From 79c6302818c800188b4670d00948866516f0ce9c Mon Sep 17 00:00:00 2001
From: Roman Maksimov <r.l.maksimov@gmail.com>
Date: Wed, 15 May 2019 22:27:49 +0300
Subject: [PATCH] add authentication type switching option

---
 hydra-http-form.c | 31 +++++++++++++++++++++++++++++++
 hydra-http.c      | 15 ++++++++-------
 hydra-http.h      |  1 +
 3 files changed, 40 insertions(+), 7 deletions(-)

diff --git a/hydra-http-form.c b/hydra-http-form.c
index 875222f..bd15970 100644
--- a/hydra-http-form.c
+++ b/hydra-http-form.c
@@ -50,6 +50,7 @@ Added fail or success condition, getting cookies, and allow 5 redirections by da
 */
 
 #include "hydra-http.h"
+#include "sasl.h"
 
 extern char *HYDRA_EXIT;
 char *buf;
@@ -397,6 +398,36 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
    */
   while (*miscptr != 0) {
     switch (miscptr[0]) {
+    case 'a':
+    case 'A':
+      // grab the value
+      ptr = miscptr + 2;
+
+      // and make it lowercase
+      while (*ptr != 0 && *ptr != ':') {
+        *ptr = tolower(*ptr);
+        ptr++;
+      }
+
+      if (*ptr != 0) {
+        *ptr = 0;
+        ptr += 1;
+      }
+
+      // AUTH_BASIC is a default value of http_auth_type variable defined in hydra-http.c, it could be skipped here
+      if (strcmp(miscptr + 2, "basic") == 0)
+        http_auth_type = AUTH_BASIC;
+      else if (strcmp(miscptr + 2, "ntlm") == 0)
+        http_auth_type = AUTH_NTLM;
+      else if (strcmp(miscptr + 2, "digest") == 0)
+        http_auth_type = AUTH_DIGESTMD5;
+      else {
+        hydra_report(stderr, "[ERROR] Incorrect authentication type is provided.\n");
+        return 0;
+      }
+
+      miscptr = ptr;
+      break;
     case 'c':                  // fall through
     case 'C':
       ptr = miscptr + 2;
diff --git a/hydra-http.c b/hydra-http.c
index 4fba1f9..d390db6 100644
--- a/hydra-http.c
+++ b/hydra-http.c
@@ -6,7 +6,7 @@ char *webtarget = NULL;
 char *slash = "/";
 char *http_buf = NULL;
 int32_t webport, freemischttp = 0;
-int32_t http_auth_mechanism = AUTH_BASIC;
+int32_t http_auth_type = AUTH_BASIC;
 
 int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *type, ptr_header_node ptr_head) {
   char *empty = "";
@@ -33,13 +33,13 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
   }
 
   // we must reset this if buf is NULL and we do MD5 digest
-  if (http_buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5)
-    http_auth_mechanism = AUTH_BASIC;
+  if (http_buf == NULL && http_auth_type == AUTH_DIGESTMD5)
+    http_auth_type = AUTH_BASIC;
 
   if (use_proxy > 0 && proxy_count > 0)
     selected_proxy = random() % proxy_count;
 
-  switch (http_auth_mechanism) {
+  switch (http_auth_type) {
   case AUTH_BASIC:
     sprintf(buffer2, "%.50s:%.50s", login, pass);
     hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
@@ -233,17 +233,17 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
       fprintf(stderr, "[WARNING] Unusual return code: %.3s for %s:%s\n", (char *) ptr, login, pass);
 
     //the first authentication type failed, check the type from server header
-    if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) {
+    if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_type == AUTH_BASIC)) {
       //seems the auth supported is not Basic scheme so testing further
       int32_t find_auth = 0;
 
       if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) {
-        http_auth_mechanism = AUTH_NTLM;
+        http_auth_type = AUTH_NTLM;
         find_auth = 1;
       }
 #ifdef LIBOPENSSL
       if (hydra_strcasestr(http_buf, "WWW-Authenticate: Digest") != NULL) {
-        http_auth_mechanism = AUTH_DIGESTMD5;
+        http_auth_type = AUTH_DIGESTMD5;
         find_auth = 1;
       }
 #endif
@@ -393,6 +393,7 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis
 void usage_http(const char* service) {
   printf("Module %s requires the page to authenticate.\n"
          "The following parameters are optional:\n"
+         " (a|A)=type           to use one of the following authentication types: Basic, Digest, NTLM\n"
          " (h|H)=My-Hdr\\: foo   to send a user defined HTTP header with each request\n"
          "For example:  \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: sessid=aaaa\" or \"https://test.com:8080/members\"\n\n", service);
 }
diff --git a/hydra-http.h b/hydra-http.h
index b6b4c2b..8dffdf7 100644
--- a/hydra-http.h
+++ b/hydra-http.h
@@ -14,6 +14,7 @@ typedef struct header_node t_header_node, *ptr_header_node;
 extern char *webtarget;
 extern char *slash;
 extern char *optional1;
+extern int32_t http_auth_type;
 
 extern int32_t parse_options(char *miscptr, ptr_header_node * ptr_head);
 extern int32_t add_header(ptr_header_node * ptr_head, char *header, char *value, char type);