github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-05 20:41:39 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

code indent

Browse source
This commit is contained in:
van Hauser 2020-02-01 11:47:13 +01:00
parent 531ee7734b
commit 720bdb3f96
83 changed files with 6377 additions and 6240 deletions
Download patch file Download diff file Expand all files Collapse all files

165
sasl.c
View file

@ -87,7 +87,7 @@ void sasl_plain(char *result, char *login, char *pass) {
strcpy(result, preplogin);
strcpy(result + strlen(preplogin) + 1, preplogin);
strcpy(result + 2 * strlen(preplogin) + 2, preppasswd);
hydra_tobase64((unsigned char *) result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250);
hydra_tobase64((unsigned char *)result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250);
}
free(preplogin);
free(preppasswd);
@ -128,8 +128,8 @@ void sasl_cram_md5(char *result, char *pass, char *challenge) {
memcpy(ipad, md5_raw, MD5_DIGEST_LENGTH);
memcpy(opad, md5_raw, MD5_DIGEST_LENGTH);
} else {
strcpy(ipad, preppasswd); // safe
strcpy(opad, preppasswd); // safe
strcpy(ipad, preppasswd); // safe
strcpy(opad, preppasswd); // safe
}
for (i = 0; i < 64; i++) {
ipad[i] ^= 0x36;
@ -182,8 +182,8 @@ void sasl_cram_sha1(char *result, char *pass, char *challenge) {
memcpy(ipad, sha1_raw, SHA_DIGEST_LENGTH);
memcpy(opad, sha1_raw, SHA_DIGEST_LENGTH);
} else {
strcpy(ipad, preppasswd); // safe
strcpy(opad, preppasswd); // safe
strcpy(ipad, preppasswd); // safe
strcpy(opad, preppasswd); // safe
}
for (i = 0; i < 64; i++) {
ipad[i] ^= 0x36;
@ -236,8 +236,8 @@ void sasl_cram_sha256(char *result, char *pass, char *challenge) {
memcpy(ipad, sha256_raw, SHA256_DIGEST_LENGTH);
memcpy(opad, sha256_raw, SHA256_DIGEST_LENGTH);
} else {
strcpy(ipad, preppasswd); // safe
strcpy(opad, preppasswd); // safe
strcpy(ipad, preppasswd); // safe
strcpy(opad, preppasswd); // safe
}
for (i = 0; i < 64; i++) {
ipad[i] ^= 0x36;
@ -285,10 +285,12 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
result = NULL;
return;
}
//DEBUG S: nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess
//DEBUG S: nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int32_t,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess
//warning some not well configured xmpp server is sending no realm
//DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess
// DEBUG S:
// nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess
// DEBUG S:
// nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int32_t,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess
// warning some not well configured xmpp server is sending no realm
// DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess
pbuffer = buffer;
do {
currentpos++;
@ -309,7 +311,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
}
pbuffer++;
} while ((pbuffer[0] > 31) && (ind < array_size));
//save the latest one
// save the latest one
if (ind < array_size) {
array[ind] = malloc(currentpos + 1);
strncpy(array[ind], buffer + lastpos, currentpos);
@ -317,18 +319,18 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
ind++;
}
for (i = 0; i < ind; i++) {
//removing space chars between comma separated value if any
// removing space chars between comma separated value if any
while ((array[i] != NULL) && (array[i][0] == ' ')) {
char *tmp = strdup(array[i]);
//memset(array[i], 0, sizeof(array[i]));
// memset(array[i], 0, sizeof(array[i]));
strcpy(array[i], tmp + 1);
free(tmp);
}
if (strstr(array[i], "nonce=") != NULL) {
//check if it contains double-quote
// check if it contains double-quote
if (strstr(array[i], "\"") != NULL) {
//assume last char is also a double-quote
// assume last char is also a double-quote
int32_t nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1;
if ((nonce_string_len > 0) && (nonce_string_len <= sizeof(nonce) - 1)) {
@ -351,7 +353,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
}
if (strstr(array[i], "realm=") != NULL) {
if (strstr(array[i], "\"") != NULL) {
//assume last char is also a double-quote
// assume last char is also a double-quote
int32_t realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1;
if ((realm_string_len > 0) && (realm_string_len <= sizeof(realm) - 1)) {
@ -373,12 +375,11 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
}
}
if (strstr(array[i], "qop=") != NULL) {
/*
The value "auth" indicates authentication; the value "auth-int32_t" indicates
authentication with integrity protection; the value "auth-conf"
indicates authentication with integrity protection and encryption.
*/
/*
The value "auth" indicates authentication; the value "auth-int32_t"
indicates authentication with integrity protection; the value "auth-conf"
indicates authentication with integrity protection and encryption.
*/
auth_find = 1;
if ((strstr(array[i], "\"auth\"") == NULL) && (strstr(array[i], "\"auth,") == NULL) && (strstr(array[i], ",auth\"") == NULL)) {
int32_t j;
@ -386,14 +387,15 @@ indicates authentication with integrity protection and encryption.
for (j = 0; j < ind; j++)
if (array[j] != NULL)
free(array[j]);
hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only authentication is not supported by server\n");
hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only "
"authentication is not supported by server\n");
result = NULL;
return;
}
}
if (strstr(array[i], "algorithm=") != NULL) {
if (strstr(array[i], "\"") != NULL) {
//assume last char is also a double-quote
// assume last char is also a double-quote
int32_t algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1;
if ((algo_string_len > 0) && (algo_string_len <= sizeof(algo) - 1)) {
@ -405,7 +407,8 @@ indicates authentication with integrity protection and encryption.
for (j = 0; j < ind; j++)
if (array[j] != NULL)
free(array[j]);
hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could not be extracted\n");
hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could "
"not be extracted\n");
result = NULL;
return;
}
@ -428,24 +431,25 @@ indicates authentication with integrity protection and encryption.
array[i] = NULL;
}
if (!strlen(algo)) {
//assuming by default algo is MD5
// assuming by default algo is MD5
memset(algo, 0, sizeof(algo));
strcpy(algo, "MD5");
}
//xmpp case, some xmpp server is not sending the realm so we have to set it up
// xmpp case, some xmpp server is not sending the realm so we have to set it
// up
if ((strlen(realm) == 0) && (strstr(type, "xmpp") != NULL))
snprintf(realm, sizeof(realm), "%s", miscptr);
//compute ha1
//support for algo = MD5
// compute ha1
// support for algo = MD5
snprintf(buffer, 500, "%s:%s:%s", preplogin, realm, preppasswd);
MD5_Init(&md5c);
MD5_Update(&md5c, buffer, strlen(buffer));
MD5_Final(response, &md5c);
//for MD5-sess
// for MD5-sess
if (strstr(algo, "5-sess") != NULL) {
buffer[0] = 0; //memset(buffer, 0, sizeof(buffer)); => buffer is char*!
buffer[0] = 0; // memset(buffer, 0, sizeof(buffer)); => buffer is char*!
/* per RFC 2617 Errata ID 1649 */
/* per RFC 2617 Errata ID 1649 */
if ((strstr(type, "proxy") != NULL) || (strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) {
memset(buffer3, 0, sizeof(buffer3));
pbuffer = buffer3;
@ -468,24 +472,24 @@ indicates authentication with integrity protection and encryption.
sprintf(pbuffer, "%02x", response[i]);
pbuffer += 2;
}
//compute ha2
//proxy case
// compute ha2
// proxy case
if (strstr(type, "proxy") != NULL)
sprintf(buffer, "%s:%s", "HEAD", miscptr);
else
//http case
if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL))
// http case
if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL))
sprintf(buffer, "%s:%s", type, miscptr);
else
//sip case
if (strstr(type, "sip") != NULL)
// sip case
if (strstr(type, "sip") != NULL)
sprintf(buffer, "REGISTER:%s:%s", type, miscptr);
else
//others
if (strstr(type, "rtsp") != NULL)
// others
if (strstr(type, "rtsp") != NULL)
sprintf(buffer, "DESCRIBE:%s://%s:%i", type, webtarget, port);
else
//others
// others
sprintf(buffer, "AUTHENTICATE:%s/%s", type, realm);
MD5_Init(&md5c);
@ -496,7 +500,7 @@ indicates authentication with integrity protection and encryption.
sprintf(pbuffer, "%02x", response[i]);
pbuffer += 2;
}
//compute response
// compute response
if (!auth_find)
snprintf(buffer, 500, "%s:%s", nonce, buffer2);
else
@ -511,35 +515,58 @@ indicates authentication with integrity protection and encryption.
sprintf(pbuffer, "%02x", response[i]);
pbuffer += 2;
}
//create the auth response
// create the auth response
if (strstr(type, "proxy") != NULL) {
snprintf(result, 500,
"HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
"HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", "
"realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", "
"nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: "
"Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header);
} else {
if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) ||
(strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) {
snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", preplogin, realm,
nonce, algo, type, realm, buffer);
if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) || (strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) {
snprintf(result, 500,
"username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc="
"00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s",
preplogin, realm, nonce, algo, type, realm, buffer);
} else {
if (strstr(type, "sip") != NULL) {
snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer);
snprintf(result, 500,
"username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\","
"response=%s",
preplogin, realm, nonce, type, realm, buffer);
} else {
if (strstr(type, "rtsp") != NULL) {
snprintf(result, 500, "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s://%s:%i\", response=\"%s\"\r\n", preplogin, realm, nonce, type, webtarget, port, buffer);
snprintf(result, 500,
"username=\"%s\", realm=\"%s\", nonce=\"%s\", "
"uri=\"%s://%s:%i\", response=\"%s\"\r\n",
preplogin, realm, nonce, type, webtarget, port, buffer);
} else {
if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
snprintf(result, 500,
"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: "
"Digest username=\"%s\", realm=\"%s\", response=\"%s\", "
"nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, "
"qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic "
"%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: "
"keep-alive\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication[selected_proxy], header);
else {
if (use_proxy == 1)
snprintf(result, 500,
"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: "
"Digest username=\"%s\", realm=\"%s\", response=\"%s\", "
"nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, "
"qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 "
"(Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header);
else
snprintf(result, 500,
"%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
"%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest "
"username=\"%s\", realm=\"%s\", response=\"%s\", "
"nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, "
"qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 "
"(Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header);
}
}
@ -579,10 +606,10 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
return;
}
/*client-final-message */
/*client-final-message */
if (debug)
hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage);
//r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096
// r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096
if (strstr(serverfirstmessage, "r=") == NULL) {
hydra_report(stderr, "Error: Can't understand server message\n");
free(preppasswd);
@ -592,7 +619,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
strncpy(buffer, serverfirstmessage, sizeof(buffer) - 1);
buffer[sizeof(buffer) - 1] = '\0';
nonce = strtok(buffer, ",");
//continue to search from the previous successful call
// continue to search from the previous successful call
salt = strtok(NULL, ",");
ic = strtok(NULL, ",");
iter = atoi(ic + 2);
@ -611,7 +638,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
return;
}
if ((salt != NULL) && (strlen(salt) > 2) && (strlen(salt) <= sizeof(buffer)))
//s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s=
// s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s=
strcpy(buffer, salt + 2);
else {
hydra_report(stderr, "Error: Could not identify server salt value\n");
@ -620,9 +647,9 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
return;
}
/* SaltedPassword := Hi(Normalize(password), salt, i) */
saltlen = from64tobits((char *) salt, buffer);
if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *) salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) {
/* SaltedPassword := Hi(Normalize(password), salt, i) */
saltlen = from64tobits((char *)salt, buffer);
if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *)salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) {
hydra_report(stderr, "Error: Failed to generate PBKDF2\n");
free(preppasswd);
result = NULL;
@ -631,18 +658,18 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
/* ClientKey := HMAC(SaltedPassword, "Client Key") */
#define CLIENT_KEY "Client Key"
HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *) CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen);
HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *)CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen);
/* StoredKey := H(ClientKey) */
SHA1((const unsigned char *) ClientKey, SHA_DIGEST_LENGTH, StoredKey);
/* StoredKey := H(ClientKey) */
SHA1((const unsigned char *)ClientKey, SHA_DIGEST_LENGTH, StoredKey);
/* ClientSignature := HMAC(StoredKey, AuthMessage) */
/* ClientSignature := HMAC(StoredKey, AuthMessage) */
snprintf(AuthMessage, 500, "%s,%s,%s", clientfirstmessagebare, serverfirstmessage, clientfinalmessagewithoutproof);
HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *) AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen);
HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *)AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen);
/* ClientProof := ClientKey XOR ClientSignature */
xor(ClientProof, (char *) ClientKey, (char *) ClientSignature, 20);
to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20);
/* ClientProof := ClientKey XOR ClientSignature */
xor(ClientProof, (char *)ClientKey, (char *)ClientSignature, 20);
to64frombits(clientproof_b64, (const unsigned char *)ClientProof, 20);
snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64);
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", result);