New hydra-http-form

2025-08-21 13:53:59 -07:00 · 2014-08-26 19:37:58 +02:00 · 2014-08-26 19:37:58 +02:00 · 9661cb1053
commit 9661cb1053
parent 01eaf27ea0 6d326078f1
13 changed files with 212 additions and 1096 deletions
--- a/Android.mk
+++ b/Android.mk
@ -0,0 +1,104 @@
+LOCAL_PATH:= $(call my-dir)
+include $(CLEAR_VARS)
+
+LOCAL_CFLAGS:= -O3 -DLIBOPENSSL -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE \
+               -DLIBMYSQLCLIENT -DLIBNCP -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DNO_RINDEX \
+               -DHAVE_MATH_H -DHAVE_MYSQL_H -DOPENSSL_NO_DEPRECATED -DNO_RSA_LEGACY \
+               -fdata-sections -ffunction-sections          
+
+LOCAL_LDFLAGS:=-Wl,--gc-sections
+
+LOCAL_C_INCLUDES:= \
+	$(LOCAL_PATH)\
+	external/openssl/include\
+	external/libssh/include\
+	external/libidn/lib\
+	external/libmysqlclient/include\
+	external/subversion/subversion/include\
+	external/apr/include\
+	external/firebird/include\
+	external/libncp/include\
+	external/libpcre
+	
+LOCAL_SRC_FILES:= \
+	bfg.c\
+	crc32.c\
+	d3des.c\
+	hmacmd5.c\
+	hydra-afp.c\
+	hydra-asterisk.c\
+	hydra.c\
+	hydra-cisco.c\
+	hydra-cisco-enable.c\
+	hydra-cvs.c\
+	hydra-firebird.c\
+	hydra-ftp.c\
+	hydra-http.c\
+	hydra-http-form.c\
+	hydra-http-proxy.c\
+	hydra-http-proxy-urlenum.c\
+	hydra-icq.c\
+	hydra-imap.c\
+	hydra-irc.c\
+	hydra-ldap.c\
+	hydra-mod.c\
+	hydra-mssql.c\
+	hydra-mysql.c\
+	hydra-ncp.c\
+	hydra-nntp.c\
+	hydra-oracle.c\
+	hydra-oracle-listener.c\
+	hydra-oracle-sid.c\
+	hydra-pcanywhere.c\
+	hydra-pcnfs.c\
+	hydra-pop3.c\
+	hydra-postgres.c\
+	hydra-rdp.c\
+	hydra-redis.c\
+	hydra-rexec.c\
+	hydra-rlogin.c\
+	hydra-rsh.c\
+	hydra-s7-300.c\
+	hydra-sapr3.c\
+	hydra-sip.c\
+	hydra-smb.c\
+	hydra-smtp.c\
+	hydra-smtp-enum.c\
+	hydra-snmp.c\
+	hydra-socks5.c\
+	hydra-ssh.c\
+	hydra-sshkey.c\
+	hydra-svn.c\
+	hydra-teamspeak.c\
+	hydra-telnet.c\
+	hydra-vmauthd.c\
+	hydra-vnc.c\
+	hydra-xmpp.c\
+	ntlm.c\
+	sasl.c
+
+LOCAL_STATIC_LIBRARIES := \
+	libfbclient \
+	libidn \
+	libmysqlclient \
+	libncp \
+	libpcre \
+	libpcrecpp \
+	libpcreposix \
+	libpq \
+	libssh \
+	libsvn_client-1 \
+	libapr-1 \
+	libaprutil-1 \
+	libiconv\
+	libneon
+						
+LOCAL_SHARED_LIBRARIES := \
+	libcrypto\
+	libssl\
+	libsqlite\
+	libexpat
+					
+LOCAL_MODULE:= hydra
+
+include $(BUILD_EXECUTABLE)
--- a/10
+++ b/10
@ -1,6 +1,16 @@
 Changelog for hydra
 -------------------

+Release 8.1-pre
+* Fixed for cisco-enable if an intial Login/Password is used (thanks to joswr1te for reporting)
+* Added patch by tux-mind for better MySQL compilation and an Android patches and Makefile. Thanks!
+* Added xhydra gtk patch by Petar Kaleychev to support -e r reverse login attempt, thanks!
+* Fixed a crash in the cisco module (thanks to Anatoly Mamaev for reporting)
+* Small fix for HTTP form module for redirect pages where a S= string match would not work (thanks to mkosmach for reporting)
+* Updated configure to detect subversion packages on current Cygwin
+* Fixed RDP module to support the port option (thanks to and.enshin(at)gmail.com)
+
+
 Release 8.0
 ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
 * Added module for redis (submitted by Alejandro Ramos, thanks!)
--- a/30
+++ b/30
@ -3,17 +3,7 @@
 # uname -s = Linux | OpenBSD | FreeBSD
 # uname -m = i636 or x86_64

-if [ "$1" = "-h" ]; then
-  echo Options:
-  echo "  --prefix=path              path to install hydra and its datafiles to"
-  echo "  --with-oracle=prefix       prefix for oracle include dir"
-  echo "  --with-oracle-lib=prefix   prefix for oracle lib dir"
-  echo "  --disable-xhydra           disable compilation of hydra GUI"
-  echo "  --nostrip                  do not per default strip binaries before install"
-  echo "  --help                     this here"
-  exit 0
-fi
-if [ "$1" = "--help" ]; then
+if [ "$1" = "-h" -o "$1" = "--help" ]; then
  echo Options:
  echo "  --prefix=path              path to install hydra and its datafiles to"
  echo "  --with-oracle=prefix       prefix for oracle include dir"
@ -30,7 +20,7 @@ rm -f Makefile.in
 SYSS=`uname -s 2> /dev/null`
 SYSO=`uname -o 2> /dev/null`
 SIXFOUR=""
-if [ "$SYSS" = "Linux" -o "$SYSS" = "OpenBSD" -o "$SYSS" = "FreeBSD" -o "$SYSS" = "NetBSD" ]; then
+if [ "$SYSS" = "Linux" -o "$SYSS" = "OpenBSD" -o "$SYSS" = "FreeBSD" -o "$SYSS" = "NetBSD" -o "$SYSS" = "Darwin" ]; then
  SF=`uname -m | grep 64`
  if [ `uname -m` = "s390x" ]; then
    SF=64
@ -323,6 +313,12 @@ for i in $LIBDIRS ; do
 	    APR_PATH="$i"
        fi
    fi
+    if [ "X" = "X$SVN_PATH" ]; then
+        if [ -f "$i/libsvn_client-1.dll.a" ]&&[ -f "$i/libapr-1.dll.a" ]&&[ -f "$i/libaprutil-1.dll.a" ]; then
+            SVN_PATH="$i"
+	    APR_PATH="$i"
+        fi
+    fi
    if [ "X" = "X$SVN_PATH" ]; then
        if [ -f "$i/libsvn_client-1.dylib" ]&&[ -f "$i/libapr-1.dylib" ]&&[ -f "$i/libaprutil-1.dylib" ]; then
            SVN_PATH="$i"
@ -451,10 +447,15 @@ for i in $LIBDIRS ; do
        fi
    fi
 done
+MYSQLINSUBDIR=""
 for i in $INCDIRS ; do
    if [ "X" != "X$MYSQL_PATH" ]; then
        if [ -f "$i/mysql/mysql.h" ]; then
            MYSQL_IPATH="$i/mysql"
+            MYSQLINSUBDIR="mysql/"
+        fi
+        if [ -f "$i/mysql.h" ]; then
+            MYSQL_IPATH="$i"
        fi
    fi
 done
@ -931,6 +932,11 @@ if [ -n "$SVN_IPATH" ]; then
 fi
 if [ -n "$MYSQL_IPATH" ]; then
    XIPATHS="$XIPATHS -I$MYSQL_IPATH"
+    if [ -n "$MYSQLINSUBDIR" ]; then
+       XDEFINES="$XDEFINES -DHAVE_MYSQL_MYSQL_H"
+    else
+       XDEFINES="$XDEFINES -DHAVE_MYSQL_H"
+    fi
 fi
 if [ -n "$AFP_IPATH" ]; then
    XIPATHS="$XIPATHS -I$AFP_IPATH"
--- a/hydra-cisco.c
+++ b/hydra-cisco.c
@ -24,6 +24,7 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr,
    return 1;
  }
  sleep(1);
+  buf = NULL;
  do {
    if (buf != NULL)
      free(buf);
@ -51,8 +52,11 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr,
    if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
      return 1;
    }
+    
+    buf = NULL;
    do {
-      free(buf);
+      if (buf != NULL)
+        free(buf);
      if ((buf = hydra_receive_line(s)) == NULL)
        return 3;
      if (buf[strlen(buf) - 1] == '\n')
@ -78,6 +82,7 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr,
      if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
        return 1;
      }
+      buf = NULL;
      do {
        if (buf != NULL)
          free(buf);
--- a/hydra-gtk/src/callbacks.c
+++ b/hydra-gtk/src/callbacks.c
@ -150,7 +150,7 @@ int hydra_get_options(char *options[]) {
    }
  }

-  /* empty passes / login as pass? */
+  /* empty passes / login as pass / reversed login? */
  memset(passLoginNull, 0, 4);
  widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassNull");
  if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
@ -164,6 +164,17 @@ int hydra_get_options(char *options[]) {
      passLoginNull[1] = 's';
    }
  }
+  /* The "Try reversed login" button was implemented by Petar Kaleychev <petar.kaleychev@gmail.com> */
+  widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassReverse");
+  if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
+    if (passLoginNull[0] == 0) {
+      passLoginNull[0] = 'r';
+    } else if (passLoginNull[1] == 0) {
+      passLoginNull[1] = 'r';
+    } else {
+      passLoginNull[2] = 'r';
+    }
+  }
  if (passLoginNull[0] != 0) {
    options[i++] = "-e";
    options[i++] = passLoginNull;
--- a/hydra-gtk/src/interface.c
+++ b/hydra-gtk/src/interface.c
@ -88,6 +88,7 @@ GtkWidget *create_wndMain(void) {
  GtkWidget *table6;
  GtkWidget *chkPassLogin;
  GtkWidget *chkPassNull;
+  GtkWidget *chkPassReverse;
  GtkWidget *label2;
  GtkWidget *table4;
  GtkWidget *frame9;
@ -528,7 +529,7 @@ GtkWidget *create_wndMain(void) {
  gtk_widget_show(label20);
  gtk_frame_set_label_widget(GTK_FRAME(frame8), label20);

-  table6 = gtk_table_new(1, 2, FALSE);
+  table6 = gtk_table_new(1, 3, FALSE);
  gtk_widget_set_name(table6, "table6");
  gtk_widget_show(table6);
  gtk_box_pack_start(GTK_BOX(vbox2), table6, TRUE, TRUE, 0);
@ -545,6 +546,12 @@ GtkWidget *create_wndMain(void) {
  gtk_table_attach(GTK_TABLE(table6), chkPassNull, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
  gtk_tooltips_set_tip(tooltips, chkPassNull, "Enable this option to try an empty password, in addition to the password/file", NULL);

+  chkPassReverse = gtk_check_button_new_with_mnemonic ("Try reversed login");
+  gtk_widget_set_name (chkPassReverse, "chkPassReverse");
+  gtk_widget_show (chkPassReverse);
+  gtk_table_attach (GTK_TABLE (table6), chkPassReverse, 2, 3, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
+  gtk_tooltips_set_tip (tooltips, chkPassReverse, "Enable this option to try an reverse password, in addition to the password/file", NULL);
+  
  label2 = gtk_label_new("Passwords");
  gtk_widget_set_name(label2, "label2");
  gtk_widget_show(label2);
@ -1049,6 +1056,7 @@ GtkWidget *create_wndMain(void) {
  GLADE_HOOKUP_OBJECT(wndMain, table6, "table6");
  GLADE_HOOKUP_OBJECT(wndMain, chkPassLogin, "chkPassLogin");
  GLADE_HOOKUP_OBJECT(wndMain, chkPassNull, "chkPassNull");
+  GLADE_HOOKUP_OBJECT(wndMain, chkPassReverse, "chkPassReverse");
  GLADE_HOOKUP_OBJECT(wndMain, label2, "label2");
  GLADE_HOOKUP_OBJECT(wndMain, table4, "table4");
  GLADE_HOOKUP_OBJECT(wndMain, frame9, "frame9");
--- a/hydra-http-form.c
+++ b/hydra-http-form.c
--- a/hydra-mod.c
+++ b/hydra-mod.c
@ -3,6 +3,8 @@
 #ifdef LIBOPENSSL
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
 #endif
 #ifdef HAVE_PCRE
 #include <pcre.h>
--- a/hydra-mysql.c
+++ b/hydra-mysql.c
@ -22,8 +22,13 @@ void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE

 #ifndef LIBMYSQLCLIENT
 #else
-
+#if defined(HAVE_MYSQL_MYSQL_H)
 #include <mysql/mysql.h>
+#elif defined(HAVE_MYSQL_H)
+#include <mysql.h>
+#else
+#error libmysqlclient found, but no usable headers available
+#endif
 MYSQL *mysql = NULL;
 #endif

--- a/hydra-rdp.c
+++ b/hydra-rdp.c
@ -2453,6 +2453,9 @@ void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
  int run = 1, next_run = 1;
  int myport = PORT_RDP;

+  if (port != 0)
+    myport = port;
+
  hydra_register_socket(sp);
  if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
    return;
--- a/hydra.c
+++ b/hydra.c
@ -264,7 +264,9 @@ typedef struct {

 // external vars 
 extern char HYDRA_EXIT[5];
+#if !defined(ANDROID) && !defined(__BIONIC__)
 extern int errno;
+#endif
 extern int debug;
 extern int verbose;
 extern int waittime;
@ -501,7 +503,7 @@ void module_usage() {
             "Examples:\n"
             "  hydra -P pass.txt target cisco-enable  (direct console access)\n"
             "  hydra -P pass.txt -m cisco target cisco-enable  (Logon password cisco)\n"
-             "  hydra -l foo -m bar -P pass.txt -m cisco target cisco-enable  (AAA Login foo, password bar)\n");
+             "  hydra -l foo -m bar -P pass.txt target cisco-enable  (AAA Login foo, password bar)\n");
      find = 1;
    }
    if (!find && (strcmp(hydra_options.service, "cisco") == 0)) {
@ -2756,8 +2758,10 @@ int main(int argc, char *argv[]) {
    }
    if (strcmp(hydra_options.service, "cisco-enable") == 0) {
      i = 2;
-      if (hydra_options.login == NULL)
-        hydra_options.login = empty_login;
+      if (hydra_options.login == NULL) {
+        //hydra_options.login = empty_login;
+        i = 1; // login will be the initial Username: login, or line Password:
+      }
      if (hydra_options.miscptr == NULL) {
        fprintf(stderr, "[WARNING] You did not supply the initial support to the Cisco via -l, assuming direct console access\n");
      }
@ -2920,7 +2924,7 @@ int main(int argc, char *argv[]) {
       fprintf(stderr, "[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n");

    if (hydra_options.loop_mode && hydra_options.colonfile != NULL)
-      bail("The  loop mode option (-u) works with all modes - except colon files (-C)\n");
+      bail("The loop mode option (-u) works with all modes - except colon files (-C)\n");
    if (strncmp(hydra_options.service, "http-", strlen("http-")) != 0 && strcmp(hydra_options.service, "http-head") != 0 && getenv("HYDRA_PROXY_HTTP") != NULL)
      fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only with the http-head/http-get module, ignored...\n");
    if (i == 2) {
@ -2978,12 +2982,16 @@ int main(int argc, char *argv[]) {

    if (hydra_options.colonfile == NULL) {
      if (hydra_options.loginfile != NULL) {
-        if ((lfp = fopen(hydra_options.loginfile, "r")) == NULL)
-          bail("File for logins not found!");
+        if ((lfp = fopen(hydra_options.loginfile, "r")) == NULL) {
+          fprintf(stderr, "[ERROR] File for logins not found: %s", hydra_options.loginfile);
+          exit(-1);
+        }
        hydra_brains.countlogin = countlines(lfp, 0);
        hydra_brains.sizelogin = size_of_data;
-        if (hydra_brains.countlogin == 0)
-          bail("File for logins is empty!");
+        if (hydra_brains.countlogin == 0) {
+          fprintf(stderr, "[ERROR] File for logins is empty: %s", hydra_options.loginfile);
+          exit(-1);
+        }
        if (hydra_brains.countlogin > MAX_LINES) {
          fprintf(stderr, "[ERROR] Maximum number of logins is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countlogin);
          exit(-1);
@ -3003,12 +3011,16 @@ int main(int argc, char *argv[]) {
        hydra_brains.countlogin = 1;
      }
      if (hydra_options.passfile != NULL) {
-        if ((pfp = fopen(hydra_options.passfile, "r")) == NULL)
-          bail("File for passwords not found!");
+        if ((pfp = fopen(hydra_options.passfile, "r")) == NULL) {
+          fprintf(stderr, "[ERROR] File for passwords not found: %s", hydra_options.passfile);
+          exit(-1);
+        }
        hydra_brains.countpass = countlines(pfp, 0);
        hydra_brains.sizepass = size_of_data;
-        if (hydra_brains.countpass == 0)
-          bail("File for passwords is empty!");
+        if (hydra_brains.countpass == 0) {
+          fprintf(stderr, "[ERROR] File for passwords is empty: %s", hydra_options.passfile);
+          exit(-1);
+        }
        if (hydra_brains.countpass > MAX_LINES) {
          fprintf(stderr, "[ERROR] Maximum number of passwords is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countpass);
          exit(-1);
@ -3046,12 +3058,16 @@ int main(int argc, char *argv[]) {
        }
      }
    } else {
-      if ((cfp = fopen(hydra_options.colonfile, "r")) == NULL)
-        bail("File with login:password information not found!");
+      if ((cfp = fopen(hydra_options.colonfile, "r")) == NULL) {
+        fprintf(stderr, "[ERROR] File for colon files (login:pass) not found: %s", hydra_options.colonfile);
+        exit(-1);
+      }
      hydra_brains.countlogin = countlines(cfp, 1);
      hydra_brains.sizelogin = size_of_data;
-      if (hydra_brains.countlogin == 0)
-        bail("File for login:password information is empty!");
+      if (hydra_brains.countlogin == 0) {
+        fprintf(stderr, "[ERROR] File for colon files (login:pass) is empty: %s", hydra_options.colonfile);
+        exit(-1);
+      }
      if (hydra_brains.countlogin > MAX_LINES / 2) {
        fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %lu entries.\n", MAX_LINES / 2, hydra_brains.countlogin);
        exit(-1);
@ -3087,11 +3103,15 @@ int main(int argc, char *argv[]) {
    }

    if (hydra_options.infile_ptr != NULL) {
-      if ((ifp = fopen(hydra_options.infile_ptr, "r")) == NULL)
-        bail("File for IP addresses not found!");
+      if ((ifp = fopen(hydra_options.infile_ptr, "r")) == NULL) {
+        fprintf(stderr, "[ERROR] File for targets not found: %s", hydra_options.infile_ptr);
+        exit(-1);
+      }
      hydra_brains.targets = countservers = countinfile = countlines(ifp, 0);
-      if (countinfile == 0)
-        bail("File for IP addresses is empty!");
+      if (countinfile == 0) {
+        fprintf(stderr, "[ERROR] File for targets is empty: %s", hydra_options.infile_ptr);
+        exit(-1);
+      }
      hydra_targets = malloc(sizeof(hydra_targets) * (countservers + 2) + 8);
      if (hydra_targets == NULL)
        bail("Could not allocate enough memory for target data");
--- a/rdp.h
+++ b/rdp.h
@ -551,6 +551,7 @@ enum RDP_UPDATE_PDU_TYPE
 #include <openssl/bn.h>
 #include <openssl/x509v3.h>
 #include <openssl/hmac.h>
+#include <openssl/rsa.h>

 #if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800f)
 #define D2I_X509_CONST const
--- a/web/index.html
+++ b/web/index.html
@ -163,7 +163,7 @@

 [0x06] Compilation Help

-        Hydry compiles fine on all platforms that have gcc - Linux, all BSD, Mac OS/X, Cygwin on Windows, Solaris, etc.
+        Hydra compiles fine on all platforms that have gcc - Linux, all BSD, Mac OS/X, Cygwin on Windows, Solaris, etc.
        It should even compile on historical SunOS, Ultrix etc. platforms :-)
        
        There are many optional modules for network protocols like SSH, SVN etc. that require libraries.