github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-21 13:53:59 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1 from vanhauser-thc/master

Browse source 
Updating local to upstream
This commit is contained in:
x0x7 2016-02-05 23:41:59 -05:00
commit 62be0a4aad
8 changed files with 52 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CHANGES
View file

@ -14,6 +14,8 @@ Release 8.2-pre
* Fixed a bug where the cisco-enable module was not working with the password-only logon mode * Fixed a bug where the cisco-enable module was not working with the password-only logon mode
* Fixed an out of memory bug in http-form * Fixed an out of memory bug in http-form
* Fixed imap PLAIN method * Fixed imap PLAIN method
* Added warning if HYDRA_PROXY_CONNECT environment is detected, that is an outdated setting
* Added --fhs switch to configure (for Linux distribution usage)
* ... your patch? * ... your patch?

2
Makefile.am
View file

@ -1,5 +1,5 @@
# #
# Makefile for Hydra - (c) 2001-2014 by van Hauser / THC <vh@thc.org> # Makefile for Hydra - (c) 2001-2016 by van Hauser / THC <vh@thc.org>
# #
OPTS=-I. -O3 OPTS=-I. -O3
# -Wall -g -pedantic # -Wall -g -pedantic

27
configure vendored
View file

@ -6,6 +6,7 @@
if [ "$1" = "-h" -o "$1" = "--help" ]; then if [ "$1" = "-h" -o "$1" = "--help" ]; then
echo Options: echo Options:
echo " --prefix=path path to install hydra and its datafiles to" echo " --prefix=path path to install hydra and its datafiles to"
echo " --fhs install according to the File System Hierarchy Standard"
echo " --with-oracle=prefix prefix for oracle include dir" echo " --with-oracle=prefix prefix for oracle include dir"
echo " --with-oracle-lib=prefix prefix for oracle lib dir" echo " --with-oracle-lib=prefix prefix for oracle lib dir"
echo " --with-ssl=prefix prefix for SSL headers" echo " --with-ssl=prefix prefix for SSL headers"
@ -17,6 +18,7 @@ if [ "$1" = "-h" -o "$1" = "--help" ]; then
exit 0 exit 0
fi fi
FHS=""
SIXFOUR="" SIXFOUR=""
DEBUG="" DEBUG=""
PREFIX="" PREFIX=""
@ -72,6 +74,12 @@ if [ '!' "X" = "X$*" ]; then
NOSTRIP="yes" NOSTRIP="yes"
fi fi
fi fi
if [ "X" = "X$FHS" ]; then
FHS_TMP=`echo "$1"|sed 's/.*--fhs//'`
if [ -z "$FHS_TMP" ]; then
FHS="yes"
fi
fi
if [ "X" = "X$DEBUG" ]; then if [ "X" = "X$DEBUG" ]; then
DEBUG_TMP=`echo "$1"|sed 's/.*--debug//'` DEBUG_TMP=`echo "$1"|sed 's/.*--debug//'`
if [ -z "$DEBUG_TMP" ]; then if [ -z "$DEBUG_TMP" ]; then
@ -191,7 +199,7 @@ else
fi fi
SSLNEW="" SSLNEW=""
if [ "X" = "X$WSSL_PATH" ]; then if [ "X" = "X$SSL_PATH" ]; then
SSL_PATH="$i" SSL_PATH="$i"
SSLNEW=`grep SHA256_CTX $i/openssl/sha.h 2> /dev/null` SSLNEW=`grep SHA256_CTX $i/openssl/sha.h 2> /dev/null`
else else
@ -1191,9 +1199,16 @@ else
XHYDRA_SUPPORT="xhydra" XHYDRA_SUPPORT="xhydra"
fi fi
echo "Hydra will be installed into .../bin of: $PREFIX" if [ "X" != "X$FHS" ]; then
echo " (change this by running ./configure --prefix=path)" PREFIX=/usr
echo echo "Hydra will be installed into .../bin of: $PREFIX"
echo " (according to the File System Hierarchy Standard)"
echo
else
echo "Hydra will be installed into .../bin of: $PREFIX"
echo " (change this by running ./configure --prefix=path)"
echo
fi
if [ "X" != "X$DEBUG" ]; then if [ "X" != "X$DEBUG" ]; then
echo DEBUG: XDEFINES=$XDEFINES $MATH echo DEBUG: XDEFINES=$XDEFINES $MATH
@ -1206,6 +1221,10 @@ if [ "X" != "X$DEBUG" ]; then
fi fi
echo "Writing Makefile.in ..." echo "Writing Makefile.in ..."
if [ "X" != "X$FHS" ]; then
echo "MANDIR = /share/man/man1" >> Makefile.in
echo "DATADIR = /share/hydra" >> Makefile.in
fi
echo "XDEFINES=$XDEFINES $MATH" >> Makefile.in echo "XDEFINES=$XDEFINES $MATH" >> Makefile.in
echo "XLIBS=$XLIBS" >> Makefile.in echo "XLIBS=$XLIBS" >> Makefile.in
echo "XLIBPATHS=$XLIBPATHS" >> Makefile.in echo "XLIBPATHS=$XLIBPATHS" >> Makefile.in

2
hydra-http-form.c
View file

@ -432,7 +432,7 @@ char *html_encode(char *string) {
if (index(ret, '&') != NULL) if (index(ret, '&') != NULL)
ret = hydra_strrep(ret, "&", "%26"); ret = hydra_strrep(ret, "&", "%26");
if (index(ret, '#') != NULL) if (index(ret, '#') != NULL)
ret = hydra_strrep(ret, "&", "%23"); ret = hydra_strrep(ret, "#", "%23");
return ret; return ret;
} }

6
hydra-mod.c
View file

@ -480,7 +480,7 @@ int internal__hydra_connect_to_ssl(int socket) {
} else { } else {
// if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) { // if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) {
#ifndef TLSv1_2_client_method #ifndef TLSv1_2_client_method
#define TLSv1_2_client_method TLSv1_client_method #define TLSv1_2_client_method TLSv1_client_method
#endif #endif
if ((sslContext = SSL_CTX_new(TLSv1_2_client_method())) == NULL) { if ((sslContext = SSL_CTX_new(TLSv1_2_client_method())) == NULL) {
if (verbose) { if (verbose) {
@ -774,6 +774,7 @@ int hydra_connect_to_ssl(int socket) {
#ifdef LIBOPENSSL #ifdef LIBOPENSSL
return (internal__hydra_connect_to_ssl(socket)); return (internal__hydra_connect_to_ssl(socket));
#else #else
fprintf(stderr, "Error: not compiled with SSL\n");
return -1; return -1;
#endif #endif
} }
@ -786,7 +787,8 @@ int hydra_connect_ssl(char *host, int port) {
#ifdef LIBOPENSSL #ifdef LIBOPENSSL
return (internal__hydra_connect_ssl(host, port, SOCK_STREAM, 6)); return (internal__hydra_connect_ssl(host, port, SOCK_STREAM, 6));
#else #else
return (internal__hydra_connect(host, port, SOCK_STREAM, 6)); fprintf(stderr, "Error: not compiled with SSL\n");
return -1;
#endif #endif
} }

4
hydra-ssh.c
View file

@ -48,7 +48,7 @@ int start_ssh(int s, char *ip, int port, unsigned char options, char *miscptr, F
if (ssh_connect(session) != 0) { if (ssh_connect(session) != 0) {
//if the connection was drop, exit and let hydra main handle it //if the connection was drop, exit and let hydra main handle it
if (verbose) if (verbose)
hydra_report(stderr, "[ERROR] could not connect to target port %d\n", port); hydra_report(stderr, "[ERROR] could not connect to target port %d: %s\n", port, ssh_get_error(session));
return 3; return 3;
} }
@ -175,7 +175,7 @@ int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FIL
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
if (ssh_connect(session) != 0) { if (ssh_connect(session) != 0) {
fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d\n", hydra_address2string(ip), port); fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d - %s\n", hydra_address2string(ip), port, ssh_get_error(session));
return 2; return 2;
} }
rc = ssh_userauth_none(session, NULL); rc = ssh_userauth_none(session, NULL);

31
hydra.c
View file

@ -1,5 +1,5 @@
/* /*
* hydra (c) 2001-2014 by van Hauser / THC <vh@thc.org> * hydra (c) 2001-2016 by van Hauser / THC <vh@thc.org>
* http://www.thc.org * http://www.thc.org
* *
* Parallized network login hacker. * Parallized network login hacker.
@ -2173,7 +2173,7 @@ int main(int argc, char *argv[]) {
struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in6 *ipv6 = NULL;
struct sockaddr_in *ipv4 = NULL; struct sockaddr_in *ipv4 = NULL;
printf("%s %s (c) 2014 by %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR); printf("%s %s (c) 2016 by %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR);
#ifndef LIBPOSTGRES #ifndef LIBPOSTGRES
SERVICES = hydra_string_replace(SERVICES, "postgres ", ""); SERVICES = hydra_string_replace(SERVICES, "postgres ", "");
strcat(unsupported, "postgres "); strcat(unsupported, "postgres ");
@ -2552,6 +2552,9 @@ int main(int argc, char *argv[]) {
hydra_options.miscptr = argv[optind + 2]; hydra_options.miscptr = argv[optind + 2];
} }
if (getenv("HYDRA_PROXY_CONNECT"))
fprintf(stderr, "[WARNING] The environment variable HYDRA_PROXY_CONNECT is not used! Use HYDRA_PROXY instead!\n");
if (strcmp(hydra_options.service, "http") == 0 || strcmp(hydra_options.service, "https") == 0) { if (strcmp(hydra_options.service, "http") == 0 || strcmp(hydra_options.service, "https") == 0) {
fprintf(stderr, "[ERROR] There is no service \"%s\", most likely you mean one of the many web modules, e.g. http-get or http-form-post. Read it up!\n", hydra_options.service); fprintf(stderr, "[ERROR] There is no service \"%s\", most likely you mean one of the many web modules, e.g. http-get or http-form-post. Read it up!\n", hydra_options.service);
exit(-1); exit(-1);
@ -2841,8 +2844,7 @@ int main(int argc, char *argv[]) {
if (hydra_options.colonfile == NULL if (hydra_options.colonfile == NULL
&& ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) {
if (j > 3) { if (j > 3) {
fprintf(stderr, fprintf(stderr, "[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n");
"[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n");
exit(-1); exit(-1);
} }
fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, NoAuthNoPriv is assumed. This is an unusual case, you should know what you are doing\n"); fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, NoAuthNoPriv is assumed. This is an unusual case, you should know what you are doing\n");
@ -3030,7 +3032,7 @@ int main(int argc, char *argv[]) {
} }
break; break;
default: default:
fprintf(stderr, "[ERROR] Unknown optional argument: %s", optional1); fprintf(stderr, "[ERROR] Unknown optional argument: %s\n", optional1);
} }
} }
} }
@ -3068,8 +3070,7 @@ int main(int argc, char *argv[]) {
} }
if (hydra_options.ssl == 0 && hydra_options.port == 443) if (hydra_options.ssl == 0 && hydra_options.port == 443)
fprintf(stderr, fprintf(stderr, "[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n");
"[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n");
if (hydra_options.loop_mode && hydra_options.colonfile != NULL) if (hydra_options.loop_mode && hydra_options.colonfile != NULL)
bail("The loop mode option (-u) works with all modes - except colon files (-C)\n"); bail("The loop mode option (-u) works with all modes - except colon files (-C)\n");
@ -3134,13 +3135,13 @@ int main(int argc, char *argv[]) {
if (hydra_options.colonfile == NULL) { if (hydra_options.colonfile == NULL) {
if (hydra_options.loginfile != NULL) { if (hydra_options.loginfile != NULL) {
if ((lfp = fopen(hydra_options.loginfile, "r")) == NULL) { if ((lfp = fopen(hydra_options.loginfile, "r")) == NULL) {
fprintf(stderr, "[ERROR] File for logins not found: %s", hydra_options.loginfile); fprintf(stderr, "[ERROR] File for logins not found: %s\n", hydra_options.loginfile);
exit(-1); exit(-1);
} }
hydra_brains.countlogin = countlines(lfp, 0); hydra_brains.countlogin = countlines(lfp, 0);
hydra_brains.sizelogin = size_of_data; hydra_brains.sizelogin = size_of_data;
if (hydra_brains.countlogin == 0) { if (hydra_brains.countlogin == 0) {
fprintf(stderr, "[ERROR] File for logins is empty: %s", hydra_options.loginfile); fprintf(stderr, "[ERROR] File for logins is empty: %s\n", hydra_options.loginfile);
exit(-1); exit(-1);
} }
if (hydra_brains.countlogin > MAX_LINES) { if (hydra_brains.countlogin > MAX_LINES) {
@ -3163,13 +3164,13 @@ int main(int argc, char *argv[]) {
} }
if (hydra_options.passfile != NULL) { if (hydra_options.passfile != NULL) {
if ((pfp = fopen(hydra_options.passfile, "r")) == NULL) { if ((pfp = fopen(hydra_options.passfile, "r")) == NULL) {
fprintf(stderr, "[ERROR] File for passwords not found: %s", hydra_options.passfile); fprintf(stderr, "[ERROR] File for passwords not found: %s\n", hydra_options.passfile);
exit(-1); exit(-1);
} }
hydra_brains.countpass = countlines(pfp, 0); hydra_brains.countpass = countlines(pfp, 0);
hydra_brains.sizepass = size_of_data; hydra_brains.sizepass = size_of_data;
if (hydra_brains.countpass == 0) { if (hydra_brains.countpass == 0) {
fprintf(stderr, "[ERROR] File for passwords is empty: %s", hydra_options.passfile); fprintf(stderr, "[ERROR] File for passwords is empty: %s\n", hydra_options.passfile);
exit(-1); exit(-1);
} }
if (hydra_brains.countpass > MAX_LINES) { if (hydra_brains.countpass > MAX_LINES) {
@ -3210,13 +3211,13 @@ int main(int argc, char *argv[]) {
} }
} else { } else {
if ((cfp = fopen(hydra_options.colonfile, "r")) == NULL) { if ((cfp = fopen(hydra_options.colonfile, "r")) == NULL) {
fprintf(stderr, "[ERROR] File for colon files (login:pass) not found: %s", hydra_options.colonfile); fprintf(stderr, "[ERROR] File for colon files (login:pass) not found: %s\n", hydra_options.colonfile);
exit(-1); exit(-1);
} }
hydra_brains.countlogin = countlines(cfp, 1); hydra_brains.countlogin = countlines(cfp, 1);
hydra_brains.sizelogin = size_of_data; hydra_brains.sizelogin = size_of_data;
if (hydra_brains.countlogin == 0) { if (hydra_brains.countlogin == 0) {
fprintf(stderr, "[ERROR] File for colon files (login:pass) is empty: %s", hydra_options.colonfile); fprintf(stderr, "[ERROR] File for colon files (login:pass) is empty: %s\n", hydra_options.colonfile);
exit(-1); exit(-1);
} }
if (hydra_brains.countlogin > MAX_LINES / 2) { if (hydra_brains.countlogin > MAX_LINES / 2) {
@ -3255,12 +3256,12 @@ int main(int argc, char *argv[]) {
if (hydra_options.infile_ptr != NULL) { if (hydra_options.infile_ptr != NULL) {
if ((ifp = fopen(hydra_options.infile_ptr, "r")) == NULL) { if ((ifp = fopen(hydra_options.infile_ptr, "r")) == NULL) {
fprintf(stderr, "[ERROR] File for targets not found: %s", hydra_options.infile_ptr); fprintf(stderr, "[ERROR] File for targets not found: %s\n", hydra_options.infile_ptr);
exit(-1); exit(-1);
} }
hydra_brains.targets = countservers = countinfile = countlines(ifp, 0); hydra_brains.targets = countservers = countinfile = countlines(ifp, 0);
if (countinfile == 0) { if (countinfile == 0) {
fprintf(stderr, "[ERROR] File for targets is empty: %s", hydra_options.infile_ptr); fprintf(stderr, "[ERROR] File for targets is empty: %s\n", hydra_options.infile_ptr);
exit(-1); exit(-1);
} }
// if (countinfile > 60) fprintf(stderr, "[WARNING] the -M option is not working correctly at the moment for target lists > 60!\n"); // if (countinfile > 60) fprintf(stderr, "[WARNING] the -M option is not working correctly at the moment for target lists > 60!\n");

6
ntlm.c
View file

@ -1172,7 +1172,7 @@ static void dumpRaw(FILE * fp, unsigned char *buf, size_t len) {
static char *unicodeToString(char *p, size_t len) { static char *unicodeToString(char *p, size_t len) {
int i; int i;
static char buf[1024]; static char buf[4096];
assert(len + 1 < sizeof buf); assert(len + 1 < sizeof buf);
@ -1186,7 +1186,7 @@ static char *unicodeToString(char *p, size_t len) {
} }
static unsigned char *strToUnicode(char *p) { static unsigned char *strToUnicode(char *p) {
static unsigned char buf[1024]; static unsigned char buf[4096];
size_t l = strlen(p); size_t l = strlen(p);
int i = 0; int i = 0;
@ -1201,7 +1201,7 @@ static unsigned char *strToUnicode(char *p) {
} }
static unsigned char *toString(char *p, size_t len) { static unsigned char *toString(char *p, size_t len) {
static unsigned char buf[1024]; static unsigned char buf[4096];
assert(len + 1 < sizeof buf); assert(len + 1 < sizeof buf);