From 1658f4926fbb2a732d08f250a14204423a37dae1 Mon Sep 17 00:00:00 2001 From: owein Date: Mon, 7 Oct 2019 14:20:02 +0200 Subject: [PATCH 01/40] it look like github wants to drive me mad --- bfg.c | 32 +++++++++++++++++++++++++++++--- bfg.h | 3 ++- hydra.c | 11 ++++++++--- hydra.h | 1 + 4 files changed, 40 insertions(+), 7 deletions(-) diff --git a/bfg.c b/bfg.c index a3a1dad..a19fcfa 100644 --- a/bfg.c +++ b/bfg.c @@ -52,6 +52,7 @@ static int32_t add_single_char(char ch, char flags, int32_t* crs_len) { // note that we check for -x .:.:ab but not for -x .:.:ba // int32_t bf_init(char *arg) { + bf_options.rain = 0; int32_t i = 0; int32_t crs_len = 0; char flags = 0; @@ -189,8 +190,17 @@ uint64_t bf_get_pcount() { return foo; } +int accu(int value) +{ + int sum = 0; + for(int i=1; i<=value; ++i) + { + sum+=i; + } + return sum; +} -char *bf_next() { +char *bf_next(_Bool rainy) { int32_t i, pos = bf_options.current - 1; if (bf_options.current > bf_options.to) @@ -200,9 +210,25 @@ char *bf_next() { fprintf(stderr, "Error: Can not allocate memory for -x data!\n"); return NULL; } + + if(rainy) + { + for (i = 0; i < bf_options.current; i++){ + bf_options.ptr[i] = bf_options.crs[(bf_options.state[i]+bf_options.rain)%bf_options.crs_len]; + bf_options.rain += i+1; + } + if(bf_options.crs_len%10 == 0) + bf_options.rain-=accu(bf_options.current)-2; + else if(bf_options.crs_len%2 == 0) + bf_options.rain-=accu(bf_options.current)-4; + else if(bf_options.crs_len%2) + bf_options.rain-=accu(bf_options.current)-1; - for (i = 0; i < bf_options.current; i++) - bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; + } + else + for (i = 0; i < bf_options.current; i++) + bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; + bf_options.ptr[bf_options.current] = 0; if (debug) { diff --git a/bfg.h b/bfg.h index 2ac5f49..132571b 100644 --- a/bfg.h +++ b/bfg.h @@ -41,6 +41,7 @@ typedef struct { char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; + unsigned long rain; } bf_option; extern bf_option bf_options; @@ -48,7 +49,7 @@ extern bf_option bf_options; #ifdef HAVE_MATH_H extern uint64_t bf_get_pcount(); extern int32_t bf_init(char *arg); -extern char *bf_next(); +extern char *bf_next(_Bool rainy); #endif #endif diff --git a/hydra.c b/hydra.c index d3f7430..6f2b497 100644 --- a/hydra.c +++ b/hydra.c @@ -337,6 +337,7 @@ char *sck = NULL; int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; int32_t child_head_no = -1, child_socket; int32_t total_redo_count = 0; +bool rainy = false; // moved for restore feature int32_t process_restore = 0, dont_unlink; @@ -482,6 +483,7 @@ void help(int32_t ext) { "[service://server[:PORT][/OPT]]\n"); PRINT_NORMAL(ext, "\nOptions:\n"); PRINT_EXTEND(ext, " -R restore a previous aborted/crashed session\n" + " -r in conjonction with -x, use rain algorythm\n" " -I ignore an existing restore file (don't wait 10 seconds)\n" #ifdef LIBOPENSSL " -S perform an SSL connect\n" @@ -1745,7 +1747,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { #ifndef HAVE_MATH_H sleep(1); #else - hydra_targets[target_no]->pass_ptr = bf_next(); + hydra_targets[target_no]->pass_ptr = bf_next(hydra_options.rainy); if (debug) printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); #endif @@ -2229,7 +2231,7 @@ int main(int argc, char *argv[]) { help(1); if (argc < 2) help(0); - while ((i = getopt(argc, argv, "hIq64Rde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) { + while ((i = getopt(argc, argv, "hIq64Rrde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) { switch (i) { case 'h': help(1); @@ -2256,6 +2258,9 @@ int main(int argc, char *argv[]) { hydra_options.restore = 1; hydra_restore_read(); break; + case 'r': + hydra_options.rainy = true; + break; case 'I': ignore_restore = 1; // this is not to be saved in hydra_options! break; @@ -3267,7 +3272,7 @@ int main(int argc, char *argv[]) { #ifdef HAVE_MATH_H if (bf_init(bf_options.arg)) exit(-1); // error description is handled by bf_init - pass_ptr = bf_next(); + pass_ptr = bf_next(hydra_options.rainy); hydra_brains.countpass += bf_get_pcount(); hydra_brains.sizepass += BF_BUFLEN; #else diff --git a/hydra.h b/hydra.h index 0d47f0f..1aa04a2 100644 --- a/hydra.h +++ b/hydra.h @@ -221,6 +221,7 @@ typedef struct { char *service; char bfg; int32_t skip_redo; + _Bool rainy; } hydra_option; #define _HYDRA_H From ab4aa36fd0014930751fe178e2efbbbf100bac24 Mon Sep 17 00:00:00 2001 From: owein Date: Sun, 20 Oct 2019 23:26:44 +0200 Subject: [PATCH 02/40] rolled back head_init for http-post-form, still an issue with the display --- hydra-http-form.c | 12 ++++-------- hydra.c | 8 ++++---- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 1ac8721..65e54c3 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1261,18 +1261,14 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr++; if (*ptr != 0) *ptr++ = 0; + + cond = ptr; - if ((ptr2 = rindex(ptr, ':')) != NULL) { - cond = ptr2 + 1; - *ptr2 = 0; - } else - cond = ptr; -/* while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) ptr++; if (*ptr != 0) *ptr++ = 0; -*/ + optional1 = ptr; if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { @@ -1314,7 +1310,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { success_cond = 0; } - //printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); /* * Parse the user-supplied options. diff --git a/hydra.c b/hydra.c index 6f2b497..7d2decc 100644 --- a/hydra.c +++ b/hydra.c @@ -337,7 +337,6 @@ char *sck = NULL; int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; int32_t child_head_no = -1, child_socket; int32_t total_redo_count = 0; -bool rainy = false; // moved for restore feature int32_t process_restore = 0, dont_unlink; @@ -483,7 +482,6 @@ void help(int32_t ext) { "[service://server[:PORT][/OPT]]\n"); PRINT_NORMAL(ext, "\nOptions:\n"); PRINT_EXTEND(ext, " -R restore a previous aborted/crashed session\n" - " -r in conjonction with -x, use rain algorythm\n" " -I ignore an existing restore file (don't wait 10 seconds)\n" #ifdef LIBOPENSSL " -S perform an SSL connect\n" @@ -495,6 +493,7 @@ void help(int32_t ext) { #ifdef HAVE_MATH_H " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" " -y disable use of symbols in bruteforce, see above\n" + " -r rainy mode for password generation (-x)\n" #endif " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" " -u loop around users, not passwords (effective! implied with -x)\n"); @@ -2224,6 +2223,7 @@ int main(int argc, char *argv[]) { hydra_brains.ofp = stdout; hydra_brains.targets = 1; hydra_options.waittime = waittime = WAITTIME; + hydra_options.rainy = 0; bf_options.disable_symbols = 0; // command line processing @@ -2259,7 +2259,7 @@ int main(int argc, char *argv[]) { hydra_restore_read(); break; case 'r': - hydra_options.rainy = true; + hydra_options.rainy = 1; break; case 'I': ignore_restore = 1; // this is not to be saved in hydra_options! @@ -3204,7 +3204,7 @@ int main(int argc, char *argv[]) { hydra_strcasestr(hydra_options.server, ".gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL )) { - fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?!\n"); + fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?! If you really need to bruteforce gmail, connect to pop3s://smtp.gmail.com\n"); fprintf(stderr, "[WARNING] !read the above!\n"); sleep(5); } From 6dfd77a37d04e167a1dafbb2b2f5e21aa7dd31f8 Mon Sep 17 00:00:00 2001 From: owein Date: Mon, 21 Oct 2019 20:11:38 +0200 Subject: [PATCH 03/40] fixed http-post --- bfg.c | 16 +++++++--------- bfg.h | 2 +- hydra-http-form.c | 31 +++++++++---------------------- hydra.c | 7 +++---- 4 files changed, 20 insertions(+), 36 deletions(-) diff --git a/bfg.c b/bfg.c index a19fcfa..2ff9f9f 100644 --- a/bfg.c +++ b/bfg.c @@ -192,12 +192,12 @@ uint64_t bf_get_pcount() { int accu(int value) { - int sum = 0; - for(int i=1; i<=value; ++i) - { - sum+=i; - } - return sum; + int i = 0; + for(int a=1; a<=value; ++a) + { + i+=a; + } + return i; } char *bf_next(_Bool rainy) { @@ -210,7 +210,7 @@ char *bf_next(_Bool rainy) { fprintf(stderr, "Error: Can not allocate memory for -x data!\n"); return NULL; } - + if(rainy) { for (i = 0; i < bf_options.current; i++){ @@ -223,12 +223,10 @@ char *bf_next(_Bool rainy) { bf_options.rain-=accu(bf_options.current)-4; else if(bf_options.crs_len%2) bf_options.rain-=accu(bf_options.current)-1; - } else for (i = 0; i < bf_options.current; i++) bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; - bf_options.ptr[bf_options.current] = 0; if (debug) { diff --git a/bfg.h b/bfg.h index 132571b..ab2f5e4 100644 --- a/bfg.h +++ b/bfg.h @@ -41,7 +41,7 @@ typedef struct { char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; - unsigned long rain; + uint64_t rain; /* accumulator for the rain */ } bf_option; extern bf_option bf_options; diff --git a/hydra-http-form.c b/hydra-http-form.c index 65e54c3..04260a4 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1250,26 +1250,13 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { webport = PORT_HTTP_SSL; sprintf(bufferurl, "%.6096s", miscptr); - url = bufferurl; - ptr = url; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - variables = ptr; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; + ptr = bufferurl; + url = strtok(ptr, ":"); + variables = strtok(NULL, ":"); + cond = strtok(NULL, ":"); + optional1 = strtok(NULL, "\n"); + if(optional1 == NULL) optional1 = "";//will crash if NULL or 0, so set "" (don't know the difference...) - cond = ptr; - - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - - optional1 = ptr; if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { strcpy(ptr, hydra_strrep(url, "\\:", ":")); @@ -1309,9 +1296,9 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { //by default condition is a fail success_cond = 0; } - - printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); - + + fprintf(stderr, "miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + /* * Parse the user-supplied options. * Beware of the backslashes (\)! diff --git a/hydra.c b/hydra.c index 7d2decc..a7fc7bb 100644 --- a/hydra.c +++ b/hydra.c @@ -493,7 +493,6 @@ void help(int32_t ext) { #ifdef HAVE_MATH_H " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" " -y disable use of symbols in bruteforce, see above\n" - " -r rainy mode for password generation (-x)\n" #endif " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" " -u loop around users, not passwords (effective! implied with -x)\n"); @@ -556,6 +555,7 @@ void help_bfg() { " 'A' for uppercase letters, '1' for numbers, and for all others,\n" " just add their real representation.\n" " -y disable the use of the above letters as placeholders\n\n" + " -r use 'rain' to explode the linearity of the generation. "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" @@ -3053,7 +3053,6 @@ int main(int argc, char *argv[]) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } - if (strstr(hydra_options.miscptr, "\\:") != NULL) { fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n"); } else { @@ -3075,7 +3074,7 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); exit(-1); } - switch (optional1[0]) { + switch (optional1[0]){ case 'C': // fall through case 'c': if (optional1[1] != '=' || optional1[2] != '/') { @@ -3204,7 +3203,7 @@ int main(int argc, char *argv[]) { hydra_strcasestr(hydra_options.server, ".gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL )) { - fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?! If you really need to bruteforce gmail, connect to pop3s://smtp.gmail.com\n"); + fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?!\n"); fprintf(stderr, "[WARNING] !read the above!\n"); sleep(5); } From b34655617fee2b4e043211882bac26a8a4529a16 Mon Sep 17 00:00:00 2001 From: owein Date: Mon, 21 Oct 2019 20:37:25 +0200 Subject: [PATCH 04/40] !!! I did not test the escapes in the miscptr !!! --- hydra-http-form.c | 6 +++--- hydra.c | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 04260a4..e91db03 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1255,8 +1255,8 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { variables = strtok(NULL, ":"); cond = strtok(NULL, ":"); optional1 = strtok(NULL, "\n"); - if(optional1 == NULL) optional1 = "";//will crash if NULL or 0, so set "" (don't know the difference...) - + if(optional1 == NULL) optional1 = "";//will crash if NULL or 0, so set to blank + if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { strcpy(ptr, hydra_strrep(url, "\\:", ":")); @@ -1297,7 +1297,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { success_cond = 0; } - fprintf(stderr, "miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + //fprintf(stderr, "miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); /* * Parse the user-supplied options. diff --git a/hydra.c b/hydra.c index a7fc7bb..e4fa4e7 100644 --- a/hydra.c +++ b/hydra.c @@ -493,6 +493,7 @@ void help(int32_t ext) { #ifdef HAVE_MATH_H " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" " -y disable use of symbols in bruteforce, see above\n" + " -r rainy mode for password generation (-x)\n" #endif " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" " -u loop around users, not passwords (effective! implied with -x)\n"); From ccd3a99765a92b96ec0d1e3b0117cfdeb40d25b6 Mon Sep 17 00:00:00 2001 From: owein Date: Tue, 19 Nov 2019 16:49:54 +0100 Subject: [PATCH 05/40] rolled back the http-form parameters parsing. help for bfg's rain is in bfg's help now --- hydra-http-form.c | 23 +++++++++++++++++------ hydra.c | 5 ++--- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index e91db03..c6f3a24 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1250,12 +1250,23 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { webport = PORT_HTTP_SSL; sprintf(bufferurl, "%.6096s", miscptr); - ptr = bufferurl; - url = strtok(ptr, ":"); - variables = strtok(NULL, ":"); - cond = strtok(NULL, ":"); - optional1 = strtok(NULL, "\n"); - if(optional1 == NULL) optional1 = "";//will crash if NULL or 0, so set to blank + url = bufferurl; + ptr = url; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + variables = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + cond = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + optional1 = ptr; if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { diff --git a/hydra.c b/hydra.c index e4fa4e7..6c58f58 100644 --- a/hydra.c +++ b/hydra.c @@ -493,7 +493,6 @@ void help(int32_t ext) { #ifdef HAVE_MATH_H " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" " -y disable use of symbols in bruteforce, see above\n" - " -r rainy mode for password generation (-x)\n" #endif " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" " -u loop around users, not passwords (effective! implied with -x)\n"); @@ -555,8 +554,8 @@ void help_bfg() { " valid CHARSET values are: 'a' for lowercase letters,\n" " 'A' for uppercase letters, '1' for numbers, and for all others,\n" " just add their real representation.\n" - " -y disable the use of the above letters as placeholders\n\n" - " -r use 'rain' to explode the linearity of the generation. + " -y disable the use of the above letters as placeholders\n" + " -r use a formula to explode the linearity of the generation, without loss.\n\n" "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" From 3742af00bb76fc14c5e53ba6e5c4e832986d4857 Mon Sep 17 00:00:00 2001 From: owein Date: Wed, 9 Sep 2020 18:34:40 +0200 Subject: [PATCH 06/40] rebranded the bruteforce variation method --- Makefile | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- bfg.c | 34 ++++++++++++--------- bfg.h | 4 ++- 3 files changed, 112 insertions(+), 18 deletions(-) diff --git a/Makefile b/Makefile index 372e67e..472a20f 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,93 @@ -all: - @echo Error: you must run "./configure" first +STRIP=strip +XDEFINES= -DLIBOPENSSL -DLIBSSH -DHAVE_ZLIB -DHAVE_MATH_H +XLIBS= -lz -lssl -lssh -lcrypto +XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu +XIPATHS= +PREFIX=/usr/local +XHYDRA_SUPPORT= +STRIP=strip + +HYDRA_LOGO= +PWI_LOGO= +SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro + +# +# Makefile for Hydra - (c) 2001-2019 by van Hauser / THC +# +OPTS=-I. -O3 -march=native -flto +# -Wall -g -pedantic +LIBS=-lm +BINDIR = /bin +MANDIR ?= /man/man1/ +DATADIR ?= /etc +DESTDIR ?= + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ + hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ + hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ + hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ + hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ + hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ + hydra-rpcap.c hydra-radmin2.c \ + hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \ + hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ + hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ + hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ + hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ + hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ + hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ + hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ + hydra-rpcap.o hydra-radmin2.o \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) + cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) + -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile + diff --git a/bfg.c b/bfg.c index 2ff9f9f..aaa1f73 100644 --- a/bfg.c +++ b/bfg.c @@ -52,12 +52,13 @@ static int32_t add_single_char(char ch, char flags, int32_t* crs_len) { // note that we check for -x .:.:ab but not for -x .:.:ba // int32_t bf_init(char *arg) { - bf_options.rain = 0; + bf_options.rotate = 0; + bf_options.strafe = 0; int32_t i = 0; int32_t crs_len = 0; char flags = 0; char *tmp = strchr(arg, ':'); - + if (!tmp) { fprintf(stderr, "Error: Invalid option format for -x\n"); return 1; @@ -163,10 +164,11 @@ int32_t bf_init(char *arg) { } } } - + bf_options.crs_len = crs_len; bf_options.current = bf_options.from; memset((char *) bf_options.state, 0, sizeof(bf_options.state)); + if (debug) printf("[DEBUG] bfg INIT: from %u, to %u, len: %u, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs); @@ -192,10 +194,10 @@ uint64_t bf_get_pcount() { int accu(int value) { - int i = 0; - for(int a=1; a<=value; ++a) + int i = 0, a; + for(a = 1; a <= value; ++a) { - i+=a; + i += a; } return i; } @@ -213,16 +215,18 @@ char *bf_next(_Bool rainy) { if(rainy) { - for (i = 0; i < bf_options.current; i++){ - bf_options.ptr[i] = bf_options.crs[(bf_options.state[i]+bf_options.rain)%bf_options.crs_len]; - bf_options.rain += i+1; + #if(mpl < 5) + #define strafeValue i + #else + #define strafeValue (strafe[loop]+i-(i%2)*(1-mpl%2)-1+charcount%2)%mpl + #endif + + for(i=0; i Date: Wed, 9 Sep 2020 18:38:07 +0200 Subject: [PATCH 07/40] help menu ok --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 6c58f58..f60a22d 100644 --- a/hydra.c +++ b/hydra.c @@ -555,7 +555,7 @@ void help_bfg() { " 'A' for uppercase letters, '1' for numbers, and for all others,\n" " just add their real representation.\n" " -y disable the use of the above letters as placeholders\n" - " -r use a formula to explode the linearity of the generation, without loss.\n\n" + " -r use a method to delinearize the bruteforce.\n\n" "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" From fd8e83d0b1c04da4189a6d2a9f1c00e5206fc64d Mon Sep 17 00:00:00 2001 From: owein Date: Wed, 9 Sep 2020 21:36:30 +0200 Subject: [PATCH 08/40] done --- bfg.c | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/bfg.c b/bfg.c index aaa1f73..d27669e 100644 --- a/bfg.c +++ b/bfg.c @@ -1,5 +1,6 @@ -/* code original by Jan Dlabal , partially rewritten by vh */ +/* code original by Jan Dlabal , partially rewritten by vh, + rainy tweaks by yvain douard*/ #include #include @@ -192,15 +193,6 @@ uint64_t bf_get_pcount() { return foo; } -int accu(int value) -{ - int i = 0, a; - for(a = 1; a <= value; ++a) - { - i += a; - } - return i; -} char *bf_next(_Bool rainy) { int32_t i, pos = bf_options.current - 1; @@ -215,18 +207,22 @@ char *bf_next(_Bool rainy) { if(rainy) { - #if(mpl < 5) - #define strafeValue i - #else - #define strafeValue (strafe[loop]+i-(i%2)*(1-mpl%2)-1+charcount%2)%mpl - #endif - + int strafeValue; for(i=0; i 4) { + if(bf_options.current % 2) + strafeValue = (bf_options.strafe+i)%bf_options.current; + else + strafeValue = strafeValue = (i+bf_options.current/2+3)%bf_options.current; + } + else + strafeValue = i; + bf_options.ptr[i] = bf_options.crs[(bf_options.state[strafeValue] + bf_options.rotate) % bf_options.crs_len]; - bf_options.rotate += i%2+1; + bf_options.rotate += 1; bf_options.strafe += 3; } - bf_options.rotate -= accu(bf_options.current); + bf_options.rotate -= bf_options.current - 2 + bf_options.crs_len % 2; } else for (i = 0; i < bf_options.current; i++) @@ -243,6 +239,8 @@ char *bf_next(_Bool rainy) { while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { bf_options.state[pos] = 0; pos--; + bf_options.strafe = 0; + bf_options.rotate = 0; } if (pos < 0) { From a6a87f11f43c7a5207b451363fe81a5310672d15 Mon Sep 17 00:00:00 2001 From: owein Date: Thu, 10 Sep 2020 10:57:06 +0200 Subject: [PATCH 09/40] fixed rotation broken due to a typo. --- bfg.c | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/bfg.c b/bfg.c index d27669e..896b307 100644 --- a/bfg.c +++ b/bfg.c @@ -207,22 +207,26 @@ char *bf_next(_Bool rainy) { if(rainy) { - int strafeValue; + int mpldisp = bf_options.current/2+3; + int mplmod2 = bf_options.current % 2; + int strafeIndex; for(i=0; i 4) { - if(bf_options.current % 2) - strafeValue = (bf_options.strafe+i)%bf_options.current; - else - strafeValue = strafeValue = (i+bf_options.current/2+3)%bf_options.current; - } - else - strafeValue = i; - - bf_options.ptr[i] = bf_options.crs[(bf_options.state[strafeValue] + bf_options.rotate) % bf_options.crs_len]; - bf_options.rotate += 1; + if(mplmod2) strafeIndex = (strafe[loop]+i)%bf_options.current; + else strafeIndex = (i+mpldisp)%bf_options.current; + + bf_options.ptr[i] = bf_options.crs[(bf_options.state[strafeIndex] + bf_options.rotate) % bf_options.crs_len]; + bf_options.rotate += i+1; bf_options.strafe += 3; } - bf_options.rotate -= bf_options.current - 2 + bf_options.crs_len % 2; + #define accu(i) \ + do { \ + int j; \ + for(j=1; j<=i; ++j) k += j; \ + } while(0) + + int k = 0; + accu(mpl); + bf_options.rotate[loop] -= k-4; } else for (i = 0; i < bf_options.current; i++) From 2514335bf98510dfc7bef889c84b467958c1c243 Mon Sep 17 00:00:00 2001 From: owein Date: Thu, 10 Sep 2020 12:45:35 +0200 Subject: [PATCH 10/40] clean --- Makefile | 92 ++------------------------------------------------------ 1 file changed, 2 insertions(+), 90 deletions(-) diff --git a/Makefile b/Makefile index 472a20f..372e67e 100644 --- a/Makefile +++ b/Makefile @@ -1,93 +1,5 @@ -STRIP=strip -XDEFINES= -DLIBOPENSSL -DLIBSSH -DHAVE_ZLIB -DHAVE_MATH_H -XLIBS= -lz -lssl -lssh -lcrypto -XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu -XIPATHS= -PREFIX=/usr/local -XHYDRA_SUPPORT= -STRIP=strip - -HYDRA_LOGO= -PWI_LOGO= -SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro - -# -# Makefile for Hydra - (c) 2001-2019 by van Hauser / THC -# -OPTS=-I. -O3 -march=native -flto -# -Wall -g -pedantic -LIBS=-lm -BINDIR = /bin -MANDIR ?= /man/man1/ -DATADIR ?= /etc -DESTDIR ?= - -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ - hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ - hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ - hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ - hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ - hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ - hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ - hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ - hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ - hydra-rpcap.c hydra-radmin2.c \ - hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ - hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ - hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \ - hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ - hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ - hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ - hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ - hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ - hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ - hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ - hydra-rpcap.o hydra-radmin2.o \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o -BINS = hydra pw-inspector - -EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ - hydra-mod.h hydra.h crc32.h d3des.h - -all: pw-inspector hydra $(XHYDRA_SUPPORT) - @echo - @echo Now type "make install" - -hydra: hydra.c $(OBJ) - $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) - @echo - @echo If men could get pregnant, abortion would be a sacrament - @echo - -xhydra: - -cd hydra-gtk && sh ./make_xhydra.sh - -pw-inspector: pw-inspector.c - -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c - -.c.o: - $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) - -strip: all - strip $(BINS) - -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null - -install: strip - -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) - cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) - -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) +all: + @echo Error: you must run "./configure" first clean: - rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile - From 14ee7f2c830061b4d8307a2b39fcd018e2a031a4 Mon Sep 17 00:00:00 2001 From: owein Date: Thu, 10 Sep 2020 13:02:46 +0200 Subject: [PATCH 11/40] typos again, too much copies and pastes... --- bfg.c | 6 +++--- hydra.h | 3 +-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/bfg.c b/bfg.c index cb0bc05..5e638c3 100644 --- a/bfg.c +++ b/bfg.c @@ -228,7 +228,7 @@ char *bf_next(_Bool rainy) { int mplmod2 = bf_options.current % 2; int strafeIndex; for(i=0; i Date: Fri, 11 Sep 2020 11:59:20 +0200 Subject: [PATCH 12/40] fixed min length --- bfg.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/bfg.c b/bfg.c index 5e638c3..a3a6d68 100644 --- a/bfg.c +++ b/bfg.c @@ -224,16 +224,19 @@ char *bf_next(_Bool rainy) { if(rainy) { - int mpldisp = bf_options.current/2+3; - int mplmod2 = bf_options.current % 2; - int strafeIndex; - for(i=0; i 3) { + for(i=0; i Date: Tue, 29 Sep 2020 21:01:13 +0200 Subject: [PATCH 13/40] update efficient rain option --- bfg.c | 44 +++++++++++++++----------------------------- bfg.h | 3 --- 2 files changed, 15 insertions(+), 32 deletions(-) diff --git a/bfg.c b/bfg.c index a3a6d68..a06a93a 100644 --- a/bfg.c +++ b/bfg.c @@ -60,7 +60,6 @@ static int32_t add_single_char(char ch, char flags, int32_t *crs_len) { // int32_t bf_init(char *arg) { bf_options.rotate = 0; - bf_options.strafe = 0; int32_t i = 0; int32_t crs_len = 0; @@ -224,34 +223,16 @@ char *bf_next(_Bool rainy) { if(rainy) { - //only strafe the index above length 3 - if(bf_options.current > 3) { - for(i=0; i= 0 && (++bf_options.state[bf_options.current-1-pos]) >= bf_options.crs_len) { + bf_options.state[bf_options.current-1-pos] = 0; + pos--; + } + else while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { bf_options.state[pos] = 0; pos--; - bf_options.strafe = 0; - bf_options.rotate = 0; } if (pos < 0) { diff --git a/bfg.h b/bfg.h index 38bbbc2..3ff0710 100644 --- a/bfg.h +++ b/bfg.h @@ -43,10 +43,7 @@ typedef struct { char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; - uint64_t rotate; - uint64_t strafe; - } bf_option; extern bf_option bf_options; From 490bd3e7cd38c637972331f2c6f512d7a6f86162 Mon Sep 17 00:00:00 2001 From: owein D Date: Wed, 30 Sep 2020 10:19:10 +0200 Subject: [PATCH 14/40] avoid negative values for the rotation variable --- bfg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bfg.c b/bfg.c index a06a93a..2677b47 100644 --- a/bfg.c +++ b/bfg.c @@ -230,7 +230,7 @@ char *bf_next(_Bool rainy) { bf_options.rotate += i+3; } //we don't subtract the same depending on wether the length is odd or even - for(i=1+bf_options.current%2; i<=bf_options.current; ++i) + for(i=1+bf_options.current%2; i Date: Fri, 2 Oct 2020 16:31:10 +0200 Subject: [PATCH 15/40] html_encode the + character --- hydra-http-form.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hydra-http-form.c b/hydra-http-form.c index eb5a4ce..db1e84e 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -576,6 +576,8 @@ char *html_encode(char *string) { ret = hydra_strrep(ret, "#", "%23"); if (index(ret, '=') != NULL) ret = hydra_strrep(ret, "=", "%3D"); + if (index(ret, '+') != NULL) + ret = hydra_strrep(ret, "+", "%2B"); return ret; } From fc82b52505c66bf5f0bf7490e07710d3042c7a8c Mon Sep 17 00:00:00 2001 From: owein D Date: Mon, 5 Oct 2020 14:37:04 +0200 Subject: [PATCH 16/40] working algo after a change --- bfg.c | 48 ++++++++++++++++++++++++++++-------------------- bfg.h | 1 + 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/bfg.c b/bfg.c index 2677b47..6f9fdc4 100644 --- a/bfg.c +++ b/bfg.c @@ -59,8 +59,6 @@ static int32_t add_single_char(char ch, char flags, int32_t *crs_len) { // note that we check for -x .:.:ab but not for -x .:.:ba // int32_t bf_init(char *arg) { - bf_options.rotate = 0; - int32_t i = 0; int32_t crs_len = 0; char flags = 0; @@ -176,7 +174,9 @@ int32_t bf_init(char *arg) { bf_options.crs_len = crs_len; bf_options.current = bf_options.from; - + bf_options.strafe = 0; + bf_options.rotate = 0; + memset((char *) bf_options.state, 0, sizeof(bf_options.state)); if (debug) @@ -202,14 +202,6 @@ uint64_t bf_get_pcount() { return foo; } -int accu(int value) { - int i = 0, a; - for (a = 1; a <= value; ++a) { - i += a; - } - return i; -} - char *bf_next(_Bool rainy) { int32_t i, pos = bf_options.current - 1; @@ -223,16 +215,30 @@ char *bf_next(_Bool rainy) { if(rainy) { - //the first character cannot be taken into account - bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; - for(i=1; i 2) { + if(bf_options.current % 2) { + bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; + bf_options.ptr[1] = bf_options.crs[bf_options.state[1]]; + bf_options.ptr[2] = bf_options.crs[bf_options.state[2]]; + + for(i=3; i Date: Mon, 5 Oct 2020 14:45:07 +0200 Subject: [PATCH 17/40] if current < 4 --- bfg.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/bfg.c b/bfg.c index 6f9fdc4..c4838c4 100644 --- a/bfg.c +++ b/bfg.c @@ -215,7 +215,7 @@ char *bf_next(_Bool rainy) { if(rainy) { - if(bf_options.current > 2) { + if(bf_options.current > 3) { if(bf_options.current % 2) { bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; bf_options.ptr[1] = bf_options.crs[bf_options.state[1]]; @@ -226,17 +226,20 @@ char *bf_next(_Bool rainy) { bf_options.rotate ++; } } - } - else { - if(bf_options.current % 2) { - bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; - bf_options.ptr[1] = bf_options.crs[bf_options.state[1]]; - for(i=2; i Date: Thu, 8 Oct 2020 04:10:54 +0200 Subject: [PATCH 18/40] implement rain --- bfg.c | 44 ++++++++++++++------------------------------ bfg.h | 4 ++-- hydra.c | 5 +++-- 3 files changed, 19 insertions(+), 34 deletions(-) diff --git a/bfg.c b/bfg.c index c4838c4..a2bb1f5 100644 --- a/bfg.c +++ b/bfg.c @@ -174,8 +174,8 @@ int32_t bf_init(char *arg) { bf_options.crs_len = crs_len; bf_options.current = bf_options.from; - bf_options.strafe = 0; - bf_options.rotate = 0; + bf_options.rain = 0; + bf_options.gcounter = 0; memset((char *) bf_options.state, 0, sizeof(bf_options.state)); @@ -215,33 +215,18 @@ char *bf_next(_Bool rainy) { if(rainy) { - if(bf_options.current > 3) { - if(bf_options.current % 2) { - bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; - bf_options.ptr[1] = bf_options.crs[bf_options.state[1]]; - bf_options.ptr[2] = bf_options.crs[bf_options.state[2]]; - - for(i=3; i Date: Sat, 10 Oct 2020 18:52:04 +0200 Subject: [PATCH 19/40] slight modif that fixes all --- bfg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bfg.c b/bfg.c index a2bb1f5..ee70dfa 100644 --- a/bfg.c +++ b/bfg.c @@ -218,7 +218,7 @@ char *bf_next(_Bool rainy) { bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; for(i=2; i Date: Sat, 10 Oct 2020 19:49:02 +0200 Subject: [PATCH 20/40] this should be the last commit --- bfg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bfg.c b/bfg.c index ee70dfa..dcab78a 100644 --- a/bfg.c +++ b/bfg.c @@ -218,7 +218,7 @@ char *bf_next(_Bool rainy) { bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; for(i=2; i Date: Fri, 16 Oct 2020 13:49:07 +0200 Subject: [PATCH 21/40] fix http-post-form optional parameter parsing --- CHANGES | 8 +++++++- hydra-http-form.c | 36 +++++++++++++++++++----------------- hydra.c | 2 +- 3 files changed, 27 insertions(+), 19 deletions(-) diff --git a/CHANGES b/CHANGES index 8ca1b75..f537d9b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,8 +1,14 @@ Changelog for hydra ------------------- -Release 9.1-dev + +Release 9.2-dev +* fix for http-post-form optional parameters * enable gcc 10 support for xhydra too :) +* msys support + + +Release 9.1-dev * rdb: support for libfreerdp3 (thanks to animetauren) * new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!) * oracle: added success condition (thanks to kazkansouh), compile on Cygwin (thanks to maaaaz) diff --git a/hydra-http-form.c b/hydra-http-form.c index eb5a4ce..92d5a9f 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -400,6 +400,10 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { * Beware of the backslashes (\)! */ while (*miscptr != 0) { + if (strlen(miscptr) < 3 || miscptr[1] != '=') { + hydra_report(stderr, "[ERROR] optional parameters must have the format X=value: %s\n", miscptr); + return 0; + } switch (miscptr[0]) { case 'a': // fall through case 'A': // only for http, not http-form! @@ -504,7 +508,9 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { // Error: abort execution hydra_report(stderr, "[ERROR] Out of memory for HTTP headers (H).\n"); return 0; - // no default + default: + hydra_report(stderr, "[ERROR] no valid optional parameter type given: %c\n", miscptr[0]); + return 0; } } return 1; @@ -1197,7 +1203,7 @@ void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *mi service_http_form(ip, sp, options, miscptr, fp, port, hostname, "GET", &ptr_head, &ptr_cookie); else { hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(1); + hydra_child_exit(2); } } @@ -1209,7 +1215,7 @@ void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *m service_http_form(ip, sp, options, miscptr, fp, port, hostname, "POST", &ptr_head, &ptr_cookie); else { hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(1); + hydra_child_exit(2); } } @@ -1224,6 +1230,8 @@ int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char // 0 all OK // -1 error, hydra will exit, so print a good error message here + if (initialize(ip, options, miscptr) == NULL) return 1; + return 0; } @@ -1281,22 +1289,16 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr++; if (*ptr != 0) *ptr++ = 0; + cond = ptr; - if ((ptr2 = rindex(ptr, ':')) != NULL) { - cond = ptr2 + 1; - *ptr2 = 0; + if ((ptr2 = index(ptr, ':')) != NULL) { + *ptr2++ = 0; + if (*ptr2) + optional1 = ptr2; + else + optional1 = NULL; } else - cond = ptr; - /* - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - */ - if (ptr == cond) optional1 = NULL; - else - optional1 = ptr; if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { @@ -1332,7 +1334,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { sprintf(cookieurl, "%.1000s", url); // conditions now have to contain F or S to set the fail or success condition - if (*cond != 0 && (strpos(cond, "F=") == 0)) { + if (strpos(cond, "F=") == 0) { success_cond = 0; cond += 2; } else if (*cond != 0 && (strpos(cond, "S=") == 0)) { diff --git a/hydra.c b/hydra.c index 4971317..ac3511e 100644 --- a/hydra.c +++ b/hydra.c @@ -225,7 +225,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.1" +#define VERSION "v9.2-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From be654c6bac504dc4912f087b2025d3596c27f093 Mon Sep 17 00:00:00 2001 From: ddeka2910 <60925700+ddeka2910@users.noreply.github.com> Date: Tue, 20 Oct 2020 21:02:17 +0530 Subject: [PATCH 22/40] As is --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 19f1e15..7985412 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,4 @@ + language: c sudo: required dist: trusty From 2d0723b281da199bb539064bc8e48e21f13d7c31 Mon Sep 17 00:00:00 2001 From: ddeka2910 <60925700+ddeka2910@users.noreply.github.com> Date: Tue, 20 Oct 2020 21:04:31 +0530 Subject: [PATCH 23/40] Add architecture ppc64le to travis build --- .travis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 7985412..ad0b541 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,12 @@ - language: c sudo: required dist: trusty os: - linux - osx +arch: + - amd64 + - ppc64le compiler: - clang - gcc From 5e98fe23e79803b6a50898e35e532f0273e4f271 Mon Sep 17 00:00:00 2001 From: owein Date: Thu, 22 Oct 2020 02:35:46 +0200 Subject: [PATCH 24/40] see https://github.com/e2002e/zhou --- bfg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bfg.c b/bfg.c index dcab78a..b146bd4 100644 --- a/bfg.c +++ b/bfg.c @@ -218,10 +218,10 @@ char *bf_next(_Bool rainy) { bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; for(i=2; i Date: Mon, 9 Nov 2020 19:25:26 +0100 Subject: [PATCH 25/40] up to last fix --- bfg.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/bfg.c b/bfg.c index b146bd4..8a6428a 100644 --- a/bfg.c +++ b/bfg.c @@ -215,13 +215,13 @@ char *bf_next(_Bool rainy) { if(rainy) { - bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; - for(i=2; i Date: Mon, 9 Nov 2020 19:41:00 +0100 Subject: [PATCH 26/40] lqst commit --- bfg.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/bfg.c b/bfg.c index 8a6428a..bdb221c 100644 --- a/bfg.c +++ b/bfg.c @@ -237,10 +237,12 @@ char *bf_next(_Bool rainy) { } //we revert the ordering of the bruteforce to fix the first static character - if(rainy) - while (pos >= 0 && (++bf_options.state[bf_options.current-1-pos]) >= bf_options.crs_len) { - bf_options.state[bf_options.current-1-pos] = 0; - pos--; + if(rainy) { + pos = 0; + while (pos < bf_options.current && (++bf_options.state[pos]) >= bf_options.crs_len) { + bf_options.state[pos] = 0; + pos++; + } } else while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { @@ -248,7 +250,7 @@ char *bf_next(_Bool rainy) { pos--; } - if (pos < 0) { + if (pos < 0 || pos >= bf_options.current) { bf_options.current++; bf_options.rain = 0; memset((char *)bf_options.state, 0, sizeof(bf_options.state)); From 1df1d63c4fcc44d0cb1c0384a71120dfb0de3ff1 Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Wed, 11 Nov 2020 11:18:04 +0000 Subject: [PATCH 27/40] smb2: fix parsing of miscptr --- hydra-smb2.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/hydra-smb2.c b/hydra-smb2.c index a09490d..7c22bf1 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -126,8 +126,13 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { */ switch (errno) { + case ENOENT: + // Noticed this when connecting to older samba servers on linux + // where any credentials are accepted. + hydra_report(stderr, "[WARNING] %s might accept any credential\n", server); case EINVAL: // 22 - // probably password ok + // probably password ok, nominal case when connecting to a windows + // smb server with good credentials. smbc_free_context(ctx, 1); return true; break; @@ -147,6 +152,9 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { case ECONNREFUSED: // there are probably more codes that could be added here to // indicate connection errors. + hydra_report(stderr, + "[ERROR] Error %s (%d) while connecting to %s\n", + strerror(errno), errno, server); smbc_free_context(ctx, 1); EXIT_CONNECTION_ERROR; break; @@ -202,6 +210,11 @@ int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *mis continue; } if (CMP(tkn_workgroup, miscptr)) { + if (workgroup != default_workgroup) { + // miscptr has already been processed, goto end + miscptr += strlen(miscptr) + 1; + continue; + } miscptr += sizeof(tkn_workgroup) - 1; char *p = strchr(miscptr, '}'); if (p == NULL) { @@ -217,6 +230,11 @@ int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *mis continue; } if (CMP(tkn_netbios, miscptr)) { + if (netbios_name != NULL) { + // miscptr has already been processed, goto end + miscptr += strlen(miscptr) + 1; + continue; + } miscptr += sizeof(tkn_netbios) - 1; char *p = strchr(miscptr, '}'); if (p == NULL) { From 981e19852b5aa6af7de88ddd82c360299c5f8109 Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Wed, 11 Nov 2020 15:55:23 +0000 Subject: [PATCH 28/40] www-form: normalise webtarget --- hydra-http-form.c | 73 +++++++++++++++++++++-------------------------- 1 file changed, 33 insertions(+), 40 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 88f2e6b..5e9d863 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -78,7 +78,7 @@ int32_t auth_flag = 0; char cookie[4096] = "", cmiscptr[1024]; -int32_t webport, freemischttpform = 0; +int32_t webport; char bufferurl[6096 + 24], cookieurl[6096 + 24] = "", userheader[6096 + 24] = "", *url, *variables, *optional1; #define MAX_REDIRECT 8 @@ -1133,9 +1133,6 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt while (1) { if (run == 2) { if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_child_exit(1); } } @@ -1157,9 +1154,6 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t)getpid()); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_child_exit(1); } next_run = 2; @@ -1171,30 +1165,19 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_child_exit(0); break; case 4: /* silent error exit */ if (sock >= 0) sock = hydra_disconnect(sock); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_child_exit(1); break; default: - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } - if (freemischttpform) - free(miscptr); } void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { @@ -1240,35 +1223,21 @@ int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr_header_node ptr_head = NULL; char *ptr, *ptr2, *proxy_string; +#ifdef AF_INET6 + unsigned char addr6 [sizeof(struct in6_addr)]; +#endif if (use_proxy > 0 && proxy_count > 0) selected_proxy = random() % proxy_count; - if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) { - webtarget += strlen("://"); - if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ - *ptr2 = 0; - ptr2++; - ptr = ptr2; - if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) - miscptr = ptr; - else - miscptr = slash; /* to make things easier to user */ - } else if ((ptr2 = index(webtarget, '/')) != NULL) { - if (freemischttpform == 0) { - if ((miscptr = malloc(strlen(ptr2) + 1)) != NULL) { - freemischttpform = 1; - strcpy(miscptr, ptr2); - *ptr2 = 0; - } - } - } else - webtarget = NULL; + if (webtarget) { + free(webtarget); + webtarget = NULL; } - if (cmdlinetarget != NULL && webtarget == NULL) + if (cmdlinetarget != NULL) webtarget = cmdlinetarget; - else if (webtarget == NULL && cmdlinetarget == NULL) + else webtarget = hydra_address2string(ip); if (port != 0) webport = port; @@ -1277,6 +1246,29 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { else webport = PORT_HTTP_SSL; + /* normalise the webtarget for ipv6/port number */ + ptr = malloc(strlen(webtarget) + 1 /* null */ + 6 /* :65535 */ +#ifdef AF_INET6 + + 2 /* [] */ +#endif + ); +#ifdef AF_INET6 + /* let libc decide if target is an ipv6 address */ + if (inet_pton(AF_INET6, webtarget, addr6)) { + ptr2 = ptr + sprintf(ptr, "[%s]", webtarget); + } else { +#endif + ptr2 = ptr + sprintf(ptr, "%s", webtarget); +#ifdef AF_INET6 + } +#endif + if (options & OPTION_SSL && webport != PORT_HTTP_SSL || + !(options & OPTION_SSL) && webport != PORT_HTTP) { + sprintf(ptr2, ":%d", webport); + } + webtarget = ptr; + ptr = ptr2 = NULL; + sprintf(bufferurl, "%.6096s", miscptr); url = bufferurl; ptr = url; @@ -1411,6 +1403,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { normal_request = stringify_headers(&ptr_head); } } + return ptr_head; } From 7f19248e3495a60edc2ecd33c1e797f65689ee0e Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Thu, 12 Nov 2020 15:27:08 +0000 Subject: [PATCH 29/40] resolve compiler warnings identified by gcc 9.3.0 --- hydra-http-form.c | 2 +- hydra.c | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 5e9d863..e6074cf 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1039,7 +1039,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } if (strrchr(url, ':') == NULL && port != 80) { - sprintf(str2, "%s:%d", str2, port); + sprintf(str2, "%.2040s:%d", str2, port); } if (verbose) diff --git a/hydra.c b/hydra.c index ac3511e..9efbc05 100644 --- a/hydra.c +++ b/hydra.c @@ -610,10 +610,6 @@ void help_bfg() { void module_usage() { int32_t i; - if (!hydra_options.service) { - printf("The Module %s does not need or support optional parameters\n", hydra_options.service); - exit(0); - } printf("\nHelp for module " "%s:\n================================================================" From 78b3358862da15587bc8c2d75caa4a3030d8bb26 Mon Sep 17 00:00:00 2001 From: owein Date: Thu, 12 Nov 2020 17:06:53 +0100 Subject: [PATCH 30/40] profound mangling --- bfg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bfg.c b/bfg.c index bdb221c..80e7392 100644 --- a/bfg.c +++ b/bfg.c @@ -219,9 +219,9 @@ char *bf_next(_Bool rainy) { bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; for(i=1; i Date: Sat, 14 Nov 2020 14:20:00 +0100 Subject: [PATCH 31/40] uptodate with rainycrack --- bfg.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/bfg.c b/bfg.c index 80e7392..912b61c 100644 --- a/bfg.c +++ b/bfg.c @@ -202,6 +202,14 @@ uint64_t bf_get_pcount() { return foo; } + +int accu(int x) { + int a = 0, b; + for(b=1; b Date: Fri, 4 Dec 2020 12:50:46 +0100 Subject: [PATCH 32/40] cleanup --- bfg.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/bfg.c b/bfg.c index 912b61c..0d670dd 100644 --- a/bfg.c +++ b/bfg.c @@ -202,14 +202,6 @@ uint64_t bf_get_pcount() { return foo; } - -int accu(int x) { - int a = 0, b; - for(b=1; b Date: Sat, 26 Dec 2020 16:42:57 +0000 Subject: [PATCH 33/40] www: normalise webtarget --- hydra-http.c | 54 ++++++++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/hydra-http.c b/hydra-http.c index a269e71..c487144 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -10,7 +10,7 @@ char *http_buf = NULL; static char end_condition[END_CONDITION_MAX_LEN]; int end_condition_type = -1; -int32_t webport, freemischttp = 0; +int32_t webport; int32_t http_auth_mechanism = AUTH_UNASSIGNED; int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *type, ptr_header_node ptr_head) { @@ -313,32 +313,16 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; char *ptr, *ptr2; ptr_header_node ptr_head = NULL; +#ifdef AF_INET6 + unsigned char addr6 [sizeof(struct in6_addr)]; +#endif hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; - if ((webtarget = strstr(miscptr, "://")) != NULL) { - webtarget += strlen("://"); - if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ - *ptr2 = 0; - ptr2++; - ptr = ptr2; - if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) - miscptr = ptr; - else - miscptr = slash; /* to make things easier to user */ - } else if ((ptr2 = index(webtarget, '/')) != NULL) { - miscptr = malloc(strlen(ptr2) + 1); - freemischttp = 1; - strcpy(miscptr, ptr2); - *ptr2 = 0; - } else - webtarget = hostname; - } else if (strlen(miscptr) == 0) + if (strlen(miscptr) == 0) miscptr = strdup("/"); - if (webtarget == NULL) - webtarget = hostname; if (port != 0) webport = port; else if ((options & OPTION_SSL) == 0) @@ -346,6 +330,28 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI else webport = mysslport; + /* normalise the webtarget for ipv6/port number */ + webtarget = malloc(strlen(hostname) + 1 /* null */ + 6 /* :65535 */ +#ifdef AF_INET6 + + 2 /* [] */ +#endif + ); +#ifdef AF_INET6 + /* let libc decide if target is an ipv6 address */ + if (inet_pton(AF_INET6, hostname, addr6)) { + ptr = webtarget + sprintf(webtarget, "[%s]", hostname); + } else { +#endif + ptr = webtarget + sprintf(webtarget, "%s", hostname); +#ifdef AF_INET6 + } +#endif + if (options & OPTION_SSL && webport != PORT_HTTP_SSL || + !(options & OPTION_SSL) && webport != PORT_HTTP) { + sprintf(ptr, ":%d", webport); + } + ptr = NULL; + /* Advance to options string */ ptr = miscptr; while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) @@ -380,8 +386,6 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI port = mysslport; } if (sock < 0) { - if (freemischttp) - free(miscptr); if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); @@ -395,13 +399,9 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); - if (freemischttp) - free(miscptr); hydra_child_exit(0); return; default: - if (freemischttp) - free(miscptr); fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } From 09f6a71e844871c660de6060dd2d2ae0938874ea Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 1 Jan 2021 12:20:49 +0100 Subject: [PATCH 34/40] 2021 --- CHANGES | 2 ++ README.md | 4 ++-- hydra-smb2.c | 2 +- hydra.1 | 2 +- hydra.c | 5 +++-- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index f537d9b..8a36029 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,8 @@ Release 9.2-dev * fix for http-post-form optional parameters * enable gcc 10 support for xhydra too :) * msys support +* fix for rain mode (-r) +* IPv6 support for Host: header for http based modules Release 9.1-dev diff --git a/README.md b/README.md index fa214d9..322da43 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ H Y D R A - (c) 2001-2020 by van Hauser / THC + (c) 2001-2021 by van Hauser / THC https://github.com/vanhauser-thc/thc-hydra many modules were written by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal @@ -382,7 +382,7 @@ Version 1.00 example: "These are very free form" ], "generator": { - "built": "2020-03-01 14:44:22", + "built": "2021-03-01 14:44:22", "commandline": "hydra -b jsonv1 -o results.json ... ...", "jsonoutputversion": "1.00", "server": "127.0.0.1", diff --git a/hydra-smb2.c b/hydra-smb2.c index 7c22bf1..31e211d 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -13,7 +13,7 @@ * along with this program. If not, see . * * - * Copyright (C) 2020 Karim Kanso, all rights reserved. + * Copyright (C) 2021 Karim Kanso, all rights reserved. * kaz 'dot' kanso 'at' g mail 'dot' com */ diff --git a/hydra.1 b/hydra.1 index 912533f..039d55f 100644 --- a/hydra.1 +++ b/hydra.1 @@ -1,4 +1,4 @@ -.TH "HYDRA" "1" "01/01/2020" +.TH "HYDRA" "1" "01/01/2021" .SH NAME hydra \- a very fast network logon cracker which supports many different services .SH SYNOPSIS diff --git a/hydra.c b/hydra.c index 852d0de..3695110 100644 --- a/hydra.c +++ b/hydra.c @@ -1,5 +1,5 @@ /* - * hydra (c) 2001-2020 by van Hauser / THC + * hydra (c) 2001-2021 by van Hauser / THC * https://github.com/vanhauser-thc/thc-hydra * * Parallized network login hacker. @@ -11,6 +11,7 @@ */ #include "hydra.h" #include "bfg.h" +#include #ifdef LIBNCURSES #include @@ -2151,7 +2152,7 @@ int main(int argc, char *argv[]) { struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - printf("%s %s (c) 2020 by %s & %s - Please do not use in military or secret " + printf("%s %s (c) 2021 by %s & %s - Please do not use in military or secret " "service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); #ifndef LIBAFP From 04076995835e57df234d6a994ec20673878f96a9 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 29 Jan 2021 10:23:27 +0100 Subject: [PATCH 35/40] Update issue templates --- .github/ISSUE_TEMPLATE/bug_report.md | 37 +++++++++++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 20 ++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..78bd469 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,37 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + +**IMPORTANT** +This is just for reporting *BUGS* not help on how to hack, how to use hydra, command line options or how to get it compiled. Please search for help via search engines. Issues asking for this here will be closed. + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** + * Ensure that you have tested the bug to be present in the current github code. You might be using an outdated version that comes with your Linux distribution! + * You must provide full command line options. + +Steps to reproduce the behavior: +1. ... +2. ... +3. ... + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. +Note that all messages must be in *English*, not in Chinese, Russian, etc. + +**Desktop (please complete the following information):** + - OS: [e.g. Ubuntu 20.04] + - hydra version [e.g. current github state] + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..bbcbbe7 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: '' +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. From 51da37bfd87c17e2b246f7a1a003b4b1044954d6 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 29 Jan 2021 10:29:28 +0100 Subject: [PATCH 36/40] Update issue templates --- .github/ISSUE_TEMPLATE/feature_request.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index bbcbbe7..d0c19f8 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -7,6 +7,9 @@ assignees: '' --- +**IMPORTANT** +Please note that hydra is still maintained however not actively developed. If you would like to see specific feature here it it recommended implement it yourself and send a pull request - or look for someone to do that for you :-) + **Is your feature request related to a problem? Please describe.** A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] From ac2fd35b4f3a8965db344b27033a601fca7a7d7d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 19 Feb 2021 09:19:05 +0100 Subject: [PATCH 37/40] allow configure to pick up PKG_CONFIG --- configure | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/configure b/configure index ae81322..139c9bf 100755 --- a/configure +++ b/configure @@ -17,10 +17,12 @@ if [ "$1" = "-h" -o "$1" = "--help" ]; then echo " --help this here" echo echo If the CC environment variable is set, this is used as the compiler for the configure tests. The default is \"gcc\" otherwise. + echo You can also set PKG_CONFIG if necessary. exit 0 fi test -z "$CC" && CC=gcc +test -z "$PKG_CONFIG" && PKG_CONFIG=pkg-config FHS="" SIXFOUR="" @@ -1305,9 +1307,9 @@ echo "Checking for smbclient (libsmbclient/libsmbclient.h) ..." if [ "X" = "X$XHYDRA_SUPPORT" ]; then echo "Checking for GUI req's (pkg-config/gtk+-2.0) ..." - XHYDRA_SUPPORT=`pkg-config --help > /dev/null 2>&1 || echo disabled` + XHYDRA_SUPPORT=`$PKG_CONFIG --help > /dev/null 2>&1 || echo disabled` if [ "X" = "X$XHYDRA_SUPPORT" ]; then - XHYDRA_SUPPORT=`pkg-config --modversion gtk+-2.0 2> /dev/null` + XHYDRA_SUPPORT=`$PKG_CONFIG --modversion gtk+-2.0 2> /dev/null` else XHYDRA_SUPPORT="" fi From 42f75763d937743472be82c293361c655056b1f2 Mon Sep 17 00:00:00 2001 From: pirate sans barbe Date: Wed, 3 Mar 2021 05:45:20 -1000 Subject: [PATCH 38/40] managed eof with stdin --- hydra.c | 87 ++++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 65 insertions(+), 22 deletions(-) diff --git a/hydra.c b/hydra.c index 3695110..89fab49 100644 --- a/hydra.c +++ b/hydra.c @@ -245,6 +245,26 @@ extern int32_t old_ssl; void hydra_kill_head(int32_t head_no, int32_t killit, int32_t fail); +char *read_line_stdin() { + char *word = malloc(64); + memset(word, 0, sizeof(word)); + char c; + int i = 0; + + do { + c = getc(stdin); + if(feof(stdin)) + { + fprintf(stderr, "eof\n"); + break; + } + strncpy(&word[i], &c, 1); + i++; + } while(c != '\n'); + word[i-1] = 0; + return word; +} + // some enum definitions typedef enum { HEAD_DISABLED = -1, HEAD_UNUSED = 0, HEAD_ACTIVE = 1 } head_state_t; @@ -911,7 +931,7 @@ void hydra_restore_read() { hydra_targets[j]->pass_ptr = pass_ptr + atoi(out); sck = fgets(out, sizeof(out), f); // target login_ptr, ignord sck = fgets(out, sizeof(out), f); - if (hydra_options.bfg) { + if (hydra_options.bfg && !hydra_options.read_stdin) { if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; hydra_targets[j]->pass_ptr = malloc(strlen(out) + 1); @@ -1777,13 +1797,18 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->pass_ptr = pass_ptr; } else { if (check_flag(hydra_options.mode, MODE_PASSWORD_BRUTE)) { + if(hydra_options.read_stdin) { + hydra_targets[target_no]->pass_ptr = read_line_stdin(); + } + else { #ifndef HAVE_MATH_H - sleep(1); -#else - hydra_targets[target_no]->pass_ptr = bf_next(hydra_options.rainy); - if (debug) - printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); + sleep(1); +#else + hydra_targets[target_no]->pass_ptr = bf_next(); + if (debug) + printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); #endif + } } else { // -p -P mode hydra_targets[target_no]->pass_ptr++; while (*hydra_targets[target_no]->pass_ptr != 0) @@ -2280,9 +2305,11 @@ int main(int argc, char *argv[]) { hydra_brains.ofp = stdout; hydra_brains.targets = 1; hydra_options.waittime = waittime = WAITTIME; - hydra_options.rainy = 0; + hydra_options.stdin_lines = 0; + hydra_options.read_stdin = 0; bf_options.disable_symbols = 0; + // command line processing if (argc > 1 && strncmp(argv[1], "-h", 2) == 0) help(1); @@ -2315,9 +2342,6 @@ int main(int argc, char *argv[]) { hydra_options.restore = 1; hydra_restore_read(); break; - case 'r': - hydra_options.rainy = 1; - break; case 'I': ignore_restore = 1; // this is not to be saved in hydra_options! break; @@ -2452,14 +2476,24 @@ int main(int argc, char *argv[]) { modusage = 1; break; case 'x': + if(optarg[0] == '-') { + hydra_options.read_stdin = 1; + hydra_options.stdin_lines = atoi(&optarg[1]); + if(hydra_options.stdin_lines < 1) { + fprintf(stderr, "Using stdin, you must give the numbers of lines to treat: -x -250"); + exit(-1); + } + } + else { #ifndef HAVE_MATH_H - fprintf(stderr, "[ERROR] -x option is not available as math.h was not " + fprintf(stderr, "[ERROR] -x option is not available as math.h was not " "found at compile time\n"); - exit(-1); + exit(-1); #else - if (strcmp(optarg, "-h") == 0) - help_bfg(); - bf_options.arg = optarg; + if (strcmp(optarg, "-h") == 0) + help_bfg(); + bf_options.arg = optarg; + } hydra_options.bfg = 1; hydra_options.mode = hydra_options.mode | MODE_PASSWORD_BRUTE; hydra_options.loop_mode = 1; @@ -3429,16 +3463,22 @@ int main(int argc, char *argv[]) { hydra_brains.sizepass = strlen(hydra_options.pass) + 1; } else { if (hydra_options.bfg) { + if(hydra_options.read_stdin) { + pass_ptr = read_line_stdin(); + hydra_brains.countpass = hydra_options.stdin_lines; + } + else { #ifdef HAVE_MATH_H - if (bf_init(bf_options.arg)) - exit(-1); // error description is handled by bf_init + if (bf_init(bf_options.arg)) + exit(-1); // error description is handled by bf_init - pass_ptr = bf_next(hydra_options.rainy); - hydra_brains.countpass += bf_get_pcount(); - hydra_brains.sizepass += BF_BUFLEN; + pass_ptr = bf_next(); + hydra_brains.countpass += bf_get_pcount(); + hydra_brains.sizepass += BF_BUFLEN; #else - sleep(1); + sleep(1); #endif + } } else { pass_ptr = hydra_options.pass = empty_login; hydra_brains.countpass = 0; @@ -3703,7 +3743,10 @@ int main(int argc, char *argv[]) { #ifdef HAVE_MATH_H if (hydra_options.bfg) { - math2 = hydra_brains.countlogin * bf_get_pcount(); + if(hydra_options.read_stdin) + math2 = hydra_brains.countlogin * hydra_options.stdin_lines; + else + math2 = hydra_brains.countlogin * bf_get_pcount(); } #endif From 70c8b6ee6d36d7fe7b50f062adc1cfb788226c32 Mon Sep 17 00:00:00 2001 From: pirate sans barbe Date: Wed, 3 Mar 2021 06:05:58 -1000 Subject: [PATCH 39/40] stdin mode --- bfg.c | 29 +++-------------------------- bfg.h | 4 +--- configure | 6 ++---- hydra.c | 28 ++++++++++++++++++---------- hydra.h | 3 ++- 5 files changed, 26 insertions(+), 44 deletions(-) diff --git a/bfg.c b/bfg.c index 0d670dd..c3a8d0e 100644 --- a/bfg.c +++ b/bfg.c @@ -174,8 +174,6 @@ int32_t bf_init(char *arg) { bf_options.crs_len = crs_len; bf_options.current = bf_options.from; - bf_options.rain = 0; - bf_options.gcounter = 0; memset((char *) bf_options.state, 0, sizeof(bf_options.state)); @@ -202,7 +200,7 @@ uint64_t bf_get_pcount() { return foo; } -char *bf_next(_Bool rainy) { +char *bf_next() { int32_t i, pos = bf_options.current - 1; if (bf_options.current > bf_options.to) @@ -212,19 +210,8 @@ char *bf_next(_Bool rainy) { fprintf(stderr, "Error: Can not allocate memory for -x data!\n"); return NULL; } - - if(rainy) - { - bf_options.rain = bf_options.gcounter; - bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; - for(i=1; i= bf_options.crs_len) { - bf_options.state[pos] = 0; - pos++; - } - } - else while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { bf_options.state[pos] = 0; pos--; @@ -252,7 +230,6 @@ char *bf_next(_Bool rainy) { if (pos < 0 || pos >= bf_options.current) { bf_options.current++; - bf_options.rain = 0; memset((char *)bf_options.state, 0, sizeof(bf_options.state)); } diff --git a/bfg.h b/bfg.h index 602cee6..6d11aee 100644 --- a/bfg.h +++ b/bfg.h @@ -43,8 +43,6 @@ typedef struct { char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; - uint64_t rain; - uint64_t gcounter; } bf_option; extern bf_option bf_options; @@ -52,7 +50,7 @@ extern bf_option bf_options; #ifdef HAVE_MATH_H extern uint64_t bf_get_pcount(); extern int32_t bf_init(char *arg); -extern char *bf_next(_Bool rainy); +extern char *bf_next(); #endif #endif diff --git a/configure b/configure index 139c9bf..ae81322 100755 --- a/configure +++ b/configure @@ -17,12 +17,10 @@ if [ "$1" = "-h" -o "$1" = "--help" ]; then echo " --help this here" echo echo If the CC environment variable is set, this is used as the compiler for the configure tests. The default is \"gcc\" otherwise. - echo You can also set PKG_CONFIG if necessary. exit 0 fi test -z "$CC" && CC=gcc -test -z "$PKG_CONFIG" && PKG_CONFIG=pkg-config FHS="" SIXFOUR="" @@ -1307,9 +1305,9 @@ echo "Checking for smbclient (libsmbclient/libsmbclient.h) ..." if [ "X" = "X$XHYDRA_SUPPORT" ]; then echo "Checking for GUI req's (pkg-config/gtk+-2.0) ..." - XHYDRA_SUPPORT=`$PKG_CONFIG --help > /dev/null 2>&1 || echo disabled` + XHYDRA_SUPPORT=`pkg-config --help > /dev/null 2>&1 || echo disabled` if [ "X" = "X$XHYDRA_SUPPORT" ]; then - XHYDRA_SUPPORT=`$PKG_CONFIG --modversion gtk+-2.0 2> /dev/null` + XHYDRA_SUPPORT=`pkg-config --modversion gtk+-2.0 2> /dev/null` else XHYDRA_SUPPORT="" fi diff --git a/hydra.c b/hydra.c index 89fab49..e6cc1e3 100644 --- a/hydra.c +++ b/hydra.c @@ -503,8 +503,11 @@ void help(int32_t ext) { "[-C FILE]] [-e nsr]" " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W " "TIME] [-f] [-s PORT]" -#ifdef HAVE_MATH_H - " [-x MIN:MAX:CHARSET]" +#ifndef HAVE_MATH_H + " [-x +LINES]" +#else + " [ [-x MIN:MAX:CHARSET] | [-x +LINES] ]" + #endif " [-c TIME] [-ISOuvVd46] [-m MODULE_OPT] " //"[server service [OPT]]|" @@ -522,11 +525,14 @@ void help(int32_t ext) { " -p PASS or -P FILE try password PASS, or load several " "passwords from FILE\n"); PRINT_EXTEND(ext, -#ifdef HAVE_MATH_H - " -x MIN:MAX:CHARSET password bruteforce generation, type " +#ifndef HAVE_MATH_H + " -x +LINES read from stdin\n" + "\"-x -h\" to get help\n" +#else + " -x +LINES read from stdin\n" + " -x MIN:MAX:CHARSET password bruteforce generation, type\n" "\"-x -h\" to get help\n" " -y disable use of symbols in bruteforce, see above\n" - " -r use a non-random shuffling method for option -x\n" #endif " -e nsr try \"n\" null password, \"s\" login as pass " "and/or \"r\" reversed login\n" @@ -612,9 +618,10 @@ void help_bfg() { " 'A' for uppercase letters, '1' for numbers, and for all " "others,\n" " just add their real representation.\n" - " -y disable the use of the above letters as placeholders\n" - " -r use a shuffling method called 'rain' to try to break\n" - " the linearity of the bruteforce\n" + " -y disable the use of the above letters as placeholders\n\n" + " -x +LINES\n\n" + " LINES is the numer of lines read from standard input,\n" + " you must not set it above what stdin is going to produce.\n" "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all " "lowercase letters\n" @@ -626,6 +633,7 @@ void help_bfg() { "only of /%%,.-\n" " -x 3:5:aA1 -y generate passwords from length 3 to 5 with a, A and " "1 only\n" + " -x +250 test with the first 250 lines of standard input\n" "\nThe bruteforce mode was made by Jan Dlabal, " "http://houbysoft.com/bfg/\n"); exit(-1); @@ -2476,11 +2484,11 @@ int main(int argc, char *argv[]) { modusage = 1; break; case 'x': - if(optarg[0] == '-') { + if(optarg[0] == '+') { hydra_options.read_stdin = 1; hydra_options.stdin_lines = atoi(&optarg[1]); if(hydra_options.stdin_lines < 1) { - fprintf(stderr, "Using stdin, you must give the numbers of lines to treat: -x -250"); + fprintf(stderr, "Using stdin, you must give the numbers of lines to treat: -x +250\n"); exit(-1); } } diff --git a/hydra.h b/hydra.h index f0a0253..31018dd 100644 --- a/hydra.h +++ b/hydra.h @@ -206,7 +206,8 @@ typedef struct { char *server; char *service; char bfg; - int8_t rainy; + int32_t read_stdin; + int32_t stdin_lines; int32_t skip_redo; } hydra_option; From 6fc51db156b0f0dc533941bb24aa4f24f07f2124 Mon Sep 17 00:00:00 2001 From: pirate sans barbe Date: Wed, 3 Mar 2021 08:33:55 -1000 Subject: [PATCH 40/40] bail when stdin feof is reached and more lines are to be printed --- hydra.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/hydra.c b/hydra.c index e6cc1e3..24a3a3f 100644 --- a/hydra.c +++ b/hydra.c @@ -254,10 +254,7 @@ char *read_line_stdin() { do { c = getc(stdin); if(feof(stdin)) - { - fprintf(stderr, "eof\n"); - break; - } + return NULL; strncpy(&word[i], &c, 1); i++; } while(c != '\n'); @@ -620,8 +617,7 @@ void help_bfg() { " just add their real representation.\n" " -y disable the use of the above letters as placeholders\n\n" " -x +LINES\n\n" - " LINES is the numer of lines read from standard input,\n" - " you must not set it above what stdin is going to produce.\n" + " LINES is the numer of lines read from standard input\n\n" "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all " "lowercase letters\n"