github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-05 04:26:10 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

code indent

Browse source
This commit is contained in:
van Hauser 2020-02-01 11:47:13 +01:00
parent 531ee7734b
commit 720bdb3f96
83 changed files with 6377 additions and 6240 deletions
Download patch file Download diff file Expand all files Collapse all files

117
.clang-format Normal file
View file

@ -0,0 +1,117 @@
---
Language: Cpp
AccessModifierOffset: -2
AlignAfterOpenBracket: Align
AlignConsecutiveAssignments: false
AlignConsecutiveDeclarations: false
AlignEscapedNewlines: Right
AlignOperands: true
AlignTrailingComments: true
AllowAllParametersOfDeclarationOnNextLine: true
AllowShortBlocksOnASingleLine: false
AllowShortCaseLabelsOnASingleLine: false
AllowShortFunctionsOnASingleLine: All
AllowShortIfStatementsOnASingleLine: false
AllowShortLoopsOnASingleLine: false
AlwaysBreakAfterDefinitionReturnType: None
AlwaysBreakAfterReturnType: None
AlwaysBreakBeforeMultilineStrings: false
AlwaysBreakTemplateDeclarations: false
BinPackArguments: true
BinPackParameters: true
BraceWrapping:
AfterClass: false
AfterControlStatement: false
AfterEnum: false
AfterFunction: false
AfterNamespace: false
AfterObjCDeclaration: false
AfterStruct: false
AfterUnion: false
AfterExternBlock: false
BeforeCatch: false
BeforeElse: false
IndentBraces: false
SplitEmptyFunction: true
SplitEmptyRecord: true
SplitEmptyNamespace: true
BreakBeforeBinaryOperators: None
BreakBeforeBraces: Attach
BreakBeforeInheritanceComma: false
BreakInheritanceList: BeforeColon
BreakBeforeTernaryOperators: true
BreakConstructorInitializersBeforeComma: false
BreakConstructorInitializers: BeforeColon
BreakAfterJavaFieldAnnotations: false
BreakStringLiterals: true
ColumnLimit: 512
CommentPragmas: '^ IWYU pragma:'
CompactNamespaces: true
ConstructorInitializerAllOnOneLineOrOnePerLine: false
ConstructorInitializerIndentWidth: 4
ContinuationIndentWidth: 4
Cpp11BracedListStyle: true
DerivePointerAlignment: false
DisableFormat: false
ExperimentalAutoDetectBinPacking: false
FixNamespaceComments: true
ForEachMacros:
- foreach
- Q_FOREACH
- BOOST_FOREACH
IncludeBlocks: Preserve
IncludeCategories:
- Regex: '^"(llvm|llvm-c|clang|clang-c)/'
Priority: 2
- Regex: '^(<|"(gtest|gmock|isl|json)/)'
Priority: 3
- Regex: '.*'
Priority: 1
IncludeIsMainRegex: '(Test)?$'
IndentCaseLabels: false
IndentPPDirectives: None
IndentWidth: 2
IndentWrappedFunctionNames: false
JavaScriptQuotes: Leave
JavaScriptWrapImports: true
KeepEmptyLinesAtTheStartOfBlocks: false
MacroBlockBegin: ''
MacroBlockEnd: ''
MaxEmptyLinesToKeep: 1
NamespaceIndentation: None
ObjCBinPackProtocolList: Auto
ObjCBlockIndentWidth: 2
ObjCSpaceAfterProperty: false
ObjCSpaceBeforeProtocolList: true
PenaltyBreakAssignment: 2
PenaltyBreakBeforeFirstCallParameter: 19
PenaltyBreakComment: 300
PenaltyBreakFirstLessLess: 120
PenaltyBreakString: 1000
PenaltyBreakTemplateDeclaration: 10
PenaltyExcessCharacter: 1000000
PenaltyReturnTypeOnItsOwnLine: 60
PointerAlignment: Right
ReflowComments: true
SortIncludes: true
SortUsingDeclarations: true
SpaceAfterCStyleCast: false
SpaceAfterTemplateKeyword: true
SpaceBeforeAssignmentOperators: true
SpaceBeforeCpp11BracedList: false
SpaceBeforeCtorInitializerColon: true
SpaceBeforeInheritanceColon: true
SpaceBeforeParens: ControlStatements
SpaceBeforeRangeBasedForLoopColon: true
SpaceInEmptyParentheses: false
SpacesBeforeTrailingComments: 1
SpacesInAngles: false
SpacesInContainerLiterals: true
SpacesInCStyleCastParentheses: false
SpacesInParentheses: false
SpacesInSquareBrackets: false
Standard: Cpp11
TabWidth: 2
UseTab: Never
...

1
CHANGES
View file

@ -9,6 +9,7 @@ Release 9.1-dev
* added -K command line switch to disable redo attempts (good for mass scanning)
* forgot to have the -m option in the hydra help output
* gcc-10 support and various cleanups by Jeroen Roovers, thanks!
* added .clang-format and formatted all code
Release 9.0

85
bfg.c
View file

@ -1,17 +1,18 @@
/* code original by Jan Dlabal <dlabaljan@gmail.com>, partially rewritten by vh */
/* code original by Jan Dlabal <dlabaljan@gmail.com>, partially rewritten by vh
*/
#include <ctype.h>
#include <math.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <math.h>
#include <ctype.h>
#ifdef __sun
#include <sys/int_types.h>
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#include <inttypes.h>
#else
#include <stdint.h>
#include <stdint.h>
#endif
#include "bfg.h"
@ -21,20 +22,26 @@ bf_option bf_options;
extern int32_t debug;
static int32_t add_single_char(char ch, char flags, int32_t* crs_len) {
static int32_t add_single_char(char ch, char flags, int32_t *crs_len) {
if ((ch >= '2' && ch <= '9') || ch == '0') {
if ((flags & BF_NUMS) > 0) {
printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", ch);
printf("[ERROR] character %c defined in -x although the whole number "
"range was already defined by '1', ignored\n",
ch);
return 0;
}
//printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", ch);
// printf("[WARNING] adding character %c for -x, note that '1' will add all
// numbers from 0-9\n", ch);
}
if (tolower((int32_t) ch) >= 'b' && tolower((int32_t) ch) <= 'z') {
if (tolower((int32_t)ch) >= 'b' && tolower((int32_t)ch) <= 'z') {
if ((ch <= 'Z' && (flags & BF_UPPER) > 0) || (ch > 'Z' && (flags & BF_UPPER) > 0)) {
printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", ch, ch <= 'Z' ? 'A' : 'a');
printf("[ERROR] character %c defined in -x although the whole letter "
"range was already defined by '%c', ignored\n",
ch, ch <= 'Z' ? 'A' : 'a');
return 0;
}
//printf("[WARNING] adding character %c for -x, note that '%c' will add all %scase letters\n", ch, ch <= 'Z' ? 'A' : 'a', ch <= 'Z' ? "up" : "low");
// printf("[WARNING] adding character %c for -x, note that '%c' will add all
// %scase letters\n", ch, ch <= 'Z' ? 'A' : 'a', ch <= 'Z' ? "up" : "low");
}
(*crs_len)++;
if (BF_CHARSMAX - *crs_len < 1) {
@ -66,7 +73,8 @@ int32_t bf_init(char *arg) {
}
bf_options.from = atoi(arg);
if (bf_options.from < 1 || bf_options.from > 127) {
fprintf(stderr, "Error: minimum length must be between 1 and 127, format: -x min:max:types\n");
fprintf(stderr, "Error: minimum length must be between 1 and 127, format: "
"-x min:max:types\n");
return 1;
}
arg = tmp + 1;
@ -86,7 +94,8 @@ int32_t bf_init(char *arg) {
tmp++;
if (bf_options.from > bf_options.to) {
fprintf(stderr, "Error: you specified a minimum length higher than the maximum length!\n");
fprintf(stderr, "Error: you specified a minimum length higher than the "
"maximum length!\n");
return 1;
}
@ -166,23 +175,23 @@ int32_t bf_init(char *arg) {
bf_options.crs_len = crs_len;
bf_options.current = bf_options.from;
memset((char *) bf_options.state, 0, sizeof(bf_options.state));
memset((char *)bf_options.state, 0, sizeof(bf_options.state));
if (debug)
printf("[DEBUG] bfg INIT: from %u, to %u, len: %u, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs);
return 0;
}
uint64_t bf_get_pcount() {
int32_t i;
double count = 0;
uint64_t foo;
for (i = bf_options.from; i <= bf_options.to; i++)
count += (pow((double) bf_options.crs_len, (double) i));
count += (pow((double)bf_options.crs_len, (double)i));
if (count >= 0xffffffff) {
fprintf(stderr, "\n[ERROR] definition for password bruteforce (-x) generates more than 4 billion passwords\n");
fprintf(stderr, "\n[ERROR] definition for password bruteforce (-x) "
"generates more than 4 billion passwords\n");
exit(-1);
}
@ -190,12 +199,10 @@ uint64_t bf_get_pcount() {
return foo;
}
int accu(int value)
{
int accu(int value) {
int i = 0, a;
for (a=1; a<=value; ++a)
{
i+=a;
for (a = 1; a <= value; ++a) {
i += a;
}
return i;
}
@ -204,29 +211,27 @@ char *bf_next(_Bool rainy) {
int32_t i, pos = bf_options.current - 1;
if (bf_options.current > bf_options.to)
return NULL; // we are done
return NULL; // we are done
if ((bf_options.ptr = malloc(BF_CHARSMAX)) == NULL) {
fprintf(stderr, "Error: Can not allocate memory for -x data!\n");
return NULL;
}
if(rainy)
{
for (i = 0; i < bf_options.current; i++){
bf_options.ptr[i] = bf_options.crs[(bf_options.state[i]+bf_options.rain)%bf_options.crs_len];
bf_options.rain += i+1;
}
if(bf_options.crs_len%10 == 0)
bf_options.rain-=accu(bf_options.current)-2;
else if(bf_options.crs_len%2 == 0)
bf_options.rain-=accu(bf_options.current)-4;
else if(bf_options.crs_len%2)
bf_options.rain-=accu(bf_options.current)-1;
}
else
if (rainy) {
for (i = 0; i < bf_options.current; i++) {
bf_options.ptr[i] = bf_options.crs[(bf_options.state[i] + bf_options.rain) % bf_options.crs_len];
bf_options.rain += i + 1;
}
if (bf_options.crs_len % 10 == 0)
bf_options.rain -= accu(bf_options.current) - 2;
else if (bf_options.crs_len % 2 == 0)
bf_options.rain -= accu(bf_options.current) - 4;
else if (bf_options.crs_len % 2)
bf_options.rain -= accu(bf_options.current) - 1;
} else
for (i = 0; i < bf_options.current; i++)
bf_options.ptr[i] = bf_options.crs[bf_options.state[i]];
bf_options.ptr[i] = bf_options.crs[bf_options.state[i]];
bf_options.ptr[bf_options.current] = 0;
if (debug) {
@ -243,7 +248,7 @@ char *bf_next(_Bool rainy) {
if (pos < 0) {
bf_options.current++;
memset((char *) bf_options.state, 0, sizeof(bf_options.state));
memset((char *)bf_options.state, 0, sizeof(bf_options.state));
}
return bf_options.ptr;

16
bfg.h
View file

@ -24,7 +24,9 @@
#define BF_WEBSITE "http://houbysoft.com/bfg/"
#define BF_BUFLEN 1024
#define BF_CHARSMAX 256 /* how many max possibilities there are for characters, normally it's 2^8 = 256 */
#define BF_CHARSMAX \
256 /* how many max possibilities there are for characters, normally it's \
2^8 = 256 */
#define BF_LOWER 1
#define BF_UPPER 2
@ -35,13 +37,13 @@ typedef struct {
unsigned char to;
unsigned char current;
unsigned char state[BF_CHARSMAX]; /* which position has which character */
unsigned char pos; /* where in current string length is the position */
unsigned char crs_len; /* length of selected charset */
char *arg; /* argument received for bfg commandline option */
char *crs; /* internal representation of charset */
char *ptr; /* ptr to the last generated password */
unsigned char pos; /* where in current string length is the position */
unsigned char crs_len; /* length of selected charset */
char *arg; /* argument received for bfg commandline option */
char *crs; /* internal representation of charset */
char *ptr; /* ptr to the last generated password */
uint32_t disable_symbols;
uint64_t rain; /* accumulator for the rain */
uint64_t rain; /* accumulator for the rain */
} bf_option;
extern bf_option bf_options;

138
crc32.c
View file

@ -1,99 +1,61 @@
/*-
* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or
* code or tables extracted from it, as desired without restriction.
*
* First, the polynomial itself and its table of feedback terms. The
* polynomial is
* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0
*
* Note that we take it "backwards" and put the highest-order term in
* the lowest-order bit. The X^32 term is "implied"; the LSB is the
* X^31 term, etc. The X^0 term (usually shown as "+1") results in
* the MSB being 1
*
* Note that the usual hardware shift register implementation, which
* is what we're using (we're merely optimizing it by doing eight-bit
* chunks at a time) shifts bits into the lowest-order term. In our
* implementation, that means shifting towards the right. Why do we
* do it this way? Because the calculated CRC must be transmitted in
* order from highest-order term to lowest-order term. UARTs transmit
* characters in order from LSB to MSB. By storing the CRC this way
* we hand it to the UART in the order low-byte to high-byte; the UART
* sends each low-bit to hight-bit; and the result is transmission bit
* by bit from highest- to lowest-order term without requiring any bit
* shuffling on our part. Reception works similarly
*
* The feedback terms table consists of 256, 32-bit entries. Notes
*
* The table can be generated at runtime if desired; code to do so
* is shown later. It might not be obvious, but the feedback
* terms simply represent the results of eight shift/xor opera
* tions for all combinations of data and CRC register values
*
* The values must be right-shifted by eight bits by the "updcrc
* logic; the shift must be unsigned (bring in zeroes). On some
* hardware you could probably optimize the shift in assembler by
* using byte-swap instructions
* polynomial $edb88320
*
*
* CRC32 code derived from work by Gary S. Brown.
*/
* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or
* code or tables extracted from it, as desired without restriction.
*
* First, the polynomial itself and its table of feedback terms. The
* polynomial is
* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0
*
* Note that we take it "backwards" and put the highest-order term in
* the lowest-order bit. The X^32 term is "implied"; the LSB is the
* X^31 term, etc. The X^0 term (usually shown as "+1") results in
* the MSB being 1
*
* Note that the usual hardware shift register implementation, which
* is what we're using (we're merely optimizing it by doing eight-bit
* chunks at a time) shifts bits into the lowest-order term. In our
* implementation, that means shifting towards the right. Why do we
* do it this way? Because the calculated CRC must be transmitted in
* order from highest-order term to lowest-order term. UARTs transmit
* characters in order from LSB to MSB. By storing the CRC this way
* we hand it to the UART in the order low-byte to high-byte; the UART
* sends each low-bit to hight-bit; and the result is transmission bit
* by bit from highest- to lowest-order term without requiring any bit
* shuffling on our part. Reception works similarly
*
* The feedback terms table consists of 256, 32-bit entries. Notes
*
* The table can be generated at runtime if desired; code to do so
* is shown later. It might not be obvious, but the feedback
* terms simply represent the results of eight shift/xor opera
* tions for all combinations of data and CRC register values
*
* The values must be right-shifted by eight bits by the "updcrc
* logic; the shift must be unsigned (bring in zeroes). On some
* hardware you could probably optimize the shift in assembler by
* using byte-swap instructions
* polynomial $edb88320
*
*
* CRC32 code derived from work by Gary S. Brown.
*/
#include <sys/types.h>
#ifdef __sun
#include <sys/int_types.h>
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#include <inttypes.h>
#else
#include <stdint.h>
#include <stdint.h>
#endif
uint32_t crc32_tab[] = {
0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
};
uint32_t crc32_tab[] = {0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 0x3c03e4d1,
0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934,
0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5, 0xaa0a4c5f,
0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe,
0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe,
0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d};
#ifndef HAVE_ZLIB

227
d3des.c
View file

@ -37,53 +37,32 @@ static void unscrun(unsigned long *, unsigned char *);
static void desfunc(unsigned long *, unsigned long *);
static void cookey(unsigned long *);
static unsigned long KnL[32] = { 0L };
static unsigned long KnL[32] = {0L};
/* not needed ...
static unsigned long KnR[32] = { 0L };
static unsigned long Kn3[32] = { 0L };
static unsigned char Df_Key[24] = {
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 };
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 };
*/
static unsigned short bytebit[8] = {
01, 02, 04, 010, 020, 040, 0100, 0200
};
static unsigned short bytebit[8] = {01, 02, 04, 010, 020, 040, 0100, 0200};
static unsigned long bigbyte[24] = {
0x800000L, 0x400000L, 0x200000L, 0x100000L,
0x80000L, 0x40000L, 0x20000L, 0x10000L,
0x8000L, 0x4000L, 0x2000L, 0x1000L,
0x800L, 0x400L, 0x200L, 0x100L,
0x80L, 0x40L, 0x20L, 0x10L,
0x8L, 0x4L, 0x2L, 0x1L
};
static unsigned long bigbyte[24] = {0x800000L, 0x400000L, 0x200000L, 0x100000L, 0x80000L, 0x40000L, 0x20000L, 0x10000L, 0x8000L, 0x4000L, 0x2000L, 0x1000L, 0x800L, 0x400L, 0x200L, 0x100L, 0x80L, 0x40L, 0x20L, 0x10L, 0x8L, 0x4L, 0x2L, 0x1L};
/* Use the key schedule specified in the Standard (ANSI X3.92-1981). */
static unsigned char pc1[56] = {
56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17,
9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35,
62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21,
13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3
};
static unsigned char pc1[56] = {56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3};
static unsigned char totrot[16] = {
1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28
};
static unsigned char totrot[16] = {1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28};
static unsigned char pc2[48] = {
13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9,
22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1,
40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47,
43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31
};
static unsigned char pc2[48] = {13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31};
void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */
unsigned char *key;
int32_t edf;
void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */
unsigned char *key;
int32_t edf;
{
register int32_t i, j, l, m, n;
unsigned char pc1m[56], pcr[56];
@ -126,8 +105,7 @@ void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */
return;
}
static void cookey(raw1)
register unsigned long *raw1;
static void cookey(raw1) register unsigned long *raw1;
{
register unsigned long *cook, *raw0;
unsigned long dough[32];
@ -149,8 +127,7 @@ static void cookey(raw1)
return;
}
void cpkey(into)
register unsigned long *into;
void cpkey(into) register unsigned long *into;
{
register unsigned long *from, *endp;
@ -160,8 +137,7 @@ void cpkey(into)
return;
}
void usekey(from)
register unsigned long *from;
void usekey(from) register unsigned long *from;
{
register unsigned long *to, *endp;
@ -180,9 +156,8 @@ void des(unsigned char *inblock, unsigned char *outblock) {
return;
}
static void scrunch(outof, into)
register unsigned char *outof;
register unsigned long *into;
static void scrunch(outof, into) register unsigned char *outof;
register unsigned long *into;
{
*into = (*outof++ & 0xffL) << 24;
*into |= (*outof++ & 0xffL) << 16;
@ -195,9 +170,8 @@ static void scrunch(outof, into)
return;
}
static void unscrun(outof, into)
register unsigned long *outof;
register unsigned char *into;
static void unscrun(outof, into) register unsigned long *outof;
register unsigned char *into;
{
*into++ = (*outof >> 24) & 0xffL;
*into++ = (*outof >> 16) & 0xffL;
@ -210,160 +184,31 @@ static void unscrun(outof, into)
return;
}
static unsigned long SP1[64] = {
0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L,
0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L,
0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L,
0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L,
0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L,
0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L,
0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L,
0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L,
0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L,
0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L,
0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L,
0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L,
0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L,
0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L,
0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L,
0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L
};
static unsigned long SP1[64] = {0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L,
0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L};
static unsigned long SP2[64] = {
0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L,
0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L,
0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L,
0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L,
0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L,
0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L,
0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L,
0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L,
0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L,
0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L,
0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L,
0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L,
0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L,
0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L,
0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L,
0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L
};
static unsigned long SP2[64] = {0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L,
0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L};
static unsigned long SP3[64] = {
0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L,
0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L,
0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L,
0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L,
0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L,
0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L,
0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L,
0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L,
0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L,
0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L,
0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L,
0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L,
0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L,
0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L,
0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L,
0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L
};
static unsigned long SP3[64] = {0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L,
0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L};
static unsigned long SP4[64] = {
0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L,
0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L,
0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L,
0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L,
0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L,
0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L,
0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L,
0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L,
0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L,
0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L,
0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L,
0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L,
0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L,
0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L
};
static unsigned long SP4[64] = {0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L,
0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L};
static unsigned long SP5[64] = {
0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L,
0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L,
0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L,
0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L,
0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L,
0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L,
0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L,
0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L,
0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L,
0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L,
0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L,
0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L,
0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L,
0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L,
0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L,
0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L
};
static unsigned long SP5[64] = {0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L,
0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L};
static unsigned long SP6[64] = {
0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L,
0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L,
0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L,
0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L,
0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L,
0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L,
0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L,
0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L,
0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L,
0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L,
0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L,
0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L,
0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L,
0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L,
0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L,
0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L
};
static unsigned long SP6[64] = {0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L,
0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L};
static unsigned long SP7[64] = {
0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L,
0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L,
0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L,
0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L,
0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L,
0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L,
0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L,
0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L,
0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L,
0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L,
0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L,
0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L,
0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L,
0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L,
0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L,
0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L
};
static unsigned long SP7[64] = {0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L,
0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L};
static unsigned long SP8[64] = {
0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L,
0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L,
0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L,
0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L,
0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L,
0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L,
0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L,
0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L,
0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L,
0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L,
0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L,
0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L,
0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L,
0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L,
0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L,
0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L
};
static unsigned long SP8[64] = {0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L,
0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L};
static void desfunc(block, keys)
register unsigned long *block, *keys;
static void desfunc(block, keys) register unsigned long *block, *keys;
{
register unsigned long fval, work, right, leftt;
register int32_t round;

10
d3des.h
View file

@ -1,9 +1,9 @@
#ifdef __sun
#include <sys/int_types.h>
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#include <inttypes.h>
#else
#include <stdint.h>
#include <stdint.h>
#endif
/*
@ -27,8 +27,8 @@
* (GEnie : OUTER; CIS : [71755,204])
*/
#define EN0 0 /* MODE == encrypt */
#define DE1 1 /* MODE == decrypt */
#define EN0 0 /* MODE == encrypt */
#define DE1 1 /* MODE == decrypt */
extern void deskey(unsigned char *, int32_t);

25
hmacmd5.c
View file

@ -1,24 +1,24 @@
/*
/*
Unix SMB/CIFS implementation.
HMAC MD5 code for use in NTLMv2
Copyright (C) Luke Kenneth Casson Leighton 1996-2000
Copyright (C) Andrew Tridgell 1992-2000
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc.
Free Software Foundation
51 Franklin Street, Fifth Floor
Boston, MA 02110-1335
@ -34,8 +34,8 @@
*/
#ifdef LIBOPENSSL
#include <string.h>
#include "hmacmd5.h"
#include <string.h>
#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
@ -43,7 +43,7 @@
the rfc 2104 version of hmac_md5 initialisation.
***********************************************************************/
void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context * ctx) {
void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx) {
int32_t i;
unsigned char tk[16];
@ -52,7 +52,7 @@ void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Con
MD5_CTX tctx;
MD5_Init(&tctx);
MD5_Update(&tctx, (void *) key, key_len);
MD5_Update(&tctx, (void *)key, key_len);
MD5_Final(tk, &tctx);
key = tk;
@ -79,7 +79,7 @@ void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Con
the microsoft version of hmac_md5 initialisation.
***********************************************************************/
void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context * ctx) {
void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx) {
int32_t i;
/* if key is longer than 64 bytes truncate it */
@ -107,15 +107,12 @@ void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5
update hmac_md5 "inner" buffer
***********************************************************************/
void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context * ctx) {
MD5_Update(&ctx->ctx, (void *) text, text_len); /* then text of datagram */
}
void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context *ctx) { MD5_Update(&ctx->ctx, (void *)text, text_len); /* then text of datagram */ }
/***********************************************************************
finish off hmac_md5 "inner" buffer and generate outer one.
***********************************************************************/
void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx)
{
void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx) {
MD5_CTX ctx_o;
MD5_Final(digest, &ctx->ctx);

27
hmacmd5.h
View file

@ -1,19 +1,19 @@
/*
/*
Unix SMB/CIFS implementation.
Interface header: Scheduler service
Copyright (C) Luke Kenneth Casson Leighton 1996-1999
Copyright (C) Andrew Tridgell 1992-1999
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc.
@ -30,28 +30,25 @@
*/
#ifdef __sun
#include <sys/int_types.h>
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#include <inttypes.h>
#else
#include <stdint.h>
#include <stdint.h>
#endif
#include <openssl/md5.h>
#ifndef _HMAC_MD5_H
typedef struct {
MD5_CTX ctx;
unsigned char k_ipad[65];
unsigned char k_opad[65];
MD5_CTX ctx;
unsigned char k_ipad[65];
unsigned char k_opad[65];
} HMACMD5Context;
#endif /* _HMAC_MD5_H */
void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx);
void hmac_md5_init_limK_to_64(const unsigned char* key, int32_t key_len,HMACMD5Context *ctx);
void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx);
void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context *ctx);
void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx);
void hmac_md5( unsigned char key[16], unsigned char *data, int32_t data_len, unsigned char *digest);
void hmac_md5(unsigned char key[16], unsigned char *data, int32_t data_len, unsigned char *digest);

120
hydra-adam6500.c
View file

@ -6,57 +6,15 @@
extern char *HYDRA_EXIT;
unsigned char adam6500_req1[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x01, 0x10,
0x27, 0x0f, 0x00, 0x08, 0x10, 0x24, 0x30, 0x31,
0x50, 0x57, 0x30, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
0x1f, 0x1f, 0x1f, 0x0d, 0x00
};
unsigned char adam6500_resp1[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x10,
0x27, 0x0f, 0x00, 0x08
};
unsigned char adam6500_req2[] = {
0x01, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x03,
0x27, 0x0f, 0x00, 0x7d
};
unsigned char adam6500_resp2[] = {
0x01, 0x00, 0x00, 0x00, 0x00, 0xfd, 0x01, 0x03,
0xfa, 0x3f, 0x30, 0x31, 0x0d, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00
};
unsigned char adam6500_req1[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x01, 0x10, 0x27, 0x0f, 0x00, 0x08, 0x10, 0x24, 0x30, 0x31, 0x50, 0x57, 0x30, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x0d, 0x00};
unsigned char adam6500_resp1[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x10, 0x27, 0x0f, 0x00, 0x08};
unsigned char adam6500_req2[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x03, 0x27, 0x0f, 0x00, 0x7d};
unsigned char adam6500_resp2[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0xfd, 0x01, 0x03, 0xfa, 0x3f, 0x30, 0x31, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *pass;
unsigned char buffer[300];
@ -66,13 +24,13 @@ int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options,
pass = empty;
memcpy(buffer, adam6500_req1, sizeof(adam6500_req1));
for (i = 0; i < 8 && i < strlen(pass); i++)
for (i = 0; i < 8 && i < strlen(pass); i++)
buffer[19 + i] = pass[i] ^ 0x3f;
if (hydra_send(s, buffer, sizeof(adam6500_req1), 0) < 0)
return 1;
if (recv(s, buffer, sizeof(buffer), 0) == 12 && memcmp(buffer, adam6500_resp1, sizeof(adam6500_resp1)) == 0) {
if (hydra_send(s, adam6500_req2, sizeof(adam6500_req2), 0) < 0)
return 1;
@ -90,7 +48,7 @@ int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options,
return 1;
}
void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_ADAM6500, mysslport = PORT_ADAM6500_SSL;
@ -100,34 +58,34 @@ void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
case 2: /* run the cracking function */
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_adam6500(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -145,13 +103,13 @@ void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr
}
}
int32_t service_adam6500_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_adam6500_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

60
hydra-afp.c
View file

@ -1,6 +1,6 @@
/*
* Apple Filing Protocol Support - by David Maciejak @ GMAIL dot com
*
*
* tested with afpfs-ng 0.8.1
* AFPFS-NG: http://alexthepuffin.googlepages.com/home
*
@ -9,33 +9,31 @@
#include "hydra-mod.h"
#ifndef LIBAFP
void dummy_afp() {
printf("\n");
}
void dummy_afp() { printf("\n"); }
#else
#define FREE(x) \
if (x != NULL) { \
free(x); \
x = NULL; \
}
#define FREE(x) \
if (x != NULL) { \
free(x); \
x = NULL; \
}
#include <stdio.h>
#include <afpfs-ng/afp.h>
#include <afpfs-ng/libafpclient.h>
#include <stdio.h>
extern char *HYDRA_EXIT;
void stdout_fct(void *priv, enum loglevels loglevel, int32_t logtype, const char *message) {
//fprintf(stderr, "[ERROR] Caught unknown error %s\n", message);
// fprintf(stderr, "[ERROR] Caught unknown error %s\n", message);
}
static struct libafpclient afpclient = {
.unmount_volume = NULL,
.log_for_client = stdout_fct,
.forced_ending_hook = NULL,
.scan_extra_fds = NULL,
.loop_started = NULL,
.unmount_volume = NULL,
.log_for_client = stdout_fct,
.forced_ending_hook = NULL,
.scan_extra_fds = NULL,
.loop_started = NULL,
};
static int32_t server_subconnect(struct afp_url url) {
@ -43,14 +41,15 @@ static int32_t server_subconnect(struct afp_url url) {
struct afp_server *server = NULL;
conn_req = malloc(sizeof(struct afp_connection_request));
// server = malloc(sizeof(struct afp_server));
// server = malloc(sizeof(struct afp_server));
memset(conn_req, 0, sizeof(struct afp_connection_request));
conn_req->url = url;
conn_req->url.requested_version = 31;
//fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n", url.username, url.password, url.servername);
// fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n",
// url.username, url.password, url.servername);
if (strlen(url.uamname) > 0) {
if ((conn_req->uam_mask = find_uam_by_name(url.uamname)) == 0) {
@ -63,13 +62,14 @@ static int32_t server_subconnect(struct afp_url url) {
conn_req->uam_mask = default_uams_mask();
}
//fprintf(stderr, "Initiating connection attempt.\n");
// fprintf(stderr, "Initiating connection attempt.\n");
if ((server = afp_server_full_connect(NULL, conn_req)) == NULL) {
FREE(conn_req);
// FREE(server);
// FREE(server);
return -1;
}
//fprintf(stderr, "Connected to server: %s via UAM: %s\n", server->server_name_printable, uam_bitmap_to_string(server->using_uam));
// fprintf(stderr, "Connected to server: %s via UAM: %s\n",
// server->server_name_printable, uam_bitmap_to_string(server->using_uam));
FREE(conn_req);
FREE(server);
@ -77,7 +77,7 @@ static int32_t server_subconnect(struct afp_url url) {
return 0;
}
int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, mlogin[AFP_MAX_USERNAME_LEN], mpass[AFP_MAX_PASSWORD_LEN];
struct afp_url tmpurl;
@ -88,7 +88,6 @@ int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char
init_uams();
afp_default_url(&tmpurl);
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
@ -110,7 +109,6 @@ int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char
return 3;
return 2;
} else {
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
@ -118,7 +116,7 @@ int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char
return 1;
}
void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_AFP;
@ -127,9 +125,8 @@ void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
@ -139,7 +136,8 @@ void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
port = myport;
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
@ -149,7 +147,7 @@ void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
case 2:
/*
* Here we start the password cracking process
* Here we start the password cracking process
*/
next_run = start_afp(sock, ip, port, options, miscptr, fp);
@ -172,13 +170,13 @@ void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
#endif
int32_t service_afp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_afp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

41
hydra-asterisk.c
View file

@ -1,17 +1,16 @@
//This plugin was written by david@
// This plugin was written by david@
//
//This plugin is written for Asterisk Call Manager
//which is running by default on TCP/5038
// This plugin is written for Asterisk Call Manager
// which is running by default on TCP/5038
//
#include "hydra-mod.h"
extern char *HYDRA_EXIT;
char *buf;
int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "\"\"";
char *login, *pass, buffer[1024];
@ -41,7 +40,10 @@ int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options,
hydra_report(stderr, "[DEBUG] S: %s\n", buf);
if (buf == NULL || (strstr(buf, "Response: ") == NULL)) {
hydra_report(stderr, "[ERROR] Asterisk Call Manager protocol error or service shutdown: %s\n", buf);
hydra_report(stderr,
"[ERROR] Asterisk Call Manager protocol error or service "
"shutdown: %s\n",
buf);
free(buf);
return 4;
}
@ -62,7 +64,7 @@ int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options,
return 2;
}
void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_ASTERISK, mysslport = PORT_ASTERISK_SSL;
@ -71,10 +73,10 @@ void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(300);
// usleepn(300);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -89,28 +91,31 @@ void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
buf = hydra_receive_line(sock);
//fprintf(stderr, "%s\n",buf);
//banner should look like:
//Asterisk Call Manager/1.1
// fprintf(stderr, "%s\n",buf);
// banner should look like:
// Asterisk Call Manager/1.1
if (buf == NULL || strstr(buf, "Asterisk Call Manager/") == NULL) {
/* check the first line */
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an Asterisk Call Manager protocol or service shutdown: %s\n", buf);
hydra_report(stderr,
"[ERROR] Not an Asterisk Call Manager protocol or "
"service shutdown: %s\n",
buf);
hydra_child_exit(2);
}
free(buf);
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_asterisk(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -123,13 +128,13 @@ void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr
}
}
int32_t service_asterisk_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_asterisk_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

230
hydra-cisco-enable.c
View file

@ -3,7 +3,7 @@
extern char *HYDRA_EXIT;
char *buf;
int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *pass, buffer[300];
@ -42,8 +42,7 @@ int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char opti
}
}
if (buf != NULL
&& (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) {
if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) {
free(buf);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -58,7 +57,7 @@ int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char opti
return 3;
}
void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1;
int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL;
char buffer[300];
@ -70,117 +69,130 @@ void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *mis
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
/* Cisco AAA Support */
if (strlen(login = hydra_get_next_login()) != 0) {
while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "name:") == NULL && strstr(buf, "ogin:") == NULL) {
if (hydra_strcasestr(buf, "ress ENTER") != NULL)
hydra_send(sock, "\r\n", 2, 0);
free(buf);
}
/* Cisco AAA Support */
if (strlen(login = hydra_get_next_login()) != 0) {
while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "name:") == NULL && strstr(buf, "ogin:") == NULL) {
if (hydra_strcasestr(buf, "ress ENTER") != NULL)
hydra_send(sock, "\r\n", 2, 0);
free(buf);
}
sprintf(buffer, "%.250s\r\n", login);
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t) getpid());
hydra_child_exit(2);
}
}
if (miscptr != NULL) {
if (buf != NULL)
free(buf);
while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) {
if (hydra_strcasestr(buf, "ress ENTER") != NULL)
hydra_send(sock, "\r\n", 2, 0);
free(buf);
}
sprintf(buffer, "%.250s\r\n", miscptr);
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t) getpid());
hydra_child_exit(2);
}
sprintf(buffer, "%.250s\r\n", login);
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t)getpid());
hydra_child_exit(2);
}
}
if (miscptr != NULL) {
if (buf != NULL)
free(buf);
buf = hydra_receive_line(sock);
if (hydra_strcasestr(buf, "ress ENTER") != NULL) {
hydra_send(sock, "\r\n", 2, 0);
while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) {
if (hydra_strcasestr(buf, "ress ENTER") != NULL)
hydra_send(sock, "\r\n", 2, 0);
free(buf);
buf = hydra_receive_line(sock);
}
if (strstr(buf, "assw") != NULL) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int32_t) getpid());
hydra_child_exit(2);
}
free(buf);
next_run = 2;
break;
}
case 2: /* run the cracking function */
{
unsigned char *buf2;
int32_t f = 0;
sprintf(buffer, "%.250s\r\n", "ena");
sprintf(buffer, "%.250s\r\n", miscptr);
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int32_t) getpid());
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t)getpid());
hydra_child_exit(2);
}
do {
if (f != 0)
free(buf2);
else
f = 1;
if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) {
if (failc < retry) {
next_run = 1;
failc++;
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int32_t) getpid(), failc, retry);
sleep(3);
break;
} else {
fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t) getpid());
hydra_child_exit(0);
}
}
} while (strstr((char *) buf2, "assw") == NULL);
free(buf2);
if (next_run != 0)
break;
failc = 0;
next_run = start_cisco_enable(sock, ip, port, options, miscptr, fp);
break;
}
case 3: /* clean exit */
if (buf != NULL)
free(buf);
buf = hydra_receive_line(sock);
if (hydra_strcasestr(buf, "ress ENTER") != NULL) {
hydra_send(sock, "\r\n", 2, 0);
free(buf);
buf = hydra_receive_line(sock);
}
if (strstr(buf, "assw") != NULL) {
if (quiet != 1)
fprintf(stderr,
"[ERROR] Child with pid %d terminating - can not login, can "
"not login\n",
(int32_t)getpid());
hydra_child_exit(2);
}
free(buf);
next_run = 2;
break;
}
case 2: /* run the cracking function */
{
unsigned char *buf2;
int32_t f = 0;
sprintf(buffer, "%.250s\r\n", "ena");
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int32_t)getpid());
hydra_child_exit(2);
}
do {
if (f != 0)
free(buf2);
else
f = 1;
if ((buf2 = (unsigned char *)hydra_receive_line(sock)) == NULL) {
if (failc < retry) {
next_run = 1;
failc++;
if (quiet != 1)
fprintf(stderr,
"[ERROR] Child with pid %d was disconnected - retrying "
"(%d of %d retries)\n",
(int32_t)getpid(), failc, retry);
sleep(3);
break;
} else {
fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t)getpid());
hydra_child_exit(0);
}
}
} while (strstr((char *)buf2, "assw") == NULL);
free(buf2);
if (next_run != 0)
break;
failc = 0;
next_run = start_cisco_enable(sock, ip, port, options, miscptr, fp);
break;
}
case 3: /* clean exit */
sprintf(buffer, "%.250s\r\n", "exit");
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int32_t) getpid());
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int32_t)getpid());
hydra_child_exit(0);
}
if (sock >= 0)
@ -196,13 +208,13 @@ void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *mis
}
}
int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -210,12 +222,16 @@ int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, c
return 0;
}
void usage_cisco_enable(const char* service) {
printf("Module cisco-enable is optionally taking the logon password for the cisco device\n"
"Note: if AAA authentication is used, use the -l option for the username\n"
void usage_cisco_enable(const char *service) {
printf("Module cisco-enable is optionally taking the logon password for the "
"cisco device\n"
"Note: if AAA authentication is used, use the -l option for the "
"username\n"
"and the optional parameter for the password of the user.\n"
"Examples:\n"
" hydra -P pass.txt target cisco-enable (direct console access)\n"
" hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n"
" hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n");
" hydra -P pass.txt -m cisco target cisco-enable (Logon password "
"cisco)\n"
" hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login "
"foo, password bar)\n");
}

128
hydra-cisco.c
View file

@ -7,7 +7,7 @@
extern char *HYDRA_EXIT;
char *buf = NULL;
int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *pass, buffer[300];
@ -52,7 +52,7 @@ int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, ch
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
buf = NULL;
do {
if (buf != NULL)
@ -95,7 +95,6 @@ int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, ch
}
} while (buf != NULL && strlen(buf) <= 1);
}
}
if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "ailur") != NULL)) {
@ -115,7 +114,7 @@ int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, ch
return 1;
}
void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1;
int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL;
@ -125,63 +124,68 @@ void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, F
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
unsigned char *buf2 = NULL;
int32_t f = 0;
case 1: /* connect and service init function */
{
unsigned char *buf2 = NULL;
int32_t f = 0;
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
if (miscptr != NULL && hydra_strcasestr(miscptr, "enter") != NULL)
hydra_send(sock, "\r\n", 2, 0);
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
do {
if (f != 0) {
free(buf2);
buf2 = NULL;
} else
f = 1;
if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) {
if (failc < retry) {
next_run = 1;
failc++;
if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int32_t) getpid(), failc, retry);
sleep(3);
break;
} else {
if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t) getpid());
hydra_child_exit(0);
}
}
if (buf2 != NULL && hydra_strcasestr((char*)buf2, "ress ENTER") != NULL)
hydra_send(sock, "\r\n", 2, 0);
} while (buf2 != NULL && strstr((char *) buf2, "assw") == NULL);
free(buf2);
if (next_run != 0)
break;
failc = 0;
next_run = 2;
break;
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
if (miscptr != NULL && hydra_strcasestr(miscptr, "enter") != NULL)
hydra_send(sock, "\r\n", 2, 0);
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
case 2: /* run the cracking function */
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
do {
if (f != 0) {
free(buf2);
buf2 = NULL;
} else
f = 1;
if ((buf2 = (unsigned char *)hydra_receive_line(sock)) == NULL) {
if (failc < retry) {
next_run = 1;
failc++;
if (quiet != 1)
hydra_report(stderr,
"[ERROR] Child with pid %d was disconnected - "
"retrying (%d of %d retries)\n",
(int32_t)getpid(), failc, retry);
sleep(3);
break;
} else {
if (quiet != 1)
hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t)getpid());
hydra_child_exit(0);
}
}
if (buf2 != NULL && hydra_strcasestr((char *)buf2, "ress ENTER") != NULL)
hydra_send(sock, "\r\n", 2, 0);
} while (buf2 != NULL && strstr((char *)buf2, "assw") == NULL);
free(buf2);
if (next_run != 0)
break;
failc = 0;
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_cisco(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -199,13 +203,13 @@ void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, F
}
}
int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -213,6 +217,8 @@ int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *mi
return 0;
}
void usage_cisco(const char* service) {
printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n");
void usage_cisco(const char *service) {
printf("Module cisco is optionally taking the keyword ENTER, it then sends "
"an initial\n"
"ENTER when connecting to the service.\n");
}

65
hydra-cvs.c
View file

@ -5,38 +5,32 @@ extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
extern char *HYDRA_EXIT;
char *buf;
int32_t start_cvs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_cvs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, buffer[1024], pass2[513];
int32_t i;
char *directory = miscptr;
/* evil cvs encryption sheme...
0 111 P 125 p 58
! 120 1 52 A 57 Q 55 a 121 q 113
" 53 2 75 B 83 R 54 b 117 r 32
3 119 C 43 S 66 c 104 s 90
4 49 D 46 T 124 d 101 t 44
% 109 5 34 E 102 U 126 e 100 u 98
& 72 6 82 F 40 V 59 f 69 v 60
' 108 7 81 G 89 W 47 g 73 w 51
( 70 8 95 H 38 X 92 h 99 x 33
) 64 9 65 I 103 Y 71 i 63 y 97
* 76 : 112 J 45 Z 115 j 94 z 62
+ 67 ; 86 K 50 k 93
, 116 < 118 L 42 l 39
- 74 = 110 M 123 m 37
. 68 > 122 N 91 n 61
/ 87 ? 105 O 35 _ 56 o 48
*/
/* evil cvs encryption sheme...
0 111 P 125 p 58
! 120 1 52 A 57 Q 55 a 121 q 113
" 53 2 75 B 83 R 54 b 117 r 32
3 119 C 43 S 66 c 104 s 90
4 49 D 46 T 124 d 101 t 44
% 109 5 34 E 102 U 126 e 100 u 98
& 72 6 82 F 40 V 59 f 69 v 60
' 108 7 81 G 89 W 47 g 73 w 51
( 70 8 95 H 38 X 92 h 99 x 33
) 64 9 65 I 103 Y 71 i 63 y 97
* 76 : 112 J 45 Z 115 j 94 z 62
+ 67 ; 86 K 50 k 93
, 116 < 118 L 42 l 39
- 74 = 110 M 123 m 37
. 68 > 122 N 91 n 61
/ 87 ? 105 O 35 _ 56 o 48
*/
char key[] = { 0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87,
111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105,
0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35,
125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56,
0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48,
58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62
};
char key[] = {0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87, 111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105, 0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35, 125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56, 0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48, 58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62};
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
@ -85,7 +79,7 @@ int32_t start_cvs(int32_t s, char *ip, int32_t port, unsigned char options, char
return 3;
}
void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_CVS, mysslport = PORT_CVS_SSL;
@ -100,11 +94,11 @@ void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
return;
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(300);
// usleepn(300);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -118,12 +112,12 @@ void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = start_cvs(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
@ -136,13 +130,13 @@ void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
}
}
int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -150,6 +144,7 @@ int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *misc
return 0;
}
void usage_cvs(const char* service) {
printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n");
void usage_cvs(const char *service) {
printf("Module cvs is optionally taking the repository name to attack, "
"default is \"/root\"\n\n");
}

40
hydra-firebird.c
View file

@ -1,7 +1,7 @@
/*
Firebird Support - by David Maciejak @ GMAIL dot com
you need to pass full path to the fdb file as argument
default account is SYSDBA/masterkey
@ -14,28 +14,26 @@ the msg: "no permission for direct access to security database"
#include "hydra-mod.h"
#ifndef LIBFIREBIRD
void dummy_firebird() {
printf("\n");
}
void dummy_firebird() { printf("\n"); }
#else
#include <stdio.h>
#include <ibase.h>
#include <stdio.h>
#define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb"
extern char *HYDRA_EXIT;
int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass;
char database[256];
char connection_string[1024];
isc_db_handle db; /* database handle */
ISC_STATUS_ARRAY status; /* status vector */
isc_db_handle db; /* database handle */
ISC_STATUS_ARRAY status; /* status vector */
char *dpb = NULL; /* DB parameter buffer */
char *dpb = NULL; /* DB parameter buffer */
short dpb_length = 0;
if (miscptr)
@ -49,8 +47,8 @@ int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options,
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
dpb_length = (short) (1 + strlen(login) + 2 + strlen(pass) + 2);
if ((dpb = (char *) malloc(dpb_length)) == NULL) {
dpb_length = (short)(1 + strlen(login) + 2 + strlen(pass) + 2);
if ((dpb = (char *)malloc(dpb_length)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n");
return 1;
}
@ -86,7 +84,7 @@ int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options,
return 1;
}
void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL;
@ -95,9 +93,8 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
@ -112,7 +109,8 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr
port = mysslport;
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
@ -122,7 +120,7 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr
case 2:
/*
* Here we start the password cracking process
* Here we start the password cracking process
*/
next_run = start_firebird(sock, ip, port, options, miscptr, fp);
@ -145,13 +143,13 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr
#endif
int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -159,6 +157,8 @@ int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char
return 0;
}
void usage_firebird(const char* service) {
printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n");
void usage_firebird(const char *service) {
printf("Module firebird is optionally taking the database path to attack,\n"
"default is \"C:\\Program "
"Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n");
}

35
hydra-ftp.c
View file

@ -3,7 +3,7 @@
extern char *HYDRA_EXIT;
char *buf;
int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "\"\"";
char *login, *pass, buffer[510];
@ -20,7 +20,8 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char
buf = hydra_receive_line(s);
if (buf == NULL)
return 1;
/* special hack to identify 530 user unknown msg. suggested by Jean-Baptiste.BEAUFRETON@turbomeca.fr */
/* special hack to identify 530 user unknown msg. suggested by
* Jean-Baptiste.BEAUFRETON@turbomeca.fr */
if (buf[0] == '5' && buf[1] == '3' && buf[2] == '0') {
if (verbose)
printf("[INFO] user %s does not exist, skipping\n", login);
@ -74,7 +75,7 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char
return 2;
}
void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, int32_t tls) {
void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, int32_t tls) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_FTP, mysslport = PORT_FTP_SSL;
@ -83,10 +84,10 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr
hydra_child_exit(0);
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(300);
// usleepn(300);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -100,12 +101,12 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
usleepn(250);
buf = hydra_receive_line(sock);
if (buf == NULL || buf[0] != '2') { /* check the first line */
if (buf == NULL || buf[0] != '2') { /* check the first line */
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
@ -120,7 +121,7 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr
}
free(buf);
//this mode is manually chosen, so if it fails we giving up
// this mode is manually chosen, so if it fails we giving up
if (tls) {
if (hydra_send(sock, "AUTH TLS\r\n", strlen("AUTH TLS\r\n"), 0) < 0) {
hydra_child_exit(2);
@ -148,15 +149,15 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_ftp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* error exit */
case 3: /* error exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
break;
case 4: /* clean exit */
case 4: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -169,21 +170,17 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr
}
}
void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 0);
}
void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 0); }
void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 1);
}
void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 1); }
int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

222
hydra-gtk/src/callbacks.c
View file

@ -1,7 +1,7 @@
/*
* This file handles all that needs to be done...
* Some stuff is stolen from gcombust since I never used pipes... ok, i
* Some stuff is stolen from gcombust since I never used pipes... ok, i
* only used them in reallife :)
*/
@ -15,18 +15,17 @@
#include "interface.h"
#include "support.h"
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <fcntl.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
int hydra_pid = 0;
@ -37,16 +36,14 @@ char smbparm[128];
char sapr3id[4];
char passLoginNull[4];
#define BUF_S 1024
void hydra_select_file(GtkEntry * widget, char *text) {
void hydra_select_file(GtkEntry *widget, char *text) {
#ifdef GTK_TYPE_FILE_CHOOSER
GtkWidget *dialog;
char *filename;
dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_OPEN,
GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);
dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *)wndMain, GTK_FILE_CHOOSER_ACTION_OPEN, GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);
if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) {
filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog));
@ -70,7 +67,7 @@ int hydra_get_options(char *options[]) {
/* get the port */
widget = lookup_widget(GTK_WIDGET(wndMain), "spnPort");
j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget);
j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget);
if (j != 0) {
snprintf(port, 10, "%d", j);
options[i++] = "-s";
@ -79,107 +76,107 @@ int hydra_get_options(char *options[]) {
/* prefer ipv6 */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkIPV6");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-6";
}
/* use SSL? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkSSL");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-S";
}
/* use old SSL? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkOldSSL");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-O";
}
/* be verbose? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkVerbose");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-v";
}
/* show attempts */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkAttempts");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-V";
}
/* debug mode? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkDebug");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-d";
}
/* COMPLETE HELP */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkCompleteHelp");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-h";
}
/* Service Module Usage Details */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkServiceDetails");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-U";
}
/* use colon separated list? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkColon");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-C";
widget = lookup_widget(GTK_WIDGET(wndMain), "entColonFile");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
} else {
/* disable usernames */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkDisUser");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
} else {
/* get the username, or username list */
widget = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-l";
widget = lookup_widget(GTK_WIDGET(wndMain), "entUsername");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
} else {
options[i++] = "-L";
widget = lookup_widget(GTK_WIDGET(wndMain), "entUsernameFile");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
}
}
/* get the pass, pass list, or generate */
/* The "generate" button was implemented by Petar Kaleychev <petar.kaleychev@gmail.com> */
widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass1");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-p";
widget = lookup_widget(GTK_WIDGET(wndMain), "entPass");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
}
widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass2");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-P";
widget = lookup_widget(GTK_WIDGET(wndMain), "entPassFile");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
}
widget = lookup_widget(GTK_WIDGET(wndMain), "radioGenerate");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-x";
widget = lookup_widget(GTK_WIDGET(wndMain), "entGeneration");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
}
}
/* empty passes / login as pass / reversed login? */
memset(passLoginNull, 0, 4);
widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassNull");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
passLoginNull[0] = 'n';
}
widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassLogin");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
if (passLoginNull[0] == 0) {
passLoginNull[0] = 's';
} else {
@ -188,7 +185,7 @@ int hydra_get_options(char *options[]) {
}
/* The "Try reversed login" button was implemented by Petar Kaleychev <petar.kaleychev@gmail.com> */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassReverse");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
if (passLoginNull[0] == 0) {
passLoginNull[0] = 'r';
} else if (passLoginNull[1] == 0) {
@ -204,7 +201,7 @@ int hydra_get_options(char *options[]) {
/* #of tasks */
widget = lookup_widget(GTK_WIDGET(wndMain), "spnTasks");
j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget);
j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget);
if (j != 40) {
snprintf(tasks, 10, "%d", j);
options[i++] = "-t";
@ -213,7 +210,7 @@ int hydra_get_options(char *options[]) {
/* timeout */
widget = lookup_widget(GTK_WIDGET(wndMain), "spnTimeout");
j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget);
j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget);
if (j != 30) {
snprintf(timeout, 10, "%d", j);
options[i++] = "-w";
@ -222,56 +219,56 @@ int hydra_get_options(char *options[]) {
/* loop around users? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkUsernameLoop");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-u";
}
/* exit after first found pair? */
/* per host */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkExitf");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-f";
}
/* global */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkExitF");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-F";
}
/* Do not print messages about connection errors */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkNoErr");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
options[i++] = "-q";
}
/* get additional parameters */
widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol");
tmp = (char *) gtk_entry_get_text((GtkEntry *) widget);
tmp = (char *)gtk_entry_get_text((GtkEntry *)widget);
if (!strncmp(tmp, "http-proxy", 10)) {
widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxyURL");
options[i++] = "-m";
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
} else if (!strncmp(tmp, "http-", 5) || !strncmp(tmp, "https-", 6)) {
options[i++] = "-m";
widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPURL");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
} else if (!strcmp(tmp, "cisco-enable")) {
options[i++] = "-m";
widget = lookup_widget(GTK_WIDGET(wndMain), "entCiscoPass");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
} else if (!strcmp(tmp, "ldap3-crammd5")) {
options[i++] = "-m";
widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
} else if (!strcmp(tmp, "ldap3-digestmd5")) {
options[i++] = "-m";
widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
} else if (!strcmp(tmp, "smb")) {
memset(smbparm, 0, sizeof(smbparm));
@ -282,12 +279,12 @@ int hydra_get_options(char *options[]) {
strncpy(smbparm, "Both", sizeof(smbparm));
smbparm[strlen("Both")] = '\0';
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
strncpy(smbparm, "Domain", sizeof(smbparm));
smbparm[strlen("Domain")] = '\0';
}
if (gtk_toggle_button_get_active((GtkToggleButton *) widget2)) {
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget2)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
strncpy(smbparm, "Both", sizeof(smbparm));
smbparm[strlen("Both")] = '\0';
} else {
@ -296,7 +293,7 @@ int hydra_get_options(char *options[]) {
}
}
widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
strcat(smbparm, "Hash");
}
options[i++] = smbparm;
@ -307,18 +304,14 @@ int hydra_get_options(char *options[]) {
options[i++] = smbparm;
widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM");
int pth = gtk_toggle_button_get_active((GtkToggleButton *) widget);
int pth = gtk_toggle_button_get_active((GtkToggleButton *)widget);
widget = lookup_widget(GTK_WIDGET(wndMain), "entSMB2Workgroup");
snprintf(smbparm,
sizeof(smbparm)-1,
"nthash:%s workgroup:{%s}",
pth ? "true" : "false",
(char *) gtk_entry_get_text((GtkEntry *) widget));
snprintf(smbparm, sizeof(smbparm) - 1, "nthash:%s workgroup:{%s}", pth ? "true" : "false", (char *)gtk_entry_get_text((GtkEntry *)widget));
} else if (!strcmp(tmp, "sapr3")) {
widget = lookup_widget(GTK_WIDGET(wndMain), "spnSAPR3");
j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget);
j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget);
snprintf(sapr3id, sizeof(sapr3id), "%d", j);
options[i++] = "-m";
options[i++] = sapr3id;
@ -326,18 +319,18 @@ int hydra_get_options(char *options[]) {
} else if (!strcmp(tmp, "cvs") || !strcmp(tmp, "svn")) {
widget = lookup_widget(GTK_WIDGET(wndMain), "entCVS");
options[i++] = "-m";
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
} else if (!strcmp(tmp, "snmp")) {
widget = lookup_widget(GTK_WIDGET(wndMain), "entSNMP");
options[i++] = "-m";
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
} else if (!strcmp(tmp, "telnet")) {
widget = lookup_widget(GTK_WIDGET(wndMain), "entTelnet");
if ((char *) gtk_entry_get_text((GtkEntry *) widget) != NULL) {
if ((char *)gtk_entry_get_text((GtkEntry *)widget) != NULL) {
options[i++] = "-m";
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
}
}
@ -349,45 +342,44 @@ int hydra_get_options(char *options[]) {
/* proxy support */
widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy");
if (!gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (!gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
widget2 = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxy");
widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy2");
/* which variable do we set? */
if ((!strncmp(tmp, "http-", 5)) && (gtk_toggle_button_get_active((GtkToggleButton *) widget))) {
setenv("HYDRA_PROXY_HTTP", gtk_entry_get_text((GtkEntry *) widget2), 1);
if ((!strncmp(tmp, "http-", 5)) && (gtk_toggle_button_get_active((GtkToggleButton *)widget))) {
setenv("HYDRA_PROXY_HTTP", gtk_entry_get_text((GtkEntry *)widget2), 1);
} else {
setenv("HYDRA_PROXY_CONNECT", (char *) gtk_entry_get_text((GtkEntry *) widget2), 1);
setenv("HYDRA_PROXY_CONNECT", (char *)gtk_entry_get_text((GtkEntry *)widget2), 1);
}
/* do we need to provide user and pass? */
widget = lookup_widget(GTK_WIDGET(wndMain), "chkProxyAuth");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
widget = lookup_widget(GTK_WIDGET(wndMain), "entProxyUser");
widget2 = lookup_widget(GTK_WIDGET(wndMain), "entProxyPass");
a = g_string_new((gchar *) gtk_entry_get_text((GtkEntry *) widget));
a = g_string_new((gchar *)gtk_entry_get_text((GtkEntry *)widget));
a = g_string_append_c(a, ':');
a = g_string_append(a, gtk_entry_get_text((GtkEntry *) widget2));
a = g_string_append(a, gtk_entry_get_text((GtkEntry *)widget2));
setenv("HYDRA_PROXY_AUTH", a->str, 1);
(void) g_string_free(a, TRUE);
(void)g_string_free(a, TRUE);
}
}
/* get the target, or target list */
widget = lookup_widget(GTK_WIDGET(wndMain), "radioTarget1");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
widget = lookup_widget(GTK_WIDGET(wndMain), "entTarget");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
} else {
options[i++] = "-M";
widget = lookup_widget(GTK_WIDGET(wndMain), "entTargetFile");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
}
/* get the service */
widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);
options[i] = NULL;
return i;
@ -404,12 +396,11 @@ int update_statusbar() {
i = hydra_get_options(options);
for (j = 1; j < i; j++) {
statustext = g_string_append(statustext, options[j]);
statustext = g_string_append_c(statustext, ' ');
}
statusbar = (GtkStatusbar *) lookup_widget(GTK_WIDGET(wndMain), "statusbar");
statusbar = (GtkStatusbar *)lookup_widget(GTK_WIDGET(wndMain), "statusbar");
context_id = gtk_statusbar_get_context_id(statusbar, "status");
/* an old message in stack? */
@ -417,9 +408,9 @@ int update_statusbar() {
gtk_statusbar_remove(statusbar, context_id, message_id);
}
message_id = gtk_statusbar_push(statusbar, context_id, (gchar *) statustext->str);
message_id = gtk_statusbar_push(statusbar, context_id, (gchar *)statustext->str);
(void) g_string_free(statustext, TRUE);
(void)g_string_free(statustext, TRUE);
return TRUE;
}
@ -443,11 +434,10 @@ int read_into(int fd) {
}
output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput");
outputbuf = gtk_text_view_get_buffer((GtkTextView *) output);
outputbuf = gtk_text_view_get_buffer((GtkTextView *)output);
gtk_text_buffer_get_iter_at_offset(outputbuf, &outputiter, -1);
if ((passline = strstr(in_buf, "password: ")) == NULL) {
gtk_text_buffer_insert(outputbuf, &outputiter, in_buf, result);
} else {
@ -465,15 +455,13 @@ int read_into(int fd) {
if (end - in_buf - result > 0) {
gtk_text_buffer_insert(outputbuf, &outputiter, end + 1, -1);
}
}
if (strstr(in_buf, " finished at ") != NULL) {
gtk_text_buffer_insert_with_tags_by_name(outputbuf, &outputiter, "<finished>\n\n", -1, "bold", NULL);
}
if (result == BUF_S - 1) /* there might be more available, recurse baby! */
if (result == BUF_S - 1) /* there might be more available, recurse baby! */
return read_into(fd);
else
return TRUE;
@ -530,7 +518,6 @@ static int wait_hydra_output(gpointer data) {
return TRUE;
}
/* assumes a successfull pipe() won't set the fd's to -1 */
static void close_pipe(int *pipe) {
if (-1 != pipe[0]) {
@ -550,8 +537,7 @@ static void close_pipe(int *pipe) {
*/
int *popen_re_unbuffered(char *command) {
static int p_r[2] = { -1, -1 }, p_e[2] = {
-1, -1};
static int p_r[2] = {-1, -1}, p_e[2] = {-1, -1};
static int *pfd = NULL;
char *options[128];
@ -576,7 +562,7 @@ int *popen_re_unbuffered(char *command) {
if ((hydra_pid = fork()) < 0) {
g_warning("popen_rw_unbuffered: Error forking!");
return NULL;
} else if (hydra_pid == 0) { /* child */
} else if (hydra_pid == 0) { /* child */
int k;
if (setpgid(getpid(), getpid()) < 0)
@ -597,7 +583,7 @@ int *popen_re_unbuffered(char *command) {
if (close(p_e[1]) < 0)
g_warning("popen_rw_unbuffered: close(p_e[1]) failed");
(void) hydra_get_options(options);
(void)hydra_get_options(options);
execv(HYDRA_BIN, options);
@ -607,7 +593,7 @@ int *popen_re_unbuffered(char *command) {
g_warning("%s", options[k]);
}
gtk_main_quit();
} else { /* parent */
} else { /* parent */
if (close(p_r[1]) < 0)
g_warning("popen_rw_unbuffered: close(p_r[1]) (parent) failed");
if (close(p_e[1]) < 0)
@ -620,32 +606,25 @@ int *popen_re_unbuffered(char *command) {
return pfd;
}
void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data) {
gtk_main_quit();
}
void on_quit1_activate(GtkMenuItem *menuitem, gpointer user_data) { gtk_main_quit(); }
void on_about1_activate(GtkMenuItem *menuitem, gpointer user_data) {}
void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data) {
}
void on_btnStart_clicked(GtkButton * button, gpointer user_data) {
void on_btnStart_clicked(GtkButton *button, gpointer user_data) {
int *fd = NULL;
fd = popen_re_unbuffered(NULL);
g_timeout_add(200, wait_hydra_output, fd);
}
void on_btnStop_clicked(GtkButton * button, gpointer user_data) {
void on_btnStop_clicked(GtkButton *button, gpointer user_data) {
if (hydra_pid != 0) {
kill(hydra_pid, SIGTERM);
hydra_pid = 0;
}
}
void on_wndMain_destroy(GtkObject * object, gpointer user_data) {
void on_wndMain_destroy(GtkObject *object, gpointer user_data) {
if (hydra_pid != 0) {
kill(hydra_pid, SIGTERM);
hydra_pid = 0;
@ -653,35 +632,31 @@ void on_wndMain_destroy(GtkObject * object, gpointer user_data) {
gtk_main_quit();
}
gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) {
hydra_select_file((GtkEntry *) widget, "Select target list");
gboolean on_entTargetFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) {
hydra_select_file((GtkEntry *)widget, "Select target list");
gtk_widget_grab_focus(widget);
return TRUE;
}
gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) {
hydra_select_file((GtkEntry *) widget, "Select username list");
gboolean on_entUsernameFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) {
hydra_select_file((GtkEntry *)widget, "Select username list");
gtk_widget_grab_focus(widget);
return TRUE;
}
gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) {
hydra_select_file((GtkEntry *) widget, "Select password list");
gboolean on_entPassFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) {
hydra_select_file((GtkEntry *)widget, "Select password list");
gtk_widget_grab_focus(widget);
return TRUE;
}
gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) {
hydra_select_file((GtkEntry *) widget, "Select colon separated user,password list");
gboolean on_entColonFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) {
hydra_select_file((GtkEntry *)widget, "Select colon separated user,password list");
gtk_widget_grab_focus(widget);
return TRUE;
}
void on_btnSave_clicked(GtkButton * button, gpointer user_data) {
void on_btnSave_clicked(GtkButton *button, gpointer user_data) {
#ifdef GTK_TYPE_FILE_CHOOSER
GtkWidget *dialog;
char *filename;
@ -692,13 +667,12 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) {
GtkTextIter start;
GtkTextIter end;
dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_SAVE,
GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);
dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *)wndMain, GTK_FILE_CHOOSER_ACTION_SAVE, GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);
if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) {
filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog));
output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput");
outputbuf = gtk_text_view_get_buffer((GtkTextView *) output);
outputbuf = gtk_text_view_get_buffer((GtkTextView *)output);
gtk_text_buffer_get_start_iter(outputbuf, &start);
gtk_text_buffer_get_end_iter(outputbuf, &end);
@ -716,10 +690,11 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) {
#endif
}
void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) {
void on_chkColon_toggled(GtkToggleButton *togglebutton, gpointer user_data) {
GtkWidget *user, *pass;
user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername");;
user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername");
;
pass = lookup_widget(GTK_WIDGET(wndMain), "frmPass");
if (gtk_toggle_button_get_active(togglebutton)) {
@ -731,10 +706,11 @@ void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) {
}
}
void on_chkDisUser_toggled(GtkToggleButton * togglebutton, gpointer user_data) {
void on_chkDisUser_toggled(GtkToggleButton *togglebutton, gpointer user_data) {
GtkWidget *radioUsername1, *radioUsername2, *entUsername, *entUsernameFile;
radioUsername1 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1");;
radioUsername1 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1");
;
radioUsername2 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername2");
entUsername = lookup_widget(GTK_WIDGET(wndMain), "entUsername");
entUsernameFile = lookup_widget(GTK_WIDGET(wndMain), "entUsernameFile");
@ -752,11 +728,11 @@ void on_chkDisUser_toggled(GtkToggleButton * togglebutton, gpointer user_data) {
}
}
void on_btnClear_clicked(GtkButton * button, gpointer user_data) {
void on_btnClear_clicked(GtkButton *button, gpointer user_data) {
GtkWidget *output;
GtkTextBuffer *outputbuf;
output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput");
outputbuf = gtk_text_view_get_buffer((GtkTextView *) output);
outputbuf = gtk_text_view_get_buffer((GtkTextView *)output);
gtk_text_buffer_set_text(outputbuf, "", -1);
}

26
hydra-gtk/src/callbacks.h
View file

@ -2,28 +2,28 @@
int update_statusbar();
void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data);
void on_quit1_activate(GtkMenuItem *menuitem, gpointer user_data);
void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data);
void on_about1_activate(GtkMenuItem *menuitem, gpointer user_data);
void on_btnStart_clicked(GtkButton * button, gpointer user_data);
void on_btnStart_clicked(GtkButton *button, gpointer user_data);
void on_wndMain_destroy(GtkObject * object, gpointer user_data);
void on_wndMain_destroy(GtkObject *object, gpointer user_data);
void on_btnStop_clicked(GtkButton * button, gpointer user_data);
void on_btnStop_clicked(GtkButton *button, gpointer user_data);
gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data);
gboolean on_entTargetFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data);
gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data);
gboolean on_entUsernameFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data);
gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data);
gboolean on_entPassFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data);
void on_btnSave_clicked(GtkButton * button, gpointer user_data);
void on_btnSave_clicked(GtkButton *button, gpointer user_data);
gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data);
gboolean on_entColonFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data);
void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data);
void on_chkColon_toggled(GtkToggleButton *togglebutton, gpointer user_data);
void on_btnClear_clicked(GtkButton * button, gpointer user_data);
void on_btnClear_clicked(GtkButton *button, gpointer user_data);
void on_chkDisUser_toggled(GtkToggleButton * togglebutton, gpointer user_data);
void on_chkDisUser_toggled(GtkToggleButton *togglebutton, gpointer user_data);

226
hydra-gtk/src/interface.c
View file

@ -7,13 +7,13 @@
#include <config.h>
#endif
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/types.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <string.h>
#include <stdio.h>
#include <string.h>
#include <gdk/gdkkeysyms.h>
#include <gtk/gtk.h>
@ -22,12 +22,9 @@
#include "interface.h"
#include "support.h"
#define GLADE_HOOKUP_OBJECT(component,widget,name) \
g_object_set_data_full (G_OBJECT (component), name, \
gtk_widget_ref (widget), (GDestroyNotify) gtk_widget_unref)
#define GLADE_HOOKUP_OBJECT(component, widget, name) g_object_set_data_full(G_OBJECT(component), name, gtk_widget_ref(widget), (GDestroyNotify)gtk_widget_unref)
#define GLADE_HOOKUP_OBJECT_NO_REF(component,widget,name) \
g_object_set_data (G_OBJECT (component), name, widget)
#define GLADE_HOOKUP_OBJECT_NO_REF(component, widget, name) g_object_set_data(G_OBJECT(component), name, widget)
GtkWidget *create_wndMain(void) {
GtkWidget *wndMain;
@ -224,7 +221,7 @@ GtkWidget *create_wndMain(void) {
g_object_set_data(G_OBJECT(GTK_COMBO(cmbProtocol)->popwin), "GladeParentKey", cmbProtocol);
gtk_widget_set_name(cmbProtocol, "cmbProtocol");
gtk_widget_show(cmbProtocol);
gtk_table_attach(GTK_TABLE(table8), cmbProtocol, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table8), cmbProtocol, 1, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "adam6500");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "afp");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "asterisk");
@ -299,53 +296,52 @@ GtkWidget *create_wndMain(void) {
label7 = gtk_label_new("Protocol");
gtk_widget_set_name(label7, "label7");
gtk_widget_show(label7);
gtk_table_attach(GTK_TABLE(table8), label7, 0, 1, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table8), label7, 0, 1, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_misc_set_alignment(GTK_MISC(label7), 0, 0.5);
spnPort_adj = gtk_adjustment_new(0, 0, 65535, 1, 10, 0);
spnPort = gtk_spin_button_new(GTK_ADJUSTMENT(spnPort_adj), 1, 0);
gtk_widget_set_name(spnPort, "spnPort");
gtk_widget_show(spnPort);
gtk_table_attach(GTK_TABLE(table8), spnPort, 1, 2, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table8), spnPort, 1, 2, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, spnPort, "select the port on which the daemon you want to brute force runs, 0 means default", NULL);
label6 = gtk_label_new("Port");
gtk_widget_set_name(label6, "label6");
gtk_widget_show(label6);
gtk_table_attach(GTK_TABLE(table8), label6, 0, 1, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table8), label6, 0, 1, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_misc_set_alignment(GTK_MISC(label6), 0, 0.5);
chkIPV6 = gtk_check_button_new_with_mnemonic("Prefer IPV6");
gtk_widget_set_name(chkIPV6, "chkIPV6");
gtk_widget_show(chkIPV6);
gtk_table_attach(GTK_TABLE(table8), chkIPV6, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table8), chkIPV6, 0, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkIPV6, "Enable to use IPV6", NULL);
radioTarget2 = gtk_radio_button_new_with_mnemonic(NULL, "Target List");
gtk_widget_set_name(radioTarget2, "radioTarget2");
gtk_widget_show(radioTarget2);
gtk_table_attach(GTK_TABLE(table8), radioTarget2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table8), radioTarget2, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioTarget2), radioTarget2_group);
radioTarget2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioTarget2));
entTargetFile = gtk_entry_new();
gtk_widget_set_name(entTargetFile, "entTargetFile");
gtk_widget_show(entTargetFile);
gtk_table_attach(GTK_TABLE(table8), entTargetFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table8), entTargetFile, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, entTargetFile, "A file which contains the targets to attack. One entry per line. IP\naddresses and/or DNS names.", NULL);
entTarget = gtk_entry_new();
gtk_widget_set_name(entTarget, "entTarget");
gtk_widget_show(entTarget);
gtk_table_attach(GTK_TABLE(table8), entTarget, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table8), entTarget, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, entTarget, "The target to attack - DNS name or IP address", NULL);
gtk_entry_set_text(GTK_ENTRY(entTarget), "127.0.0.1");
radioTarget1 = gtk_radio_button_new_with_mnemonic(NULL, "Single Target");
gtk_widget_set_name(radioTarget1, "radioTarget1");
gtk_widget_show(radioTarget1);
gtk_table_attach(GTK_TABLE(table8), radioTarget1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table8), radioTarget1, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioTarget1), radioTarget2_group);
radioTarget2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioTarget1));
gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioTarget1), TRUE);
@ -368,50 +364,44 @@ GtkWidget *create_wndMain(void) {
chkVerbose = gtk_check_button_new_with_mnemonic("Be Verbose");
gtk_widget_set_name(chkVerbose, "chkVerbose");
gtk_widget_show(chkVerbose);
gtk_table_attach(GTK_TABLE(table9), chkVerbose, 2, 3, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table9), chkVerbose, 2, 3, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkVerbose, "be verbose", NULL);
chkDebug = gtk_check_button_new_with_mnemonic("Debug");
gtk_widget_set_name(chkDebug, "chkDebug");
gtk_widget_show(chkDebug);
gtk_table_attach(GTK_TABLE(table9), chkDebug, 2, 3, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table9), chkDebug, 2, 3, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkDebug, "Enable debug mode", NULL);
chkAttempts = gtk_check_button_new_with_mnemonic("Show Attempts");
gtk_widget_set_name(chkAttempts, "chkAttempts");
gtk_widget_show(chkAttempts);
gtk_table_attach(GTK_TABLE(table9), chkAttempts, 0, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table9), chkAttempts, 0, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkAttempts, "Show attempts", NULL);
chkSSL = gtk_check_button_new_with_mnemonic("Use SSL");
gtk_widget_set_name(chkSSL, "chkSSL");
gtk_widget_show(chkSSL);
gtk_table_attach(GTK_TABLE(table9), chkSSL, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table9), chkSSL, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkSSL, "Enable to use SSL (the target must have SSL enabled!)", NULL);
chkServiceDetails = gtk_check_button_new_with_mnemonic ("Service Module Usage Details");
gtk_widget_set_name (chkServiceDetails, "chkServiceDetails");
gtk_widget_show (chkServiceDetails);
gtk_table_attach (GTK_TABLE (table9), chkServiceDetails, 2, 3, 2, 3,
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
(GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip (tooltips, chkServiceDetails, "Service Module Usage Details", NULL);
chkServiceDetails = gtk_check_button_new_with_mnemonic("Service Module Usage Details");
gtk_widget_set_name(chkServiceDetails, "chkServiceDetails");
gtk_widget_show(chkServiceDetails);
gtk_table_attach(GTK_TABLE(table9), chkServiceDetails, 2, 3, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkServiceDetails, "Service Module Usage Details", NULL);
chkCompleteHelp = gtk_check_button_new_with_mnemonic ("COMPLETE HELP");
gtk_widget_set_name (chkCompleteHelp, "chkCompleteHelp");
gtk_widget_show (chkCompleteHelp);
gtk_table_attach (GTK_TABLE (table9), chkCompleteHelp, 0, 2, 2, 3,
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
(GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip (tooltips, chkCompleteHelp, "Complete Help", NULL);
chkCompleteHelp = gtk_check_button_new_with_mnemonic("COMPLETE HELP");
gtk_widget_set_name(chkCompleteHelp, "chkCompleteHelp");
gtk_widget_show(chkCompleteHelp);
gtk_table_attach(GTK_TABLE(table9), chkCompleteHelp, 0, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkCompleteHelp, "Complete Help", NULL);
chkOldSSL = gtk_check_button_new_with_mnemonic ("Use old SSL");
gtk_widget_set_name (chkOldSSL, "chkOldSSL");
gtk_widget_show (chkOldSSL);
gtk_table_attach (GTK_TABLE (table9), chkOldSSL, 1, 2, 0, 1,
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
(GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip (tooltips, chkOldSSL, "Enable to use old SSL (the target must have SSL enabled!)", NULL);
chkOldSSL = gtk_check_button_new_with_mnemonic("Use old SSL");
gtk_widget_set_name(chkOldSSL, "chkOldSSL");
gtk_widget_show(chkOldSSL);
gtk_table_attach(GTK_TABLE(table9), chkOldSSL, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkOldSSL, "Enable to use old SSL (the target must have SSL enabled!)", NULL);
label29 = gtk_label_new("Output Options");
gtk_widget_set_name(label29, "label29");
@ -441,20 +431,20 @@ GtkWidget *create_wndMain(void) {
entUsernameFile = gtk_entry_new();
gtk_widget_set_name(entUsernameFile, "entUsernameFile");
gtk_widget_show(entUsernameFile);
gtk_table_attach(GTK_TABLE(table2), entUsernameFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_table_attach(GTK_TABLE(table2), entUsernameFile, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_tooltips_set_tip(tooltips, entUsernameFile, "File with user logins, one entry per line", NULL);
entUsername = gtk_entry_new();
gtk_widget_set_name(entUsername, "entUsername");
gtk_widget_show(entUsername);
gtk_table_attach(GTK_TABLE(table2), entUsername, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_table_attach(GTK_TABLE(table2), entUsername, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_tooltips_set_tip(tooltips, entUsername, "The login to use", NULL);
gtk_entry_set_text(GTK_ENTRY(entUsername), "yourname");
radioUsername1 = gtk_radio_button_new_with_mnemonic(NULL, "Username");
gtk_widget_set_name(radioUsername1, "radioUsername1");
gtk_widget_show(radioUsername1);
gtk_table_attach(GTK_TABLE(table2), radioUsername1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_table_attach(GTK_TABLE(table2), radioUsername1, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioUsername1), radioUsername1_group);
radioUsername1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioUsername1));
gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioUsername1), TRUE);
@ -462,20 +452,20 @@ GtkWidget *create_wndMain(void) {
radioUsername2 = gtk_radio_button_new_with_mnemonic(NULL, "Username List");
gtk_widget_set_name(radioUsername2, "radioUsername2");
gtk_widget_show(radioUsername2);
gtk_table_attach(GTK_TABLE(table2), radioUsername2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_table_attach(GTK_TABLE(table2), radioUsername2, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioUsername2), radioUsername1_group);
radioUsername1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioUsername2));
chkUsernameLoop = gtk_check_button_new_with_mnemonic("Loop around users");
gtk_widget_set_name(chkUsernameLoop, "chkUsernameLoop");
gtk_widget_show(chkUsernameLoop);
gtk_table_attach(GTK_TABLE(table2), chkUsernameLoop, 0, 1, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table2), chkUsernameLoop, 0, 1, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkUsernameLoop, "Enable this option to loop around users not passwords", NULL);
chkDisUser = gtk_check_button_new_with_mnemonic("Protocol does not require usernames");
gtk_widget_set_name(chkDisUser, "chkDisUser");
gtk_widget_show(chkDisUser);
gtk_table_attach(GTK_TABLE (table2), chkDisUser, 1, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table2), chkDisUser, 1, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkDisUser, "Protocols like Cisco, Cisco enable, redis, Oracle listener, SNMP, S7-300, VNC etc. are not using usernames", NULL);
label8 = gtk_label_new("Username");
@ -488,7 +478,7 @@ GtkWidget *create_wndMain(void) {
gtk_widget_show(frmPass);
gtk_box_pack_start(GTK_BOX(vbox2), frmPass, TRUE, TRUE, 0);
table3 = gtk_table_new (3, 2, FALSE);
table3 = gtk_table_new(3, 2, FALSE);
gtk_widget_set_name(table3, "table3");
gtk_widget_show(table3);
gtk_container_add(GTK_CONTAINER(frmPass), table3);
@ -496,20 +486,20 @@ GtkWidget *create_wndMain(void) {
entPassFile = gtk_entry_new();
gtk_widget_set_name(entPassFile, "entPassFile");
gtk_widget_show(entPassFile);
gtk_table_attach(GTK_TABLE(table3), entPassFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_table_attach(GTK_TABLE(table3), entPassFile, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_tooltips_set_tip(tooltips, entPassFile, "File with passwords to try, one entry per line", NULL);
entPass = gtk_entry_new();
gtk_widget_set_name(entPass, "entPass");
gtk_widget_show(entPass);
gtk_table_attach(GTK_TABLE(table3), entPass, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_table_attach(GTK_TABLE(table3), entPass, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_tooltips_set_tip(tooltips, entPass, "The password to try", NULL);
gtk_entry_set_text(GTK_ENTRY(entPass), "yourpass");
radioPass1 = gtk_radio_button_new_with_mnemonic(NULL, "Password");
gtk_widget_set_name(radioPass1, "radioPass1");
gtk_widget_show(radioPass1);
gtk_table_attach(GTK_TABLE(table3), radioPass1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_table_attach(GTK_TABLE(table3), radioPass1, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass1), radioPass1_group);
radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass1));
gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioPass1), TRUE);
@ -517,26 +507,22 @@ GtkWidget *create_wndMain(void) {
radioPass2 = gtk_radio_button_new_with_mnemonic(NULL, "Password List");
gtk_widget_set_name(radioPass2, "radioPass2");
gtk_widget_show(radioPass2);
gtk_table_attach(GTK_TABLE(table3), radioPass2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_table_attach(GTK_TABLE(table3), radioPass2, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass2), radioPass1_group);
radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass2));
radioGenerate = gtk_radio_button_new_with_mnemonic (NULL, "Generate");
gtk_widget_set_name (radioGenerate, "radioGenerate");
gtk_widget_show (radioGenerate);
gtk_table_attach (GTK_TABLE (table3), radioGenerate, 0, 1, 2, 3,
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_radio_button_set_group (GTK_RADIO_BUTTON (radioGenerate), radioPass1_group);
radioPass1_group = gtk_radio_button_get_group (GTK_RADIO_BUTTON (radioGenerate));
radioGenerate = gtk_radio_button_new_with_mnemonic(NULL, "Generate");
gtk_widget_set_name(radioGenerate, "radioGenerate");
gtk_widget_show(radioGenerate);
gtk_table_attach(GTK_TABLE(table3), radioGenerate, 0, 1, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioGenerate), radioPass1_group);
radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioGenerate));
entGeneration = gtk_entry_new ();
gtk_widget_set_name (entGeneration, "entGeneration");
gtk_widget_show (entGeneration);
gtk_table_attach (GTK_TABLE (table3), entGeneration, 1, 2, 2, 3,
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_tooltips_set_tip (tooltips, entGeneration, "Generate passwords", NULL);
gtk_entry_set_text (GTK_ENTRY (entGeneration), "1:1:a");
entGeneration = gtk_entry_new();
gtk_widget_set_name(entGeneration, "entGeneration");
gtk_widget_show(entGeneration);
gtk_table_attach(GTK_TABLE(table3), entGeneration, 1, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0);
gtk_tooltips_set_tip(tooltips, entGeneration, "Generate passwords", NULL);
gtk_entry_set_text(GTK_ENTRY(entGeneration), "1:1:a");
labelpass = gtk_label_new("Password");
gtk_widget_set_name(labelpass, "labelpass");
@ -556,13 +542,13 @@ GtkWidget *create_wndMain(void) {
chkColon = gtk_check_button_new_with_mnemonic("Use Colon separated file");
gtk_widget_set_name(chkColon, "chkColon");
gtk_widget_show(chkColon);
gtk_table_attach(GTK_TABLE(table5), chkColon, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table5), chkColon, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkColon, "Enable this option to use a colon file for login/password attempts", NULL);
entColonFile = gtk_entry_new();
gtk_widget_set_name(entColonFile, "entColonFile");
gtk_widget_show(entColonFile);
gtk_table_attach(GTK_TABLE(table5), entColonFile, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table5), entColonFile, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, entColonFile, "The colon file to use, each line has to be structured like \"mylogin:mypass\"", NULL);
label20 = gtk_label_new("Colon separated file");
@ -578,21 +564,21 @@ GtkWidget *create_wndMain(void) {
chkPassLogin = gtk_check_button_new_with_mnemonic("Try login as password");
gtk_widget_set_name(chkPassLogin, "chkPassLogin");
gtk_widget_show(chkPassLogin);
gtk_table_attach(GTK_TABLE(table6), chkPassLogin, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table6), chkPassLogin, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkPassLogin, "Enable this option to try the login as password, in addition to the password/file", NULL);
chkPassNull = gtk_check_button_new_with_mnemonic("Try empty password");
gtk_widget_set_name(chkPassNull, "chkPassNull");
gtk_widget_show(chkPassNull);
gtk_table_attach(GTK_TABLE(table6), chkPassNull, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table6), chkPassNull, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkPassNull, "Enable this option to try an empty password, in addition to the password/file", NULL);
chkPassReverse = gtk_check_button_new_with_mnemonic ("Try reversed login");
gtk_widget_set_name (chkPassReverse, "chkPassReverse");
gtk_widget_show (chkPassReverse);
gtk_table_attach (GTK_TABLE (table6), chkPassReverse, 2, 3, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip (tooltips, chkPassReverse, "Enable this option to try an reverse password, in addition to the password/file", NULL);
chkPassReverse = gtk_check_button_new_with_mnemonic("Try reversed login");
gtk_widget_set_name(chkPassReverse, "chkPassReverse");
gtk_widget_show(chkPassReverse);
gtk_table_attach(GTK_TABLE(table6), chkPassReverse, 2, 3, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkPassReverse, "Enable this option to try an reverse password, in addition to the password/file", NULL);
label2 = gtk_label_new("Passwords");
gtk_widget_set_name(label2, "label2");
gtk_widget_show(label2);
@ -606,7 +592,7 @@ GtkWidget *create_wndMain(void) {
frame9 = gtk_frame_new(NULL);
gtk_widget_set_name(frame9, "frame9");
gtk_widget_show(frame9);
gtk_table_attach(GTK_TABLE(table4), frame9, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), 0, 0);
gtk_table_attach(GTK_TABLE(table4), frame9, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK | GTK_FILL), 0, 0);
table7 = gtk_table_new(5, 2, FALSE);
gtk_widget_set_name(table7, "table7");
@ -616,58 +602,58 @@ GtkWidget *create_wndMain(void) {
label22 = gtk_label_new("Proxy ");
gtk_widget_set_name(label22, "label22");
gtk_widget_show(label22);
gtk_table_attach(GTK_TABLE(table7), label22, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table7), label22, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_misc_set_alignment(GTK_MISC(label22), 0, 0.5);
entHTTPProxy = gtk_entry_new();
gtk_widget_set_name(entHTTPProxy, "entHTTPProxy");
gtk_widget_show(entHTTPProxy);
gtk_table_attach(GTK_TABLE(table7), entHTTPProxy, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table7), entHTTPProxy, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, entHTTPProxy, "The address of the proxy. Syntax: \"http://123.45.67.89:8080\"", NULL);
gtk_entry_set_text(GTK_ENTRY(entHTTPProxy), "http://127.0.0.1:8080");
chkProxyAuth = gtk_check_button_new_with_mnemonic("Proxy needs authentication");
gtk_widget_set_name(chkProxyAuth, "chkProxyAuth");
gtk_widget_show(chkProxyAuth);
gtk_table_attach(GTK_TABLE(table7), chkProxyAuth, 0, 1, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table7), chkProxyAuth, 0, 1, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkProxyAuth, "Enable this if the proxy requires authenticatio", NULL);
label23 = gtk_label_new("Username");
gtk_widget_set_name(label23, "label23");
gtk_widget_show(label23);
gtk_table_attach(GTK_TABLE(table7), label23, 0, 1, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table7), label23, 0, 1, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_misc_set_alignment(GTK_MISC(label23), 0, 0.5);
entProxyUser = gtk_entry_new();
gtk_widget_set_name(entProxyUser, "entProxyUser");
gtk_widget_show(entProxyUser);
gtk_table_attach(GTK_TABLE(table7), entProxyUser, 1, 2, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table7), entProxyUser, 1, 2, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, entProxyUser, "The user name for proxy authentication", NULL);
gtk_entry_set_text(GTK_ENTRY(entProxyUser), "yourname");
label24 = gtk_label_new("Password");
gtk_widget_set_name(label24, "label24");
gtk_widget_show(label24);
gtk_table_attach(GTK_TABLE(table7), label24, 0, 1, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table7), label24, 0, 1, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_misc_set_alignment(GTK_MISC(label24), 0, 0.5);
entProxyPass = gtk_entry_new();
gtk_widget_set_name(entProxyPass, "entProxyPass");
gtk_widget_show(entProxyPass);
gtk_table_attach(GTK_TABLE(table7), entProxyPass, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table7), entProxyPass, 1, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, entProxyPass, "The password for proxy authentication", NULL);
gtk_entry_set_text(GTK_ENTRY(entProxyPass), "yourpass");
label26 = gtk_label_new("");
gtk_widget_set_name(label26, "label26");
gtk_widget_show(label26);
gtk_table_attach(GTK_TABLE(table7), label26, 1, 2, 2, 3, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (0), 0, 0);
gtk_table_attach(GTK_TABLE(table7), label26, 1, 2, 2, 3, (GtkAttachOptions)(GTK_FILL), (GtkAttachOptions)(0), 0, 0);
gtk_misc_set_alignment(GTK_MISC(label26), 0, 0.5);
hbox3 = gtk_hbox_new(FALSE, 0);
gtk_widget_set_name(hbox3, "hbox3");
gtk_widget_show(hbox3);
gtk_table_attach(GTK_TABLE(table7), hbox3, 0, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), 0, 0);
gtk_table_attach(GTK_TABLE(table7), hbox3, 0, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions)(GTK_EXPAND | GTK_FILL), 0, 0);
radioProxy = gtk_radio_button_new_with_mnemonic(NULL, "No Proxy");
gtk_widget_set_name(radioProxy, "radioProxy");
@ -701,7 +687,7 @@ GtkWidget *create_wndMain(void) {
frame13 = gtk_frame_new(NULL);
gtk_widget_set_name(frame13, "frame13");
gtk_widget_show(frame13);
gtk_table_attach(GTK_TABLE(table4), frame13, 0, 1, 0, 1, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), 0, 0);
gtk_table_attach(GTK_TABLE(table4), frame13, 0, 1, 0, 1, (GtkAttachOptions)(GTK_FILL), (GtkAttachOptions)(GTK_EXPAND | GTK_FILL), 0, 0);
table10 = gtk_table_new(5, 2, FALSE);
gtk_widget_set_name(table10, "table10");
@ -711,50 +697,46 @@ GtkWidget *create_wndMain(void) {
chkExitf = gtk_check_button_new_with_mnemonic("Exit after first found pair (per host)");
gtk_widget_set_name(chkExitf, "chkExitf");
gtk_widget_show(chkExitf);
gtk_table_attach(GTK_TABLE(table10), chkExitf, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table10), chkExitf, 0, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkExitf, "Enable this to stop all attacking processes once a valid login/password pair is found (per host)", NULL);
spnTimeout_adj = gtk_adjustment_new(30, 0, 295, 1, 10, 0);
spnTimeout = gtk_spin_button_new(GTK_ADJUSTMENT(spnTimeout_adj), 1, 0);
gtk_widget_set_name(spnTimeout, "spnTimeout");
gtk_widget_show(spnTimeout);
gtk_table_attach(GTK_TABLE(table10), spnTimeout, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table10), spnTimeout, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, spnTimeout, "The maximum timeout an attack process is waiting for a response from the target", NULL);
spnTasks_adj = gtk_adjustment_new(16, 0, 128, 1, 10, 0);
spnTasks = gtk_spin_button_new(GTK_ADJUSTMENT(spnTasks_adj), 1, 0);
gtk_widget_set_name(spnTasks, "spnTasks");
gtk_widget_show(spnTasks);
gtk_table_attach(GTK_TABLE(table10), spnTasks, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table10), spnTasks, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, spnTasks, "The number of attack tasks to run in parallel. The more the faster, the most: computer lockup :-) 16-64 is a good choice", NULL);
label32 = gtk_label_new("Timeout");
gtk_widget_set_name(label32, "label32");
gtk_widget_show(label32);
gtk_table_attach(GTK_TABLE(table10), label32, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table10), label32, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_misc_set_alignment(GTK_MISC(label32), 0, 0.5);
label31 = gtk_label_new("Number of Tasks");
gtk_widget_set_name(label31, "label31");
gtk_widget_show(label31);
gtk_table_attach(GTK_TABLE(table10), label31, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_table_attach(GTK_TABLE(table10), label31, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_misc_set_alignment(GTK_MISC(label31), 0, 0.5);
chkExitF = gtk_check_button_new_with_mnemonic ("Exit after first found pair (global)");
gtk_widget_set_name (chkExitF, "chkExitF");
gtk_widget_show (chkExitF);
gtk_table_attach (GTK_TABLE (table10), chkExitF, 0, 2, 3, 4,
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
(GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip (tooltips, chkExitF, "Enable this to stop all attacking processes once a valid login/password pair is found (global)", NULL);
chkExitF = gtk_check_button_new_with_mnemonic("Exit after first found pair (global)");
gtk_widget_set_name(chkExitF, "chkExitF");
gtk_widget_show(chkExitF);
gtk_table_attach(GTK_TABLE(table10), chkExitF, 0, 2, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkExitF, "Enable this to stop all attacking processes once a valid login/password pair is found (global)", NULL);
chkNoErr = gtk_check_button_new_with_mnemonic ("Do not print messages about connection errors");
gtk_widget_set_name (chkNoErr, "chkNoErr");
gtk_widget_show (chkNoErr);
gtk_table_attach (GTK_TABLE (table10), chkNoErr, 0, 2, 4, 5,
(GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
(GtkAttachOptions) (GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip (tooltips, chkNoErr, "Do not print messages about connection errors", NULL);
chkNoErr = gtk_check_button_new_with_mnemonic("Do not print messages about connection errors");
gtk_widget_set_name(chkNoErr, "chkNoErr");
gtk_widget_show(chkNoErr);
gtk_table_attach(GTK_TABLE(table10), chkNoErr, 0, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
gtk_tooltips_set_tip(tooltips, chkNoErr, "Do not print messages about connection errors", NULL);
label30 = gtk_label_new("Performance Options");
gtk_widget_set_name(label30, "label30");
@ -1038,18 +1020,18 @@ GtkWidget *create_wndMain(void) {
gtk_widget_show(statusbar);
gtk_box_pack_start(GTK_BOX(vbox1), statusbar, FALSE, FALSE, 0);
g_signal_connect((gpointer) wndMain, "destroy", G_CALLBACK(on_wndMain_destroy), NULL);
g_signal_connect((gpointer) quit1, "button-press-event", G_CALLBACK(on_quit1_activate), NULL);
g_signal_connect((gpointer) entTargetFile, "button_press_event", G_CALLBACK(on_entTargetFile_button_press_event), NULL);
g_signal_connect((gpointer) entUsernameFile, "button_press_event", G_CALLBACK(on_entUsernameFile_button_press_event), NULL);
g_signal_connect((gpointer) chkDisUser, "toggled", G_CALLBACK (on_chkDisUser_toggled), NULL);
g_signal_connect((gpointer) entPassFile, "button_press_event", G_CALLBACK(on_entPassFile_button_press_event), NULL);
g_signal_connect((gpointer) chkColon, "toggled", G_CALLBACK(on_chkColon_toggled), NULL);
g_signal_connect((gpointer) entColonFile, "button_press_event", G_CALLBACK(on_entColonFile_button_press_event), NULL);
g_signal_connect((gpointer) btnStart, "clicked", G_CALLBACK(on_btnStart_clicked), NULL);
g_signal_connect((gpointer) btnStop, "clicked", G_CALLBACK(on_btnStop_clicked), NULL);
g_signal_connect((gpointer) btnSave, "clicked", G_CALLBACK(on_btnSave_clicked), NULL);
g_signal_connect((gpointer) btnClear, "clicked", G_CALLBACK(on_btnClear_clicked), NULL);
g_signal_connect((gpointer)wndMain, "destroy", G_CALLBACK(on_wndMain_destroy), NULL);
g_signal_connect((gpointer)quit1, "button-press-event", G_CALLBACK(on_quit1_activate), NULL);
g_signal_connect((gpointer)entTargetFile, "button_press_event", G_CALLBACK(on_entTargetFile_button_press_event), NULL);
g_signal_connect((gpointer)entUsernameFile, "button_press_event", G_CALLBACK(on_entUsernameFile_button_press_event), NULL);
g_signal_connect((gpointer)chkDisUser, "toggled", G_CALLBACK(on_chkDisUser_toggled), NULL);
g_signal_connect((gpointer)entPassFile, "button_press_event", G_CALLBACK(on_entPassFile_button_press_event), NULL);
g_signal_connect((gpointer)chkColon, "toggled", G_CALLBACK(on_chkColon_toggled), NULL);
g_signal_connect((gpointer)entColonFile, "button_press_event", G_CALLBACK(on_entColonFile_button_press_event), NULL);
g_signal_connect((gpointer)btnStart, "clicked", G_CALLBACK(on_btnStart_clicked), NULL);
g_signal_connect((gpointer)btnStop, "clicked", G_CALLBACK(on_btnStop_clicked), NULL);
g_signal_connect((gpointer)btnSave, "clicked", G_CALLBACK(on_btnSave_clicked), NULL);
g_signal_connect((gpointer)btnClear, "clicked", G_CALLBACK(on_btnClear_clicked), NULL);
/* Store pointers to all widgets, for use by lookup_widget(). */
GLADE_HOOKUP_OBJECT_NO_REF(wndMain, wndMain, "wndMain");
@ -1090,7 +1072,7 @@ GtkWidget *create_wndMain(void) {
GLADE_HOOKUP_OBJECT(wndMain, radioUsername1, "radioUsername1");
GLADE_HOOKUP_OBJECT(wndMain, chkUsernameLoop, "chkUsernameLoop");
GLADE_HOOKUP_OBJECT(wndMain, radioUsername2, "radioUsername2");
GLADE_HOOKUP_OBJECT (wndMain, chkDisUser, "chkDisUser");
GLADE_HOOKUP_OBJECT(wndMain, chkDisUser, "chkDisUser");
GLADE_HOOKUP_OBJECT(wndMain, label8, "label8");
GLADE_HOOKUP_OBJECT(wndMain, frmPass, "frmPass");
GLADE_HOOKUP_OBJECT(wndMain, table3, "table3");

11
hydra-gtk/src/main.c
View file

@ -8,17 +8,16 @@
#include <config.h>
#endif
#include <gtk/gtk.h>
#include <string.h>
#include "callbacks.h"
#include "interface.h"
#include "support.h"
#include "callbacks.h"
#include <gtk/gtk.h>
#include <string.h>
char *hydra_path1 = "./hydra";
char *hydra_path2 = "/usr/local/bin/hydra";
char *hydra_path3 = "/usr/bin/hydra";
int main(int argc, char *argv[]) {
extern GtkWidget *wndMain;
int i;
@ -60,7 +59,6 @@ int main(int argc, char *argv[]) {
wndMain = create_wndMain();
gtk_widget_show(wndMain);
/* if we can't use the new cool file chooser, the save button gets disabled */
#ifndef GTK_TYPE_FILE_CHOOSER
GtkWidget *btnSave;
@ -69,13 +67,12 @@ int main(int argc, char *argv[]) {
gtk_widget_set_sensitive(btnSave, FALSE);
#endif
/* update the statusbar every now and then */
g_timeout_add(600, update_statusbar, NULL);
/* we want bold text in the output window */
output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput");
outputbuf = gtk_text_view_get_buffer((GtkTextView *) output);
outputbuf = gtk_text_view_get_buffer((GtkTextView *)output);
gtk_text_buffer_create_tag(outputbuf, "bold", "weight", PANGO_WEIGHT_BOLD, NULL);
/* he ho, lets go! */

29
hydra-gtk/src/support.c
View file

@ -7,17 +7,17 @@
#include <config.h>
#endif
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <gtk/gtk.h>
#include "support.h"
GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) {
GtkWidget *lookup_widget(GtkWidget *widget, const gchar *widget_name) {
GtkWidget *parent, *found_widget;
for (;;) {
@ -26,13 +26,13 @@ GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) {
else
parent = widget->parent;
if (!parent)
parent = (GtkWidget *) g_object_get_data(G_OBJECT(widget), "GladeParentKey");
parent = (GtkWidget *)g_object_get_data(G_OBJECT(widget), "GladeParentKey");
if (parent == NULL)
break;
widget = parent;
}
found_widget = (GtkWidget *) g_object_get_data(G_OBJECT(widget), widget_name);
found_widget = (GtkWidget *)g_object_get_data(G_OBJECT(widget), widget_name);
if (!found_widget)
g_warning("Widget not found: %s", widget_name);
return found_widget;
@ -41,19 +41,16 @@ GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) {
static GList *pixmaps_directories = NULL;
/* Use this function to set the directory containing installed pixmaps. */
void add_pixmap_directory(const gchar * directory) {
pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory));
}
void add_pixmap_directory(const gchar *directory) { pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory)); }
/* This is an internally used function to find pixmap files. */
static gchar *find_pixmap_file(const gchar * filename) {
static gchar *find_pixmap_file(const gchar *filename) {
GList *elem;
/* We step through each of the pixmaps directory to find it. */
elem = pixmaps_directories;
while (elem) {
gchar *pathname = g_strdup_printf("%s%s%s", (gchar *) elem->data,
G_DIR_SEPARATOR_S, filename);
gchar *pathname = g_strdup_printf("%s%s%s", (gchar *)elem->data, G_DIR_SEPARATOR_S, filename);
if (g_file_test(pathname, G_FILE_TEST_EXISTS))
return pathname;
@ -64,7 +61,7 @@ static gchar *find_pixmap_file(const gchar * filename) {
}
/* This is an internally used function to create pixmaps. */
GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename) {
GtkWidget *create_pixmap(GtkWidget *widget, const gchar *filename) {
gchar *pathname = NULL;
GtkWidget *pixmap;
@ -84,7 +81,7 @@ GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename) {
}
/* This is an internally used function to create pixmaps. */
GdkPixbuf *create_pixbuf(const gchar * filename) {
GdkPixbuf *create_pixbuf(const gchar *filename) {
gchar *pathname = NULL;
GdkPixbuf *pixbuf;
GError *error = NULL;
@ -109,7 +106,7 @@ GdkPixbuf *create_pixbuf(const gchar * filename) {
}
/* This is used to set ATK action descriptions. */
void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description) {
void glade_set_atk_action_description(AtkAction *action, const gchar *action_name, const gchar *description) {
gint n_actions, i;
n_actions = atk_action_get_n_actions(action);

13
hydra-gtk/src/support.h
View file

@ -19,26 +19,23 @@
* or alternatively any widget in the component, and the name of the widget
* you want returned.
*/
GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name);
GtkWidget *lookup_widget(GtkWidget *widget, const gchar *widget_name);
/* Use this function to set the directory containing installed pixmaps. */
void add_pixmap_directory(const gchar * directory);
void add_pixmap_directory(const gchar *directory);
/*
* Private Functions.
*/
/* This is used to create the pixmaps used in the interface. */
GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename);
GtkWidget *create_pixmap(GtkWidget *widget, const gchar *filename);
/* This is used to create the pixbufs used in the interface. */
GdkPixbuf *create_pixbuf(const gchar * filename);
GdkPixbuf *create_pixbuf(const gchar *filename);
/* This is used to set ATK action descriptions. */
void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description);
void glade_set_atk_action_description(AtkAction *action, const gchar *action_name, const gchar *description);
GtkWidget *wndMain;
char *HYDRA_BIN;

329
hydra-http-form.c
View file

@ -45,7 +45,8 @@ rewritten by David Maciejak
Fix and issue with strtok use and implement 1 step location follow if HTTP
3xx code is returned (david dot maciejak at gmail dot com)
Added fail or success condition, getting cookies, and allow 5 redirections by david
Added fail or success condition, getting cookies, and allow 5 redirections by
david
*/
@ -80,15 +81,15 @@ char cookie[4096] = "", cmiscptr[1024];
int32_t webport, freemischttpform = 0;
char bufferurl[6096 + 24], cookieurl[6096 + 24] = "", userheader[6096 + 24] = "", *url, *variables, *optional1;
#define MAX_REDIRECT 8
#define MAX_CONTENT_LENGTH 20
#define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2
#define MAX_REDIRECT 8
#define MAX_CONTENT_LENGTH 20
#define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2
char redirected_url_buff[2048] = "";
int32_t redirected_flag = 0;
int32_t redirected_cpt = MAX_REDIRECT;
char *cookie_request = NULL, *normal_request = NULL; // Buffers for HTTP headers
char *cookie_request = NULL, *normal_request = NULL; // Buffers for HTTP headers
/*
* Function to perform some initial setup.
@ -98,7 +99,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr);
/*
* Returns 1 if specified header exists, or 0 otherwise.
*/
ptr_header_node header_exists(ptr_header_node * ptr_head, char *header_name, char type) {
ptr_header_node header_exists(ptr_header_node *ptr_head, char *header_name, char type) {
ptr_header_node cur_ptr = *ptr_head, found_header = NULL;
for (cur_ptr = *ptr_head; cur_ptr && !found_header; cur_ptr = cur_ptr->next)
@ -118,7 +119,7 @@ char *strndup(const char *s, size_t n) {
if (n < len)
len = n;
result = (char *) malloc(len + 1);
result = (char *)malloc(len + 1);
if (!result)
return 0;
@ -128,8 +129,8 @@ char *strndup(const char *s, size_t n) {
}
#endif
int32_t append_cookie(char *name, char *value, ptr_cookie_node * last_cookie) {
ptr_cookie_node new_ptr = (ptr_cookie_node) malloc(sizeof(t_cookie_node));
int32_t append_cookie(char *name, char *value, ptr_cookie_node *last_cookie) {
ptr_cookie_node new_ptr = (ptr_cookie_node)malloc(sizeof(t_cookie_node));
if (!new_ptr)
return 0;
@ -149,13 +150,13 @@ int32_t append_cookie(char *name, char *value, ptr_cookie_node * last_cookie) {
char *stringify_cookies(ptr_cookie_node ptr_cookie) {
ptr_cookie_node cur_ptr = NULL;
uint32_t length = 1;
char *cookie_hdr = (char *) malloc(length);
char *cookie_hdr = (char *)malloc(length);
if (cookie_hdr) {
memset(cookie_hdr, 0, length);
for (cur_ptr = ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) {
length += 2 + strlen(cur_ptr->name) + strlen(cur_ptr->value);
cookie_hdr = (char *) realloc(cookie_hdr, length);
cookie_hdr = (char *)realloc(cookie_hdr, length);
if (cookie_hdr) {
strcat(cookie_hdr, cur_ptr->name);
strcat(cookie_hdr, "=");
@ -187,7 +188,7 @@ success:
* +--------+
* Returns 1 if success, or 0 otherwise.
*/
int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char *cookie_expr) {
int32_t add_or_update_cookie(ptr_cookie_node *ptr_cookie, char *cookie_expr) {
ptr_cookie_node cur_ptr = NULL;
char *cookie_name = NULL, *cookie_value = strstr(cookie_expr, "=");
@ -195,7 +196,8 @@ int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char *cookie_expr) {
cookie_name = strndup(cookie_expr, cookie_value - cookie_expr);
cookie_value = strdup(cookie_value + 1);
// we've got the cookie's name and value, now it's time to insert or update the list
// we've got the cookie's name and value, now it's time to insert or update
// the list
if (*ptr_cookie == NULL) {
// no cookies
append_cookie(cookie_name, cookie_value, ptr_cookie);
@ -203,7 +205,7 @@ int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char *cookie_expr) {
for (cur_ptr = *ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) {
if (strcmp(cur_ptr->name, cookie_name) == 0) {
free(cur_ptr->value); // free old value
free(cookie_name); // we already have it
free(cookie_name); // we already have it
cur_ptr->value = cookie_value;
break;
}
@ -218,7 +220,7 @@ int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char *cookie_expr) {
return 1;
}
int32_t process_cookies(ptr_cookie_node * ptr_cookie, char *cookie_expr) {
int32_t process_cookies(ptr_cookie_node *ptr_cookie, char *cookie_expr) {
char *tok = NULL;
char *expr = strdup(cookie_expr);
int32_t res = 0;
@ -252,32 +254,29 @@ int32_t process_cookies(ptr_cookie_node * ptr_cookie, char *cookie_expr) {
*
* Returns 1 if success, or 0 otherwise (out of memory).
*/
int32_t add_header(ptr_header_node * ptr_head, char *header, char *value, char type) {
int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char type) {
ptr_header_node cur_ptr = NULL;
ptr_header_node existing_hdr, new_ptr;
// get to the last header
for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next);
for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next)
;
char *new_header = strdup(header);
char *new_value = strdup(value);
if (new_header && new_value) {
if ((type == HEADER_TYPE_USERHEADER) ||
(type == HEADER_TYPE_DEFAULT && !header_exists(ptr_head, new_header, HEADER_TYPE_USERHEADER_REPL)) ||
(type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) ||
(type == HEADER_TYPE_DEFAULT_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))
) {
if ((type == HEADER_TYPE_USERHEADER) || (type == HEADER_TYPE_DEFAULT && !header_exists(ptr_head, new_header, HEADER_TYPE_USERHEADER_REPL)) || (type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) || (type == HEADER_TYPE_DEFAULT_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))) {
/*
* We are in one of the following scenarios:
* 1. A default header with no user-supplied headers that replace it.
* 2. A user-supplied header that must be appended (option 'h').
* 3. A user-supplied header that must replace a default header (option 'h'),
* but no default headers exist with that name.
* 3. A user-supplied header that must replace a default header
* (option 'h'), but no default headers exist with that name.
*
* In either case we just add the header to the list.
*/
new_ptr = (ptr_header_node) malloc(sizeof(t_header_node));
new_ptr = (ptr_header_node)malloc(sizeof(t_header_node));
if (!new_ptr) {
free(new_header);
free(new_value);
@ -321,7 +320,7 @@ void hdrrep(ptr_header_node *ptr_head, char *oldvalue, char *newvalue) {
for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) {
if ((cur_ptr->type == HEADER_TYPE_USERHEADER || cur_ptr->type == HEADER_TYPE_USERHEADER_REPL) && strstr(cur_ptr->value, oldvalue)) {
cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(newvalue) + 1);
cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(newvalue) + 1);
if (cur_ptr->value)
strcpy(cur_ptr->value, newvalue);
else {
@ -340,7 +339,7 @@ void hdrrepv(ptr_header_node *ptr_head, char *hdrname, char *new_value) {
for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) {
if ((cur_ptr->type == HEADER_TYPE_DEFAULT) && strcmp(cur_ptr->header, hdrname) == 0) {
cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(new_value) + 1);
cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(new_value) + 1);
if (cur_ptr->value)
strcpy(cur_ptr->value, new_value);
else {
@ -351,7 +350,7 @@ void hdrrepv(ptr_header_node *ptr_head, char *hdrname, char *new_value) {
}
}
void cleanup(ptr_header_node * ptr_head) {
void cleanup(ptr_header_node *ptr_head) {
ptr_header_node cur_ptr = *ptr_head, next_ptr = cur_ptr;
while (next_ptr != NULL) {
@ -375,7 +374,7 @@ char *stringify_headers(ptr_header_node *ptr_head) {
for (; cur_ptr; cur_ptr = cur_ptr->next)
ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 4;
headers_str = (char *) malloc(ttl_size + 1);
headers_str = (char *)malloc(ttl_size + 1);
if (headers_str) {
memset(headers_str, 0, ttl_size + 1);
@ -402,8 +401,8 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
*/
while (*miscptr != 0) {
switch (miscptr[0]) {
case 'a': // fall through
case 'A': // only for http, not http-form!
case 'a': // fall through
case 'A': // only for http, not http-form!
ptr = miscptr + 2;
if (strncasecmp(ptr, "NTLM", 4) == 0)
@ -425,7 +424,7 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
miscptr = ptr;
break;
case 'c': // fall through
case 'c': // fall through
case 'C':
ptr = miscptr + 2;
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
@ -510,7 +509,7 @@ char *prepare_http_request(char *type, char *path, char *params, char *headers)
if (params)
reqlen += strlen(params);
http_request = (char *) malloc(reqlen);
http_request = (char *)malloc(reqlen);
if (http_request) {
memset(http_request, 0, reqlen);
@ -571,7 +570,6 @@ char *html_encode(char *string) {
return ret;
}
/*
int32_t analyze_server_response(int32_t socket)
return 0 or 1 when the cond regex is matched
@ -584,7 +582,7 @@ int32_t analyze_server_response(int32_t s) {
auth_flag = 0;
while ((buf = hydra_receive_line(s)) != NULL) {
runs++;
//check for http redirection
// check for http redirection
if (strstr(buf, "HTTP/1.1 3") != NULL || strstr(buf, "HTTP/1.0 3") != NULL || strstr(buf, "Status: 3") != NULL) {
redirected_flag = 1;
} else if (strstr(buf, "HTTP/1.1 401") != NULL || strstr(buf, "HTTP/1.0 401") != NULL) {
@ -608,7 +606,7 @@ int32_t analyze_server_response(int32_t s) {
*endloc = 0;
strcpy(redirected_url_buff, str);
}
//there can be multiple cookies
// there can be multiple cookies
if (hydra_strcasestr(buf, "Set-Cookie: ") != NULL) {
char *cookiebuf = buf;
@ -622,7 +620,7 @@ int32_t analyze_server_response(int32_t s) {
str[sizeof(str) - 1] = 0;
endcookie1 = strchr(str, '\n');
endcookie2 = strchr(str, ';');
//terminate string after cookie data
// terminate string after cookie data
if (endcookie1 != NULL && ((endcookie1 < endcookie2) || (endcookie2 == NULL))) {
if (*(endcookie1 - 1) == '\r')
endcookie1--;
@ -635,27 +633,33 @@ int32_t analyze_server_response(int32_t s) {
tmpname[sizeof(tmpname) - 2] = 0;
ptr = index(tmpname, '=');
*(++ptr) = 0;
// is the cookie already in the cookiejar? (so, does it have to be replaced?)
// is the cookie already in the cookiejar? (so, does it have to be
// replaced?)
if ((ptr = hydra_strcasestr(cookie, tmpname)) != NULL) {
// yes it is.
// if the cookie is not in the beginning of the cookiejar, copy the ones before
// if the cookie is not in the beginning of the cookiejar, copy the
// ones before
if (ptr != cookie && *(ptr - 1) == ' ') {
strncpy(tmpcookie, cookie, ptr - cookie - 2);
tmpcookie[ptr - cookie - 2] = 0;
}
ptr += strlen(tmpname);
// if there are any cookies after this one in the cookiejar, copy them over
// if there are any cookies after this one in the cookiejar, copy
// them over
if ((ptr2 = strstr(ptr, "; ")) != NULL) {
ptr2 += 2;
strncat(tmpcookie, ptr2, sizeof(tmpcookie) - strlen(tmpcookie) - 1);
}
if (debug)
printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: %s\n", tmpname, cookie, tmpcookie);
printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: "
"%s\n",
tmpname, cookie, tmpcookie);
strcpy(cookie, tmpcookie);
}
}
ptr = index(str, '=');
// only copy the cookie if it has a value (otherwise the server wants to delete the cookie)
// only copy the cookie if it has a value (otherwise the server wants to
// delete the cookie)
if (ptr != NULL && *(ptr + 1) != ';' && *(ptr + 1) != 0 && *(ptr + 1) != '\n' && *(ptr + 1) != '\r') {
if (strlen(cookie) > 0)
strncat(cookie, "; ", sizeof(cookie) - strlen(cookie) - 1);
@ -670,10 +674,10 @@ int32_t analyze_server_response(int32_t s) {
if (strstr(buf, cond) != NULL) {
#endif
free(buf);
// printf("DEBUG: STRING %s FOUND!!:\n%s\n", cond, buf);
// printf("DEBUG: STRING %s FOUND!!:\n%s\n", cond, buf);
return 1;
}
// else printf("DEBUG: STRING %s NOT FOUND:\n%s\n", cond, buf);
// else printf("DEBUG: STRING %s NOT FOUND:\n%s\n", cond, buf);
free(buf);
}
if (runs == 0) {
@ -694,8 +698,7 @@ void hydra_reconnect(int32_t s, char *ip, int32_t port, unsigned char options, c
}
}
int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char *type, ptr_header_node ptr_head,
ptr_cookie_node ptr_cookie) {
int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) {
char *empty = "";
char *login, *pass, clogin[256], cpass[256], b64login[345], b64pass[345];
char header[8096], *upd3variables;
@ -705,7 +708,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH];
memset(header, 0, sizeof(header));
cookie[0] = 0; // reset cookies from potential previous attempt
cookie[0] = 0; // reset cookies from potential previous attempt
if (use_proxy > 0 && proxy_count > 0)
selected_proxy = random() % proxy_count;
@ -716,9 +719,9 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
strcpy(b64login, login);
hydra_tobase64((unsigned char *) b64login, strlen(b64login), sizeof(b64login));
hydra_tobase64((unsigned char *)b64login, strlen(b64login), sizeof(b64login));
strcpy(b64pass, pass);
hydra_tobase64((unsigned char *) b64pass, strlen(b64pass), sizeof(b64pass));
hydra_tobase64((unsigned char *)b64pass, strlen(b64pass), sizeof(b64pass));
strncpy(clogin, html_encode(login), sizeof(clogin) - 1);
clogin[sizeof(clogin) - 1] = 0;
strncpy(cpass, html_encode(pass), sizeof(cpass) - 1);
@ -744,7 +747,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request);
if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1;
i = analyze_server_response(s); // ignore result
i = analyze_server_response(s); // ignore result
if (strlen(cookie) > 0)
process_cookies(&ptr_cookie, cookie);
hydra_reconnect(s, ip, port, options, hostname);
@ -753,7 +756,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
if (strcmp(type, "POST") == 0) {
memset(proxy_string, 0, sizeof(proxy_string));
snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url);
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables));
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables));
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", content_length);
else
@ -798,7 +801,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
if (use_proxy == 1) {
// proxy without authentication
if (getcookie) {
//doing a GET to get cookies
// doing a GET to get cookies
memset(proxy_string, 0, sizeof(proxy_string));
snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl);
if (http_request != NULL)
@ -815,7 +818,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
if (strcmp(type, "POST") == 0) {
memset(proxy_string, 0, sizeof(proxy_string));
snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url);
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables));
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables));
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", content_length);
else
@ -829,8 +832,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT);
else
hdrrepv(&ptr_head, "Cookie", cookie_header);
if (normal_request != NULL)
free(normal_request);
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head);
if (http_request != NULL)
free(http_request);
@ -847,8 +850,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT);
else
hdrrepv(&ptr_head, "Cookie", cookie_header);
if (normal_request != NULL)
free(normal_request);
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head);
if (http_request != NULL)
free(http_request);
@ -860,7 +863,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
// direct web server, no proxy
normal_request = NULL;
if (getcookie) {
//doing a GET to save cookies
// doing a GET to save cookies
if (http_request != NULL)
free(http_request);
http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request);
@ -868,7 +871,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
return 1;
i = analyze_server_response(s); // ignore result
if (strlen(cookie) > 0) {
//printf("[DEBUG] Got cookie: %s\n", cookie);
// printf("[DEBUG] Got cookie: %s\n", cookie);
process_cookies(&ptr_cookie, cookie);
if (normal_request != NULL)
free(normal_request);
@ -878,7 +881,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
}
// now prepare for the "real" request
if (strcmp(type, "POST") == 0) {
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables));
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables));
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", content_length);
else
@ -927,8 +930,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
found = analyze_server_response(s);
if (auth_flag) { // we received a 401 error - user is using wrong module
hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP error code 401. Use module \"http%s-get\" instead.\n",
if (auth_flag) { // we received a 401 error - user is using wrong module
hydra_report(stderr,
"[ERROR] the target is using HTTP auth, not a web form, received HTTP "
"error code 401. Use module \"http%s-get\" instead.\n",
(options & OPTION_SSL) > 0 ? "s" : "");
return 4;
}
@ -936,13 +941,13 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
if (strlen(cookie) > 0)
process_cookies(&ptr_cookie, cookie);
//if page was redirected, follow the location header
// if page was redirected, follow the location header
redirected_cpt = MAX_REDIRECT;
if (debug)
printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff);
while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) {
//we have to split the location
// we have to split the location
char *startloc, *endloc;
char str[2048];
char str2[2048];
@ -950,7 +955,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
redirected_cpt--;
redirected_flag = 0;
//check if the redirect page contains the fail/success condition
// check if the redirect page contains the fail/success condition
#ifdef HAVE_PCRE
if (hydra_string_match(redirected_url_buff, cond) == 1) {
#else
@ -958,8 +963,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
#endif
found = success_cond;
} else {
//location could be either absolute http(s):// or / something
//or relative
// location could be either absolute http(s):// or / something
// or relative
startloc = strstr(redirected_url_buff, "://");
if (startloc != NULL) {
startloc += strlen("://");
@ -988,8 +993,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
} else {
strncpy(str2, webtarget, sizeof(str2));
if (redirected_url_buff[0] != '/') {
//it's a relative path, so we have to concatenate it
//with the path from the first url given
// it's a relative path, so we have to concatenate it
// with the path from the first url given
char *urlpath;
char urlpath_extracted[2048];
@ -1030,11 +1035,11 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
free(cookie_header);
cookie_header = stringify_cookies(ptr_cookie);
if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT);
add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT);
else
hdrrepv(&ptr_head, "Cookie", cookie_header);
hdrrepv(&ptr_head, "Cookie", cookie_header);
//re-use the code above to check for proxy use
// re-use the code above to check for proxy use
if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) {
// proxy with authentication
hdrrepv(&ptr_head, "Host", str2);
@ -1052,14 +1057,14 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
hdrrepv(&ptr_head, "Host", str2);
memset(proxy_string, 0, sizeof(proxy_string));
snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3);
if (normal_request != NULL)
free(normal_request);
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head);
if (http_request != NULL)
free(http_request);
http_request = prepare_http_request("GET", proxy_string, NULL, normal_request);
} else {
//direct web server, no proxy
// direct web server, no proxy
hdrrepv(&ptr_head, "Host", str2);
if (normal_request != NULL)
free(normal_request);
@ -1081,7 +1086,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
}
}
//if the last status is still 3xx, set it as a false
// if the last status is still 3xx, set it as a false
if (found != -1 && found == success_cond && (redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) {
hydra_report_found_host(port, ip, "www-form", fp);
hydra_completed_pair_found();
@ -1092,8 +1097,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
return 1;
}
void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char *type, ptr_header_node * ptr_head,
ptr_cookie_node * ptr_cookie) {
void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char *type, ptr_header_node *ptr_head, ptr_cookie_node *ptr_cookie) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL;
@ -1118,35 +1122,35 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt
}
}
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t) getpid());
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(1);
}
next_run = 2;
break;
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
case 2: /* run the cracking function */
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t)getpid());
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_http_form(sock, ip, port, options, miscptr, fp, hostname, type, *ptr_head, *ptr_cookie);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (freemischttpform)
@ -1154,7 +1158,7 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt
freemischttpform = 0;
hydra_child_exit(0);
break;
case 4: /* silent error exit */
case 4: /* silent error exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (freemischttpform)
@ -1175,7 +1179,7 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt
free(miscptr);
}
void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
ptr_cookie_node ptr_cookie = NULL;
ptr_header_node ptr_head = initialize(ip, options, miscptr);
@ -1187,7 +1191,7 @@ void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *mi
}
}
void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
ptr_cookie_node ptr_cookie = NULL;
ptr_header_node ptr_head = initialize(ip, options, miscptr);
@ -1199,7 +1203,7 @@ void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *m
}
}
int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -1222,14 +1226,14 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) {
webtarget += strlen("://");
if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */
if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */
*ptr2 = 0;
ptr2++;
ptr = ptr2;
if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL)
miscptr = ptr;
else
miscptr = slash; /* to make things easier to user */
miscptr = slash; /* to make things easier to user */
} else if ((ptr2 = index(webtarget, '/')) != NULL) {
if (freemischttpform == 0) {
if ((miscptr = malloc(strlen(ptr2) + 1)) != NULL) {
@ -1268,18 +1272,17 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
if (*ptr != 0)
*ptr++ = 0;
if ((ptr2 = rindex(ptr, ':')) != NULL) {
cond = ptr2 + 1;
*ptr2 = 0;
} else
cond = ptr;
/*
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
ptr++;
if (*ptr != 0)
*ptr++ = 0;
*/
/*
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
ptr++;
if (*ptr != 0)
*ptr++ = 0;
*/
if (ptr == cond)
optional1 = NULL;
else
@ -1304,9 +1307,11 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
}
}
//printf("ptr: %s ptr2: %s cond: %s url: %s variables: %s optional1: %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" : optional1);
// printf("ptr: %s ptr2: %s cond: %s url: %s variables: %s optional1:
// %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" :
// optional1);
if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ )
if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */)
hydra_child_exit(2);
if (*cond == 0) {
@ -1316,7 +1321,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
sprintf(cookieurl, "%.1000s", url);
//conditions now have to contain F or S to set the fail or success condition
// conditions now have to contain F or S to set the fail or success condition
if (*cond != 0 && (strpos(cond, "F=") == 0)) {
success_cond = 0;
cond += 2;
@ -1324,11 +1329,12 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
success_cond = 1;
cond += 2;
} else {
//by default condition is a fail
// by default condition is a fail
success_cond = 0;
}
//printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond);
// printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s
// (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond);
/*
* Parse the user-supplied options.
@ -1342,7 +1348,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
// proxy with authentication
add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT);
add_header(&ptr_head, "User-Agent", "Mozilla 5.0 (Hydra Proxy Auth)", HEADER_TYPE_DEFAULT);
proxy_string = (char *) malloc(strlen(proxy_authentication[selected_proxy]) + 10);
proxy_string = (char *)malloc(strlen(proxy_authentication[selected_proxy]) + 10);
if (proxy_string) {
strcpy(proxy_string, "Basic ");
strcat(proxy_string, proxy_authentication[selected_proxy]);
@ -1352,13 +1358,13 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
return NULL;
}
if (getcookie) {
//doing a GET to save cookies
// doing a GET to save cookies
if (cookie_request != NULL)
free(cookie_request);
cookie_request = stringify_headers(&ptr_head);
}
if (normal_request != NULL)
free(normal_request);
free(normal_request);
normal_request = stringify_headers(&ptr_head);
} else {
if (use_proxy == 1) {
@ -1366,7 +1372,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT);
add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra Proxy)", HEADER_TYPE_DEFAULT);
if (getcookie) {
//doing a GET to get cookies
// doing a GET to get cookies
if (cookie_request != NULL)
free(cookie_request);
cookie_request = stringify_headers(&ptr_head);
@ -1380,7 +1386,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra)", HEADER_TYPE_DEFAULT);
if (getcookie) {
//doing a GET to save cookies
// doing a GET to save cookies
if (cookie_request != NULL)
free(cookie_request);
cookie_request = stringify_headers(&ptr_head);
@ -1396,37 +1402,62 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
void usage_http_form(const char *service) {
printf("Module %s requires the page and the parameters for the web form.\n\n"
"By default this module is configured to follow a maximum of 5 redirections in\n"
"a row. It always gathers a new cookie from the same URL without variables\n"
"The parameters take three \":\" separated values, plus optional values.\n"
"(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n"
"\nSyntax: <url>:<form parameters>:<condition string>[:<optional>[:<optional>]\n"
"By default this module is configured to follow a maximum of 5 "
"redirections in\n"
"a row. It always gathers a new cookie from the same URL without "
"variables\n"
"The parameters take three \":\" separated values, plus optional "
"values.\n"
"(Note: if you need a colon in the option string as value, escape it "
"with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n"
"\nSyntax: <url>:<form parameters>:<condition "
"string>[:<optional>[:<optional>]\n"
"First is the page on the server to GET or POST to (URL).\n"
"Second is the POST/GET variables (taken from either the browser, proxy, etc.\n"
" with url-encoded (resp. base64-encoded) usernames and passwords being replaced in the\n"
" \"^USER^\" (resp. \"^USER64^\") and \"^PASS^\" (resp. \"^PASS64^\") placeholders (FORM PARAMETERS)\n"
"Second is the POST/GET variables (taken from either the browser, proxy, "
"etc.\n"
" with url-encoded (resp. base64-encoded) usernames and passwords being "
"replaced in the\n"
" \"^USER^\" (resp. \"^USER64^\") and \"^PASS^\" (resp. \"^PASS64^\") "
"placeholders (FORM PARAMETERS)\n"
"Third is the string that it checks for an *invalid* login (by default)\n"
" Invalid condition login check can be preceded by \"F=\", successful condition\n"
" Invalid condition login check can be preceded by \"F=\", successful "
"condition\n"
" login check must be preceded by \"S=\".\n"
" This is where most people get it wrong. You have to check the webapp what a\n"
" This is where most people get it wrong. You have to check the webapp "
"what a\n"
" failed string looks like and put it in this parameter!\n"
"The following parameters are optional:\n"
" (c|C)=/page/uri to define a different page to gather initial cookies from\n"
" (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n"
" ^USER[64]^ and ^PASS[64]^ can also be put into these headers!\n"
" (c|C)=/page/uri to define a different page to gather initial "
"cookies from\n"
" (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each "
"request\n"
" ^USER[64]^ and ^PASS[64]^ can also be put into these "
"headers!\n"
" Note: 'h' will add the user-defined header at the end\n"
" regardless it's already being sent by Hydra or not.\n"
" 'H' will replace the value of that header if it exists, by the\n"
" one supplied by the user, or add the header at the end\n"
"Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n"
" All colons that are not option separators should be escaped (see the examples above and below).\n"
" You can specify a header without escaping the colons, but that way you will not be able to put colons\n"
" in the header value itself, as they will be interpreted by hydra as option separators.\n"
" 'H' will replace the value of that header if it "
"exists, by the\n"
" one supplied by the user, or add the header at the "
"end\n"
"Note that if you are going to put colons (:) in your headers you should "
"escape them with a backslash (\\).\n"
" All colons that are not option separators should be escaped (see the "
"examples above and below).\n"
" You can specify a header without escaping the colons, but that way you "
"will not be able to put colons\n"
" in the header value itself, as they will be interpreted by hydra as "
"option separators.\n"
"\nExamples:\n"
" \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n"
" \"/login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=authlog=.*success\"\n"
" \"/"
"login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=authlog=.*"
"success\"\n"
" \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n"
" \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n"
" \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F<target>%%2Fexchange&flags=0&username=<domain>%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n",
" \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic "
"dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n"
" \"/exchweb/bin/auth/"
"owaauth.dll:destination=http%%3A%%2F%%2F<target>%%2Fexchange&flags=0&"
"username=<domain>%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:"
"reason=:C=/exchweb\"\n",
service);
}

130
hydra-http-proxy-urlenum.c
View file

@ -5,11 +5,11 @@ extern char *HYDRA_EXIT;
char *buf;
static int32_t http_proxy_auth_mechanism = AUTH_ERROR;
int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname) {
int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500], mlogin[260], mpass[260], mhost[260];
char url[260], host[30];
char *header = ""; /* XXX TODO */
char *header = ""; /* XXX TODO */
char *ptr;
int32_t auth = 0;
@ -19,7 +19,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
return 1;
}
pass = hydra_get_next_password();
pass = empty; // ignored
pass = empty; // ignored
strncpy(url, login, sizeof(url) - 1);
url[sizeof(url) - 1] = 0;
@ -46,12 +46,12 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
}
if (http_proxy_auth_mechanism == AUTH_ERROR) {
//send dummy request
// send dummy request
sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, mhost, header);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive first 40x
// receive first 40x
buf = hydra_receive_line(s);
while (buf != NULL && strstr(buf, "HTTP/") == NULL) {
free(buf);
@ -61,7 +61,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
if (debug)
hydra_report(stderr, "S:%s\n", buf);
//after the first query we should have been disconnected from web server
// after the first query we should have been disconnected from web server
s = hydra_disconnect(s);
if ((options & OPTION_SSL) == 0) {
s = hydra_connect_tcp(ip, port);
@ -74,8 +74,11 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
if (hydra_strcasestr(buf, "Proxy-Authenticate: Basic") != NULL) {
http_proxy_auth_mechanism = AUTH_BASIC;
sprintf(buffer2, "%.50s:%.50s", login, pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer,
"GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic "
"%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
url, host, buffer2, header);
if (debug)
hydra_report(stderr, "C:%s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
@ -87,8 +90,8 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
buf = hydra_receive_line(s);
}
//if server cut the connection, just exit cleanly or
//this will be an infinite loop
// if server cut the connection, just exit cleanly or
// this will be an infinite loop
if (buf == NULL) {
if (verbose)
hydra_report(stderr, "[ERROR] Server did not answer\n");
@ -104,19 +107,23 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
char *pos = NULL;
http_proxy_auth_mechanism = AUTH_NTLM;
//send auth and receive challenge
//send auth request: let the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2));
// send auth and receive challenge
// send auth request: let the server send it's own hostname and
// domainname
buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2));
/* to be portable, no snprintf, buffer is big enough so it can't overflow */
//send the first..
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1,
header);
/* to be portable, no snprintf, buffer is big enough so it can't
* overflow */
// send the first..
sprintf(buffer,
"GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: "
"Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n",
url, host, buf1, header);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive challenge
// receive challenge
free(buf);
buf = hydra_receive_line(s);
while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) {
@ -134,17 +141,19 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
pos[str - pos] = 0;
}
}
//recover challenge
// recover challenge
if (buf != NULL) {
if (strlen(buf) >= 4)
from64tobits((char *) buf1, pos);
from64tobits((char *)buf1, pos);
free(buf);
}
//Send response
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1,
header);
// Send response
buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
sprintf(buffer,
"GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: "
"Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n",
url, host, buf1, header);
if (debug)
hydra_report(stderr, "C:%s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
@ -206,7 +215,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
}
}
// result analysis
ptr = ((char *) index(buf, ' ')) + 1;
ptr = ((char *)index(buf, ' ')) + 1;
if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) {
hydra_report_found_host(port, ip, "http-proxy", fp);
if (fp != stdout)
@ -214,7 +223,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string_beautiful(ip), url);
hydra_completed_pair_found();
} else {
if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */ ) {
if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */) {
hydra_report(stderr, "[ERROR] Proxy reports bad credentials!\n");
return 3;
}
@ -228,7 +237,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
return 1;
}
void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL;
@ -239,33 +248,34 @@ void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, cha
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
case 2: /* run the cracking function */
if (sock < 0) {
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_http_proxy_urlenum(sock, ip, port, options, miscptr, fp, hostname);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -278,13 +288,13 @@ void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, cha
}
}
int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -292,9 +302,13 @@ int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char opti
return 0;
}
void usage_http_proxy_urlenum(const char* service) {
printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n"
void usage_http_proxy_urlenum(const char *service) {
printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P "
"option.\n"
"The -L loginfile must contain the URL list to try through the proxy.\n"
"The proxy credentials cann be put as the optional parameter, e.g.\n"
" hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n");
" hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum "
"user:pass\n"
" hydra -L urllist.txt "
"http-proxy-urlenum://target.com:3128/user:pass\n\n");
}

135
hydra-http-proxy.c
View file

@ -5,11 +5,11 @@ extern char *HYDRA_EXIT;
static int32_t http_proxy_auth_mechanism = AUTH_ERROR;
char *http_proxy_buf = NULL;
int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname) {
int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500];
char url[210], host[60];
char *header = ""; /* XXX TODO */
char *header = ""; /* XXX TODO */
char *ptr, *fooptr;
if (strlen(login = hydra_get_next_login()) == 0)
@ -22,7 +22,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
strcpy(host, "Host: www.microsoft.com\r\n");
} else {
sprintf(url, "%.200s", miscptr);
ptr = strstr(miscptr, "://"); // :// check is in hydra.c
ptr = strstr(miscptr, "://"); // :// check is in hydra.c
sprintf(host, "Host: %.50s", ptr + 3);
if ((ptr = index(host, '/')) != NULL)
*ptr = 0;
@ -32,12 +32,12 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
}
if (http_proxy_auth_mechanism != AUTH_BASIC && (http_proxy_auth_mechanism == AUTH_ERROR || http_proxy_buf == NULL)) {
//send dummy request
// send dummy request
sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, header);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 3;
//receive first 40x
// receive first 40x
http_proxy_buf = hydra_receive_line(s);
while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/") == NULL) {
free(http_proxy_buf);
@ -69,7 +69,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
if (debug)
hydra_report(stderr, "S:%s\n", http_proxy_buf);
//after the first query we should have been disconnected from web server
// after the first query we should have been disconnected from web server
s = hydra_disconnect(s);
if ((options & OPTION_SSL) == 0) {
s = hydra_connect_tcp(ip, port);
@ -81,8 +81,11 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Basic") != NULL) {
http_proxy_auth_mechanism = AUTH_BASIC;
sprintf(buffer2, "%.50s:%.50s", login, pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer,
"GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: "
"Mozilla/4.0 (Hydra)\r\n%s\r\n",
url, host, buffer2, header);
if (debug)
hydra_report(stderr, "C:%s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
@ -94,8 +97,8 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
http_proxy_buf = hydra_receive_line(s);
}
//if server cut the connection, just exit cleanly or
//this will be an infinite loop
// if server cut the connection, just exit cleanly or
// this will be an infinite loop
if (http_proxy_buf == NULL) {
if (verbose)
hydra_report(stderr, "[ERROR] Server did not answer\n");
@ -106,24 +109,27 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
hydra_report(stderr, "S:%s\n", http_proxy_buf);
} else {
if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM") != NULL) {
unsigned char buf1[4096];
unsigned char buf2[4096];
char *pos = NULL;
http_proxy_auth_mechanism = AUTH_NTLM;
//send auth and receive challenge
//send auth request: let the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2));
// send auth and receive challenge
// send auth request: let the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2));
/* to be portable, no snprintf, buffer is big enough so it can't overflow */
//send the first..
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header);
/* to be portable, no snprintf, buffer is big enough so it can't overflow
*/
// send the first..
sprintf(buffer,
"GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: "
"Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n",
url, host, buf1, header);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 3;
//receive challenge
// receive challenge
free(http_proxy_buf);
http_proxy_buf = hydra_receive_line(s);
while (http_proxy_buf != NULL && (pos = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM ")) == NULL) {
@ -141,24 +147,27 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
pos[str - pos] = 0;
}
}
//recover challenge
// recover challenge
if (http_proxy_buf != NULL && strlen(http_proxy_buf) >= 4) {
from64tobits((char *) buf1, pos);
from64tobits((char *)buf1, pos);
free(http_proxy_buf);
http_proxy_buf = NULL;
return 3;
}
//Send response
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header);
// Send response
buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
sprintf(buffer,
"GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: "
"Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n",
url, host, buf1, header);
if (debug)
hydra_report(stderr, "C:%s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 3;
if (http_proxy_buf != NULL)
free(http_proxy_buf);
free(http_proxy_buf);
http_proxy_buf = hydra_receive_line(s);
while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) {
free(http_proxy_buf);
@ -170,7 +179,6 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
} else {
#ifdef LIBOPENSSL
if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) {
char *pbuffer;
http_proxy_auth_mechanism = AUTH_DIGESTMD5;
@ -206,7 +214,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
#endif
{
if (http_proxy_buf != NULL) {
// buf[strlen(http_proxy_buf) - 1] = '\0';
// buf[strlen(http_proxy_buf) - 1] = '\0';
hydra_report(stderr, "Unsupported Auth type:\n%s\n", http_proxy_buf);
free(http_proxy_buf);
http_proxy_buf = NULL;
@ -218,7 +226,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
}
}
ptr = ((char *) index(http_proxy_buf, ' ')) + 1;
ptr = ((char *)index(http_proxy_buf, ' ')) + 1;
if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) {
hydra_report_found_host(port, ip, "http-proxy", fp);
hydra_completed_pair_found();
@ -226,7 +234,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
http_proxy_buf = NULL;
} else {
if (*ptr != '4')
hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(http_proxy_buf, ' ') + 1), login, pass);
hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char)*(index(http_proxy_buf, ' ') + 1), login, pass);
else if (verbose && *(ptr + 2) == '3')
hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass);
hydra_completed_pair();
@ -246,7 +254,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
return 1;
}
void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL;
@ -257,36 +265,37 @@ void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscp
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
if (http_proxy_buf != NULL)
free(http_proxy_buf);
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 1: /* connect and service init function */
{
if (http_proxy_buf != NULL)
free(http_proxy_buf);
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
case 2: /* run the cracking function */
if (sock < 0) {
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_http_proxy(sock, ip, port, options, miscptr, fp, hostname);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -299,13 +308,13 @@ void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscp
}
}
int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -313,7 +322,9 @@ int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, cha
return 0;
}
void usage_http_proxy(const char* service) {
void usage_http_proxy(const char *service) {
printf("Module http-proxy is optionally taking the page to authenticate at.\n"
"Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n");
"Default is http://www.microsoft.com/)\n"
"Basic, DIGEST-MD5 and NTLM are supported and negotiated "
"automatically.\n\n");
}

435
hydra-http.c
View file

@ -1,8 +1,6 @@
#include "hydra-http.h"
#include "sasl.h"
extern char *HYDRA_EXIT;
char *webtarget = NULL;
char *slash = "/";
@ -10,12 +8,12 @@ char *http_buf = NULL;
#define END_CONDITION_MAX_LEN 100
static char end_condition[END_CONDITION_MAX_LEN];
int end_condition_type=-1;
int end_condition_type = -1;
int32_t webport, freemischttp = 0;
int32_t http_auth_mechanism = AUTH_UNASSIGNED;
int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *type, ptr_header_node ptr_head) {
int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *type, ptr_header_node ptr_head) {
char *empty = "";
char *login, *pass, *buffer, buffer2[500];
char *header;
@ -34,7 +32,7 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
header = stringify_headers(&ptr_head);
buffer_size = strlen(header) + 500;
if(!(buffer = malloc(buffer_size))) {
if (!(buffer = malloc(buffer_size))) {
free(header);
return 3;
}
@ -49,133 +47,153 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
switch (http_auth_mechanism) {
case AUTH_BASIC:
sprintf(buffer2, "%.50s:%.50s", login, pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
/* again: no snprintf to be portable. don't worry, buffer can't overflow */
if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
sprintf(buffer,
"%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: "
"close\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic "
"%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication[selected_proxy], header);
else {
if (use_proxy == 1)
sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
sprintf(buffer,
"%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: "
"close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 "
"(Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buffer2, header);
else
sprintf(buffer, "%s %.250s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, buffer2, header);
sprintf(buffer,
"%s %.250s HTTP/1.1\r\nHost: %s\r\nConnection: "
"close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 "
"(Hydra)\r\n%s\r\n",
type, miscptr, webtarget, buffer2, header);
}
if (debug)
hydra_report(stderr, "C:%s\n", buffer);
break;
#ifdef LIBOPENSSL
case AUTH_DIGESTMD5:{
char *pbuffer;
case AUTH_DIGESTMD5: {
char *pbuffer;
pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest ");
strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), buffer_size - 1);
buffer[buffer_size - 1] = '\0';
pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest ");
strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), buffer_size - 1);
buffer[buffer_size - 1] = '\0';
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header);
if (fooptr == NULL) {
free(buffer);
free(header);
return 3;
}
if (debug)
hydra_report(stderr, "C:%s\n", buffer2);
strcpy(buffer, buffer2);
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header);
if (fooptr == NULL) {
free(buffer);
free(header);
return 3;
}
break;
if (debug)
hydra_report(stderr, "C:%s\n", buffer2);
strcpy(buffer, buffer2);
} break;
#endif
case AUTH_NTLM:{
unsigned char buf1[4096];
unsigned char buf2[4096];
char *pos = NULL;
case AUTH_NTLM: {
unsigned char buf1[4096];
unsigned char buf2[4096];
char *pos = NULL;
//send auth and receive challenge
//send auth request: let the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2));
// send auth and receive challenge
// send auth request: let the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2));
/* to be portable, no snprintf, buffer is big enough so it can't overflow */
//send the first..
if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
/* to be portable, no snprintf, buffer is big enough so it can't overflow */
// send the first..
if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
sprintf(buffer,
"%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
"%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 "
"(Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
else {
if (use_proxy == 1)
sprintf(buffer,
"%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
else {
if (use_proxy == 1)
sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, header);
else
sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget,
buf1, header);
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
free(buffer);
free(header);
return 1;
}
//receive challenge
if (http_buf != NULL)
free(http_buf);
http_buf = hydra_receive_line(s);
if (http_buf == NULL) {
if (verbose)
hydra_report(stderr, "[ERROR] Server did not answer\n");
free(buffer);
free(header);
return 3;
}
pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM ");
if (pos != NULL) {
char *str;
pos += 23;
if ((str = strchr(pos, '\r')) != NULL) {
pos[str - pos] = 0;
}
if ((str = strchr(pos, '\n')) != NULL) {
pos[str - pos] = 0;
}
} else {
hydra_report(stderr, "[ERROR] It is not NTLM authentication type\n");
return 3;
}
//recover challenge
from64tobits((char *) buf1, pos);
free(http_buf);
http_buf = NULL;
//Send response
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
//create the auth response
if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
"%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
"%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, header);
else
sprintf(buffer,
"%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
else {
if (use_proxy == 1)
sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, header);
else
sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget,
buf1, header);
}
if (debug)
hydra_report(stderr, "C:%s\n", buffer);
"%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
"%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, miscptr, webtarget, buf1, header);
}
break;
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
free(buffer);
free(header);
return 1;
}
// receive challenge
if (http_buf != NULL)
free(http_buf);
http_buf = hydra_receive_line(s);
if (http_buf == NULL) {
if (verbose)
hydra_report(stderr, "[ERROR] Server did not answer\n");
free(buffer);
free(header);
return 3;
}
pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM ");
if (pos != NULL) {
char *str;
pos += 23;
if ((str = strchr(pos, '\r')) != NULL) {
pos[str - pos] = 0;
}
if ((str = strchr(pos, '\n')) != NULL) {
pos[str - pos] = 0;
}
} else {
hydra_report(stderr, "[ERROR] It is not NTLM authentication type\n");
return 3;
}
// recover challenge
from64tobits((char *)buf1, pos);
free(http_buf);
http_buf = NULL;
// Send response
buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
// create the auth response
if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
sprintf(buffer,
"%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
"%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 "
"(Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
else {
if (use_proxy == 1)
sprintf(buffer,
"%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
"%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, buf1, header);
else
sprintf(buffer,
"%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
"%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
type, miscptr, webtarget, buf1, header);
}
if (debug)
hydra_report(stderr, "C:%s\n", buffer);
} break;
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
@ -191,7 +209,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
tmpreplybuf[0] = 0;
while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (index(http_buf, '\n') == NULL && complete_line == 0))) {
if (debug) printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf);
if (debug)
printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf);
if (tmpreplybuf[0] == 0 && strstr(http_buf, "HTTP/1.") != NULL) {
strncpy(tmpreplybuf, http_buf, sizeof(tmpreplybuf) - 1);
tmpreplybuf[sizeof(tmpreplybuf) - 1] = 0;
@ -204,7 +223,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
strcat(tmpreplybufptr, http_buf);
free(http_buf);
http_buf = tmpreplybufptr;
if (debug) printf("http_buf now: %s\n", http_buf);
if (debug)
printf("http_buf now: %s\n", http_buf);
}
} else {
free(http_buf);
@ -212,8 +232,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
}
}
//if server cut the connection, just exit cleanly or
//this will be an infinite loop
// if server cut the connection, just exit cleanly or
// this will be an infinite loop
if (http_buf == NULL) {
if (verbose)
hydra_report(stderr, "[ERROR] Server did not answer\n");
@ -225,19 +245,21 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (debug)
hydra_report(stderr, "S:%s\n", http_buf);
ptr = ((char *) index(http_buf, ' '));
ptr = ((char *)index(http_buf, ' '));
if (ptr != NULL)
ptr++;
if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) {
#ifdef HAVE_PCRE
if (end_condition_type >= 0 && hydra_string_match(http_buf, end_condition)!=end_condition_type) {
if (end_condition_type >= 0 && hydra_string_match(http_buf, end_condition) != end_condition_type) {
#else
if (end_condition_type >= 0 && (strstr(http_buf, end_condition) == NULL ? 0 : 1) != end_condition_type) {
#endif
if (debug) hydra_report(stderr, "End condition not match continue.\n");
#endif
if (debug)
hydra_report(stderr, "End condition not match continue.\n");
hydra_completed_pair();
} else {
if (debug) hydra_report(stderr, "END condition %s match.\n",end_condition);
if (debug)
hydra_report(stderr, "END condition %s match.\n", end_condition);
hydra_report_found_host(port, ip, "www", fp);
hydra_completed_pair_found();
}
@ -247,11 +269,11 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
}
} else {
if (ptr != NULL && *ptr != '4')
fprintf(stderr, "[WARNING] Unusual return code: %.3s for %s:%s\n", (char *) ptr, login, pass);
fprintf(stderr, "[WARNING] Unusual return code: %.3s for %s:%s\n", (char *)ptr, login, pass);
//the first authentication type failed, check the type from server header
// the first authentication type failed, check the type from server header
if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) {
//seems the auth supported is not Basic scheme so testing further
// seems the auth supported is not Basic scheme so testing further
int32_t find_auth = 0;
if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) {
@ -266,8 +288,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
#endif
if (find_auth) {
// free(http_buf);
// http_buf = NULL;
// free(http_buf);
// http_buf = NULL;
free(buffer);
free(header);
return 1;
@ -275,18 +297,18 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
}
hydra_completed_pair();
}
// free(http_buf);
// http_buf = NULL;
// free(http_buf);
// http_buf = NULL;
free(buffer);
free(header);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char *type) {
void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char *type) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL;
char *ptr, *ptr2;
@ -298,14 +320,14 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
if ((webtarget = strstr(miscptr, "://")) != NULL) {
webtarget += strlen("://");
if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */
if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */
*ptr2 = 0;
ptr2++;
ptr = ptr2;
if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL)
miscptr = ptr;
else
miscptr = slash; /* to make things easier to user */
miscptr = slash; /* to make things easier to user */
} else if ((ptr2 = index(webtarget, '/')) != NULL) {
miscptr = malloc(strlen(ptr2) + 1);
freemischttp = 1;
@ -313,9 +335,8 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
*ptr2 = 0;
} else
webtarget = hostname;
} else
if (strlen(miscptr) == 0)
miscptr = strdup("/");
} else if (strlen(miscptr) == 0)
miscptr = strdup("/");
if (webtarget == NULL)
webtarget = hostname;
if (port != 0)
@ -333,43 +354,45 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
*ptr++ = 0;
optional1 = ptr;
if (!parse_options(optional1, &ptr_head)) // this function is in hydra-http-form.c !!
if (!parse_options(optional1,
&ptr_head)) // this function is in hydra-http-form.c !!
run = 4;
if (http_auth_mechanism == AUTH_UNASSIGNED)
http_auth_mechanism = AUTH_BASIC;
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
if (freemischttp)
free(miscptr);
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
case 2: /* run the cracking function */
if (sock < 0) {
if (freemischttp)
free(miscptr);
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_http(sock, ip, port, options, miscptr, fp, type, ptr_head);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (freemischttp)
@ -386,76 +409,72 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
}
void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_http(ip, sp, options, miscptr, fp, port, hostname, "GET");
}
void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "GET"); }
void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_http(ip, sp, options, miscptr, fp, port, hostname, "POST");
}
void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "POST"); }
void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_http(ip, sp, options, miscptr, fp, port, hostname, "HEAD");
}
void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "HEAD"); }
int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
/*POU CODE */
char *start = strstr(miscptr, "F=");
if (start == NULL)
start = strstr(miscptr, "S=");
/*POU CODE */
char * start=strstr(miscptr, "F=");
if(start==NULL)
start=strstr(miscptr, "S=");
if (start != NULL) {
if (start[0] == 'F')
end_condition_type = 0;
else
end_condition_type = 1;
if (start !=NULL){
if(start[0]=='F')
end_condition_type=0;
else
end_condition_type=1;
int condition_len=strlen(start);
memset(end_condition,0,END_CONDITION_MAX_LEN);
if(condition_len>=END_CONDITION_MAX_LEN){
hydra_report(stderr,"Condition string cannot be bigger than %u.",END_CONDITION_MAX_LEN);
return -1;
}
//copy condition witout starting string (F= or S= 2char)
strncpy(end_condition, start+2,condition_len-2);
if(debug)
hydra_report(stderr, "End condition is %s, mod is %d\n",end_condition,end_condition_type);
if(*(start-1)==' ')
start--;
memset(start,'\0',condition_len);
if (debug)
hydra_report(stderr, "Modificated options:%s\n",miscptr);
}else{
if (debug)
hydra_report(stderr, "Condition not found\n");
int condition_len = strlen(start);
memset(end_condition, 0, END_CONDITION_MAX_LEN);
if (condition_len >= END_CONDITION_MAX_LEN) {
hydra_report(stderr, "Condition string cannot be bigger than %u.", END_CONDITION_MAX_LEN);
return -1;
}
// copy condition witout starting string (F= or S= 2char)
strncpy(end_condition, start + 2, condition_len - 2);
if (debug)
hydra_report(stderr, "End condition is %s, mod is %d\n", end_condition, end_condition_type);
if (*(start - 1) == ' ')
start--;
memset(start, '\0', condition_len);
if (debug)
hydra_report(stderr, "Modificated options:%s\n", miscptr);
} else {
if (debug)
hydra_report(stderr, "Condition not found\n");
}
return 0;
}
void usage_http(const char* service) {
void usage_http(const char *service) {
printf("Module %s requires the page to authenticate.\n"
"The following parameters are optional:\n"
" (a|A)=auth-type specify authentication mechanism to use: BASIC, NTLM or MD5\n"
" (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n"
" (F|S)=check for text in the HTTP reply. S= means if this text is found, a\n"
" valid account has been found, F= means if this string is present the\n"
" combination is invalid. Note: this must be the last option supplied.\n"
"For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", service);
" (a|A)=auth-type specify authentication mechanism to use: BASIC, "
"NTLM or MD5\n"
" (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each "
"request\n"
" (F|S)=check for text in the HTTP reply. S= means if this text is "
"found, a\n"
" valid account has been found, F= means if this string is "
"present the\n"
" combination is invalid. Note: this must be the last option "
"supplied.\n"
"For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: "
"sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n",
service);
}

12
hydra-http.h
View file

@ -4,10 +4,10 @@
#include "hydra-mod.h"
/* HTTP Header Types */
#define HEADER_TYPE_USERHEADER 'h'
#define HEADER_TYPE_USERHEADER_REPL 'H'
#define HEADER_TYPE_DEFAULT 'D'
#define HEADER_TYPE_DEFAULT_REPL 'd'
#define HEADER_TYPE_USERHEADER 'h'
#define HEADER_TYPE_USERHEADER_REPL 'H'
#define HEADER_TYPE_DEFAULT 'D'
#define HEADER_TYPE_DEFAULT_REPL 'd'
typedef struct header_node t_header_node, *ptr_header_node;
@ -15,7 +15,7 @@ extern char *webtarget;
extern char *slash;
extern char *optional1;
extern int32_t parse_options(char *miscptr, ptr_header_node * ptr_head);
extern int32_t add_header(ptr_header_node * ptr_head, char *header, char *value, char type);
extern int32_t parse_options(char *miscptr, ptr_header_node *ptr_head);
extern int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char type);
extern char *stringify_headers(ptr_header_node *ptr_head);
#endif

54
hydra-icq.c
View file

@ -4,32 +4,10 @@ extern char *HYDRA_EXIT;
extern int32_t child_head_no;
int32_t seq = 1;
const unsigned char icq5_table[] = {
0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C,
0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F,
0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50,
0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64,
0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C,
0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48, 0x33, 0x31,
0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48,
0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A,
0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F,
0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64,
0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50,
0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35, 0x5A, 0x4A, 0x62, 0x66,
0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58,
0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C,
0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44,
0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C,
0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59,
0x60, 0x57, 0x5B, 0x3D, 0x3E, 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A,
0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B,
0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67,
0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D,
0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43,
0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35,
0x5A, 0x00, 0x00
};
const unsigned char icq5_table[] = {0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C, 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F, 0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64, 0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48,
0x33, 0x31, 0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A, 0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35,
0x5A, 0x4A, 0x62, 0x66, 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44, 0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x3E,
0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A, 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67, 0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D, 0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35, 0x5A, 0x00, 0x00};
void fix_packet(char *buf, int32_t len) {
unsigned long c1, c2;
@ -141,7 +119,7 @@ int32_t icq_ack(int32_t s, char *login) {
return (hydra_send(s, buf, 10, 0));
}
int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *miscptr, FILE * fp) {
int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE *output, char *miscptr, FILE *fp) {
unsigned char buf[1024];
char *login, *pass;
char *empty = "";
@ -153,7 +131,7 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis
pass = empty;
for (i = 0; login[i]; i++)
if (!isdigit((int32_t) login[i])) {
if (!isdigit((int32_t)login[i])) {
fprintf(stderr, "[ERROR] Invalid UIN %s\n, ignoring.", login);
hydra_completed_pair();
return 2;
@ -162,13 +140,13 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis
icq_login(sock, login, pass);
while (1) {
if ((r = hydra_recv(sock, (char *) buf, sizeof(buf))) == 0) {
if ((r = hydra_recv(sock, (char *)buf, sizeof(buf))) == 0) {
return 1;
}
if (r < 0) {
if (verbose)
fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int32_t) getpid());
fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int32_t)getpid());
return 3;
}
@ -177,9 +155,9 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis
hydra_completed_pair_found();
icq_ack(sock, login);
icq_login_1(sock, login);
hydra_recv(sock, (char *) buf, sizeof(buf));
hydra_recv(sock, (char *)buf, sizeof(buf));
icq_ack(sock, login);
hydra_recv(sock, (char *) buf, sizeof(buf));
hydra_recv(sock, (char *)buf, sizeof(buf));
icq_ack(sock, login);
icq_disconnect(sock, login);
break;
@ -188,7 +166,8 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis
break;
}
/* if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0)) */
/* if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0))
*/
}
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -196,7 +175,7 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis
return 1;
}
void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_ICQ;
@ -221,7 +200,8 @@ void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
sock = hydra_disconnect(sock);
sock = hydra_connect_udp(ip, myport);
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -243,13 +223,13 @@ void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
}
}
int32_t service_icq_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_icq_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

428
hydra-imap.c
View file

@ -20,7 +20,8 @@ char *imap_read_server_capacity(int32_t sock) {
if (strstr(buf, "CAPABILITY") != NULL && buf[0] == '*') {
resp = 1;
usleepn(300);
/* we got the capability info then get the completed warning info from server */
/* we got the capability info then get the completed warning info from
* server */
while (hydra_data_ready(sock)) {
free(buf);
buf = hydra_receive_line(sock);
@ -30,7 +31,7 @@ char *imap_read_server_capacity(int32_t sock) {
buf[strlen(buf) - 1] = 0;
if (buf[strlen(buf) - 1] == '\r')
buf[strlen(buf) - 1] = 0;
if (isdigit((int32_t) *ptr) && *(ptr + 1) == ' ') {
if (isdigit((int32_t)*ptr) && *(ptr + 1) == ' ') {
resp = 1;
}
}
@ -39,7 +40,7 @@ char *imap_read_server_capacity(int32_t sock) {
return buf;
}
int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500], *fooptr;
@ -69,7 +70,7 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha
}
free(buf);
strcpy(buffer2, login);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
@ -84,7 +85,7 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha
}
free(buf);
strcpy(buffer2, pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
break;
@ -110,220 +111,212 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:
case AUTH_CRAMSHA1:
case AUTH_CRAMSHA256:{
int32_t rc = 0;
char *preplogin;
case AUTH_CRAMSHA256: {
int32_t rc = 0;
char *preplogin;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
}
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
}
switch (imap_auth_mechanism) {
case AUTH_CRAMMD5:
sprintf(buffer, "%d AUTHENTICATE CRAM-MD5\r\n", counter);
break;
case AUTH_CRAMSHA1:
sprintf(buffer, "%d AUTHENTICATE CRAM-SHA1\r\n", counter);
break;
case AUTH_CRAMSHA256:
sprintf(buffer, "%d AUTHENTICATE CRAM-SHA256\r\n", counter);
break;
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
// get the one-time BASE64 encoded challenge
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
switch (imap_auth_mechanism) {
case AUTH_CRAMMD5:
sprintf(buffer, "%d AUTHENTICATE CRAM-MD5\r\n", counter);
hydra_report(stderr, "[ERROR] IMAP CRAM-MD5 AUTH : %s\n", buf);
break;
case AUTH_CRAMSHA1:
sprintf(buffer, "%d AUTHENTICATE CRAM-SHA1\r\n", counter);
hydra_report(stderr, "[ERROR] IMAP CRAM-SHA1 AUTH : %s\n", buf);
break;
case AUTH_CRAMSHA256:
sprintf(buffer, "%d AUTHENTICATE CRAM-SHA256\r\n", counter);
hydra_report(stderr, "[ERROR] IMAP CRAM-SHA256 AUTH : %s\n", buf);
break;
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
//get the one-time BASE64 encoded challenge
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
switch (imap_auth_mechanism) {
case AUTH_CRAMMD5:
hydra_report(stderr, "[ERROR] IMAP CRAM-MD5 AUTH : %s\n", buf);
break;
case AUTH_CRAMSHA1:
hydra_report(stderr, "[ERROR] IMAP CRAM-SHA1 AUTH : %s\n", buf);
break;
case AUTH_CRAMSHA256:
hydra_report(stderr, "[ERROR] IMAP CRAM-SHA256 AUTH : %s\n", buf);
break;
}
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf + 2);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *)buffer, buf + 2);
free(buf);
memset(buffer2, 0, sizeof(buffer2));
switch (imap_auth_mechanism) {
case AUTH_CRAMMD5: {
sasl_cram_md5(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
} break;
case AUTH_CRAMSHA1: {
sasl_cram_sha1(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
} break;
case AUTH_CRAMSHA256: {
sasl_cram_sha256(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
} break;
}
hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer));
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
strcpy(buffer, tmp_buffer);
free(preplogin);
} break;
case AUTH_DIGESTMD5: {
sprintf(buffer, "%d AUTHENTICATE DIGEST-MD5\r\n", counter);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
// receive
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
hydra_report(stderr, "[ERROR] IMAP DIGEST-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *)buffer, buf);
free(buf);
if (debug)
hydra_report(stderr, "DEBUG S: %s\n", buffer);
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL);
if (fooptr == NULL)
return 3;
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2);
} break;
case AUTH_SCRAMSHA1: {
char clientfirstmessagebare[200];
char serverfirstmessage[200];
char *preplogin;
int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
}
sprintf(buffer, "%d AUTHENTICATE SCRAM-SHA-1\r\n", counter);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
hydra_report(stderr, "[ERROR] IMAP SCRAM-SHA1 AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin);
free(preplogin);
memset(buffer2, 0, sizeof(buffer2));
sprintf(buffer2, "n,,%.200s", clientfirstmessagebare);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
snprintf(buffer, sizeof(buffer), "%s\r\n", buffer2);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
buf = hydra_receive_line(s);
if (buf == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not a valid server challenge\n");
free(buf);
return 1;
} else {
/* recover server challenge */
memset(buffer, 0, sizeof(buffer));
//+ cj1oeWRyYU9VNVZqcHQ5RjNqcmVXRVFWTCxzPWhGbTNnRGw0akdidzJVVHosaT00MDk2
from64tobits((char *)buffer, buf + 2);
free(buf);
strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1);
serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0';
memset(buffer2, 0, sizeof(buffer2));
switch (imap_auth_mechanism) {
case AUTH_CRAMMD5:{
sasl_cram_md5(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
}
break;
case AUTH_CRAMSHA1:{
sasl_cram_sha1(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
}
break;
case AUTH_CRAMSHA256:{
sasl_cram_sha256(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
}
break;
}
hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer));
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
strcpy(buffer, tmp_buffer);
free(preplogin);
}
break;
case AUTH_DIGESTMD5:{
sprintf(buffer, "%d AUTHENTICATE DIGEST-MD5\r\n", counter);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
hydra_report(stderr, "[ERROR] IMAP DIGEST-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf);
free(buf);
if (debug)
hydra_report(stderr, "DEBUG S: %s\n", buffer);
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL);
if (fooptr == NULL)
return 3;
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage);
if (fooptr == NULL) {
hydra_report(stderr, "[ERROR] Can't compute client response\n");
return 1;
}
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2);
}
break;
case AUTH_SCRAMSHA1:{
char clientfirstmessagebare[200];
char serverfirstmessage[200];
char *preplogin;
int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
}
sprintf(buffer, "%d AUTHENTICATE SCRAM-SHA-1\r\n", counter);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
hydra_report(stderr, "[ERROR] IMAP SCRAM-SHA1 AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin);
free(preplogin);
memset(buffer2, 0, sizeof(buffer2));
sprintf(buffer2, "n,,%.200s", clientfirstmessagebare);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
snprintf(buffer, sizeof(buffer), "%s\r\n", buffer2);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
buf = hydra_receive_line(s);
if (buf == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not a valid server challenge\n");
free(buf);
return 1;
} else {
/* recover server challenge */
memset(buffer, 0, sizeof(buffer));
//+ cj1oeWRyYU9VNVZqcHQ5RjNqcmVXRVFWTCxzPWhGbTNnRGw0akdidzJVVHosaT00MDk2
from64tobits((char *) buffer, buf + 2);
free(buf);
strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1);
serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0';
memset(buffer2, 0, sizeof(buffer2));
fooptr = buffer2;
sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage);
if (fooptr == NULL) {
hydra_report(stderr, "[ERROR] Can't compute client response\n");
return 1;
}
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2);
}
}
break;
} break;
#endif
case AUTH_NTLM:{
unsigned char buf1[4096];
unsigned char buf2[4096];
case AUTH_NTLM: {
unsigned char buf1[4096];
unsigned char buf2[4096];
//Send auth request
sprintf(buffer, "%d AUTHENTICATE NTLM\r\n", counter);
// Send auth request
sprintf(buffer, "%d AUTHENTICATE NTLM\r\n", counter);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
hydra_report(stderr, "[ERROR] IMAP NTLM AUTH : %s\n", buf);
free(buf);
return 3;
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
// receive
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
hydra_report(stderr, "[ERROR] IMAP NTLM AUTH : %s\n", buf);
free(buf);
//send auth and receive challenge
//send auth request: lst the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2));
sprintf(buffer, "%s\r\n", buf1);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strlen(buf) < 6) {
free(buf);
return 1;
}
//recover challenge
from64tobits((char *) buf1, buf + 2);
free(buf);
//Send response
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
sprintf(buffer, "%s\r\n", buf1);
return 3;
}
break;
free(buf);
// send auth and receive challenge
// send auth request: lst the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2));
sprintf(buffer, "%s\r\n", buf1);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strlen(buf) < 6) {
free(buf);
return 1;
}
// recover challenge
from64tobits((char *)buf1, buf + 2);
free(buf);
// Send response
buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
sprintf(buffer, "%s\r\n", buf1);
} break;
default:
//clear authentication
// clear authentication
sprintf(buffer, "%d LOGIN \"%.100s\" \"%.100s\"\r\n", counter, login, pass);
}
@ -353,7 +346,7 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha
return 1;
}
void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 1;
char *buffer1 = "1 CAPABILITY\r\n";
@ -363,10 +356,10 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -380,12 +373,12 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
buf = hydra_receive_line(sock);
if ((buf == NULL) || (strstr(buf, "OK") == NULL && buf[0] != '*')) { /* check the first line */
if ((buf == NULL) || (strstr(buf, "OK") == NULL && buf[0] != '*')) { /* check the first line */
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an IMAP protocol or service shutdown:\n");
if (buf != NULL)
@ -407,7 +400,7 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
int32_t i;
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int32_t) miscptr[i]);
miscptr[i] = (char)toupper((int32_t)miscptr[i]);
if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) {
disable_tls = 0;
@ -415,14 +408,16 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
#ifdef LIBOPENSSL
if (!disable_tls) {
/* check for STARTTLS, if available we may have access to more basic auth methods */
/* check for STARTTLS, if available we may have access to more basic
* auth methods */
if (strstr(buf, "STARTTLS") != NULL) {
hydra_send(sock, "2 STARTTLS\r\n", strlen("2 STARTTLS\r\n"), 0);
counter++;
free(buf);
buf = hydra_receive_line(sock);
if (buf == NULL || (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL)) {
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer "
"received from STARTTLS request\n");
} else {
free(buf);
if ((hydra_connect_to_ssl(sock, hostname) == -1)) {
@ -444,15 +439,16 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
hydra_child_exit(2);
}
} else
hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is "
"not supported by the server\n");
}
#endif
if (verbose)
hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf);
//authentication should be listed AUTH= like in the extract below
//STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5
// authentication should be listed AUTH= like in the extract below
// STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5
if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=NTLM") != NULL)) {
imap_auth_mechanism = AUTH_NTLM;
}
@ -487,7 +483,6 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
free(buf);
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
if (strstr(miscptr, "CLEAR"))
imap_auth_mechanism = AUTH_CLEAR;
@ -554,11 +549,11 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_imap(sock, ip, port, options, miscptr, fp);
counter++;
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -571,13 +566,13 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
}
int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -585,8 +580,11 @@ int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *mis
return 0;
}
void usage_imap(const char* service) {
void usage_imap(const char *service) {
printf("Module imap is optionally taking one authentication type of:\n"
" CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
" CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n");
" CRAM-SHA256, DIGEST-MD5, NTLM\n"
"Additionally TLS encryption via STARTTLS can be enforced with the "
"TLS option.\n\n"
"Example: imap://target/TLS:PLAIN\n");
}

50
hydra-irc.c
View file

@ -10,7 +10,7 @@ extern char *HYDRA_EXIT;
char buffer[300] = "";
int32_t myport = PORT_IRC, mysslport = PORT_IRC_SSL;
int32_t start_oper_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_oper_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass;
int32_t ret;
@ -52,7 +52,7 @@ int32_t send_nick(int32_t s, char *ip, char *pass) {
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return -1;
}
sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int32_t) getpid(), (int32_t) getpid(), hydra_address2string(ip));
sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int32_t)getpid(), (int32_t)getpid(), hydra_address2string(ip));
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return -1;
}
@ -62,7 +62,7 @@ int32_t send_nick(int32_t s, char *ip, char *pass) {
int32_t irc_server_connect(char *ip, int32_t sock, int32_t port, unsigned char options, char *hostname) {
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -77,7 +77,7 @@ int32_t irc_server_connect(char *ip, int32_t sock, int32_t port, unsigned char o
return sock;
}
int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname) {
int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) {
char *empty = "";
char *pass;
int32_t ret;
@ -87,7 +87,7 @@ int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options,
s = irc_server_connect(ip, s, port, options, hostname);
if (s < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
return 3;
}
@ -105,10 +105,16 @@ int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options,
#endif
hydra_report_pass_found(port, ip, "irc", fp);
hydra_completed_pair_found();
hydra_report(stderr, "[INFO] Server password '%s' is working, you can pass it as argument\nto irc module to then try login/password oper mode\n", pass);
hydra_report(stderr,
"[INFO] Server password '%s' is working, you can pass it as "
"argument\nto irc module to then try login/password oper mode\n",
pass);
} else {
if (verbose && (miscptr != NULL))
hydra_report(stderr, "[VERBOSE] Server is requesting a general password, '%s' you entered is not working\n", miscptr);
hydra_report(stderr,
"[VERBOSE] Server is requesting a general password, '%s' "
"you entered is not working\n",
miscptr);
hydra_completed_pair();
}
@ -117,7 +123,7 @@ int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options,
return 4;
}
void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1, ret;
char *buf;
@ -128,11 +134,11 @@ void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
sock = irc_server_connect(ip, sock, port, options, hostname);
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
@ -147,7 +153,7 @@ void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
if ((ret = hydra_recv(sock, buffer, sizeof(buffer) - 1)) >= 0)
buffer[ret] = 0;
/* ERROR :Bad password */
/* ERROR :Bad password */
#ifdef HAVE_PCRE
if ((ret > 0) && (hydra_string_match(buffer, "ERROR\\s.*password"))) {
#else
@ -180,19 +186,23 @@ void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
hydra_child_exit(0);
}
/* ERROR :Bad password is returned from ngircd when it s waiting for a server password */
/* ERROR :Bad password is returned from ngircd when it s waiting for a
* server password */
if ((ret > 0) && (strstr(buffer, " 001 ") == NULL)) {
/* seems we not successfully connected */
hydra_report(stderr, "[ERROR] should not be able to identify server msg, please report it\n%s\n", buffer);
hydra_report(stderr,
"[ERROR] should not be able to identify server msg, "
"please report it\n%s\n",
buffer);
hydra_child_exit(0);
}
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_oper_irc(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -208,13 +218,13 @@ void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
}
}
int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -222,6 +232,8 @@ int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *misc
return 0;
}
void usage_irc(const char* service) {
printf("Module irc is optionally taking the general server password, if the server is requiring one, and if none is passed the password from -p/-P will be used\n\n");
void usage_irc(const char *service) {
printf("Module irc is optionally taking the general server password, if the "
"server is requiring one, and if none is passed the password from "
"-p/-P will be used\n\n");
}

118
hydra-ldap.c
View file

@ -7,7 +7,7 @@ unsigned char *buf;
int32_t counter;
int32_t tls_required = 0;
int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char version, int32_t auth_method) {
int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char version, int32_t auth_method) {
char *empty = "";
char *login = "", *pass, *fooptr = "";
unsigned char buffer[512];
@ -18,7 +18,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
The LDAP "simple" method has three modes of operation:
* anonymous= no user no pass
* unauthenticated= user but no pass
* user/password authenticated= user and pass
* user/password authenticated= user and pass
*/
if ((miscptr != NULL) && (ldap_auth_mechanism == AUTH_CLEAR)) {
@ -65,9 +65,9 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (ldap_auth_mechanism == AUTH_CLEAR) {
buffer[11] = strlen(login); /* DN */
memcpy(&buffer[12], login, strlen(login));
buffer[12 + strlen(login)] = (unsigned char) 128;
buffer[12 + strlen(login)] = (unsigned char)128;
buffer[13 + strlen(login)] = strlen(pass);
memcpy(&buffer[14 + strlen(login)], pass, strlen(pass)); /* PASS */
memcpy(&buffer[14 + strlen(login)], pass, strlen(pass)); /* PASS */
} else {
char *authm = "DIGEST-MD5";
@ -79,7 +79,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
miscptr[sizeof(buffer) - 16 - strlen(authm)] = '\0';
}
buffer[11] = strlen(miscptr); /* DN */
buffer[11] = strlen(miscptr); /* DN */
memcpy(&buffer[12], miscptr, strlen(miscptr));
buffer[12 + strlen(miscptr)] = 163;
buffer[13 + strlen(miscptr)] = 2 + strlen(authm);
@ -87,9 +87,9 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
buffer[15 + strlen(miscptr)] = strlen(authm);
memcpy(&buffer[16 + strlen(miscptr)], authm, strlen(authm));
}
if (hydra_send(s, (char *) buffer, length, 0) < 0)
if (hydra_send(s, (char *)buffer, length, 0) < 0)
return 1;
if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL)
if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL)
return 1;
if (buf[0] != 0 && buf[0] != 32 && buf[9] == 2) {
@ -115,13 +115,13 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
}
#ifdef LIBOPENSSL
/* one more step auth for CRAM and DIGEST */
/* one more step auth for CRAM and DIGEST */
if (ldap_auth_mechanism == AUTH_CRAMMD5) {
/* get the challenge, need to extract it */
char *ptr;
char buf2[32];
ptr = strstr((char *) buf, "<");
ptr = strstr((char *)buf, "<");
fooptr = buf2;
sasl_cram_md5(fooptr, pass, ptr);
if (fooptr == NULL)
@ -148,7 +148,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
buffer[9] = version;
buffer[10] = 4;
buffer[11] = strlen(miscptr); /* DN */
buffer[11] = strlen(miscptr); /* DN */
memcpy(&buffer[12], miscptr, strlen(miscptr));
buffer[12 + strlen(miscptr)] = 163;
buffer[13 + strlen(miscptr)] = 2 + strlen("CRAM-MD5") + 2 + strlen(login) + 1 + strlen(buf2);
@ -161,10 +161,10 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login)] = ' ';
memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login) + 1], buf2, strlen(buf2));
if (hydra_send(s, (char *) buffer, length, 0) < 0)
if (hydra_send(s, (char *)buffer, length, 0) < 0)
return 1;
free(buf);
if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL)
if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL)
return 1;
} else {
if (ldap_auth_mechanism == AUTH_DIGESTMD5) {
@ -172,7 +172,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
char buffer2[500];
int32_t ind = 0;
ptr = strstr((char *) buf, "realm=");
ptr = strstr((char *)buf, "realm=");
counter++;
if (strstr(miscptr, "^USER^") != NULL) {
@ -213,7 +213,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
ind++;
buffer[ind] = counter % 256;
ind++;
buffer[ind] = 96; /*0x60 */
buffer[ind] = 96; /*0x60 */
ind++;
buffer[ind] = 130;
ind++;
@ -240,9 +240,9 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
buffer[ind] = strlen(miscptr);
ind++;
memcpy(&buffer[ind], miscptr, strlen(miscptr));
/*DN*/ buffer[ind + strlen(miscptr)] = 163; //0xa3
/*DN*/ buffer[ind + strlen(miscptr)] = 163; // 0xa3
ind++;
buffer[ind + strlen(miscptr)] = 130; //0x82
buffer[ind + strlen(miscptr)] = 130; // 0x82
ind++;
if (strlen(buffer2) + 6 + strlen("DIGEST-MD5") > 255) {
@ -279,10 +279,10 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
memcpy(&buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")], buffer2, strlen(buffer2));
ind++;
if (hydra_send(s, (char *) buffer, length, 0) < 0)
if (hydra_send(s, (char *)buffer, length, 0) < 0)
return 1;
free(buf);
if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL)
if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL)
return 1;
}
}
@ -306,21 +306,27 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 53) {
if (verbose)
hydra_report(stderr, "[VERBOSE] Server unwilling to perform action, maybe deny by server config or too busy when tried login: %s password: %s\n", login, pass);
hydra_report(stderr,
"[VERBOSE] Server unwilling to perform action, maybe deny by server "
"config or too busy when tried login: %s password: %s\n",
login, pass);
free(buf);
return 1;
}
if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 2) {
hydra_report(stderr, "[ERROR] Invalid protocol version, you tried ldap%c, better try ldap%c\n", version + '0', version == 2 ? '3' : '2');
hydra_report(stderr,
"[ERROR] Invalid protocol version, you tried ldap%c, better "
"try ldap%c\n",
version + '0', version == 2 ? '3' : '2');
free(buf);
hydra_child_exit(2);
sleep(1);
hydra_child_exit(2);
}
//0 0x30, 0x84, 0x20, 0x20, 0x20, 0x10, 0x02, 0x01,
//8 0x01, 0x61, 0x84, 0x20, 0x20, 0x20, 0x07, 0x0a,
//16 0x01, 0x20, 0x04, 0x20, 0x04, 0x20, 0x00, 0x00,
// 0 0x30, 0x84, 0x20, 0x20, 0x20, 0x10, 0x02, 0x01,
// 8 0x01, 0x61, 0x84, 0x20, 0x20, 0x20, 0x07, 0x0a,
// 16 0x01, 0x20, 0x04, 0x20, 0x04, 0x20, 0x00, 0x00,
// this is for w2k8 active directory ldap auth
if (buf[0] == 48 && buf[1] == 132) {
@ -335,10 +341,9 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
}
}
} else {
if (buf[9] != 49 && buf[9] != 2 && buf[9] != 53) {
hydra_report(stderr, "[ERROR] Uh, unknown LDAP response! Please report this: \n");
print_hex((unsigned char *) buf, 24);
print_hex((unsigned char *)buf, 24);
free(buf);
return 3;
}
@ -351,7 +356,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
return 2;
}
void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char version, int32_t auth_method) {
void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char version, int32_t auth_method) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_LDAP, mysslport = PORT_LDAP_SSL;
@ -360,10 +365,10 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -377,18 +382,20 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
counter = 1;
if (tls_required) {
/* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC 2830 */
char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37";
/* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC
* 2830 */
char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31"
"\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37";
if (hydra_send(sock, confidentiality_required, strlen(confidentiality_required), 0) < 0)
hydra_child_exit(1);
if ((buf = (unsigned char *) hydra_receive_line(sock)) == NULL)
if ((buf = (unsigned char *)hydra_receive_line(sock)) == NULL)
hydra_child_exit(1);
if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) {
@ -410,11 +417,11 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_ldap(sock, ip, port, options, miscptr, fp, hostname, version, auth_method);
counter++;
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -427,47 +434,46 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
}
void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_ldap(ip, sp, options, miscptr, fp, port, hostname, 2, AUTH_CLEAR);
}
void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 2, AUTH_CLEAR); }
void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CLEAR);
}
void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CLEAR); }
void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CRAMMD5);
}
void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CRAMMD5); }
void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_DIGESTMD5);
}
void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_DIGESTMD5); }
int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
if (miscptr != NULL && strlen(miscptr) > 220) {
fprintf(stderr, "[ERROR] the option string to this module may not be larger than 220 bytes\n");
fprintf(stderr, "[ERROR] the option string to this module may not be "
"larger than 220 bytes\n");
return -1;
}
return 0;
}
void usage_ldap(const char* service) {
printf("Module %s is optionally taking the DN (depending of the auth method choosed\n"
"Note: you can also specify the DN as login when Simple auth method is used).\n"
void usage_ldap(const char *service) {
printf("Module %s is optionally taking the DN (depending of the auth method "
"choosed\n"
"Note: you can also specify the DN as login when Simple auth method "
"is used).\n"
"The keyword \"^USER^\" is replaced with the login.\n"
"Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n"
"unauthenticated (user but no pass), user/pass authenticated (user and pass).\n"
"Special notes for Simple method has 3 operation modes: anonymous, "
"(no user no pass),\n"
"unauthenticated (user but no pass), user/pass authenticated (user "
"and pass).\n"
"So don't forget to set empty string as user/pass to test all modes.\n"
"Hint: to authenticate to a windows active directory ldap, this is usually\n"
" cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", service);
"Hint: to authenticate to a windows active directory ldap, this is "
"usually\n"
" cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n",
service);
}

43
hydra-memcached.c
View file

@ -1,5 +1,5 @@
//This plugin was written by <david dot maciejak at gmail D O T com>
//Tested on memcached 1.5.6-0ubuntu1
// This plugin was written by <david dot maciejak at gmail D O T com>
// Tested on memcached 1.5.6-0ubuntu1
#ifdef LIBMCACHED
#include <libmemcached/memcached.h>
@ -8,9 +8,7 @@
#include "hydra-mod.h"
#ifndef LIBMCACHED
void dummy_mcached() {
printf("\n");
}
void dummy_mcached() { printf("\n"); }
#else
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
@ -33,9 +31,7 @@ int mcached_send_com_version(int32_t sock) {
return 0;
}
int32_t start_mcached(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_mcached(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass;
@ -93,7 +89,7 @@ int32_t start_mcached(int32_t s, char *ip, int32_t port, unsigned char options,
memcached_free(cache);
hydra_completed_pair_skip();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
return 3;
return 3;
}
return 2;
}
@ -109,7 +105,7 @@ int32_t start_mcached(int32_t s, char *ip, int32_t port, unsigned char options,
return 2;
}
void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp);
@ -127,14 +123,15 @@ void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr,
return;
default:
if (!verbose)
hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n");
hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose "
"option for more details\n");
hydra_child_exit(2);
}
run = next_run;
}
}
int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -150,7 +147,7 @@ int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char *
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Can not connect\n");
return -1;
return -1;
}
if (mcached_send_com_version(sock)) {
@ -160,16 +157,16 @@ int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char *
}
if (hydra_data_ready_timed(sock, 0, 1000) > 0) {
buf = hydra_receive_line(sock);
if (strstr(buf, "VERSION ")) {
hydra_report_found_host(port, ip, "memcached", fp);
mcached_send_com_quit(sock);
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_report(stderr, "[ERROR] Memcached server does not require any authentication\n");
}
free(buf);
return -1;
buf = hydra_receive_line(sock);
if (strstr(buf, "VERSION ")) {
hydra_report_found_host(port, ip, "memcached", fp);
mcached_send_com_quit(sock);
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_report(stderr, "[ERROR] Memcached server does not require any authentication\n");
}
free(buf);
return -1;
}
if (sock >= 0)
sock = hydra_disconnect(sock);

456
hydra-mod.c
View file

@ -1,10 +1,10 @@
#include "hydra-mod.h"
#include <arpa/inet.h>
#ifdef LIBOPENSSL
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/ssl.h>
#endif
#ifdef HAVE_PCRE
#include <pcre.h>
@ -15,17 +15,17 @@
#define HYDRA_DUMP_ROWS 16
/* rfc 1928 SOCKS proxy */
#define SOCKS_V5 5
#define SOCKS_V4 4
#define SOCKS_NOAUTH 0
#define SOCKS_V5 5
#define SOCKS_V4 4
#define SOCKS_NOAUTH 0
/* http://tools.ietf.org/html/rfc1929 */
#define SOCKS_PASSAUTH 2
#define SOCKS_NOMETHOD 0xff
#define SOCKS_CONNECT 1
#define SOCKS_IPV4 1
#define SOCKS_DOMAIN 3
#define SOCKS_IPV6 4
#define SOCKS_PASSAUTH 2
#define SOCKS_NOMETHOD 0xff
#define SOCKS_CONNECT 1
#define SOCKS_IPV4 1
#define SOCKS_DOMAIN 3
#define SOCKS_IPV6 4
extern int32_t conwait;
char quiet;
@ -56,26 +56,29 @@ RSA *rsa = NULL;
#endif
/* prototype */
int32_t my_select(int32_t fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec);
int32_t my_select(int32_t fd, fd_set *fdread, fd_set *fdwrite, fd_set *fdex, long sec, long usec);
/* ----------------- alarming functions ---------------- */
void alarming() {
fail++;
alarm_went_off++;
/* uh, I think it's not good for performance if we try to reconnect to a timeout system!
* if (fail > MAX_CONNECT_RETRY) {
*/
//fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", (int32_t) getpid());
/* uh, I think it's not good for performance if we try to reconnect to a
* timeout system! if (fail > MAX_CONNECT_RETRY) {
*/
// fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n",
// (int32_t) getpid());
if (debug)
printf("DEBUG_CONNECT_TIMEOUT\n");
hydra_child_exit(1);
/*
* } else {
* if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], retrying (%d of %d retries)\n", (int32_t)getpid(), fail, MAX_CONNECT_RETRY);
* }
*/
/*
* } else {
* if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout],
* retrying (%d of %d retries)\n", (int32_t)getpid(), fail,
* MAX_CONNECT_RETRY);
* }
*/
}
void interrupt() {
@ -96,11 +99,11 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
struct sockaddr_in sin;
char *buf, *tmpptr = NULL;
int32_t err = 0;
if (proxy_count > 0 && use_proxy > 0 && selected_proxy == -1) {
reset_selected = 1;
selected_proxy = random() % proxy_count;
}
}
memset(&target, 0, sizeof(target));
memset(&sin, 0, sizeof(sin));
@ -133,14 +136,14 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
sin.sin_addr.s_addr = INADDR_ANY;
}
//we will try to find a free port down to 512
// we will try to find a free port down to 512
while (!bind_ok && src_port >= 512) {
#ifdef AF_INET6
if (ipv6)
ret = bind(s, (struct sockaddr *) &sin6, sizeof(sin6));
ret = bind(s, (struct sockaddr *)&sin6, sizeof(sin6));
else
#endif
ret = bind(s, (struct sockaddr *) &sin, sizeof(sin));
ret = bind(s, (struct sockaddr *)&sin, sizeof(sin));
if (ret == -1) {
if (verbose)
@ -167,7 +170,6 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
}
}
if (use_proxy > 0 && proxy_count > 0) {
if (proxy_string_ip[selected_proxy][0] == 4) {
memcpy(&target.sin_addr.s_addr, &proxy_string_ip[selected_proxy][1], 4);
target.sin_family = AF_INET;
@ -214,18 +216,21 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
#endif
if (ipv6)
ret = connect(s, (struct sockaddr *) &target6, sizeof(target6));
ret = connect(s, (struct sockaddr *)&target6, sizeof(target6));
else
#endif
ret = connect(s, (struct sockaddr *) &target, sizeof(target));
ret = connect(s, (struct sockaddr *)&target, sizeof(target));
alarm(0);
if (ret < 0 && alarm_went_off == 0) {
fail++;
if (verbose ) {
if (verbose) {
if (do_retry && fail <= MAX_CONNECT_RETRY)
fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int32_t) getpid(), fail, MAX_CONNECT_RETRY);
fprintf(stderr,
"Process %d: Can not connect [unreachable], retrying (%d "
"of %d retries)\n",
(int32_t)getpid(), fail, MAX_CONNECT_RETRY);
else
fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int32_t) getpid());
fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int32_t)getpid());
}
}
} while (ret < 0 && fail <= MAX_CONNECT_RETRY && do_retry);
@ -233,10 +238,11 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
if (debug)
printf("DEBUG_CONNECT_UNREACHABLE\n");
/* we wont quit here, thats up to the module to decide what to do
* fprintf(stderr, "Process %d: Can not connect [unreachable], process exiting\n", (int32_t)getpid());
* hydra_child_exit(1);
*/
/* we wont quit here, thats up to the module to decide what to do
* fprintf(stderr, "Process %d: Can not connect
* [unreachable], process exiting\n", (int32_t)getpid());
* hydra_child_exit(1);
*/
extern_socket = -1;
close(s);
ret = -1;
@ -280,7 +286,10 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
else
snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port);
else if (host[0] == 16)
snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication[selected_proxy]);
snprintf(buf, 4096,
"CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic "
"%s\r\n\r\n",
hydra_address2string(host), port, proxy_authentication[selected_proxy]);
else
snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication[selected_proxy]);
@ -302,10 +311,10 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
fprintf(stderr, "[ERROR] CONNECT call to proxy failed with code %c%c%c\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2));
err = 1;
}
// free(buf);
// free(buf);
} else {
if (hydra_strcasestr(proxy_string_type[selected_proxy], "socks5")) {
// char buf[1024];
// char buf[1024];
size_t cnt, wlen;
/* socks v5 support */
@ -325,19 +334,20 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt);
err = 1;
}
if ((unsigned char) buf[1] == SOCKS_NOMETHOD) {
hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n");
if ((unsigned char)buf[1] == SOCKS_NOMETHOD) {
hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method "
"negotiation failed\n");
err = 1;
}
/* SOCKS_DOMAIN not supported here, do we need it ? */
if (err != 1) {
/* send user/pass */
if (proxy_authentication[selected_proxy] != NULL) {
//format was checked previously
// format was checked previously
char *login = strtok(proxy_authentication[selected_proxy], ":");
char *pass = strtok(NULL, ":");
snprintf(buf, 4096, "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass);
snprintf(buf, 4096, "\x01%c%s%c%s", (char)strlen(login), login, (char)strlen(pass), pass);
cnt = hydra_send(s, buf, strlen(buf), 0);
if (cnt != strlen(buf)) {
@ -408,15 +418,15 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
hydra_report(stderr, "[ERROR] SOCKS4 proxy does not support IPv6\n");
err = 1;
} else {
// char buf[1024];
// char buf[1024];
size_t cnt, wlen;
/* socks v4 support */
buf[0] = SOCKS_V4;
buf[1] = SOCKS_CONNECT; /* connect */
buf[1] = SOCKS_CONNECT; /* connect */
memcpy(buf + 2, &target.sin_port, sizeof target.sin_port);
memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr);
buf[8] = 0; /* empty username */
buf[8] = 0; /* empty username */
wlen = 9;
cnt = hydra_send(s, buf, wlen, 0);
if (cnt != wlen) {
@ -439,7 +449,10 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
}
}
} else {
hydra_report(stderr, "[ERROR] Unknown proxy type: %s, valid type are \"connect\", \"socks4\" or \"socks5\"\n", proxy_string_type[selected_proxy]);
hydra_report(stderr,
"[ERROR] Unknown proxy type: %s, valid type are "
"\"connect\", \"socks4\" or \"socks5\"\n",
proxy_string_type[selected_proxy]);
err = 1;
}
}
@ -465,24 +478,24 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
}
#if defined(LIBOPENSSL) && !defined(LIBRESSL_VERSION_NUMBER)
RSA *ssl_temp_rsa_cb(SSL * ssl, int32_t export, int32_t keylength) {
RSA *ssl_temp_rsa_cb(SSL *ssl, int32_t export, int32_t keylength) {
int32_t nok = 0;
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
BIGNUM *n;
if ((n = BN_new()) == NULL)
nok = 1;
nok = 1;
RSA_get0_key(rsa, (const struct bignum_st **)&n, NULL, NULL);
BN_zero(n);
#else
if (rsa->n == 0)
nok = 1;
#endif
if (nok == 0 && RSA_size(rsa)!=(keylength/8)){ // n is not zero
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
BN_free(n);
if (nok == 0 && RSA_size(rsa) != (keylength / 8)) { // n is not zero
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
BN_free(n);
#endif
RSA_free(rsa);
rsa = NULL;
RSA_free(rsa);
rsa = NULL;
}
if (nok != 0) { // n is zero
#if defined(NO_RSA_LEGACY) || OPENSSL_VERSION_NUMBER >= 0x10100000L
@ -507,8 +520,8 @@ int32_t internal__hydra_connect_to_ssl(int32_t socket, char *hostname) {
if (ssl_first) {
SSL_load_error_strings();
// SSL_add_ssl_algoritms();
SSL_library_init(); // ?
// SSL_add_ssl_algoritms();
SSL_library_init(); // ?
ssl_first = 0;
}
@ -524,11 +537,11 @@ int32_t internal__hydra_connect_to_ssl(int32_t socket, char *hostname) {
}
} else {
#ifndef TLSv1_2_client_method
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define TLSv1_2_client_method TLSv1_2_client_method
#else
#define TLSv1_2_client_method TLS_client_method
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define TLSv1_2_client_method TLSv1_2_client_method
#else
#define TLSv1_2_client_method TLS_client_method
#endif
#endif
if ((sslContext = SSL_CTX_new(TLSv1_2_client_method())) == NULL) {
if (verbose) {
@ -540,11 +553,11 @@ int32_t internal__hydra_connect_to_ssl(int32_t socket, char *hostname) {
}
/* set the compatbility mode */
SSL_CTX_set_options(sslContext, SSL_OP_ALL);
// SSL_CTX_set_options(sslContext, SSL_OP_NO_SSLv2);
// SSL_CTX_set_options(sslContext, SSL_OP_NO_TLSv1);
// SSL_CTX_set_options(sslContext, SSL_OP_NO_SSLv2);
// SSL_CTX_set_options(sslContext, SSL_OP_NO_TLSv1);
/* we set the default verifiers and don't care for the results */
(void) SSL_CTX_set_default_verify_paths(sslContext);
(void)SSL_CTX_set_default_verify_paths(sslContext);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_CTX_set_tmp_rsa_callback(sslContext, ssl_temp_rsa_cb);
#endif
@ -567,7 +580,7 @@ int32_t internal__hydra_connect_to_ssl(int32_t socket, char *hostname) {
SSL_set_fd(ssl, socket);
if (SSL_connect(ssl) <= 0) {
// fprintf(stderr, "[ERROR] SSL Connect %d\n", SSL_connect(ssl));
// fprintf(stderr, "[ERROR] SSL Connect %d\n", SSL_connect(ssl));
if (verbose) {
err = ERR_get_error();
fprintf(stderr, "[VERBOSE] Could not create an SSL session: %s\n", ERR_error_string(err, NULL));
@ -618,34 +631,34 @@ void hydra_child_exit(int32_t code) {
if (debug)
printf("[DEBUG] pid %d called child_exit with code %d\n", getpid(), code);
if (code == 0) /* normal quitting */
if (code == 0) /* normal quitting */
__fck = write(intern_socket, "Q", 1);
else if (code == 1) /* no connect possible */
else if (code == 1) /* no connect possible */
__fck = write(intern_socket, "C", 1);
else if (code == 2) /* application protocol error or service shutdown */
else if (code == 2) /* application protocol error or service shutdown */
__fck = write(intern_socket, "E", 1);
// code 3 means exit without telling mommy about it - a bad idea. mommy should know
// code 3 means exit without telling mommy about it - a bad idea. mommy should
// know
else if (code == -1 || code > 3) {
fprintf(stderr, "[TOTAL FUCKUP] a module should not use hydra_child_exit(-1) ! Fix it in the source please ...\n");
fprintf(stderr, "[TOTAL FUCKUP] a module should not use "
"hydra_child_exit(-1) ! Fix it in the source please ...\n");
__fck = write(intern_socket, "E", 1);
}
do {
usleepn(10);
} while (read(intern_socket, buf, 1) <= 0);
close(intern_socket);
// sleep(2); // be sure that mommy receives our message
exit(0); // might be killed before reaching this
// sleep(2); // be sure that mommy receives our message
exit(0); // might be killed before reaching this
}
void hydra_register_socket(int32_t s) {
intern_socket = s;
}
void hydra_register_socket(int32_t s) { intern_socket = s; }
char *hydra_get_next_pair() {
if (pair[0] == 0) {
pair[sizeof(pair) - 1] = 0;
__fck = read(intern_socket, pair, sizeof(pair) - 1);
//if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR");
// if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR");
if (memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0)
return HYDRA_EXIT;
if (pair[0] == 0)
@ -697,7 +710,7 @@ void hydra_completed_pair_skip() {
/*
based on writeError from Medusa project
*/
void hydra_report_debug(FILE * st, char *format, ...) {
void hydra_report_debug(FILE *st, char *format, ...) {
va_list ap;
char buf[8200];
char bufOut[33000];
@ -716,7 +729,7 @@ void hydra_report_debug(FILE * st, char *format, ...) {
// Convert any chars less than 32d or greater than 126d to hex
for (i = 0; i < len; i++) {
memset(temp, 0, 6);
cTemp = (unsigned char) buf[i];
cTemp = (unsigned char)buf[i];
if (cTemp < 32 || cTemp > 126) {
sprintf(temp, "[%02X]", cTemp);
} else
@ -733,96 +746,99 @@ void hydra_report_debug(FILE * st, char *format, ...) {
return;
}
void hydra_report_found(int32_t port, char *svc, FILE * fp) {
/*
if (!strcmp(svc, "rsh"))
if (colored_output)
fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login());
else
fprintf(fp, "[%d][%s] login: %s\n", port, svc, hydra_get_next_login());
else if (colored_output)
fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(), hydra_get_next_password());
else
fprintf(fp, "[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password());
if (stdout != fp) {
void hydra_report_found(int32_t port, char *svc, FILE *fp) {
/*
if (!strcmp(svc, "rsh"))
printf("[%d][%s] login: %s\n", port, svc, hydra_get_next_login());
else
printf("[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password());
}
if (colored_output)
fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m\n",
port, svc, hydra_get_next_login()); else fprintf(fp, "[%d][%s] login: %s\n",
port, svc, hydra_get_next_login()); else if (colored_output) fprintf(fp,
"[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m password:
\e[32m%s\e[0m\n", port, svc, hydra_get_next_login(),
hydra_get_next_password()); else fprintf(fp, "[%d][%s] login: %s password:
%s\n", port, svc, hydra_get_next_login(), hydra_get_next_password());
fflush(fp);
*/
if (stdout != fp) {
if (!strcmp(svc, "rsh"))
printf("[%d][%s] login: %s\n", port, svc, hydra_get_next_login());
else
printf("[%d][%s] login: %s password: %s\n", port, svc,
hydra_get_next_login(), hydra_get_next_password());
}
fflush(fp);
*/
}
/* needed for irc module to display the general server password */
void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE * fp) {
/*
strcpy(ipaddr_str, hydra_address2string(ip));
if (colored_output)
fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password());
else
fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
if (stdout != fp)
printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
fflush(fp);
*/
void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE *fp) {
/*
strcpy(ipaddr_str, hydra_address2string(ip));
if (colored_output)
fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password:
\e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else
fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str,
hydra_get_next_password()); if (stdout != fp) printf("[%d][%s] host: %s
password: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
fflush(fp);
*/
}
void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE * fp) {
/* char *keyw = "password";
void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE *fp) {
/* char *keyw = "password";
strcpy(ipaddr_str, hydra_address2string(ip));
if (!strcmp(svc, "smtp-enum"))
keyw = "domain";
if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid"))
if (colored_output)
fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login());
else
fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login());
else if (!strcmp(svc, "snmp3"))
if (colored_output)
fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password());
else
fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco"))
if (colored_output)
fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password());
else
fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
else if (colored_output)
fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw,
hydra_get_next_password());
else
fprintf(fp, "[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password());
if (stdout != fp) {
strcpy(ipaddr_str, hydra_address2string(ip));
if (!strcmp(svc, "smtp-enum"))
keyw = "domain";
if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid"))
printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login());
else if (!strcmp(svc, "snmp3"))
printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco"))
printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
if (colored_output)
fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login:
\e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login()); else
fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str,
hydra_get_next_login()); else if (!strcmp(svc, "snmp3")) if (colored_output)
fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login:
\e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else
fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str,
hydra_get_next_password()); else if (!strcmp(svc, "cisco-enable") ||
!strcmp(svc, "cisco")) if (colored_output) fprintf(fp,
"[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password:
\e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else
fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str,
hydra_get_next_password()); else if (colored_output) fprintf(fp,
"[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m
%s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw,
hydra_get_next_password());
else
printf("[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password());
}
fflush(fp);
fflush(stdout);
*/
fprintf(fp, "[%d][%s] host: %s login: %s %s: %s\n", port, svc,
ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); if
(stdout != fp) { if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid"))
printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str,
hydra_get_next_login()); else if (!strcmp(svc, "snmp3")) printf("[%d][%s]
host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco"))
printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str,
hydra_get_next_password()); else printf("[%d][%s] host: %s login: %s %s:
%s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw,
hydra_get_next_password());
}
fflush(fp);
fflush(stdout);
*/
}
void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE * fp, char *msg) {
/*
strcpy(ipaddr_str, hydra_address2string(ip));
if (colored_output)
fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m password: \e[32m%s\e[0m [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(),
hydra_get_next_password(), msg);
else
fprintf(fp, "[%d][%s] host: %s login: %s password: %s [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg);
if (stdout != fp)
printf("[%d][%s] host: %s login: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password());
fflush(fp);
*/
void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE *fp, char *msg) {
/*
strcpy(ipaddr_str, hydra_address2string(ip));
if (colored_output)
fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login:
\e[32m%s\e[0m password: \e[32m%s\e[0m [%s]\n", port, svc, ipaddr_str,
hydra_get_next_login(), hydra_get_next_password(), msg); else fprintf(fp,
"[%d][%s] host: %s login: %s password: %s [%s]\n", port, svc,
ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg); if
(stdout != fp) printf("[%d][%s] host: %s login: %s password: %s\n",
port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password());
fflush(fp);
*/
}
int32_t hydra_connect_to_ssl(int32_t socket, char *hostname) {
@ -886,9 +902,7 @@ int32_t hydra_data_ready_writing_timed(int32_t socket, long sec, long usec) {
return (my_select(socket + 1, &fds, NULL, NULL, sec, usec));
}
int32_t hydra_data_ready_writing(int32_t socket) {
return (hydra_data_ready_writing_timed(socket, 30, 0));
}
int32_t hydra_data_ready_writing(int32_t socket) { return (hydra_data_ready_writing_timed(socket, 30, 0)); }
int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec) {
fd_set fds;
@ -898,9 +912,7 @@ int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec) {
return (my_select(socket + 1, &fds, NULL, NULL, sec, usec));
}
int32_t hydra_data_ready(int32_t socket) {
return (hydra_data_ready_timed(socket, 0, 100));
}
int32_t hydra_data_ready(int32_t socket) { return (hydra_data_ready_timed(socket, 0, 100)); }
int32_t hydra_recv(int32_t socket, char *buf, uint32_t length) {
int32_t ret;
@ -910,7 +922,8 @@ int32_t hydra_recv(int32_t socket, char *buf, uint32_t length) {
if (debug) {
sprintf(text, "[DEBUG] RECV [pid:%d]", getpid());
hydra_dump_data(buf, ret, text);
//hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret);
// hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]",
// buf, getpid(), ret);
}
return ret;
}
@ -919,7 +932,7 @@ int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length) {
int32_t ret = -1;
char text[64];
if (hydra_data_ready_timed(socket, (long) waittime, 0) > 0) {
if (hydra_data_ready_timed(socket, (long)waittime, 0) > 0) {
if ((ret = internal__hydra_recv(socket, buf, length)) <= 0) {
buf[0] = 0;
if (debug) {
@ -931,7 +944,8 @@ int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length) {
if (debug) {
sprintf(text, "[DEBUG] RECV [pid:%d]", getpid());
hydra_dump_data(buf, ret, text);
//hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret);
// hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]",
// buf, getpid(), ret);
}
}
return ret;
@ -949,9 +963,11 @@ char *hydra_receive_line(int32_t socket) {
memset(buff, 0, sizeof(buf));
if (debug)
printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, pid: %d\n", waittime, conwait, socket, getpid());
printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, "
"pid: %d\n",
waittime, conwait, socket, getpid());
if ((i = hydra_data_ready_timed(socket, (long) waittime, 0)) > 0) {
if ((i = hydra_data_ready_timed(socket, (long)waittime, 0)) > 0) {
do {
j = internal__hydra_recv(socket, buf, sizeof(buf) - 1);
if (j > 0) {
@ -976,22 +992,24 @@ char *hydra_receive_line(int32_t socket) {
}
} while (hydra_data_ready(socket) > 0 && j > 0
#ifdef LIBOPENSSL
|| use_ssl && SSL_pending(ssl)
|| use_ssl && SSL_pending(ssl)
#endif
);
);
if (got > 0) {
if (debug) {
sprintf(pid, "[DEBUG] RECV [pid:%d]", getpid());
hydra_dump_data(buff, got, pid);
//hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END", getpid(), got, buff);
// hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END",
// getpid(), got, buff);
}
} else {
if (got < 0) {
if (debug) {
sprintf(pid, "[DEBUG] RECV [pid:%d]", getpid());
hydra_dump_data((unsigned char*)"", -1, pid);
//hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]", getpid(), i);
hydra_dump_data((unsigned char *)"", -1, pid);
// hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]",
// getpid(), i);
perror("recv");
}
}
@ -1002,7 +1020,9 @@ char *hydra_receive_line(int32_t socket) {
usleepn(100);
} else {
if (debug)
printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, socket: %d\n", i, waittime, conwait, socket);
printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, "
"socket: %d\n",
i, waittime, conwait, socket);
}
return buff;
@ -1015,22 +1035,23 @@ int32_t hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options) {
sprintf(text, "[DEBUG] SEND [pid:%d]", getpid());
hydra_dump_data(buf, size, text);
/* int32_t k;
char *debugbuf = malloc(size + 1);
/* int32_t k;
char *debugbuf = malloc(size + 1);
if (debugbuf != NULL) {
for (k = 0; k < size; k++)
if (buf[k] == 0)
debugbuf[k] = 32;
else
debugbuf[k] = buf[k];
debugbuf[size] = 0;
hydra_report_debug(stderr, "DEBUG_SEND_BEGIN|%s|END [pid:%d]", debugbuf, getpid());
free(debugbuf);
}*/
if (debugbuf != NULL) {
for (k = 0; k < size; k++)
if (buf[k] == 0)
debugbuf[k] = 32;
else
debugbuf[k] = buf[k];
debugbuf[size] = 0;
hydra_report_debug(stderr, "DEBUG_SEND_BEGIN|%s|END [pid:%d]",
debugbuf, getpid()); free(debugbuf);
}*/
}
/* if (hydra_data_ready_writing(socket)) < 1) return -1; XXX maybe needed in the future */
/* if (hydra_data_ready_writing(socket)) < 1) return -1; XXX maybe needed
* in the future */
return (internal__hydra_send(socket, buf, size, options));
}
@ -1038,7 +1059,7 @@ int32_t make_to_lower(char *buf) {
if (buf == NULL)
return 1;
while (buf[0] != 0) {
buf[0] = tolower((int32_t) buf[0]);
buf[0] = tolower((int32_t)buf[0]);
buf++;
}
return 1;
@ -1046,15 +1067,16 @@ int32_t make_to_lower(char *buf) {
char *hydra_strrep(char *string, char *oldpiece, char *newpiece) {
int32_t str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len;
char *c, oldstring[6096], newstring[6096]; //updated due to issue 192 on github.
char *c, oldstring[6096],
newstring[6096]; // updated due to issue 192 on github.
static char finalstring[6096];
if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1
|| (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece)))
if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece)))
return NULL;
if (strlen(string) > 6000) {
hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6000 characters.\n");
hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max "
"limit is 6000 characters.\n");
exit(-1);
}
@ -1062,7 +1084,7 @@ char *hydra_strrep(char *string, char *oldpiece, char *newpiece) {
strcpy(oldstring, string);
// while ((c = (char *) strstr(oldstring, oldpiece)) != NULL) {
c = (char *) strstr(oldstring, oldpiece);
c = (char *)strstr(oldstring, oldpiece);
new_len = strlen(newpiece);
old_len = strlen(oldpiece);
end = strlen(oldstring) - old_len;
@ -1081,13 +1103,13 @@ char *hydra_strrep(char *string, char *oldpiece, char *newpiece) {
newstr_index += new_len;
str_index += old_len;
/* Check for another pattern match */
if ((c = (char *) strstr(oldstring + str_index, oldpiece)) != NULL)
if ((c = (char *)strstr(oldstring + str_index, oldpiece)) != NULL)
oldpiece_index = c - oldstring;
}
/* Copy remaining characters from the right of last matched pattern */
strcpy(newstring + newstr_index, oldstring + str_index);
strcpy(oldstring, newstring);
// }
// }
strcpy(finalstring, newstring);
return finalstring;
}
@ -1110,14 +1132,14 @@ unsigned char hydra_conv64(unsigned char in) {
}
void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize) {
unsigned char small[3] = { 0, 0, 0 };
unsigned char small[3] = {0, 0, 0};
unsigned char big[5];
unsigned char *ptr = buf;
uint32_t i = bufsize;
uint32_t len = 0;
unsigned char bof[i];
if (buf == NULL || strlen((char *) buf) == 0 || buflen == 0)
if (buf == NULL || strlen((char *)buf) == 0 || buflen == 0)
return;
bof[0] = 0;
memset(big, 0, sizeof(big));
@ -1129,12 +1151,12 @@ void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize) {
big[1] = hydra_conv64(((*ptr & 3) << 4) + (*(ptr + 1) >> 4));
big[2] = hydra_conv64(((*(ptr + 1) & 15) << 2) + (*(ptr + 2) >> 6));
big[3] = hydra_conv64(*(ptr + 2) & 63);
len += strlen((char *) big);
len += strlen((char *)big);
if (len > bufsize) {
buf[0] = 0;
return;
}
strcat((char *) bof, (char *) big);
strcat((char *)bof, (char *)big);
ptr += 3;
}
@ -1152,14 +1174,14 @@ void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize) {
if (small[1] == 0)
big[2] = '=';
big[3] = '=';
strcat((char *) bof, (char *) big);
strcat((char *)bof, (char *)big);
}
strcpy((char *) buf, (char *) bof); /* can not overflow */
strcpy((char *)buf, (char *)bof); /* can not overflow */
}
void hydra_dump_asciihex(unsigned char *string, int32_t length) {
unsigned char *p = (unsigned char *) string;
unsigned char *p = (unsigned char *)string;
unsigned char lastrow_data[16];
int32_t rows = length / HYDRA_DUMP_ROWS;
int32_t lastrow = length % HYDRA_DUMP_ROWS;
@ -1217,10 +1239,10 @@ char *hydra_address2string(char *address) {
if (address[0] == 4) {
memcpy(&target.sin_addr.s_addr, &address[1], 4);
return inet_ntoa((struct in_addr) target.sin_addr);
return inet_ntoa((struct in_addr)target.sin_addr);
} else
#ifdef AF_INET6
if (address[0] == 16) {
if (address[0] == 16) {
memcpy(&target6.sin6_addr, &address[1], 16);
inet_ntop(AF_INET6, &target6.sin6_addr, ipstring, sizeof(ipstring));
return ipstring;
@ -1231,7 +1253,7 @@ char *hydra_address2string(char *address) {
fprintf(stderr, "[ERROR] unknown address string size!\n");
return NULL;
}
return NULL; // not reached
return NULL; // not reached
}
char *hydra_address2string_beautiful(char *address) {
@ -1240,10 +1262,10 @@ char *hydra_address2string_beautiful(char *address) {
if (address[0] == 4) {
memcpy(&target.sin_addr.s_addr, &address[1], 4);
return inet_ntoa((struct in_addr) target.sin_addr);
return inet_ntoa((struct in_addr)target.sin_addr);
} else
#ifdef AF_INET6
if (address[0] == 16) {
if (address[0] == 16) {
memcpy(&target6.sin6_addr, &address[1], 16);
ipstring[0] = '[';
inet_ntop(AF_INET6, &target6.sin6_addr, ipstring + 1, sizeof(ipstring) - 1);
@ -1260,12 +1282,10 @@ char *hydra_address2string_beautiful(char *address) {
fprintf(stderr, "[ERROR] unknown address string size!\n");
return NULL;
}
return NULL; // not reached
return NULL; // not reached
}
void hydra_set_srcport(int32_t port) {
src_port = port;
}
void hydra_set_srcport(int32_t port) { src_port = port; }
#ifdef HAVE_PCRE
int32_t hydra_string_match(char *str, const char *regex) {
@ -1292,9 +1312,9 @@ int32_t hydra_string_match(char *str, const char *regex) {
* str_replace.c implements a str_replace PHP like function
* Copyright (C) 2009 chantra <chantra__A__debuntu__D__org>
*
* Create a new string with [substr] being replaced ONCE by [replacement] in [string]
* Returns the new string, or NULL if out of memory.
* The caller is responsible for freeing this new string.
* Create a new string with [substr] being replaced ONCE by [replacement] in
* [string] Returns the new string, or NULL if out of memory. The caller is
* responsible for freeing this new string.
*
*/
char *hydra_string_replace(const char *string, const char *substr, const char *replacement) {
@ -1323,16 +1343,16 @@ char *hydra_strcasestr(const char *haystack, const char *needle) {
return NULL;
for (; *haystack; ++haystack) {
if (toupper((int32_t) *haystack) == toupper((int32_t) *needle)) {
if (toupper((int32_t)*haystack) == toupper((int32_t)*needle)) {
const char *h, *n;
for (h = haystack, n = needle; *h && *n; ++h, ++n) {
if (toupper((int32_t) *h) != toupper((int32_t) *n)) {
if (toupper((int32_t)*h) != toupper((int32_t)*n)) {
break;
}
}
if (!*n) { /* matched all of 'needle' to null termination */
return (char *) haystack; /* return the start of the match */
if (!*n) { /* matched all of 'needle' to null termination */
return (char *)haystack; /* return the start of the match */
}
}
}
@ -1340,7 +1360,7 @@ char *hydra_strcasestr(const char *haystack, const char *needle) {
}
void hydra_dump_data(unsigned char *buf, int32_t len, char *text) {
unsigned char *p = (unsigned char *) buf;
unsigned char *p = (unsigned char *)buf;
unsigned char lastrow_data[16];
int32_t rows = len / 16;
int32_t lastrow = len % 16;

14
hydra-mod.h
View file

@ -4,11 +4,11 @@
#include "hydra.h"
#ifdef __sun
#include <sys/int_types.h>
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#include <inttypes.h>
#else
#include <stdint.h>
#include <stdint.h>
#endif
extern char quiet;
@ -21,10 +21,10 @@ extern char *hydra_get_next_password();
extern void hydra_completed_pair();
extern void hydra_completed_pair_found();
extern void hydra_completed_pair_skip();
extern void hydra_report_found(int32_t port, char *svc, FILE * fp);
extern void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE * fp);
extern void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE * fp);
extern void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE * fp, char *msg);
extern void hydra_report_found(int32_t port, char *svc, FILE *fp);
extern void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE *fp);
extern void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE *fp);
extern void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE *fp, char *msg);
extern void hydra_report_debug(FILE *st, char *format, ...);
extern int32_t hydra_connect_to_ssl(int32_t socket, char *hostname);
extern int32_t hydra_connect_ssl(char *host, int32_t port, char *hostname);

61
hydra-mongodb.c
View file

@ -1,6 +1,6 @@
//This plugin was written by <david dot maciejak at gmail D O T com>
//Tested on mongodb-server 1:3.6.3-0ubuntu1
//MONGODB-CR is been deprecated
// This plugin was written by <david dot maciejak at gmail D O T com>
// Tested on mongodb-server 1:3.6.3-0ubuntu1
// MONGODB-CR is been deprecated
#ifdef LIBMONGODB
#include <mongoc.h>
@ -9,9 +9,7 @@
#include "hydra-mod.h"
#ifndef LIBMONGODB
void dummy_mongodb() {
printf("\n");
}
void dummy_mongodb() { printf("\n"); }
#else
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
@ -31,16 +29,17 @@ int is_error_msg(char *msg) {
}
int require_auth(int32_t sock) {
unsigned char m_hdr[] =
"\x3f\x00\x00\x00" //messageLength (63)
"\x00\x00\x00\x41" //requestID
"\xff\xff\xff\xff" //responseTo
"\xd4\x07\x00\x00" //opCode (2004 OP_QUERY)
"\x00\x00\x00\x00" //flags
"\x61\x64\x6d\x69\x6e\x2e\x24\x63\x6d\x64\x00" //fullCollectionName (admin.$cmd)
"\x00\x00\x00\x00" //numberToSkip (0)
"\x01\x00\x00\x00" //numberToReturn (1)
"\x18\x00\x00\x00\x10\x6c\x69\x73\x74\x44\x61\x74\x61\x62\x61\x73\x65\x73\x00\x01\x00\x00\x00\x00"; //query ({"listDatabases"=>1})
unsigned char m_hdr[] = "\x3f\x00\x00\x00" // messageLength (63)
"\x00\x00\x00\x41" // requestID
"\xff\xff\xff\xff" // responseTo
"\xd4\x07\x00\x00" // opCode (2004 OP_QUERY)
"\x00\x00\x00\x00" // flags
"\x61\x64\x6d\x69\x6e\x2e\x24\x63\x6d\x64\x00" // fullCollectionName
// (admin.$cmd)
"\x00\x00\x00\x00" // numberToSkip (0)
"\x01\x00\x00\x00" // numberToReturn (1)
"\x18\x00\x00\x00\x10\x6c\x69\x73\x74\x44\x61\x74\x61\x62\x61\x73\x65\x73"
"\x00\x01\x00\x00\x00\x00"; // query ({"listDatabases"=>1})
if (hydra_send(sock, m_hdr, sizeof(m_hdr), 0) > 0) {
if (hydra_data_ready_timed(sock, 0, 1000) > 0) {
@ -51,7 +50,7 @@ int require_auth(int32_t sock) {
return 2;
}
int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass;
char uri[256];
@ -70,13 +69,13 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options,
pass = empty;
mongoc_init();
mongoc_log_set_handler (NULL, NULL);
mongoc_log_set_handler(NULL, NULL);
bson_init(&q);
snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s/?authSource=%s",login, pass, hydra_address2string(ip), miscptr);
snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s/?authSource=%s", login, pass, hydra_address2string(ip), miscptr);
client = mongoc_client_new(uri);
if (!client)
return 3;
return 3;
mongoc_client_set_appname(client, "hydra");
collection = mongoc_client_get_collection(client, miscptr, "test");
@ -86,7 +85,7 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options,
r = mongoc_cursor_error(cursor, &error);
if (r) {
if (verbose)
hydra_report(stderr, "[ERROR] Can not read document: %s\n", error.message);
hydra_report(stderr, "[ERROR] Can not read document: %s\n", error.message);
mongoc_cursor_destroy(cursor);
mongoc_collection_destroy(collection);
mongoc_client_destroy(client);
@ -96,9 +95,9 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options,
return 3;
}
return 2;
}
}
}
mongoc_cursor_destroy(cursor);
mongoc_collection_destroy(collection);
mongoc_client_destroy(client);
@ -112,9 +111,9 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options,
return 2;
}
void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
if (!miscptr) {
if (verbose)
hydra_report(stderr, "[INFO] Using default database \"admin\"\n");
@ -130,20 +129,21 @@ void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr,
switch (run) {
case 1:
next_run = start_mongodb(sock, ip, port, options, miscptr, fp);
break;
break;
case 2:
hydra_child_exit(0);
return;
default:
if (!verbose)
hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n");
hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose "
"option for more details\n");
hydra_child_exit(2);
}
run = next_run;
}
}
int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -179,6 +179,7 @@ int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char *
#endif
void usage_mongodb(const char* service) {
printf("Module mongodb is optionally taking a database name to attack, default is \"admin\"\n\n");
void usage_mongodb(const char *service) {
printf("Module mongodb is optionally taking a database name to attack, "
"default is \"admin\"\n\n");
}

104
hydra-mssql.c
View file

@ -5,47 +5,55 @@
extern char *HYDRA_EXIT;
char *buf;
unsigned char p_hdr[] =
"\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00";
unsigned char p_pk2[] =
"\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03"
"\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61"
"\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00";
unsigned char p_pk3[] =
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44"
"\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00";
unsigned char p_lng[] =
"\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00"
"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" "\x00\x03\x00\x00\x00";
unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00";
unsigned char p_pk2[] = "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03"
"\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61"
"\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00";
unsigned char p_pk3[] = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44"
"\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00"
"\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00";
unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00"
"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00"
"\x00\x03\x00\x00\x00";
int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, buffer[1024];
char ms_login[MSLEN + 1];
@ -81,7 +89,7 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch
if (hydra_send(s, buffer, MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN + 270, 0) < 0)
return 1;
if (hydra_send(s, (char *) p_lng, 71, 0) < 0)
if (hydra_send(s, (char *)p_lng, 71, 0) < 0)
return 1;
memset(buffer, 0, sizeof(buffer));
@ -107,7 +115,7 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch
return 1;
}
void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL;
@ -116,7 +124,7 @@ void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, F
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -129,18 +137,18 @@ void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, F
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = start_mssql(sock, ip, port, options, miscptr, fp);
hydra_disconnect(sock);
break;
case 2: /* clean exit */
case 2: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
@ -153,13 +161,13 @@ void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, F
}
}
int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

109
hydra-mysql.c
View file

@ -1,19 +1,16 @@
/* mysql 3.2x.x to 4.x support - by mcbethh (at) u-n-f (dot) com */
/* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev, adding support for mysql version 5.x */
/* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev,
* adding support for mysql version 5.x */
#include "hydra-mod.h"
#ifndef HAVE_MATH_H
#include <stdio.h>
void dummy_mysql() {
printf("\n");
}
void dummy_mysql() { printf("\n"); }
void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
printf("\n");
}
void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { printf("\n"); }
#else
#include <math.h>
@ -41,7 +38,8 @@ extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
extern char *HYDRA_EXIT;
char mysqlsalt[9];
/* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */
/* modified hydra_receive_line, I've striped code which changed every 0x00 to
* 0x20 */
char *hydra_mysql_receive_line(int32_t socket) {
char buf[300], *buff, *buff2;
int32_t i = 0, j = 0, buff_size = 300;
@ -51,7 +49,7 @@ char *hydra_mysql_receive_line(int32_t socket) {
return NULL;
memset(buff, 0, sizeof(buf));
i = hydra_data_ready_timed(socket, (long) waittime, 0);
i = hydra_data_ready_timed(socket, (long)waittime, 0);
if (i > 0) {
if ((i = internal__hydra_recv(socket, buff, sizeof(buf))) < 0) {
free(buff);
@ -98,7 +96,7 @@ char hydra_mysql_init(int32_t sock) {
protocol = buf[4];
if (protocol == 0xff) {
pos = &buf[6];
// *(strchr(pos, '.')) = '\0';
// *(strchr(pos, '.')) = '\0';
hydra_report(stderr, "[ERROR] %s\n", pos);
free(buf);
return 2;
@ -108,7 +106,10 @@ char hydra_mysql_init(int32_t sock) {
return 2;
}
if (protocol > 10) {
fprintf(stderr, "[INFO] This is protocol version %d, only v10 is supported, not sure if it will work\n", protocol);
fprintf(stderr,
"[INFO] This is protocol version %d, only v10 is supported, not "
"sure if it will work\n",
protocol);
}
server_version = &buf[5];
pos = buf + strlen(server_version) + 10;
@ -116,7 +117,8 @@ char hydra_mysql_init(int32_t sock) {
if (!strstr(server_version, "3.") && !strstr(server_version, "4.") && strstr(server_version, "5.")) {
#ifndef LIBMYSQLCLIENT
hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck configure to see if libmysql is found\n");
hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck "
"configure to see if libmysql is found\n");
#endif
free(buf);
return 2;
@ -130,35 +132,32 @@ char hydra_mysql_init(int32_t sock) {
char *hydra_mysql_prepare_auth(char *login, char *pass) {
unsigned char *response;
unsigned long login_len = strlen(login) > 32 ? 32 : strlen(login);
unsigned long response_len = 4 /* header */ +
2 /* client flags */ +
3 /* max packet len */ +
login_len + 1 + 8 /* scrambled password len */ ;
unsigned long response_len = 4 /* header */ + 2 /* client flags */ + 3 /* max packet len */ + login_len + 1 + 8 /* scrambled password len */;
response = (unsigned char *) malloc(response_len + 4);
response = (unsigned char *)malloc(response_len + 4);
if (response == NULL) {
fprintf(stderr, "[ERROR] could not allocate memory\n");
return NULL;
}
memset(response, 0, response_len + 4);
*((unsigned long *) response) = response_len - 4;
response[3] = 0x01; /* packet number */
*((unsigned long *)response) = response_len - 4;
response[3] = 0x01; /* packet number */
response[4] = 0x85;
response[5] = 0x24; /* client flags */
response[6] = response[7] = response[8] = 0x00; /* max packet */
memcpy(&response[9], login, login_len); /* login */
response[9 + login_len] = '\0'; /* null terminate login */
hydra_scramble((char *) &response[9 + login_len + 1], mysqlsalt, pass);
response[5] = 0x24; /* client flags */
response[6] = response[7] = response[8] = 0x00; /* max packet */
memcpy(&response[9], login, login_len); /* login */
response[9 + login_len] = '\0'; /* null terminate login */
hydra_scramble((char *)&response[9 + login_len + 1], mysqlsalt, pass);
return (char *) response;
return (char *)response;
}
/* returns 0 if authentication succeed */
/* and 1 if failed */
char hydra_mysql_parse_response(unsigned char *response) {
unsigned long response_len = *((unsigned long *) response) & 0xffffff;
unsigned long response_len = *((unsigned long *)response) & 0xffffff;
if (response_len < 4)
return 0;
@ -170,13 +169,13 @@ char hydra_mysql_parse_response(unsigned char *response) {
}
char hydra_mysql_send_com_quit(int32_t sock) {
char com_quit_packet[5] = { 0x01, 0x00, 0x00, 0x00, 0x01 };
char com_quit_packet[5] = {0x01, 0x00, 0x00, 0x00, 0x01};
hydra_send(sock, com_quit_packet, 5, 0);
return 0;
}
int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *response = NULL, *login = NULL, *pass = NULL;
unsigned long response_len;
char res = 0;
@ -221,7 +220,8 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options,
}
if (my_errno == 1251) {
hydra_report(stderr, "[ERROR] Client does not support authentication protocol requested by server\n");
hydra_report(stderr, "[ERROR] Client does not support authentication "
"protocol requested by server\n");
}
/*
@ -235,8 +235,8 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options,
*/
//if the error is more critical, we just try to reconnect
//to the db later with the mysql_init
// if the error is more critical, we just try to reconnect
// to the db later with the mysql_init
if ((my_errno != 1044) && (my_errno != 1045)) {
mysql_close(mysql);
mysql = NULL;
@ -264,7 +264,7 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options,
response = hydra_mysql_prepare_auth(login, pass);
if (response == NULL)
return 3;
response_len = *((unsigned long *) response) & 0xffffff;
response_len = *((unsigned long *)response) & 0xffffff;
/* send client auth packet */
/* dunny why, mysql IO code had problem reading my response. */
@ -280,7 +280,7 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options,
/* read authentication response */
if ((response = hydra_mysql_receive_line(sock)) == NULL)
return 1;
res = hydra_mysql_parse_response((unsigned char *) response);
res = hydra_mysql_parse_response((unsigned char *)response);
if (!res) {
hydra_mysql_send_com_quit(sock);
@ -302,7 +302,7 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options,
return 1;
}
void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_MYSQL;
@ -311,12 +311,12 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0) {
hydra_mysql_send_com_quit(sock);
sock = hydra_disconnect(sock);
}
// usleepn(300);
// usleepn(300);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -324,15 +324,16 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F
port = myport;
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_mysql(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0) {
hydra_mysql_send_com_quit(sock);
sock = hydra_disconnect(sock);
@ -349,8 +350,6 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F
#ifndef LIBMYSQLCLIENT
#endif
/************************************************************************/
@ -367,9 +366,9 @@ struct hydra_rand_struct {
double max_value_dbl;
};
void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */
void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */
rand_st->max_value = 0x3FFFFFFFL;
rand_st->max_value_dbl = (double) rand_st->max_value;
rand_st->max_value_dbl = (double)rand_st->max_value;
rand_st->seed1 = seed1 % rand_st->max_value;
rand_st->seed2 = seed2 % rand_st->max_value;
}
@ -377,7 +376,7 @@ void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, un
double hydra_rnd(struct hydra_rand_struct *rand_st) {
rand_st->seed1 = (rand_st->seed1 * 3 + rand_st->seed2) % rand_st->max_value;
rand_st->seed2 = (rand_st->seed1 + rand_st->seed2 + 33) % rand_st->max_value;
return (((double) rand_st->seed1) / rand_st->max_value_dbl);
return (((double)rand_st->seed1) / rand_st->max_value_dbl);
}
void hydra_hash_password(unsigned long *result, const char *password) {
register unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L;
@ -385,14 +384,15 @@ void hydra_hash_password(unsigned long *result, const char *password) {
for (; *password; password++) {
if (*password == ' ' || *password == '\t')
continue; /* skipp space in password */
tmp = (unsigned long) (unsigned char) *password;
continue; /* skipp space in password */
tmp = (unsigned long)(unsigned char)*password;
nr ^= (((nr & 63) + add) * tmp) + (nr << 8);
nr2 += (nr2 << 8) ^ nr;
add += tmp;
}
result[0] = nr & (((unsigned long) 1L << 31) - 1L); /* Don't use sign bit (str2int) */ ;
result[1] = nr2 & (((unsigned long) 1L << 31) - 1L);
result[0] = nr & (((unsigned long)1L << 31) - 1L); /* Don't use sign bit (str2int) */
;
result[1] = nr2 & (((unsigned long)1L << 31) - 1L);
return;
}
@ -408,8 +408,8 @@ char *hydra_scramble(char *to, const char *message, const char *password) {
hydra_hash_password(hash_message, message);
hydra_randominit(&rand_st, hash_pass[0] ^ hash_message[0], hash_pass[1] ^ hash_message[1]);
while (*message++)
*to++ = (char) (floor(hydra_rnd(&rand_st) * 31) + 64);
extra = (char) (floor(hydra_rnd(&rand_st) * 31));
*to++ = (char)(floor(hydra_rnd(&rand_st) * 31) + 64);
extra = (char)(floor(hydra_rnd(&rand_st) * 31));
while (to_start != to)
*(to_start++) ^= extra;
}
@ -418,13 +418,13 @@ char *hydra_scramble(char *to, const char *message, const char *password) {
}
#endif
int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -432,6 +432,7 @@ int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *mi
return 0;
}
void usage_mysql(const char* service) {
printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n");
void usage_mysql(const char *service) {
printf("Module mysql is optionally taking the database to attack, default is "
"\"mysql\"\n\n");
}

68
hydra-ncp.c
View file

@ -1,28 +1,25 @@
/*
* Novell Network Core Protocol Support - by David Maciejak @ GMAIL dot com
* Tested on Netware 6.5
*
*
* you need to install libncp and libncp-dev (tested with version 2.2.6-3)
*
*
* you can passed full context as OPT
*
* example: ./hydra -L login -P passw 172.16.246.129 ncp .O=cx
*
*/
#include "hydra-mod.h"
#ifndef LIBNCP
void dummy_ncp() {
printf("\n");
}
void dummy_ncp() { printf("\n"); }
#else
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ncp/nwcalls.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
extern char *HYDRA_EXIT;
extern int32_t child_head_no;
@ -33,11 +30,10 @@ typedef struct __NCP_DATA {
char *context;
} _NCP_DATA;
//uncomment line below to see more trace stack
// uncomment line below to see more trace stack
//#define NCP_DEBUG
int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *login;
char *pass;
char context[256];
@ -47,13 +43,11 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char
_NCP_DATA *session;
session = malloc(sizeof(_NCP_DATA));
memset(session, 0, sizeof(_NCP_DATA));
login = empty;
pass = empty;
if (strlen(login = hydra_get_next_login()) == 0) {
login = empty;
} else {
@ -71,8 +65,8 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char
}
}
//login and password are case insensitive
//str_upper(login);
// login and password are case insensitive
// str_upper(login);
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
@ -91,27 +85,27 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char
memset(session->spec.password, 0, sizeof(session->spec.password));
memcpy(session->spec.password, pass, strlen(pass) + 1);
//str_upper(session->spec.password);
// str_upper(session->spec.password);
ncp_lib_error_code = ncp_login_conn(session->conn, session->spec.user, object_type, session->spec.password);
switch (ncp_lib_error_code & 0x0000FFFF) {
case 0x0000: /* Success */
case 0x0000: /* Success */
#ifdef NCP_DEBUG
printf("Connection success (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code);
#endif
ncp_close(session->conn);
hydra_report_found_host(port, ip, "ncp", fp); //ok
hydra_report_found_host(port, ip, "ncp", fp); // ok
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3; //exit
return 3; // exit
free(session);
return 2; //next
return 2; // next
break;
case 0x89DE: /* PASSWORD INVALID */
case 0x89F0: /* BIND WILDCARD INVALID */
case 0x89FF: /* NO OBJ OR BAD PASSWORD */
case 0xFD63: /* FAILED_AUTHENTICATION */
case 0xFDA7: /* NO_SUCH_ENTRY */
case 0x89DE: /* PASSWORD INVALID */
case 0x89F0: /* BIND WILDCARD INVALID */
case 0x89FF: /* NO OBJ OR BAD PASSWORD */
case 0xFD63: /* FAILED_AUTHENTICATION */
case 0xFDA7: /* NO_SUCH_ENTRY */
#ifdef NCP_DEBUG
printf("Incorrect password (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code);
#endif
@ -119,7 +113,7 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
free(session);
return 2; //next
return 2; // next
}
break;
default:
@ -131,10 +125,10 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char
break;
}
free(session);
return 1; //reconnect
return 1; // reconnect
}
void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_NCP;
@ -144,7 +138,7 @@ void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (port != 0)
@ -152,14 +146,15 @@ void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
sock = hydra_connect_tcp(ip, myport);
port = myport;
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2:
/*
* Here we start the password cracking process
* Here we start the password cracking process
*/
next_run = start_ncp(sock, ip, port, options, miscptr, fp);
break;
@ -183,13 +178,13 @@ void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
#endif
int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -197,6 +192,7 @@ int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *misc
return 0;
}
void usage_ncp(const char* service) {
printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n");
void usage_ncp(const char *service) {
printf("Module ncp is optionally taking the full context, for example "
"\".O=cx\"\n\n");
}

259
hydra-nntp.c
View file

@ -25,7 +25,7 @@ char *nntp_read_server_capacity(int32_t sock) {
free(buf);
ptr = buf = hydra_receive_line(sock);
if (buf != NULL) {
if (isdigit((int32_t) buf[0]) && buf[3] == ' ')
if (isdigit((int32_t)buf[0]) && buf[3] == ' ')
resp = 1;
else {
if (buf[strlen(buf) - 1] == '\n')
@ -38,7 +38,7 @@ char *nntp_read_server_capacity(int32_t sock) {
if ((ptr = strrchr(buf, '\n')) != NULL) {
#endif
ptr++;
if (isdigit((int32_t) *ptr) && *(ptr + 3) == ' ')
if (isdigit((int32_t)*ptr) && *(ptr + 3) == ' ')
resp = 1;
}
}
@ -47,7 +47,7 @@ char *nntp_read_server_capacity(int32_t sock) {
return buf;
}
int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "\"\"";
char *login, *pass, buffer[500], buffer2[500], *fooptr;
int32_t i = 1;
@ -79,7 +79,7 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha
}
free(buf);
strcpy(buffer2, login);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
@ -94,7 +94,7 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha
}
free(buf);
strcpy(buffer2, pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
break;
case AUTH_PLAIN:
@ -120,128 +120,123 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha
break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:{
int32_t rc = 0;
char *preplogin;
case AUTH_CRAMMD5: {
int32_t rc = 0;
char *preplogin;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
}
sprintf(buffer, "AUTHINFO SASL CRAM-MD5\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
//get the one-time BASE64 encoded challenge
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (buf == NULL || strstr(buf, "383") == NULL) {
hydra_report(stderr, "[ERROR] NNTP CRAM-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf + 4);
free(buf);
memset(buffer2, 0, sizeof(buffer2));
sasl_cram_md5(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer));
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
strcpy(buffer, tmp_buffer);
free(preplogin);
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
}
break;
case AUTH_DIGESTMD5:{
sprintf(buffer, "AUTHINFO SASL DIGEST-MD5\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) {
hydra_report(stderr, "[ERROR] NNTP DIGEST-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf + 4);
free(buf);
if (debug)
hydra_report(stderr, "DEBUG S: %s\n", buffer);
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL);
if (fooptr == NULL)
return 3;
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2);
sprintf(buffer, "AUTHINFO SASL CRAM-MD5\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
break;
// get the one-time BASE64 encoded challenge
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (buf == NULL || strstr(buf, "383") == NULL) {
hydra_report(stderr, "[ERROR] NNTP CRAM-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *)buffer, buf + 4);
free(buf);
memset(buffer2, 0, sizeof(buffer2));
sasl_cram_md5(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer));
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
strcpy(buffer, tmp_buffer);
free(preplogin);
} break;
case AUTH_DIGESTMD5: {
sprintf(buffer, "AUTHINFO SASL DIGEST-MD5\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
// receive
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) {
hydra_report(stderr, "[ERROR] NNTP DIGEST-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *)buffer, buf + 4);
free(buf);
if (debug)
hydra_report(stderr, "DEBUG S: %s\n", buffer);
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL);
if (fooptr == NULL)
return 3;
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2);
} break;
#endif
case AUTH_NTLM:{
unsigned char buf1[4096];
unsigned char buf2[4096];
case AUTH_NTLM: {
unsigned char buf1[4096];
unsigned char buf2[4096];
//send auth and receive challenge
buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2));
sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char *) buf1);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) {
hydra_report(stderr, "[ERROR] NNTP NTLM AUTH : %s\n", buf);
free(buf);
return 3;
}
//recover challenge
from64tobits((char *) buf1, buf + 4);
free(buf);
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
sprintf(buffer, "%s\r\n", (char *) buf1);
// send auth and receive challenge
buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2));
sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char *)buf1);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
break;
default:{
sprintf(buffer, "AUTHINFO USER %.250s\r\n", login);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
buf = hydra_receive_line(s);
if (buf == NULL)
return 1;
if (buf[0] != '3') {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf);
free(buf);
return (3);
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) {
hydra_report(stderr, "[ERROR] NNTP NTLM AUTH : %s\n", buf);
free(buf);
sprintf(buffer, "AUTHINFO PASS %.250s\r\n", pass);
return 3;
}
break;
// recover challenge
from64tobits((char *)buf1, buf + 4);
free(buf);
buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
sprintf(buffer, "%s\r\n", (char *)buf1);
} break;
default: {
sprintf(buffer, "AUTHINFO USER %.250s\r\n", login);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
buf = hydra_receive_line(s);
if (buf == NULL)
return 1;
if (buf[0] != '3') {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf);
free(buf);
return (3);
}
free(buf);
sprintf(buffer, "AUTHINFO PASS %.250s\r\n", pass);
} break;
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
@ -266,7 +261,7 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha
return 2;
}
void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t i = 0, run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0;
char *buffer1 = "CAPABILITIES\r\n";
@ -276,10 +271,10 @@ void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(300);
// usleepn(300);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -293,12 +288,12 @@ void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
// usleepn(300);
// usleepn(300);
buf = hydra_receive_line(sock);
if (buf == NULL || buf[0] != '2') { /* check the first line */
if (buf == NULL || buf[0] != '2') { /* check the first line */
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
@ -352,10 +347,10 @@ void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
#endif
/*
AUTHINFO USER SASL
SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5
*/
/*
AUTHINFO USER SASL
SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5
*/
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "SASL\\s.*NTLM")) {
@ -405,7 +400,7 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int32_t) miscptr[i]);
miscptr[i] = (char)toupper((int32_t)miscptr[i]);
if (strncmp(miscptr, "USER", 4) == 0)
nntp_auth_mechanism = AUTH_CLEAR;
@ -426,7 +421,6 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5
if (strncmp(miscptr, "NTLM", 4) == 0)
nntp_auth_mechanism = AUTH_NTLM;
}
if (verbose) {
switch (nntp_auth_mechanism) {
@ -456,10 +450,10 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5
free(buf);
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_nntp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -472,13 +466,13 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5
}
}
int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -486,6 +480,7 @@ int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *mis
return 0;
}
void usage_nntp(const char* service) {
printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n");
void usage_nntp(const char *service) {
printf("Module nntp is optionally taking one authentication type of:\n"
" USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n");
}

64
hydra-oracle-listener.c
View file

@ -13,9 +13,7 @@ at http://marcellmajor.com/frame_listenerhash.html
#include "hydra-mod.h"
#ifndef LIBOPENSSL
#include <stdio.h>
void dummy_oracle_listener() {
printf("\n");
}
void dummy_oracle_listener() { printf("\n"); }
#else
#include "sasl.h"
#include <openssl/des.h>
@ -31,7 +29,7 @@ int32_t initial_permutation(unsigned char **result, char *p_str, int32_t *sz) {
int32_t i = strlen(p_str);
char *buff;
//expand the string with zero so that length is a multiple of 4
// expand the string with zero so that length is a multiple of 4
while ((i % 4) != 0) {
i = i + 1;
}
@ -44,14 +42,14 @@ int32_t initial_permutation(unsigned char **result, char *p_str, int32_t *sz) {
memset(buff, 0, i + 4);
strcpy(buff, p_str);
//swap the order of every byte pair
// swap the order of every byte pair
for (k = 0; k < i; k += 2) {
char bck = buff[k + 1];
buff[k + 1] = buff[k];
buff[k] = bck;
}
//convert to unicode
// convert to unicode
if ((*result = malloc(2 * i)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n");
free(buff);
@ -75,7 +73,7 @@ int32_t ora_hash(unsigned char **orahash, unsigned char *buf, int32_t len) {
}
for (i = 0; i < 8; i++) {
sprintf(((char *) *orahash) + i * 2, "%02X", buf[len - 8 + i]);
sprintf(((char *)*orahash) + i * 2, "%02X", buf[len - 8 + i]);
}
return 0;
}
@ -106,8 +104,8 @@ int32_t ora_descrypt(unsigned char **rs, unsigned char *result, int32_t siz) {
int32_t i = 0;
char lastkey[8];
DES_key_schedule ks1;
unsigned char key1[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
unsigned char ivec1[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
unsigned char key1[8] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF};
unsigned char ivec1[] = {0, 0, 0, 0, 0, 0, 0, 0};
unsigned char *desresult;
memset(ivec1, 0, sizeof(ivec1));
@ -115,14 +113,14 @@ int32_t ora_descrypt(unsigned char **rs, unsigned char *result, int32_t siz) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n");
return 1;
}
DES_key_sched((const_DES_cblock *) key1, &ks1);
DES_key_sched((const_DES_cblock *)key1, &ks1);
DES_ncbc_encrypt(result, desresult, siz, &ks1, &ivec1, DES_ENCRYPT);
for (i = 0; i < 8; i++) {
lastkey[i] = desresult[siz - 8 + i];
}
DES_key_sched((const_DES_cblock *) lastkey, &ks1);
DES_key_sched((const_DES_cblock *)lastkey, &ks1);
memset(desresult, 0, siz);
memset(ivec1, 0, sizeof(ivec1));
DES_ncbc_encrypt(result, desresult, siz, &ks1, &ivec1, DES_ENCRYPT);
@ -146,7 +144,7 @@ int32_t ora_hash_password(char *pass) {
memset(buff, 0, sizeof(buff));
//concatenate Arb string and convert the resulting string to uppercase
// concatenate Arb string and convert the resulting string to uppercase
snprintf(buff, sizeof(buff), "Arb%s", pass);
strupper(buff);
@ -179,13 +177,11 @@ int32_t ora_hash_password(char *pass) {
return 0;
}
int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
unsigned char tns_packet_begin[22] = {
"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00"
};
unsigned char tns_packet_end[32] = {
"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"
};
int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
unsigned char tns_packet_begin[22] = {"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e"
"\x00\x00\x01\x00"};
unsigned char tns_packet_end[32] = {"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"};
char *empty = "";
char *pass;
@ -210,9 +206,12 @@ int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char o
free(hash);
return 1;
}
pass = (char *) hash;
pass = (char *)hash;
}
snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)(PASSWORD=%s)(SERVICE=)(VERSION=169869568)))", pass);
snprintf(connect_string, sizeof(connect_string),
"(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)("
"PASSWORD=%s)(SERVICE=)(VERSION=169869568)))",
pass);
if (hash != NULL)
free(hash);
@ -226,7 +225,7 @@ int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char o
} else {
buffer2[1] = siz;
}
memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin));
memcpy(buffer2 + 2, (char *)tns_packet_begin, sizeof(tns_packet_begin));
siz = strlen(connect_string);
if (siz > 255) {
buffer2[2 + sizeof(tns_packet_begin)] = 1;
@ -234,7 +233,7 @@ int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char o
} else {
buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz;
}
memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end));
memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *)tns_packet_end, sizeof(tns_packet_end));
memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string));
if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) {
return 1;
@ -257,7 +256,7 @@ int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char o
return 1;
}
void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL;
@ -283,10 +282,10 @@ void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(300);
// usleepn(300);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -300,13 +299,13 @@ void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
/* run the cracking function */
next_run = start_oracle_listener(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -324,13 +323,13 @@ void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *
}
}
int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -338,8 +337,9 @@ int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options
return 0;
}
void usage_oracle_listener(const char* service) {
printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n");
void usage_oracle_listener(const char *service) {
printf("Module oracle-listener / tns is optionally taking the mode the "
"password is stored as, could be PLAIN (default) or CLEAR\n\n");
}
#endif

44
hydra-oracle-sid.c
View file

@ -11,9 +11,7 @@ find a big list on the Internet
#include "hydra-mod.h"
#ifndef LIBOPENSSL
#include <stdio.h>
void dummy_oracle_sid() {
printf("\n");
}
void dummy_oracle_sid() { printf("\n"); }
#else
#include <openssl/des.h>
#define HASHSIZE 16
@ -22,19 +20,16 @@ extern char *HYDRA_EXIT;
char *buf;
unsigned char *hash;
int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
/*
PP is the packet length
XX is the length of connect data
PP + tns_packet_begin + XX + tns_packet_end
*/
unsigned char tns_packet_begin[22] = {
"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00"
};
unsigned char tns_packet_end[32] = {
"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"
};
unsigned char tns_packet_begin[22] = {"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e"
"\x00\x00\x01\x00"};
unsigned char tns_packet_end[32] = {"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"};
char *empty = "";
char *login;
char connect_string[200];
@ -47,8 +42,10 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", login,
hydra_address2string(ip), port);
snprintf(connect_string, sizeof(connect_string),
"(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)("
"USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))",
login, hydra_address2string(ip), port);
siz = 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string);
if (siz > 255) {
buffer2[0] = 1;
@ -56,7 +53,7 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option
} else {
buffer2[1] = siz;
}
memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin));
memcpy(buffer2 + 2, (char *)tns_packet_begin, sizeof(tns_packet_begin));
siz = strlen(connect_string);
if (siz > 255) {
buffer2[2 + sizeof(tns_packet_begin)] = 1;
@ -64,7 +61,7 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option
} else {
buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz;
}
memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end));
memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *)tns_packet_end, sizeof(tns_packet_end));
memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string));
if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) {
return 1;
@ -72,7 +69,8 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
//if no error reported. it should be a resend packet type 00 08 00 00 0b 00 00 00, 4 is refuse
// if no error reported. it should be a resend packet type 00 08 00 00 0b 00
// 00 00, 4 is refuse
if ((strstr(buf, "ERR=") == NULL) && (buf[4] != 4)) {
hydra_report_found_host(port, ip, "oracle-sid", fp);
hydra_completed_pair_found();
@ -85,7 +83,7 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option
return 1;
}
void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL;
@ -94,10 +92,10 @@ void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscp
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(300);
// usleepn(300);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -110,13 +108,13 @@ void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscp
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
/* run the cracking function */
next_run = start_oracle_sid(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -134,13 +132,13 @@ void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscp
}
}
int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

79
hydra-oracle.c
View file

@ -4,8 +4,8 @@ david: code is based on SNORT spo_database.c
tested with :
-instantclient_10_2 on Oracle 10.2.0
-instantclient-basic-linux.*-11.2.0.3.0.zip + instantclient-sdk-linux.*-11.2.0.3.0.zip
on Oracle 9i and on Oracle 11g
-instantclient-basic-linux.*-11.2.0.3.0.zip +
instantclient-sdk-linux.*-11.2.0.3.0.zip on Oracle 9i and on Oracle 11g
*/
@ -13,9 +13,7 @@ on Oracle 9i and on Oracle 11g
#ifndef LIBORACLE
void dummy_oracle() {
printf("\n");
}
void dummy_oracle() { printf("\n"); }
#else
@ -40,7 +38,7 @@ void print_oracle_error(char *err) {
}
}
int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, buffer[200], sid[100];
@ -55,14 +53,17 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c
/*
To use the Easy Connect naming method, PHP must be linked with Oracle 10g or greater Client libraries.
The Easy Connect string for Oracle 10g is of the form: [//]host_name[:port][/service_name].
With Oracle 11g, the syntax is: [//]host_name[:port][/service_name][:server_type][/instance_name].
Service names can be found by running the Oracle utility lsnrctl status on the database server machine.
To use the Easy Connect naming method, PHP must be linked with Oracle 10g
or greater Client libraries. The Easy Connect string for Oracle 10g is of
the form: [//]host_name[:port][/service_name]. With Oracle 11g, the syntax
is: [//]host_name[:port][/service_name][:server_type][/instance_name].
Service names can be found by running the Oracle utility lsnrctl status on
the database server machine.
The tnsnames.ora file can be in the Oracle Net search path, which includes $ORACLE_HOME/network/admin
and /etc. Alternatively set TNS_ADMIN so that $TNS_ADMIN/tnsnames.ora is read. Make sure the web
daemon has read access to the file.
The tnsnames.ora file can be in the Oracle Net search path, which includes
$ORACLE_HOME/network/admin and /etc. Alternatively set TNS_ADMIN so that
$TNS_ADMIN/tnsnames.ora is read. Make sure the web daemon has read access
to the file.
*/
@ -78,26 +79,28 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c
print_oracle_error("OCIEnvInit 2");
return 4;
}
if (OCIHandleAlloc(o_environment, (dvoid **) & o_error, OCI_HTYPE_ERROR, (size_t) 0, NULL)) {
if (OCIHandleAlloc(o_environment, (dvoid **)&o_error, OCI_HTYPE_ERROR, (size_t)0, NULL)) {
print_oracle_error("OCIHandleAlloc");
return 4;
}
if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *) login, strlen(login), (const OraText *) pass, strlen(pass), (const OraText *) buffer, strlen(buffer))) {
if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *)login, strlen(login), (const OraText *)pass, strlen(pass), (const OraText *)buffer, strlen(buffer))) {
OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR);
//database: oracle_error: ORA-01017: invalid username/password; logon denied
//database: oracle_error: ORA-12514: TNS:listener does not currently know of service requested in connect descriptor
//database: oracle_error: ORA-28000: the account is locked
//Failed login attempts is set to 10 by default
// database: oracle_error: ORA-01017: invalid username/password; logon
// denied database: oracle_error: ORA-12514: TNS:listener does not currently
// know of service requested in connect descriptor database: oracle_error:
// ORA-28000: the account is locked Failed login attempts is set to 10 by
// default
if (verbose) {
hydra_report(stderr, "[VERBOSE] database: oracle_error: %s\n", o_errormsg);
}
if (strstr((const char *) o_errormsg, "ORA-12514") != NULL) {
hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to enumerate them.\n");
if (strstr((const char *)o_errormsg, "ORA-12514") != NULL) {
hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to "
"enumerate them.\n");
hydra_completed_pair();
return 3;
}
if (strstr((const char *) o_errormsg, "ORA-28000") != NULL) {
if (strstr((const char *)o_errormsg, "ORA-28000") != NULL) {
hydra_report(stderr, "[INFO] ORACLE account %s is locked.\n", login);
hydra_completed_pair_skip();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -106,15 +109,14 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c
}
if (o_error) {
OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR);
OCIHandleFree((dvoid *)o_error, OCI_HTYPE_ERROR);
}
hydra_completed_pair();
//by default, set in sqlnet.ora, the trace file is generated in pwd to log any errors happening,
//as we don't care, we are deleting the file
//set these parameters to not generate the file
//LOG_DIRECTORY_CLIENT = /dev/null
//LOG_FILE_CLIENT = /dev/null
// by default, set in sqlnet.ora, the trace file is generated in pwd to log
// any errors happening, as we don't care, we are deleting the file set
// these parameters to not generate the file LOG_DIRECTORY_CLIENT =
// /dev/null LOG_FILE_CLIENT = /dev/null
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
@ -122,7 +124,7 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c
} else {
OCILogoff(o_servicecontext, o_error);
if (o_error) {
OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR);
OCIHandleFree((dvoid *)o_error, OCI_HTYPE_ERROR);
}
hydra_report_found_host(port, ip, "oracle", fp);
hydra_completed_pair_found();
@ -132,7 +134,7 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c
return 1;
}
void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_ORACLE;
@ -141,14 +143,14 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr,
return;
if ((miscptr == NULL) || (strlen(miscptr) == 0)) {
//SID is required as miscptr
// SID is required as miscptr
hydra_report(stderr, "[ERROR] Oracle SID is required, using ORCL as default\n");
miscptr = "ORCL";
}
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (port != 0)
@ -158,7 +160,7 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr,
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -167,7 +169,7 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr,
next_run = start_oracle(sock, ip, port, options, miscptr, fp);
hydra_child_exit(0);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
unlink("sqlnet.log");
@ -183,13 +185,13 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr,
#endif
int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -197,6 +199,7 @@ int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *m
return 0;
}
void usage_oracle(const char* service) {
printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n");
void usage_oracle(const char *service) {
printf("Module oracle / ora is optionally taking the ORACLE SID, default is "
"\"ORCL\"\n\n");
}

26
hydra-pcanywhere.c
View file

@ -1,6 +1,6 @@
//This plugin was written by <david dot maciejak at kyxar dot fr>
// This plugin was written by <david dot maciejak at kyxar dot fr>
//
//PC-Anywhere authentication protocol test on Symantec PC-Anywhere 10.5
// PC-Anywhere authentication protocol test on Symantec PC-Anywhere 10.5
//
// no memleaks found on 110425
@ -71,7 +71,6 @@ void pca_encrypt(char *cleartxt) {
passwd[strlen(passwd)] = '\0';
strcpy(cleartxt, passwd);
}
}
void pca_decrypt(char *password) {
@ -92,7 +91,7 @@ void debugprintf(char *msg) {
printf("debug: %s\n", msg);
}
int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass;
char buffer[2048] = "";
@ -119,7 +118,6 @@ int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char option
server[3] = "Enter login name";
server[4] = "denying connection";
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
@ -158,13 +156,15 @@ int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char option
if (i == 0 || i == 3)
clean_buffer(buffer, ret);
if (debug) show_buffer(buffer, ret);
if (debug)
show_buffer(buffer, ret);
if (i == 2) {
clean_buffer(buffer, ret);
buffer[sizeof(buffer) - 1] = 0;
if (strstr(buffer, server[i + 2]) != NULL) {
fprintf(stderr, "[ERROR] PC Anywhere host denying connection because you have requested a lower encrypt level\n");
fprintf(stderr, "[ERROR] PC Anywhere host denying connection because "
"you have requested a lower encrypt level\n");
return 3;
}
}
@ -224,7 +224,7 @@ int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char option
return 1;
}
void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_PCANYWHERE, mysslport = PORT_PCANYWHERE_SSL;
@ -233,9 +233,8 @@ void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscp
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
usleepn(275);
@ -251,7 +250,8 @@ void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscp
port = mysslport;
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
@ -278,13 +278,13 @@ void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscp
}
}
int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

77
hydra-pcnfs.c
View file

@ -5,11 +5,11 @@
extern char *HYDRA_EXIT;
char *buf;
#define LEN_HDR_RPC 24
#define LEN_AUTH_UNIX 72+12
#define LEN_HDR_RPC 24
#define LEN_AUTH_UNIX 72 + 12
/* RPC common hdr */
struct rpc_hdr { /* 24 */
struct rpc_hdr { /* 24 */
unsigned long xid;
unsigned long type_msg;
unsigned long version_rpc;
@ -29,11 +29,11 @@ struct pr_auth_args {
char comments[255];
};
#define LEN_HDR_PCN_AUTH sizeof(struct pr_auth_args)
#define LEN_HDR_PCN_AUTH sizeof(struct pr_auth_args)
/* Lets start ... */
int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, buffer[LEN_HDR_RPC + LEN_AUTH_UNIX + LEN_HDR_PCN_AUTH];
char *ptr, *pkt = buffer;
@ -51,22 +51,24 @@ int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, ch
memset(pkt, 0, sizeof(buffer));
rpch = (struct rpc_hdr *) (pkt);
authp = (unsigned long *) (pkt + LEN_HDR_RPC);
prh = (struct pr_auth_args *) (pkt + LEN_HDR_RPC + LEN_AUTH_UNIX);
rpch = (struct rpc_hdr *)(pkt);
authp = (unsigned long *)(pkt + LEN_HDR_RPC);
prh = (struct pr_auth_args *)(pkt + LEN_HDR_RPC + LEN_AUTH_UNIX);
rpch->xid = htonl(0x32544843);
rpch->type_msg = htonl(0);
rpch->version_rpc = htonl(2);
rpch->prog_id = htonl(150001);
rpch->prog_ver = htonl(2);
rpch->prog_proc = htonl(13); /* PCNFSD_PROC_PRAUTH */
rpch->prog_proc = htonl(13); /* PCNFSD_PROC_PRAUTH */
prh->len_clnt = htonl(63);
prh->len_id = htonl(31);
prh->len_passwd = htonl(63);
prh->len_comments = htonl(254);
strcpy(prh->comments, " Hydra - THC password cracker - visit https://github.com/vanhauser-thc/thc-hydra - use only allowed for legal purposes ");
strcpy(prh->comments, " Hydra - THC password cracker - visit "
"https://github.com/vanhauser-thc/thc-hydra - use only "
"allowed for legal purposes ");
strcpy(prh->name, "localhost");
ptr = prh->id;
@ -82,16 +84,16 @@ int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, ch
}
*ptr = 0;
gettimeofday(&tv, (struct timezone *) NULL);
*(authp) = htonl(1); /* auth unix */
*(++authp) = htonl(LEN_AUTH_UNIX - 16); /* length auth */
*(++authp) = htonl(tv.tv_sec); /* local time */
*(++authp) = htonl(9); /* length host */
strcpy((char *) ++authp, "localhost"); /* hostname */
authp += (3); /* len(host)%4 */
*(authp) = htonl(0); /* uid root */
*(++authp) = htonl(0); /* gid root */
*(++authp) = htonl(9); /* 9 gid grps */
gettimeofday(&tv, (struct timezone *)NULL);
*(authp) = htonl(1); /* auth unix */
*(++authp) = htonl(LEN_AUTH_UNIX - 16); /* length auth */
*(++authp) = htonl(tv.tv_sec); /* local time */
*(++authp) = htonl(9); /* length host */
strcpy((char *)++authp, "localhost"); /* hostname */
authp += (3); /* len(host)%4 */
*(authp) = htonl(0); /* uid root */
*(++authp) = htonl(0); /* gid root */
*(++authp) = htonl(9); /* 9 gid grps */
/* group root, bin, daemon, sys, adm, disk, wheel, floppy, "user gid" */
*(++authp) = htonl(0);
*(++authp) = htonl(1);
@ -113,7 +115,7 @@ int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, ch
return 1;
}
/* analyze the output */
/* analyze the output */
if (buf[2] != 'g' || buf[5] != 32) {
fprintf(stderr, "[ERROR] RPC answer status : bad proc/version/auth\n");
free(buf);
@ -136,7 +138,7 @@ int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, ch
return 1;
}
void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp);
@ -155,22 +157,23 @@ void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, F
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((sock = hydra_connect_udp(ip, port)) < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((sock = hydra_connect_udp(ip, port)) < 0) {
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
case 2: /* run the cracking function */
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_pcnfs(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -183,13 +186,13 @@ void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, F
}
}
int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

469
hydra-pop3.c
View file

@ -1,12 +1,12 @@
#include "hydra-mod.h"
#include "sasl.h"
//openssl s_client -starttls pop3 -crlf -connect 192.168.0.10:110
// openssl s_client -starttls pop3 -crlf -connect 192.168.0.10:110
typedef struct pool_str {
char ip[36];
/* int32_t port;*/// not needed
/* int32_t port;*/ // not needed
int32_t pop3_auth_mechanism;
int32_t disable_tls;
struct pool_str *next;
@ -18,7 +18,7 @@ char apop_challenge[300] = "";
pool *plist = NULL, *p = NULL;
/* functions */
int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname);
int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
pool *list_create(pool data) {
pool *p;
@ -27,7 +27,7 @@ pool *list_create(pool data) {
return NULL;
memcpy(p->ip, data.ip, 36);
//p->port = data.port;
// p->port = data.port;
p->pop3_auth_mechanism = data.pop3_auth_mechanism;
p->disable_tls = data.disable_tls;
p->next = NULL;
@ -40,7 +40,7 @@ pool *list_insert(pool data) {
newnode = list_create(data);
newnode->next = plist;
plist = newnode->next; // to be sure!
plist = newnode->next; // to be sure!
return newnode;
}
@ -59,7 +59,7 @@ pool *list_find(char *ip) {
/* how to know when to release the mem ?
-> well, after _start has determined which pool number it is */
int32_t list_remove(pool * node) {
int32_t list_remove(pool *node) {
pool *save, *list = plist;
int32_t ok = -1;
@ -88,18 +88,18 @@ char *pop3_read_server_capacity(int32_t sock) {
free(buf);
ptr = buf = hydra_receive_line(sock);
if (buf != NULL) {
/*
exchange capa:
/*
exchange capa:
+OK
UIDL
STLS
+OK
UIDL
STLS
*/
*/
if (strstr(buf, "\r\n.\r\n") != NULL && buf[0] == '+') {
resp = 1;
/* we got the capability info then get the completed warning info from server */
/* we got the capability info then get the completed warning info from
* server */
while (hydra_data_ready(sock)) {
free(buf);
buf = hydra_receive_line(sock);
@ -117,7 +117,7 @@ STLS
return buf;
}
int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "\"\"";
char *login, *pass, buffer[500], buffer2[500], *fooptr;
@ -134,235 +134,226 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha
switch (p->pop3_auth_mechanism) {
#ifdef LIBOPENSSL
case AUTH_APOP:{
MD5_CTX c;
unsigned char md5_raw[MD5_DIGEST_LENGTH];
int32_t i;
char *pbuffer = buffer2;
case AUTH_APOP: {
MD5_CTX c;
unsigned char md5_raw[MD5_DIGEST_LENGTH];
int32_t i;
char *pbuffer = buffer2;
MD5_Init(&c);
MD5_Update(&c, apop_challenge, strlen(apop_challenge));
MD5_Update(&c, pass, strlen(pass));
MD5_Final(md5_raw, &c);
MD5_Init(&c);
MD5_Update(&c, apop_challenge, strlen(apop_challenge));
MD5_Update(&c, pass, strlen(pass));
MD5_Final(md5_raw, &c);
for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
sprintf(pbuffer, "%02x", md5_raw[i]);
pbuffer += 2;
}
sprintf(buffer, "APOP %s %s\r\n", login, buffer2);
for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
sprintf(pbuffer, "%02x", md5_raw[i]);
pbuffer += 2;
}
break;
sprintf(buffer, "APOP %s %s\r\n", login, buffer2);
} break;
#endif
case AUTH_LOGIN:{
sprintf(buffer, "AUTH LOGIN\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
strcpy(buffer2, login);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
strcpy(buffer2, pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
case AUTH_LOGIN: {
sprintf(buffer, "AUTH LOGIN\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
break;
case AUTH_PLAIN:{
sprintf(buffer, "AUTH PLAIN\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 PLAIN AUTH : %s\n", buf);
free(buf);
return 3;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf);
free(buf);
memset(buffer, 0, sizeof(buffer));
sasl_plain(buffer, login, pass);
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
strcpy(buffer, tmp_buffer);
return 3;
}
break;
free(buf);
strcpy(buffer2, login);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
strcpy(buffer2, pass);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
} break;
case AUTH_PLAIN: {
sprintf(buffer, "AUTH PLAIN\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 PLAIN AUTH : %s\n", buf);
free(buf);
return 3;
}
free(buf);
memset(buffer, 0, sizeof(buffer));
sasl_plain(buffer, login, pass);
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
strcpy(buffer, tmp_buffer);
} break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:
case AUTH_CRAMSHA1:
case AUTH_CRAMSHA256:{
int32_t rc = 0;
char *preplogin;
case AUTH_CRAMSHA256: {
int32_t rc = 0;
char *preplogin;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
}
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
}
switch (p->pop3_auth_mechanism) {
case AUTH_CRAMMD5:
sprintf(buffer, "AUTH CRAM-MD5\r\n");
break;
case AUTH_CRAMSHA1:
sprintf(buffer, "AUTH CRAM-SHA1\r\n");
break;
case AUTH_CRAMSHA256:
sprintf(buffer, "AUTH CRAM-SHA256\r\n");
break;
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
// get the one-time BASE64 encoded challenge
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
switch (p->pop3_auth_mechanism) {
case AUTH_CRAMMD5:
sprintf(buffer, "AUTH CRAM-MD5\r\n");
hydra_report(stderr, "[ERROR] POP3 CRAM-MD5 AUTH : %s\n", buf);
break;
case AUTH_CRAMSHA1:
sprintf(buffer, "AUTH CRAM-SHA1\r\n");
hydra_report(stderr, "[ERROR] POP3 CRAM-SHA1 AUTH : %s\n", buf);
break;
case AUTH_CRAMSHA256:
sprintf(buffer, "AUTH CRAM-SHA256\r\n");
hydra_report(stderr, "[ERROR] POP3 CRAM-SHA256 AUTH : %s\n", buf);
break;
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
//get the one-time BASE64 encoded challenge
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
switch (p->pop3_auth_mechanism) {
case AUTH_CRAMMD5:
hydra_report(stderr, "[ERROR] POP3 CRAM-MD5 AUTH : %s\n", buf);
break;
case AUTH_CRAMSHA1:
hydra_report(stderr, "[ERROR] POP3 CRAM-SHA1 AUTH : %s\n", buf);
break;
case AUTH_CRAMSHA256:
hydra_report(stderr, "[ERROR] POP3 CRAM-SHA256 AUTH : %s\n", buf);
break;
}
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf + 2);
free(buf);
memset(buffer2, 0, sizeof(buffer2));
switch (p->pop3_auth_mechanism) {
case AUTH_CRAMMD5:{
sasl_cram_md5(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
}
break;
case AUTH_CRAMSHA1:{
sasl_cram_sha1(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
}
break;
case AUTH_CRAMSHA256:{
sasl_cram_sha256(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
}
break;
}
hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer));
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
strcpy(buffer, tmp_buffer);
free(preplogin);
return 3;
}
break;
case AUTH_DIGESTMD5:{
sprintf(buffer, "AUTH DIGEST-MD5\r\n");
memset(buffer, 0, sizeof(buffer));
from64tobits((char *)buffer, buf + 2);
free(buf);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 DIGEST-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf);
memset(buffer2, 0, sizeof(buffer2));
switch (p->pop3_auth_mechanism) {
case AUTH_CRAMMD5: {
sasl_cram_md5(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
} break;
case AUTH_CRAMSHA1: {
sasl_cram_sha1(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
} break;
case AUTH_CRAMSHA256: {
sasl_cram_sha256(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
} break;
}
hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer));
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
strcpy(buffer, tmp_buffer);
free(preplogin);
} break;
case AUTH_DIGESTMD5: {
sprintf(buffer, "AUTH DIGEST-MD5\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
// receive
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 DIGEST-MD5 AUTH : %s\n", buf);
free(buf);
if (debug)
hydra_report(stderr, "[DEBUG] S: %s\n", buffer);
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL);
if (fooptr == NULL)
return 3;
if (debug)
hydra_report(stderr, "[DEBUG] C: %s\n", buffer2);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2);
return 3;
}
break;
memset(buffer, 0, sizeof(buffer));
from64tobits((char *)buffer, buf);
free(buf);
if (debug)
hydra_report(stderr, "[DEBUG] S: %s\n", buffer);
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL);
if (fooptr == NULL)
return 3;
if (debug)
hydra_report(stderr, "[DEBUG] C: %s\n", buffer2);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2);
} break;
#endif
case AUTH_NTLM:{
unsigned char buf1[4096];
unsigned char buf2[4096];
case AUTH_NTLM: {
unsigned char buf1[4096];
unsigned char buf2[4096];
//Send auth request
sprintf(buffer, "AUTH NTLM\r\n");
// Send auth request
sprintf(buffer, "AUTH NTLM\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 NTLM AUTH : %s\n", buf);
free(buf);
return 3;
}
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
// receive
if ((buf = hydra_receive_line(s)) == NULL)
return 4;
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] POP3 NTLM AUTH : %s\n", buf);
free(buf);
//send auth and receive challenge
//send auth request: lst the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2));
sprintf(buffer, "%s\r\n", buf1);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
if ((buf = hydra_receive_line(s)) == NULL || strlen(buf) < 6)
return 4;
//recover challenge
from64tobits((char *) buf1, buf + 2);
free(buf);
//Send response
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
sprintf(buffer, "%s\r\n", buf1);
return 3;
}
break;
free(buf);
// send auth and receive challenge
// send auth request: lst the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2));
sprintf(buffer, "%s\r\n", buf1);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
if ((buf = hydra_receive_line(s)) == NULL || strlen(buf) < 6)
return 4;
// recover challenge
from64tobits((char *)buf1, buf + 2);
free(buf);
// Send response
buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
sprintf(buffer, "%s\r\n", buf1);
} break;
default:
sprintf(buffer, "USER %.250s\r\n", login);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
@ -413,11 +404,11 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha
return 2;
}
void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
char *ptr = NULL;
//extract data from the pool, ip is the key
// extract data from the pool, ip is the key
if (plist == NULL)
if (service_pop3_init(ip, sp, options, miscptr, fp, port, hostname) != 0)
hydra_child_exit(2);
@ -433,10 +424,9 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
@ -448,11 +438,11 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
buf = hydra_receive_line(sock);
if (buf == NULL || buf[0] != '+') { /* check the first line */
if (buf == NULL || buf[0] != '+') { /* check the first line */
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
@ -470,11 +460,13 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
#ifdef LIBOPENSSL
if (!p->disable_tls) {
/* check for STARTTLS, if available we may have access to more basic auth methods */
/* check for STARTTLS, if available we may have access to more basic
* auth methods */
hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0);
buf = hydra_receive_line(sock);
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer "
"received from STARTTLS request\n");
} else {
free(buf);
if ((hydra_connect_to_ssl(sock, hostname) == -1)) {
@ -491,15 +483,15 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_pop3(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
case 4: /* clean exit */
case 4: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
@ -512,8 +504,7 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
}
int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t myport = PORT_POP3, mysslport = PORT_POP3_SSL;
char *ptr = NULL;
int32_t sock = -1;
@ -537,11 +528,11 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int32_t)getpid());
return -1;
}
buf = hydra_receive_line(sock);
if (buf == NULL || buf[0] != '+') { /* check the first line */
if (buf == NULL || buf[0] != '+') { /* check the first line */
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf);
return -1;
@ -575,7 +566,7 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis
int32_t i;
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int32_t) miscptr[i]);
miscptr[i] = (char)toupper((int32_t)miscptr[i]);
if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) {
p.disable_tls = 0;
@ -584,13 +575,15 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis
#ifdef LIBOPENSSL
if (!p.disable_tls) {
/* check for STARTTLS, if available we may have access to more basic auth methods */
/* check for STARTTLS, if available we may have access to more basic auth
* methods */
if (strstr(buf, "STLS") != NULL) {
hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0);
free(buf);
buf = hydra_receive_line(sock);
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer "
"received from STARTTLS request\n");
} else {
free(buf);
if ((hydra_connect_to_ssl(sock, hostname) == -1)) {
@ -616,16 +609,16 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis
}
}
} else
hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not "
"supported by the server\n");
}
#endif
if (hydra_send(sock, quit_str, strlen(quit_str), 0) < 0) {
//we don't care if the server is not receiving the quit msg
// we don't care if the server is not receiving the quit msg
}
hydra_disconnect(sock);
if (verbose)
hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf);
@ -648,7 +641,8 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis
which are supported.
*/
/* which mean threre will *always* have a space before the LOGIN auth keyword */
/* which mean threre will *always* have a space before the LOGIN auth keyword
*/
if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) {
p.pop3_auth_mechanism = AUTH_NTLM;
}
@ -688,12 +682,10 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis
#else
p.pop3_auth_mechanism = AUTH_CLEAR;
#endif
}
free(buf);
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
if (strstr(miscptr, "CLEAR"))
p.pop3_auth_mechanism = AUTH_CLEAR;
@ -722,7 +714,6 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis
if (strstr(miscptr, "NTLM"))
p.pop3_auth_mechanism = AUTH_NTLM;
}
if (verbose) {
@ -765,7 +756,6 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis
case AUTH_NTLM:
hydra_report(stderr, "[VERBOSE] using POP3 NTLM AUTH mechanism\n");
break;
}
}
@ -777,8 +767,11 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis
return 0;
}
void usage_pop3(const char* service) {
void usage_pop3(const char *service) {
printf("Module pop3 is optionally taking one authentication type of:\n"
" CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
" CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n");
" CRAM-SHA256, DIGEST-MD5, NTLM.\n"
"Additionally TLS encryption via STLS can be enforced with the TLS "
"option.\n\n"
"Example: pop3://target/TLS:PLAIN\n");
}

34
hydra-postgres.c
View file

@ -1,26 +1,24 @@
/*
* PostgresSQL Support - by Diaul (at) devilopers.org
* PostgresSQL Support - by Diaul (at) devilopers.org
*
*
*
* 110425 no obvious memleaks found
*/
#include "hydra-mod.h"
#ifndef LIBPOSTGRES
void dummy_postgres() {
printf("\n");
}
void dummy_postgres() { printf("\n"); }
#else
#include "libpq-fe.h" // Postgres connection functions
#include "libpq-fe.h" // Postgres connection functions
#include <stdio.h>
#define DEFAULT_DB "template1"
extern char *HYDRA_EXIT;
int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass;
char database[256];
@ -42,7 +40,6 @@ int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options,
* Building the connection string
*/
snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass);
if (verbose)
@ -65,7 +62,7 @@ int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options,
return 1;
}
void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_POSTGRES, mysslport = PORT_POSTGRES_SSL;
@ -74,12 +71,11 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -92,14 +88,15 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr
port = mysslport;
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2:
/*
* Here we start the password cracking process
* Here we start the password cracking process
*/
next_run = start_postgres(sock, ip, port, options, miscptr, fp);
break;
@ -118,13 +115,13 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr
#endif
int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -132,6 +129,7 @@ int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char
return 0;
}
void usage_postgres(const char* service) {
printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n");
void usage_postgres(const char *service) {
printf("Module postgres is optionally taking the database to attack, default "
"is \"template1\"\n\n");
}

323
hydra-radmin2.c
View file

@ -7,42 +7,42 @@
extern char *HYDRA_EXIT;
//RAdmin 2.x
// RAdmin 2.x
struct rmessage {
uint8_t magic; //Indicates version, probably?
uint32_t length; //Total message size of data.
uint32_t checksum; //Checksum from type to end of data.
uint8_t type; //Command type, table below.
unsigned char data[32]; //data to be sent.
uint8_t magic; // Indicates version, probably?
uint32_t length; // Total message size of data.
uint32_t checksum; // Checksum from type to end of data.
uint8_t type; // Command type, table below.
unsigned char data[32]; // data to be sent.
};
/*
* Usage: sum = checksum(message);
* Function: Returns a 4 byte little endian sum of the messages typecode+data. This data is zero padded for alignment.
* Example message (big endian):
* [01][00000021][0f43d461] sum([1b6e779a f37189bb c1b22982 c80d1f4d 66678ff9 4b10f0ce eabff6e8 f4fb8338 3b] + zeropad(3)])
* Sum: is 0f43d461 (big endian)
* Function: Returns a 4 byte little endian sum of the messages typecode+data.
* This data is zero padded for alignment. Example message (big endian):
* [01][00000021][0f43d461] sum([1b6e779a f37189bb c1b22982 c80d1f4d 66678ff9
* 4b10f0ce eabff6e8 f4fb8338 3b] + zeropad(3)]) Sum: is 0f43d461 (big endian)
*/
uint32_t checksum(struct rmessage *msg) {
int32_t blen;
uint8_t *stream;
uint32_t sum;
blen = msg->length; //Get the real length.
blen = msg->length; // Get the real length.
blen += (4 - (blen % 4));
//Allocate a worksapce.
// Allocate a worksapce.
stream = calloc(blen, sizeof(uint8_t));
memcpy(stream, &msg->type, sizeof(uint8_t));
memcpy(stream+1, msg->data, blen-1);
memcpy(stream + 1, msg->data, blen - 1);
sum = 0;
for(blen -= sizeof(uint32_t); blen > 0; blen -= sizeof(uint32_t)) {
for (blen -= sizeof(uint32_t); blen > 0; blen -= sizeof(uint32_t)) {
sum += *(uint32_t *)(stream + blen);
}
sum += *(uint32_t *)stream;
//Free the workspace.
// Free the workspace.
free(stream);
return sum;
@ -50,7 +50,8 @@ uint32_t checksum(struct rmessage *msg) {
/*
* Usage: challenge_request(message);
* Function: Modifies message to reflect a request for a challenge. Updates the checksum as appropriate.
* Function: Modifies message to reflect a request for a challenge. Updates the
* checksum as appropriate.
*/
void challenge_request(struct rmessage *msg) {
msg->magic = 0x01;
@ -61,7 +62,8 @@ void challenge_request(struct rmessage *msg) {
/*
* Usage: challenge_request(message);
* Function: Modifies message to reflect a response to a challenge. Updates the checksum as appropriate.
* Function: Modifies message to reflect a response to a challenge. Updates the
* checksum as appropriate.
*/
void challenge_response(struct rmessage *msg, unsigned char *solution) {
msg->magic = 0x01;
@ -72,46 +74,47 @@ void challenge_response(struct rmessage *msg, unsigned char *solution) {
}
/*
* Usage: buffer = message2buffer(message); send(buffer, message->length + 10); free(buffer)
* Function: Allocates a buffer for transmission and fills the buffer with message data such that it is ready to transmit.
* Usage: buffer = message2buffer(message); send(buffer, message->length + 10);
* free(buffer) Function: Allocates a buffer for transmission and fills the
* buffer with message data such that it is ready to transmit.
*/
//TODO: conver to a sendMessage() function?
// TODO: conver to a sendMessage() function?
char *message2buffer(struct rmessage *msg) {
char *data;
if(msg == NULL) {
if (msg == NULL) {
hydra_report(stderr, "rmessage is null\n");
hydra_child_exit(0);
return NULL;
}
switch(msg->type) {
case 0x1b: //Challenge request
data = (char *)calloc (10, sizeof(char));
if(data == NULL) {
hydra_report(stderr, "calloc failure\n");
hydra_child_exit(0);
}
memcpy(data, &msg->magic, sizeof(char));
*((int32_t *)(data+1)) = htonl(msg->length);
*((int32_t *)(data+5)) = htonl(msg->checksum);
memcpy((data+9), &msg->type, sizeof(char));
break;
case 0x09:
data = (char *)calloc (42, sizeof(char));
if(data == NULL) {
hydra_report(stderr, "calloc failure\n");
hydra_child_exit(0);
}
memcpy(data, &msg->magic, sizeof(char));
*((int32_t *)(data+1)) = htonl(msg->length);
*((int32_t *)(data+5)) = htonl(msg->checksum);
memcpy((data+9), &msg->type, sizeof(char));
memcpy((data+10), msg->data, sizeof(char) * 32);
break;
default:
hydra_report(stderr, "unknown rmessage type\n");
switch (msg->type) {
case 0x1b: // Challenge request
data = (char *)calloc(10, sizeof(char));
if (data == NULL) {
hydra_report(stderr, "calloc failure\n");
hydra_child_exit(0);
return NULL;
}
memcpy(data, &msg->magic, sizeof(char));
*((int32_t *)(data + 1)) = htonl(msg->length);
*((int32_t *)(data + 5)) = htonl(msg->checksum);
memcpy((data + 9), &msg->type, sizeof(char));
break;
case 0x09:
data = (char *)calloc(42, sizeof(char));
if (data == NULL) {
hydra_report(stderr, "calloc failure\n");
hydra_child_exit(0);
}
memcpy(data, &msg->magic, sizeof(char));
*((int32_t *)(data + 1)) = htonl(msg->length);
*((int32_t *)(data + 5)) = htonl(msg->checksum);
memcpy((data + 9), &msg->type, sizeof(char));
memcpy((data + 10), msg->data, sizeof(char) * 32);
break;
default:
hydra_report(stderr, "unknown rmessage type\n");
hydra_child_exit(0);
return NULL;
}
return data;
}
@ -119,12 +122,12 @@ char *message2buffer(struct rmessage *msg) {
struct rmessage *buffer2message(char *buffer) {
struct rmessage *msg;
msg = calloc(1, sizeof(struct rmessage));
if(msg == NULL) {
if (msg == NULL) {
hydra_report(stderr, "calloc failure\n");
hydra_child_exit(0);
}
//Start parsing...
// Start parsing...
msg->magic = buffer[0];
buffer += sizeof(char);
msg->length = ntohl(*((uint32_t *)(buffer)));
@ -134,41 +137,38 @@ struct rmessage *buffer2message(char *buffer) {
msg->type = buffer[0];
buffer += sizeof(char);
//Verify known fields...
if(msg->magic != 0x01) {
// Verify known fields...
if (msg->magic != 0x01) {
hydra_report(stderr, "Bad magic\n");
hydra_child_exit(0);
return NULL;
}
switch(msg->type) {
case 0x1b:
if(msg->length != 0x21) {
hydra_report(stderr, "Bad length...%08x\n", msg->length);
hydra_child_exit(0);
return NULL;
}
memcpy(msg->data, buffer, 32);
break;
case 0x0a:
//Win!
case 0x0b:
//Lose!
break;
default:
hydra_report(stderr, "unknown rmessage type");
switch (msg->type) {
case 0x1b:
if (msg->length != 0x21) {
hydra_report(stderr, "Bad length...%08x\n", msg->length);
hydra_child_exit(0);
return NULL;
}
memcpy(msg->data, buffer, 32);
break;
case 0x0a:
// Win!
case 0x0b:
// Lose!
break;
default:
hydra_report(stderr, "unknown rmessage type");
hydra_child_exit(0);
return NULL;
}
return msg;
}
int32_t start_radmin2(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { return 0; }
int32_t start_radmin2(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
return 0;
}
void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
#ifdef HAVE_GCRYPT
int32_t sock = -1;
int32_t index;
@ -185,7 +185,7 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr,
gcry_cipher_hd_t cipher;
gcry_md_hd_t md;
if(port != 0) {
if (port != 0) {
myport = port;
}
@ -193,14 +193,13 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr,
memset(buffer, 0x00, sizeof(buffer));
//Phone the mother ship
// Phone the mother ship
hydra_register_socket(sp);
if( memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
return;
}
while(1) {
while (1) {
/* Typical conversation goes as follows...
0) connect to server
1) request challenge
@ -210,7 +209,7 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr,
*/
// 0) Connect to the server
sock = hydra_connect_tcp(ip, myport);
if(sock < 0) {
if (sock < 0) {
hydra_report(stderr, "Error: Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
@ -220,140 +219,164 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr,
challenge_request(msg);
request = message2buffer(msg);
hydra_send(sock, request, 10, 0);
free(msg);
free(msg);
free(request);
//2) receive response (working)
// 2) receive response (working)
index = 0;
while(index < 42) { //We're always expecting back a 42 byte buffer from a challenge request.
switch(hydra_data_ready(sock)) {
case -1:
hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno));
while (index < 42) { // We're always expecting back a 42 byte buffer from a
// challenge request.
switch (hydra_data_ready(sock)) {
case -1:
hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno));
hydra_child_exit(1);
break;
case 0:
// keep waiting...
break;
default:
bytecount = hydra_recv(sock, buffer + index, 42 - index);
if (bytecount < 0) {
hydra_report(stderr,
"Error: Child with pid %d terminating, receive "
"error\nerror:\t%s\n",
(int32_t)getpid(), strerror(errno));
hydra_child_exit(1);
break;
case 0:
//keep waiting...
break;
default:
bytecount = hydra_recv(sock, buffer+index, 42 - index);
if(bytecount < 0) {
hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno));
hydra_child_exit(1);
}
index += bytecount;
}
index += bytecount;
}
}
//3) Send challenge solution.
// 3) Send challenge solution.
// Get a password to work with.
memset(password, 0x00, sizeof(password));
memset(encrypted, 0x00, sizeof(encrypted));
// Get a password to work with.
memset(password, 0x00, sizeof(password));
memset(encrypted, 0x00, sizeof(encrypted));
hydra_get_next_pair();
strncpy(password, hydra_get_next_password(), sizeof(password)-1);
strncpy(password, hydra_get_next_password(), sizeof(password) - 1);
//MD5 the password to generate the password key, this is used with twofish below.
// MD5 the password to generate the password key, this is used with twofish
// below.
err = gcry_md_open(&md, GCRY_MD_MD5, 0);
if(err) {
hydra_report(stderr, "Error: Child with pid %d terminating, gcry_md_open error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
if (err) {
hydra_report(stderr,
"Error: Child with pid %d terminating, gcry_md_open error "
"(%08x)\n%s/%s",
(int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
hydra_child_exit(1);
}
gcry_md_reset(md);
gcry_md_write(md, password, 100);
if(gcry_md_read(md, 0) == NULL) {
if (gcry_md_read(md, 0) == NULL) {
hydra_report(stderr, "Error: Child with pid %d terminating, gcry_md_read error (%08x)\n", (int32_t)getpid(), index);
hydra_child_exit(1);
}
memcpy(rawkey, gcry_md_read(md, 0), 16);
gcry_md_close(md);
//3.a) generate a new message from the buffer
// 3.a) generate a new message from the buffer
msg = buffer2message(buffer);
//3.b) encrypt data received using pkey & known IV
err= gcry_cipher_open(&cipher, GCRY_CIPHER_TWOFISH128, GCRY_CIPHER_MODE_CBC, 0);
if(err) {
hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_open error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
// 3.b) encrypt data received using pkey & known IV
err = gcry_cipher_open(&cipher, GCRY_CIPHER_TWOFISH128, GCRY_CIPHER_MODE_CBC, 0);
if (err) {
hydra_report(stderr,
"Error: Child with pid %d terminating, gcry_cipher_open "
"error (%08x)\n%s/%s",
(int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
hydra_child_exit(1);
}
err = gcry_cipher_setiv(cipher, IV, 16);
if(err) {
hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_setiv error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
if (err) {
hydra_report(stderr,
"Error: Child with pid %d terminating, gcry_cipher_setiv "
"error (%08x)\n%s/%s",
(int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
hydra_child_exit(1);
}
err = gcry_cipher_setkey(cipher, rawkey, 16);
if(err) {
hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_setkey error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
if (err) {
hydra_report(stderr,
"Error: Child with pid %d terminating, gcry_cipher_setkey "
"error (%08x)\n%s/%s",
(int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
hydra_child_exit(1);
}
err = gcry_cipher_encrypt(cipher, encrypted, 32, msg->data, 32);
if(err) {
hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_encrypt error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
if (err) {
hydra_report(stderr,
"Error: Child with pid %d terminating, gcry_cipher_encrypt "
"error (%08x)\n%s/%s",
(int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
hydra_child_exit(1);
}
gcry_cipher_close(cipher);
//3.c) half sum - this is the solution to the challenge.
for(index=0; index < 16; index++) {
*(encrypted+index) += *(encrypted+index+16);
// 3.c) half sum - this is the solution to the challenge.
for (index = 0; index < 16; index++) {
*(encrypted + index) += *(encrypted + index + 16);
}
memset((encrypted+16), 0x00, 16);
memset((encrypted + 16), 0x00, 16);
//3.d) send half sum
// 3.d) send half sum
challenge_response(msg, encrypted);
request = message2buffer(msg);
hydra_send(sock, request, 42, 0);
free(msg);
free(request);
//4) receive auth success/failure
// 4) receive auth success/failure
index = 0;
while(index < 10) { //We're always expecting back a 42 byte buffer from a challenge request.
switch(hydra_data_ready(sock)) {
case -1:
hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno));
while (index < 10) { // We're always expecting back a 42 byte buffer from a
// challenge request.
switch (hydra_data_ready(sock)) {
case -1:
hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno));
hydra_child_exit(1);
break;
case 0:
// keep waiting...
break;
default:
bytecount = hydra_recv(sock, buffer + index, 10 - index);
if (bytecount < 0) {
hydra_report(stderr,
"Error: Child with pid %d terminating, receive "
"error\nerror:\t%s\n",
(int32_t)getpid(), strerror(errno));
hydra_child_exit(1);
break;
case 0:
//keep waiting...
break;
default:
bytecount = hydra_recv(sock, buffer+index, 10 - index);
if(bytecount < 0) {
hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno));
hydra_child_exit(1);
}
index += bytecount;
}
index += bytecount;
}
}
msg = buffer2message(buffer);
switch(msg->type) {
case 0x0a:
hydra_completed_pair_found();
break;
case 0x0b:
hydra_completed_pair();
hydra_disconnect(sock);
break;
default:
hydra_report(stderr, "Error: Child with pid %d terminating, protocol error\n", (int32_t)getpid());
hydra_child_exit(2);
switch (msg->type) {
case 0x0a:
hydra_completed_pair_found();
break;
case 0x0b:
hydra_completed_pair();
hydra_disconnect(sock);
break;
default:
hydra_report(stderr, "Error: Child with pid %d terminating, protocol error\n", (int32_t)getpid());
hydra_child_exit(2);
}
}
#endif
}
int32_t service_radmin2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_radmin2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

89
hydra-rdp.c
View file

@ -1,6 +1,6 @@
/*
This module is using freerdp2 lib
Tested on:
- Windows 7 pro SP1
- Windows 10 pro build 1809
@ -11,13 +11,11 @@
extern char *HYDRA_EXIT;
#ifndef LIBFREERDP2
void dummy_rdp() {
printf("\n");
}
void dummy_rdp() { printf("\n"); }
#else
#include <freerdp/freerdp.h>
freerdp * instance = 0;
freerdp *instance = 0;
BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) {
int32_t err = 0;
@ -34,7 +32,7 @@ BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *pa
}
/* Client program */
int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass;
char server[64];
@ -56,39 +54,44 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr,
}
login_result = rdp_connect(server, port, domain, login, pass);
switch(login_result){
case 0:
// login success
hydra_report_found_host(port, ip, "rdp", fp);
hydra_completed_pair_found();
break;
case 0x00020009:
case 0x00020014:
case 0x00020015:
// login failure
hydra_completed_pair();
break;
case 0x0002000d:
hydra_report(stderr, "[%d][rdp] account on %s might be valid but account not active for remote desktop: login: %s password: %s, continuing attacking the account.\n", port, hydra_address2string_beautiful(ip), login, pass);
hydra_completed_pair();
break;
case 0x00020006:
case 0x00020008:
case 0x0002000c:
// cannot establish rdp connection, either the port is not opened or it's not rdp
return 3;
default:
if (verbose) {
hydra_report(stderr, "[ERROR] freerdp: %s (0x%.8x)\n", freerdp_get_last_error_string(login_result), login_result);
}
return login_result;
switch (login_result) {
case 0:
// login success
hydra_report_found_host(port, ip, "rdp", fp);
hydra_completed_pair_found();
break;
case 0x00020009:
case 0x00020014:
case 0x00020015:
// login failure
hydra_completed_pair();
break;
case 0x0002000d:
hydra_report(stderr,
"[%d][rdp] account on %s might be valid but account not "
"active for remote desktop: login: %s password: %s, "
"continuing attacking the account.\n",
port, hydra_address2string_beautiful(ip), login, pass);
hydra_completed_pair();
break;
case 0x00020006:
case 0x00020008:
case 0x0002000c:
// cannot establish rdp connection, either the port is not opened or it's
// not rdp
return 3;
default:
if (verbose) {
hydra_report(stderr, "[ERROR] freerdp: %s (0x%.8x)\n", freerdp_get_last_error_string(login_result), login_result);
}
return login_result;
}
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
return 1;
}
void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1;
int32_t myport = PORT_RDP;
@ -101,15 +104,15 @@ void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
while (1) {
next_run = 0;
switch (run) {
case 1: /* run the cracking function */
case 1: /* run the cracking function */
next_run = start_rdp(ip, myport, options, miscptr, fp);
break;
case 2: /* clean exit */
case 2: /* clean exit */
freerdp_disconnect(instance);
freerdp_free(instance);
hydra_child_exit(0);
return;
case 3: /* connection error case */
case 3: /* connection error case */
hydra_report(stderr, "[ERROR] freerdp: %s\n", "The connection failed to establish.");
freerdp_free(instance);
hydra_child_exit(1);
@ -121,20 +124,20 @@ void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
}
}
int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
// Disable freerdp output
wLog* root = WLog_GetRoot();
WLog_SetStringLogLevel(root, "OFF");
wLog *root = WLog_GetRoot();
WLog_SetStringLogLevel(root, "OFF");
// Init freerdp instance
instance = freerdp_new();
@ -145,7 +148,9 @@ int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *misc
return 0;
}
void usage_rdp(const char* service) {
printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n");
void usage_rdp(const char *service) {
printf("Module rdp is optionally taking the windows domain name.\n"
"For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p "
"doe\n\n");
}
#endif

65
hydra-redis.c
View file

@ -3,7 +3,7 @@
extern char *HYDRA_EXIT;
char *buf;
int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *pass, buffer[510];
char *empty = "";
@ -51,7 +51,7 @@ int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, ch
return 1;
}
void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, int32_t tls) {
void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, int32_t tls) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL;
@ -61,7 +61,7 @@ void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscp
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
@ -77,21 +77,21 @@ void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscp
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
usleepn(250);
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_redis(sock, ip, port, options, miscptr, fp);
break;
case 3: /* error exit */
case 3: /* error exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
break;
case 4: /* clean exit */
case 4: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -104,32 +104,32 @@ void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscp
}
}
void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_redis_core(ip, sp, options, miscptr, fp, port, hostname, 0);
}
void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_redis_core(ip, sp, options, miscptr, fp, port, hostname, 0); }
/*
* Initial password authentication test and response test for the redis server,
* added by Petar Kaleychev <petar.kaleychev@gmail.com>
* The service_redis_init function is generating ping request as redis-cli (command line interface).
* You can use redis-cli to connect with Redis. After start of the redis-server in another terminal the following:
* % ./redis-cli
* redis> ping
* when the server does not require password, leads to:
* PONG
* when the server requires password, leads to:
* (error) NOAUTH Authentication required.
* or
* (error) ERR operation not permitted (for older redis versions)
* That is used for initial password authentication and redis server response tests in service_redis_init
*/
int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
/*
* Initial password authentication test and response test for the redis server,
* added by Petar Kaleychev <petar.kaleychev@gmail.com>
* The service_redis_init function is generating ping request as redis-cli
* (command line interface). You can use redis-cli to connect with Redis. After
* start of the redis-server in another terminal the following: % ./redis-cli
* redis> ping
* when the server does not require password, leads to:
* PONG
* when the server requires password, leads to:
* (error) NOAUTH Authentication required.
* or
* (error) ERR operation not permitted (for older redis versions)
* That is used for initial password authentication and redis server response
* tests in service_redis_init
*/
int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
// return codes:
// 0 - when the server is redis and it requires password
// n - when the server is not redis or when the server does not require password
// n - when the server is not redis or when the server does not require
// password
int32_t sock = -1;
int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL;
@ -148,7 +148,8 @@ int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *mi
port = mysslport;
}
if (verbose)
printf("[VERBOSE] Initial redis password authentication test and response test ...\n");
printf("[VERBOSE] Initial redis password authentication test and response "
"test ...\n");
if (sock < 0) {
hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", myport);
return 3;
@ -156,10 +157,10 @@ int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *mi
// generating ping request as redis-cli
if (debug)
printf("[DEBUG] buffer = %s\n", buffer);
// [debug mode]: buffer is:
// *1
// $4
// ping
// [debug mode]: buffer is:
// *1
// $4
// ping
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
return 2;
}

57
hydra-rexec.c
View file

@ -6,7 +6,7 @@
extern char *HYDRA_EXIT;
int32_t start_rexec(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_rexec(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2;
int32_t ret;
@ -44,7 +44,7 @@ int32_t start_rexec(int32_t s, char *ip, int32_t port, unsigned char options, ch
return 1;
}
void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_REXEC, mysslport = PORT_REXEC_SSL;
@ -54,33 +54,33 @@ void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, F
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
case 2: /* run the cracking function */
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_rexec(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -88,19 +88,18 @@ void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, F
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int32_t service_rexec_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_rexec_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

64
hydra-rlogin.c
View file

@ -8,12 +8,11 @@ client have to use port from 512 -> 1023 or server is denying the connection
no memleaks found on 110425
*/
#define TERM "vt100/9600"
extern char *HYDRA_EXIT;
int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2;
int32_t ret;
@ -78,7 +77,8 @@ int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, c
hydra_completed_pair();
}
} else {
/* if password is asked a second time, it means the pass we provided is wrong */
/* if password is asked a second time, it means the pass we provided is
* wrong */
hydra_completed_pair();
}
@ -87,7 +87,7 @@ int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, c
return 1;
}
void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL;
@ -98,35 +98,35 @@ void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr,
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
/* 512 -> 1023 */
hydra_set_srcport(1023);
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 1: /* connect and service init function */
{
/* 512 -> 1023 */
hydra_set_srcport(1023);
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
case 2: /* run the cracking function */
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_rlogin(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -139,13 +139,13 @@ void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr,
}
}
int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

32
hydra-rpcap.c
View file

@ -6,7 +6,7 @@
extern char *HYDRA_EXIT;
char *buf;
int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, buffer[1024];
@ -21,7 +21,8 @@ int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, ch
char bfr4[] = " ";
bfr4[0] = strlen(login) + strlen(pass) + 8;
char bfr5[] = "\x00";
char bfr6[] = "\x01"; // x01 - when a password is required, x00 - when no need of password
char bfr6[] = "\x01"; // x01 - when a password is required, x00 - when no need
// of password
char bfr7[] = "\x00\x00\x00";
char bfr8[] = " ";
bfr8[0] = strlen(login);
@ -57,13 +58,12 @@ int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, ch
return 3;
return 1;
}
/*
if (strstr(buf, "Logon failure") == NULL) {
hydra_report(stderr, "[ERROR] rpcap error or service shutdown: %s\n", buf);
free(buf);
return 4;
}
*/
/*
if (strstr(buf, "Logon failure") == NULL) {
hydra_report(stderr, "[ERROR] rpcap error or service shutdown: %s\n",
buf); free(buf); return 4;
}
*/
free(buf);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -72,7 +72,7 @@ int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, ch
return 2;
}
void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_RPCAP, mysslport = PORT_RPCAP_SSL;
@ -81,10 +81,10 @@ void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, F
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
//usleep(300000);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -99,15 +99,15 @@ void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, F
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_rpcap(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -120,7 +120,7 @@ void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, F
}
}
int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, performed once only.
// return codes:
// 0 - rpcap with authentication

62
hydra-rsh.c
View file

@ -12,7 +12,7 @@ no memleaks found on 110425
extern char *HYDRA_EXIT;
int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, buffer[300] = "", buffer2[100], *bptr = buffer2;
int32_t ret;
@ -39,8 +39,8 @@ int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char
if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0)
buffer[ret] = 0;
else /* 0x00 is sent but hydra_recv transformed it */
if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0)
buffer[ret] = 0;
if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0)
buffer[ret] = 0;
#ifdef HAVE_PCRE
if (ret > 0 && (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)"))) {
#else
@ -57,7 +57,7 @@ int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char
return 1;
}
void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_RSH, mysslport = PORT_RSH_SSL;
@ -68,34 +68,34 @@ void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
while (1) {
next_run = 0;
switch (run) {
case 1: /* connect and service init function */
{
hydra_set_srcport(1023);
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 1: /* connect and service init function */
{
hydra_set_srcport(1023);
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
case 2: /* run the cracking function */
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_rsh(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -108,13 +108,13 @@ void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
}
}
int32_t service_rsh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_rsh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

43
hydra-rtsp.c
View file

@ -6,17 +6,16 @@
//
//
#include <stdio.h>
#include "hydra-mod.h"
#include <string.h>
#include "sasl.h"
#include <stdio.h>
#include <string.h>
extern char *HYDRA_EXIT;
char packet[500];
char packet2[500];
int32_t is_Unauthorized(char *s) {
if (strstr(s, "401 Unauthorized") != NULL) {
return 1;
} else {
@ -25,7 +24,6 @@ int32_t is_Unauthorized(char *s) {
}
int32_t is_NotFound(char *s) {
if (strstr(s, "404 Stream Not Found") != NULL) {
return 1;
} else {
@ -34,7 +32,6 @@ int32_t is_NotFound(char *s) {
}
int32_t is_Authorized(char *s) {
if (strstr(s, "200 OK") != NULL) {
return 1;
} else {
@ -43,7 +40,6 @@ int32_t is_Authorized(char *s) {
}
int32_t use_Basic_Auth(char *s) {
if (strstr(s, "WWW-Authenticate: Basic") != NULL) {
return 1;
} else {
@ -52,7 +48,6 @@ int32_t use_Basic_Auth(char *s) {
}
int32_t use_Digest_Auth(char *s) {
if (strstr(s, "WWW-Authenticate: Digest") != NULL) {
return 1;
} else {
@ -60,8 +55,6 @@ int32_t use_Digest_Auth(char *s) {
}
}
void create_core_packet(int32_t control, char *ip, int32_t port) {
char *target = hydra_address2string(ip);
@ -75,7 +68,7 @@ void create_core_packet(int32_t control, char *ip, int32_t port) {
}
}
}
int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, buffer[1030], buffer2[500];
char *lresp;
@ -109,22 +102,19 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha
}
return 1;
} else {
create_core_packet(1, ip, port);
if (use_Basic_Auth(lresp) == 1) {
free(lresp);
sprintf(buffer2, "%.249s:%.249s", login, pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.500sAuthorization: : Basic %.500s\r\n\r\n", packet2, buffer2);
if (debug) {
hydra_report(stderr, "C:%s\n", buffer);
}
}
else {
} else {
if (use_Digest_Auth(lresp) == 1) {
char *dbuf = NULL;
char aux[500] = "";
@ -136,7 +126,8 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha
#ifdef LIBOPENSSL
sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, "");
#else
hydra_report(stderr, "[ERROR] Digest auth required but compiled without OpenSSL/MD5 support\n");
hydra_report(stderr, "[ERROR] Digest auth required but compiled "
"without OpenSSL/MD5 support\n");
return 3;
#endif
@ -163,7 +154,7 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha
lresp = NULL;
lresp = hydra_receive_line(s);
if (lresp == NULL) {
hydra_report(stderr, "[ERROR] no server reply\n");
return 1;
@ -177,7 +168,6 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha
return 3;
}
return 1;
}
free(lresp);
hydra_completed_pair();
@ -186,13 +176,13 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
//not rechead
// not rechead
return 2;
}
void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_RTSP/*, mysslport = PORT_RTSP_SSL*/;
int32_t myport = PORT_RTSP /*, mysslport = PORT_RTSP_SSL*/;
hydra_register_socket(sp);
@ -200,9 +190,8 @@ void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0) {
sock = hydra_disconnect(sock);
}
@ -215,16 +204,16 @@ void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_rtsp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0) {
sock = hydra_disconnect(sock);
}
@ -238,7 +227,7 @@ void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
}
int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

59
hydra-s7-300.c
View file

@ -1,4 +1,5 @@
// submitted by Alexander Timorin <ATimorin@ptsecurity.com> and Sergey Gordeychik
// submitted by Alexander Timorin <ATimorin@ptsecurity.com> and Sergey
// Gordeychik
#include "hydra-mod.h"
@ -6,16 +7,24 @@
extern char *HYDRA_EXIT;
unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" "\x01\x0a";
unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17"
"\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0"
"\x01\x0a";
unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" "\x01\x00\x01\x01\xe0";
unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00"
"\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00"
"\x01\x00\x01\x01\xe0";
unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" "\x32\x00\x04";
unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00"
"\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12"
"\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01"
"\x32\x00\x04";
unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" "\x04\x11\x45\x01\x00\xff\x09\x00\x08";
unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00"
"\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12"
"\x04\x11\x45\x01\x00\xff\x09\x00\x08";
int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *pass, buffer[1024];
char context[S7PASSLEN + 1];
@ -45,7 +54,7 @@ int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, c
}
// send p_cotp and check first 2 bytes of answer
if (hydra_send(s, (char *) p_cotp, 22, 0) < 0)
if (hydra_send(s, (char *)p_cotp, 22, 0) < 0)
return 1;
memset(buffer, 0, sizeof(buffer));
ret = hydra_recv_nb(s, buffer, sizeof(buffer));
@ -57,7 +66,7 @@ int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, c
return 3;
// send p_s7_negotiate_pdu and check first 2 bytes of answer
if (hydra_send(s, (char *) p_s7_negotiate_pdu, 25, 0) < 0)
if (hydra_send(s, (char *)p_s7_negotiate_pdu, 25, 0) < 0)
return 1;
memset(buffer, 0, sizeof(buffer));
ret = hydra_recv_nb(s, buffer, sizeof(buffer));
@ -69,7 +78,7 @@ int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, c
return 3;
// send p_s7_read_szl and check first 2 bytes of answer
if (hydra_send(s, (char *) p_s7_read_szl, 33, 0) < 0)
if (hydra_send(s, (char *)p_s7_read_szl, 33, 0) < 0)
return 1;
memset(buffer, 0, sizeof(buffer));
ret = hydra_recv_nb(s, buffer, sizeof(buffer));
@ -108,7 +117,7 @@ int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, c
}
if (buffer[27] == '\xd6' && buffer[28] == '\x05') {
//hydra_report_found_host(port, ip, "s7-300", fp);
// hydra_report_found_host(port, ip, "s7-300", fp);
hydra_completed_pair_found();
hydra_report(stderr, "[INFO] No password protection enabled\n");
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -124,7 +133,7 @@ int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, c
return 1;
}
void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t s7port = PORT_S7_300;
@ -136,21 +145,21 @@ void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr,
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
sock = hydra_connect_tcp(ip, s7port);
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = start_s7_300(sock, ip, s7port, options, miscptr, fp);
sock = hydra_disconnect(sock);
break;
case 2: /* clean exit */
case 2: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
@ -163,13 +172,13 @@ void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr,
}
}
int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// 1 skip target without generating an error
@ -211,7 +220,7 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m
}
// send p_cotp and check first 2 bytes of answer
if (hydra_send(sock, (char *) p_cotp, 22, 0) < 0) {
if (hydra_send(sock, (char *)p_cotp, 22, 0) < 0) {
fprintf(stderr, "[ERROR] can not send data to service\n");
return 3;
}
@ -226,7 +235,7 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m
return 3;
}
// send p_s7_negotiate_pdu and check first 2 bytes of answer
if (hydra_send(sock, (char *) p_s7_negotiate_pdu, 25, 0) < 0) {
if (hydra_send(sock, (char *)p_s7_negotiate_pdu, 25, 0) < 0) {
fprintf(stderr, "[ERROR] can not send data to service (2)\n");
return 3;
}
@ -241,7 +250,7 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m
return 3;
}
// send p_s7_read_szl and check first 2 bytes of answer
if (hydra_send(sock, (char *) p_s7_read_szl, 33, 0) < 0) {
if (hydra_send(sock, (char *)p_s7_read_szl, 33, 0) < 0) {
fprintf(stderr, "[ERROR] can not send data to service (3)\n");
return 3;
}
@ -276,7 +285,8 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m
// 0xd602 - wrong password
if (ret > 30) {
if ((buffer[27] == '\x00' && buffer[28] == '\x00') || (buffer[27] == '\xd6' && buffer[28] == '\x05')) {
hydra_report(stderr, "[INFO] No password protection enabled, no password tests are necessary!\n");
hydra_report(stderr, "[INFO] No password protection enabled, no password "
"tests are necessary!\n");
return 1;
}
}
@ -286,6 +296,7 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m
return 0;
}
void usage_s7_300(const char* service) {
printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n");
void usage_s7_300(const char *service) {
printf("Module S7-300 is for a special Siemens PLC. It either requires only a "
"password or no authentication, so just use the -p or -P option.\n\n");
}

64
hydra-sapr3.c
View file

@ -1,25 +1,23 @@
#include "hydra-mod.h"
// checked for memleaks on 110425, none found
#ifndef LIBSAPR3
void dummy_sapr3() {
printf("\n");
}
void dummy_sapr3() { printf("\n"); }
#else
#include <saprfc.h>
#include <ctype.h>
#include <saprfc.h>
/* temporary workaround fix */
const int32_t *__ctype_tolower;
const int32_t *__ctype_toupper;
const int32_t *__ctype_b;
extern void flood(); /* for -lm */
extern void flood(); /* for -lm */
extern char *HYDRA_EXIT;
RFC_ERROR_INFO_EX error_info;
int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
RFC_HANDLE handle;
char *empty = "";
char *login, *pass, buffer[1024];
@ -28,7 +26,8 @@ int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, ch
int32_t sysnr = port % 100;
char opts[] = "RFCINI=N RFCTRACE=N BALANCE=N DEBUG=N TRACE=0 ABAP_DEBUG=0";
// char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y ABAP_DEBUG=Y";
// char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y
// ABAP_DEBUG=Y";
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
@ -37,36 +36,37 @@ int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, ch
if (strlen(login) > 0)
for (i = 0; i < strlen(login); i++)
login[i] = (char) toupper(login[i]);
login[i] = (char)toupper(login[i]);
if (strlen(pass) > 0)
for (i = 0; i < strlen(pass); i++)
pass[i] = (char) toupper(pass[i]);
pass[i] = (char)toupper(pass[i]);
memset(buffer, 0, sizeof(buffer));
memset(&error_info, 0, sizeof(error_info));
//strcpy(buf, "mvse001");
// strcpy(buf, "mvse001");
snprintf(buffer, sizeof(buffer), "ASHOST=%s SYSNR=%02d CLIENT=%03d USER=\"%s\" PASSWD=\"%s\" LANG=DE %s", hydra_address2string(ip), sysnr, atoi(miscptr), login, pass, opts);
/*
USER=SAPCPIC PASSWORD=admin
USER=SAP* PASSWORD=PASS
/*
USER=SAPCPIC PASSWORD=admin
USER=SAP* PASSWORD=PASS
## do we need these options?
SAPSYS=3 SNC_MODE=N SAPGUI=N INVISIBLE=N GUIATOPEN=Y NRCALL=00001 CLOSE=N
## do we need these options?
SAPSYS=3 SNC_MODE=N SAPGUI=N INVISIBLE=N GUIATOPEN=Y NRCALL=00001 CLOSE=N
ASHOST= // IP
SYSNR= // port - 3200, scale 2
CLIENT= // miscptr, scale 2
ABAP_DEBUG=0
USER=
PASSWD=
LANG=DE
*/
//printf ("DEBUG: %d Connectstring \"%s\"\n",sizeof(error_info),buffer);
ASHOST= // IP
SYSNR= // port - 3200, scale 2
CLIENT= // miscptr, scale 2
ABAP_DEBUG=0
USER=
PASSWD=
LANG=DE
*/
// printf ("DEBUG: %d Connectstring \"%s\"\n",sizeof(error_info),buffer);
handle = RfcOpenEx(buffer, &error_info);
//printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key, error_info.message);
// printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key,
// error_info.message);
if (handle <= RFC_HANDLE_NULL)
return 3;
@ -89,7 +89,7 @@ int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, ch
return 1;
}
void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp);
@ -97,12 +97,12 @@ void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, F
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
next_run = start_sapr3(sock, ip, port, options, miscptr, fp);
break;
case 2:
hydra_child_exit(0);
case 3: /* clean exit */
case 3: /* clean exit */
fprintf(stderr, "[ERROR] could not connect to target port %d\n", port);
hydra_child_exit(1);
case 4:
@ -117,13 +117,13 @@ void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, F
#endif
int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -131,6 +131,4 @@ int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *mi
return 0;
}
void usage_sapr3(const char* service) {
printf("Module sapr3 requires the client id, a number between 0 and 99\n\n");
}
void usage_sapr3(const char *service) { printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); }

72
hydra-sip.c
View file

@ -1,4 +1,4 @@
/* simple sip digest auth (md5) module 2009/02/19
/* simple sip digest auth (md5) module 2009/02/19
* written by gh0st 2005
* modified by Jean-Baptiste Aviat <jba [at] hsc [dot] `french tld`> - should
* work now, but only with -T 1
@ -10,13 +10,11 @@
#ifndef LIBOPENSSL
#include <stdio.h>
void dummy_sip() {
printf("\n");
}
void dummy_sip() { printf("\n"); }
#else
#include <stdint.h>
#include "sasl.h"
#include <stdint.h>
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
@ -25,8 +23,7 @@ char *get_iface_ip(uint64_t ip);
int32_t cseq;
extern char *HYDRA_EXIT;
#define SIP_MAX_BUF 1024
#define SIP_MAX_BUF 1024
void empty_register(char *buf, char *host, char *lhost, int32_t port, int32_t lport, char *user) {
memset(buf, 0, SIP_MAX_BUF);
@ -50,7 +47,7 @@ int32_t get_sip_code(char *buf) {
return code;
}
int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, unsigned char options, char *miscptr, FILE *fp) {
char *login, *pass, *host, buffer[SIP_MAX_BUF];
int32_t i;
char buf[SIP_MAX_BUF];
@ -74,14 +71,16 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u
}
int32_t has_sip_cred = 0;
int32_t try = 0;
int32_t try
= 0;
/* We have to check many times because server may begin to send "100 Trying"
* before "401 Unauthorized" */
while (try < 2 && !has_sip_cred) {
try++;
try
++;
if (hydra_data_ready_timed(s, 3, 0) > 0) {
i = hydra_recv(s, (char *) buf, sizeof(buf) - 1);
i = hydra_recv(s, (char *)buf, sizeof(buf) - 1);
if (i > 0)
buf[i] = '\0';
if (strncmp(buf, "SIP/2.0 404", 11) == 0) {
@ -94,17 +93,21 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u
// if we already tried to connect, exit
if (external_ip_addr[0]) {
hydra_report(stdout, "[ERROR] Get error code 606 : session is not acceptable by the server\n");
hydra_report(stdout, "[ERROR] Get error code 606 : session is not "
"acceptable by the server\n");
return 2;
}
if (verbose)
hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not acceptable by the server,\n"
"maybe it's an addressing issue as you are using NAT, trying to reconnect\n" "using addr from the server reply\n");
/*
SIP/2.0 606 Not Acceptable
Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137
*/
hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not "
"acceptable by the server,\n"
"maybe it's an addressing issue as you are "
"using NAT, trying to reconnect\n"
"using addr from the server reply\n");
/*
SIP/2.0 606 Not Acceptable
Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137
*/
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "Via: SIP.*received=")) {
ptr = strstr(buf, "received=");
@ -143,7 +146,11 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u
"Via: SIP/2.0/UDP %s:%i\n"
"From: <sip:%s@%s>\n"
"To: <sip:%s@%s>\n"
"Call-ID: 1337@%s\n" "CSeq: %i REGISTER\n" "Authorization: Digest %s\n" "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2);
"Call-ID: 1337@%s\n"
"CSeq: %i REGISTER\n"
"Authorization: Digest %s\n"
"Content-Length: 0\n\n",
host, lip, lport, login, host, login, host, host, cseq, buffer2);
cseq++;
if (debug)
@ -151,15 +158,17 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 3;
}
try = 0;
try
= 0;
int32_t has_resp = 0;
int32_t sip_code = 0;
while (try < 2 && !has_resp) {
try++;
try
++;
if (hydra_data_ready_timed(s, 5, 0) > 0) {
memset(buf, 0, sizeof(buf));
if ((i = hydra_recv(s, (char *) buf, sizeof(buf) - 1)) >= 0)
if ((i = hydra_recv(s, (char *)buf, sizeof(buf) - 1)) >= 0)
buf[i] = 0;
if (debug)
hydra_report(stderr, "[INFO] S: %s\n", buf);
@ -182,17 +191,18 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u
return 1;
}
void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_SIP, mysslport = PORT_SIP_SSL;
char *lip = get_iface_ip((int32_t) *(&ip[1]));
char *lip = get_iface_ip((int32_t) * (&ip[1]));
hydra_register_socket(sp);
// FIXME IPV6
if (ip[0] != 4) {
fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are appreciated.\n");
fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are "
"appreciated.\n");
hydra_child_exit(2);
}
@ -224,7 +234,7 @@ void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
free(lip);
hydra_child_exit(1);
}
@ -263,7 +273,7 @@ char *get_iface_ip(uint64_t ip) {
tparamet.sin_port = htons(2000);
tparamet.sin_addr.s_addr = ip;
if (connect(sfd, (const struct sockaddr *) &tparamet, sizeof(struct sockaddr_in))) {
if (connect(sfd, (const struct sockaddr *)&tparamet, sizeof(struct sockaddr_in))) {
perror("connect");
close(sfd);
return NULL;
@ -271,7 +281,7 @@ char *get_iface_ip(uint64_t ip) {
struct sockaddr_in *local = malloc(sizeof(struct sockaddr_in));
int32_t size = sizeof(struct sockaddr_in);
if (getsockname(sfd, (void *) local, (socklen_t *) & size)) {
if (getsockname(sfd, (void *)local, (socklen_t *)&size)) {
perror("getsockname");
close(sfd);
free(local);
@ -281,7 +291,7 @@ char *get_iface_ip(uint64_t ip) {
char buff[32];
if (!inet_ntop(AF_INET, (void *) &local->sin_addr, buff, 32)) {
if (!inet_ntop(AF_INET, (void *)&local->sin_addr, buff, 32)) {
perror("inet_ntop");
free(local);
return NULL;
@ -295,13 +305,13 @@ char *get_iface_ip(uint64_t ip) {
#endif
int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

941
hydra-smb.c
View file

File diff suppressed because it is too large Load diff

88
hydra-smb2.c
View file

@ -21,47 +21,41 @@
#include "hydra-mod.h"
#include <stdio.h>
#include <stdbool.h>
#include <string.h>
#include <errno.h>
#include <libsmbclient.h>
#include <stdbool.h>
#include <stdio.h>
#include <string.h>
extern char *HYDRA_EXIT;
typedef struct creds {
const char* workgroup;
const char* user;
const char* pass;
const char *workgroup;
const char *user;
const char *pass;
} creds_t;
const char default_workgroup[] = "WORKGROUP";
bool use_nt_hash = false;
const char* workgroup = default_workgroup;
const char* netbios_name = NULL;
const char *workgroup = default_workgroup;
const char *netbios_name = NULL;
#define EXIT_PROTOCOL_ERROR hydra_child_exit(2)
#define EXIT_CONNECTION_ERROR hydra_child_exit(1)
#define EXIT_NORMAL hydra_child_exit(0)
#define EXIT_PROTOCOL_ERROR hydra_child_exit(2)
#define EXIT_CONNECTION_ERROR hydra_child_exit(1)
#define EXIT_NORMAL hydra_child_exit(0)
void smb2_auth_provider(SMBCCTX *c,
const char *srv,
const char *shr,
char *wg, int wglen,
char *un, int unlen,
char *pw, int pwlen) {
creds_t* cr = (creds_t*)smbc_getOptionUserData(c);
void smb2_auth_provider(SMBCCTX *c, const char *srv, const char *shr, char *wg, int wglen, char *un, int unlen, char *pw, int pwlen) {
creds_t *cr = (creds_t *)smbc_getOptionUserData(c);
strncpy(wg, cr->workgroup, wglen);
strncpy(un, cr->user, unlen);
strncpy(pw, cr->pass, pwlen);
wg[wglen-1] = 0;
un[unlen-1] = 0;
pw[pwlen-1] = 0;
wg[wglen - 1] = 0;
un[unlen - 1] = 0;
pw[pwlen - 1] = 0;
}
bool smb2_run_test(creds_t* cr, const char* server, uint16_t port) {
SMBCCTX* ctx = smbc_new_context();
bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) {
SMBCCTX *ctx = smbc_new_context();
if (ctx == NULL) {
hydra_report(stderr, "[ERROR] failed to create context\n");
EXIT_PROTOCOL_ERROR;
@ -76,7 +70,7 @@ bool smb2_run_test(creds_t* cr, const char* server, uint16_t port) {
smbc_setOptionNoAutoAnonymousLogin(ctx, false);
smbc_setOptionUseNTHash(ctx, use_nt_hash);
if (netbios_name) {
smbc_setNetbiosName(ctx, (char*)netbios_name);
smbc_setNetbiosName(ctx, (char *)netbios_name);
}
ctx = smbc_init_context(ctx);
@ -88,12 +82,9 @@ bool smb2_run_test(creds_t* cr, const char* server, uint16_t port) {
char uri[2048];
snprintf(uri, sizeof(uri) - 1, "smb://%s/IPC$", server);
uri[sizeof(uri)-1] = 0;
uri[sizeof(uri) - 1] = 0;
if (verbose) {
printf("[INFO] Connecting to: %s with %s\\%s%%%s\n",
uri, cr->workgroup,
cr->user,
cr->pass);
printf("[INFO] Connecting to: %s with %s\\%s%%%s\n", uri, cr->workgroup, cr->user, cr->pass);
}
SMBCFILE *fd = smbc_getFunctionOpendir(ctx)(ctx, uri);
if (fd) {
@ -162,13 +153,7 @@ bool smb2_run_test(creds_t* cr, const char* server, uint16_t port) {
return false;
}
void service_smb2(char *ip,
int32_t sp,
unsigned char options,
char *miscptr,
FILE * fp,
int32_t port,
char *hostname) {
void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
hydra_register_socket(sp);
while (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT))) {
char *login, *pass;
@ -177,9 +162,9 @@ void service_smb2(char *ip,
pass = hydra_get_next_password();
creds_t cr = {
.user = login,
.pass = pass,
.workgroup = workgroup,
.user = login,
.pass = pass,
.workgroup = workgroup,
};
if (smb2_run_test(&cr, hydra_address2string(ip), port & 0xffff)) {
@ -199,24 +184,18 @@ const char tkn_netbios[] = "netbios:{";
#define CMP(s1, s2) (strncmp(s1, s2, sizeof(s1) - 1) == 0)
int32_t service_smb2_init(char *ip,
int32_t sp,
unsigned char options,
char *miscptr,
FILE * fp,
int32_t port,
char *hostname) {
int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
if (!miscptr)
return 0;
while(*miscptr) {
while (*miscptr) {
if (isspace(*miscptr)) {
miscptr++;
continue;
}
if (CMP(tkn_workgroup, miscptr)) {
miscptr += sizeof(tkn_workgroup) - 1;
char* p = strchr(miscptr, '}');
char *p = strchr(miscptr, '}');
if (p == NULL) {
hydra_report(stderr, "[ERROR] missing closing brace in workgroup\n");
return -1;
@ -231,7 +210,7 @@ int32_t service_smb2_init(char *ip,
}
if (CMP(tkn_netbios, miscptr)) {
miscptr += sizeof(tkn_netbios) - 1;
char* p = strchr(miscptr, '}');
char *p = strchr(miscptr, '}');
if (p == NULL) {
hydra_report(stderr, "[ERROR] missing closing brace in netbios name\n");
return -1;
@ -268,7 +247,7 @@ int32_t service_smb2_init(char *ip,
return 0;
}
void usage_smb2(const char* service) {
void usage_smb2(const char *service) {
puts("Module is a thin wrapper over the Samba client library (libsmbclient).\n"
"Thus, is capable of negotiating v1, v2 and v3 of the protocol.\n"
"\n"
@ -296,9 +275,10 @@ void usage_smb2(const char* service) {
"\n"
"Examples: \n"
" hydra smb2://abc.com -l admin -p xxx -m workgroup:{OFFICE}\n"
" hydra smb2://1.2.3.4 -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 -m 'workgroup:{OFFICE} nthash:true'\n"
" hydra -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 'smb2://1.2.3.4/workgroup:{OFFICE} nthash:true'\n"
);
" hydra smb2://1.2.3.4 -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 -m "
"'workgroup:{OFFICE} nthash:true'\n"
" hydra -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 "
"'smb2://1.2.3.4/workgroup:{OFFICE} nthash:true'\n");
}
#endif // LIBSMBCLIENT

66
hydra-smtp-enum.c
View file

@ -24,7 +24,7 @@ int32_t tosent = 0;
int32_t smtp_enum_cmd = VRFY;
int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, buffer[500];
@ -55,7 +55,7 @@ int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options
return (1);
if (debug)
hydra_report(stderr, "DEBUG S: %s", buf);
/* good return values are something like 25x */
/* good return values are something like 25x */
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "^25\\d\\s")) {
#else
@ -103,7 +103,7 @@ int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options
return (1);
if (debug)
hydra_report(stderr, "DEBUG S: %s", buf);
/* good return values are something like 25x */
/* good return values are something like 25x */
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "^25\\d\\s")) {
#else
@ -119,21 +119,25 @@ int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options
err = strstr(buf, "Error");
if (err || tosent || strncmp(buf, "50", 2) == 0) {
// we should report command not identified by the server
//502 5.5.2 Error: command not recognized
//#ifdef HAVE_PCRE
// if ((debug || hydra_string_match(buf, "\\scommand\\snot\\srecognized")) && err) {
//#else
// if ((debug || strstr(buf, "command") != NULL) && err) {
//#endif
// hydra_report(stderr, "Server %s", err);
// }
// 502 5.5.2 Error: command not recognized
//#ifdef HAVE_PCRE
// if ((debug || hydra_string_match(buf,
// "\\scommand\\snot\\srecognized")) && err) {
//#else
// if ((debug || strstr(buf, "command") != NULL) && err) {
//#endif
// hydra_report(stderr, "Server %s", err);
// }
if (strncmp(buf, "500 ", 4) == 0) {
hydra_report(stderr, "[ERROR] command is disabled on the server (choose different method): %s", buf);
hydra_report(stderr,
"[ERROR] command is disabled on the server (choose "
"different method): %s",
buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
//503 5.5.1 Error: nested MAIL command
// 503 5.5.1 Error: nested MAIL command
strncpy(buffer, "RSET\r\n", sizeof(buffer));
free(buf);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
@ -150,7 +154,7 @@ int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options
return 2;
}
void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1, i = 0;
int32_t myport = PORT_SMTP, mysslport = PORT_SMTP_SSL;
char *buffer = "HELO hydra\r\n";
@ -160,7 +164,7 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
@ -175,7 +179,7 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
/* receive initial header */
@ -185,17 +189,17 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt
hydra_report(stderr, "Warning: SMTP does not allow connecting: %s\n", buf);
hydra_child_exit(2);
}
// while (strstr(buf, "220 ") == NULL) {
// free(buf);
// buf = hydra_receive_line(sock);
// }
// while (strstr(buf, "220 ") == NULL) {
// free(buf);
// buf = hydra_receive_line(sock);
// }
// if (buf[0] != '2') {
// if (buf[0] != '2') {
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
free(buf);
hydra_child_exit(2);
}
// }
// }
free(buf);
if ((buf = hydra_receive_line(sock)) == NULL)
@ -207,7 +211,7 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int32_t) miscptr[i]);
miscptr[i] = (char)toupper((int32_t)miscptr[i]);
if (strncmp(miscptr, "EXPN", 4) == 0)
smtp_enum_cmd = EXPN;
@ -232,10 +236,10 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt
free(buf);
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_smtp_enum(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0) {
sock = hydra_disconnect(sock);
}
@ -249,13 +253,13 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt
}
}
int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -263,9 +267,11 @@ int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char
return 0;
}
void usage_smtp_enum(const char* service) {
void usage_smtp_enum(const char *service) {
printf("Module smtp-enum is optionally taking one SMTP command of:\n\n"
"VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n"
"login parameter is used as username and password parameter as the domain name\n"
"For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n");
"login parameter is used as username and password parameter as the "
"domain name\n"
"For example to test if john@localhost exists on 192.168.0.1:\n"
"hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n");
}

231
hydra-smtp.c
View file

@ -14,7 +14,7 @@ char *smtp_read_server_capacity(int32_t sock) {
free(buf);
ptr = buf = hydra_receive_line(sock);
if (buf != NULL) {
if (isdigit((int32_t) buf[0]) && buf[3] == ' ')
if (isdigit((int32_t)buf[0]) && buf[3] == ' ')
resp = 1;
else {
if (buf[strlen(buf) - 1] == '\n')
@ -27,7 +27,7 @@ char *smtp_read_server_capacity(int32_t sock) {
if ((ptr = strrchr(buf, '\n')) != NULL) {
#endif
ptr++;
if (isdigit((int32_t) *ptr) && *(ptr + 3) == ' ')
if (isdigit((int32_t)*ptr) && *(ptr + 3) == ' ')
resp = 1;
}
}
@ -36,7 +36,7 @@ char *smtp_read_server_capacity(int32_t sock) {
return buf;
}
int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500], *fooptr, *buf;
@ -52,7 +52,6 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
}
switch (smtp_auth_mechanism) {
case AUTH_PLAIN:
sprintf(buffer, "AUTH PLAIN\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
@ -77,105 +76,102 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:{
int32_t rc = 0;
char *preplogin;
case AUTH_CRAMMD5: {
int32_t rc = 0;
char *preplogin;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
}
sprintf(buffer, "AUTH CRAM-MD5\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
//get the one-time BASE64 encoded challenge
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, "334") == NULL || strlen(buf) < 8) {
hydra_report(stderr, "[ERROR] SMTP CRAM-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf + 4);
free(buf);
memset(buffer2, 0, sizeof(buffer2));
sasl_cram_md5(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer));
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
strcpy(buffer, tmp_buffer);
free(preplogin);
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
}
break;
case AUTH_DIGESTMD5:{
sprintf(buffer, "AUTH DIGEST-MD5\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
//receive
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, "334") == NULL) {
hydra_report(stderr, "[ERROR] SMTP DIGEST-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buf + 4);
free(buf);
if (debug)
hydra_report(stderr, "DEBUG S: %s\n", buffer);
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL);
if (fooptr == NULL)
return 3;
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2);
sprintf(buffer, "AUTH CRAM-MD5\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
break;
// get the one-time BASE64 encoded challenge
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, "334") == NULL || strlen(buf) < 8) {
hydra_report(stderr, "[ERROR] SMTP CRAM-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *)buffer, buf + 4);
free(buf);
memset(buffer2, 0, sizeof(buffer2));
sasl_cram_md5(buffer2, pass, buffer);
sprintf(buffer, "%s %.250s", preplogin, buffer2);
hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer));
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
strcpy(buffer, tmp_buffer);
free(preplogin);
} break;
case AUTH_DIGESTMD5: {
sprintf(buffer, "AUTH DIGEST-MD5\r\n");
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
// receive
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, "334") == NULL) {
hydra_report(stderr, "[ERROR] SMTP DIGEST-MD5 AUTH : %s\n", buf);
free(buf);
return 3;
}
memset(buffer, 0, sizeof(buffer));
from64tobits((char *)buffer, buf + 4);
free(buf);
if (debug)
hydra_report(stderr, "DEBUG S: %s\n", buffer);
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL);
if (fooptr == NULL)
return 3;
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s\r\n", buffer2);
} break;
#endif
case AUTH_NTLM:{
unsigned char buf1[4096];
unsigned char buf2[4096];
case AUTH_NTLM: {
unsigned char buf1[4096];
unsigned char buf2[4096];
//send auth and receive challenge
buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2));
sprintf(buffer, "AUTH NTLM %s\r\n", buf1);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, "334") == NULL || strlen(buf) < 8) {
hydra_report(stderr, "[ERROR] SMTP NTLM AUTH : %s\n", buf);
free(buf);
return 3;
}
//recover challenge
from64tobits((char *) buf1, buf + 4);
free(buf);
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
sprintf(buffer, "%s\r\n", buf1);
// send auth and receive challenge
buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2));
sprintf(buffer, "AUTH NTLM %s\r\n", buf1);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
break;
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (strstr(buf, "334") == NULL || strlen(buf) < 8) {
hydra_report(stderr, "[ERROR] SMTP NTLM AUTH : %s\n", buf);
free(buf);
return 3;
}
// recover challenge
from64tobits((char *)buf1, buf + 4);
free(buf);
buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL);
to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
sprintf(buffer, "%s\r\n", buf1);
} break;
default:
/* by default trying AUTH LOGIN */
@ -188,13 +184,16 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
/* 504 5.7.4 Unrecognized authentication type */
if (strstr(buf, "334") == NULL) {
hydra_report(stderr, "[ERROR] SMTP LOGIN AUTH, either this auth is disabled or server is not using auth: %s\n", buf);
hydra_report(stderr,
"[ERROR] SMTP LOGIN AUTH, either this auth is disabled or "
"server is not using auth: %s\n",
buf);
free(buf);
return 3;
}
free(buf);
sprintf(buffer2, "%.250s", login);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
@ -210,7 +209,7 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
free(buf);
sprintf(buffer2, "%.250s", pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%.250s\r\n", buffer2);
}
@ -224,7 +223,7 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (smtp_auth_mechanism == AUTH_DIGESTMD5) {
if (strstr(buf, "334") != NULL && strlen(buf) >= 8) {
memset(buffer2, 0, sizeof(buffer2));
from64tobits((char *) buffer2, buf + 4);
from64tobits((char *)buffer2, buf + 4);
if (strstr(buffer2, "rspauth=") != NULL) {
hydra_report_found_host(port, ip, "smtp", fp);
hydra_completed_pair_found();
@ -254,7 +253,7 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
return 2;
}
void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1, i = 0;
int32_t myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 1;
char *buf;
@ -266,7 +265,7 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
@ -282,7 +281,7 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
@ -310,7 +309,7 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int32_t) miscptr[i]);
miscptr[i] = (char)toupper((int32_t)miscptr[i]);
if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) {
disable_tls = 0;
@ -325,7 +324,8 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
free(buf);
buf = hydra_receive_line(sock);
if (buf[0] != '2') {
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer "
"received from STARTTLS request\n");
} else {
free(buf);
if ((hydra_connect_to_ssl(sock, hostname) == -1)) {
@ -346,9 +346,11 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
hydra_child_exit(2);
}
} else
hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it "
"is not supported by the server\n");
} else
hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is "
"not supported by the server\n");
}
#endif
@ -380,9 +382,7 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
smtp_auth_mechanism = AUTH_PLAIN;
}
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
if (strstr(miscptr, "LOGIN"))
smtp_auth_mechanism = AUTH_LOGIN;
@ -399,7 +399,6 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
if (strstr(miscptr, "NTLM"))
smtp_auth_mechanism = AUTH_NTLM;
}
if (verbose) {
@ -426,10 +425,10 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
free(buf);
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_smtp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0) {
sock = hydra_disconnect(sock);
}
@ -443,13 +442,13 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
}
int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -457,8 +456,10 @@ int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *mis
return 0;
}
void usage_smtp(const char* service) {
void usage_smtp(const char *service) {
printf("Module smtp is optionally taking one authentication type of:\n"
" LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"
"Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n");
"Additionally TLS encryption via STARTTLS can be enforced with the "
"TLS option.\n\n"
"Example: smtp://target/TLS:PLAIN\n");
}

223
hydra-snmp.c
View file

@ -1,10 +1,10 @@
#include "hydra-mod.h"
#ifdef LIBOPENSSL
#include <openssl/aes.h>
#include <openssl/des.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/des.h>
#include <openssl/aes.h>
#endif
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
@ -15,31 +15,13 @@ extern int32_t child_head_no;
char snmpv3buf[1024], *snmpv3info = NULL;
int32_t snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0;
unsigned char snmpv3_init[] = { 0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02,
0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00,
0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03,
0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01,
0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00,
0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00,
0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc,
0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00
};
unsigned char snmpv3_init[] = {0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00, 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03, 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00, 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00, 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00};
unsigned char snmpv3_get1[] = { 0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02,
0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00,
0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03
};
unsigned char snmpv3_get1[] = {0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00, 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03};
unsigned char snmpv3_get2[] = { 0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00,
0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82,
0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f,
0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01,
0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b,
0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05,
0x00
};
unsigned char snmpv3_get2[] = {0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00, 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82, 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05, 0x00};
unsigned char snmpv3_nouser[] = { 0x04, 0x00, 0x04, 0x00, 0x04, 0x00 };
unsigned char snmpv3_nouser[] = {0x04, 0x00, 0x04, 0x00, 0x04, 0x00};
struct SNMPV1_A {
char ID;
@ -49,13 +31,11 @@ struct SNMPV1_A {
char comlen;
};
struct SNMPV1_A snmpv1_a = {
.ID = '\x30',
.len = '\x00',
.ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */
.comid = '\x04',
.comlen = '\x00'
};
struct SNMPV1_A snmpv1_a = {.ID = '\x30',
.len = '\x00',
.ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */
.comid = '\x04',
.comlen = '\x00'};
struct SNMPV1_R {
unsigned char type[2];
@ -67,12 +47,14 @@ struct SNMPV1_R {
unsigned char object[11];
unsigned char value[3];
} snmpv1_r = {
.type = "\xa0\x1b", /* GET */
.identid = "\x02\x04",.ident = "\x1a\x5e\x97\x00", /* random crap :) */
.errstat = "\x02\x01\x00", /* no error */
.errind = "\x02\x01\x00", /* error index 0 */
.objectid = "\x30\x0d",.object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */
.value = "\x05\x00" /* we just read, so value = 0 */
.type = "\xa0\x1b", /* GET */
.identid = "\x02\x04",
.ident = "\x1a\x5e\x97\x00", /* random crap :) */
.errstat = "\x02\x01\x00", /* no error */
.errind = "\x02\x01\x00", /* error index 0 */
.objectid = "\x30\x0d",
.object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */
.value = "\x05\x00" /* we just read, so value = 0 */
};
struct SNMPV1_W {
@ -85,20 +67,22 @@ struct SNMPV1_W {
unsigned char object[12];
unsigned char value[8];
} snmpv1_w = {
.type = "\xa3\x21", /* SET */
.identid = "\x02\x04",.ident = "\x1a\x5e\x97\x22", /* random crap :) */
.errstat = "\x02\x01\x00", /* no error */
.errind = "\x02\x01\x00", /* error index 0 */
.objectid = "\x30\x13", /* string */
.object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",.value = "\x04\x05Hydra" /* writing hydra :-) */
.type = "\xa3\x21", /* SET */
.identid = "\x02\x04",
.ident = "\x1a\x5e\x97\x22", /* random crap :) */
.errstat = "\x02\x01\x00", /* no error */
.errind = "\x02\x01\x00", /* error index 0 */
.objectid = "\x30\x13", /* string */
.object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",
.value = "\x04\x05Hydra" /* writing hydra :-) */
};
#ifdef LIBOPENSSL
void password_to_key_md5(u_char * password, /* IN */
u_int passwordlen, /* IN */
u_char * engineID, /* IN - pointer to snmpEngineID */
u_int engineLength, /* IN - length of snmpEngineID */
u_char * key) { /* OUT - pointer to caller 16-octet buffer */
void password_to_key_md5(u_char *password, /* IN */
u_int passwordlen, /* IN */
u_char *engineID, /* IN - pointer to snmpEngineID */
u_int engineLength, /* IN - length of snmpEngineID */
u_char *key) { /* OUT - pointer to caller 16-octet buffer */
MD5_CTX MD;
u_char *cp, password_buf[80], *mypass = password, bpass[17];
u_long password_index = 0, count = 0, i, mylen, myelen = engineLength;
@ -121,7 +105,7 @@ void password_to_key_md5(u_char * password, /* IN */
if (myelen > 32)
myelen = 32;
MD5_Init(&MD); /* initialize MD5 */
MD5_Init(&MD); /* initialize MD5 */
/* Use while loop until we've done 1 Megabyte */
while (count < 1048576) {
cp = password_buf;
@ -133,7 +117,7 @@ void password_to_key_md5(u_char * password, /* IN */
MD5_Update(&MD, password_buf, 64);
count += 64;
}
MD5_Final(key, &MD); /* tell MD5 we're done */
MD5_Final(key, &MD); /* tell MD5 we're done */
/* Now localize the key with the engineID and pass */
/* through MD5 to produce final key */
/* May want to ensure that engineLength <= 32, */
@ -147,11 +131,11 @@ void password_to_key_md5(u_char * password, /* IN */
return;
}
void password_to_key_sha(u_char * password, /* IN */
u_int passwordlen, /* IN */
u_char * engineID, /* IN - pointer to snmpEngineID */
u_int engineLength, /* IN - length of snmpEngineID */
u_char * key) { /* OUT - pointer to caller 20-octet buffer */
void password_to_key_sha(u_char *password, /* IN */
u_int passwordlen, /* IN */
u_char *engineID, /* IN - pointer to snmpEngineID */
u_int engineLength, /* IN - length of snmpEngineID */
u_char *key) { /* OUT - pointer to caller 20-octet buffer */
SHA_CTX SH;
u_char *cp, password_buf[80], *mypass = password, bpass[17];
u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength;
@ -169,7 +153,7 @@ void password_to_key_sha(u_char * password, /* IN */
if (myelen > 32)
myelen = 32;
SHA1_Init(&SH); /* initialize SHA */
SHA1_Init(&SH); /* initialize SHA */
/* Use while loop until we've done 1 Megabyte */
while (count < 1048576) {
cp = password_buf;
@ -181,7 +165,7 @@ void password_to_key_sha(u_char * password, /* IN */
SHA1_Update(&SH, password_buf, 64);
count += 64;
}
SHA1_Final(key, &SH); /* tell SHA we're done */
SHA1_Final(key, &SH); /* tell SHA we're done */
/* Now localize the key with the engineID and pass */
/* through SHA to produce final key */
/* May want to ensure that engineLength <= 32, */
@ -196,7 +180,7 @@ void password_to_key_sha(u_char * password, /* IN */
}
#endif
int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256] = "", salt[8] = "";
int32_t i, j, k, size, off = 0, off2 = 0;
unsigned char initVect[8], privacy_params[8];
@ -223,7 +207,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
size = sizeof(snmpv1_w);
}
snmpv1_a.comlen = (char) strlen(pass);
snmpv1_a.comlen = (char)strlen(pass);
snmpv1_a.len = snmpv1_a.comlen + size + sizeof(snmpv1_a) - 3;
i = sizeof(snmpv1_a);
@ -238,7 +222,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
memcpy(buffer + i, &snmpv1_w, size);
i += sizeof(snmpv1_w);
}
} else { // snmpv3
} else { // snmpv3
if (enctype == 0) {
memcpy(buffer, snmpv3_get1, sizeof(snmpv3_get1));
i = sizeof(snmpv3_get1);
@ -277,7 +261,8 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (enctype == 0)
buffer[1] = 48 + sizeof(snmpv3_get1) + buffer[i + 1];
i += snmpv3infolen;
//printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login), buffer[1]);
// printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login),
// buffer[1]);
buffer[i] = 0x04;
buffer[i + 1] = strlen(login);
@ -301,7 +286,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
i += 2;
} else {
buffer[i + 1] = 8;
memcpy(buffer + i + 2, salt, 8); // uninitialized and we don't care
memcpy(buffer + i + 2, salt, 8); // uninitialized and we don't care
i += 10;
}
@ -314,49 +299,49 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
#ifdef LIBOPENSSL
/*
//PrivDES::encrypt(const unsigned char *key,
// const uint32_t key_len,
// const unsigned char *buffer,
// const uint32_t buffer_len,
// unsigned char *out_buffer,
// uint32_t *out_buffer_len,
// unsigned char *privacy_params,
// uint32_t *privacy_params_len,
// const unsigned long engine_boots,
// const unsigned long engine_time)
// last 8 bytes of key are used as base for initialization vector */
/*
//PrivDES::encrypt(const unsigned char *key,
// const uint32_t key_len,
// const unsigned char *buffer,
// const uint32_t buffer_len,
// unsigned char *out_buffer,
// uint32_t *out_buffer_len,
// unsigned char *privacy_params,
// uint32_t *privacy_params_len,
// const unsigned long engine_boots,
// const unsigned long engine_time)
// last 8 bytes of key are used as base for initialization vector */
k = 0;
memcpy((char *) initVect, key + 8, 8);
memcpy((char *)initVect, key + 8, 8);
// put salt in privacy_params
j = htonl(engine_boots);
memcpy(privacy_params, (char *) &j, 4);
memcpy(privacy_params + 4, salt, 4); // ??? correct?
// xor initVect with salt
memcpy(privacy_params, (char *)&j, 4);
memcpy(privacy_params + 4, salt, 4); // ??? correct?
// xor initVect with salt
for (i = 0; i < 8; i++)
initVect[i] ^= privacy_params[i];
DES_key_sched((const_DES_cblock *) key, &symcbc);
DES_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, &symcbc, (const_DES_cblock *) (initVect), DES_ENCRYPT);
DES_key_sched((const_DES_cblock *)key, &symcbc);
DES_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, &symcbc, (const_DES_cblock *)(initVect), DES_ENCRYPT);
#endif
/* for (i = 0; i <= sizeof(snmpv3_get2) - 8; i += 8) {
DES_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8, (const_DES_cblock*)(initVect), DES_ENCRYPT);
}
// last part of buffer
if (buffer_len % 8) {
unsigned char tmp_buf[8];
unsigned char *tmp_buf_ptr = tmp_buf;
int32_t start = buffer_len - (buffer_len % 8);
memset(tmp_buf, 0, 8);
for (uint32_t l = start; l < buffer_len; l++)
*tmp_buf_ptr++ = buffer[l];
DES_ncbc_encrypt(tmp_buf, buf + start, 1, &symcbc, (const_DES_cblock*)(initVect), DES_ENCRYPT);
*out_buffer_len = buffer_len + 8 - (buffer_len % 8);
} else
*out_buffer_len = buffer_len;
*/
//dummy
/* for (i = 0; i <= sizeof(snmpv3_get2) - 8; i += 8) {
DES_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8,
(const_DES_cblock*)(initVect), DES_ENCRYPT);
}
// last part of buffer
if (buffer_len % 8) {
unsigned char tmp_buf[8];
unsigned char *tmp_buf_ptr = tmp_buf;
int32_t start = buffer_len - (buffer_len % 8);
memset(tmp_buf, 0, 8);
for (uint32_t l = start; l < buffer_len; l++)
*tmp_buf_ptr++ = buffer[l];
DES_ncbc_encrypt(tmp_buf, buf + start, 1, &symcbc,
(const_DES_cblock*)(initVect), DES_ENCRYPT); *out_buffer_len =
buffer_len + 8 - (buffer_len % 8); } else *out_buffer_len = buffer_len;
*/
// dummy
k = ((sizeof(snmpv3_get2) - 2) / 8);
if ((sizeof(snmpv3_get2) - 2) % 8 != 0)
k++;
@ -364,13 +349,13 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
i += k * 8 + 2;
}
i++; // just to conform with the snmpv1/2 code
i++; // just to conform with the snmpv1/2 code
#ifdef LIBOPENSSL
if (hashtype == 1) {
HMAC((EVP_MD *) EVP_md5(), key, 16, buffer, i - 1, hash, NULL);
HMAC((EVP_MD *)EVP_md5(), key, 16, buffer, i - 1, hash, NULL);
memcpy(buffer + off, hash, 12);
} else if (hashtype == 2) {
HMAC((EVP_MD *) EVP_sha1(), key, 20, buffer, i - 1, hash, NULL);
HMAC((EVP_MD *)EVP_sha1(), key, 20, buffer, i - 1, hash, NULL);
memcpy(buffer + off, hash, 12);
}
#endif
@ -384,19 +369,19 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
} while (hydra_data_ready_timed(s, 1, 0) <= 0 && j < 3);
if (hydra_data_ready_timed(s, 5, 0) > 0) {
i = hydra_recv(s, (char *) buf, sizeof(buf));
i = hydra_recv(s, (char *)buf, sizeof(buf));
if (snmpversion < 3) {
/* stolen from ADMsnmp... :P */
for (j = 0; j < i; j++) {
if (buf[j] == '\x04') { /* community name */
for (j = j + buf[j + 1]; j + 2 < i; j++) {
if (buf[j] == '\xa2') { /* PDU Response */
if (buf[j] == '\xa2') { /* PDU Response */
for (; j + 2 < i; j++) {
if (buf[j] == '\x02') { /* ID */
for (j = j + (buf[j + 1]); j + 2 < i; j++) {
if (buf[j] == '\x02') {
if (buf[j + 1] == '\x01') { /* good ! */
if (buf[j + 1] == '\x01') { /* good ! */
hydra_report_found_host(port, ip, "snmp", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -411,7 +396,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
}
}
}
} else { // snmpv3 reply
} else { // snmpv3 reply
off = 0;
if (buf[0] == 0x30) {
if (buf[4] == 0x03 && buf[5] == 0x30)
@ -453,7 +438,8 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
} else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, sizeof(snmpv3_nouser)) >= 0) { // user does not exist
} else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser,
sizeof(snmpv3_nouser)) >= 0) { // user does not exist
if (verbose)
printf("[INFO] user %s does not exist, skipping\n", login);
hydra_completed_pair_skip();
@ -470,7 +456,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
return 1;
}
void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1, i = 0;
int32_t myport = PORT_SNMP;
char *lptr;
@ -519,7 +505,7 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
hydra_register_socket(sp);
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int32_t)getpid());
hydra_child_exit(1);
}
@ -528,7 +514,7 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
while (snmpv3info == NULL && next_run < 3) {
hydra_send(sock, snmpv3_init, sizeof(snmpv3_init), 0);
if (hydra_data_ready_timed(sock, 5, 0) > 0) {
if ((i = hydra_recv(sock, (char *) snmpv3buf, sizeof(snmpv3buf))) > 30) {
if ((i = hydra_recv(sock, (char *)snmpv3buf, sizeof(snmpv3buf))) > 30) {
if (snmpv3buf[4] == 3 && snmpv3buf[5] == 0x30) {
snmpv3info = snmpv3buf + 7 + snmpv3buf[6];
snmpv3infolen = snmpv3info[3] + 4;
@ -538,8 +524,9 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
if (debug)
hydra_dump_asciihex(snmpv3info, snmpv3infolen);
if (snmpv3info[10] == 3 && child_head_no == 0)
printf("[INFO] Remote device MAC address is %02x:%02x:%02x:%02x:%02x:%02x\n", (unsigned char) snmpv3info[12], (unsigned char) snmpv3info[13],
(unsigned char) snmpv3info[14], (unsigned char) snmpv3info[15], (unsigned char) snmpv3info[16], (unsigned char) snmpv3info[12]);
printf("[INFO] Remote device MAC address is "
"%02x:%02x:%02x:%02x:%02x:%02x\n",
(unsigned char)snmpv3info[12], (unsigned char)snmpv3info[13], (unsigned char)snmpv3info[14], (unsigned char)snmpv3info[15], (unsigned char)snmpv3info[16], (unsigned char)snmpv3info[12]);
}
}
}
@ -557,10 +544,10 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
next_run = start_snmp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
@ -573,13 +560,13 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
}
int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -587,20 +574,22 @@ int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *mis
return 0;
}
void usage_snmp(const char* service) {
void usage_snmp(const char *service) {
printf("Module snmp is optionally taking the following parameters:\n"
" READ perform read requests (default)\n"
" WRITE perform write requests\n"
" 1 use SNMP version 1 (default)\n"
" 2 use SNMP version 2\n"
" 3 use SNMP version 3\n"
" Note that SNMP version 3 usually uses both login and passwords!\n"
" Note that SNMP version 3 usually uses both login and "
"passwords!\n"
" SNMP version 3 has the following optional sub parameters:\n"
" MD5 use MD5 authentication (default)\n"
" SHA use SHA authentication\n"
" DES use DES encryption\n"
" AES use AES encryption\n"
" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"
" if no -p/-P parameter is given, SNMPv3 noauth is performed, "
"which\n"
" only requires a password (or username) not both.\n"
"To combine the options, use colons (\":\"), e.g.:\n"
" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"

38
hydra-socks5.c
View file

@ -14,7 +14,7 @@ unsigned char *buf;
int32_t fail_cnt;
int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, buffer[300];
int32_t pport, fud = 0;
@ -28,7 +28,7 @@ int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, c
if (hydra_send(s, buffer, 4, 0) < 0) {
return 1;
}
if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) {
if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) {
fail_cnt++;
if (fail_cnt >= 10)
return 5;
@ -57,16 +57,16 @@ int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, c
}
free(buf);
/* RFC 1929
For username/password authentication the client's authentication request is
field 1: version number, 1 byte (must be 0x01)
*/
snprintf(buffer, sizeof(buffer), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass);
/* RFC 1929
For username/password authentication the client's authentication request is
field 1: version number, 1 byte (must be 0x01)
*/
snprintf(buffer, sizeof(buffer), "\x01%c%s%c%s", (char)strlen(login), login, (char)strlen(pass), pass);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1;
if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL)
if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL)
return (1);
if (buf[1] != 255) {
@ -84,7 +84,7 @@ int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, c
memcpy(buffer + 8, &pport, 2);
hydra_send(s, buffer, 10, 0);
}
if ((buf = (unsigned char *) hydra_receive_line(s)) != NULL) {
if ((buf = (unsigned char *)hydra_receive_line(s)) != NULL) {
if (buf[1] == 0 || buf[1] == 32) {
hydra_report_found_host(port, ip, "socks5", fp);
hydra_completed_pair_found();
@ -104,7 +104,7 @@ int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, c
return 2;
}
void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_SOCKS5, mysslport = PORT_SOCKS5_SSL;
@ -116,10 +116,10 @@ void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr,
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(300);
// usleepn(300);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -133,25 +133,25 @@ void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr,
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_socks5(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
case 4: /* clean exit */
case 4: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
return;
case 5: /* clean exit, server may blocking connections */
case 5: /* clean exit, server may blocking connections */
hydra_report(stderr, "[ERROR] Server may blocking connections\n");
if (sock >= 0)
sock = hydra_disconnect(sock);
@ -165,13 +165,13 @@ void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr,
}
}
int32_t service_socks5_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_socks5_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

47
hydra-ssh.c
View file

@ -8,9 +8,7 @@ have to add option -DWITH_SSH1=On in the cmake
#include "hydra-mod.h"
#ifndef LIBSSH
void dummy_ssh() {
printf("\n");
}
void dummy_ssh() { printf("\n"); }
#else
#include <libssh/libssh.h>
@ -23,7 +21,7 @@ extern hydra_option hydra_options;
extern char *HYDRA_EXIT;
int32_t new_session = 1;
int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, keep_login[300];
int32_t auth_state = 0, rc = 0, i = 0;
@ -49,7 +47,7 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
if (ssh_connect(session) != 0) {
//if the connection was drop, exit and let hydra main handle it
// if the connection was drop, exit and let hydra main handle it
if (verbose)
hydra_report(stderr, "[ERROR] could not connect to target port %d: %s\n", port, ssh_get_error(session));
return 3;
@ -110,7 +108,7 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char
return 1;
}
void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp);
@ -118,7 +116,7 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
next_run = start_ssh(sock, ip, port, options, miscptr, fp);
break;
case 2:
@ -158,16 +156,16 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
#endif
//
// dirty workaround here: miscptr is the ptr to the logins, and the first one is used
// to test if password authentication is enabled!!
// dirty workaround here: miscptr is the ptr to the logins, and the first one is
// used to test if password authentication is enabled!!
//
int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// 1 skip target without generating an error
@ -176,9 +174,11 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc
#ifdef LIBSSH
int32_t rc, method;
ssh_session session = ssh_new();
if (verbose || debug)
printf("[INFO] Testing if password authentication is supported by ssh://%s@%s:%d\n", miscptr == NULL ? "hydra" : miscptr, hydra_address2string_beautiful(ip), port);
printf("[INFO] Testing if password authentication is supported by "
"ssh://%s@%s:%d\n",
miscptr == NULL ? "hydra" : miscptr, hydra_address2string_beautiful(ip), port);
ssh_options_set(session, SSH_OPTIONS_PORT, &port);
ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip));
if (miscptr == NULL)
@ -191,26 +191,35 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc
if (ssh_connect(session) != 0) {
fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d - %s\n", hydra_address2string_beautiful(ip), port, ssh_get_error(session));
return 2;
}
}
rc = ssh_userauth_none(session, NULL);
method = ssh_userauth_list(session, NULL);
method = ssh_userauth_list(session, NULL);
ssh_disconnect(session);
ssh_finalize();
ssh_free(session);
if (debug) printf("[DEBUG] SSH method check: %08x\n", method);
if (debug)
printf("[DEBUG] SSH method check: %08x\n", method);
if ((method & SSH_AUTH_METHOD_INTERACTIVE) || (method & SSH_AUTH_METHOD_PASSWORD)) {
if (verbose || debug)
printf("[INFO] Successful, password authentication is supported by ssh://%s:%d\n", hydra_address2string_beautiful(ip), port);
printf("[INFO] Successful, password authentication is supported by "
"ssh://%s:%d\n",
hydra_address2string_beautiful(ip), port);
return 0;
} else if (method == 0) {
if (verbose || debug)
fprintf(stderr, "[WARNING] invalid SSH method reply from ssh://%s:%d, continuing anyway ... (check for empty password!)\n", hydra_address2string_beautiful(ip), port);
fprintf(stderr,
"[WARNING] invalid SSH method reply from ssh://%s:%d, continuing "
"anyway ... (check for empty password!)\n",
hydra_address2string_beautiful(ip), port);
return 0;
}
fprintf(stderr, "[ERROR] target ssh://%s:%d/ does not support password authentication (method reply %d).\n", hydra_address2string_beautiful(ip), port, method);
fprintf(stderr,
"[ERROR] target ssh://%s:%d/ does not support password "
"authentication (method reply %d).\n",
hydra_address2string_beautiful(ip), port, method);
return 1;
#else
return 0;

26
hydra-sshkey.c
View file

@ -1,16 +1,14 @@
/*
libssh is available at http://www.libssh.org
current version is 0.4.8
current version is 0.4.8
If you want support for ssh v1 protocol, you
have to add option -DWITH_SSH1=On in the cmake
*/
#include "hydra-mod.h"
#ifndef LIBSSH
void dummy_sshkey() {
printf("\n");
}
void dummy_sshkey() { printf("\n"); }
#else
#include <libssh/libssh.h>
@ -21,7 +19,7 @@ extern ssh_session session;
extern char *HYDRA_EXIT;
extern int32_t new_session;
int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *key, keep_login[300];
int32_t auth_state = 0, rc = 0;
@ -46,7 +44,7 @@ int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, c
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
if (ssh_connect(session) != 0) {
//if the connection was drop, exit and let hydra main handle it
// if the connection was drop, exit and let hydra main handle it
if (verbose)
hydra_report(stderr, "[ERROR] could not connect to target port %d\n", port);
return 3;
@ -108,7 +106,7 @@ int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, c
return 1;
}
void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp);
@ -116,7 +114,7 @@ void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr,
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
next_run = start_sshkey(sock, ip, port, options, miscptr, fp);
break;
case 2:
@ -154,13 +152,13 @@ void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr,
#endif
#endif
int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -168,9 +166,11 @@ int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *m
return 0;
}
void usage_sshkey(const char* service) {
printf("Module sshkey does not provide additional options, although the semantic for\n"
void usage_sshkey(const char *service) {
printf("Module sshkey does not provide additional options, although the "
"semantic for\n"
"options -p and -P is changed:\n"
" -p expects a path to an unencrypted private key in PEM format.\n"
" -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n");
" -P expects a filename containing a list of path to some unencrypted\n"
" private keys in PEM format.\n\n");
}

76
hydra-svn.c
View file

@ -1,5 +1,5 @@
//This plugin was written by <david dot maciejak at gmail D O T com>
//checked for memleaks on 110425, none found
// This plugin was written by <david dot maciejak at gmail D O T com>
// checked for memleaks on 110425, none found
#ifdef LIBSVN
@ -10,12 +10,12 @@
#include <sys/param.h>
#endif
#include <svn_version.h>
#include <svn_client.h>
#include <svn_cmdline.h>
#include <svn_pools.h>
#include <svn_config.h>
#include <svn_fs.h>
#include <svn_pools.h>
#include <svn_version.h>
#if SVN_VER_MINOR > 7
#include <svn_path.h>
#endif
@ -25,9 +25,7 @@
#include "hydra-mod.h"
#ifndef LIBSVN
void dummy_svn() {
printf("\n");
}
void dummy_svn() { printf("\n"); }
#else
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
@ -36,11 +34,9 @@ extern char *HYDRA_EXIT;
#define DEFAULT_BRANCH "trunk"
static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t * dirent, const svn_lock_t * lock, const char *abs_path, apr_pool_t * pool) {
return SVN_NO_ERROR;
}
static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t *dirent, const svn_lock_t *lock, const char *abs_path, apr_pool_t *pool) { return SVN_NO_ERROR; }
static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t * pool) {
static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t **cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t *pool) {
char *empty = "";
char *login, *pass;
svn_auth_cred_simple_t *ret = apr_pcalloc(pool, sizeof(*ret));
@ -57,13 +53,13 @@ static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, vo
return SVN_NO_ERROR;
}
int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
//int32_t ipv6 = 0;
int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
// int32_t ipv6 = 0;
char URL[1024];
char URLBRANCH[256];
#if SVN_VER_MINOR > 7
#if SVN_VER_MINOR > 7
const char *canonical;
#endif
#endif
apr_pool_t *pool;
svn_error_t *err;
svn_opt_revision_t revision;
@ -80,7 +76,7 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char
if (svn_cmdline_init("hydra", stderr) != EXIT_SUCCESS)
return 4;
//if (ip[0] == 16)
// if (ip[0] == 16)
// ipv6 = 1;
pool = svn_pool_create(NULL);
@ -96,7 +92,7 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char
if ((err = svn_client_create_context2(&ctx, NULL, pool))) {
#else
if ((err = svn_client_create_context(&ctx, pool))) {
#endif
#endif
svn_pool_destroy(pool);
svn_handle_error2(err, stderr, FALSE, "hydra: ");
return 4;
@ -110,7 +106,7 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char
providers = apr_array_make(pool, 1, sizeof(svn_auth_provider_object_t *));
svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */
svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */
0, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
@ -120,29 +116,29 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char
revision.kind = svn_opt_revision_head;
snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string_beautiful(ip), port, URLBRANCH);
dirents = SVN_DIRENT_KIND;
#if SVN_VER_MINOR > 9
#if SVN_VER_MINOR > 9
canonical = svn_uri_canonicalize(URL, pool);
err = svn_client_list4(canonical, &revision, &revision, NULL, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t) print_dirdummy, NULL, ctx, pool);
#elif SVN_VER_MINOR > 7
err = svn_client_list4(canonical, &revision, &revision, NULL, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t)print_dirdummy, NULL, ctx, pool);
#elif SVN_VER_MINOR > 7
canonical = svn_uri_canonicalize(URL, pool);
err = svn_client_list3(canonical, &revision, &revision, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t) print_dirdummy, NULL, ctx, pool);
#else
err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool);
#endif
err = svn_client_list3(canonical, &revision, &revision, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t)print_dirdummy, NULL, ctx, pool);
#else
err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool);
#endif
svn_pool_destroy(pool);
if (err) {
if (debug || (verbose && (err->apr_err != 170001 && err->apr_err != 170013)))
hydra_report(stderr, "[ERROR] Access refused (error code %d) , message: %s\n", err->apr_err, err->message);
//Username not found 170001 ": Username not found"
//Password incorrect 170001 ": Password incorrect"
// Username not found 170001 ": Username not found"
// Password incorrect 170001 ": Password incorrect"
if (err->apr_err != 170001 && err->apr_err != 170013) {
return 4; //error
return 4; // error
} else {
if (strstr(err->message, "Username not found")) {
//if (verbose)
//printf("[INFO] user %s does not exist, skipping\n", login);
// if (verbose)
// printf("[INFO] user %s does not exist, skipping\n", login);
hydra_completed_pair_skip();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
@ -162,7 +158,7 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char
return 3;
}
void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_SVN, mysslport = PORT_SVN_SSL;
@ -173,11 +169,11 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
return;
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(300);
// usleepn(300);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -191,7 +187,7 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
@ -207,7 +203,8 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
return;
default:
if (!verbose)
hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n");
hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose "
"option for more details\n");
hydra_child_exit(0);
}
run = next_run;
@ -216,13 +213,13 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
#endif
int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -238,6 +235,7 @@ int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *misc
return 0;
}
void usage_svn(const char* service) {
printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n");
void usage_svn(const char *service) {
printf("Module svn is optionally taking the repository name to attack, "
"default is \"trunk\"\n\n");
}

38
hydra-teamspeak.c
View file

@ -37,7 +37,7 @@ extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
extern char *HYDRA_EXIT;
int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass;
char buf[100];
@ -53,21 +53,21 @@ int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options
memcpy(&teamspeak.header, "\xf4\xbe\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00", 16);
teamspeak.clientlen = 9;
strcpy((char *) &teamspeak.client, "TeamSpeak");
strcpy((char *)&teamspeak.client, "TeamSpeak");
teamspeak.oslen = 11;
strcpy((char *) &teamspeak.os, "Linux 2.6.9");
strcpy((char *)&teamspeak.os, "Linux 2.6.9");
memcpy(&teamspeak.misc, "\x02\x00\x00\x00\x20\x00\x3c\x00\x01\x02", 10);
teamspeak.userlen = strlen(login);
strncpy((char *) &teamspeak.user, login, 29);
strncpy((char *)&teamspeak.user, login, 29);
teamspeak.passlen = strlen(pass);
strncpy((char *) &teamspeak.pass, pass, 29);
strncpy((char *)&teamspeak.pass, pass, 29);
teamspeak.loginlen = 0;
strcpy((char *) &teamspeak.login, "");
strcpy((char *)&teamspeak.login, "");
#ifdef HAVE_ZLIB
teamspeak.crc = crc32(0L, (const Bytef *)&teamspeak, sizeof(struct team_speak));
@ -75,22 +75,22 @@ int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options
teamspeak.crc = crc32(&teamspeak, sizeof(struct team_speak));
#endif
if (hydra_send(s, (char *) &teamspeak, sizeof(struct team_speak), 0) < 0) {
if (hydra_send(s, (char *)&teamspeak, sizeof(struct team_speak), 0) < 0) {
return 3;
}
if (hydra_data_ready_timed(s, 5, 0) > 0) {
hydra_recv(s, (char *) buf, sizeof(buf));
hydra_recv(s, (char *)buf, sizeof(buf));
if (buf[0x58] == 1) {
hydra_report_found_host(port, ip, "teamspeak", fp);
hydra_completed_pair_found();
}
if (buf[0x4B] != 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
} else {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
@ -101,7 +101,7 @@ int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options
return 1;
}
void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_TEAMSPEAK;
@ -112,23 +112,23 @@ void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscpt
while (1) {
switch (run) {
case 1: /* connect and service init function */
// if (sock >= 0)
// sock = hydra_disconnect(sock);
// usleepn(300);
case 1: /* connect and service init function */
// if (sock >= 0)
// sock = hydra_disconnect(sock);
// usleepn(300);
if (sock < 0) {
if (port != 0)
myport = port;
sock = hydra_connect_udp(ip, myport);
port = myport;
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
}
next_run = start_teamspeak(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
@ -141,13 +141,13 @@ void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscpt
}
}
int32_t service_teamspeak_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_teamspeak_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

43
hydra-telnet.c
View file

@ -5,7 +5,7 @@ extern char *HYDRA_EXIT;
char *buf;
int32_t no_line_mode;
int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass, buffer[300];
int32_t i = 0;
@ -44,7 +44,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c
return 3;
return 1;
}
(void) make_to_lower(buf);
(void)make_to_lower(buf);
if (hydra_strcasestr(buf, "asswor") != NULL || hydra_strcasestr(buf, "asscode") != NULL || hydra_strcasestr(buf, "ennwort") != NULL)
i = 1;
@ -76,10 +76,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c
/*win7 answering with do terminal type = 0xfd 0x18 */
while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) {
if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL &&
strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL &&
(index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL ||
index(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) {
if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL && (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || index(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) {
hydra_report_found_host(port, ip, "telnet", fp);
hydra_completed_pair_found();
free(buf);
@ -96,7 +93,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c
return 2;
}
void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1, fck;
int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL;
@ -110,10 +107,10 @@ void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr,
int32_t old_waittime = waittime;
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(300);
// usleepn(300);
no_line_mode = 0;
first = 0;
if ((options & OPTION_SSL) == 0) {
@ -128,13 +125,13 @@ void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr,
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
if ((buf = hydra_receive_line(sock)) == NULL) { /* check the first line */
if ((buf = hydra_receive_line(sock)) == NULL) { /* check the first line */
hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown\n");
hydra_child_exit(2);
// hydra_child_exit(2);
// hydra_child_exit(2);
}
if (hydra_strcasestr(buf, "ress ENTER") != NULL) {
hydra_send(sock, "\r\n", 2, 0);
@ -150,7 +147,7 @@ void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr,
hydra_report(stdout, "DEBUG: waittime set to %d\n", waittime);
}
do {
unsigned char *buf2 = (unsigned char *) buf;
unsigned char *buf2 = (unsigned char *)buf;
while (*buf2 == IAC) {
if (first == 0) {
@ -175,23 +172,23 @@ void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr,
buf2 = buf2 + 3;
}
if (buf2 != (unsigned char *) buf) {
if (buf2 != (unsigned char *)buf) {
free(buf);
buf = hydra_receive_line(sock);
} else {
buf[0] = 0;
}
if (buf != NULL && buf[0] != 0 && (unsigned char) buf[0] != IAC)
if (buf != NULL && buf[0] != 0 && (unsigned char)buf[0] != IAC)
make_to_lower(buf);
} while (buf != NULL && (unsigned char) buf[0] == IAC && hydra_strcasestr(buf, "ogin:") == NULL && hydra_strcasestr(buf, "sername:") == NULL);
} while (buf != NULL && (unsigned char)buf[0] == IAC && hydra_strcasestr(buf, "ogin:") == NULL && hydra_strcasestr(buf, "sername:") == NULL);
free(buf);
waittime = old_waittime;
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_telnet(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -204,13 +201,13 @@ void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr,
}
}
int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -218,7 +215,9 @@ int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *m
return 0;
}
void usage_telnet(const char* service) {
void usage_telnet(const char *service) {
printf("Module telnet is optionally taking the string which is displayed after\n"
"a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n");
"a successful login (case insensitive), use if the default in the "
"telnet\n"
"module produces too many false positives\n\n");
}

29
hydra-time.c
View file

@ -2,30 +2,23 @@
#ifndef _WIN32
#include <time.h>
int32_t sleepn(time_t seconds)
{
struct timespec ts;
ts.tv_sec = seconds;
ts.tv_nsec = 0;
return nanosleep(&ts, NULL);
int32_t sleepn(time_t seconds) {
struct timespec ts;
ts.tv_sec = seconds;
ts.tv_nsec = 0;
return nanosleep(&ts, NULL);
}
int32_t usleepn(uint64_t milisec) {
struct timespec ts;
ts.tv_sec = milisec / 1000;
ts.tv_nsec = (milisec % 1000) * 1000000L;
return nanosleep(&ts, NULL);
struct timespec ts;
ts.tv_sec = milisec / 1000;
ts.tv_nsec = (milisec % 1000) * 1000000L;
return nanosleep(&ts, NULL);
}
#else
#include <windows.h>
int32_t sleepn(uint32_t seconds)
{
return SleepEx(milisec*1000,TRUE);
}
int32_t sleepn(uint32_t seconds) { return SleepEx(milisec * 1000, TRUE); }
int32_t usleepn(uint32_t milisec)
{
return SleepEx(milisec,TRUE);
}
int32_t usleepn(uint32_t milisec) { return SleepEx(milisec, TRUE); }
#endif

47
hydra-vmauthd.c
View file

@ -1,16 +1,15 @@
//This plugin was written by david@
// This plugin was written by david@
//
//This plugin is written for VMware Authentication Daemon
// This plugin is written for VMware Authentication Daemon
//
#include "hydra-mod.h"
extern char *HYDRA_EXIT;
char *buf;
int32_t start_vmauthd(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_vmauthd(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "\"\"";
char *login, *pass, buffer[300];
@ -45,9 +44,9 @@ int32_t start_vmauthd(int32_t s, char *ip, int32_t port, unsigned char options,
if ((buf = hydra_receive_line(s)) == NULL)
return (1);
//fprintf(stderr, "%s\n", buf);
//230 User test logged in.
//530 Login incorrect.
// fprintf(stderr, "%s\n", buf);
// 230 User test logged in.
// 530 Login incorrect.
if (strncmp(buf, "230 ", 4) == 0) {
hydra_report_found_host(port, ip, "vmauthd", fp);
@ -65,7 +64,7 @@ int32_t start_vmauthd(int32_t s, char *ip, int32_t port, unsigned char options,
return 2;
}
void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_VMAUTHD, mysslport = PORT_VMAUTHD_SSL;
@ -74,10 +73,10 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr,
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(300);
// usleepn(300);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -92,14 +91,15 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr,
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
buf = hydra_receive_line(sock);
//fprintf(stderr, "%s\n",buf);
//220 VMware Authentication Daemon Version 1.00
//220 VMware Authentication Daemon Version 1.10: SSL Required
//220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC ,
// fprintf(stderr, "%s\n",buf);
// 220 VMware Authentication Daemon Version 1.00
// 220 VMware Authentication Daemon Version 1.10: SSL Required
// 220 VMware Authentication Daemon Version 1.10: SSL Required,
// ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC ,
if (buf == NULL || strstr(buf, "220 VMware Authentication Daemon Version ") == NULL) {
/* check the first line */
@ -108,14 +108,17 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr,
hydra_child_exit(2);
}
if ((strstr(buf, "Version 1.00") == NULL) && (strstr(buf, "Version 1.10") == NULL)) {
hydra_report(stderr, "[ERROR] this vmware authd protocol is not supported, please report: %s\n", buf);
hydra_report(stderr,
"[ERROR] this vmware authd protocol is not supported, "
"please report: %s\n",
buf);
free(buf);
hydra_child_exit(2);
}
//by default this service is waiting for ssl connections
// by default this service is waiting for ssl connections
if (strstr(buf, "SSL Required") != NULL) {
if ((options & OPTION_SSL) == 0) {
//reconnecting using SSL
// reconnecting using SSL
if (hydra_connect_to_ssl(sock, hostname) == -1) {
free(buf);
hydra_report(stderr, "[ERROR] Can't use SSL\n");
@ -127,10 +130,10 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr,
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_vmauthd(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -143,13 +146,13 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr,
}
}
int32_t service_vmauthd_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_vmauthd_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

71
hydra-vnc.c
View file

@ -5,14 +5,14 @@
*
*/
#include "hydra-mod.h"
#include "d3des.h"
#include "hydra-mod.h"
#define CHALLENGESIZE 16
//for RFB 003.003 & 003.005
// for RFB 003.003 & 003.005
#define RFB33 1
//for RFB 3.7 and onwards
// for RFB 3.7 and onwards
#define RFB37 2
int32_t vnc_client_version = RFB33;
@ -44,7 +44,7 @@ void vncEncryptBytes(unsigned char *bytes, char *passwd) {
}
}
int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *pass;
unsigned char buf2[CHALLENGESIZE + 4];
@ -57,22 +57,22 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char
if (vnc_client_version == RFB37) {
int32_t i;
//fprintf(stderr,"number of security types supported: %d\n", buf2[0]);
// fprintf(stderr,"number of security types supported: %d\n", buf2[0]);
if (buf2[0] == 0 || buf2[0] > CHALLENGESIZE + 4) {
hydra_report(stderr, "[ERROR] VNC server connection failed\n");
hydra_child_exit(0);
}
for (i = 1; i <= buf2[0]; i++) {
//fprintf(stderr,"sec type %u\n",buf2[i]);
//check if weak security types are available
// fprintf(stderr,"sec type %u\n",buf2[i]);
// check if weak security types are available
if (buf2[i] <= 0x2) {
buf2[3] = buf2[i];
break;
}
}
}
//supported security type
// supported security type
switch (buf2[3]) {
case 0x0:
hydra_report(stderr, "[ERROR] VNC server told us to quit %c\n", buf2[3]);
@ -87,24 +87,24 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char
hydra_child_exit(2);
break;
case 0x2:
//VNC security type supported is the only type supported for now
// VNC security type supported is the only type supported for now
if (vnc_client_version == RFB37) {
sprintf(buf, "%c", 0x2);
if (hydra_send(s, buf, strlen(buf), 0) < 0) {
return 1;
}
//get authentication challenge from server
// get authentication challenge from server
if (recv(s, buf2, CHALLENGESIZE, 0) == -1)
return 1;
//send response
// send response
vncEncryptBytes(buf2, pass);
if (hydra_send(s, (char *) buf2, CHALLENGESIZE, 0) < 0) {
if (hydra_send(s, (char *)buf2, CHALLENGESIZE, 0) < 0) {
return 1;
}
} else {
//in old proto, challenge is following the security type
vncEncryptBytes((unsigned char *) buf2 + 4, pass);
if (hydra_send(s, (char *) buf2 + 4, CHALLENGESIZE, 0) < 0) {
// in old proto, challenge is following the security type
vncEncryptBytes((unsigned char *)buf2 + 4, pass);
if (hydra_send(s, (char *)buf2 + 4, CHALLENGESIZE, 0) < 0) {
return 1;
}
}
@ -114,7 +114,7 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char
hydra_child_exit(2);
}
//check security result value
// check security result value
recv(s, buf, 4, 0);
if (buf == NULL)
return 1;
@ -142,10 +142,10 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char
return 1;
}
return 1; /* never reached */
return 1; /* never reached */
}
void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_VNC, mysslport = PORT_VNC_SSL;
@ -154,7 +154,7 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
@ -169,26 +169,28 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
usleepn(300);
buf = hydra_receive_line(sock);
if (buf == NULL || (strncmp(buf, "RFB", 3) != 0)) { /* check the first line */
if (buf == NULL || (strncmp(buf, "RFB", 3) != 0)) { /* check the first line */
hydra_report(stderr, "[ERROR] Not a VNC protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
}
if (strstr(buf, " security failures") != NULL) { /* check the first line */
if (strstr(buf, " security failures") != NULL) { /* check the first line */
/*
VNC has a 'blacklisting' scheme that blocks an IP address after five unsuccessful connection attempts.
The IP address is initially blocked for ten seconds,
but this doubles for each unsuccessful attempt thereafter.
A successful connection from an IP address resets the blacklist timeout.
This is built in to VNC Server and does not rely on operating system support.
VNC has a 'blacklisting' scheme that blocks an IP address after five
unsuccessful connection attempts. The IP address is initially blocked
for ten seconds, but this doubles for each unsuccessful attempt
thereafter. A successful connection from an IP address resets the
blacklist timeout. This is built in to VNC Server and does not rely
on operating system support.
*/
failed_auth++;
hydra_report(stderr, "VNC server reported too many authentication failures, have to wait some seconds ...\n");
hydra_report(stderr, "VNC server reported too many authentication "
"failures, have to wait some seconds ...\n");
sleep(12 * failed_auth);
free(buf);
next_run = 1;
@ -197,12 +199,13 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
if (verbose)
hydra_report(stderr, "[VERBOSE] Server banner is %s\n", buf);
if (((strstr(buf, "RFB 005.000") != NULL) || (strstr(buf, "RFB 004") != NULL) || (strstr(buf, "RFB 003.007") != NULL) || (strstr(buf, "RFB 003.008") != NULL))) {
//using proto version 003.007 to talk to server 005.xxx and 004.xxx same for 3.7 and 3.8
// using proto version 003.007 to talk to server 005.xxx and 004.xxx
// same for 3.7 and 3.8
vnc_client_version = RFB37;
free(buf);
buf = strdup("RFB 003.007\n");
} else {
//for RFB 3.3 and fake 3.5
// for RFB 3.3 and fake 3.5
vnc_client_version = RFB33;
free(buf);
buf = strdup("RFB 003.003\n");
@ -210,10 +213,10 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
hydra_send(sock, buf, strlen(buf), 0);
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_vnc(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -231,13 +234,13 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
}
}
int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here

308
hydra-xmpp.c
View file

@ -9,9 +9,10 @@ static char *domain = NULL;
int32_t xmpp_auth_mechanism = AUTH_ERROR;
char *JABBER_CLIENT_INIT_STR = "<?xml version='1.0' ?><stream:stream to='";
char *JABBER_CLIENT_INIT_END_STR = "' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>";
char *JABBER_CLIENT_INIT_END_STR = "' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' "
"version='1.0'>";
int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "\"\"";
char *login, *pass, buffer[500], buffer2[500];
char *AUTH_STR = "<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='";
@ -71,131 +72,30 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha
strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen);
buffer2[chglen] = '\0';
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buffer2);
from64tobits((char *)buffer, buffer2);
if (debug)
hydra_report(stderr, "DEBUG S: %s\n", buffer);
}
switch (xmpp_auth_mechanism) {
case AUTH_LOGIN:{
if (strstr(buffer, "sername") != NULL) {
strncpy(buffer2, login, sizeof(buffer2) - 1);
buffer2[sizeof(buffer2) - 1] = '\0';
case AUTH_LOGIN: {
if (strstr(buffer, "sername") != NULL) {
strncpy(buffer2, login, sizeof(buffer2) - 1);
buffer2[sizeof(buffer2) - 1] = '\0';
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
free(buf);
return 1;
}
buf = hydra_receive_line(s);
if (buf == NULL)
return 1;
/* server now would ask for the password */
if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) {
char *ptr = strstr(buf, CHALLENGE_STR);
if (!ptr)
ptr = strstr(buf, CHALLENGE_STR2);
char *ptr_end = strstr(ptr, CHALLENGE_END_STR);
int32_t chglen = ptr_end - ptr - strlen(CHALLENGE_STR);
if ((chglen > 0) && (chglen < sizeof(buffer2))) {
strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen);
buffer2[chglen] = '\0';
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buffer2);
if (strstr(buffer, "assword") != NULL) {
strncpy(buffer2, pass, sizeof(buffer2) - 1);
buffer2[sizeof(buffer2) - 1] = '\0';
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
}
} else {
hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n");
free(buf);
return 1;
}
}
}
}
break;
#ifdef LIBOPENSSL
case AUTH_PLAIN:{
memset(buffer2, 0, sizeof(buffer));
sasl_plain(buffer2, login, pass);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer);
}
break;
case AUTH_CRAMMD5:{
int32_t rc = 0;
char *preplogin;
memset(buffer2, 0, sizeof(buffer2));
sasl_cram_md5(buffer2, pass, buffer);
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
free(buf);
return 3;
}
sprintf(buffer, "%.200s %.250s", preplogin, buffer2);
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer);
hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer));
sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR);
strncpy(buffer, buffer2, sizeof(buffer) - 1);
buffer[sizeof(buffer) - 1] = '\0';
free(preplogin);
}
break;
case AUTH_DIGESTMD5:{
memset(buffer2, 0, sizeof(buffer2));
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL);
if (fooptr == NULL) {
free(buf);
return 3;
}
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
}
break;
case AUTH_SCRAMSHA1:{
/*client-first-message */
char clientfirstmessagebare[200];
char *preplogin;
int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
free(buf);
return 3;
}
snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin);
free(preplogin);
sprintf(buffer2, "n,,%.200s", clientfirstmessagebare);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
free(buf);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
free(buf);
return 1;
}
buf = hydra_receive_line(s);
if (buf == NULL)
return 1;
/* server now would ask for the password */
if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) {
char serverfirstmessage[200];
char *ptr = strstr(buf, CHALLENGE_STR);
if (!ptr)
@ -206,36 +106,132 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha
if ((chglen > 0) && (chglen < sizeof(buffer2))) {
strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen);
buffer2[chglen] = '\0';
memset(buffer, 0, sizeof(buffer));
from64tobits((char *)buffer, buffer2);
if (strstr(buffer, "assword") != NULL) {
strncpy(buffer2, pass, sizeof(buffer2) - 1);
buffer2[sizeof(buffer2) - 1] = '\0';
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
}
} else {
hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n");
free(buf);
return 1;
}
}
}
} break;
#ifdef LIBOPENSSL
case AUTH_PLAIN: {
memset(buffer2, 0, sizeof(buffer));
sasl_plain(buffer2, login, pass);
sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer);
/*server-first-message */
memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buffer2);
strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1);
serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0';
} break;
case AUTH_CRAMMD5: {
int32_t rc = 0;
char *preplogin;
memset(buffer2, 0, sizeof(buffer2));
fooptr = buffer2;
sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage);
if (fooptr == NULL) {
hydra_report(stderr, "[ERROR] Can't compute client response\n");
free(buf);
return 1;
}
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
memset(buffer2, 0, sizeof(buffer2));
sasl_cram_md5(buffer2, pass, buffer);
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
free(buf);
return 3;
}
sprintf(buffer, "%.200s %.250s", preplogin, buffer2);
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer);
hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer));
sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR);
strncpy(buffer, buffer2, sizeof(buffer) - 1);
buffer[sizeof(buffer) - 1] = '\0';
free(preplogin);
} break;
case AUTH_DIGESTMD5: {
memset(buffer2, 0, sizeof(buffer2));
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL);
if (fooptr == NULL) {
free(buf);
return 3;
}
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
} break;
case AUTH_SCRAMSHA1: {
/*client-first-message */
char clientfirstmessagebare[200];
char *preplogin;
int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
free(buf);
return 3;
}
snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin);
free(preplogin);
sprintf(buffer2, "n,,%.200s", clientfirstmessagebare);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
free(buf);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
buf = hydra_receive_line(s);
if (buf == NULL)
return 1;
if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) {
char serverfirstmessage[200];
char *ptr = strstr(buf, CHALLENGE_STR);
if (!ptr)
ptr = strstr(buf, CHALLENGE_STR2);
char *ptr_end = strstr(ptr, CHALLENGE_END_STR);
int32_t chglen = ptr_end - ptr - strlen(CHALLENGE_STR);
if ((chglen > 0) && (chglen < sizeof(buffer2))) {
strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen);
buffer2[chglen] = '\0';
} else {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not a valid server challenge\n");
hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n");
free(buf);
return 1;
}
/*server-first-message */
memset(buffer, 0, sizeof(buffer));
from64tobits((char *)buffer, buffer2);
strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1);
serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0';
memset(buffer2, 0, sizeof(buffer2));
fooptr = buffer2;
sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage);
if (fooptr == NULL) {
hydra_report(stderr, "[ERROR] Can't compute client response\n");
free(buf);
return 1;
}
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
} else {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not a valid server challenge\n");
free(buf);
return 1;
}
break;
} break;
#endif
ptr = 0;
}
@ -249,8 +245,9 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (buf == NULL)
return 1;
//we test the challenge tag as digest-md5 when connected is sending "rspauth" value
//so if we are receiving a second challenge we assume the auth is good
// we test the challenge tag as digest-md5 when connected is sending
// "rspauth" value so if we are receiving a second challenge we assume the
// auth is good
if ((strstr(buf, "<success") != NULL) || (strstr(buf, "<challenge ") != NULL)) {
hydra_report_found_host(port, ip, "xmpp", fp);
@ -278,29 +275,31 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha
return 3;
}
void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1, tls = 0;
char buffer[500], *buf = NULL;
int32_t myport = PORT_XMPP, mysslport = PORT_XMPP_SSL, disable_tls = 0;
char *enddomain = NULL;
//we have to pass the target here as the reverse dns resolution is not working for some servers
//try to extract only the domain name from the target
//so for o.nimbuzz.com will get nimbuzz.com
//and hermes.jabber.org will get jabber.org
// we have to pass the target here as the reverse dns resolution is not
// working for some servers try to extract only the domain name from the
// target so for o.nimbuzz.com will get nimbuzz.com and hermes.jabber.org will
// get jabber.org
domain = strchr(target, '.');
if (!domain) {
hydra_report(stderr, "[ERROR] can't extract the domain name, you have to specify a fqdn xmpp server, the domain name will be used in the jabber init request\n");
hydra_report(stderr, "[ERROR] can't extract the domain name, you have to "
"specify a fqdn xmpp server, the domain name will be "
"used in the jabber init request\n");
hydra_child_exit(1);
}
enddomain = strrchr(target, '.');
//check if target is not already a domain name aka only . char in the string
// check if target is not already a domain name aka only . char in the string
if (enddomain && (enddomain == domain)) {
domain = target;
} else {
//moving to pass the . char
// moving to pass the . char
domain = domain + 1;
}
@ -309,7 +308,7 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
@ -325,7 +324,7 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
memset(buffer, 0, sizeof(buffer));
@ -333,7 +332,7 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
hydra_child_exit(1);
}
//some server is longer to answer
// some server is longer to answer
usleepn(300);
do {
if ((buf = hydra_receive_line(sock)) == NULL) {
@ -351,7 +350,11 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha
if (strstr(buf, "<stream:error")) {
if (strstr(buf, "<host-unknown"))
hydra_report(stderr, "[ERROR] %s host unknown, you have to specify a fqdn xmpp server, the domain name will be used in the jabber init request : %s\n", domain, buf);
hydra_report(stderr,
"[ERROR] %s host unknown, you have to specify a fqdn "
"xmpp server, the domain name will be used in the "
"jabber init request : %s\n",
domain, buf);
else
hydra_report(stderr, "[ERROR] xmpp protocol : %s\n", buf);
free(buf);
@ -387,7 +390,7 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha
int32_t i;
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int32_t) miscptr[i]);
miscptr[i] = (char)toupper((int32_t)miscptr[i]);
if (strncmp(miscptr, "LOGIN", 5) == 0)
xmpp_auth_mechanism = AUTH_LOGIN;
@ -429,7 +432,7 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha
}
}
#ifdef LIBOPENSSL
//check if tls is not wanted and if tls is available
// check if tls is not wanted and if tls is available
if (!disable_tls && tls) {
char *STARTTLS = "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>";
@ -458,7 +461,7 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
hydra_child_exit(1);
}
//some server is longer to answer
// some server is longer to answer
usleepn(300);
buf = hydra_receive_line(sock);
if ((buf == NULL) || (strstr(buf, "<stream:stream") == NULL))
@ -469,10 +472,10 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha
#endif
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_xmpp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -485,13 +488,13 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha
}
}
int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -499,8 +502,9 @@ int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *mis
return 0;
}
void usage_xmpp(const char* service) {
void usage_xmpp(const char *service) {
printf("Module xmpp is optionally taking one authentication type of:\n"
" LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n"
"Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n");
"Note, the target passed should be a fdqn as the value is used in the "
"Jabber init request, example: hermes.jabber.org\n\n");
}

2143
hydra.c
View file

File diff suppressed because it is too large Load diff

266
hydra.h
View file

@ -2,200 +2,186 @@
#include <stdio.h>
#ifdef __sun
#include <sys/int_types.h>
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) || defined(__APPLE__)
#include <inttypes.h>
#include <inttypes.h>
#else
#include <stdint.h>
#include <stdint.h>
#endif
#if defined(_INTTYPES_H) || defined(__CLANG_INTTYPES_H)
#define hPRIu64 PRIu64
#define hPRIu64 PRIu64
#else
#define hPRIu64 "lu"
#define hPRIu64 "lu"
#endif
#include <string.h>
#include <stdarg.h>
#include <unistd.h>
#include <stdlib.h>
#include <signal.h>
#include <string.h>
#include <strings.h>
#include <time.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <arpa/inet.h>
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <fcntl.h>
#include <ctype.h>
#include <signal.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <errno.h>
#include <time.h>
#include <unistd.h>
#ifdef HAVE_OPENSSL
#define HYDRA_SSL
#define HYDRA_SSL
#endif
#ifdef HAVE_SSL
#ifndef HYDRA_SSL
#define HYDRA_SSL
#endif
#ifndef HYDRA_SSL
#define HYDRA_SSL
#endif
#endif
#ifdef LIBSSH
#include <libssh/libssh.h>
#include <libssh/libssh.h>
#endif
#ifdef HAVE_ZLIB
#include <zlib.h>
#include <zlib.h>
#endif
#define OPTION_SSL 1
#ifdef LIBOPENSSL
#ifndef NO_RSA_LEGACY
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
#define NO_RSA_LEGACY
#endif
#endif
#ifndef NO_RSA_LEGACY
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
#define NO_RSA_LEGACY
#endif
#endif
#endif
#define PORT_NOPORT -1
#define PORT_FTP 21
#define PORT_FTP_SSL 990
#define PORT_TELNET 23
#define PORT_TELNET_SSL 992
#define PORT_HTTP 80
#define PORT_HTTP_SSL 443
#define PORT_NOPORT -1
#define PORT_FTP 21
#define PORT_FTP_SSL 990
#define PORT_TELNET 23
#define PORT_TELNET_SSL 992
#define PORT_HTTP 80
#define PORT_HTTP_SSL 443
#define PORT_HTTP_PROXY 3128
#define PORT_HTTP_PROXY_SSL 3128
#define PORT_POP3 110
#define PORT_POP3_SSL 995
#define PORT_NNTP 119
#define PORT_NNTP_SSL 563
#define PORT_SMB 139
#define PORT_SMB_SSL 139
#define PORT_SMBNT 445
#define PORT_SMBNT_SSL 445
#define PORT_IMAP 143
#define PORT_IMAP_SSL 993
#define PORT_LDAP 389
#define PORT_LDAP_SSL 636
#define PORT_REXEC 512
#define PORT_REXEC_SSL 512
#define PORT_RLOGIN 513
#define PORT_RLOGIN_SSL 513
#define PORT_RSH 514
#define PORT_RSH_SSL 514
#define PORT_SOCKS5 1080
#define PORT_POP3 110
#define PORT_POP3_SSL 995
#define PORT_NNTP 119
#define PORT_NNTP_SSL 563
#define PORT_SMB 139
#define PORT_SMB_SSL 139
#define PORT_SMBNT 445
#define PORT_SMBNT_SSL 445
#define PORT_IMAP 143
#define PORT_IMAP_SSL 993
#define PORT_LDAP 389
#define PORT_LDAP_SSL 636
#define PORT_REXEC 512
#define PORT_REXEC_SSL 512
#define PORT_RLOGIN 513
#define PORT_RLOGIN_SSL 513
#define PORT_RSH 514
#define PORT_RSH_SSL 514
#define PORT_SOCKS5 1080
#define PORT_SOCKS5_SSL 1080
#define PORT_ICQ 4000
#define PORT_ICQ_SSL -1
#define PORT_VNC 5900
#define PORT_VNC_SSL 5901
#define PORT_PCNFS 0
#define PORT_PCNFS_SSL -1
#define PORT_MYSQL 3306
#define PORT_MYSQL_SSL 3306
#define PORT_MSSQL 1433
#define PORT_MSSQL_SSL 1433
#define PORT_POSTGRES 5432
#define PORT_ICQ 4000
#define PORT_ICQ_SSL -1
#define PORT_VNC 5900
#define PORT_VNC_SSL 5901
#define PORT_PCNFS 0
#define PORT_PCNFS_SSL -1
#define PORT_MYSQL 3306
#define PORT_MYSQL_SSL 3306
#define PORT_MSSQL 1433
#define PORT_MSSQL_SSL 1433
#define PORT_POSTGRES 5432
#define PORT_POSTGRES_SSL 5432
#define PORT_ORACLE 1521
#define PORT_ORACLE 1521
#define PORT_ORACLE_SSL 1521
#define PORT_PCANYWHERE 5631
#define PORT_PCANYWHERE_SSL 5631
#define PORT_ADAM6500 502
#define PORT_ADAM6500_SSL 502
#define PORT_SAPR3 -1
#define PORT_SAPR3_SSL -1
#define PORT_SSH 22
#define PORT_SSH_SSL 22
#define PORT_SNMP 161
#define PORT_SNMP_SSL 1993
#define PORT_CVS 2401
#define PORT_CVS_SSL 2401
#define PORT_FIREBIRD 3050
#define PORT_ADAM6500 502
#define PORT_ADAM6500_SSL 502
#define PORT_SAPR3 -1
#define PORT_SAPR3_SSL -1
#define PORT_SSH 22
#define PORT_SSH_SSL 22
#define PORT_SNMP 161
#define PORT_SNMP_SSL 1993
#define PORT_CVS 2401
#define PORT_CVS_SSL 2401
#define PORT_FIREBIRD 3050
#define PORT_FIREBIRD_SSL 3050
#define PORT_AFP 548
#define PORT_AFP_SSL 548
#define PORT_NCP 524
#define PORT_NCP_SSL 524
#define PORT_SVN 3690
#define PORT_SVN_SSL 3690
#define PORT_SMTP 25
#define PORT_AFP 548
#define PORT_AFP_SSL 548
#define PORT_NCP 524
#define PORT_NCP_SSL 524
#define PORT_SVN 3690
#define PORT_SVN_SSL 3690
#define PORT_SMTP 25
#define PORT_SMTP_SSL 465
#define PORT_TEAMSPEAK 8767
#define PORT_TEAMSPEAK 8767
#define PORT_TEAMSPEAK_SSL 8767
#define PORT_SIP 5060
#define PORT_SIP_SSL 5061
#define PORT_VMAUTHD 902
#define PORT_VMAUTHD_SSL 902
#define PORT_XMPP 5222
#define PORT_XMPP_SSL 5223
#define PORT_IRC 6667
#define PORT_IRC_SSL 6697
#define PORT_RDP 3389
#define PORT_RDP_SSL 3389
#define PORT_ASTERISK 5038
#define PORT_ASTERISK_SSL 5038
#define PORT_S7_300 102
#define PORT_S7_300_SSL 102
#define PORT_REDIS 6379
#define PORT_REDIS_SSL 6379
#define PORT_RTSP 554
#define PORT_RTSP_SSL 554
#define PORT_RPCAP 2002
#define PORT_RPCAP_SSL 2002
#define PORT_RADMIN2 4899
#define PORT_MCACHED 11211
#define PORT_MCACHED_SSL 11211
#define PORT_MONGODB 27017
#define PORT_SIP 5060
#define PORT_SIP_SSL 5061
#define PORT_VMAUTHD 902
#define PORT_VMAUTHD_SSL 902
#define PORT_XMPP 5222
#define PORT_XMPP_SSL 5223
#define PORT_IRC 6667
#define PORT_IRC_SSL 6697
#define PORT_RDP 3389
#define PORT_RDP_SSL 3389
#define PORT_ASTERISK 5038
#define PORT_ASTERISK_SSL 5038
#define PORT_S7_300 102
#define PORT_S7_300_SSL 102
#define PORT_REDIS 6379
#define PORT_REDIS_SSL 6379
#define PORT_RTSP 554
#define PORT_RTSP_SSL 554
#define PORT_RPCAP 2002
#define PORT_RPCAP_SSL 2002
#define PORT_RADMIN2 4899
#define PORT_MCACHED 11211
#define PORT_MCACHED_SSL 11211
#define PORT_MONGODB 27017
#define False 0
#define True 1
#define True 1
#ifndef INET_ADDRSTRLEN
#define INET_ADDRSTRLEN 16
#define INET_ADDRSTRLEN 16
#endif
#define MAX_PROXY_COUNT 64
#ifndef _WIN32
int32_t sleepn(time_t seconds);
int32_t usleepn(uint64_t useconds);
int32_t sleepn(time_t seconds);
int32_t usleepn(uint64_t useconds);
#else
int32_t sleepn(uint32_t seconds);
int32_t usleepn(uint32_t useconds);
int32_t sleepn(uint32_t seconds);
int32_t usleepn(uint32_t useconds);
#endif
typedef enum {
MODE_PASSWORD_LIST = 1,
MODE_LOGIN_LIST = 2,
MODE_PASSWORD_BRUTE = 4,
MODE_PASSWORD_REVERSE = 8,
MODE_PASSWORD_NULL = 16,
MODE_PASSWORD_SAME = 32,
MODE_COLON_FILE = 64
} hydra_mode_t;
typedef enum { MODE_PASSWORD_LIST = 1, MODE_LOGIN_LIST = 2, MODE_PASSWORD_BRUTE = 4, MODE_PASSWORD_REVERSE = 8, MODE_PASSWORD_NULL = 16, MODE_PASSWORD_SAME = 32, MODE_COLON_FILE = 64 } hydra_mode_t;
typedef enum {
FORMAT_PLAIN_TEXT,
FORMAT_JSONV1,
FORMAT_JSONV2,
FORMAT_XMLV1
} output_format_t;
typedef enum { FORMAT_PLAIN_TEXT, FORMAT_JSONV1, FORMAT_JSONV2, FORMAT_XMLV1 } output_format_t;
typedef struct {
hydra_mode_t mode;
int32_t loop_mode; // valid modes: 0 = password, 1 = user
int32_t loop_mode; // valid modes: 0 = password, 1 = user
int32_t ssl;
int32_t restore;
int32_t debug; // is external - for restore
int32_t verbose; // is external - for restore
int32_t debug; // is external - for restore
int32_t verbose; // is external - for restore
int32_t showAttempt;
int32_t tasks;
int32_t try_null_password;
@ -213,9 +199,9 @@ typedef struct {
char *outfile_ptr;
char *infile_ptr;
char *colonfile;
int32_t waittime; // is external - for restore
int32_t conwait; // is external - for restore
uint32_t port; // is external - for restore
int32_t waittime; // is external - for restore
int32_t conwait; // is external - for restore
uint32_t port; // is external - for restore
char *miscptr;
char *server;
char *service;

436
libpq-fe.h
View file

@ -35,81 +35,81 @@ extern "C" {
/* Application-visible enum types */
typedef enum {
/*
* Although it is okay to add to this list, values which become unused
* should never be removed, nor should constants be redefined - that
* would break compatibility with existing code.
*/
CONNECTION_OK,
CONNECTION_BAD,
/* Non-blocking mode only below here */
typedef enum {
/*
* Although it is okay to add to this list, values which become unused
* should never be removed, nor should constants be redefined - that
* would break compatibility with existing code.
*/
CONNECTION_OK,
CONNECTION_BAD,
/* Non-blocking mode only below here */
/*
* The existence of these should never be relied upon - they should
* only be used for user feedback or similar purposes.
*/
CONNECTION_STARTED, /* Waiting for connection to be made. */
CONNECTION_MADE, /* Connection OK; waiting to send. */
CONNECTION_AWAITING_RESPONSE, /* Waiting for a response from the
* postmaster. */
CONNECTION_AUTH_OK, /* Received authentication; waiting for
/*
* The existence of these should never be relied upon - they should
* only be used for user feedback or similar purposes.
*/
CONNECTION_STARTED, /* Waiting for connection to be made. */
CONNECTION_MADE, /* Connection OK; waiting to send. */
CONNECTION_AWAITING_RESPONSE, /* Waiting for a response from the
* postmaster. */
CONNECTION_AUTH_OK, /* Received authentication; waiting for
* backend startup. */
CONNECTION_SETENV, /* Negotiating environment. */
CONNECTION_SSL_STARTUP, /* Negotiating SSL. */
CONNECTION_NEEDED /* Internal state: connect() needed */
} ConnStatusType;
CONNECTION_SETENV, /* Negotiating environment. */
CONNECTION_SSL_STARTUP, /* Negotiating SSL. */
CONNECTION_NEEDED /* Internal state: connect() needed */
} ConnStatusType;
typedef enum {
PGRES_POLLING_FAILED = 0,
PGRES_POLLING_READING, /* These two indicate that one may */
PGRES_POLLING_WRITING, /* use select before polling again. */
PGRES_POLLING_OK,
PGRES_POLLING_ACTIVE /* unused; keep for awhile for backwards
* compatibility */
} PostgresPollingStatusType;
typedef enum {
PGRES_POLLING_FAILED = 0,
PGRES_POLLING_READING, /* These two indicate that one may */
PGRES_POLLING_WRITING, /* use select before polling again. */
PGRES_POLLING_OK,
PGRES_POLLING_ACTIVE /* unused; keep for awhile for backwards
* compatibility */
} PostgresPollingStatusType;
typedef enum {
PGRES_EMPTY_QUERY = 0, /* empty query string was executed */
PGRES_COMMAND_OK, /* a query command that doesn't return
* anything was executed properly by the
* backend */
PGRES_TUPLES_OK, /* a query command that returns tuples was
* executed properly by the backend,
* PGresult contains the result tuples */
PGRES_COPY_OUT, /* Copy Out data transfer in progress */
PGRES_COPY_IN, /* Copy In data transfer in progress */
PGRES_BAD_RESPONSE, /* an unexpected response was recv'd from
* the backend */
PGRES_NONFATAL_ERROR, /* notice or warning message */
PGRES_FATAL_ERROR /* query failed */
} ExecStatusType;
typedef enum {
PGRES_EMPTY_QUERY = 0, /* empty query string was executed */
PGRES_COMMAND_OK, /* a query command that doesn't return
* anything was executed properly by the
* backend */
PGRES_TUPLES_OK, /* a query command that returns tuples was
* executed properly by the backend,
* PGresult contains the result tuples */
PGRES_COPY_OUT, /* Copy Out data transfer in progress */
PGRES_COPY_IN, /* Copy In data transfer in progress */
PGRES_BAD_RESPONSE, /* an unexpected response was recv'd from
* the backend */
PGRES_NONFATAL_ERROR, /* notice or warning message */
PGRES_FATAL_ERROR /* query failed */
} ExecStatusType;
typedef enum {
PQTRANS_IDLE, /* connection idle */
PQTRANS_ACTIVE, /* command in progress */
PQTRANS_INTRANS, /* idle, within transaction block */
PQTRANS_INERROR, /* idle, within failed transaction */
PQTRANS_UNKNOWN /* cannot determine status */
} PGTransactionStatusType;
typedef enum {
PQTRANS_IDLE, /* connection idle */
PQTRANS_ACTIVE, /* command in progress */
PQTRANS_INTRANS, /* idle, within transaction block */
PQTRANS_INERROR, /* idle, within failed transaction */
PQTRANS_UNKNOWN /* cannot determine status */
} PGTransactionStatusType;
typedef enum {
PQERRORS_TERSE, /* single-line error messages */
PQERRORS_DEFAULT, /* recommended style */
PQERRORS_VERBOSE /* all the facts, ma'am */
} PGVerbosity;
typedef enum {
PQERRORS_TERSE, /* single-line error messages */
PQERRORS_DEFAULT, /* recommended style */
PQERRORS_VERBOSE /* all the facts, ma'am */
} PGVerbosity;
/* PGconn encapsulates a connection to the backend.
* The contents of this struct are not supposed to be known to applications.
*/
typedef struct pg_conn PGconn;
typedef struct pg_conn PGconn;
/* PGresult encapsulates the result of a query (or more precisely, of a single
* SQL command --- a query string given to PQsendQuery can contain multiple
* commands and thus return multiple PGresult objects).
* The contents of this struct are not supposed to be known to applications.
*/
typedef struct pg_result PGresult;
typedef struct pg_result PGresult;
/* PGnotify represents the occurrence of a NOTIFY message.
* Ideally this would be an opaque typedef, but it's so simple that it's
@ -117,33 +117,33 @@ extern "C" {
* NOTE: in Postgres 6.4 and later, the be_pid is the notifying backend's,
* whereas in earlier versions it was always your own backend's PID.
*/
typedef struct pgNotify {
char *relname; /* notification condition name */
int32_t be_pid; /* process ID of server process */
char *extra; /* notification parameter */
} PGnotify;
typedef struct pgNotify {
char *relname; /* notification condition name */
int32_t be_pid; /* process ID of server process */
char *extra; /* notification parameter */
} PGnotify;
/* Function types for notice-handling callbacks */
typedef void (*PQnoticeReceiver) (void *arg, const PGresult * res);
typedef void (*PQnoticeProcessor) (void *arg, const char *message);
typedef void (*PQnoticeReceiver)(void *arg, const PGresult *res);
typedef void (*PQnoticeProcessor)(void *arg, const char *message);
/* Print options for PQprint() */
typedef char pqbool;
typedef char pqbool;
typedef struct _PQprintOpt {
pqbool header; /* print output field headings and row
* count */
pqbool align; /* fill align the fields */
pqbool standard; /* old brain dead format */
pqbool html3; /* output html tables */
pqbool expanded; /* expand tables */
pqbool pager; /* use pager for output if needed */
char *fieldSep; /* field separator */
char *tableOpt; /* insert to HTML <table ...> */
char *caption; /* HTML <caption> */
char **fieldName; /* null terminated array of repalcement
* field names */
} PQprintOpt;
typedef struct _PQprintOpt {
pqbool header; /* print output field headings and row
* count */
pqbool align; /* fill align the fields */
pqbool standard; /* old brain dead format */
pqbool html3; /* output html tables */
pqbool expanded; /* expand tables */
pqbool pager; /* use pager for output if needed */
char *fieldSep; /* field separator */
char *tableOpt; /* insert to HTML <table ...> */
char *caption; /* HTML <caption> */
char **fieldName; /* null terminated array of repalcement
* field names */
} PQprintOpt;
/* ----------------
* Structure for the conninfo parameter definitions returned by PQconndefaults
@ -153,32 +153,32 @@ extern "C" {
* will release both the val strings and the PQconninfoOption array itself.
* ----------------
*/
typedef struct _PQconninfoOption {
char *keyword; /* The keyword of the option */
char *envvar; /* Fallback environment variable name */
char *compiled; /* Fallback compiled in default value */
char *val; /* Option's current value, or NULL */
char *label; /* Label for field in connect dialog */
char *dispchar; /* Character to display for this field in
* a connect dialog. Values are: ""
* Display entered value as is "*"
* Password field - hide value "D" Debug
* option - don't show by default */
int32_t dispsize; /* Field size in characters for dialog */
} PQconninfoOption;
typedef struct _PQconninfoOption {
char *keyword; /* The keyword of the option */
char *envvar; /* Fallback environment variable name */
char *compiled; /* Fallback compiled in default value */
char *val; /* Option's current value, or NULL */
char *label; /* Label for field in connect dialog */
char *dispchar; /* Character to display for this field in
* a connect dialog. Values are: ""
* Display entered value as is "*"
* Password field - hide value "D" Debug
* option - don't show by default */
int32_t dispsize; /* Field size in characters for dialog */
} PQconninfoOption;
/* ----------------
* PQArgBlock -- structure for PQfn() arguments
* ----------------
*/
typedef struct {
int32_t len;
int32_t isint;
union {
int32_t *ptr; /* can't use void (dec compiler barfs) */
int32_t integer;
} u;
} PQArgBlock;
typedef struct {
int32_t len;
int32_t isint;
union {
int32_t *ptr; /* can't use void (dec compiler barfs) */
int32_t integer;
} u;
} PQArgBlock;
/* ----------------
* Exported functions of libpq
@ -190,24 +190,23 @@ extern "C" {
/* make a new client connection to the backend */
/* Asynchronous (non-blocking) */
extern PGconn *PQconnectStart(const char *conninfo);
extern PostgresPollingStatusType PQconnectPoll(PGconn * conn);
extern PGconn *PQconnectStart(const char *conninfo);
extern PostgresPollingStatusType PQconnectPoll(PGconn *conn);
/* Synchronous (blocking) */
extern PGconn *PQconnectdb(const char *conninfo);
extern PGconn *PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd);
extern PGconn *PQconnectdb(const char *conninfo);
extern PGconn *PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd);
#define PQsetdb(M_PGHOST,M_PGPORT,M_PGOPT,M_PGTTY,M_DBNAME) \
PQsetdbLogin(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME, NULL, NULL)
#define PQsetdb(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME) PQsetdbLogin(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME, NULL, NULL)
/* close the current connection and free the PGconn data structure */
extern void PQfinish(PGconn * conn);
extern void PQfinish(PGconn *conn);
/* get info about connection options known to PQconnectdb */
extern PQconninfoOption *PQconndefaults(void);
extern PQconninfoOption *PQconndefaults(void);
/* free the data structure returned by PQconndefaults() */
extern void PQconninfoFree(PQconninfoOption * connOptions);
extern void PQconninfoFree(PQconninfoOption *connOptions);
/*
* close the current connection and restablish a new one with the same
@ -215,130 +214,124 @@ extern "C" {
*/
/* Asynchronous (non-blocking) */
extern int32_t PQresetStart(PGconn * conn);
extern PostgresPollingStatusType PQresetPoll(PGconn * conn);
extern int32_t PQresetStart(PGconn *conn);
extern PostgresPollingStatusType PQresetPoll(PGconn *conn);
/* Synchronous (blocking) */
extern void PQreset(PGconn * conn);
extern void PQreset(PGconn *conn);
/* issue a cancel request */
extern int32_t PQrequestCancel(PGconn * conn);
extern int32_t PQrequestCancel(PGconn *conn);
/* Accessor functions for PGconn objects */
extern char *PQdb(const PGconn * conn);
extern char *PQuser(const PGconn * conn);
extern char *PQpass(const PGconn * conn);
extern char *PQhost(const PGconn * conn);
extern char *PQport(const PGconn * conn);
extern char *PQtty(const PGconn * conn);
extern char *PQoptions(const PGconn * conn);
extern ConnStatusType PQstatus(const PGconn * conn);
extern PGTransactionStatusType PQtransactionStatus(const PGconn * conn);
extern const char *PQparameterStatus(const PGconn * conn, const char *paramName);
extern int32_t PQprotocolVersion(const PGconn * conn);
extern char *PQerrorMessage(const PGconn * conn);
extern int32_t PQsocket(const PGconn * conn);
extern int32_t PQbackendPID(const PGconn * conn);
extern int32_t PQclientEncoding(const PGconn * conn);
extern int32_t PQsetClientEncoding(PGconn * conn, const char *encoding);
extern char *PQdb(const PGconn *conn);
extern char *PQuser(const PGconn *conn);
extern char *PQpass(const PGconn *conn);
extern char *PQhost(const PGconn *conn);
extern char *PQport(const PGconn *conn);
extern char *PQtty(const PGconn *conn);
extern char *PQoptions(const PGconn *conn);
extern ConnStatusType PQstatus(const PGconn *conn);
extern PGTransactionStatusType PQtransactionStatus(const PGconn *conn);
extern const char *PQparameterStatus(const PGconn *conn, const char *paramName);
extern int32_t PQprotocolVersion(const PGconn *conn);
extern char *PQerrorMessage(const PGconn *conn);
extern int32_t PQsocket(const PGconn *conn);
extern int32_t PQbackendPID(const PGconn *conn);
extern int32_t PQclientEncoding(const PGconn *conn);
extern int32_t PQsetClientEncoding(PGconn *conn, const char *encoding);
#ifdef USE_SSL
/* Get the SSL structure associated with a connection */
extern SSL *PQgetssl(PGconn * conn);
extern SSL *PQgetssl(PGconn *conn);
#endif
/* Set verbosity for PQerrorMessage and PQresultErrorMessage */
extern PGVerbosity PQsetErrorVerbosity(PGconn * conn, PGVerbosity verbosity);
extern PGVerbosity PQsetErrorVerbosity(PGconn *conn, PGVerbosity verbosity);
/* Enable/disable tracing */
extern void PQtrace(PGconn * conn, FILE * debug_port);
extern void PQuntrace(PGconn * conn);
extern void PQtrace(PGconn *conn, FILE *debug_port);
extern void PQuntrace(PGconn *conn);
/* Override default notice handling routines */
extern PQnoticeReceiver PQsetNoticeReceiver(PGconn * conn, PQnoticeReceiver proc, void *arg);
extern PQnoticeProcessor PQsetNoticeProcessor(PGconn * conn, PQnoticeProcessor proc, void *arg);
extern PQnoticeReceiver PQsetNoticeReceiver(PGconn *conn, PQnoticeReceiver proc, void *arg);
extern PQnoticeProcessor PQsetNoticeProcessor(PGconn *conn, PQnoticeProcessor proc, void *arg);
/* === in fe-exec.c === */
/* Simple synchronous query */
extern PGresult *PQexec(PGconn * conn, const char *query);
extern PGresult *PQexecParams(PGconn * conn,
const char *command,
int32_t nParams, const Oid * paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
extern PGresult *PQexecPrepared(PGconn * conn,
const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
extern PGresult *PQexec(PGconn *conn, const char *query);
extern PGresult *PQexecParams(PGconn *conn, const char *command, int32_t nParams, const Oid *paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
extern PGresult *PQexecPrepared(PGconn *conn, const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
/* Interface for multiple-result or asynchronous queries */
extern int32_t PQsendQuery(PGconn * conn, const char *query);
extern int32_t PQsendQueryParams(PGconn * conn,
const char *command,
int32_t nParams, const Oid * paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
extern int32_t PQsendQueryPrepared(PGconn * conn,
const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
extern PGresult *PQgetResult(PGconn * conn);
extern int32_t PQsendQuery(PGconn *conn, const char *query);
extern int32_t PQsendQueryParams(PGconn *conn, const char *command, int32_t nParams, const Oid *paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
extern int32_t PQsendQueryPrepared(PGconn *conn, const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
extern PGresult *PQgetResult(PGconn *conn);
/* Routines for managing an asynchronous query */
extern int32_t PQisBusy(PGconn * conn);
extern int32_t PQconsumeInput(PGconn * conn);
extern int32_t PQisBusy(PGconn *conn);
extern int32_t PQconsumeInput(PGconn *conn);
/* LISTEN/NOTIFY support */
extern PGnotify *PQnotifies(PGconn * conn);
extern PGnotify *PQnotifies(PGconn *conn);
/* Routines for copy in/out */
extern int32_t PQputCopyData(PGconn * conn, const char *buffer, int32_t nbytes);
extern int32_t PQputCopyEnd(PGconn * conn, const char *errormsg);
extern int32_t PQgetCopyData(PGconn * conn, char **buffer, int32_t async);
extern int32_t PQputCopyData(PGconn *conn, const char *buffer, int32_t nbytes);
extern int32_t PQputCopyEnd(PGconn *conn, const char *errormsg);
extern int32_t PQgetCopyData(PGconn *conn, char **buffer, int32_t async);
/* Deprecated routines for copy in/out */
extern int32_t PQgetline(PGconn * conn, char *string, int32_t length);
extern int32_t PQputline(PGconn * conn, const char *string);
extern int32_t PQgetlineAsync(PGconn * conn, char *buffer, int32_t bufsize);
extern int32_t PQputnbytes(PGconn * conn, const char *buffer, int32_t nbytes);
extern int32_t PQendcopy(PGconn * conn);
extern int32_t PQgetline(PGconn *conn, char *string, int32_t length);
extern int32_t PQputline(PGconn *conn, const char *string);
extern int32_t PQgetlineAsync(PGconn *conn, char *buffer, int32_t bufsize);
extern int32_t PQputnbytes(PGconn *conn, const char *buffer, int32_t nbytes);
extern int32_t PQendcopy(PGconn *conn);
/* Set blocking/nonblocking connection to the backend */
extern int32_t PQsetnonblocking(PGconn * conn, int32_t arg);
extern int32_t PQisnonblocking(const PGconn * conn);
extern int32_t PQsetnonblocking(PGconn *conn, int32_t arg);
extern int32_t PQisnonblocking(const PGconn *conn);
/* Force the write buffer to be written (or at least try) */
extern int32_t PQflush(PGconn * conn);
extern int32_t PQflush(PGconn *conn);
/*
* "Fast path" interface --- not really recommended for application
* use
*/
extern PGresult *PQfn(PGconn * conn, int32_t fnid, int32_t *result_buf, int32_t *result_len, int32_t result_is_int, const PQArgBlock * args, int32_t nargs);
extern PGresult *PQfn(PGconn *conn, int32_t fnid, int32_t *result_buf, int32_t *result_len, int32_t result_is_int, const PQArgBlock *args, int32_t nargs);
/* Accessor functions for PGresult objects */
extern ExecStatusType PQresultStatus(const PGresult * res);
extern char *PQresStatus(ExecStatusType status);
extern char *PQresultErrorMessage(const PGresult * res);
extern char *PQresultErrorField(const PGresult * res, int32_t fieldcode);
extern int32_t PQntuples(const PGresult * res);
extern int32_t PQnfields(const PGresult * res);
extern int32_t PQbinaryTuples(const PGresult * res);
extern char *PQfname(const PGresult * res, int32_t field_num);
extern int32_t PQfnumber(const PGresult * res, const char *field_name);
extern Oid PQftable(const PGresult * res, int32_t field_num);
extern int32_t PQftablecol(const PGresult * res, int32_t field_num);
extern int32_t PQfformat(const PGresult * res, int32_t field_num);
extern Oid PQftype(const PGresult * res, int32_t field_num);
extern int32_t PQfsize(const PGresult * res, int32_t field_num);
extern int32_t PQfmod(const PGresult * res, int32_t field_num);
extern char *PQcmdStatus(PGresult * res);
extern char *PQoidStatus(const PGresult * res); /* old and ugly */
extern Oid PQoidValue(const PGresult * res); /* new and improved */
extern char *PQcmdTuples(PGresult * res);
extern char *PQgetvalue(const PGresult * res, int32_t tup_num, int32_t field_num);
extern int32_t PQgetlength(const PGresult * res, int32_t tup_num, int32_t field_num);
extern int32_t PQgetisnull(const PGresult * res, int32_t tup_num, int32_t field_num);
extern ExecStatusType PQresultStatus(const PGresult *res);
extern char *PQresStatus(ExecStatusType status);
extern char *PQresultErrorMessage(const PGresult *res);
extern char *PQresultErrorField(const PGresult *res, int32_t fieldcode);
extern int32_t PQntuples(const PGresult *res);
extern int32_t PQnfields(const PGresult *res);
extern int32_t PQbinaryTuples(const PGresult *res);
extern char *PQfname(const PGresult *res, int32_t field_num);
extern int32_t PQfnumber(const PGresult *res, const char *field_name);
extern Oid PQftable(const PGresult *res, int32_t field_num);
extern int32_t PQftablecol(const PGresult *res, int32_t field_num);
extern int32_t PQfformat(const PGresult *res, int32_t field_num);
extern Oid PQftype(const PGresult *res, int32_t field_num);
extern int32_t PQfsize(const PGresult *res, int32_t field_num);
extern int32_t PQfmod(const PGresult *res, int32_t field_num);
extern char *PQcmdStatus(PGresult *res);
extern char *PQoidStatus(const PGresult *res); /* old and ugly */
extern Oid PQoidValue(const PGresult *res); /* new and improved */
extern char *PQcmdTuples(PGresult *res);
extern char *PQgetvalue(const PGresult *res, int32_t tup_num, int32_t field_num);
extern int32_t PQgetlength(const PGresult *res, int32_t tup_num, int32_t field_num);
extern int32_t PQgetisnull(const PGresult *res, int32_t tup_num, int32_t field_num);
/* Delete a PGresult */
extern void PQclear(PGresult * res);
extern void PQclear(PGresult *res);
/* For freeing other alloc'd results, such as PGnotify structs */
extern void PQfreemem(void *ptr);
extern void PQfreemem(void *ptr);
/* Exists for backward compatibility. bjm 2003-03-24 */
#define PQfreeNotify(ptr) PQfreemem(ptr)
@ -348,63 +341,56 @@ extern "C" {
* useful). If conn is not NULL and status indicates an error, the
* conn's errorMessage is copied.
*/
extern PGresult *PQmakeEmptyPGresult(PGconn * conn, ExecStatusType status);
extern PGresult *PQmakeEmptyPGresult(PGconn *conn, ExecStatusType status);
/* Quoting strings before inclusion in queries. */
extern size_t PQescapeString(char *to, const char *from, size_t length);
extern unsigned char *PQescapeBytea(const unsigned char *bintext, size_t binlen, size_t * bytealen);
extern unsigned char *PQunescapeBytea(const unsigned char *strtext, size_t * retbuflen);
extern size_t PQescapeString(char *to, const char *from, size_t length);
extern unsigned char *PQescapeBytea(const unsigned char *bintext, size_t binlen, size_t *bytealen);
extern unsigned char *PQunescapeBytea(const unsigned char *strtext, size_t *retbuflen);
/* === in fe-print.c === */
extern void
PQprint(FILE * fout, /* output stream */
const PGresult * res, const PQprintOpt * ps); /* option structure */
extern void PQprint(FILE *fout, /* output stream */
const PGresult *res, const PQprintOpt *ps); /* option structure */
/*
* really old printing routines
*/
extern void
PQdisplayTuples(const PGresult * res, FILE * fp, /* where to send the output */
int32_t fillAlign, /* pad the fields with spaces */
const char *fieldSep, /* field separator */
int32_t printHeader, /* display headers? */
int32_t quiet);
extern void
PQprintTuples(const PGresult * res, FILE * fout, /* output stream */
int32_t printAttName, /* print attribute names */
int32_t terseOutput, /* delimiter bars */
int32_t width); /* width of column, if 0, use variable
* width */
extern void PQdisplayTuples(const PGresult *res, FILE *fp, /* where to send the output */
int32_t fillAlign, /* pad the fields with spaces */
const char *fieldSep, /* field separator */
int32_t printHeader, /* display headers? */
int32_t quiet);
extern void PQprintTuples(const PGresult *res, FILE *fout, /* output stream */
int32_t printAttName, /* print attribute names */
int32_t terseOutput, /* delimiter bars */
int32_t width); /* width of column, if 0, use variable
* width */
/* === in fe-lobj.c === */
/* Large-object access routines */
extern int32_t lo_open(PGconn * conn, Oid lobjId, int32_t mode);
extern int32_t lo_close(PGconn * conn, int32_t fd);
extern int32_t lo_read(PGconn * conn, int32_t fd, char *buf, size_t len);
extern int32_t lo_write(PGconn * conn, int32_t fd, char *buf, size_t len);
extern int32_t lo_lseek(PGconn * conn, int32_t fd, int32_t offset, int32_t whence);
extern Oid lo_creat(PGconn * conn, int32_t mode);
extern int32_t lo_tell(PGconn * conn, int32_t fd);
extern int32_t lo_unlink(PGconn * conn, Oid lobjId);
extern Oid lo_import(PGconn * conn, const char *filename);
extern int32_t lo_export(PGconn * conn, Oid lobjId, const char *filename);
extern int32_t lo_open(PGconn *conn, Oid lobjId, int32_t mode);
extern int32_t lo_close(PGconn *conn, int32_t fd);
extern int32_t lo_read(PGconn *conn, int32_t fd, char *buf, size_t len);
extern int32_t lo_write(PGconn *conn, int32_t fd, char *buf, size_t len);
extern int32_t lo_lseek(PGconn *conn, int32_t fd, int32_t offset, int32_t whence);
extern Oid lo_creat(PGconn *conn, int32_t mode);
extern int32_t lo_tell(PGconn *conn, int32_t fd);
extern int32_t lo_unlink(PGconn *conn, Oid lobjId);
extern Oid lo_import(PGconn *conn, const char *filename);
extern int32_t lo_export(PGconn *conn, Oid lobjId, const char *filename);
/* === in fe-misc.c === */
/* Determine length of multibyte encoded char at *s */
extern int32_t PQmblen(const unsigned char *s, int32_t encoding);
extern int32_t PQmblen(const unsigned char *s, int32_t encoding);
/* Get encoding id from environment variable PGCLIENTENCODING */
extern int32_t PQenv2encoding(void);
extern int32_t PQenv2encoding(void);
#ifdef __cplusplus
}
#endif
#endif /* LIBPQ_FE_H */
#endif /* LIBPQ_FE_H */

707
ntlm.c
View file

File diff suppressed because it is too large Load diff

99
ntlm.h
View file

@ -2,75 +2,78 @@
Single file NTLM system to create and parse authentication messages.
http://www.reversing.org
ilo-- ilo@reversing.org
ilo-- ilo@reversing.org
I did copy&paste&modify several files to leave independent NTLM code
that compile in cygwin/linux environment. Most of the code was ripped
I did copy&paste&modify several files to leave independent NTLM code
that compile in cygwin/linux environment. Most of the code was ripped
from Samba implementation so I left the Copying statement. Samba core
code was left unmodified from 1.9 version.
Also libntlm was ripped but rewrote, due to fixed and useless interface.
Copyright and licensing information is in ntlm.c file.
NTLM Interface, just two functions:
NTLM Interface, just two functions:
void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain);
if flags is 0 minimun security level is selected, otherwise new value superseeds.
host and domain are optional, they may be NULLed.
void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host,
char *domain); if flags is 0 minimun security level is selected, otherwise
new value superseeds. host and domain are optional, they may be NULLed.
void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domain, char *host);
void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse
*response, long flags, char *user, char *password, char *domain, char *host);
Given a challenge, generates a response for that user/passwd/host/domain.
flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication
flags, host, and domain superseeds given by server. Leave 0 and NULL for
server authentication
This is an usage sample:
This is an usage sample:
...
//beware of fixed sized buffer, asserts may fail, don't use long strings :)
//Yes, I Know, year 2k6 and still with this shit..
unsigned char buf[4096];
unsigned char buf2[4096];
...
//beware of fixed sized buffer, asserts may fail, don't use long
strings :)
//Yes, I Know, year 2k6 and still with this shit..
unsigned char buf[4096];
unsigned char buf2[4096];
//send auth request: let the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest*)buf2,0,NULL,NULL);
to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthRequest*)buf2));
send_to_server(buf);
//send auth request: let the server send it's own hostname and
domainname buildAuthRequest((tSmbNtlmAuthRequest*)buf2,0,NULL,NULL);
to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthRequest*)buf2));
send_to_server(buf);
//receive challenge
receive_from_server(buf);
//receive challenge
receive_from_server(buf);
//build response with hostname and domainname from server
buildAuthResponse((tSmbNtlmAuthChallenge*)buf,(tSmbNtlmAuthResponse*)buf2,0,"username","password",NULL,NULL);
to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthResponse*)buf2));
send_to_server(buf);
//build response with hostname and domainname from server
buildAuthResponse((tSmbNtlmAuthChallenge*)buf,(tSmbNtlmAuthResponse*)buf2,0,"username","password",NULL,NULL);
to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthResponse*)buf2));
send_to_server(buf);
//get reply and Check if ok
...
//get reply and Check if ok
...
included bonus!!:
Base64 code
int32_t from64tobits(char *out, const char *in);
void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen);
void to64frombits(unsigned char *out, const unsigned char *in, int32_t
inlen);
You don't need to read the rest of the file.
You don't need to read the rest of the file.
*/
/*
/*
* These structures are byte-order dependant, and should not
* be manipulated except by the use of the routines provided
*/
#ifdef __sun
#include <sys/int_types.h>
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#include <inttypes.h>
#else
#include <stdint.h>
#include <stdint.h>
#endif
typedef unsigned short uint16;
@ -105,7 +108,6 @@ typedef struct {
uint32 bufIndex;
} tSmbNtlmAuthChallenge;
typedef struct {
char ident[8];
uint32 msgType;
@ -120,34 +122,33 @@ typedef struct {
uint32 bufIndex;
} tSmbNtlmAuthResponse;
extern void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain);
extern void buildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain);
/* reversing interface */
/* ntlm functions */
void BuildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain);
void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain);
// if flags is 0 minimun security level is selected, otherwise new value superseeds.
// host and domain are optional, they may be NULLed.
// if flags is 0 minimun security level is selected, otherwise new value
// superseeds. host and domain are optional, they may be NULLed.
void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domain, char *host);
void buildAuthResponse(tSmbNtlmAuthChallenge * challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domain, char *host);
//Given a challenge, generates a response for that user/passwd/host/domain.
//flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication
// Given a challenge, generates a response for that user/passwd/host/domain.
// flags, host, and domain superseeds given by server. Leave 0 and NULL for
// server authentication
/* Base64 code*/
int32_t from64tobits(char *out, const char *in);
void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen);
void xor(char *out, char *in1, char *in2, int32_t n);
void xor (char *out, char *in1, char *in2, int32_t n);
// info functions
void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request);
void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge);
void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response);
void dumpAuthRequest(FILE *fp, tSmbNtlmAuthRequest *request);
void dumpAuthChallenge(FILE *fp, tSmbNtlmAuthChallenge *challenge);
void dumpAuthResponse(FILE *fp, tSmbNtlmAuthResponse *response);
void strupper(char *s);
#define SmbLength(ptr) (((ptr)->buffer - (uint8*)(ptr)) + (ptr)->bufIndex)
#define SmbLength(ptr) (((ptr)->buffer - (uint8 *)(ptr)) + (ptr)->bufIndex)

20
performance.h
View file

@ -1,13 +1,13 @@
#include <unistd.h>
#include <netdb.h>
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#include <sys/select.h>
#include <sys/time.h>
#include <sys/types.h>
#include <fcntl.h>
#include <unistd.h>
/* handles select errors */
int32_t my_select(int32_t fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec) {
int32_t my_select(int32_t fd, fd_set *fdread, fd_set *fdwrite, fd_set *fdex, long sec, long usec) {
int32_t ret_val;
struct timeval stv;
fd_set *fdr2, *fdw2, *fde2;
@ -18,10 +18,12 @@ int32_t my_select(int32_t fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex,
fde2 = fdex;
stv.tv_sec = sec;
stv.tv_usec = usec;
if (debug > 1) printf("before select\n");
if (debug > 1)
printf("before select\n");
ret_val = select(fd, fdr2, fdw2, fde2, &stv);
if (debug > 1) printf("after select\n");
/* XXX select() sometimes returns errno=EINTR (signal found) */
if (debug > 1)
printf("after select\n");
/* XXX select() sometimes returns errno=EINTR (signal found) */
} while (ret_val == -1 && errno == EINTR);
return ret_val;
@ -43,7 +45,7 @@ ssize_t read_safe(int32_t fd, void *buffer, size_t len) {
tv.tv_sec = 0;
tv.tv_usec = 250000;
ret = select(fd + 1, &fr, 0, 0, &tv);
/* XXX select() sometimes return errno=EINTR (signal found) */
/* XXX select() sometimes return errno=EINTR (signal found) */
} while (ret == -1 && errno == EINTR);
if (ret < 0) {
@ -55,7 +57,7 @@ ssize_t read_safe(int32_t fd, void *buffer, size_t len) {
}
if (ret > 0) {
while ((r = read(fd, (char*) ((char*)buffer + total), toread))) {
while ((r = read(fd, (char *)((char *)buffer + total), toread))) {
if (r == -1) {
if (errno == EAGAIN)
break;

31
postgres_ext.h
View file

@ -4,8 +4,9 @@
* postgres_ext.h
*
* This file contains declarations of things that are visible everywhere
* in PostgreSQL *and* are visible to clients of frontend interface libraries.
* For example, the Oid type is part of the API of libpq and other libraries.
* in PostgreSQL *and* are visible to clients of frontend interface
*libraries. For example, the Oid type is part of the API of libpq and other
*libraries.
*
* Declarations which are specific to a particular interface should
* go in the header file for that interface (such as libpq-fe.h). This
@ -30,16 +31,15 @@
typedef uint32_t Oid;
#ifdef __cplusplus
#define InvalidOid (Oid(0))
#define InvalidOid (Oid(0))
#else
#define InvalidOid ((Oid) 0)
#define InvalidOid ((Oid)0)
#endif
#define OID_MAX UINT_MAX
#define OID_MAX UINT_MAX
/* you will need to include <limits.h> to use the above #define */
/*
* NAMEDATALEN is the max length for system identifiers (e.g. table names,
* attribute names, function names, etc). It must be a multiple of
@ -49,21 +49,20 @@ typedef uint32_t Oid;
*/
#define NAMEDATALEN 64
/*
* Identifiers of error message fields. Kept here to keep common
* between frontend and backend, and also to export them to libpq
* applications.
*/
#define PG_DIAG_SEVERITY 'S'
#define PG_DIAG_SQLSTATE 'C'
#define PG_DIAG_MESSAGE_PRIMARY 'M'
#define PG_DIAG_MESSAGE_DETAIL 'D'
#define PG_DIAG_MESSAGE_HINT 'H'
#define PG_DIAG_SEVERITY 'S'
#define PG_DIAG_SQLSTATE 'C'
#define PG_DIAG_MESSAGE_PRIMARY 'M'
#define PG_DIAG_MESSAGE_DETAIL 'D'
#define PG_DIAG_MESSAGE_HINT 'H'
#define PG_DIAG_STATEMENT_POSITION 'P'
#define PG_DIAG_CONTEXT 'W'
#define PG_DIAG_SOURCE_FILE 'F'
#define PG_DIAG_SOURCE_LINE 'L'
#define PG_DIAG_SOURCE_FUNCTION 'R'
#define PG_DIAG_CONTEXT 'W'
#define PG_DIAG_SOURCE_FILE 'F'
#define PG_DIAG_SOURCE_LINE 'L'
#define PG_DIAG_SOURCE_FUNCTION 'R'
#endif

47
pw-inspector.c
View file

@ -1,38 +1,46 @@
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#define PROGRAM "PW-Inspector"
#define VERSION "v0.2"
#define EMAIL "vh@thc.org"
#define WEB "https://github.com/vanhauser-thc/thc-hydra"
#define PROGRAM "PW-Inspector"
#define VERSION "v0.2"
#define EMAIL "vh@thc.org"
#define WEB "https://github.com/vanhauser-thc/thc-hydra"
#define MAXLENGTH 256
#define MAXLENGTH 256
char *prg;
void help() {
printf("%s %s (c) 2005 by van Hauser / THC %s [%s]\n\n", PROGRAM, VERSION, EMAIL, WEB);
printf("Syntax: %s [-i FILE] [-o FILE] [-m MINLEN] [-M MAXLEN] [-c MINSETS] -l -u -n -p -s\n\n", prg);
printf("Syntax: %s [-i FILE] [-o FILE] [-m MINLEN] [-M MAXLEN] [-c MINSETS] "
"-l -u -n -p -s\n\n",
prg);
printf("Options:\n");
printf(" -i FILE file to read passwords from (default: stdin)\n");
printf(" -o FILE file to write valid passwords to (default: stdout)\n");
printf(" -m MINLEN minimum length of a valid password\n");
printf(" -M MAXLEN maximum length of a valid password\n");
printf(" -c MINSETS the minimum number of sets required (default: all given)\n");
printf(" -c MINSETS the minimum number of sets required (default: all "
"given)\n");
printf("Sets:\n");
printf(" -l lowcase characters (a,b,c,d, etc.)\n");
printf(" -u upcase characters (A,B,C,D, etc.)\n");
printf(" -n numbers (1,2,3,4, etc.)\n");
printf(" -p printable characters (which are not -l/-n/-p, e.g. $,!,/,(,*, etc.)\n");
printf(" -s special characters - all others not within the sets above\n");
printf(" -p printable characters (which are not -l/-n/-p, e.g. "
"$,!,/,(,*, etc.)\n");
printf(" -s special characters - all others not within the sets "
"above\n");
printf("\n%s reads passwords in and prints those which meet the requirements.\n", PROGRAM);
printf("The return code is the number of valid passwords found, 0 if none was found.\n");
printf("Use for security: check passwords, if 0 is returned, reject password choice.\n");
printf("Use for hacking: trim your dictionary file to the pw requirements of the target.\n");
printf("The return code is the number of valid passwords found, 0 if none "
"was found.\n");
printf("Use for security: check passwords, if 0 is returned, reject password "
"choice.\n");
printf("Use for hacking: trim your dictionary file to the pw requirements of "
"the target.\n");
printf("Usage only allowed for legal purposes.\n");
exit(-1);
}
@ -137,7 +145,7 @@ int main(int argc, char *argv[]) {
if (set_print) {
j = 0;
for (k = 0; k < strlen(buf); k++)
if (isprint((int32_t) buf[k]) != 0 && isalnum((int32_t) buf[k]) == 0)
if (isprint((int32_t)buf[k]) != 0 && isalnum((int32_t)buf[k]) == 0)
j = 1;
if (j)
i++;
@ -145,7 +153,7 @@ int main(int argc, char *argv[]) {
if (set_other) {
j = 0;
for (k = 0; k < strlen(buf); k++)
if (isprint((int32_t) buf[k]) == 0 && isalnum((int32_t) buf[k]) == 0)
if (isprint((int32_t)buf[k]) == 0 && isalnum((int32_t)buf[k]) == 0)
j = 1;
if (j)
i++;
@ -156,7 +164,8 @@ int main(int argc, char *argv[]) {
count++;
}
}
/* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i, minlen, maxlen, strlen(buf)); */
/* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i,
* minlen, maxlen, strlen(buf)); */
}
fclose(in);
fclose(out);

165
sasl.c
View file

@ -87,7 +87,7 @@ void sasl_plain(char *result, char *login, char *pass) {
strcpy(result, preplogin);
strcpy(result + strlen(preplogin) + 1, preplogin);
strcpy(result + 2 * strlen(preplogin) + 2, preppasswd);
hydra_tobase64((unsigned char *) result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250);
hydra_tobase64((unsigned char *)result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250);
}
free(preplogin);
free(preppasswd);
@ -128,8 +128,8 @@ void sasl_cram_md5(char *result, char *pass, char *challenge) {
memcpy(ipad, md5_raw, MD5_DIGEST_LENGTH);
memcpy(opad, md5_raw, MD5_DIGEST_LENGTH);
} else {
strcpy(ipad, preppasswd); // safe
strcpy(opad, preppasswd); // safe
strcpy(ipad, preppasswd); // safe
strcpy(opad, preppasswd); // safe
}
for (i = 0; i < 64; i++) {
ipad[i] ^= 0x36;
@ -182,8 +182,8 @@ void sasl_cram_sha1(char *result, char *pass, char *challenge) {
memcpy(ipad, sha1_raw, SHA_DIGEST_LENGTH);
memcpy(opad, sha1_raw, SHA_DIGEST_LENGTH);
} else {
strcpy(ipad, preppasswd); // safe
strcpy(opad, preppasswd); // safe
strcpy(ipad, preppasswd); // safe
strcpy(opad, preppasswd); // safe
}
for (i = 0; i < 64; i++) {
ipad[i] ^= 0x36;
@ -236,8 +236,8 @@ void sasl_cram_sha256(char *result, char *pass, char *challenge) {
memcpy(ipad, sha256_raw, SHA256_DIGEST_LENGTH);
memcpy(opad, sha256_raw, SHA256_DIGEST_LENGTH);
} else {
strcpy(ipad, preppasswd); // safe
strcpy(opad, preppasswd); // safe
strcpy(ipad, preppasswd); // safe
strcpy(opad, preppasswd); // safe
}
for (i = 0; i < 64; i++) {
ipad[i] ^= 0x36;
@ -285,10 +285,12 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
result = NULL;
return;
}
//DEBUG S: nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess
//DEBUG S: nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int32_t,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess
//warning some not well configured xmpp server is sending no realm
//DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess
// DEBUG S:
// nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess
// DEBUG S:
// nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int32_t,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess
// warning some not well configured xmpp server is sending no realm
// DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess
pbuffer = buffer;
do {
currentpos++;
@ -309,7 +311,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
}
pbuffer++;
} while ((pbuffer[0] > 31) && (ind < array_size));
//save the latest one
// save the latest one
if (ind < array_size) {
array[ind] = malloc(currentpos + 1);
strncpy(array[ind], buffer + lastpos, currentpos);
@ -317,18 +319,18 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
ind++;
}
for (i = 0; i < ind; i++) {
//removing space chars between comma separated value if any
// removing space chars between comma separated value if any
while ((array[i] != NULL) && (array[i][0] == ' ')) {
char *tmp = strdup(array[i]);
//memset(array[i], 0, sizeof(array[i]));
// memset(array[i], 0, sizeof(array[i]));
strcpy(array[i], tmp + 1);
free(tmp);
}
if (strstr(array[i], "nonce=") != NULL) {
//check if it contains double-quote
// check if it contains double-quote
if (strstr(array[i], "\"") != NULL) {
//assume last char is also a double-quote
// assume last char is also a double-quote
int32_t nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1;
if ((nonce_string_len > 0) && (nonce_string_len <= sizeof(nonce) - 1)) {
@ -351,7 +353,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
}
if (strstr(array[i], "realm=") != NULL) {
if (strstr(array[i], "\"") != NULL) {
//assume last char is also a double-quote
// assume last char is also a double-quote
int32_t realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1;
if ((realm_string_len > 0) && (realm_string_len <= sizeof(realm) - 1)) {
@ -373,12 +375,11 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
}
}
if (strstr(array[i], "qop=") != NULL) {
/*
The value "auth" indicates authentication; the value "auth-int32_t" indicates
authentication with integrity protection; the value "auth-conf"
indicates authentication with integrity protection and encryption.
*/
/*
The value "auth" indicates authentication; the value "auth-int32_t"
indicates authentication with integrity protection; the value "auth-conf"
indicates authentication with integrity protection and encryption.
*/
auth_find = 1;
if ((strstr(array[i], "\"auth\"") == NULL) && (strstr(array[i], "\"auth,") == NULL) && (strstr(array[i], ",auth\"") == NULL)) {
int32_t j;
@ -386,14 +387,15 @@ indicates authentication with integrity protection and encryption.
for (j = 0; j < ind; j++)
if (array[j] != NULL)
free(array[j]);
hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only authentication is not supported by server\n");
hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only "
"authentication is not supported by server\n");
result = NULL;
return;
}
}
if (strstr(array[i], "algorithm=") != NULL) {
if (strstr(array[i], "\"") != NULL) {
//assume last char is also a double-quote
// assume last char is also a double-quote
int32_t algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1;
if ((algo_string_len > 0) && (algo_string_len <= sizeof(algo) - 1)) {
@ -405,7 +407,8 @@ indicates authentication with integrity protection and encryption.
for (j = 0; j < ind; j++)
if (array[j] != NULL)
free(array[j]);
hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could not be extracted\n");
hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could "
"not be extracted\n");
result = NULL;
return;
}
@ -428,24 +431,25 @@ indicates authentication with integrity protection and encryption.
array[i] = NULL;
}
if (!strlen(algo)) {
//assuming by default algo is MD5
// assuming by default algo is MD5
memset(algo, 0, sizeof(algo));
strcpy(algo, "MD5");
}
//xmpp case, some xmpp server is not sending the realm so we have to set it up
// xmpp case, some xmpp server is not sending the realm so we have to set it
// up
if ((strlen(realm) == 0) && (strstr(type, "xmpp") != NULL))
snprintf(realm, sizeof(realm), "%s", miscptr);
//compute ha1
//support for algo = MD5
// compute ha1
// support for algo = MD5
snprintf(buffer, 500, "%s:%s:%s", preplogin, realm, preppasswd);
MD5_Init(&md5c);
MD5_Update(&md5c, buffer, strlen(buffer));
MD5_Final(response, &md5c);
//for MD5-sess
// for MD5-sess
if (strstr(algo, "5-sess") != NULL) {
buffer[0] = 0; //memset(buffer, 0, sizeof(buffer)); => buffer is char*!
buffer[0] = 0; // memset(buffer, 0, sizeof(buffer)); => buffer is char*!
/* per RFC 2617 Errata ID 1649 */
/* per RFC 2617 Errata ID 1649 */
if ((strstr(type, "proxy") != NULL) || (strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) {
memset(buffer3, 0, sizeof(buffer3));
pbuffer = buffer3;
@ -468,24 +472,24 @@ indicates authentication with integrity protection and encryption.
sprintf(pbuffer, "%02x", response[i]);
pbuffer += 2;
}
//compute ha2
//proxy case
// compute ha2
// proxy case
if (strstr(type, "proxy") != NULL)
sprintf(buffer, "%s:%s", "HEAD", miscptr);
else
//http case
if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL))
// http case
if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL))
sprintf(buffer, "%s:%s", type, miscptr);
else
//sip case
if (strstr(type, "sip") != NULL)
// sip case
if (strstr(type, "sip") != NULL)
sprintf(buffer, "REGISTER:%s:%s", type, miscptr);
else
//others
if (strstr(type, "rtsp") != NULL)
// others
if (strstr(type, "rtsp") != NULL)
sprintf(buffer, "DESCRIBE:%s://%s:%i", type, webtarget, port);
else
//others
// others
sprintf(buffer, "AUTHENTICATE:%s/%s", type, realm);
MD5_Init(&md5c);
@ -496,7 +500,7 @@ indicates authentication with integrity protection and encryption.
sprintf(pbuffer, "%02x", response[i]);
pbuffer += 2;
}
//compute response
// compute response
if (!auth_find)
snprintf(buffer, 500, "%s:%s", nonce, buffer2);
else
@ -511,35 +515,58 @@ indicates authentication with integrity protection and encryption.
sprintf(pbuffer, "%02x", response[i]);
pbuffer += 2;
}
//create the auth response
// create the auth response
if (strstr(type, "proxy") != NULL) {
snprintf(result, 500,
"HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
"HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", "
"realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", "
"nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: "
"Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header);
} else {
if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) ||
(strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) {
snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", preplogin, realm,
nonce, algo, type, realm, buffer);
if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) || (strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) {
snprintf(result, 500,
"username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc="
"00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s",
preplogin, realm, nonce, algo, type, realm, buffer);
} else {
if (strstr(type, "sip") != NULL) {
snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer);
snprintf(result, 500,
"username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\","
"response=%s",
preplogin, realm, nonce, type, realm, buffer);
} else {
if (strstr(type, "rtsp") != NULL) {
snprintf(result, 500, "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s://%s:%i\", response=\"%s\"\r\n", preplogin, realm, nonce, type, webtarget, port, buffer);
snprintf(result, 500,
"username=\"%s\", realm=\"%s\", nonce=\"%s\", "
"uri=\"%s://%s:%i\", response=\"%s\"\r\n",
preplogin, realm, nonce, type, webtarget, port, buffer);
} else {
if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
snprintf(result, 500,
"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: "
"Digest username=\"%s\", realm=\"%s\", response=\"%s\", "
"nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, "
"qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic "
"%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: "
"keep-alive\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication[selected_proxy], header);
else {
if (use_proxy == 1)
snprintf(result, 500,
"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: "
"Digest username=\"%s\", realm=\"%s\", response=\"%s\", "
"nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, "
"qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 "
"(Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header);
else
snprintf(result, 500,
"%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
"%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest "
"username=\"%s\", realm=\"%s\", response=\"%s\", "
"nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, "
"qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 "
"(Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header);
}
}
@ -579,10 +606,10 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
return;
}
/*client-final-message */
/*client-final-message */
if (debug)
hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage);
//r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096
// r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096
if (strstr(serverfirstmessage, "r=") == NULL) {
hydra_report(stderr, "Error: Can't understand server message\n");
free(preppasswd);
@ -592,7 +619,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
strncpy(buffer, serverfirstmessage, sizeof(buffer) - 1);
buffer[sizeof(buffer) - 1] = '\0';
nonce = strtok(buffer, ",");
//continue to search from the previous successful call
// continue to search from the previous successful call
salt = strtok(NULL, ",");
ic = strtok(NULL, ",");
iter = atoi(ic + 2);
@ -611,7 +638,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
return;
}
if ((salt != NULL) && (strlen(salt) > 2) && (strlen(salt) <= sizeof(buffer)))
//s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s=
// s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s=
strcpy(buffer, salt + 2);
else {
hydra_report(stderr, "Error: Could not identify server salt value\n");
@ -620,9 +647,9 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
return;
}
/* SaltedPassword := Hi(Normalize(password), salt, i) */
saltlen = from64tobits((char *) salt, buffer);
if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *) salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) {
/* SaltedPassword := Hi(Normalize(password), salt, i) */
saltlen = from64tobits((char *)salt, buffer);
if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *)salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) {
hydra_report(stderr, "Error: Failed to generate PBKDF2\n");
free(preppasswd);
result = NULL;
@ -631,18 +658,18 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
/* ClientKey := HMAC(SaltedPassword, "Client Key") */
#define CLIENT_KEY "Client Key"
HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *) CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen);
HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *)CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen);
/* StoredKey := H(ClientKey) */
SHA1((const unsigned char *) ClientKey, SHA_DIGEST_LENGTH, StoredKey);
/* StoredKey := H(ClientKey) */
SHA1((const unsigned char *)ClientKey, SHA_DIGEST_LENGTH, StoredKey);
/* ClientSignature := HMAC(StoredKey, AuthMessage) */
/* ClientSignature := HMAC(StoredKey, AuthMessage) */
snprintf(AuthMessage, 500, "%s,%s,%s", clientfirstmessagebare, serverfirstmessage, clientfinalmessagewithoutproof);
HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *) AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen);
HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *)AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen);
/* ClientProof := ClientKey XOR ClientSignature */
xor(ClientProof, (char *) ClientKey, (char *) ClientSignature, 20);
to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20);
/* ClientProof := ClientKey XOR ClientSignature */
xor(ClientProof, (char *)ClientKey, (char *)ClientSignature, 20);
to64frombits(clientproof_b64, (const unsigned char *)ClientProof, 20);
snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64);
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", result);

11
sasl.h
View file

@ -1,8 +1,8 @@
#include "hydra-mod.h"
#include "ntlm.h"
#include <stdio.h>
#include <string.h>
#include "ntlm.h"
#include "hydra-mod.h"
#define AUTH_ERROR -1
#define AUTH_CLEAR 0
@ -28,10 +28,7 @@
#endif
#endif
typedef enum {
SASL_ALLOW_UNASSIGNED = 1
} sasl_saslprep_flags;
typedef enum { SASL_ALLOW_UNASSIGNED = 1 } sasl_saslprep_flags;
int32_t print_hex(unsigned char *buf, int32_t len);
@ -39,9 +36,9 @@ void sasl_plain(char *result, char *login, char *pass);
int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out);
#ifdef LIBOPENSSL
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
void sasl_cram_md5(char *result, char *pass, char *challenge);
void sasl_cram_sha1(char *result, char *pass, char *challenge);