github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-14 18:48:17 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

code indent

Browse source
This commit is contained in:
van Hauser 2020-02-01 11:47:13 +01:00
commit 720bdb3f96
83 changed files with 6377 additions and 6240 deletions
Download patch file Download diff file Expand all files Collapse all files

71
hydra-vnc.c
View file

@ -5,14 +5,14 @@
*
*/
#include "hydra-mod.h"
#include "d3des.h"
#include "hydra-mod.h"
#define CHALLENGESIZE 16
//for RFB 003.003 & 003.005
// for RFB 003.003 & 003.005
#define RFB33 1
//for RFB 3.7 and onwards
// for RFB 3.7 and onwards
#define RFB37 2
int32_t vnc_client_version = RFB33;
@ -44,7 +44,7 @@ void vncEncryptBytes(unsigned char *bytes, char *passwd) {
}
}
int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *pass;
unsigned char buf2[CHALLENGESIZE + 4];
@ -57,22 +57,22 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char
if (vnc_client_version == RFB37) {
int32_t i;
//fprintf(stderr,"number of security types supported: %d\n", buf2[0]);
// fprintf(stderr,"number of security types supported: %d\n", buf2[0]);
if (buf2[0] == 0 || buf2[0] > CHALLENGESIZE + 4) {
hydra_report(stderr, "[ERROR] VNC server connection failed\n");
hydra_child_exit(0);
}
for (i = 1; i <= buf2[0]; i++) {
//fprintf(stderr,"sec type %u\n",buf2[i]);
//check if weak security types are available
// fprintf(stderr,"sec type %u\n",buf2[i]);
// check if weak security types are available
if (buf2[i] <= 0x2) {
buf2[3] = buf2[i];
break;
}
}
}
//supported security type
// supported security type
switch (buf2[3]) {
case 0x0:
hydra_report(stderr, "[ERROR] VNC server told us to quit %c\n", buf2[3]);
@ -87,24 +87,24 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char
hydra_child_exit(2);
break;
case 0x2:
//VNC security type supported is the only type supported for now
// VNC security type supported is the only type supported for now
if (vnc_client_version == RFB37) {
sprintf(buf, "%c", 0x2);
if (hydra_send(s, buf, strlen(buf), 0) < 0) {
return 1;
}
//get authentication challenge from server
// get authentication challenge from server
if (recv(s, buf2, CHALLENGESIZE, 0) == -1)
return 1;
//send response
// send response
vncEncryptBytes(buf2, pass);
if (hydra_send(s, (char *) buf2, CHALLENGESIZE, 0) < 0) {
if (hydra_send(s, (char *)buf2, CHALLENGESIZE, 0) < 0) {
return 1;
}
} else {
//in old proto, challenge is following the security type
vncEncryptBytes((unsigned char *) buf2 + 4, pass);
if (hydra_send(s, (char *) buf2 + 4, CHALLENGESIZE, 0) < 0) {
// in old proto, challenge is following the security type
vncEncryptBytes((unsigned char *)buf2 + 4, pass);
if (hydra_send(s, (char *)buf2 + 4, CHALLENGESIZE, 0) < 0) {
return 1;
}
}
@ -114,7 +114,7 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char
hydra_child_exit(2);
}
//check security result value
// check security result value
recv(s, buf, 4, 0);
if (buf == NULL)
return 1;
@ -142,10 +142,10 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char
return 1;
}
return 1; /* never reached */
return 1; /* never reached */
}
void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_VNC, mysslport = PORT_VNC_SSL;
@ -154,7 +154,7 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
@ -169,26 +169,28 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
usleepn(300);
buf = hydra_receive_line(sock);
if (buf == NULL || (strncmp(buf, "RFB", 3) != 0)) { /* check the first line */
if (buf == NULL || (strncmp(buf, "RFB", 3) != 0)) { /* check the first line */
hydra_report(stderr, "[ERROR] Not a VNC protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
}
if (strstr(buf, " security failures") != NULL) { /* check the first line */
if (strstr(buf, " security failures") != NULL) { /* check the first line */
/*
VNC has a 'blacklisting' scheme that blocks an IP address after five unsuccessful connection attempts.
The IP address is initially blocked for ten seconds,
but this doubles for each unsuccessful attempt thereafter.
A successful connection from an IP address resets the blacklist timeout.
This is built in to VNC Server and does not rely on operating system support.
VNC has a 'blacklisting' scheme that blocks an IP address after five
unsuccessful connection attempts. The IP address is initially blocked
for ten seconds, but this doubles for each unsuccessful attempt
thereafter. A successful connection from an IP address resets the
blacklist timeout. This is built in to VNC Server and does not rely
on operating system support.
*/
failed_auth++;
hydra_report(stderr, "VNC server reported too many authentication failures, have to wait some seconds ...\n");
hydra_report(stderr, "VNC server reported too many authentication "
"failures, have to wait some seconds ...\n");
sleep(12 * failed_auth);
free(buf);
next_run = 1;
@ -197,12 +199,13 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
if (verbose)
hydra_report(stderr, "[VERBOSE] Server banner is %s\n", buf);
if (((strstr(buf, "RFB 005.000") != NULL) || (strstr(buf, "RFB 004") != NULL) || (strstr(buf, "RFB 003.007") != NULL) || (strstr(buf, "RFB 003.008") != NULL))) {
//using proto version 003.007 to talk to server 005.xxx and 004.xxx same for 3.7 and 3.8
// using proto version 003.007 to talk to server 005.xxx and 004.xxx
// same for 3.7 and 3.8
vnc_client_version = RFB37;
free(buf);
buf = strdup("RFB 003.007\n");
} else {
//for RFB 3.3 and fake 3.5
// for RFB 3.3 and fake 3.5
vnc_client_version = RFB33;
free(buf);
buf = strdup("RFB 003.003\n");
@ -210,10 +213,10 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
hydra_send(sock, buf, strlen(buf), 0);
next_run = 2;
break;
case 2: /* run the cracking function */
case 2: /* run the cracking function */
next_run = start_vnc(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
@ -231,13 +234,13 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
}
}
int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here