From 720bdb3f968931822874011b112e68664c1b237a Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 1 Feb 2020 11:47:13 +0100 Subject: [PATCH] code indent --- .clang-format | 117 ++ CHANGES | 1 + bfg.c | 85 +- bfg.h | 16 +- crc32.c | 138 +-- d3des.c | 227 +--- d3des.h | 10 +- hmacmd5.c | 25 +- hmacmd5.h | 27 +- hydra-adam6500.c | 120 +- hydra-afp.c | 60 +- hydra-asterisk.c | 41 +- hydra-cisco-enable.c | 230 ++-- hydra-cisco.c | 128 ++- hydra-cvs.c | 65 +- hydra-firebird.c | 40 +- hydra-ftp.c | 35 +- hydra-gtk/src/callbacks.c | 222 ++-- hydra-gtk/src/callbacks.h | 26 +- hydra-gtk/src/interface.c | 226 ++-- hydra-gtk/src/main.c | 11 +- hydra-gtk/src/support.c | 29 +- hydra-gtk/src/support.h | 13 +- hydra-http-form.c | 329 +++--- hydra-http-proxy-urlenum.c | 130 ++- hydra-http-proxy.c | 135 +-- hydra-http.c | 435 ++++---- hydra-http.h | 12 +- hydra-icq.c | 54 +- hydra-imap.c | 428 ++++--- hydra-irc.c | 50 +- hydra-ldap.c | 118 +- hydra-memcached.c | 43 +- hydra-mod.c | 456 ++++---- hydra-mod.h | 14 +- hydra-mongodb.c | 61 +- hydra-mssql.c | 104 +- hydra-mysql.c | 109 +- hydra-ncp.c | 68 +- hydra-nntp.c | 259 +++-- hydra-oracle-listener.c | 64 +- hydra-oracle-sid.c | 44 +- hydra-oracle.c | 79 +- hydra-pcanywhere.c | 26 +- hydra-pcnfs.c | 77 +- hydra-pop3.c | 469 ++++---- hydra-postgres.c | 34 +- hydra-radmin2.c | 323 +++--- hydra-rdp.c | 89 +- hydra-redis.c | 65 +- hydra-rexec.c | 57 +- hydra-rlogin.c | 64 +- hydra-rpcap.c | 32 +- hydra-rsh.c | 62 +- hydra-rtsp.c | 43 +- hydra-s7-300.c | 59 +- hydra-sapr3.c | 64 +- hydra-sip.c | 72 +- hydra-smb.c | 941 ++++++++-------- hydra-smb2.c | 88 +- hydra-smtp-enum.c | 66 +- hydra-smtp.c | 231 ++-- hydra-snmp.c | 223 ++-- hydra-socks5.c | 38 +- hydra-ssh.c | 47 +- hydra-sshkey.c | 26 +- hydra-svn.c | 76 +- hydra-teamspeak.c | 38 +- hydra-telnet.c | 43 +- hydra-time.c | 29 +- hydra-vmauthd.c | 47 +- hydra-vnc.c | 71 +- hydra-xmpp.c | 308 +++--- hydra.c | 2143 +++++++++++++++++++----------------- hydra.h | 266 +++-- libpq-fe.h | 436 ++++---- ntlm.c | 707 ++++++------ ntlm.h | 99 +- performance.h | 20 +- postgres_ext.h | 31 +- pw-inspector.c | 47 +- sasl.c | 165 +-- sasl.h | 11 +- 83 files changed, 6377 insertions(+), 6240 deletions(-) create mode 100644 .clang-format diff --git a/.clang-format b/.clang-format new file mode 100644 index 0000000..87040ec --- /dev/null +++ b/.clang-format @@ -0,0 +1,117 @@ +--- +Language: Cpp +AccessModifierOffset: -2 +AlignAfterOpenBracket: Align +AlignConsecutiveAssignments: false +AlignConsecutiveDeclarations: false +AlignEscapedNewlines: Right +AlignOperands: true +AlignTrailingComments: true +AllowAllParametersOfDeclarationOnNextLine: true +AllowShortBlocksOnASingleLine: false +AllowShortCaseLabelsOnASingleLine: false +AllowShortFunctionsOnASingleLine: All +AllowShortIfStatementsOnASingleLine: false +AllowShortLoopsOnASingleLine: false +AlwaysBreakAfterDefinitionReturnType: None +AlwaysBreakAfterReturnType: None +AlwaysBreakBeforeMultilineStrings: false +AlwaysBreakTemplateDeclarations: false +BinPackArguments: true +BinPackParameters: true +BraceWrapping: + AfterClass: false + AfterControlStatement: false + AfterEnum: false + AfterFunction: false + AfterNamespace: false + AfterObjCDeclaration: false + AfterStruct: false + AfterUnion: false + AfterExternBlock: false + BeforeCatch: false + BeforeElse: false + IndentBraces: false + SplitEmptyFunction: true + SplitEmptyRecord: true + SplitEmptyNamespace: true +BreakBeforeBinaryOperators: None +BreakBeforeBraces: Attach +BreakBeforeInheritanceComma: false +BreakInheritanceList: BeforeColon +BreakBeforeTernaryOperators: true +BreakConstructorInitializersBeforeComma: false +BreakConstructorInitializers: BeforeColon +BreakAfterJavaFieldAnnotations: false +BreakStringLiterals: true +ColumnLimit: 512 +CommentPragmas: '^ IWYU pragma:' +CompactNamespaces: true +ConstructorInitializerAllOnOneLineOrOnePerLine: false +ConstructorInitializerIndentWidth: 4 +ContinuationIndentWidth: 4 +Cpp11BracedListStyle: true +DerivePointerAlignment: false +DisableFormat: false +ExperimentalAutoDetectBinPacking: false +FixNamespaceComments: true +ForEachMacros: + - foreach + - Q_FOREACH + - BOOST_FOREACH +IncludeBlocks: Preserve +IncludeCategories: + - Regex: '^"(llvm|llvm-c|clang|clang-c)/' + Priority: 2 + - Regex: '^(<|"(gtest|gmock|isl|json)/)' + Priority: 3 + - Regex: '.*' + Priority: 1 +IncludeIsMainRegex: '(Test)?$' +IndentCaseLabels: false +IndentPPDirectives: None +IndentWidth: 2 +IndentWrappedFunctionNames: false +JavaScriptQuotes: Leave +JavaScriptWrapImports: true +KeepEmptyLinesAtTheStartOfBlocks: false +MacroBlockBegin: '' +MacroBlockEnd: '' +MaxEmptyLinesToKeep: 1 +NamespaceIndentation: None +ObjCBinPackProtocolList: Auto +ObjCBlockIndentWidth: 2 +ObjCSpaceAfterProperty: false +ObjCSpaceBeforeProtocolList: true +PenaltyBreakAssignment: 2 +PenaltyBreakBeforeFirstCallParameter: 19 +PenaltyBreakComment: 300 +PenaltyBreakFirstLessLess: 120 +PenaltyBreakString: 1000 +PenaltyBreakTemplateDeclaration: 10 +PenaltyExcessCharacter: 1000000 +PenaltyReturnTypeOnItsOwnLine: 60 +PointerAlignment: Right +ReflowComments: true +SortIncludes: true +SortUsingDeclarations: true +SpaceAfterCStyleCast: false +SpaceAfterTemplateKeyword: true +SpaceBeforeAssignmentOperators: true +SpaceBeforeCpp11BracedList: false +SpaceBeforeCtorInitializerColon: true +SpaceBeforeInheritanceColon: true +SpaceBeforeParens: ControlStatements +SpaceBeforeRangeBasedForLoopColon: true +SpaceInEmptyParentheses: false +SpacesBeforeTrailingComments: 1 +SpacesInAngles: false +SpacesInContainerLiterals: true +SpacesInCStyleCastParentheses: false +SpacesInParentheses: false +SpacesInSquareBrackets: false +Standard: Cpp11 +TabWidth: 2 +UseTab: Never +... + diff --git a/CHANGES b/CHANGES index c3eac12..3979a1d 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,7 @@ Release 9.1-dev * added -K command line switch to disable redo attempts (good for mass scanning) * forgot to have the -m option in the hydra help output * gcc-10 support and various cleanups by Jeroen Roovers, thanks! +* added .clang-format and formatted all code Release 9.0 diff --git a/bfg.c b/bfg.c index fa741bc..3479268 100644 --- a/bfg.c +++ b/bfg.c @@ -1,17 +1,18 @@ -/* code original by Jan Dlabal , partially rewritten by vh */ +/* code original by Jan Dlabal , partially rewritten by vh + */ +#include +#include #include #include #include -#include -#include #ifdef __sun - #include +#include #elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) - #include +#include #else - #include +#include #endif #include "bfg.h" @@ -21,20 +22,26 @@ bf_option bf_options; extern int32_t debug; -static int32_t add_single_char(char ch, char flags, int32_t* crs_len) { +static int32_t add_single_char(char ch, char flags, int32_t *crs_len) { if ((ch >= '2' && ch <= '9') || ch == '0') { if ((flags & BF_NUMS) > 0) { - printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", ch); + printf("[ERROR] character %c defined in -x although the whole number " + "range was already defined by '1', ignored\n", + ch); return 0; } - //printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", ch); + // printf("[WARNING] adding character %c for -x, note that '1' will add all + // numbers from 0-9\n", ch); } - if (tolower((int32_t) ch) >= 'b' && tolower((int32_t) ch) <= 'z') { + if (tolower((int32_t)ch) >= 'b' && tolower((int32_t)ch) <= 'z') { if ((ch <= 'Z' && (flags & BF_UPPER) > 0) || (ch > 'Z' && (flags & BF_UPPER) > 0)) { - printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", ch, ch <= 'Z' ? 'A' : 'a'); + printf("[ERROR] character %c defined in -x although the whole letter " + "range was already defined by '%c', ignored\n", + ch, ch <= 'Z' ? 'A' : 'a'); return 0; } - //printf("[WARNING] adding character %c for -x, note that '%c' will add all %scase letters\n", ch, ch <= 'Z' ? 'A' : 'a', ch <= 'Z' ? "up" : "low"); + // printf("[WARNING] adding character %c for -x, note that '%c' will add all + // %scase letters\n", ch, ch <= 'Z' ? 'A' : 'a', ch <= 'Z' ? "up" : "low"); } (*crs_len)++; if (BF_CHARSMAX - *crs_len < 1) { @@ -66,7 +73,8 @@ int32_t bf_init(char *arg) { } bf_options.from = atoi(arg); if (bf_options.from < 1 || bf_options.from > 127) { - fprintf(stderr, "Error: minimum length must be between 1 and 127, format: -x min:max:types\n"); + fprintf(stderr, "Error: minimum length must be between 1 and 127, format: " + "-x min:max:types\n"); return 1; } arg = tmp + 1; @@ -86,7 +94,8 @@ int32_t bf_init(char *arg) { tmp++; if (bf_options.from > bf_options.to) { - fprintf(stderr, "Error: you specified a minimum length higher than the maximum length!\n"); + fprintf(stderr, "Error: you specified a minimum length higher than the " + "maximum length!\n"); return 1; } @@ -166,23 +175,23 @@ int32_t bf_init(char *arg) { bf_options.crs_len = crs_len; bf_options.current = bf_options.from; - memset((char *) bf_options.state, 0, sizeof(bf_options.state)); + memset((char *)bf_options.state, 0, sizeof(bf_options.state)); if (debug) printf("[DEBUG] bfg INIT: from %u, to %u, len: %u, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs); return 0; } - uint64_t bf_get_pcount() { int32_t i; double count = 0; uint64_t foo; for (i = bf_options.from; i <= bf_options.to; i++) - count += (pow((double) bf_options.crs_len, (double) i)); + count += (pow((double)bf_options.crs_len, (double)i)); if (count >= 0xffffffff) { - fprintf(stderr, "\n[ERROR] definition for password bruteforce (-x) generates more than 4 billion passwords\n"); + fprintf(stderr, "\n[ERROR] definition for password bruteforce (-x) " + "generates more than 4 billion passwords\n"); exit(-1); } @@ -190,12 +199,10 @@ uint64_t bf_get_pcount() { return foo; } -int accu(int value) -{ +int accu(int value) { int i = 0, a; - for (a=1; a<=value; ++a) - { - i+=a; + for (a = 1; a <= value; ++a) { + i += a; } return i; } @@ -204,29 +211,27 @@ char *bf_next(_Bool rainy) { int32_t i, pos = bf_options.current - 1; if (bf_options.current > bf_options.to) - return NULL; // we are done + return NULL; // we are done if ((bf_options.ptr = malloc(BF_CHARSMAX)) == NULL) { fprintf(stderr, "Error: Can not allocate memory for -x data!\n"); return NULL; } - if(rainy) - { - for (i = 0; i < bf_options.current; i++){ - bf_options.ptr[i] = bf_options.crs[(bf_options.state[i]+bf_options.rain)%bf_options.crs_len]; - bf_options.rain += i+1; - } - if(bf_options.crs_len%10 == 0) - bf_options.rain-=accu(bf_options.current)-2; - else if(bf_options.crs_len%2 == 0) - bf_options.rain-=accu(bf_options.current)-4; - else if(bf_options.crs_len%2) - bf_options.rain-=accu(bf_options.current)-1; - } - else + if (rainy) { + for (i = 0; i < bf_options.current; i++) { + bf_options.ptr[i] = bf_options.crs[(bf_options.state[i] + bf_options.rain) % bf_options.crs_len]; + bf_options.rain += i + 1; + } + if (bf_options.crs_len % 10 == 0) + bf_options.rain -= accu(bf_options.current) - 2; + else if (bf_options.crs_len % 2 == 0) + bf_options.rain -= accu(bf_options.current) - 4; + else if (bf_options.crs_len % 2) + bf_options.rain -= accu(bf_options.current) - 1; + } else for (i = 0; i < bf_options.current; i++) - bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; + bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; bf_options.ptr[bf_options.current] = 0; if (debug) { @@ -243,7 +248,7 @@ char *bf_next(_Bool rainy) { if (pos < 0) { bf_options.current++; - memset((char *) bf_options.state, 0, sizeof(bf_options.state)); + memset((char *)bf_options.state, 0, sizeof(bf_options.state)); } return bf_options.ptr; diff --git a/bfg.h b/bfg.h index ab2f5e4..a3c36bb 100644 --- a/bfg.h +++ b/bfg.h @@ -24,7 +24,9 @@ #define BF_WEBSITE "http://houbysoft.com/bfg/" #define BF_BUFLEN 1024 -#define BF_CHARSMAX 256 /* how many max possibilities there are for characters, normally it's 2^8 = 256 */ +#define BF_CHARSMAX \ + 256 /* how many max possibilities there are for characters, normally it's \ + 2^8 = 256 */ #define BF_LOWER 1 #define BF_UPPER 2 @@ -35,13 +37,13 @@ typedef struct { unsigned char to; unsigned char current; unsigned char state[BF_CHARSMAX]; /* which position has which character */ - unsigned char pos; /* where in current string length is the position */ - unsigned char crs_len; /* length of selected charset */ - char *arg; /* argument received for bfg commandline option */ - char *crs; /* internal representation of charset */ - char *ptr; /* ptr to the last generated password */ + unsigned char pos; /* where in current string length is the position */ + unsigned char crs_len; /* length of selected charset */ + char *arg; /* argument received for bfg commandline option */ + char *crs; /* internal representation of charset */ + char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; - uint64_t rain; /* accumulator for the rain */ + uint64_t rain; /* accumulator for the rain */ } bf_option; extern bf_option bf_options; diff --git a/crc32.c b/crc32.c index 364cfa4..ee9839b 100644 --- a/crc32.c +++ b/crc32.c @@ -1,99 +1,61 @@ /*- -* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or -* code or tables extracted from it, as desired without restriction. -* -* First, the polynomial itself and its table of feedback terms. The -* polynomial is -* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 -* -* Note that we take it "backwards" and put the highest-order term in -* the lowest-order bit. The X^32 term is "implied"; the LSB is the -* X^31 term, etc. The X^0 term (usually shown as "+1") results in -* the MSB being 1 -* -* Note that the usual hardware shift register implementation, which -* is what we're using (we're merely optimizing it by doing eight-bit -* chunks at a time) shifts bits into the lowest-order term. In our -* implementation, that means shifting towards the right. Why do we -* do it this way? Because the calculated CRC must be transmitted in -* order from highest-order term to lowest-order term. UARTs transmit -* characters in order from LSB to MSB. By storing the CRC this way -* we hand it to the UART in the order low-byte to high-byte; the UART -* sends each low-bit to hight-bit; and the result is transmission bit -* by bit from highest- to lowest-order term without requiring any bit -* shuffling on our part. Reception works similarly -* -* The feedback terms table consists of 256, 32-bit entries. Notes -* -* The table can be generated at runtime if desired; code to do so -* is shown later. It might not be obvious, but the feedback -* terms simply represent the results of eight shift/xor opera -* tions for all combinations of data and CRC register values -* -* The values must be right-shifted by eight bits by the "updcrc -* logic; the shift must be unsigned (bring in zeroes). On some -* hardware you could probably optimize the shift in assembler by -* using byte-swap instructions -* polynomial $edb88320 -* -* -* CRC32 code derived from work by Gary S. Brown. -*/ + * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or + * code or tables extracted from it, as desired without restriction. + * + * First, the polynomial itself and its table of feedback terms. The + * polynomial is + * X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 + * + * Note that we take it "backwards" and put the highest-order term in + * the lowest-order bit. The X^32 term is "implied"; the LSB is the + * X^31 term, etc. The X^0 term (usually shown as "+1") results in + * the MSB being 1 + * + * Note that the usual hardware shift register implementation, which + * is what we're using (we're merely optimizing it by doing eight-bit + * chunks at a time) shifts bits into the lowest-order term. In our + * implementation, that means shifting towards the right. Why do we + * do it this way? Because the calculated CRC must be transmitted in + * order from highest-order term to lowest-order term. UARTs transmit + * characters in order from LSB to MSB. By storing the CRC this way + * we hand it to the UART in the order low-byte to high-byte; the UART + * sends each low-bit to hight-bit; and the result is transmission bit + * by bit from highest- to lowest-order term without requiring any bit + * shuffling on our part. Reception works similarly + * + * The feedback terms table consists of 256, 32-bit entries. Notes + * + * The table can be generated at runtime if desired; code to do so + * is shown later. It might not be obvious, but the feedback + * terms simply represent the results of eight shift/xor opera + * tions for all combinations of data and CRC register values + * + * The values must be right-shifted by eight bits by the "updcrc + * logic; the shift must be unsigned (bring in zeroes). On some + * hardware you could probably optimize the shift in assembler by + * using byte-swap instructions + * polynomial $edb88320 + * + * + * CRC32 code derived from work by Gary S. Brown. + */ #include #ifdef __sun - #include +#include #elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) - #include +#include #else - #include +#include #endif -uint32_t crc32_tab[] = { - 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, - 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, - 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, - 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, - 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, - 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, - 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, - 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, - 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, - 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, - 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, - 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, - 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, - 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, - 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, - 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, - 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, - 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, - 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, - 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, - 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, - 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, - 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, - 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, - 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, - 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, - 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, - 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, - 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, - 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, - 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, - 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, - 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, - 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, - 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, - 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, - 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, - 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, - 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, - 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, - 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, - 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, - 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d -}; +uint32_t crc32_tab[] = {0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 0x3c03e4d1, + 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, + 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5, 0xaa0a4c5f, + 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, + 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, + 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, + 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d}; #ifndef HAVE_ZLIB diff --git a/d3des.c b/d3des.c index 7f964ea..c6cc054 100644 --- a/d3des.c +++ b/d3des.c @@ -37,53 +37,32 @@ static void unscrun(unsigned long *, unsigned char *); static void desfunc(unsigned long *, unsigned long *); static void cookey(unsigned long *); -static unsigned long KnL[32] = { 0L }; +static unsigned long KnL[32] = {0L}; /* not needed ... static unsigned long KnR[32] = { 0L }; static unsigned long Kn3[32] = { 0L }; static unsigned char Df_Key[24] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, - 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, - 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; */ -static unsigned short bytebit[8] = { - 01, 02, 04, 010, 020, 040, 0100, 0200 -}; +static unsigned short bytebit[8] = {01, 02, 04, 010, 020, 040, 0100, 0200}; -static unsigned long bigbyte[24] = { - 0x800000L, 0x400000L, 0x200000L, 0x100000L, - 0x80000L, 0x40000L, 0x20000L, 0x10000L, - 0x8000L, 0x4000L, 0x2000L, 0x1000L, - 0x800L, 0x400L, 0x200L, 0x100L, - 0x80L, 0x40L, 0x20L, 0x10L, - 0x8L, 0x4L, 0x2L, 0x1L -}; +static unsigned long bigbyte[24] = {0x800000L, 0x400000L, 0x200000L, 0x100000L, 0x80000L, 0x40000L, 0x20000L, 0x10000L, 0x8000L, 0x4000L, 0x2000L, 0x1000L, 0x800L, 0x400L, 0x200L, 0x100L, 0x80L, 0x40L, 0x20L, 0x10L, 0x8L, 0x4L, 0x2L, 0x1L}; /* Use the key schedule specified in the Standard (ANSI X3.92-1981). */ -static unsigned char pc1[56] = { - 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, - 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, - 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, - 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 -}; +static unsigned char pc1[56] = {56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3}; -static unsigned char totrot[16] = { - 1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28 -}; +static unsigned char totrot[16] = {1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28}; -static unsigned char pc2[48] = { - 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, - 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, - 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, - 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 -}; +static unsigned char pc2[48] = {13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31}; -void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ - unsigned char *key; - int32_t edf; +void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ + unsigned char *key; +int32_t edf; { register int32_t i, j, l, m, n; unsigned char pc1m[56], pcr[56]; @@ -126,8 +105,7 @@ void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ return; } -static void cookey(raw1) - register unsigned long *raw1; +static void cookey(raw1) register unsigned long *raw1; { register unsigned long *cook, *raw0; unsigned long dough[32]; @@ -149,8 +127,7 @@ static void cookey(raw1) return; } -void cpkey(into) - register unsigned long *into; +void cpkey(into) register unsigned long *into; { register unsigned long *from, *endp; @@ -160,8 +137,7 @@ void cpkey(into) return; } -void usekey(from) - register unsigned long *from; +void usekey(from) register unsigned long *from; { register unsigned long *to, *endp; @@ -180,9 +156,8 @@ void des(unsigned char *inblock, unsigned char *outblock) { return; } -static void scrunch(outof, into) - register unsigned char *outof; - register unsigned long *into; +static void scrunch(outof, into) register unsigned char *outof; +register unsigned long *into; { *into = (*outof++ & 0xffL) << 24; *into |= (*outof++ & 0xffL) << 16; @@ -195,9 +170,8 @@ static void scrunch(outof, into) return; } -static void unscrun(outof, into) - register unsigned long *outof; - register unsigned char *into; +static void unscrun(outof, into) register unsigned long *outof; +register unsigned char *into; { *into++ = (*outof >> 24) & 0xffL; *into++ = (*outof >> 16) & 0xffL; @@ -210,160 +184,31 @@ static void unscrun(outof, into) return; } -static unsigned long SP1[64] = { - 0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, - 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, - 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, - 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, - 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, - 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, - 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, - 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, - 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, - 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, - 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, - 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, - 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, - 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, - 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, - 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L -}; +static unsigned long SP1[64] = {0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, + 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L}; -static unsigned long SP2[64] = { - 0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, - 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, - 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, - 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, - 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, - 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, - 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, - 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, - 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, - 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, - 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, - 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, - 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, - 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, - 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, - 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L -}; +static unsigned long SP2[64] = {0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, + 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L}; -static unsigned long SP3[64] = { - 0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, - 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, - 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, - 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, - 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, - 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, - 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, - 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, - 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, - 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, - 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, - 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, - 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, - 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, - 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, - 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L -}; +static unsigned long SP3[64] = {0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, + 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L}; -static unsigned long SP4[64] = { - 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, - 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, - 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, - 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, - 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, - 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, - 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, - 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, - 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, - 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, - 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, - 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, - 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, - 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, - 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, - 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L -}; +static unsigned long SP4[64] = {0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, + 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L}; -static unsigned long SP5[64] = { - 0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, - 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, - 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, - 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, - 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, - 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, - 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, - 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, - 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, - 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, - 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, - 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, - 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, - 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, - 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, - 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L -}; +static unsigned long SP5[64] = {0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, + 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L}; -static unsigned long SP6[64] = { - 0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, - 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, - 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, - 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, - 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, - 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, - 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, - 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, - 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, - 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, - 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, - 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, - 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, - 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, - 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, - 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L -}; +static unsigned long SP6[64] = {0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, + 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L}; -static unsigned long SP7[64] = { - 0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, - 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, - 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, - 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, - 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, - 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, - 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, - 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, - 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, - 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, - 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, - 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, - 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, - 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, - 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, - 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L -}; +static unsigned long SP7[64] = {0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, + 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L}; -static unsigned long SP8[64] = { - 0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, - 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, - 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, - 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, - 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, - 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, - 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, - 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, - 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, - 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, - 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, - 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, - 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, - 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, - 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, - 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L -}; +static unsigned long SP8[64] = {0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, + 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L}; -static void desfunc(block, keys) - register unsigned long *block, *keys; +static void desfunc(block, keys) register unsigned long *block, *keys; { register unsigned long fval, work, right, leftt; register int32_t round; diff --git a/d3des.h b/d3des.h index 18be88b..3b03d8a 100644 --- a/d3des.h +++ b/d3des.h @@ -1,9 +1,9 @@ #ifdef __sun - #include +#include #elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) - #include +#include #else - #include +#include #endif /* @@ -27,8 +27,8 @@ * (GEnie : OUTER; CIS : [71755,204]) */ -#define EN0 0 /* MODE == encrypt */ -#define DE1 1 /* MODE == decrypt */ +#define EN0 0 /* MODE == encrypt */ +#define DE1 1 /* MODE == decrypt */ extern void deskey(unsigned char *, int32_t); diff --git a/hmacmd5.c b/hmacmd5.c index 9400aba..d7b7691 100644 --- a/hmacmd5.c +++ b/hmacmd5.c @@ -1,24 +1,24 @@ -/* +/* Unix SMB/CIFS implementation. HMAC MD5 code for use in NTLMv2 Copyright (C) Luke Kenneth Casson Leighton 1996-2000 Copyright (C) Andrew Tridgell 1992-2000 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc. - + Free Software Foundation 51 Franklin Street, Fifth Floor Boston, MA 02110-1335 @@ -34,8 +34,8 @@ */ #ifdef LIBOPENSSL -#include #include "hmacmd5.h" +#include #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) @@ -43,7 +43,7 @@ the rfc 2104 version of hmac_md5 initialisation. ***********************************************************************/ -void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context * ctx) { +void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx) { int32_t i; unsigned char tk[16]; @@ -52,7 +52,7 @@ void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Con MD5_CTX tctx; MD5_Init(&tctx); - MD5_Update(&tctx, (void *) key, key_len); + MD5_Update(&tctx, (void *)key, key_len); MD5_Final(tk, &tctx); key = tk; @@ -79,7 +79,7 @@ void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Con the microsoft version of hmac_md5 initialisation. ***********************************************************************/ -void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context * ctx) { +void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx) { int32_t i; /* if key is longer than 64 bytes truncate it */ @@ -107,15 +107,12 @@ void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5 update hmac_md5 "inner" buffer ***********************************************************************/ -void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context * ctx) { - MD5_Update(&ctx->ctx, (void *) text, text_len); /* then text of datagram */ -} +void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context *ctx) { MD5_Update(&ctx->ctx, (void *)text, text_len); /* then text of datagram */ } /*********************************************************************** finish off hmac_md5 "inner" buffer and generate outer one. ***********************************************************************/ -void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx) -{ +void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx) { MD5_CTX ctx_o; MD5_Final(digest, &ctx->ctx); diff --git a/hmacmd5.h b/hmacmd5.h index 54e1393..7677bc6 100644 --- a/hmacmd5.h +++ b/hmacmd5.h @@ -1,19 +1,19 @@ -/* +/* Unix SMB/CIFS implementation. Interface header: Scheduler service Copyright (C) Luke Kenneth Casson Leighton 1996-1999 Copyright (C) Andrew Tridgell 1992-1999 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc. @@ -30,28 +30,25 @@ */ #ifdef __sun - #include +#include #elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) - #include +#include #else - #include +#include #endif #include #ifndef _HMAC_MD5_H typedef struct { - MD5_CTX ctx; - unsigned char k_ipad[65]; - unsigned char k_opad[65]; + MD5_CTX ctx; + unsigned char k_ipad[65]; + unsigned char k_opad[65]; } HMACMD5Context; #endif /* _HMAC_MD5_H */ - void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx); -void hmac_md5_init_limK_to_64(const unsigned char* key, int32_t key_len,HMACMD5Context *ctx); +void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx); void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context *ctx); void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx); -void hmac_md5( unsigned char key[16], unsigned char *data, int32_t data_len, unsigned char *digest); - - +void hmac_md5(unsigned char key[16], unsigned char *data, int32_t data_len, unsigned char *digest); diff --git a/hydra-adam6500.c b/hydra-adam6500.c index 9382fd1..ae664d4 100644 --- a/hydra-adam6500.c +++ b/hydra-adam6500.c @@ -6,57 +6,15 @@ extern char *HYDRA_EXIT; -unsigned char adam6500_req1[] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x01, 0x10, - 0x27, 0x0f, 0x00, 0x08, 0x10, 0x24, 0x30, 0x31, - 0x50, 0x57, 0x30, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, - 0x1f, 0x1f, 0x1f, 0x0d, 0x00 -}; -unsigned char adam6500_resp1[] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x10, - 0x27, 0x0f, 0x00, 0x08 -}; -unsigned char adam6500_req2[] = { - 0x01, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x03, - 0x27, 0x0f, 0x00, 0x7d -}; -unsigned char adam6500_resp2[] = { - 0x01, 0x00, 0x00, 0x00, 0x00, 0xfd, 0x01, 0x03, - 0xfa, 0x3f, 0x30, 0x31, 0x0d, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00 -}; +unsigned char adam6500_req1[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x01, 0x10, 0x27, 0x0f, 0x00, 0x08, 0x10, 0x24, 0x30, 0x31, 0x50, 0x57, 0x30, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x0d, 0x00}; +unsigned char adam6500_resp1[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x10, 0x27, 0x0f, 0x00, 0x08}; +unsigned char adam6500_req2[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x03, 0x27, 0x0f, 0x00, 0x7d}; +unsigned char adam6500_resp2[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0xfd, 0x01, 0x03, 0xfa, 0x3f, 0x30, 0x31, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; -int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass; unsigned char buffer[300]; @@ -66,13 +24,13 @@ int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, pass = empty; memcpy(buffer, adam6500_req1, sizeof(adam6500_req1)); - - for (i = 0; i < 8 && i < strlen(pass); i++) + + for (i = 0; i < 8 && i < strlen(pass); i++) buffer[19 + i] = pass[i] ^ 0x3f; if (hydra_send(s, buffer, sizeof(adam6500_req1), 0) < 0) return 1; - + if (recv(s, buffer, sizeof(buffer), 0) == 12 && memcmp(buffer, adam6500_resp1, sizeof(adam6500_resp1)) == 0) { if (hydra_send(s, adam6500_req2, sizeof(adam6500_req2), 0) < 0) return 1; @@ -90,7 +48,7 @@ int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, return 1; } -void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_ADAM6500, mysslport = PORT_ADAM6500_SSL; @@ -100,34 +58,34 @@ void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_adam6500(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -145,13 +103,13 @@ void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr } } -int32_t service_adam6500_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_adam6500_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-afp.c b/hydra-afp.c index 0e55f6f..1d2801d 100644 --- a/hydra-afp.c +++ b/hydra-afp.c @@ -1,6 +1,6 @@ /* * Apple Filing Protocol Support - by David Maciejak @ GMAIL dot com - * + * * tested with afpfs-ng 0.8.1 * AFPFS-NG: http://alexthepuffin.googlepages.com/home * @@ -9,33 +9,31 @@ #include "hydra-mod.h" #ifndef LIBAFP -void dummy_afp() { - printf("\n"); -} +void dummy_afp() { printf("\n"); } #else -#define FREE(x) \ - if (x != NULL) { \ - free(x); \ - x = NULL; \ - } +#define FREE(x) \ + if (x != NULL) { \ + free(x); \ + x = NULL; \ + } -#include #include #include +#include extern char *HYDRA_EXIT; void stdout_fct(void *priv, enum loglevels loglevel, int32_t logtype, const char *message) { - //fprintf(stderr, "[ERROR] Caught unknown error %s\n", message); + // fprintf(stderr, "[ERROR] Caught unknown error %s\n", message); } static struct libafpclient afpclient = { - .unmount_volume = NULL, - .log_for_client = stdout_fct, - .forced_ending_hook = NULL, - .scan_extra_fds = NULL, - .loop_started = NULL, + .unmount_volume = NULL, + .log_for_client = stdout_fct, + .forced_ending_hook = NULL, + .scan_extra_fds = NULL, + .loop_started = NULL, }; static int32_t server_subconnect(struct afp_url url) { @@ -43,14 +41,15 @@ static int32_t server_subconnect(struct afp_url url) { struct afp_server *server = NULL; conn_req = malloc(sizeof(struct afp_connection_request)); -// server = malloc(sizeof(struct afp_server)); + // server = malloc(sizeof(struct afp_server)); memset(conn_req, 0, sizeof(struct afp_connection_request)); conn_req->url = url; conn_req->url.requested_version = 31; - //fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n", url.username, url.password, url.servername); + // fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n", + // url.username, url.password, url.servername); if (strlen(url.uamname) > 0) { if ((conn_req->uam_mask = find_uam_by_name(url.uamname)) == 0) { @@ -63,13 +62,14 @@ static int32_t server_subconnect(struct afp_url url) { conn_req->uam_mask = default_uams_mask(); } - //fprintf(stderr, "Initiating connection attempt.\n"); + // fprintf(stderr, "Initiating connection attempt.\n"); if ((server = afp_server_full_connect(NULL, conn_req)) == NULL) { FREE(conn_req); -// FREE(server); + // FREE(server); return -1; } - //fprintf(stderr, "Connected to server: %s via UAM: %s\n", server->server_name_printable, uam_bitmap_to_string(server->using_uam)); + // fprintf(stderr, "Connected to server: %s via UAM: %s\n", + // server->server_name_printable, uam_bitmap_to_string(server->using_uam)); FREE(conn_req); FREE(server); @@ -77,7 +77,7 @@ static int32_t server_subconnect(struct afp_url url) { return 0; } -int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, mlogin[AFP_MAX_USERNAME_LEN], mpass[AFP_MAX_PASSWORD_LEN]; struct afp_url tmpurl; @@ -88,7 +88,6 @@ int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char init_uams(); afp_default_url(&tmpurl); - if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -110,7 +109,6 @@ int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char return 3; return 2; } else { - hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; @@ -118,7 +116,7 @@ int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char return 1; } -void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_AFP; @@ -127,9 +125,8 @@ void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL return; while (1) { - switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -139,7 +136,8 @@ void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL port = myport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -149,7 +147,7 @@ void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL case 2: /* - * Here we start the password cracking process + * Here we start the password cracking process */ next_run = start_afp(sock, ip, port, options, miscptr, fp); @@ -172,13 +170,13 @@ void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL #endif -int32_t service_afp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_afp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-asterisk.c b/hydra-asterisk.c index 1ec351d..bbcfce7 100644 --- a/hydra-asterisk.c +++ b/hydra-asterisk.c @@ -1,17 +1,16 @@ -//This plugin was written by david@ +// This plugin was written by david@ // -//This plugin is written for Asterisk Call Manager -//which is running by default on TCP/5038 +// This plugin is written for Asterisk Call Manager +// which is running by default on TCP/5038 // #include "hydra-mod.h" - extern char *HYDRA_EXIT; char *buf; -int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\""; char *login, *pass, buffer[1024]; @@ -41,7 +40,10 @@ int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options, hydra_report(stderr, "[DEBUG] S: %s\n", buf); if (buf == NULL || (strstr(buf, "Response: ") == NULL)) { - hydra_report(stderr, "[ERROR] Asterisk Call Manager protocol error or service shutdown: %s\n", buf); + hydra_report(stderr, + "[ERROR] Asterisk Call Manager protocol error or service " + "shutdown: %s\n", + buf); free(buf); return 4; } @@ -62,7 +64,7 @@ int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options, return 2; } -void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_ASTERISK, mysslport = PORT_ASTERISK_SSL; @@ -71,10 +73,10 @@ void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -89,28 +91,31 @@ void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); - //fprintf(stderr, "%s\n",buf); - //banner should look like: - //Asterisk Call Manager/1.1 + // fprintf(stderr, "%s\n",buf); + // banner should look like: + // Asterisk Call Manager/1.1 if (buf == NULL || strstr(buf, "Asterisk Call Manager/") == NULL) { /* check the first line */ if (verbose || debug) - hydra_report(stderr, "[ERROR] Not an Asterisk Call Manager protocol or service shutdown: %s\n", buf); + hydra_report(stderr, + "[ERROR] Not an Asterisk Call Manager protocol or " + "service shutdown: %s\n", + buf); hydra_child_exit(2); } free(buf); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_asterisk(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -123,13 +128,13 @@ void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr } } -int32_t service_asterisk_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_asterisk_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-cisco-enable.c b/hydra-cisco-enable.c index 4cc9bdf..5a835e1 100644 --- a/hydra-cisco-enable.c +++ b/hydra-cisco-enable.c @@ -3,7 +3,7 @@ extern char *HYDRA_EXIT; char *buf; -int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass, buffer[300]; @@ -42,8 +42,7 @@ int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char opti } } - if (buf != NULL - && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) { + if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) { free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -58,7 +57,7 @@ int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char opti return 3; } -void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; char buffer[300]; @@ -70,117 +69,130 @@ void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *mis while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; + } + if (sock < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + + /* Cisco AAA Support */ + if (strlen(login = hydra_get_next_login()) != 0) { + while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "name:") == NULL && strstr(buf, "ogin:") == NULL) { + if (hydra_strcasestr(buf, "ress ENTER") != NULL) + hydra_send(sock, "\r\n", 2, 0); + free(buf); } - /* Cisco AAA Support */ - if (strlen(login = hydra_get_next_login()) != 0) { - while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "name:") == NULL && strstr(buf, "ogin:") == NULL) { - if (hydra_strcasestr(buf, "ress ENTER") != NULL) - hydra_send(sock, "\r\n", 2, 0); - free(buf); - } - - sprintf(buffer, "%.250s\r\n", login); - if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t) getpid()); - hydra_child_exit(2); - } - } - - if (miscptr != NULL) { - if (buf != NULL) - free(buf); - while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) { - if (hydra_strcasestr(buf, "ress ENTER") != NULL) - hydra_send(sock, "\r\n", 2, 0); - free(buf); - } - - sprintf(buffer, "%.250s\r\n", miscptr); - if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t) getpid()); - hydra_child_exit(2); - } + sprintf(buffer, "%.250s\r\n", login); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t)getpid()); + hydra_child_exit(2); } + } + if (miscptr != NULL) { if (buf != NULL) free(buf); - buf = hydra_receive_line(sock); - if (hydra_strcasestr(buf, "ress ENTER") != NULL) { - hydra_send(sock, "\r\n", 2, 0); + while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) { + if (hydra_strcasestr(buf, "ress ENTER") != NULL) + hydra_send(sock, "\r\n", 2, 0); free(buf); - buf = hydra_receive_line(sock); } - if (strstr(buf, "assw") != NULL) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int32_t) getpid()); - hydra_child_exit(2); - } - free(buf); - - next_run = 2; - break; - } - case 2: /* run the cracking function */ - { - unsigned char *buf2; - int32_t f = 0; - - sprintf(buffer, "%.250s\r\n", "ena"); + sprintf(buffer, "%.250s\r\n", miscptr); if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t)getpid()); hydra_child_exit(2); } - - do { - if (f != 0) - free(buf2); - else - f = 1; - if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) { - if (failc < retry) { - next_run = 1; - failc++; - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int32_t) getpid(), failc, retry); - sleep(3); - break; - } else { - fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t) getpid()); - hydra_child_exit(0); - } - } - } while (strstr((char *) buf2, "assw") == NULL); - free(buf2); - if (next_run != 0) - break; - failc = 0; - - next_run = start_cisco_enable(sock, ip, port, options, miscptr, fp); - break; } - case 3: /* clean exit */ + + if (buf != NULL) + free(buf); + buf = hydra_receive_line(sock); + if (hydra_strcasestr(buf, "ress ENTER") != NULL) { + hydra_send(sock, "\r\n", 2, 0); + free(buf); + buf = hydra_receive_line(sock); + } + + if (strstr(buf, "assw") != NULL) { + if (quiet != 1) + fprintf(stderr, + "[ERROR] Child with pid %d terminating - can not login, can " + "not login\n", + (int32_t)getpid()); + hydra_child_exit(2); + } + free(buf); + + next_run = 2; + break; + } + case 2: /* run the cracking function */ + { + unsigned char *buf2; + int32_t f = 0; + + sprintf(buffer, "%.250s\r\n", "ena"); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int32_t)getpid()); + hydra_child_exit(2); + } + + do { + if (f != 0) + free(buf2); + else + f = 1; + if ((buf2 = (unsigned char *)hydra_receive_line(sock)) == NULL) { + if (failc < retry) { + next_run = 1; + failc++; + if (quiet != 1) + fprintf(stderr, + "[ERROR] Child with pid %d was disconnected - retrying " + "(%d of %d retries)\n", + (int32_t)getpid(), failc, retry); + sleep(3); + break; + } else { + fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t)getpid()); + hydra_child_exit(0); + } + } + } while (strstr((char *)buf2, "assw") == NULL); + free(buf2); + if (next_run != 0) + break; + failc = 0; + + next_run = start_cisco_enable(sock, ip, port, options, miscptr, fp); + break; + } + case 3: /* clean exit */ sprintf(buffer, "%.250s\r\n", "exit"); if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int32_t)getpid()); hydra_child_exit(0); } if (sock >= 0) @@ -196,13 +208,13 @@ void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *mis } } -int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -210,12 +222,16 @@ int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, c return 0; } -void usage_cisco_enable(const char* service) { - printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" - "Note: if AAA authentication is used, use the -l option for the username\n" +void usage_cisco_enable(const char *service) { + printf("Module cisco-enable is optionally taking the logon password for the " + "cisco device\n" + "Note: if AAA authentication is used, use the -l option for the " + "username\n" "and the optional parameter for the password of the user.\n" "Examples:\n" " hydra -P pass.txt target cisco-enable (direct console access)\n" - " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" - " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); + " hydra -P pass.txt -m cisco target cisco-enable (Logon password " + "cisco)\n" + " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login " + "foo, password bar)\n"); } diff --git a/hydra-cisco.c b/hydra-cisco.c index 32d0e20..72709ac 100644 --- a/hydra-cisco.c +++ b/hydra-cisco.c @@ -7,7 +7,7 @@ extern char *HYDRA_EXIT; char *buf = NULL; -int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass, buffer[300]; @@ -52,7 +52,7 @@ int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, ch if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } - + buf = NULL; do { if (buf != NULL) @@ -95,7 +95,6 @@ int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, ch } } while (buf != NULL && strlen(buf) <= 1); } - } if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "ailur") != NULL)) { @@ -115,7 +114,7 @@ int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; @@ -125,63 +124,68 @@ void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, F while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - unsigned char *buf2 = NULL; - int32_t f = 0; + case 1: /* connect and service init function */ + { + unsigned char *buf2 = NULL; + int32_t f = 0; - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - if (miscptr != NULL && hydra_strcasestr(miscptr, "enter") != NULL) - hydra_send(sock, "\r\n", 2, 0); - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - do { - if (f != 0) { - free(buf2); - buf2 = NULL; - } else - f = 1; - if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) { - if (failc < retry) { - next_run = 1; - failc++; - if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int32_t) getpid(), failc, retry); - sleep(3); - break; - } else { - if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t) getpid()); - hydra_child_exit(0); - } - } - if (buf2 != NULL && hydra_strcasestr((char*)buf2, "ress ENTER") != NULL) - hydra_send(sock, "\r\n", 2, 0); - } while (buf2 != NULL && strstr((char *) buf2, "assw") == NULL); - free(buf2); - if (next_run != 0) - break; - failc = 0; - next_run = 2; - break; + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + if (miscptr != NULL && hydra_strcasestr(miscptr, "enter") != NULL) + hydra_send(sock, "\r\n", 2, 0); + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + do { + if (f != 0) { + free(buf2); + buf2 = NULL; + } else + f = 1; + if ((buf2 = (unsigned char *)hydra_receive_line(sock)) == NULL) { + if (failc < retry) { + next_run = 1; + failc++; + if (quiet != 1) + hydra_report(stderr, + "[ERROR] Child with pid %d was disconnected - " + "retrying (%d of %d retries)\n", + (int32_t)getpid(), failc, retry); + sleep(3); + break; + } else { + if (quiet != 1) + hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t)getpid()); + hydra_child_exit(0); + } + } + if (buf2 != NULL && hydra_strcasestr((char *)buf2, "ress ENTER") != NULL) + hydra_send(sock, "\r\n", 2, 0); + } while (buf2 != NULL && strstr((char *)buf2, "assw") == NULL); + free(buf2); + if (next_run != 0) + break; + failc = 0; + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_cisco(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -199,13 +203,13 @@ void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, F } } -int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -213,6 +217,8 @@ int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *mi return 0; } -void usage_cisco(const char* service) { - printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); +void usage_cisco(const char *service) { + printf("Module cisco is optionally taking the keyword ENTER, it then sends " + "an initial\n" + "ENTER when connecting to the service.\n"); } diff --git a/hydra-cvs.c b/hydra-cvs.c index b745504..5dfb40b 100644 --- a/hydra-cvs.c +++ b/hydra-cvs.c @@ -5,38 +5,32 @@ extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; char *buf; -int32_t start_cvs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_cvs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[1024], pass2[513]; int32_t i; char *directory = miscptr; -/* evil cvs encryption sheme... - 0 111 P 125 p 58 -! 120 1 52 A 57 Q 55 a 121 q 113 -" 53 2 75 B 83 R 54 b 117 r 32 - 3 119 C 43 S 66 c 104 s 90 - 4 49 D 46 T 124 d 101 t 44 -% 109 5 34 E 102 U 126 e 100 u 98 -& 72 6 82 F 40 V 59 f 69 v 60 -' 108 7 81 G 89 W 47 g 73 w 51 -( 70 8 95 H 38 X 92 h 99 x 33 -) 64 9 65 I 103 Y 71 i 63 y 97 -* 76 : 112 J 45 Z 115 j 94 z 62 -+ 67 ; 86 K 50 k 93 -, 116 < 118 L 42 l 39 -- 74 = 110 M 123 m 37 -. 68 > 122 N 91 n 61 -/ 87 ? 105 O 35 _ 56 o 48 -*/ + /* evil cvs encryption sheme... + 0 111 P 125 p 58 + ! 120 1 52 A 57 Q 55 a 121 q 113 + " 53 2 75 B 83 R 54 b 117 r 32 + 3 119 C 43 S 66 c 104 s 90 + 4 49 D 46 T 124 d 101 t 44 + % 109 5 34 E 102 U 126 e 100 u 98 + & 72 6 82 F 40 V 59 f 69 v 60 + ' 108 7 81 G 89 W 47 g 73 w 51 + ( 70 8 95 H 38 X 92 h 99 x 33 + ) 64 9 65 I 103 Y 71 i 63 y 97 + * 76 : 112 J 45 Z 115 j 94 z 62 + + 67 ; 86 K 50 k 93 + , 116 < 118 L 42 l 39 + - 74 = 110 M 123 m 37 + . 68 > 122 N 91 n 61 + / 87 ? 105 O 35 _ 56 o 48 + */ - char key[] = { 0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87, - 111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105, - 0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35, - 125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56, - 0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48, - 58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62 - }; + char key[] = {0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87, 111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105, 0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35, 125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56, 0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48, 58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62}; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -85,7 +79,7 @@ int32_t start_cvs(int32_t s, char *ip, int32_t port, unsigned char options, char return 3; } -void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_CVS, mysslport = PORT_CVS_SSL; @@ -100,11 +94,11 @@ void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL return; switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -118,12 +112,12 @@ void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = start_cvs(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -136,13 +130,13 @@ void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } } -int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -150,6 +144,7 @@ int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *misc return 0; } -void usage_cvs(const char* service) { - printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); +void usage_cvs(const char *service) { + printf("Module cvs is optionally taking the repository name to attack, " + "default is \"/root\"\n\n"); } diff --git a/hydra-firebird.c b/hydra-firebird.c index 1b5228b..4898c46 100644 --- a/hydra-firebird.c +++ b/hydra-firebird.c @@ -1,7 +1,7 @@ /* Firebird Support - by David Maciejak @ GMAIL dot com - + you need to pass full path to the fdb file as argument default account is SYSDBA/masterkey @@ -14,28 +14,26 @@ the msg: "no permission for direct access to security database" #include "hydra-mod.h" #ifndef LIBFIREBIRD -void dummy_firebird() { - printf("\n"); -} +void dummy_firebird() { printf("\n"); } #else -#include #include +#include #define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb" extern char *HYDRA_EXIT; -int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char database[256]; char connection_string[1024]; - isc_db_handle db; /* database handle */ - ISC_STATUS_ARRAY status; /* status vector */ + isc_db_handle db; /* database handle */ + ISC_STATUS_ARRAY status; /* status vector */ - char *dpb = NULL; /* DB parameter buffer */ + char *dpb = NULL; /* DB parameter buffer */ short dpb_length = 0; if (miscptr) @@ -49,8 +47,8 @@ int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; - dpb_length = (short) (1 + strlen(login) + 2 + strlen(pass) + 2); - if ((dpb = (char *) malloc(dpb_length)) == NULL) { + dpb_length = (short)(1 + strlen(login) + 2 + strlen(pass) + 2); + if ((dpb = (char *)malloc(dpb_length)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); return 1; } @@ -86,7 +84,7 @@ int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, return 1; } -void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL; @@ -95,9 +93,8 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr return; while (1) { - switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -112,7 +109,8 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr port = mysslport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -122,7 +120,7 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr case 2: /* - * Here we start the password cracking process + * Here we start the password cracking process */ next_run = start_firebird(sock, ip, port, options, miscptr, fp); @@ -145,13 +143,13 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr #endif -int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -159,6 +157,8 @@ int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char return 0; } -void usage_firebird(const char* service) { - printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); +void usage_firebird(const char *service) { + printf("Module firebird is optionally taking the database path to attack,\n" + "default is \"C:\\Program " + "Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); } diff --git a/hydra-ftp.c b/hydra-ftp.c index 504c0bd..590d671 100644 --- a/hydra-ftp.c +++ b/hydra-ftp.c @@ -3,7 +3,7 @@ extern char *HYDRA_EXIT; char *buf; -int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\""; char *login, *pass, buffer[510]; @@ -20,7 +20,8 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char buf = hydra_receive_line(s); if (buf == NULL) return 1; - /* special hack to identify 530 user unknown msg. suggested by Jean-Baptiste.BEAUFRETON@turbomeca.fr */ + /* special hack to identify 530 user unknown msg. suggested by + * Jean-Baptiste.BEAUFRETON@turbomeca.fr */ if (buf[0] == '5' && buf[1] == '3' && buf[2] == '0') { if (verbose) printf("[INFO] user %s does not exist, skipping\n", login); @@ -74,7 +75,7 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char return 2; } -void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, int32_t tls) { +void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, int32_t tls) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_FTP, mysslport = PORT_FTP_SSL; @@ -83,10 +84,10 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr hydra_child_exit(0); while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -100,12 +101,12 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } usleepn(250); buf = hydra_receive_line(sock); - if (buf == NULL || buf[0] != '2') { /* check the first line */ + if (buf == NULL || buf[0] != '2') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); hydra_child_exit(2); @@ -120,7 +121,7 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr } free(buf); - //this mode is manually chosen, so if it fails we giving up + // this mode is manually chosen, so if it fails we giving up if (tls) { if (hydra_send(sock, "AUTH TLS\r\n", strlen("AUTH TLS\r\n"), 0) < 0) { hydra_child_exit(2); @@ -148,15 +149,15 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_ftp(sock, ip, port, options, miscptr, fp); break; - case 3: /* error exit */ + case 3: /* error exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); break; - case 4: /* clean exit */ + case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -169,21 +170,17 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr } } -void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 0); -} +void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 0); } -void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 1); -} +void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 1); } -int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-gtk/src/callbacks.c b/hydra-gtk/src/callbacks.c index f586208..74c3d5e 100644 --- a/hydra-gtk/src/callbacks.c +++ b/hydra-gtk/src/callbacks.c @@ -1,7 +1,7 @@ /* * This file handles all that needs to be done... - * Some stuff is stolen from gcombust since I never used pipes... ok, i + * Some stuff is stolen from gcombust since I never used pipes... ok, i * only used them in reallife :) */ @@ -15,18 +15,17 @@ #include "interface.h" #include "support.h" -#include -#include +#include #include #include -#include +#include +#include #include #include #include -#include -#include #include +#include int hydra_pid = 0; @@ -37,16 +36,14 @@ char smbparm[128]; char sapr3id[4]; char passLoginNull[4]; - #define BUF_S 1024 -void hydra_select_file(GtkEntry * widget, char *text) { +void hydra_select_file(GtkEntry *widget, char *text) { #ifdef GTK_TYPE_FILE_CHOOSER GtkWidget *dialog; char *filename; - dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_OPEN, - GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); + dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *)wndMain, GTK_FILE_CHOOSER_ACTION_OPEN, GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) { filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog)); @@ -70,7 +67,7 @@ int hydra_get_options(char *options[]) { /* get the port */ widget = lookup_widget(GTK_WIDGET(wndMain), "spnPort"); - j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget); if (j != 0) { snprintf(port, 10, "%d", j); options[i++] = "-s"; @@ -79,107 +76,107 @@ int hydra_get_options(char *options[]) { /* prefer ipv6 */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkIPV6"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-6"; } /* use SSL? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkSSL"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-S"; } /* use old SSL? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkOldSSL"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-O"; } /* be verbose? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkVerbose"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-v"; } /* show attempts */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkAttempts"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-V"; } /* debug mode? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkDebug"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-d"; } /* COMPLETE HELP */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkCompleteHelp"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-h"; } /* Service Module Usage Details */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkServiceDetails"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-U"; } /* use colon separated list? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkColon"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-C"; widget = lookup_widget(GTK_WIDGET(wndMain), "entColonFile"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else { /* disable usernames */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkDisUser"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { } else { /* get the username, or username list */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-l"; widget = lookup_widget(GTK_WIDGET(wndMain), "entUsername"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else { options[i++] = "-L"; widget = lookup_widget(GTK_WIDGET(wndMain), "entUsernameFile"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } } /* get the pass, pass list, or generate */ /* The "generate" button was implemented by Petar Kaleychev */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass1"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-p"; widget = lookup_widget(GTK_WIDGET(wndMain), "entPass"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass2"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-P"; widget = lookup_widget(GTK_WIDGET(wndMain), "entPassFile"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } widget = lookup_widget(GTK_WIDGET(wndMain), "radioGenerate"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-x"; widget = lookup_widget(GTK_WIDGET(wndMain), "entGeneration"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } } /* empty passes / login as pass / reversed login? */ memset(passLoginNull, 0, 4); widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassNull"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { passLoginNull[0] = 'n'; } widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassLogin"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { if (passLoginNull[0] == 0) { passLoginNull[0] = 's'; } else { @@ -188,7 +185,7 @@ int hydra_get_options(char *options[]) { } /* The "Try reversed login" button was implemented by Petar Kaleychev */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassReverse"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { if (passLoginNull[0] == 0) { passLoginNull[0] = 'r'; } else if (passLoginNull[1] == 0) { @@ -204,7 +201,7 @@ int hydra_get_options(char *options[]) { /* #of tasks */ widget = lookup_widget(GTK_WIDGET(wndMain), "spnTasks"); - j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget); if (j != 40) { snprintf(tasks, 10, "%d", j); options[i++] = "-t"; @@ -213,7 +210,7 @@ int hydra_get_options(char *options[]) { /* timeout */ widget = lookup_widget(GTK_WIDGET(wndMain), "spnTimeout"); - j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget); if (j != 30) { snprintf(timeout, 10, "%d", j); options[i++] = "-w"; @@ -222,56 +219,56 @@ int hydra_get_options(char *options[]) { /* loop around users? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkUsernameLoop"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-u"; } /* exit after first found pair? */ /* per host */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkExitf"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-f"; } /* global */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkExitF"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-F"; } /* Do not print messages about connection errors */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkNoErr"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-q"; } /* get additional parameters */ widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol"); - tmp = (char *) gtk_entry_get_text((GtkEntry *) widget); + tmp = (char *)gtk_entry_get_text((GtkEntry *)widget); if (!strncmp(tmp, "http-proxy", 10)) { widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxyURL"); options[i++] = "-m"; - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strncmp(tmp, "http-", 5) || !strncmp(tmp, "https-", 6)) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPURL"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "cisco-enable")) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entCiscoPass"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "ldap3-crammd5")) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "ldap3-digestmd5")) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "smb")) { memset(smbparm, 0, sizeof(smbparm)); @@ -282,12 +279,12 @@ int hydra_get_options(char *options[]) { strncpy(smbparm, "Both", sizeof(smbparm)); smbparm[strlen("Both")] = '\0'; - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { strncpy(smbparm, "Domain", sizeof(smbparm)); smbparm[strlen("Domain")] = '\0'; } - if (gtk_toggle_button_get_active((GtkToggleButton *) widget2)) { - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget2)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { strncpy(smbparm, "Both", sizeof(smbparm)); smbparm[strlen("Both")] = '\0'; } else { @@ -296,7 +293,7 @@ int hydra_get_options(char *options[]) { } } widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { strcat(smbparm, "Hash"); } options[i++] = smbparm; @@ -307,18 +304,14 @@ int hydra_get_options(char *options[]) { options[i++] = smbparm; widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM"); - int pth = gtk_toggle_button_get_active((GtkToggleButton *) widget); + int pth = gtk_toggle_button_get_active((GtkToggleButton *)widget); widget = lookup_widget(GTK_WIDGET(wndMain), "entSMB2Workgroup"); - snprintf(smbparm, - sizeof(smbparm)-1, - "nthash:%s workgroup:{%s}", - pth ? "true" : "false", - (char *) gtk_entry_get_text((GtkEntry *) widget)); + snprintf(smbparm, sizeof(smbparm) - 1, "nthash:%s workgroup:{%s}", pth ? "true" : "false", (char *)gtk_entry_get_text((GtkEntry *)widget)); } else if (!strcmp(tmp, "sapr3")) { widget = lookup_widget(GTK_WIDGET(wndMain), "spnSAPR3"); - j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget); snprintf(sapr3id, sizeof(sapr3id), "%d", j); options[i++] = "-m"; options[i++] = sapr3id; @@ -326,18 +319,18 @@ int hydra_get_options(char *options[]) { } else if (!strcmp(tmp, "cvs") || !strcmp(tmp, "svn")) { widget = lookup_widget(GTK_WIDGET(wndMain), "entCVS"); options[i++] = "-m"; - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "snmp")) { widget = lookup_widget(GTK_WIDGET(wndMain), "entSNMP"); options[i++] = "-m"; - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "telnet")) { widget = lookup_widget(GTK_WIDGET(wndMain), "entTelnet"); - if ((char *) gtk_entry_get_text((GtkEntry *) widget) != NULL) { + if ((char *)gtk_entry_get_text((GtkEntry *)widget) != NULL) { options[i++] = "-m"; - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } } @@ -349,45 +342,44 @@ int hydra_get_options(char *options[]) { /* proxy support */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy"); - if (!gtk_toggle_button_get_active((GtkToggleButton *) widget)) { - + if (!gtk_toggle_button_get_active((GtkToggleButton *)widget)) { widget2 = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxy"); widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy2"); /* which variable do we set? */ - if ((!strncmp(tmp, "http-", 5)) && (gtk_toggle_button_get_active((GtkToggleButton *) widget))) { - setenv("HYDRA_PROXY_HTTP", gtk_entry_get_text((GtkEntry *) widget2), 1); + if ((!strncmp(tmp, "http-", 5)) && (gtk_toggle_button_get_active((GtkToggleButton *)widget))) { + setenv("HYDRA_PROXY_HTTP", gtk_entry_get_text((GtkEntry *)widget2), 1); } else { - setenv("HYDRA_PROXY_CONNECT", (char *) gtk_entry_get_text((GtkEntry *) widget2), 1); + setenv("HYDRA_PROXY_CONNECT", (char *)gtk_entry_get_text((GtkEntry *)widget2), 1); } /* do we need to provide user and pass? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkProxyAuth"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { widget = lookup_widget(GTK_WIDGET(wndMain), "entProxyUser"); widget2 = lookup_widget(GTK_WIDGET(wndMain), "entProxyPass"); - a = g_string_new((gchar *) gtk_entry_get_text((GtkEntry *) widget)); + a = g_string_new((gchar *)gtk_entry_get_text((GtkEntry *)widget)); a = g_string_append_c(a, ':'); - a = g_string_append(a, gtk_entry_get_text((GtkEntry *) widget2)); + a = g_string_append(a, gtk_entry_get_text((GtkEntry *)widget2)); setenv("HYDRA_PROXY_AUTH", a->str, 1); - (void) g_string_free(a, TRUE); + (void)g_string_free(a, TRUE); } } /* get the target, or target list */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioTarget1"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { widget = lookup_widget(GTK_WIDGET(wndMain), "entTarget"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else { options[i++] = "-M"; widget = lookup_widget(GTK_WIDGET(wndMain), "entTargetFile"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } /* get the service */ widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); options[i] = NULL; return i; @@ -404,12 +396,11 @@ int update_statusbar() { i = hydra_get_options(options); for (j = 1; j < i; j++) { - statustext = g_string_append(statustext, options[j]); statustext = g_string_append_c(statustext, ' '); } - statusbar = (GtkStatusbar *) lookup_widget(GTK_WIDGET(wndMain), "statusbar"); + statusbar = (GtkStatusbar *)lookup_widget(GTK_WIDGET(wndMain), "statusbar"); context_id = gtk_statusbar_get_context_id(statusbar, "status"); /* an old message in stack? */ @@ -417,9 +408,9 @@ int update_statusbar() { gtk_statusbar_remove(statusbar, context_id, message_id); } - message_id = gtk_statusbar_push(statusbar, context_id, (gchar *) statustext->str); + message_id = gtk_statusbar_push(statusbar, context_id, (gchar *)statustext->str); - (void) g_string_free(statustext, TRUE); + (void)g_string_free(statustext, TRUE); return TRUE; } @@ -443,11 +434,10 @@ int read_into(int fd) { } output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); - outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + outputbuf = gtk_text_view_get_buffer((GtkTextView *)output); gtk_text_buffer_get_iter_at_offset(outputbuf, &outputiter, -1); - if ((passline = strstr(in_buf, "password: ")) == NULL) { gtk_text_buffer_insert(outputbuf, &outputiter, in_buf, result); } else { @@ -465,15 +455,13 @@ int read_into(int fd) { if (end - in_buf - result > 0) { gtk_text_buffer_insert(outputbuf, &outputiter, end + 1, -1); } - } - if (strstr(in_buf, " finished at ") != NULL) { gtk_text_buffer_insert_with_tags_by_name(outputbuf, &outputiter, "\n\n", -1, "bold", NULL); } - if (result == BUF_S - 1) /* there might be more available, recurse baby! */ + if (result == BUF_S - 1) /* there might be more available, recurse baby! */ return read_into(fd); else return TRUE; @@ -530,7 +518,6 @@ static int wait_hydra_output(gpointer data) { return TRUE; } - /* assumes a successfull pipe() won't set the fd's to -1 */ static void close_pipe(int *pipe) { if (-1 != pipe[0]) { @@ -550,8 +537,7 @@ static void close_pipe(int *pipe) { */ int *popen_re_unbuffered(char *command) { - static int p_r[2] = { -1, -1 }, p_e[2] = { - -1, -1}; + static int p_r[2] = {-1, -1}, p_e[2] = {-1, -1}; static int *pfd = NULL; char *options[128]; @@ -576,7 +562,7 @@ int *popen_re_unbuffered(char *command) { if ((hydra_pid = fork()) < 0) { g_warning("popen_rw_unbuffered: Error forking!"); return NULL; - } else if (hydra_pid == 0) { /* child */ + } else if (hydra_pid == 0) { /* child */ int k; if (setpgid(getpid(), getpid()) < 0) @@ -597,7 +583,7 @@ int *popen_re_unbuffered(char *command) { if (close(p_e[1]) < 0) g_warning("popen_rw_unbuffered: close(p_e[1]) failed"); - (void) hydra_get_options(options); + (void)hydra_get_options(options); execv(HYDRA_BIN, options); @@ -607,7 +593,7 @@ int *popen_re_unbuffered(char *command) { g_warning("%s", options[k]); } gtk_main_quit(); - } else { /* parent */ + } else { /* parent */ if (close(p_r[1]) < 0) g_warning("popen_rw_unbuffered: close(p_r[1]) (parent) failed"); if (close(p_e[1]) < 0) @@ -620,32 +606,25 @@ int *popen_re_unbuffered(char *command) { return pfd; } -void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data) { - gtk_main_quit(); -} +void on_quit1_activate(GtkMenuItem *menuitem, gpointer user_data) { gtk_main_quit(); } +void on_about1_activate(GtkMenuItem *menuitem, gpointer user_data) {} -void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data) { - -} - -void on_btnStart_clicked(GtkButton * button, gpointer user_data) { +void on_btnStart_clicked(GtkButton *button, gpointer user_data) { int *fd = NULL; fd = popen_re_unbuffered(NULL); g_timeout_add(200, wait_hydra_output, fd); - } -void on_btnStop_clicked(GtkButton * button, gpointer user_data) { +void on_btnStop_clicked(GtkButton *button, gpointer user_data) { if (hydra_pid != 0) { kill(hydra_pid, SIGTERM); hydra_pid = 0; } } - -void on_wndMain_destroy(GtkObject * object, gpointer user_data) { +void on_wndMain_destroy(GtkObject *object, gpointer user_data) { if (hydra_pid != 0) { kill(hydra_pid, SIGTERM); hydra_pid = 0; @@ -653,35 +632,31 @@ void on_wndMain_destroy(GtkObject * object, gpointer user_data) { gtk_main_quit(); } - - -gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { - hydra_select_file((GtkEntry *) widget, "Select target list"); +gboolean on_entTargetFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) { + hydra_select_file((GtkEntry *)widget, "Select target list"); gtk_widget_grab_focus(widget); return TRUE; } - -gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { - hydra_select_file((GtkEntry *) widget, "Select username list"); +gboolean on_entUsernameFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) { + hydra_select_file((GtkEntry *)widget, "Select username list"); gtk_widget_grab_focus(widget); return TRUE; } - -gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { - hydra_select_file((GtkEntry *) widget, "Select password list"); +gboolean on_entPassFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) { + hydra_select_file((GtkEntry *)widget, "Select password list"); gtk_widget_grab_focus(widget); return TRUE; } -gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { - hydra_select_file((GtkEntry *) widget, "Select colon separated user,password list"); +gboolean on_entColonFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) { + hydra_select_file((GtkEntry *)widget, "Select colon separated user,password list"); gtk_widget_grab_focus(widget); return TRUE; } -void on_btnSave_clicked(GtkButton * button, gpointer user_data) { +void on_btnSave_clicked(GtkButton *button, gpointer user_data) { #ifdef GTK_TYPE_FILE_CHOOSER GtkWidget *dialog; char *filename; @@ -692,13 +667,12 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) { GtkTextIter start; GtkTextIter end; - dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_SAVE, - GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); + dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *)wndMain, GTK_FILE_CHOOSER_ACTION_SAVE, GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) { filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog)); output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); - outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + outputbuf = gtk_text_view_get_buffer((GtkTextView *)output); gtk_text_buffer_get_start_iter(outputbuf, &start); gtk_text_buffer_get_end_iter(outputbuf, &end); @@ -716,10 +690,11 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) { #endif } -void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) { +void on_chkColon_toggled(GtkToggleButton *togglebutton, gpointer user_data) { GtkWidget *user, *pass; - user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername");; + user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername"); + ; pass = lookup_widget(GTK_WIDGET(wndMain), "frmPass"); if (gtk_toggle_button_get_active(togglebutton)) { @@ -731,10 +706,11 @@ void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) { } } -void on_chkDisUser_toggled(GtkToggleButton * togglebutton, gpointer user_data) { +void on_chkDisUser_toggled(GtkToggleButton *togglebutton, gpointer user_data) { GtkWidget *radioUsername1, *radioUsername2, *entUsername, *entUsernameFile; - radioUsername1 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1");; + radioUsername1 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1"); + ; radioUsername2 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername2"); entUsername = lookup_widget(GTK_WIDGET(wndMain), "entUsername"); entUsernameFile = lookup_widget(GTK_WIDGET(wndMain), "entUsernameFile"); @@ -752,11 +728,11 @@ void on_chkDisUser_toggled(GtkToggleButton * togglebutton, gpointer user_data) { } } -void on_btnClear_clicked(GtkButton * button, gpointer user_data) { +void on_btnClear_clicked(GtkButton *button, gpointer user_data) { GtkWidget *output; GtkTextBuffer *outputbuf; output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); - outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + outputbuf = gtk_text_view_get_buffer((GtkTextView *)output); gtk_text_buffer_set_text(outputbuf, "", -1); } diff --git a/hydra-gtk/src/callbacks.h b/hydra-gtk/src/callbacks.h index dd213fa..3b92c42 100644 --- a/hydra-gtk/src/callbacks.h +++ b/hydra-gtk/src/callbacks.h @@ -2,28 +2,28 @@ int update_statusbar(); -void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data); +void on_quit1_activate(GtkMenuItem *menuitem, gpointer user_data); -void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data); +void on_about1_activate(GtkMenuItem *menuitem, gpointer user_data); -void on_btnStart_clicked(GtkButton * button, gpointer user_data); +void on_btnStart_clicked(GtkButton *button, gpointer user_data); -void on_wndMain_destroy(GtkObject * object, gpointer user_data); +void on_wndMain_destroy(GtkObject *object, gpointer user_data); -void on_btnStop_clicked(GtkButton * button, gpointer user_data); +void on_btnStop_clicked(GtkButton *button, gpointer user_data); -gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); +gboolean on_entTargetFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data); -gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); +gboolean on_entUsernameFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data); -gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); +gboolean on_entPassFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data); -void on_btnSave_clicked(GtkButton * button, gpointer user_data); +void on_btnSave_clicked(GtkButton *button, gpointer user_data); -gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); +gboolean on_entColonFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data); -void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data); +void on_chkColon_toggled(GtkToggleButton *togglebutton, gpointer user_data); -void on_btnClear_clicked(GtkButton * button, gpointer user_data); +void on_btnClear_clicked(GtkButton *button, gpointer user_data); -void on_chkDisUser_toggled(GtkToggleButton * togglebutton, gpointer user_data); +void on_chkDisUser_toggled(GtkToggleButton *togglebutton, gpointer user_data); diff --git a/hydra-gtk/src/interface.c b/hydra-gtk/src/interface.c index 7c002dc..e6262e1 100644 --- a/hydra-gtk/src/interface.c +++ b/hydra-gtk/src/interface.c @@ -7,13 +7,13 @@ #include #endif -#include #include +#include #ifdef HAVE_UNISTD_H #include #endif -#include #include +#include #include #include @@ -22,12 +22,9 @@ #include "interface.h" #include "support.h" -#define GLADE_HOOKUP_OBJECT(component,widget,name) \ - g_object_set_data_full (G_OBJECT (component), name, \ - gtk_widget_ref (widget), (GDestroyNotify) gtk_widget_unref) +#define GLADE_HOOKUP_OBJECT(component, widget, name) g_object_set_data_full(G_OBJECT(component), name, gtk_widget_ref(widget), (GDestroyNotify)gtk_widget_unref) -#define GLADE_HOOKUP_OBJECT_NO_REF(component,widget,name) \ - g_object_set_data (G_OBJECT (component), name, widget) +#define GLADE_HOOKUP_OBJECT_NO_REF(component, widget, name) g_object_set_data(G_OBJECT(component), name, widget) GtkWidget *create_wndMain(void) { GtkWidget *wndMain; @@ -224,7 +221,7 @@ GtkWidget *create_wndMain(void) { g_object_set_data(G_OBJECT(GTK_COMBO(cmbProtocol)->popwin), "GladeParentKey", cmbProtocol); gtk_widget_set_name(cmbProtocol, "cmbProtocol"); gtk_widget_show(cmbProtocol); - gtk_table_attach(GTK_TABLE(table8), cmbProtocol, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), cmbProtocol, 1, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "adam6500"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "afp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "asterisk"); @@ -299,53 +296,52 @@ GtkWidget *create_wndMain(void) { label7 = gtk_label_new("Protocol"); gtk_widget_set_name(label7, "label7"); gtk_widget_show(label7); - gtk_table_attach(GTK_TABLE(table8), label7, 0, 1, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), label7, 0, 1, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label7), 0, 0.5); spnPort_adj = gtk_adjustment_new(0, 0, 65535, 1, 10, 0); spnPort = gtk_spin_button_new(GTK_ADJUSTMENT(spnPort_adj), 1, 0); gtk_widget_set_name(spnPort, "spnPort"); gtk_widget_show(spnPort); - gtk_table_attach(GTK_TABLE(table8), spnPort, 1, 2, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), spnPort, 1, 2, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, spnPort, "select the port on which the daemon you want to brute force runs, 0 means default", NULL); label6 = gtk_label_new("Port"); gtk_widget_set_name(label6, "label6"); gtk_widget_show(label6); - gtk_table_attach(GTK_TABLE(table8), label6, 0, 1, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), label6, 0, 1, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label6), 0, 0.5); - chkIPV6 = gtk_check_button_new_with_mnemonic("Prefer IPV6"); gtk_widget_set_name(chkIPV6, "chkIPV6"); gtk_widget_show(chkIPV6); - gtk_table_attach(GTK_TABLE(table8), chkIPV6, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), chkIPV6, 0, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkIPV6, "Enable to use IPV6", NULL); radioTarget2 = gtk_radio_button_new_with_mnemonic(NULL, "Target List"); gtk_widget_set_name(radioTarget2, "radioTarget2"); gtk_widget_show(radioTarget2); - gtk_table_attach(GTK_TABLE(table8), radioTarget2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), radioTarget2, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioTarget2), radioTarget2_group); radioTarget2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioTarget2)); entTargetFile = gtk_entry_new(); gtk_widget_set_name(entTargetFile, "entTargetFile"); gtk_widget_show(entTargetFile); - gtk_table_attach(GTK_TABLE(table8), entTargetFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), entTargetFile, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entTargetFile, "A file which contains the targets to attack. One entry per line. IP\naddresses and/or DNS names.", NULL); entTarget = gtk_entry_new(); gtk_widget_set_name(entTarget, "entTarget"); gtk_widget_show(entTarget); - gtk_table_attach(GTK_TABLE(table8), entTarget, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), entTarget, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entTarget, "The target to attack - DNS name or IP address", NULL); gtk_entry_set_text(GTK_ENTRY(entTarget), "127.0.0.1"); radioTarget1 = gtk_radio_button_new_with_mnemonic(NULL, "Single Target"); gtk_widget_set_name(radioTarget1, "radioTarget1"); gtk_widget_show(radioTarget1); - gtk_table_attach(GTK_TABLE(table8), radioTarget1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), radioTarget1, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioTarget1), radioTarget2_group); radioTarget2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioTarget1)); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioTarget1), TRUE); @@ -368,50 +364,44 @@ GtkWidget *create_wndMain(void) { chkVerbose = gtk_check_button_new_with_mnemonic("Be Verbose"); gtk_widget_set_name(chkVerbose, "chkVerbose"); gtk_widget_show(chkVerbose); - gtk_table_attach(GTK_TABLE(table9), chkVerbose, 2, 3, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table9), chkVerbose, 2, 3, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkVerbose, "be verbose", NULL); chkDebug = gtk_check_button_new_with_mnemonic("Debug"); gtk_widget_set_name(chkDebug, "chkDebug"); gtk_widget_show(chkDebug); - gtk_table_attach(GTK_TABLE(table9), chkDebug, 2, 3, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table9), chkDebug, 2, 3, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkDebug, "Enable debug mode", NULL); chkAttempts = gtk_check_button_new_with_mnemonic("Show Attempts"); gtk_widget_set_name(chkAttempts, "chkAttempts"); gtk_widget_show(chkAttempts); - gtk_table_attach(GTK_TABLE(table9), chkAttempts, 0, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table9), chkAttempts, 0, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkAttempts, "Show attempts", NULL); chkSSL = gtk_check_button_new_with_mnemonic("Use SSL"); gtk_widget_set_name(chkSSL, "chkSSL"); gtk_widget_show(chkSSL); - gtk_table_attach(GTK_TABLE(table9), chkSSL, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table9), chkSSL, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkSSL, "Enable to use SSL (the target must have SSL enabled!)", NULL); - chkServiceDetails = gtk_check_button_new_with_mnemonic ("Service Module Usage Details"); - gtk_widget_set_name (chkServiceDetails, "chkServiceDetails"); - gtk_widget_show (chkServiceDetails); - gtk_table_attach (GTK_TABLE (table9), chkServiceDetails, 2, 3, 2, 3, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkServiceDetails, "Service Module Usage Details", NULL); + chkServiceDetails = gtk_check_button_new_with_mnemonic("Service Module Usage Details"); + gtk_widget_set_name(chkServiceDetails, "chkServiceDetails"); + gtk_widget_show(chkServiceDetails); + gtk_table_attach(GTK_TABLE(table9), chkServiceDetails, 2, 3, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkServiceDetails, "Service Module Usage Details", NULL); - chkCompleteHelp = gtk_check_button_new_with_mnemonic ("COMPLETE HELP"); - gtk_widget_set_name (chkCompleteHelp, "chkCompleteHelp"); - gtk_widget_show (chkCompleteHelp); - gtk_table_attach (GTK_TABLE (table9), chkCompleteHelp, 0, 2, 2, 3, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkCompleteHelp, "Complete Help", NULL); + chkCompleteHelp = gtk_check_button_new_with_mnemonic("COMPLETE HELP"); + gtk_widget_set_name(chkCompleteHelp, "chkCompleteHelp"); + gtk_widget_show(chkCompleteHelp); + gtk_table_attach(GTK_TABLE(table9), chkCompleteHelp, 0, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkCompleteHelp, "Complete Help", NULL); - chkOldSSL = gtk_check_button_new_with_mnemonic ("Use old SSL"); - gtk_widget_set_name (chkOldSSL, "chkOldSSL"); - gtk_widget_show (chkOldSSL); - gtk_table_attach (GTK_TABLE (table9), chkOldSSL, 1, 2, 0, 1, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkOldSSL, "Enable to use old SSL (the target must have SSL enabled!)", NULL); + chkOldSSL = gtk_check_button_new_with_mnemonic("Use old SSL"); + gtk_widget_set_name(chkOldSSL, "chkOldSSL"); + gtk_widget_show(chkOldSSL); + gtk_table_attach(GTK_TABLE(table9), chkOldSSL, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkOldSSL, "Enable to use old SSL (the target must have SSL enabled!)", NULL); label29 = gtk_label_new("Output Options"); gtk_widget_set_name(label29, "label29"); @@ -441,20 +431,20 @@ GtkWidget *create_wndMain(void) { entUsernameFile = gtk_entry_new(); gtk_widget_set_name(entUsernameFile, "entUsernameFile"); gtk_widget_show(entUsernameFile); - gtk_table_attach(GTK_TABLE(table2), entUsernameFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table2), entUsernameFile, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entUsernameFile, "File with user logins, one entry per line", NULL); entUsername = gtk_entry_new(); gtk_widget_set_name(entUsername, "entUsername"); gtk_widget_show(entUsername); - gtk_table_attach(GTK_TABLE(table2), entUsername, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table2), entUsername, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entUsername, "The login to use", NULL); gtk_entry_set_text(GTK_ENTRY(entUsername), "yourname"); radioUsername1 = gtk_radio_button_new_with_mnemonic(NULL, "Username"); gtk_widget_set_name(radioUsername1, "radioUsername1"); gtk_widget_show(radioUsername1); - gtk_table_attach(GTK_TABLE(table2), radioUsername1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table2), radioUsername1, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioUsername1), radioUsername1_group); radioUsername1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioUsername1)); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioUsername1), TRUE); @@ -462,20 +452,20 @@ GtkWidget *create_wndMain(void) { radioUsername2 = gtk_radio_button_new_with_mnemonic(NULL, "Username List"); gtk_widget_set_name(radioUsername2, "radioUsername2"); gtk_widget_show(radioUsername2); - gtk_table_attach(GTK_TABLE(table2), radioUsername2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table2), radioUsername2, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioUsername2), radioUsername1_group); radioUsername1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioUsername2)); chkUsernameLoop = gtk_check_button_new_with_mnemonic("Loop around users"); gtk_widget_set_name(chkUsernameLoop, "chkUsernameLoop"); gtk_widget_show(chkUsernameLoop); - gtk_table_attach(GTK_TABLE(table2), chkUsernameLoop, 0, 1, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table2), chkUsernameLoop, 0, 1, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkUsernameLoop, "Enable this option to loop around users not passwords", NULL); chkDisUser = gtk_check_button_new_with_mnemonic("Protocol does not require usernames"); gtk_widget_set_name(chkDisUser, "chkDisUser"); gtk_widget_show(chkDisUser); - gtk_table_attach(GTK_TABLE (table2), chkDisUser, 1, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table2), chkDisUser, 1, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkDisUser, "Protocols like Cisco, Cisco enable, redis, Oracle listener, SNMP, S7-300, VNC etc. are not using usernames", NULL); label8 = gtk_label_new("Username"); @@ -488,7 +478,7 @@ GtkWidget *create_wndMain(void) { gtk_widget_show(frmPass); gtk_box_pack_start(GTK_BOX(vbox2), frmPass, TRUE, TRUE, 0); - table3 = gtk_table_new (3, 2, FALSE); + table3 = gtk_table_new(3, 2, FALSE); gtk_widget_set_name(table3, "table3"); gtk_widget_show(table3); gtk_container_add(GTK_CONTAINER(frmPass), table3); @@ -496,20 +486,20 @@ GtkWidget *create_wndMain(void) { entPassFile = gtk_entry_new(); gtk_widget_set_name(entPassFile, "entPassFile"); gtk_widget_show(entPassFile); - gtk_table_attach(GTK_TABLE(table3), entPassFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table3), entPassFile, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entPassFile, "File with passwords to try, one entry per line", NULL); entPass = gtk_entry_new(); gtk_widget_set_name(entPass, "entPass"); gtk_widget_show(entPass); - gtk_table_attach(GTK_TABLE(table3), entPass, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table3), entPass, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entPass, "The password to try", NULL); gtk_entry_set_text(GTK_ENTRY(entPass), "yourpass"); radioPass1 = gtk_radio_button_new_with_mnemonic(NULL, "Password"); gtk_widget_set_name(radioPass1, "radioPass1"); gtk_widget_show(radioPass1); - gtk_table_attach(GTK_TABLE(table3), radioPass1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table3), radioPass1, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass1), radioPass1_group); radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass1)); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioPass1), TRUE); @@ -517,26 +507,22 @@ GtkWidget *create_wndMain(void) { radioPass2 = gtk_radio_button_new_with_mnemonic(NULL, "Password List"); gtk_widget_set_name(radioPass2, "radioPass2"); gtk_widget_show(radioPass2); - gtk_table_attach(GTK_TABLE(table3), radioPass2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table3), radioPass2, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass2), radioPass1_group); radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass2)); - radioGenerate = gtk_radio_button_new_with_mnemonic (NULL, "Generate"); - gtk_widget_set_name (radioGenerate, "radioGenerate"); - gtk_widget_show (radioGenerate); - gtk_table_attach (GTK_TABLE (table3), radioGenerate, 0, 1, 2, 3, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); - gtk_radio_button_set_group (GTK_RADIO_BUTTON (radioGenerate), radioPass1_group); - radioPass1_group = gtk_radio_button_get_group (GTK_RADIO_BUTTON (radioGenerate)); + radioGenerate = gtk_radio_button_new_with_mnemonic(NULL, "Generate"); + gtk_widget_set_name(radioGenerate, "radioGenerate"); + gtk_widget_show(radioGenerate); + gtk_table_attach(GTK_TABLE(table3), radioGenerate, 0, 1, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioGenerate), radioPass1_group); + radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioGenerate)); - entGeneration = gtk_entry_new (); - gtk_widget_set_name (entGeneration, "entGeneration"); - gtk_widget_show (entGeneration); - gtk_table_attach (GTK_TABLE (table3), entGeneration, 1, 2, 2, 3, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); - gtk_tooltips_set_tip (tooltips, entGeneration, "Generate passwords", NULL); - gtk_entry_set_text (GTK_ENTRY (entGeneration), "1:1:a"); + entGeneration = gtk_entry_new(); + gtk_widget_set_name(entGeneration, "entGeneration"); + gtk_widget_show(entGeneration); + gtk_table_attach(GTK_TABLE(table3), entGeneration, 1, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_tooltips_set_tip(tooltips, entGeneration, "Generate passwords", NULL); + gtk_entry_set_text(GTK_ENTRY(entGeneration), "1:1:a"); labelpass = gtk_label_new("Password"); gtk_widget_set_name(labelpass, "labelpass"); @@ -556,13 +542,13 @@ GtkWidget *create_wndMain(void) { chkColon = gtk_check_button_new_with_mnemonic("Use Colon separated file"); gtk_widget_set_name(chkColon, "chkColon"); gtk_widget_show(chkColon); - gtk_table_attach(GTK_TABLE(table5), chkColon, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table5), chkColon, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkColon, "Enable this option to use a colon file for login/password attempts", NULL); entColonFile = gtk_entry_new(); gtk_widget_set_name(entColonFile, "entColonFile"); gtk_widget_show(entColonFile); - gtk_table_attach(GTK_TABLE(table5), entColonFile, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table5), entColonFile, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entColonFile, "The colon file to use, each line has to be structured like \"mylogin:mypass\"", NULL); label20 = gtk_label_new("Colon separated file"); @@ -578,21 +564,21 @@ GtkWidget *create_wndMain(void) { chkPassLogin = gtk_check_button_new_with_mnemonic("Try login as password"); gtk_widget_set_name(chkPassLogin, "chkPassLogin"); gtk_widget_show(chkPassLogin); - gtk_table_attach(GTK_TABLE(table6), chkPassLogin, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table6), chkPassLogin, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkPassLogin, "Enable this option to try the login as password, in addition to the password/file", NULL); chkPassNull = gtk_check_button_new_with_mnemonic("Try empty password"); gtk_widget_set_name(chkPassNull, "chkPassNull"); gtk_widget_show(chkPassNull); - gtk_table_attach(GTK_TABLE(table6), chkPassNull, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table6), chkPassNull, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkPassNull, "Enable this option to try an empty password, in addition to the password/file", NULL); - chkPassReverse = gtk_check_button_new_with_mnemonic ("Try reversed login"); - gtk_widget_set_name (chkPassReverse, "chkPassReverse"); - gtk_widget_show (chkPassReverse); - gtk_table_attach (GTK_TABLE (table6), chkPassReverse, 2, 3, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkPassReverse, "Enable this option to try an reverse password, in addition to the password/file", NULL); - + chkPassReverse = gtk_check_button_new_with_mnemonic("Try reversed login"); + gtk_widget_set_name(chkPassReverse, "chkPassReverse"); + gtk_widget_show(chkPassReverse); + gtk_table_attach(GTK_TABLE(table6), chkPassReverse, 2, 3, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkPassReverse, "Enable this option to try an reverse password, in addition to the password/file", NULL); + label2 = gtk_label_new("Passwords"); gtk_widget_set_name(label2, "label2"); gtk_widget_show(label2); @@ -606,7 +592,7 @@ GtkWidget *create_wndMain(void) { frame9 = gtk_frame_new(NULL); gtk_widget_set_name(frame9, "frame9"); gtk_widget_show(frame9); - gtk_table_attach(GTK_TABLE(table4), frame9, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), 0, 0); + gtk_table_attach(GTK_TABLE(table4), frame9, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK | GTK_FILL), 0, 0); table7 = gtk_table_new(5, 2, FALSE); gtk_widget_set_name(table7, "table7"); @@ -616,58 +602,58 @@ GtkWidget *create_wndMain(void) { label22 = gtk_label_new("Proxy "); gtk_widget_set_name(label22, "label22"); gtk_widget_show(label22); - gtk_table_attach(GTK_TABLE(table7), label22, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), label22, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label22), 0, 0.5); entHTTPProxy = gtk_entry_new(); gtk_widget_set_name(entHTTPProxy, "entHTTPProxy"); gtk_widget_show(entHTTPProxy); - gtk_table_attach(GTK_TABLE(table7), entHTTPProxy, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), entHTTPProxy, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entHTTPProxy, "The address of the proxy. Syntax: \"http://123.45.67.89:8080\"", NULL); gtk_entry_set_text(GTK_ENTRY(entHTTPProxy), "http://127.0.0.1:8080"); chkProxyAuth = gtk_check_button_new_with_mnemonic("Proxy needs authentication"); gtk_widget_set_name(chkProxyAuth, "chkProxyAuth"); gtk_widget_show(chkProxyAuth); - gtk_table_attach(GTK_TABLE(table7), chkProxyAuth, 0, 1, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), chkProxyAuth, 0, 1, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkProxyAuth, "Enable this if the proxy requires authenticatio", NULL); label23 = gtk_label_new("Username"); gtk_widget_set_name(label23, "label23"); gtk_widget_show(label23); - gtk_table_attach(GTK_TABLE(table7), label23, 0, 1, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), label23, 0, 1, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label23), 0, 0.5); entProxyUser = gtk_entry_new(); gtk_widget_set_name(entProxyUser, "entProxyUser"); gtk_widget_show(entProxyUser); - gtk_table_attach(GTK_TABLE(table7), entProxyUser, 1, 2, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), entProxyUser, 1, 2, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entProxyUser, "The user name for proxy authentication", NULL); gtk_entry_set_text(GTK_ENTRY(entProxyUser), "yourname"); label24 = gtk_label_new("Password"); gtk_widget_set_name(label24, "label24"); gtk_widget_show(label24); - gtk_table_attach(GTK_TABLE(table7), label24, 0, 1, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), label24, 0, 1, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label24), 0, 0.5); entProxyPass = gtk_entry_new(); gtk_widget_set_name(entProxyPass, "entProxyPass"); gtk_widget_show(entProxyPass); - gtk_table_attach(GTK_TABLE(table7), entProxyPass, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), entProxyPass, 1, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entProxyPass, "The password for proxy authentication", NULL); gtk_entry_set_text(GTK_ENTRY(entProxyPass), "yourpass"); label26 = gtk_label_new(""); gtk_widget_set_name(label26, "label26"); gtk_widget_show(label26); - gtk_table_attach(GTK_TABLE(table7), label26, 1, 2, 2, 3, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (0), 0, 0); + gtk_table_attach(GTK_TABLE(table7), label26, 1, 2, 2, 3, (GtkAttachOptions)(GTK_FILL), (GtkAttachOptions)(0), 0, 0); gtk_misc_set_alignment(GTK_MISC(label26), 0, 0.5); hbox3 = gtk_hbox_new(FALSE, 0); gtk_widget_set_name(hbox3, "hbox3"); gtk_widget_show(hbox3); - gtk_table_attach(GTK_TABLE(table7), hbox3, 0, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), 0, 0); + gtk_table_attach(GTK_TABLE(table7), hbox3, 0, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions)(GTK_EXPAND | GTK_FILL), 0, 0); radioProxy = gtk_radio_button_new_with_mnemonic(NULL, "No Proxy"); gtk_widget_set_name(radioProxy, "radioProxy"); @@ -701,7 +687,7 @@ GtkWidget *create_wndMain(void) { frame13 = gtk_frame_new(NULL); gtk_widget_set_name(frame13, "frame13"); gtk_widget_show(frame13); - gtk_table_attach(GTK_TABLE(table4), frame13, 0, 1, 0, 1, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), 0, 0); + gtk_table_attach(GTK_TABLE(table4), frame13, 0, 1, 0, 1, (GtkAttachOptions)(GTK_FILL), (GtkAttachOptions)(GTK_EXPAND | GTK_FILL), 0, 0); table10 = gtk_table_new(5, 2, FALSE); gtk_widget_set_name(table10, "table10"); @@ -711,50 +697,46 @@ GtkWidget *create_wndMain(void) { chkExitf = gtk_check_button_new_with_mnemonic("Exit after first found pair (per host)"); gtk_widget_set_name(chkExitf, "chkExitf"); gtk_widget_show(chkExitf); - gtk_table_attach(GTK_TABLE(table10), chkExitf, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table10), chkExitf, 0, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkExitf, "Enable this to stop all attacking processes once a valid login/password pair is found (per host)", NULL); spnTimeout_adj = gtk_adjustment_new(30, 0, 295, 1, 10, 0); spnTimeout = gtk_spin_button_new(GTK_ADJUSTMENT(spnTimeout_adj), 1, 0); gtk_widget_set_name(spnTimeout, "spnTimeout"); gtk_widget_show(spnTimeout); - gtk_table_attach(GTK_TABLE(table10), spnTimeout, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table10), spnTimeout, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, spnTimeout, "The maximum timeout an attack process is waiting for a response from the target", NULL); spnTasks_adj = gtk_adjustment_new(16, 0, 128, 1, 10, 0); spnTasks = gtk_spin_button_new(GTK_ADJUSTMENT(spnTasks_adj), 1, 0); gtk_widget_set_name(spnTasks, "spnTasks"); gtk_widget_show(spnTasks); - gtk_table_attach(GTK_TABLE(table10), spnTasks, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table10), spnTasks, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, spnTasks, "The number of attack tasks to run in parallel. The more the faster, the most: computer lockup :-) 16-64 is a good choice", NULL); label32 = gtk_label_new("Timeout"); gtk_widget_set_name(label32, "label32"); gtk_widget_show(label32); - gtk_table_attach(GTK_TABLE(table10), label32, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table10), label32, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label32), 0, 0.5); label31 = gtk_label_new("Number of Tasks"); gtk_widget_set_name(label31, "label31"); gtk_widget_show(label31); - gtk_table_attach(GTK_TABLE(table10), label31, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table10), label31, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label31), 0, 0.5); - chkExitF = gtk_check_button_new_with_mnemonic ("Exit after first found pair (global)"); - gtk_widget_set_name (chkExitF, "chkExitF"); - gtk_widget_show (chkExitF); - gtk_table_attach (GTK_TABLE (table10), chkExitF, 0, 2, 3, 4, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkExitF, "Enable this to stop all attacking processes once a valid login/password pair is found (global)", NULL); + chkExitF = gtk_check_button_new_with_mnemonic("Exit after first found pair (global)"); + gtk_widget_set_name(chkExitF, "chkExitF"); + gtk_widget_show(chkExitF); + gtk_table_attach(GTK_TABLE(table10), chkExitF, 0, 2, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkExitF, "Enable this to stop all attacking processes once a valid login/password pair is found (global)", NULL); - chkNoErr = gtk_check_button_new_with_mnemonic ("Do not print messages about connection errors"); - gtk_widget_set_name (chkNoErr, "chkNoErr"); - gtk_widget_show (chkNoErr); - gtk_table_attach (GTK_TABLE (table10), chkNoErr, 0, 2, 4, 5, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkNoErr, "Do not print messages about connection errors", NULL); + chkNoErr = gtk_check_button_new_with_mnemonic("Do not print messages about connection errors"); + gtk_widget_set_name(chkNoErr, "chkNoErr"); + gtk_widget_show(chkNoErr); + gtk_table_attach(GTK_TABLE(table10), chkNoErr, 0, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkNoErr, "Do not print messages about connection errors", NULL); label30 = gtk_label_new("Performance Options"); gtk_widget_set_name(label30, "label30"); @@ -1038,18 +1020,18 @@ GtkWidget *create_wndMain(void) { gtk_widget_show(statusbar); gtk_box_pack_start(GTK_BOX(vbox1), statusbar, FALSE, FALSE, 0); - g_signal_connect((gpointer) wndMain, "destroy", G_CALLBACK(on_wndMain_destroy), NULL); - g_signal_connect((gpointer) quit1, "button-press-event", G_CALLBACK(on_quit1_activate), NULL); - g_signal_connect((gpointer) entTargetFile, "button_press_event", G_CALLBACK(on_entTargetFile_button_press_event), NULL); - g_signal_connect((gpointer) entUsernameFile, "button_press_event", G_CALLBACK(on_entUsernameFile_button_press_event), NULL); - g_signal_connect((gpointer) chkDisUser, "toggled", G_CALLBACK (on_chkDisUser_toggled), NULL); - g_signal_connect((gpointer) entPassFile, "button_press_event", G_CALLBACK(on_entPassFile_button_press_event), NULL); - g_signal_connect((gpointer) chkColon, "toggled", G_CALLBACK(on_chkColon_toggled), NULL); - g_signal_connect((gpointer) entColonFile, "button_press_event", G_CALLBACK(on_entColonFile_button_press_event), NULL); - g_signal_connect((gpointer) btnStart, "clicked", G_CALLBACK(on_btnStart_clicked), NULL); - g_signal_connect((gpointer) btnStop, "clicked", G_CALLBACK(on_btnStop_clicked), NULL); - g_signal_connect((gpointer) btnSave, "clicked", G_CALLBACK(on_btnSave_clicked), NULL); - g_signal_connect((gpointer) btnClear, "clicked", G_CALLBACK(on_btnClear_clicked), NULL); + g_signal_connect((gpointer)wndMain, "destroy", G_CALLBACK(on_wndMain_destroy), NULL); + g_signal_connect((gpointer)quit1, "button-press-event", G_CALLBACK(on_quit1_activate), NULL); + g_signal_connect((gpointer)entTargetFile, "button_press_event", G_CALLBACK(on_entTargetFile_button_press_event), NULL); + g_signal_connect((gpointer)entUsernameFile, "button_press_event", G_CALLBACK(on_entUsernameFile_button_press_event), NULL); + g_signal_connect((gpointer)chkDisUser, "toggled", G_CALLBACK(on_chkDisUser_toggled), NULL); + g_signal_connect((gpointer)entPassFile, "button_press_event", G_CALLBACK(on_entPassFile_button_press_event), NULL); + g_signal_connect((gpointer)chkColon, "toggled", G_CALLBACK(on_chkColon_toggled), NULL); + g_signal_connect((gpointer)entColonFile, "button_press_event", G_CALLBACK(on_entColonFile_button_press_event), NULL); + g_signal_connect((gpointer)btnStart, "clicked", G_CALLBACK(on_btnStart_clicked), NULL); + g_signal_connect((gpointer)btnStop, "clicked", G_CALLBACK(on_btnStop_clicked), NULL); + g_signal_connect((gpointer)btnSave, "clicked", G_CALLBACK(on_btnSave_clicked), NULL); + g_signal_connect((gpointer)btnClear, "clicked", G_CALLBACK(on_btnClear_clicked), NULL); /* Store pointers to all widgets, for use by lookup_widget(). */ GLADE_HOOKUP_OBJECT_NO_REF(wndMain, wndMain, "wndMain"); @@ -1090,7 +1072,7 @@ GtkWidget *create_wndMain(void) { GLADE_HOOKUP_OBJECT(wndMain, radioUsername1, "radioUsername1"); GLADE_HOOKUP_OBJECT(wndMain, chkUsernameLoop, "chkUsernameLoop"); GLADE_HOOKUP_OBJECT(wndMain, radioUsername2, "radioUsername2"); - GLADE_HOOKUP_OBJECT (wndMain, chkDisUser, "chkDisUser"); + GLADE_HOOKUP_OBJECT(wndMain, chkDisUser, "chkDisUser"); GLADE_HOOKUP_OBJECT(wndMain, label8, "label8"); GLADE_HOOKUP_OBJECT(wndMain, frmPass, "frmPass"); GLADE_HOOKUP_OBJECT(wndMain, table3, "table3"); diff --git a/hydra-gtk/src/main.c b/hydra-gtk/src/main.c index 931493b..03c5f21 100644 --- a/hydra-gtk/src/main.c +++ b/hydra-gtk/src/main.c @@ -8,17 +8,16 @@ #include #endif -#include -#include +#include "callbacks.h" #include "interface.h" #include "support.h" -#include "callbacks.h" +#include +#include char *hydra_path1 = "./hydra"; char *hydra_path2 = "/usr/local/bin/hydra"; char *hydra_path3 = "/usr/bin/hydra"; - int main(int argc, char *argv[]) { extern GtkWidget *wndMain; int i; @@ -60,7 +59,6 @@ int main(int argc, char *argv[]) { wndMain = create_wndMain(); gtk_widget_show(wndMain); - /* if we can't use the new cool file chooser, the save button gets disabled */ #ifndef GTK_TYPE_FILE_CHOOSER GtkWidget *btnSave; @@ -69,13 +67,12 @@ int main(int argc, char *argv[]) { gtk_widget_set_sensitive(btnSave, FALSE); #endif - /* update the statusbar every now and then */ g_timeout_add(600, update_statusbar, NULL); /* we want bold text in the output window */ output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); - outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + outputbuf = gtk_text_view_get_buffer((GtkTextView *)output); gtk_text_buffer_create_tag(outputbuf, "bold", "weight", PANGO_WEIGHT_BOLD, NULL); /* he ho, lets go! */ diff --git a/hydra-gtk/src/support.c b/hydra-gtk/src/support.c index 22a1a3a..96d5e17 100644 --- a/hydra-gtk/src/support.c +++ b/hydra-gtk/src/support.c @@ -7,17 +7,17 @@ #include #endif -#include -#include -#include -#include #include +#include +#include +#include +#include #include #include "support.h" -GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) { +GtkWidget *lookup_widget(GtkWidget *widget, const gchar *widget_name) { GtkWidget *parent, *found_widget; for (;;) { @@ -26,13 +26,13 @@ GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) { else parent = widget->parent; if (!parent) - parent = (GtkWidget *) g_object_get_data(G_OBJECT(widget), "GladeParentKey"); + parent = (GtkWidget *)g_object_get_data(G_OBJECT(widget), "GladeParentKey"); if (parent == NULL) break; widget = parent; } - found_widget = (GtkWidget *) g_object_get_data(G_OBJECT(widget), widget_name); + found_widget = (GtkWidget *)g_object_get_data(G_OBJECT(widget), widget_name); if (!found_widget) g_warning("Widget not found: %s", widget_name); return found_widget; @@ -41,19 +41,16 @@ GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) { static GList *pixmaps_directories = NULL; /* Use this function to set the directory containing installed pixmaps. */ -void add_pixmap_directory(const gchar * directory) { - pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory)); -} +void add_pixmap_directory(const gchar *directory) { pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory)); } /* This is an internally used function to find pixmap files. */ -static gchar *find_pixmap_file(const gchar * filename) { +static gchar *find_pixmap_file(const gchar *filename) { GList *elem; /* We step through each of the pixmaps directory to find it. */ elem = pixmaps_directories; while (elem) { - gchar *pathname = g_strdup_printf("%s%s%s", (gchar *) elem->data, - G_DIR_SEPARATOR_S, filename); + gchar *pathname = g_strdup_printf("%s%s%s", (gchar *)elem->data, G_DIR_SEPARATOR_S, filename); if (g_file_test(pathname, G_FILE_TEST_EXISTS)) return pathname; @@ -64,7 +61,7 @@ static gchar *find_pixmap_file(const gchar * filename) { } /* This is an internally used function to create pixmaps. */ -GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename) { +GtkWidget *create_pixmap(GtkWidget *widget, const gchar *filename) { gchar *pathname = NULL; GtkWidget *pixmap; @@ -84,7 +81,7 @@ GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename) { } /* This is an internally used function to create pixmaps. */ -GdkPixbuf *create_pixbuf(const gchar * filename) { +GdkPixbuf *create_pixbuf(const gchar *filename) { gchar *pathname = NULL; GdkPixbuf *pixbuf; GError *error = NULL; @@ -109,7 +106,7 @@ GdkPixbuf *create_pixbuf(const gchar * filename) { } /* This is used to set ATK action descriptions. */ -void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description) { +void glade_set_atk_action_description(AtkAction *action, const gchar *action_name, const gchar *description) { gint n_actions, i; n_actions = atk_action_get_n_actions(action); diff --git a/hydra-gtk/src/support.h b/hydra-gtk/src/support.h index 4fc185d..bd88545 100644 --- a/hydra-gtk/src/support.h +++ b/hydra-gtk/src/support.h @@ -19,26 +19,23 @@ * or alternatively any widget in the component, and the name of the widget * you want returned. */ -GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name); - +GtkWidget *lookup_widget(GtkWidget *widget, const gchar *widget_name); /* Use this function to set the directory containing installed pixmaps. */ -void add_pixmap_directory(const gchar * directory); - +void add_pixmap_directory(const gchar *directory); /* * Private Functions. */ /* This is used to create the pixmaps used in the interface. */ -GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename); +GtkWidget *create_pixmap(GtkWidget *widget, const gchar *filename); /* This is used to create the pixbufs used in the interface. */ -GdkPixbuf *create_pixbuf(const gchar * filename); +GdkPixbuf *create_pixbuf(const gchar *filename); /* This is used to set ATK action descriptions. */ -void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description); - +void glade_set_atk_action_description(AtkAction *action, const gchar *action_name, const gchar *description); GtkWidget *wndMain; char *HYDRA_BIN; diff --git a/hydra-http-form.c b/hydra-http-form.c index 80b141a..324fe6a 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -45,7 +45,8 @@ rewritten by David Maciejak Fix and issue with strtok use and implement 1 step location follow if HTTP 3xx code is returned (david dot maciejak at gmail dot com) -Added fail or success condition, getting cookies, and allow 5 redirections by david +Added fail or success condition, getting cookies, and allow 5 redirections by +david */ @@ -80,15 +81,15 @@ char cookie[4096] = "", cmiscptr[1024]; int32_t webport, freemischttpform = 0; char bufferurl[6096 + 24], cookieurl[6096 + 24] = "", userheader[6096 + 24] = "", *url, *variables, *optional1; -#define MAX_REDIRECT 8 -#define MAX_CONTENT_LENGTH 20 -#define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2 +#define MAX_REDIRECT 8 +#define MAX_CONTENT_LENGTH 20 +#define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2 char redirected_url_buff[2048] = ""; int32_t redirected_flag = 0; int32_t redirected_cpt = MAX_REDIRECT; -char *cookie_request = NULL, *normal_request = NULL; // Buffers for HTTP headers +char *cookie_request = NULL, *normal_request = NULL; // Buffers for HTTP headers /* * Function to perform some initial setup. @@ -98,7 +99,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr); /* * Returns 1 if specified header exists, or 0 otherwise. */ -ptr_header_node header_exists(ptr_header_node * ptr_head, char *header_name, char type) { +ptr_header_node header_exists(ptr_header_node *ptr_head, char *header_name, char type) { ptr_header_node cur_ptr = *ptr_head, found_header = NULL; for (cur_ptr = *ptr_head; cur_ptr && !found_header; cur_ptr = cur_ptr->next) @@ -118,7 +119,7 @@ char *strndup(const char *s, size_t n) { if (n < len) len = n; - result = (char *) malloc(len + 1); + result = (char *)malloc(len + 1); if (!result) return 0; @@ -128,8 +129,8 @@ char *strndup(const char *s, size_t n) { } #endif -int32_t append_cookie(char *name, char *value, ptr_cookie_node * last_cookie) { - ptr_cookie_node new_ptr = (ptr_cookie_node) malloc(sizeof(t_cookie_node)); +int32_t append_cookie(char *name, char *value, ptr_cookie_node *last_cookie) { + ptr_cookie_node new_ptr = (ptr_cookie_node)malloc(sizeof(t_cookie_node)); if (!new_ptr) return 0; @@ -149,13 +150,13 @@ int32_t append_cookie(char *name, char *value, ptr_cookie_node * last_cookie) { char *stringify_cookies(ptr_cookie_node ptr_cookie) { ptr_cookie_node cur_ptr = NULL; uint32_t length = 1; - char *cookie_hdr = (char *) malloc(length); + char *cookie_hdr = (char *)malloc(length); if (cookie_hdr) { memset(cookie_hdr, 0, length); for (cur_ptr = ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) { length += 2 + strlen(cur_ptr->name) + strlen(cur_ptr->value); - cookie_hdr = (char *) realloc(cookie_hdr, length); + cookie_hdr = (char *)realloc(cookie_hdr, length); if (cookie_hdr) { strcat(cookie_hdr, cur_ptr->name); strcat(cookie_hdr, "="); @@ -187,7 +188,7 @@ success: * +--------+ * Returns 1 if success, or 0 otherwise. */ -int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char *cookie_expr) { +int32_t add_or_update_cookie(ptr_cookie_node *ptr_cookie, char *cookie_expr) { ptr_cookie_node cur_ptr = NULL; char *cookie_name = NULL, *cookie_value = strstr(cookie_expr, "="); @@ -195,7 +196,8 @@ int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char *cookie_expr) { cookie_name = strndup(cookie_expr, cookie_value - cookie_expr); cookie_value = strdup(cookie_value + 1); - // we've got the cookie's name and value, now it's time to insert or update the list + // we've got the cookie's name and value, now it's time to insert or update + // the list if (*ptr_cookie == NULL) { // no cookies append_cookie(cookie_name, cookie_value, ptr_cookie); @@ -203,7 +205,7 @@ int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char *cookie_expr) { for (cur_ptr = *ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) { if (strcmp(cur_ptr->name, cookie_name) == 0) { free(cur_ptr->value); // free old value - free(cookie_name); // we already have it + free(cookie_name); // we already have it cur_ptr->value = cookie_value; break; } @@ -218,7 +220,7 @@ int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char *cookie_expr) { return 1; } -int32_t process_cookies(ptr_cookie_node * ptr_cookie, char *cookie_expr) { +int32_t process_cookies(ptr_cookie_node *ptr_cookie, char *cookie_expr) { char *tok = NULL; char *expr = strdup(cookie_expr); int32_t res = 0; @@ -252,32 +254,29 @@ int32_t process_cookies(ptr_cookie_node * ptr_cookie, char *cookie_expr) { * * Returns 1 if success, or 0 otherwise (out of memory). */ -int32_t add_header(ptr_header_node * ptr_head, char *header, char *value, char type) { +int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char type) { ptr_header_node cur_ptr = NULL; ptr_header_node existing_hdr, new_ptr; // get to the last header - for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next); + for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next) + ; char *new_header = strdup(header); char *new_value = strdup(value); if (new_header && new_value) { - if ((type == HEADER_TYPE_USERHEADER) || - (type == HEADER_TYPE_DEFAULT && !header_exists(ptr_head, new_header, HEADER_TYPE_USERHEADER_REPL)) || - (type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) || - (type == HEADER_TYPE_DEFAULT_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) - ) { + if ((type == HEADER_TYPE_USERHEADER) || (type == HEADER_TYPE_DEFAULT && !header_exists(ptr_head, new_header, HEADER_TYPE_USERHEADER_REPL)) || (type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) || (type == HEADER_TYPE_DEFAULT_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))) { /* * We are in one of the following scenarios: * 1. A default header with no user-supplied headers that replace it. * 2. A user-supplied header that must be appended (option 'h'). - * 3. A user-supplied header that must replace a default header (option 'h'), - * but no default headers exist with that name. + * 3. A user-supplied header that must replace a default header + * (option 'h'), but no default headers exist with that name. * * In either case we just add the header to the list. */ - new_ptr = (ptr_header_node) malloc(sizeof(t_header_node)); + new_ptr = (ptr_header_node)malloc(sizeof(t_header_node)); if (!new_ptr) { free(new_header); free(new_value); @@ -321,7 +320,7 @@ void hdrrep(ptr_header_node *ptr_head, char *oldvalue, char *newvalue) { for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { if ((cur_ptr->type == HEADER_TYPE_USERHEADER || cur_ptr->type == HEADER_TYPE_USERHEADER_REPL) && strstr(cur_ptr->value, oldvalue)) { - cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(newvalue) + 1); + cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(newvalue) + 1); if (cur_ptr->value) strcpy(cur_ptr->value, newvalue); else { @@ -340,7 +339,7 @@ void hdrrepv(ptr_header_node *ptr_head, char *hdrname, char *new_value) { for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { if ((cur_ptr->type == HEADER_TYPE_DEFAULT) && strcmp(cur_ptr->header, hdrname) == 0) { - cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(new_value) + 1); + cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(new_value) + 1); if (cur_ptr->value) strcpy(cur_ptr->value, new_value); else { @@ -351,7 +350,7 @@ void hdrrepv(ptr_header_node *ptr_head, char *hdrname, char *new_value) { } } -void cleanup(ptr_header_node * ptr_head) { +void cleanup(ptr_header_node *ptr_head) { ptr_header_node cur_ptr = *ptr_head, next_ptr = cur_ptr; while (next_ptr != NULL) { @@ -375,7 +374,7 @@ char *stringify_headers(ptr_header_node *ptr_head) { for (; cur_ptr; cur_ptr = cur_ptr->next) ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 4; - headers_str = (char *) malloc(ttl_size + 1); + headers_str = (char *)malloc(ttl_size + 1); if (headers_str) { memset(headers_str, 0, ttl_size + 1); @@ -402,8 +401,8 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { */ while (*miscptr != 0) { switch (miscptr[0]) { - case 'a': // fall through - case 'A': // only for http, not http-form! + case 'a': // fall through + case 'A': // only for http, not http-form! ptr = miscptr + 2; if (strncasecmp(ptr, "NTLM", 4) == 0) @@ -425,7 +424,7 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { miscptr = ptr; break; - case 'c': // fall through + case 'c': // fall through case 'C': ptr = miscptr + 2; while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) @@ -510,7 +509,7 @@ char *prepare_http_request(char *type, char *path, char *params, char *headers) if (params) reqlen += strlen(params); - http_request = (char *) malloc(reqlen); + http_request = (char *)malloc(reqlen); if (http_request) { memset(http_request, 0, reqlen); @@ -571,7 +570,6 @@ char *html_encode(char *string) { return ret; } - /* int32_t analyze_server_response(int32_t socket) return 0 or 1 when the cond regex is matched @@ -584,7 +582,7 @@ int32_t analyze_server_response(int32_t s) { auth_flag = 0; while ((buf = hydra_receive_line(s)) != NULL) { runs++; - //check for http redirection + // check for http redirection if (strstr(buf, "HTTP/1.1 3") != NULL || strstr(buf, "HTTP/1.0 3") != NULL || strstr(buf, "Status: 3") != NULL) { redirected_flag = 1; } else if (strstr(buf, "HTTP/1.1 401") != NULL || strstr(buf, "HTTP/1.0 401") != NULL) { @@ -608,7 +606,7 @@ int32_t analyze_server_response(int32_t s) { *endloc = 0; strcpy(redirected_url_buff, str); } - //there can be multiple cookies + // there can be multiple cookies if (hydra_strcasestr(buf, "Set-Cookie: ") != NULL) { char *cookiebuf = buf; @@ -622,7 +620,7 @@ int32_t analyze_server_response(int32_t s) { str[sizeof(str) - 1] = 0; endcookie1 = strchr(str, '\n'); endcookie2 = strchr(str, ';'); - //terminate string after cookie data + // terminate string after cookie data if (endcookie1 != NULL && ((endcookie1 < endcookie2) || (endcookie2 == NULL))) { if (*(endcookie1 - 1) == '\r') endcookie1--; @@ -635,27 +633,33 @@ int32_t analyze_server_response(int32_t s) { tmpname[sizeof(tmpname) - 2] = 0; ptr = index(tmpname, '='); *(++ptr) = 0; - // is the cookie already in the cookiejar? (so, does it have to be replaced?) + // is the cookie already in the cookiejar? (so, does it have to be + // replaced?) if ((ptr = hydra_strcasestr(cookie, tmpname)) != NULL) { // yes it is. - // if the cookie is not in the beginning of the cookiejar, copy the ones before + // if the cookie is not in the beginning of the cookiejar, copy the + // ones before if (ptr != cookie && *(ptr - 1) == ' ') { strncpy(tmpcookie, cookie, ptr - cookie - 2); tmpcookie[ptr - cookie - 2] = 0; } ptr += strlen(tmpname); - // if there are any cookies after this one in the cookiejar, copy them over + // if there are any cookies after this one in the cookiejar, copy + // them over if ((ptr2 = strstr(ptr, "; ")) != NULL) { ptr2 += 2; strncat(tmpcookie, ptr2, sizeof(tmpcookie) - strlen(tmpcookie) - 1); } if (debug) - printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: %s\n", tmpname, cookie, tmpcookie); + printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: " + "%s\n", + tmpname, cookie, tmpcookie); strcpy(cookie, tmpcookie); } } ptr = index(str, '='); - // only copy the cookie if it has a value (otherwise the server wants to delete the cookie) + // only copy the cookie if it has a value (otherwise the server wants to + // delete the cookie) if (ptr != NULL && *(ptr + 1) != ';' && *(ptr + 1) != 0 && *(ptr + 1) != '\n' && *(ptr + 1) != '\r') { if (strlen(cookie) > 0) strncat(cookie, "; ", sizeof(cookie) - strlen(cookie) - 1); @@ -670,10 +674,10 @@ int32_t analyze_server_response(int32_t s) { if (strstr(buf, cond) != NULL) { #endif free(buf); -// printf("DEBUG: STRING %s FOUND!!:\n%s\n", cond, buf); + // printf("DEBUG: STRING %s FOUND!!:\n%s\n", cond, buf); return 1; } -// else printf("DEBUG: STRING %s NOT FOUND:\n%s\n", cond, buf); + // else printf("DEBUG: STRING %s NOT FOUND:\n%s\n", cond, buf); free(buf); } if (runs == 0) { @@ -694,8 +698,7 @@ void hydra_reconnect(int32_t s, char *ip, int32_t port, unsigned char options, c } } -int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char *type, ptr_header_node ptr_head, - ptr_cookie_node ptr_cookie) { +int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { char *empty = ""; char *login, *pass, clogin[256], cpass[256], b64login[345], b64pass[345]; char header[8096], *upd3variables; @@ -705,7 +708,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; memset(header, 0, sizeof(header)); - cookie[0] = 0; // reset cookies from potential previous attempt + cookie[0] = 0; // reset cookies from potential previous attempt if (use_proxy > 0 && proxy_count > 0) selected_proxy = random() % proxy_count; @@ -716,9 +719,9 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; strcpy(b64login, login); - hydra_tobase64((unsigned char *) b64login, strlen(b64login), sizeof(b64login)); + hydra_tobase64((unsigned char *)b64login, strlen(b64login), sizeof(b64login)); strcpy(b64pass, pass); - hydra_tobase64((unsigned char *) b64pass, strlen(b64pass), sizeof(b64pass)); + hydra_tobase64((unsigned char *)b64pass, strlen(b64pass), sizeof(b64pass)); strncpy(clogin, html_encode(login), sizeof(clogin) - 1); clogin[sizeof(clogin) - 1] = 0; strncpy(cpass, html_encode(pass), sizeof(cpass) - 1); @@ -744,7 +747,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; - i = analyze_server_response(s); // ignore result + i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); hydra_reconnect(s, ip, port, options, hostname); @@ -753,7 +756,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables)); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); else @@ -798,7 +801,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (use_proxy == 1) { // proxy without authentication if (getcookie) { - //doing a GET to get cookies + // doing a GET to get cookies memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); if (http_request != NULL) @@ -815,7 +818,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables)); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); else @@ -829,8 +832,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); else hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); if (http_request != NULL) free(http_request); @@ -847,8 +850,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); else hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); if (http_request != NULL) free(http_request); @@ -860,7 +863,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options // direct web server, no proxy normal_request = NULL; if (getcookie) { - //doing a GET to save cookies + // doing a GET to save cookies if (http_request != NULL) free(http_request); http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); @@ -868,7 +871,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options return 1; i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) { - //printf("[DEBUG] Got cookie: %s\n", cookie); + // printf("[DEBUG] Got cookie: %s\n", cookie); process_cookies(&ptr_cookie, cookie); if (normal_request != NULL) free(normal_request); @@ -878,7 +881,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } // now prepare for the "real" request if (strcmp(type, "POST") == 0) { - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables)); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); else @@ -927,8 +930,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options found = analyze_server_response(s); - if (auth_flag) { // we received a 401 error - user is using wrong module - hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP error code 401. Use module \"http%s-get\" instead.\n", + if (auth_flag) { // we received a 401 error - user is using wrong module + hydra_report(stderr, + "[ERROR] the target is using HTTP auth, not a web form, received HTTP " + "error code 401. Use module \"http%s-get\" instead.\n", (options & OPTION_SSL) > 0 ? "s" : ""); return 4; } @@ -936,13 +941,13 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); - //if page was redirected, follow the location header + // if page was redirected, follow the location header redirected_cpt = MAX_REDIRECT; if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { - //we have to split the location + // we have to split the location char *startloc, *endloc; char str[2048]; char str2[2048]; @@ -950,7 +955,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options redirected_cpt--; redirected_flag = 0; - //check if the redirect page contains the fail/success condition + // check if the redirect page contains the fail/success condition #ifdef HAVE_PCRE if (hydra_string_match(redirected_url_buff, cond) == 1) { #else @@ -958,8 +963,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options #endif found = success_cond; } else { - //location could be either absolute http(s):// or / something - //or relative + // location could be either absolute http(s):// or / something + // or relative startloc = strstr(redirected_url_buff, "://"); if (startloc != NULL) { startloc += strlen("://"); @@ -988,8 +993,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } else { strncpy(str2, webtarget, sizeof(str2)); if (redirected_url_buff[0] != '/') { - //it's a relative path, so we have to concatenate it - //with the path from the first url given + // it's a relative path, so we have to concatenate it + // with the path from the first url given char *urlpath; char urlpath_extracted[2048]; @@ -1030,11 +1035,11 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options free(cookie_header); cookie_header = stringify_cookies(ptr_cookie); if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); else - hdrrepv(&ptr_head, "Cookie", cookie_header); + hdrrepv(&ptr_head, "Cookie", cookie_header); - //re-use the code above to check for proxy use + // re-use the code above to check for proxy use if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { // proxy with authentication hdrrepv(&ptr_head, "Host", str2); @@ -1052,14 +1057,14 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options hdrrepv(&ptr_head, "Host", str2); memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); - if (normal_request != NULL) - free(normal_request); + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); if (http_request != NULL) free(http_request); http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); } else { - //direct web server, no proxy + // direct web server, no proxy hdrrepv(&ptr_head, "Host", str2); if (normal_request != NULL) free(normal_request); @@ -1081,7 +1086,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } } - //if the last status is still 3xx, set it as a false + // if the last status is still 3xx, set it as a false if (found != -1 && found == success_cond && (redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { hydra_report_found_host(port, ip, "www-form", fp); hydra_completed_pair_found(); @@ -1092,8 +1097,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options return 1; } -void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char *type, ptr_header_node * ptr_head, - ptr_cookie_node * ptr_cookie) { +void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char *type, ptr_header_node *ptr_head, ptr_cookie_node *ptr_cookie) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; @@ -1118,35 +1122,35 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt } } switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t) getpid()); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t)getpid()); + if (freemischttpform) + free(miscptr); + freemischttpform = 0; + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_http_form(sock, ip, port, options, miscptr, fp, hostname, type, *ptr_head, *ptr_cookie); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); if (freemischttpform) @@ -1154,7 +1158,7 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt freemischttpform = 0; hydra_child_exit(0); break; - case 4: /* silent error exit */ + case 4: /* silent error exit */ if (sock >= 0) sock = hydra_disconnect(sock); if (freemischttpform) @@ -1175,7 +1179,7 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt free(miscptr); } -void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { ptr_cookie_node ptr_cookie = NULL; ptr_header_node ptr_head = initialize(ip, options, miscptr); @@ -1187,7 +1191,7 @@ void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *mi } } -void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { ptr_cookie_node ptr_cookie = NULL; ptr_header_node ptr_head = initialize(ip, options, miscptr); @@ -1199,7 +1203,7 @@ void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *m } } -int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. @@ -1222,14 +1226,14 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) { webtarget += strlen("://"); - if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ + if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ *ptr2 = 0; ptr2++; ptr = ptr2; if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) miscptr = ptr; else - miscptr = slash; /* to make things easier to user */ + miscptr = slash; /* to make things easier to user */ } else if ((ptr2 = index(webtarget, '/')) != NULL) { if (freemischttpform == 0) { if ((miscptr = malloc(strlen(ptr2) + 1)) != NULL) { @@ -1268,18 +1272,17 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { if (*ptr != 0) *ptr++ = 0; - if ((ptr2 = rindex(ptr, ':')) != NULL) { cond = ptr2 + 1; *ptr2 = 0; } else cond = ptr; -/* - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; -*/ + /* + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + */ if (ptr == cond) optional1 = NULL; else @@ -1304,9 +1307,11 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { } } - //printf("ptr: %s ptr2: %s cond: %s url: %s variables: %s optional1: %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" : optional1); + // printf("ptr: %s ptr2: %s cond: %s url: %s variables: %s optional1: + // %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" : + // optional1); - if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ ) + if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */) hydra_child_exit(2); if (*cond == 0) { @@ -1316,7 +1321,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { sprintf(cookieurl, "%.1000s", url); - //conditions now have to contain F or S to set the fail or success condition + // conditions now have to contain F or S to set the fail or success condition if (*cond != 0 && (strpos(cond, "F=") == 0)) { success_cond = 0; cond += 2; @@ -1324,11 +1329,12 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { success_cond = 1; cond += 2; } else { - //by default condition is a fail + // by default condition is a fail success_cond = 0; } - //printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + // printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s + // (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); /* * Parse the user-supplied options. @@ -1342,7 +1348,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { // proxy with authentication add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "User-Agent", "Mozilla 5.0 (Hydra Proxy Auth)", HEADER_TYPE_DEFAULT); - proxy_string = (char *) malloc(strlen(proxy_authentication[selected_proxy]) + 10); + proxy_string = (char *)malloc(strlen(proxy_authentication[selected_proxy]) + 10); if (proxy_string) { strcpy(proxy_string, "Basic "); strcat(proxy_string, proxy_authentication[selected_proxy]); @@ -1352,13 +1358,13 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { return NULL; } if (getcookie) { - //doing a GET to save cookies + // doing a GET to save cookies if (cookie_request != NULL) free(cookie_request); cookie_request = stringify_headers(&ptr_head); } if (normal_request != NULL) - free(normal_request); + free(normal_request); normal_request = stringify_headers(&ptr_head); } else { if (use_proxy == 1) { @@ -1366,7 +1372,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra Proxy)", HEADER_TYPE_DEFAULT); if (getcookie) { - //doing a GET to get cookies + // doing a GET to get cookies if (cookie_request != NULL) free(cookie_request); cookie_request = stringify_headers(&ptr_head); @@ -1380,7 +1386,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra)", HEADER_TYPE_DEFAULT); if (getcookie) { - //doing a GET to save cookies + // doing a GET to save cookies if (cookie_request != NULL) free(cookie_request); cookie_request = stringify_headers(&ptr_head); @@ -1396,37 +1402,62 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { void usage_http_form(const char *service) { printf("Module %s requires the page and the parameters for the web form.\n\n" - "By default this module is configured to follow a maximum of 5 redirections in\n" - "a row. It always gathers a new cookie from the same URL without variables\n" - "The parameters take three \":\" separated values, plus optional values.\n" - "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" - "\nSyntax: :
:[:[:]\n" + "By default this module is configured to follow a maximum of 5 " + "redirections in\n" + "a row. It always gathers a new cookie from the same URL without " + "variables\n" + "The parameters take three \":\" separated values, plus optional " + "values.\n" + "(Note: if you need a colon in the option string as value, escape it " + "with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" + "\nSyntax: ::[:[:]\n" "First is the page on the server to GET or POST to (URL).\n" - "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" - " with url-encoded (resp. base64-encoded) usernames and passwords being replaced in the\n" - " \"^USER^\" (resp. \"^USER64^\") and \"^PASS^\" (resp. \"^PASS64^\") placeholders (FORM PARAMETERS)\n" + "Second is the POST/GET variables (taken from either the browser, proxy, " + "etc.\n" + " with url-encoded (resp. base64-encoded) usernames and passwords being " + "replaced in the\n" + " \"^USER^\" (resp. \"^USER64^\") and \"^PASS^\" (resp. \"^PASS64^\") " + "placeholders (FORM PARAMETERS)\n" "Third is the string that it checks for an *invalid* login (by default)\n" - " Invalid condition login check can be preceded by \"F=\", successful condition\n" + " Invalid condition login check can be preceded by \"F=\", successful " + "condition\n" " login check must be preceded by \"S=\".\n" - " This is where most people get it wrong. You have to check the webapp what a\n" + " This is where most people get it wrong. You have to check the webapp " + "what a\n" " failed string looks like and put it in this parameter!\n" "The following parameters are optional:\n" - " (c|C)=/page/uri to define a different page to gather initial cookies from\n" - " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" - " ^USER[64]^ and ^PASS[64]^ can also be put into these headers!\n" + " (c|C)=/page/uri to define a different page to gather initial " + "cookies from\n" + " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each " + "request\n" + " ^USER[64]^ and ^PASS[64]^ can also be put into these " + "headers!\n" " Note: 'h' will add the user-defined header at the end\n" " regardless it's already being sent by Hydra or not.\n" - " 'H' will replace the value of that header if it exists, by the\n" - " one supplied by the user, or add the header at the end\n" - "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" - " All colons that are not option separators should be escaped (see the examples above and below).\n" - " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" - " in the header value itself, as they will be interpreted by hydra as option separators.\n" + " 'H' will replace the value of that header if it " + "exists, by the\n" + " one supplied by the user, or add the header at the " + "end\n" + "Note that if you are going to put colons (:) in your headers you should " + "escape them with a backslash (\\).\n" + " All colons that are not option separators should be escaped (see the " + "examples above and below).\n" + " You can specify a header without escaping the colons, but that way you " + "will not be able to put colons\n" + " in the header value itself, as they will be interpreted by hydra as " + "option separators.\n" "\nExamples:\n" " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" - " \"/login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=authlog=.*success\"\n" + " \"/" + "login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=authlog=.*" + "success\"\n" " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" - " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" - " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", + " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic " + "dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" + " \"/exchweb/bin/auth/" + "owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&" + "username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:" + "reason=:C=/exchweb\"\n", service); } diff --git a/hydra-http-proxy-urlenum.c b/hydra-http-proxy-urlenum.c index 0ca7b47..2f00ae5 100644 --- a/hydra-http-proxy-urlenum.c +++ b/hydra-http-proxy-urlenum.c @@ -5,11 +5,11 @@ extern char *HYDRA_EXIT; char *buf; static int32_t http_proxy_auth_mechanism = AUTH_ERROR; -int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname) { +int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500], mlogin[260], mpass[260], mhost[260]; char url[260], host[30]; - char *header = ""; /* XXX TODO */ + char *header = ""; /* XXX TODO */ char *ptr; int32_t auth = 0; @@ -19,7 +19,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha return 1; } pass = hydra_get_next_password(); - pass = empty; // ignored + pass = empty; // ignored strncpy(url, login, sizeof(url) - 1); url[sizeof(url) - 1] = 0; @@ -46,12 +46,12 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha } if (http_proxy_auth_mechanism == AUTH_ERROR) { - //send dummy request + // send dummy request sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, mhost, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; - //receive first 40x + // receive first 40x buf = hydra_receive_line(s); while (buf != NULL && strstr(buf, "HTTP/") == NULL) { free(buf); @@ -61,7 +61,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha if (debug) hydra_report(stderr, "S:%s\n", buf); - //after the first query we should have been disconnected from web server + // after the first query we should have been disconnected from web server s = hydra_disconnect(s); if ((options & OPTION_SSL) == 0) { s = hydra_connect_tcp(ip, port); @@ -74,8 +74,11 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha if (hydra_strcasestr(buf, "Proxy-Authenticate: Basic") != NULL) { http_proxy_auth_mechanism = AUTH_BASIC; sprintf(buffer2, "%.50s:%.50s", login, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + url, host, buffer2, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) @@ -87,8 +90,8 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha buf = hydra_receive_line(s); } - //if server cut the connection, just exit cleanly or - //this will be an infinite loop + // if server cut the connection, just exit cleanly or + // this will be an infinite loop if (buf == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Server did not answer\n"); @@ -104,19 +107,23 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha char *pos = NULL; http_proxy_auth_mechanism = AUTH_NTLM; - //send auth and receive challenge - //send auth request: let the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + // send auth and receive challenge + // send auth request: let the server send it's own hostname and + // domainname + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); - /* to be portable, no snprintf, buffer is big enough so it can't overflow */ - //send the first.. - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, - header); + /* to be portable, no snprintf, buffer is big enough so it can't + * overflow */ + // send the first.. + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", + url, host, buf1, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; - //receive challenge + // receive challenge free(buf); buf = hydra_receive_line(s); while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) { @@ -134,17 +141,19 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha pos[str - pos] = 0; } } - //recover challenge + // recover challenge if (buf != NULL) { if (strlen(buf) >= 4) - from64tobits((char *) buf1, pos); + from64tobits((char *)buf1, pos); free(buf); } - //Send response - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, - header); + // Send response + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", + url, host, buf1, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) @@ -206,7 +215,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha } } // result analysis - ptr = ((char *) index(buf, ' ')) + 1; + ptr = ((char *)index(buf, ' ')) + 1; if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) { hydra_report_found_host(port, ip, "http-proxy", fp); if (fp != stdout) @@ -214,7 +223,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string_beautiful(ip), url); hydra_completed_pair_found(); } else { - if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */ ) { + if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */) { hydra_report(stderr, "[ERROR] Proxy reports bad credentials!\n"); return 3; } @@ -228,7 +237,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha return 1; } -void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; @@ -239,33 +248,34 @@ void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, cha while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_http_proxy_urlenum(sock, ip, port, options, miscptr, fp, hostname); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -278,13 +288,13 @@ void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, cha } } -int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -292,9 +302,13 @@ int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char opti return 0; } -void usage_http_proxy_urlenum(const char* service) { - printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" +void usage_http_proxy_urlenum(const char *service) { + printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P " + "option.\n" "The -L loginfile must contain the URL list to try through the proxy.\n" "The proxy credentials cann be put as the optional parameter, e.g.\n" - " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); + " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum " + "user:pass\n" + " hydra -L urllist.txt " + "http-proxy-urlenum://target.com:3128/user:pass\n\n"); } diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index cdeb714..0e07d9b 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -5,11 +5,11 @@ extern char *HYDRA_EXIT; static int32_t http_proxy_auth_mechanism = AUTH_ERROR; char *http_proxy_buf = NULL; -int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname) { +int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500]; char url[210], host[60]; - char *header = ""; /* XXX TODO */ + char *header = ""; /* XXX TODO */ char *ptr, *fooptr; if (strlen(login = hydra_get_next_login()) == 0) @@ -22,7 +22,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option strcpy(host, "Host: www.microsoft.com\r\n"); } else { sprintf(url, "%.200s", miscptr); - ptr = strstr(miscptr, "://"); // :// check is in hydra.c + ptr = strstr(miscptr, "://"); // :// check is in hydra.c sprintf(host, "Host: %.50s", ptr + 3); if ((ptr = index(host, '/')) != NULL) *ptr = 0; @@ -32,12 +32,12 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } if (http_proxy_auth_mechanism != AUTH_BASIC && (http_proxy_auth_mechanism == AUTH_ERROR || http_proxy_buf == NULL)) { - //send dummy request + // send dummy request sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 3; - //receive first 40x + // receive first 40x http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/") == NULL) { free(http_proxy_buf); @@ -69,7 +69,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option if (debug) hydra_report(stderr, "S:%s\n", http_proxy_buf); - //after the first query we should have been disconnected from web server + // after the first query we should have been disconnected from web server s = hydra_disconnect(s); if ((options & OPTION_SSL) == 0) { s = hydra_connect_tcp(ip, port); @@ -81,8 +81,11 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Basic") != NULL) { http_proxy_auth_mechanism = AUTH_BASIC; sprintf(buffer2, "%.50s:%.50s", login, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\n%s\r\n", + url, host, buffer2, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) @@ -94,8 +97,8 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option http_proxy_buf = hydra_receive_line(s); } - //if server cut the connection, just exit cleanly or - //this will be an infinite loop + // if server cut the connection, just exit cleanly or + // this will be an infinite loop if (http_proxy_buf == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Server did not answer\n"); @@ -106,24 +109,27 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option hydra_report(stderr, "S:%s\n", http_proxy_buf); } else { if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM") != NULL) { - unsigned char buf1[4096]; unsigned char buf2[4096]; char *pos = NULL; http_proxy_auth_mechanism = AUTH_NTLM; - //send auth and receive challenge - //send auth request: let the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + // send auth and receive challenge + // send auth request: let the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); - /* to be portable, no snprintf, buffer is big enough so it can't overflow */ - //send the first.. - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); + /* to be portable, no snprintf, buffer is big enough so it can't overflow + */ + // send the first.. + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", + url, host, buf1, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 3; - //receive challenge + // receive challenge free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && (pos = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM ")) == NULL) { @@ -141,24 +147,27 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option pos[str - pos] = 0; } } - //recover challenge + // recover challenge if (http_proxy_buf != NULL && strlen(http_proxy_buf) >= 4) { - from64tobits((char *) buf1, pos); + from64tobits((char *)buf1, pos); free(http_proxy_buf); http_proxy_buf = NULL; return 3; } - //Send response - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); + // Send response + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", + url, host, buf1, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 3; if (http_proxy_buf != NULL) - free(http_proxy_buf); + free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) { free(http_proxy_buf); @@ -170,7 +179,6 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } else { #ifdef LIBOPENSSL if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) { - char *pbuffer; http_proxy_auth_mechanism = AUTH_DIGESTMD5; @@ -206,7 +214,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option #endif { if (http_proxy_buf != NULL) { -// buf[strlen(http_proxy_buf) - 1] = '\0'; + // buf[strlen(http_proxy_buf) - 1] = '\0'; hydra_report(stderr, "Unsupported Auth type:\n%s\n", http_proxy_buf); free(http_proxy_buf); http_proxy_buf = NULL; @@ -218,7 +226,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } } - ptr = ((char *) index(http_proxy_buf, ' ')) + 1; + ptr = ((char *)index(http_proxy_buf, ' ')) + 1; if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) { hydra_report_found_host(port, ip, "http-proxy", fp); hydra_completed_pair_found(); @@ -226,7 +234,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option http_proxy_buf = NULL; } else { if (*ptr != '4') - hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(http_proxy_buf, ' ') + 1), login, pass); + hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char)*(index(http_proxy_buf, ' ') + 1), login, pass); else if (verbose && *(ptr + 2) == '3') hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass); hydra_completed_pair(); @@ -246,7 +254,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option return 1; } -void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; @@ -257,36 +265,37 @@ void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscp while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (http_proxy_buf != NULL) - free(http_proxy_buf); - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - - if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (http_proxy_buf != NULL) + free(http_proxy_buf); + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + + if (sock < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_http_proxy(sock, ip, port, options, miscptr, fp, hostname); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -299,13 +308,13 @@ void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscp } } -int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -313,7 +322,9 @@ int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, cha return 0; } -void usage_http_proxy(const char* service) { +void usage_http_proxy(const char *service) { printf("Module http-proxy is optionally taking the page to authenticate at.\n" - "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); + "Default is http://www.microsoft.com/)\n" + "Basic, DIGEST-MD5 and NTLM are supported and negotiated " + "automatically.\n\n"); } diff --git a/hydra-http.c b/hydra-http.c index 3a6b378..a1868bf 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -1,8 +1,6 @@ #include "hydra-http.h" #include "sasl.h" - - extern char *HYDRA_EXIT; char *webtarget = NULL; char *slash = "/"; @@ -10,12 +8,12 @@ char *http_buf = NULL; #define END_CONDITION_MAX_LEN 100 static char end_condition[END_CONDITION_MAX_LEN]; -int end_condition_type=-1; +int end_condition_type = -1; int32_t webport, freemischttp = 0; int32_t http_auth_mechanism = AUTH_UNASSIGNED; -int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *type, ptr_header_node ptr_head) { +int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *type, ptr_header_node ptr_head) { char *empty = ""; char *login, *pass, *buffer, buffer2[500]; char *header; @@ -34,7 +32,7 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha header = stringify_headers(&ptr_head); buffer_size = strlen(header) + 500; - if(!(buffer = malloc(buffer_size))) { + if (!(buffer = malloc(buffer_size))) { free(header); return 3; } @@ -49,133 +47,153 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha switch (http_auth_mechanism) { case AUTH_BASIC: sprintf(buffer2, "%.50s:%.50s", login, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); /* again: no snprintf to be portable. don't worry, buffer can't overflow */ if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) - sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + sprintf(buffer, + "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " + "close\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) - sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + sprintf(buffer, + "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " + "close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, buffer2, header); else - sprintf(buffer, "%s %.250s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, buffer2, header); + sprintf(buffer, + "%s %.250s HTTP/1.1\r\nHost: %s\r\nConnection: " + "close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\n%s\r\n", + type, miscptr, webtarget, buffer2, header); } if (debug) hydra_report(stderr, "C:%s\n", buffer); break; #ifdef LIBOPENSSL - case AUTH_DIGESTMD5:{ - char *pbuffer; + case AUTH_DIGESTMD5: { + char *pbuffer; - pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest "); - strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), buffer_size - 1); - buffer[buffer_size - 1] = '\0'; + pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest "); + strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), buffer_size - 1); + buffer[buffer_size - 1] = '\0'; - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); - if (fooptr == NULL) { - free(buffer); - free(header); - return 3; - } - - if (debug) - hydra_report(stderr, "C:%s\n", buffer2); - strcpy(buffer, buffer2); + fooptr = buffer2; + sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); + if (fooptr == NULL) { + free(buffer); + free(header); + return 3; } - break; + + if (debug) + hydra_report(stderr, "C:%s\n", buffer2); + strcpy(buffer, buffer2); + } break; #endif - case AUTH_NTLM:{ - unsigned char buf1[4096]; - unsigned char buf2[4096]; - char *pos = NULL; + case AUTH_NTLM: { + unsigned char buf1[4096]; + unsigned char buf2[4096]; + char *pos = NULL; - //send auth and receive challenge - //send auth request: let the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + // send auth and receive challenge + // send auth request: let the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); - /* to be portable, no snprintf, buffer is big enough so it can't overflow */ - //send the first.. - if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) + /* to be portable, no snprintf, buffer is big enough so it can't overflow */ + // send the first.. + if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) + sprintf(buffer, + "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); + else { + if (use_proxy == 1) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); - else { - if (use_proxy == 1) - sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, header); - else - sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, - buf1, header); - } - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - free(buffer); - free(header); - return 1; - } - - //receive challenge - if (http_buf != NULL) - free(http_buf); - - http_buf = hydra_receive_line(s); - if (http_buf == NULL) { - if (verbose) - hydra_report(stderr, "[ERROR] Server did not answer\n"); - free(buffer); - free(header); - return 3; - } - - pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM "); - if (pos != NULL) { - char *str; - - pos += 23; - if ((str = strchr(pos, '\r')) != NULL) { - pos[str - pos] = 0; - } - if ((str = strchr(pos, '\n')) != NULL) { - pos[str - pos] = 0; - } - } else { - hydra_report(stderr, "[ERROR] It is not NTLM authentication type\n"); - return 3; - } - - //recover challenge - from64tobits((char *) buf1, pos); - free(http_buf); - http_buf = NULL; - - //Send response - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - - //create the auth response - if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) + "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, header); + else sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); - else { - if (use_proxy == 1) - sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, header); - else - sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, - buf1, header); - } - - if (debug) - hydra_report(stderr, "C:%s\n", buffer); + "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, miscptr, webtarget, buf1, header); } - break; + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + free(buffer); + free(header); + return 1; + } + + // receive challenge + if (http_buf != NULL) + free(http_buf); + + http_buf = hydra_receive_line(s); + if (http_buf == NULL) { + if (verbose) + hydra_report(stderr, "[ERROR] Server did not answer\n"); + free(buffer); + free(header); + return 3; + } + + pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM "); + if (pos != NULL) { + char *str; + + pos += 23; + if ((str = strchr(pos, '\r')) != NULL) { + pos[str - pos] = 0; + } + if ((str = strchr(pos, '\n')) != NULL) { + pos[str - pos] = 0; + } + } else { + hydra_report(stderr, "[ERROR] It is not NTLM authentication type\n"); + return 3; + } + + // recover challenge + from64tobits((char *)buf1, pos); + free(http_buf); + http_buf = NULL; + + // Send response + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + + // create the auth response + if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) + sprintf(buffer, + "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); + else { + if (use_proxy == 1) + sprintf(buffer, + "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, header); + else + sprintf(buffer, + "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, miscptr, webtarget, buf1, header); + } + + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + } break; } if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -191,7 +209,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha tmpreplybuf[0] = 0; while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (index(http_buf, '\n') == NULL && complete_line == 0))) { - if (debug) printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf); + if (debug) + printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf); if (tmpreplybuf[0] == 0 && strstr(http_buf, "HTTP/1.") != NULL) { strncpy(tmpreplybuf, http_buf, sizeof(tmpreplybuf) - 1); tmpreplybuf[sizeof(tmpreplybuf) - 1] = 0; @@ -204,7 +223,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha strcat(tmpreplybufptr, http_buf); free(http_buf); http_buf = tmpreplybufptr; - if (debug) printf("http_buf now: %s\n", http_buf); + if (debug) + printf("http_buf now: %s\n", http_buf); } } else { free(http_buf); @@ -212,8 +232,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha } } - //if server cut the connection, just exit cleanly or - //this will be an infinite loop + // if server cut the connection, just exit cleanly or + // this will be an infinite loop if (http_buf == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Server did not answer\n"); @@ -225,19 +245,21 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha if (debug) hydra_report(stderr, "S:%s\n", http_buf); - ptr = ((char *) index(http_buf, ' ')); + ptr = ((char *)index(http_buf, ' ')); if (ptr != NULL) ptr++; if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { #ifdef HAVE_PCRE - if (end_condition_type >= 0 && hydra_string_match(http_buf, end_condition)!=end_condition_type) { + if (end_condition_type >= 0 && hydra_string_match(http_buf, end_condition) != end_condition_type) { #else if (end_condition_type >= 0 && (strstr(http_buf, end_condition) == NULL ? 0 : 1) != end_condition_type) { -#endif - if (debug) hydra_report(stderr, "End condition not match continue.\n"); +#endif + if (debug) + hydra_report(stderr, "End condition not match continue.\n"); hydra_completed_pair(); } else { - if (debug) hydra_report(stderr, "END condition %s match.\n",end_condition); + if (debug) + hydra_report(stderr, "END condition %s match.\n", end_condition); hydra_report_found_host(port, ip, "www", fp); hydra_completed_pair_found(); } @@ -247,11 +269,11 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha } } else { if (ptr != NULL && *ptr != '4') - fprintf(stderr, "[WARNING] Unusual return code: %.3s for %s:%s\n", (char *) ptr, login, pass); + fprintf(stderr, "[WARNING] Unusual return code: %.3s for %s:%s\n", (char *)ptr, login, pass); - //the first authentication type failed, check the type from server header + // the first authentication type failed, check the type from server header if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) { - //seems the auth supported is not Basic scheme so testing further + // seems the auth supported is not Basic scheme so testing further int32_t find_auth = 0; if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) { @@ -266,8 +288,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha #endif if (find_auth) { -// free(http_buf); -// http_buf = NULL; + // free(http_buf); + // http_buf = NULL; free(buffer); free(header); return 1; @@ -275,18 +297,18 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha } hydra_completed_pair(); } -// free(http_buf); -// http_buf = NULL; + // free(http_buf); + // http_buf = NULL; free(buffer); free(header); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; - + return 1; } -void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char *type) { +void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char *type) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; char *ptr, *ptr2; @@ -298,14 +320,14 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI if ((webtarget = strstr(miscptr, "://")) != NULL) { webtarget += strlen("://"); - if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ + if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ *ptr2 = 0; ptr2++; ptr = ptr2; if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) miscptr = ptr; else - miscptr = slash; /* to make things easier to user */ + miscptr = slash; /* to make things easier to user */ } else if ((ptr2 = index(webtarget, '/')) != NULL) { miscptr = malloc(strlen(ptr2) + 1); freemischttp = 1; @@ -313,9 +335,8 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI *ptr2 = 0; } else webtarget = hostname; - } else - if (strlen(miscptr) == 0) - miscptr = strdup("/"); + } else if (strlen(miscptr) == 0) + miscptr = strdup("/"); if (webtarget == NULL) webtarget = hostname; if (port != 0) @@ -333,43 +354,45 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI *ptr++ = 0; optional1 = ptr; - if (!parse_options(optional1, &ptr_head)) // this function is in hydra-http-form.c !! + if (!parse_options(optional1, + &ptr_head)) // this function is in hydra-http-form.c !! run = 4; if (http_auth_mechanism == AUTH_UNASSIGNED) http_auth_mechanism = AUTH_BASIC; - + while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - if (freemischttp) - free(miscptr); - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + if (freemischttp) + free(miscptr); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_http(sock, ip, port, options, miscptr, fp, type, ptr_head); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); if (freemischttp) @@ -386,76 +409,72 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } } -void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_http(ip, sp, options, miscptr, fp, port, hostname, "GET"); -} +void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "GET"); } -void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_http(ip, sp, options, miscptr, fp, port, hostname, "POST"); -} +void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "POST"); } -void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_http(ip, sp, options, miscptr, fp, port, hostname, "HEAD"); -} +void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "HEAD"); } -int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here + /*POU CODE */ + char *start = strstr(miscptr, "F="); + if (start == NULL) + start = strstr(miscptr, "S="); - - /*POU CODE */ - char * start=strstr(miscptr, "F="); - if(start==NULL) - start=strstr(miscptr, "S="); + if (start != NULL) { + if (start[0] == 'F') + end_condition_type = 0; + else + end_condition_type = 1; - if (start !=NULL){ - if(start[0]=='F') - end_condition_type=0; - else - end_condition_type=1; - - int condition_len=strlen(start); - memset(end_condition,0,END_CONDITION_MAX_LEN); - if(condition_len>=END_CONDITION_MAX_LEN){ - hydra_report(stderr,"Condition string cannot be bigger than %u.",END_CONDITION_MAX_LEN); - return -1; - } - //copy condition witout starting string (F= or S= 2char) - strncpy(end_condition, start+2,condition_len-2); - if(debug) - hydra_report(stderr, "End condition is %s, mod is %d\n",end_condition,end_condition_type); - - if(*(start-1)==' ') - start--; - memset(start,'\0',condition_len); - if (debug) - hydra_report(stderr, "Modificated options:%s\n",miscptr); - }else{ - if (debug) - hydra_report(stderr, "Condition not found\n"); + int condition_len = strlen(start); + memset(end_condition, 0, END_CONDITION_MAX_LEN); + if (condition_len >= END_CONDITION_MAX_LEN) { + hydra_report(stderr, "Condition string cannot be bigger than %u.", END_CONDITION_MAX_LEN); + return -1; } - - + // copy condition witout starting string (F= or S= 2char) + strncpy(end_condition, start + 2, condition_len - 2); + if (debug) + hydra_report(stderr, "End condition is %s, mod is %d\n", end_condition, end_condition_type); + if (*(start - 1) == ' ') + start--; + memset(start, '\0', condition_len); + if (debug) + hydra_report(stderr, "Modificated options:%s\n", miscptr); + } else { + if (debug) + hydra_report(stderr, "Condition not found\n"); + } return 0; } -void usage_http(const char* service) { +void usage_http(const char *service) { printf("Module %s requires the page to authenticate.\n" "The following parameters are optional:\n" - " (a|A)=auth-type specify authentication mechanism to use: BASIC, NTLM or MD5\n" - " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" - " (F|S)=check for text in the HTTP reply. S= means if this text is found, a\n" - " valid account has been found, F= means if this string is present the\n" - " combination is invalid. Note: this must be the last option supplied.\n" - "For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", service); + " (a|A)=auth-type specify authentication mechanism to use: BASIC, " + "NTLM or MD5\n" + " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each " + "request\n" + " (F|S)=check for text in the HTTP reply. S= means if this text is " + "found, a\n" + " valid account has been found, F= means if this string is " + "present the\n" + " combination is invalid. Note: this must be the last option " + "supplied.\n" + "For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: " + "sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", + service); } diff --git a/hydra-http.h b/hydra-http.h index b6b4c2b..18a12f0 100644 --- a/hydra-http.h +++ b/hydra-http.h @@ -4,10 +4,10 @@ #include "hydra-mod.h" /* HTTP Header Types */ -#define HEADER_TYPE_USERHEADER 'h' -#define HEADER_TYPE_USERHEADER_REPL 'H' -#define HEADER_TYPE_DEFAULT 'D' -#define HEADER_TYPE_DEFAULT_REPL 'd' +#define HEADER_TYPE_USERHEADER 'h' +#define HEADER_TYPE_USERHEADER_REPL 'H' +#define HEADER_TYPE_DEFAULT 'D' +#define HEADER_TYPE_DEFAULT_REPL 'd' typedef struct header_node t_header_node, *ptr_header_node; @@ -15,7 +15,7 @@ extern char *webtarget; extern char *slash; extern char *optional1; -extern int32_t parse_options(char *miscptr, ptr_header_node * ptr_head); -extern int32_t add_header(ptr_header_node * ptr_head, char *header, char *value, char type); +extern int32_t parse_options(char *miscptr, ptr_header_node *ptr_head); +extern int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char type); extern char *stringify_headers(ptr_header_node *ptr_head); #endif diff --git a/hydra-icq.c b/hydra-icq.c index 86c968c..c59e38a 100644 --- a/hydra-icq.c +++ b/hydra-icq.c @@ -4,32 +4,10 @@ extern char *HYDRA_EXIT; extern int32_t child_head_no; int32_t seq = 1; -const unsigned char icq5_table[] = { - 0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C, - 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F, - 0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50, - 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64, - 0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C, - 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48, 0x33, 0x31, - 0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48, - 0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A, - 0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, - 0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, - 0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50, - 0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35, 0x5A, 0x4A, 0x62, 0x66, - 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58, - 0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C, - 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44, - 0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C, - 0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59, - 0x60, 0x57, 0x5B, 0x3D, 0x3E, 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A, - 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B, - 0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67, - 0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D, - 0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, - 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35, - 0x5A, 0x00, 0x00 -}; +const unsigned char icq5_table[] = {0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C, 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F, 0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64, 0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48, + 0x33, 0x31, 0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A, 0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35, + 0x5A, 0x4A, 0x62, 0x66, 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44, 0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x3E, + 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A, 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67, 0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D, 0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35, 0x5A, 0x00, 0x00}; void fix_packet(char *buf, int32_t len) { unsigned long c1, c2; @@ -141,7 +119,7 @@ int32_t icq_ack(int32_t s, char *login) { return (hydra_send(s, buf, 10, 0)); } -int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *miscptr, FILE * fp) { +int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE *output, char *miscptr, FILE *fp) { unsigned char buf[1024]; char *login, *pass; char *empty = ""; @@ -153,7 +131,7 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis pass = empty; for (i = 0; login[i]; i++) - if (!isdigit((int32_t) login[i])) { + if (!isdigit((int32_t)login[i])) { fprintf(stderr, "[ERROR] Invalid UIN %s\n, ignoring.", login); hydra_completed_pair(); return 2; @@ -162,13 +140,13 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis icq_login(sock, login, pass); while (1) { - if ((r = hydra_recv(sock, (char *) buf, sizeof(buf))) == 0) { + if ((r = hydra_recv(sock, (char *)buf, sizeof(buf))) == 0) { return 1; } if (r < 0) { if (verbose) - fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int32_t) getpid()); + fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int32_t)getpid()); return 3; } @@ -177,9 +155,9 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis hydra_completed_pair_found(); icq_ack(sock, login); icq_login_1(sock, login); - hydra_recv(sock, (char *) buf, sizeof(buf)); + hydra_recv(sock, (char *)buf, sizeof(buf)); icq_ack(sock, login); - hydra_recv(sock, (char *) buf, sizeof(buf)); + hydra_recv(sock, (char *)buf, sizeof(buf)); icq_ack(sock, login); icq_disconnect(sock, login); break; @@ -188,7 +166,8 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis break; } -/* if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0)) */ + /* if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0)) + */ } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -196,7 +175,7 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis return 1; } -void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_ICQ; @@ -221,7 +200,8 @@ void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL sock = hydra_disconnect(sock); sock = hydra_connect_udp(ip, myport); if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; @@ -243,13 +223,13 @@ void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } } -int32_t service_icq_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_icq_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-imap.c b/hydra-imap.c index f9a3822..b93fc6e 100644 --- a/hydra-imap.c +++ b/hydra-imap.c @@ -20,7 +20,8 @@ char *imap_read_server_capacity(int32_t sock) { if (strstr(buf, "CAPABILITY") != NULL && buf[0] == '*') { resp = 1; usleepn(300); - /* we got the capability info then get the completed warning info from server */ + /* we got the capability info then get the completed warning info from + * server */ while (hydra_data_ready(sock)) { free(buf); buf = hydra_receive_line(sock); @@ -30,7 +31,7 @@ char *imap_read_server_capacity(int32_t sock) { buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; - if (isdigit((int32_t) *ptr) && *(ptr + 1) == ' ') { + if (isdigit((int32_t)*ptr) && *(ptr + 1) == ' ') { resp = 1; } } @@ -39,7 +40,7 @@ char *imap_read_server_capacity(int32_t sock) { return buf; } -int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500], *fooptr; @@ -69,7 +70,7 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha } free(buf); strcpy(buffer2, login); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -84,7 +85,7 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha } free(buf); strcpy(buffer2, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); break; @@ -110,220 +111,212 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha #ifdef LIBOPENSSL case AUTH_CRAMMD5: case AUTH_CRAMSHA1: - case AUTH_CRAMSHA256:{ - int32_t rc = 0; - char *preplogin; + case AUTH_CRAMSHA256: { + int32_t rc = 0; + char *preplogin; - rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - if (rc) { - return 3; - } + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + switch (imap_auth_mechanism) { + case AUTH_CRAMMD5: + sprintf(buffer, "%d AUTHENTICATE CRAM-MD5\r\n", counter); + break; + case AUTH_CRAMSHA1: + sprintf(buffer, "%d AUTHENTICATE CRAM-SHA1\r\n", counter); + break; + case AUTH_CRAMSHA256: + sprintf(buffer, "%d AUTHENTICATE CRAM-SHA256\r\n", counter); + break; + } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + // get the one-time BASE64 encoded challenge + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { switch (imap_auth_mechanism) { - case AUTH_CRAMMD5: - sprintf(buffer, "%d AUTHENTICATE CRAM-MD5\r\n", counter); + hydra_report(stderr, "[ERROR] IMAP CRAM-MD5 AUTH : %s\n", buf); break; case AUTH_CRAMSHA1: - sprintf(buffer, "%d AUTHENTICATE CRAM-SHA1\r\n", counter); + hydra_report(stderr, "[ERROR] IMAP CRAM-SHA1 AUTH : %s\n", buf); break; case AUTH_CRAMSHA256: - sprintf(buffer, "%d AUTHENTICATE CRAM-SHA256\r\n", counter); + hydra_report(stderr, "[ERROR] IMAP CRAM-SHA256 AUTH : %s\n", buf); break; } - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - //get the one-time BASE64 encoded challenge - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { - switch (imap_auth_mechanism) { - case AUTH_CRAMMD5: - hydra_report(stderr, "[ERROR] IMAP CRAM-MD5 AUTH : %s\n", buf); - break; - case AUTH_CRAMSHA1: - hydra_report(stderr, "[ERROR] IMAP CRAM-SHA1 AUTH : %s\n", buf); - break; - case AUTH_CRAMSHA256: - hydra_report(stderr, "[ERROR] IMAP CRAM-SHA256 AUTH : %s\n", buf); - break; - } - free(buf); - return 3; - } - - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 2); free(buf); + return 3; + } + + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 2); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + + switch (imap_auth_mechanism) { + case AUTH_CRAMMD5: { + sasl_cram_md5(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + case AUTH_CRAMSHA1: { + sasl_cram_sha1(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + case AUTH_CRAMSHA256: { + sasl_cram_sha256(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + } + hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + + free(preplogin); + } break; + case AUTH_DIGESTMD5: { + sprintf(buffer, "%d AUTHENTICATE DIGEST-MD5\r\n", counter); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + hydra_report(stderr, "[ERROR] IMAP DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf); + free(buf); + + if (debug) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + + fooptr = buffer2; + sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); + if (fooptr == NULL) + return 3; + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + + } break; + case AUTH_SCRAMSHA1: { + char clientfirstmessagebare[200]; + char serverfirstmessage[200]; + char *preplogin; + int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + if (rc) { + return 3; + } + sprintf(buffer, "%d AUTHENTICATE SCRAM-SHA-1\r\n", counter); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + hydra_report(stderr, "[ERROR] IMAP SCRAM-SHA1 AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); + free(preplogin); + memset(buffer2, 0, sizeof(buffer2)); + sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s\r\n", buffer2); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); + free(buf); + return 1; + } else { + /* recover server challenge */ + memset(buffer, 0, sizeof(buffer)); + //+ cj1oeWRyYU9VNVZqcHQ5RjNqcmVXRVFWTCxzPWhGbTNnRGw0akdidzJVVHosaT00MDk2 + from64tobits((char *)buffer, buf + 2); + free(buf); + strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); + serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; memset(buffer2, 0, sizeof(buffer2)); - - switch (imap_auth_mechanism) { - case AUTH_CRAMMD5:{ - sasl_cram_md5(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - case AUTH_CRAMSHA1:{ - sasl_cram_sha1(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - case AUTH_CRAMSHA256:{ - sasl_cram_sha256(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - } - hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); - - char tmp_buffer[sizeof(buffer)]; - sprintf(tmp_buffer, "%.250s\r\n", buffer); - strcpy(buffer, tmp_buffer); - - free(preplogin); - } - break; - case AUTH_DIGESTMD5:{ - sprintf(buffer, "%d AUTHENTICATE DIGEST-MD5\r\n", counter); - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { - hydra_report(stderr, "[ERROR] IMAP DIGEST-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf); - free(buf); - - if (debug) - hydra_report(stderr, "DEBUG S: %s\n", buffer); - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); - if (fooptr == NULL) - return 3; - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer2); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); + if (fooptr == NULL) { + hydra_report(stderr, "[ERROR] Can't compute client response\n"); + return 1; + } + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s\r\n", buffer2); - } - break; - case AUTH_SCRAMSHA1:{ - char clientfirstmessagebare[200]; - char serverfirstmessage[200]; - char *preplogin; - int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - - if (rc) { - return 3; - } - sprintf(buffer, "%d AUTHENTICATE SCRAM-SHA-1\r\n", counter); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { - hydra_report(stderr, "[ERROR] IMAP SCRAM-SHA1 AUTH : %s\n", buf); - free(buf); - return 3; - } - free(buf); - - snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); - free(preplogin); - memset(buffer2, 0, sizeof(buffer2)); - sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - snprintf(buffer, sizeof(buffer), "%s\r\n", buffer2); - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - buf = hydra_receive_line(s); - if (buf == NULL) - return 1; - if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { - if (verbose || debug) - hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); - free(buf); - return 1; - } else { - /* recover server challenge */ - memset(buffer, 0, sizeof(buffer)); - //+ cj1oeWRyYU9VNVZqcHQ5RjNqcmVXRVFWTCxzPWhGbTNnRGw0akdidzJVVHosaT00MDk2 - from64tobits((char *) buffer, buf + 2); - free(buf); - strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); - serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; - - memset(buffer2, 0, sizeof(buffer2)); - fooptr = buffer2; - sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); - if (fooptr == NULL) { - hydra_report(stderr, "[ERROR] Can't compute client response\n"); - return 1; - } - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s\r\n", buffer2); - } - } - break; + } break; #endif - case AUTH_NTLM:{ - unsigned char buf1[4096]; - unsigned char buf2[4096]; + case AUTH_NTLM: { + unsigned char buf1[4096]; + unsigned char buf2[4096]; - //Send auth request - sprintf(buffer, "%d AUTHENTICATE NTLM\r\n", counter); + // Send auth request + sprintf(buffer, "%d AUTHENTICATE NTLM\r\n", counter); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { - hydra_report(stderr, "[ERROR] IMAP NTLM AUTH : %s\n", buf); - free(buf); - return 3; - } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + hydra_report(stderr, "[ERROR] IMAP NTLM AUTH : %s\n", buf); free(buf); - //send auth and receive challenge - //send auth request: lst the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); - - sprintf(buffer, "%s\r\n", buf1); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strlen(buf) < 6) { - free(buf); - return 1; - } - - //recover challenge - from64tobits((char *) buf1, buf + 2); - free(buf); - - //Send response - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - - sprintf(buffer, "%s\r\n", buf1); + return 3; } - break; + free(buf); + // send auth and receive challenge + // send auth request: lst the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); + + sprintf(buffer, "%s\r\n", buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strlen(buf) < 6) { + free(buf); + return 1; + } + + // recover challenge + from64tobits((char *)buf1, buf + 2); + free(buf); + + // Send response + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + + sprintf(buffer, "%s\r\n", buf1); + } break; default: - //clear authentication + // clear authentication sprintf(buffer, "%d LOGIN \"%.100s\" \"%.100s\"\r\n", counter, login, pass); } @@ -353,7 +346,7 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha return 1; } -void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 1; char *buffer1 = "1 CAPABILITY\r\n"; @@ -363,10 +356,10 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(275); + // usleepn(275); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -380,12 +373,12 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); - if ((buf == NULL) || (strstr(buf, "OK") == NULL && buf[0] != '*')) { /* check the first line */ + if ((buf == NULL) || (strstr(buf, "OK") == NULL && buf[0] != '*')) { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an IMAP protocol or service shutdown:\n"); if (buf != NULL) @@ -407,7 +400,7 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI int32_t i; for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int32_t) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) { disable_tls = 0; @@ -415,14 +408,16 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } #ifdef LIBOPENSSL if (!disable_tls) { - /* check for STARTTLS, if available we may have access to more basic auth methods */ + /* check for STARTTLS, if available we may have access to more basic + * auth methods */ if (strstr(buf, "STARTTLS") != NULL) { hydra_send(sock, "2 STARTTLS\r\n", strlen("2 STARTTLS\r\n"), 0); counter++; free(buf); buf = hydra_receive_line(sock); if (buf == NULL || (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL)) { - hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer " + "received from STARTTLS request\n"); } else { free(buf); if ((hydra_connect_to_ssl(sock, hostname) == -1)) { @@ -444,15 +439,16 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI hydra_child_exit(2); } } else - hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is " + "not supported by the server\n"); } #endif if (verbose) hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); - //authentication should be listed AUTH= like in the extract below - //STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 + // authentication should be listed AUTH= like in the extract below + // STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=NTLM") != NULL)) { imap_auth_mechanism = AUTH_NTLM; } @@ -487,7 +483,6 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI free(buf); if ((miscptr != NULL) && (strlen(miscptr) > 0)) { - if (strstr(miscptr, "CLEAR")) imap_auth_mechanism = AUTH_CLEAR; @@ -554,11 +549,11 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_imap(sock, ip, port, options, miscptr, fp); counter++; break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -571,13 +566,13 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } } -int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -585,8 +580,11 @@ int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *mis return 0; } -void usage_imap(const char* service) { +void usage_imap(const char *service) { printf("Module imap is optionally taking one authentication type of:\n" " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); + " CRAM-SHA256, DIGEST-MD5, NTLM\n" + "Additionally TLS encryption via STARTTLS can be enforced with the " + "TLS option.\n\n" + "Example: imap://target/TLS:PLAIN\n"); } diff --git a/hydra-irc.c b/hydra-irc.c index 4111b86..d56eec4 100644 --- a/hydra-irc.c +++ b/hydra-irc.c @@ -10,7 +10,7 @@ extern char *HYDRA_EXIT; char buffer[300] = ""; int32_t myport = PORT_IRC, mysslport = PORT_IRC_SSL; -int32_t start_oper_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_oper_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; int32_t ret; @@ -52,7 +52,7 @@ int32_t send_nick(int32_t s, char *ip, char *pass) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return -1; } - sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int32_t) getpid(), (int32_t) getpid(), hydra_address2string(ip)); + sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int32_t)getpid(), (int32_t)getpid(), hydra_address2string(ip)); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return -1; } @@ -62,7 +62,7 @@ int32_t send_nick(int32_t s, char *ip, char *pass) { int32_t irc_server_connect(char *ip, int32_t sock, int32_t port, unsigned char options, char *hostname) { if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(275); + // usleepn(275); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -77,7 +77,7 @@ int32_t irc_server_connect(char *ip, int32_t sock, int32_t port, unsigned char o return sock; } -int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname) { +int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) { char *empty = ""; char *pass; int32_t ret; @@ -87,7 +87,7 @@ int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, s = irc_server_connect(ip, s, port, options, hostname); if (s < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); return 3; } @@ -105,10 +105,16 @@ int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, #endif hydra_report_pass_found(port, ip, "irc", fp); hydra_completed_pair_found(); - hydra_report(stderr, "[INFO] Server password '%s' is working, you can pass it as argument\nto irc module to then try login/password oper mode\n", pass); + hydra_report(stderr, + "[INFO] Server password '%s' is working, you can pass it as " + "argument\nto irc module to then try login/password oper mode\n", + pass); } else { if (verbose && (miscptr != NULL)) - hydra_report(stderr, "[VERBOSE] Server is requesting a general password, '%s' you entered is not working\n", miscptr); + hydra_report(stderr, + "[VERBOSE] Server is requesting a general password, '%s' " + "you entered is not working\n", + miscptr); hydra_completed_pair(); } @@ -117,7 +123,7 @@ int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, return 4; } -void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1, ret; char *buf; @@ -128,11 +134,11 @@ void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ sock = irc_server_connect(ip, sock, port, options, hostname); if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -147,7 +153,7 @@ void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL if ((ret = hydra_recv(sock, buffer, sizeof(buffer) - 1)) >= 0) buffer[ret] = 0; - /* ERROR :Bad password */ + /* ERROR :Bad password */ #ifdef HAVE_PCRE if ((ret > 0) && (hydra_string_match(buffer, "ERROR\\s.*password"))) { #else @@ -180,19 +186,23 @@ void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL hydra_child_exit(0); } - /* ERROR :Bad password is returned from ngircd when it s waiting for a server password */ + /* ERROR :Bad password is returned from ngircd when it s waiting for a + * server password */ if ((ret > 0) && (strstr(buffer, " 001 ") == NULL)) { /* seems we not successfully connected */ - hydra_report(stderr, "[ERROR] should not be able to identify server msg, please report it\n%s\n", buffer); + hydra_report(stderr, + "[ERROR] should not be able to identify server msg, " + "please report it\n%s\n", + buffer); hydra_child_exit(0); } next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_oper_irc(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -208,13 +218,13 @@ void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } } -int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -222,6 +232,8 @@ int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *misc return 0; } -void usage_irc(const char* service) { - printf("Module irc is optionally taking the general server password, if the server is requiring one, and if none is passed the password from -p/-P will be used\n\n"); +void usage_irc(const char *service) { + printf("Module irc is optionally taking the general server password, if the " + "server is requiring one, and if none is passed the password from " + "-p/-P will be used\n\n"); } diff --git a/hydra-ldap.c b/hydra-ldap.c index d04d180..4f79365 100644 --- a/hydra-ldap.c +++ b/hydra-ldap.c @@ -7,7 +7,7 @@ unsigned char *buf; int32_t counter; int32_t tls_required = 0; -int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char version, int32_t auth_method) { +int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char version, int32_t auth_method) { char *empty = ""; char *login = "", *pass, *fooptr = ""; unsigned char buffer[512]; @@ -18,7 +18,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha The LDAP "simple" method has three modes of operation: * anonymous= no user no pass * unauthenticated= user but no pass - * user/password authenticated= user and pass + * user/password authenticated= user and pass */ if ((miscptr != NULL) && (ldap_auth_mechanism == AUTH_CLEAR)) { @@ -65,9 +65,9 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha if (ldap_auth_mechanism == AUTH_CLEAR) { buffer[11] = strlen(login); /* DN */ memcpy(&buffer[12], login, strlen(login)); - buffer[12 + strlen(login)] = (unsigned char) 128; + buffer[12 + strlen(login)] = (unsigned char)128; buffer[13 + strlen(login)] = strlen(pass); - memcpy(&buffer[14 + strlen(login)], pass, strlen(pass)); /* PASS */ + memcpy(&buffer[14 + strlen(login)], pass, strlen(pass)); /* PASS */ } else { char *authm = "DIGEST-MD5"; @@ -79,7 +79,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha miscptr[sizeof(buffer) - 16 - strlen(authm)] = '\0'; } - buffer[11] = strlen(miscptr); /* DN */ + buffer[11] = strlen(miscptr); /* DN */ memcpy(&buffer[12], miscptr, strlen(miscptr)); buffer[12 + strlen(miscptr)] = 163; buffer[13 + strlen(miscptr)] = 2 + strlen(authm); @@ -87,9 +87,9 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha buffer[15 + strlen(miscptr)] = strlen(authm); memcpy(&buffer[16 + strlen(miscptr)], authm, strlen(authm)); } - if (hydra_send(s, (char *) buffer, length, 0) < 0) + if (hydra_send(s, (char *)buffer, length, 0) < 0) return 1; - if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) return 1; if (buf[0] != 0 && buf[0] != 32 && buf[9] == 2) { @@ -115,13 +115,13 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha } #ifdef LIBOPENSSL -/* one more step auth for CRAM and DIGEST */ + /* one more step auth for CRAM and DIGEST */ if (ldap_auth_mechanism == AUTH_CRAMMD5) { /* get the challenge, need to extract it */ char *ptr; char buf2[32]; - ptr = strstr((char *) buf, "<"); + ptr = strstr((char *)buf, "<"); fooptr = buf2; sasl_cram_md5(fooptr, pass, ptr); if (fooptr == NULL) @@ -148,7 +148,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha buffer[9] = version; buffer[10] = 4; - buffer[11] = strlen(miscptr); /* DN */ + buffer[11] = strlen(miscptr); /* DN */ memcpy(&buffer[12], miscptr, strlen(miscptr)); buffer[12 + strlen(miscptr)] = 163; buffer[13 + strlen(miscptr)] = 2 + strlen("CRAM-MD5") + 2 + strlen(login) + 1 + strlen(buf2); @@ -161,10 +161,10 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login)] = ' '; memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login) + 1], buf2, strlen(buf2)); - if (hydra_send(s, (char *) buffer, length, 0) < 0) + if (hydra_send(s, (char *)buffer, length, 0) < 0) return 1; free(buf); - if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) return 1; } else { if (ldap_auth_mechanism == AUTH_DIGESTMD5) { @@ -172,7 +172,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha char buffer2[500]; int32_t ind = 0; - ptr = strstr((char *) buf, "realm="); + ptr = strstr((char *)buf, "realm="); counter++; if (strstr(miscptr, "^USER^") != NULL) { @@ -213,7 +213,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha ind++; buffer[ind] = counter % 256; ind++; - buffer[ind] = 96; /*0x60 */ + buffer[ind] = 96; /*0x60 */ ind++; buffer[ind] = 130; ind++; @@ -240,9 +240,9 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha buffer[ind] = strlen(miscptr); ind++; memcpy(&buffer[ind], miscptr, strlen(miscptr)); - /*DN*/ buffer[ind + strlen(miscptr)] = 163; //0xa3 + /*DN*/ buffer[ind + strlen(miscptr)] = 163; // 0xa3 ind++; - buffer[ind + strlen(miscptr)] = 130; //0x82 + buffer[ind + strlen(miscptr)] = 130; // 0x82 ind++; if (strlen(buffer2) + 6 + strlen("DIGEST-MD5") > 255) { @@ -279,10 +279,10 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha memcpy(&buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")], buffer2, strlen(buffer2)); ind++; - if (hydra_send(s, (char *) buffer, length, 0) < 0) + if (hydra_send(s, (char *)buffer, length, 0) < 0) return 1; free(buf); - if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) return 1; } } @@ -306,21 +306,27 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 53) { if (verbose) - hydra_report(stderr, "[VERBOSE] Server unwilling to perform action, maybe deny by server config or too busy when tried login: %s password: %s\n", login, pass); + hydra_report(stderr, + "[VERBOSE] Server unwilling to perform action, maybe deny by server " + "config or too busy when tried login: %s password: %s\n", + login, pass); free(buf); return 1; } if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 2) { - hydra_report(stderr, "[ERROR] Invalid protocol version, you tried ldap%c, better try ldap%c\n", version + '0', version == 2 ? '3' : '2'); + hydra_report(stderr, + "[ERROR] Invalid protocol version, you tried ldap%c, better " + "try ldap%c\n", + version + '0', version == 2 ? '3' : '2'); free(buf); hydra_child_exit(2); sleep(1); hydra_child_exit(2); } -//0 0x30, 0x84, 0x20, 0x20, 0x20, 0x10, 0x02, 0x01, -//8 0x01, 0x61, 0x84, 0x20, 0x20, 0x20, 0x07, 0x0a, -//16 0x01, 0x20, 0x04, 0x20, 0x04, 0x20, 0x00, 0x00, + // 0 0x30, 0x84, 0x20, 0x20, 0x20, 0x10, 0x02, 0x01, + // 8 0x01, 0x61, 0x84, 0x20, 0x20, 0x20, 0x07, 0x0a, + // 16 0x01, 0x20, 0x04, 0x20, 0x04, 0x20, 0x00, 0x00, // this is for w2k8 active directory ldap auth if (buf[0] == 48 && buf[1] == 132) { @@ -335,10 +341,9 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha } } } else { - if (buf[9] != 49 && buf[9] != 2 && buf[9] != 53) { hydra_report(stderr, "[ERROR] Uh, unknown LDAP response! Please report this: \n"); - print_hex((unsigned char *) buf, 24); + print_hex((unsigned char *)buf, 24); free(buf); return 3; } @@ -351,7 +356,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha return 2; } -void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char version, int32_t auth_method) { +void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char version, int32_t auth_method) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_LDAP, mysslport = PORT_LDAP_SSL; @@ -360,10 +365,10 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(275); + // usleepn(275); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -377,18 +382,20 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } counter = 1; if (tls_required) { - /* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC 2830 */ - char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37"; + /* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC + * 2830 */ + char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31" + "\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37"; if (hydra_send(sock, confidentiality_required, strlen(confidentiality_required), 0) < 0) hydra_child_exit(1); - if ((buf = (unsigned char *) hydra_receive_line(sock)) == NULL) + if ((buf = (unsigned char *)hydra_receive_line(sock)) == NULL) hydra_child_exit(1); if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) { @@ -410,11 +417,11 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_ldap(sock, ip, port, options, miscptr, fp, hostname, version, auth_method); counter++; break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -427,47 +434,46 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } } -void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_ldap(ip, sp, options, miscptr, fp, port, hostname, 2, AUTH_CLEAR); -} +void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 2, AUTH_CLEAR); } -void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CLEAR); -} +void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CLEAR); } -void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CRAMMD5); -} +void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CRAMMD5); } -void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_DIGESTMD5); -} +void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_DIGESTMD5); } -int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here if (miscptr != NULL && strlen(miscptr) > 220) { - fprintf(stderr, "[ERROR] the option string to this module may not be larger than 220 bytes\n"); + fprintf(stderr, "[ERROR] the option string to this module may not be " + "larger than 220 bytes\n"); return -1; } return 0; } -void usage_ldap(const char* service) { - printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" - "Note: you can also specify the DN as login when Simple auth method is used).\n" +void usage_ldap(const char *service) { + printf("Module %s is optionally taking the DN (depending of the auth method " + "choosed\n" + "Note: you can also specify the DN as login when Simple auth method " + "is used).\n" "The keyword \"^USER^\" is replaced with the login.\n" - "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" - "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" + "Special notes for Simple method has 3 operation modes: anonymous, " + "(no user no pass),\n" + "unauthenticated (user but no pass), user/pass authenticated (user " + "and pass).\n" "So don't forget to set empty string as user/pass to test all modes.\n" - "Hint: to authenticate to a windows active directory ldap, this is usually\n" - " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", service); + "Hint: to authenticate to a windows active directory ldap, this is " + "usually\n" + " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", + service); } diff --git a/hydra-memcached.c b/hydra-memcached.c index 9065c1e..ca21d26 100644 --- a/hydra-memcached.c +++ b/hydra-memcached.c @@ -1,5 +1,5 @@ -//This plugin was written by -//Tested on memcached 1.5.6-0ubuntu1 +// This plugin was written by +// Tested on memcached 1.5.6-0ubuntu1 #ifdef LIBMCACHED #include @@ -8,9 +8,7 @@ #include "hydra-mod.h" #ifndef LIBMCACHED -void dummy_mcached() { - printf("\n"); -} +void dummy_mcached() { printf("\n"); } #else extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); @@ -33,9 +31,7 @@ int mcached_send_com_version(int32_t sock) { return 0; } - - -int32_t start_mcached(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_mcached(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; @@ -93,7 +89,7 @@ int32_t start_mcached(int32_t s, char *ip, int32_t port, unsigned char options, memcached_free(cache); hydra_completed_pair_skip(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { - return 3; + return 3; } return 2; } @@ -109,7 +105,7 @@ int32_t start_mcached(int32_t s, char *ip, int32_t port, unsigned char options, return 2; } -void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); @@ -127,14 +123,15 @@ void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, return; default: if (!verbose) - hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n"); + hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose " + "option for more details\n"); hydra_child_exit(2); } run = next_run; } } -int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. @@ -150,7 +147,7 @@ int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char * if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Can not connect\n"); - return -1; + return -1; } if (mcached_send_com_version(sock)) { @@ -160,16 +157,16 @@ int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char * } if (hydra_data_ready_timed(sock, 0, 1000) > 0) { - buf = hydra_receive_line(sock); - if (strstr(buf, "VERSION ")) { - hydra_report_found_host(port, ip, "memcached", fp); - mcached_send_com_quit(sock); - if (sock >= 0) - sock = hydra_disconnect(sock); - hydra_report(stderr, "[ERROR] Memcached server does not require any authentication\n"); - } - free(buf); - return -1; + buf = hydra_receive_line(sock); + if (strstr(buf, "VERSION ")) { + hydra_report_found_host(port, ip, "memcached", fp); + mcached_send_com_quit(sock); + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_report(stderr, "[ERROR] Memcached server does not require any authentication\n"); + } + free(buf); + return -1; } if (sock >= 0) sock = hydra_disconnect(sock); diff --git a/hydra-mod.c b/hydra-mod.c index f9b1358..65f7725 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -1,10 +1,10 @@ #include "hydra-mod.h" #include #ifdef LIBOPENSSL -#include -#include #include +#include #include +#include #endif #ifdef HAVE_PCRE #include @@ -15,17 +15,17 @@ #define HYDRA_DUMP_ROWS 16 /* rfc 1928 SOCKS proxy */ -#define SOCKS_V5 5 -#define SOCKS_V4 4 -#define SOCKS_NOAUTH 0 +#define SOCKS_V5 5 +#define SOCKS_V4 4 +#define SOCKS_NOAUTH 0 /* http://tools.ietf.org/html/rfc1929 */ -#define SOCKS_PASSAUTH 2 -#define SOCKS_NOMETHOD 0xff -#define SOCKS_CONNECT 1 -#define SOCKS_IPV4 1 -#define SOCKS_DOMAIN 3 -#define SOCKS_IPV6 4 +#define SOCKS_PASSAUTH 2 +#define SOCKS_NOMETHOD 0xff +#define SOCKS_CONNECT 1 +#define SOCKS_IPV4 1 +#define SOCKS_DOMAIN 3 +#define SOCKS_IPV6 4 extern int32_t conwait; char quiet; @@ -56,26 +56,29 @@ RSA *rsa = NULL; #endif /* prototype */ -int32_t my_select(int32_t fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec); +int32_t my_select(int32_t fd, fd_set *fdread, fd_set *fdwrite, fd_set *fdex, long sec, long usec); /* ----------------- alarming functions ---------------- */ void alarming() { fail++; alarm_went_off++; -/* uh, I think it's not good for performance if we try to reconnect to a timeout system! - * if (fail > MAX_CONNECT_RETRY) { - */ - //fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", (int32_t) getpid()); + /* uh, I think it's not good for performance if we try to reconnect to a + * timeout system! if (fail > MAX_CONNECT_RETRY) { + */ + // fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", + // (int32_t) getpid()); if (debug) printf("DEBUG_CONNECT_TIMEOUT\n"); hydra_child_exit(1); -/* - * } else { - * if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], retrying (%d of %d retries)\n", (int32_t)getpid(), fail, MAX_CONNECT_RETRY); - * } - */ + /* + * } else { + * if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], + * retrying (%d of %d retries)\n", (int32_t)getpid(), fail, + * MAX_CONNECT_RETRY); + * } + */ } void interrupt() { @@ -96,11 +99,11 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t struct sockaddr_in sin; char *buf, *tmpptr = NULL; int32_t err = 0; - + if (proxy_count > 0 && use_proxy > 0 && selected_proxy == -1) { reset_selected = 1; selected_proxy = random() % proxy_count; - } + } memset(&target, 0, sizeof(target)); memset(&sin, 0, sizeof(sin)); @@ -133,14 +136,14 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t sin.sin_addr.s_addr = INADDR_ANY; } - //we will try to find a free port down to 512 + // we will try to find a free port down to 512 while (!bind_ok && src_port >= 512) { #ifdef AF_INET6 if (ipv6) - ret = bind(s, (struct sockaddr *) &sin6, sizeof(sin6)); + ret = bind(s, (struct sockaddr *)&sin6, sizeof(sin6)); else #endif - ret = bind(s, (struct sockaddr *) &sin, sizeof(sin)); + ret = bind(s, (struct sockaddr *)&sin, sizeof(sin)); if (ret == -1) { if (verbose) @@ -167,7 +170,6 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t } } if (use_proxy > 0 && proxy_count > 0) { - if (proxy_string_ip[selected_proxy][0] == 4) { memcpy(&target.sin_addr.s_addr, &proxy_string_ip[selected_proxy][1], 4); target.sin_family = AF_INET; @@ -214,18 +216,21 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t #endif if (ipv6) - ret = connect(s, (struct sockaddr *) &target6, sizeof(target6)); + ret = connect(s, (struct sockaddr *)&target6, sizeof(target6)); else #endif - ret = connect(s, (struct sockaddr *) &target, sizeof(target)); + ret = connect(s, (struct sockaddr *)&target, sizeof(target)); alarm(0); if (ret < 0 && alarm_went_off == 0) { fail++; - if (verbose ) { + if (verbose) { if (do_retry && fail <= MAX_CONNECT_RETRY) - fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int32_t) getpid(), fail, MAX_CONNECT_RETRY); + fprintf(stderr, + "Process %d: Can not connect [unreachable], retrying (%d " + "of %d retries)\n", + (int32_t)getpid(), fail, MAX_CONNECT_RETRY); else - fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int32_t) getpid()); + fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int32_t)getpid()); } } } while (ret < 0 && fail <= MAX_CONNECT_RETRY && do_retry); @@ -233,10 +238,11 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t if (debug) printf("DEBUG_CONNECT_UNREACHABLE\n"); -/* we wont quit here, thats up to the module to decide what to do - * fprintf(stderr, "Process %d: Can not connect [unreachable], process exiting\n", (int32_t)getpid()); - * hydra_child_exit(1); - */ + /* we wont quit here, thats up to the module to decide what to do + * fprintf(stderr, "Process %d: Can not connect + * [unreachable], process exiting\n", (int32_t)getpid()); + * hydra_child_exit(1); + */ extern_socket = -1; close(s); ret = -1; @@ -280,7 +286,10 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t else snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port); else if (host[0] == 16) - snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication[selected_proxy]); + snprintf(buf, 4096, + "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic " + "%s\r\n\r\n", + hydra_address2string(host), port, proxy_authentication[selected_proxy]); else snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication[selected_proxy]); @@ -302,10 +311,10 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t fprintf(stderr, "[ERROR] CONNECT call to proxy failed with code %c%c%c\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2)); err = 1; } -// free(buf); + // free(buf); } else { if (hydra_strcasestr(proxy_string_type[selected_proxy], "socks5")) { -// char buf[1024]; + // char buf[1024]; size_t cnt, wlen; /* socks v5 support */ @@ -325,19 +334,20 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); err = 1; } - if ((unsigned char) buf[1] == SOCKS_NOMETHOD) { - hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n"); + if ((unsigned char)buf[1] == SOCKS_NOMETHOD) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method " + "negotiation failed\n"); err = 1; } /* SOCKS_DOMAIN not supported here, do we need it ? */ if (err != 1) { /* send user/pass */ if (proxy_authentication[selected_proxy] != NULL) { - //format was checked previously + // format was checked previously char *login = strtok(proxy_authentication[selected_proxy], ":"); char *pass = strtok(NULL, ":"); - snprintf(buf, 4096, "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); + snprintf(buf, 4096, "\x01%c%s%c%s", (char)strlen(login), login, (char)strlen(pass), pass); cnt = hydra_send(s, buf, strlen(buf), 0); if (cnt != strlen(buf)) { @@ -408,15 +418,15 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t hydra_report(stderr, "[ERROR] SOCKS4 proxy does not support IPv6\n"); err = 1; } else { -// char buf[1024]; + // char buf[1024]; size_t cnt, wlen; /* socks v4 support */ buf[0] = SOCKS_V4; - buf[1] = SOCKS_CONNECT; /* connect */ + buf[1] = SOCKS_CONNECT; /* connect */ memcpy(buf + 2, &target.sin_port, sizeof target.sin_port); memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr); - buf[8] = 0; /* empty username */ + buf[8] = 0; /* empty username */ wlen = 9; cnt = hydra_send(s, buf, wlen, 0); if (cnt != wlen) { @@ -439,7 +449,10 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t } } } else { - hydra_report(stderr, "[ERROR] Unknown proxy type: %s, valid type are \"connect\", \"socks4\" or \"socks5\"\n", proxy_string_type[selected_proxy]); + hydra_report(stderr, + "[ERROR] Unknown proxy type: %s, valid type are " + "\"connect\", \"socks4\" or \"socks5\"\n", + proxy_string_type[selected_proxy]); err = 1; } } @@ -465,24 +478,24 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t } #if defined(LIBOPENSSL) && !defined(LIBRESSL_VERSION_NUMBER) -RSA *ssl_temp_rsa_cb(SSL * ssl, int32_t export, int32_t keylength) { +RSA *ssl_temp_rsa_cb(SSL *ssl, int32_t export, int32_t keylength) { int32_t nok = 0; #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L BIGNUM *n; if ((n = BN_new()) == NULL) - nok = 1; + nok = 1; RSA_get0_key(rsa, (const struct bignum_st **)&n, NULL, NULL); BN_zero(n); #else if (rsa->n == 0) nok = 1; #endif - if (nok == 0 && RSA_size(rsa)!=(keylength/8)){ // n is not zero -#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L - BN_free(n); + if (nok == 0 && RSA_size(rsa) != (keylength / 8)) { // n is not zero +#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L + BN_free(n); #endif - RSA_free(rsa); - rsa = NULL; + RSA_free(rsa); + rsa = NULL; } if (nok != 0) { // n is zero #if defined(NO_RSA_LEGACY) || OPENSSL_VERSION_NUMBER >= 0x10100000L @@ -507,8 +520,8 @@ int32_t internal__hydra_connect_to_ssl(int32_t socket, char *hostname) { if (ssl_first) { SSL_load_error_strings(); -// SSL_add_ssl_algoritms(); - SSL_library_init(); // ? + // SSL_add_ssl_algoritms(); + SSL_library_init(); // ? ssl_first = 0; } @@ -524,11 +537,11 @@ int32_t internal__hydra_connect_to_ssl(int32_t socket, char *hostname) { } } else { #ifndef TLSv1_2_client_method - #if OPENSSL_VERSION_NUMBER < 0x10100000L - #define TLSv1_2_client_method TLSv1_2_client_method - #else - #define TLSv1_2_client_method TLS_client_method - #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define TLSv1_2_client_method TLSv1_2_client_method +#else +#define TLSv1_2_client_method TLS_client_method +#endif #endif if ((sslContext = SSL_CTX_new(TLSv1_2_client_method())) == NULL) { if (verbose) { @@ -540,11 +553,11 @@ int32_t internal__hydra_connect_to_ssl(int32_t socket, char *hostname) { } /* set the compatbility mode */ SSL_CTX_set_options(sslContext, SSL_OP_ALL); -// SSL_CTX_set_options(sslContext, SSL_OP_NO_SSLv2); -// SSL_CTX_set_options(sslContext, SSL_OP_NO_TLSv1); + // SSL_CTX_set_options(sslContext, SSL_OP_NO_SSLv2); + // SSL_CTX_set_options(sslContext, SSL_OP_NO_TLSv1); /* we set the default verifiers and don't care for the results */ - (void) SSL_CTX_set_default_verify_paths(sslContext); + (void)SSL_CTX_set_default_verify_paths(sslContext); #if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_CTX_set_tmp_rsa_callback(sslContext, ssl_temp_rsa_cb); #endif @@ -567,7 +580,7 @@ int32_t internal__hydra_connect_to_ssl(int32_t socket, char *hostname) { SSL_set_fd(ssl, socket); if (SSL_connect(ssl) <= 0) { -// fprintf(stderr, "[ERROR] SSL Connect %d\n", SSL_connect(ssl)); + // fprintf(stderr, "[ERROR] SSL Connect %d\n", SSL_connect(ssl)); if (verbose) { err = ERR_get_error(); fprintf(stderr, "[VERBOSE] Could not create an SSL session: %s\n", ERR_error_string(err, NULL)); @@ -618,34 +631,34 @@ void hydra_child_exit(int32_t code) { if (debug) printf("[DEBUG] pid %d called child_exit with code %d\n", getpid(), code); - if (code == 0) /* normal quitting */ + if (code == 0) /* normal quitting */ __fck = write(intern_socket, "Q", 1); - else if (code == 1) /* no connect possible */ + else if (code == 1) /* no connect possible */ __fck = write(intern_socket, "C", 1); - else if (code == 2) /* application protocol error or service shutdown */ + else if (code == 2) /* application protocol error or service shutdown */ __fck = write(intern_socket, "E", 1); - // code 3 means exit without telling mommy about it - a bad idea. mommy should know + // code 3 means exit without telling mommy about it - a bad idea. mommy should + // know else if (code == -1 || code > 3) { - fprintf(stderr, "[TOTAL FUCKUP] a module should not use hydra_child_exit(-1) ! Fix it in the source please ...\n"); + fprintf(stderr, "[TOTAL FUCKUP] a module should not use " + "hydra_child_exit(-1) ! Fix it in the source please ...\n"); __fck = write(intern_socket, "E", 1); } do { usleepn(10); } while (read(intern_socket, buf, 1) <= 0); close(intern_socket); -// sleep(2); // be sure that mommy receives our message - exit(0); // might be killed before reaching this + // sleep(2); // be sure that mommy receives our message + exit(0); // might be killed before reaching this } -void hydra_register_socket(int32_t s) { - intern_socket = s; -} +void hydra_register_socket(int32_t s) { intern_socket = s; } char *hydra_get_next_pair() { if (pair[0] == 0) { pair[sizeof(pair) - 1] = 0; __fck = read(intern_socket, pair, sizeof(pair) - 1); - //if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR"); + // if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR"); if (memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0) return HYDRA_EXIT; if (pair[0] == 0) @@ -697,7 +710,7 @@ void hydra_completed_pair_skip() { /* based on writeError from Medusa project */ -void hydra_report_debug(FILE * st, char *format, ...) { +void hydra_report_debug(FILE *st, char *format, ...) { va_list ap; char buf[8200]; char bufOut[33000]; @@ -716,7 +729,7 @@ void hydra_report_debug(FILE * st, char *format, ...) { // Convert any chars less than 32d or greater than 126d to hex for (i = 0; i < len; i++) { memset(temp, 0, 6); - cTemp = (unsigned char) buf[i]; + cTemp = (unsigned char)buf[i]; if (cTemp < 32 || cTemp > 126) { sprintf(temp, "[%02X]", cTemp); } else @@ -733,96 +746,99 @@ void hydra_report_debug(FILE * st, char *format, ...) { return; } -void hydra_report_found(int32_t port, char *svc, FILE * fp) { -/* - if (!strcmp(svc, "rsh")) - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login()); - else - fprintf(fp, "[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); - else if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); - else - fprintf(fp, "[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); - - if (stdout != fp) { +void hydra_report_found(int32_t port, char *svc, FILE *fp) { + /* if (!strcmp(svc, "rsh")) - printf("[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); - else - printf("[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); - } + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m\n", + port, svc, hydra_get_next_login()); else fprintf(fp, "[%d][%s] login: %s\n", + port, svc, hydra_get_next_login()); else if (colored_output) fprintf(fp, + "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m password: + \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(), + hydra_get_next_password()); else fprintf(fp, "[%d][%s] login: %s password: + %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); - fflush(fp); -*/ + if (stdout != fp) { + if (!strcmp(svc, "rsh")) + printf("[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); + else + printf("[%d][%s] login: %s password: %s\n", port, svc, + hydra_get_next_login(), hydra_get_next_password()); + } + + fflush(fp); + */ } /* needed for irc module to display the general server password */ -void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE * fp) { -/* - strcpy(ipaddr_str, hydra_address2string(ip)); - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); - else - fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); - if (stdout != fp) - printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); - fflush(fp); -*/ +void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE *fp) { + /* + strcpy(ipaddr_str, hydra_address2string(ip)); + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: + \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else + fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, + hydra_get_next_password()); if (stdout != fp) printf("[%d][%s] host: %s + password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + fflush(fp); + */ } -void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE * fp) { -/* char *keyw = "password"; +void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE *fp) { + /* char *keyw = "password"; - strcpy(ipaddr_str, hydra_address2string(ip)); - if (!strcmp(svc, "smtp-enum")) - keyw = "domain"; - if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login()); - else - fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login()); - else if (!strcmp(svc, "snmp3")) - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); - else - fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); - else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); - else - fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); - else if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, - hydra_get_next_password()); - else - fprintf(fp, "[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); - if (stdout != fp) { + strcpy(ipaddr_str, hydra_address2string(ip)); + if (!strcmp(svc, "smtp-enum")) + keyw = "domain"; if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) - printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login()); - else if (!strcmp(svc, "snmp3")) - printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); - else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) - printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: + \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login()); else + fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, + hydra_get_next_login()); else if (!strcmp(svc, "snmp3")) if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: + \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else + fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, + hydra_get_next_password()); else if (!strcmp(svc, "cisco-enable") || + !strcmp(svc, "cisco")) if (colored_output) fprintf(fp, + "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: + \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else + fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, + hydra_get_next_password()); else if (colored_output) fprintf(fp, + "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m + %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, + hydra_get_next_password()); else - printf("[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); - } - fflush(fp); - fflush(stdout); -*/ + fprintf(fp, "[%d][%s] host: %s login: %s %s: %s\n", port, svc, + ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); if + (stdout != fp) { if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) + printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, + hydra_get_next_login()); else if (!strcmp(svc, "snmp3")) printf("[%d][%s] + host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) + printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, + hydra_get_next_password()); else printf("[%d][%s] host: %s login: %s %s: + %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, + hydra_get_next_password()); + } + fflush(fp); + fflush(stdout); + */ } -void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE * fp, char *msg) { -/* - strcpy(ipaddr_str, hydra_address2string(ip)); - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m password: \e[32m%s\e[0m [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), - hydra_get_next_password(), msg); - else - fprintf(fp, "[%d][%s] host: %s login: %s password: %s [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg); - if (stdout != fp) - printf("[%d][%s] host: %s login: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password()); - fflush(fp); -*/ +void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE *fp, char *msg) { + /* + strcpy(ipaddr_str, hydra_address2string(ip)); + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: + \e[32m%s\e[0m password: \e[32m%s\e[0m [%s]\n", port, svc, ipaddr_str, + hydra_get_next_login(), hydra_get_next_password(), msg); else fprintf(fp, + "[%d][%s] host: %s login: %s password: %s [%s]\n", port, svc, + ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg); if + (stdout != fp) printf("[%d][%s] host: %s login: %s password: %s\n", + port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password()); + fflush(fp); + */ } int32_t hydra_connect_to_ssl(int32_t socket, char *hostname) { @@ -886,9 +902,7 @@ int32_t hydra_data_ready_writing_timed(int32_t socket, long sec, long usec) { return (my_select(socket + 1, &fds, NULL, NULL, sec, usec)); } -int32_t hydra_data_ready_writing(int32_t socket) { - return (hydra_data_ready_writing_timed(socket, 30, 0)); -} +int32_t hydra_data_ready_writing(int32_t socket) { return (hydra_data_ready_writing_timed(socket, 30, 0)); } int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec) { fd_set fds; @@ -898,9 +912,7 @@ int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec) { return (my_select(socket + 1, &fds, NULL, NULL, sec, usec)); } -int32_t hydra_data_ready(int32_t socket) { - return (hydra_data_ready_timed(socket, 0, 100)); -} +int32_t hydra_data_ready(int32_t socket) { return (hydra_data_ready_timed(socket, 0, 100)); } int32_t hydra_recv(int32_t socket, char *buf, uint32_t length) { int32_t ret; @@ -910,7 +922,8 @@ int32_t hydra_recv(int32_t socket, char *buf, uint32_t length) { if (debug) { sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); hydra_dump_data(buf, ret, text); - //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret); + // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", + // buf, getpid(), ret); } return ret; } @@ -919,7 +932,7 @@ int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length) { int32_t ret = -1; char text[64]; - if (hydra_data_ready_timed(socket, (long) waittime, 0) > 0) { + if (hydra_data_ready_timed(socket, (long)waittime, 0) > 0) { if ((ret = internal__hydra_recv(socket, buf, length)) <= 0) { buf[0] = 0; if (debug) { @@ -931,7 +944,8 @@ int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length) { if (debug) { sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); hydra_dump_data(buf, ret, text); - //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret); + // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", + // buf, getpid(), ret); } } return ret; @@ -949,9 +963,11 @@ char *hydra_receive_line(int32_t socket) { memset(buff, 0, sizeof(buf)); if (debug) - printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, pid: %d\n", waittime, conwait, socket, getpid()); + printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, " + "pid: %d\n", + waittime, conwait, socket, getpid()); - if ((i = hydra_data_ready_timed(socket, (long) waittime, 0)) > 0) { + if ((i = hydra_data_ready_timed(socket, (long)waittime, 0)) > 0) { do { j = internal__hydra_recv(socket, buf, sizeof(buf) - 1); if (j > 0) { @@ -976,22 +992,24 @@ char *hydra_receive_line(int32_t socket) { } } while (hydra_data_ready(socket) > 0 && j > 0 #ifdef LIBOPENSSL - || use_ssl && SSL_pending(ssl) + || use_ssl && SSL_pending(ssl) #endif - ); + ); if (got > 0) { if (debug) { sprintf(pid, "[DEBUG] RECV [pid:%d]", getpid()); hydra_dump_data(buff, got, pid); - //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END", getpid(), got, buff); + // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END", + // getpid(), got, buff); } } else { if (got < 0) { if (debug) { sprintf(pid, "[DEBUG] RECV [pid:%d]", getpid()); - hydra_dump_data((unsigned char*)"", -1, pid); - //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]", getpid(), i); + hydra_dump_data((unsigned char *)"", -1, pid); + // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]", + // getpid(), i); perror("recv"); } } @@ -1002,7 +1020,9 @@ char *hydra_receive_line(int32_t socket) { usleepn(100); } else { if (debug) - printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, socket: %d\n", i, waittime, conwait, socket); + printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, " + "socket: %d\n", + i, waittime, conwait, socket); } return buff; @@ -1015,22 +1035,23 @@ int32_t hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options) { sprintf(text, "[DEBUG] SEND [pid:%d]", getpid()); hydra_dump_data(buf, size, text); -/* int32_t k; - char *debugbuf = malloc(size + 1); + /* int32_t k; + char *debugbuf = malloc(size + 1); - if (debugbuf != NULL) { - for (k = 0; k < size; k++) - if (buf[k] == 0) - debugbuf[k] = 32; - else - debugbuf[k] = buf[k]; - debugbuf[size] = 0; - hydra_report_debug(stderr, "DEBUG_SEND_BEGIN|%s|END [pid:%d]", debugbuf, getpid()); - free(debugbuf); - }*/ + if (debugbuf != NULL) { + for (k = 0; k < size; k++) + if (buf[k] == 0) + debugbuf[k] = 32; + else + debugbuf[k] = buf[k]; + debugbuf[size] = 0; + hydra_report_debug(stderr, "DEBUG_SEND_BEGIN|%s|END [pid:%d]", + debugbuf, getpid()); free(debugbuf); + }*/ } -/* if (hydra_data_ready_writing(socket)) < 1) return -1; XXX maybe needed in the future */ + /* if (hydra_data_ready_writing(socket)) < 1) return -1; XXX maybe needed + * in the future */ return (internal__hydra_send(socket, buf, size, options)); } @@ -1038,7 +1059,7 @@ int32_t make_to_lower(char *buf) { if (buf == NULL) return 1; while (buf[0] != 0) { - buf[0] = tolower((int32_t) buf[0]); + buf[0] = tolower((int32_t)buf[0]); buf++; } return 1; @@ -1046,15 +1067,16 @@ int32_t make_to_lower(char *buf) { char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { int32_t str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len; - char *c, oldstring[6096], newstring[6096]; //updated due to issue 192 on github. + char *c, oldstring[6096], + newstring[6096]; // updated due to issue 192 on github. static char finalstring[6096]; - if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 - || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece))) + if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece))) return NULL; if (strlen(string) > 6000) { - hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6000 characters.\n"); + hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max " + "limit is 6000 characters.\n"); exit(-1); } @@ -1062,7 +1084,7 @@ char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { strcpy(oldstring, string); // while ((c = (char *) strstr(oldstring, oldpiece)) != NULL) { - c = (char *) strstr(oldstring, oldpiece); + c = (char *)strstr(oldstring, oldpiece); new_len = strlen(newpiece); old_len = strlen(oldpiece); end = strlen(oldstring) - old_len; @@ -1081,13 +1103,13 @@ char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { newstr_index += new_len; str_index += old_len; /* Check for another pattern match */ - if ((c = (char *) strstr(oldstring + str_index, oldpiece)) != NULL) + if ((c = (char *)strstr(oldstring + str_index, oldpiece)) != NULL) oldpiece_index = c - oldstring; } /* Copy remaining characters from the right of last matched pattern */ strcpy(newstring + newstr_index, oldstring + str_index); strcpy(oldstring, newstring); -// } + // } strcpy(finalstring, newstring); return finalstring; } @@ -1110,14 +1132,14 @@ unsigned char hydra_conv64(unsigned char in) { } void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize) { - unsigned char small[3] = { 0, 0, 0 }; + unsigned char small[3] = {0, 0, 0}; unsigned char big[5]; unsigned char *ptr = buf; uint32_t i = bufsize; uint32_t len = 0; unsigned char bof[i]; - if (buf == NULL || strlen((char *) buf) == 0 || buflen == 0) + if (buf == NULL || strlen((char *)buf) == 0 || buflen == 0) return; bof[0] = 0; memset(big, 0, sizeof(big)); @@ -1129,12 +1151,12 @@ void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize) { big[1] = hydra_conv64(((*ptr & 3) << 4) + (*(ptr + 1) >> 4)); big[2] = hydra_conv64(((*(ptr + 1) & 15) << 2) + (*(ptr + 2) >> 6)); big[3] = hydra_conv64(*(ptr + 2) & 63); - len += strlen((char *) big); + len += strlen((char *)big); if (len > bufsize) { buf[0] = 0; return; } - strcat((char *) bof, (char *) big); + strcat((char *)bof, (char *)big); ptr += 3; } @@ -1152,14 +1174,14 @@ void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize) { if (small[1] == 0) big[2] = '='; big[3] = '='; - strcat((char *) bof, (char *) big); + strcat((char *)bof, (char *)big); } - strcpy((char *) buf, (char *) bof); /* can not overflow */ + strcpy((char *)buf, (char *)bof); /* can not overflow */ } void hydra_dump_asciihex(unsigned char *string, int32_t length) { - unsigned char *p = (unsigned char *) string; + unsigned char *p = (unsigned char *)string; unsigned char lastrow_data[16]; int32_t rows = length / HYDRA_DUMP_ROWS; int32_t lastrow = length % HYDRA_DUMP_ROWS; @@ -1217,10 +1239,10 @@ char *hydra_address2string(char *address) { if (address[0] == 4) { memcpy(&target.sin_addr.s_addr, &address[1], 4); - return inet_ntoa((struct in_addr) target.sin_addr); + return inet_ntoa((struct in_addr)target.sin_addr); } else #ifdef AF_INET6 - if (address[0] == 16) { + if (address[0] == 16) { memcpy(&target6.sin6_addr, &address[1], 16); inet_ntop(AF_INET6, &target6.sin6_addr, ipstring, sizeof(ipstring)); return ipstring; @@ -1231,7 +1253,7 @@ char *hydra_address2string(char *address) { fprintf(stderr, "[ERROR] unknown address string size!\n"); return NULL; } - return NULL; // not reached + return NULL; // not reached } char *hydra_address2string_beautiful(char *address) { @@ -1240,10 +1262,10 @@ char *hydra_address2string_beautiful(char *address) { if (address[0] == 4) { memcpy(&target.sin_addr.s_addr, &address[1], 4); - return inet_ntoa((struct in_addr) target.sin_addr); + return inet_ntoa((struct in_addr)target.sin_addr); } else #ifdef AF_INET6 - if (address[0] == 16) { + if (address[0] == 16) { memcpy(&target6.sin6_addr, &address[1], 16); ipstring[0] = '['; inet_ntop(AF_INET6, &target6.sin6_addr, ipstring + 1, sizeof(ipstring) - 1); @@ -1260,12 +1282,10 @@ char *hydra_address2string_beautiful(char *address) { fprintf(stderr, "[ERROR] unknown address string size!\n"); return NULL; } - return NULL; // not reached + return NULL; // not reached } -void hydra_set_srcport(int32_t port) { - src_port = port; -} +void hydra_set_srcport(int32_t port) { src_port = port; } #ifdef HAVE_PCRE int32_t hydra_string_match(char *str, const char *regex) { @@ -1292,9 +1312,9 @@ int32_t hydra_string_match(char *str, const char *regex) { * str_replace.c implements a str_replace PHP like function * Copyright (C) 2009 chantra * - * Create a new string with [substr] being replaced ONCE by [replacement] in [string] - * Returns the new string, or NULL if out of memory. - * The caller is responsible for freeing this new string. + * Create a new string with [substr] being replaced ONCE by [replacement] in + * [string] Returns the new string, or NULL if out of memory. The caller is + * responsible for freeing this new string. * */ char *hydra_string_replace(const char *string, const char *substr, const char *replacement) { @@ -1323,16 +1343,16 @@ char *hydra_strcasestr(const char *haystack, const char *needle) { return NULL; for (; *haystack; ++haystack) { - if (toupper((int32_t) *haystack) == toupper((int32_t) *needle)) { + if (toupper((int32_t)*haystack) == toupper((int32_t)*needle)) { const char *h, *n; for (h = haystack, n = needle; *h && *n; ++h, ++n) { - if (toupper((int32_t) *h) != toupper((int32_t) *n)) { + if (toupper((int32_t)*h) != toupper((int32_t)*n)) { break; } } - if (!*n) { /* matched all of 'needle' to null termination */ - return (char *) haystack; /* return the start of the match */ + if (!*n) { /* matched all of 'needle' to null termination */ + return (char *)haystack; /* return the start of the match */ } } } @@ -1340,7 +1360,7 @@ char *hydra_strcasestr(const char *haystack, const char *needle) { } void hydra_dump_data(unsigned char *buf, int32_t len, char *text) { - unsigned char *p = (unsigned char *) buf; + unsigned char *p = (unsigned char *)buf; unsigned char lastrow_data[16]; int32_t rows = len / 16; int32_t lastrow = len % 16; diff --git a/hydra-mod.h b/hydra-mod.h index 5d613f7..cb9c342 100644 --- a/hydra-mod.h +++ b/hydra-mod.h @@ -4,11 +4,11 @@ #include "hydra.h" #ifdef __sun - #include +#include #elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) - #include +#include #else - #include +#include #endif extern char quiet; @@ -21,10 +21,10 @@ extern char *hydra_get_next_password(); extern void hydra_completed_pair(); extern void hydra_completed_pair_found(); extern void hydra_completed_pair_skip(); -extern void hydra_report_found(int32_t port, char *svc, FILE * fp); -extern void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE * fp); -extern void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE * fp); -extern void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE * fp, char *msg); +extern void hydra_report_found(int32_t port, char *svc, FILE *fp); +extern void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE *fp); +extern void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE *fp); +extern void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE *fp, char *msg); extern void hydra_report_debug(FILE *st, char *format, ...); extern int32_t hydra_connect_to_ssl(int32_t socket, char *hostname); extern int32_t hydra_connect_ssl(char *host, int32_t port, char *hostname); diff --git a/hydra-mongodb.c b/hydra-mongodb.c index f017c4c..5b38a42 100644 --- a/hydra-mongodb.c +++ b/hydra-mongodb.c @@ -1,6 +1,6 @@ -//This plugin was written by -//Tested on mongodb-server 1:3.6.3-0ubuntu1 -//MONGODB-CR is been deprecated +// This plugin was written by +// Tested on mongodb-server 1:3.6.3-0ubuntu1 +// MONGODB-CR is been deprecated #ifdef LIBMONGODB #include @@ -9,9 +9,7 @@ #include "hydra-mod.h" #ifndef LIBMONGODB -void dummy_mongodb() { - printf("\n"); -} +void dummy_mongodb() { printf("\n"); } #else extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); @@ -31,16 +29,17 @@ int is_error_msg(char *msg) { } int require_auth(int32_t sock) { - unsigned char m_hdr[] = - "\x3f\x00\x00\x00" //messageLength (63) - "\x00\x00\x00\x41" //requestID - "\xff\xff\xff\xff" //responseTo - "\xd4\x07\x00\x00" //opCode (2004 OP_QUERY) - "\x00\x00\x00\x00" //flags - "\x61\x64\x6d\x69\x6e\x2e\x24\x63\x6d\x64\x00" //fullCollectionName (admin.$cmd) - "\x00\x00\x00\x00" //numberToSkip (0) - "\x01\x00\x00\x00" //numberToReturn (1) - "\x18\x00\x00\x00\x10\x6c\x69\x73\x74\x44\x61\x74\x61\x62\x61\x73\x65\x73\x00\x01\x00\x00\x00\x00"; //query ({"listDatabases"=>1}) + unsigned char m_hdr[] = "\x3f\x00\x00\x00" // messageLength (63) + "\x00\x00\x00\x41" // requestID + "\xff\xff\xff\xff" // responseTo + "\xd4\x07\x00\x00" // opCode (2004 OP_QUERY) + "\x00\x00\x00\x00" // flags + "\x61\x64\x6d\x69\x6e\x2e\x24\x63\x6d\x64\x00" // fullCollectionName + // (admin.$cmd) + "\x00\x00\x00\x00" // numberToSkip (0) + "\x01\x00\x00\x00" // numberToReturn (1) + "\x18\x00\x00\x00\x10\x6c\x69\x73\x74\x44\x61\x74\x61\x62\x61\x73\x65\x73" + "\x00\x01\x00\x00\x00\x00"; // query ({"listDatabases"=>1}) if (hydra_send(sock, m_hdr, sizeof(m_hdr), 0) > 0) { if (hydra_data_ready_timed(sock, 0, 1000) > 0) { @@ -51,7 +50,7 @@ int require_auth(int32_t sock) { return 2; } -int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char uri[256]; @@ -70,13 +69,13 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, pass = empty; mongoc_init(); - mongoc_log_set_handler (NULL, NULL); + mongoc_log_set_handler(NULL, NULL); bson_init(&q); - snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s/?authSource=%s",login, pass, hydra_address2string(ip), miscptr); + snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s/?authSource=%s", login, pass, hydra_address2string(ip), miscptr); client = mongoc_client_new(uri); if (!client) - return 3; + return 3; mongoc_client_set_appname(client, "hydra"); collection = mongoc_client_get_collection(client, miscptr, "test"); @@ -86,7 +85,7 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, r = mongoc_cursor_error(cursor, &error); if (r) { if (verbose) - hydra_report(stderr, "[ERROR] Can not read document: %s\n", error.message); + hydra_report(stderr, "[ERROR] Can not read document: %s\n", error.message); mongoc_cursor_destroy(cursor); mongoc_collection_destroy(collection); mongoc_client_destroy(client); @@ -96,9 +95,9 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, return 3; } return 2; - } + } } - + mongoc_cursor_destroy(cursor); mongoc_collection_destroy(collection); mongoc_client_destroy(client); @@ -112,9 +111,9 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, return 2; } -void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; - + if (!miscptr) { if (verbose) hydra_report(stderr, "[INFO] Using default database \"admin\"\n"); @@ -130,20 +129,21 @@ void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, switch (run) { case 1: next_run = start_mongodb(sock, ip, port, options, miscptr, fp); - break; + break; case 2: hydra_child_exit(0); return; default: if (!verbose) - hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n"); + hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose " + "option for more details\n"); hydra_child_exit(2); } run = next_run; } } -int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. @@ -179,6 +179,7 @@ int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char * #endif -void usage_mongodb(const char* service) { - printf("Module mongodb is optionally taking a database name to attack, default is \"admin\"\n\n"); +void usage_mongodb(const char *service) { + printf("Module mongodb is optionally taking a database name to attack, " + "default is \"admin\"\n\n"); } diff --git a/hydra-mssql.c b/hydra-mssql.c index 2f9608b..ee273ca 100644 --- a/hydra-mssql.c +++ b/hydra-mssql.c @@ -5,47 +5,55 @@ extern char *HYDRA_EXIT; char *buf; -unsigned char p_hdr[] = - "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; -unsigned char p_pk2[] = - "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03" - "\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61" - "\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00"; -unsigned char p_pk3[] = - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44" - "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00"; -unsigned char p_lng[] = - "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" - "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" "\x00\x03\x00\x00\x00"; +unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; +unsigned char p_pk2[] = "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03" + "\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61" + "\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00"; +unsigned char p_pk3[] = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44" + "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" + "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00"; +unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" + "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" + "\x00\x03\x00\x00\x00"; -int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[1024]; char ms_login[MSLEN + 1]; @@ -81,7 +89,7 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch if (hydra_send(s, buffer, MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN + 270, 0) < 0) return 1; - if (hydra_send(s, (char *) p_lng, 71, 0) < 0) + if (hydra_send(s, (char *)p_lng, 71, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); @@ -107,7 +115,7 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; @@ -116,7 +124,7 @@ void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, F return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -129,18 +137,18 @@ void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, F port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = start_mssql(sock, ip, port, options, miscptr, fp); hydra_disconnect(sock); break; - case 2: /* clean exit */ + case 2: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -153,13 +161,13 @@ void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, F } } -int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-mysql.c b/hydra-mysql.c index c33dc88..eae5fd9 100644 --- a/hydra-mysql.c +++ b/hydra-mysql.c @@ -1,19 +1,16 @@ /* mysql 3.2x.x to 4.x support - by mcbethh (at) u-n-f (dot) com */ -/* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev, adding support for mysql version 5.x */ +/* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev, + * adding support for mysql version 5.x */ #include "hydra-mod.h" #ifndef HAVE_MATH_H #include -void dummy_mysql() { - printf("\n"); -} +void dummy_mysql() { printf("\n"); } -void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - printf("\n"); -} +void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { printf("\n"); } #else #include @@ -41,7 +38,8 @@ extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; char mysqlsalt[9]; -/* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */ +/* modified hydra_receive_line, I've striped code which changed every 0x00 to + * 0x20 */ char *hydra_mysql_receive_line(int32_t socket) { char buf[300], *buff, *buff2; int32_t i = 0, j = 0, buff_size = 300; @@ -51,7 +49,7 @@ char *hydra_mysql_receive_line(int32_t socket) { return NULL; memset(buff, 0, sizeof(buf)); - i = hydra_data_ready_timed(socket, (long) waittime, 0); + i = hydra_data_ready_timed(socket, (long)waittime, 0); if (i > 0) { if ((i = internal__hydra_recv(socket, buff, sizeof(buf))) < 0) { free(buff); @@ -98,7 +96,7 @@ char hydra_mysql_init(int32_t sock) { protocol = buf[4]; if (protocol == 0xff) { pos = &buf[6]; -// *(strchr(pos, '.')) = '\0'; + // *(strchr(pos, '.')) = '\0'; hydra_report(stderr, "[ERROR] %s\n", pos); free(buf); return 2; @@ -108,7 +106,10 @@ char hydra_mysql_init(int32_t sock) { return 2; } if (protocol > 10) { - fprintf(stderr, "[INFO] This is protocol version %d, only v10 is supported, not sure if it will work\n", protocol); + fprintf(stderr, + "[INFO] This is protocol version %d, only v10 is supported, not " + "sure if it will work\n", + protocol); } server_version = &buf[5]; pos = buf + strlen(server_version) + 10; @@ -116,7 +117,8 @@ char hydra_mysql_init(int32_t sock) { if (!strstr(server_version, "3.") && !strstr(server_version, "4.") && strstr(server_version, "5.")) { #ifndef LIBMYSQLCLIENT - hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck configure to see if libmysql is found\n"); + hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck " + "configure to see if libmysql is found\n"); #endif free(buf); return 2; @@ -130,35 +132,32 @@ char hydra_mysql_init(int32_t sock) { char *hydra_mysql_prepare_auth(char *login, char *pass) { unsigned char *response; unsigned long login_len = strlen(login) > 32 ? 32 : strlen(login); - unsigned long response_len = 4 /* header */ + - 2 /* client flags */ + - 3 /* max packet len */ + - login_len + 1 + 8 /* scrambled password len */ ; + unsigned long response_len = 4 /* header */ + 2 /* client flags */ + 3 /* max packet len */ + login_len + 1 + 8 /* scrambled password len */; - response = (unsigned char *) malloc(response_len + 4); + response = (unsigned char *)malloc(response_len + 4); if (response == NULL) { fprintf(stderr, "[ERROR] could not allocate memory\n"); return NULL; } memset(response, 0, response_len + 4); - *((unsigned long *) response) = response_len - 4; - response[3] = 0x01; /* packet number */ + *((unsigned long *)response) = response_len - 4; + response[3] = 0x01; /* packet number */ response[4] = 0x85; - response[5] = 0x24; /* client flags */ - response[6] = response[7] = response[8] = 0x00; /* max packet */ - memcpy(&response[9], login, login_len); /* login */ - response[9 + login_len] = '\0'; /* null terminate login */ - hydra_scramble((char *) &response[9 + login_len + 1], mysqlsalt, pass); + response[5] = 0x24; /* client flags */ + response[6] = response[7] = response[8] = 0x00; /* max packet */ + memcpy(&response[9], login, login_len); /* login */ + response[9 + login_len] = '\0'; /* null terminate login */ + hydra_scramble((char *)&response[9 + login_len + 1], mysqlsalt, pass); - return (char *) response; + return (char *)response; } /* returns 0 if authentication succeed */ /* and 1 if failed */ char hydra_mysql_parse_response(unsigned char *response) { - unsigned long response_len = *((unsigned long *) response) & 0xffffff; + unsigned long response_len = *((unsigned long *)response) & 0xffffff; if (response_len < 4) return 0; @@ -170,13 +169,13 @@ char hydra_mysql_parse_response(unsigned char *response) { } char hydra_mysql_send_com_quit(int32_t sock) { - char com_quit_packet[5] = { 0x01, 0x00, 0x00, 0x00, 0x01 }; + char com_quit_packet[5] = {0x01, 0x00, 0x00, 0x00, 0x01}; hydra_send(sock, com_quit_packet, 5, 0); return 0; } -int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *response = NULL, *login = NULL, *pass = NULL; unsigned long response_len; char res = 0; @@ -221,7 +220,8 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, } if (my_errno == 1251) { - hydra_report(stderr, "[ERROR] Client does not support authentication protocol requested by server\n"); + hydra_report(stderr, "[ERROR] Client does not support authentication " + "protocol requested by server\n"); } /* @@ -235,8 +235,8 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, */ - //if the error is more critical, we just try to reconnect - //to the db later with the mysql_init + // if the error is more critical, we just try to reconnect + // to the db later with the mysql_init if ((my_errno != 1044) && (my_errno != 1045)) { mysql_close(mysql); mysql = NULL; @@ -264,7 +264,7 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, response = hydra_mysql_prepare_auth(login, pass); if (response == NULL) return 3; - response_len = *((unsigned long *) response) & 0xffffff; + response_len = *((unsigned long *)response) & 0xffffff; /* send client auth packet */ /* dunny why, mysql IO code had problem reading my response. */ @@ -280,7 +280,7 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, /* read authentication response */ if ((response = hydra_mysql_receive_line(sock)) == NULL) return 1; - res = hydra_mysql_parse_response((unsigned char *) response); + res = hydra_mysql_parse_response((unsigned char *)response); if (!res) { hydra_mysql_send_com_quit(sock); @@ -302,7 +302,7 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, return 1; } -void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_MYSQL; @@ -311,12 +311,12 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) { hydra_mysql_send_com_quit(sock); sock = hydra_disconnect(sock); } -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -324,15 +324,16 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F port = myport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_mysql(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) { hydra_mysql_send_com_quit(sock); sock = hydra_disconnect(sock); @@ -349,8 +350,6 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F #ifndef LIBMYSQLCLIENT - - #endif /************************************************************************/ @@ -367,9 +366,9 @@ struct hydra_rand_struct { double max_value_dbl; }; -void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */ +void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */ rand_st->max_value = 0x3FFFFFFFL; - rand_st->max_value_dbl = (double) rand_st->max_value; + rand_st->max_value_dbl = (double)rand_st->max_value; rand_st->seed1 = seed1 % rand_st->max_value; rand_st->seed2 = seed2 % rand_st->max_value; } @@ -377,7 +376,7 @@ void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, un double hydra_rnd(struct hydra_rand_struct *rand_st) { rand_st->seed1 = (rand_st->seed1 * 3 + rand_st->seed2) % rand_st->max_value; rand_st->seed2 = (rand_st->seed1 + rand_st->seed2 + 33) % rand_st->max_value; - return (((double) rand_st->seed1) / rand_st->max_value_dbl); + return (((double)rand_st->seed1) / rand_st->max_value_dbl); } void hydra_hash_password(unsigned long *result, const char *password) { register unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L; @@ -385,14 +384,15 @@ void hydra_hash_password(unsigned long *result, const char *password) { for (; *password; password++) { if (*password == ' ' || *password == '\t') - continue; /* skipp space in password */ - tmp = (unsigned long) (unsigned char) *password; + continue; /* skipp space in password */ + tmp = (unsigned long)(unsigned char)*password; nr ^= (((nr & 63) + add) * tmp) + (nr << 8); nr2 += (nr2 << 8) ^ nr; add += tmp; } - result[0] = nr & (((unsigned long) 1L << 31) - 1L); /* Don't use sign bit (str2int) */ ; - result[1] = nr2 & (((unsigned long) 1L << 31) - 1L); + result[0] = nr & (((unsigned long)1L << 31) - 1L); /* Don't use sign bit (str2int) */ + ; + result[1] = nr2 & (((unsigned long)1L << 31) - 1L); return; } @@ -408,8 +408,8 @@ char *hydra_scramble(char *to, const char *message, const char *password) { hydra_hash_password(hash_message, message); hydra_randominit(&rand_st, hash_pass[0] ^ hash_message[0], hash_pass[1] ^ hash_message[1]); while (*message++) - *to++ = (char) (floor(hydra_rnd(&rand_st) * 31) + 64); - extra = (char) (floor(hydra_rnd(&rand_st) * 31)); + *to++ = (char)(floor(hydra_rnd(&rand_st) * 31) + 64); + extra = (char)(floor(hydra_rnd(&rand_st) * 31)); while (to_start != to) *(to_start++) ^= extra; } @@ -418,13 +418,13 @@ char *hydra_scramble(char *to, const char *message, const char *password) { } #endif -int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -432,6 +432,7 @@ int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *mi return 0; } -void usage_mysql(const char* service) { - printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); +void usage_mysql(const char *service) { + printf("Module mysql is optionally taking the database to attack, default is " + "\"mysql\"\n\n"); } diff --git a/hydra-ncp.c b/hydra-ncp.c index 5c68d13..edbdfaa 100644 --- a/hydra-ncp.c +++ b/hydra-ncp.c @@ -1,28 +1,25 @@ /* * Novell Network Core Protocol Support - by David Maciejak @ GMAIL dot com * Tested on Netware 6.5 - * + * * you need to install libncp and libncp-dev (tested with version 2.2.6-3) - * + * * you can passed full context as OPT * * example: ./hydra -L login -P passw 172.16.246.129 ncp .O=cx * */ - #include "hydra-mod.h" #ifndef LIBNCP -void dummy_ncp() { - printf("\n"); -} +void dummy_ncp() { printf("\n"); } #else -#include -#include -#include #include +#include +#include +#include extern char *HYDRA_EXIT; extern int32_t child_head_no; @@ -33,11 +30,10 @@ typedef struct __NCP_DATA { char *context; } _NCP_DATA; -//uncomment line below to see more trace stack +// uncomment line below to see more trace stack //#define NCP_DEBUG -int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { - +int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *login; char *pass; char context[256]; @@ -47,13 +43,11 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char _NCP_DATA *session; - session = malloc(sizeof(_NCP_DATA)); memset(session, 0, sizeof(_NCP_DATA)); login = empty; pass = empty; - if (strlen(login = hydra_get_next_login()) == 0) { login = empty; } else { @@ -71,8 +65,8 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char } } - //login and password are case insensitive - //str_upper(login); + // login and password are case insensitive + // str_upper(login); if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; @@ -91,27 +85,27 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char memset(session->spec.password, 0, sizeof(session->spec.password)); memcpy(session->spec.password, pass, strlen(pass) + 1); - //str_upper(session->spec.password); + // str_upper(session->spec.password); ncp_lib_error_code = ncp_login_conn(session->conn, session->spec.user, object_type, session->spec.password); switch (ncp_lib_error_code & 0x0000FFFF) { - case 0x0000: /* Success */ + case 0x0000: /* Success */ #ifdef NCP_DEBUG printf("Connection success (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code); #endif ncp_close(session->conn); - hydra_report_found_host(port, ip, "ncp", fp); //ok + hydra_report_found_host(port, ip, "ncp", fp); // ok hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) - return 3; //exit + return 3; // exit free(session); - return 2; //next + return 2; // next break; - case 0x89DE: /* PASSWORD INVALID */ - case 0x89F0: /* BIND WILDCARD INVALID */ - case 0x89FF: /* NO OBJ OR BAD PASSWORD */ - case 0xFD63: /* FAILED_AUTHENTICATION */ - case 0xFDA7: /* NO_SUCH_ENTRY */ + case 0x89DE: /* PASSWORD INVALID */ + case 0x89F0: /* BIND WILDCARD INVALID */ + case 0x89FF: /* NO OBJ OR BAD PASSWORD */ + case 0xFD63: /* FAILED_AUTHENTICATION */ + case 0xFDA7: /* NO_SUCH_ENTRY */ #ifdef NCP_DEBUG printf("Incorrect password (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code); #endif @@ -119,7 +113,7 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { free(session); - return 2; //next + return 2; // next } break; default: @@ -131,10 +125,10 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char break; } free(session); - return 1; //reconnect + return 1; // reconnect } -void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_NCP; @@ -144,7 +138,7 @@ void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if (port != 0) @@ -152,14 +146,15 @@ void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL sock = hydra_connect_tcp(ip, myport); port = myport; if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: /* - * Here we start the password cracking process + * Here we start the password cracking process */ next_run = start_ncp(sock, ip, port, options, miscptr, fp); break; @@ -183,13 +178,13 @@ void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL #endif -int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -197,6 +192,7 @@ int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *misc return 0; } -void usage_ncp(const char* service) { - printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); +void usage_ncp(const char *service) { + printf("Module ncp is optionally taking the full context, for example " + "\".O=cx\"\n\n"); } diff --git a/hydra-nntp.c b/hydra-nntp.c index f6b7f35..c3622c2 100644 --- a/hydra-nntp.c +++ b/hydra-nntp.c @@ -25,7 +25,7 @@ char *nntp_read_server_capacity(int32_t sock) { free(buf); ptr = buf = hydra_receive_line(sock); if (buf != NULL) { - if (isdigit((int32_t) buf[0]) && buf[3] == ' ') + if (isdigit((int32_t)buf[0]) && buf[3] == ' ') resp = 1; else { if (buf[strlen(buf) - 1] == '\n') @@ -38,7 +38,7 @@ char *nntp_read_server_capacity(int32_t sock) { if ((ptr = strrchr(buf, '\n')) != NULL) { #endif ptr++; - if (isdigit((int32_t) *ptr) && *(ptr + 3) == ' ') + if (isdigit((int32_t)*ptr) && *(ptr + 3) == ' ') resp = 1; } } @@ -47,7 +47,7 @@ char *nntp_read_server_capacity(int32_t sock) { return buf; } -int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\""; char *login, *pass, buffer[500], buffer2[500], *fooptr; int32_t i = 1; @@ -79,7 +79,7 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha } free(buf); strcpy(buffer2, login); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -94,7 +94,7 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha } free(buf); strcpy(buffer2, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); break; case AUTH_PLAIN: @@ -120,128 +120,123 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha break; #ifdef LIBOPENSSL - case AUTH_CRAMMD5:{ - int32_t rc = 0; - char *preplogin; + case AUTH_CRAMMD5: { + int32_t rc = 0; + char *preplogin; - rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - if (rc) { - return 3; - } - - sprintf(buffer, "AUTHINFO SASL CRAM-MD5\r\n"); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - //get the one-time BASE64 encoded challenge - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (buf == NULL || strstr(buf, "383") == NULL) { - hydra_report(stderr, "[ERROR] NNTP CRAM-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 4); - free(buf); - - memset(buffer2, 0, sizeof(buffer2)); - sasl_cram_md5(buffer2, pass, buffer); - - sprintf(buffer, "%s %.250s", preplogin, buffer2); - hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); - - char tmp_buffer[sizeof(buffer)]; - sprintf(tmp_buffer, "%.250s\r\n", buffer); - strcpy(buffer, tmp_buffer); - free(preplogin); + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; } - break; - case AUTH_DIGESTMD5:{ - sprintf(buffer, "AUTHINFO SASL DIGEST-MD5\r\n"); - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { - hydra_report(stderr, "[ERROR] NNTP DIGEST-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 4); - free(buf); - - if (debug) - hydra_report(stderr, "DEBUG S: %s\n", buffer); - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); - if (fooptr == NULL) - return 3; - - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer2); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s\r\n", buffer2); + sprintf(buffer, "AUTHINFO SASL CRAM-MD5\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; } - break; + // get the one-time BASE64 encoded challenge + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL) { + hydra_report(stderr, "[ERROR] NNTP CRAM-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 4); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + sasl_cram_md5(buffer2, pass, buffer); + + sprintf(buffer, "%s %.250s", preplogin, buffer2); + hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + free(preplogin); + } break; + + case AUTH_DIGESTMD5: { + sprintf(buffer, "AUTHINFO SASL DIGEST-MD5\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { + hydra_report(stderr, "[ERROR] NNTP DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 4); + free(buf); + + if (debug) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + fooptr = buffer2; + sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); + if (fooptr == NULL) + return 3; + + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } break; #endif - case AUTH_NTLM:{ - unsigned char buf1[4096]; - unsigned char buf2[4096]; + case AUTH_NTLM: { + unsigned char buf1[4096]; + unsigned char buf2[4096]; - //send auth and receive challenge - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); - sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char *) buf1); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { - hydra_report(stderr, "[ERROR] NNTP NTLM AUTH : %s\n", buf); - free(buf); - return 3; - } - //recover challenge - from64tobits((char *) buf1, buf + 4); - free(buf); - - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - sprintf(buffer, "%s\r\n", (char *) buf1); + // send auth and receive challenge + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); + sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char *)buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; } - break; - - default:{ - sprintf(buffer, "AUTHINFO USER %.250s\r\n", login); - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - buf = hydra_receive_line(s); - if (buf == NULL) - return 1; - if (buf[0] != '3') { - if (verbose || debug) - hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); - free(buf); - return (3); - } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { + hydra_report(stderr, "[ERROR] NNTP NTLM AUTH : %s\n", buf); free(buf); - sprintf(buffer, "AUTHINFO PASS %.250s\r\n", pass); + return 3; } - break; + // recover challenge + from64tobits((char *)buf1, buf + 4); + free(buf); + + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + sprintf(buffer, "%s\r\n", (char *)buf1); + } break; + + default: { + sprintf(buffer, "AUTHINFO USER %.250s\r\n", login); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + if (buf[0] != '3') { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); + free(buf); + return (3); + } + free(buf); + sprintf(buffer, "AUTHINFO PASS %.250s\r\n", pass); + } break; } - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } @@ -266,7 +261,7 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha return 2; } -void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t i = 0, run = 1, next_run = 1, sock = -1; int32_t myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0; char *buffer1 = "CAPABILITIES\r\n"; @@ -276,10 +271,10 @@ void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -293,12 +288,12 @@ void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } -// usleepn(300); + // usleepn(300); buf = hydra_receive_line(sock); - if (buf == NULL || buf[0] != '2') { /* check the first line */ + if (buf == NULL || buf[0] != '2') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); hydra_child_exit(2); @@ -352,10 +347,10 @@ void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } #endif -/* -AUTHINFO USER SASL -SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 -*/ + /* + AUTHINFO USER SASL + SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 + */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "SASL\\s.*NTLM")) { @@ -405,7 +400,7 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 if ((miscptr != NULL) && (strlen(miscptr) > 0)) { for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int32_t) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); if (strncmp(miscptr, "USER", 4) == 0) nntp_auth_mechanism = AUTH_CLEAR; @@ -426,7 +421,6 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 if (strncmp(miscptr, "NTLM", 4) == 0) nntp_auth_mechanism = AUTH_NTLM; - } if (verbose) { switch (nntp_auth_mechanism) { @@ -456,10 +450,10 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 free(buf); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_nntp(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -472,13 +466,13 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 } } -int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -486,6 +480,7 @@ int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *mis return 0; } -void usage_nntp(const char* service) { - printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); +void usage_nntp(const char *service) { + printf("Module nntp is optionally taking one authentication type of:\n" + " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); } diff --git a/hydra-oracle-listener.c b/hydra-oracle-listener.c index 4f32997..e6b77ec 100644 --- a/hydra-oracle-listener.c +++ b/hydra-oracle-listener.c @@ -13,9 +13,7 @@ at http://marcellmajor.com/frame_listenerhash.html #include "hydra-mod.h" #ifndef LIBOPENSSL #include -void dummy_oracle_listener() { - printf("\n"); -} +void dummy_oracle_listener() { printf("\n"); } #else #include "sasl.h" #include @@ -31,7 +29,7 @@ int32_t initial_permutation(unsigned char **result, char *p_str, int32_t *sz) { int32_t i = strlen(p_str); char *buff; - //expand the string with zero so that length is a multiple of 4 + // expand the string with zero so that length is a multiple of 4 while ((i % 4) != 0) { i = i + 1; } @@ -44,14 +42,14 @@ int32_t initial_permutation(unsigned char **result, char *p_str, int32_t *sz) { memset(buff, 0, i + 4); strcpy(buff, p_str); - //swap the order of every byte pair + // swap the order of every byte pair for (k = 0; k < i; k += 2) { char bck = buff[k + 1]; buff[k + 1] = buff[k]; buff[k] = bck; } - //convert to unicode + // convert to unicode if ((*result = malloc(2 * i)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); free(buff); @@ -75,7 +73,7 @@ int32_t ora_hash(unsigned char **orahash, unsigned char *buf, int32_t len) { } for (i = 0; i < 8; i++) { - sprintf(((char *) *orahash) + i * 2, "%02X", buf[len - 8 + i]); + sprintf(((char *)*orahash) + i * 2, "%02X", buf[len - 8 + i]); } return 0; } @@ -106,8 +104,8 @@ int32_t ora_descrypt(unsigned char **rs, unsigned char *result, int32_t siz) { int32_t i = 0; char lastkey[8]; DES_key_schedule ks1; - unsigned char key1[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; - unsigned char ivec1[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; + unsigned char key1[8] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}; + unsigned char ivec1[] = {0, 0, 0, 0, 0, 0, 0, 0}; unsigned char *desresult; memset(ivec1, 0, sizeof(ivec1)); @@ -115,14 +113,14 @@ int32_t ora_descrypt(unsigned char **rs, unsigned char *result, int32_t siz) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); return 1; } - DES_key_sched((const_DES_cblock *) key1, &ks1); + DES_key_sched((const_DES_cblock *)key1, &ks1); DES_ncbc_encrypt(result, desresult, siz, &ks1, &ivec1, DES_ENCRYPT); for (i = 0; i < 8; i++) { lastkey[i] = desresult[siz - 8 + i]; } - DES_key_sched((const_DES_cblock *) lastkey, &ks1); + DES_key_sched((const_DES_cblock *)lastkey, &ks1); memset(desresult, 0, siz); memset(ivec1, 0, sizeof(ivec1)); DES_ncbc_encrypt(result, desresult, siz, &ks1, &ivec1, DES_ENCRYPT); @@ -146,7 +144,7 @@ int32_t ora_hash_password(char *pass) { memset(buff, 0, sizeof(buff)); - //concatenate Arb string and convert the resulting string to uppercase + // concatenate Arb string and convert the resulting string to uppercase snprintf(buff, sizeof(buff), "Arb%s", pass); strupper(buff); @@ -179,13 +177,11 @@ int32_t ora_hash_password(char *pass) { return 0; } -int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { - unsigned char tns_packet_begin[22] = { - "\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00" - }; - unsigned char tns_packet_end[32] = { - "\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00" - }; +int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + unsigned char tns_packet_begin[22] = {"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e" + "\x00\x00\x01\x00"}; + unsigned char tns_packet_end[32] = {"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"}; char *empty = ""; char *pass; @@ -210,9 +206,12 @@ int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char o free(hash); return 1; } - pass = (char *) hash; + pass = (char *)hash; } - snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)(PASSWORD=%s)(SERVICE=)(VERSION=169869568)))", pass); + snprintf(connect_string, sizeof(connect_string), + "(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)(" + "PASSWORD=%s)(SERVICE=)(VERSION=169869568)))", + pass); if (hash != NULL) free(hash); @@ -226,7 +225,7 @@ int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char o } else { buffer2[1] = siz; } - memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin)); + memcpy(buffer2 + 2, (char *)tns_packet_begin, sizeof(tns_packet_begin)); siz = strlen(connect_string); if (siz > 255) { buffer2[2 + sizeof(tns_packet_begin)] = 1; @@ -234,7 +233,7 @@ int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char o } else { buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz; } - memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end)); + memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *)tns_packet_end, sizeof(tns_packet_end)); memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string)); if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) { return 1; @@ -257,7 +256,7 @@ int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char o return 1; } -void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; @@ -283,10 +282,10 @@ void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char * while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -300,13 +299,13 @@ void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char * } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } /* run the cracking function */ next_run = start_oracle_listener(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -324,13 +323,13 @@ void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char * } } -int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -338,8 +337,9 @@ int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options return 0; } -void usage_oracle_listener(const char* service) { - printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); +void usage_oracle_listener(const char *service) { + printf("Module oracle-listener / tns is optionally taking the mode the " + "password is stored as, could be PLAIN (default) or CLEAR\n\n"); } #endif diff --git a/hydra-oracle-sid.c b/hydra-oracle-sid.c index 7570379..c2db73a 100644 --- a/hydra-oracle-sid.c +++ b/hydra-oracle-sid.c @@ -11,9 +11,7 @@ find a big list on the Internet #include "hydra-mod.h" #ifndef LIBOPENSSL #include -void dummy_oracle_sid() { - printf("\n"); -} +void dummy_oracle_sid() { printf("\n"); } #else #include #define HASHSIZE 16 @@ -22,19 +20,16 @@ extern char *HYDRA_EXIT; char *buf; unsigned char *hash; - -int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { /* PP is the packet length XX is the length of connect data PP + tns_packet_begin + XX + tns_packet_end */ - unsigned char tns_packet_begin[22] = { - "\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00" - }; - unsigned char tns_packet_end[32] = { - "\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00" - }; + unsigned char tns_packet_begin[22] = {"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e" + "\x00\x00\x01\x00"}; + unsigned char tns_packet_end[32] = {"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"}; char *empty = ""; char *login; char connect_string[200]; @@ -47,8 +42,10 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option if (strlen(login = hydra_get_next_login()) == 0) login = empty; - snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", login, - hydra_address2string(ip), port); + snprintf(connect_string, sizeof(connect_string), + "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(" + "USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", + login, hydra_address2string(ip), port); siz = 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string); if (siz > 255) { buffer2[0] = 1; @@ -56,7 +53,7 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option } else { buffer2[1] = siz; } - memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin)); + memcpy(buffer2 + 2, (char *)tns_packet_begin, sizeof(tns_packet_begin)); siz = strlen(connect_string); if (siz > 255) { buffer2[2 + sizeof(tns_packet_begin)] = 1; @@ -64,7 +61,7 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option } else { buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz; } - memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end)); + memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *)tns_packet_end, sizeof(tns_packet_end)); memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string)); if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) { return 1; @@ -72,7 +69,8 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option if ((buf = hydra_receive_line(s)) == NULL) return 1; - //if no error reported. it should be a resend packet type 00 08 00 00 0b 00 00 00, 4 is refuse + // if no error reported. it should be a resend packet type 00 08 00 00 0b 00 + // 00 00, 4 is refuse if ((strstr(buf, "ERR=") == NULL) && (buf[4] != 4)) { hydra_report_found_host(port, ip, "oracle-sid", fp); hydra_completed_pair_found(); @@ -85,7 +83,7 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option return 1; } -void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; @@ -94,10 +92,10 @@ void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscp return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -110,13 +108,13 @@ void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscp port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } /* run the cracking function */ next_run = start_oracle_sid(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -134,13 +132,13 @@ void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscp } } -int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-oracle.c b/hydra-oracle.c index e598401..e132b81 100644 --- a/hydra-oracle.c +++ b/hydra-oracle.c @@ -4,8 +4,8 @@ david: code is based on SNORT spo_database.c tested with : -instantclient_10_2 on Oracle 10.2.0 --instantclient-basic-linux.*-11.2.0.3.0.zip + instantclient-sdk-linux.*-11.2.0.3.0.zip -on Oracle 9i and on Oracle 11g +-instantclient-basic-linux.*-11.2.0.3.0.zip + +instantclient-sdk-linux.*-11.2.0.3.0.zip on Oracle 9i and on Oracle 11g */ @@ -13,9 +13,7 @@ on Oracle 9i and on Oracle 11g #ifndef LIBORACLE -void dummy_oracle() { - printf("\n"); -} +void dummy_oracle() { printf("\n"); } #else @@ -40,7 +38,7 @@ void print_oracle_error(char *err) { } } -int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[200], sid[100]; @@ -55,14 +53,17 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c /* - To use the Easy Connect naming method, PHP must be linked with Oracle 10g or greater Client libraries. - The Easy Connect string for Oracle 10g is of the form: [//]host_name[:port][/service_name]. - With Oracle 11g, the syntax is: [//]host_name[:port][/service_name][:server_type][/instance_name]. - Service names can be found by running the Oracle utility lsnrctl status on the database server machine. + To use the Easy Connect naming method, PHP must be linked with Oracle 10g + or greater Client libraries. The Easy Connect string for Oracle 10g is of + the form: [//]host_name[:port][/service_name]. With Oracle 11g, the syntax + is: [//]host_name[:port][/service_name][:server_type][/instance_name]. + Service names can be found by running the Oracle utility lsnrctl status on + the database server machine. - The tnsnames.ora file can be in the Oracle Net search path, which includes $ORACLE_HOME/network/admin - and /etc. Alternatively set TNS_ADMIN so that $TNS_ADMIN/tnsnames.ora is read. Make sure the web - daemon has read access to the file. + The tnsnames.ora file can be in the Oracle Net search path, which includes + $ORACLE_HOME/network/admin and /etc. Alternatively set TNS_ADMIN so that + $TNS_ADMIN/tnsnames.ora is read. Make sure the web daemon has read access + to the file. */ @@ -78,26 +79,28 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c print_oracle_error("OCIEnvInit 2"); return 4; } - if (OCIHandleAlloc(o_environment, (dvoid **) & o_error, OCI_HTYPE_ERROR, (size_t) 0, NULL)) { + if (OCIHandleAlloc(o_environment, (dvoid **)&o_error, OCI_HTYPE_ERROR, (size_t)0, NULL)) { print_oracle_error("OCIHandleAlloc"); return 4; } - if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *) login, strlen(login), (const OraText *) pass, strlen(pass), (const OraText *) buffer, strlen(buffer))) { + if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *)login, strlen(login), (const OraText *)pass, strlen(pass), (const OraText *)buffer, strlen(buffer))) { OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR); - //database: oracle_error: ORA-01017: invalid username/password; logon denied - //database: oracle_error: ORA-12514: TNS:listener does not currently know of service requested in connect descriptor - //database: oracle_error: ORA-28000: the account is locked - //Failed login attempts is set to 10 by default + // database: oracle_error: ORA-01017: invalid username/password; logon + // denied database: oracle_error: ORA-12514: TNS:listener does not currently + // know of service requested in connect descriptor database: oracle_error: + // ORA-28000: the account is locked Failed login attempts is set to 10 by + // default if (verbose) { hydra_report(stderr, "[VERBOSE] database: oracle_error: %s\n", o_errormsg); } - if (strstr((const char *) o_errormsg, "ORA-12514") != NULL) { - hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to enumerate them.\n"); + if (strstr((const char *)o_errormsg, "ORA-12514") != NULL) { + hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to " + "enumerate them.\n"); hydra_completed_pair(); return 3; } - if (strstr((const char *) o_errormsg, "ORA-28000") != NULL) { + if (strstr((const char *)o_errormsg, "ORA-28000") != NULL) { hydra_report(stderr, "[INFO] ORACLE account %s is locked.\n", login); hydra_completed_pair_skip(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -106,15 +109,14 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c } if (o_error) { - OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR); + OCIHandleFree((dvoid *)o_error, OCI_HTYPE_ERROR); } hydra_completed_pair(); - //by default, set in sqlnet.ora, the trace file is generated in pwd to log any errors happening, - //as we don't care, we are deleting the file - //set these parameters to not generate the file - //LOG_DIRECTORY_CLIENT = /dev/null - //LOG_FILE_CLIENT = /dev/null + // by default, set in sqlnet.ora, the trace file is generated in pwd to log + // any errors happening, as we don't care, we are deleting the file set + // these parameters to not generate the file LOG_DIRECTORY_CLIENT = + // /dev/null LOG_FILE_CLIENT = /dev/null if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; @@ -122,7 +124,7 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c } else { OCILogoff(o_servicecontext, o_error); if (o_error) { - OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR); + OCIHandleFree((dvoid *)o_error, OCI_HTYPE_ERROR); } hydra_report_found_host(port, ip, "oracle", fp); hydra_completed_pair_found(); @@ -132,7 +134,7 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c return 1; } -void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_ORACLE; @@ -141,14 +143,14 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, return; if ((miscptr == NULL) || (strlen(miscptr) == 0)) { - //SID is required as miscptr + // SID is required as miscptr hydra_report(stderr, "[ERROR] Oracle SID is required, using ORCL as default\n"); miscptr = "ORCL"; } while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if (port != 0) @@ -158,7 +160,7 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; @@ -167,7 +169,7 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, next_run = start_oracle(sock, ip, port, options, miscptr, fp); hydra_child_exit(0); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); unlink("sqlnet.log"); @@ -183,13 +185,13 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, #endif -int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -197,6 +199,7 @@ int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *m return 0; } -void usage_oracle(const char* service) { - printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); +void usage_oracle(const char *service) { + printf("Module oracle / ora is optionally taking the ORACLE SID, default is " + "\"ORCL\"\n\n"); } diff --git a/hydra-pcanywhere.c b/hydra-pcanywhere.c index 483e6fd..ea450e1 100644 --- a/hydra-pcanywhere.c +++ b/hydra-pcanywhere.c @@ -1,6 +1,6 @@ -//This plugin was written by +// This plugin was written by // -//PC-Anywhere authentication protocol test on Symantec PC-Anywhere 10.5 +// PC-Anywhere authentication protocol test on Symantec PC-Anywhere 10.5 // // no memleaks found on 110425 @@ -71,7 +71,6 @@ void pca_encrypt(char *cleartxt) { passwd[strlen(passwd)] = '\0'; strcpy(cleartxt, passwd); } - } void pca_decrypt(char *password) { @@ -92,7 +91,7 @@ void debugprintf(char *msg) { printf("debug: %s\n", msg); } -int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char buffer[2048] = ""; @@ -119,7 +118,6 @@ int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char option server[3] = "Enter login name"; server[4] = "denying connection"; - if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -158,13 +156,15 @@ int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char option if (i == 0 || i == 3) clean_buffer(buffer, ret); - if (debug) show_buffer(buffer, ret); + if (debug) + show_buffer(buffer, ret); if (i == 2) { clean_buffer(buffer, ret); buffer[sizeof(buffer) - 1] = 0; if (strstr(buffer, server[i + 2]) != NULL) { - fprintf(stderr, "[ERROR] PC Anywhere host denying connection because you have requested a lower encrypt level\n"); + fprintf(stderr, "[ERROR] PC Anywhere host denying connection because " + "you have requested a lower encrypt level\n"); return 3; } } @@ -224,7 +224,7 @@ int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char option return 1; } -void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_PCANYWHERE, mysslport = PORT_PCANYWHERE_SSL; @@ -233,9 +233,8 @@ void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscp return; while (1) { - switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); usleepn(275); @@ -251,7 +250,8 @@ void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscp port = mysslport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -278,13 +278,13 @@ void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscp } } -int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-pcnfs.c b/hydra-pcnfs.c index dc9e41a..3f9a963 100644 --- a/hydra-pcnfs.c +++ b/hydra-pcnfs.c @@ -5,11 +5,11 @@ extern char *HYDRA_EXIT; char *buf; -#define LEN_HDR_RPC 24 -#define LEN_AUTH_UNIX 72+12 +#define LEN_HDR_RPC 24 +#define LEN_AUTH_UNIX 72 + 12 /* RPC common hdr */ -struct rpc_hdr { /* 24 */ +struct rpc_hdr { /* 24 */ unsigned long xid; unsigned long type_msg; unsigned long version_rpc; @@ -29,11 +29,11 @@ struct pr_auth_args { char comments[255]; }; -#define LEN_HDR_PCN_AUTH sizeof(struct pr_auth_args) +#define LEN_HDR_PCN_AUTH sizeof(struct pr_auth_args) /* Lets start ... */ -int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[LEN_HDR_RPC + LEN_AUTH_UNIX + LEN_HDR_PCN_AUTH]; char *ptr, *pkt = buffer; @@ -51,22 +51,24 @@ int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, ch memset(pkt, 0, sizeof(buffer)); - rpch = (struct rpc_hdr *) (pkt); - authp = (unsigned long *) (pkt + LEN_HDR_RPC); - prh = (struct pr_auth_args *) (pkt + LEN_HDR_RPC + LEN_AUTH_UNIX); + rpch = (struct rpc_hdr *)(pkt); + authp = (unsigned long *)(pkt + LEN_HDR_RPC); + prh = (struct pr_auth_args *)(pkt + LEN_HDR_RPC + LEN_AUTH_UNIX); rpch->xid = htonl(0x32544843); rpch->type_msg = htonl(0); rpch->version_rpc = htonl(2); rpch->prog_id = htonl(150001); rpch->prog_ver = htonl(2); - rpch->prog_proc = htonl(13); /* PCNFSD_PROC_PRAUTH */ + rpch->prog_proc = htonl(13); /* PCNFSD_PROC_PRAUTH */ prh->len_clnt = htonl(63); prh->len_id = htonl(31); prh->len_passwd = htonl(63); prh->len_comments = htonl(254); - strcpy(prh->comments, " Hydra - THC password cracker - visit https://github.com/vanhauser-thc/thc-hydra - use only allowed for legal purposes "); + strcpy(prh->comments, " Hydra - THC password cracker - visit " + "https://github.com/vanhauser-thc/thc-hydra - use only " + "allowed for legal purposes "); strcpy(prh->name, "localhost"); ptr = prh->id; @@ -82,16 +84,16 @@ int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, ch } *ptr = 0; - gettimeofday(&tv, (struct timezone *) NULL); - *(authp) = htonl(1); /* auth unix */ - *(++authp) = htonl(LEN_AUTH_UNIX - 16); /* length auth */ - *(++authp) = htonl(tv.tv_sec); /* local time */ - *(++authp) = htonl(9); /* length host */ - strcpy((char *) ++authp, "localhost"); /* hostname */ - authp += (3); /* len(host)%4 */ - *(authp) = htonl(0); /* uid root */ - *(++authp) = htonl(0); /* gid root */ - *(++authp) = htonl(9); /* 9 gid grps */ + gettimeofday(&tv, (struct timezone *)NULL); + *(authp) = htonl(1); /* auth unix */ + *(++authp) = htonl(LEN_AUTH_UNIX - 16); /* length auth */ + *(++authp) = htonl(tv.tv_sec); /* local time */ + *(++authp) = htonl(9); /* length host */ + strcpy((char *)++authp, "localhost"); /* hostname */ + authp += (3); /* len(host)%4 */ + *(authp) = htonl(0); /* uid root */ + *(++authp) = htonl(0); /* gid root */ + *(++authp) = htonl(9); /* 9 gid grps */ /* group root, bin, daemon, sys, adm, disk, wheel, floppy, "user gid" */ *(++authp) = htonl(0); *(++authp) = htonl(1); @@ -113,7 +115,7 @@ int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -/* analyze the output */ + /* analyze the output */ if (buf[2] != 'g' || buf[5] != 32) { fprintf(stderr, "[ERROR] RPC answer status : bad proc/version/auth\n"); free(buf); @@ -136,7 +138,7 @@ int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); @@ -155,22 +157,23 @@ void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, F while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((sock = hydra_connect_udp(ip, port)) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((sock = hydra_connect_udp(ip, port)) < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); } - case 2: /* run the cracking function */ + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_pcnfs(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -183,13 +186,13 @@ void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, F } } -int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-pop3.c b/hydra-pop3.c index 91d9c48..78f29bc 100644 --- a/hydra-pop3.c +++ b/hydra-pop3.c @@ -1,12 +1,12 @@ #include "hydra-mod.h" #include "sasl.h" -//openssl s_client -starttls pop3 -crlf -connect 192.168.0.10:110 +// openssl s_client -starttls pop3 -crlf -connect 192.168.0.10:110 typedef struct pool_str { char ip[36]; - /* int32_t port;*/// not needed + /* int32_t port;*/ // not needed int32_t pop3_auth_mechanism; int32_t disable_tls; struct pool_str *next; @@ -18,7 +18,7 @@ char apop_challenge[300] = ""; pool *plist = NULL, *p = NULL; /* functions */ -int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); pool *list_create(pool data) { pool *p; @@ -27,7 +27,7 @@ pool *list_create(pool data) { return NULL; memcpy(p->ip, data.ip, 36); - //p->port = data.port; + // p->port = data.port; p->pop3_auth_mechanism = data.pop3_auth_mechanism; p->disable_tls = data.disable_tls; p->next = NULL; @@ -40,7 +40,7 @@ pool *list_insert(pool data) { newnode = list_create(data); newnode->next = plist; - plist = newnode->next; // to be sure! + plist = newnode->next; // to be sure! return newnode; } @@ -59,7 +59,7 @@ pool *list_find(char *ip) { /* how to know when to release the mem ? -> well, after _start has determined which pool number it is */ -int32_t list_remove(pool * node) { +int32_t list_remove(pool *node) { pool *save, *list = plist; int32_t ok = -1; @@ -88,18 +88,18 @@ char *pop3_read_server_capacity(int32_t sock) { free(buf); ptr = buf = hydra_receive_line(sock); if (buf != NULL) { + /* + exchange capa: -/* -exchange capa: + +OK + UIDL + STLS -+OK -UIDL -STLS - -*/ + */ if (strstr(buf, "\r\n.\r\n") != NULL && buf[0] == '+') { resp = 1; - /* we got the capability info then get the completed warning info from server */ + /* we got the capability info then get the completed warning info from + * server */ while (hydra_data_ready(sock)) { free(buf); buf = hydra_receive_line(sock); @@ -117,7 +117,7 @@ STLS return buf; } -int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\""; char *login, *pass, buffer[500], buffer2[500], *fooptr; @@ -134,235 +134,226 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha switch (p->pop3_auth_mechanism) { #ifdef LIBOPENSSL - case AUTH_APOP:{ - MD5_CTX c; - unsigned char md5_raw[MD5_DIGEST_LENGTH]; - int32_t i; - char *pbuffer = buffer2; + case AUTH_APOP: { + MD5_CTX c; + unsigned char md5_raw[MD5_DIGEST_LENGTH]; + int32_t i; + char *pbuffer = buffer2; - MD5_Init(&c); - MD5_Update(&c, apop_challenge, strlen(apop_challenge)); - MD5_Update(&c, pass, strlen(pass)); - MD5_Final(md5_raw, &c); + MD5_Init(&c); + MD5_Update(&c, apop_challenge, strlen(apop_challenge)); + MD5_Update(&c, pass, strlen(pass)); + MD5_Final(md5_raw, &c); - for (i = 0; i < MD5_DIGEST_LENGTH; i++) { - sprintf(pbuffer, "%02x", md5_raw[i]); - pbuffer += 2; - } - sprintf(buffer, "APOP %s %s\r\n", login, buffer2); + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", md5_raw[i]); + pbuffer += 2; } - break; + sprintf(buffer, "APOP %s %s\r\n", login, buffer2); + } break; #endif - case AUTH_LOGIN:{ - sprintf(buffer, "AUTH LOGIN\r\n"); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); - free(buf); - return 3; - } - free(buf); - strcpy(buffer2, login); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - - sprintf(buffer, "%.250s\r\n", buffer2); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - - if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); - free(buf); - return 3; - } - free(buf); - strcpy(buffer2, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%.250s\r\n", buffer2); + case AUTH_LOGIN: { + sprintf(buffer, "AUTH LOGIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; } - break; - - case AUTH_PLAIN:{ - sprintf(buffer, "AUTH PLAIN\r\n"); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] POP3 PLAIN AUTH : %s\n", buf); - free(buf); - return 3; - } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); free(buf); - - memset(buffer, 0, sizeof(buffer)); - sasl_plain(buffer, login, pass); - - char tmp_buffer[sizeof(buffer)]; - sprintf(tmp_buffer, "%.250s\r\n", buffer); - strcpy(buffer, tmp_buffer); + return 3; } - break; + free(buf); + strcpy(buffer2, login); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + + sprintf(buffer, "%.250s\r\n", buffer2); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + strcpy(buffer2, pass); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%.250s\r\n", buffer2); + } break; + + case AUTH_PLAIN: { + sprintf(buffer, "AUTH PLAIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 PLAIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + memset(buffer, 0, sizeof(buffer)); + sasl_plain(buffer, login, pass); + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + } break; #ifdef LIBOPENSSL case AUTH_CRAMMD5: case AUTH_CRAMSHA1: - case AUTH_CRAMSHA256:{ - int32_t rc = 0; - char *preplogin; + case AUTH_CRAMSHA256: { + int32_t rc = 0; + char *preplogin; - rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - if (rc) { - return 3; - } + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + switch (p->pop3_auth_mechanism) { + case AUTH_CRAMMD5: + sprintf(buffer, "AUTH CRAM-MD5\r\n"); + break; + case AUTH_CRAMSHA1: + sprintf(buffer, "AUTH CRAM-SHA1\r\n"); + break; + case AUTH_CRAMSHA256: + sprintf(buffer, "AUTH CRAM-SHA256\r\n"); + break; + } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + // get the one-time BASE64 encoded challenge + + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { switch (p->pop3_auth_mechanism) { case AUTH_CRAMMD5: - sprintf(buffer, "AUTH CRAM-MD5\r\n"); + hydra_report(stderr, "[ERROR] POP3 CRAM-MD5 AUTH : %s\n", buf); break; case AUTH_CRAMSHA1: - sprintf(buffer, "AUTH CRAM-SHA1\r\n"); + hydra_report(stderr, "[ERROR] POP3 CRAM-SHA1 AUTH : %s\n", buf); break; case AUTH_CRAMSHA256: - sprintf(buffer, "AUTH CRAM-SHA256\r\n"); + hydra_report(stderr, "[ERROR] POP3 CRAM-SHA256 AUTH : %s\n", buf); break; } - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - //get the one-time BASE64 encoded challenge - - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - if (buf[0] != '+') { - switch (p->pop3_auth_mechanism) { - case AUTH_CRAMMD5: - hydra_report(stderr, "[ERROR] POP3 CRAM-MD5 AUTH : %s\n", buf); - break; - case AUTH_CRAMSHA1: - hydra_report(stderr, "[ERROR] POP3 CRAM-SHA1 AUTH : %s\n", buf); - break; - case AUTH_CRAMSHA256: - hydra_report(stderr, "[ERROR] POP3 CRAM-SHA256 AUTH : %s\n", buf); - break; - } - free(buf); - return 3; - } - - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 2); free(buf); - - memset(buffer2, 0, sizeof(buffer2)); - - switch (p->pop3_auth_mechanism) { - case AUTH_CRAMMD5:{ - sasl_cram_md5(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - case AUTH_CRAMSHA1:{ - sasl_cram_sha1(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - case AUTH_CRAMSHA256:{ - sasl_cram_sha256(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - } - hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); - - char tmp_buffer[sizeof(buffer)]; - sprintf(tmp_buffer, "%.250s\r\n", buffer); - strcpy(buffer, tmp_buffer); - free(preplogin); + return 3; } - break; - case AUTH_DIGESTMD5:{ - sprintf(buffer, "AUTH DIGEST-MD5\r\n"); + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 2); + free(buf); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] POP3 DIGEST-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf); + memset(buffer2, 0, sizeof(buffer2)); + + switch (p->pop3_auth_mechanism) { + case AUTH_CRAMMD5: { + sasl_cram_md5(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + case AUTH_CRAMSHA1: { + sasl_cram_sha1(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + case AUTH_CRAMSHA256: { + sasl_cram_sha256(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + } + hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + free(preplogin); + } break; + + case AUTH_DIGESTMD5: { + sprintf(buffer, "AUTH DIGEST-MD5\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 DIGEST-MD5 AUTH : %s\n", buf); free(buf); - - if (debug) - hydra_report(stderr, "[DEBUG] S: %s\n", buffer); - - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); - if (fooptr == NULL) - return 3; - - if (debug) - hydra_report(stderr, "[DEBUG] C: %s\n", buffer2); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s\r\n", buffer2); + return 3; } - break; + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf); + free(buf); + + if (debug) + hydra_report(stderr, "[DEBUG] S: %s\n", buffer); + + fooptr = buffer2; + sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); + if (fooptr == NULL) + return 3; + + if (debug) + hydra_report(stderr, "[DEBUG] C: %s\n", buffer2); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } break; #endif - case AUTH_NTLM:{ - unsigned char buf1[4096]; - unsigned char buf2[4096]; + case AUTH_NTLM: { + unsigned char buf1[4096]; + unsigned char buf2[4096]; - //Send auth request - sprintf(buffer, "AUTH NTLM\r\n"); + // Send auth request + sprintf(buffer, "AUTH NTLM\r\n"); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] POP3 NTLM AUTH : %s\n", buf); - free(buf); - return 3; - } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 NTLM AUTH : %s\n", buf); free(buf); - //send auth and receive challenge - //send auth request: lst the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); - - sprintf(buffer, "%s\r\n", buf1); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - if ((buf = hydra_receive_line(s)) == NULL || strlen(buf) < 6) - return 4; - - //recover challenge - from64tobits((char *) buf1, buf + 2); - free(buf); - - //Send response - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - - sprintf(buffer, "%s\r\n", buf1); + return 3; } - break; + free(buf); + // send auth and receive challenge + // send auth request: lst the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); + + sprintf(buffer, "%s\r\n", buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + if ((buf = hydra_receive_line(s)) == NULL || strlen(buf) < 6) + return 4; + + // recover challenge + from64tobits((char *)buf1, buf + 2); + free(buf); + + // Send response + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + + sprintf(buffer, "%s\r\n", buf1); + } break; default: sprintf(buffer, "USER %.250s\r\n", login); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -413,11 +404,11 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha return 2; } -void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; char *ptr = NULL; - //extract data from the pool, ip is the key + // extract data from the pool, ip is the key if (plist == NULL) if (service_pop3_init(ip, sp, options, miscptr, fp, port, hostname) != 0) hydra_child_exit(2); @@ -433,10 +424,9 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; - while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); @@ -448,11 +438,11 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); - if (buf == NULL || buf[0] != '+') { /* check the first line */ + if (buf == NULL || buf[0] != '+') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf); hydra_child_exit(2); @@ -470,11 +460,13 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI #ifdef LIBOPENSSL if (!p->disable_tls) { - /* check for STARTTLS, if available we may have access to more basic auth methods */ + /* check for STARTTLS, if available we may have access to more basic + * auth methods */ hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); buf = hydra_receive_line(sock); if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer " + "received from STARTTLS request\n"); } else { free(buf); if ((hydra_connect_to_ssl(sock, hostname) == -1)) { @@ -491,15 +483,15 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_pop3(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; - case 4: /* clean exit */ + case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -512,8 +504,7 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } } - -int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t myport = PORT_POP3, mysslport = PORT_POP3_SSL; char *ptr = NULL; int32_t sock = -1; @@ -537,11 +528,11 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int32_t)getpid()); return -1; } buf = hydra_receive_line(sock); - if (buf == NULL || buf[0] != '+') { /* check the first line */ + if (buf == NULL || buf[0] != '+') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf); return -1; @@ -575,7 +566,7 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis int32_t i; for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int32_t) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) { p.disable_tls = 0; @@ -584,13 +575,15 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis #ifdef LIBOPENSSL if (!p.disable_tls) { - /* check for STARTTLS, if available we may have access to more basic auth methods */ + /* check for STARTTLS, if available we may have access to more basic auth + * methods */ if (strstr(buf, "STLS") != NULL) { hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); free(buf); buf = hydra_receive_line(sock); if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer " + "received from STARTTLS request\n"); } else { free(buf); if ((hydra_connect_to_ssl(sock, hostname) == -1)) { @@ -616,16 +609,16 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis } } } else - hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not " + "supported by the server\n"); } #endif if (hydra_send(sock, quit_str, strlen(quit_str), 0) < 0) { - //we don't care if the server is not receiving the quit msg + // we don't care if the server is not receiving the quit msg } hydra_disconnect(sock); - if (verbose) hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); @@ -648,7 +641,8 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis which are supported. */ - /* which mean threre will *always* have a space before the LOGIN auth keyword */ + /* which mean threre will *always* have a space before the LOGIN auth keyword + */ if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) { p.pop3_auth_mechanism = AUTH_NTLM; } @@ -688,12 +682,10 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis #else p.pop3_auth_mechanism = AUTH_CLEAR; #endif - } free(buf); if ((miscptr != NULL) && (strlen(miscptr) > 0)) { - if (strstr(miscptr, "CLEAR")) p.pop3_auth_mechanism = AUTH_CLEAR; @@ -722,7 +714,6 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis if (strstr(miscptr, "NTLM")) p.pop3_auth_mechanism = AUTH_NTLM; - } if (verbose) { @@ -765,7 +756,6 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis case AUTH_NTLM: hydra_report(stderr, "[VERBOSE] using POP3 NTLM AUTH mechanism\n"); break; - } } @@ -777,8 +767,11 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis return 0; } -void usage_pop3(const char* service) { +void usage_pop3(const char *service) { printf("Module pop3 is optionally taking one authentication type of:\n" " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); + " CRAM-SHA256, DIGEST-MD5, NTLM.\n" + "Additionally TLS encryption via STLS can be enforced with the TLS " + "option.\n\n" + "Example: pop3://target/TLS:PLAIN\n"); } diff --git a/hydra-postgres.c b/hydra-postgres.c index 0be1363..7f958f7 100644 --- a/hydra-postgres.c +++ b/hydra-postgres.c @@ -1,26 +1,24 @@ /* - * PostgresSQL Support - by Diaul (at) devilopers.org + * PostgresSQL Support - by Diaul (at) devilopers.org + * * - * * 110425 no obvious memleaks found */ #include "hydra-mod.h" #ifndef LIBPOSTGRES -void dummy_postgres() { - printf("\n"); -} +void dummy_postgres() { printf("\n"); } #else -#include "libpq-fe.h" // Postgres connection functions +#include "libpq-fe.h" // Postgres connection functions #include #define DEFAULT_DB "template1" extern char *HYDRA_EXIT; -int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char database[256]; @@ -42,7 +40,6 @@ int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, * Building the connection string */ - snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass); if (verbose) @@ -65,7 +62,7 @@ int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, return 1; } -void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_POSTGRES, mysslport = PORT_POSTGRES_SSL; @@ -74,12 +71,11 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr return; while (1) { - switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(275); + // usleepn(275); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -92,14 +88,15 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr port = mysslport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: /* - * Here we start the password cracking process + * Here we start the password cracking process */ next_run = start_postgres(sock, ip, port, options, miscptr, fp); break; @@ -118,13 +115,13 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr #endif -int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -132,6 +129,7 @@ int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char return 0; } -void usage_postgres(const char* service) { - printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); +void usage_postgres(const char *service) { + printf("Module postgres is optionally taking the database to attack, default " + "is \"template1\"\n\n"); } diff --git a/hydra-radmin2.c b/hydra-radmin2.c index e72c838..8c417d3 100644 --- a/hydra-radmin2.c +++ b/hydra-radmin2.c @@ -7,42 +7,42 @@ extern char *HYDRA_EXIT; -//RAdmin 2.x +// RAdmin 2.x struct rmessage { - uint8_t magic; //Indicates version, probably? - uint32_t length; //Total message size of data. - uint32_t checksum; //Checksum from type to end of data. - uint8_t type; //Command type, table below. - unsigned char data[32]; //data to be sent. + uint8_t magic; // Indicates version, probably? + uint32_t length; // Total message size of data. + uint32_t checksum; // Checksum from type to end of data. + uint8_t type; // Command type, table below. + unsigned char data[32]; // data to be sent. }; /* * Usage: sum = checksum(message); - * Function: Returns a 4 byte little endian sum of the messages typecode+data. This data is zero padded for alignment. - * Example message (big endian): - * [01][00000021][0f43d461] sum([1b6e779a f37189bb c1b22982 c80d1f4d 66678ff9 4b10f0ce eabff6e8 f4fb8338 3b] + zeropad(3)]) - * Sum: is 0f43d461 (big endian) + * Function: Returns a 4 byte little endian sum of the messages typecode+data. + * This data is zero padded for alignment. Example message (big endian): + * [01][00000021][0f43d461] sum([1b6e779a f37189bb c1b22982 c80d1f4d 66678ff9 + * 4b10f0ce eabff6e8 f4fb8338 3b] + zeropad(3)]) Sum: is 0f43d461 (big endian) */ uint32_t checksum(struct rmessage *msg) { int32_t blen; uint8_t *stream; uint32_t sum; - blen = msg->length; //Get the real length. + blen = msg->length; // Get the real length. blen += (4 - (blen % 4)); - //Allocate a worksapce. + // Allocate a worksapce. stream = calloc(blen, sizeof(uint8_t)); memcpy(stream, &msg->type, sizeof(uint8_t)); - memcpy(stream+1, msg->data, blen-1); + memcpy(stream + 1, msg->data, blen - 1); sum = 0; - for(blen -= sizeof(uint32_t); blen > 0; blen -= sizeof(uint32_t)) { + for (blen -= sizeof(uint32_t); blen > 0; blen -= sizeof(uint32_t)) { sum += *(uint32_t *)(stream + blen); } sum += *(uint32_t *)stream; - //Free the workspace. + // Free the workspace. free(stream); return sum; @@ -50,7 +50,8 @@ uint32_t checksum(struct rmessage *msg) { /* * Usage: challenge_request(message); - * Function: Modifies message to reflect a request for a challenge. Updates the checksum as appropriate. + * Function: Modifies message to reflect a request for a challenge. Updates the + * checksum as appropriate. */ void challenge_request(struct rmessage *msg) { msg->magic = 0x01; @@ -61,7 +62,8 @@ void challenge_request(struct rmessage *msg) { /* * Usage: challenge_request(message); - * Function: Modifies message to reflect a response to a challenge. Updates the checksum as appropriate. + * Function: Modifies message to reflect a response to a challenge. Updates the + * checksum as appropriate. */ void challenge_response(struct rmessage *msg, unsigned char *solution) { msg->magic = 0x01; @@ -72,46 +74,47 @@ void challenge_response(struct rmessage *msg, unsigned char *solution) { } /* - * Usage: buffer = message2buffer(message); send(buffer, message->length + 10); free(buffer) - * Function: Allocates a buffer for transmission and fills the buffer with message data such that it is ready to transmit. + * Usage: buffer = message2buffer(message); send(buffer, message->length + 10); + * free(buffer) Function: Allocates a buffer for transmission and fills the + * buffer with message data such that it is ready to transmit. */ -//TODO: conver to a sendMessage() function? +// TODO: conver to a sendMessage() function? char *message2buffer(struct rmessage *msg) { char *data; - if(msg == NULL) { + if (msg == NULL) { hydra_report(stderr, "rmessage is null\n"); hydra_child_exit(0); return NULL; } - switch(msg->type) { - case 0x1b: //Challenge request - data = (char *)calloc (10, sizeof(char)); - if(data == NULL) { - hydra_report(stderr, "calloc failure\n"); - hydra_child_exit(0); - } - memcpy(data, &msg->magic, sizeof(char)); - *((int32_t *)(data+1)) = htonl(msg->length); - *((int32_t *)(data+5)) = htonl(msg->checksum); - memcpy((data+9), &msg->type, sizeof(char)); - break; - case 0x09: - data = (char *)calloc (42, sizeof(char)); - if(data == NULL) { - hydra_report(stderr, "calloc failure\n"); - hydra_child_exit(0); - } - memcpy(data, &msg->magic, sizeof(char)); - *((int32_t *)(data+1)) = htonl(msg->length); - *((int32_t *)(data+5)) = htonl(msg->checksum); - memcpy((data+9), &msg->type, sizeof(char)); - memcpy((data+10), msg->data, sizeof(char) * 32); - break; - default: - hydra_report(stderr, "unknown rmessage type\n"); + switch (msg->type) { + case 0x1b: // Challenge request + data = (char *)calloc(10, sizeof(char)); + if (data == NULL) { + hydra_report(stderr, "calloc failure\n"); hydra_child_exit(0); - return NULL; + } + memcpy(data, &msg->magic, sizeof(char)); + *((int32_t *)(data + 1)) = htonl(msg->length); + *((int32_t *)(data + 5)) = htonl(msg->checksum); + memcpy((data + 9), &msg->type, sizeof(char)); + break; + case 0x09: + data = (char *)calloc(42, sizeof(char)); + if (data == NULL) { + hydra_report(stderr, "calloc failure\n"); + hydra_child_exit(0); + } + memcpy(data, &msg->magic, sizeof(char)); + *((int32_t *)(data + 1)) = htonl(msg->length); + *((int32_t *)(data + 5)) = htonl(msg->checksum); + memcpy((data + 9), &msg->type, sizeof(char)); + memcpy((data + 10), msg->data, sizeof(char) * 32); + break; + default: + hydra_report(stderr, "unknown rmessage type\n"); + hydra_child_exit(0); + return NULL; } return data; } @@ -119,12 +122,12 @@ char *message2buffer(struct rmessage *msg) { struct rmessage *buffer2message(char *buffer) { struct rmessage *msg; msg = calloc(1, sizeof(struct rmessage)); - if(msg == NULL) { + if (msg == NULL) { hydra_report(stderr, "calloc failure\n"); hydra_child_exit(0); } - //Start parsing... + // Start parsing... msg->magic = buffer[0]; buffer += sizeof(char); msg->length = ntohl(*((uint32_t *)(buffer))); @@ -134,41 +137,38 @@ struct rmessage *buffer2message(char *buffer) { msg->type = buffer[0]; buffer += sizeof(char); - //Verify known fields... - if(msg->magic != 0x01) { + // Verify known fields... + if (msg->magic != 0x01) { hydra_report(stderr, "Bad magic\n"); hydra_child_exit(0); return NULL; } - switch(msg->type) { - case 0x1b: - if(msg->length != 0x21) { - hydra_report(stderr, "Bad length...%08x\n", msg->length); - hydra_child_exit(0); - return NULL; - } - memcpy(msg->data, buffer, 32); - break; - case 0x0a: - //Win! - case 0x0b: - //Lose! - break; - default: - hydra_report(stderr, "unknown rmessage type"); + switch (msg->type) { + case 0x1b: + if (msg->length != 0x21) { + hydra_report(stderr, "Bad length...%08x\n", msg->length); hydra_child_exit(0); return NULL; + } + memcpy(msg->data, buffer, 32); + break; + case 0x0a: + // Win! + case 0x0b: + // Lose! + break; + default: + hydra_report(stderr, "unknown rmessage type"); + hydra_child_exit(0); + return NULL; } return msg; } +int32_t start_radmin2(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { return 0; } -int32_t start_radmin2(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { - return 0; -} - -void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { #ifdef HAVE_GCRYPT int32_t sock = -1; int32_t index; @@ -185,7 +185,7 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, gcry_cipher_hd_t cipher; gcry_md_hd_t md; - if(port != 0) { + if (port != 0) { myport = port; } @@ -193,14 +193,13 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, memset(buffer, 0x00, sizeof(buffer)); - //Phone the mother ship + // Phone the mother ship hydra_register_socket(sp); - if( memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { return; } - while(1) { - + while (1) { /* Typical conversation goes as follows... 0) connect to server 1) request challenge @@ -210,7 +209,7 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, */ // 0) Connect to the server sock = hydra_connect_tcp(ip, myport); - if(sock < 0) { + if (sock < 0) { hydra_report(stderr, "Error: Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -220,140 +219,164 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, challenge_request(msg); request = message2buffer(msg); hydra_send(sock, request, 10, 0); - free(msg); + free(msg); free(request); - //2) receive response (working) + // 2) receive response (working) index = 0; - while(index < 42) { //We're always expecting back a 42 byte buffer from a challenge request. - switch(hydra_data_ready(sock)) { - case -1: - hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno)); + while (index < 42) { // We're always expecting back a 42 byte buffer from a + // challenge request. + switch (hydra_data_ready(sock)) { + case -1: + hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno)); + hydra_child_exit(1); + break; + case 0: + // keep waiting... + break; + default: + bytecount = hydra_recv(sock, buffer + index, 42 - index); + if (bytecount < 0) { + hydra_report(stderr, + "Error: Child with pid %d terminating, receive " + "error\nerror:\t%s\n", + (int32_t)getpid(), strerror(errno)); hydra_child_exit(1); - break; - case 0: - //keep waiting... - break; - default: - bytecount = hydra_recv(sock, buffer+index, 42 - index); - if(bytecount < 0) { - hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno)); - hydra_child_exit(1); - } - index += bytecount; + } + index += bytecount; } } - //3) Send challenge solution. + // 3) Send challenge solution. - // Get a password to work with. - memset(password, 0x00, sizeof(password)); - memset(encrypted, 0x00, sizeof(encrypted)); + // Get a password to work with. + memset(password, 0x00, sizeof(password)); + memset(encrypted, 0x00, sizeof(encrypted)); hydra_get_next_pair(); - strncpy(password, hydra_get_next_password(), sizeof(password)-1); + strncpy(password, hydra_get_next_password(), sizeof(password) - 1); - //MD5 the password to generate the password key, this is used with twofish below. + // MD5 the password to generate the password key, this is used with twofish + // below. err = gcry_md_open(&md, GCRY_MD_MD5, 0); - if(err) { - hydra_report(stderr, "Error: Child with pid %d terminating, gcry_md_open error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); + if (err) { + hydra_report(stderr, + "Error: Child with pid %d terminating, gcry_md_open error " + "(%08x)\n%s/%s", + (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); hydra_child_exit(1); } gcry_md_reset(md); gcry_md_write(md, password, 100); - if(gcry_md_read(md, 0) == NULL) { + if (gcry_md_read(md, 0) == NULL) { hydra_report(stderr, "Error: Child with pid %d terminating, gcry_md_read error (%08x)\n", (int32_t)getpid(), index); hydra_child_exit(1); } memcpy(rawkey, gcry_md_read(md, 0), 16); gcry_md_close(md); - //3.a) generate a new message from the buffer + // 3.a) generate a new message from the buffer msg = buffer2message(buffer); - //3.b) encrypt data received using pkey & known IV - err= gcry_cipher_open(&cipher, GCRY_CIPHER_TWOFISH128, GCRY_CIPHER_MODE_CBC, 0); - if(err) { - hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_open error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); + // 3.b) encrypt data received using pkey & known IV + err = gcry_cipher_open(&cipher, GCRY_CIPHER_TWOFISH128, GCRY_CIPHER_MODE_CBC, 0); + if (err) { + hydra_report(stderr, + "Error: Child with pid %d terminating, gcry_cipher_open " + "error (%08x)\n%s/%s", + (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); hydra_child_exit(1); } err = gcry_cipher_setiv(cipher, IV, 16); - if(err) { - hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_setiv error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); + if (err) { + hydra_report(stderr, + "Error: Child with pid %d terminating, gcry_cipher_setiv " + "error (%08x)\n%s/%s", + (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); hydra_child_exit(1); } err = gcry_cipher_setkey(cipher, rawkey, 16); - if(err) { - hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_setkey error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); + if (err) { + hydra_report(stderr, + "Error: Child with pid %d terminating, gcry_cipher_setkey " + "error (%08x)\n%s/%s", + (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); hydra_child_exit(1); } err = gcry_cipher_encrypt(cipher, encrypted, 32, msg->data, 32); - if(err) { - hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_encrypt error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); + if (err) { + hydra_report(stderr, + "Error: Child with pid %d terminating, gcry_cipher_encrypt " + "error (%08x)\n%s/%s", + (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); hydra_child_exit(1); } gcry_cipher_close(cipher); - //3.c) half sum - this is the solution to the challenge. - for(index=0; index < 16; index++) { - *(encrypted+index) += *(encrypted+index+16); + // 3.c) half sum - this is the solution to the challenge. + for (index = 0; index < 16; index++) { + *(encrypted + index) += *(encrypted + index + 16); } - memset((encrypted+16), 0x00, 16); + memset((encrypted + 16), 0x00, 16); - //3.d) send half sum + // 3.d) send half sum challenge_response(msg, encrypted); request = message2buffer(msg); hydra_send(sock, request, 42, 0); free(msg); free(request); - //4) receive auth success/failure + // 4) receive auth success/failure index = 0; - while(index < 10) { //We're always expecting back a 42 byte buffer from a challenge request. - switch(hydra_data_ready(sock)) { - case -1: - hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno)); + while (index < 10) { // We're always expecting back a 42 byte buffer from a + // challenge request. + switch (hydra_data_ready(sock)) { + case -1: + hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno)); + hydra_child_exit(1); + break; + case 0: + // keep waiting... + break; + default: + bytecount = hydra_recv(sock, buffer + index, 10 - index); + if (bytecount < 0) { + hydra_report(stderr, + "Error: Child with pid %d terminating, receive " + "error\nerror:\t%s\n", + (int32_t)getpid(), strerror(errno)); hydra_child_exit(1); - break; - case 0: - //keep waiting... - break; - default: - bytecount = hydra_recv(sock, buffer+index, 10 - index); - if(bytecount < 0) { - hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno)); - hydra_child_exit(1); - } - index += bytecount; + } + index += bytecount; } } msg = buffer2message(buffer); - switch(msg->type) { - case 0x0a: - hydra_completed_pair_found(); - break; - case 0x0b: - hydra_completed_pair(); - hydra_disconnect(sock); - break; - default: - hydra_report(stderr, "Error: Child with pid %d terminating, protocol error\n", (int32_t)getpid()); - hydra_child_exit(2); + switch (msg->type) { + case 0x0a: + hydra_completed_pair_found(); + break; + case 0x0b: + hydra_completed_pair(); + hydra_disconnect(sock); + break; + default: + hydra_report(stderr, "Error: Child with pid %d terminating, protocol error\n", (int32_t)getpid()); + hydra_child_exit(2); } } #endif } -int32_t service_radmin2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_radmin2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-rdp.c b/hydra-rdp.c index 9b15fed..bd333ce 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -1,6 +1,6 @@ /* This module is using freerdp2 lib - + Tested on: - Windows 7 pro SP1 - Windows 10 pro build 1809 @@ -11,13 +11,11 @@ extern char *HYDRA_EXIT; #ifndef LIBFREERDP2 -void dummy_rdp() { - printf("\n"); -} +void dummy_rdp() { printf("\n"); } #else #include -freerdp * instance = 0; +freerdp *instance = 0; BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) { int32_t err = 0; @@ -34,7 +32,7 @@ BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *pa } /* Client program */ -int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char server[64]; @@ -56,39 +54,44 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, } login_result = rdp_connect(server, port, domain, login, pass); - switch(login_result){ - case 0: - // login success - hydra_report_found_host(port, ip, "rdp", fp); - hydra_completed_pair_found(); - break; - case 0x00020009: - case 0x00020014: - case 0x00020015: - // login failure - hydra_completed_pair(); - break; - case 0x0002000d: - hydra_report(stderr, "[%d][rdp] account on %s might be valid but account not active for remote desktop: login: %s password: %s, continuing attacking the account.\n", port, hydra_address2string_beautiful(ip), login, pass); - hydra_completed_pair(); - break; - case 0x00020006: - case 0x00020008: - case 0x0002000c: - // cannot establish rdp connection, either the port is not opened or it's not rdp - return 3; - default: - if (verbose) { - hydra_report(stderr, "[ERROR] freerdp: %s (0x%.8x)\n", freerdp_get_last_error_string(login_result), login_result); - } - return login_result; + switch (login_result) { + case 0: + // login success + hydra_report_found_host(port, ip, "rdp", fp); + hydra_completed_pair_found(); + break; + case 0x00020009: + case 0x00020014: + case 0x00020015: + // login failure + hydra_completed_pair(); + break; + case 0x0002000d: + hydra_report(stderr, + "[%d][rdp] account on %s might be valid but account not " + "active for remote desktop: login: %s password: %s, " + "continuing attacking the account.\n", + port, hydra_address2string_beautiful(ip), login, pass); + hydra_completed_pair(); + break; + case 0x00020006: + case 0x00020008: + case 0x0002000c: + // cannot establish rdp connection, either the port is not opened or it's + // not rdp + return 3; + default: + if (verbose) { + hydra_report(stderr, "[ERROR] freerdp: %s (0x%.8x)\n", freerdp_get_last_error_string(login_result), login_result); + } + return login_result; } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } -void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1; int32_t myport = PORT_RDP; @@ -101,15 +104,15 @@ void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL while (1) { next_run = 0; switch (run) { - case 1: /* run the cracking function */ + case 1: /* run the cracking function */ next_run = start_rdp(ip, myport, options, miscptr, fp); break; - case 2: /* clean exit */ + case 2: /* clean exit */ freerdp_disconnect(instance); freerdp_free(instance); hydra_child_exit(0); return; - case 3: /* connection error case */ + case 3: /* connection error case */ hydra_report(stderr, "[ERROR] freerdp: %s\n", "The connection failed to establish."); freerdp_free(instance); hydra_child_exit(1); @@ -121,20 +124,20 @@ void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } } -int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here // Disable freerdp output - wLog* root = WLog_GetRoot(); - WLog_SetStringLogLevel(root, "OFF"); + wLog *root = WLog_GetRoot(); + WLog_SetStringLogLevel(root, "OFF"); // Init freerdp instance instance = freerdp_new(); @@ -145,7 +148,9 @@ int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *misc return 0; } -void usage_rdp(const char* service) { - printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); +void usage_rdp(const char *service) { + printf("Module rdp is optionally taking the windows domain name.\n" + "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p " + "doe\n\n"); } #endif diff --git a/hydra-redis.c b/hydra-redis.c index c230453..179007c 100644 --- a/hydra-redis.c +++ b/hydra-redis.c @@ -3,7 +3,7 @@ extern char *HYDRA_EXIT; char *buf; -int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *pass, buffer[510]; char *empty = ""; @@ -51,7 +51,7 @@ int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, int32_t tls) { +void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, int32_t tls) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; @@ -61,7 +61,7 @@ void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscp while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -77,21 +77,21 @@ void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscp } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } usleepn(250); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_redis(sock, ip, port, options, miscptr, fp); break; - case 3: /* error exit */ + case 3: /* error exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); break; - case 4: /* clean exit */ + case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -104,32 +104,32 @@ void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscp } } -void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_redis_core(ip, sp, options, miscptr, fp, port, hostname, 0); -} +void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_redis_core(ip, sp, options, miscptr, fp, port, hostname, 0); } -/* -* Initial password authentication test and response test for the redis server, -* added by Petar Kaleychev -* The service_redis_init function is generating ping request as redis-cli (command line interface). -* You can use redis-cli to connect with Redis. After start of the redis-server in another terminal the following: -* % ./redis-cli -* redis> ping -* when the server does not require password, leads to: -* PONG -* when the server requires password, leads to: -* (error) NOAUTH Authentication required. -* or -* (error) ERR operation not permitted (for older redis versions) -* That is used for initial password authentication and redis server response tests in service_redis_init -*/ -int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +/* + * Initial password authentication test and response test for the redis server, + * added by Petar Kaleychev + * The service_redis_init function is generating ping request as redis-cli + * (command line interface). You can use redis-cli to connect with Redis. After + * start of the redis-server in another terminal the following: % ./redis-cli + * redis> ping + * when the server does not require password, leads to: + * PONG + * when the server requires password, leads to: + * (error) NOAUTH Authentication required. + * or + * (error) ERR operation not permitted (for older redis versions) + * That is used for initial password authentication and redis server response + * tests in service_redis_init + */ +int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // return codes: // 0 - when the server is redis and it requires password - // n - when the server is not redis or when the server does not require password + // n - when the server is not redis or when the server does not require + // password int32_t sock = -1; int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; @@ -148,7 +148,8 @@ int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *mi port = mysslport; } if (verbose) - printf("[VERBOSE] Initial redis password authentication test and response test ...\n"); + printf("[VERBOSE] Initial redis password authentication test and response " + "test ...\n"); if (sock < 0) { hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", myport); return 3; @@ -156,10 +157,10 @@ int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *mi // generating ping request as redis-cli if (debug) printf("[DEBUG] buffer = %s\n", buffer); - // [debug mode]: buffer is: - // *1 - // $4 - // ping + // [debug mode]: buffer is: + // *1 + // $4 + // ping if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { return 2; } diff --git a/hydra-rexec.c b/hydra-rexec.c index 4783bcc..3571527 100644 --- a/hydra-rexec.c +++ b/hydra-rexec.c @@ -6,7 +6,7 @@ extern char *HYDRA_EXIT; -int32_t start_rexec(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rexec(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; int32_t ret; @@ -44,7 +44,7 @@ int32_t start_rexec(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_REXEC, mysslport = PORT_REXEC_SSL; @@ -54,33 +54,33 @@ void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, F while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_rexec(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -88,19 +88,18 @@ void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, F default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); - } run = next_run; } } -int32_t service_rexec_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_rexec_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-rlogin.c b/hydra-rlogin.c index 36556b5..f9dc694 100644 --- a/hydra-rlogin.c +++ b/hydra-rlogin.c @@ -8,12 +8,11 @@ client have to use port from 512 -> 1023 or server is denying the connection no memleaks found on 110425 */ - #define TERM "vt100/9600" extern char *HYDRA_EXIT; -int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; int32_t ret; @@ -78,7 +77,8 @@ int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, c hydra_completed_pair(); } } else { - /* if password is asked a second time, it means the pass we provided is wrong */ + /* if password is asked a second time, it means the pass we provided is + * wrong */ hydra_completed_pair(); } @@ -87,7 +87,7 @@ int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, c return 1; } -void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL; @@ -98,35 +98,35 @@ void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - /* 512 -> 1023 */ - hydra_set_srcport(1023); - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + /* 512 -> 1023 */ + hydra_set_srcport(1023); + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_rlogin(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -139,13 +139,13 @@ void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, } } -int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-rpcap.c b/hydra-rpcap.c index ff15956..700d0cc 100644 --- a/hydra-rpcap.c +++ b/hydra-rpcap.c @@ -6,7 +6,7 @@ extern char *HYDRA_EXIT; char *buf; -int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[1024]; @@ -21,7 +21,8 @@ int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, ch char bfr4[] = " "; bfr4[0] = strlen(login) + strlen(pass) + 8; char bfr5[] = "\x00"; - char bfr6[] = "\x01"; // x01 - when a password is required, x00 - when no need of password + char bfr6[] = "\x01"; // x01 - when a password is required, x00 - when no need + // of password char bfr7[] = "\x00\x00\x00"; char bfr8[] = " "; bfr8[0] = strlen(login); @@ -57,13 +58,12 @@ int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, ch return 3; return 1; } -/* - if (strstr(buf, "Logon failure") == NULL) { - hydra_report(stderr, "[ERROR] rpcap error or service shutdown: %s\n", buf); - free(buf); - return 4; - } -*/ + /* + if (strstr(buf, "Logon failure") == NULL) { + hydra_report(stderr, "[ERROR] rpcap error or service shutdown: %s\n", + buf); free(buf); return 4; + } + */ free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -72,7 +72,7 @@ int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, ch return 2; } -void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_RPCAP, mysslport = PORT_RPCAP_SSL; @@ -81,10 +81,10 @@ void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, F return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); - //usleep(300000); + // usleep(300000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -99,15 +99,15 @@ void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, F if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_rpcap(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -120,7 +120,7 @@ void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, F } } -int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, performed once only. // return codes: // 0 - rpcap with authentication diff --git a/hydra-rsh.c b/hydra-rsh.c index 0ec7b2a..6bb3cac 100644 --- a/hydra-rsh.c +++ b/hydra-rsh.c @@ -12,7 +12,7 @@ no memleaks found on 110425 extern char *HYDRA_EXIT; -int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, buffer[300] = "", buffer2[100], *bptr = buffer2; int32_t ret; @@ -39,8 +39,8 @@ int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) buffer[ret] = 0; else /* 0x00 is sent but hydra_recv transformed it */ - if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) - buffer[ret] = 0; + if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) + buffer[ret] = 0; #ifdef HAVE_PCRE if (ret > 0 && (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)"))) { #else @@ -57,7 +57,7 @@ int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char return 1; } -void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_RSH, mysslport = PORT_RSH_SSL; @@ -68,34 +68,34 @@ void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - hydra_set_srcport(1023); - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + hydra_set_srcport(1023); + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_rsh(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -108,13 +108,13 @@ void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } } -int32_t service_rsh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_rsh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 018f432..5eb4166 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -6,17 +6,16 @@ // // -#include #include "hydra-mod.h" -#include #include "sasl.h" +#include +#include extern char *HYDRA_EXIT; char packet[500]; char packet2[500]; int32_t is_Unauthorized(char *s) { - if (strstr(s, "401 Unauthorized") != NULL) { return 1; } else { @@ -25,7 +24,6 @@ int32_t is_Unauthorized(char *s) { } int32_t is_NotFound(char *s) { - if (strstr(s, "404 Stream Not Found") != NULL) { return 1; } else { @@ -34,7 +32,6 @@ int32_t is_NotFound(char *s) { } int32_t is_Authorized(char *s) { - if (strstr(s, "200 OK") != NULL) { return 1; } else { @@ -43,7 +40,6 @@ int32_t is_Authorized(char *s) { } int32_t use_Basic_Auth(char *s) { - if (strstr(s, "WWW-Authenticate: Basic") != NULL) { return 1; } else { @@ -52,7 +48,6 @@ int32_t use_Basic_Auth(char *s) { } int32_t use_Digest_Auth(char *s) { - if (strstr(s, "WWW-Authenticate: Digest") != NULL) { return 1; } else { @@ -60,8 +55,6 @@ int32_t use_Digest_Auth(char *s) { } } - - void create_core_packet(int32_t control, char *ip, int32_t port) { char *target = hydra_address2string(ip); @@ -75,7 +68,7 @@ void create_core_packet(int32_t control, char *ip, int32_t port) { } } } -int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[1030], buffer2[500]; char *lresp; @@ -109,22 +102,19 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha } return 1; } else { - create_core_packet(1, ip, port); if (use_Basic_Auth(lresp) == 1) { - free(lresp); sprintf(buffer2, "%.249s:%.249s", login, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.500sAuthorization: : Basic %.500s\r\n\r\n", packet2, buffer2); if (debug) { hydra_report(stderr, "C:%s\n", buffer); } - } - else { + } else { if (use_Digest_Auth(lresp) == 1) { char *dbuf = NULL; char aux[500] = ""; @@ -136,7 +126,8 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha #ifdef LIBOPENSSL sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); #else - hydra_report(stderr, "[ERROR] Digest auth required but compiled without OpenSSL/MD5 support\n"); + hydra_report(stderr, "[ERROR] Digest auth required but compiled " + "without OpenSSL/MD5 support\n"); return 3; #endif @@ -163,7 +154,7 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha lresp = NULL; lresp = hydra_receive_line(s); - + if (lresp == NULL) { hydra_report(stderr, "[ERROR] no server reply\n"); return 1; @@ -177,7 +168,6 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha return 3; } return 1; - } free(lresp); hydra_completed_pair(); @@ -186,13 +176,13 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; -//not rechead + // not rechead return 2; } -void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; - int32_t myport = PORT_RTSP/*, mysslport = PORT_RTSP_SSL*/; + int32_t myport = PORT_RTSP /*, mysslport = PORT_RTSP_SSL*/; hydra_register_socket(sp); @@ -200,9 +190,8 @@ void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI return; while (1) { - switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) { sock = hydra_disconnect(sock); } @@ -215,16 +204,16 @@ void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_rtsp(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) { sock = hydra_disconnect(sock); } @@ -238,7 +227,7 @@ void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } } -int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-s7-300.c b/hydra-s7-300.c index 31b11aa..9f7f3a3 100644 --- a/hydra-s7-300.c +++ b/hydra-s7-300.c @@ -1,4 +1,5 @@ -// submitted by Alexander Timorin and Sergey Gordeychik +// submitted by Alexander Timorin and Sergey +// Gordeychik #include "hydra-mod.h" @@ -6,16 +7,24 @@ extern char *HYDRA_EXIT; -unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" "\x01\x0a"; +unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" + "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" + "\x01\x0a"; -unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" "\x01\x00\x01\x01\xe0"; +unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" + "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" + "\x01\x00\x01\x01\xe0"; -unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" "\x32\x00\x04"; +unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" + "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" + "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" + "\x32\x00\x04"; -unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" "\x04\x11\x45\x01\x00\xff\x09\x00\x08"; +unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" + "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" + "\x04\x11\x45\x01\x00\xff\x09\x00\x08"; - -int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass, buffer[1024]; char context[S7PASSLEN + 1]; @@ -45,7 +54,7 @@ int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, c } // send p_cotp and check first 2 bytes of answer - if (hydra_send(s, (char *) p_cotp, 22, 0) < 0) + if (hydra_send(s, (char *)p_cotp, 22, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); ret = hydra_recv_nb(s, buffer, sizeof(buffer)); @@ -57,7 +66,7 @@ int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, c return 3; // send p_s7_negotiate_pdu and check first 2 bytes of answer - if (hydra_send(s, (char *) p_s7_negotiate_pdu, 25, 0) < 0) + if (hydra_send(s, (char *)p_s7_negotiate_pdu, 25, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); ret = hydra_recv_nb(s, buffer, sizeof(buffer)); @@ -69,7 +78,7 @@ int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, c return 3; // send p_s7_read_szl and check first 2 bytes of answer - if (hydra_send(s, (char *) p_s7_read_szl, 33, 0) < 0) + if (hydra_send(s, (char *)p_s7_read_szl, 33, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); ret = hydra_recv_nb(s, buffer, sizeof(buffer)); @@ -108,7 +117,7 @@ int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, c } if (buffer[27] == '\xd6' && buffer[28] == '\x05') { - //hydra_report_found_host(port, ip, "s7-300", fp); + // hydra_report_found_host(port, ip, "s7-300", fp); hydra_completed_pair_found(); hydra_report(stderr, "[INFO] No password protection enabled\n"); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -124,7 +133,7 @@ int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, c return 1; } -void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t s7port = PORT_S7_300; @@ -136,21 +145,21 @@ void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ sock = hydra_connect_tcp(ip, s7port); if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = start_s7_300(sock, ip, s7port, options, miscptr, fp); sock = hydra_disconnect(sock); break; - case 2: /* clean exit */ + case 2: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -163,13 +172,13 @@ void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, } } -int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // 1 skip target without generating an error @@ -211,7 +220,7 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m } // send p_cotp and check first 2 bytes of answer - if (hydra_send(sock, (char *) p_cotp, 22, 0) < 0) { + if (hydra_send(sock, (char *)p_cotp, 22, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service\n"); return 3; } @@ -226,7 +235,7 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m return 3; } // send p_s7_negotiate_pdu and check first 2 bytes of answer - if (hydra_send(sock, (char *) p_s7_negotiate_pdu, 25, 0) < 0) { + if (hydra_send(sock, (char *)p_s7_negotiate_pdu, 25, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service (2)\n"); return 3; } @@ -241,7 +250,7 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m return 3; } // send p_s7_read_szl and check first 2 bytes of answer - if (hydra_send(sock, (char *) p_s7_read_szl, 33, 0) < 0) { + if (hydra_send(sock, (char *)p_s7_read_szl, 33, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service (3)\n"); return 3; } @@ -276,7 +285,8 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m // 0xd602 - wrong password if (ret > 30) { if ((buffer[27] == '\x00' && buffer[28] == '\x00') || (buffer[27] == '\xd6' && buffer[28] == '\x05')) { - hydra_report(stderr, "[INFO] No password protection enabled, no password tests are necessary!\n"); + hydra_report(stderr, "[INFO] No password protection enabled, no password " + "tests are necessary!\n"); return 1; } } @@ -286,6 +296,7 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m return 0; } -void usage_s7_300(const char* service) { - printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); +void usage_s7_300(const char *service) { + printf("Module S7-300 is for a special Siemens PLC. It either requires only a " + "password or no authentication, so just use the -p or -P option.\n\n"); } diff --git a/hydra-sapr3.c b/hydra-sapr3.c index c3b729d..26024da 100644 --- a/hydra-sapr3.c +++ b/hydra-sapr3.c @@ -1,25 +1,23 @@ #include "hydra-mod.h" // checked for memleaks on 110425, none found #ifndef LIBSAPR3 -void dummy_sapr3() { - printf("\n"); -} +void dummy_sapr3() { printf("\n"); } #else -#include #include +#include /* temporary workaround fix */ const int32_t *__ctype_tolower; const int32_t *__ctype_toupper; const int32_t *__ctype_b; -extern void flood(); /* for -lm */ +extern void flood(); /* for -lm */ extern char *HYDRA_EXIT; RFC_ERROR_INFO_EX error_info; -int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { RFC_HANDLE handle; char *empty = ""; char *login, *pass, buffer[1024]; @@ -28,7 +26,8 @@ int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, ch int32_t sysnr = port % 100; char opts[] = "RFCINI=N RFCTRACE=N BALANCE=N DEBUG=N TRACE=0 ABAP_DEBUG=0"; -// char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y ABAP_DEBUG=Y"; + // char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y + // ABAP_DEBUG=Y"; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -37,36 +36,37 @@ int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, ch if (strlen(login) > 0) for (i = 0; i < strlen(login); i++) - login[i] = (char) toupper(login[i]); + login[i] = (char)toupper(login[i]); if (strlen(pass) > 0) for (i = 0; i < strlen(pass); i++) - pass[i] = (char) toupper(pass[i]); + pass[i] = (char)toupper(pass[i]); memset(buffer, 0, sizeof(buffer)); memset(&error_info, 0, sizeof(error_info)); -//strcpy(buf, "mvse001"); + // strcpy(buf, "mvse001"); snprintf(buffer, sizeof(buffer), "ASHOST=%s SYSNR=%02d CLIENT=%03d USER=\"%s\" PASSWD=\"%s\" LANG=DE %s", hydra_address2string(ip), sysnr, atoi(miscptr), login, pass, opts); -/* - USER=SAPCPIC PASSWORD=admin - USER=SAP* PASSWORD=PASS + /* + USER=SAPCPIC PASSWORD=admin + USER=SAP* PASSWORD=PASS - ## do we need these options? - SAPSYS=3 SNC_MODE=N SAPGUI=N INVISIBLE=N GUIATOPEN=Y NRCALL=00001 CLOSE=N + ## do we need these options? + SAPSYS=3 SNC_MODE=N SAPGUI=N INVISIBLE=N GUIATOPEN=Y NRCALL=00001 CLOSE=N - ASHOST= // IP - SYSNR= // port - 3200, scale 2 - CLIENT= // miscptr, scale 2 - ABAP_DEBUG=0 - USER= - PASSWD= - LANG=DE -*/ -//printf ("DEBUG: %d Connectstring \"%s\"\n",sizeof(error_info),buffer); + ASHOST= // IP + SYSNR= // port - 3200, scale 2 + CLIENT= // miscptr, scale 2 + ABAP_DEBUG=0 + USER= + PASSWD= + LANG=DE + */ + // printf ("DEBUG: %d Connectstring \"%s\"\n",sizeof(error_info),buffer); handle = RfcOpenEx(buffer, &error_info); -//printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key, error_info.message); + // printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key, + // error_info.message); if (handle <= RFC_HANDLE_NULL) return 3; @@ -89,7 +89,7 @@ int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); @@ -97,12 +97,12 @@ void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, F return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ next_run = start_sapr3(sock, ip, port, options, miscptr, fp); break; case 2: hydra_child_exit(0); - case 3: /* clean exit */ + case 3: /* clean exit */ fprintf(stderr, "[ERROR] could not connect to target port %d\n", port); hydra_child_exit(1); case 4: @@ -117,13 +117,13 @@ void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, F #endif -int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -131,6 +131,4 @@ int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *mi return 0; } -void usage_sapr3(const char* service) { - printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); -} +void usage_sapr3(const char *service) { printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); } diff --git a/hydra-sip.c b/hydra-sip.c index 22de26c..eab654e 100644 --- a/hydra-sip.c +++ b/hydra-sip.c @@ -1,4 +1,4 @@ -/* simple sip digest auth (md5) module 2009/02/19 +/* simple sip digest auth (md5) module 2009/02/19 * written by gh0st 2005 * modified by Jean-Baptiste Aviat - should * work now, but only with -T 1 @@ -10,13 +10,11 @@ #ifndef LIBOPENSSL #include -void dummy_sip() { - printf("\n"); -} +void dummy_sip() { printf("\n"); } #else -#include #include "sasl.h" +#include extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); @@ -25,8 +23,7 @@ char *get_iface_ip(uint64_t ip); int32_t cseq; extern char *HYDRA_EXIT; - -#define SIP_MAX_BUF 1024 +#define SIP_MAX_BUF 1024 void empty_register(char *buf, char *host, char *lhost, int32_t port, int32_t lport, char *user) { memset(buf, 0, SIP_MAX_BUF); @@ -50,7 +47,7 @@ int32_t get_sip_code(char *buf) { return code; } -int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, unsigned char options, char *miscptr, FILE *fp) { char *login, *pass, *host, buffer[SIP_MAX_BUF]; int32_t i; char buf[SIP_MAX_BUF]; @@ -74,14 +71,16 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u } int32_t has_sip_cred = 0; - int32_t try = 0; + int32_t try + = 0; /* We have to check many times because server may begin to send "100 Trying" * before "401 Unauthorized" */ while (try < 2 && !has_sip_cred) { - try++; + try + ++; if (hydra_data_ready_timed(s, 3, 0) > 0) { - i = hydra_recv(s, (char *) buf, sizeof(buf) - 1); + i = hydra_recv(s, (char *)buf, sizeof(buf) - 1); if (i > 0) buf[i] = '\0'; if (strncmp(buf, "SIP/2.0 404", 11) == 0) { @@ -94,17 +93,21 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u // if we already tried to connect, exit if (external_ip_addr[0]) { - hydra_report(stdout, "[ERROR] Get error code 606 : session is not acceptable by the server\n"); + hydra_report(stdout, "[ERROR] Get error code 606 : session is not " + "acceptable by the server\n"); return 2; } if (verbose) - hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not acceptable by the server,\n" - "maybe it's an addressing issue as you are using NAT, trying to reconnect\n" "using addr from the server reply\n"); - /* - SIP/2.0 606 Not Acceptable - Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137 - */ + hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not " + "acceptable by the server,\n" + "maybe it's an addressing issue as you are " + "using NAT, trying to reconnect\n" + "using addr from the server reply\n"); + /* + SIP/2.0 606 Not Acceptable + Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137 + */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "Via: SIP.*received=")) { ptr = strstr(buf, "received="); @@ -143,7 +146,11 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u "Via: SIP/2.0/UDP %s:%i\n" "From: \n" "To: \n" - "Call-ID: 1337@%s\n" "CSeq: %i REGISTER\n" "Authorization: Digest %s\n" "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2); + "Call-ID: 1337@%s\n" + "CSeq: %i REGISTER\n" + "Authorization: Digest %s\n" + "Content-Length: 0\n\n", + host, lip, lport, login, host, login, host, host, cseq, buffer2); cseq++; if (debug) @@ -151,15 +158,17 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 3; } - try = 0; + try + = 0; int32_t has_resp = 0; int32_t sip_code = 0; while (try < 2 && !has_resp) { - try++; + try + ++; if (hydra_data_ready_timed(s, 5, 0) > 0) { memset(buf, 0, sizeof(buf)); - if ((i = hydra_recv(s, (char *) buf, sizeof(buf) - 1)) >= 0) + if ((i = hydra_recv(s, (char *)buf, sizeof(buf) - 1)) >= 0) buf[i] = 0; if (debug) hydra_report(stderr, "[INFO] S: %s\n", buf); @@ -182,17 +191,18 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u return 1; } -void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_SIP, mysslport = PORT_SIP_SSL; - char *lip = get_iface_ip((int32_t) *(&ip[1])); + char *lip = get_iface_ip((int32_t) * (&ip[1])); hydra_register_socket(sp); // FIXME IPV6 if (ip[0] != 4) { - fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are appreciated.\n"); + fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are " + "appreciated.\n"); hydra_child_exit(2); } @@ -224,7 +234,7 @@ void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); free(lip); hydra_child_exit(1); } @@ -263,7 +273,7 @@ char *get_iface_ip(uint64_t ip) { tparamet.sin_port = htons(2000); tparamet.sin_addr.s_addr = ip; - if (connect(sfd, (const struct sockaddr *) &tparamet, sizeof(struct sockaddr_in))) { + if (connect(sfd, (const struct sockaddr *)&tparamet, sizeof(struct sockaddr_in))) { perror("connect"); close(sfd); return NULL; @@ -271,7 +281,7 @@ char *get_iface_ip(uint64_t ip) { struct sockaddr_in *local = malloc(sizeof(struct sockaddr_in)); int32_t size = sizeof(struct sockaddr_in); - if (getsockname(sfd, (void *) local, (socklen_t *) & size)) { + if (getsockname(sfd, (void *)local, (socklen_t *)&size)) { perror("getsockname"); close(sfd); free(local); @@ -281,7 +291,7 @@ char *get_iface_ip(uint64_t ip) { char buff[32]; - if (!inet_ntop(AF_INET, (void *) &local->sin_addr, buff, 32)) { + if (!inet_ntop(AF_INET, (void *)&local->sin_addr, buff, 32)) { perror("inet_ntop"); free(local); return NULL; @@ -295,13 +305,13 @@ char *get_iface_ip(uint64_t ip) { #endif -int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-smb.c b/hydra-smb.c index c46fd0f..20fd1cf 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -1,17 +1,14 @@ #include "hydra-mod.h" #ifndef LIBOPENSSL -void dummy_smb() { - printf("\n"); -} +void dummy_smb() { printf("\n"); } #else -#include -#include #include "hmacmd5.h" #include "sasl.h" +#include +#include // FIXME XXX BUG: several malloc()s without return code checking - /* http://technet.microsoft.com/en-us/library/cc960646.aspx @@ -41,10 +38,10 @@ http://technet.microsoft.com/en-us/library/cc960646.aspx Based on code from: SMB Auditing Tool [Copyright (C) Patrik Karlsson 2001] This code allows Hydra to directly test NTLM hashes against - a Windows. This may be useful for an auditor who has aquired - a sam._ or pwdump file and would like to quickly determine - which are valid entries. This module can also be used to test - SMB passwords against devices that do not allow clear text + a Windows. This may be useful for an auditor who has aquired + a sam._ or pwdump file and would like to quickly determine + which are valid entries. This module can also be used to test + SMB passwords against devices that do not allow clear text LanMan passwords. The "-m 'METHOD'" option is required for this module. The @@ -54,23 +51,23 @@ http://technet.microsoft.com/en-us/library/cc960646.aspx Local == Check local account. Domain == Check credentials against this hosts primary domain controller via this host. - Hash == Use a NTLM hash rather than a password. - Machine == Use the Machine's NetBIOS name as the password. + Hash == Use a NTLM hash rather than a password. + Machine == Use the Machine's NetBIOS name as the password. NTLMV2, NTLM, LMV2, LM == set the dialect Be careful of mass domain account lockout with this. For - example, assume you are checking several accounts against + example, assume you are checking several accounts against many domain workstations. If you are not using the 'L' - options and these accounts do not exist locally on the + options and these accounts do not exist locally on the workstations, each workstation will in turn check their - respective domain controller. This could cause a bunch of - lockouts. Of course, it'd look like the workstations, not + respective domain controller. This could cause a bunch of + lockouts. Of course, it'd look like the workstations, not you, were doing it. ;) **FYI, this code is unable to test accounts on default XP hosts which are not part of a domain and do not have normal file sharing enabled. Default XP does not allow shares and - returns STATUS_LOGON_FAILED for both valid and invalid + returns STATUS_LOGON_FAILED for both valid and invalid credentials. XP with simple sharing enabled returns SUCCESS for both valid and invalid credentials. If anyone knows a way to test in these configurations... @@ -80,29 +77,25 @@ http://technet.microsoft.com/en-us/library/cc960646.aspx #define WIN2000_NATIVEMODE 1 #define WIN_NETBIOSMODE 2 - #define PLAINTEXT 10 #define ENCRYPTED 11 - #ifndef CHAR_BIT #define CHAR_BIT 8 #endif #ifndef TIME_T_MIN -#define TIME_T_MIN ((time_t)0 < (time_t) -1 ? (time_t) 0 \ - : ~ (time_t) 0 << (sizeof (time_t) * CHAR_BIT - 1)) +#define TIME_T_MIN ((time_t)0 < (time_t)-1 ? (time_t)0 : ~(time_t)0 << (sizeof(time_t) * CHAR_BIT - 1)) #endif #ifndef TIME_T_MAX -#define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN) +#define TIME_T_MAX (~(time_t)0 - TIME_T_MIN) #endif -#define IVAL_NC(buf,pos) (*(uint32_t *)((char *)(buf) + (pos))) /* Non const version of above. */ -#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((uint32_t)(val)) +#define IVAL_NC(buf, pos) (*(uint32_t *)((char *)(buf) + (pos))) /* Non const version of above. */ +#define SIVAL(buf, pos, val) IVAL_NC(buf, pos) = ((uint32_t)(val)) #define TIME_FIXUP_CONSTANT_INT 11644473600LL - extern char *HYDRA_EXIT; static unsigned char challenge[8]; static unsigned char workgroup[16]; @@ -113,43 +106,43 @@ int32_t hashFlag, accntFlag, protoFlag; int32_t smb_auth_mechanism = AUTH_NTLM; int32_t security_mode = ENCRYPTED; -static size_t UTF8_UTF16LE(unsigned char *in, int32_t insize, unsigned char *out, int32_t outsize) -{ - int32_t i=0,j=0; +static size_t UTF8_UTF16LE(unsigned char *in, int32_t insize, unsigned char *out, int32_t outsize) { + int32_t i = 0, j = 0; uint64_t ch; if (debug) { - hydra_report(stderr, "[DEBUG] UTF8_UTF16LE in:\n"); - hydra_dump_asciihex(in, insize); + hydra_report(stderr, "[DEBUG] UTF8_UTF16LE in:\n"); + hydra_dump_asciihex(in, insize); } - for (i = 0; i < insize; i++) { - if (in[i] < 128) { // one byte - out[j] = in[i]; - out[j+1] = 0; - j=j+2; - } else if ((in[i] >= 0xc0) && (in[i] <= 0xdf)) { // Two bytes - out[j+1] = 0x07 & (in[i] >> 2); - out[j] = (0xc0 & (in[i] << 6)) | (0x3f & in[i+1]); - j=j+2; - i=i+1; - } else if ((in[i] >= 0xe0) && (in[i] <= 0xef)) { // Three bytes - out[j] = (0xc0 & (in[i+1] << 6)) | (0x3f & in[i+2]); - out[j+1] = (0xf0 & (in[i] << 4)) | (0x0f & (in[i+1] >> 2)); - j=j+2; - i=i+2; - } else if ((in[i] >= 0xf0) && (in[i] <= 0xf7)) { // Four bytes - ch = ((in[i] & 0x07) << 18) + ((0x3f & in[i+1]) << 12) + ((0x3f & in[i+2]) << 6) + (0x3f & in[i+3])- 0x10000; - out[j] = (ch >> 10) & 0xff; - out[j+1] = 0xd8 | ((ch >> 18) & 0xff); - out[j+2] = ch & 0xff; - out[j+3] = 0xdc | ((ch >> 8) & 0x3 ); - j=j+4; - i=i+3; - } - if ( j-2 > outsize) break; + for (i = 0; i < insize; i++) { + if (in[i] < 128) { // one byte + out[j] = in[i]; + out[j + 1] = 0; + j = j + 2; + } else if ((in[i] >= 0xc0) && (in[i] <= 0xdf)) { // Two bytes + out[j + 1] = 0x07 & (in[i] >> 2); + out[j] = (0xc0 & (in[i] << 6)) | (0x3f & in[i + 1]); + j = j + 2; + i = i + 1; + } else if ((in[i] >= 0xe0) && (in[i] <= 0xef)) { // Three bytes + out[j] = (0xc0 & (in[i + 1] << 6)) | (0x3f & in[i + 2]); + out[j + 1] = (0xf0 & (in[i] << 4)) | (0x0f & (in[i + 1] >> 2)); + j = j + 2; + i = i + 2; + } else if ((in[i] >= 0xf0) && (in[i] <= 0xf7)) { // Four bytes + ch = ((in[i] & 0x07) << 18) + ((0x3f & in[i + 1]) << 12) + ((0x3f & in[i + 2]) << 6) + (0x3f & in[i + 3]) - 0x10000; + out[j] = (ch >> 10) & 0xff; + out[j + 1] = 0xd8 | ((ch >> 18) & 0xff); + out[j + 2] = ch & 0xff; + out[j + 3] = 0xdc | ((ch >> 8) & 0x3); + j = j + 4; + i = i + 3; + } + if (j - 2 > outsize) + break; } if (debug) { - hydra_report(stderr, "[DEBUG] UTF8_UTF16LE out:\n"); - hydra_dump_asciihex(out,j); + hydra_report(stderr, "[DEBUG] UTF8_UTF16LE out:\n"); + hydra_dump_asciihex(out, j); } return j; } @@ -157,8 +150,8 @@ static size_t UTF8_UTF16LE(unsigned char *in, int32_t insize, unsigned char *out static unsigned char Get7Bits(unsigned char *input, int32_t startBit) { register uint32_t word; - word = (unsigned) input[startBit / 8] << 8; - word |= (unsigned) input[startBit / 8 + 1]; + word = (unsigned)input[startBit / 8] << 8; + word |= (unsigned)input[startBit / 8 + 1]; word >>= 15 - (startBit % 8 + 7); @@ -176,7 +169,7 @@ static void MakeKey(unsigned char *key, unsigned char *DES_key) { DES_key[6] = Get7Bits(key, 42); DES_key[7] = Get7Bits(key, 49); - DES_set_odd_parity((DES_cblock *) DES_key); + DES_set_odd_parity((DES_cblock *)DES_key); } /* Do the DesEncryption */ @@ -186,7 +179,7 @@ void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) MakeKey(key, DES_key); DES_set_key(&DES_key, &key_schedule); - DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cipher, &key_schedule, 1); + DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, &key_schedule, 1); } /* @@ -198,7 +191,7 @@ void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) challenge = the challenge recieved from the server */ int32_t HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) { - static unsigned char magic[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; + static unsigned char magic[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; unsigned char password[14 + 1]; unsigned char lm_hash[21]; unsigned char lm_response[24]; @@ -237,25 +230,25 @@ int32_t HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *chall for (i = 0; i < 16; i++) { HexValue = 0x0; for (j = 0; j < 2; j++) { - HexChar = (char) p[2 * i + j]; + HexChar = (char)p[2 * i + j]; if (HexChar > 0x39) - HexChar = HexChar | 0x20; /* convert upper case to lower */ + HexChar = HexChar | 0x20; /* convert upper case to lower */ - if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ - ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ hydra_report(stderr, "[ERROR] Invalid char (%c) for hash.\n", HexChar); HexChar = 0x30; } HexChar -= 0x30; - if (HexChar > 0x09) /* HexChar is "a" - "f" */ + if (HexChar > 0x09) /* HexChar is "a" - "f" */ HexChar -= 0x27; - HexValue = (HexValue << 4) | (char) HexChar; + HexValue = (HexValue << 4) | (char)HexChar; } - lm_hash[i] = (unsigned char) HexValue; + lm_hash[i] = (unsigned char)HexValue; } } } else { @@ -263,15 +256,15 @@ int32_t HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *chall if (hashFlag == 2) { for (i = 0; i < 16; i++) { if (machine_name[i] > 0x39) - machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ + machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ pass = machine_name; } } /* convert lower case characters to upper case */ - strncpy((char *) password, (char *) pass, 14); + strncpy((char *)password, (char *)pass, 14); for (i = 0; i < 14; i++) { - if ((password[i] >= 0x61) && (password[i] <= 0x7a)) /* a - z */ + if ((password[i] >= 0x61) && (password[i] <= 0x7a)) /* a - z */ password[i] -= 0x20; } @@ -280,7 +273,7 @@ int32_t HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *chall DesEncrypt(magic, &password[7], &lm_hash[8]); } - /* + /* NULL-pad 16-byte LM hash to 21-bytes Split resultant value into three 7-byte thirds DES-encrypt challenge using each third as a key @@ -295,15 +288,14 @@ int32_t HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *chall return 0; } - /* MakeNTLM - Function: Create a NTLM hash from the password + Function: Create a NTLM hash from the password */ int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { MD4_CTX md4Context; - unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ - unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */ + unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ + unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */ int32_t i = 0, j = 0; int32_t mdlen; unsigned char *p = NULL; @@ -312,7 +304,8 @@ int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { /* Use NTLM Hash instead of password */ if (hashFlag == 1) { - /* 1000:D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2::: */ + /* 1000:D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2::: + */ p = pass; while ((*p != '\0') && (i < 1)) { if (*p == ':') @@ -328,13 +321,13 @@ int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { for (i = 0; i < 16; i++) { HexValue = 0x0; for (j = 0; j < 2; j++) { - HexChar = (char) p[2 * i + j]; + HexChar = (char)p[2 * i + j]; if (HexChar > 0x39) - HexChar = HexChar | 0x20; /* convert upper case to lower */ + HexChar = HexChar | 0x20; /* convert upper case to lower */ - if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ - ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ /* * fprintf(stderr, "Error invalid char (%c) for hash.\n", HexChar); * hydra_child_exit(0); @@ -343,19 +336,19 @@ int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { } HexChar -= 0x30; - if (HexChar > 0x09) /* HexChar is "a" - "f" */ + if (HexChar > 0x09) /* HexChar is "a" - "f" */ HexChar -= 0x27; - HexValue = (HexValue << 4) | (char) HexChar; + HexValue = (HexValue << 4) | (char)HexChar; } - hash[i] = (unsigned char) HexValue; + hash[i] = (unsigned char)HexValue; } } else { /* Password == Machine Name */ if (hashFlag == 2) { for (i = 0; i < 16; i++) { if (machine_name[i] > 0x39) - machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ + machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ pass = machine_name; } } @@ -363,13 +356,13 @@ int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { /* Initialize the Unicode version of the secret (== password). */ /* This implicitly supports most UTF8 characters. */ - j = UTF8_UTF16LE(pass, strlen((char *) pass), unicodePassword, sizeof(unicodePassword)); + j = UTF8_UTF16LE(pass, strlen((char *)pass), unicodePassword, sizeof(unicodePassword)); - mdlen = j; /* length in bytes */ + mdlen = j; /* length in bytes */ MD4_Init(&md4Context); MD4_Update(&md4Context, unicodePassword, mdlen); - MD4_Final(hash, &md4Context); /* Tell MD4 we're done */ + MD4_Final(hash, &md4Context); /* Tell MD4 we're done */ } memcpy(ntlmhash, hash, 16); @@ -379,9 +372,9 @@ int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { /* HashLMv2 - This function implements the LMv2 response algorithm. The LMv2 response is used to - provide pass-through authentication compatibility with older servers. The response - is based on the NTLM password hash and is exactly 24 bytes. + This function implements the LMv2 response algorithm. The LMv2 response is + used to provide pass-through authentication compatibility with older servers. + The response is based on the NTLM password hash and is exactly 24 bytes. The below code is based heavily on the following resources: @@ -397,7 +390,7 @@ int32_t HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char HMACMD5Context ctx; unsigned char kr_buf[16]; int32_t ret, i; - unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }; + unsigned char client_challenge[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}; memset(ntlm_hash, 0, 16); memset(lmv2_response, 0, 24); @@ -406,52 +399,54 @@ int32_t HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char /* --- HMAC #1 Caculations --- */ /* Calculate and set NTLM password hash */ - ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword); + ret = MakeNTLM((unsigned char *)&ntlm_hash, (unsigned char *)szPassword); if (ret == -1) return -1; /* - The Unicode uppercase username is concatenated with the Unicode authentication target - (the domain or server name specified in the Target Name field of the Type 3 message). - Note that this calculation always uses the Unicode representation, even if OEM encoding - has been negotiated; also note that the username is converted to uppercase, while the - authentication target is case-sensitive and must match the case presented in the Target + The Unicode uppercase username is concatenated with the Unicode + authentication target (the domain or server name specified in the Target + Name field of the Type 3 message). Note that this calculation always uses + the Unicode representation, even if OEM encoding has been negotiated; also + note that the username is converted to uppercase, while the authentication + target is case-sensitive and must match the case presented in the Target Name field. - The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to - this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the - NTLMv2 hash. + The HMAC-MD5 message authentication code algorithm (described in RFC 2104) + is applied to this value using the 16-byte NTLM hash as the key. This + results in a 16-byte value - the NTLMv2 hash. */ /* Initialize the Unicode version of the username and target. */ /* This implicitly supports 8-bit ISO8859/1 characters. */ /* convert lower case characters to upper case */ bzero(unicodeUsername, sizeof(unicodeUsername)); - for (i = 0; i < strlen((char *) szLogin); i++) { - if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ - unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20; + for (i = 0; i < strlen((char *)szLogin); i++) { + if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ + unicodeUsername[i * 2] = (unsigned char)szLogin[i] - 0x20; else - unicodeUsername[i * 2] = (unsigned char) szLogin[i]; + unicodeUsername[i * 2] = (unsigned char)szLogin[i]; } bzero(unicodeTarget, sizeof(unicodeTarget)); - for (i = 0; i < strlen((char *) workgroup); i++) - unicodeTarget[i * 2] = (unsigned char) workgroup[i]; + for (i = 0; i < strlen((char *)workgroup); i++) + unicodeTarget[i * 2] = (unsigned char)workgroup[i]; hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx); - hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx); - hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx); + hmac_md5_update((const unsigned char *)unicodeUsername, 2 * strlen((char *)szLogin), &ctx); + hmac_md5_update((const unsigned char *)unicodeTarget, 2 * strlen((char *)workgroup), &ctx); hmac_md5_final(kr_buf, &ctx); /* --- HMAC #2 Calculations --- */ /* - The challenge from the Type 2 message is concatenated with our fixed client nonce. The HMAC-MD5 - message authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash - (calculated above) as the key. This results in a 16-byte output value. + The challenge from the Type 2 message is concatenated with our fixed client + nonce. The HMAC-MD5 message authentication code algorithm is applied to + this value using the 16-byte NTLMv2 hash (calculated above) as the key. + This results in a 16-byte output value. */ hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); - hmac_md5_update((const unsigned char *) challenge, 8, &ctx); + hmac_md5_update((const unsigned char *)challenge, 8, &ctx); hmac_md5_update(client_challenge, 8, &ctx); hmac_md5_final(lmv2_response, &ctx); @@ -468,12 +463,13 @@ int32_t HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char /* HashNTLMv2 - This function implements the NTLMv2 response algorithm. Support for this algorithm - was added with Microsoft Windows with NT 4.0 SP4. It should be noted that code doesn't - currently work with Microsoft Vista. While NTLMv2 authentication with Samba and Windows - 2003 functions as expected, Vista systems respond with the oh-so-helpful - "INVALID_PARAMETER" error code. LMv2-only authentication appears to work against Vista - in cases where LM and NTLM are refused. + This function implements the NTLMv2 response algorithm. Support for this + algorithm was added with Microsoft Windows with NT 4.0 SP4. It should be noted + that code doesn't currently work with Microsoft Vista. While NTLMv2 + authentication with Samba and Windows 2003 functions as expected, Vista + systems respond with the oh-so-helpful "INVALID_PARAMETER" error code. + LMv2-only authentication appears to work against Vista in cases where LM and + NTLM are refused. The below code is based heavily on the following two resources: @@ -482,7 +478,7 @@ int32_t HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char NTLMv2 network authentication is required when attempting to authenticated to a system which has the following policy enforced: - + GPO: "Network Security: LAN Manager authentication level" Setting: "Send NTLMv2 response only\refuse LM & NTLM" */ @@ -494,30 +490,25 @@ int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned cha HMACMD5Context ctx; unsigned char kr_buf[16]; int32_t ret, i, iTargetLen; - unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }; + unsigned char client_challenge[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}; /* -- Example NTLMv2 Response Data -- - [0] HMAC: (16 bytes) + [0] HMAC: (16 bytes) [16] Header: Blob Signature [01 01 00 00] (4 bytes) [20] Reserved: [00 00 00 00] (4 bytes) - [24] Time: Little-endian, 64-bit signed value representing the number of - tenths of a microsecond since January 1, 1601. (8 bytes) - [32] Client Nonce: (8 bytes) - [40] Unknown: 00 00 00 00 (4 bytes) - [44] Target Information (from the Type 2 message) - NetBIOS domain/workgroup: - Type: domain 02 00 (2 bytes) - Length: 12 00 (2 bytes) - Name: WORKGROUP [NULL spacing -> 57 00 4f 00 ...] (18 bytes) - End-of-list: 00 00 00 00 (4 bytes) + [24] Time: Little-endian, 64-bit signed value representing the number + of tenths of a microsecond since January 1, 1601. (8 bytes) [32] Client + Nonce: (8 bytes) [40] Unknown: 00 00 00 00 (4 bytes) [44] Target + Information (from the Type 2 message) NetBIOS domain/workgroup: Type: + domain 02 00 (2 bytes) Length: 12 00 (2 bytes) Name: WORKGROUP [NULL + spacing -> 57 00 4f 00 ...] (18 bytes) End-of-list: 00 00 00 00 (4 bytes) Termination: 00 00 00 00 (4 bytes) */ - - iTargetLen = 2 * strlen((char *) workgroup); + iTargetLen = 2 * strlen((char *)workgroup); memset(ntlm_hash, 0, 16); memset(ntlmv2_response, 0, 56 + 20 * 2 + 256 * 2); @@ -526,69 +517,70 @@ int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned cha /* --- HMAC #1 Caculations --- */ /* Calculate and set NTLM password hash */ - ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword); + ret = MakeNTLM((unsigned char *)&ntlm_hash, (unsigned char *)szPassword); if (ret == -1) return -1; /* - The Unicode uppercase username is concatenated with the Unicode authentication target - (the domain or server name specified in the Target Name field of the Type 3 message). - Note that this calculation always uses the Unicode representation, even if OEM encoding - has been negotiated; also note that the username is converted to uppercase, while the - authentication target is case-sensitive and must match the case presented in the Target + The Unicode uppercase username is concatenated with the Unicode + authentication target (the domain or server name specified in the Target + Name field of the Type 3 message). Note that this calculation always uses + the Unicode representation, even if OEM encoding has been negotiated; also + note that the username is converted to uppercase, while the authentication + target is case-sensitive and must match the case presented in the Target Name field. - The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to - this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the - NTLMv2 hash. + The HMAC-MD5 message authentication code algorithm (described in RFC 2104) + is applied to this value using the 16-byte NTLM hash as the key. This + results in a 16-byte value - the NTLMv2 hash. */ /* Initialize the Unicode version of the username and target. */ /* This implicitly supports 8-bit ISO8859/1 characters. */ /* convert lower case characters to upper case */ bzero(unicodeUsername, sizeof(unicodeUsername)); - for (i = 0; i < strlen((char *) szLogin); i++) { - if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ - unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20; + for (i = 0; i < strlen((char *)szLogin); i++) { + if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ + unicodeUsername[i * 2] = (unsigned char)szLogin[i] - 0x20; else - unicodeUsername[i * 2] = (unsigned char) szLogin[i]; + unicodeUsername[i * 2] = (unsigned char)szLogin[i]; } bzero(unicodeTarget, sizeof(unicodeTarget)); - for (i = 0; i < strlen((char *) workgroup); i++) - unicodeTarget[i * 2] = (unsigned char) workgroup[i]; + for (i = 0; i < strlen((char *)workgroup); i++) + unicodeTarget[i * 2] = (unsigned char)workgroup[i]; hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx); - hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx); - hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx); + hmac_md5_update((const unsigned char *)unicodeUsername, 2 * strlen((char *)szLogin), &ctx); + hmac_md5_update((const unsigned char *)unicodeTarget, 2 * strlen((char *)workgroup), &ctx); hmac_md5_final(kr_buf, &ctx); /* --- Blob Construction --- */ - memset(ntlmv2_response + 16, 1, 2); /* Blob Signature 0x01010000 */ + memset(ntlmv2_response + 16, 1, 2); /* Blob Signature 0x01010000 */ memset(ntlmv2_response + 18, 0, 2); - memset(ntlmv2_response + 20, 0, 4); /* Reserved */ + memset(ntlmv2_response + 20, 0, 4); /* Reserved */ /* Time -- Take a Unix time and convert to an NT TIME structure: - Little-endian, 64-bit signed value representing the number of tenths of a + Little-endian, 64-bit signed value representing the number of tenths of a microsecond since January 1, 1601. */ struct timespec ts; unsigned long long nt; - ts.tv_sec = (time_t) time(NULL); + ts.tv_sec = (time_t)time(NULL); ts.tv_nsec = 0; if (ts.tv_sec == 0) nt = 0; else if (ts.tv_sec == TIME_T_MAX) nt = 0x7fffffffffffffffLL; - else if (ts.tv_sec == (time_t) - 1) - nt = (unsigned long) -1; + else if (ts.tv_sec == (time_t)-1) + nt = (unsigned long)-1; else { nt = ts.tv_sec; nt += TIME_FIXUP_CONSTANT_INT; - nt *= 1000 * 1000 * 10; /* nt is now in the 100ns units */ + nt *= 1000 * 1000 * 10; /* nt is now in the 100ns units */ } SIVAL(ntlmv2_response + 24, 0, nt & 0xFFFFFFFF); @@ -596,8 +588,8 @@ int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned cha /* End time calculation */ /* Set client challenge - using a non-random value in this case. */ - memcpy(ntlmv2_response + 32, client_challenge, 8); /* Client Nonce */ - memset(ntlmv2_response + 40, 0, 4); /* Unknown */ + memcpy(ntlmv2_response + 32, client_challenge, 8); /* Client Nonce */ + memset(ntlmv2_response + 40, 0, 4); /* Unknown */ /* Target Information Block */ /* @@ -606,26 +598,28 @@ int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned cha 0x0300 Fully-qualified DNS host name 0x0400 DNS domain name - TODO: Need to rework negotiation code to correctly extract target information + TODO: Need to rework negotiation code to correctly extract target + information */ - memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */ + memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */ memset(ntlmv2_response + 45, 0x00, 1); - memset(ntlmv2_response + 46, iTargetLen, 1); /* Length */ + memset(ntlmv2_response + 46, iTargetLen, 1); /* Length */ memset(ntlmv2_response + 47, 0x00, 1); /* Name of domain or workgroup */ - for (i = 0; i < strlen((char *) workgroup); i++) - ntlmv2_response[48 + i * 2] = (unsigned char) workgroup[i]; + for (i = 0; i < strlen((char *)workgroup); i++) + ntlmv2_response[48 + i * 2] = (unsigned char)workgroup[i]; - memset(ntlmv2_response + 48 + iTargetLen, 0, 4); /* End-of-list */ + memset(ntlmv2_response + 48 + iTargetLen, 0, 4); /* End-of-list */ /* --- HMAC #2 Caculations --- */ /* - The challenge from the Type 2 message is concatenated with the blob. The HMAC-MD5 message - authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash - (calculated above) as the key. This results in a 16-byte output value. + The challenge from the Type 2 message is concatenated with the blob. The + HMAC-MD5 message authentication code algorithm is applied to this value + using the 16-byte NTLMv2 hash (calculated above) as the key. This results + in a 16-byte output value. */ hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); @@ -652,11 +646,11 @@ int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned cha */ int32_t HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) { int32_t ret; - unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ + unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ unsigned char p21[21]; unsigned char ntlm_response[24]; - ret = MakeNTLM((unsigned char *) &hash, (unsigned char *) pass); + ret = MakeNTLM((unsigned char *)&hash, (unsigned char *)pass); if (ret == -1) hydra_child_exit(0); @@ -678,9 +672,9 @@ int32_t HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *c Returns: TRUE on success else FALSE. */ int32_t NBSSessionRequest(int32_t s) { - char nb_name[32]; /* netbiosname */ - char nb_local[32]; /* netbios localredirector */ - unsigned char rqbuf[7] = { 0x81, 0x00, 0x00, 0x44, 0x20, 0x00, 0x20 }; + char nb_name[32]; /* netbiosname */ + char nb_local[32]; /* netbios localredirector */ + unsigned char rqbuf[7] = {0x81, 0x00, 0x00, 0x44, 0x20, 0x00, 0x20}; char *buf; unsigned char rbuf[400]; int32_t k; @@ -692,31 +686,30 @@ int32_t NBSSessionRequest(int32_t s) { /* convert computer name to netbios name */ memset(nb_name, 0, 32); memset(nb_local, 0, 32); - memcpy(nb_name, "CKFDENECFDEFFCFGEFFCCACACACACACA", 32); /* *SMBSERVER */ - memcpy(nb_local, "EIFJEEFCEBCACACACACACACACACACACA", 32); /* HYDRA */ + memcpy(nb_name, "CKFDENECFDEFFCFGEFFCCACACACACACA", 32); /* *SMBSERVER */ + memcpy(nb_local, "EIFJEEFCEBCACACACACACACACACACACA", 32); /* HYDRA */ - if ((buf = (char *) malloc(100)) == NULL) + if ((buf = (char *)malloc(100)) == NULL) return -1; memset(buf, 0, 100); - memcpy(buf, (char *) rqbuf, 5); + memcpy(buf, (char *)rqbuf, 5); memcpy(buf + 5, nb_name, 32); - memcpy(buf + 37, (char *) rqbuf + 5, 2); + memcpy(buf + 37, (char *)rqbuf + 5, 2); memcpy(buf + 39, nb_local, 32); - memcpy(buf + 71, (char *) rqbuf + 5, 1); + memcpy(buf + 71, (char *)rqbuf + 5, 1); hydra_send(s, buf, 72, 0); free(buf); memset(rbuf, 0, 400); - k = hydra_recv(s, (char *) rbuf, sizeof(rbuf)); + k = hydra_recv(s, (char *)rbuf, sizeof(rbuf)); if (k > 0 && (rbuf[0] == 0x82)) - return 0; /* success */ + return 0; /* success */ else - return -1; /* failed */ + return -1; /* failed */ } - /* SMBNegProt Function: Negotiate protocol with server ... @@ -728,61 +721,39 @@ int32_t NBSSessionRequest(int32_t s) { */ int32_t SMBNegProt(int32_t s) { unsigned char buf[] = { - 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, - 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x7d, - 0x00, 0x00, 0x01, 0x00, 0x00, 0x9b, 0x00, 0x02, - 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, - 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, - 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, - 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, - 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, - 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, - 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, - 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, - 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, - 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, - 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, - 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, - 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, - 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, - 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, - 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, - 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, - 0x32, 0x00 + 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x7d, 0x00, 0x00, 0x01, 0x00, 0x00, 0x9b, 0x00, 0x02, 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4d, + 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, 0x32, 0x58, + 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00 -/* -0x02, - 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, - 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, - 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, - 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, - 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, - 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, - 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, - 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, - 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, - 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x53, - 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, - 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, - 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, - 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00 -*/ + /* + 0x02, + 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, + 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, + 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, + 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, + 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, + 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, + 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, + 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, + 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, + 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x53, + 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, + 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, + 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, + 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00 + */ }; unsigned char rbuf[400]; unsigned char sess_key[2]; - unsigned char userid[2] = { 0xCD, 0xEF }; + unsigned char userid[2] = {0xCD, 0xEF}; int32_t i = 0, j = 0, k; int32_t iLength = 194; int32_t iResponseOffset = 73; - memset((char *) rbuf, 0, 400); + memset((char *)rbuf, 0, 400); /* set session key */ sess_key[1] = getpid() / 100; @@ -793,24 +764,24 @@ int32_t SMBNegProt(int32_t s) { if (smb_auth_mechanism == AUTH_LM) { if (verbose) hydra_report(stderr, "[VERBOSE] Setting Negotiate Protocol Response for LM.\n"); - buf[3] = 0xA3; // Set message length - buf[37] = 0x80; // Set byte count for dialects + buf[3] = 0xA3; // Set message length + buf[37] = 0x80; // Set byte count for dialects iLength = 167; iResponseOffset = 65; } - - hydra_send(s, (char *) buf, iLength, 0); - k = hydra_recv(s, (char *) rbuf, sizeof(rbuf)); + hydra_send(s, (char *)buf, iLength, 0); + k = hydra_recv(s, (char *)rbuf, sizeof(rbuf)); if (k == 0) return 3; /* retrieve the security mode */ /* - [0] Mode: (0) ? (1) USER security mode - [1] Password: (0) PLAINTEXT password (1) ENCRYPTED password. Use challenge/response - [2] Signatures: (0) Security signatures NOT enabled (1) ENABLED - [3] Sig Req: (0) Security signatures NOT required (1) REQUIRED + [0] Mode: (0) ? (1) USER security + mode [1] Password: (0) PLAINTEXT password (1) ENCRYPTED + password. Use challenge/response [2] Signatures: (0) Security signatures + NOT enabled (1) ENABLED [3] Sig Req: (0) Security signatures NOT + required (1) REQUIRED SAMBA: 0x01 (default) WinXP: 0x0F (default) @@ -818,25 +789,28 @@ int32_t SMBNegProt(int32_t s) { */ switch (rbuf[39]) { case 0x01: - //real plaintext should be used with LM auth + // real plaintext should be used with LM auth if (verbose) hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password.\n"); security_mode = PLAINTEXT; if (hashFlag == 1) { if (verbose) - hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH password mode not supported for this configuration.\n"); + hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH " + "password mode not supported for this configuration.\n"); return 3; } if (hashFlag == 2) { if (verbose) - hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE password mode not supported for this configuration.\n"); + hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE " + "password mode not supported for this configuration.\n"); return 3; } break; case 0x03: if (verbose) - hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password without security signatures.\n"); + hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password " + "without security signatures.\n"); security_mode = ENCRYPTED; break; case 0x07: @@ -847,20 +821,23 @@ int32_t SMBNegProt(int32_t s) { break; default: if (verbose) - hydra_report(stderr, "[VERBOSE] Unknown security mode request: %2.2X. Proceeding using ENCRYPTED password mode.\n", rbuf[39]); + hydra_report(stderr, + "[VERBOSE] Unknown security mode request: %2.2X. Proceeding " + "using ENCRYPTED password mode.\n", + rbuf[39]); security_mode = ENCRYPTED; break; } /* Retrieve the challenge */ - memcpy(challenge, (char *) rbuf + iResponseOffset, sizeof(challenge)); + memcpy(challenge, (char *)rbuf + iResponseOffset, sizeof(challenge)); /* Find the primary domain/workgroup name */ memset(workgroup, 0, 16); memset(machine_name, 0, 16); - //seems using LM only the domain is returned not the server - //and the domain is not padded with null chars + // seems using LM only the domain is returned not the server + // and the domain is not padded with null chars if (smb_auth_mechanism == AUTH_LM) { while ((rbuf[iResponseOffset + 8 + i] != 0) && (i < 16)) { workgroup[i] = rbuf[iResponseOffset + 8 + i]; @@ -882,12 +859,10 @@ int32_t SMBNegProt(int32_t s) { hydra_report(stderr, "[VERBOSE] Server machine name: %s\n", machine_name); hydra_report(stderr, "[VERBOSE] Server primary domain: %s\n", workgroup); } - //success + // success return 2; } - - /* SMBSessionSetup Function: Send username + response to the challenge from @@ -900,7 +875,7 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * unsigned char *NTLMv2hash = NULL; unsigned char *NTLMhash = NULL; unsigned char *LMhash = NULL; -// unsigned char unicodeLogin[32 * 2]; + // unsigned char unicodeLogin[32 * 2]; int32_t j; char bufReceive[512]; int32_t nReceiveBufferSize = 0; @@ -908,37 +883,58 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * int32_t iByteCount = 0, iOffset = 0; if (accntFlag == 0) { - strcpy((char *) workgroup, "localhost"); + strcpy((char *)workgroup, "localhost"); } else if (accntFlag == 2) { memset(workgroup, 0, 16); } - //domain flag is not needed here, it will be auto set, - //below it's domain specified on cmd line + // domain flag is not needed here, it will be auto set, + // below it's domain specified on cmd line else if (accntFlag == 4) { - strncpy((char *) workgroup, (char *) domain, 16); + strncpy((char *)workgroup, (char *)domain, 16); } /* NetBIOS Session Service */ unsigned char szNBSS[4] = { - 0x00, /* Message Type: Session Message */ - 0x00, 0x00, 0x85 /* Length -- MUST SET */ + 0x00, /* Message Type: Session Message */ + 0x00, 0x00, 0x85 /* Length -- MUST SET */ }; /* SMB Header */ unsigned char szSMB[32] = { - 0xff, 0x53, 0x4d, 0x42, /* Server Component */ - 0x73, /* SMB Command: Session Setup AndX */ - 0x00, 0x00, 0x00, 0x00, /* NT Status: STATUS_SUCCESS */ - 0x08, /* Flags */ - 0x01, 0xc0, /* Flags2 */ /* add Unicode */ - 0x00, 0x00, /* Process ID High */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Signature */ - 0x00, 0x00, /* Reserved */ - 0x00, 0x00, /* Tree ID */ - 0x13, 0x37, /* Process ID */ - 0x00, 0x00, /* User ID */ - 0x01, 0x00 /* Multiplx ID */ + 0xff, + 0x53, + 0x4d, + 0x42, /* Server Component */ + 0x73, /* SMB Command: Session Setup AndX */ + 0x00, + 0x00, + 0x00, + 0x00, /* NT Status: STATUS_SUCCESS */ + 0x08, /* Flags */ + 0x01, + 0xc0, + /* Flags2 */ /* add Unicode */ + 0x00, + 0x00, /* Process ID High */ + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, /* Signature */ + 0x00, + 0x00, /* Reserved */ + 0x00, + 0x00, /* Tree ID */ + 0x13, + 0x37, /* Process ID */ + 0x00, + 0x00, /* User ID */ + 0x01, + 0x00 /* Multiplx ID */ }; memset(buf, 0, 512); @@ -952,31 +948,31 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * hydra_report(stderr, "[VERBOSE] Attempting LM password authentication.\n"); unsigned char szSessionRequest[23] = { - 0x0a, /* Word Count */ - 0xff, /* AndXCommand: No further commands */ - 0x00, /* Reserved */ - 0x00, 0x00, /* AndXOffset */ - 0xff, 0xff, /* Max Buffer */ - 0x02, 0x00, /* Max Mpx Count */ - 0x3c, 0x7d, /* VC Number */ - 0x00, 0x00, 0x00, 0x00, /* Session Key */ - 0x18, 0x00, /* LAN Manager Password Hash Length */ - 0x00, 0x00, 0x00, 0x00, /* Reserved */ - 0x49, 0x00 /* Byte Count -- MUST SET */ + 0x0a, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LAN Manager Password Hash Length */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x49, 0x00 /* Byte Count -- MUST SET */ }; - iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ - iByteCount = 24; /* Start with length of LM hash */ + iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ + iByteCount = 24; /* Start with length of LM hash */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 23); /* Calculate and set LAN Manager password hash */ - if ((LMhash = (unsigned char *) malloc(24)) == NULL) + if ((LMhash = (unsigned char *)malloc(24)) == NULL) return -1; memset(LMhash, 0, 24); - ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *) challenge); + ret = HashLM(&LMhash, (unsigned char *)szPassword, (unsigned char *)challenge); if (ret == -1) { free(LMhash); return -1; @@ -990,34 +986,52 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * hydra_report(stderr, "[VERBOSE] Attempting NTLM password authentication.\n"); unsigned char szSessionRequest[29] = { - 0x0d, /* Word Count */ - 0xff, /* AndXCommand: No further commands */ - 0x00, /* Reserved */ - 0x00, 0x00, /* AndXOffset */ - 0xff, 0xff, /* Max Buffer */ - 0x02, 0x00, /* Max Mpx Count */ - 0x3c, 0x7d, /* VC Number */ - 0x00, 0x00, 0x00, 0x00, /* Session Key */ - 0x18, 0x00, /* LAN Manager Password Hash Length */ - 0x18, 0x00, /* NT LAN Manager Password Hash Length */ - 0x00, 0x00, 0x00, 0x00, /* Reserved */ - 0x5c, 0x00, 0x00, 0x00, /* Capabilities */ /* Add Unicode */ - 0x49, 0x00 /* Byte Count -- MUST SET */ + 0x0d, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, + 0x00, /* AndXOffset */ + 0xff, + 0xff, /* Max Buffer */ + 0x02, + 0x00, /* Max Mpx Count */ + 0x3c, + 0x7d, /* VC Number */ + 0x00, + 0x00, + 0x00, + 0x00, /* Session Key */ + 0x18, + 0x00, /* LAN Manager Password Hash Length */ + 0x18, + 0x00, /* NT LAN Manager Password Hash Length */ + 0x00, + 0x00, + 0x00, + 0x00, /* Reserved */ + 0x5c, + 0x00, + 0x00, + 0x00, + /* Capabilities */ /* Add Unicode */ + 0x49, + 0x00 /* Byte Count -- MUST SET */ }; - iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ - iByteCount = 48; /* Start with length of NTLM and LM hashes */ + iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ + iByteCount = 48; /* Start with length of NTLM and LM hashes */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 29); /* Calculate and set NTLM password hash */ - if ((NTLMhash = (unsigned char *) malloc(24)) == NULL) + if ((NTLMhash = (unsigned char *)malloc(24)) == NULL) return -1; memset(NTLMhash, 0, 24); - /* We don't need to actually calculated a LM hash for this mode, only NTLM */ - ret = HashNTLM(&NTLMhash, (unsigned char *) szPassword, (unsigned char *) challenge, miscptr); + /* We don't need to actually calculated a LM hash for this mode, only NTLM + */ + ret = HashNTLM(&NTLMhash, (unsigned char *)szPassword, (unsigned char *)challenge, miscptr); if (ret == -1) return -1; @@ -1028,33 +1042,33 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * hydra_report(stderr, "[VERBOSE] Attempting LMv2 password authentication.\n"); unsigned char szSessionRequest[29] = { - 0x0d, /* Word Count */ - 0xff, /* AndXCommand: No further commands */ - 0x00, /* Reserved */ - 0x00, 0x00, /* AndXOffset */ - 0xff, 0xff, /* Max Buffer */ - 0x02, 0x00, /* Max Mpx Count */ - 0x3c, 0x7d, /* VC Number */ - 0x00, 0x00, 0x00, 0x00, /* Session Key */ - 0x18, 0x00, /* LAN Manager Password Hash Length */ - 0x00, 0x00, /* NT LAN Manager Password Hash Length */ - 0x00, 0x00, 0x00, 0x00, /* Reserved */ - 0x50, 0x00, 0x00, 0x00, /* Capabilities */ - 0x49, 0x00 /* Byte Count -- MUST SET */ + 0x0d, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LAN Manager Password Hash Length */ + 0x00, 0x00, /* NT LAN Manager Password Hash Length */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x50, 0x00, 0x00, 0x00, /* Capabilities */ + 0x49, 0x00 /* Byte Count -- MUST SET */ }; - iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ - iByteCount = 24; /* Start with length of LMv2 response */ + iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ + iByteCount = 24; /* Start with length of LMv2 response */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 29); /* Calculate and set LMv2 response hash */ - if ((LMv2hash = (unsigned char *) malloc(24)) == NULL) + if ((LMv2hash = (unsigned char *)malloc(24)) == NULL) return -1; memset(LMv2hash, 0, 24); - ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword); + ret = HashLMv2(&LMv2hash, (unsigned char *)szLogin, (unsigned char *)szPassword); if (ret == -1) { free(LMv2hash); return -1; @@ -1067,28 +1081,28 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * hydra_report(stderr, "[VERBOSE] Attempting LMv2/NTLMv2 password authentication.\n"); unsigned char szSessionRequest[29] = { - 0x0d, /* Word Count */ - 0xff, /* AndXCommand: No further commands */ - 0x00, /* Reserved */ - 0x00, 0x00, /* AndXOffset */ - 0xff, 0xff, /* Max Buffer */ - 0x02, 0x00, /* Max Mpx Count */ - 0x3c, 0x7d, /* VC Number */ - 0x00, 0x00, 0x00, 0x00, /* Session Key */ - 0x18, 0x00, /* LMv2 Response Hash Length */ - 0x4b, 0x00, /* NTLMv2 Response Hash Length -- MUST SET */ - 0x00, 0x00, 0x00, 0x00, /* Reserved */ - 0x50, 0x00, 0x00, 0x00, /* Capabilities */ - 0x49, 0x00 /* Byte Count -- MUST SET */ + 0x0d, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LMv2 Response Hash Length */ + 0x4b, 0x00, /* NTLMv2 Response Hash Length -- MUST SET */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x50, 0x00, 0x00, 0x00, /* Capabilities */ + 0x49, 0x00 /* Byte Count -- MUST SET */ }; - iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ + iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 29); /* Calculate and set LMv2 response hash */ - ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword); + ret = HashLMv2(&LMv2hash, (unsigned char *)szLogin, (unsigned char *)szPassword); if (ret == -1) return -1; @@ -1096,7 +1110,7 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * free(LMv2hash); /* Calculate and set NTLMv2 response hash */ - ret = HashNTLMv2(&NTLMv2hash, &iByteCount, (unsigned char *) szLogin, (unsigned char *) szPassword); + ret = HashNTLMv2(&NTLMv2hash, &iByteCount, (unsigned char *)szLogin, (unsigned char *)szPassword); if (ret == -1) return -1; @@ -1108,71 +1122,75 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * memcpy(buf + iOffset + 24, NTLMv2hash, iByteCount); free(NTLMv2hash); - iByteCount += 24; /* Reflects length of both LMv2 and NTLMv2 responses */ + iByteCount += 24; /* Reflects length of both LMv2 and NTLMv2 responses */ } } else if (security_mode == PLAINTEXT) { if (verbose) hydra_report(stderr, "[VERBOSE] Attempting PLAINTEXT password authentication.\n"); unsigned char szSessionRequest[23] = { - 0x0a, /* Word Count */ - 0xff, /* AndXCommand: No further commands */ - 0x00, /* Reserved */ - 0x00, 0x00, /* AndXOffset */ - 0xff, 0xff, /* Max Buffer */ - 0x02, 0x00, /* Max Mpx Count */ - 0x3c, 0x7d, /* VC Number */ - 0x00, 0x00, 0x00, 0x00, /* Session Key */ - 0x00, 0x00, /* Password Length -- MUST SET */ - 0x00, 0x00, 0x00, 0x00, /* Reserved */ - 0x49, 0x00 /* Byte Count -- MUST SET */ + 0x0a, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x00, 0x00, /* Password Length -- MUST SET */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x49, 0x00 /* Byte Count -- MUST SET */ }; - iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ + iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 23); /* Calculate and set password length */ - /* Samba appears to append NULL characters equal to the password length plus 2 */ - //iByteCount = 2 * strlen(szPassword) + 2; + /* Samba appears to append NULL characters equal to the password length plus + * 2 */ + // iByteCount = 2 * strlen(szPassword) + 2; iByteCount = strlen(szPassword) + 1; buf[iOffset - 8] = (iByteCount) % 256; buf[iOffset - 7] = (iByteCount) / 256; /* set ANSI password */ /* - Depending on the SAMBA server configuration, multiple passwords may be successful - when dealing with mixed-case values. The SAMBA parameter "password level" appears - to determine how many characters within a password are tested by the server both - upper and lower case. For example, assume a SAMBA account has a password of "Fred" - and the server is configured with "password level = 2". Medusa sends the password - "FRED". The SAMBA server will brute-force test this value for us with values - like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default setting - is "password level = 0". This results in only two attempts to being made by the - remote server; the password as is and the password in all-lower case. + Depending on the SAMBA server configuration, multiple passwords may be + successful when dealing with mixed-case values. The SAMBA parameter + "password level" appears to determine how many characters within a + password are tested by the server both upper and lower case. For example, + assume a SAMBA account has a password of "Fred" and the server is + configured with "password level = 2". Medusa sends the password "FRED". + The SAMBA server will brute-force test this value for us with values + like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default + setting is "password level = 0". This results in only two attempts to + being made by the remote server; the password as is and the password in + all-lower case. */ - strncpy((char *) (buf + iOffset), szPassword, 256); + strncpy((char *)(buf + iOffset), szPassword, 256); } else { - hydra_report(stderr, "[ERROR] Security_mode was not properly set. This should not happen.\n"); + hydra_report(stderr, "[ERROR] Security_mode was not properly set. This " + "should not happen.\n"); return -1; } /* Set account and workgroup values */ - j = UTF8_UTF16LE((unsigned char *) szLogin, strlen(szLogin), buf + iOffset + iByteCount+1, 2*strlen(szLogin)); - iByteCount += j +3; /* NULL pad account name */ - j = UTF8_UTF16LE(workgroup, strlen((char *) workgroup), buf+iOffset+iByteCount, 2*strlen((char *) workgroup)); - iByteCount += j+2; // NULL pad workgroup name + j = UTF8_UTF16LE((unsigned char *)szLogin, strlen(szLogin), buf + iOffset + iByteCount + 1, 2 * strlen(szLogin)); + iByteCount += j + 3; /* NULL pad account name */ + j = UTF8_UTF16LE(workgroup, strlen((char *)workgroup), buf + iOffset + iByteCount, 2 * strlen((char *)workgroup)); + iByteCount += j + 2; // NULL pad workgroup name /* Set native OS and LAN Manager values */ char *szOSName = "Unix"; - j = UTF8_UTF16LE((unsigned char *) szOSName, strlen(szOSName), buf+iOffset+iByteCount, 2*sizeof(szOSName)); - iByteCount += j+2; // NULL terminated + j = UTF8_UTF16LE((unsigned char *)szOSName, strlen(szOSName), buf + iOffset + iByteCount, 2 * sizeof(szOSName)); + iByteCount += j + 2; // NULL terminated char *szLANMANName = "Samba"; - j = UTF8_UTF16LE((unsigned char *) szLANMANName, strlen(szLANMANName), buf+iOffset+iByteCount, 2*sizeof(szLANMANName)); - iByteCount += j+2; // NULL terminated + j = UTF8_UTF16LE((unsigned char *)szLANMANName, strlen(szLANMANName), buf + iOffset + iByteCount, 2 * sizeof(szLANMANName)); + iByteCount += j + 2; // NULL terminated /* Set the header length */ buf[2] = (iOffset - 4 + iByteCount) / 256; @@ -1186,7 +1204,7 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * if (verbose) hydra_report(stderr, "[VERBOSE] Set byte count: %2.2X\n", buf[57]); - hydra_send(s, (char *) buf, iOffset + iByteCount, 0); + hydra_send(s, (char *)buf, iOffset + iByteCount, 0); nReceiveBufferSize = hydra_recv(s, bufReceive, sizeof(bufReceive)); if (/*(bufReceive == NULL) ||*/ (nReceiveBufferSize == 0)) @@ -1197,7 +1215,7 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * return (((bufReceive[41] & 0x01) << 24) | ((bufReceive[11] & 0xFF) << 16) | ((bufReceive[10] & 0xFF) << 8) | (bufReceive[9] & 0xFF)); } -int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; int32_t SMBerr, SMBaction; @@ -1217,75 +1235,99 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char SMBSessionRet = SMBSessionSetup(s, login, pass, miscptr); if (SMBSessionRet == -1) return 3; - SMBerr = (unsigned long) SMBSessionRet & 0x00FFFFFF; - SMBaction = ((unsigned long) SMBSessionRet & 0xFF000000) >> 24; + SMBerr = (unsigned long)SMBSessionRet & 0x00FFFFFF; + SMBaction = ((unsigned long)SMBSessionRet & 0xFF000000) >> 24; if (verbose) - hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (uint32_t) SMBSessionRet, SMBerr, SMBaction); + hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (uint32_t)SMBSessionRet, SMBerr, SMBaction); /* some error code are available here: http://msdn.microsoft.com/en-us/library/ee441884(v=prot.13).aspx */ - if (SMBerr == 0x000000) { /* success */ - if (SMBaction == 0x01) { /* invalid account - anonymous connection */ - fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Invalid account (Anonymous success)\n", port, ipaddr_str, login); + if (SMBerr == 0x000000) { /* success */ + if (SMBaction == 0x01) { /* invalid account - anonymous connection */ + fprintf(stderr, + "[%d][smb] Host: %s Account: %s Error: Invalid account " + "(Anonymous success)\n", + port, ipaddr_str, login); hydra_completed_pair_skip(); - } else { /* valid account */ + } else { /* valid account */ hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); } } else if ((SMBerr == 0x00000D) && (SMBaction == 0x00)) { - hydra_report(stderr, "[ERROR] Invalid parameter status received, either the account or the method used are not valid\n"); + hydra_report(stderr, "[ERROR] Invalid parameter status received, either " + "the account or the method used are not valid\n"); hydra_completed_pair_skip(); - } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote Connections Using NULL Passwords */ - hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, GPO Disabling Remote Connections Using NULL Passwords\n", port, ipaddr_str, login); + } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote + Connections Using NULL Passwords */ + hydra_report(stdout, + "[%d][smb] Host: %s Account: %s Valid password, GPO Disabling " + "Remote Connections Using NULL Passwords\n", + port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); - } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this computer from the network" */ - hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, GPO Deny access to this computer from the network\n", port, ipaddr_str, login); + } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this + computer from the network" */ + hydra_report(stdout, + "[%d][smb] Host: %s Account: %s Valid password, GPO Deny " + "access to this computer from the network\n", + port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); - } else if (SMBerr == 0x000193) { /* Valid password, account expired */ + } else if (SMBerr == 0x000193) { /* Valid password, account expired */ hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, account expired\n", port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); - } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */ - hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, password expired and must be changed on next logon\n", port, ipaddr_str, login); + } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */ + hydra_report(stdout, + "[%d][smb] Host: %s Account: %s Valid password, password " + "expired and must be changed on next logon\n", + port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); - } else if ((SMBerr == 0x00006F) || (SMBerr == 0xC10002)) { /* Invalid logon hours */ - hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, but logon hours invalid\n", port, ipaddr_str, login); + } else if ((SMBerr == 0x00006F) || (SMBerr == 0xC10002)) { /* Invalid logon hours */ + hydra_report(stdout, + "[%d][smb] Host: %s Account: %s Valid password, but logon " + "hours invalid\n", + port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); - } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */ - hydra_report(stdout, "[%d][smb] Host: %s Account: %s Error: Incorrect password or account disabled\n", port, ipaddr_str, login); + } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */ + hydra_report(stdout, + "[%d][smb] Host: %s Account: %s Error: Incorrect password or " + "account disabled\n", + port, ipaddr_str, login); if ((miscptr) && (strstr(miscptr, "LM"))) hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n"); hydra_completed_pair_skip(); - } else if (SMBerr == 0x000024) { /* change password on next login [success] */ + } else if (SMBerr == 0x000024) { /* change password on next login [success] */ hydra_report(stdout, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login); hydra_completed_pair_found(); - } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */ + } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */ hydra_completed_pair(); - } else if (SMBerr == 0x000071) { /* password expired */ + } else if (SMBerr == 0x000071) { /* password expired */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login); hydra_completed_pair_skip(); - } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled *//* BF0002 on w2k */ + } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled */ /* BF0002 on w2k */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_DISABLED\n", port, ipaddr_str, login); hydra_completed_pair_skip(); - } else if (SMBerr == 0x000034 || SMBerr == 0x000234) { /* account locked out */ + } else if (SMBerr == 0x000034 || SMBerr == 0x000234) { /* account locked out */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_LOCKED\n", port, ipaddr_str, login); hydra_completed_pair_skip(); - } else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership */ + } else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership */ if (verbose) - fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE\n", port, ipaddr_str, login); + fprintf(stderr, + "[%d][smb] Host: %s Account: %s Error: " + "NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE\n", + port, ipaddr_str, login); hydra_completed_pair(); - } else { /* failed */ + } else { /* failed */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Unknown Error: %6.6X\n", port, ipaddr_str, login, SMBerr); hydra_completed_pair(); @@ -1297,30 +1339,30 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char return 1; } -void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; - //default is both (local and domain) checks and normal passwd - accntFlag = 2; //BOTH - hashFlag = 0; //PASS + // default is both (local and domain) checks and normal passwd + accntFlag = 2; // BOTH + hashFlag = 0; // PASS smb_auth_mechanism = AUTH_NTLM; if (miscptr) { - //check group + // check group strupper(miscptr); if (strstr(miscptr, "OTHER_DOMAIN:") != NULL) { char *tmpdom; int32_t err = 0; - accntFlag = 4; //OTHER DOMAIN + accntFlag = 4; // OTHER DOMAIN tmpdom = strstr(miscptr, "OTHER_DOMAIN:"); tmpdom = tmpdom + strlen("OTHER_DOMAIN:"); if (tmpdom) { - //split the string after the domain if there are other values + // split the string after the domain if there are other values strtok(tmpdom, " "); if (tmpdom) { - strncpy((char *) domain, (char *) tmpdom, sizeof(domain) - 1); + strncpy((char *)domain, (char *)tmpdom, sizeof(domain) - 1); domain[sizeof(domain) - 1] = 0; } else { err = 1; @@ -1335,17 +1377,17 @@ void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL accntFlag = 2; } } else if (strstr(miscptr, "LOCAL") != NULL) { - accntFlag = 0; //LOCAL + accntFlag = 0; // LOCAL } else if (strstr(miscptr, "DOMAIN") != NULL) { - accntFlag = 1; //DOMAIN + accntFlag = 1; // DOMAIN } - //check pass + // check pass if (strstr(miscptr, "HASH") != NULL) { hashFlag = 1; } else if (strstr(miscptr, "MACHINE") != NULL) { hashFlag = 2; } - //check auth + // check auth if (strstr(miscptr, "NTLMV2") != NULL) { smb_auth_mechanism = AUTH_NTLMv2; } else if (strstr(miscptr, "NTLM") != NULL) { @@ -1366,10 +1408,10 @@ void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL return; for (;;) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if (port != 0) { sock = hydra_connect_tcp(ip, port); @@ -1388,14 +1430,16 @@ void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL port = PORT_SMBNT; protoFlag = WIN2000_NATIVEMODE; } else { - hydra_report(stderr, "Failed to establish WIN2000_NATIVE mode. Attempting WIN_NETBIOS mode.\n"); + hydra_report(stderr, "Failed to establish WIN2000_NATIVE mode. " + "Attempting WIN_NETBIOS mode.\n"); port = PORT_SMB; protoFlag = WIN_NETBIOSMODE; sock = hydra_connect_tcp(ip, PORT_SMB); } } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } if (NBSSessionRequest(sock) < 0) { @@ -1404,10 +1448,10 @@ void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } next_run = SMBNegProt(sock); break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_smb(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -1421,51 +1465,27 @@ void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } #endif -int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here time_t ctime; int ready = 0, sock = hydra_connect_tcp(ip, port); - unsigned char buf[] = { - 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, - 0x72, 0x00, 0x00, 0x00, 0x00, 0x18, 0x43, 0xc8, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe, 0xff, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x9b, 0x00, 0x02, - 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, - 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, - 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, - 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, - 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, - 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, - 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, - 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, - 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, - 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, - 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, - 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, - 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, - 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, - 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, - 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, - 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, - 0x32, 0x00 }; + unsigned char buf[] = {0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, 0x72, 0x00, 0x00, 0x00, 0x00, 0x18, 0x43, 0xc8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x9b, 0x00, 0x02, 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4d, + 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, 0x32, 0x58, + 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00}; - if (sock < 0) { fprintf(stderr, "[ERROR] could not connect to target smb://%s:%d/\n", hostname, port); return -1; } - + if (send(sock, buf, sizeof(buf), 0) < 0) { fprintf(stderr, "[ERROR] unable to send to target smb://%s:%d/\n", hostname, port); return -1; @@ -1475,34 +1495,38 @@ int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *misc do { usleepn(300); } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 <= time(NULL)); - + if (ready <= 0) { fprintf(stderr, "[ERROR] no reply from target smb://%s:%d/\n", hostname, port); return -1; } - + if ((ready = recv(sock, buf, sizeof(buf), 0)) < 40) { fprintf(stderr, "[ERROR] invalid reply from target smb://%s:%d/\n", hostname, port); return -1; } close(sock); - + if (buf[37] == buf[38] && buf[38] == 0xff) { fprintf(stderr, "[ERROR] target smb://%s:%d/ does not support SMBv1\n", hostname, port); return -1; } - + if ((buf[15] & 16) == 16) { - fprintf(stderr, "[ERROR] target smb://%s:%d/ requires signing which we do not support\n", hostname, port); + fprintf(stderr, + "[ERROR] target smb://%s:%d/ requires signing which we do not " + "support\n", + hostname, port); return -1; } - + return 0; } -void usage_smb(const char* service) { - printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" +void usage_smb(const char *service) { + printf("Module smb default value is set to test both local and domain account, " + "using a simple password with NTLM dialect.\n" "Note: you can set the group type using LOCAL or DOMAIN keyword\n" " or other_domain:{value} to specify a trusted domain.\n" " you can set the password type using HASH or MACHINE keyword\n" @@ -1510,6 +1534,9 @@ void usage_smb(const char* service) { " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" "Example: \n" " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" - " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); + " hydra smb://microsoft.com -l admin -p " + "D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m " + "\"local hash\"\n" + " hydra smb://microsoft.com -l admin -p tooeasy -m " + "\"other_domain:SECONDDOMAIN\"\n\n"); } diff --git a/hydra-smb2.c b/hydra-smb2.c index f42f074..c603d63 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -21,47 +21,41 @@ #include "hydra-mod.h" -#include -#include -#include #include #include +#include +#include +#include extern char *HYDRA_EXIT; typedef struct creds { - const char* workgroup; - const char* user; - const char* pass; + const char *workgroup; + const char *user; + const char *pass; } creds_t; - const char default_workgroup[] = "WORKGROUP"; bool use_nt_hash = false; -const char* workgroup = default_workgroup; -const char* netbios_name = NULL; +const char *workgroup = default_workgroup; +const char *netbios_name = NULL; -#define EXIT_PROTOCOL_ERROR hydra_child_exit(2) -#define EXIT_CONNECTION_ERROR hydra_child_exit(1) -#define EXIT_NORMAL hydra_child_exit(0) +#define EXIT_PROTOCOL_ERROR hydra_child_exit(2) +#define EXIT_CONNECTION_ERROR hydra_child_exit(1) +#define EXIT_NORMAL hydra_child_exit(0) -void smb2_auth_provider(SMBCCTX *c, - const char *srv, - const char *shr, - char *wg, int wglen, - char *un, int unlen, - char *pw, int pwlen) { - creds_t* cr = (creds_t*)smbc_getOptionUserData(c); +void smb2_auth_provider(SMBCCTX *c, const char *srv, const char *shr, char *wg, int wglen, char *un, int unlen, char *pw, int pwlen) { + creds_t *cr = (creds_t *)smbc_getOptionUserData(c); strncpy(wg, cr->workgroup, wglen); strncpy(un, cr->user, unlen); strncpy(pw, cr->pass, pwlen); - wg[wglen-1] = 0; - un[unlen-1] = 0; - pw[pwlen-1] = 0; + wg[wglen - 1] = 0; + un[unlen - 1] = 0; + pw[pwlen - 1] = 0; } -bool smb2_run_test(creds_t* cr, const char* server, uint16_t port) { - SMBCCTX* ctx = smbc_new_context(); +bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { + SMBCCTX *ctx = smbc_new_context(); if (ctx == NULL) { hydra_report(stderr, "[ERROR] failed to create context\n"); EXIT_PROTOCOL_ERROR; @@ -76,7 +70,7 @@ bool smb2_run_test(creds_t* cr, const char* server, uint16_t port) { smbc_setOptionNoAutoAnonymousLogin(ctx, false); smbc_setOptionUseNTHash(ctx, use_nt_hash); if (netbios_name) { - smbc_setNetbiosName(ctx, (char*)netbios_name); + smbc_setNetbiosName(ctx, (char *)netbios_name); } ctx = smbc_init_context(ctx); @@ -88,12 +82,9 @@ bool smb2_run_test(creds_t* cr, const char* server, uint16_t port) { char uri[2048]; snprintf(uri, sizeof(uri) - 1, "smb://%s/IPC$", server); - uri[sizeof(uri)-1] = 0; + uri[sizeof(uri) - 1] = 0; if (verbose) { - printf("[INFO] Connecting to: %s with %s\\%s%%%s\n", - uri, cr->workgroup, - cr->user, - cr->pass); + printf("[INFO] Connecting to: %s with %s\\%s%%%s\n", uri, cr->workgroup, cr->user, cr->pass); } SMBCFILE *fd = smbc_getFunctionOpendir(ctx)(ctx, uri); if (fd) { @@ -162,13 +153,7 @@ bool smb2_run_test(creds_t* cr, const char* server, uint16_t port) { return false; } -void service_smb2(char *ip, - int32_t sp, - unsigned char options, - char *miscptr, - FILE * fp, - int32_t port, - char *hostname) { +void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { hydra_register_socket(sp); while (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT))) { char *login, *pass; @@ -177,9 +162,9 @@ void service_smb2(char *ip, pass = hydra_get_next_password(); creds_t cr = { - .user = login, - .pass = pass, - .workgroup = workgroup, + .user = login, + .pass = pass, + .workgroup = workgroup, }; if (smb2_run_test(&cr, hydra_address2string(ip), port & 0xffff)) { @@ -199,24 +184,18 @@ const char tkn_netbios[] = "netbios:{"; #define CMP(s1, s2) (strncmp(s1, s2, sizeof(s1) - 1) == 0) -int32_t service_smb2_init(char *ip, - int32_t sp, - unsigned char options, - char *miscptr, - FILE * fp, - int32_t port, - char *hostname) { +int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { if (!miscptr) return 0; - while(*miscptr) { + while (*miscptr) { if (isspace(*miscptr)) { miscptr++; continue; } if (CMP(tkn_workgroup, miscptr)) { miscptr += sizeof(tkn_workgroup) - 1; - char* p = strchr(miscptr, '}'); + char *p = strchr(miscptr, '}'); if (p == NULL) { hydra_report(stderr, "[ERROR] missing closing brace in workgroup\n"); return -1; @@ -231,7 +210,7 @@ int32_t service_smb2_init(char *ip, } if (CMP(tkn_netbios, miscptr)) { miscptr += sizeof(tkn_netbios) - 1; - char* p = strchr(miscptr, '}'); + char *p = strchr(miscptr, '}'); if (p == NULL) { hydra_report(stderr, "[ERROR] missing closing brace in netbios name\n"); return -1; @@ -268,7 +247,7 @@ int32_t service_smb2_init(char *ip, return 0; } -void usage_smb2(const char* service) { +void usage_smb2(const char *service) { puts("Module is a thin wrapper over the Samba client library (libsmbclient).\n" "Thus, is capable of negotiating v1, v2 and v3 of the protocol.\n" "\n" @@ -296,9 +275,10 @@ void usage_smb2(const char* service) { "\n" "Examples: \n" " hydra smb2://abc.com -l admin -p xxx -m workgroup:{OFFICE}\n" - " hydra smb2://1.2.3.4 -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 -m 'workgroup:{OFFICE} nthash:true'\n" - " hydra -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 'smb2://1.2.3.4/workgroup:{OFFICE} nthash:true'\n" - ); + " hydra smb2://1.2.3.4 -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 -m " + "'workgroup:{OFFICE} nthash:true'\n" + " hydra -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 " + "'smb2://1.2.3.4/workgroup:{OFFICE} nthash:true'\n"); } #endif // LIBSMBCLIENT diff --git a/hydra-smtp-enum.c b/hydra-smtp-enum.c index c26ac63..ddc0355 100644 --- a/hydra-smtp-enum.c +++ b/hydra-smtp-enum.c @@ -24,7 +24,7 @@ int32_t tosent = 0; int32_t smtp_enum_cmd = VRFY; -int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[500]; @@ -55,7 +55,7 @@ int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options return (1); if (debug) hydra_report(stderr, "DEBUG S: %s", buf); - /* good return values are something like 25x */ + /* good return values are something like 25x */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "^25\\d\\s")) { #else @@ -103,7 +103,7 @@ int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options return (1); if (debug) hydra_report(stderr, "DEBUG S: %s", buf); - /* good return values are something like 25x */ + /* good return values are something like 25x */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "^25\\d\\s")) { #else @@ -119,21 +119,25 @@ int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options err = strstr(buf, "Error"); if (err || tosent || strncmp(buf, "50", 2) == 0) { // we should report command not identified by the server - //502 5.5.2 Error: command not recognized -//#ifdef HAVE_PCRE -// if ((debug || hydra_string_match(buf, "\\scommand\\snot\\srecognized")) && err) { -//#else -// if ((debug || strstr(buf, "command") != NULL) && err) { -//#endif -// hydra_report(stderr, "Server %s", err); -// } + // 502 5.5.2 Error: command not recognized + //#ifdef HAVE_PCRE + // if ((debug || hydra_string_match(buf, + // "\\scommand\\snot\\srecognized")) && err) { + //#else + // if ((debug || strstr(buf, "command") != NULL) && err) { + //#endif + // hydra_report(stderr, "Server %s", err); + // } if (strncmp(buf, "500 ", 4) == 0) { - hydra_report(stderr, "[ERROR] command is disabled on the server (choose different method): %s", buf); + hydra_report(stderr, + "[ERROR] command is disabled on the server (choose " + "different method): %s", + buf); free(buf); return 3; } memset(buffer, 0, sizeof(buffer)); - //503 5.5.1 Error: nested MAIL command + // 503 5.5.1 Error: nested MAIL command strncpy(buffer, "RSET\r\n", sizeof(buffer)); free(buf); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) @@ -150,7 +154,7 @@ int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options return 2; } -void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1, i = 0; int32_t myport = PORT_SMTP, mysslport = PORT_SMTP_SSL; char *buffer = "HELO hydra\r\n"; @@ -160,7 +164,7 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -175,7 +179,7 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } /* receive initial header */ @@ -185,17 +189,17 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt hydra_report(stderr, "Warning: SMTP does not allow connecting: %s\n", buf); hydra_child_exit(2); } -// while (strstr(buf, "220 ") == NULL) { -// free(buf); -// buf = hydra_receive_line(sock); -// } + // while (strstr(buf, "220 ") == NULL) { + // free(buf); + // buf = hydra_receive_line(sock); + // } -// if (buf[0] != '2') { + // if (buf[0] != '2') { if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { free(buf); hydra_child_exit(2); } -// } + // } free(buf); if ((buf = hydra_receive_line(sock)) == NULL) @@ -207,7 +211,7 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt if ((miscptr != NULL) && (strlen(miscptr) > 0)) { for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int32_t) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); if (strncmp(miscptr, "EXPN", 4) == 0) smtp_enum_cmd = EXPN; @@ -232,10 +236,10 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt free(buf); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_smtp_enum(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) { sock = hydra_disconnect(sock); } @@ -249,13 +253,13 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt } } -int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -263,9 +267,11 @@ int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char return 0; } -void usage_smtp_enum(const char* service) { +void usage_smtp_enum(const char *service) { printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" - "login parameter is used as username and password parameter as the domain name\n" - "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); + "login parameter is used as username and password parameter as the " + "domain name\n" + "For example to test if john@localhost exists on 192.168.0.1:\n" + "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); } diff --git a/hydra-smtp.c b/hydra-smtp.c index b27ec0f..97b2bab 100644 --- a/hydra-smtp.c +++ b/hydra-smtp.c @@ -14,7 +14,7 @@ char *smtp_read_server_capacity(int32_t sock) { free(buf); ptr = buf = hydra_receive_line(sock); if (buf != NULL) { - if (isdigit((int32_t) buf[0]) && buf[3] == ' ') + if (isdigit((int32_t)buf[0]) && buf[3] == ' ') resp = 1; else { if (buf[strlen(buf) - 1] == '\n') @@ -27,7 +27,7 @@ char *smtp_read_server_capacity(int32_t sock) { if ((ptr = strrchr(buf, '\n')) != NULL) { #endif ptr++; - if (isdigit((int32_t) *ptr) && *(ptr + 3) == ' ') + if (isdigit((int32_t)*ptr) && *(ptr + 3) == ' ') resp = 1; } } @@ -36,7 +36,7 @@ char *smtp_read_server_capacity(int32_t sock) { return buf; } -int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500], *fooptr, *buf; @@ -52,7 +52,6 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha } switch (smtp_auth_mechanism) { - case AUTH_PLAIN: sprintf(buffer, "AUTH PLAIN\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -77,105 +76,102 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha break; #ifdef LIBOPENSSL - case AUTH_CRAMMD5:{ - int32_t rc = 0; - char *preplogin; + case AUTH_CRAMMD5: { + int32_t rc = 0; + char *preplogin; - rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - if (rc) { - return 3; - } - - sprintf(buffer, "AUTH CRAM-MD5\r\n"); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - //get the one-time BASE64 encoded challenge - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, "334") == NULL || strlen(buf) < 8) { - hydra_report(stderr, "[ERROR] SMTP CRAM-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 4); - free(buf); - - memset(buffer2, 0, sizeof(buffer2)); - sasl_cram_md5(buffer2, pass, buffer); - - sprintf(buffer, "%s %.250s", preplogin, buffer2); - hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); - - char tmp_buffer[sizeof(buffer)]; - sprintf(tmp_buffer, "%.250s\r\n", buffer); - strcpy(buffer, tmp_buffer); - - free(preplogin); + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; } - break; - case AUTH_DIGESTMD5:{ - sprintf(buffer, "AUTH DIGEST-MD5\r\n"); - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, "334") == NULL) { - hydra_report(stderr, "[ERROR] SMTP DIGEST-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 4); - free(buf); - - if (debug) - hydra_report(stderr, "DEBUG S: %s\n", buffer); - - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL); - if (fooptr == NULL) - return 3; - - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer2); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s\r\n", buffer2); + sprintf(buffer, "AUTH CRAM-MD5\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; } - break; + // get the one-time BASE64 encoded challenge + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL || strlen(buf) < 8) { + hydra_report(stderr, "[ERROR] SMTP CRAM-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 4); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + sasl_cram_md5(buffer2, pass, buffer); + + sprintf(buffer, "%s %.250s", preplogin, buffer2); + hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + + free(preplogin); + } break; + + case AUTH_DIGESTMD5: { + sprintf(buffer, "AUTH DIGEST-MD5\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL) { + hydra_report(stderr, "[ERROR] SMTP DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 4); + free(buf); + + if (debug) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + + fooptr = buffer2; + sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL); + if (fooptr == NULL) + return 3; + + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } break; #endif - case AUTH_NTLM:{ - unsigned char buf1[4096]; - unsigned char buf2[4096]; + case AUTH_NTLM: { + unsigned char buf1[4096]; + unsigned char buf2[4096]; - //send auth and receive challenge - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); - sprintf(buffer, "AUTH NTLM %s\r\n", buf1); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, "334") == NULL || strlen(buf) < 8) { - hydra_report(stderr, "[ERROR] SMTP NTLM AUTH : %s\n", buf); - free(buf); - return 3; - } - //recover challenge - from64tobits((char *) buf1, buf + 4); - free(buf); - - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - sprintf(buffer, "%s\r\n", buf1); + // send auth and receive challenge + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); + sprintf(buffer, "AUTH NTLM %s\r\n", buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; } - break; + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL || strlen(buf) < 8) { + hydra_report(stderr, "[ERROR] SMTP NTLM AUTH : %s\n", buf); + free(buf); + return 3; + } + // recover challenge + from64tobits((char *)buf1, buf + 4); + free(buf); + + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + sprintf(buffer, "%s\r\n", buf1); + } break; default: /* by default trying AUTH LOGIN */ @@ -188,13 +184,16 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha /* 504 5.7.4 Unrecognized authentication type */ if (strstr(buf, "334") == NULL) { - hydra_report(stderr, "[ERROR] SMTP LOGIN AUTH, either this auth is disabled or server is not using auth: %s\n", buf); + hydra_report(stderr, + "[ERROR] SMTP LOGIN AUTH, either this auth is disabled or " + "server is not using auth: %s\n", + buf); free(buf); return 3; } free(buf); sprintf(buffer2, "%.250s", login); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -210,7 +209,7 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha free(buf); sprintf(buffer2, "%.250s", pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); } @@ -224,7 +223,7 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha if (smtp_auth_mechanism == AUTH_DIGESTMD5) { if (strstr(buf, "334") != NULL && strlen(buf) >= 8) { memset(buffer2, 0, sizeof(buffer2)); - from64tobits((char *) buffer2, buf + 4); + from64tobits((char *)buffer2, buf + 4); if (strstr(buffer2, "rspauth=") != NULL) { hydra_report_found_host(port, ip, "smtp", fp); hydra_completed_pair_found(); @@ -254,7 +253,7 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha return 2; } -void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1, i = 0; int32_t myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 1; char *buf; @@ -266,7 +265,7 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -282,7 +281,7 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -310,7 +309,7 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI if ((miscptr != NULL) && (strlen(miscptr) > 0)) { for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int32_t) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) { disable_tls = 0; @@ -325,7 +324,8 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI free(buf); buf = hydra_receive_line(sock); if (buf[0] != '2') { - hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer " + "received from STARTTLS request\n"); } else { free(buf); if ((hydra_connect_to_ssl(sock, hostname) == -1)) { @@ -346,9 +346,11 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI hydra_child_exit(2); } } else - hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it " + "is not supported by the server\n"); } else - hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is " + "not supported by the server\n"); } #endif @@ -380,9 +382,7 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI smtp_auth_mechanism = AUTH_PLAIN; } - if ((miscptr != NULL) && (strlen(miscptr) > 0)) { - if (strstr(miscptr, "LOGIN")) smtp_auth_mechanism = AUTH_LOGIN; @@ -399,7 +399,6 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI if (strstr(miscptr, "NTLM")) smtp_auth_mechanism = AUTH_NTLM; - } if (verbose) { @@ -426,10 +425,10 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI free(buf); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_smtp(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) { sock = hydra_disconnect(sock); } @@ -443,13 +442,13 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } } -int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -457,8 +456,10 @@ int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *mis return 0; } -void usage_smtp(const char* service) { +void usage_smtp(const char *service) { printf("Module smtp is optionally taking one authentication type of:\n" " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" - "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); + "Additionally TLS encryption via STARTTLS can be enforced with the " + "TLS option.\n\n" + "Example: smtp://target/TLS:PLAIN\n"); } diff --git a/hydra-snmp.c b/hydra-snmp.c index a9adb17..415ceb8 100644 --- a/hydra-snmp.c +++ b/hydra-snmp.c @@ -1,10 +1,10 @@ #include "hydra-mod.h" #ifdef LIBOPENSSL +#include +#include #include #include #include -#include -#include #endif extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); @@ -15,31 +15,13 @@ extern int32_t child_head_no; char snmpv3buf[1024], *snmpv3info = NULL; int32_t snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0; -unsigned char snmpv3_init[] = { 0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, - 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00, - 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03, - 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01, - 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00, - 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00, - 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc, - 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00 -}; +unsigned char snmpv3_init[] = {0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00, 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03, 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00, 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00, 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00}; -unsigned char snmpv3_get1[] = { 0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, - 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00, - 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03 -}; +unsigned char snmpv3_get1[] = {0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00, 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03}; -unsigned char snmpv3_get2[] = { 0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00, - 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82, - 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f, - 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01, - 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05, - 0x00 -}; +unsigned char snmpv3_get2[] = {0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00, 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82, 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05, 0x00}; -unsigned char snmpv3_nouser[] = { 0x04, 0x00, 0x04, 0x00, 0x04, 0x00 }; +unsigned char snmpv3_nouser[] = {0x04, 0x00, 0x04, 0x00, 0x04, 0x00}; struct SNMPV1_A { char ID; @@ -49,13 +31,11 @@ struct SNMPV1_A { char comlen; }; -struct SNMPV1_A snmpv1_a = { - .ID = '\x30', - .len = '\x00', - .ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */ - .comid = '\x04', - .comlen = '\x00' -}; +struct SNMPV1_A snmpv1_a = {.ID = '\x30', + .len = '\x00', + .ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */ + .comid = '\x04', + .comlen = '\x00'}; struct SNMPV1_R { unsigned char type[2]; @@ -67,12 +47,14 @@ struct SNMPV1_R { unsigned char object[11]; unsigned char value[3]; } snmpv1_r = { - .type = "\xa0\x1b", /* GET */ - .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x00", /* random crap :) */ - .errstat = "\x02\x01\x00", /* no error */ - .errind = "\x02\x01\x00", /* error index 0 */ - .objectid = "\x30\x0d",.object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */ - .value = "\x05\x00" /* we just read, so value = 0 */ + .type = "\xa0\x1b", /* GET */ + .identid = "\x02\x04", + .ident = "\x1a\x5e\x97\x00", /* random crap :) */ + .errstat = "\x02\x01\x00", /* no error */ + .errind = "\x02\x01\x00", /* error index 0 */ + .objectid = "\x30\x0d", + .object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */ + .value = "\x05\x00" /* we just read, so value = 0 */ }; struct SNMPV1_W { @@ -85,20 +67,22 @@ struct SNMPV1_W { unsigned char object[12]; unsigned char value[8]; } snmpv1_w = { - .type = "\xa3\x21", /* SET */ - .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x22", /* random crap :) */ - .errstat = "\x02\x01\x00", /* no error */ - .errind = "\x02\x01\x00", /* error index 0 */ - .objectid = "\x30\x13", /* string */ - .object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",.value = "\x04\x05Hydra" /* writing hydra :-) */ + .type = "\xa3\x21", /* SET */ + .identid = "\x02\x04", + .ident = "\x1a\x5e\x97\x22", /* random crap :) */ + .errstat = "\x02\x01\x00", /* no error */ + .errind = "\x02\x01\x00", /* error index 0 */ + .objectid = "\x30\x13", /* string */ + .object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00", + .value = "\x04\x05Hydra" /* writing hydra :-) */ }; #ifdef LIBOPENSSL -void password_to_key_md5(u_char * password, /* IN */ - u_int passwordlen, /* IN */ - u_char * engineID, /* IN - pointer to snmpEngineID */ - u_int engineLength, /* IN - length of snmpEngineID */ - u_char * key) { /* OUT - pointer to caller 16-octet buffer */ +void password_to_key_md5(u_char *password, /* IN */ + u_int passwordlen, /* IN */ + u_char *engineID, /* IN - pointer to snmpEngineID */ + u_int engineLength, /* IN - length of snmpEngineID */ + u_char *key) { /* OUT - pointer to caller 16-octet buffer */ MD5_CTX MD; u_char *cp, password_buf[80], *mypass = password, bpass[17]; u_long password_index = 0, count = 0, i, mylen, myelen = engineLength; @@ -121,7 +105,7 @@ void password_to_key_md5(u_char * password, /* IN */ if (myelen > 32) myelen = 32; - MD5_Init(&MD); /* initialize MD5 */ + MD5_Init(&MD); /* initialize MD5 */ /* Use while loop until we've done 1 Megabyte */ while (count < 1048576) { cp = password_buf; @@ -133,7 +117,7 @@ void password_to_key_md5(u_char * password, /* IN */ MD5_Update(&MD, password_buf, 64); count += 64; } - MD5_Final(key, &MD); /* tell MD5 we're done */ + MD5_Final(key, &MD); /* tell MD5 we're done */ /* Now localize the key with the engineID and pass */ /* through MD5 to produce final key */ /* May want to ensure that engineLength <= 32, */ @@ -147,11 +131,11 @@ void password_to_key_md5(u_char * password, /* IN */ return; } -void password_to_key_sha(u_char * password, /* IN */ - u_int passwordlen, /* IN */ - u_char * engineID, /* IN - pointer to snmpEngineID */ - u_int engineLength, /* IN - length of snmpEngineID */ - u_char * key) { /* OUT - pointer to caller 20-octet buffer */ +void password_to_key_sha(u_char *password, /* IN */ + u_int passwordlen, /* IN */ + u_char *engineID, /* IN - pointer to snmpEngineID */ + u_int engineLength, /* IN - length of snmpEngineID */ + u_char *key) { /* OUT - pointer to caller 20-octet buffer */ SHA_CTX SH; u_char *cp, password_buf[80], *mypass = password, bpass[17]; u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength; @@ -169,7 +153,7 @@ void password_to_key_sha(u_char * password, /* IN */ if (myelen > 32) myelen = 32; - SHA1_Init(&SH); /* initialize SHA */ + SHA1_Init(&SH); /* initialize SHA */ /* Use while loop until we've done 1 Megabyte */ while (count < 1048576) { cp = password_buf; @@ -181,7 +165,7 @@ void password_to_key_sha(u_char * password, /* IN */ SHA1_Update(&SH, password_buf, 64); count += 64; } - SHA1_Final(key, &SH); /* tell SHA we're done */ + SHA1_Final(key, &SH); /* tell SHA we're done */ /* Now localize the key with the engineID and pass */ /* through SHA to produce final key */ /* May want to ensure that engineLength <= 32, */ @@ -196,7 +180,7 @@ void password_to_key_sha(u_char * password, /* IN */ } #endif -int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256] = "", salt[8] = ""; int32_t i, j, k, size, off = 0, off2 = 0; unsigned char initVect[8], privacy_params[8]; @@ -223,7 +207,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha size = sizeof(snmpv1_w); } - snmpv1_a.comlen = (char) strlen(pass); + snmpv1_a.comlen = (char)strlen(pass); snmpv1_a.len = snmpv1_a.comlen + size + sizeof(snmpv1_a) - 3; i = sizeof(snmpv1_a); @@ -238,7 +222,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha memcpy(buffer + i, &snmpv1_w, size); i += sizeof(snmpv1_w); } - } else { // snmpv3 + } else { // snmpv3 if (enctype == 0) { memcpy(buffer, snmpv3_get1, sizeof(snmpv3_get1)); i = sizeof(snmpv3_get1); @@ -277,7 +261,8 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha if (enctype == 0) buffer[1] = 48 + sizeof(snmpv3_get1) + buffer[i + 1]; i += snmpv3infolen; -//printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login), buffer[1]); + // printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login), + // buffer[1]); buffer[i] = 0x04; buffer[i + 1] = strlen(login); @@ -301,7 +286,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha i += 2; } else { buffer[i + 1] = 8; - memcpy(buffer + i + 2, salt, 8); // uninitialized and we don't care + memcpy(buffer + i + 2, salt, 8); // uninitialized and we don't care i += 10; } @@ -314,49 +299,49 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha #ifdef LIBOPENSSL -/* -//PrivDES::encrypt(const unsigned char *key, -// const uint32_t key_len, -// const unsigned char *buffer, -// const uint32_t buffer_len, -// unsigned char *out_buffer, -// uint32_t *out_buffer_len, -// unsigned char *privacy_params, -// uint32_t *privacy_params_len, -// const unsigned long engine_boots, -// const unsigned long engine_time) -// last 8 bytes of key are used as base for initialization vector */ + /* + //PrivDES::encrypt(const unsigned char *key, + // const uint32_t key_len, + // const unsigned char *buffer, + // const uint32_t buffer_len, + // unsigned char *out_buffer, + // uint32_t *out_buffer_len, + // unsigned char *privacy_params, + // uint32_t *privacy_params_len, + // const unsigned long engine_boots, + // const unsigned long engine_time) + // last 8 bytes of key are used as base for initialization vector */ k = 0; - memcpy((char *) initVect, key + 8, 8); + memcpy((char *)initVect, key + 8, 8); // put salt in privacy_params j = htonl(engine_boots); - memcpy(privacy_params, (char *) &j, 4); - memcpy(privacy_params + 4, salt, 4); // ??? correct? - // xor initVect with salt + memcpy(privacy_params, (char *)&j, 4); + memcpy(privacy_params + 4, salt, 4); // ??? correct? + // xor initVect with salt for (i = 0; i < 8; i++) initVect[i] ^= privacy_params[i]; - DES_key_sched((const_DES_cblock *) key, &symcbc); - DES_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, &symcbc, (const_DES_cblock *) (initVect), DES_ENCRYPT); + DES_key_sched((const_DES_cblock *)key, &symcbc); + DES_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, &symcbc, (const_DES_cblock *)(initVect), DES_ENCRYPT); #endif -/* for (i = 0; i <= sizeof(snmpv3_get2) - 8; i += 8) { - DES_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8, (const_DES_cblock*)(initVect), DES_ENCRYPT); - } - // last part of buffer - if (buffer_len % 8) { - unsigned char tmp_buf[8]; - unsigned char *tmp_buf_ptr = tmp_buf; - int32_t start = buffer_len - (buffer_len % 8); - memset(tmp_buf, 0, 8); - for (uint32_t l = start; l < buffer_len; l++) - *tmp_buf_ptr++ = buffer[l]; - DES_ncbc_encrypt(tmp_buf, buf + start, 1, &symcbc, (const_DES_cblock*)(initVect), DES_ENCRYPT); - *out_buffer_len = buffer_len + 8 - (buffer_len % 8); - } else - *out_buffer_len = buffer_len; -*/ - //dummy + /* for (i = 0; i <= sizeof(snmpv3_get2) - 8; i += 8) { + DES_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8, + (const_DES_cblock*)(initVect), DES_ENCRYPT); + } + // last part of buffer + if (buffer_len % 8) { + unsigned char tmp_buf[8]; + unsigned char *tmp_buf_ptr = tmp_buf; + int32_t start = buffer_len - (buffer_len % 8); + memset(tmp_buf, 0, 8); + for (uint32_t l = start; l < buffer_len; l++) + *tmp_buf_ptr++ = buffer[l]; + DES_ncbc_encrypt(tmp_buf, buf + start, 1, &symcbc, + (const_DES_cblock*)(initVect), DES_ENCRYPT); *out_buffer_len = + buffer_len + 8 - (buffer_len % 8); } else *out_buffer_len = buffer_len; + */ + // dummy k = ((sizeof(snmpv3_get2) - 2) / 8); if ((sizeof(snmpv3_get2) - 2) % 8 != 0) k++; @@ -364,13 +349,13 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha i += k * 8 + 2; } - i++; // just to conform with the snmpv1/2 code + i++; // just to conform with the snmpv1/2 code #ifdef LIBOPENSSL if (hashtype == 1) { - HMAC((EVP_MD *) EVP_md5(), key, 16, buffer, i - 1, hash, NULL); + HMAC((EVP_MD *)EVP_md5(), key, 16, buffer, i - 1, hash, NULL); memcpy(buffer + off, hash, 12); } else if (hashtype == 2) { - HMAC((EVP_MD *) EVP_sha1(), key, 20, buffer, i - 1, hash, NULL); + HMAC((EVP_MD *)EVP_sha1(), key, 20, buffer, i - 1, hash, NULL); memcpy(buffer + off, hash, 12); } #endif @@ -384,19 +369,19 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha } while (hydra_data_ready_timed(s, 1, 0) <= 0 && j < 3); if (hydra_data_ready_timed(s, 5, 0) > 0) { - i = hydra_recv(s, (char *) buf, sizeof(buf)); + i = hydra_recv(s, (char *)buf, sizeof(buf)); if (snmpversion < 3) { /* stolen from ADMsnmp... :P */ for (j = 0; j < i; j++) { if (buf[j] == '\x04') { /* community name */ for (j = j + buf[j + 1]; j + 2 < i; j++) { - if (buf[j] == '\xa2') { /* PDU Response */ + if (buf[j] == '\xa2') { /* PDU Response */ for (; j + 2 < i; j++) { if (buf[j] == '\x02') { /* ID */ for (j = j + (buf[j + 1]); j + 2 < i; j++) { if (buf[j] == '\x02') { - if (buf[j + 1] == '\x01') { /* good ! */ + if (buf[j + 1] == '\x01') { /* good ! */ hydra_report_found_host(port, ip, "snmp", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -411,7 +396,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha } } } - } else { // snmpv3 reply + } else { // snmpv3 reply off = 0; if (buf[0] == 0x30) { if (buf[4] == 0x03 && buf[5] == 0x30) @@ -453,7 +438,8 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; - } else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, sizeof(snmpv3_nouser)) >= 0) { // user does not exist + } else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, + sizeof(snmpv3_nouser)) >= 0) { // user does not exist if (verbose) printf("[INFO] user %s does not exist, skipping\n", login); hydra_completed_pair_skip(); @@ -470,7 +456,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha return 1; } -void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1, i = 0; int32_t myport = PORT_SNMP; char *lptr; @@ -519,7 +505,7 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI hydra_register_socket(sp); if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -528,7 +514,7 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI while (snmpv3info == NULL && next_run < 3) { hydra_send(sock, snmpv3_init, sizeof(snmpv3_init), 0); if (hydra_data_ready_timed(sock, 5, 0) > 0) { - if ((i = hydra_recv(sock, (char *) snmpv3buf, sizeof(snmpv3buf))) > 30) { + if ((i = hydra_recv(sock, (char *)snmpv3buf, sizeof(snmpv3buf))) > 30) { if (snmpv3buf[4] == 3 && snmpv3buf[5] == 0x30) { snmpv3info = snmpv3buf + 7 + snmpv3buf[6]; snmpv3infolen = snmpv3info[3] + 4; @@ -538,8 +524,9 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI if (debug) hydra_dump_asciihex(snmpv3info, snmpv3infolen); if (snmpv3info[10] == 3 && child_head_no == 0) - printf("[INFO] Remote device MAC address is %02x:%02x:%02x:%02x:%02x:%02x\n", (unsigned char) snmpv3info[12], (unsigned char) snmpv3info[13], - (unsigned char) snmpv3info[14], (unsigned char) snmpv3info[15], (unsigned char) snmpv3info[16], (unsigned char) snmpv3info[12]); + printf("[INFO] Remote device MAC address is " + "%02x:%02x:%02x:%02x:%02x:%02x\n", + (unsigned char)snmpv3info[12], (unsigned char)snmpv3info[13], (unsigned char)snmpv3info[14], (unsigned char)snmpv3info[15], (unsigned char)snmpv3info[16], (unsigned char)snmpv3info[12]); } } } @@ -557,10 +544,10 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ next_run = start_snmp(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -573,13 +560,13 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } } -int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -587,20 +574,22 @@ int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *mis return 0; } -void usage_snmp(const char* service) { +void usage_snmp(const char *service) { printf("Module snmp is optionally taking the following parameters:\n" " READ perform read requests (default)\n" " WRITE perform write requests\n" " 1 use SNMP version 1 (default)\n" " 2 use SNMP version 2\n" " 3 use SNMP version 3\n" - " Note that SNMP version 3 usually uses both login and passwords!\n" + " Note that SNMP version 3 usually uses both login and " + "passwords!\n" " SNMP version 3 has the following optional sub parameters:\n" " MD5 use MD5 authentication (default)\n" " SHA use SHA authentication\n" " DES use DES encryption\n" " AES use AES encryption\n" - " if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n" + " if no -p/-P parameter is given, SNMPv3 noauth is performed, " + "which\n" " only requires a password (or username) not both.\n" "To combine the options, use colons (\":\"), e.g.:\n" " hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n" diff --git a/hydra-socks5.c b/hydra-socks5.c index 6781916..aef0a68 100644 --- a/hydra-socks5.c +++ b/hydra-socks5.c @@ -14,7 +14,7 @@ unsigned char *buf; int32_t fail_cnt; -int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[300]; int32_t pport, fud = 0; @@ -28,7 +28,7 @@ int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, c if (hydra_send(s, buffer, 4, 0) < 0) { return 1; } - if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) { + if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) { fail_cnt++; if (fail_cnt >= 10) return 5; @@ -57,16 +57,16 @@ int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, c } free(buf); -/* RFC 1929 - For username/password authentication the client's authentication request is - field 1: version number, 1 byte (must be 0x01) -*/ - snprintf(buffer, sizeof(buffer), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); + /* RFC 1929 + For username/password authentication the client's authentication request is + field 1: version number, 1 byte (must be 0x01) + */ + snprintf(buffer, sizeof(buffer), "\x01%c%s%c%s", (char)strlen(login), login, (char)strlen(pass), pass); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; - if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) return (1); if (buf[1] != 255) { @@ -84,7 +84,7 @@ int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, c memcpy(buffer + 8, &pport, 2); hydra_send(s, buffer, 10, 0); } - if ((buf = (unsigned char *) hydra_receive_line(s)) != NULL) { + if ((buf = (unsigned char *)hydra_receive_line(s)) != NULL) { if (buf[1] == 0 || buf[1] == 32) { hydra_report_found_host(port, ip, "socks5", fp); hydra_completed_pair_found(); @@ -104,7 +104,7 @@ int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, c return 2; } -void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_SOCKS5, mysslport = PORT_SOCKS5_SSL; @@ -116,10 +116,10 @@ void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -133,25 +133,25 @@ void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_socks5(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; - case 4: /* clean exit */ + case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); return; - case 5: /* clean exit, server may blocking connections */ + case 5: /* clean exit, server may blocking connections */ hydra_report(stderr, "[ERROR] Server may blocking connections\n"); if (sock >= 0) sock = hydra_disconnect(sock); @@ -165,13 +165,13 @@ void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, } } -int32_t service_socks5_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_socks5_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-ssh.c b/hydra-ssh.c index 1ca2815..ef4a691 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -8,9 +8,7 @@ have to add option -DWITH_SSH1=On in the cmake #include "hydra-mod.h" #ifndef LIBSSH -void dummy_ssh() { - printf("\n"); -} +void dummy_ssh() { printf("\n"); } #else #include @@ -23,7 +21,7 @@ extern hydra_option hydra_options; extern char *HYDRA_EXIT; int32_t new_session = 1; -int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, keep_login[300]; int32_t auth_state = 0, rc = 0, i = 0; @@ -49,7 +47,7 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); if (ssh_connect(session) != 0) { - //if the connection was drop, exit and let hydra main handle it + // if the connection was drop, exit and let hydra main handle it if (verbose) hydra_report(stderr, "[ERROR] could not connect to target port %d: %s\n", port, ssh_get_error(session)); return 3; @@ -110,7 +108,7 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char return 1; } -void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); @@ -118,7 +116,7 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ next_run = start_ssh(sock, ip, port, options, miscptr, fp); break; case 2: @@ -158,16 +156,16 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL #endif // -// dirty workaround here: miscptr is the ptr to the logins, and the first one is used -// to test if password authentication is enabled!! +// dirty workaround here: miscptr is the ptr to the logins, and the first one is +// used to test if password authentication is enabled!! // -int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // 1 skip target without generating an error @@ -176,9 +174,11 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc #ifdef LIBSSH int32_t rc, method; ssh_session session = ssh_new(); - + if (verbose || debug) - printf("[INFO] Testing if password authentication is supported by ssh://%s@%s:%d\n", miscptr == NULL ? "hydra" : miscptr, hydra_address2string_beautiful(ip), port); + printf("[INFO] Testing if password authentication is supported by " + "ssh://%s@%s:%d\n", + miscptr == NULL ? "hydra" : miscptr, hydra_address2string_beautiful(ip), port); ssh_options_set(session, SSH_OPTIONS_PORT, &port); ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); if (miscptr == NULL) @@ -191,26 +191,35 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc if (ssh_connect(session) != 0) { fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d - %s\n", hydra_address2string_beautiful(ip), port, ssh_get_error(session)); return 2; - } + } rc = ssh_userauth_none(session, NULL); - method = ssh_userauth_list(session, NULL); + method = ssh_userauth_list(session, NULL); ssh_disconnect(session); ssh_finalize(); ssh_free(session); - if (debug) printf("[DEBUG] SSH method check: %08x\n", method); + if (debug) + printf("[DEBUG] SSH method check: %08x\n", method); if ((method & SSH_AUTH_METHOD_INTERACTIVE) || (method & SSH_AUTH_METHOD_PASSWORD)) { if (verbose || debug) - printf("[INFO] Successful, password authentication is supported by ssh://%s:%d\n", hydra_address2string_beautiful(ip), port); + printf("[INFO] Successful, password authentication is supported by " + "ssh://%s:%d\n", + hydra_address2string_beautiful(ip), port); return 0; } else if (method == 0) { if (verbose || debug) - fprintf(stderr, "[WARNING] invalid SSH method reply from ssh://%s:%d, continuing anyway ... (check for empty password!)\n", hydra_address2string_beautiful(ip), port); + fprintf(stderr, + "[WARNING] invalid SSH method reply from ssh://%s:%d, continuing " + "anyway ... (check for empty password!)\n", + hydra_address2string_beautiful(ip), port); return 0; } - fprintf(stderr, "[ERROR] target ssh://%s:%d/ does not support password authentication (method reply %d).\n", hydra_address2string_beautiful(ip), port, method); + fprintf(stderr, + "[ERROR] target ssh://%s:%d/ does not support password " + "authentication (method reply %d).\n", + hydra_address2string_beautiful(ip), port, method); return 1; #else return 0; diff --git a/hydra-sshkey.c b/hydra-sshkey.c index 7a51389..113d6de 100644 --- a/hydra-sshkey.c +++ b/hydra-sshkey.c @@ -1,16 +1,14 @@ /* libssh is available at http://www.libssh.org - current version is 0.4.8 + current version is 0.4.8 If you want support for ssh v1 protocol, you have to add option -DWITH_SSH1=On in the cmake */ #include "hydra-mod.h" #ifndef LIBSSH -void dummy_sshkey() { - printf("\n"); -} +void dummy_sshkey() { printf("\n"); } #else #include @@ -21,7 +19,7 @@ extern ssh_session session; extern char *HYDRA_EXIT; extern int32_t new_session; -int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *key, keep_login[300]; int32_t auth_state = 0, rc = 0; @@ -46,7 +44,7 @@ int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, c ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); if (ssh_connect(session) != 0) { - //if the connection was drop, exit and let hydra main handle it + // if the connection was drop, exit and let hydra main handle it if (verbose) hydra_report(stderr, "[ERROR] could not connect to target port %d\n", port); return 3; @@ -108,7 +106,7 @@ int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, c return 1; } -void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); @@ -116,7 +114,7 @@ void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ next_run = start_sshkey(sock, ip, port, options, miscptr, fp); break; case 2: @@ -154,13 +152,13 @@ void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, #endif #endif -int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -168,9 +166,11 @@ int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *m return 0; } -void usage_sshkey(const char* service) { - printf("Module sshkey does not provide additional options, although the semantic for\n" +void usage_sshkey(const char *service) { + printf("Module sshkey does not provide additional options, although the " + "semantic for\n" "options -p and -P is changed:\n" " -p expects a path to an unencrypted private key in PEM format.\n" - " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); + " -P expects a filename containing a list of path to some unencrypted\n" + " private keys in PEM format.\n\n"); } diff --git a/hydra-svn.c b/hydra-svn.c index 91d8503..063f12c 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -1,5 +1,5 @@ -//This plugin was written by -//checked for memleaks on 110425, none found +// This plugin was written by +// checked for memleaks on 110425, none found #ifdef LIBSVN @@ -10,12 +10,12 @@ #include #endif -#include #include #include -#include #include #include +#include +#include #if SVN_VER_MINOR > 7 #include #endif @@ -25,9 +25,7 @@ #include "hydra-mod.h" #ifndef LIBSVN -void dummy_svn() { - printf("\n"); -} +void dummy_svn() { printf("\n"); } #else extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); @@ -36,11 +34,9 @@ extern char *HYDRA_EXIT; #define DEFAULT_BRANCH "trunk" -static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t * dirent, const svn_lock_t * lock, const char *abs_path, apr_pool_t * pool) { - return SVN_NO_ERROR; -} +static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t *dirent, const svn_lock_t *lock, const char *abs_path, apr_pool_t *pool) { return SVN_NO_ERROR; } -static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t * pool) { +static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t **cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t *pool) { char *empty = ""; char *login, *pass; svn_auth_cred_simple_t *ret = apr_pcalloc(pool, sizeof(*ret)); @@ -57,13 +53,13 @@ static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, vo return SVN_NO_ERROR; } -int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { - //int32_t ipv6 = 0; +int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + // int32_t ipv6 = 0; char URL[1024]; char URLBRANCH[256]; - #if SVN_VER_MINOR > 7 +#if SVN_VER_MINOR > 7 const char *canonical; - #endif +#endif apr_pool_t *pool; svn_error_t *err; svn_opt_revision_t revision; @@ -80,7 +76,7 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char if (svn_cmdline_init("hydra", stderr) != EXIT_SUCCESS) return 4; - //if (ip[0] == 16) + // if (ip[0] == 16) // ipv6 = 1; pool = svn_pool_create(NULL); @@ -96,7 +92,7 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char if ((err = svn_client_create_context2(&ctx, NULL, pool))) { #else if ((err = svn_client_create_context(&ctx, pool))) { -#endif +#endif svn_pool_destroy(pool); svn_handle_error2(err, stderr, FALSE, "hydra: "); return 4; @@ -110,7 +106,7 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char providers = apr_array_make(pool, 1, sizeof(svn_auth_provider_object_t *)); - svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */ + svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */ 0, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; @@ -120,29 +116,29 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char revision.kind = svn_opt_revision_head; snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string_beautiful(ip), port, URLBRANCH); dirents = SVN_DIRENT_KIND; - #if SVN_VER_MINOR > 9 +#if SVN_VER_MINOR > 9 canonical = svn_uri_canonicalize(URL, pool); - err = svn_client_list4(canonical, &revision, &revision, NULL, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t) print_dirdummy, NULL, ctx, pool); - #elif SVN_VER_MINOR > 7 + err = svn_client_list4(canonical, &revision, &revision, NULL, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t)print_dirdummy, NULL, ctx, pool); +#elif SVN_VER_MINOR > 7 canonical = svn_uri_canonicalize(URL, pool); - err = svn_client_list3(canonical, &revision, &revision, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t) print_dirdummy, NULL, ctx, pool); - #else - err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool); - #endif + err = svn_client_list3(canonical, &revision, &revision, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t)print_dirdummy, NULL, ctx, pool); +#else +err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool); +#endif svn_pool_destroy(pool); if (err) { if (debug || (verbose && (err->apr_err != 170001 && err->apr_err != 170013))) hydra_report(stderr, "[ERROR] Access refused (error code %d) , message: %s\n", err->apr_err, err->message); - //Username not found 170001 ": Username not found" - //Password incorrect 170001 ": Password incorrect" + // Username not found 170001 ": Username not found" + // Password incorrect 170001 ": Password incorrect" if (err->apr_err != 170001 && err->apr_err != 170013) { - return 4; //error + return 4; // error } else { if (strstr(err->message, "Username not found")) { - //if (verbose) - //printf("[INFO] user %s does not exist, skipping\n", login); + // if (verbose) + // printf("[INFO] user %s does not exist, skipping\n", login); hydra_completed_pair_skip(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; @@ -162,7 +158,7 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char return 3; } -void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_SVN, mysslport = PORT_SVN_SSL; @@ -173,11 +169,11 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL return; switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -191,7 +187,7 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -207,7 +203,8 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL return; default: if (!verbose) - hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n"); + hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose " + "option for more details\n"); hydra_child_exit(0); } run = next_run; @@ -216,13 +213,13 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL #endif -int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -238,6 +235,7 @@ int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *misc return 0; } -void usage_svn(const char* service) { - printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); +void usage_svn(const char *service) { + printf("Module svn is optionally taking the repository name to attack, " + "default is \"trunk\"\n\n"); } diff --git a/hydra-teamspeak.c b/hydra-teamspeak.c index 78510e6..d0d17c2 100644 --- a/hydra-teamspeak.c +++ b/hydra-teamspeak.c @@ -37,7 +37,7 @@ extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; -int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char buf[100]; @@ -53,21 +53,21 @@ int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options memcpy(&teamspeak.header, "\xf4\xbe\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00", 16); teamspeak.clientlen = 9; - strcpy((char *) &teamspeak.client, "TeamSpeak"); + strcpy((char *)&teamspeak.client, "TeamSpeak"); teamspeak.oslen = 11; - strcpy((char *) &teamspeak.os, "Linux 2.6.9"); + strcpy((char *)&teamspeak.os, "Linux 2.6.9"); memcpy(&teamspeak.misc, "\x02\x00\x00\x00\x20\x00\x3c\x00\x01\x02", 10); teamspeak.userlen = strlen(login); - strncpy((char *) &teamspeak.user, login, 29); + strncpy((char *)&teamspeak.user, login, 29); teamspeak.passlen = strlen(pass); - strncpy((char *) &teamspeak.pass, pass, 29); + strncpy((char *)&teamspeak.pass, pass, 29); teamspeak.loginlen = 0; - strcpy((char *) &teamspeak.login, ""); + strcpy((char *)&teamspeak.login, ""); #ifdef HAVE_ZLIB teamspeak.crc = crc32(0L, (const Bytef *)&teamspeak, sizeof(struct team_speak)); @@ -75,22 +75,22 @@ int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options teamspeak.crc = crc32(&teamspeak, sizeof(struct team_speak)); #endif - if (hydra_send(s, (char *) &teamspeak, sizeof(struct team_speak), 0) < 0) { + if (hydra_send(s, (char *)&teamspeak, sizeof(struct team_speak), 0) < 0) { return 3; } if (hydra_data_ready_timed(s, 5, 0) > 0) { - hydra_recv(s, (char *) buf, sizeof(buf)); + hydra_recv(s, (char *)buf, sizeof(buf)); if (buf[0x58] == 1) { hydra_report_found_host(port, ip, "teamspeak", fp); hydra_completed_pair_found(); } if (buf[0x4B] != 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } } else { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -101,7 +101,7 @@ int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options return 1; } -void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_TEAMSPEAK; @@ -112,23 +112,23 @@ void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscpt while (1) { switch (run) { - case 1: /* connect and service init function */ -// if (sock >= 0) -// sock = hydra_disconnect(sock); -// usleepn(300); + case 1: /* connect and service init function */ + // if (sock >= 0) + // sock = hydra_disconnect(sock); + // usleepn(300); if (sock < 0) { if (port != 0) myport = port; sock = hydra_connect_udp(ip, myport); port = myport; if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } } next_run = start_teamspeak(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -141,13 +141,13 @@ void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscpt } } -int32_t service_teamspeak_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_teamspeak_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-telnet.c b/hydra-telnet.c index b938271..762ade1 100644 --- a/hydra-telnet.c +++ b/hydra-telnet.c @@ -5,7 +5,7 @@ extern char *HYDRA_EXIT; char *buf; int32_t no_line_mode; -int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[300]; int32_t i = 0; @@ -44,7 +44,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c return 3; return 1; } - (void) make_to_lower(buf); + (void)make_to_lower(buf); if (hydra_strcasestr(buf, "asswor") != NULL || hydra_strcasestr(buf, "asscode") != NULL || hydra_strcasestr(buf, "ennwort") != NULL) i = 1; @@ -76,10 +76,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c /*win7 answering with do terminal type = 0xfd 0x18 */ while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { - if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && - strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL && - (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || - index(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { + if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL && (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || index(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); @@ -96,7 +93,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c return 2; } -void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1, fck; int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; @@ -110,10 +107,10 @@ void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, int32_t old_waittime = waittime; switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); no_line_mode = 0; first = 0; if ((options & OPTION_SSL) == 0) { @@ -128,13 +125,13 @@ void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } - if ((buf = hydra_receive_line(sock)) == NULL) { /* check the first line */ + if ((buf = hydra_receive_line(sock)) == NULL) { /* check the first line */ hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown\n"); hydra_child_exit(2); -// hydra_child_exit(2); + // hydra_child_exit(2); } if (hydra_strcasestr(buf, "ress ENTER") != NULL) { hydra_send(sock, "\r\n", 2, 0); @@ -150,7 +147,7 @@ void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, hydra_report(stdout, "DEBUG: waittime set to %d\n", waittime); } do { - unsigned char *buf2 = (unsigned char *) buf; + unsigned char *buf2 = (unsigned char *)buf; while (*buf2 == IAC) { if (first == 0) { @@ -175,23 +172,23 @@ void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, buf2 = buf2 + 3; } - if (buf2 != (unsigned char *) buf) { + if (buf2 != (unsigned char *)buf) { free(buf); buf = hydra_receive_line(sock); } else { buf[0] = 0; } - if (buf != NULL && buf[0] != 0 && (unsigned char) buf[0] != IAC) + if (buf != NULL && buf[0] != 0 && (unsigned char)buf[0] != IAC) make_to_lower(buf); - } while (buf != NULL && (unsigned char) buf[0] == IAC && hydra_strcasestr(buf, "ogin:") == NULL && hydra_strcasestr(buf, "sername:") == NULL); + } while (buf != NULL && (unsigned char)buf[0] == IAC && hydra_strcasestr(buf, "ogin:") == NULL && hydra_strcasestr(buf, "sername:") == NULL); free(buf); waittime = old_waittime; next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_telnet(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -204,13 +201,13 @@ void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, } } -int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -218,7 +215,9 @@ int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *m return 0; } -void usage_telnet(const char* service) { +void usage_telnet(const char *service) { printf("Module telnet is optionally taking the string which is displayed after\n" - "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); + "a successful login (case insensitive), use if the default in the " + "telnet\n" + "module produces too many false positives\n\n"); } diff --git a/hydra-time.c b/hydra-time.c index bbd068d..393377a 100644 --- a/hydra-time.c +++ b/hydra-time.c @@ -2,30 +2,23 @@ #ifndef _WIN32 #include -int32_t sleepn(time_t seconds) -{ - struct timespec ts; - ts.tv_sec = seconds; - ts.tv_nsec = 0; - return nanosleep(&ts, NULL); +int32_t sleepn(time_t seconds) { + struct timespec ts; + ts.tv_sec = seconds; + ts.tv_nsec = 0; + return nanosleep(&ts, NULL); } int32_t usleepn(uint64_t milisec) { - struct timespec ts; - ts.tv_sec = milisec / 1000; - ts.tv_nsec = (milisec % 1000) * 1000000L; - return nanosleep(&ts, NULL); + struct timespec ts; + ts.tv_sec = milisec / 1000; + ts.tv_nsec = (milisec % 1000) * 1000000L; + return nanosleep(&ts, NULL); } #else #include -int32_t sleepn(uint32_t seconds) -{ - return SleepEx(milisec*1000,TRUE); -} +int32_t sleepn(uint32_t seconds) { return SleepEx(milisec * 1000, TRUE); } -int32_t usleepn(uint32_t milisec) -{ - return SleepEx(milisec,TRUE); -} +int32_t usleepn(uint32_t milisec) { return SleepEx(milisec, TRUE); } #endif diff --git a/hydra-vmauthd.c b/hydra-vmauthd.c index 06f656f..7f66f5a 100644 --- a/hydra-vmauthd.c +++ b/hydra-vmauthd.c @@ -1,16 +1,15 @@ -//This plugin was written by david@ +// This plugin was written by david@ // -//This plugin is written for VMware Authentication Daemon +// This plugin is written for VMware Authentication Daemon // #include "hydra-mod.h" - extern char *HYDRA_EXIT; char *buf; -int32_t start_vmauthd(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_vmauthd(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\""; char *login, *pass, buffer[300]; @@ -45,9 +44,9 @@ int32_t start_vmauthd(int32_t s, char *ip, int32_t port, unsigned char options, if ((buf = hydra_receive_line(s)) == NULL) return (1); -//fprintf(stderr, "%s\n", buf); -//230 User test logged in. -//530 Login incorrect. + // fprintf(stderr, "%s\n", buf); + // 230 User test logged in. + // 530 Login incorrect. if (strncmp(buf, "230 ", 4) == 0) { hydra_report_found_host(port, ip, "vmauthd", fp); @@ -65,7 +64,7 @@ int32_t start_vmauthd(int32_t s, char *ip, int32_t port, unsigned char options, return 2; } -void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_VMAUTHD, mysslport = PORT_VMAUTHD_SSL; @@ -74,10 +73,10 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -92,14 +91,15 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); -//fprintf(stderr, "%s\n",buf); -//220 VMware Authentication Daemon Version 1.00 -//220 VMware Authentication Daemon Version 1.10: SSL Required -//220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC , + // fprintf(stderr, "%s\n",buf); + // 220 VMware Authentication Daemon Version 1.00 + // 220 VMware Authentication Daemon Version 1.10: SSL Required + // 220 VMware Authentication Daemon Version 1.10: SSL Required, + // ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC , if (buf == NULL || strstr(buf, "220 VMware Authentication Daemon Version ") == NULL) { /* check the first line */ @@ -108,14 +108,17 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, hydra_child_exit(2); } if ((strstr(buf, "Version 1.00") == NULL) && (strstr(buf, "Version 1.10") == NULL)) { - hydra_report(stderr, "[ERROR] this vmware authd protocol is not supported, please report: %s\n", buf); + hydra_report(stderr, + "[ERROR] this vmware authd protocol is not supported, " + "please report: %s\n", + buf); free(buf); hydra_child_exit(2); } - //by default this service is waiting for ssl connections + // by default this service is waiting for ssl connections if (strstr(buf, "SSL Required") != NULL) { if ((options & OPTION_SSL) == 0) { - //reconnecting using SSL + // reconnecting using SSL if (hydra_connect_to_ssl(sock, hostname) == -1) { free(buf); hydra_report(stderr, "[ERROR] Can't use SSL\n"); @@ -127,10 +130,10 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_vmauthd(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -143,13 +146,13 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, } } -int32_t service_vmauthd_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_vmauthd_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-vnc.c b/hydra-vnc.c index 95a12d8..aeecd59 100644 --- a/hydra-vnc.c +++ b/hydra-vnc.c @@ -5,14 +5,14 @@ * */ -#include "hydra-mod.h" #include "d3des.h" +#include "hydra-mod.h" #define CHALLENGESIZE 16 -//for RFB 003.003 & 003.005 +// for RFB 003.003 & 003.005 #define RFB33 1 -//for RFB 3.7 and onwards +// for RFB 3.7 and onwards #define RFB37 2 int32_t vnc_client_version = RFB33; @@ -44,7 +44,7 @@ void vncEncryptBytes(unsigned char *bytes, char *passwd) { } } -int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass; unsigned char buf2[CHALLENGESIZE + 4]; @@ -57,22 +57,22 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char if (vnc_client_version == RFB37) { int32_t i; - //fprintf(stderr,"number of security types supported: %d\n", buf2[0]); + // fprintf(stderr,"number of security types supported: %d\n", buf2[0]); if (buf2[0] == 0 || buf2[0] > CHALLENGESIZE + 4) { hydra_report(stderr, "[ERROR] VNC server connection failed\n"); hydra_child_exit(0); } for (i = 1; i <= buf2[0]; i++) { - //fprintf(stderr,"sec type %u\n",buf2[i]); - //check if weak security types are available + // fprintf(stderr,"sec type %u\n",buf2[i]); + // check if weak security types are available if (buf2[i] <= 0x2) { buf2[3] = buf2[i]; break; } } } - //supported security type + // supported security type switch (buf2[3]) { case 0x0: hydra_report(stderr, "[ERROR] VNC server told us to quit %c\n", buf2[3]); @@ -87,24 +87,24 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char hydra_child_exit(2); break; case 0x2: - //VNC security type supported is the only type supported for now + // VNC security type supported is the only type supported for now if (vnc_client_version == RFB37) { sprintf(buf, "%c", 0x2); if (hydra_send(s, buf, strlen(buf), 0) < 0) { return 1; } - //get authentication challenge from server + // get authentication challenge from server if (recv(s, buf2, CHALLENGESIZE, 0) == -1) return 1; - //send response + // send response vncEncryptBytes(buf2, pass); - if (hydra_send(s, (char *) buf2, CHALLENGESIZE, 0) < 0) { + if (hydra_send(s, (char *)buf2, CHALLENGESIZE, 0) < 0) { return 1; } } else { - //in old proto, challenge is following the security type - vncEncryptBytes((unsigned char *) buf2 + 4, pass); - if (hydra_send(s, (char *) buf2 + 4, CHALLENGESIZE, 0) < 0) { + // in old proto, challenge is following the security type + vncEncryptBytes((unsigned char *)buf2 + 4, pass); + if (hydra_send(s, (char *)buf2 + 4, CHALLENGESIZE, 0) < 0) { return 1; } } @@ -114,7 +114,7 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char hydra_child_exit(2); } - //check security result value + // check security result value recv(s, buf, 4, 0); if (buf == NULL) return 1; @@ -142,10 +142,10 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char return 1; } - return 1; /* never reached */ + return 1; /* never reached */ } -void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_VNC, mysslport = PORT_VNC_SSL; @@ -154,7 +154,7 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -169,26 +169,28 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } usleepn(300); buf = hydra_receive_line(sock); - if (buf == NULL || (strncmp(buf, "RFB", 3) != 0)) { /* check the first line */ + if (buf == NULL || (strncmp(buf, "RFB", 3) != 0)) { /* check the first line */ hydra_report(stderr, "[ERROR] Not a VNC protocol or service shutdown: %s\n", buf); hydra_child_exit(2); } - if (strstr(buf, " security failures") != NULL) { /* check the first line */ + if (strstr(buf, " security failures") != NULL) { /* check the first line */ /* - VNC has a 'blacklisting' scheme that blocks an IP address after five unsuccessful connection attempts. - The IP address is initially blocked for ten seconds, - but this doubles for each unsuccessful attempt thereafter. - A successful connection from an IP address resets the blacklist timeout. - This is built in to VNC Server and does not rely on operating system support. + VNC has a 'blacklisting' scheme that blocks an IP address after five + unsuccessful connection attempts. The IP address is initially blocked + for ten seconds, but this doubles for each unsuccessful attempt + thereafter. A successful connection from an IP address resets the + blacklist timeout. This is built in to VNC Server and does not rely + on operating system support. */ failed_auth++; - hydra_report(stderr, "VNC server reported too many authentication failures, have to wait some seconds ...\n"); + hydra_report(stderr, "VNC server reported too many authentication " + "failures, have to wait some seconds ...\n"); sleep(12 * failed_auth); free(buf); next_run = 1; @@ -197,12 +199,13 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL if (verbose) hydra_report(stderr, "[VERBOSE] Server banner is %s\n", buf); if (((strstr(buf, "RFB 005.000") != NULL) || (strstr(buf, "RFB 004") != NULL) || (strstr(buf, "RFB 003.007") != NULL) || (strstr(buf, "RFB 003.008") != NULL))) { - //using proto version 003.007 to talk to server 005.xxx and 004.xxx same for 3.7 and 3.8 + // using proto version 003.007 to talk to server 005.xxx and 004.xxx + // same for 3.7 and 3.8 vnc_client_version = RFB37; free(buf); buf = strdup("RFB 003.007\n"); } else { - //for RFB 3.3 and fake 3.5 + // for RFB 3.3 and fake 3.5 vnc_client_version = RFB33; free(buf); buf = strdup("RFB 003.003\n"); @@ -210,10 +213,10 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL hydra_send(sock, buf, strlen(buf), 0); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_vnc(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -231,13 +234,13 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } } -int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-xmpp.c b/hydra-xmpp.c index 6f6b3cb..aa4ea2f 100644 --- a/hydra-xmpp.c +++ b/hydra-xmpp.c @@ -9,9 +9,10 @@ static char *domain = NULL; int32_t xmpp_auth_mechanism = AUTH_ERROR; char *JABBER_CLIENT_INIT_STR = ""; +char *JABBER_CLIENT_INIT_END_STR = "' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' " + "version='1.0'>"; -int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\""; char *login, *pass, buffer[500], buffer2[500]; char *AUTH_STR = " 0) && (chglen < sizeof(buffer2))) { - strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); - buffer2[chglen] = '\0'; - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buffer2); - if (strstr(buffer, "assword") != NULL) { - strncpy(buffer2, pass, sizeof(buffer2) - 1); - buffer2[sizeof(buffer2) - 1] = '\0'; - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); - } - } else { - hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n"); - free(buf); - return 1; - } - } - } - } - break; -#ifdef LIBOPENSSL - case AUTH_PLAIN:{ - memset(buffer2, 0, sizeof(buffer)); - sasl_plain(buffer2, login, pass); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer); - - } - break; - case AUTH_CRAMMD5:{ - int32_t rc = 0; - char *preplogin; - - memset(buffer2, 0, sizeof(buffer2)); - sasl_cram_md5(buffer2, pass, buffer); - - rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - if (rc) { - free(buf); - return 3; - } - - sprintf(buffer, "%.200s %.250s", preplogin, buffer2); - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer); - hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); - sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR); - strncpy(buffer, buffer2, sizeof(buffer) - 1); - buffer[sizeof(buffer) - 1] = '\0'; - free(preplogin); - } - break; - case AUTH_DIGESTMD5:{ - memset(buffer2, 0, sizeof(buffer2)); - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); - if (fooptr == NULL) { - free(buf); - return 3; - } - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer2); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); - } - break; - case AUTH_SCRAMSHA1:{ - /*client-first-message */ - char clientfirstmessagebare[200]; - char *preplogin; - int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - - if (rc) { - free(buf); - return 3; - } - - snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); - free(preplogin); - sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); - - free(buf); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + free(buf); return 1; } buf = hydra_receive_line(s); if (buf == NULL) return 1; - + /* server now would ask for the password */ if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { - char serverfirstmessage[200]; char *ptr = strstr(buf, CHALLENGE_STR); if (!ptr) @@ -206,36 +106,132 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha if ((chglen > 0) && (chglen < sizeof(buffer2))) { strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); buffer2[chglen] = '\0'; + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buffer2); + if (strstr(buffer, "assword") != NULL) { + strncpy(buffer2, pass, sizeof(buffer2) - 1); + buffer2[sizeof(buffer2) - 1] = '\0'; + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + } } else { hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n"); free(buf); return 1; } + } + } + } break; +#ifdef LIBOPENSSL + case AUTH_PLAIN: { + memset(buffer2, 0, sizeof(buffer)); + sasl_plain(buffer2, login, pass); + sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer); - /*server-first-message */ - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buffer2); - strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); - serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; + } break; + case AUTH_CRAMMD5: { + int32_t rc = 0; + char *preplogin; - memset(buffer2, 0, sizeof(buffer2)); - fooptr = buffer2; - sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); - if (fooptr == NULL) { - hydra_report(stderr, "[ERROR] Can't compute client response\n"); - free(buf); - return 1; - } - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + memset(buffer2, 0, sizeof(buffer2)); + sasl_cram_md5(buffer2, pass, buffer); + + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + free(buf); + return 3; + } + + sprintf(buffer, "%.200s %.250s", preplogin, buffer2); + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer); + hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); + sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR); + strncpy(buffer, buffer2, sizeof(buffer) - 1); + buffer[sizeof(buffer) - 1] = '\0'; + free(preplogin); + } break; + case AUTH_DIGESTMD5: { + memset(buffer2, 0, sizeof(buffer2)); + fooptr = buffer2; + sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); + if (fooptr == NULL) { + free(buf); + return 3; + } + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + } break; + case AUTH_SCRAMSHA1: { + /*client-first-message */ + char clientfirstmessagebare[200]; + char *preplogin; + int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + if (rc) { + free(buf); + return 3; + } + + snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); + free(preplogin); + sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + + free(buf); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + + if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { + char serverfirstmessage[200]; + char *ptr = strstr(buf, CHALLENGE_STR); + + if (!ptr) + ptr = strstr(buf, CHALLENGE_STR2); + char *ptr_end = strstr(ptr, CHALLENGE_END_STR); + int32_t chglen = ptr_end - ptr - strlen(CHALLENGE_STR); + + if ((chglen > 0) && (chglen < sizeof(buffer2))) { + strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); + buffer2[chglen] = '\0'; } else { - if (verbose || debug) - hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); + hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n"); free(buf); return 1; } + + /*server-first-message */ + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buffer2); + strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); + serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; + + memset(buffer2, 0, sizeof(buffer2)); + fooptr = buffer2; + sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); + if (fooptr == NULL) { + hydra_report(stderr, "[ERROR] Can't compute client response\n"); + free(buf); + return 1; + } + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + } else { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); + free(buf); + return 1; } - break; + } break; #endif ptr = 0; } @@ -249,8 +245,9 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha if (buf == NULL) return 1; - //we test the challenge tag as digest-md5 when connected is sending "rspauth" value - //so if we are receiving a second challenge we assume the auth is good + // we test the challenge tag as digest-md5 when connected is sending + // "rspauth" value so if we are receiving a second challenge we assume the + // auth is good if ((strstr(buf, "= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -325,7 +324,7 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } memset(buffer, 0, sizeof(buffer)); @@ -333,7 +332,7 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { hydra_child_exit(1); } - //some server is longer to answer + // some server is longer to answer usleepn(300); do { if ((buf = hydra_receive_line(sock)) == NULL) { @@ -351,7 +350,11 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha if (strstr(buf, "= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -485,13 +488,13 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha } } -int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -499,8 +502,9 @@ int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *mis return 0; } -void usage_xmpp(const char* service) { +void usage_xmpp(const char *service) { printf("Module xmpp is optionally taking one authentication type of:\n" " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" - "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); + "Note, the target passed should be a fdqn as the value is used in the " + "Jabber init request, example: hermes.jabber.org\n\n"); } diff --git a/hydra.c b/hydra.c index 28365f8..0ea27cc 100644 --- a/hydra.c +++ b/hydra.c @@ -3,7 +3,8 @@ * https://github.com/vanhauser-thc/thc-hydra * * Parallized network login hacker. - * Don't use in military or secret service organizations, or for illegal purposes. + * Don't use in military or secret service organizations, or for illegal + * purposes. * * License: GNU AFFERO GENERAL PUBLIC LICENSE v3.0, see LICENSE file */ @@ -15,216 +16,220 @@ #include #endif -void usage_oracle(const char* service); -void usage_oracle_listener(const char* service); -void usage_cvs(const char* service); -void usage_xmpp(const char* service); -void usage_pop3(const char* service); -void usage_rdp(const char* service); -void usage_s7_300(const char* service); -void usage_nntp(const char* service); -void usage_imap(const char* service); -void usage_smtp_enum(const char* service); -void usage_smtp(const char* service); -void usage_svn(const char* service); -void usage_ncp(const char* service); -void usage_firebird(const char* service); -void usage_mysql(const char* service); -void usage_mongodb(const char* service); -void usage_irc(const char* service); -void usage_postgres(const char* service); -void usage_telnet(const char* service); -void usage_sapr3(const char* service); -void usage_sshkey(const char* service); -void usage_cisco_enable(const char* service); -void usage_cisco(const char* service); -void usage_ldap(const char* service); -void usage_smb(const char* service); -void usage_http_form(const char* service); -void usage_http_proxy(const char* service); -void usage_http_proxy_urlenum(const char* service); -void usage_snmp(const char* service); -void usage_http(const char* service); -void usage_smb2(const char* service); +void usage_oracle(const char *service); +void usage_oracle_listener(const char *service); +void usage_cvs(const char *service); +void usage_xmpp(const char *service); +void usage_pop3(const char *service); +void usage_rdp(const char *service); +void usage_s7_300(const char *service); +void usage_nntp(const char *service); +void usage_imap(const char *service); +void usage_smtp_enum(const char *service); +void usage_smtp(const char *service); +void usage_svn(const char *service); +void usage_ncp(const char *service); +void usage_firebird(const char *service); +void usage_mysql(const char *service); +void usage_mongodb(const char *service); +void usage_irc(const char *service); +void usage_postgres(const char *service); +void usage_telnet(const char *service); +void usage_sapr3(const char *service); +void usage_sshkey(const char *service); +void usage_cisco_enable(const char *service); +void usage_cisco(const char *service); +void usage_ldap(const char *service); +void usage_smb(const char *service); +void usage_http_form(const char *service); +void usage_http_proxy(const char *service); +void usage_http_proxy_urlenum(const char *service); +void usage_snmp(const char *service); +void usage_http(const char *service); +void usage_smb2(const char *service); - -extern void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); // ADD NEW SERVICES HERE #if defined(LIBSMBCLIENT) -extern int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef HAVE_MATH_H -extern void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBPOSTGRES -extern void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBOPENSSL -extern void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBFREERDP2 -extern void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBSAPR3 -extern void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBFIREBIRD -extern void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBAFP -extern void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_afp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_afp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBNCP -extern void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBSSH -extern void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBSVN -extern void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBORACLE -extern void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef HAVE_GCRYPT -extern void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_radmin2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_radmin2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBMCACHED -extern void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBMONGODB -extern void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif -extern int32_t service_adam6500_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_icq_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_asterisk_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_rexec_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_rsh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_socks5_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_teamspeak_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_vmauthd_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern int32_t service_adam6500_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_icq_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_asterisk_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rexec_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rsh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_socks5_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_teamspeak_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_vmauthd_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); // ADD NEW SERVICES HERE -char *SERVICES = - "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] memcached mongodb mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sapr3 sip smb smb2 smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; +char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " + "http[s]-{head|get|post} http[s]-{get|post}-form http-proxy " + "http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] " + "memcached mongodb mssql mysql ncp nntp oracle oracle-listener oracle-sid " + "pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap " + "rsh rtsp s7-300 sapr3 sip smb smb2 smtp[s] smtp-enum snmp socks5 ssh " + "sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; -#define MAXBUF 520 -#define MAXLINESIZE ( ( MAXBUF / 2 ) - 4 ) -#define MAXTASKS 64 -#define MAXSERVERS 16 -#define MAXFAIL 3 -#define MAXENDWAIT 20 -#define WAITTIME 32 -#define TASKS 16 -#define SKIPLOGIN 256 -#define USLEEP_LOOP 10 -#define MAX_LINES 50000000 // 50 millions, do not put more than 65millions -#define MAX_BYTES 500000000 // 500 millions, do not put more than 650millions +#define MAXBUF 520 +#define MAXLINESIZE ((MAXBUF / 2) - 4) +#define MAXTASKS 64 +#define MAXSERVERS 16 +#define MAXFAIL 3 +#define MAXENDWAIT 20 +#define WAITTIME 32 +#define TASKS 16 +#define SKIPLOGIN 256 +#define USLEEP_LOOP 10 +#define MAX_LINES 50000000 // 50 millions, do not put more than 65millions +#define MAX_BYTES 500000000 // 500 millions, do not put more than 650millions #define RESTOREFILE "./hydra.restore" -#define PROGRAM "Hydra" -#define VERSION "v9.1-dev" -#define AUTHOR "van Hauser/THC" -#define EMAIL "" -#define AUTHOR2 "David Maciejak" -#define EMAIL2 "" -#define RESOURCE "https://github.com/vanhauser-thc/thc-hydra" +#define PROGRAM "Hydra" +#define VERSION "v9.1-dev" +#define AUTHOR "van Hauser/THC" +#define EMAIL "" +#define AUTHOR2 "David Maciejak" +#define EMAIL2 "" +#define RESOURCE "https://github.com/vanhauser-thc/thc-hydra" extern char *hydra_strcasestr(const char *haystack, const char *needle); extern void hydra_tobase64(unsigned char *buf, int32_t buflen, int32_t bufsize); @@ -239,18 +244,9 @@ extern int32_t old_ssl; void hydra_kill_head(int32_t head_no, int32_t killit, int32_t fail); // some enum definitions -typedef enum { - HEAD_DISABLED = -1, - HEAD_UNUSED = 0, - HEAD_ACTIVE = 1 -} head_state_t; +typedef enum { HEAD_DISABLED = -1, HEAD_UNUSED = 0, HEAD_ACTIVE = 1 } head_state_t; -typedef enum { - TARGET_ACTIVE = 0, - TARGET_FINISHED = 1, - TARGET_ERROR = 2, - TARGET_UNRESOLVED = 3 -} target_state_t; +typedef enum { TARGET_ACTIVE = 0, TARGET_FINISHED = 1, TARGET_ERROR = 2, TARGET_UNRESOLVED = 3 } target_state_t; // some structure definitions typedef struct { @@ -290,7 +286,7 @@ typedef struct { } hydra_target; typedef struct { - int32_t active; // active tasks of hydra_options.max_use + int32_t active; // active tasks of hydra_options.max_use int32_t targets; int32_t finished; int32_t exit; @@ -355,133 +351,136 @@ int32_t snpdone, snp_is_redo, snpbuflen, snpi, snpj, snpdont; #include "performance.h" -typedef void (*service_t)(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -typedef int32_t (*service_init_t)(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -typedef void (*service_usage_t)(const char* service); +typedef void (*service_t)(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +typedef int32_t (*service_init_t)(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +typedef void (*service_usage_t)(const char *service); -#define SERVICE2(name, func) { name, service_##func##_init, service_##func, NULL } -#define SERVICE(name) { #name, service_##name##_init, service_##name, NULL } -#define SERVICE3(name, func) { name, service_##func##_init, service_##func, usage_##func } +#define SERVICE2(name, func) \ + { name, service_##func##_init, service_##func, NULL } +#define SERVICE(name) \ + { #name, service_##name##_init, service_##name, NULL } +#define SERVICE3(name, func) \ + { name, service_##func##_init, service_##func, usage_##func } static const struct { - const char* name; + const char *name; service_init_t init; service_t exec; service_usage_t usage; -} services[] = { - SERVICE(adam6500), +} services[] = {SERVICE(adam6500), #ifdef LIBAFP - SERVICE(afp), + SERVICE(afp), #endif - SERVICE(asterisk), - SERVICE3("cisco", cisco), - SERVICE3("cisco-enable", cisco_enable), - SERVICE3("cvs", cvs), + SERVICE(asterisk), + SERVICE3("cisco", cisco), + SERVICE3("cisco-enable", cisco_enable), + SERVICE3("cvs", cvs), #ifdef LIBFIREBIRD - SERVICE3("firebird", firebird), + SERVICE3("firebird", firebird), #endif - SERVICE(ftp), - { "ftps", service_ftp_init, service_ftps, NULL }, - { "http-get", service_http_init, service_http_get, usage_http }, - { "http-get-form", service_http_form_init, service_http_get_form, usage_http_form }, - { "http-head", service_http_init, service_http_head, NULL }, - { "http-form", service_http_form_init, NULL, usage_http_form }, - { "http-post", NULL, service_http_post, usage_http }, - { "http-post-form", service_http_form_init, service_http_post_form, usage_http_form }, - SERVICE3("http-proxy", http_proxy), - SERVICE3("http-proxy-urlenum", http_proxy_urlenum), - SERVICE(icq), - SERVICE3("imap", imap), - SERVICE3("irc", irc), - { "ldap", service_ldap_init, service_ldap2, usage_ldap }, - { "ldap2", service_ldap_init, service_ldap2, usage_ldap }, - { "ldap3", service_ldap_init, service_ldap3, usage_ldap }, - { "ldap3-crammd5", service_ldap_init, service_ldap3_cram_md5, usage_ldap }, - { "ldap3-digestmd5", service_ldap_init, service_ldap3_digest_md5, usage_ldap }, + SERVICE(ftp), + {"ftps", service_ftp_init, service_ftps, NULL}, + {"http-get", service_http_init, service_http_get, usage_http}, + {"http-get-form", service_http_form_init, service_http_get_form, usage_http_form}, + {"http-head", service_http_init, service_http_head, NULL}, + {"http-form", service_http_form_init, NULL, usage_http_form}, + {"http-post", NULL, service_http_post, usage_http}, + {"http-post-form", service_http_form_init, service_http_post_form, usage_http_form}, + SERVICE3("http-proxy", http_proxy), + SERVICE3("http-proxy-urlenum", http_proxy_urlenum), + SERVICE(icq), + SERVICE3("imap", imap), + SERVICE3("irc", irc), + {"ldap", service_ldap_init, service_ldap2, usage_ldap}, + {"ldap2", service_ldap_init, service_ldap2, usage_ldap}, + {"ldap3", service_ldap_init, service_ldap3, usage_ldap}, + {"ldap3-crammd5", service_ldap_init, service_ldap3_cram_md5, usage_ldap}, + {"ldap3-digestmd5", service_ldap_init, service_ldap3_digest_md5, usage_ldap}, #ifdef LIBMCACHED - {"memcached", service_mcached_init, service_mcached, NULL}, + {"memcached", service_mcached_init, service_mcached, NULL}, #endif - SERVICE(mssql), + SERVICE(mssql), #ifdef LIBMONGODB -SERVICE3("mongodb", mongodb), + SERVICE3("mongodb", mongodb), #endif #ifdef HAVE_MATH_H - SERVICE3("mysql", mysql), + SERVICE3("mysql", mysql), #endif #ifdef LIBNCP - SERVICE3("ncp", ncp), + SERVICE3("ncp", ncp), #endif - SERVICE3("nntp", nntp), + SERVICE3("nntp", nntp), #ifdef LIBORACLE - SERVICE3("oracle", oracle), + SERVICE3("oracle", oracle), #endif #ifdef LIBOPENSSL - SERVICE3("oracle-listener", oracle_listener), - SERVICE2("oracle-sid", oracle_sid), + SERVICE3("oracle-listener", oracle_listener), + SERVICE2("oracle-sid", oracle_sid), #endif - SERVICE(pcanywhere), - SERVICE(pcnfs), - SERVICE3("pop3", pop3), + SERVICE(pcanywhere), + SERVICE(pcnfs), + SERVICE3("pop3", pop3), #ifdef LIBPOSTGRES - SERVICE3("postgres", postgres), + SERVICE3("postgres", postgres), #endif - SERVICE(redis), - SERVICE(rexec), + SERVICE(redis), + SERVICE(rexec), #ifdef LIBFREERDP2 - SERVICE3("rdp", rdp), + SERVICE3("rdp", rdp), #endif - SERVICE(rlogin), - SERVICE(rsh), - SERVICE(rtsp), - SERVICE(rpcap), - SERVICE3("s7-300", s7_300), + SERVICE(rlogin), + SERVICE(rsh), + SERVICE(rtsp), + SERVICE(rpcap), + SERVICE3("s7-300", s7_300), #ifdef LIBSAPR3 - SERVICE3("sarp3", sapr3), + SERVICE3("sarp3", sapr3), #endif #ifdef LIBOPENSSL - SERVICE(sip), - SERVICE3("smbnt", smb), - SERVICE3("smb", smb), + SERVICE(sip), + SERVICE3("smbnt", smb), + SERVICE3("smb", smb), #endif #if defined(LIBSMBCLIENT) - SERVICE3("smb2", smb2), + SERVICE3("smb2", smb2), #endif - SERVICE3("smtp", smtp), - SERVICE3("smtp-enum", smtp_enum), - SERVICE3("snmp", snmp), - SERVICE(socks5), + SERVICE3("smtp", smtp), + SERVICE3("smtp-enum", smtp_enum), + SERVICE3("snmp", snmp), + SERVICE(socks5), #ifdef LIBSSH - { "ssh", NULL, service_ssh, NULL }, - SERVICE3("sshkey", sshkey), + {"ssh", NULL, service_ssh, NULL}, + SERVICE3("sshkey", sshkey), #endif #ifdef LIBSVN - SERVICE3("svn", svn), + SERVICE3("svn", svn), #endif - SERVICE(teamspeak), - SERVICE3("telnet", telnet), - SERVICE(vmauthd), - SERVICE(vnc), + SERVICE(teamspeak), + SERVICE3("telnet", telnet), + SERVICE(vmauthd), + SERVICE(vnc), #ifdef HAVE_GCRYPT - SERVICE(radmin2), + SERVICE(radmin2), #endif - { "xmpp", service_xmpp_init, NULL, usage_xmpp } -}; - + {"xmpp", service_xmpp_init, NULL, usage_xmpp}}; #define PRINT_NORMAL(ext, text, ...) printf(text, ##__VA_ARGS__) -#define PRINT_EXTEND(ext, text, ...) do { \ - if (ext) \ - printf(text, ##__VA_ARGS__); \ - } while(0) +#define PRINT_EXTEND(ext, text, ...) \ + do { \ + if (ext) \ + printf(text, ##__VA_ARGS__); \ + } while (0) - -int32_t /*inline*/ check_flag(int32_t value, int32_t flag) { // inline does not compile with debug +int32_t /*inline*/ +check_flag(int32_t value, int32_t flag) { // inline does not compile with debug return (value & flag) == flag; } void help(int32_t ext) { - PRINT_NORMAL(ext, "Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" - " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" + PRINT_NORMAL(ext, "Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | " + "[-C FILE]] [-e nsr]" + " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W " + "TIME] [-f] [-s PORT]" #ifdef HAVE_MATH_H " [-x MIN:MAX:CHARSET]" #endif @@ -494,56 +493,82 @@ void help(int32_t ext) { #ifdef LIBOPENSSL " -S perform an SSL connect\n" #endif - " -s PORT if the service is on a different default port, define it here\n"); - PRINT_NORMAL(ext, " -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n" - " -p PASS or -P FILE try password PASS, or load several passwords from FILE\n"); + " -s PORT if the service is on a different default port, define it " + "here\n"); + PRINT_NORMAL(ext, " -l LOGIN or -L FILE login with LOGIN name, or load " + "several logins from FILE\n" + " -p PASS or -P FILE try password PASS, or load several " + "passwords from FILE\n"); PRINT_EXTEND(ext, #ifdef HAVE_MATH_H - " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" - " -y disable use of symbols in bruteforce, see above\n" - " -r rainy mode for password generation (-x)\n" + " -x MIN:MAX:CHARSET password bruteforce generation, type " + "\"-x -h\" to get help\n" + " -y disable use of symbols in bruteforce, see above\n" + " -r rainy mode for password generation (-x)\n" #endif - " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" - " -u loop around users, not passwords (effective! implied with -x)\n"); - PRINT_NORMAL(ext, " -C FILE colon separated \"login:pass\" format, instead of -L/-P options\n" - " -M FILE list of servers to attack, one entry per line, ':' to specify port\n"); + " -e nsr try \"n\" null password, \"s\" login as pass " + "and/or \"r\" reversed login\n" + " -u loop around users, not passwords (effective! " + "implied with -x)\n"); + PRINT_NORMAL(ext, " -C FILE colon separated \"login:pass\" format, " + "instead of -L/-P options\n" + " -M FILE list of servers to attack, one entry per " + "line, ':' to specify port\n"); PRINT_EXTEND(ext, " -o FILE write found login/password pairs to FILE instead of stdout\n" - " -b FORMAT specify the format for the -o FILE: text(default), json, jsonv1\n" - " -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); - PRINT_NORMAL(ext, " -t TASKS run TASKS number of connects in parallel per target (default: %d)\n", TASKS); - PRINT_EXTEND(ext, " -T TASKS run TASKS connects in parallel overall (for -M, default: %d)\n" - " -w / -W TIME wait time for a response (%d) / between connects per thread (%d)\n" + " -b FORMAT specify the format for the -o FILE: text(default), json, " + "jsonv1\n" + " -f / -F exit when a login/pass pair is found (-M: -f per host, -F " + "global)\n"); + PRINT_NORMAL(ext, + " -t TASKS run TASKS number of connects in parallel per " + "target (default: %d)\n", + TASKS); + PRINT_EXTEND(ext, + " -T TASKS run TASKS connects in parallel overall (for -M, default: " + "%d)\n" + " -w / -W TIME wait time for a response (%d) / between connects per " + "thread (%d)\n" #ifdef MSG_PEEK - " -c TIME wait time per login attempt over all threads (enforces -t 1)\n" + " -c TIME wait time per login attempt over all threads (enforces -t " + "1)\n" #endif - " -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)\n" - " -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n" - " -O use old SSL v2 and v3\n" - " -K do not redo failed attempts (good for -M mass scanning)\n" - " -q do not print messages about connection errors\n", - MAXTASKS, WAITTIME, conwait - ); + " -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also " + "in -M)\n" + " -v / -V / -d verbose mode / show login+pass for each attempt / debug " + "mode \n" + " -O use old SSL v2 and v3\n" + " -K do not redo failed attempts (good for -M mass scanning)\n" + " -q do not print messages about connection errors\n", + MAXTASKS, WAITTIME, conwait); PRINT_NORMAL(ext, " -U service module usage details\n" - " -m OPT options specific for a module, see -U output for information\n" + " -m OPT options specific for a module, see -U output for " + "information\n" " -h more command line options (COMPLETE HELP)\n" - " server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)\n" + " server the target: DNS, IP or 192.168.0.0/24 (this OR the -M " + "option)\n" " service the service to crack (see below for supported protocols)\n" - " OPT some service modules support additional input (-U for module help)\n"); - PRINT_NORMAL(ext, "\nSupported services: %s\n" - "\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\n" - "v3.0. The newest version is always available at %s\n" - "Don't use in military or secret service organizations, or for illegal purposes.\n", - SERVICES, PROGRAM, RESOURCE - ); + " OPT some service modules support additional input (-U for " + "module help)\n"); + PRINT_NORMAL(ext, + "\nSupported services: %s\n" + "\n%s is a tool to guess/crack valid login/password pairs. " + "Licensed under AGPL\n" + "v3.0. The newest version is always available at %s\n" + "Don't use in military or secret service organizations, or for " + "illegal purposes.\n", + SERVICES, PROGRAM, RESOURCE); if (ext && strlen(unsupported) > 0) { if (unsupported[strlen(unsupported) - 1] == ' ') unsupported[strlen(unsupported) - 1] = 0; printf("These services were not compiled in: %s.\n", unsupported); } - PRINT_EXTEND(ext, "\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY environment variables for a proxy setup.\n" - "E.g. %% export HYDRA_PROXY=socks5://l:p@127.0.0.1:9150 (or: socks4:// connect://)\n" - " %% export HYDRA_PROXY=connect_and_socks_proxylist.txt (up to 64 entries)\n" + PRINT_EXTEND(ext, "\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY environment variables for a proxy " + "setup.\n" + "E.g. %% export HYDRA_PROXY=socks5://l:p@127.0.0.1:9150 (or: socks4:// " + "connect://)\n" + " %% export HYDRA_PROXY=connect_and_socks_proxylist.txt (up to 64 " + "entries)\n" " %% export HYDRA_PROXY_HTTP=http://login:pass@proxy:8080\n" " %% export HYDRA_PROXY_HTTP=proxylist.txt (up to 64 entries)\n"); PRINT_NORMAL(ext, "\nExample%s:%s hydra -l user -P passlist.txt ftp://192.168.0.1\n", ext == 0 ? "" : "s", ext == 0 ? "" : "\n"); @@ -559,18 +584,26 @@ void help_bfg() { " -x MIN:MAX:CHARSET\n\n" " MIN is the minimum number of characters in the password\n" " MAX is the maximum number of characters in the password\n" - " CHARSET is a specification of the characters to use in the generation\n" + " CHARSET is a specification of the characters to use in the " + "generation\n" " valid CHARSET values are: 'a' for lowercase letters,\n" - " 'A' for uppercase letters, '1' for numbers, and for all others,\n" + " 'A' for uppercase letters, '1' for numbers, and for all " + "others,\n" " just add their real representation.\n" " -y disable the use of the above letters as placeholders\n\n" "Examples:\n" - " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" - " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" - " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" - " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n" - " -x 3:5:aA1 -y generate passwords from length 3 to 5 with a, A and 1 only\n" - "\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n"); + " -x 3:5:a generate passwords from length 3 to 5 with all " + "lowercase letters\n" + " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase " + "and numbers\n" + " -x 1:3:/ generate passwords from length 1 to 3 containing only " + "slashes\n" + " -x 5:5:/%%,.- generate passwords with length 5 which consists " + "only of /%%,.-\n" + " -x 3:5:aA1 -y generate passwords from length 3 to 5 with a, A and " + "1 only\n" + "\nThe bruteforce mode was made by Jan Dlabal, " + "http://houbysoft.com/bfg/\n"); exit(-1); } @@ -581,14 +614,17 @@ void module_usage() { exit(0); } - printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service); + printf("\nHelp for module " + "%s:\n================================================================" + "============\n", + hydra_options.service); for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { - if (strcmp(hydra_options.service, services[i].name) == 0) { - if (services[i].usage) { - services[i].usage(hydra_options.service); - exit(0); - } + if (strcmp(hydra_options.service, services[i].name) == 0) { + if (services[i].usage) { + services[i].usage(hydra_options.service); + exit(0); } + } } printf("The Module %s does not need or support optional parameters\n", hydra_options.service); @@ -603,34 +639,20 @@ void hydra_debug(int32_t force, char *string) { if (!debug && !force) return; - printf("[DEBUG] Code: %s Time: %" hPRIu64 "\n", string, (uint64_t) time(NULL)); - printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks %d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s service %s\n", - hydra_options.mode, hydra_options.ssl, hydra_options.restore, - hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, - hydra_options.try_null_password, hydra_options.try_password_same_as_login, - hydra_options.try_password_reverse_login, hydra_options.exit_found, - STR_NULL(hydra_options.miscptr), hydra_options.service); + printf("[DEBUG] Code: %s Time: %" hPRIu64 "\n", string, (uint64_t)time(NULL)); + printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks " + "%d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s " + "service %s\n", + hydra_options.mode, hydra_options.ssl, hydra_options.restore, hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, hydra_options.try_null_password, hydra_options.try_password_same_as_login, hydra_options.try_password_reverse_login, hydra_options.exit_found, STR_NULL(hydra_options.miscptr), hydra_options.service); - printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %" hPRIu64 " todo %" hPRIu64 " sent %" hPRIu64 " found %" hPRIu64 " countlogin %" hPRIu64 " sizelogin %" hPRIu64 " countpass %" hPRIu64 " sizepass %" hPRIu64 "\n", - hydra_brains.active, hydra_brains.targets, hydra_brains.finished, - hydra_brains.todo_all + total_redo_count, hydra_brains.todo, - hydra_brains.sent, hydra_brains.found, - (uint64_t) hydra_brains.countlogin, - (uint64_t) hydra_brains.sizelogin, - (uint64_t) hydra_brains.countpass, - (uint64_t) hydra_brains.sizepass); + printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %" hPRIu64 " todo %" hPRIu64 " sent %" hPRIu64 " found %" hPRIu64 " countlogin %" hPRIu64 " sizelogin %" hPRIu64 " countpass %" hPRIu64 " sizepass %" hPRIu64 "\n", hydra_brains.active, hydra_brains.targets, hydra_brains.finished, hydra_brains.todo_all + total_redo_count, hydra_brains.todo, hydra_brains.sent, hydra_brains.found, (uint64_t)hydra_brains.countlogin, (uint64_t)hydra_brains.sizelogin, (uint64_t)hydra_brains.countpass, + (uint64_t)hydra_brains.sizepass); for (i = 0; i < hydra_brains.targets; i++) { - hydra_target* target = hydra_targets[i]; - printf - ("[DEBUG] Target %d - target %s ip %s login_no %" hPRIu64 " pass_no %" hPRIu64 " sent %" hPRIu64 " pass_state %d redo_state %d (%d redos) use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", - i, STR_NULL(target->target), hydra_address2string_beautiful(target->ip), - target->login_no, target->pass_no, target->sent, - target->pass_state, target->redo_state, target->redo, - target->use_count, target->failed, target->done, - target->fail_count, - STR_NULL(target->login_ptr), - STR_NULL(target->pass_ptr)); + hydra_target *target = hydra_targets[i]; + printf("[DEBUG] Target %d - target %s ip %s login_no %" hPRIu64 " pass_no %" hPRIu64 " sent %" hPRIu64 " pass_state %d redo_state %d (%d redos) use_count %d failed %d " + " done %d fail_count %d login_ptr %s pass_ptr %s\n", + i, STR_NULL(target->target), hydra_address2string_beautiful(target->ip), target->login_no, target->pass_no, target->sent, target->pass_state, target->redo_state, target->redo, target->use_count, target->failed, target->done, target->fail_count, STR_NULL(target->login_ptr), STR_NULL(target->pass_ptr)); } if (hydra_heads == NULL) @@ -638,12 +660,9 @@ void hydra_debug(int32_t force, char *string) { for (i = 0; i < hydra_options.max_use; i++) { if (hydra_heads[i]->active >= HEAD_UNUSED) { - printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr %s current_pass_ptr %s\n", - i, (int32_t) hydra_heads[i]->pid, - hydra_heads[i]->active, - hydra_heads[i]->redo, - STR_NULL(hydra_heads[i]->current_login_ptr), - STR_NULL(hydra_heads[i]->current_pass_ptr)); + printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr " + "%s current_pass_ptr %s\n", + i, (int32_t)hydra_heads[i]->pid, hydra_heads[i]->active, hydra_heads[i]->redo, STR_NULL(hydra_heads[i]->current_login_ptr), STR_NULL(hydra_heads[i]->current_pass_ptr)); if (hydra_heads[i]->active == HEAD_UNUSED) inactive++; else @@ -661,7 +680,7 @@ void bail(char *text) { void hydra_restore_write(int32_t print_msg) { FILE *f; hydra_brain brain; - char mynull[4] = { 0, 0, 0, 0 }, buf[4]; + char mynull[4] = {0, 0, 0, 0}, buf[4]; int32_t i = 0, j = 0; hydra_head hh; @@ -688,7 +707,7 @@ void hydra_restore_write(int32_t print_msg) { buf[0] = VERSION[1]; buf[1] = VERSION[3]; buf[2] = sizeof(int32_t) % 256; - buf[3] = sizeof(hydra_target*) % 256; + buf[3] = sizeof(hydra_target *) % 256; fwrite(buf, 1, 4, f); memcpy(&brain, &hydra_brains, sizeof(hydra_brain)); brain.targets = i; @@ -713,8 +732,7 @@ void hydra_restore_write(int32_t print_msg) { for (j = 0; j < hydra_brains.targets; j++) if (hydra_targets[j]->done != TARGET_FINISHED) { fck = fwrite(hydra_targets[j], sizeof(hydra_target), 1, f); - fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int32_t) (hydra_targets[j]->login_ptr - login_ptr), - (int32_t) (hydra_targets[j]->pass_ptr - pass_ptr)); + fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int32_t)(hydra_targets[j]->login_ptr - login_ptr), (int32_t)(hydra_targets[j]->pass_ptr - pass_ptr)); fprintf(f, "%s\n%s\n", hydra_targets[j]->login_ptr, hydra_targets[j]->pass_ptr); if (hydra_targets[j]->redo) for (i = 0; i < hydra_targets[j]->redo; i++) @@ -724,21 +742,21 @@ void hydra_restore_write(int32_t print_msg) { fprintf(f, "%s\n", hydra_targets[j]->skiplogin[i]); } for (j = 0; j < hydra_options.max_use; j++) { - memcpy((char *) &hh, hydra_heads[j], sizeof(hydra_head)); + memcpy((char *)&hh, hydra_heads[j], sizeof(hydra_head)); if (j == 0 && debug) { printf("[DEBUG] sizeof hydra_head: %lu\n", sizeof(hydra_head)); printf("[DEBUG] memcmp: %d\n", memcmp(hydra_heads[j], &hh, sizeof(hydra_head))); } - hh.active = 0; // re-enable disabled heads - if ((hh.current_login_ptr != NULL && hh.current_login_ptr != empty_login) - || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) { + hh.active = 0; // re-enable disabled heads + if ((hh.current_login_ptr != NULL && hh.current_login_ptr != empty_login) || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) { hh.redo = 1; if (print_msg && debug) - printf("[DEBUG] we will redo the following combination: target %s child %d login \"%s\" pass \"%s\"\n", hydra_targets[hh.target_no]->target, - j, hh.current_login_ptr, hh.current_pass_ptr); + printf("[DEBUG] we will redo the following combination: target %s " + "child %d login \"%s\" pass \"%s\"\n", + hydra_targets[hh.target_no]->target, j, hh.current_login_ptr, hh.current_pass_ptr); } - fck = fwrite((char *) &hh, sizeof(hydra_head), 1, f); - if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */ ) + fck = fwrite((char *)&hh, sizeof(hydra_head), 1, f); + if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */) fprintf(f, "%s\n%s\n", hh.current_login_ptr == NULL ? "" : hh.current_login_ptr, hh.current_pass_ptr == NULL ? "" : hh.current_pass_ptr); else fprintf(f, "\n\n"); @@ -749,7 +767,8 @@ void hydra_restore_write(int32_t print_msg) { if (debug) printf("[DEBUG] done writing session file\n"); if (print_msg) - printf("The session file ./hydra.restore was written. Type \"hydra -R\" to resume session.\n"); + printf("The session file ./hydra.restore was written. Type \"hydra -R\" to " + "resume session.\n"); hydra_debug(0, "hydra_restore_write()"); } @@ -774,7 +793,7 @@ void hydra_restore_read() { exit(-1); } - if ((fck = (int32_t) fread(buf, 1, 4, f)) != 4) { + if ((fck = (int32_t)fread(buf, 1, 4, f)) != 4) { fprintf(stderr, "[ERROR] invalid restore file (platform)\n"); exit(-1); } @@ -783,14 +802,18 @@ void hydra_restore_read() { exit(-1); } if (buf[0] != VERSION[1] || buf[1] != VERSION[3]) - fprintf(stderr, "[WARNING] restore file was created by version %c.%c, this is version %s\n", buf[0], buf[2], VERSION); - if (buf[2] != sizeof(int32_t) % 256 || buf[3] != sizeof(hydra_head*) % 256) { - fprintf(stderr, "[ERROR] restore file was created on a different, incompatible processor platform!\n"); + fprintf(stderr, + "[WARNING] restore file was created by version %c.%c, this is " + "version %s\n", + buf[0], buf[2], VERSION); + if (buf[2] != sizeof(int32_t) % 256 || buf[3] != sizeof(hydra_head *) % 256) { + fprintf(stderr, "[ERROR] restore file was created on a different, " + "incompatible processor platform!\n"); exit(-1); } - fck = (int32_t) fread(&bf_options, sizeof(bf_options), 1, f); - fck = (int32_t) fread(mynull, sizeof(mynull), 1, f); + fck = (int32_t)fread(&bf_options, sizeof(bf_options), 1, f); + fck = (int32_t)fread(mynull, sizeof(mynull), 1, f); if (debug) printf("[DEBUG] reading restore file: Step 1 complete\n"); if (mynull[0] + mynull[1] + mynull[2] + mynull[3] == 0) { @@ -803,9 +826,9 @@ void hydra_restore_read() { if (debug) printf("[DEBUG] reading restore file: Step 2 complete\n"); - fck = (int32_t) fread(&hydra_brains, sizeof(hydra_brain), 1, f); + fck = (int32_t)fread(&hydra_brains, sizeof(hydra_brain), 1, f); hydra_brains.ofp = stdout; - fck = (int32_t) fread(&hydra_options, sizeof(hydra_option), 1, f); + fck = (int32_t)fread(&hydra_options, sizeof(hydra_option), 1, f); hydra_options.restore = 1; verbose = hydra_options.verbose; debug = hydra_options.debug; @@ -858,23 +881,23 @@ void hydra_restore_read() { printf("[DEBUG] reading restore file: Step 8 complete\n"); login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); - fck = (int32_t) fread(login_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, 1, f); + fck = (int32_t)fread(login_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, 1, f); if (debug) printf("[DEBUG] reading restore file: Step 9 complete\n"); - if (!check_flag(hydra_options.mode, MODE_COLON_FILE)) { // NOT colonfile mode + if (!check_flag(hydra_options.mode, MODE_COLON_FILE)) { // NOT colonfile mode pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); - fck = (int32_t) fread(pass_ptr, hydra_brains.sizepass + hydra_brains.countpass + 8, 1, f); - } else { // colonfile mode - hydra_options.colonfile = empty_login; // dummy + fck = (int32_t)fread(pass_ptr, hydra_brains.sizepass + hydra_brains.countpass + 8, 1, f); + } else { // colonfile mode + hydra_options.colonfile = empty_login; // dummy pass_ptr = csv_ptr = login_ptr; } if (debug) printf("[DEBUG] reading restore file: Step 10 complete\n"); - hydra_targets = (hydra_target **) malloc((hydra_brains.targets + 3) * sizeof(hydra_target*)); + hydra_targets = (hydra_target **)malloc((hydra_brains.targets + 3) * sizeof(hydra_target *)); for (j = 0; j < hydra_brains.targets; j++) { hydra_targets[j] = malloc(sizeof(hydra_target)); - fck = (int32_t) fread(hydra_targets[j], sizeof(hydra_target), 1, f); + fck = (int32_t)fread(hydra_targets[j], sizeof(hydra_target), 1, f); sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; @@ -884,7 +907,7 @@ void hydra_restore_read() { hydra_targets[j]->login_ptr = login_ptr + atoi(out); sck = fgets(out, sizeof(out), f); hydra_targets[j]->pass_ptr = pass_ptr + atoi(out); - sck = fgets(out, sizeof(out), f); // target login_ptr, ignord + sck = fgets(out, sizeof(out), f); // target login_ptr, ignord sck = fgets(out, sizeof(out), f); if (hydra_options.bfg) { if (out[0] != 0 && out[strlen(out) - 1] == '\n') @@ -893,7 +916,8 @@ void hydra_restore_read() { strcpy(hydra_targets[j]->pass_ptr, out); } if (hydra_targets[j]->redo > 0) { - if (debug) printf("[DEBUG] target %d redo %d\n", j, hydra_targets[j]->redo); + if (debug) + printf("[DEBUG] target %d redo %d\n", j, hydra_targets[j]->redo); for (i = 0; i < hydra_targets[j]->redo; i++) { sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') @@ -923,15 +947,16 @@ void hydra_restore_read() { } if (debug) printf("[DEBUG] reading restore file: Step 11 complete\n"); - hydra_heads = malloc(sizeof(hydra_head*) * hydra_options.max_use); + hydra_heads = malloc(sizeof(hydra_head *) * hydra_options.max_use); for (j = 0; j < hydra_options.max_use; j++) { hydra_heads[j] = malloc(sizeof(hydra_head)); - fck = (int32_t) fread(hydra_heads[j], sizeof(hydra_head), 1, f); + fck = (int32_t)fread(hydra_heads[j], sizeof(hydra_head), 1, f); hydra_heads[j]->sp[0] = -1; hydra_heads[j]->sp[1] = -1; sck = fgets(out, sizeof(out), f); if (hydra_heads[j]->redo) { - if (debug) printf("[DEBUG] head %d redo\n", j); + if (debug) + printf("[DEBUG] head %d redo\n", j); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; hydra_heads[j]->current_login_ptr = malloc(strlen(out) + 1); @@ -985,8 +1010,8 @@ void killed_childs(int32_t signo) { } void killed_childs_report(int32_t signo) { - //if (debug) - printf("[ERROR] children crashed! (%d)\n", child_head_no); + // if (debug) + printf("[ERROR] children crashed! (%d)\n", child_head_no); fck = write(child_socket, "E", 1); _exit(-1); } @@ -1009,7 +1034,7 @@ void kill_children(int32_t signo) { exit(0); } -uint64_t countlines(FILE * fd, int32_t colonmode) { +uint64_t countlines(FILE *fd, int32_t colonmode) { size_t clines = 0; char *buf = malloc(MAXLINESIZE); int32_t only_one_empty_line = 0; @@ -1051,12 +1076,12 @@ uint64_t countlines(FILE * fd, int32_t colonmode) { return clines; } -void fill_mem(char *ptr, FILE * fd, int32_t colonmode) { +void fill_mem(char *ptr, FILE *fd, int32_t colonmode) { char tmp[MAXBUF + 4] = "", *ptr2; uint32_t len; int32_t only_one_empty_line = 0; -int read_flag = 0; + int read_flag = 0; #ifdef HAVE_ZLIB gzFile fp = gzdopen(fileno(fd), "r"); @@ -1081,7 +1106,10 @@ int read_flag = 0; } if (colonmode) { if ((ptr2 = index(tmp, ':')) == NULL) { - fprintf(stderr, "[ERROR] invalid line in colon file (-C), missing colon in line: %s\n", tmp); + fprintf(stderr, + "[ERROR] invalid line in colon file (-C), missing colon " + "in line: %s\n", + tmp); exit(-1); } else { *ptr2 = 0; @@ -1112,23 +1140,23 @@ char *hydra_build_time() { time(&epoch); the_time = localtime(&epoch); strftime(datetime, sizeof(datetime), "%Y-%m-%d %H:%M:%S", the_time); - return (char *) &datetime; + return (char *)&datetime; } void hydra_service_init(int32_t target_no) { int32_t x = 99; int32_t i; - hydra_target* t = hydra_targets[target_no]; - char* miscptr = hydra_options.miscptr; - FILE* ofp = hydra_brains.ofp; + hydra_target *t = hydra_targets[target_no]; + char *miscptr = hydra_options.miscptr; + FILE *ofp = hydra_brains.ofp; for (i = 0; x == 99 && i < sizeof(services) / sizeof(services[0]); i++) { - if (strcmp(hydra_options.service, services[i].name) == 0) { - if (services[i].init) { - x = services[i].init(t->ip, -1, options, miscptr, ofp, t->port, t->target); - break; - } + if (strcmp(hydra_options.service, services[i].name) == 0) { + if (services[i].init) { + x = services[i].init(t->ip, -1, options, miscptr, ofp, t->port, t->target); + break; } + } } // dirty workaround here: @@ -1148,7 +1176,10 @@ void hydra_service_init(int32_t target_no) { if (hydra_options.outfile_format == FORMAT_JSONV1) { char json_error[120]; snprintf(json_error, sizeof(json_error), "[ERROR] unexpected result connecting to target %s port %d", hydra_address2string_beautiful(t->ip), t->port); - fprintf(hydra_brains.ofp, "\n\t],\n\"success\": false,\n\"errormessages\": [ \"%s\" ],\n\"quantityfound\": %" hPRIu64 " }\n", json_error, hydra_brains.found); + fprintf(hydra_brains.ofp, + "\n\t],\n\"success\": false,\n\"errormessages\": [ \"%s\" " + "],\n\"quantityfound\": %" hPRIu64 " }\n", + json_error, hydra_brains.found); } fclose(hydra_brains.ofp); } @@ -1173,7 +1204,7 @@ int32_t hydra_spawn_head(int32_t head_no, int32_t target_no) { if (socketpair(PF_UNIX, SOCK_STREAM, 0, hydra_heads[head_no]->sp) == 0) { child_head_no = head_no; - if ((hydra_heads[head_no]->pid = fork()) == 0) { // THIS IS THE CHILD + if ((hydra_heads[head_no]->pid = fork()) == 0) { // THIS IS THE CHILD // set new signals for child process_restore = 0; child_socket = hydra_heads[head_no]->sp[1]; @@ -1204,24 +1235,25 @@ int32_t hydra_spawn_head(int32_t head_no, int32_t target_no) { if (debug) printf("[DEBUG] head_no %d has pid %d\n", head_no, getpid()); - hydra_target* t = hydra_targets[target_no]; + hydra_target *t = hydra_targets[target_no]; int32_t sp = hydra_heads[head_no]->sp[1]; - char* miscptr = hydra_options.miscptr; - FILE* ofp = hydra_brains.ofp; - hydra_target* head_target = hydra_targets[hydra_heads[head_no]->target_no]; + char *miscptr = hydra_options.miscptr; + FILE *ofp = hydra_brains.ofp; + hydra_target *head_target = hydra_targets[hydra_heads[head_no]->target_no]; for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { - if (strcmp(hydra_options.service, services[i].name) == 0) { - if (services[i].exec) { - services[i].exec(t->ip, sp, options, miscptr, ofp, t->port, head_target->target); - // just in case a module returns (which it shouldnt) we let it exit here - exit(-1); - } + if (strcmp(hydra_options.service, services[i].name) == 0) { + if (services[i].exec) { + services[i].exec(t->ip, sp, options, miscptr, ofp, t->port, head_target->target); + // just in case a module returns (which it shouldnt) we let it exit + // here + exit(-1); } + } } // FIXME: dirty workaround here if (strcmp(hydra_options.service, "xmpp") == 0) { - service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); + service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); } // just in case a module returns (which it shouldnt) we let it exit here @@ -1229,8 +1261,11 @@ int32_t hydra_spawn_head(int32_t head_no, int32_t target_no) { } else { child_head_no = -1; if (hydra_heads[head_no]->pid > 0) { - fck = write(hydra_heads[head_no]->sp[1], "n", 1); // yes, a small "n" - this way we can distinguish later if the client successfully tested a pair and is requesting a new one or the mother did that - (void) fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); + fck = write(hydra_heads[head_no]->sp[1], "n", + 1); // yes, a small "n" - this way we can distinguish later + // if the client successfully tested a pair and is + // requesting a new one or the mother did that + (void)fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); if (hydra_heads[head_no]->redo != 1) hydra_heads[head_no]->target_no = target_no; hydra_heads[head_no]->active = HEAD_ACTIVE; @@ -1258,76 +1293,74 @@ int32_t hydra_spawn_head(int32_t head_no, int32_t target_no) { int32_t hydra_lookup_port(char *service) { int32_t i = 0, port = -2; - hydra_portlist hydra_portlists[] = { - {"ftp", PORT_FTP, PORT_FTP_SSL}, - {"ftps", PORT_FTP, PORT_FTP_SSL}, - {"http-head", PORT_HTTP, PORT_HTTP_SSL}, - {"http-post", PORT_HTTP, PORT_HTTP_SSL}, - {"http-get", PORT_HTTP, PORT_HTTP_SSL}, - {"http-get-form", PORT_HTTP, PORT_HTTP_SSL}, - {"http-post-form", PORT_HTTP, PORT_HTTP_SSL}, - {"https-get-form", PORT_HTTP, PORT_HTTP_SSL}, - {"https-post-form", PORT_HTTP, PORT_HTTP_SSL}, - {"https-head", PORT_HTTP, PORT_HTTP_SSL}, - {"https-get", PORT_HTTP, PORT_HTTP_SSL}, - {"http-proxy", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, - {"http-proxy-urlenum", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, - {"icq", PORT_ICQ, PORT_ICQ_SSL}, - {"imap", PORT_IMAP, PORT_IMAP_SSL}, - {"ldap2", PORT_LDAP, PORT_LDAP_SSL}, - {"ldap3", PORT_LDAP, PORT_LDAP_SSL}, - {"ldap3-crammd5", PORT_LDAP, PORT_LDAP_SSL}, - {"ldap3-digestmd5", PORT_LDAP, PORT_LDAP_SSL}, - {"oracle-listener", PORT_ORACLE, PORT_ORACLE_SSL}, - {"oracle-sid", PORT_ORACLE, PORT_ORACLE_SSL}, - {"oracle", PORT_ORACLE, PORT_ORACLE_SSL}, - {"memcached", PORT_MCACHED, PORT_MCACHED_SSL}, - {"mongodb", PORT_MONGODB, PORT_MONGODB}, - {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, - {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, - {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, - {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, - {"nntp", PORT_NNTP, PORT_NNTP_SSL}, - {"pcnfs", PORT_PCNFS, PORT_PCNFS_SSL}, - {"pop3", PORT_POP3, PORT_POP3_SSL}, - {"redis", PORT_REDIS, PORT_REDIS_SSL}, - {"rexec", PORT_REXEC, PORT_REXEC_SSL}, - {"rlogin", PORT_RLOGIN, PORT_RLOGIN_SSL}, - {"rsh", PORT_RSH, PORT_RSH_SSL}, - {"sapr3", PORT_SAPR3, PORT_SAPR3_SSL}, - {"smb", PORT_SMBNT, PORT_SMBNT_SSL}, - {"smb2", PORT_SMBNT, PORT_SMBNT_SSL}, - {"smbnt", PORT_SMBNT, PORT_SMBNT_SSL}, - {"socks5", PORT_SOCKS5, PORT_SOCKS5_SSL}, - {"ssh", PORT_SSH, PORT_SSH_SSL}, - {"sshkey", PORT_SSH, PORT_SSH_SSL}, - {"telnet", PORT_TELNET, PORT_TELNET_SSL}, - {"adam6500", PORT_ADAM6500, PORT_ADAM6500_SSL}, - {"cisco", PORT_TELNET, PORT_TELNET_SSL}, - {"cisco-enable", PORT_TELNET, PORT_TELNET_SSL}, - {"vnc", PORT_VNC, PORT_VNC_SSL}, - {"snmp", PORT_SNMP, PORT_SNMP_SSL}, - {"cvs", PORT_CVS, PORT_CVS_SSL}, - {"svn", PORT_SVN, PORT_SVN_SSL}, - {"firebird", PORT_FIREBIRD, PORT_FIREBIRD_SSL}, - {"afp", PORT_AFP, PORT_AFP_SSL}, - {"ncp", PORT_NCP, PORT_NCP_SSL}, - {"smtp", PORT_SMTP, PORT_SMTP_SSL}, - {"smtp-enum", PORT_SMTP, PORT_SMTP_SSL}, - {"teamspeak", PORT_TEAMSPEAK, PORT_TEAMSPEAK_SSL}, - {"sip", PORT_SIP, PORT_SIP_SSL}, - {"vmauthd", PORT_VMAUTHD, PORT_VMAUTHD_SSL}, - {"xmpp", PORT_XMPP, PORT_XMPP_SSL}, - {"irc", PORT_IRC, PORT_IRC_SSL}, - {"rdp", PORT_RDP, PORT_RDP_SSL}, - {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL}, - {"s7-300", PORT_S7_300, PORT_S7_300_SSL}, - {"rtsp", PORT_RTSP, PORT_RTSP_SSL}, - {"rpcap", PORT_RPCAP, PORT_RPCAP_SSL}, - {"radmin2", PORT_RADMIN2, PORT_RADMIN2}, - // ADD NEW SERVICES HERE - add new port numbers to hydra.h - {"", PORT_NOPORT, PORT_NOPORT} - }; + hydra_portlist hydra_portlists[] = {{"ftp", PORT_FTP, PORT_FTP_SSL}, + {"ftps", PORT_FTP, PORT_FTP_SSL}, + {"http-head", PORT_HTTP, PORT_HTTP_SSL}, + {"http-post", PORT_HTTP, PORT_HTTP_SSL}, + {"http-get", PORT_HTTP, PORT_HTTP_SSL}, + {"http-get-form", PORT_HTTP, PORT_HTTP_SSL}, + {"http-post-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-get-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-post-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-head", PORT_HTTP, PORT_HTTP_SSL}, + {"https-get", PORT_HTTP, PORT_HTTP_SSL}, + {"http-proxy", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, + {"http-proxy-urlenum", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, + {"icq", PORT_ICQ, PORT_ICQ_SSL}, + {"imap", PORT_IMAP, PORT_IMAP_SSL}, + {"ldap2", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3-crammd5", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3-digestmd5", PORT_LDAP, PORT_LDAP_SSL}, + {"oracle-listener", PORT_ORACLE, PORT_ORACLE_SSL}, + {"oracle-sid", PORT_ORACLE, PORT_ORACLE_SSL}, + {"oracle", PORT_ORACLE, PORT_ORACLE_SSL}, + {"memcached", PORT_MCACHED, PORT_MCACHED_SSL}, + {"mongodb", PORT_MONGODB, PORT_MONGODB}, + {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, + {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, + {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, + {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, + {"nntp", PORT_NNTP, PORT_NNTP_SSL}, + {"pcnfs", PORT_PCNFS, PORT_PCNFS_SSL}, + {"pop3", PORT_POP3, PORT_POP3_SSL}, + {"redis", PORT_REDIS, PORT_REDIS_SSL}, + {"rexec", PORT_REXEC, PORT_REXEC_SSL}, + {"rlogin", PORT_RLOGIN, PORT_RLOGIN_SSL}, + {"rsh", PORT_RSH, PORT_RSH_SSL}, + {"sapr3", PORT_SAPR3, PORT_SAPR3_SSL}, + {"smb", PORT_SMBNT, PORT_SMBNT_SSL}, + {"smb2", PORT_SMBNT, PORT_SMBNT_SSL}, + {"smbnt", PORT_SMBNT, PORT_SMBNT_SSL}, + {"socks5", PORT_SOCKS5, PORT_SOCKS5_SSL}, + {"ssh", PORT_SSH, PORT_SSH_SSL}, + {"sshkey", PORT_SSH, PORT_SSH_SSL}, + {"telnet", PORT_TELNET, PORT_TELNET_SSL}, + {"adam6500", PORT_ADAM6500, PORT_ADAM6500_SSL}, + {"cisco", PORT_TELNET, PORT_TELNET_SSL}, + {"cisco-enable", PORT_TELNET, PORT_TELNET_SSL}, + {"vnc", PORT_VNC, PORT_VNC_SSL}, + {"snmp", PORT_SNMP, PORT_SNMP_SSL}, + {"cvs", PORT_CVS, PORT_CVS_SSL}, + {"svn", PORT_SVN, PORT_SVN_SSL}, + {"firebird", PORT_FIREBIRD, PORT_FIREBIRD_SSL}, + {"afp", PORT_AFP, PORT_AFP_SSL}, + {"ncp", PORT_NCP, PORT_NCP_SSL}, + {"smtp", PORT_SMTP, PORT_SMTP_SSL}, + {"smtp-enum", PORT_SMTP, PORT_SMTP_SSL}, + {"teamspeak", PORT_TEAMSPEAK, PORT_TEAMSPEAK_SSL}, + {"sip", PORT_SIP, PORT_SIP_SSL}, + {"vmauthd", PORT_VMAUTHD, PORT_VMAUTHD_SSL}, + {"xmpp", PORT_XMPP, PORT_XMPP_SSL}, + {"irc", PORT_IRC, PORT_IRC_SSL}, + {"rdp", PORT_RDP, PORT_RDP_SSL}, + {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL}, + {"s7-300", PORT_S7_300, PORT_S7_300_SSL}, + {"rtsp", PORT_RTSP, PORT_RTSP_SSL}, + {"rpcap", PORT_RPCAP, PORT_RPCAP_SSL}, + {"radmin2", PORT_RADMIN2, PORT_RADMIN2}, + // ADD NEW SERVICES HERE - add new port numbers to hydra.h + {"", PORT_NOPORT, PORT_NOPORT}}; while (strlen(hydra_portlists[i].name) > 0 && port == -2) { if (strcmp(service, hydra_portlists[i].name) == 0) { @@ -1379,14 +1412,14 @@ void hydra_kill_head(int32_t head_no, int32_t killit, int32_t fail) { if (hydra_heads[head_no]->pid > 0 && killit) kill(hydra_heads[head_no]->pid, SIGKILL); hydra_heads[head_no]->pid = -1; - if (fail < 1 && hydra_heads[head_no]->target_no >= 0 && hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3 - && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) { + if (fail < 1 && hydra_heads[head_no]->target_no >= 0 && hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3 && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) { free(hydra_heads[head_no]->current_pass_ptr); hydra_heads[head_no]->current_pass_ptr = empty_login; // hydra_bfg_remove(head_no); - // hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = NULL; + // hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = + // NULL; } - (void) wait3(NULL, WNOHANG, NULL); + (void)wait3(NULL, WNOHANG, NULL); } void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { @@ -1396,11 +1429,11 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { return; if (hydra_targets[target_no]->ok) { - const int32_t tasks = hydra_options.tasks; - const int32_t success = tasks - hydra_targets[target_no]->failed; - const int32_t t = tasks < 5 ? 6 - tasks : 1; - const int32_t s = success < 5 ? 6 - success : 1; - maxfail = MAXFAIL + t + s + 2; + const int32_t tasks = hydra_options.tasks; + const int32_t success = tasks - hydra_targets[target_no]->failed; + const int32_t t = tasks < 5 ? 6 - tasks : 1; + const int32_t s = success < 5 ? 6 - success : 1; + maxfail = MAXFAIL + t + s + 2; } hydra_targets[target_no]->fail_count++; @@ -1413,18 +1446,15 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { k++; if (k <= 1) { // we need to put this in a list, otherwise we fail one login+pw test - if (hydra_targets[target_no]->done == TARGET_ACTIVE - && hydra_options.skip_redo == 0 - && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 - && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) - || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { + if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.skip_redo == 0 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; hydra_targets[target_no]->redo++; total_redo_count++; if (debug) - printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); + printf("[DEBUG] - will be retried at the end: ip %s - login %s - " + "pass %s - child %d\n", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); hydra_heads[head_no]->current_login_ptr = empty_login; hydra_heads[head_no]->current_pass_ptr = empty_login; } @@ -1435,29 +1465,27 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { else hydra_targets[target_no]->done = TARGET_UNRESOLVED; // mark target as done by unable to connect hydra_brains.finished++; - fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 - && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 - && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); + fprintf(stderr, + "[ERROR] Too many connect errors to target, disabling " + "%s://%s%s%s:%d\n", + hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); } if (hydra_brains.targets > hydra_brains.finished) hydra_kill_head(head_no, 1, 0); else hydra_kill_head(head_no, 1, 2); - } // we keep the last one alive as long as it make sense + } // we keep the last one alive as long as it make sense } else { // we need to put this in a list, otherwise we fail one login+pw test - if (hydra_targets[target_no]->done == TARGET_ACTIVE - && hydra_options.skip_redo == 0 - && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 - && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) - || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { + if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.skip_redo == 0 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; hydra_targets[target_no]->redo++; total_redo_count++; if (debug) - printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); + printf("[DEBUG] - will be retried at the end: ip %s - login %s - " + "pass %s - child %d\n", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); hydra_heads[head_no]->current_login_ptr = empty_login; hydra_heads[head_no]->current_pass_ptr = empty_login; } @@ -1500,28 +1528,28 @@ char *hydra_reverse_login(int32_t head_no, char *login) { start = hydra_heads[head_no]->reverse; pos = start + j; - while(start < --pos) { - switch( (*pos & 0xF0) >> 4 ) { + while (start < --pos) { + switch ((*pos & 0xF0) >> 4) { case 0xF: /* U+010000-U+10FFFF: four bytes. */ keep = *pos; - *pos = *(pos-3); - *(pos-3) = keep; - keep = *(pos-1); - *(pos-1) = *(pos-2); - *(pos-2) = keep; + *pos = *(pos - 3); + *(pos - 3) = keep; + keep = *(pos - 1); + *(pos - 1) = *(pos - 2); + *(pos - 2) = keep; pos -= 3; break; case 0xE: /* U+000800-U+00FFFF: three bytes. */ keep = *pos; - *pos = *(pos-2); - *(pos-2) = keep; + *pos = *(pos - 2); + *(pos - 2) = keep; pos -= 2; break; case 0xC: /* fall-through */ case 0xD: /* U+000080-U+0007FF: two bytes. */ keep = *pos; - *pos = *(pos-1); - *(pos-1) = keep; + *pos = *(pos - 1); + *(pos - 1) = keep; pos--; break; } @@ -1546,22 +1574,25 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->done = TARGET_FINISHED; hydra_brains.finished++; if (verbose) - printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); + printf("[STATUS] attack finished for %s (waiting for children to " + "complete tests)\n", + hydra_targets[target_no]->target); } return -1; } } if (debug) - printf - ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %" hPRIu64 "/%" hPRIu64 ", passcnt %" hPRIu64 "/%" hPRIu64 ", loop_cnt %d\n", - target_no, head_no, hydra_targets[target_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, - hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); + printf("[DEBUG] send_next_pair_init target %d, head %d, redo %d, " + "redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass " + "%s, tlogin %s, tpass %s, logincnt %" hPRIu64 "/%" hPRIu64 ", passcnt %" hPRIu64 "/%" hPRIu64 ", loop_cnt %d\n", + target_no, head_no, hydra_targets[target_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); if (loop_cnt > (hydra_brains.countlogin * 2) + 1 && loop_cnt > (hydra_brains.countpass * 2) + 1) { if (debug) - printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %" hPRIu64 ", todo %" hPRIu64 ")\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); + printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt " + "%d, sent %" hPRIu64 ", todo %" hPRIu64 ")\n", + loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); return -1; } @@ -1571,9 +1602,9 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { snpdone = 1; } else { if (debug && (hydra_heads[head_no]->current_login_ptr != NULL || hydra_heads[head_no]->current_pass_ptr != NULL)) - printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - %" hPRIu64 " of %" hPRIu64 "\n", - hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, - hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo); + printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - " + "%" hPRIu64 " of %" hPRIu64 "\n", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo); hydra_heads[head_no]->redo = 0; if (hydra_targets[target_no]->redo_state > 0) { if (hydra_targets[target_no]->redo_state <= hydra_targets[target_no]->redo) { @@ -1587,17 +1618,19 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->done = TARGET_FINISHED; hydra_brains.finished++; if (verbose) - printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); + printf("[STATUS] attack finished for %s (waiting for children to " + "complete tests)\n", + hydra_targets[target_no]->target); } loop_cnt = 0; return -1; } - } else { // normale state, no redo + } else { // normale state, no redo if (hydra_targets[target_no]->done != TARGET_ACTIVE) { loop_cnt = 0; - return -1; // head will be disabled by main while() + return -1; // head will be disabled by main while() } - if (hydra_options.loop_mode == 0) { // one user after another + if (hydra_options.loop_mode == 0) { // one user after another if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { // as we loop password in mode == 0 we set the current login first hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; @@ -1611,7 +1644,8 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->pass_state++; } if (hydra_targets[target_no]->pass_state == 1 && snpdone == 0) { - // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double + // small check that there is a login name (could also be emtpy) and + // if we already tried empty password it would be a double if (hydra_options.try_null_password) { if (hydra_options.try_password_same_as_login == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0)) { hydra_heads[head_no]->current_pass_ptr = empty_login; @@ -1625,11 +1659,10 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->pass_state++; } if (hydra_targets[target_no]->pass_state == 2 && snpdone == 0) { - // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double + // small check that there is a login name (could also be emtpy) and + // if we already tried empty password it would be a double if (hydra_options.try_password_reverse_login) { - if ((hydra_options.try_password_same_as_login == 0 - || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0) - && (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) { + if ((hydra_options.try_password_same_as_login == 0 || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0) && (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) { hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); snpdone = 1; } else { @@ -1642,35 +1675,31 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { } // now we handle the -C -l/-L -p/-P data if (hydra_targets[target_no]->pass_state == 3 && snpdone == 0) { - if (check_flag(hydra_options.mode, MODE_COLON_FILE)) { // colon mode + if (check_flag(hydra_options.mode, MODE_COLON_FILE)) { // colon mode hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; hydra_targets[target_no]->login_no++; snpdone = 1; hydra_targets[target_no]->login_ptr = hydra_targets[target_no]->pass_ptr; - //hydra_targets[target_no]->login_ptr++; + // hydra_targets[target_no]->login_ptr++; while (*hydra_targets[target_no]->login_ptr != 0) hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->pass_ptr = hydra_targets[target_no]->login_ptr; - //hydra_targets[target_no]->pass_ptr++; + // hydra_targets[target_no]->pass_ptr++; while (*hydra_targets[target_no]->pass_ptr != 0) hydra_targets[target_no]->pass_ptr++; hydra_targets[target_no]->pass_ptr++; if (strcmp(hydra_targets[target_no]->login_ptr, hydra_heads[head_no]->current_login_ptr) != 0) hydra_targets[target_no]->pass_state = 0; - if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) - || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - || - (hydra_options.try_password_reverse_login - && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { + if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { hydra_brains.sent++; hydra_targets[target_no]->sent++; if (debug) printf("[DEBUG] double detected (-C)\n"); - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } - } else { // standard -l -L -p -P mode + } else { // standard -l -L -p -P mode hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; hydra_targets[target_no]->pass_no++; // double check @@ -1692,22 +1721,18 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->pass_ptr++; hydra_targets[target_no]->pass_ptr++; } - if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) - || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - || - (hydra_options.try_password_reverse_login - && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { + if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { hydra_brains.sent++; hydra_targets[target_no]->sent++; if (debug) printf("[DEBUG] double detected (-Pp)\n"); - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } snpdone = 1; } } } - } else { // loop_mode == 1 + } else { // loop_mode == 1 if (hydra_targets[target_no]->pass_no < hydra_brains.countpass) { hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; if (hydra_targets[target_no]->pass_state == 0) { @@ -1726,9 +1751,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { else hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); } else { - if (hydra_options.bfg && hydra_targets[target_no]->pass_state == 3 - && hydra_heads[head_no]->current_pass_ptr != NULL && - strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) + if (hydra_options.bfg && hydra_targets[target_no]->pass_state == 3 && hydra_heads[head_no]->current_pass_ptr != NULL && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) free(hydra_heads[head_no]->current_pass_ptr); hydra_heads[head_no]->current_pass_ptr = strdup(hydra_targets[target_no]->pass_ptr); } @@ -1759,7 +1782,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { if (debug) printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); #endif - } else { // -p -P mode + } else { // -p -P mode hydra_targets[target_no]->pass_ptr++; while (*hydra_targets[target_no]->pass_ptr != 0) hydra_targets[target_no]->pass_ptr++; @@ -1778,14 +1801,12 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->login_ptr++; } if (hydra_targets[target_no]->pass_state == 3 && snpdont == 0) { - if ((hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) < 1) - || (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) - || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) { + if ((hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) < 1) || (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) { hydra_brains.sent++; hydra_targets[target_no]->sent++; if (debug) printf("[DEBUG] double detected (1)\n"); - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } } } @@ -1793,16 +1814,16 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { } if (debug) - printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, redo %d\n", - snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, - hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->redo); + printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, " + "cpass %s, tlogin %s, tpass %s, redo %d\n", + snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->redo); // no pair? then we go for redo state if (!snpdone && hydra_targets[target_no]->redo_state == 0 && hydra_targets[target_no]->redo > 0) { if (debug) printf("[DEBUG] Entering redo_state\n"); hydra_targets[target_no]->redo_state++; - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } } @@ -1813,11 +1834,13 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->done = TARGET_FINISHED; hydra_brains.finished++; if (verbose) - printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); + printf("[STATUS] attack finished for %s (waiting for children to " + "complete tests)\n", + hydra_targets[target_no]->target); } } if (hydra_brains.targets > hydra_brains.finished) - hydra_kill_head(head_no, 1, 0); // otherwise done in main while loop + hydra_kill_head(head_no, 1, 0); // otherwise done in main while loop } else { if (hydra_targets[target_no]->skipcnt > 0) { snpj = 0; @@ -1849,7 +1872,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->pass_no = 0; hydra_targets[target_no]->pass_state = 0; } - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } } @@ -1868,22 +1891,22 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_brains.sent++; hydra_targets[target_no]->sent++; } else if (debug) - printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, is_redo %d\n", - snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, - hydra_targets[target_no]->pass_ptr, snp_is_redo); - //hydra_dump_data(snpbuf, snpbuflen, "SENT"); + printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, " + "cpass %s, tlogin %s, tpass %s, is_redo %d\n", + snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, snp_is_redo); + // hydra_dump_data(snpbuf, snpbuflen, "SENT"); fck = write(hydra_heads[head_no]->sp[0], snpbuf, snpbuflen); if (fck < snpbuflen) { if (verbose) fprintf(stderr, "[ERROR] can not write to child %d, restarting it ...\n", head_no); hydra_increase_fail_count(target_no, head_no); loop_cnt = 0; - return 0; // not prevent disabling it, if its needed its already done in the above line + return 0; // not prevent disabling it, if its needed its already done in + // the above line } if (debug || hydra_options.showAttempt) { - printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %" hPRIu64 " of %" hPRIu64 " [child %d] (%d/%d)\n", - hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, - hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no, hydra_targets[target_no]->redo_state ? hydra_targets[target_no]->redo_state - 1 : 0, hydra_targets[target_no]->redo); + printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %" hPRIu64 " of %" hPRIu64 " [child %d] (%d/%d)\n", hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no, hydra_targets[target_no]->redo_state ? hydra_targets[target_no]->redo_state - 1 : 0, + hydra_targets[target_no]->redo); } loop_cnt = 0; return 0; @@ -1949,7 +1972,8 @@ int32_t hydra_check_for_exit_condition() { if (hydra_heads[i]->active >= HEAD_UNUSED) k = 1; if (k == 0) { - fprintf(stderr, "[ERROR] all children were disabled due too many connection errors\n"); + fprintf(stderr, "[ERROR] all children were disabled due too many " + "connection errors\n"); return -1; } } @@ -1974,7 +1998,7 @@ void process_proxy_line(int32_t type, char *string) { struct addrinfo hints, *res, *p; struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - + if (string == NULL || string[0] == 0 || string[0] == '#') return; while (*string == ' ' || *string == '\t') @@ -2002,7 +2026,10 @@ void process_proxy_line(int32_t type, char *string) { *sep = 0; target_string = sep + 1; if (index(auth_string, ':') == NULL) { - fprintf(stderr, "[WARNING] %s has an invalid authentication definition %s, must be in the format login:pass, entry ignored\n", target_string, auth_string); + fprintf(stderr, + "[WARNING] %s has an invalid authentication definition %s, must " + "be in the format login:pass, entry ignored\n", + target_string, auth_string); return; } } @@ -2021,19 +2048,28 @@ void process_proxy_line(int32_t type, char *string) { return; } } else { - fprintf(stderr, "[WARNING] %s has not port definition which is required, entry ignored\n", target_string); + fprintf(stderr, + "[WARNING] %s has not port definition which is required, entry " + "ignored\n", + target_string); return; } if (use_proxy == 1 && strcmp(type_string, "http") != 0) { - fprintf(stderr, "[WARNING] %s:// is an invalid type, must be http:// if you use HYDRA_PROXY_HTTP, entry ignored\n", type_string); + fprintf(stderr, + "[WARNING] %s:// is an invalid type, must be http:// if you use " + "HYDRA_PROXY_HTTP, entry ignored\n", + type_string); return; } if (use_proxy == 2 && strcmp(type_string, "connect") != 0 && strcmp(type_string, "socks4") != 0 && strcmp(type_string, "socks5") != 0) { - fprintf(stderr, "[WARNING] %s:// is an invalid type, must be connect://, socks4:// or socks5:// if you use HYDRA_PROXY, entry ignored\n", type_string); + fprintf(stderr, + "[WARNING] %s:// is an invalid type, must be connect://, socks4:// " + "or socks5:// if you use HYDRA_PROXY, entry ignored\n", + type_string); return; } - + memset(&hints, 0, sizeof hints); if (getaddrinfo(target_string, NULL, &hints, &res) != 0) { fprintf(stderr, "[ERROR] could not resolve proxy target %s, entry ignored\n", target_string); @@ -2043,13 +2079,13 @@ void process_proxy_line(int32_t type, char *string) { for (p = res; p != NULL; p = p->ai_next) { #ifdef AF_INET6 if (p->ai_family == AF_INET6) { - if (ipv6 == NULL || memcmp((char *) &ipv6->sin6_addr, fe80, 2) == 0) - ipv6 = (struct sockaddr_in6 *) p->ai_addr; + if (ipv6 == NULL || memcmp((char *)&ipv6->sin6_addr, fe80, 2) == 0) + ipv6 = (struct sockaddr_in6 *)p->ai_addr; } else #endif - if (p->ai_family == AF_INET) { + if (p->ai_family == AF_INET) { if (ipv4 == NULL) - ipv4 = (struct sockaddr_in *) p->ai_addr; + ipv4 = (struct sockaddr_in *)p->ai_addr; } } freeaddrinfo(res); @@ -2058,18 +2094,22 @@ void process_proxy_line(int32_t type, char *string) { #ifdef AF_INET6 if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { if (memcmp(proxy_string_ip[proxy_count] + 1, fe80, 2) == 0 && device_string == NULL) { - fprintf(stderr, "[WARNING] The proxy address %s is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0, entry ignored\n", target_string); + fprintf(stderr, + "[WARNING] The proxy address %s is a link local address, link " + "local addresses require the interface being defined like this: " + "fe80::1%%eth0, entry ignored\n", + target_string); return; } proxy_string_ip[proxy_count][0] = 16; - memcpy(proxy_string_ip[proxy_count] + 1, (char *) &ipv6->sin6_addr, 16); + memcpy(proxy_string_ip[proxy_count] + 1, (char *)&ipv6->sin6_addr, 16); if (device_string != NULL && strlen(device_string) <= 16) strcpy(proxy_string_ip[proxy_count] + 17, device_string); } else #endif - if (ipv4 != NULL) { + if (ipv4 != NULL) { proxy_string_ip[proxy_count][0] = 4; - memcpy(proxy_string_ip[proxy_count] + 1, (char *) &ipv4->sin_addr, 4); + memcpy(proxy_string_ip[proxy_count] + 1, (char *)&ipv4->sin_addr, 4); } else { fprintf(stderr, "[WARNING] Could not resolve proxy address: %s, entry ignored\n", target_string); return; @@ -2081,12 +2121,12 @@ void process_proxy_line(int32_t type, char *string) { } strcpy(proxy_authentication[proxy_count], auth_string); if (strncmp(type_string, "socks", 5) != 0) // so it is web - hydra_tobase64((unsigned char *) proxy_authentication[proxy_count], strlen(proxy_authentication[proxy_count]), strlen(auth_string) * 2 + 8); + hydra_tobase64((unsigned char *)proxy_authentication[proxy_count], strlen(proxy_authentication[proxy_count]), strlen(auth_string) * 2 + 8); } else proxy_authentication[proxy_count] = NULL; strcpy(proxy_string_type[proxy_count], type_string); proxy_string_port[proxy_count] = port; - + if (debug) printf("[DEBUG] count %d type %s target %s port %d auth %s\n", proxy_count, proxy_string_type[proxy_count], target_string, proxy_string_port[proxy_count], proxy_authentication[proxy_count]); proxy_count++; @@ -2110,7 +2150,9 @@ int main(int argc, char *argv[]) { struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - printf("%s %s (c) 2020 by %s & %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); + printf("%s %s (c) 2020 by %s & %s - Please do not use in military or secret " + "service organizations, or for illegal purposes.\n\n", + PROGRAM, VERSION, AUTHOR, AUTHOR2); #ifndef LIBAFP SERVICES = hydra_string_replace(SERVICES, "afp ", ""); strcat(unsupported, "afp "); @@ -2210,8 +2252,8 @@ int main(int argc, char *argv[]) { strcat(unsupported, "regex support "); #endif - (void) setvbuf(stdout, NULL, _IONBF, 0); - (void) setvbuf(stderr, NULL, _IONBF, 0); + (void)setvbuf(stdout, NULL, _IONBF, 0); + (void)setvbuf(stderr, NULL, _IONBF, 0); // set defaults memset(&hydra_options, 0, sizeof(hydra_options)); memset(&hydra_brains, 0, sizeof(hydra_brains)); @@ -2298,7 +2340,10 @@ int main(int argc, char *argv[]) { hydra_options.mode = hydra_options.mode | MODE_PASSWORD_SAME; break; default: - fprintf(stderr, "[ERROR] unknown mode %c for option -e, only supporting \"n\", \"s\" and \"r\"\n", optarg[i]); + fprintf(stderr, + "[ERROR] unknown mode %c for option -e, only supporting " + "\"n\", \"s\" and \"r\"\n", + optarg[i]); exit(-1); } i++; @@ -2336,12 +2381,12 @@ int main(int argc, char *argv[]) { break; case 'b': outfile_format_tmp = optarg; - if (strcasecmp(outfile_format_tmp,"text") == 0) - hydra_options.outfile_format = FORMAT_PLAIN_TEXT; - else if (strcasecmp(outfile_format_tmp,"json") == 0) // latest json formatting. - hydra_options.outfile_format = FORMAT_JSONV1; - else if (strcasecmp(outfile_format_tmp,"jsonv1") == 0) - hydra_options.outfile_format = FORMAT_JSONV1; + if (strcasecmp(outfile_format_tmp, "text") == 0) + hydra_options.outfile_format = FORMAT_PLAIN_TEXT; + else if (strcasecmp(outfile_format_tmp, "json") == 0) // latest json formatting. + hydra_options.outfile_format = FORMAT_JSONV1; + else if (strcasecmp(outfile_format_tmp, "jsonv1") == 0) + hydra_options.outfile_format = FORMAT_JSONV1; else { fprintf(stderr, "[ERROR] Output file format must be (text, json, jsonv1)\n"); exit(-1); @@ -2364,7 +2409,8 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] waittime must be larger than 0\n"); exit(-1); } else if (waittime < 5) - fprintf(stderr, "[WARNING] the waittime you set is low, this can result in errornous results\n"); + fprintf(stderr, "[WARNING] the waittime you set is low, this can " + "result in errornous results\n"); break; case 'W': hydra_options.conwait = conwait = atoi(optarg); @@ -2378,14 +2424,16 @@ int main(int argc, char *argv[]) { if (hydra_options.time_next_attempt < 0) { fprintf(stderr, "[ERROR] -c option value can not be negative\n"); exit(-1); - } + } #else - fprintf(stderr, "[WARNING] -c option can not be used as your operating system is missing the MSG_PEEK feature\n"); + fprintf(stderr, "[WARNING] -c option can not be used as your operating " + "system is missing the MSG_PEEK feature\n"); #endif break; case 'S': #ifndef LIBOPENSSL - fprintf(stderr, "[WARNING] hydra was compiled without SSL support. Install openssl and recompile! Option ignored...\n"); + fprintf(stderr, "[WARNING] hydra was compiled without SSL support. " + "Install openssl and recompile! Option ignored...\n"); hydra_options.ssl = 0; break; #else @@ -2403,7 +2451,8 @@ int main(int argc, char *argv[]) { break; case 'x': #ifndef HAVE_MATH_H - fprintf(stderr, "[ERROR] -x option is not available as math.h was not found at compile time\n"); + fprintf(stderr, "[ERROR] -x option is not available as math.h was not " + "found at compile time\n"); exit(-1); #else if (strcmp(optarg, "-h") == 0) @@ -2427,12 +2476,12 @@ int main(int argc, char *argv[]) { hydra_options.tasks = 1; } - //check if output is redirected from the shell or in a file + // check if output is redirected from the shell or in a file if (colored_output && !isatty(fileno(stdout))) colored_output = 0; #ifdef LIBNCURSES - //then check if the term is color enabled using ncurses lib + // then check if the term is color enabled using ncurses lib if (colored_output) { if (!setupterm(NULL, 1, NULL) && (tigetnum("colors") <= 0)) { colored_output = 0; @@ -2442,8 +2491,8 @@ int main(int argc, char *argv[]) { } } #else - //don't want border line effect so disabling color output - //if we are not sure about the term + // don't want border line effect so disabling color output + // if we are not sure about the term colored_output = 0; #endif @@ -2452,7 +2501,7 @@ int main(int argc, char *argv[]) { if (hydra_options.restore && argc > 2 + debug + verbose) fprintf(stderr, "[WARNING] options after -R are now honored (since v8.6)\n"); -// bail("no option may be supplied together with -R"); + // bail("no option may be supplied together with -R"); printf("%s (%s) starting at %s\n", PROGRAM, RESOURCE, hydra_build_time()); if (debug) { @@ -2462,41 +2511,49 @@ int main(int argc, char *argv[]) { printf("\n"); } if (hydra_options.tasks > 1 && hydra_options.time_next_attempt) - fprintf(stderr, "[WARNING] when using the -c option, you should also set the task per target to one (-t 1)\n"); + fprintf(stderr, "[WARNING] when using the -c option, you should also set " + "the task per target to one (-t 1)\n"); if (hydra_options.login != NULL && hydra_options.loginfile != NULL) bail("You can only use -L OR -l, not both\n"); if (hydra_options.pass != NULL && hydra_options.passfile != NULL) bail("You can only use -P OR -p, not both\n"); if (hydra_options.outfile_format != FORMAT_PLAIN_TEXT && hydra_options.outfile_ptr == NULL) - fprintf(stderr, "[WARNING] output file format specified (-b) - but no output file (-o)\n"); - + fprintf(stderr, "[WARNING] output file format specified (-b) - but no " + "output file (-o)\n"); + if (hydra_options.restore) { -// hydra_restore_read(); + // hydra_restore_read(); // stuff we have to copy from the non-restore part if (strncmp(hydra_options.service, "http-", 5) == 0) { if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get/http-post!"); + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - " + "you can use only ONE for the service " + "http-head/http-get/http-post!"); if (getenv("HYDRA_PROXY_HTTP")) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } } - } else { // normal mode, aka non-restore mode + } else { // normal mode, aka non-restore mode if (hydra_options.colonfile) - hydra_options.loop_mode = 0; // just to be sure + hydra_options.loop_mode = 0; // just to be sure if (hydra_options.infile_ptr != NULL) { if (optind + 2 < argc) - bail("The -M FILE option can not be used together with a host on the commandline"); + bail("The -M FILE option can not be used together with a host on the " + "commandline"); if (optind + 1 > argc) bail("You need to define a service to attack"); if (optind + 2 == argc) - fprintf(stderr, "[WARNING] With the -M FILE option you can not specify a server on the commandline. Lets hope you did everything right!\n"); + fprintf(stderr, "[WARNING] With the -M FILE option you can not specify a server on " + "the commandline. Lets hope you did everything right!\n"); hydra_options.server = NULL; hydra_options.service = argv[optind]; if (optind + 2 == argc) hydra_options.miscptr = argv[optind + 1]; } else if (optind + 2 != argc && optind + 3 != argc && optind < argc) { - // check if targetdef follow syntax ://[:][/] or it's a syntax error + // check if targetdef follow syntax + // ://[:][/] or it's a + // syntax error char *targetdef = strdup(argv[optind]); char *service_pos, *target_pos, *port_pos = NULL, *param_pos = NULL; cmdlinetarget = argv[optind]; @@ -2531,7 +2588,8 @@ int main(int argc, char *argv[]) { *param_pos++ = 0; if (port_pos != NULL && index(port_pos, ':') != NULL) { if (prefer_ipv6) - bail("Illegal IPv6 target definition must be written within '[' ']'"); + bail("Illegal IPv6 target definition must be written within '[' " + "']'"); else bail("Illegal port definition"); } @@ -2547,12 +2605,13 @@ int main(int argc, char *argv[]) { *--param_pos = '/'; hydra_options.miscptr = strdup(param_pos); } - //printf("target: %s service: %s port: %s opt: %s\n", target_pos, hydra_options.service, port_pos, param_pos); + // printf("target: %s service: %s port: %s opt: %s\n", target_pos, + // hydra_options.service, port_pos, param_pos); if (debug) printf("[DEBUG] opt:%d argc:%d mod:%s tgt:%s port:%u misc:%s\n", optind, argc, hydra_options.service, hydra_options.server, hydra_options.port, hydra_options.miscptr); } else { - hydra_options.server = NULL; - hydra_options.service = NULL; + hydra_options.server = NULL; + hydra_options.service = NULL; if (modusage) { hydra_options.service = targetdef; @@ -2561,12 +2620,16 @@ int main(int argc, char *argv[]) { } } else { if (modusage && argv[optind] == NULL) { - printf("[ERROR] you must supply a service name after the -U help switch\n"); + printf("[ERROR] you must supply a service name after the -U help " + "switch\n"); exit(-1); } if (argv[optind] == NULL || strstr(argv[optind], "://") != NULL) { printf("[ERROR] Invalid target definition!\n"); - printf("[ERROR] Either you use \"www.example.com module [optional-module-parameters]\" *or* you use the \"module://www.example.com/optional-module-parameters\" syntax!\n"); + printf("[ERROR] Either you use \"www.example.com module " + "[optional-module-parameters]\" *or* you use the " + "\"module://www.example.com/optional-module-parameters\" " + "syntax!\n"); exit(-1); } hydra_options.server = argv[optind]; @@ -2577,31 +2640,30 @@ int main(int argc, char *argv[]) { } if (getenv("HYDRA_PROXY_CONNECT")) - fprintf(stderr, "[WARNING] The environment variable HYDRA_PROXY_CONNECT is not used! Use HYDRA_PROXY instead!\n"); + fprintf(stderr, "[WARNING] The environment variable HYDRA_PROXY_CONNECT " + "is not used! Use HYDRA_PROXY instead!\n"); // wrong option use patch - if (hydra_options.ssl && ( ((strcmp(hydra_options.service, "smtp") == 0 || strcmp(hydra_options.service, "smtp-enum") == 0) && hydra_options.port != 465) || \ - (strcmp(hydra_options.service, "pop3") == 0 && hydra_options.port != 995) || \ - (strcmp(hydra_options.service, "imap") == 0 && hydra_options.port != 993) - )) - fprintf(stderr, "[WARNING] you want to access SMTP/POP3/IMAP with SSL. Are you sure you want to use direct SSL (-S) instead of STARTTLS (-m TLS)?\n"); + if (hydra_options.ssl && (((strcmp(hydra_options.service, "smtp") == 0 || strcmp(hydra_options.service, "smtp-enum") == 0) && hydra_options.port != 465) || (strcmp(hydra_options.service, "pop3") == 0 && hydra_options.port != 995) || (strcmp(hydra_options.service, "imap") == 0 && hydra_options.port != 993))) + fprintf(stderr, "[WARNING] you want to access SMTP/POP3/IMAP with SSL. Are you sure " + "you want to use direct SSL (-S) instead of STARTTLS (-m TLS)?\n"); if (strcmp(hydra_options.service, "http") == 0 || strcmp(hydra_options.service, "https") == 0) { - fprintf(stderr, "[ERROR] There is no service \"%s\", most likely you mean one of the many web modules, e.g. http-get or http-form-post. Read it up!\n", hydra_options.service); + fprintf(stderr, + "[ERROR] There is no service \"%s\", most likely you mean one of the " + "many web modules, e.g. http-get or http-form-post. Read it up!\n", + hydra_options.service); exit(-1); } - if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 - || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { + if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { hydra_options.ssl = 1; hydra_options.service[strlen(hydra_options.service) - 1] = 0; } if (getenv("HYDRA_PROXY_HTTP") || getenv("HYDRA_PROXY")) { - if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 || - strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 || - strncmp(hydra_options.service, "ssh", 3) == 0 || strcmp(hydra_options.service, "sshkey") == 0 || strcmp(hydra_options.service, "svn") == 0 || - strcmp(hydra_options.service, "sapr3") == 0 || strcmp(hydra_options.service, "memcached") == 0 || strcmp(hydra_options.service, "mongodb") == 0) { + if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 || strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 || strncmp(hydra_options.service, "ssh", 3) == 0 || strcmp(hydra_options.service, "sshkey") == 0 || strcmp(hydra_options.service, "svn") == 0 || strcmp(hydra_options.service, "sapr3") == 0 || + strcmp(hydra_options.service, "memcached") == 0 || strcmp(hydra_options.service, "mongodb") == 0) { fprintf(stderr, "[WARNING] module %s does not support HYDRA_PROXY* !\n", hydra_options.service); proxy_string = NULL; } @@ -2609,9 +2671,9 @@ int main(int argc, char *argv[]) { /* here start the services */ - if (strcmp(hydra_options.service, "ssl") == 0 || strcmp(hydra_options.service, "www") == 0 || strcmp(hydra_options.service, "http") == 0 - || strcmp(hydra_options.service, "https") == 0) { - fprintf(stderr, "[WARNING] The service http has been replaced with http-head and http-get, using by default GET method. Same for https.\n"); + if (strcmp(hydra_options.service, "ssl") == 0 || strcmp(hydra_options.service, "www") == 0 || strcmp(hydra_options.service, "http") == 0 || strcmp(hydra_options.service, "https") == 0) { + fprintf(stderr, "[WARNING] The service http has been replaced with http-head and " + "http-get, using by default GET method. Same for https.\n"); if (strcmp(hydra_options.service, "http") == 0) { hydra_options.service = malloc(strlen("http-get") + 1); strcpy(hydra_options.service, "http-get"); @@ -2633,7 +2695,8 @@ int main(int argc, char *argv[]) { if (modusage == 1) { if (hydra_options.service == NULL) { - printf("[ERROR] you must supply a service name after the -U help switch\n"); + printf("[ERROR] you must supply a service name after the -U help " + "switch\n"); exit(-1); } module_usage(); @@ -2641,21 +2704,25 @@ int main(int argc, char *argv[]) { i = 0; if (strcmp(hydra_options.service, "telnet") == 0) { - fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available\n"); + fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze, if " + "possible better choose FTP, SSH, etc. if available\n"); i = 1; } if (strcmp(hydra_options.service, "ftp") == 0) i = 1; if (strcmp(hydra_options.service, "ftps") == 0) { - fprintf(stderr, "[WARNING] you enabled ftp-SSL (auth tls) mode. If you want to use direct SSL ftp, use -S and the ftp module instead.\n"); + fprintf(stderr, "[WARNING] you enabled ftp-SSL (auth tls) mode. If you want to " + "use direct SSL ftp, use -S and the ftp module instead.\n"); i = 1; } if (strcmp(hydra_options.service, "pop3") == 0) { - fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + fprintf(stderr, "[INFO] several providers have implemented cracking protection, " + "check with a small wordlist first - and stay legal!\n"); i = 1; } if (strcmp(hydra_options.service, "imap") == 0) { - fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + fprintf(stderr, "[INFO] several providers have implemented cracking protection, " + "check with a small wordlist first - and stay legal!\n"); i = 1; } if (strcmp(hydra_options.service, "redis") == 0) @@ -2675,7 +2742,9 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "socks5") == 0) i = 1; if (strcmp(hydra_options.service, "icq") == 0) { - fprintf(stderr, "[WARNING] The icq module is not working with the modern protocol version! (somebody else will need to fix this as I don't care for icq)\n"); + fprintf(stderr, "[WARNING] The icq module is not working with the modern " + "protocol version! (somebody else will need to fix this " + "as I don't care for icq)\n"); i = 1; } if (strcmp(hydra_options.service, "memcached") == 0) @@ -2687,7 +2756,7 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "mongodb") == 0) #ifdef LIBMONGODB - { + { i = 1; if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) fprintf(stderr, "[INFO] The mongodb db wasn't passed so using admin by default\n"); @@ -2699,7 +2768,8 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "mysql") == 0) { i = 1; if (hydra_options.tasks > 4) { - fprintf(stderr, "[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)\n"); + fprintf(stderr, "[INFO] Reduced number of tasks to 4 (mysql does not " + "like many parallel connections)\n"); hydra_options.tasks = 4; } } @@ -2763,18 +2833,21 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "cvs") == 0) { i = 1; if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { - fprintf(stderr, "[INFO] The CVS repository path wasn't passed so using /root by default\n"); + fprintf(stderr, "[INFO] The CVS repository path wasn't passed so using " + "/root by default\n"); } } if (strcmp(hydra_options.service, "svn") == 0) { i = 1; if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { - fprintf(stderr, "[INFO] The SVN repository path wasn't passed so using /trunk by default\n"); + fprintf(stderr, "[INFO] The SVN repository path wasn't passed so using " + "/trunk by default\n"); } } if (strcmp(hydra_options.service, "ssh") == 0 || strcmp(hydra_options.service, "sshkey") == 0) { if (hydra_options.tasks > 8) - fprintf(stderr, "[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\n"); + fprintf(stderr, "[WARNING] Many SSH configurations limit the number of parallel " + "tasks, it is recommended to reduce the tasks: use -t 4\n"); #ifdef LIBSSH i = 1; #else @@ -2782,7 +2855,8 @@ int main(int argc, char *argv[]) { #endif } if (strcmp(hydra_options.service, "smtp") == 0) { - fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + fprintf(stderr, "[INFO] several providers have implemented cracking protection, " + "check with a small wordlist first - and stay legal!\n"); i = 1; } if (strcmp(hydra_options.service, "smtp-enum") == 0) @@ -2791,25 +2865,26 @@ int main(int argc, char *argv[]) { i = 1; if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { if (hydra_options.tasks > 1) { - fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); + fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not " + "like parallel connections)\n"); hydra_options.tasks = 1; } if (hydra_options.login != NULL && (index(hydra_options.login, '\\') != NULL || index(hydra_options.login, '/') != NULL)) - fprintf(stderr, "[WARNING] potential windows domain specification found in login. You must use the -m option to pass a domain.\n"); + fprintf(stderr, "[WARNING] potential windows domain specification found in " + "login. You must use the -m option to pass a domain.\n"); i = 1; } if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { #ifdef LIBOPENSSL if (hydra_options.tasks > 1) { - fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); + fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not " + "like parallel connections)\n"); hydra_options.tasks = 1; } i = 1; #endif } - if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0) || - (strcmp(hydra_options.service, "sip") == 0) || - (strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) { + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0) || (strcmp(hydra_options.service, "sip") == 0) || (strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) { #ifndef LIBOPENSSL bail("Compiled without OPENSSL support, module not available!"); #endif @@ -2818,22 +2893,17 @@ int main(int argc, char *argv[]) { #if !defined(LIBSMBCLIENT) bail("Compiled without LIBSMBCLIENT support, module not available!"); #else - if (hydra_options.login != NULL && - (index(hydra_options.login, '\\') != NULL || - index(hydra_options.login, '/') != NULL)) - fprintf(stderr, - "[WARNING] potential windows domain specification found in " - "login. You must use the -m option to pass a domain.\n"); - if (hydra_options.miscptr == NULL || \ - (strlen(hydra_options.miscptr) == 0)) { - fprintf(stderr, - "[WARNING] Workgroup was not specified, using \"WORKGROUP\"\n"); + if (hydra_options.login != NULL && (index(hydra_options.login, '\\') != NULL || index(hydra_options.login, '/') != NULL)) + fprintf(stderr, "[WARNING] potential windows domain specification found in " + "login. You must use the -m option to pass a domain.\n"); + if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { + fprintf(stderr, "[WARNING] Workgroup was not specified, using \"WORKGROUP\"\n"); } i = 1; #endif } - if (strcmp(hydra_options.service, "rdp") == 0){ + if (strcmp(hydra_options.service, "rdp") == 0) { #ifndef LIBFREERDP2 bail("Compiled without FREERDP2 support, module not available!"); #endif @@ -2841,17 +2911,21 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "pcnfs") == 0) { i = 1; if (port == 0) - bail("You must set the port for pcnfs with -s (run \"rpcinfo -p %s\" and look for the pcnfs v2 UDP port)"); + bail("You must set the port for pcnfs with -s (run \"rpcinfo -p %s\" " + "and look for the pcnfs v2 UDP port)"); } if (strcmp(hydra_options.service, "sapr3") == 0) { #ifdef LIBSAPR3 i = 1; if (port == PORT_SAPR3) - bail("You must set the port for sapr3 with -s , it should lie between 3200 and 3699."); + bail("You must set the port for sapr3 with -s , it should lie " + "between 3200 and 3699."); if (port < 3200 || port > 3699) - fprintf(stderr, "[WARNING] The port is not in the range 3200 to 3399 - please ensure it is ok!\n"); + fprintf(stderr, "[WARNING] The port is not in the range 3200 to 3399 - " + "please ensure it is ok!\n"); if (hydra_options.miscptr == NULL || atoi(hydra_options.miscptr) < 0 || atoi(hydra_options.miscptr) > 999 || !isdigit(hydra_options.miscptr[0])) - bail("You must set the client ID (0-999) as an additional option or via -m"); + bail("You must set the client ID (0-999) as an additional option or " + "via -m"); #else bail("Compiled without LIBSAPR3 support, module not available!"); #endif @@ -2859,13 +2933,17 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "cisco") == 0) { i = 2; if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco services.\n"); + fprintf(stderr, "[WARNING] you should set the number of parallel task " + "to 4 for cisco services.\n"); } if (strcmp(hydra_options.service, "adam6500") == 0) { i = 2; - fprintf(stderr, "[WARNING] the module adam6500 is work in progress! please submit a pcap of a successful login as well as false positives to vh@thc.org\n"); + fprintf(stderr, "[WARNING] the module adam6500 is work in progress! " + "please submit a pcap of a successful login as well as " + "false positives to vh@thc.org\n"); if (hydra_options.tasks > 1) - fprintf(stderr, "[WARNING] reset the number of parallel task to 1 for adam6500 modbus authentication\n"); + fprintf(stderr, "[WARNING] reset the number of parallel task to 1 for " + "adam6500 modbus authentication\n"); hydra_options.tasks = 1; } if (strncmp(hydra_options.service, "snmpv", 5) == 0) { @@ -2923,30 +3001,37 @@ int main(int argc, char *argv[]) { } i = 2; if ((j & 3) < 3 && j > 2) - fprintf(stderr, "[WARNING] SNMPv1 and SNMPv2 do not support hash and encryption, ignored\n"); + fprintf(stderr, "[WARNING] SNMPv1 and SNMPv2 do not support hash and " + "encryption, ignored\n"); if ((j & 3) == 3) { - fprintf(stderr, "[WARNING] SNMPv3 is still in beta state, use at own risk and report problems\n"); + fprintf(stderr, "[WARNING] SNMPv3 is still in beta state, use at own " + "risk and report problems\n"); if (j >= 16) - bail("The SNMPv3 module so far only support authentication (md5/sha), not yet encryption\n"); - if (hydra_options.colonfile == NULL - && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { + bail("The SNMPv3 module so far only support authentication " + "(md5/sha), not yet encryption\n"); + if (hydra_options.colonfile == NULL && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { if (j > 3) { - fprintf(stderr, "[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n"); + fprintf(stderr, "[ERROR] you specified SNMPv3, defined hashing/encryption but " + "only gave one of login or password list. Either supply both " + "logins and passwords (this is what is usually used in " + "SNMPv3), or remove the hashing/encryption option (unusual)\n"); exit(-1); } - fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, NoAuthNoPriv is assumed. This is an unusual case, you should know what you are doing\n"); + fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, " + "NoAuthNoPriv is assumed. This is an unusual case, " + "you should know what you are doing\n"); tmpptr = malloc(strlen(hydra_options.miscptr) + 8); strcpy(tmpptr, hydra_options.miscptr); strcat(tmpptr, ":"); strcat(tmpptr, "PLAIN"); hydra_options.miscptr = tmpptr; } else { - i = 1; // snmpv3 with login+pass mode + i = 1; // snmpv3 with login+pass mode #ifndef LIBOPENSSL - bail("hydra was not compiled with OPENSSL support, snmpv3 can only be used on NoAuthNoPriv mode (only logins, no passwords)!"); + bail("hydra was not compiled with OPENSSL support, snmpv3 can only " + "be used on NoAuthNoPriv mode (only logins, no passwords)!"); #endif - printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", - (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no"); + printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no"); } } } @@ -2963,15 +3048,16 @@ int main(int argc, char *argv[]) { } } if (strcmp(hydra_options.service, "ldap") == 0) { - bail("Please select ldap2 or ldap3 for simple authentication or ldap3-crammd5 or ldap3-digestmd5\n"); + bail("Please select ldap2 or ldap3 for simple authentication or " + "ldap3-crammd5 or ldap3-digestmd5\n"); } if (strcmp(hydra_options.service, "ldap2") == 0 || strcmp(hydra_options.service, "ldap3") == 0) { i = 1; - if ((hydra_options.miscptr != NULL && hydra_options.login != NULL) - || (hydra_options.miscptr != NULL && hydra_options.loginfile != NULL) || (hydra_options.login != NULL && hydra_options.loginfile != NULL)) + if ((hydra_options.miscptr != NULL && hydra_options.login != NULL) || (hydra_options.miscptr != NULL && hydra_options.loginfile != NULL) || (hydra_options.login != NULL && hydra_options.loginfile != NULL)) bail("you may only use one of -l, -L or -m\n"); if (hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.miscptr == NULL) - fprintf(stderr, "[WARNING] no DN to authenticate is defined, using DN of null (use -m, -l or -L to define DNs)\n"); + fprintf(stderr, "[WARNING] no DN to authenticate is defined, using DN " + "of null (use -m, -l or -L to define DNs)\n"); if (hydra_options.login == NULL && hydra_options.loginfile == NULL) { i = 2; } @@ -2989,26 +3075,30 @@ int main(int argc, char *argv[]) { i = 1; if (strcmp(hydra_options.service, "s7-300") == 0) { if (hydra_options.tasks > 8) { - fprintf(stderr, "[INFO] Reduced number of tasks to 8 (the PLC does not like more connections)\n"); + fprintf(stderr, "[INFO] Reduced number of tasks to 8 (the PLC does not " + "like more connections)\n"); hydra_options.tasks = 8; } i = 2; } if (strcmp(hydra_options.service, "cisco-enable") == 0) { if (hydra_options.login != NULL || hydra_options.loginfile != NULL) - i = 1; // login will be the initial Username: login, or line Password: + i = 1; // login will be the initial Username: login, or line Password: else i = 2; if (hydra_options.miscptr == NULL) - fprintf(stderr, "[WARNING] You did not supply the initial support to the Cisco via -l, assuming direct console access\n"); + fprintf(stderr, "[WARNING] You did not supply the initial support to " + "the Cisco via -l, assuming direct console access\n"); if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco enable services.\n"); + fprintf(stderr, "[WARNING] you should set the number of parallel task " + "to 4 for cisco enable services.\n"); } if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) { i = 4; hydra_options.pass = empty_login; if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You did not supply proxy credentials via the optional parameter\n"); + fprintf(stderr, "[WARNING] You did not supply proxy credentials via " + "the optional parameter\n"); } if (hydra_options.bfg || hydra_options.passfile != NULL) bail("the http-proxy-urlenum does not need the -p/-P or -x option"); @@ -3016,7 +3106,8 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "vnc") == 0) { i = 2; if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for vnc services.\n"); + fprintf(stderr, "[WARNING] you should set the number of parallel task " + "to 4 for vnc services.\n"); } if (strcmp(hydra_options.service, "https-head") == 0 || strcmp(hydra_options.service, "https-get") == 0 || strcmp(hydra_options.service, "https-post") == 0) { #ifdef LIBOPENSSL @@ -3024,11 +3115,10 @@ int main(int argc, char *argv[]) { hydra_options.ssl = 1; if (strcmp(hydra_options.service, "https-head") == 0) strcpy(hydra_options.service, "http-head"); + else if (strcmp(hydra_options.service, "https-post") == 0) + strcpy(hydra_options.service, "http-post"); else - if (strcmp(hydra_options.service, "https-post") == 0) - strcpy(hydra_options.service, "http-post"); - else - strcpy(hydra_options.service, "http-get"); + strcpy(hydra_options.service, "http-get"); #else bail("Compiled without SSL support, module not available"); #endif @@ -3036,29 +3126,34 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0 || strcmp(hydra_options.service, "http-post") == 0) { i = 1; if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); + fprintf(stderr, "[WARNING] You must supply the web page as an " + "additional option or via -m, default path set to /\n"); hydra_options.miscptr = malloc(2); hydra_options.miscptr = "/"; } if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) - bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); + bail("The web page you supplied must start with a \"/\", \"http://\" " + "or \"https://\", e.g. \"/protected/login\""); if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - " + "you can use only ONE for the service http-head/http-get!"); if (getenv("HYDRA_PROXY_HTTP")) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } if (strcmp(hydra_options.service, "http-head") == 0) - fprintf(stderr, "[WARNING] http-head auth does not work with every server, better use http-get\n"); + fprintf(stderr, "[WARNING] http-head auth does not work with every " + "server, better use http-get\n"); } - if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 - || strcmp(hydra_options.service, "https-post-form") == 0) { - char bufferurl[6096+24], *url, *variables, *cond, *optional1; //6096 comes from issue 192 on github. Extra 24 bytes for null padding. + if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 || strcmp(hydra_options.service, "https-post-form") == 0) { + char bufferurl[6096 + 24], *url, *variables, *cond, + *optional1; // 6096 comes from issue 192 on github. Extra 24 bytes for + // null padding. if (strncmp(hydra_options.service, "http-", 5) == 0) { i = 1; - } else { // https + } else { // https #ifdef LIBOPENSSL i = 1; hydra_options.ssl = 1; @@ -3071,23 +3166,28 @@ int main(int argc, char *argv[]) { #endif } if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); + fprintf(stderr, "[WARNING] You must supply the web page as an " + "additional option or via -m, default path set to /\n"); hydra_options.miscptr = malloc(2); hydra_options.miscptr = "/"; } - //if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) - // bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); + // if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, + // "://") == NULL) + // bail("The web page you supplied must start with a \"/\", \"http://\" + // or \"https://\", e.g. \"/protected/login\""); if (hydra_options.miscptr[0] != '/') bail("optional parameter must start with a '/' slash!\n"); if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - " + "you can use only ONE for the service http-head/http-get!"); if (getenv("HYDRA_PROXY_HTTP")) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } if (strstr(hydra_options.miscptr, "\\:") != NULL) { - fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n"); + fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module " + "option, no parameter verification is performed.\n"); } else { sprintf(bufferurl, "%.6000s", hydra_options.miscptr); url = strtok(bufferurl, ":"); @@ -3095,11 +3195,17 @@ int main(int argc, char *argv[]) { cond = strtok(NULL, ":"); optional1 = strtok(NULL, "\n"); if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL && strstr(variables, "^USER64^") == NULL && strstr(variables, "^PASS64^") == NULL)) { - fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^, ^PASS^, ^USER64^ or ^PASS64^: %s\n", STR_NULL(variables)); + fprintf(stderr, + "[ERROR] the variables argument needs at least the strings " + "^USER^, ^PASS^, ^USER64^ or ^PASS64^: %s\n", + STR_NULL(variables)); exit(-1); } if ((url == NULL) || (cond == NULL)) { - fprintf(stderr, "[ERROR] Wrong syntax, requires three arguments separated by a colon which may not be null: %s\n", bufferurl); + fprintf(stderr, + "[ERROR] Wrong syntax, requires three arguments separated by " + "a colon which may not be null: %s\n", + bufferurl); exit(-1); } while ((optional1 = strtok(NULL, ":")) != NULL) { @@ -3108,17 +3214,23 @@ int main(int argc, char *argv[]) { exit(-1); } switch (optional1[0]) { - case 'C': // fall through + case 'C': // fall through case 'c': if (optional1[1] != '=' || optional1[2] != '/') { - fprintf(stderr, "[ERROR] Wrong syntax of parameter C, must look like 'C=/url/of/page', not http:// etc.: %s\n", optional1); + fprintf(stderr, + "[ERROR] Wrong syntax of parameter C, must look like " + "'C=/url/of/page', not http:// etc.: %s\n", + optional1); exit(-1); } break; - case 'H': // fall through + case 'H': // fall through case 'h': if (optional1[1] != '=' || strtok(NULL, ":") == NULL) { - fprintf(stderr, "[ERROR] Wrong syntax of parameter H, must look like 'H=X-My-Header: MyValue', no http:// : %s\n", optional1); + fprintf(stderr, + "[ERROR] Wrong syntax of parameter H, must look like " + "'H=X-My-Header: MyValue', no http:// : %s\n", + optional1); exit(-1); } break; @@ -3135,21 +3247,26 @@ int main(int argc, char *argv[]) { i = 1; if (strcmp(hydra_options.service, "rdp") == 0) { if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n"); + fprintf(stderr, "[WARNING] rdp servers often don't like many connections, use -t 1 " + "or -t 4 to reduce the number of parallel connections and -W 1 or " + "-W 3 to wait between connection to allow the server to recover\n"); if (hydra_options.tasks > 4) { - fprintf(stderr, "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\n"); - hydra_options.tasks = 4; + fprintf(stderr, "[INFO] Reduced number of tasks to 4 (rdp does not " + "like many parallel connections)\n"); + hydra_options.tasks = 4; } if (conwait == 0) - hydra_options.conwait = conwait = 1; - printf("[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n"); + hydra_options.conwait = conwait = 1; + printf("[WARNING] the rdp module is experimental. Please test, report - " + "and if possible, fix.\n"); i = 1; } if (strcmp(hydra_options.service, "radmin2") == 0) { #ifdef HAVE_GCRYPT i = 1; #else - bail("hydra was not compiled with gcrypt support, radmin2 module not available"); + bail("hydra was not compiled with gcrypt support, radmin2 module not " + "available"); #endif } @@ -3161,24 +3278,30 @@ int main(int argc, char *argv[]) { } if (port < 1 || port > 65535) { if ((port = hydra_lookup_port(hydra_options.service)) < 1) { - fprintf(stderr, "[ERROR] No valid port set or no default port available. Use the -s Option.\n"); + fprintf(stderr, "[ERROR] No valid port set or no default port " + "available. Use the -s Option.\n"); exit(-1); } hydra_options.port = port; } if (hydra_options.ssl == 0 && hydra_options.port == 443) - fprintf(stderr, "[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n"); + fprintf(stderr, "[WARNING] you specified port 443 for attacking a http " + "service, however did not specify the -S ssl switch nor " + "used https-..., therefore using plain HTTP\n"); if (hydra_options.loop_mode && hydra_options.colonfile != NULL) - bail("The loop mode option (-u) works with all modes - except colon files (-C)\n"); + bail("The loop mode option (-u) works with all modes - except colon " + "files (-C)\n"); if (strncmp(hydra_options.service, "http-", strlen("http-")) != 0 && strcmp(hydra_options.service, "http-head") != 0 && getenv("HYDRA_PROXY_HTTP") != NULL) - fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only with the http-head/http-get module, ignored...\n"); + fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only " + "with the http-head/http-get module, ignored...\n"); if (i == 2) { - if (hydra_options.colonfile != NULL - || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0))) - bail - ("The redis, adam6500, cisco, oracle-listener, s7-300, snmp and vnc modules are only using the -p or -P option, not login (-l, -L) or colon file (-C).\nUse the telnet module for cisco using \"Username:\" authentication.\n"); + if (hydra_options.colonfile != NULL || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0))) + bail("The redis, adam6500, cisco, oracle-listener, s7-300, snmp and " + "vnc modules are only using the -p or -P option, not login (-l, " + "-L) or colon file (-C).\nUse the telnet module for cisco using " + "\"Username:\" authentication.\n"); if ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass == NULL || hydra_options.passfile == NULL)) { hydra_options.pass = hydra_options.login; hydra_options.passfile = hydra_options.loginfile; @@ -3187,9 +3310,9 @@ int main(int argc, char *argv[]) { hydra_options.loginfile = NULL; } if (i == 3) { - if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 - || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL))) - bail("The rsh, oracle-sid login is neither using the -p, -P or -x options nor colon file (-C)\n"); + if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL))) + bail("The rsh, oracle-sid login is neither using the -p, -P or -x " + "options nor colon file (-C)\n"); if ((hydra_options.login == NULL || hydra_options.loginfile == NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL)) { hydra_options.login = hydra_options.pass; hydra_options.loginfile = hydra_options.passfile; @@ -3200,23 +3323,23 @@ int main(int argc, char *argv[]) { if (i == 3 && hydra_options.login == NULL && hydra_options.loginfile == NULL) bail("I need at least either the -l or -L option to know the login"); if (i == 2 && hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0) - bail("I need at least either the -p, -P or -x option to have a password to try"); + bail("I need at least either the -p, -P or -x option to have a password " + "to try"); if (i == 1 && hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.colonfile == NULL) bail("I need at least either the -l, -L or -C option to know the login"); - if (hydra_options.colonfile != NULL && ((hydra_options.bfg != 0 || hydra_options.login != NULL || hydra_options.loginfile != NULL) - || (hydra_options.pass != NULL && hydra_options.passfile != NULL))) + if (hydra_options.colonfile != NULL && ((hydra_options.bfg != 0 || hydra_options.login != NULL || hydra_options.loginfile != NULL) || (hydra_options.pass != NULL && hydra_options.passfile != NULL))) bail("The -C option is standalone, don't use it with -l/L, -p/P or -x!"); - if ((hydra_options.bfg) - && ((hydra_options.pass != NULL) || (hydra_options.passfile != NULL) - || (hydra_options.colonfile != NULL))) - bail("The -x (password bruteforce generation option) doesn't work with -p/P, -C or -e!\n"); - if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 - && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) { - // test if the service is smtp-enum as it could be used either with a login+pass or only a login + if ((hydra_options.bfg) && ((hydra_options.pass != NULL) || (hydra_options.passfile != NULL) || (hydra_options.colonfile != NULL))) + bail("The -x (password bruteforce generation option) doesn't work with " + "-p/P, -C or -e!\n"); + if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) { + // test if the service is smtp-enum as it could be used either with a + // login+pass or only a login if (strstr(hydra_options.service, "smtp-enum") != NULL) hydra_options.pass = empty_login; else - bail("I need at least the -e, -p, -P or -x option to have some passwords!"); + bail("I need at least the -e, -p, -P or -x option to have some " + "passwords!"); } if (hydra_options.tasks < 1 || hydra_options.tasks > MAXTASKS) { fprintf(stderr, "[ERROR] Option -t needs to be a number between 1 and %d\n", MAXTASKS); @@ -3227,16 +3350,10 @@ int main(int argc, char *argv[]) { hydra_options.max_use = MAXTASKS; } // script kiddie patch - if (hydra_options.server != NULL && ( - hydra_strcasestr(hydra_options.server, ".outlook.com") != NULL || - hydra_strcasestr(hydra_options.server, ".hotmail.com") != NULL || - hydra_strcasestr(hydra_options.server, ".yahoo.") != NULL || - hydra_strcasestr(hydra_options.server, ".gmx.") != NULL || - hydra_strcasestr(hydra_options.server, ".web.de") != NULL || - hydra_strcasestr(hydra_options.server, ".gmail.") != NULL || - hydra_strcasestr(hydra_options.server, "googlemail.") != NULL - )) { - fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?!\n"); + if (hydra_options.server != NULL && (hydra_strcasestr(hydra_options.server, ".outlook.com") != NULL || hydra_strcasestr(hydra_options.server, ".hotmail.com") != NULL || hydra_strcasestr(hydra_options.server, ".yahoo.") != NULL || hydra_strcasestr(hydra_options.server, ".gmx.") != NULL || hydra_strcasestr(hydra_options.server, ".web.de") != NULL || hydra_strcasestr(hydra_options.server, ".gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL)) { + fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and " + "hydra detection and sends false positives. You are not " + "doing anything illegal right?!\n"); fprintf(stderr, "[WARNING] !read the above!\n"); sleep(5); } @@ -3257,7 +3374,10 @@ int main(int argc, char *argv[]) { exit(-1); } if (hydra_brains.sizelogin > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %" hPRIu64 " bytes.\n", MAX_BYTES, (uint64_t) hydra_brains.sizelogin); + fprintf(stderr, + "[ERROR] Maximum size of the login file is %d, this file has " + "%" hPRIu64 " bytes.\n", + MAX_BYTES, (uint64_t)hydra_brains.sizelogin); exit(-1); } login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); @@ -3282,11 +3402,17 @@ int main(int argc, char *argv[]) { exit(-1); } if (hydra_brains.countpass > MAX_LINES) { - fprintf(stderr, "[ERROR] Maximum number of passwords is %d, this file has %" hPRIu64 " entries.\n", MAX_LINES, hydra_brains.countpass); + fprintf(stderr, + "[ERROR] Maximum number of passwords is %d, this file has " + "%" hPRIu64 " entries.\n", + MAX_LINES, hydra_brains.countpass); exit(-1); } if (hydra_brains.sizepass > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %" hPRIu64 " bytes.\n", MAX_BYTES, (uint64_t) hydra_brains.sizepass); + fprintf(stderr, + "[ERROR] Maximum size of the password file is %d, this file " + "has %" hPRIu64 " bytes.\n", + MAX_BYTES, (uint64_t)hydra_brains.sizepass); exit(-1); } pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); @@ -3303,7 +3429,7 @@ int main(int argc, char *argv[]) { if (hydra_options.bfg) { #ifdef HAVE_MATH_H if (bf_init(bf_options.arg)) - exit(-1); // error description is handled by bf_init + exit(-1); // error description is handled by bf_init pass_ptr = bf_next(hydra_options.rainy); hydra_brains.countpass += bf_get_pcount(); hydra_brains.sizepass += BF_BUFLEN; @@ -3329,11 +3455,17 @@ int main(int argc, char *argv[]) { exit(-1); } if (hydra_brains.countlogin > MAX_LINES / 2) { - fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %" hPRIu64 " entries.\n", MAX_LINES / 2, hydra_brains.countlogin); + fprintf(stderr, + "[ERROR] Maximum number of colon file entries is %d, this file " + "has %" hPRIu64 " entries.\n", + MAX_LINES / 2, hydra_brains.countlogin); exit(-1); } if (hydra_brains.sizelogin > MAX_BYTES / 2) { - fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %" hPRIu64 " bytes.\n", MAX_BYTES / 2, (uint64_t) hydra_brains.sizelogin); + fprintf(stderr, + "[ERROR] Maximum size of the colon file is %d, this file has " + "%" hPRIu64 " bytes.\n", + MAX_BYTES / 2, (uint64_t)hydra_brains.sizelogin); exit(-1); } csv_ptr = malloc(hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); @@ -3341,8 +3473,10 @@ int main(int argc, char *argv[]) { bail("Could not allocate enough memory for colon file data"); memset(csv_ptr, 0, hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); fill_mem(csv_ptr, cfp, 1); - //printf("count: %d, size: %d\n", hydra_brains.countlogin, hydra_brains.sizelogin); - //hydra_dump_data(csv_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, "colon data"); + // printf("count: %d, size: %d\n", hydra_brains.countlogin, + // hydra_brains.sizelogin); hydra_dump_data(csv_ptr, + // hydra_brains.sizelogin + // + hydra_brains.countlogin + 8, "colon data"); hydra_brains.countpass = 1; pass_ptr = login_ptr = csv_ptr; while (*pass_ptr != 0) @@ -3357,7 +3491,13 @@ int main(int argc, char *argv[]) { } free(memcheck); if ((rfp = fopen(RESTOREFILE, "r")) != NULL) { - fprintf(stderr, "[WARNING] Restorefile (%s) from a previous session found, to prevent overwriting, %s\n", ignore_restore == 1 ? "ignored ..." : "you have 10 seconds to abort... (use option -I to skip waiting)", RESTOREFILE); + fprintf(stderr, + "[WARNING] Restorefile (%s) from a previous session found, to " + "prevent overwriting, %s\n", + ignore_restore == 1 ? "ignored ..." + : "you have 10 seconds to abort... (use " + "option -I to skip waiting)", + RESTOREFILE); if (ignore_restore != 1) sleep(10); fclose(rfp); @@ -3373,17 +3513,24 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] File for targets is empty: %s\n", hydra_options.infile_ptr); exit(-1); } - // if (countinfile > 60) fprintf(stderr, "[WARNING] the -M option is not working correctly at the moment for target lists > 60!\n"); - hydra_targets = malloc(sizeof(hydra_target*) * (countservers + 2) + 8); + // if (countinfile > 60) fprintf(stderr, "[WARNING] the -M option is not + // working correctly at the moment for target lists > 60!\n"); + hydra_targets = malloc(sizeof(hydra_target *) * (countservers + 2) + 8); if (hydra_targets == NULL) bail("Could not allocate enough memory for target data"); sizeinfile = size_of_data; if (countinfile > MAX_LINES / 1000) { - fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int32_t) countinfile); + fprintf(stderr, + "[ERROR] Maximum number of target file entries is %d, this " + "file has %d entries.\n", + MAX_LINES / 1000, (int32_t)countinfile); exit(-1); } if (sizeinfile > MAX_BYTES / 1000) { - fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int32_t) sizeinfile); + fprintf(stderr, + "[ERROR] Maximum size of the server file is %d, this file has " + "%d bytes.\n", + MAX_BYTES / 1000, (int32_t)sizeinfile); exit(-1); } if ((servers_ptr = malloc(sizeinfile + countservers + 8)) == NULL) @@ -3421,72 +3568,75 @@ int main(int argc, char *argv[]) { fprintf(stderr, "Error: no target server given, nor -M option used\n"); exit(-1); } else if (index(hydra_options.server, '/') != NULL) { - if (cmdlinetarget == NULL) - bail("You seem to mix up \"service://target:port/options\" syntax with \"target service options\" syntax. Read the README on how to use hydra correctly!"); - if (strstr(cmdlinetarget, "://") != NULL) { - tmpptr = index(hydra_options.server, '/'); - if (tmpptr != NULL) - *tmpptr = 0; - countservers = hydra_brains.targets = 1; - hydra_targets = malloc(sizeof(hydra_target*) * 4); - hydra_targets[0] = malloc(sizeof(hydra_target)); - memset(hydra_targets[0], 0, sizeof(hydra_target)); - hydra_targets[0]->target = servers_ptr = hydra_options.server; - hydra_targets[0]->port = hydra_options.port; - sizeservers = strlen(hydra_options.server) + 1; - } else { - /* CIDR notation on command line, e.g. 192.168.0.0/24 */ - uint32_t four_from, four_to, addr_cur, addr_cur2, k, l; - in_addr_t addr4; - struct sockaddr_in target; + if (cmdlinetarget == NULL) + bail("You seem to mix up \"service://target:port/options\" syntax with " + "\"target service options\" syntax. Read the README on how to use " + "hydra correctly!"); + if (strstr(cmdlinetarget, "://") != NULL) { + tmpptr = index(hydra_options.server, '/'); + if (tmpptr != NULL) + *tmpptr = 0; + countservers = hydra_brains.targets = 1; + hydra_targets = malloc(sizeof(hydra_target *) * 4); + hydra_targets[0] = malloc(sizeof(hydra_target)); + memset(hydra_targets[0], 0, sizeof(hydra_target)); + hydra_targets[0]->target = servers_ptr = hydra_options.server; + hydra_targets[0]->port = hydra_options.port; + sizeservers = strlen(hydra_options.server) + 1; + } else { + /* CIDR notation on command line, e.g. 192.168.0.0/24 */ + uint32_t four_from, four_to, addr_cur, addr_cur2, k, l; + in_addr_t addr4; + struct sockaddr_in target; - hydra_options.cidr = 1; - do_retry = 0; - if ((tmpptr = malloc(strlen(hydra_options.server) + 1)) == NULL) { - fprintf(stderr, "Error: can not allocate memory\n"); - exit(-1); + hydra_options.cidr = 1; + do_retry = 0; + if ((tmpptr = malloc(strlen(hydra_options.server) + 1)) == NULL) { + fprintf(stderr, "Error: can not allocate memory\n"); + exit(-1); + } + strcpy(tmpptr, hydra_options.server); + tmpptr2 = index(tmpptr, '/'); + *tmpptr2++ = 0; + if ((k = atoi(tmpptr2)) < 16 || k > 31) { + fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server); + exit(-1); + } + if ((addr4 = htonl(inet_addr(tmpptr))) == 0xffffffff) { + fprintf(stderr, "Error: option is not a valid IPv4 address: %s\n", tmpptr); + exit(-1); + } + free(tmpptr); + l = 1 << (32 - k); + l--; + four_to = (addr4 | l); + l = 0xffffffff - l; + four_from = (addr4 & l); + l = 1 << (32 - k); + hydra_brains.targets = countservers = l; + hydra_targets = (hydra_target **)malloc(sizeof(hydra_target *) * (l + 2) + 8); + if (hydra_targets == NULL) + bail("Could not allocate enough memory for target data"); + i = 0; + addr_cur = four_from; + while (addr_cur <= four_to && i < l) { + hydra_targets[i] = malloc(sizeof(hydra_target)); + memset(hydra_targets[i], 0, sizeof(hydra_target)); + addr_cur2 = htonl(addr_cur); + memcpy(&target.sin_addr.s_addr, (char *)&addr_cur2, 4); + hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr)target.sin_addr)); + hydra_targets[i]->port = hydra_options.port; + addr_cur++; + i++; + } + if (verbose) + printf("[VERBOSE] CIDR attack from %s to %s\n", hydra_targets[0]->target, hydra_targets[l - 1]->target); + printf("[WARNING] The CIDR attack mode is still beta. Please report " + "issues.\n"); } - strcpy(tmpptr, hydra_options.server); - tmpptr2 = index(tmpptr, '/'); - *tmpptr2++ = 0; - if ((k = atoi(tmpptr2)) < 16 || k > 31) { - fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server); - exit(-1); - } - if ((addr4 = htonl(inet_addr(tmpptr))) == 0xffffffff) { - fprintf(stderr, "Error: option is not a valid IPv4 address: %s\n", tmpptr); - exit(-1); - } - free(tmpptr); - l = 1 << (32 - k); - l--; - four_to = (addr4 | l); - l = 0xffffffff - l; - four_from = (addr4 & l); - l = 1 << (32 - k); - hydra_brains.targets = countservers = l; - hydra_targets = (hydra_target**)malloc(sizeof(hydra_target*) * (l + 2) + 8); - if (hydra_targets == NULL) - bail("Could not allocate enough memory for target data"); - i = 0; - addr_cur = four_from; - while (addr_cur <= four_to && i < l) { - hydra_targets[i] = malloc(sizeof(hydra_target)); - memset(hydra_targets[i], 0, sizeof(hydra_target)); - addr_cur2 = htonl(addr_cur); - memcpy(&target.sin_addr.s_addr, (char *) &addr_cur2, 4); - hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr) target.sin_addr)); - hydra_targets[i]->port = hydra_options.port; - addr_cur++; - i++; - } - if (verbose) - printf("[VERBOSE] CIDR attack from %s to %s\n", hydra_targets[0]->target, hydra_targets[l - 1]->target); - printf("[WARNING] The CIDR attack mode is still beta. Please report issues.\n"); - } - } else { // standard: single target on command line + } else { // standard: single target on command line countservers = hydra_brains.targets = 1; - hydra_targets = malloc(sizeof(hydra_target*) * 4); + hydra_targets = malloc(sizeof(hydra_target *) * 4); hydra_targets[0] = malloc(sizeof(hydra_target)); memset(hydra_targets[0], 0, sizeof(hydra_target)); hydra_targets[0]->target = servers_ptr = hydra_options.server; @@ -3508,7 +3658,7 @@ int main(int argc, char *argv[]) { hydra_targets[i]->pass_state = 3; } } - } // END OF restore == 0 + } // END OF restore == 0 // PROXY PROCESSING if (getenv("HYDRA_PROXY") && use_proxy == 0) { @@ -3520,13 +3670,18 @@ int main(int argc, char *argv[]) { if (use_proxy == 2) proxy_string = getenv("HYDRA_PROXY"); if (use_proxy && getenv("HYDRA_PROXY_AUTH") != NULL) - fprintf(stderr, "[WARNING] environment variable HYDRA_PROXY_AUTH is deprecated, use authentication in the HYDRA_PROXY definitions, e.g. type://auth@target:port\n"); + fprintf(stderr, "[WARNING] environment variable HYDRA_PROXY_AUTH is " + "deprecated, use authentication in the HYDRA_PROXY " + "definitions, e.g. type://auth@target:port\n"); if (use_proxy && proxy_string != NULL) { if (strstr(proxy_string, "://") != NULL) { process_proxy_line(use_proxy, proxy_string); } else { if ((proxyfp = fopen(proxy_string, "r")) == NULL) { - fprintf(stderr, "[ERROR] proxy definition %s is neither of the kind type://auth@target:port nor a file containing proxy entries!\n", proxy_string); + fprintf(stderr, + "[ERROR] proxy definition %s is neither of the kind " + "type://auth@target:port nor a file containing proxy entries!\n", + proxy_string); exit(-1); } while (fgets(buf, sizeof(buf), proxyfp) != NULL) @@ -3556,12 +3711,14 @@ int main(int argc, char *argv[]) { bail("No login/password combination given!"); if (hydra_brains.todo < hydra_options.tasks) { if (verbose && hydra_options.tasks != TASKS) - printf("[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to %" hPRIu64 "\n", hydra_brains.todo); + printf("[VERBOSE] More tasks defined than login/pass pairs exist. " + "Tasks reduced to %" hPRIu64 "\n", + hydra_brains.todo); hydra_options.tasks = hydra_brains.todo; } } - if (hydra_options.max_use == MAXTASKS) { // only if it was not set via -T + if (hydra_options.max_use == MAXTASKS) { // only if it was not set via -T if (hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; if (hydra_options.max_use > MAXTASKS) @@ -3570,10 +3727,13 @@ int main(int argc, char *argv[]) { if ((hydra_options.tasks == TASKS || hydra_options.tasks <= 8) && hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) { if ((hydra_options.tasks = hydra_options.max_use / hydra_brains.targets) == 0) hydra_options.tasks = 1; - //fprintf(stderr, "[WARNING] More tasks defined per server than allowed for maximal connections. Tasks per server reduced to %d.\n", hydra_options.tasks); + // fprintf(stderr, "[WARNING] More tasks defined per server than allowed for + // maximal connections. Tasks per server reduced to %d.\n", + // hydra_options.tasks); } else { if (hydra_options.tasks > MAXTASKS) { - //fprintf(stderr, "[WARNING] reducing tasks to MAXTASKS (%d)\n", MAXTASKS); + // fprintf(stderr, "[WARNING] reducing tasks to MAXTASKS (%d)\n", + // MAXTASKS); hydra_options.tasks = MAXTASKS; } } @@ -3591,16 +3751,10 @@ int main(int argc, char *argv[]) { if (hydra_options.ssl) options = options | OPTION_SSL; - printf("[DATA] max %d task%s per %d server%s, overall %d task%s, %" hPRIu64 " login tr", - hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", - hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", - hydra_options.max_use, hydra_options.max_use == 1 ? "" : "s", - hydra_brains.todo); + printf("[DATA] max %d task%s per %d server%s, overall %d task%s, %" hPRIu64 " login tr", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_options.max_use == 1 ? "" : "s", hydra_brains.todo); printf("%s", hydra_brains.todo == 1 ? "y" : "ies"); if (hydra_options.colonfile == NULL) { - printf(" (l:%" hPRIu64 "/p:%" hPRIu64 "), ~%" hPRIu64 " tr", - (uint64_t) hydra_brains.countlogin, (uint64_t) hydra_brains.countpass, - math2); + printf(" (l:%" hPRIu64 "/p:%" hPRIu64 "), ~%" hPRIu64 " tr", (uint64_t)hydra_brains.countlogin, (uint64_t)hydra_brains.countpass, math2); } else { printf(", ~%" hPRIu64 " tr", math2); } @@ -3610,7 +3764,7 @@ int main(int argc, char *argv[]) { if (hydra_brains.targets == 1) { if (index(hydra_targets[0]->target, ':') == NULL) { printf("[DATA] attacking %s%s://%s:", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_targets[0]->target); - printf("%d%s%s\n", port, hydra_options.miscptr == NULL || hydra_options.miscptr[0] != '/' ? "/" : "", hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); + printf("%d%s%s\n", port, hydra_options.miscptr == NULL || hydra_options.miscptr[0] != '/' ? "/" : "", hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); } else { printf("[DATA] attacking %s%s://[%s]:", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_targets[0]->target); printf("%d%s%s\n", port, hydra_options.miscptr == NULL || hydra_options.miscptr[0] != '/' ? "/" : "", hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); @@ -3619,14 +3773,16 @@ int main(int argc, char *argv[]) { printf("[DATA] attacking %s%s://(%d targets):", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_brains.targets); printf("%d%s%s\n", port, hydra_options.miscptr == NULL || hydra_options.miscptr[0] != '/' ? "/" : "", hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); } - //service %s on port %d%s\n", hydra_options.service, port, hydra_options.ssl == 1 ? " with SSL" : ""); -// if (hydra_options.miscptr != NULL && hydra_options.miscptr[0] != 0) -// printf("[DATA] with additional data %s\n", hydra_options.miscptr); + // service %s on port %d%s\n", hydra_options.service, port, hydra_options.ssl + // == 1 ? " with SSL" : ""); + // if (hydra_options.miscptr != NULL && hydra_options.miscptr[0] != 0) + // printf("[DATA] with additional data %s\n", hydra_options.miscptr); if (hydra_options.outfile_ptr != NULL) { - char outfile_open_type[] = "a+"; //Default open in a+ mode + char outfile_open_type[] = "a+"; // Default open in a+ mode if (hydra_options.outfile_format == FORMAT_JSONV1 && hydra_options.restore != 1) { - outfile_open_type[0] = 'w'; //Creat new outfile, if using JSON output and not using -R. The open mode should be "w+". + outfile_open_type[0] = 'w'; // Creat new outfile, if using JSON output and + // not using -R. The open mode should be "w+". } if ((hydra_brains.ofp = fopen(hydra_options.outfile_ptr, outfile_open_type)) == NULL) { perror("[ERROR] Error creating outputfile"); @@ -3634,22 +3790,22 @@ int main(int argc, char *argv[]) { } if (hydra_options.outfile_format == FORMAT_JSONV1) { if (hydra_options.restore != 1) { // No JSON head while using -R - fprintf(hydra_brains.ofp, "{ \"generator\": {\n" - "\t\"software\": \"%s\", \"version\": \"%s\", \"built\": \"%s\",\n" - "\t\"server\": \"%s\", \"service\": \"%s\", \"jsonoutputversion\": \"1.00\",\n" - "\t\"commandline\": \"%s", - PROGRAM, VERSION, hydra_build_time(), - hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); + fprintf(hydra_brains.ofp, + "{ \"generator\": {\n" + "\t\"software\": \"%s\", \"version\": \"%s\", \"built\": \"%s\",\n" + "\t\"server\": \"%s\", \"service\": \"%s\", \"jsonoutputversion\": " + "\"1.00\",\n" + "\t\"commandline\": \"%s", + PROGRAM, VERSION, hydra_build_time(), hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); for (i = 1; i < argc; i++) { - char *t = hydra_string_replace(argv[i],"\"","\\\""); + char *t = hydra_string_replace(argv[i], "\"", "\\\""); fprintf(hydra_brains.ofp, " %s", t); free(t); } fprintf(hydra_brains.ofp, "\"\n\t},\n\"results\": ["); } } else { // else default is plain text aka == 0 - fprintf(hydra_brains.ofp, "# %s %s run at %s on %s %s (%s", PROGRAM, VERSION, hydra_build_time(), - hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); + fprintf(hydra_brains.ofp, "# %s %s run at %s on %s %s (%s", PROGRAM, VERSION, hydra_build_time(), hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); for (i = 1; i < argc; i++) fprintf(hydra_brains.ofp, " %s", argv[i]); fprintf(hydra_brains.ofp, ")\n"); @@ -3698,30 +3854,36 @@ int main(int argc, char *argv[]) { #ifdef AF_INET6 if (p->ai_family == AF_INET6) { if (ipv6 == NULL) - ipv6 = (struct sockaddr_in6 *) p->ai_addr; + ipv6 = (struct sockaddr_in6 *)p->ai_addr; } else #endif - if (p->ai_family == AF_INET) { + if (p->ai_family == AF_INET) { if (ipv4 == NULL) - ipv4 = (struct sockaddr_in *) p->ai_addr; + ipv4 = (struct sockaddr_in *)p->ai_addr; } } #ifdef AF_INET6 if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { // IPV6 FIXME if ((strcmp(hydra_options.service, "socks5") == 0) || (strcmp(hydra_options.service, "sip") == 0)) { - fprintf(stderr, "[ERROR] Target %s resolves to an IPv6 address, however module %s does not support this. Maybe try \"-4\" option. Sending in patches helps.\n", + fprintf(stderr, + "[ERROR] Target %s resolves to an IPv6 address, however " + "module %s does not support this. Maybe try \"-4\" option. " + "Sending in patches helps.\n", hydra_targets[i]->target, hydra_options.service); hydra_targets[i]->done = TARGET_UNRESOLVED; hydra_brains.finished++; } else { hydra_targets[i]->ip[0] = 16; - memcpy(&hydra_targets[i]->ip[1], (char *) &ipv6->sin6_addr, 16); + memcpy(&hydra_targets[i]->ip[1], (char *)&ipv6->sin6_addr, 16); if (device != NULL && strlen(device) <= 16) strcpy(&hydra_targets[i]->ip[17], device); if (memcmp(&hydra_targets[i]->ip[17], fe80, 2) == 0) { if (device == NULL) { - fprintf(stderr, "[ERROR] The target %s address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n", + fprintf(stderr, + "[ERROR] The target %s address is a link local address, " + "link local addresses require the interface being " + "defined like this: fe80::1%%eth0\n", hydra_targets[i]->target); exit(-1); } @@ -3729,9 +3891,9 @@ int main(int argc, char *argv[]) { } } else #endif - if (ipv4 != NULL) { + if (ipv4 != NULL) { hydra_targets[i]->ip[0] = 4; - memcpy(&hydra_targets[i]->ip[1], (char *) &ipv4->sin_addr, 4); + memcpy(&hydra_targets[i]->ip[1], (char *)&ipv4->sin_addr, 4); } else { if (verbose) printf("[failed for %s] ", hydra_targets[i]->target); @@ -3745,7 +3907,8 @@ int main(int argc, char *argv[]) { // restore device information if present if (device != NULL) { *(device - 1) = '%'; - fprintf(stderr, "[WARNING] not all modules support BINDTODEVICE for IPv6 link local addresses, e.g. SSH does not\n"); + fprintf(stderr, "[WARNING] not all modules support BINDTODEVICE for IPv6 " + "link local addresses, e.g. SSH does not\n"); } } if (verbose) @@ -3755,12 +3918,16 @@ int main(int argc, char *argv[]) { #ifndef SO_BINDTODEVICE if (device != NULL) { - fprintf(stderr, "[ERROR] your operating system does not support SO_BINDTODEVICE or IP_FORCE_OUT_IFP, dunno how to bind the IPv6 address to the interface %s!\n", device); + fprintf(stderr, + "[ERROR] your operating system does not support SO_BINDTODEVICE or " + "IP_FORCE_OUT_IFP, dunno how to bind the IPv6 address to the " + "interface %s!\n", + device); } #endif if (hydra_options.restore == 0) { - hydra_heads = malloc(sizeof(hydra_head*) * hydra_options.max_use); + hydra_heads = malloc(sizeof(hydra_head *) * hydra_options.max_use); target_no = 0; for (i = 0; i < hydra_options.max_use; i++) { hydra_heads[i] = malloc(sizeof(hydra_head)); @@ -3770,7 +3937,8 @@ int main(int argc, char *argv[]) { // here we call the init function of the relevant service module // should we do the init centrally or should each child do that? // that depends largely on the number of targets and maximum tasks - // if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) + // if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && + // hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) for (i = 0; i < hydra_brains.targets; i++) hydra_service_init(i); @@ -3779,11 +3947,12 @@ int main(int argc, char *argv[]) { fflush(stderr); fflush(hydra_brains.ofp); - #if OPENSSL_VERSION_NUMBER >= 0x10100000L if (hydra_options.ssl) { fprintf(stderr, "[WARNING] *****************************************************\n"); - fprintf(stderr, "[WARNING] OPENSSL v1.1 development changes are active - modules SMB, SNMP, RDP, ORACLE LISTENER and SSL in general might not work properly! Please test and report to vh@thc.org.\n"); + fprintf(stderr, "[WARNING] OPENSSL v1.1 development changes are active - modules " + "SMB, SNMP, RDP, ORACLE LISTENER and SSL in general might not work " + "properly! Please test and report to vh@thc.org.\n"); fprintf(stderr, "[WARNING] *****************************************************\n"); } #endif @@ -3791,7 +3960,8 @@ int main(int argc, char *argv[]) { hydra_debug(0, "attack"); process_restore = 1; - // this is the big function which starts the attacking children, feeds login/password pairs, etc.! + // this is the big function which starts the attacking children, feeds + // login/password pairs, etc.! while (exit_condition == 0) { memset(&fdreadheads, 0, sizeof(fdreadheads)); max_fd = 0; @@ -3825,10 +3995,12 @@ int main(int argc, char *argv[]) { printf("[DEBUG] child %d got target %d selected\n", head_no, hydra_heads[head_no]->target_no); if (hydra_heads[head_no]->target_no < 0) { if (debug) - printf("[DEBUG] hydra_select_target() reports no more targets left\n"); + printf("[DEBUG] hydra_select_target() reports no more targets " + "left\n"); hydra_kill_head(head_no, 0, 3); } else - hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1 + hydra_spawn_head(head_no, + hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1 } break; case HEAD_ACTIVE: @@ -3836,7 +4008,7 @@ int main(int argc, char *argv[]) { do_switch = 1; if (hydra_options.time_next_attempt > 0) { if (last_attempt + hydra_options.time_next_attempt >= time(NULL)) { - if (recv(hydra_heads[head_no]->sp[0], &rc, 1, MSG_PEEK) == 1 && (rc == 'N' || rc == 'n')) + if (recv(hydra_heads[head_no]->sp[0], &rc, 1, MSG_PEEK) == 1 && (rc == 'N' || rc == 'n')) do_switch = 0; } else last_attempt = time(NULL); @@ -3850,86 +4022,81 @@ int main(int argc, char *argv[]) { printf("[DEBUG] head_no[%d] read %c\n", head_no, rc); switch (rc) { // Valid Results: - // n - mother says to itself that child requests next login/password pair - // N - child requests next login/password pair - // Q - child reports that it is quitting - // C - child reports connect error (and is quitting) - // E - child reports protocol error (and is quitting) - // f - child reports that the username does not exist - // F - child reports that it found a valid login/password pair - // and requests next pair. Sends login/pw pair with next msg! - case 'N': // head wants next pair + // n - mother says to itself that child requests next + // login/password pair N - child requests next login/password + // pair Q - child reports that it is quitting C - child reports + // connect error (and is quitting) E - child reports protocol + // error (and is quitting) f - child reports that the username + // does not exist F - child reports that it found a valid + // login/password pair + // and requests next pair. Sends login/pw pair with next + // msg! + case 'N': // head wants next pair hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; // no break here - case 'n': // mother sends this to itself initially + case 'n': // mother sends this to itself initially loop_cnt = 0; if (hydra_send_next_pair(hydra_heads[head_no]->target_no, head_no) == -1) hydra_kill_head(head_no, 1, 0); break; - - case 'F': // valid password found + + case 'F': // valid password found hydra_brains.found++; if (colored_output) { if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target); + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: " + "\e[1;32m%s\e[0m\n", + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); else - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, - hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: " + "\e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, - hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: " + "\e[1;32m%s\e[0m login: \e[1;32m%s\e[0m\n", + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); } else - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", - hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: " + "\e[1;32m%s\e[0m login: \e[1;32m%s\e[0m password: " + "\e[1;32m%s\e[0m\n", + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); } else { if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - printf("[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target); + printf("[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); else - printf("[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + printf("[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); } else - printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); } if (hydra_options.outfile_format == FORMAT_JSONV1 && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { - fprintf(hydra_brains.ofp, "%s\n\t{\"port\": %d, \"service\": \"%s\", \"host\": \"%s\", \"login\": \"%s\", \"password\": \"%s\"}", - hydra_brains.found == 1 ? "" : ",", // prefix a comma if not first finding - hydra_targets[hydra_heads[head_no]->target_no]->port, - hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target !=NULL ? hydra_targets[hydra_heads[head_no]->target_no]->target : "", - hydra_heads[head_no]->current_login_ptr !=NULL ? hydra_string_replace(hydra_heads[head_no]->current_login_ptr,"\"","\\\"") : "", - hydra_heads[head_no]->current_pass_ptr != NULL ? hydra_string_replace(hydra_heads[head_no]->current_pass_ptr,"\"","\\\"") : "" - ); + fprintf(hydra_brains.ofp, + "%s\n\t{\"port\": %d, \"service\": \"%s\", \"host\": " + "\"%s\", \"login\": \"%s\", \"password\": \"%s\"}", + hydra_brains.found == 1 ? "" : ",", // prefix a comma if not first finding + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target != NULL ? hydra_targets[hydra_heads[head_no]->target_no]->target : "", hydra_heads[head_no]->current_login_ptr != NULL ? hydra_string_replace(hydra_heads[head_no]->current_login_ptr, "\"", "\\\"") : "", hydra_heads[head_no]->current_pass_ptr != NULL ? hydra_string_replace(hydra_heads[head_no]->current_pass_ptr, "\"", "\\\"") : ""); fflush(hydra_brains.ofp); - } else if (hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { // else output format == 0 aka text + } else if (hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { // else output format == 0 aka text if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - fprintf(hydra_brains.ofp, "[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target); + fprintf(hydra_brains.ofp, "[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); else - fprintf(hydra_brains.ofp, "[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + fprintf(hydra_brains.ofp, "[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); } else - fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); fflush(hydra_brains.ofp); } - if (hydra_options.exit_found) { // option set says quit target after on valid login/pass pair is found + if (hydra_options.exit_found) { // option set says quit target after on + // valid login/pass pair is found if (hydra_targets[hydra_heads[head_no]->target_no]->done == TARGET_ACTIVE) { - hydra_targets[hydra_heads[head_no]->target_no]->done = TARGET_FINISHED; // mark target as done + hydra_targets[hydra_heads[head_no]->target_no]->done = TARGET_FINISHED; // mark target as done hydra_brains.finished++; printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); } @@ -3938,7 +4105,7 @@ int main(int argc, char *argv[]) { if (hydra_targets[j]->done == TARGET_ACTIVE) { hydra_targets[j]->done = TARGET_FINISHED; hydra_brains.finished++; - } + } } for (j = 0; j < hydra_options.max_use; j++) if (hydra_heads[j]->active >= 0 && (hydra_heads[j]->target_no == target_no || hydra_options.exit_found == 2)) { @@ -3950,7 +4117,7 @@ int main(int argc, char *argv[]) { continue; } // fall through - case 'f': // username identified as invalid + case 'f': // username identified as invalid hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; @@ -3959,34 +4126,40 @@ int main(int argc, char *argv[]) { hydra_skip_user(hydra_heads[head_no]->target_no, buf); fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack break; - + // we do not make a difference between 'C' and 'E' results - yet - case 'E': // head reports protocol error - case 'C': // head reports connect error + case 'E': // head reports protocol error + case 'C': // head reports connect error fck = write(hydra_heads[head_no]->sp[0], "Q", 1); if (debug) { - printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %" hPRIu64 " of %" hPRIu64 "\n", - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, - hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); + printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass " + "\"%s\" - child %d - %" hPRIu64 " of %" hPRIu64 "\n", + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); } hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); break; - case 'Q': // head reports its quitting + case 'Q': // head reports its quitting fck = write(hydra_heads[head_no]->sp[0], "Q", 1); if (debug) printf("[DEBUG] child %d reported it quit\n", head_no); hydra_kill_head(head_no, 1, 0); break; - + default: - fprintf(stderr, "[ERROR] child %d sent nonsense data, killing and restarting it!\n", head_no); + fprintf(stderr, + "[ERROR] child %d sent nonsense data, killing and " + "restarting it!\n", + head_no); hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } // end switch - } // readres + } // readres if (readres == -1) { if (verbose) - fprintf(stderr, "[WARNING] child %d seems to have died, restarting (this only happens if a module is bad) ... \n", head_no); + fprintf(stderr, + "[WARNING] child %d seems to have died, restarting " + "(this only happens if a module is bad) ... \n", + head_no); hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } } // end do_switch @@ -3996,11 +4169,15 @@ int main(int argc, char *argv[]) { if (tmp_time > waittime + hydra_heads[head_no]->last_seen) { if (kill(hydra_heads[head_no]->pid, 0) < 0) { if (verbose) - fprintf(stderr, "[WARNING] child %d seems to be dead, restarting it ...\n", head_no); + fprintf(stderr, + "[WARNING] child %d seems to be dead, restarting it " + "...\n", + head_no); hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } } - // if we do not get to hear anything for a longer time assume its dead + // if we do not get to hear anything for a longer time assume its + // dead if (tmp_time > waittime * 2 + hydra_heads[head_no]->last_seen) { if (verbose) fprintf(stderr, "[WARNING] timeout from child %d, restarting\n", head_no); @@ -4014,10 +4191,11 @@ int main(int argc, char *argv[]) { hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } } - //if (debug) printf("DEBUG: bug hunt: %lu %lu\n", hydra_brains.todo_all, hydra_brains.sent); + // if (debug) printf("DEBUG: bug hunt: %lu %lu\n", hydra_brains.todo_all, + // hydra_brains.sent); usleepn(USLEEP_LOOP); - (void) wait3(NULL, WNOHANG, NULL); + (void)wait3(NULL, WNOHANG, NULL); // write restore file and report status if (process_restore == 1 && time(NULL) - elapsed_restore > 299) { hydra_restore_write(0); @@ -4044,15 +4222,14 @@ int main(int argc, char *argv[]) { for (j = 0; j < hydra_options.max_use; j++) if (hydra_heads[j]->active >= HEAD_UNUSED) k++; - printf("[STATUS] %.2f tries/min, %" hPRIu64 " tries in %02" hPRIu64 ":%02" hPRIu64 "h, %" hPRIu64 " to do in %02" hPRIu64 ":%02" hPRIu64 "h, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min - hydra_brains.sent, // tries - (uint64_t) ((elapsed_status - starttime) / 3600), // hours - (uint64_t) (((elapsed_status - starttime) % 3600) / 60), // minutes - (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent != 0 ? (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent : 1, // left todo - (uint64_t) (((double) (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) - ) / 3600, // hours - (((uint64_t) (((double) (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) - ) % 3600) / 60) + 1, // min + printf("[STATUS] %.2f tries/min, %" hPRIu64 " tries in %02" hPRIu64 ":%02" hPRIu64 "h, %" hPRIu64 " to do in %02" hPRIu64 ":%02" hPRIu64 "h, %d active\n", + (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min + hydra_brains.sent, // tries + (uint64_t)((elapsed_status - starttime) / 3600), // hours + (uint64_t)(((elapsed_status - starttime) % 3600) / 60), // minutes + (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent != 0 ? (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent : 1, // left todo + (uint64_t)(((double)(hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double)hydra_brains.sent / (elapsed_status - starttime))) / 3600, // hours + (((uint64_t)(((double)(hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double)hydra_brains.sent / (elapsed_status - starttime))) % 3600) / 60) + 1, // min k); hydra_debug(0, "STATUS"); } @@ -4089,9 +4266,7 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] illegal target result value (%d=>%d)\n", i, hydra_targets[i]->done); } - printf("%d of %d target%s%scompleted, %" hPRIu64 " valid password", - hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", - hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found); + printf("%d of %d target%s%scompleted, %" hPRIu64 " valid password", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found); printf("%s", hydra_brains.found < 2 ? "" : "s"); printf(" found\n"); @@ -4106,10 +4281,14 @@ int main(int argc, char *argv[]) { unlink(RESTOREFILE); } else { if (hydra_options.cidr == 0 && k == 0) { - printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); + printf("[INFO] Writing restore file because %d server scan%s could not " + "be completed\n", + j + error, j + error == 1 ? "" : "s"); hydra_restore_write(1); } else if (k > 0) { - printf("[WARNING] Writing restore file because %d final worker threads did not complete until end.\n", k); + printf("[WARNING] Writing restore file because %d final worker threads " + "did not complete until end.\n", + k); hydra_restore_write(1); } } @@ -4119,49 +4298,51 @@ int main(int argc, char *argv[]) { for (i = 0; i < hydra_options.max_use; i++) if (hydra_heads[i]->active == HEAD_ACTIVE && hydra_heads[i]->pid > 0) hydra_kill_head(i, 1, 3); - (void) wait3(NULL, WNOHANG, NULL); + (void)wait3(NULL, WNOHANG, NULL); -#define STRMAX (10*1024) - char json_error[STRMAX+2], tmp_str[STRMAX+2]; - memset(json_error, 0, STRMAX+2); - memset(tmp_str, 0, STRMAX+2); +#define STRMAX (10 * 1024) + char json_error[STRMAX + 2], tmp_str[STRMAX + 2]; + memset(json_error, 0, STRMAX + 2); + memset(tmp_str, 0, STRMAX + 2); if (error) { snprintf(tmp_str, STRMAX, "[ERROR] %d target%s disabled because of too many errors", error, error == 1 ? " was" : "s were"); fprintf(stderr, "%s\n", tmp_str); - strncat(json_error,"\"",STRMAX); - strncat(json_error,tmp_str,STRMAX); - strncat(json_error,"\"",STRMAX); + strncat(json_error, "\"", STRMAX); + strncat(json_error, tmp_str, STRMAX); + strncat(json_error, "\"", STRMAX); error = 1; } if (k) { snprintf(tmp_str, STRMAX, "[ERROR] %d target%s did not resolve or could not be connected", k, k == 1 ? "" : "s"); fprintf(stderr, "%s\n", tmp_str); if (*json_error) { - strncat(json_error,", ", STRMAX); + strncat(json_error, ", ", STRMAX); } - strncat(json_error,"\"",STRMAX); - strncat(json_error,tmp_str,STRMAX); - strncat(json_error,"\"",STRMAX); + strncat(json_error, "\"", STRMAX); + strncat(json_error, tmp_str, STRMAX); + strncat(json_error, "\"", STRMAX); error = 1; } if (error) { snprintf(tmp_str, STRMAX, "[ERROR] %d target%s did not complete", j, j < 1 ? "" : "s"); fprintf(stderr, "%s\n", tmp_str); if (*json_error) { - strncat(json_error,", ", STRMAX); + strncat(json_error, ", ", STRMAX); } - strncat(json_error,"\"",STRMAX); - strncat(json_error,tmp_str,STRMAX); - strncat(json_error,"\"",STRMAX); + strncat(json_error, "\"", STRMAX); + strncat(json_error, tmp_str, STRMAX); + strncat(json_error, "\"", STRMAX); error = 1; } // yeah we did it printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) { if (hydra_options.outfile_format == FORMAT_JSONV1) { - fprintf(hydra_brains.ofp, "\n\t],\n\"success\": %s,\n\"errormessages\": [ %s ],\n\"quantityfound\": %" hPRIu64 " }\n", + fprintf(hydra_brains.ofp, + "\n\t],\n\"success\": %s,\n\"errormessages\": [ %s " + "],\n\"quantityfound\": %" hPRIu64 " }\n", (error ? "false" : "true"), json_error, hydra_brains.found); - } + } fclose(hydra_brains.ofp); } diff --git a/hydra.h b/hydra.h index dc158ec..53b52d5 100644 --- a/hydra.h +++ b/hydra.h @@ -2,200 +2,186 @@ #include #ifdef __sun - #include +#include #elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) || defined(__APPLE__) - #include +#include #else - #include +#include #endif #if defined(_INTTYPES_H) || defined(__CLANG_INTTYPES_H) - #define hPRIu64 PRIu64 +#define hPRIu64 PRIu64 #else - #define hPRIu64 "lu" +#define hPRIu64 "lu" #endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include +#include +#include +#include #include #include -#include -#include -#include +#include +#include +#include +#include +#include #include +#include +#include +#include +#include #include -#include +#include +#include #ifdef HAVE_OPENSSL - #define HYDRA_SSL +#define HYDRA_SSL #endif #ifdef HAVE_SSL - #ifndef HYDRA_SSL - #define HYDRA_SSL - #endif +#ifndef HYDRA_SSL +#define HYDRA_SSL +#endif #endif #ifdef LIBSSH - #include +#include #endif #ifdef HAVE_ZLIB - #include +#include #endif #define OPTION_SSL 1 #ifdef LIBOPENSSL - #ifndef NO_RSA_LEGACY - #if OPENSSL_VERSION_NUMBER >= 0x10100000L - #define NO_RSA_LEGACY - #endif - #endif +#ifndef NO_RSA_LEGACY +#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#define NO_RSA_LEGACY +#endif +#endif #endif -#define PORT_NOPORT -1 -#define PORT_FTP 21 -#define PORT_FTP_SSL 990 -#define PORT_TELNET 23 -#define PORT_TELNET_SSL 992 -#define PORT_HTTP 80 -#define PORT_HTTP_SSL 443 +#define PORT_NOPORT -1 +#define PORT_FTP 21 +#define PORT_FTP_SSL 990 +#define PORT_TELNET 23 +#define PORT_TELNET_SSL 992 +#define PORT_HTTP 80 +#define PORT_HTTP_SSL 443 #define PORT_HTTP_PROXY 3128 #define PORT_HTTP_PROXY_SSL 3128 -#define PORT_POP3 110 -#define PORT_POP3_SSL 995 -#define PORT_NNTP 119 -#define PORT_NNTP_SSL 563 -#define PORT_SMB 139 -#define PORT_SMB_SSL 139 -#define PORT_SMBNT 445 -#define PORT_SMBNT_SSL 445 -#define PORT_IMAP 143 -#define PORT_IMAP_SSL 993 -#define PORT_LDAP 389 -#define PORT_LDAP_SSL 636 -#define PORT_REXEC 512 -#define PORT_REXEC_SSL 512 -#define PORT_RLOGIN 513 -#define PORT_RLOGIN_SSL 513 -#define PORT_RSH 514 -#define PORT_RSH_SSL 514 -#define PORT_SOCKS5 1080 +#define PORT_POP3 110 +#define PORT_POP3_SSL 995 +#define PORT_NNTP 119 +#define PORT_NNTP_SSL 563 +#define PORT_SMB 139 +#define PORT_SMB_SSL 139 +#define PORT_SMBNT 445 +#define PORT_SMBNT_SSL 445 +#define PORT_IMAP 143 +#define PORT_IMAP_SSL 993 +#define PORT_LDAP 389 +#define PORT_LDAP_SSL 636 +#define PORT_REXEC 512 +#define PORT_REXEC_SSL 512 +#define PORT_RLOGIN 513 +#define PORT_RLOGIN_SSL 513 +#define PORT_RSH 514 +#define PORT_RSH_SSL 514 +#define PORT_SOCKS5 1080 #define PORT_SOCKS5_SSL 1080 -#define PORT_ICQ 4000 -#define PORT_ICQ_SSL -1 -#define PORT_VNC 5900 -#define PORT_VNC_SSL 5901 -#define PORT_PCNFS 0 -#define PORT_PCNFS_SSL -1 -#define PORT_MYSQL 3306 -#define PORT_MYSQL_SSL 3306 -#define PORT_MSSQL 1433 -#define PORT_MSSQL_SSL 1433 -#define PORT_POSTGRES 5432 +#define PORT_ICQ 4000 +#define PORT_ICQ_SSL -1 +#define PORT_VNC 5900 +#define PORT_VNC_SSL 5901 +#define PORT_PCNFS 0 +#define PORT_PCNFS_SSL -1 +#define PORT_MYSQL 3306 +#define PORT_MYSQL_SSL 3306 +#define PORT_MSSQL 1433 +#define PORT_MSSQL_SSL 1433 +#define PORT_POSTGRES 5432 #define PORT_POSTGRES_SSL 5432 -#define PORT_ORACLE 1521 +#define PORT_ORACLE 1521 #define PORT_ORACLE_SSL 1521 #define PORT_PCANYWHERE 5631 #define PORT_PCANYWHERE_SSL 5631 -#define PORT_ADAM6500 502 -#define PORT_ADAM6500_SSL 502 -#define PORT_SAPR3 -1 -#define PORT_SAPR3_SSL -1 -#define PORT_SSH 22 -#define PORT_SSH_SSL 22 -#define PORT_SNMP 161 -#define PORT_SNMP_SSL 1993 -#define PORT_CVS 2401 -#define PORT_CVS_SSL 2401 -#define PORT_FIREBIRD 3050 +#define PORT_ADAM6500 502 +#define PORT_ADAM6500_SSL 502 +#define PORT_SAPR3 -1 +#define PORT_SAPR3_SSL -1 +#define PORT_SSH 22 +#define PORT_SSH_SSL 22 +#define PORT_SNMP 161 +#define PORT_SNMP_SSL 1993 +#define PORT_CVS 2401 +#define PORT_CVS_SSL 2401 +#define PORT_FIREBIRD 3050 #define PORT_FIREBIRD_SSL 3050 -#define PORT_AFP 548 -#define PORT_AFP_SSL 548 -#define PORT_NCP 524 -#define PORT_NCP_SSL 524 -#define PORT_SVN 3690 -#define PORT_SVN_SSL 3690 -#define PORT_SMTP 25 +#define PORT_AFP 548 +#define PORT_AFP_SSL 548 +#define PORT_NCP 524 +#define PORT_NCP_SSL 524 +#define PORT_SVN 3690 +#define PORT_SVN_SSL 3690 +#define PORT_SMTP 25 #define PORT_SMTP_SSL 465 -#define PORT_TEAMSPEAK 8767 +#define PORT_TEAMSPEAK 8767 #define PORT_TEAMSPEAK_SSL 8767 -#define PORT_SIP 5060 -#define PORT_SIP_SSL 5061 -#define PORT_VMAUTHD 902 -#define PORT_VMAUTHD_SSL 902 -#define PORT_XMPP 5222 -#define PORT_XMPP_SSL 5223 -#define PORT_IRC 6667 -#define PORT_IRC_SSL 6697 -#define PORT_RDP 3389 -#define PORT_RDP_SSL 3389 -#define PORT_ASTERISK 5038 -#define PORT_ASTERISK_SSL 5038 -#define PORT_S7_300 102 -#define PORT_S7_300_SSL 102 -#define PORT_REDIS 6379 -#define PORT_REDIS_SSL 6379 -#define PORT_RTSP 554 -#define PORT_RTSP_SSL 554 -#define PORT_RPCAP 2002 -#define PORT_RPCAP_SSL 2002 -#define PORT_RADMIN2 4899 -#define PORT_MCACHED 11211 -#define PORT_MCACHED_SSL 11211 -#define PORT_MONGODB 27017 +#define PORT_SIP 5060 +#define PORT_SIP_SSL 5061 +#define PORT_VMAUTHD 902 +#define PORT_VMAUTHD_SSL 902 +#define PORT_XMPP 5222 +#define PORT_XMPP_SSL 5223 +#define PORT_IRC 6667 +#define PORT_IRC_SSL 6697 +#define PORT_RDP 3389 +#define PORT_RDP_SSL 3389 +#define PORT_ASTERISK 5038 +#define PORT_ASTERISK_SSL 5038 +#define PORT_S7_300 102 +#define PORT_S7_300_SSL 102 +#define PORT_REDIS 6379 +#define PORT_REDIS_SSL 6379 +#define PORT_RTSP 554 +#define PORT_RTSP_SSL 554 +#define PORT_RPCAP 2002 +#define PORT_RPCAP_SSL 2002 +#define PORT_RADMIN2 4899 +#define PORT_MCACHED 11211 +#define PORT_MCACHED_SSL 11211 +#define PORT_MONGODB 27017 #define False 0 -#define True 1 +#define True 1 #ifndef INET_ADDRSTRLEN - #define INET_ADDRSTRLEN 16 +#define INET_ADDRSTRLEN 16 #endif #define MAX_PROXY_COUNT 64 #ifndef _WIN32 - int32_t sleepn(time_t seconds); - int32_t usleepn(uint64_t useconds); +int32_t sleepn(time_t seconds); +int32_t usleepn(uint64_t useconds); #else - int32_t sleepn(uint32_t seconds); - int32_t usleepn(uint32_t useconds); +int32_t sleepn(uint32_t seconds); +int32_t usleepn(uint32_t useconds); #endif -typedef enum { - MODE_PASSWORD_LIST = 1, - MODE_LOGIN_LIST = 2, - MODE_PASSWORD_BRUTE = 4, - MODE_PASSWORD_REVERSE = 8, - MODE_PASSWORD_NULL = 16, - MODE_PASSWORD_SAME = 32, - MODE_COLON_FILE = 64 -} hydra_mode_t; +typedef enum { MODE_PASSWORD_LIST = 1, MODE_LOGIN_LIST = 2, MODE_PASSWORD_BRUTE = 4, MODE_PASSWORD_REVERSE = 8, MODE_PASSWORD_NULL = 16, MODE_PASSWORD_SAME = 32, MODE_COLON_FILE = 64 } hydra_mode_t; -typedef enum { - FORMAT_PLAIN_TEXT, - FORMAT_JSONV1, - FORMAT_JSONV2, - FORMAT_XMLV1 -} output_format_t; +typedef enum { FORMAT_PLAIN_TEXT, FORMAT_JSONV1, FORMAT_JSONV2, FORMAT_XMLV1 } output_format_t; typedef struct { hydra_mode_t mode; - int32_t loop_mode; // valid modes: 0 = password, 1 = user + int32_t loop_mode; // valid modes: 0 = password, 1 = user int32_t ssl; int32_t restore; - int32_t debug; // is external - for restore - int32_t verbose; // is external - for restore + int32_t debug; // is external - for restore + int32_t verbose; // is external - for restore int32_t showAttempt; int32_t tasks; int32_t try_null_password; @@ -213,9 +199,9 @@ typedef struct { char *outfile_ptr; char *infile_ptr; char *colonfile; - int32_t waittime; // is external - for restore - int32_t conwait; // is external - for restore - uint32_t port; // is external - for restore + int32_t waittime; // is external - for restore + int32_t conwait; // is external - for restore + uint32_t port; // is external - for restore char *miscptr; char *server; char *service; diff --git a/libpq-fe.h b/libpq-fe.h index d7cce84..28bf70d 100644 --- a/libpq-fe.h +++ b/libpq-fe.h @@ -35,81 +35,81 @@ extern "C" { /* Application-visible enum types */ - typedef enum { - /* - * Although it is okay to add to this list, values which become unused - * should never be removed, nor should constants be redefined - that - * would break compatibility with existing code. - */ - CONNECTION_OK, - CONNECTION_BAD, - /* Non-blocking mode only below here */ +typedef enum { + /* + * Although it is okay to add to this list, values which become unused + * should never be removed, nor should constants be redefined - that + * would break compatibility with existing code. + */ + CONNECTION_OK, + CONNECTION_BAD, + /* Non-blocking mode only below here */ - /* - * The existence of these should never be relied upon - they should - * only be used for user feedback or similar purposes. - */ - CONNECTION_STARTED, /* Waiting for connection to be made. */ - CONNECTION_MADE, /* Connection OK; waiting to send. */ - CONNECTION_AWAITING_RESPONSE, /* Waiting for a response from the - * postmaster. */ - CONNECTION_AUTH_OK, /* Received authentication; waiting for + /* + * The existence of these should never be relied upon - they should + * only be used for user feedback or similar purposes. + */ + CONNECTION_STARTED, /* Waiting for connection to be made. */ + CONNECTION_MADE, /* Connection OK; waiting to send. */ + CONNECTION_AWAITING_RESPONSE, /* Waiting for a response from the + * postmaster. */ + CONNECTION_AUTH_OK, /* Received authentication; waiting for * backend startup. */ - CONNECTION_SETENV, /* Negotiating environment. */ - CONNECTION_SSL_STARTUP, /* Negotiating SSL. */ - CONNECTION_NEEDED /* Internal state: connect() needed */ - } ConnStatusType; + CONNECTION_SETENV, /* Negotiating environment. */ + CONNECTION_SSL_STARTUP, /* Negotiating SSL. */ + CONNECTION_NEEDED /* Internal state: connect() needed */ +} ConnStatusType; - typedef enum { - PGRES_POLLING_FAILED = 0, - PGRES_POLLING_READING, /* These two indicate that one may */ - PGRES_POLLING_WRITING, /* use select before polling again. */ - PGRES_POLLING_OK, - PGRES_POLLING_ACTIVE /* unused; keep for awhile for backwards - * compatibility */ - } PostgresPollingStatusType; +typedef enum { + PGRES_POLLING_FAILED = 0, + PGRES_POLLING_READING, /* These two indicate that one may */ + PGRES_POLLING_WRITING, /* use select before polling again. */ + PGRES_POLLING_OK, + PGRES_POLLING_ACTIVE /* unused; keep for awhile for backwards + * compatibility */ +} PostgresPollingStatusType; - typedef enum { - PGRES_EMPTY_QUERY = 0, /* empty query string was executed */ - PGRES_COMMAND_OK, /* a query command that doesn't return - * anything was executed properly by the - * backend */ - PGRES_TUPLES_OK, /* a query command that returns tuples was - * executed properly by the backend, - * PGresult contains the result tuples */ - PGRES_COPY_OUT, /* Copy Out data transfer in progress */ - PGRES_COPY_IN, /* Copy In data transfer in progress */ - PGRES_BAD_RESPONSE, /* an unexpected response was recv'd from - * the backend */ - PGRES_NONFATAL_ERROR, /* notice or warning message */ - PGRES_FATAL_ERROR /* query failed */ - } ExecStatusType; +typedef enum { + PGRES_EMPTY_QUERY = 0, /* empty query string was executed */ + PGRES_COMMAND_OK, /* a query command that doesn't return + * anything was executed properly by the + * backend */ + PGRES_TUPLES_OK, /* a query command that returns tuples was + * executed properly by the backend, + * PGresult contains the result tuples */ + PGRES_COPY_OUT, /* Copy Out data transfer in progress */ + PGRES_COPY_IN, /* Copy In data transfer in progress */ + PGRES_BAD_RESPONSE, /* an unexpected response was recv'd from + * the backend */ + PGRES_NONFATAL_ERROR, /* notice or warning message */ + PGRES_FATAL_ERROR /* query failed */ +} ExecStatusType; - typedef enum { - PQTRANS_IDLE, /* connection idle */ - PQTRANS_ACTIVE, /* command in progress */ - PQTRANS_INTRANS, /* idle, within transaction block */ - PQTRANS_INERROR, /* idle, within failed transaction */ - PQTRANS_UNKNOWN /* cannot determine status */ - } PGTransactionStatusType; +typedef enum { + PQTRANS_IDLE, /* connection idle */ + PQTRANS_ACTIVE, /* command in progress */ + PQTRANS_INTRANS, /* idle, within transaction block */ + PQTRANS_INERROR, /* idle, within failed transaction */ + PQTRANS_UNKNOWN /* cannot determine status */ +} PGTransactionStatusType; - typedef enum { - PQERRORS_TERSE, /* single-line error messages */ - PQERRORS_DEFAULT, /* recommended style */ - PQERRORS_VERBOSE /* all the facts, ma'am */ - } PGVerbosity; +typedef enum { + PQERRORS_TERSE, /* single-line error messages */ + PQERRORS_DEFAULT, /* recommended style */ + PQERRORS_VERBOSE /* all the facts, ma'am */ +} PGVerbosity; /* PGconn encapsulates a connection to the backend. * The contents of this struct are not supposed to be known to applications. */ - typedef struct pg_conn PGconn; +typedef struct pg_conn PGconn; /* PGresult encapsulates the result of a query (or more precisely, of a single * SQL command --- a query string given to PQsendQuery can contain multiple * commands and thus return multiple PGresult objects). * The contents of this struct are not supposed to be known to applications. */ - typedef struct pg_result PGresult; +typedef struct pg_result PGresult; /* PGnotify represents the occurrence of a NOTIFY message. * Ideally this would be an opaque typedef, but it's so simple that it's @@ -117,33 +117,33 @@ extern "C" { * NOTE: in Postgres 6.4 and later, the be_pid is the notifying backend's, * whereas in earlier versions it was always your own backend's PID. */ - typedef struct pgNotify { - char *relname; /* notification condition name */ - int32_t be_pid; /* process ID of server process */ - char *extra; /* notification parameter */ - } PGnotify; +typedef struct pgNotify { + char *relname; /* notification condition name */ + int32_t be_pid; /* process ID of server process */ + char *extra; /* notification parameter */ +} PGnotify; /* Function types for notice-handling callbacks */ - typedef void (*PQnoticeReceiver) (void *arg, const PGresult * res); - typedef void (*PQnoticeProcessor) (void *arg, const char *message); +typedef void (*PQnoticeReceiver)(void *arg, const PGresult *res); +typedef void (*PQnoticeProcessor)(void *arg, const char *message); /* Print options for PQprint() */ - typedef char pqbool; +typedef char pqbool; - typedef struct _PQprintOpt { - pqbool header; /* print output field headings and row - * count */ - pqbool align; /* fill align the fields */ - pqbool standard; /* old brain dead format */ - pqbool html3; /* output html tables */ - pqbool expanded; /* expand tables */ - pqbool pager; /* use pager for output if needed */ - char *fieldSep; /* field separator */ - char *tableOpt; /* insert to HTML */ - char *caption; /* HTML
*/ - char **fieldName; /* null terminated array of repalcement - * field names */ - } PQprintOpt; +typedef struct _PQprintOpt { + pqbool header; /* print output field headings and row + * count */ + pqbool align; /* fill align the fields */ + pqbool standard; /* old brain dead format */ + pqbool html3; /* output html tables */ + pqbool expanded; /* expand tables */ + pqbool pager; /* use pager for output if needed */ + char *fieldSep; /* field separator */ + char *tableOpt; /* insert to HTML */ + char *caption; /* HTML
*/ + char **fieldName; /* null terminated array of repalcement + * field names */ +} PQprintOpt; /* ---------------- * Structure for the conninfo parameter definitions returned by PQconndefaults @@ -153,32 +153,32 @@ extern "C" { * will release both the val strings and the PQconninfoOption array itself. * ---------------- */ - typedef struct _PQconninfoOption { - char *keyword; /* The keyword of the option */ - char *envvar; /* Fallback environment variable name */ - char *compiled; /* Fallback compiled in default value */ - char *val; /* Option's current value, or NULL */ - char *label; /* Label for field in connect dialog */ - char *dispchar; /* Character to display for this field in - * a connect dialog. Values are: "" - * Display entered value as is "*" - * Password field - hide value "D" Debug - * option - don't show by default */ - int32_t dispsize; /* Field size in characters for dialog */ - } PQconninfoOption; +typedef struct _PQconninfoOption { + char *keyword; /* The keyword of the option */ + char *envvar; /* Fallback environment variable name */ + char *compiled; /* Fallback compiled in default value */ + char *val; /* Option's current value, or NULL */ + char *label; /* Label for field in connect dialog */ + char *dispchar; /* Character to display for this field in + * a connect dialog. Values are: "" + * Display entered value as is "*" + * Password field - hide value "D" Debug + * option - don't show by default */ + int32_t dispsize; /* Field size in characters for dialog */ +} PQconninfoOption; /* ---------------- * PQArgBlock -- structure for PQfn() arguments * ---------------- */ - typedef struct { - int32_t len; - int32_t isint; - union { - int32_t *ptr; /* can't use void (dec compiler barfs) */ - int32_t integer; - } u; - } PQArgBlock; +typedef struct { + int32_t len; + int32_t isint; + union { + int32_t *ptr; /* can't use void (dec compiler barfs) */ + int32_t integer; + } u; +} PQArgBlock; /* ---------------- * Exported functions of libpq @@ -190,24 +190,23 @@ extern "C" { /* make a new client connection to the backend */ /* Asynchronous (non-blocking) */ - extern PGconn *PQconnectStart(const char *conninfo); - extern PostgresPollingStatusType PQconnectPoll(PGconn * conn); +extern PGconn *PQconnectStart(const char *conninfo); +extern PostgresPollingStatusType PQconnectPoll(PGconn *conn); /* Synchronous (blocking) */ - extern PGconn *PQconnectdb(const char *conninfo); - extern PGconn *PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd); +extern PGconn *PQconnectdb(const char *conninfo); +extern PGconn *PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd); -#define PQsetdb(M_PGHOST,M_PGPORT,M_PGOPT,M_PGTTY,M_DBNAME) \ - PQsetdbLogin(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME, NULL, NULL) +#define PQsetdb(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME) PQsetdbLogin(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME, NULL, NULL) /* close the current connection and free the PGconn data structure */ - extern void PQfinish(PGconn * conn); +extern void PQfinish(PGconn *conn); /* get info about connection options known to PQconnectdb */ - extern PQconninfoOption *PQconndefaults(void); +extern PQconninfoOption *PQconndefaults(void); /* free the data structure returned by PQconndefaults() */ - extern void PQconninfoFree(PQconninfoOption * connOptions); +extern void PQconninfoFree(PQconninfoOption *connOptions); /* * close the current connection and restablish a new one with the same @@ -215,130 +214,124 @@ extern "C" { */ /* Asynchronous (non-blocking) */ - extern int32_t PQresetStart(PGconn * conn); - extern PostgresPollingStatusType PQresetPoll(PGconn * conn); +extern int32_t PQresetStart(PGconn *conn); +extern PostgresPollingStatusType PQresetPoll(PGconn *conn); /* Synchronous (blocking) */ - extern void PQreset(PGconn * conn); +extern void PQreset(PGconn *conn); /* issue a cancel request */ - extern int32_t PQrequestCancel(PGconn * conn); +extern int32_t PQrequestCancel(PGconn *conn); /* Accessor functions for PGconn objects */ - extern char *PQdb(const PGconn * conn); - extern char *PQuser(const PGconn * conn); - extern char *PQpass(const PGconn * conn); - extern char *PQhost(const PGconn * conn); - extern char *PQport(const PGconn * conn); - extern char *PQtty(const PGconn * conn); - extern char *PQoptions(const PGconn * conn); - extern ConnStatusType PQstatus(const PGconn * conn); - extern PGTransactionStatusType PQtransactionStatus(const PGconn * conn); - extern const char *PQparameterStatus(const PGconn * conn, const char *paramName); - extern int32_t PQprotocolVersion(const PGconn * conn); - extern char *PQerrorMessage(const PGconn * conn); - extern int32_t PQsocket(const PGconn * conn); - extern int32_t PQbackendPID(const PGconn * conn); - extern int32_t PQclientEncoding(const PGconn * conn); - extern int32_t PQsetClientEncoding(PGconn * conn, const char *encoding); +extern char *PQdb(const PGconn *conn); +extern char *PQuser(const PGconn *conn); +extern char *PQpass(const PGconn *conn); +extern char *PQhost(const PGconn *conn); +extern char *PQport(const PGconn *conn); +extern char *PQtty(const PGconn *conn); +extern char *PQoptions(const PGconn *conn); +extern ConnStatusType PQstatus(const PGconn *conn); +extern PGTransactionStatusType PQtransactionStatus(const PGconn *conn); +extern const char *PQparameterStatus(const PGconn *conn, const char *paramName); +extern int32_t PQprotocolVersion(const PGconn *conn); +extern char *PQerrorMessage(const PGconn *conn); +extern int32_t PQsocket(const PGconn *conn); +extern int32_t PQbackendPID(const PGconn *conn); +extern int32_t PQclientEncoding(const PGconn *conn); +extern int32_t PQsetClientEncoding(PGconn *conn, const char *encoding); #ifdef USE_SSL /* Get the SSL structure associated with a connection */ - extern SSL *PQgetssl(PGconn * conn); +extern SSL *PQgetssl(PGconn *conn); #endif /* Set verbosity for PQerrorMessage and PQresultErrorMessage */ - extern PGVerbosity PQsetErrorVerbosity(PGconn * conn, PGVerbosity verbosity); +extern PGVerbosity PQsetErrorVerbosity(PGconn *conn, PGVerbosity verbosity); /* Enable/disable tracing */ - extern void PQtrace(PGconn * conn, FILE * debug_port); - extern void PQuntrace(PGconn * conn); +extern void PQtrace(PGconn *conn, FILE *debug_port); +extern void PQuntrace(PGconn *conn); /* Override default notice handling routines */ - extern PQnoticeReceiver PQsetNoticeReceiver(PGconn * conn, PQnoticeReceiver proc, void *arg); - extern PQnoticeProcessor PQsetNoticeProcessor(PGconn * conn, PQnoticeProcessor proc, void *arg); +extern PQnoticeReceiver PQsetNoticeReceiver(PGconn *conn, PQnoticeReceiver proc, void *arg); +extern PQnoticeProcessor PQsetNoticeProcessor(PGconn *conn, PQnoticeProcessor proc, void *arg); /* === in fe-exec.c === */ /* Simple synchronous query */ - extern PGresult *PQexec(PGconn * conn, const char *query); - extern PGresult *PQexecParams(PGconn * conn, - const char *command, - int32_t nParams, const Oid * paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); - extern PGresult *PQexecPrepared(PGconn * conn, - const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); +extern PGresult *PQexec(PGconn *conn, const char *query); +extern PGresult *PQexecParams(PGconn *conn, const char *command, int32_t nParams, const Oid *paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); +extern PGresult *PQexecPrepared(PGconn *conn, const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); /* Interface for multiple-result or asynchronous queries */ - extern int32_t PQsendQuery(PGconn * conn, const char *query); - extern int32_t PQsendQueryParams(PGconn * conn, - const char *command, - int32_t nParams, const Oid * paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); - extern int32_t PQsendQueryPrepared(PGconn * conn, - const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); - extern PGresult *PQgetResult(PGconn * conn); +extern int32_t PQsendQuery(PGconn *conn, const char *query); +extern int32_t PQsendQueryParams(PGconn *conn, const char *command, int32_t nParams, const Oid *paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); +extern int32_t PQsendQueryPrepared(PGconn *conn, const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); +extern PGresult *PQgetResult(PGconn *conn); /* Routines for managing an asynchronous query */ - extern int32_t PQisBusy(PGconn * conn); - extern int32_t PQconsumeInput(PGconn * conn); +extern int32_t PQisBusy(PGconn *conn); +extern int32_t PQconsumeInput(PGconn *conn); /* LISTEN/NOTIFY support */ - extern PGnotify *PQnotifies(PGconn * conn); +extern PGnotify *PQnotifies(PGconn *conn); /* Routines for copy in/out */ - extern int32_t PQputCopyData(PGconn * conn, const char *buffer, int32_t nbytes); - extern int32_t PQputCopyEnd(PGconn * conn, const char *errormsg); - extern int32_t PQgetCopyData(PGconn * conn, char **buffer, int32_t async); +extern int32_t PQputCopyData(PGconn *conn, const char *buffer, int32_t nbytes); +extern int32_t PQputCopyEnd(PGconn *conn, const char *errormsg); +extern int32_t PQgetCopyData(PGconn *conn, char **buffer, int32_t async); /* Deprecated routines for copy in/out */ - extern int32_t PQgetline(PGconn * conn, char *string, int32_t length); - extern int32_t PQputline(PGconn * conn, const char *string); - extern int32_t PQgetlineAsync(PGconn * conn, char *buffer, int32_t bufsize); - extern int32_t PQputnbytes(PGconn * conn, const char *buffer, int32_t nbytes); - extern int32_t PQendcopy(PGconn * conn); +extern int32_t PQgetline(PGconn *conn, char *string, int32_t length); +extern int32_t PQputline(PGconn *conn, const char *string); +extern int32_t PQgetlineAsync(PGconn *conn, char *buffer, int32_t bufsize); +extern int32_t PQputnbytes(PGconn *conn, const char *buffer, int32_t nbytes); +extern int32_t PQendcopy(PGconn *conn); /* Set blocking/nonblocking connection to the backend */ - extern int32_t PQsetnonblocking(PGconn * conn, int32_t arg); - extern int32_t PQisnonblocking(const PGconn * conn); +extern int32_t PQsetnonblocking(PGconn *conn, int32_t arg); +extern int32_t PQisnonblocking(const PGconn *conn); /* Force the write buffer to be written (or at least try) */ - extern int32_t PQflush(PGconn * conn); +extern int32_t PQflush(PGconn *conn); /* * "Fast path" interface --- not really recommended for application * use */ - extern PGresult *PQfn(PGconn * conn, int32_t fnid, int32_t *result_buf, int32_t *result_len, int32_t result_is_int, const PQArgBlock * args, int32_t nargs); +extern PGresult *PQfn(PGconn *conn, int32_t fnid, int32_t *result_buf, int32_t *result_len, int32_t result_is_int, const PQArgBlock *args, int32_t nargs); /* Accessor functions for PGresult objects */ - extern ExecStatusType PQresultStatus(const PGresult * res); - extern char *PQresStatus(ExecStatusType status); - extern char *PQresultErrorMessage(const PGresult * res); - extern char *PQresultErrorField(const PGresult * res, int32_t fieldcode); - extern int32_t PQntuples(const PGresult * res); - extern int32_t PQnfields(const PGresult * res); - extern int32_t PQbinaryTuples(const PGresult * res); - extern char *PQfname(const PGresult * res, int32_t field_num); - extern int32_t PQfnumber(const PGresult * res, const char *field_name); - extern Oid PQftable(const PGresult * res, int32_t field_num); - extern int32_t PQftablecol(const PGresult * res, int32_t field_num); - extern int32_t PQfformat(const PGresult * res, int32_t field_num); - extern Oid PQftype(const PGresult * res, int32_t field_num); - extern int32_t PQfsize(const PGresult * res, int32_t field_num); - extern int32_t PQfmod(const PGresult * res, int32_t field_num); - extern char *PQcmdStatus(PGresult * res); - extern char *PQoidStatus(const PGresult * res); /* old and ugly */ - extern Oid PQoidValue(const PGresult * res); /* new and improved */ - extern char *PQcmdTuples(PGresult * res); - extern char *PQgetvalue(const PGresult * res, int32_t tup_num, int32_t field_num); - extern int32_t PQgetlength(const PGresult * res, int32_t tup_num, int32_t field_num); - extern int32_t PQgetisnull(const PGresult * res, int32_t tup_num, int32_t field_num); +extern ExecStatusType PQresultStatus(const PGresult *res); +extern char *PQresStatus(ExecStatusType status); +extern char *PQresultErrorMessage(const PGresult *res); +extern char *PQresultErrorField(const PGresult *res, int32_t fieldcode); +extern int32_t PQntuples(const PGresult *res); +extern int32_t PQnfields(const PGresult *res); +extern int32_t PQbinaryTuples(const PGresult *res); +extern char *PQfname(const PGresult *res, int32_t field_num); +extern int32_t PQfnumber(const PGresult *res, const char *field_name); +extern Oid PQftable(const PGresult *res, int32_t field_num); +extern int32_t PQftablecol(const PGresult *res, int32_t field_num); +extern int32_t PQfformat(const PGresult *res, int32_t field_num); +extern Oid PQftype(const PGresult *res, int32_t field_num); +extern int32_t PQfsize(const PGresult *res, int32_t field_num); +extern int32_t PQfmod(const PGresult *res, int32_t field_num); +extern char *PQcmdStatus(PGresult *res); +extern char *PQoidStatus(const PGresult *res); /* old and ugly */ +extern Oid PQoidValue(const PGresult *res); /* new and improved */ +extern char *PQcmdTuples(PGresult *res); +extern char *PQgetvalue(const PGresult *res, int32_t tup_num, int32_t field_num); +extern int32_t PQgetlength(const PGresult *res, int32_t tup_num, int32_t field_num); +extern int32_t PQgetisnull(const PGresult *res, int32_t tup_num, int32_t field_num); /* Delete a PGresult */ - extern void PQclear(PGresult * res); +extern void PQclear(PGresult *res); /* For freeing other alloc'd results, such as PGnotify structs */ - extern void PQfreemem(void *ptr); +extern void PQfreemem(void *ptr); /* Exists for backward compatibility. bjm 2003-03-24 */ #define PQfreeNotify(ptr) PQfreemem(ptr) @@ -348,63 +341,56 @@ extern "C" { * useful). If conn is not NULL and status indicates an error, the * conn's errorMessage is copied. */ - extern PGresult *PQmakeEmptyPGresult(PGconn * conn, ExecStatusType status); - +extern PGresult *PQmakeEmptyPGresult(PGconn *conn, ExecStatusType status); /* Quoting strings before inclusion in queries. */ - extern size_t PQescapeString(char *to, const char *from, size_t length); - extern unsigned char *PQescapeBytea(const unsigned char *bintext, size_t binlen, size_t * bytealen); - extern unsigned char *PQunescapeBytea(const unsigned char *strtext, size_t * retbuflen); - - +extern size_t PQescapeString(char *to, const char *from, size_t length); +extern unsigned char *PQescapeBytea(const unsigned char *bintext, size_t binlen, size_t *bytealen); +extern unsigned char *PQunescapeBytea(const unsigned char *strtext, size_t *retbuflen); /* === in fe-print.c === */ - extern void - PQprint(FILE * fout, /* output stream */ - const PGresult * res, const PQprintOpt * ps); /* option structure */ +extern void PQprint(FILE *fout, /* output stream */ + const PGresult *res, const PQprintOpt *ps); /* option structure */ /* * really old printing routines */ - extern void - PQdisplayTuples(const PGresult * res, FILE * fp, /* where to send the output */ - int32_t fillAlign, /* pad the fields with spaces */ - const char *fieldSep, /* field separator */ - int32_t printHeader, /* display headers? */ - int32_t quiet); - - extern void - PQprintTuples(const PGresult * res, FILE * fout, /* output stream */ - int32_t printAttName, /* print attribute names */ - int32_t terseOutput, /* delimiter bars */ - int32_t width); /* width of column, if 0, use variable - * width */ +extern void PQdisplayTuples(const PGresult *res, FILE *fp, /* where to send the output */ + int32_t fillAlign, /* pad the fields with spaces */ + const char *fieldSep, /* field separator */ + int32_t printHeader, /* display headers? */ + int32_t quiet); +extern void PQprintTuples(const PGresult *res, FILE *fout, /* output stream */ + int32_t printAttName, /* print attribute names */ + int32_t terseOutput, /* delimiter bars */ + int32_t width); /* width of column, if 0, use variable + * width */ /* === in fe-lobj.c === */ /* Large-object access routines */ - extern int32_t lo_open(PGconn * conn, Oid lobjId, int32_t mode); - extern int32_t lo_close(PGconn * conn, int32_t fd); - extern int32_t lo_read(PGconn * conn, int32_t fd, char *buf, size_t len); - extern int32_t lo_write(PGconn * conn, int32_t fd, char *buf, size_t len); - extern int32_t lo_lseek(PGconn * conn, int32_t fd, int32_t offset, int32_t whence); - extern Oid lo_creat(PGconn * conn, int32_t mode); - extern int32_t lo_tell(PGconn * conn, int32_t fd); - extern int32_t lo_unlink(PGconn * conn, Oid lobjId); - extern Oid lo_import(PGconn * conn, const char *filename); - extern int32_t lo_export(PGconn * conn, Oid lobjId, const char *filename); +extern int32_t lo_open(PGconn *conn, Oid lobjId, int32_t mode); +extern int32_t lo_close(PGconn *conn, int32_t fd); +extern int32_t lo_read(PGconn *conn, int32_t fd, char *buf, size_t len); +extern int32_t lo_write(PGconn *conn, int32_t fd, char *buf, size_t len); +extern int32_t lo_lseek(PGconn *conn, int32_t fd, int32_t offset, int32_t whence); +extern Oid lo_creat(PGconn *conn, int32_t mode); +extern int32_t lo_tell(PGconn *conn, int32_t fd); +extern int32_t lo_unlink(PGconn *conn, Oid lobjId); +extern Oid lo_import(PGconn *conn, const char *filename); +extern int32_t lo_export(PGconn *conn, Oid lobjId, const char *filename); /* === in fe-misc.c === */ /* Determine length of multibyte encoded char at *s */ - extern int32_t PQmblen(const unsigned char *s, int32_t encoding); +extern int32_t PQmblen(const unsigned char *s, int32_t encoding); /* Get encoding id from environment variable PGCLIENTENCODING */ - extern int32_t PQenv2encoding(void); +extern int32_t PQenv2encoding(void); #ifdef __cplusplus } #endif -#endif /* LIBPQ_FE_H */ +#endif /* LIBPQ_FE_H */ diff --git a/ntlm.c b/ntlm.c index 00df4c8..c8c01ab 100644 --- a/ntlm.c +++ b/ntlm.c @@ -2,10 +2,10 @@ Single file NTLM system to create and parse authentication messages. http://www.reversing.org - ilo-- ilo@reversing.org + ilo-- ilo@reversing.org - I did copy&paste&modify several files to leave independent NTLM code - that compile in cygwin/linux environment. Most of the code was ripped + I did copy&paste&modify several files to leave independent NTLM code + that compile in cygwin/linux environment. Most of the code was ripped from Samba implementation so I left the Copying statement. Samba core code was left unmodified from 1.9 version. @@ -19,41 +19,40 @@ SMB parameters and setup Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#include #ifdef WIN32 #else #include #endif -#include -#include -#include -#include -#include #include "ntlm.h" - +#include +#include +#include +#include /* Byte order macros */ #ifndef _BYTEORDER_H #define _BYTEORDER_H /* - This file implements macros for machine independent short and + This file implements macros for machine independent short and int32_t manipulation Here is a description of this file that I emailed to the samba list once: @@ -62,7 +61,7 @@ Here is a description of this file that I emailed to the samba list once: > looked at it, and I would have thought that you might make a distinction > between LE and BE machines, but you only seem to distinguish between 386 > and all other architectures. -> +> > Can you give me a clue? sure. @@ -126,33 +125,87 @@ it also defines lots of intermediate macros, just ignore those :-) /* some switch macros that do both store and read to and from SMB buffers */ -#define RW_PCVAL(read,inbuf,outbuf,len) \ - { if (read) { PCVAL (inbuf,0,outbuf,len); } \ - else { PSCVAL(inbuf,0,outbuf,len); } } +#define RW_PCVAL(read, inbuf, outbuf, len) \ + { \ + if (read) { \ + PCVAL(inbuf, 0, outbuf, len); \ + } else { \ + PSCVAL(inbuf, 0, outbuf, len); \ + } \ + } -#define RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ - { if (read) { if (big_endian) { RPIVAL(inbuf,0,outbuf,len); } else { PIVAL(inbuf,0,outbuf,len); } } \ - else { if (big_endian) { RPSIVAL(inbuf,0,outbuf,len); } else { PSIVAL(inbuf,0,outbuf,len); } } } +#define RW_PIVAL(read, big_endian, inbuf, outbuf, len) \ + { \ + if (read) { \ + if (big_endian) { \ + RPIVAL(inbuf, 0, outbuf, len); \ + } else { \ + PIVAL(inbuf, 0, outbuf, len); \ + } \ + } else { \ + if (big_endian) { \ + RPSIVAL(inbuf, 0, outbuf, len); \ + } else { \ + PSIVAL(inbuf, 0, outbuf, len); \ + } \ + } \ + } -#define RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ - { if (read) { if (big_endian) { RPSVAL(inbuf,0,outbuf,len); } else { PSVAL(inbuf,0,outbuf,len); } } \ - else { if (big_endian) { RPSSVAL(inbuf,0,outbuf,len); } else { PSSVAL(inbuf,0,outbuf,len); } } } +#define RW_PSVAL(read, big_endian, inbuf, outbuf, len) \ + { \ + if (read) { \ + if (big_endian) { \ + RPSVAL(inbuf, 0, outbuf, len); \ + } else { \ + PSVAL(inbuf, 0, outbuf, len); \ + } \ + } else { \ + if (big_endian) { \ + RPSSVAL(inbuf, 0, outbuf, len); \ + } else { \ + PSSVAL(inbuf, 0, outbuf, len); \ + } \ + } \ + } -#define RW_CVAL(read, inbuf, outbuf, offset) \ - { if (read) { (outbuf) = CVAL (inbuf,offset); } \ - else { SCVAL(inbuf,offset,outbuf); } } +#define RW_CVAL(read, inbuf, outbuf, offset) \ + { \ + if (read) { \ + (outbuf) = CVAL(inbuf, offset); \ + } else { \ + SCVAL(inbuf, offset, outbuf); \ + } \ + } -#define RW_IVAL(read, big_endian, inbuf, outbuf, offset) \ - { if (read) { (outbuf) = ((big_endian) ? RIVAL(inbuf,offset) : IVAL (inbuf,offset)); } \ - else { if (big_endian) { RSIVAL(inbuf,offset,outbuf); } else { SIVAL(inbuf,offset,outbuf); } } } +#define RW_IVAL(read, big_endian, inbuf, outbuf, offset) \ + { \ + if (read) { \ + (outbuf) = ((big_endian) ? RIVAL(inbuf, offset) : IVAL(inbuf, offset)); \ + } else { \ + if (big_endian) { \ + RSIVAL(inbuf, offset, outbuf); \ + } else { \ + SIVAL(inbuf, offset, outbuf); \ + } \ + } \ + } -#define RW_SVAL(read, big_endian, inbuf, outbuf, offset) \ - { if (read) { (outbuf) = ((big_endian) ? RSVAL(inbuf,offset) : SVAL (inbuf,offset)); } \ - else { if (big_endian) { RSSVAL(inbuf,offset,outbuf); } else { SSVAL(inbuf,offset,outbuf); } } } +#define RW_SVAL(read, big_endian, inbuf, outbuf, offset) \ + { \ + if (read) { \ + (outbuf) = ((big_endian) ? RSVAL(inbuf, offset) : SVAL(inbuf, offset)); \ + } else { \ + if (big_endian) { \ + RSSVAL(inbuf, offset, outbuf); \ + } else { \ + SSVAL(inbuf, offset, outbuf); \ + } \ + } \ + } #undef CAREFUL_ALIGNMENT -/* we know that the 386 can handle misalignment and has the "right" +/* we know that the 386 can handle misalignment and has the "right" byteorder */ #ifdef __i386__ #define CAREFUL_ALIGNMENT 0 @@ -162,23 +215,22 @@ it also defines lots of intermediate macros, just ignore those :-) #define CAREFUL_ALIGNMENT 1 #endif -#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) -#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) -#define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val)) - +#define CVAL(buf, pos) (((unsigned char *)(buf))[pos]) +#define PVAL(buf, pos) ((unsigned)CVAL(buf, pos)) +#define SCVAL(buf, pos, val) (CVAL(buf, pos) = (val)) #if CAREFUL_ALIGNMENT -#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) -#define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) -#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) -#define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) -#define SVALS(buf,pos) ((int16)SVAL(buf,pos)) -#define IVALS(buf,pos) ((int32)IVAL(buf,pos)) -#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16)(val))) -#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32)(val))) -#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16)(val))) -#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32)(val))) +#define SVAL(buf, pos) (PVAL(buf, pos) | PVAL(buf, (pos) + 1) << 8) +#define IVAL(buf, pos) (SVAL(buf, pos) | SVAL(buf, (pos) + 2) << 16) +#define SSVALX(buf, pos, val) (CVAL(buf, pos) = (val)&0xFF, CVAL(buf, pos + 1) = (val) >> 8) +#define SIVALX(buf, pos, val) (SSVALX(buf, pos, val & 0xFFFF), SSVALX(buf, pos + 2, val >> 16)) +#define SVALS(buf, pos) ((int16)SVAL(buf, pos)) +#define IVALS(buf, pos) ((int32)IVAL(buf, pos)) +#define SSVAL(buf, pos, val) SSVALX((buf), (pos), ((uint16)(val))) +#define SIVAL(buf, pos, val) SIVALX((buf), (pos), ((uint32)(val))) +#define SSVALS(buf, pos, val) SSVALX((buf), (pos), ((int16)(val))) +#define SIVALS(buf, pos, val) SIVALX((buf), (pos), ((int32)(val))) #else /* CAREFUL_ALIGNMENT */ @@ -187,147 +239,171 @@ it also defines lots of intermediate macros, just ignore those :-) /* WARNING: This section is dependent on the length of int16 and int32 - being correct + being correct */ /* get single value from an SMB buffer */ -#define SVAL(buf,pos) (*(uint16 *)((char *)(buf) + (pos))) -#define IVAL(buf,pos) (*(uint32 *)((char *)(buf) + (pos))) -#define SVALS(buf,pos) (*(int16 *)((char *)(buf) + (pos))) -#define IVALS(buf,pos) (*(int32 *)((char *)(buf) + (pos))) +#define SVAL(buf, pos) (*(uint16 *)((char *)(buf) + (pos))) +#define IVAL(buf, pos) (*(uint32 *)((char *)(buf) + (pos))) +#define SVALS(buf, pos) (*(int16 *)((char *)(buf) + (pos))) +#define IVALS(buf, pos) (*(int32 *)((char *)(buf) + (pos))) /* store single value in an SMB buffer */ -#define SSVAL(buf,pos,val) SVAL(buf,pos)=((uint16)(val)) -#define SIVAL(buf,pos,val) IVAL(buf,pos)=((uint32)(val)) -#define SSVALS(buf,pos,val) SVALS(buf,pos)=((int16)(val)) -#define SIVALS(buf,pos,val) IVALS(buf,pos)=((int32)(val)) +#define SSVAL(buf, pos, val) SVAL(buf, pos) = ((uint16)(val)) +#define SIVAL(buf, pos, val) IVAL(buf, pos) = ((uint32)(val)) +#define SSVALS(buf, pos, val) SVALS(buf, pos) = ((int16)(val)) +#define SIVALS(buf, pos, val) IVALS(buf, pos) = ((int32)(val)) #endif /* CAREFUL_ALIGNMENT */ /* macros for reading / writing arrays */ -#define SMBMACRO(macro,buf,pos,val,len,size) \ -{ int32_t l; for (l = 0; l < (len); l++) (val)[l] = macro((buf), (pos) + (size)*l); } +#define SMBMACRO(macro, buf, pos, val, len, size) \ + { \ + int32_t l; \ + for (l = 0; l < (len); l++) \ + (val)[l] = macro((buf), (pos) + (size)*l); \ + } -#define SSMBMACRO(macro,buf,pos,val,len,size) \ -{ int32_t l; for (l = 0; l < (len); l++) macro((buf), (pos) + (size)*l, (val)[l]); } +#define SSMBMACRO(macro, buf, pos, val, len, size) \ + { \ + int32_t l; \ + for (l = 0; l < (len); l++) \ + macro((buf), (pos) + (size)*l, (val)[l]); \ + } /* reads multiple data from an SMB buffer */ -#define PCVAL(buf,pos,val,len) SMBMACRO(CVAL,buf,pos,val,len,1) -#define PSVAL(buf,pos,val,len) SMBMACRO(SVAL,buf,pos,val,len,2) -#define PIVAL(buf,pos,val,len) SMBMACRO(IVAL,buf,pos,val,len,4) -#define PCVALS(buf,pos,val,len) SMBMACRO(CVALS,buf,pos,val,len,1) -#define PSVALS(buf,pos,val,len) SMBMACRO(SVALS,buf,pos,val,len,2) -#define PIVALS(buf,pos,val,len) SMBMACRO(IVALS,buf,pos,val,len,4) +#define PCVAL(buf, pos, val, len) SMBMACRO(CVAL, buf, pos, val, len, 1) +#define PSVAL(buf, pos, val, len) SMBMACRO(SVAL, buf, pos, val, len, 2) +#define PIVAL(buf, pos, val, len) SMBMACRO(IVAL, buf, pos, val, len, 4) +#define PCVALS(buf, pos, val, len) SMBMACRO(CVALS, buf, pos, val, len, 1) +#define PSVALS(buf, pos, val, len) SMBMACRO(SVALS, buf, pos, val, len, 2) +#define PIVALS(buf, pos, val, len) SMBMACRO(IVALS, buf, pos, val, len, 4) /* stores multiple data in an SMB buffer */ -#define PSCVAL(buf,pos,val,len) SSMBMACRO(SCVAL,buf,pos,val,len,1) -#define PSSVAL(buf,pos,val,len) SSMBMACRO(SSVAL,buf,pos,val,len,2) -#define PSIVAL(buf,pos,val,len) SSMBMACRO(SIVAL,buf,pos,val,len,4) -#define PSCVALS(buf,pos,val,len) SSMBMACRO(SCVALS,buf,pos,val,len,1) -#define PSSVALS(buf,pos,val,len) SSMBMACRO(SSVALS,buf,pos,val,len,2) -#define PSIVALS(buf,pos,val,len) SSMBMACRO(SIVALS,buf,pos,val,len,4) - +#define PSCVAL(buf, pos, val, len) SSMBMACRO(SCVAL, buf, pos, val, len, 1) +#define PSSVAL(buf, pos, val, len) SSMBMACRO(SSVAL, buf, pos, val, len, 2) +#define PSIVAL(buf, pos, val, len) SSMBMACRO(SIVAL, buf, pos, val, len, 4) +#define PSCVALS(buf, pos, val, len) SSMBMACRO(SCVALS, buf, pos, val, len, 1) +#define PSSVALS(buf, pos, val, len) SSMBMACRO(SSVALS, buf, pos, val, len, 2) +#define PSIVALS(buf, pos, val, len) SSMBMACRO(SIVALS, buf, pos, val, len, 4) /* now the reverse routines - these are used in nmb packets (mostly) */ -#define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) -#define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) +#define SREV(x) ((((x)&0xFF) << 8) | (((x) >> 8) & 0xFF)) +#define IREV(x) ((SREV(x) << 16) | (SREV((x) >> 16))) -#define RSVAL(buf,pos) SREV(SVAL(buf,pos)) -#define RSVALS(buf,pos) SREV(SVALS(buf,pos)) -#define RIVAL(buf,pos) IREV(IVAL(buf,pos)) -#define RIVALS(buf,pos) IREV(IVALS(buf,pos)) -#define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val)) -#define RSSVALS(buf,pos,val) SSVALS(buf,pos,SREV(val)) -#define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val)) -#define RSIVALS(buf,pos,val) SIVALS(buf,pos,IREV(val)) +#define RSVAL(buf, pos) SREV(SVAL(buf, pos)) +#define RSVALS(buf, pos) SREV(SVALS(buf, pos)) +#define RIVAL(buf, pos) IREV(IVAL(buf, pos)) +#define RIVALS(buf, pos) IREV(IVALS(buf, pos)) +#define RSSVAL(buf, pos, val) SSVAL(buf, pos, SREV(val)) +#define RSSVALS(buf, pos, val) SSVALS(buf, pos, SREV(val)) +#define RSIVAL(buf, pos, val) SIVAL(buf, pos, IREV(val)) +#define RSIVALS(buf, pos, val) SIVALS(buf, pos, IREV(val)) /* reads multiple data from an SMB buffer (big-endian) */ -#define RPSVAL(buf,pos,val,len) SMBMACRO(RSVAL,buf,pos,val,len,2) -#define RPIVAL(buf,pos,val,len) SMBMACRO(RIVAL,buf,pos,val,len,4) -#define RPSVALS(buf,pos,val,len) SMBMACRO(RSVALS,buf,pos,val,len,2) -#define RPIVALS(buf,pos,val,len) SMBMACRO(RIVALS,buf,pos,val,len,4) +#define RPSVAL(buf, pos, val, len) SMBMACRO(RSVAL, buf, pos, val, len, 2) +#define RPIVAL(buf, pos, val, len) SMBMACRO(RIVAL, buf, pos, val, len, 4) +#define RPSVALS(buf, pos, val, len) SMBMACRO(RSVALS, buf, pos, val, len, 2) +#define RPIVALS(buf, pos, val, len) SMBMACRO(RIVALS, buf, pos, val, len, 4) /* stores multiple data in an SMB buffer (big-endian) */ -#define RPSSVAL(buf,pos,val,len) SSMBMACRO(RSSVAL,buf,pos,val,len,2) -#define RPSIVAL(buf,pos,val,len) SSMBMACRO(RSIVAL,buf,pos,val,len,4) -#define RPSSVALS(buf,pos,val,len) SSMBMACRO(RSSVALS,buf,pos,val,len,2) -#define RPSIVALS(buf,pos,val,len) SSMBMACRO(RSIVALS,buf,pos,val,len,4) +#define RPSSVAL(buf, pos, val, len) SSMBMACRO(RSSVAL, buf, pos, val, len, 2) +#define RPSIVAL(buf, pos, val, len) SSMBMACRO(RSIVAL, buf, pos, val, len, 4) +#define RPSSVALS(buf, pos, val, len) SSMBMACRO(RSSVALS, buf, pos, val, len, 2) +#define RPSIVALS(buf, pos, val, len) SSMBMACRO(RSIVALS, buf, pos, val, len, 4) -#define DBG_RW_PCVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \ - { RW_PCVAL(read,inbuf,outbuf,len) \ - DEBUG(5,("%s%04x %s: ", \ - tab_depth(depth), base,string)); \ - if (charmode) print_asc(5, (unsigned char*)(outbuf), (len)); else \ - { int32_t idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (outbuf)[idx])); } } \ - DEBUG(5,("\n")); } +#define DBG_RW_PCVAL(charmode, string, depth, base, read, inbuf, outbuf, len) \ + { \ + RW_PCVAL(read, inbuf, outbuf, len) \ + DEBUG(5, ("%s%04x %s: ", tab_depth(depth), base, string)); \ + if (charmode) \ + print_asc(5, (unsigned char *)(outbuf), (len)); \ + else { \ + int32_t idx; \ + for (idx = 0; idx < len; idx++) { \ + DEBUG(5, ("%02x ", (outbuf)[idx])); \ + } \ + } \ + DEBUG(5, ("\n")); \ + } -#define DBG_RW_PSVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ - { RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ - DEBUG(5,("%s%04x %s: ", \ - tab_depth(depth), base,string)); \ - if (charmode) print_asc(5, (unsigned char*)(outbuf), 2*(len)); else \ - { int32_t idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (outbuf)[idx])); } } \ - DEBUG(5,("\n")); } +#define DBG_RW_PSVAL(charmode, string, depth, base, read, big_endian, inbuf, outbuf, len) \ + { \ + RW_PSVAL(read, big_endian, inbuf, outbuf, len) \ + DEBUG(5, ("%s%04x %s: ", tab_depth(depth), base, string)); \ + if (charmode) \ + print_asc(5, (unsigned char *)(outbuf), 2 * (len)); \ + else { \ + int32_t idx; \ + for (idx = 0; idx < len; idx++) { \ + DEBUG(5, ("%04x ", (outbuf)[idx])); \ + } \ + } \ + DEBUG(5, ("\n")); \ + } -#define DBG_RW_PIVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ - { RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ - DEBUG(5,("%s%04x %s: ", \ - tab_depth(depth), base,string)); \ - if (charmode) print_asc(5, (unsigned char*)(outbuf), 4*(len)); else \ - { int32_t idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (outbuf)[idx])); } } \ - DEBUG(5,("\n")); } +#define DBG_RW_PIVAL(charmode, string, depth, base, read, big_endian, inbuf, outbuf, len) \ + { \ + RW_PIVAL(read, big_endian, inbuf, outbuf, len) \ + DEBUG(5, ("%s%04x %s: ", tab_depth(depth), base, string)); \ + if (charmode) \ + print_asc(5, (unsigned char *)(outbuf), 4 * (len)); \ + else { \ + int32_t idx; \ + for (idx = 0; idx < len; idx++) { \ + DEBUG(5, ("%08x ", (outbuf)[idx])); \ + } \ + } \ + DEBUG(5, ("\n")); \ + } -#define DBG_RW_CVAL(string,depth,base,read,inbuf,outbuf) \ - { RW_CVAL(read,inbuf,outbuf,0) \ - DEBUG(5,("%s%04x %s: %02x\n", \ - tab_depth(depth), base, string, outbuf)); } +#define DBG_RW_CVAL(string, depth, base, read, inbuf, outbuf) \ + { \ + RW_CVAL(read, inbuf, outbuf, 0) \ + DEBUG(5, ("%s%04x %s: %02x\n", tab_depth(depth), base, string, outbuf)); \ + } -#define DBG_RW_SVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ - { RW_SVAL(read,big_endian,inbuf,outbuf,0) \ - DEBUG(5,("%s%04x %s: %04x\n", \ - tab_depth(depth), base, string, outbuf)); } +#define DBG_RW_SVAL(string, depth, base, read, big_endian, inbuf, outbuf) \ + { \ + RW_SVAL(read, big_endian, inbuf, outbuf, 0) \ + DEBUG(5, ("%s%04x %s: %04x\n", tab_depth(depth), base, string, outbuf)); \ + } -#define DBG_RW_IVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ - { RW_IVAL(read,big_endian,inbuf,outbuf,0) \ - DEBUG(5,("%s%04x %s: %08x\n", \ - tab_depth(depth), base, string, outbuf)); } +#define DBG_RW_IVAL(string, depth, base, read, big_endian, inbuf, outbuf) \ + { \ + RW_IVAL(read, big_endian, inbuf, outbuf, 0) \ + DEBUG(5, ("%s%04x %s: %08x\n", tab_depth(depth), base, string, outbuf)); \ + } #endif /* _BYTEORDER_H */ - /* Samba MD4 implementation */ -/* NOTE: This code makes no attempt to be fast! +/* NOTE: This code makes no attempt to be fast! It assumes that a int32_t is at least 32 bits long */ static uint32 A, B, C, D; -static uint32 F(uint32 X, uint32 Y, uint32 Z) { - return (X & Y) | ((~X) & Z); -} +static uint32 F(uint32 X, uint32 Y, uint32 Z) { return (X & Y) | ((~X) & Z); } -static uint32 G(uint32 X, uint32 Y, uint32 Z) { - return (X & Y) | (X & Z) | (Y & Z); -} +static uint32 G(uint32 X, uint32 Y, uint32 Z) { return (X & Y) | (X & Z) | (Y & Z); } -static uint32 H(uint32 X, uint32 Y, uint32 Z) { - return X ^ Y ^ Z; -} +static uint32 H(uint32 X, uint32 Y, uint32 Z) { return X ^ Y ^ Z; } static uint32 lshift(uint32 x, int32_t s) { x &= 0xFFFFFFFF; return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s)); } -#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s) -#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32)0x5A827999,s) -#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32)0x6ED9EBA1,s) +#define ROUND1(a, b, c, d, k, s) a = lshift(a + F(b, c, d) + X[k], s) +#define ROUND2(a, b, c, d, k, s) a = lshift(a + G(b, c, d) + X[k] + (uint32)0x5A827999, s) +#define ROUND3(a, b, c, d, k, s) a = lshift(a + H(b, c, d) + X[k] + (uint32)0x6ED9EBA1, s) /* this applies md4 to 64 byte chunks */ -static void mdfour64(uint32 * M) { +static void mdfour64(uint32 *M) { int32_t j; uint32 AA, BB, CC, DD; uint32 X[16]; @@ -405,7 +481,7 @@ static void mdfour64(uint32 * M) { X[j] = 0; } -static void copy64(uint32 * M, unsigned char *in) { +static void copy64(uint32 *M, unsigned char *in) { int32_t i; for (i = 0; i < 16; i++) @@ -471,113 +547,37 @@ void mdfour(unsigned char *out, unsigned char *in, int32_t n) { #define uchar unsigned char #define int16 signed short -static uchar perm1[56] = { 57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36, - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4 -}; +static uchar perm1[56] = {57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4}; -static uchar perm2[48] = { 14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32 -}; +static uchar perm2[48] = {14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32}; -static uchar perm3[64] = { 58, 50, 42, 34, 26, 18, 10, 2, - 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, - 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, - 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, - 63, 55, 47, 39, 31, 23, 15, 7 -}; +static uchar perm3[64] = {58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7}; -static uchar perm4[48] = { 32, 1, 2, 3, 4, 5, - 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, - 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, - 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, - 28, 29, 30, 31, 32, 1 -}; +static uchar perm4[48] = {32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17, 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25, 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1}; -static uchar perm5[32] = { 16, 7, 20, 21, - 29, 12, 28, 17, - 1, 15, 23, 26, - 5, 18, 31, 10, - 2, 8, 24, 14, - 32, 27, 3, 9, - 19, 13, 30, 6, - 22, 11, 4, 25 -}; +static uchar perm5[32] = {16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25}; +static uchar perm6[64] = {40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31, 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29, 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27, 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25}; -static uchar perm6[64] = { 40, 8, 48, 16, 56, 24, 64, 32, - 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, - 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, - 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, - 33, 1, 41, 9, 49, 17, 57, 25 -}; +static uchar sc[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1}; +static uchar sbox[8][4][16] = {{{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7}, {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8}, {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0}, {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}}, -static uchar sc[16] = { 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 }; + {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10}, {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5}, {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15}, {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}}, -static uchar sbox[8][4][16] = { - {{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7}, - {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8}, - {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0}, - {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}}, + {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8}, {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1}, {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7}, {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}}, - {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10}, - {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5}, - {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15}, - {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}}, + {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15}, {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9}, {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4}, {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}}, - {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8}, - {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1}, - {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7}, - {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}}, + {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9}, {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6}, {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14}, {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}}, - {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15}, - {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9}, - {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4}, - {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}}, + {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11}, {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8}, {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6}, {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}}, - {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9}, - {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6}, - {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14}, - {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}}, + {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1}, {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6}, {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2}, {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}}, - {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11}, - {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8}, - {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6}, - {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}}, + {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7}, {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2}, {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8}, {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}}; - {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1}, - {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6}, - {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2}, - {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}}, - - {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7}, - {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2}, - {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8}, - {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}} -}; - -static void permute(char *out, char *in, uchar * p, int32_t n) { +static void permute(char *out, char *in, uchar *p, int32_t n) { int32_t i; for (i = 0; i < n; i++) @@ -601,14 +601,15 @@ static void concat(char *out, char *in1, char *in2, int32_t l1, int32_t l2) { *out++ = *in2++; } -void xor(char *out, char *in1, char *in2, int32_t n) { - int32_t i; +void xor + (char *out, char *in1, char *in2, int32_t n) { + int32_t i; - for (i = 0; i < n; i++) - out[i] = in1[i] ^ in2[i]; -} + for (i = 0; i < n; i++) + out[i] = in1[i] ^ in2[i]; + } -static void dohash(char *out, char *in, char *key, int32_t forw) { + static void dohash(char *out, char *in, char *key, int32_t forw) { int32_t i, j, k; char pk1[56]; char c[28]; @@ -703,7 +704,6 @@ static void str_to_key(unsigned char *str, unsigned char *key) { } } - static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int32_t forw) { int32_t i; char outb[64]; @@ -732,7 +732,7 @@ static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, i } void E_P16(unsigned char *p14, unsigned char *p16) { - unsigned char sp8[8] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; + unsigned char sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; smbhash(p16, sp8, p14, 1); smbhash(p16 + 8, sp8, p14 + 7, 1); } @@ -785,7 +785,7 @@ void SamOEMhash(unsigned char *data, unsigned char *key, int32_t val) { int32_t ind; for (ind = 0; ind < 256; ind++) { - s_box[ind] = (unsigned char) ind; + s_box[ind] = (unsigned char)ind; } for (ind = 0; ind < 256; ind++) { @@ -815,7 +815,6 @@ void SamOEMhash(unsigned char *data, unsigned char *key, int32_t val) { /* Samba encryption implementation*/ - /**************************************************************************** Like strncpy but always null terminates. Make sure there is room! The variable n should always be one less than the available size. @@ -830,21 +829,19 @@ char *StrnCpy(char *dest, const char *src, size_t n) { *dest = 0; return (dest); } - while (n-- && (*d++ = *src++)); + while (n-- && (*d++ = *src++)) + ; *d = 0; return (dest); } -size_t skip_multibyte_char(char c) { - return 0; -} - +size_t skip_multibyte_char(char c) { return 0; } /******************************************************************* safe string copy into a known length string. maxlength does not include the terminating zero. ********************************************************************/ -#define DEBUG(a,b) ; +#define DEBUG(a, b) ; char *safe_strcpy(char *dest, const char *src, size_t maxlength) { size_t len; @@ -861,7 +858,7 @@ char *safe_strcpy(char *dest, const char *src, size_t maxlength) { len = strlen(src); if (len > maxlength) { - DEBUG(0, ("Error: string overflow by %d in safe_strcpy [%.50s]\n", (int32_t) (len - maxlength), src)); + DEBUG(0, ("Error: string overflow by %d in safe_strcpy [%.50s]\n", (int32_t)(len - maxlength), src)); len = maxlength; } @@ -870,7 +867,6 @@ char *safe_strcpy(char *dest, const char *src, size_t maxlength) { return dest; } - void strupper(char *s) { while (*s) { { @@ -879,44 +875,44 @@ void strupper(char *s) { if (skip != 0) s += skip; else { - if (islower((int32_t) *s)) - *s = toupper((int32_t) *s); + if (islower((int32_t)*s)) + *s = toupper((int32_t)*s); s++; } } } } -extern void SMBOWFencrypt(uchar passwd[16], uchar * c8, uchar p24[24]); +extern void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]); /* This implements the X/Open SMB password encryption - It takes a password, a 8 byte "crypt key" and puts 24 bytes of - encrypted password into p24 + It takes a password, a 8 byte "crypt key" and puts 24 bytes of + encrypted password into p24 */ -void SMBencrypt(uchar * passwd, uchar * c8, uchar * p24) { +void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24) { uchar p14[15], p21[21]; memset(p21, '\0', 21); memset(p14, '\0', 14); - StrnCpy((char *) p14, (char *) passwd, 14); + StrnCpy((char *)p14, (char *)passwd, 14); - strupper((char *) p14); + strupper((char *)p14); E_P16(p14, p21); SMBOWFencrypt(p21, c8, p24); #ifdef DEBUG_PASSWORD DEBUG(100, ("SMBencrypt: lm#, challenge, response\n")); - dump_data(100, (char *) p21, 16); - dump_data(100, (char *) c8, 8); - dump_data(100, (char *) p24, 24); + dump_data(100, (char *)p21, 16); + dump_data(100, (char *)c8, 8); + dump_data(100, (char *)p24, 24); #endif } /* Routines for Windows NT MD4 Hash functions. */ -static int32_t _my_wcslen(int16 * str) { +static int32_t _my_wcslen(int16 *str) { int32_t len = 0; while (*str++ != 0) @@ -926,12 +922,12 @@ static int32_t _my_wcslen(int16 * str) { /* * Convert a string into an NT UNICODE string. - * Note that regardless of processor type + * Note that regardless of processor type * this must be in intel (little-endian) * format. */ -static int32_t _my_mbstowcs(int16 * dst, uchar * src, int32_t len) { +static int32_t _my_mbstowcs(int16 *dst, uchar *src, int32_t len) { int32_t i; int16 val; @@ -946,25 +942,25 @@ static int32_t _my_mbstowcs(int16 * dst, uchar * src, int32_t len) { return i; } -/* +/* * Creates the MD4 Hash of the users password in NT UNICODE. */ -void E_md4hash(uchar * passwd, uchar * p16) { +void E_md4hash(uchar *passwd, uchar *p16) { int32_t len; int16 wpwd[129]; /* Password cannot be longer than 128 characters */ - len = strlen((char *) passwd); + len = strlen((char *)passwd); if (len > 128) len = 128; /* Password must be converted to NT unicode */ _my_mbstowcs(wpwd, passwd, len); - wpwd[len] = 0; /* Ensure string is null terminated */ + wpwd[len] = 0; /* Ensure string is null terminated */ /* Calculate length in bytes */ len = _my_wcslen(wpwd) * sizeof(int16); - mdfour(p16, (unsigned char *) wpwd, len); + mdfour(p16, (unsigned char *)wpwd, len); } /* Does both the NT and LM owfs of a user's password */ @@ -976,12 +972,12 @@ void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]) { /* Calculate the MD4 hash (NT compatible) of the password */ memset(nt_p16, '\0', 16); - E_md4hash((uchar *) passwd, nt_p16); + E_md4hash((uchar *)passwd, nt_p16); #ifdef DEBUG_PASSWORD DEBUG(100, ("nt_lm_owf_gen: pwd, nt#\n")); dump_data(120, passwd, strlen(passwd)); - dump_data(100, (char *) nt_p16, 16); + dump_data(100, (char *)nt_p16, 16); #endif /* Mangle the passwords into Lanman format */ @@ -991,19 +987,19 @@ void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]) { /* Calculate the SMB (lanman) hash functions of the password */ memset(p16, '\0', 16); - E_P16((uchar *) passwd, (uchar *) p16); + E_P16((uchar *)passwd, (uchar *)p16); #ifdef DEBUG_PASSWORD DEBUG(100, ("nt_lm_owf_gen: pwd, lm#\n")); dump_data(120, passwd, strlen(passwd)); - dump_data(100, (char *) p16, 16); + dump_data(100, (char *)p16, 16); #endif /* clear out local copy of user's password (just being paranoid). */ memset(passwd, '\0', sizeof(passwd)); } /* Does the des encryption from the NT or LM MD4 hash. */ -void SMBOWFencrypt(uchar passwd[16], uchar * c8, uchar p24[24]) { +void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]) { uchar p21[21]; memset(p21, '\0', 21); @@ -1013,7 +1009,7 @@ void SMBOWFencrypt(uchar passwd[16], uchar * c8, uchar p24[24]) { } /* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */ -void NTLMSSPOWFencrypt(uchar passwd[8], uchar * ntlmchalresp, uchar p24[24]) { +void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24]) { uchar p21[21]; memset(p21, '\0', 21); @@ -1023,16 +1019,15 @@ void NTLMSSPOWFencrypt(uchar passwd[8], uchar * ntlmchalresp, uchar p24[24]) { E_P24(p21, ntlmchalresp, p24); #ifdef DEBUG_PASSWORD DEBUG(100, ("NTLMSSPOWFencrypt: p21, c8, p24\n")); - dump_data(100, (char *) p21, 21); - dump_data(100, (char *) ntlmchalresp, 8); - dump_data(100, (char *) p24, 24); + dump_data(100, (char *)p21, 21); + dump_data(100, (char *)ntlmchalresp, 8); + dump_data(100, (char *)p24, 24); #endif } - /* Does the NT MD4 hash then des encryption. */ -void SMBNTencrypt(uchar * passwd, uchar * c8, uchar * p24) { +void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24) { uchar p21[21]; memset(p21, '\0', 21); @@ -1042,9 +1037,9 @@ void SMBNTencrypt(uchar * passwd, uchar * c8, uchar * p24) { #ifdef DEBUG_PASSWORD DEBUG(100, ("SMBNTencrypt: nt#, challenge, response\n")); - dump_data(100, (char *) p21, 16); - dump_data(100, (char *) c8, 8); - dump_data(100, (char *) p24, 24); + dump_data(100, (char *)p21, 16); + dump_data(100, (char *)c8, 8); + dump_data(100, (char *)p24, 24); #endif } @@ -1083,7 +1078,8 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[ #endif -/* libtnlm copyrigth was left here, anyway the interface was slightly modified */ +/* libtnlm copyrigth was left here, anyway the interface was slightly modified + */ /* included libntlm-3.2.9 (c) even if this code is based in 2.1 version*/ @@ -1113,58 +1109,49 @@ Contributed LGPL versions of some of the GPL'd Samba files. * in the structures probably needs to be designed */ -#define AddBytes(ptr, header, buf, count) \ -{ \ -if (buf != NULL && count != 0) \ - { \ - SSVAL(&ptr->header.len,0,count); \ - SSVAL(&ptr->header.maxlen,0,count); \ - SIVAL(&ptr->header.offset,0,((ptr->buffer - ((uint8*)ptr)) + ptr->bufIndex)); \ - memcpy(ptr->buffer+ptr->bufIndex, buf, count); \ - ptr->bufIndex += count; \ - } \ -else \ - { \ - ptr->header.len = \ - ptr->header.maxlen = 0; \ - SIVAL(&ptr->header.offset,0,ptr->bufIndex); \ - } \ -} +#define AddBytes(ptr, header, buf, count) \ + { \ + if (buf != NULL && count != 0) { \ + SSVAL(&ptr->header.len, 0, count); \ + SSVAL(&ptr->header.maxlen, 0, count); \ + SIVAL(&ptr->header.offset, 0, ((ptr->buffer - ((uint8 *)ptr)) + ptr->bufIndex)); \ + memcpy(ptr->buffer + ptr->bufIndex, buf, count); \ + ptr->bufIndex += count; \ + } else { \ + ptr->header.len = ptr->header.maxlen = 0; \ + SIVAL(&ptr->header.offset, 0, ptr->bufIndex); \ + } \ + } -#define AddString(ptr, header, string) \ -{ \ -char *p = string; \ -int32_t len = 0; \ -if (p) len = strlen(p); \ -AddBytes(ptr, header, ((unsigned char*)p), len); \ -} +#define AddString(ptr, header, string) \ + { \ + char *p = string; \ + int32_t len = 0; \ + if (p) \ + len = strlen(p); \ + AddBytes(ptr, header, ((unsigned char *)p), len); \ + } -#define AddUnicodeString(ptr, header, string) \ -{ \ -char *p = string; \ -unsigned char *b = NULL; \ -int32_t len = 0; \ -if (p) \ - { \ - len = strlen(p); \ - b = strToUnicode(p); \ - } \ -AddBytes(ptr, header, b, len*2); \ -} +#define AddUnicodeString(ptr, header, string) \ + { \ + char *p = string; \ + unsigned char *b = NULL; \ + int32_t len = 0; \ + if (p) { \ + len = strlen(p); \ + b = strToUnicode(p); \ + } \ + AddBytes(ptr, header, b, len * 2); \ + } +#define GetUnicodeString(structPtr, header) unicodeToString(((char *)structPtr) + IVAL(&structPtr->header.offset, 0), SVAL(&structPtr->header.len, 0) / 2) +#define GetString(structPtr, header) toString((((char *)structPtr) + IVAL(&structPtr->header.offset, 0)), SVAL(&structPtr->header.len, 0)) +#define DumpBuffer(fp, structPtr, header) dumpRaw(fp, ((unsigned char *)structPtr) + IVAL(&structPtr->header.offset, 0), SVAL(&structPtr->header.len, 0)) -#define GetUnicodeString(structPtr, header) \ -unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2) -#define GetString(structPtr, header) \ -toString((((char *)structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0)) -#define DumpBuffer(fp, structPtr, header) \ -dumpRaw(fp,((unsigned char*)structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) - - -static void dumpRaw(FILE * fp, unsigned char *buf, size_t len) { +static void dumpRaw(FILE *fp, unsigned char *buf, size_t len) { int32_t i; - for (i = 0; i < (int32_t) len; ++i) + for (i = 0; i < (int32_t)len; ++i) fprintf(fp, "%02x ", buf[i]); fprintf(fp, "\n"); @@ -1176,7 +1163,7 @@ static char *unicodeToString(char *p, size_t len) { assert(len + 1 < sizeof buf); - for (i = 0; i < (int32_t) len; ++i) { + for (i = 0; i < (int32_t)len; ++i) { buf[i] = *p & 0x7f; p += 2; } @@ -1210,12 +1197,11 @@ static unsigned char *toString(char *p, size_t len) { return buf; } +void buildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain) { + char *h = NULL; // strdup(host); + char *p = NULL; // strchr(h,'@'); -void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain) { - char *h = NULL; //strdup(host); - char *p = NULL; //strchr(h,'@'); - -//TODO: review default flags + // TODO: review default flags if (host == NULL) host = ""; @@ -1230,7 +1216,7 @@ void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, cha *p = '\0'; } if (flags == 0) - flags = 0x0000b207; /* Lowest security options to avoid negotiation */ + flags = 0x0000b207; /* Lowest security options to avoid negotiation */ request->bufIndex = 0; memcpy(request->ident, "NTLMSSP\0\0\0", 8); SIVAL(&request->msgType, 0, 1); @@ -1243,7 +1229,7 @@ void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, cha free(h); } -void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domainname, char *host) { +void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domainname, char *host) { uint8 lmRespData[24]; uint8 ntRespData[24]; char *u = strdup(user); @@ -1264,8 +1250,8 @@ void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse * *p = '\0'; } - SMBencrypt((unsigned char *) password, challenge->challengeData, lmRespData); - SMBNTencrypt((unsigned char *) password, challenge->challengeData, ntRespData); + SMBencrypt((unsigned char *)password, challenge->challengeData, lmRespData); + SMBNTencrypt((unsigned char *)password, challenge->challengeData, ntRespData); response->bufIndex = 0; memcpy(response->ident, "NTLMSSP\0\0\0", 8); @@ -1284,7 +1270,7 @@ void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse * AddString(response, sessionKey, NULL); if (flags != 0) - challenge->flags = flags; /* Overide flags! */ + challenge->flags = flags; /* Overide flags! */ response->flags = challenge->flags; if (w) @@ -1295,16 +1281,12 @@ void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse * free(u); } - - - - // info functions -void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request); -void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge); -void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response); +void dumpAuthRequest(FILE *fp, tSmbNtlmAuthRequest *request); +void dumpAuthChallenge(FILE *fp, tSmbNtlmAuthChallenge *challenge); +void dumpAuthResponse(FILE *fp, tSmbNtlmAuthResponse *response); -void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request) { +void dumpAuthRequest(FILE *fp, tSmbNtlmAuthRequest *request) { fprintf(fp, "NTLM Request:\n"); fprintf(fp, " Ident = %s\n", request->ident); fprintf(fp, " mType = %u\n", IVAL(&request->msgType, 0)); @@ -1313,7 +1295,7 @@ void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request) { fprintf(fp, " Domain = %s\n", GetString(request, domain)); } -void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge) { +void dumpAuthChallenge(FILE *fp, tSmbNtlmAuthChallenge *challenge) { fprintf(fp, "NTLM Challenge:\n"); fprintf(fp, " Ident = %s\n", challenge->ident); fprintf(fp, " mType = %u\n", IVAL(&challenge->msgType, 0)); @@ -1324,7 +1306,7 @@ void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge) { fprintf(fp, " Incomplete!! parse optional parameters\n"); } -void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response) { +void dumpAuthResponse(FILE *fp, tSmbNtlmAuthResponse *response) { fprintf(fp, "NTLM Response:\n"); fprintf(fp, " Ident = %s\n", response->ident); fprintf(fp, " mType = %u\n", IVAL(&response->msgType, 0)); @@ -1340,12 +1322,6 @@ void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response) { fprintf(fp, " Flags = %08x\n", IVAL(&response->flags, 0)); } - - - - - - /* * base64.c -- base-64 conversion routines. * @@ -1360,22 +1336,13 @@ void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response) { * This code borrowed from fetchmail sources */ - static const char base64digits[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -#define BAD -1 -static const char base64val[] = { - BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, - BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, - BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, 62, BAD, BAD, BAD, 63, - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, BAD, BAD, BAD, BAD, BAD, BAD, - BAD, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, BAD, BAD, BAD, BAD, BAD, - BAD, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, - 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, BAD, BAD, BAD, BAD, BAD -}; +#define BAD -1 +static const char base64val[] = {BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, 62, BAD, BAD, BAD, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, BAD, BAD, BAD, BAD, BAD, BAD, + BAD, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, BAD, BAD, BAD, BAD, BAD, BAD, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, BAD, BAD, BAD, BAD, BAD}; -#define DECODE64(c) (isascii(c) ? base64val[c] : BAD) +#define DECODE64(c) (isascii(c) ? base64val[c] : BAD) void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen) diff --git a/ntlm.h b/ntlm.h index 85f8f7f..3150536 100644 --- a/ntlm.h +++ b/ntlm.h @@ -2,75 +2,78 @@ Single file NTLM system to create and parse authentication messages. http://www.reversing.org - ilo-- ilo@reversing.org + ilo-- ilo@reversing.org - I did copy&paste&modify several files to leave independent NTLM code - that compile in cygwin/linux environment. Most of the code was ripped + I did copy&paste&modify several files to leave independent NTLM code + that compile in cygwin/linux environment. Most of the code was ripped from Samba implementation so I left the Copying statement. Samba core code was left unmodified from 1.9 version. Also libntlm was ripped but rewrote, due to fixed and useless interface. Copyright and licensing information is in ntlm.c file. - NTLM Interface, just two functions: + NTLM Interface, just two functions: - void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain); - if flags is 0 minimun security level is selected, otherwise new value superseeds. - host and domain are optional, they may be NULLed. + void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, + char *domain); if flags is 0 minimun security level is selected, otherwise + new value superseeds. host and domain are optional, they may be NULLed. - void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domain, char *host); + void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse + *response, long flags, char *user, char *password, char *domain, char *host); Given a challenge, generates a response for that user/passwd/host/domain. - flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication + flags, host, and domain superseeds given by server. Leave 0 and NULL for + server authentication - This is an usage sample: + This is an usage sample: - ... - //beware of fixed sized buffer, asserts may fail, don't use long strings :) - //Yes, I Know, year 2k6 and still with this shit.. - unsigned char buf[4096]; - unsigned char buf2[4096]; + ... + //beware of fixed sized buffer, asserts may fail, don't use long + strings :) + //Yes, I Know, year 2k6 and still with this shit.. + unsigned char buf[4096]; + unsigned char buf2[4096]; - //send auth request: let the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest*)buf2,0,NULL,NULL); - to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthRequest*)buf2)); - send_to_server(buf); + //send auth request: let the server send it's own hostname and + domainname buildAuthRequest((tSmbNtlmAuthRequest*)buf2,0,NULL,NULL); + to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthRequest*)buf2)); + send_to_server(buf); - //receive challenge - receive_from_server(buf); + //receive challenge + receive_from_server(buf); - //build response with hostname and domainname from server - buildAuthResponse((tSmbNtlmAuthChallenge*)buf,(tSmbNtlmAuthResponse*)buf2,0,"username","password",NULL,NULL); - to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthResponse*)buf2)); - send_to_server(buf); + //build response with hostname and domainname from server + buildAuthResponse((tSmbNtlmAuthChallenge*)buf,(tSmbNtlmAuthResponse*)buf2,0,"username","password",NULL,NULL); + to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthResponse*)buf2)); + send_to_server(buf); - //get reply and Check if ok - ... + //get reply and Check if ok + ... included bonus!!: Base64 code int32_t from64tobits(char *out, const char *in); - void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen); + void to64frombits(unsigned char *out, const unsigned char *in, int32_t + inlen); - You don't need to read the rest of the file. + You don't need to read the rest of the file. */ - -/* +/* * These structures are byte-order dependant, and should not * be manipulated except by the use of the routines provided */ #ifdef __sun - #include +#include #elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) - #include +#include #else - #include +#include #endif typedef unsigned short uint16; @@ -105,7 +108,6 @@ typedef struct { uint32 bufIndex; } tSmbNtlmAuthChallenge; - typedef struct { char ident[8]; uint32 msgType; @@ -120,34 +122,33 @@ typedef struct { uint32 bufIndex; } tSmbNtlmAuthResponse; - -extern void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain); +extern void buildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain); /* reversing interface */ /* ntlm functions */ -void BuildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain); +void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain); -// if flags is 0 minimun security level is selected, otherwise new value superseeds. -// host and domain are optional, they may be NULLed. +// if flags is 0 minimun security level is selected, otherwise new value +// superseeds. host and domain are optional, they may be NULLed. +void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domain, char *host); -void buildAuthResponse(tSmbNtlmAuthChallenge * challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domain, char *host); - -//Given a challenge, generates a response for that user/passwd/host/domain. -//flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication +// Given a challenge, generates a response for that user/passwd/host/domain. +// flags, host, and domain superseeds given by server. Leave 0 and NULL for +// server authentication /* Base64 code*/ int32_t from64tobits(char *out, const char *in); void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen); -void xor(char *out, char *in1, char *in2, int32_t n); +void xor (char *out, char *in1, char *in2, int32_t n); // info functions -void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request); -void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge); -void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response); +void dumpAuthRequest(FILE *fp, tSmbNtlmAuthRequest *request); +void dumpAuthChallenge(FILE *fp, tSmbNtlmAuthChallenge *challenge); +void dumpAuthResponse(FILE *fp, tSmbNtlmAuthResponse *response); void strupper(char *s); -#define SmbLength(ptr) (((ptr)->buffer - (uint8*)(ptr)) + (ptr)->bufIndex) +#define SmbLength(ptr) (((ptr)->buffer - (uint8 *)(ptr)) + (ptr)->bufIndex) diff --git a/performance.h b/performance.h index 10759f8..8fcced9 100644 --- a/performance.h +++ b/performance.h @@ -1,13 +1,13 @@ -#include -#include #include +#include +#include #include #include #include -#include +#include /* handles select errors */ -int32_t my_select(int32_t fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec) { +int32_t my_select(int32_t fd, fd_set *fdread, fd_set *fdwrite, fd_set *fdex, long sec, long usec) { int32_t ret_val; struct timeval stv; fd_set *fdr2, *fdw2, *fde2; @@ -18,10 +18,12 @@ int32_t my_select(int32_t fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, fde2 = fdex; stv.tv_sec = sec; stv.tv_usec = usec; - if (debug > 1) printf("before select\n"); + if (debug > 1) + printf("before select\n"); ret_val = select(fd, fdr2, fdw2, fde2, &stv); - if (debug > 1) printf("after select\n"); - /* XXX select() sometimes returns errno=EINTR (signal found) */ + if (debug > 1) + printf("after select\n"); + /* XXX select() sometimes returns errno=EINTR (signal found) */ } while (ret_val == -1 && errno == EINTR); return ret_val; @@ -43,7 +45,7 @@ ssize_t read_safe(int32_t fd, void *buffer, size_t len) { tv.tv_sec = 0; tv.tv_usec = 250000; ret = select(fd + 1, &fr, 0, 0, &tv); - /* XXX select() sometimes return errno=EINTR (signal found) */ + /* XXX select() sometimes return errno=EINTR (signal found) */ } while (ret == -1 && errno == EINTR); if (ret < 0) { @@ -55,7 +57,7 @@ ssize_t read_safe(int32_t fd, void *buffer, size_t len) { } if (ret > 0) { - while ((r = read(fd, (char*) ((char*)buffer + total), toread))) { + while ((r = read(fd, (char *)((char *)buffer + total), toread))) { if (r == -1) { if (errno == EAGAIN) break; diff --git a/postgres_ext.h b/postgres_ext.h index 16ceadd..e5791d1 100644 --- a/postgres_ext.h +++ b/postgres_ext.h @@ -4,8 +4,9 @@ * postgres_ext.h * * This file contains declarations of things that are visible everywhere - * in PostgreSQL *and* are visible to clients of frontend interface libraries. - * For example, the Oid type is part of the API of libpq and other libraries. + * in PostgreSQL *and* are visible to clients of frontend interface + *libraries. For example, the Oid type is part of the API of libpq and other + *libraries. * * Declarations which are specific to a particular interface should * go in the header file for that interface (such as libpq-fe.h). This @@ -30,16 +31,15 @@ typedef uint32_t Oid; #ifdef __cplusplus -#define InvalidOid (Oid(0)) +#define InvalidOid (Oid(0)) #else -#define InvalidOid ((Oid) 0) +#define InvalidOid ((Oid)0) #endif -#define OID_MAX UINT_MAX +#define OID_MAX UINT_MAX /* you will need to include to use the above #define */ - /* * NAMEDATALEN is the max length for system identifiers (e.g. table names, * attribute names, function names, etc). It must be a multiple of @@ -49,21 +49,20 @@ typedef uint32_t Oid; */ #define NAMEDATALEN 64 - /* * Identifiers of error message fields. Kept here to keep common * between frontend and backend, and also to export them to libpq * applications. */ -#define PG_DIAG_SEVERITY 'S' -#define PG_DIAG_SQLSTATE 'C' -#define PG_DIAG_MESSAGE_PRIMARY 'M' -#define PG_DIAG_MESSAGE_DETAIL 'D' -#define PG_DIAG_MESSAGE_HINT 'H' +#define PG_DIAG_SEVERITY 'S' +#define PG_DIAG_SQLSTATE 'C' +#define PG_DIAG_MESSAGE_PRIMARY 'M' +#define PG_DIAG_MESSAGE_DETAIL 'D' +#define PG_DIAG_MESSAGE_HINT 'H' #define PG_DIAG_STATEMENT_POSITION 'P' -#define PG_DIAG_CONTEXT 'W' -#define PG_DIAG_SOURCE_FILE 'F' -#define PG_DIAG_SOURCE_LINE 'L' -#define PG_DIAG_SOURCE_FUNCTION 'R' +#define PG_DIAG_CONTEXT 'W' +#define PG_DIAG_SOURCE_FILE 'F' +#define PG_DIAG_SOURCE_LINE 'L' +#define PG_DIAG_SOURCE_FUNCTION 'R' #endif diff --git a/pw-inspector.c b/pw-inspector.c index 11afdc5..ffe93ac 100644 --- a/pw-inspector.c +++ b/pw-inspector.c @@ -1,38 +1,46 @@ -#include -#include -#include -#include #include #include +#include +#include +#include +#include -#define PROGRAM "PW-Inspector" -#define VERSION "v0.2" -#define EMAIL "vh@thc.org" -#define WEB "https://github.com/vanhauser-thc/thc-hydra" +#define PROGRAM "PW-Inspector" +#define VERSION "v0.2" +#define EMAIL "vh@thc.org" +#define WEB "https://github.com/vanhauser-thc/thc-hydra" -#define MAXLENGTH 256 +#define MAXLENGTH 256 char *prg; void help() { printf("%s %s (c) 2005 by van Hauser / THC %s [%s]\n\n", PROGRAM, VERSION, EMAIL, WEB); - printf("Syntax: %s [-i FILE] [-o FILE] [-m MINLEN] [-M MAXLEN] [-c MINSETS] -l -u -n -p -s\n\n", prg); + printf("Syntax: %s [-i FILE] [-o FILE] [-m MINLEN] [-M MAXLEN] [-c MINSETS] " + "-l -u -n -p -s\n\n", + prg); printf("Options:\n"); printf(" -i FILE file to read passwords from (default: stdin)\n"); printf(" -o FILE file to write valid passwords to (default: stdout)\n"); printf(" -m MINLEN minimum length of a valid password\n"); printf(" -M MAXLEN maximum length of a valid password\n"); - printf(" -c MINSETS the minimum number of sets required (default: all given)\n"); + printf(" -c MINSETS the minimum number of sets required (default: all " + "given)\n"); printf("Sets:\n"); printf(" -l lowcase characters (a,b,c,d, etc.)\n"); printf(" -u upcase characters (A,B,C,D, etc.)\n"); printf(" -n numbers (1,2,3,4, etc.)\n"); - printf(" -p printable characters (which are not -l/-n/-p, e.g. $,!,/,(,*, etc.)\n"); - printf(" -s special characters - all others not within the sets above\n"); + printf(" -p printable characters (which are not -l/-n/-p, e.g. " + "$,!,/,(,*, etc.)\n"); + printf(" -s special characters - all others not within the sets " + "above\n"); printf("\n%s reads passwords in and prints those which meet the requirements.\n", PROGRAM); - printf("The return code is the number of valid passwords found, 0 if none was found.\n"); - printf("Use for security: check passwords, if 0 is returned, reject password choice.\n"); - printf("Use for hacking: trim your dictionary file to the pw requirements of the target.\n"); + printf("The return code is the number of valid passwords found, 0 if none " + "was found.\n"); + printf("Use for security: check passwords, if 0 is returned, reject password " + "choice.\n"); + printf("Use for hacking: trim your dictionary file to the pw requirements of " + "the target.\n"); printf("Usage only allowed for legal purposes.\n"); exit(-1); } @@ -137,7 +145,7 @@ int main(int argc, char *argv[]) { if (set_print) { j = 0; for (k = 0; k < strlen(buf); k++) - if (isprint((int32_t) buf[k]) != 0 && isalnum((int32_t) buf[k]) == 0) + if (isprint((int32_t)buf[k]) != 0 && isalnum((int32_t)buf[k]) == 0) j = 1; if (j) i++; @@ -145,7 +153,7 @@ int main(int argc, char *argv[]) { if (set_other) { j = 0; for (k = 0; k < strlen(buf); k++) - if (isprint((int32_t) buf[k]) == 0 && isalnum((int32_t) buf[k]) == 0) + if (isprint((int32_t)buf[k]) == 0 && isalnum((int32_t)buf[k]) == 0) j = 1; if (j) i++; @@ -156,7 +164,8 @@ int main(int argc, char *argv[]) { count++; } } - /* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i, minlen, maxlen, strlen(buf)); */ + /* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i, + * minlen, maxlen, strlen(buf)); */ } fclose(in); fclose(out); diff --git a/sasl.c b/sasl.c index ba08978..7470743 100644 --- a/sasl.c +++ b/sasl.c @@ -87,7 +87,7 @@ void sasl_plain(char *result, char *login, char *pass) { strcpy(result, preplogin); strcpy(result + strlen(preplogin) + 1, preplogin); strcpy(result + 2 * strlen(preplogin) + 2, preppasswd); - hydra_tobase64((unsigned char *) result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250); + hydra_tobase64((unsigned char *)result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250); } free(preplogin); free(preppasswd); @@ -128,8 +128,8 @@ void sasl_cram_md5(char *result, char *pass, char *challenge) { memcpy(ipad, md5_raw, MD5_DIGEST_LENGTH); memcpy(opad, md5_raw, MD5_DIGEST_LENGTH); } else { - strcpy(ipad, preppasswd); // safe - strcpy(opad, preppasswd); // safe + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe } for (i = 0; i < 64; i++) { ipad[i] ^= 0x36; @@ -182,8 +182,8 @@ void sasl_cram_sha1(char *result, char *pass, char *challenge) { memcpy(ipad, sha1_raw, SHA_DIGEST_LENGTH); memcpy(opad, sha1_raw, SHA_DIGEST_LENGTH); } else { - strcpy(ipad, preppasswd); // safe - strcpy(opad, preppasswd); // safe + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe } for (i = 0; i < 64; i++) { ipad[i] ^= 0x36; @@ -236,8 +236,8 @@ void sasl_cram_sha256(char *result, char *pass, char *challenge) { memcpy(ipad, sha256_raw, SHA256_DIGEST_LENGTH); memcpy(opad, sha256_raw, SHA256_DIGEST_LENGTH); } else { - strcpy(ipad, preppasswd); // safe - strcpy(opad, preppasswd); // safe + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe } for (i = 0; i < 64; i++) { ipad[i] ^= 0x36; @@ -285,10 +285,12 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * result = NULL; return; } -//DEBUG S: nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess -//DEBUG S: nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int32_t,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess -//warning some not well configured xmpp server is sending no realm -//DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess + // DEBUG S: + // nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess + // DEBUG S: + // nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int32_t,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess + // warning some not well configured xmpp server is sending no realm + // DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess pbuffer = buffer; do { currentpos++; @@ -309,7 +311,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * } pbuffer++; } while ((pbuffer[0] > 31) && (ind < array_size)); -//save the latest one + // save the latest one if (ind < array_size) { array[ind] = malloc(currentpos + 1); strncpy(array[ind], buffer + lastpos, currentpos); @@ -317,18 +319,18 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * ind++; } for (i = 0; i < ind; i++) { -//removing space chars between comma separated value if any + // removing space chars between comma separated value if any while ((array[i] != NULL) && (array[i][0] == ' ')) { char *tmp = strdup(array[i]); - //memset(array[i], 0, sizeof(array[i])); + // memset(array[i], 0, sizeof(array[i])); strcpy(array[i], tmp + 1); free(tmp); } if (strstr(array[i], "nonce=") != NULL) { -//check if it contains double-quote + // check if it contains double-quote if (strstr(array[i], "\"") != NULL) { -//assume last char is also a double-quote + // assume last char is also a double-quote int32_t nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1; if ((nonce_string_len > 0) && (nonce_string_len <= sizeof(nonce) - 1)) { @@ -351,7 +353,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * } if (strstr(array[i], "realm=") != NULL) { if (strstr(array[i], "\"") != NULL) { -//assume last char is also a double-quote + // assume last char is also a double-quote int32_t realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1; if ((realm_string_len > 0) && (realm_string_len <= sizeof(realm) - 1)) { @@ -373,12 +375,11 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * } } if (strstr(array[i], "qop=") != NULL) { - -/* -The value "auth" indicates authentication; the value "auth-int32_t" indicates -authentication with integrity protection; the value "auth-conf" -indicates authentication with integrity protection and encryption. -*/ + /* + The value "auth" indicates authentication; the value "auth-int32_t" + indicates authentication with integrity protection; the value "auth-conf" + indicates authentication with integrity protection and encryption. + */ auth_find = 1; if ((strstr(array[i], "\"auth\"") == NULL) && (strstr(array[i], "\"auth,") == NULL) && (strstr(array[i], ",auth\"") == NULL)) { int32_t j; @@ -386,14 +387,15 @@ indicates authentication with integrity protection and encryption. for (j = 0; j < ind; j++) if (array[j] != NULL) free(array[j]); - hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only authentication is not supported by server\n"); + hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only " + "authentication is not supported by server\n"); result = NULL; return; } } if (strstr(array[i], "algorithm=") != NULL) { if (strstr(array[i], "\"") != NULL) { -//assume last char is also a double-quote + // assume last char is also a double-quote int32_t algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1; if ((algo_string_len > 0) && (algo_string_len <= sizeof(algo) - 1)) { @@ -405,7 +407,8 @@ indicates authentication with integrity protection and encryption. for (j = 0; j < ind; j++) if (array[j] != NULL) free(array[j]); - hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could not be extracted\n"); + hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could " + "not be extracted\n"); result = NULL; return; } @@ -428,24 +431,25 @@ indicates authentication with integrity protection and encryption. array[i] = NULL; } if (!strlen(algo)) { -//assuming by default algo is MD5 + // assuming by default algo is MD5 memset(algo, 0, sizeof(algo)); strcpy(algo, "MD5"); } -//xmpp case, some xmpp server is not sending the realm so we have to set it up + // xmpp case, some xmpp server is not sending the realm so we have to set it + // up if ((strlen(realm) == 0) && (strstr(type, "xmpp") != NULL)) snprintf(realm, sizeof(realm), "%s", miscptr); -//compute ha1 -//support for algo = MD5 + // compute ha1 + // support for algo = MD5 snprintf(buffer, 500, "%s:%s:%s", preplogin, realm, preppasswd); MD5_Init(&md5c); MD5_Update(&md5c, buffer, strlen(buffer)); MD5_Final(response, &md5c); -//for MD5-sess + // for MD5-sess if (strstr(algo, "5-sess") != NULL) { - buffer[0] = 0; //memset(buffer, 0, sizeof(buffer)); => buffer is char*! + buffer[0] = 0; // memset(buffer, 0, sizeof(buffer)); => buffer is char*! -/* per RFC 2617 Errata ID 1649 */ + /* per RFC 2617 Errata ID 1649 */ if ((strstr(type, "proxy") != NULL) || (strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) { memset(buffer3, 0, sizeof(buffer3)); pbuffer = buffer3; @@ -468,24 +472,24 @@ indicates authentication with integrity protection and encryption. sprintf(pbuffer, "%02x", response[i]); pbuffer += 2; } -//compute ha2 -//proxy case + // compute ha2 + // proxy case if (strstr(type, "proxy") != NULL) sprintf(buffer, "%s:%s", "HEAD", miscptr); else -//http case - if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) + // http case + if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) sprintf(buffer, "%s:%s", type, miscptr); else -//sip case - if (strstr(type, "sip") != NULL) + // sip case + if (strstr(type, "sip") != NULL) sprintf(buffer, "REGISTER:%s:%s", type, miscptr); else -//others - if (strstr(type, "rtsp") != NULL) + // others + if (strstr(type, "rtsp") != NULL) sprintf(buffer, "DESCRIBE:%s://%s:%i", type, webtarget, port); else -//others + // others sprintf(buffer, "AUTHENTICATE:%s/%s", type, realm); MD5_Init(&md5c); @@ -496,7 +500,7 @@ indicates authentication with integrity protection and encryption. sprintf(pbuffer, "%02x", response[i]); pbuffer += 2; } -//compute response + // compute response if (!auth_find) snprintf(buffer, 500, "%s:%s", nonce, buffer2); else @@ -511,35 +515,58 @@ indicates authentication with integrity protection and encryption. sprintf(pbuffer, "%02x", response[i]); pbuffer += 2; } -//create the auth response + // create the auth response if (strstr(type, "proxy") != NULL) { snprintf(result, 500, - "HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + "HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", " + "realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", " + "nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); } else { - if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) || - (strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) { - snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", preplogin, realm, - nonce, algo, type, realm, buffer); + if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) || (strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) { + snprintf(result, 500, + "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=" + "00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", + preplogin, realm, nonce, algo, type, realm, buffer); } else { if (strstr(type, "sip") != NULL) { - snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer); + snprintf(result, 500, + "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\"," + "response=%s", + preplogin, realm, nonce, type, realm, buffer); } else { if (strstr(type, "rtsp") != NULL) { - snprintf(result, 500, "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s://%s:%i\", response=\"%s\"\r\n", preplogin, realm, nonce, type, webtarget, port, buffer); + snprintf(result, 500, + "username=\"%s\", realm=\"%s\", nonce=\"%s\", " + "uri=\"%s://%s:%i\", response=\"%s\"\r\n", + preplogin, realm, nonce, type, webtarget, port, buffer); } else { if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) snprintf(result, 500, - "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: " + "Digest username=\"%s\", realm=\"%s\", response=\"%s\", " + "nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, " + "qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: " + "keep-alive\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) snprintf(result, 500, - "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: " + "Digest username=\"%s\", realm=\"%s\", response=\"%s\", " + "nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, " + "qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); else snprintf(result, 500, - "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest " + "username=\"%s\", realm=\"%s\", response=\"%s\", " + "nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, " + "qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); } } @@ -579,10 +606,10 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha return; } -/*client-final-message */ + /*client-final-message */ if (debug) hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage); -//r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096 + // r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096 if (strstr(serverfirstmessage, "r=") == NULL) { hydra_report(stderr, "Error: Can't understand server message\n"); free(preppasswd); @@ -592,7 +619,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha strncpy(buffer, serverfirstmessage, sizeof(buffer) - 1); buffer[sizeof(buffer) - 1] = '\0'; nonce = strtok(buffer, ","); -//continue to search from the previous successful call + // continue to search from the previous successful call salt = strtok(NULL, ","); ic = strtok(NULL, ","); iter = atoi(ic + 2); @@ -611,7 +638,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha return; } if ((salt != NULL) && (strlen(salt) > 2) && (strlen(salt) <= sizeof(buffer))) -//s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s= + // s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s= strcpy(buffer, salt + 2); else { hydra_report(stderr, "Error: Could not identify server salt value\n"); @@ -620,9 +647,9 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha return; } -/* SaltedPassword := Hi(Normalize(password), salt, i) */ - saltlen = from64tobits((char *) salt, buffer); - if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *) salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) { + /* SaltedPassword := Hi(Normalize(password), salt, i) */ + saltlen = from64tobits((char *)salt, buffer); + if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *)salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) { hydra_report(stderr, "Error: Failed to generate PBKDF2\n"); free(preppasswd); result = NULL; @@ -631,18 +658,18 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha /* ClientKey := HMAC(SaltedPassword, "Client Key") */ #define CLIENT_KEY "Client Key" - HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *) CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen); + HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *)CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen); -/* StoredKey := H(ClientKey) */ - SHA1((const unsigned char *) ClientKey, SHA_DIGEST_LENGTH, StoredKey); + /* StoredKey := H(ClientKey) */ + SHA1((const unsigned char *)ClientKey, SHA_DIGEST_LENGTH, StoredKey); -/* ClientSignature := HMAC(StoredKey, AuthMessage) */ + /* ClientSignature := HMAC(StoredKey, AuthMessage) */ snprintf(AuthMessage, 500, "%s,%s,%s", clientfirstmessagebare, serverfirstmessage, clientfinalmessagewithoutproof); - HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *) AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen); + HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *)AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen); -/* ClientProof := ClientKey XOR ClientSignature */ - xor(ClientProof, (char *) ClientKey, (char *) ClientSignature, 20); - to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20); + /* ClientProof := ClientKey XOR ClientSignature */ + xor(ClientProof, (char *)ClientKey, (char *)ClientSignature, 20); + to64frombits(clientproof_b64, (const unsigned char *)ClientProof, 20); snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64); if (debug) hydra_report(stderr, "DEBUG C: %s\n", result); diff --git a/sasl.h b/sasl.h index 459a5ab..01da091 100644 --- a/sasl.h +++ b/sasl.h @@ -1,8 +1,8 @@ +#include "hydra-mod.h" +#include "ntlm.h" #include #include -#include "ntlm.h" -#include "hydra-mod.h" #define AUTH_ERROR -1 #define AUTH_CLEAR 0 @@ -28,10 +28,7 @@ #endif #endif -typedef enum { - SASL_ALLOW_UNASSIGNED = 1 -} sasl_saslprep_flags; - +typedef enum { SASL_ALLOW_UNASSIGNED = 1 } sasl_saslprep_flags; int32_t print_hex(unsigned char *buf, int32_t len); @@ -39,9 +36,9 @@ void sasl_plain(char *result, char *login, char *pass); int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); #ifdef LIBOPENSSL +#include #include #include -#include void sasl_cram_md5(char *result, char *pass, char *challenge); void sasl_cram_sha1(char *result, char *pass, char *challenge);