From b2e43fc82d221916d203871436fd126868abde20 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 26 May 2014 10:46:05 +0200 Subject: [PATCH] three fixes --- CHANGES | 6 ++++++ hydra-cisco.c | 7 ++++++- hydra-gtk/src/callbacks.c | 13 ++++++++++++- hydra-gtk/src/interface.c | 10 +++++++++- hydra-http-form.c | 2 +- web/index.html | 2 +- 6 files changed, 35 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 0a903f3..6b65adf 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,12 @@ Changelog for hydra ------------------- +Release 8.1-pre +* Added xhydra gtk patch by Peter Kaleychev to support -e r reverse login attempt, thanks! +* Fixed a crash in the cisco module (thanks to Anatoly Mamaev for reporting) +* Small fix for HTTP form module for redirect pages where a S= string match would not work (thanks to mkosmach for reporting) + + Release 8.0 ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra * Added module for redis (submitted by Alejandro Ramos, thanks!) diff --git a/hydra-cisco.c b/hydra-cisco.c index 424f0ad..65fd31b 100644 --- a/hydra-cisco.c +++ b/hydra-cisco.c @@ -24,6 +24,7 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } sleep(1); + buf = NULL; do { if (buf != NULL) free(buf); @@ -51,8 +52,11 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } + + buf = NULL; do { - free(buf); + if (buf != NULL) + free(buf); if ((buf = hydra_receive_line(s)) == NULL) return 3; if (buf[strlen(buf) - 1] == '\n') @@ -78,6 +82,7 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } + buf = NULL; do { if (buf != NULL) free(buf); diff --git a/hydra-gtk/src/callbacks.c b/hydra-gtk/src/callbacks.c index bc19a5c..715194a 100755 --- a/hydra-gtk/src/callbacks.c +++ b/hydra-gtk/src/callbacks.c @@ -150,7 +150,7 @@ int hydra_get_options(char *options[]) { } } - /* empty passes / login as pass? */ + /* empty passes / login as pass / reversed login? */ memset(passLoginNull, 0, 4); widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassNull"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { @@ -164,6 +164,17 @@ int hydra_get_options(char *options[]) { passLoginNull[1] = 's'; } } + /* The "Try reversed login" button was implemented by Petar Kaleychev */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassReverse"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (passLoginNull[0] == 0) { + passLoginNull[0] = 'r'; + } else if (passLoginNull[1] == 0) { + passLoginNull[1] = 'r'; + } else { + passLoginNull[2] = 'r'; + } + } if (passLoginNull[0] != 0) { options[i++] = "-e"; options[i++] = passLoginNull; diff --git a/hydra-gtk/src/interface.c b/hydra-gtk/src/interface.c index 6fdebc5..4ea8213 100755 --- a/hydra-gtk/src/interface.c +++ b/hydra-gtk/src/interface.c @@ -88,6 +88,7 @@ GtkWidget *create_wndMain(void) { GtkWidget *table6; GtkWidget *chkPassLogin; GtkWidget *chkPassNull; + GtkWidget *chkPassReverse; GtkWidget *label2; GtkWidget *table4; GtkWidget *frame9; @@ -528,7 +529,7 @@ GtkWidget *create_wndMain(void) { gtk_widget_show(label20); gtk_frame_set_label_widget(GTK_FRAME(frame8), label20); - table6 = gtk_table_new(1, 2, FALSE); + table6 = gtk_table_new(1, 3, FALSE); gtk_widget_set_name(table6, "table6"); gtk_widget_show(table6); gtk_box_pack_start(GTK_BOX(vbox2), table6, TRUE, TRUE, 0); @@ -545,6 +546,12 @@ GtkWidget *create_wndMain(void) { gtk_table_attach(GTK_TABLE(table6), chkPassNull, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkPassNull, "Enable this option to try an empty password, in addition to the password/file", NULL); + chkPassReverse = gtk_check_button_new_with_mnemonic ("Try reversed login"); + gtk_widget_set_name (chkPassReverse, "chkPassReverse"); + gtk_widget_show (chkPassReverse); + gtk_table_attach (GTK_TABLE (table6), chkPassReverse, 2, 3, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip (tooltips, chkPassReverse, "Enable this option to try an reverse password, in addition to the password/file", NULL); + label2 = gtk_label_new("Passwords"); gtk_widget_set_name(label2, "label2"); gtk_widget_show(label2); @@ -1049,6 +1056,7 @@ GtkWidget *create_wndMain(void) { GLADE_HOOKUP_OBJECT(wndMain, table6, "table6"); GLADE_HOOKUP_OBJECT(wndMain, chkPassLogin, "chkPassLogin"); GLADE_HOOKUP_OBJECT(wndMain, chkPassNull, "chkPassNull"); + GLADE_HOOKUP_OBJECT(wndMain, chkPassReverse, "chkPassReverse"); GLADE_HOOKUP_OBJECT(wndMain, label2, "label2"); GLADE_HOOKUP_OBJECT(wndMain, table4, "table4"); GLADE_HOOKUP_OBJECT(wndMain, frame9, "frame9"); diff --git a/hydra-http-form.c b/hydra-http-form.c index 69fa064..70ceabe 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -460,7 +460,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc } //if the last status is still 3xx, set it as a false - if (found != -1 && found == success_cond && redirected_flag == 0 && redirected_cpt >= 0) { + if (found != -1 && found == success_cond && (redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { hydra_report_found_host(port, ip, "www-form", fp); hydra_completed_pair_found(); } else { diff --git a/web/index.html b/web/index.html index dd32d7e..3057301 100755 --- a/web/index.html +++ b/web/index.html @@ -163,7 +163,7 @@ [0x06] Compilation Help - Hydry compiles fine on all platforms that have gcc - Linux, all BSD, Mac OS/X, Cygwin on Windows, Solaris, etc. + Hydra compiles fine on all platforms that have gcc - Linux, all BSD, Mac OS/X, Cygwin on Windows, Solaris, etc. It should even compile on historical SunOS, Ultrix etc. platforms :-) There are many optional modules for network protocols like SSH, SVN etc. that require libraries.