rtsp

Makefile.am

@@ -16,7 +16,7 @@ SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \
       hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \
       hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \
       hydra-rdp.c hydra-s7-300.c hydra-redis.c \
-      crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c 
+      crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c hydra-rtsp.c
 OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \
       hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \
       hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \
@@ -27,7 +27,7 @@ OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \
       hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \
       hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \
       hydra-rdp.o hydra-s7-300.c \
-      crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o
+      crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-rtsp.o
 BINS = hydra pw-inspector
 
 EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \

hydra-rtsp.c

@@ -0,0 +1,247 @@
+//
+//  hydra-rtsp.c
+//  hydra-rtsp
+//
+//  Created by Javier Sánchez on 18/04/15.
+//
+//
+
+#include <stdio.h>
+#include "hydra-mod.h"
+#include <string.h>
+#include "sasl.h"
+
+extern char *HYDRA_EXIT;
+char *buf;
+char packet[500];
+char packet2[500];
+
+int is_Unauthorized(char * s){
+    
+    if (strstr(s,"401 Unauthorized")!= NULL){
+        return 1;
+    }else{
+        return 0;
+    }
+}
+
+int is_NotFound(char * s){
+    
+    if (strstr(s,"404 Stream Not Found")!= NULL){
+        return 1;
+    }else{
+        return 0;
+    }
+}
+
+int is_Authorized(char * s){
+    
+    if (strstr(s,"200 OK")!= NULL){
+        return 1;
+    }else{
+        return 0;
+    }
+}
+
+int use_Basic_Auth(char * s){
+
+    if(strstr(s,"WWW-Authenticate: Basic")!=NULL){
+        return 1;
+    }else{
+        return 0;
+    }
+}
+
+int use_Digest_Auth(char * s){
+    
+    if(strstr(s,"WWW-Authenticate: Digest")!=NULL){
+        return 1;
+    }else{
+        return 0;
+    }
+}
+
+
+
+void create_core_packet(int control,char* ip, int port){
+
+    char buffer[500];
+    char * target=hydra_address2string(ip);
+    if (control==0){
+    	if (strlen(packet) <= 0){
+		sprintf(packet, "DESCRIBE rtsp://%s:%i RTSP/1.0\r\nCSeq: 2\r\n\r\n",target,port); 
+		
+    	}
+    }else{
+	if (strlen(packet2) <= 0){
+		sprintf(packet2, "DESCRIBE rtsp://%s:%i RTSP/1.0\r\nCSeq: 3\r\n",target,port); 
+	}
+     }
+}
+int start_rtsp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp)
+{
+    char *empty = "";
+    char *login, *pass, buffer[500],buffer2[500];
+    
+    char * lresp;
+
+    if (strlen(login = hydra_get_next_login()) == 0)
+        login = empty;
+    if (strlen(pass = hydra_get_next_password()) == 0) 
+        pass = empty;
+	
+    
+    create_core_packet(0,ip,port);
+	
+    if (hydra_send(s, packet, strlen(packet), 0) < 0) {
+        return 1;
+    }
+        lresp = hydra_receive_line(s);
+    
+    if (lresp == NULL){
+        printf("null");
+        return 1;
+    }
+	
+    if (is_NotFound(lresp)){
+        printf("Server dont need credentials\r\n"); 
+        hydra_completed_pair_found();
+        if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0){ 
+            return 3;
+        }
+        return 1;
+    } else {
+     
+        create_core_packet(1,ip, port);
+	
+	if (use_Basic_Auth(lresp)==1) {
+           
+            sprintf(buffer2,"%s:%s",login,pass);
+            hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
+
+            sprintf(buffer, "%sAuthorization: : Basic %s\r\n\r\n",packet2,buffer2); 
+
+            if (debug){
+                hydra_report(stderr, "C:%s\n", buffer);
+            }
+        } 
+	
+	if(use_Digest_Auth(lresp)==1){
+          	
+      		char dbuffer[500];
+ 		char aux[500];
+		
+
+	 	char *pbuffer = hydra_strcasestr(lresp,"WWW-Authenticate: Digest ");
+	 	strncpy(aux,pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer));
+	 	aux[sizeof(aux)-1]='\0';
+	
+#ifdef LIBOPENSSL
+
+  		sasl_digest_md5(&dbuffer, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, "");
+#endif
+		
+            if (dbuffer==NULL) {
+                printf("digest fail, dbuffer null\r\n");
+                return 3;
+            }
+            sprintf(buffer, "%sAuthorization: Digest %s\r\n\r\n", packet2, dbuffer);
+            
+	if (debug){
+                hydra_report(stderr, "C:%s\n", buffer);
+            }
+        }
+            
+        if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
+            return 1;
+        }
+        
+        lresp = NULL; 
+        
+        lresp = hydra_receive_line(s); 
+
+        if ((is_NotFound(lresp))){
+            
+            hydra_completed_pair_found();
+
+            if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0){
+                    return 3;
+            }
+            return 1;
+            
+            
+        }
+	 hydra_completed_pair();   
+        }
+
+    if(memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+	return 3;
+    
+//not rechead
+    return 2;
+}
+
+void service_rtsp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
+    int run = 1, next_run = 1, sock = -1;
+    int myport = PORT_RTSP, mysslport = PORT_RTSP_SSL;
+    char *ptr, *ptr2;
+    
+    hydra_register_socket(sp);
+    
+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+        return; 
+    
+    while (1) {
+
+        switch (run) {
+            case 1:                    /* connect and service init function */
+                if (sock >= 0){
+                    sock = hydra_disconnect(sock);
+                }
+                if ((options & OPTION_SSL) == 0) {
+                    if (port != 0){
+                        myport = port;
+                    }
+                    sock = hydra_connect_tcp(ip, myport);
+		    port = myport;
+                } 
+                if (sock < 0) {
+                    if (verbose || debug)
+                        hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
+                    hydra_child_exit(1);
+                }
+
+                next_run=2;
+                break;
+            case 2:                    /* run the cracking function */
+                next_run = start_rtsp(sock, ip, port, options, miscptr, fp);
+                break;
+            case 3:                    /* clean exit */
+                if (sock >= 0) {
+                    sock = hydra_disconnect(sock);
+                }
+                hydra_child_exit(0);
+                printf("end");
+                return;
+		break;
+            default:
+                hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
+                hydra_child_exit(0);
+        }
+        run = next_run;
+    }
+}
+
+int service_rtsp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
+    // called before the childrens are forked off, so this is the function
+    // which should be filled if initial connections and service setup has to be
+    // performed once only.
+    //
+    // fill if needed.
+    //
+    // return codes:
+    //   0 all OK
+    //   -1  error, hydra will exit, so print a good error message here
+    return 0;
+}
+

hydra.h

@@ -118,6 +118,8 @@
 #define PORT_S7_300_SSL  102
 #define PORT_REDIS      6379
 #define PORT_REDIS_SSL   6379
+#define PORT_RTSP      554
+#define PORT_RTSP_SSL  554
 
 #define False 0
 #define True  1