diff --git a/README b/README index 1c7cf74..ca95b03 100644 --- a/README +++ b/README @@ -96,7 +96,7 @@ for a few optional modules (note that some might not be available on your distri apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ firebird-dev libmemcached-dev libgpg-error-dev \ - libgcrypt11-dev libgcrypt20-dev + libgcrypt11-dev libgcrypt20-dev freetds-dev ``` This enables all optional modules and features with the exception of Oracle, diff --git a/configure b/configure index 1ae09a9..dc86adb 100755 --- a/configure +++ b/configure @@ -185,6 +185,32 @@ else echo " ... zlib not found, gzip support disabled" fi +echo "Checking for sybdb (sybdb.h) ..." +for i in $INCDIRS; do + if [ -f "$i/sybdb.h" ]; then + HAVE_SYBDB="y" + fi +done + +if [ -n "$HAVE_SYBDB" ]; then + echo " ... found" +else + echo " ... sybdb not found, MSSQL module will lack TDSv7 support" +fi + +echo "Checking for sybfront (sybfront.h) ..." +for i in $INCDIRS; do + if [ -f "$i/sybfront.h" ]; then + HAVE_SYBFRONT="y" + fi +done + +if [ -n "$HAVE_SYBFRONT" ]; then + echo " ... found" +else + echo " ... sybfront not found, MSSQL module will lack TDSv7 support" +fi + echo "Checking for openssl (libssl/libcrypto/ssl.h/sha.h) ..." if [ "X" != "X$DEBUG" ]; then echo DEBUG: SSL_LIB=$LIBDIRS `ls -d /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib 2> /dev/null` @@ -1496,6 +1522,12 @@ fi if [ -n "$RSA" ]; then XDEFINES="$XDEFINES -DNO_RSA_LEGACY" fi +if [ -n "$HAVE_SYBDB" ]; then + XDEFINES="$XDEFINES -DHAVE_SYBDB" +fi +if [ -n "$HAVE_SYBFRONT" ]; then + XDEFINES="$XDEFINES -DHAVE_SYBFRONT" +fi if [ -n "$HAVE_ZLIB" ]; then XDEFINES="$XDEFINES -DHAVE_ZLIB" fi @@ -1627,6 +1659,9 @@ fi if [ -n "$HAVE_ZLIB" ]; then XLIBS="$XLIBS -lz" fi +if [ -n "$HAVE_SYBDB" ]; then + XLIBS="$XLIBS -lsybdb" +fi if [ -n "$CURSES_PATH" ]; then XLIBS="$XLIBS -lcurses" fi @@ -1804,4 +1839,4 @@ if [ "x$NOSTRIP" = "x" ]; then else cat Makefile.am | sed 's/^install:.*/install: all/' >> Makefile fi -echo "now type \"make\"" +echo "now type \"make\"" \ No newline at end of file diff --git a/hydra-mssql.c b/hydra-mssql.c index ee273ca..1133641 100644 --- a/hydra-mssql.c +++ b/hydra-mssql.c @@ -1,10 +1,14 @@ #include "hydra-mod.h" - -#define MSLEN 30 - extern char *HYDRA_EXIT; char *buf; +#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB) +#include +#include +#endif + +#define MSLEN 30 + unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" @@ -56,6 +60,7 @@ unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[1024]; + char *ipaddr_str = hydra_address2string(ip); char ms_login[MSLEN + 1]; char ms_pass[MSLEN + 1]; unsigned char len_login, len_pass; @@ -65,6 +70,42 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; +#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB) + if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){ + + DBPROCESS *dbproc; + LOGINREC *attempt; + + attempt = dblogin(); + + DBSETLUSER(attempt, login); + DBSETLPWD(attempt, pass); + + // Connect without specifying a database + dbproc = dbopen(attempt, ipaddr_str); + + if (dbproc != NULL) { + dbclose(dbproc); + dbexit(); + hydra_report_found_host(port, ip, "mssql", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } + + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + + return 1; + + } +#else + if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){ + fprintf(stderr,"[WARNING] To crack credentials longer than 30 characters, install freetds and recompile\n"); + } +#endif if (strlen(login) > MSLEN) login[MSLEN - 1] = 0; if (strlen(pass) > MSLEN) @@ -119,6 +160,10 @@ void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, F int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; + #if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB) + dbinit(); + #endif + hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return;