github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-22 06:13:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #20 from Strunk18/master

Browse source 
Fixed issue with unescaped colons
This commit is contained in:
van Hauser 2014-10-23 00:26:32 +02:00
commit b5eeca4872
2 changed files with 34 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

31
hydra-http-form.c
View file

@ -229,7 +229,7 @@ char *stringify_headers(ptr_header_node * ptr_head) {
int ttl_size = 0; int ttl_size = 0;
for (; cur_ptr; cur_ptr = cur_ptr->next) for (; cur_ptr; cur_ptr = cur_ptr->next)
ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 3; ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 4;
headers_str = (char *) malloc(ttl_size + 1); headers_str = (char *) malloc(ttl_size + 1);
@ -568,6 +568,9 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
} }
} }
if (debug)
hydra_report_debug(stdout, "HTTP request sent:\n%s\n", http_request);
found = analyze_server_response(s); found = analyze_server_response(s);
if (auth_flag) { // we received a 401 error - user using wrong module if (auth_flag) { // we received a 401 error - user using wrong module
@ -917,7 +920,11 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
success_cond = 0; success_cond = 0;
} }
while ( /*(optional1 = strtok(NULL, ":")) != NULL */ *optional1 != 0) { /*
* Parse the user-supplied options.
* Beware of the backslashes (\)!
*/
while (*optional1 != 0) {
switch (optional1[0]) { switch (optional1[0]) {
case 'c': // fall through case 'c': // fall through
case 'C': case 'C':
@ -932,10 +939,14 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
case 'h': case 'h':
// add a new header at the end // add a new header at the end
ptr = optional1 + 2; ptr = optional1 + 2;
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) while (*ptr != 0 && *ptr != ':')
ptr++; ptr++;
if (*ptr != 0) if (*(ptr - 1) == '\\')
*ptr++ = 0; *(ptr - 1) = 0;
if (*ptr != 0){
*ptr = 0;
ptr += 2;
}
ptr2 = ptr; ptr2 = ptr;
while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\'))
ptr2++; ptr2++;
@ -957,10 +968,14 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
case 'H': case 'H':
// add a new header, or replace an existing one's value // add a new header, or replace an existing one's value
ptr = optional1 + 2; ptr = optional1 + 2;
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) while (*ptr != 0 && *ptr != ':')
ptr++; ptr++;
if (*ptr != 0) if (*(ptr - 1) == '\\')
*ptr++ = 0; *(ptr - 1) = 0;
if (*ptr != 0){
*ptr = 0;
ptr += 2;
}
ptr2 = ptr; ptr2 = ptr;
while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\'))
ptr2++; ptr2++;

8
hydra.c
View file

@ -563,17 +563,21 @@ void module_usage() {
" failed string looks like and put it in this parameter!\n" " failed string looks like and put it in this parameter!\n"
"The following parameters are optional:\n" "The following parameters are optional:\n"
" C=/page/uri to define a different page to gather initial cookies from\n" " C=/page/uri to define a different page to gather initial cookies from\n"
" (h|H)=My-Hdr: foo to send a user defined HTTP header with each request\n" " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n"
" ^USER^ and ^PASS^ can also be put into these headers!\n" " ^USER^ and ^PASS^ can also be put into these headers!\n"
" Note: 'h' will add the user-defined header at the end\n" " Note: 'h' will add the user-defined header at the end\n"
" regardless it's already being sent by Hydra or not.\n" " regardless it's already being sent by Hydra or not.\n"
" 'H' will replace the value of that header if it exists, by the\n" " 'H' will replace the value of that header if it exists, by the\n"
" one supplied by the user, or add the header at the end\n" " one supplied by the user, or add the header at the end\n"
"Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\).\n"
" All colons that are not option separators should be escaped (see the examples above and below).\n"
" You can specify a header without escaping the colons, but that way you will not be able to put colons\n"
" in the header value itself, as they will be interpreted by hydra as option separators.\n"
"\nExamples:\n" "\nExamples:\n"
" \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n"
" \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n"
" \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n"
" \"/:user=^USER&pass=^PASS^:failed:H=Authorization: Basic dT1w:H=Cookie: sessid=aaaa:h=X-User: ^USER^\"\n" " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^\"\n"
" \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F<target>%%2Fexchange&flags=0&username=<domain>%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F<target>%%2Fexchange&flags=0&username=<domain>%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n",
hydra_options.service); hydra_options.service);
find = 1; find = 1;