github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-20 21:33:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #232 from Diadlo/usage_service

Browse source 
Usage service
This commit is contained in:
van Hauser 2017-06-22 01:02:27 +02:00 committed by GitHub
commit 5bcc39c6a4
1 changed files with 354 additions and 324 deletions
Download patch file Download diff file Expand all files Collapse all files

476
hydra.c
View file

@ -15,6 +15,37 @@
#include <term.h>
#endif
void usage_oracle(const char* service);
void usage_oracle_listener(const char* service);
void usage_cvs(const char* service);
void usage_xmpp(const char* service);
void usage_pop3(const char* service);
void usage_rdp(const char* service);
void usage_s7_300(const char* service);
void usage_nntp(const char* service);
void usage_imap(const char* service);
void usage_smtp_enum(const char* service);
void usage_smtp(const char* service);
void usage_svn(const char* service);
void usage_ncp(const char* service);
void usage_firebird(const char* service);
void usage_mysql(const char* service);
void usage_irc(const char* service);
void usage_postgres(const char* service);
void usage_telnet(const char* service);
void usage_sapr3(const char* service);
void usage_sshkey(const char* service);
void usage_cisco_enable(const char* service);
void usage_cisco(const char* service);
void usage_ldap(const char* service);
void usage_smb(const char* service);
void usage_http_form(const char* service);
void usage_http_proxy(const char* service);
void usage_http_proxy_urlenum(const char* service);
void usage_snmp(const char* service);
void usage_http(const char* service);
extern void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname);
extern void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname);
extern void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname);
@ -347,6 +378,106 @@ int snpdone, snp_is_redo, snpbuflen, snpi, snpj, snpdont;
#include "performance.h"
typedef void (*service_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname);
typedef int (*service_init_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname);
typedef void (*service_usage_t)(const char* service);
#define SERVICE2(name, func) { name, service_##func##_init, service_##func, NULL }
#define SERVICE(name) { #name, service_##name##_init, service_##name, NULL }
#define SERVICE3(name, func) { name, service_##func##_init, service_##func, usage_##func }
static const struct {
const char* name;
service_init_t init;
service_t exec;
service_usage_t usage;
} services[] = {
SERVICE(adam6500),
#ifdef LIBAFP
SERVICE(afp),
#endif
SERVICE(asterisk),
SERVICE3("cisco", cisco),
SERVICE3("cisco-enable", cisco_enable),
SERVICE3("cvs", cvs),
#ifdef LIBFIREBIRD
SERVICE3("firebird", firebird),
#endif
SERVICE(ftp),
{ "ftps", service_ftp_init, service_ftps },
{ "http-get", service_http_init, service_http_get, usage_http },
{ "http-get-form", service_http_form_init, service_http_get_form, usage_http_form },
{ "http-head", service_http_init, service_http_head, NULL },
{ "http-form", service_http_form_init, NULL, usage_http_form },
{ "http-post", NULL, service_http_post, usage_http },
{ "http-post-form", service_http_form_init, service_http_post_form, usage_http_form },
SERVICE3("http-proxy", http_proxy),
SERVICE3("http-proxy-urlenum", http_proxy_urlenum),
SERVICE(icq),
SERVICE3("imap", imap),
SERVICE3("irc", irc),
{ "ldap2", service_ldap_init, service_ldap2, usage_ldap },
{ "ldap3", service_ldap_init, service_ldap3, usage_ldap },
{ "ldap3-crammd5", service_ldap_init, service_ldap3_cram_md5, usage_ldap },
{ "ldap3-digestmd5", service_ldap_init, service_ldap3_digest_md5, usage_ldap },
SERVICE(mssql),
#ifdef HAVE_MATH_H
SERVICE3("mysql", mysql),
#endif
#ifdef LIBNCP
SERVICE3("ncp", ncp),
#endif
SERVICE3("nntp", nntp),
#ifdef LIBORACLE
SERVICE3("oracle", oracle),
#endif
#ifdef LIBOPENSSL
SERVICE3("oracle-listener", oracle_listener),
SERVICE2("oracle-sid", oracle_sid),
#endif
SERVICE(pcanywhere),
SERVICE(pcnfs),
SERVICE3("pop3", pop3),
#ifdef LIBPOSTGRES
SERVICE3("postgres", postgres),
#endif
SERVICE(redis),
SERVICE(rexec),
#ifdef LIBOPENSSL
SERVICE3("rdp", rdp),
#endif
SERVICE(rlogin),
SERVICE(rsh),
SERVICE(rtsp),
SERVICE(rpcap),
SERVICE3("s7-300", s7_300),
#ifdef LIBSAPR3
SERVICE3("sarp3", sapr3),
#endif
#ifdef LIBOPENSSL
SERVICE(sip),
SERVICE3("smbnt", smb),
SERVICE3("smb", smb),
#endif
SERVICE3("smtp", smtp),
SERVICE3("smtp-enum", smtp_enum),
SERVICE3("snmp", snmp),
SERVICE(socks5),
#ifdef LIBSSH
{ "ssh", NULL, service_ssh },
SERVICE3("sshkey", sshkey),
#endif
#ifdef LIBSVN
SERVICE3("svn", svn),
#endif
SERVICE(teamspeak),
SERVICE3("telnet", telnet),
SERVICE(vmauthd),
SERVICE(vnc),
{ "xmpp", service_xmpp_init, NULL, usage_xmpp }
};
#define PRINT_NORMAL(ext, text, ...) printf(text, ##__VA_ARGS__)
#define PRINT_EXTEND(ext, text, ...) do { \
if (ext) \
@ -447,107 +578,102 @@ void help_bfg() {
exit(-1);
}
void module_usage() {
int find = 0;
if (hydra_options.service) {
printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service);
if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) {
void usage_oracle(const char* service) {
printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n");
find = 1;
}
if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) {
}
void usage_oracle_listener(const char* service) {
printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n");
find = 1;
}
if (strcmp(hydra_options.service, "cvs") == 0) {
}
void usage_cvs(const char* service) {
printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n");
find = 1;
}
if (strcmp(hydra_options.service, "xmpp") == 0) {
}
void usage_xmpp(const char* service) {
printf("Module xmpp is optionally taking one authentication type of:\n"
" LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n"
"Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "pop3") == 0)) {
}
void usage_pop3(const char* service) {
printf("Module pop3 is optionally taking one authentication type of:\n"
" CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
" CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "rdp") == 0)) {
}
void usage_rdp(const char* service) {
printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) {
}
void usage_s7_300(const char* service) {
printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "nntp") == 0)) {
}
void usage_nntp(const char* service) {
printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "imap") == 0)) {
}
void usage_imap(const char* service) {
printf("Module imap is optionally taking one authentication type of:\n"
" CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
" CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) {
}
void usage_smtp_enum(const char* service) {
printf("Module smtp-enum is optionally taking one SMTP command of:\n\n"
"VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n"
"login parameter is used as username and password parameter as the domain name\n"
"For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "smtp")) == 0) {
}
void usage_smtp(const char* service) {
printf("Module smtp is optionally taking one authentication type of:\n"
" LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"
"Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "svn") == 0)) {
}
void usage_svn(const char* service) {
printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "ncp") == 0)) {
}
void usage_ncp(const char* service) {
printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "firebird") == 0)) {
}
void usage_firebird(const char* service) {
printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "mysql") == 0)) {
}
void usage_mysql(const char* service) {
printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "irc") == 0)) {
}
void usage_irc(const char* service) {
printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "postgres") == 0)) {
}
void usage_postgres(const char* service) {
printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "telnet") == 0)) {
}
void usage_telnet(const char* service) {
printf("Module telnet is optionally taking the string which is displayed after\n"
"a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) {
}
void usage_sapr3(const char* service) {
printf("Module sapr3 requires the client id, a number between 0 and 99\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "sshkey") == 0)) {
}
void usage_sshkey(const char* service) {
printf("Module sshkey does not provide additional options, although the semantic for\n"
"options -p and -P is changed:\n"
" -p expects a path to an unencrypted private key in PEM format.\n"
" -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) {
}
void usage_cisco_enable(const char* service) {
printf("Module cisco-enable is optionally taking the logon password for the cisco device\n"
"Note: if AAA authentication is used, use the -l option for the username\n"
"and the optional parameter for the password of the user.\n"
@ -555,17 +681,13 @@ void module_usage() {
" hydra -P pass.txt target cisco-enable (direct console access)\n"
" hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n"
" hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "cisco") == 0)) {
}
void usage_cisco(const char* service) {
printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n");
find = 1;
}
if (!find && ((strcmp(hydra_options.service, "ldap2") == 0)
|| (strcmp(hydra_options.service, "ldap3") == 0)
|| (strcmp(hydra_options.service, "ldap3-crammd5") == 0)
|| (strcmp(hydra_options.service, "ldap3-digestmd5") == 0))
) {
}
void usage_ldap(const char* service) {
printf("Module %s is optionally taking the DN (depending of the auth method choosed\n"
"Note: you can also specify the DN as login when Simple auth method is used).\n"
"The keyword \"^USER^\" is replaced with the login.\n"
@ -573,10 +695,10 @@ void module_usage() {
"unauthenticated (user but no pass), user/pass authenticated (user and pass).\n"
"So don't forget to set empty string as user/pass to test all modes.\n"
"Hint: to authenticate to a windows active directy ldap, this is usually\n"
" cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service);
find = 1;
}
if (!find && ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))) {
" cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", service);
}
void usage_smb(const char* service) {
printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n"
"Note: you can set the group type using LOCAL or DOMAIN keyword\n"
" or other_domain:{value} to specify a trusted domain.\n"
@ -587,16 +709,9 @@ void module_usage() {
" hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n"
" hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n"
" hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n");
find = 1;
}
if (!find && ((strcmp(hydra_options.service, "http-get-form") == 0)
|| (strcmp(hydra_options.service, "https-get-form") == 0)
|| (strcmp(hydra_options.service, "http-post-form") == 0)
|| (strcmp(hydra_options.service, "https-post-form") == 0)
|| (strncmp(hydra_options.service, "http-form", 9) == 0)
|| (strncmp(hydra_options.service, "https-form", 10) == 0)
)
) {
}
void usage_http_form(const char* service) {
printf("Module %s requires the page and the parameters for the web form.\n\n"
"By default this module is configured to follow a maximum of 5 redirections in\n"
"a row. It always gathers a new cookie from the same URL without variables\n"
@ -630,52 +745,63 @@ void module_usage() {
" \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n"
" \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n"
" \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F<target>%%2Fexchange&flags=0&username=<domain>%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n",
hydra_options.service);
find = 1;
}
if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) {
service);
}
void usage_http_proxy(const char* service) {
printf("Module http-proxy is optionally taking the page to authenticate at.\n"
"Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) {
}
void usage_http_proxy_urlenum(const char* service) {
printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n"
"The -L loginfile must contain the URL list to try through the proxy.\n"
"The proxy credentials cann be put as the optional parameter, e.g.\n"
" hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n");
find = 1;
}
if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) {
printf("Module snmp is optionally taking the following parameters:\n");
printf(" READ perform read requests (default)\n");
printf(" WRITE perform write requests\n");
printf(" 1 use SNMP version 1 (default)\n");
printf(" 2 use SNMP version 2\n");
printf(" 3 use SNMP version 3\n");
printf(" Note that SNMP version 3 usually uses both login and passwords!\n");
printf(" SNMP version 3 has the following optional sub parameters:\n");
printf(" MD5 use MD5 authentication (default)\n");
printf(" SHA use SHA authentication\n");
printf(" DES use DES encryption\n");
printf(" AES use AES encryption\n");
printf(" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n");
printf(" only requires a password (or username) not both.\n");
printf("To combine the options, use colons (\":\"), e.g.:\n");
printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n");
printf(" hydra -P pass.txt -m 2 target.com snmp\n");
find = 1;
}
if (!find && ((strcmp(hydra_options.service, "http-get") == 0)
|| (strcmp(hydra_options.service, "https-get") == 0)
|| (strcmp(hydra_options.service, "http-post") == 0)
|| (strcmp(hydra_options.service, "https-post") == 0))
) {
}
void usage_snmp(const char* service) {
printf("Module snmp is optionally taking the following parameters:\n"
" READ perform read requests (default)\n"
" WRITE perform write requests\n"
" 1 use SNMP version 1 (default)\n"
" 2 use SNMP version 2\n"
" 3 use SNMP version 3\n"
" Note that SNMP version 3 usually uses both login and passwords!\n"
" SNMP version 3 has the following optional sub parameters:\n"
" MD5 use MD5 authentication (default)\n"
" SHA use SHA authentication\n"
" DES use DES encryption\n"
" AES use AES encryption\n"
" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"
" only requires a password (or username) not both.\n"
"To combine the options, use colons (\":\"), e.g.:\n"
" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"
" hydra -P pass.txt -m 2 target.com snmp\n");
}
void usage_http(const char* service) {
printf("Module %s requires the page to authenticate.\n"
"For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service);
find = 1;
"For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", service);
}
void module_usage() {
int i;
if (!hydra_options.service) {
printf("The Module %s does not need or support optional parameters\n", hydra_options.service);
exit(0);
}
printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service);
for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) {
if (strcmp(hydra_options.service, services[i].name) == 0) {
if (services[i].usage) {
services[i].usage(hydra_options.service);
exit(0);
}
}
if (!find) // this is also printed if the module does not exist at all
}
printf("The Module %s does not need or support optional parameters\n", hydra_options.service);
exit(0);
}
@ -1204,102 +1330,6 @@ char *hydra_build_time() {
return (char *) &datetime;
}
typedef void (*service_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname);
typedef int (*service_init_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname);
#define SERVICE2(name, func) { name, service_##func##_init, service_##func }
#define SERVICE(name) { #name, service_##name##_init, service_##name }
static const struct {
const char* name;
service_init_t init;
service_t exec;
} services[] = {
SERVICE(adam6500),
#ifdef LIBAFP
SERVICE(afp),
#endif
SERVICE(asterisk),
SERVICE(cisco),
SERVICE2("cisco-enable", cisco_enable),
SERVICE(cvs),
#ifdef LIBFIREBIRD
SERVICE(firebird),
#endif
SERVICE(ftp),
{ "ftps", service_ftp_init, service_ftps },
{ "http-get", service_http_init, service_http_get },
{ "http-get-form", service_http_form_init, service_http_get_form },
{ "http-head", service_http_init, service_http_head },
{ "http-form", service_http_form_init, NULL },
{ "http-post", NULL, service_http_post },
{ "http-post-form", service_http_form_init, service_http_post_form },
SERVICE2("http-proxy", http_proxy),
SERVICE2("http-proxy-urlenum", http_proxy_urlenum),
SERVICE(icq),
SERVICE(imap),
SERVICE(irc),
{ "ldap2", service_ldap_init, service_ldap2 },
{ "ldap3", service_ldap_init, service_ldap3 },
{ "ldap3-crammd5", service_ldap_init, service_ldap3_cram_md5 },
{ "ldap3-digestmd5", service_ldap_init, service_ldap3_digest_md5 },
SERVICE(mssql),
#ifdef HAVE_MATH_H
SERVICE(mysql),
#endif
#ifdef LIBNCP
SERVICE(ncp),
#endif
SERVICE(nntp),
#ifdef LIBORACLE
SERVICE(oracle),
#endif
#ifdef LIBOPENSSL
SERVICE2("oracle-listener", oracle_listener),
SERVICE2("oracle-sid", oracle_sid),
#endif
SERVICE(pcanywhere),
SERVICE(pcnfs),
SERVICE(pop3),
#ifdef LIBPOSTGRES
SERVICE(postgres),
#endif
SERVICE(redis),
SERVICE(rexec),
#ifdef LIBOPENSSL
SERVICE(rdp),
#endif
SERVICE(rlogin),
SERVICE(rsh),
SERVICE(rtsp),
SERVICE(rpcap),
SERVICE2("s7-300", s7_300),
#ifdef LIBSAPR3
SERVICE(sapr3),
#endif
#ifdef LIBOPENSSL
SERVICE(sip),
SERVICE2("smbnt", smb),
SERVICE(smb),
#endif
SERVICE(smtp),
SERVICE2("smtp-enum", smtp_enum),
SERVICE(snmp),
SERVICE(socks5),
#ifdef LIBSSH
{ "ssh", NULL, service_ssh },
SERVICE(sshkey),
#endif
#ifdef LIBSVN
SERVICE(svn),
#endif
SERVICE(teamspeak),
SERVICE(telnet),
SERVICE(vmauthd),
SERVICE(vnc),
{ "xmpp", service_xmpp_init, NULL }
};
void hydra_service_init(int target_no) {
int x = 99;
int i;