github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-05 20:41:39 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixed http-post

Browse source
This commit is contained in:
owein 2019-10-21 20:11:38 +02:00
parent ab4aa36fd0
commit 6dfd77a37d
4 changed files with 20 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

16
bfg.c
View file

@ -192,12 +192,12 @@ uint64_t bf_get_pcount() {
int accu(int value) int accu(int value)
{ {
int sum = 0; int i = 0;
for(int i=1; i<=value; ++i) for(int a=1; a<=value; ++a)
{ {
sum+=i; i+=a;
} }
return sum; return i;
} }
char *bf_next(_Bool rainy) { char *bf_next(_Bool rainy) {
@ -210,7 +210,7 @@ char *bf_next(_Bool rainy) {
fprintf(stderr, "Error: Can not allocate memory for -x data!\n"); fprintf(stderr, "Error: Can not allocate memory for -x data!\n");
return NULL; return NULL;
} }
if(rainy) if(rainy)
{ {
for (i = 0; i < bf_options.current; i++){ for (i = 0; i < bf_options.current; i++){
@ -223,12 +223,10 @@ char *bf_next(_Bool rainy) {
bf_options.rain-=accu(bf_options.current)-4; bf_options.rain-=accu(bf_options.current)-4;
else if(bf_options.crs_len%2) else if(bf_options.crs_len%2)
bf_options.rain-=accu(bf_options.current)-1; bf_options.rain-=accu(bf_options.current)-1;
} }
else else
for (i = 0; i < bf_options.current; i++) for (i = 0; i < bf_options.current; i++)
bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; bf_options.ptr[i] = bf_options.crs[bf_options.state[i]];
bf_options.ptr[bf_options.current] = 0; bf_options.ptr[bf_options.current] = 0;
if (debug) { if (debug) {

2
bfg.h
View file

@ -41,7 +41,7 @@ typedef struct {
char *crs; /* internal representation of charset */ char *crs; /* internal representation of charset */
char *ptr; /* ptr to the last generated password */ char *ptr; /* ptr to the last generated password */
uint32_t disable_symbols; uint32_t disable_symbols;
unsigned long rain; uint64_t rain; /* accumulator for the rain */
} bf_option; } bf_option;
extern bf_option bf_options; extern bf_option bf_options;

31
hydra-http-form.c
View file

@ -1250,26 +1250,13 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
webport = PORT_HTTP_SSL; webport = PORT_HTTP_SSL;
sprintf(bufferurl, "%.6096s", miscptr); sprintf(bufferurl, "%.6096s", miscptr);
url = bufferurl; ptr = bufferurl;
ptr = url; url = strtok(ptr, ":");
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) variables = strtok(NULL, ":");
ptr++; cond = strtok(NULL, ":");
if (*ptr != 0) optional1 = strtok(NULL, "\n");
*ptr++ = 0; if(optional1 == NULL) optional1 = "";//will crash if NULL or 0, so set "" (don't know the difference...)
variables = ptr;
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
ptr++;
if (*ptr != 0)
*ptr++ = 0;
cond = ptr;
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
ptr++;
if (*ptr != 0)
*ptr++ = 0;
optional1 = ptr;
if (strstr(url, "\\:") != NULL) { if (strstr(url, "\\:") != NULL) {
if ((ptr = malloc(strlen(url))) != NULL) { if ((ptr = malloc(strlen(url))) != NULL) {
strcpy(ptr, hydra_strrep(url, "\\:", ":")); strcpy(ptr, hydra_strrep(url, "\\:", ":"));
@ -1309,9 +1296,9 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
//by default condition is a fail //by default condition is a fail
success_cond = 0; success_cond = 0;
} }
printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); fprintf(stderr, "miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond);
/* /*
* Parse the user-supplied options. * Parse the user-supplied options.
* Beware of the backslashes (\)! * Beware of the backslashes (\)!

7
hydra.c
View file

@ -493,7 +493,6 @@ void help(int32_t ext) {
#ifdef HAVE_MATH_H #ifdef HAVE_MATH_H
" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n"
" -y disable use of symbols in bruteforce, see above\n" " -y disable use of symbols in bruteforce, see above\n"
" -r rainy mode for password generation (-x)\n"
#endif #endif
" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n"
" -u loop around users, not passwords (effective! implied with -x)\n"); " -u loop around users, not passwords (effective! implied with -x)\n");
@ -556,6 +555,7 @@ void help_bfg() {
" 'A' for uppercase letters, '1' for numbers, and for all others,\n" " 'A' for uppercase letters, '1' for numbers, and for all others,\n"
" just add their real representation.\n" " just add their real representation.\n"
" -y disable the use of the above letters as placeholders\n\n" " -y disable the use of the above letters as placeholders\n\n"
" -r use 'rain' to explode the linearity of the generation.
"Examples:\n" "Examples:\n"
" -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n"
" -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n"
@ -3053,7 +3053,6 @@ int main(int argc, char *argv[]) {
printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP"));
use_proxy = 1; use_proxy = 1;
} }
if (strstr(hydra_options.miscptr, "\\:") != NULL) { if (strstr(hydra_options.miscptr, "\\:") != NULL) {
fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n"); fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n");
} else { } else {
@ -3075,7 +3074,7 @@ int main(int argc, char *argv[]) {
fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1);
exit(-1); exit(-1);
} }
switch (optional1[0]) { switch (optional1[0]){
case 'C': // fall through case 'C': // fall through
case 'c': case 'c':
if (optional1[1] != '=' || optional1[2] != '/') { if (optional1[1] != '=' || optional1[2] != '/') {
@ -3204,7 +3203,7 @@ int main(int argc, char *argv[]) {
hydra_strcasestr(hydra_options.server, ".gmail.") != NULL || hydra_strcasestr(hydra_options.server, ".gmail.") != NULL ||
hydra_strcasestr(hydra_options.server, "googlemail.") != NULL hydra_strcasestr(hydra_options.server, "googlemail.") != NULL
)) { )) {
fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?! If you really need to bruteforce gmail, connect to pop3s://smtp.gmail.com\n"); fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?!\n");
fprintf(stderr, "[WARNING] !read the above!\n"); fprintf(stderr, "[WARNING] !read the above!\n");
sleep(5); sleep(5);
} }