mirror of
https://github.com/vanhauser-thc/thc-hydra.git
synced 2025-07-16 10:03:09 -07:00
Add new option to disable placeholders.
With -y the use of -x ?:?:aA1 has changed to "use a, A and 1", instead of "use all lowercase, uppercase letters and all numbers".
This commit is contained in:
parent
2e8c21a9ca
commit
712defcb40
3 changed files with 92 additions and 74 deletions
53
bfg.c
53
bfg.c
|
@ -14,6 +14,31 @@ bf_option bf_options;
|
||||||
|
|
||||||
extern int debug;
|
extern int debug;
|
||||||
|
|
||||||
|
static int add_single_char(char ch, char flags, int* crs_len) {
|
||||||
|
if ((ch >= '2' && ch <= '9') || ch == '0') {
|
||||||
|
if ((flags & BF_NUMS) > 0) {
|
||||||
|
printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", ch);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", ch);
|
||||||
|
}
|
||||||
|
if (tolower((int) ch) >= 'b' && tolower((int) ch) <= 'z') {
|
||||||
|
if ((ch <= 'Z' && (flags & BF_UPPER) > 0) || (ch > 'Z' && (flags & BF_UPPER) > 0)) {
|
||||||
|
printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", ch, ch <= 'Z' ? 'A' : 'a');
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
printf("[WARNING] adding character %c for -x, note that '%c' will add all %scase letters\n", ch, ch <= 'Z' ? 'A' : 'a', ch <= 'Z' ? "up" : "low");
|
||||||
|
}
|
||||||
|
(*crs_len)++;
|
||||||
|
if (BF_CHARSMAX - *crs_len < 1) {
|
||||||
|
free(bf_options.crs);
|
||||||
|
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
|
||||||
|
return 1;
|
||||||
|
} else {
|
||||||
|
bf_options.crs[*crs_len - 1] = ch;
|
||||||
|
bf_options.crs[*crs_len] = '\0';
|
||||||
|
}
|
||||||
|
}
|
||||||
// return values : 0 on success, 1 on error
|
// return values : 0 on success, 1 on error
|
||||||
//
|
//
|
||||||
// note that we check for -x .:.:ab but not for -x .:.:ba
|
// note that we check for -x .:.:ab but not for -x .:.:ba
|
||||||
|
@ -69,6 +94,10 @@ int bf_init(char *arg) {
|
||||||
bf_options.crs[0] = 0;
|
bf_options.crs[0] = 0;
|
||||||
|
|
||||||
for (; tmp[i]; i++) {
|
for (; tmp[i]; i++) {
|
||||||
|
if (bf_options.disable_symbols) {
|
||||||
|
if (add_single_char(tmp[i], flags, &crs_len) == -1)
|
||||||
|
return 1;
|
||||||
|
} else {
|
||||||
switch (tmp[i]) {
|
switch (tmp[i]) {
|
||||||
case 'a':
|
case 'a':
|
||||||
crs_len += 26;
|
crs_len += 26;
|
||||||
|
@ -119,32 +148,12 @@ int bf_init(char *arg) {
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
if ((tmp[i] >= '2' && tmp[i] <= '9') || tmp[i] == '0') {
|
if (add_single_char(tmp[i], flags, &crs_len) == -1)
|
||||||
if ((flags & BF_NUMS) > 0) {
|
|
||||||
printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", tmp[i]);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", tmp[i]);
|
|
||||||
}
|
|
||||||
if (tolower((int) tmp[i]) >= 'b' && tolower((int) tmp[i]) <= 'z') {
|
|
||||||
if ((tmp[i] <= 'Z' && (flags & BF_UPPER) > 0) || (tmp[i] > 'Z' && (flags & BF_UPPER) > 0)) {
|
|
||||||
printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a');
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
printf("[WARNING] adding character %c for -x, note that '%c' will add all %scase letters\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a', tmp[i] <= 'Z' ? "up" : "low");
|
|
||||||
}
|
|
||||||
crs_len++;
|
|
||||||
if (BF_CHARSMAX - crs_len < 1) {
|
|
||||||
free(bf_options.crs);
|
|
||||||
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
|
|
||||||
return 1;
|
return 1;
|
||||||
} else {
|
|
||||||
bf_options.crs[crs_len - 1] = tmp[i];
|
|
||||||
bf_options.crs[crs_len] = '\0';
|
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
bf_options.crs_len = crs_len;
|
bf_options.crs_len = crs_len;
|
||||||
bf_options.current = bf_options.from;
|
bf_options.current = bf_options.from;
|
||||||
|
|
1
bfg.h
1
bfg.h
|
@ -40,6 +40,7 @@ typedef struct {
|
||||||
char *arg; /* argument received for bfg commandline option */
|
char *arg; /* argument received for bfg commandline option */
|
||||||
char *crs; /* internal representation of charset */
|
char *crs; /* internal representation of charset */
|
||||||
char *ptr; /* ptr to the last generated password */
|
char *ptr; /* ptr to the last generated password */
|
||||||
|
unsigned int disable_symbols;
|
||||||
} bf_option;
|
} bf_option;
|
||||||
|
|
||||||
extern bf_option bf_options;
|
extern bf_option bf_options;
|
||||||
|
|
16
hydra.c
16
hydra.c
|
@ -336,8 +336,10 @@ void help(int ext) {
|
||||||
printf(" -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n");
|
printf(" -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n");
|
||||||
printf(" -p PASS or -P FILE try password PASS, or load several passwords from FILE\n");
|
printf(" -p PASS or -P FILE try password PASS, or load several passwords from FILE\n");
|
||||||
#ifdef HAVE_MATH_H
|
#ifdef HAVE_MATH_H
|
||||||
if (ext)
|
if (ext) {
|
||||||
printf(" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n");
|
printf(" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n");
|
||||||
|
printf(" -y disable use of symbols in bruteforce, see above\n");
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
if (ext)
|
if (ext)
|
||||||
printf(" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n");
|
printf(" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n");
|
||||||
|
@ -400,11 +402,13 @@ void help_bfg() {
|
||||||
" CHARSET is a specification of the characters to use in the generation\n"
|
" CHARSET is a specification of the characters to use in the generation\n"
|
||||||
" valid CHARSET values are: 'a' for lowercase letters,\n"
|
" valid CHARSET values are: 'a' for lowercase letters,\n"
|
||||||
" 'A' for uppercase letters, '1' for numbers, and for all others,\n"
|
" 'A' for uppercase letters, '1' for numbers, and for all others,\n"
|
||||||
" just add their real representation.\n\n"
|
" just add their real representation.\n"
|
||||||
|
" -y disable the use if the above letters as placeholders\n\n"
|
||||||
"Examples:\n"
|
"Examples:\n"
|
||||||
" -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n"
|
" -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n"
|
||||||
" -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n"
|
" -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n"
|
||||||
" -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n");
|
" -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n"
|
||||||
|
" -x 3:5:aA1 -y generate passwords from length 3 to 5 with a, A and 1 only\n");
|
||||||
printf("\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n");
|
printf("\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n");
|
||||||
exit(-1);
|
exit(-1);
|
||||||
}
|
}
|
||||||
|
@ -2306,13 +2310,14 @@ int main(int argc, char *argv[]) {
|
||||||
hydra_brains.ofp = stdout;
|
hydra_brains.ofp = stdout;
|
||||||
hydra_brains.targets = 1;
|
hydra_brains.targets = 1;
|
||||||
hydra_options.waittime = waittime = WAITTIME;
|
hydra_options.waittime = waittime = WAITTIME;
|
||||||
|
bf_options.disable_symbols = 0;
|
||||||
|
|
||||||
// command line processing
|
// command line processing
|
||||||
if (argc > 1 && strncmp(argv[1], "-h", 2) == 0)
|
if (argc > 1 && strncmp(argv[1], "-h", 2) == 0)
|
||||||
help(1);
|
help(1);
|
||||||
if (argc < 2)
|
if (argc < 2)
|
||||||
help(0);
|
help(0);
|
||||||
while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:OP:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) {
|
while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:OP:o:M:C:t:T:m:w:W:s:SUux:y")) >= 0) {
|
||||||
switch (i) {
|
switch (i) {
|
||||||
case 'h':
|
case 'h':
|
||||||
help(1);
|
help(1);
|
||||||
|
@ -2447,6 +2452,9 @@ int main(int argc, char *argv[]) {
|
||||||
hydra_options.loop_mode = 1;
|
hydra_options.loop_mode = 1;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
case 'y':
|
||||||
|
bf_options.disable_symbols = 1;
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
exit(-1);
|
exit(-1);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue