github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-05 20:41:39 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

no comments

Browse source
This commit is contained in:
Imane Khouani 2025-02-06 17:48:39 +01:00
parent 5e01d0d4e5
commit 6cca92477e
1 changed files with 87 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

152
hydra-http-form.c
View file

@ -85,6 +85,11 @@ int32_t redirected_cpt = MAX_REDIRECT;
char *cookie_request = NULL, *normal_request = NULL; // Buffers for HTTP headers char *cookie_request = NULL, *normal_request = NULL; // Buffers for HTTP headers
void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr,
FILE *fp, int32_t port, char *hostname, char *type,
ptr_header_node *ptr_head, ptr_cookie_node *ptr_cookie);
/* /*
* Function to perform some initial setup. * Function to perform some initial setup.
*/ */
@ -103,6 +108,8 @@ ptr_header_node header_exists(ptr_header_node *ptr_head, char *header_name, char
return found_header; return found_header;
} }
#if defined(__sun) #if defined(__sun)
/* Written by Kaveh R. Ghazi <ghazi@caip.rutgers.edu> */ /* Written by Kaveh R. Ghazi <ghazi@caip.rutgers.edu> */
@ -545,31 +552,31 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
char *build_multipart_body(char *multipart_boundary) { char *build_multipart_body(char *multipart_boundary) {
if (!variables) if (!variables)
return NULL; // Pas de paramètres à traiter return NULL;
char *body = NULL; // Chaîne résultat char *body = NULL;
size_t body_size = 0; // Taille actuelle du corps size_t body_size = 0;
// Dupliquer la chaîne "variables" afin de pouvoir la tokeniser // Duplicate "variables" for tokenizing
char *vars_dup = strdup(variables); char *vars_dup = strdup(variables);
if (!vars_dup) if (!vars_dup)
return NULL; return NULL;
// Tokeniser la chaîne sur le caractère '&' // Tokenize the string using '&' as a delimiter
char *pair = strtok(vars_dup, "&"); char *pair = strtok(vars_dup, "&");
while (pair != NULL) { while (pair != NULL) {
// Pour chaque paire, rechercher le séparateur '=' // Find the '=' separator in each pair
char *equal_sign = strchr(pair, '='); char *equal_sign = strchr(pair, '=');
if (!equal_sign) { if (!equal_sign) {
pair = strtok(NULL, "&"); pair = strtok(NULL, "&");
continue; continue;
} }
*equal_sign = '\0'; // Terminer la clé *equal_sign = '\0';
char *key = pair; char *key = pair;
char *value = equal_sign + 1; char *value = equal_sign + 1;
// Construire la section multipart pour ce champ. // Build the multipart section for the field
// Format attendu : // Expected format:
// --<boundary>\r\n // --<boundary>\r\n
// Content-Disposition: form-data; name="<key>"\r\n // Content-Disposition: form-data; name="<key>"\r\n
// \r\n // \r\n
@ -594,9 +601,9 @@ char *build_multipart_body(char *multipart_boundary) {
"%s\r\n", "%s\r\n",
multipart_boundary, key, value); multipart_boundary, key, value);
// Réallouer le buffer "body" pour y ajouter cette section // Reallocate the body buffer to add this section
size_t new_body_size = body_size + section_len; size_t new_body_size = body_size + section_len;
char *new_body = realloc(body, new_body_size + 1); // +1 pour le '\0' char *new_body = realloc(body, new_body_size + 1); // +1 for null terminator
if (!new_body) { if (!new_body) {
free(section); free(section);
free(body); free(body);
@ -604,21 +611,18 @@ char *build_multipart_body(char *multipart_boundary) {
return NULL; return NULL;
} }
body = new_body; body = new_body;
if (body_size == 0) { if (body_size == 0)
strcpy(body, section); strcpy(body, section);
} else { else
strcat(body, section); strcat(body, section);
}
body_size = new_body_size; body_size = new_body_size;
free(section); free(section);
// Passage à la paire suivante
pair = strtok(NULL, "&"); pair = strtok(NULL, "&");
} }
free(vars_dup); free(vars_dup);
// Ajouter la fermeture du multipart : // Append the closing boundary: --<boundary>--\r\n
// --<boundary>--\r\n
int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary); int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary);
char *closing = malloc(closing_len + 1); char *closing = malloc(closing_len + 1);
if (!closing) { if (!closing) {
@ -853,12 +857,11 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH];
memset(header, 0, sizeof(header)); memset(header, 0, sizeof(header));
cookie[0] = 0; // Réinitialiser les cookies d'une tentative antérieure cookie[0] = 0;
if (use_proxy > 0 && proxy_count > 0) if (use_proxy > 0 && proxy_count > 0)
selected_proxy = random() % proxy_count; selected_proxy = random() % proxy_count;
/* Récupération du prochain login/mot de passe */
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
if (strlen(pass = hydra_get_next_password()) == 0) if (strlen(pass = hydra_get_next_password()) == 0)
@ -876,15 +879,12 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login);
upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass);
// Mise à jour des entêtes utilisateur (substitution dans les headers)
hdrrep(&ptr_head, "^USER^", clogin); hdrrep(&ptr_head, "^USER^", clogin);
hdrrep(&ptr_head, "^PASS^", cpass); hdrrep(&ptr_head, "^PASS^", cpass);
hdrrep(&ptr_head, "^USER64^", b64login); hdrrep(&ptr_head, "^USER64^", b64login);
hdrrep(&ptr_head, "^PASS64^", b64pass); hdrrep(&ptr_head, "^PASS64^", b64pass);
/* Gestion du proxy (cas avec proxy authentifié ou non) */
if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) {
/* --- Bloc pour proxy avec authentification --- */
if (getcookie) { if (getcookie) {
memset(proxy_string, 0, sizeof(proxy_string)); memset(proxy_string, 0, sizeof(proxy_string));
snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl);
@ -926,7 +926,6 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
return 1; return 1;
} }
} else { } else {
/* Cas GET avec proxy authentifié */
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", "0"); hdrrepv(&ptr_head, "Content-Length", "0");
if (cookie_header != NULL) if (cookie_header != NULL)
@ -948,7 +947,6 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
} }
} }
} else if (use_proxy == 1) { } else if (use_proxy == 1) {
/* --- Bloc pour proxy sans authentification --- */
if (getcookie) { if (getcookie) {
memset(proxy_string, 0, sizeof(proxy_string)); memset(proxy_string, 0, sizeof(proxy_string));
snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl);
@ -1011,7 +1009,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
} }
} }
} else { } else {
/* --- Bloc pour accès direct au serveur (sans proxy) --- */ /* Direct access to the server (no proxy) */
normal_request = NULL; normal_request = NULL;
if (getcookie) { if (getcookie) {
if (http_request != NULL) if (http_request != NULL)
@ -1028,50 +1026,64 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
} }
hydra_reconnect(s, ip, port, options, hostname); hydra_reconnect(s, ip, port, options, hostname);
} }
/* --- Traitement multipart --- */
if (multipart_mode) { if (multipart_mode) {
char *multipart_body = NULL; char *multipart_body = NULL;
/* Définir le boundary (ici, une valeur fixe, sans '\r\n') */
char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z"; char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z";
multipart_body = build_multipart_body(multipart_boundary); multipart_body = build_multipart_body(multipart_boundary);
if (multipart_body == NULL) { if (multipart_body == NULL) {
hydra_report(stderr, "[ERROR] Failed to build multipart body.\n"); hydra_report(stderr, "[ERROR] Failed to build multipart body.\n");
return 0; return 0;
} }
// now prepare for the "real" request snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body));
// first handle multipart/form-data, which is always POST if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
if (multipart_mode){ hdrrepv(&ptr_head, "Content-Length", content_length);
char *multipart_body = NULL; else
char multipart_boundary[32] = "----THC-HydraBoundaryz2Z2z\r\n"; add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
multipart_body = build_multipart_body(multipart_boundary);
if (multipart_body == NULL) { char content_type[256];
hydra_report(stderr, "[ERROR] Failed to build multipart body. \n"); snprintf(content_type, sizeof(content_type) - 1, "multipart/form-data; boundary=%s", multipart_boundary);
return 0; if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
} add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT);
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); else
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Type", content_type);
hdrrepv(&ptr_head, "Content-Length", content_length);
else if (cookie_header != NULL)
add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); free(cookie_header);
cookie_header = stringify_cookies(ptr_cookie);
char content_type[256]; if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT))
snprintf(content_type, sizeof(content_type) - 1, "multipart/for/data; boundary=%s", multipart_boundary); add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT);
if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) else
add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); hdrrepv(&ptr_head, "Cookie", cookie_header);
else
hdrrepv(&ptr_head, "Content-type", content_type); if (normal_request != NULL)
free(normal_request);
if (cookie_header != NULL) http_request = prepare_http_request("POST", url, multipart_body, normal_request);
free(cookie_header); free(multipart_body);
cookie_header = stringify_cookies(ptr_cookie); return 1;
if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) }
add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); if (strcmp(type, "POST") == 0) {
else snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables));
hdrrepv(&ptr_head, "Cookie", cookie_header); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
if (normal_request != NULL) hdrrepv(&ptr_head, "Content-Length", content_length);
free(normal_request); else
http_request = prepare_http_request("POST", url, multipart_body, normal_request); add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
free(multipart_body); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
if (cookie_header != NULL)
free(cookie_header);
cookie_header = stringify_cookies(ptr_cookie);
if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT);
else
hdrrepv(&ptr_head, "Cookie", cookie_header);
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head);
if (http_request != NULL)
free(http_request);
http_request = prepare_http_request("POST", url, upd3variables, normal_request);
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
free(cookie_header);
return 1; return 1;
} }
} else { } else {
@ -1105,7 +1117,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
if (redirected_flag && code_302_is_success) if (redirected_flag && code_302_is_success)
found = success_cond; found = success_cond;
if (auth_flag) { // 401 error if (auth_flag) {
if (code_401_is_failure) { if (code_401_is_failure) {
hydra_completed_pair(); hydra_completed_pair();
return 1; return 1;
@ -1121,15 +1133,13 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
if (strlen(cookie) > 0) if (strlen(cookie) > 0)
process_cookies(&ptr_cookie, cookie); process_cookies(&ptr_cookie, cookie);
// Gérer les redirections
redirected_cpt = MAX_REDIRECT; redirected_cpt = MAX_REDIRECT;
if (debug) if (debug)
printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff);
while (found == 0 && redirected_flag && !code_302_is_success && while (found == 0 && redirected_flag && !code_302_is_success &&
(redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) {
// Traitement de la redirection (code non modifié ici) // Processing redirection (code omitted)
// ...
} }
if (found != -1 && found == success_cond && if (found != -1 && found == success_cond &&
@ -1156,6 +1166,18 @@ void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *m
} }
} }
void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
ptr_cookie_node ptr_cookie = NULL;
ptr_header_node ptr_head = initialize(ip, options, miscptr);
if (ptr_head)
service_http_form(ip, sp, options, miscptr, fp, port, hostname, "POST", &ptr_head, &ptr_cookie);
else {
hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n");
hydra_child_exit(2);
}
}
int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function // called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be // which should be filled if initial connections and service setup has to be