initial commit

2025-07-05 20:41:39 -07:00 · 2014-04-24 16:49:18 +02:00 · 2014-04-24 16:49:18 +02:00 · 6a94f708e8
commit 6a94f708e8
122 changed files with 60195 additions and 0 deletions
--- a/hydra-icq.c
+++ b/hydra-icq.c
@ -0,0 +1,256 @@
+#include "hydra-mod.h"
+
+extern char *HYDRA_EXIT;
+extern int child_head_no;
+int seq = 1;
+
+const unsigned char icq5_table[] = {
+  0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C,
+  0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F,
+  0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50,
+  0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64,
+  0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C,
+  0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48, 0x33, 0x31,
+  0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48,
+  0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A,
+  0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F,
+  0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64,
+  0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50,
+  0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35, 0x5A, 0x4A, 0x62, 0x66,
+  0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58,
+  0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C,
+  0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44,
+  0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C,
+  0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59,
+  0x60, 0x57, 0x5B, 0x3D, 0x3E, 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A,
+  0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B,
+  0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67,
+  0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D,
+  0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43,
+  0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35,
+  0x5A, 0x00, 0x00
+};
+
+void fix_packet(char *buf, int len) {
+  unsigned long c1, c2;
+  unsigned long r1, r2;
+  int pos, key, k;
+
+  c1 = buf[8];
+  c1 <<= 8;
+  c1 |= buf[4];
+  c1 <<= 8;
+  c1 |= buf[2];
+  c1 <<= 8;
+  c1 |= buf[6];
+
+  r1 = (rand() % (len - 0x18)) + 0x18;
+  r2 = rand() & 0xff;
+
+  c2 = r1;
+  c2 <<= 8;
+  c2 |= buf[r1];
+  c2 <<= 8;
+  c2 |= r2;
+  c2 <<= 8;
+  c2 |= icq5_table[r2];
+  c2 ^= 0xff00ff;
+
+  c1 ^= c2;
+  buf[0x14] = c1 & 0xff;
+  buf[0x15] = (c1 >> 8) & 0xff;
+  buf[0x16] = (c1 >> 16) & 0xff;
+  buf[0x17] = (c1 >> 24) & 0xff;
+
+  key = len * 0x68656c6cL;
+  key += c1;
+  pos = 0xa;
+
+  for (; pos < len; pos += 4)
+    k = key + icq5_table[pos & 0xff];
+}
+
+void icq_header(char *buf, unsigned short cmd, unsigned long uin) {
+  buf[0] = 0x02;
+  buf[1] = 0x00;
+  buf[2] = cmd & 0xff;
+  buf[3] = (cmd >> 8) & 0xff;
+  buf[4] = seq & 0xff;
+  buf[5] = (seq++ >> 8) & 0xff;
+  buf[6] = uin & 0xff;
+  buf[7] = (uin >> 8) & 0xff;
+  buf[8] = (uin >> 16) & 0xff;
+  buf[9] = (uin >> 24) & 0xff;
+}
+
+int icq_login(int s, char *login, char *pass) {
+  unsigned long uin = strtoul(login, NULL, 10);
+  char buf[256];
+  int len;
+
+  bzero(buf, sizeof(buf));
+
+  icq_header(buf, 0x03e8, uin);
+  len = strlen(pass) + 1;
+  buf[14] = len;
+  memcpy(&buf[16], pass, len);
+  buf[16 + len] = 0x78;
+  buf[24 + len] = 0x04;
+  buf[29 + len] = 0x02;
+  buf[39 + len] = 0x08;
+  buf[41 + len] = 0x78;
+
+  return (hydra_send(s, buf, 43 + len, 0));
+}
+
+int icq_login_1(int s, char *login) {
+  unsigned long uin = strtoul(login, NULL, 10);
+  char buf[64];
+
+  icq_header(buf, 0x044c, uin);
+  return (hydra_send(s, buf, 10, 0));
+}
+
+int icq_disconnect(int s, char *login) {
+  unsigned long uin = strtoul(login, NULL, 10);
+  char buf[64];
+
+  bzero(buf, sizeof(buf));
+  icq_header(buf, 0x0438, uin);
+  buf[10] = 20;
+  memcpy(&buf[12], "B_USER_DISCONNECTED", 20);
+  buf[32] = 0x5;
+  return (hydra_send(s, buf, 34, 0));
+}
+
+int icq_ack(int s, char *login) {
+  unsigned long uin = strtoul(login, NULL, 10);
+  char buf[64];
+
+  buf[0] = 0x02;
+  buf[1] = 0x00;
+  buf[2] = 0x0a;
+  buf[3] = 0x0;
+  buf[4] = seq & 0xff;
+  buf[5] = (seq >> 8) & 0xff;
+  buf[6] = uin & 0xff;
+  buf[7] = (uin >> 8) & 0xff;
+  buf[8] = (uin >> 16) & 0xff;
+  buf[9] = (uin >> 24) & 0xff;
+
+  return (hydra_send(s, buf, 10, 0));
+}
+
+int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * fp) {
+  unsigned char buf[1024];
+  char *login, *pass;
+  char *empty = "";
+  int i, r;
+
+  if (strlen(login = hydra_get_next_login()) == 0)
+    return 2;
+  if (strlen(pass = hydra_get_next_password()) == 0)
+    pass = empty;
+
+  for (i = 0; login[i]; i++)
+    if (!isdigit((int) login[i])) {
+      fprintf(stderr, "[ERROR] Invalid UIN %s\n, ignoring.", login);
+      hydra_completed_pair();
+      return 2;
+    }
+
+  icq_login(sock, login, pass);
+
+  while (1) {
+    if ((r = hydra_recv(sock, (char *) buf, sizeof(buf))) == 0) {
+      return 1;
+    }
+
+    if (r < 0) {
+      if (verbose)
+        fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int) getpid());
+      return 3;
+    }
+
+    if (buf[2] == 0x5a && buf[3] == 0x00) {
+      hydra_report_found_host(port, ip, "icq", output);
+      hydra_completed_pair_found();
+      icq_ack(sock, login);
+      icq_login_1(sock, login);
+      hydra_recv(sock, (char *) buf, sizeof(buf));
+      icq_ack(sock, login);
+      hydra_recv(sock, (char *) buf, sizeof(buf));
+      icq_ack(sock, login);
+      icq_disconnect(sock, login);
+      break;
+    } else if ((buf[2] != 10 && buf[2] != 250) || buf[3] != 0) {
+      hydra_completed_pair();
+      break;
+    }
+
+/*       if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0)) */
+  }
+
+  if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+    return 3;
+  return 1;
+}
+
+void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
+  int run = 1, next_run = 1, sock = -1;
+  int myport = PORT_ICQ;
+
+  if (port)
+    myport = port;
+
+  port = myport;
+
+  if ((options & OPTION_SSL) != 0 && child_head_no == 0) {
+    fprintf(stderr, "[ERROR] You can not use SSL with ICQ!\n");
+    hydra_child_exit(0);
+  }
+
+  hydra_register_socket(sp);
+  if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+    return;
+
+  while (1) {
+    switch (run) {
+    case 1:
+      if (sock >= 0)
+        sock = hydra_disconnect(sock);
+      sock = hydra_connect_udp(ip, myport);
+      if (sock < 0) {
+        fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
+        hydra_child_exit(1);
+      }
+      next_run = 2;
+      break;
+    case 2:
+      next_run = start_icq(sock, ip, port, fp, miscptr, fp);
+      break;
+    case 3:
+      if (sock >= 0)
+        sock = hydra_disconnect(sock);
+      hydra_child_exit(2);
+    default:
+      fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
+      hydra_child_exit(2);
+    }
+    run = next_run;
+  }
+}
+
+int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
+  // called before the childrens are forked off, so this is the function
+  // which should be filled if initial connections and service setup has to be
+  // performed once only.
+  //
+  // fill if needed.
+  // 
+  // return codes:
+  //   0 all OK
+  //   -1  error, hydra will exit, so print a good error message here
+
+  return 0;
+}