Merge pull request #1007 from motypi/use-library-for-mssql

Use library for mssql
2025-07-05 04:26:10 -07:00 · 2025-04-04 14:19:04 +02:00 · 2025-04-04 14:19:04 +02:00 · b763262c4a
commit b763262c4a
parent 5dbcfdc362 1af1682414
3 changed files with 85 additions and 5 deletions
--- a/2
+++ b/2
@ -96,7 +96,7 @@ for a few optional modules (note that some might not be available on your distri
 apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
                 libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
                 firebird-dev libmemcached-dev libgpg-error-dev \
-                 libgcrypt11-dev libgcrypt20-dev
+                 libgcrypt11-dev libgcrypt20-dev freetds-dev
 ```

 This enables all optional modules and features with the exception of Oracle,
--- a/37
+++ b/37
@ -185,6 +185,32 @@ else
   echo "                                ... zlib not found, gzip support disabled"
 fi

+echo "Checking for sybdb (sybdb.h) ..."
+for i in $INCDIRS; do
+   if [ -f "$i/sybdb.h" ]; then
+	HAVE_SYBDB="y"
+   fi
+done
+
+if [ -n "$HAVE_SYBDB" ]; then
+   echo "                                ... found"
+else
+   echo "                                ... sybdb not found, MSSQL module will lack TDSv7 support"
+fi
+
+echo "Checking for sybfront (sybfront.h) ..."
+for i in $INCDIRS; do
+   if [ -f "$i/sybfront.h" ]; then
+	HAVE_SYBFRONT="y"
+   fi
+done
+
+if [ -n "$HAVE_SYBFRONT" ]; then
+   echo "                                ... found"
+else
+   echo "                                ... sybfront not found, MSSQL module will lack TDSv7 support"
+fi
+
 echo "Checking for openssl (libssl/libcrypto/ssl.h/sha.h) ..."
 if [ "X" != "X$DEBUG" ]; then
   echo DEBUG: SSL_LIB=$LIBDIRS `ls -d /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib 2> /dev/null`
@ -1496,6 +1522,12 @@ fi
 if [ -n "$RSA" ]; then
    XDEFINES="$XDEFINES -DNO_RSA_LEGACY"
 fi
+if [ -n "$HAVE_SYBDB" ]; then
+    XDEFINES="$XDEFINES -DHAVE_SYBDB"
+fi
+if [ -n "$HAVE_SYBFRONT" ]; then
+    XDEFINES="$XDEFINES -DHAVE_SYBFRONT"
+fi
 if [ -n "$HAVE_ZLIB" ]; then
    XDEFINES="$XDEFINES -DHAVE_ZLIB"
 fi
@ -1627,6 +1659,9 @@ fi
 if [ -n "$HAVE_ZLIB" ]; then
    XLIBS="$XLIBS -lz"
 fi
+if [ -n "$HAVE_SYBDB" ]; then
+    XLIBS="$XLIBS -lsybdb"
+fi
 if [ -n "$CURSES_PATH" ]; then
    XLIBS="$XLIBS -lcurses"
 fi
@ -1804,4 +1839,4 @@ if [ "x$NOSTRIP" = "x" ]; then
 else
  cat Makefile.am | sed 's/^install:.*/install:	all/'  >> Makefile
 fi
-echo "now type \"make\""
+echo "now type \"make\""
--- a/hydra-mssql.c
+++ b/hydra-mssql.c
@ -1,10 +1,14 @@
 #include "hydra-mod.h"
-
-#define MSLEN 30
-
 extern char *HYDRA_EXIT;
 char *buf;

+#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB)
+#include <sybdb.h>
+#include <sybfront.h>
+#endif
+
+#define MSLEN 30
+
 unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00"
                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
@ -56,6 +60,7 @@ unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00"
 int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
  char *empty = "";
  char *login, *pass, buffer[1024];
+  char *ipaddr_str = hydra_address2string(ip);
  char ms_login[MSLEN + 1];
  char ms_pass[MSLEN + 1];
  unsigned char len_login, len_pass;
@ -65,6 +70,42 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch
    login = empty;
  if (strlen(pass = hydra_get_next_password()) == 0)
    pass = empty;
+#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB)
+  if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){
+
+    DBPROCESS *dbproc;
+    LOGINREC *attempt;
+  
+    attempt = dblogin();
+  
+    DBSETLUSER(attempt, login);
+    DBSETLPWD(attempt, pass);
+  
+    // Connect without specifying a database
+    dbproc = dbopen(attempt, ipaddr_str);  
+  
+    if (dbproc != NULL) {
+      dbclose(dbproc);
+      dbexit();
+      hydra_report_found_host(port, ip, "mssql", fp);
+      hydra_completed_pair_found();
+      if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+        return 2;
+      return 1;
+    }
+  
+    hydra_completed_pair();
+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+      return 2;
+  
+    return 1;
+
+  }
+#else
+  if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){
+    fprintf(stderr,"[WARNING] To crack credentials longer than 30 characters, install freetds and recompile\n");
+  }
+#endif
  if (strlen(login) > MSLEN)
    login[MSLEN - 1] = 0;
  if (strlen(pass) > MSLEN)
@ -119,6 +160,10 @@ void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, F
  int32_t run = 1, next_run = 1, sock = -1;
  int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL;

+  #if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB)
+  dbinit();
+  #endif
+
  hydra_register_socket(sp);
  if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
    return;