mirror of
https://github.com/vanhauser-thc/thc-hydra.git
synced 2025-07-05 12:36:09 -07:00
fixed http-post
This commit is contained in:
owein
parent
ab4aa36fd0
commit
6dfd77a37d
4 changed files with 20 additions and 36 deletions
16
bfg.c
16
bfg.c
|
|
@ -192,12 +192,12 @@ uint64_t bf_get_pcount() {
|
|||
|
||||
int accu(int value)
|
||||
{
|
||||
int sum = 0;
|
||||
for(int i=1; i<=value; ++i)
|
||||
{
|
||||
sum+=i;
|
||||
}
|
||||
return sum;
|
||||
int i = 0;
|
||||
for(int a=1; a<=value; ++a)
|
||||
{
|
||||
i+=a;
|
||||
}
|
||||
return i;
|
||||
}
|
||||
|
||||
char *bf_next(_Bool rainy) {
|
||||
|
|
@ -210,7 +210,7 @@ char *bf_next(_Bool rainy) {
|
|||
fprintf(stderr, "Error: Can not allocate memory for -x data!\n");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
if(rainy)
|
||||
{
|
||||
for (i = 0; i < bf_options.current; i++){
|
||||
|
|
@ -223,12 +223,10 @@ char *bf_next(_Bool rainy) {
|
|||
bf_options.rain-=accu(bf_options.current)-4;
|
||||
else if(bf_options.crs_len%2)
|
||||
bf_options.rain-=accu(bf_options.current)-1;
|
||||
|
||||
}
|
||||
else
|
||||
for (i = 0; i < bf_options.current; i++)
|
||||
bf_options.ptr[i] = bf_options.crs[bf_options.state[i]];
|
||||
|
||||
bf_options.ptr[bf_options.current] = 0;
|
||||
|
||||
if (debug) {
|
||||
|
|
|
|||
2
bfg.h
2
bfg.h
|
|
@ -41,7 +41,7 @@ typedef struct {
|
|||
char *crs; /* internal representation of charset */
|
||||
char *ptr; /* ptr to the last generated password */
|
||||
uint32_t disable_symbols;
|
||||
unsigned long rain;
|
||||
uint64_t rain; /* accumulator for the rain */
|
||||
} bf_option;
|
||||
|
||||
extern bf_option bf_options;
|
||||
|
|
|
|||
|
|
@ -1250,26 +1250,13 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
|
|||
webport = PORT_HTTP_SSL;
|
||||
|
||||
sprintf(bufferurl, "%.6096s", miscptr);
|
||||
url = bufferurl;
|
||||
ptr = url;
|
||||
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
|
||||
ptr++;
|
||||
if (*ptr != 0)
|
||||
*ptr++ = 0;
|
||||
variables = ptr;
|
||||
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
|
||||
ptr++;
|
||||
if (*ptr != 0)
|
||||
*ptr++ = 0;
|
||||
ptr = bufferurl;
|
||||
url = strtok(ptr, ":");
|
||||
variables = strtok(NULL, ":");
|
||||
cond = strtok(NULL, ":");
|
||||
optional1 = strtok(NULL, "\n");
|
||||
if(optional1 == NULL) optional1 = "";//will crash if NULL or 0, so set "" (don't know the difference...)
|
||||
|
||||
cond = ptr;
|
||||
|
||||
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
|
||||
ptr++;
|
||||
if (*ptr != 0)
|
||||
*ptr++ = 0;
|
||||
|
||||
optional1 = ptr;
|
||||
if (strstr(url, "\\:") != NULL) {
|
||||
if ((ptr = malloc(strlen(url))) != NULL) {
|
||||
strcpy(ptr, hydra_strrep(url, "\\:", ":"));
|
||||
|
|
@ -1309,9 +1296,9 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
|
|||
//by default condition is a fail
|
||||
success_cond = 0;
|
||||
}
|
||||
|
||||
printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond);
|
||||
|
||||
|
||||
fprintf(stderr, "miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond);
|
||||
|
||||
/*
|
||||
* Parse the user-supplied options.
|
||||
* Beware of the backslashes (\)!
|
||||
|
|
|
|||
7
hydra.c
7
hydra.c
|
|
@ -493,7 +493,6 @@ void help(int32_t ext) {
|
|||
#ifdef HAVE_MATH_H
|
||||
" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n"
|
||||
" -y disable use of symbols in bruteforce, see above\n"
|
||||
" -r rainy mode for password generation (-x)\n"
|
||||
#endif
|
||||
" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n"
|
||||
" -u loop around users, not passwords (effective! implied with -x)\n");
|
||||
|
|
@ -556,6 +555,7 @@ void help_bfg() {
|
|||
" 'A' for uppercase letters, '1' for numbers, and for all others,\n"
|
||||
" just add their real representation.\n"
|
||||
" -y disable the use of the above letters as placeholders\n\n"
|
||||
" -r use 'rain' to explode the linearity of the generation.
|
||||
"Examples:\n"
|
||||
" -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n"
|
||||
" -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n"
|
||||
|
|
@ -3053,7 +3053,6 @@ int main(int argc, char *argv[]) {
|
|||
printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP"));
|
||||
use_proxy = 1;
|
||||
}
|
||||
|
||||
if (strstr(hydra_options.miscptr, "\\:") != NULL) {
|
||||
fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n");
|
||||
} else {
|
||||
|
|
@ -3075,7 +3074,7 @@ int main(int argc, char *argv[]) {
|
|||
fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1);
|
||||
exit(-1);
|
||||
}
|
||||
switch (optional1[0]) {
|
||||
switch (optional1[0]){
|
||||
case 'C': // fall through
|
||||
case 'c':
|
||||
if (optional1[1] != '=' || optional1[2] != '/') {
|
||||
|
|
@ -3204,7 +3203,7 @@ int main(int argc, char *argv[]) {
|
|||
hydra_strcasestr(hydra_options.server, ".gmail.") != NULL ||
|
||||
hydra_strcasestr(hydra_options.server, "googlemail.") != NULL
|
||||
)) {
|
||||
fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?! If you really need to bruteforce gmail, connect to pop3s://smtp.gmail.com\n");
|
||||
fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?!\n");
|
||||
fprintf(stderr, "[WARNING] !read the above!\n");
|
||||
sleep(5);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue