From 7f1a9e3496c1356cfa936195f35f27bfef99db65 Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Tue, 24 Jan 2017 09:51:03 +0100
Subject: [PATCH] ssh initial password check now uses the supplied user

---
 CHANGES     | 4 +++-
 README      | 2 +-
 hydra-ssh.c | 9 ++++++++-
 hydra.c     | 4 +++-
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index f598bd1..05002c8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,7 @@ Changelog for hydra
 -------------------
 
 Release 8.4-dev
+! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix
 * Proxy support re-implemented:
   - HYDRA_PROXY[_HTTP] environment can be a text file with up to 64 entries
   - HYDRA_PROXY_AUTH was deprecated, set login/password in HTTP_PROXY[_HTTP]
@@ -10,7 +11,8 @@ Release 8.4-dev
 * New command line options:
    -y : disables -x 1aA interpretation, thanks to crondaemon for the patch
    -I : ignore an existing hydra.restore file (dont wait for 10 seconds)
-* Upgraded hydra-svn to work with the current libsvn version
+* hydra-svn: works now with the current libsvn version
+* hydra-ssh: initial check for password auth support now uses login supplied
 * Fixed dpl4hydra to be able to update from the web again
 * Fixed crash when -U was used without any service (thanks to thecarterb for reporting)
 * Updated default password lists
diff --git a/README b/README
index 8b3afe6..b48bf5b 100644
--- a/README
+++ b/README
@@ -54,7 +54,7 @@ If you are interested in the current development state, the public development
 repository is at Github:
   svn co https://github.com/vanhauser-thc/thc-hydra
  or
-  git clone https://github.com/vanhauser-thc/thc-hydra.git
+  git clone https://github.com/vanhauser-thc/thc-hydra
 Use the development version at your own risk. It contains new features and
 new bugs. Things might not work!
 
diff --git a/hydra-ssh.c b/hydra-ssh.c
index da321cf..cb3acfe 100644
--- a/hydra-ssh.c
+++ b/hydra-ssh.c
@@ -151,6 +151,10 @@ void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE *
 #endif
 #endif
 
+//
+// dirty workaround here: miscptr is the ptr to the logins, and the first one is used
+// to test if password authentication is enabled!!
+//
 int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
   // called before the childrens are forked off, so this is the function
   // which should be filled if initial connections and service setup has to be
@@ -171,7 +175,10 @@ int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FIL
     printf("[INFO] Testing if password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port);
   ssh_options_set(session, SSH_OPTIONS_PORT, &port);
   ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip));
-  ssh_options_set(session, SSH_OPTIONS_USER, "root");
+  if (miscptr == NULL)
+    ssh_options_set(session, SSH_OPTIONS_USER, "hydra");
+  else
+    ssh_options_set(session, SSH_OPTIONS_USER, miscptr);
   ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
   ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
   if (ssh_connect(session) != 0) {
diff --git a/hydra.c b/hydra.c
index 31a27ce..c78529a 100644
--- a/hydra.c
+++ b/hydra.c
@@ -1238,8 +1238,9 @@ void hydra_service_init(int target_no) {
   if (strcmp(hydra_options.service, "socks5") == 0)
     x = service_socks5_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target);
 #ifdef LIBSSH
+  // dirty workaround here:
   if (strcmp(hydra_options.service, "ssh") == 0)
-    x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target);
+    x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, login_ptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target);
   if (strcmp(hydra_options.service, "sshkey") == 0)
     x = service_sshkey_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target);
 #endif
@@ -3274,6 +3275,7 @@ int main(int argc, char *argv[]) {
       //}
       //if (conwait == 0)
       //  hydra_options.conwait = conwait = 1;
+      printf("[WARNING] the rdp module is currently reported to be unreliable, most likely against new Windows version. Please test, report - and if possible, fix.\n");
       i = 1;
     }
     // ADD NEW SERVICES HERE