdef LIBPOSTGRES
SERVICE3("postgres", postgres),
#endif
SERVICE(redis),
SERVICE(rexec),
#ifdef LIBOPENSSL
SERVICE3("rdp", rdp),
#endif
SERVICE(rlogin),
SERVICE(rsh),
SERVICE(rtsp),
SERVICE(rpcap),
SERVICE3("s7-300", s7_300),
#ifdef LIBSAPR3
SERVICE3("sarp3", sapr3),
#endif
#ifdef LIBOPENSSL
SERVICE(sip),
SERVICE3("smbnt", smb),
SERVICE3("smb", smb),
#endif
SERVICE3("smtp", smtp),
SERVICE3("smtp-enum", smtp_enum),
SERVICE3("snmp", snmp),
SERVICE(socks5),
#ifdef LIBSSH
{ "ssh", NULL, service_ssh },
SERVICE3("sshkey", sshkey),
#endif
#ifdef LIBSVN
SERVICE3("svn", svn),
#endif
SERVICE(teamspeak),
SERVICE3("telnet", telnet),
SERVICE(vmauthd),
SERVICE(vnc),
{ "xmpp", service_xmpp_init, NULL, usage_xmpp }
};
#define PRINT_NORMAL(ext, text, ...) printf(text, ##__VA_ARGS__) #define PRINT_NORMAL(ext, text, ...) printf(text, ##__VA_ARGS__)
#define PRINT_EXTEND(ext, text, ...) do { \ #define PRINT_EXTEND(ext, text, ...) do { \
if (ext) \ if (ext) \
@ -447,107 +578,102 @@ void help_bfg() {
exit(-1); exit(-1);
} }
void module_usage() { void usage_oracle(const char* service) {
int find = 0;
if (hydra_options.service) {
printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service);
if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) {
printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n");
find = 1;
} }
if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) {
void usage_oracle_listener(const char* service) {
printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n");
find = 1;
} }
if (strcmp(hydra_options.service, "cvs") == 0) {
void usage_cvs(const char* service) {
printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n");
find = 1;
} }
if (strcmp(hydra_options.service, "xmpp") == 0) {
void usage_xmpp(const char* service) {
printf("Module xmpp is optionally taking one authentication type of:\n" printf("Module xmpp is optionally taking one authentication type of:\n"
" LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n"
"Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "pop3") == 0)) {
void usage_pop3(const char* service) {
printf("Module pop3 is optionally taking one authentication type of:\n" printf("Module pop3 is optionally taking one authentication type of:\n"
" CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
" CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "rdp") == 0)) {
void usage_rdp(const char* service) {
printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) {
void usage_s7_300(const char* service) {
printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "nntp") == 0)) {
void usage_nntp(const char* service) {
printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "imap") == 0)) {
void usage_imap(const char* service) {
printf("Module imap is optionally taking one authentication type of:\n" printf("Module imap is optionally taking one authentication type of:\n"
" CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
" CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) {
void usage_smtp_enum(const char* service) {
printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" printf("Module smtp-enum is optionally taking one SMTP command of:\n\n"
"VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n"
"login parameter is used as username and password parameter as the domain name\n" "login parameter is used as username and password parameter as the domain name\n"
"For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "smtp")) == 0) {
void usage_smtp(const char* service) {
printf("Module smtp is optionally taking one authentication type of:\n" printf("Module smtp is optionally taking one authentication type of:\n"
" LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"
"Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "svn") == 0)) {
void usage_svn(const char* service) {
printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "ncp") == 0)) {
void usage_ncp(const char* service) {
printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "firebird") == 0)) {
void usage_firebird(const char* service) {
printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "mysql") == 0)) {
void usage_mysql(const char* service) {
printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "irc") == 0)) {
void usage_irc(const char* service) {
printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "postgres") == 0)) {
void usage_postgres(const char* service) {
printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "telnet") == 0)) {
void usage_telnet(const char* service) {
printf("Module telnet is optionally taking the string which is displayed after\n" printf("Module telnet is optionally taking the string which is displayed after\n"
"a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) {
void usage_sapr3(const char* service) {
printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); printf("Module sapr3 requires the client id, a number between 0 and 99\n\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "sshkey") == 0)) {
void usage_sshkey(const char* service) {
printf("Module sshkey does not provide additional options, although the semantic for\n" printf("Module sshkey does not provide additional options, although the semantic for\n"
"options -p and -P is changed:\n" "options -p and -P is changed:\n"
" -p expects a path to an unencrypted private key in PEM format.\n" " -p expects a path to an unencrypted private key in PEM format.\n"
" -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) {
void usage_cisco_enable(const char* service) {
printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" printf("Module cisco-enable is optionally taking the logon password for the cisco device\n"
"Note: if AAA authentication is used, use the -l option for the username\n" "Note: if AAA authentication is used, use the -l option for the username\n"
"and the optional parameter for the password of the user.\n" "and the optional parameter for the password of the user.\n"
@ -555,17 +681,13 @@ void module_usage() {
" hydra -P pass.txt target cisco-enable (direct console access)\n" " hydra -P pass.txt target cisco-enable (direct console access)\n"
" hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n"
" hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "cisco") == 0)) {
void usage_cisco(const char* service) {
printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n");
find = 1;
} }
if (!find && ((strcmp(hydra_options.service, "ldap2") == 0)
|| (strcmp(hydra_options.service, "ldap3") == 0) void usage_ldap(const char* service) {
|| (strcmp(hydra_options.service, "ldap3-crammd5") == 0)
|| (strcmp(hydra_options.service, "ldap3-digestmd5") == 0))
) {
printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" printf("Module %s is optionally taking the DN (depending of the auth method choosed\n"
"Note: you can also specify the DN as login when Simple auth method is used).\n" "Note: you can also specify the DN as login when Simple auth method is used).\n"
"The keyword \"^USER^\" is replaced with the login.\n" "The keyword \"^USER^\" is replaced with the login.\n"
@ -573,10 +695,10 @@ void module_usage() {
"unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n"
"So don't forget to set empty string as user/pass to test all modes.\n" "So don't forget to set empty string as user/pass to test all modes.\n"
"Hint: to authenticate to a windows active directy ldap, this is usually\n" "Hint: to authenticate to a windows active directy ldap, this is usually\n"
" cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service); " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", service);
find = 1;
} }
if (!find && ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))) {
void usage_smb(const char* service) {
printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n"
"Note: you can set the group type using LOCAL or DOMAIN keyword\n" "Note: you can set the group type using LOCAL or DOMAIN keyword\n"
" or other_domain:{value} to specify a trusted domain.\n" " or other_domain:{value} to specify a trusted domain.\n"
@ -587,16 +709,9 @@ void module_usage() {
" hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n"
" hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n"
" hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n");
find = 1;
} }
if (!find && ((strcmp(hydra_options.service, "http-get-form") == 0)
|| (strcmp(hydra_options.service, "https-get-form") == 0) void usage_http_form(const char* service) {
|| (strcmp(hydra_options.service, "http-post-form") == 0)
|| (strcmp(hydra_options.service, "https-post-form") == 0)
|| (strncmp(hydra_options.service, "http-form", 9) == 0)
|| (strncmp(hydra_options.service, "https-form", 10) == 0)
)
) {
printf("Module %s requires the page and the parameters for the web form.\n\n" printf("Module %s requires the page and the parameters for the web form.\n\n"
"By default this module is configured to follow a maximum of 5 redirections in\n" "By default this module is configured to follow a maximum of 5 redirections in\n"
"a row. It always gathers a new cookie from the same URL without variables\n" "a row. It always gathers a new cookie from the same URL without variables\n"
@ -630,52 +745,63 @@ void module_usage() {
" \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n"
" \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n"
" \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F<target>%%2Fexchange&flags=0&username=<domain>%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F<target>%%2Fexchange&flags=0&username=<domain>%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n",
hydra_options.service); service);
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) {
void usage_http_proxy(const char* service) {
printf("Module http-proxy is optionally taking the page to authenticate at.\n" printf("Module http-proxy is optionally taking the page to authenticate at.\n"
"Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n");
find = 1;
} }
if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) {
void usage_http_proxy_urlenum(const char* service) {
printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n"
"The -L loginfile must contain the URL list to try through the proxy.\n" "The -L loginfile must contain the URL list to try through the proxy.\n"
"The proxy credentials cann be put as the optional parameter, e.g.\n" "The proxy credentials cann be put as the optional parameter, e.g.\n"
" hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n");
find = 1;
} }
if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) {
printf("Module snmp is optionally taking the following parameters:\n"); void usage_snmp(const char* service) {
printf(" READ perform read requests (default)\n"); printf("Module snmp is optionally taking the following parameters:\n"
printf(" WRITE perform write requests\n"); " READ perform read requests (default)\n"
printf(" 1 use SNMP version 1 (default)\n"); " WRITE perform write requests\n"
printf(" 2 use SNMP version 2\n"); " 1 use SNMP version 1 (default)\n"
printf(" 3 use SNMP version 3\n"); " 2 use SNMP version 2\n"
printf(" Note that SNMP version 3 usually uses both login and passwords!\n"); " 3 use SNMP version 3\n"
printf(" SNMP version 3 has the following optional sub parameters:\n"); " Note that SNMP version 3 usually uses both login and passwords!\n"
printf(" MD5 use MD5 authentication (default)\n"); " SNMP version 3 has the following optional sub parameters:\n"
printf(" SHA use SHA authentication\n"); " MD5 use MD5 authentication (default)\n"
printf(" DES use DES encryption\n"); " SHA use SHA authentication\n"
printf(" AES use AES encryption\n"); " DES use DES encryption\n"
printf(" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"); " AES use AES encryption\n"
printf(" only requires a password (or username) not both.\n"); " if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"
printf("To combine the options, use colons (\":\"), e.g.:\n"); " only requires a password (or username) not both.\n"
printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"); "To combine the options, use colons (\":\"), e.g.:\n"
printf(" hydra -P pass.txt -m 2 target.com snmp\n"); " hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"
find = 1; " hydra -P pass.txt -m 2 target.com snmp\n");
} }
if (!find && ((strcmp(hydra_options.service, "http-get") == 0)
|| (strcmp(hydra_options.service, "https-get") == 0) void usage_http(const char* service) {
|| (strcmp(hydra_options.service, "http-post") == 0)
|| (strcmp(hydra_options.service, "https-post") == 0))
) {
printf("Module %s requires the page to authenticate.\n" printf("Module %s requires the page to authenticate.\n"
"For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service); "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", service);
find = 1; }
void module_usage() {
int i;
if (!hydra_options.service) {
printf("The Module %s does not need or support optional parameters\n", hydra_options.service);
exit(0);
}
printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service);
for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) {
if (strcmp(hydra_options.service, services[i].name) == 0) {
if (services[i].usage) {
services[i].usage(hydra_options.service);
exit(0);
} }
} }
if (!find) // this is also printed if the module does not exist at all }
printf("The Module %s does not need or support optional parameters\n", hydra_options.service); printf("The Module %s does not need or support optional parameters\n", hydra_options.service);
exit(0); exit(0);
} }
@ -1204,102 +1330,6 @@ char *hydra_build_time() {
return (char *) &datetime; return (char *) &datetime;
} }
typedef void (*service_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname);
typedef int (*service_init_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname);
#define SERVICE2(name, func) { name, service_##func##_init, service_##func }
#define SERVICE(name) { #name, service_##name##_init, service_##name }
static const struct {
const char* name;
service_init_t init;
service_t exec;
} services[] = {
SERVICE(adam6500),
#ifdef LIBAFP
SERVICE(afp),
#endif
SERVICE(asterisk),
SERVICE(cisco),
SERVICE2("cisco-enable", cisco_enable),
SERVICE(cvs),
#ifdef LIBFIREBIRD
SERVICE(firebird),
#endif
SERVICE(ftp),
{ "ftps", service_ftp_init, service_ftps },
{ "http-get", service_http_init, service_http_get },
{ "http-get-form", service_http_form_init, service_http_get_form },
{ "http-head", service_http_init, service_http_head },
{ "http-form", service_http_form_init, NULL },
{ "http-post", NULL, service_http_post },
{ "http-post-form", service_http_form_init, service_http_post_form },
SERVICE2("http-proxy", http_proxy),
SERVICE2("http-proxy-urlenum", http_proxy_urlenum),
SERVICE(icq),
SERVICE(imap),
SERVICE(irc),
{ "ldap2", service_ldap_init, service_ldap2 },
{ "ldap3", service_ldap_init, service_ldap3 },
{ "ldap3-crammd5", service_ldap_init, service_ldap3_cram_md5 },
{ "ldap3-digestmd5", service_ldap_init, service_ldap3_digest_md5 },
SERVICE(mssql),
#ifdef HAVE_MATH_H
SERVICE(mysql),
#endif
#ifdef LIBNCP
SERVICE(ncp),
#endif
SERVICE(nntp),
#ifdef LIBORACLE
SERVICE(oracle),
#endif
#ifdef LIBOPENSSL
SERVICE2("oracle-listener", oracle_listener),
SERVICE2("oracle-sid", oracle_sid),
#endif
SERVICE(pcanywhere),
SERVICE(pcnfs),
SERVICE(pop3),
#ifdef LIBPOSTGRES
SERVICE(postgres),
#endif
SERVICE(redis),
SERVICE(rexec),
#ifdef LIBOPENSSL
SERVICE(rdp),
#endif
SERVICE(rlogin),
SERVICE(rsh),
SERVICE(rtsp),
SERVICE(rpcap),
SERVICE2("s7-300", s7_300),
#ifdef LIBSAPR3
SERVICE(sapr3),
#endif
#ifdef LIBOPENSSL
SERVICE(sip),
SERVICE2("smbnt", smb),
SERVICE(smb),
#endif
SERVICE(smtp),
SERVICE2("smtp-enum", smtp_enum),
SERVICE(snmp),
SERVICE(socks5),
#ifdef LIBSSH
{ "ssh", NULL, service_ssh },
SERVICE(sshkey),
#endif
#ifdef LIBSVN
SERVICE(svn),
#endif
SERVICE(teamspeak),
SERVICE(telnet),
SERVICE(vmauthd),
SERVICE(vnc),
{ "xmpp", service_xmpp_init, NULL }
};
void hydra_service_init(int target_no) { void hydra_service_init(int target_no) {
int x = 99; int x = 99;
int i; int i;