From 4582bc9529019c4d8b3215e3057a1ac5a13cf733 Mon Sep 17 00:00:00 2001 From: Denis Belov Date: Mon, 7 Nov 2016 22:15:34 +0000 Subject: [PATCH 01/90] Fix telnet complete condition --- hydra-telnet.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/hydra-telnet.c b/hydra-telnet.c index d1f1b2b..b5ba065 100644 --- a/hydra-telnet.c +++ b/hydra-telnet.c @@ -36,7 +36,7 @@ int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr if ((buf = hydra_receive_line(s)) == NULL) return 1; - if (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || index(buf, '%') != NULL) { + if (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); @@ -76,10 +76,10 @@ int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr /*win7 answering with do terminal type = 0xfd 0x18 */ while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { - if ((miscptr != NULL && strstr(buf, miscptr) != NULL) - || (miscptr == NULL - && (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL - || (strstr(buf, " failed") == NULL && index(buf, '%') != NULL) || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { + if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && + strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL && + (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || + index(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); @@ -89,6 +89,7 @@ int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr } free(buf); } + hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; From 796992d82d45b27fd3b93ab7c9e1e61f23b1d53c Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 22 Nov 2016 16:58:11 +0100 Subject: [PATCH 02/90] fix for libressl --- hydra-mod.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hydra-mod.c b/hydra-mod.c index 347473b..31487a5 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -490,8 +490,9 @@ RSA *ssl_temp_rsa_cb(SSL * ssl, int export, int keylength) { #endif return rsa; } +#endif - +#if defined(LIBOPENSSL) int internal__hydra_connect_to_ssl(int socket, char *hostname) { int err; From 34f5d55b8490ba7f542988e9682f639b006f64a7 Mon Sep 17 00:00:00 2001 From: Aaron Lewis Date: Thu, 29 Dec 2016 17:03:46 +0800 Subject: [PATCH 03/90] SunOS compile support: add -lrt to support nanosleep(); add definition of strndup() --- configure | 6 +++++- hydra-http-form.c | 21 +++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/configure b/configure index ef77d8f..90969e4 100755 --- a/configure +++ b/configure @@ -1220,6 +1220,10 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: STRIP=$STRIP fi +if [ "$SYSS" = "SunOS" ]; then + XLIBS="$XLIBS -lrt" +fi + echo "Writing Makefile.in ..." if [ "X" != "X$FHS" ]; then echo "MANDIR = /share/man/man1" >> Makefile.in @@ -1263,7 +1267,7 @@ if [ "x$WINDRES" = "x" ]; then echo HYDRA_LOGO= >> Makefile echo PWI_LOGO= >> Makefile fi -if [ "$GCCSEC" = "yes" ]; then +if [ "$GCCSEC" = "yes" ] && [ "$SYSS" != "SunOS" ]; then echo "SEC=$GCCSECOPT" >> Makefile else echo "SEC=" >> Makefile diff --git a/hydra-http-form.c b/hydra-http-form.c index f051626..116e463 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -114,6 +114,27 @@ ptr_header_node header_exists(ptr_header_node * ptr_head, char *header_name, cha return found_header; } +#if defined(__sun) +/* Written by Kaveh R. Ghazi */ +char * +strndup (const char *s, size_t n) +{ + char *result; + size_t len = strlen (s); + + if (n < len) + len = n; + + result = (char *) malloc (len + 1); + if (!result) + return 0; + + memcpy (result, s, len); + result[len] = '\0'; + return(result); +} +#endif + int append_cookie(char *name, char *value, ptr_cookie_node *last_cookie) { ptr_cookie_node new_ptr = (ptr_cookie_node) malloc(sizeof(t_cookie_node)); From f340852655f3740c7abf39ad4b615f5568f01284 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 18 Jan 2017 10:31:37 +0100 Subject: [PATCH 04/90] fixed -U crash --- CHANGES | 1 + hydra.c | 19 ++++++++++++++----- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 6731174..f598bd1 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,7 @@ Release 8.4-dev -I : ignore an existing hydra.restore file (dont wait for 10 seconds) * Upgraded hydra-svn to work with the current libsvn version * Fixed dpl4hydra to be able to update from the web again +* Fixed crash when -U was used without any service (thanks to thecarterb for reporting) * Updated default password lists * The protocols vnc, xmpp, telnet, imap, nntp and pcanywhere got accidentially long sleep commands due a patch in 8.2, fixed * Added special error message for clueless users :) diff --git a/hydra.c b/hydra.c index 67f06fe..c7f0550 100644 --- a/hydra.c +++ b/hydra.c @@ -2725,16 +2725,20 @@ int main(int argc, char *argv[]) { if (debug) printf("[DEBUG] opt:%d argc:%d mod:%s tgt:%s port:%u misc:%s\n", optind, argc, hydra_options.service, hydra_options.server, hydra_options.port, hydra_options.miscptr); } else { - hydra_options.server = NULL; + hydra_options.server = NULL; hydra_options.service = NULL; - if (modusage) + if (modusage) { hydra_options.service = targetdef; - else + } else help(0); } } else { - if (strstr(argv[optind], "://") != NULL) { + if (modusage && argv[optind] == NULL) { + printf("[ERROR] you must supply a service name after the -U help switch\n"); + exit(-1); + } + if (argv[optind] == NULL || strstr(argv[optind], "://") != NULL) { printf("[ERROR] Invalid target definition!\n"); printf("[ERROR] Either you use \"www.example.com module [optional-module-parameters]\" *or* you use the \"module://www.example.com/optional-module-parameters\" syntax!\n"); exit(-1); @@ -2801,8 +2805,13 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "https-form-post") == 0) strcpy(hydra_options.service, "https-post-form"); - if (modusage == 1) + if (modusage == 1) { + if (hydra_options.service == NULL) { + printf("[ERROR] you must supply a service name after the -U help switch\n"); + exit(-1); + } module_usage(); + } i = 0; if (strcmp(hydra_options.service, "telnet") == 0) { From 60c5aff0ea6bb63f1fddcd374e6fd38231d0f05b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 19 Jan 2017 09:50:31 +0100 Subject: [PATCH 05/90] set year to 2017 --- Makefile.am | 2 +- README | 2 +- hydra.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index c904b09..f0f7754 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,5 @@ # -# Makefile for Hydra - (c) 2001-2016 by van Hauser / THC +# Makefile for Hydra - (c) 2001-2017 by van Hauser / THC # OPTS=-I. -O3 # -Wall -g -pedantic diff --git a/README b/README index 27a5bd1..8b3afe6 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ H Y D R A - (c) 2001-2016 by van Hauser / THC + (c) 2001-2017 by van Hauser / THC http://www.thc.org many modules were written by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal diff --git a/hydra.c b/hydra.c index c7f0550..31a27ce 100644 --- a/hydra.c +++ b/hydra.c @@ -1,5 +1,5 @@ /* - * hydra (c) 2001-2016 by van Hauser / THC + * hydra (c) 2001-2017 by van Hauser / THC * http://www.thc.org * * Parallized network login hacker. @@ -2353,7 +2353,7 @@ int main(int argc, char *argv[]) { struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - printf("%s %s (c) 2016 by %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR); + printf("%s %s (c) 2017 by %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR); #ifndef LIBPOSTGRES SERVICES = hydra_string_replace(SERVICES, "postgres ", ""); strcat(unsupported, "postgres "); From 7f1a9e3496c1356cfa936195f35f27bfef99db65 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 24 Jan 2017 09:51:03 +0100 Subject: [PATCH 06/90] ssh initial password check now uses the supplied user --- CHANGES | 4 +++- README | 2 +- hydra-ssh.c | 9 ++++++++- hydra.c | 4 +++- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index f598bd1..05002c8 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,7 @@ Changelog for hydra ------------------- Release 8.4-dev +! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix * Proxy support re-implemented: - HYDRA_PROXY[_HTTP] environment can be a text file with up to 64 entries - HYDRA_PROXY_AUTH was deprecated, set login/password in HTTP_PROXY[_HTTP] @@ -10,7 +11,8 @@ Release 8.4-dev * New command line options: -y : disables -x 1aA interpretation, thanks to crondaemon for the patch -I : ignore an existing hydra.restore file (dont wait for 10 seconds) -* Upgraded hydra-svn to work with the current libsvn version +* hydra-svn: works now with the current libsvn version +* hydra-ssh: initial check for password auth support now uses login supplied * Fixed dpl4hydra to be able to update from the web again * Fixed crash when -U was used without any service (thanks to thecarterb for reporting) * Updated default password lists diff --git a/README b/README index 8b3afe6..b48bf5b 100644 --- a/README +++ b/README @@ -54,7 +54,7 @@ If you are interested in the current development state, the public development repository is at Github: svn co https://github.com/vanhauser-thc/thc-hydra or - git clone https://github.com/vanhauser-thc/thc-hydra.git + git clone https://github.com/vanhauser-thc/thc-hydra Use the development version at your own risk. It contains new features and new bugs. Things might not work! diff --git a/hydra-ssh.c b/hydra-ssh.c index da321cf..cb3acfe 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -151,6 +151,10 @@ void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * #endif #endif +// +// dirty workaround here: miscptr is the ptr to the logins, and the first one is used +// to test if password authentication is enabled!! +// int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be @@ -171,7 +175,10 @@ int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FIL printf("[INFO] Testing if password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port); ssh_options_set(session, SSH_OPTIONS_PORT, &port); ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); - ssh_options_set(session, SSH_OPTIONS_USER, "root"); + if (miscptr == NULL) + ssh_options_set(session, SSH_OPTIONS_USER, "hydra"); + else + ssh_options_set(session, SSH_OPTIONS_USER, miscptr); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); if (ssh_connect(session) != 0) { diff --git a/hydra.c b/hydra.c index 31a27ce..c78529a 100644 --- a/hydra.c +++ b/hydra.c @@ -1238,8 +1238,9 @@ void hydra_service_init(int target_no) { if (strcmp(hydra_options.service, "socks5") == 0) x = service_socks5_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); #ifdef LIBSSH + // dirty workaround here: if (strcmp(hydra_options.service, "ssh") == 0) - x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, login_ptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); if (strcmp(hydra_options.service, "sshkey") == 0) x = service_sshkey_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); #endif @@ -3274,6 +3275,7 @@ int main(int argc, char *argv[]) { //} //if (conwait == 0) // hydra_options.conwait = conwait = 1; + printf("[WARNING] the rdp module is currently reported to be unreliable, most likely against new Windows version. Please test, report - and if possible, fix.\n"); i = 1; } // ADD NEW SERVICES HERE From dc4c20e34e344a31637181b5674f67ca60378780 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 27 Jan 2017 17:10:22 +0100 Subject: [PATCH 07/90] gtk updates --- CHANGES | 4 ++-- hydra-gtk/src/callbacks.c | 26 +++++++++++++++----------- hydra-gtk/src/interface.c | 3 +++ hydra-gtk/xhydra.glade | 20 ++++++++++++++++++++ 4 files changed, 40 insertions(+), 13 deletions(-) diff --git a/CHANGES b/CHANGES index 05002c8..ec7c474 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,7 @@ Release 8.4-dev - HYDRA_PROXY[_HTTP] environment can be a text file with up to 64 entries - HYDRA_PROXY_AUTH was deprecated, set login/password in HTTP_PROXY[_HTTP] * New protocol: adam6500 - this one is work in progress, please test and report -* New protocol: rpcap! thanks to Petar Kaleychev +* New protocol: rpcap - thanks to Petar Kaleychev * New command line options: -y : disables -x 1aA interpretation, thanks to crondaemon for the patch -I : ignore an existing hydra.restore file (dont wait for 10 seconds) @@ -29,7 +29,7 @@ Release 8.3 Release 8.2 * Added RTSP module, thanks to jjavi89 for supplying! -* Added patch for ssh that fixes hyra stopping to connect, thanks to ShantonRU for the patch +* Added patch for ssh that fixes hydra stopping to connect, thanks to ShantonRU for the patch * Added new -O option to hydra to support SSL servers that do not suport TLS * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames * Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot! diff --git a/hydra-gtk/src/callbacks.c b/hydra-gtk/src/callbacks.c index 234b2fd..62c441c 100644 --- a/hydra-gtk/src/callbacks.c +++ b/hydra-gtk/src/callbacks.c @@ -151,24 +151,24 @@ int hydra_get_options(char *options[]) { } /* get the pass, pass list, or generate */ - /* The "generate" button was implemented by Petar Kaleychev */ + /* The "generate" button was implemented by Petar Kaleychev */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass1"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-p"; widget = lookup_widget(GTK_WIDGET(wndMain), "entPass"); options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); - } - widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass2"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + } + widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass2"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-P"; widget = lookup_widget(GTK_WIDGET(wndMain), "entPassFile"); options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } - widget = lookup_widget(GTK_WIDGET(wndMain), "radioGenerate"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { - options[i++] = "-x"; - widget = lookup_widget(GTK_WIDGET(wndMain), "entGeneration"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + widget = lookup_widget(GTK_WIDGET(wndMain), "radioGenerate"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-x"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entGeneration"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } } @@ -297,7 +297,7 @@ int hydra_get_options(char *options[]) { } widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { - strcat(smbparm, "Hash"); + strcat(smbparm, "Hash"); } options[i++] = smbparm; @@ -540,6 +540,7 @@ int *popen_re_unbuffered(char *command) { static int *pfd = NULL; char *options[128]; + hydra_pid = 0; update_statusbar(); @@ -562,6 +563,7 @@ int *popen_re_unbuffered(char *command) { return NULL; } else if (hydra_pid == 0) { /* child */ int k; + if (setpgid(getpid(), getpid()) < 0) g_warning("popen_rw_unbuffered: setpgid() failed"); if (close(p_r[0]) < 0) @@ -585,7 +587,7 @@ int *popen_re_unbuffered(char *command) { execv(HYDRA_BIN, options); g_warning("%s %i: popen_rw_unbuffered: execv() returned", __FILE__, __LINE__); - + for (k = 0; options[k] != NULL; k++) { g_warning("%s", options[k]); } @@ -701,6 +703,7 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) { void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) { GtkWidget *user, *pass; + user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername");; pass = lookup_widget(GTK_WIDGET(wndMain), "frmPass"); @@ -715,6 +718,7 @@ void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) { void on_chkDisUser_toggled(GtkToggleButton * togglebutton, gpointer user_data) { GtkWidget *radioUsername1, *radioUsername2, *entUsername, *entUsernameFile; + radioUsername1 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1");; radioUsername2 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername2"); entUsername = lookup_widget(GTK_WIDGET(wndMain), "entUsername"); diff --git a/hydra-gtk/src/interface.c b/hydra-gtk/src/interface.c index 6b39186..1ad52f4 100644 --- a/hydra-gtk/src/interface.c +++ b/hydra-gtk/src/interface.c @@ -222,6 +222,7 @@ GtkWidget *create_wndMain(void) { gtk_widget_set_name(cmbProtocol, "cmbProtocol"); gtk_widget_show(cmbProtocol); gtk_table_attach(GTK_TABLE(table8), cmbProtocol, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "adam6500"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "afp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "asterisk"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "cisco"); @@ -262,7 +263,9 @@ GtkWidget *create_wndMain(void) { cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "redis"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rexec"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rlogin"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rpcap"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rsh"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rtsp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "s7-300"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sapr3"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sip"); diff --git a/hydra-gtk/xhydra.glade b/hydra-gtk/xhydra.glade index b3f69d5..fab45dd 100644 --- a/hydra-gtk/xhydra.glade +++ b/hydra-gtk/xhydra.glade @@ -549,6 +549,26 @@ xmpp + + + True + True + adam6500 + + + + + True + True + rpcap + + + + True + True + rtsp + + From 3b97da1021ba57239420ae2e4229fb816135326c Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 27 Jan 2017 17:11:59 +0100 Subject: [PATCH 08/90] v8.4 --- CHANGES | 2 +- hydra.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index ec7c474..49cf12d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,7 @@ Changelog for hydra ------------------- -Release 8.4-dev +Release 8.4 ! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix * Proxy support re-implemented: - HYDRA_PROXY[_HTTP] environment can be a text file with up to 64 entries diff --git a/hydra.c b/hydra.c index c78529a..7c022e7 100644 --- a/hydra.c +++ b/hydra.c @@ -171,7 +171,7 @@ char *SERVICES = #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v8.4-dev" +#define VERSION "v8.4" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define RESOURCE "http://www.thc.org/thc-hydra" From 5ae15317c61568d66c18762d37a21a30d409fa88 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 27 Jan 2017 17:19:18 +0100 Subject: [PATCH 09/90] 8.4 docu update --- web/CHANGES | 16 +++++++++-- web/README | 4 +-- web/index.html | 29 ++++++++++++++------ web/network_password_cracker_comparison.html | 20 ++++++++++++-- 4 files changed, 53 insertions(+), 16 deletions(-) diff --git a/web/CHANGES b/web/CHANGES index 31a59d4..49cf12d 100644 --- a/web/CHANGES +++ b/web/CHANGES @@ -1,11 +1,21 @@ Changelog for hydra ------------------- -Release 8.4-dev +Release 8.4 +! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix * Proxy support re-implemented: - HYDRA_PROXY[_HTTP] environment can be a text file with up to 64 entries - HYDRA_PROXY_AUTH was deprecated, set login/password in HTTP_PROXY[_HTTP] -* New command line option -y which disables -x 1aA interpretation, thanks to crondaemon for the patch +* New protocol: adam6500 - this one is work in progress, please test and report +* New protocol: rpcap - thanks to Petar Kaleychev +* New command line options: + -y : disables -x 1aA interpretation, thanks to crondaemon for the patch + -I : ignore an existing hydra.restore file (dont wait for 10 seconds) +* hydra-svn: works now with the current libsvn version +* hydra-ssh: initial check for password auth support now uses login supplied +* Fixed dpl4hydra to be able to update from the web again +* Fixed crash when -U was used without any service (thanks to thecarterb for reporting) +* Updated default password lists * The protocols vnc, xmpp, telnet, imap, nntp and pcanywhere got accidentially long sleep commands due a patch in 8.2, fixed * Added special error message for clueless users :) @@ -19,7 +29,7 @@ Release 8.3 Release 8.2 * Added RTSP module, thanks to jjavi89 for supplying! -* Added patch for ssh that fixes hyra stopping to connect, thanks to ShantonRU for the patch +* Added patch for ssh that fixes hydra stopping to connect, thanks to ShantonRU for the patch * Added new -O option to hydra to support SSL servers that do not suport TLS * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames * Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot! diff --git a/web/README b/web/README index 27a5bd1..b48bf5b 100644 --- a/web/README +++ b/web/README @@ -1,7 +1,7 @@ H Y D R A - (c) 2001-2016 by van Hauser / THC + (c) 2001-2017 by van Hauser / THC http://www.thc.org many modules were written by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal @@ -54,7 +54,7 @@ If you are interested in the current development state, the public development repository is at Github: svn co https://github.com/vanhauser-thc/thc-hydra or - git clone https://github.com/vanhauser-thc/thc-hydra.git + git clone https://github.com/vanhauser-thc/thc-hydra Use the development version at your own risk. It contains new features and new bugs. Things might not work! diff --git a/web/index.html b/web/index.html index 8d695ff..6d02e3a 100644 --- a/web/index.html +++ b/web/index.html @@ -16,8 +16,8 @@ A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa

- Current Version: 8.3 - Last update 2016-08-11 + Current Version: 8.4 + Last update 2017-01-27

@@ -33,15 +33,26 @@ Read below for Linux compilation notes. - CHANGELOG for 8.3 + CHANGELOG for 8.4 =================== ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra - * Support for upcoming OpenSSL 1.1 added. needs testing. - * Fixed hydra redo bug (issue #113) - * Updated xhydra for new hydra features and options - * Some more command line error checking - * Ensured unneeded sockets are closed + ! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix + * Proxy support re-implemented: + - HYDRA_PROXY[_HTTP] environment can be a text file with up to 64 entries + - HYDRA_PROXY_AUTH was deprecated, set login/password in HTTP_PROXY[_HTTP] + * New protocol: adam6500 - this one is work in progress, please test and report + * New protocol: rpcap - thanks to Petar Kaleychev + * New command line options: + -y : disables -x 1aA interpretation, thanks to crondaemon for the patch + -I : ignore an existing hydra.restore file (dont wait for 10 seconds) + * hydra-svn: works now with the current libsvn version + * hydra-ssh: initial check for password auth support now uses login supplied + * Fixed dpl4hydra to be able to update from the web again + * Fixed crash when -U was used without any service (thanks to thecarterb for reporting) + * Updated default password lists + * The protocols vnc, xmpp, telnet, imap, nntp and pcanywhere got accidentially long sleep commands due a patch in 8.2, fixed + * Added special error message for clueless users :) You can also take a look at the full CHANGES file @@ -126,7 +137,7 @@ [0x05] The Art of Downloading: Source and Binaries 1. PRODUCTION/RELEASE VERSION: - The source code of state-of-the-art Hydra: hydra-8.3.tar.gz + The source code of state-of-the-art Hydra: hydra-8.4.tar.gz (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, Android, iPhone, Blackberry 10, etc.) 2. DEVELOPMENT VERSION: diff --git a/web/network_password_cracker_comparison.html b/web/network_password_cracker_comparison.html index 8c6258f..c2286a1 100644 --- a/web/network_password_cracker_comparison.html +++ b/web/network_password_cracker_comparison.html @@ -62,13 +62,13 @@ features are added to the project. If you find any inaccuracies Version - 8.3 + 8.4 2.1 0.4 alpha Last Update - August 2016 + January 2017 April 2012 April 2011 @@ -160,6 +160,14 @@ contact us as the service depends on RFC implementations, some adjustements may Ncrack + + ADAM-6500 + +Yes +No +No + + AFP @@ -564,6 +572,14 @@ contact us as the service depends on RFC implementations, some adjustements may No + + RPCAP + +Yes +No +No + + RSH From 9c3feee9b689deed911777212f14628cca16c5b4 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 31 Jan 2017 11:03:00 +0100 Subject: [PATCH 10/90] configure CC support, strrchr over rindex --- CHANGES | 5 +++++ configure | 26 +++++++++++++++----------- hydra-nntp.c | 6 +++--- hydra-smtp.c | 6 +++--- hydra.c | 2 +- 5 files changed, 27 insertions(+), 18 deletions(-) diff --git a/CHANGES b/CHANGES index 49cf12d..f6596c2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,11 @@ Changelog for hydra ------------------- +Release 8.5-dev +* ./configure now honors the CC enviroment variable if present +* Favor strrchr() over rindex() + + Release 8.4 ! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix * Proxy support re-implemented: diff --git a/configure b/configure index 90969e4..bc66cfa 100755 --- a/configure +++ b/configure @@ -15,9 +15,13 @@ if [ "$1" = "-h" -o "$1" = "--help" ]; then echo " --nostrip do not per default strip binaries before install" echo " --debug show debug output to trace errors" echo " --help this here" + echo + echo If the CC environment variable is set, this is used as the compiler for the configure tests. The default is \"gcc\" otherwise. exit 0 fi +test -z "$CC" && CC=gcc + FHS="" SIXFOUR="" DEBUG="" @@ -966,37 +970,37 @@ fi echo "Checking for Android specialities ..." TMPC=comptest$$ -RINDEX=" not" +STRRCHR=" not" echo '#include ' > $TMPC.c echo '#include ' >> $TMPC.c -echo "int main() { char *x = rindex(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c -gcc -o $TMPC $TMPC.c > /dev/null 2>&1 -test -x $TMPC && RINDEX="" +echo "int main() { char *x = strrchr(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c +$CC -o $TMPC $TMPC.c > /dev/null 2>&1 +test -x $TMPC && STRRCHR="" rm -f $TMPC $TMPC.c -echo " ... rindex()$RINDEX found" +echo " ... strrchr()$STRRCHR found" if [ -n "$CRYPTO_PATH" ]; then RSA=" not" echo '#include ' > $TMPC.c echo '#include ' >> $TMPC.c echo "int main() { RSA *rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c #echo "int main() { RSA *rsa; RSA_generate_key_ex(rsa, 1024, 0, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c - gcc -o $TMPC $TMPC.c -lssl -lcrypto > /dev/null 2>&1 + $CC -o $TMPC $TMPC.c -lssl -lcrypto > /dev/null 2>&1 test -x $TMPC && RSA="" rm -f $TMPC $TMPC.c echo " ... RSA_generate_key()$RSA found" fi -echo "Checking for secure compile option support in gcc ..." +echo "Checking for secure compile option support in $CC ..." GCCSEC="no" LDSEC="no" GCCSECOPT="-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2" echo '#include ' > $TMPC.c echo 'int main() { printf(""); return 0; }' >> $TMPC.c -gcc -pie -fPIE $GCCSEPOPT -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err +$CC -pie -fPIE $GCCSEPOPT -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err test -x $TMPC && GCCSEC="yes" grep -q fPI $TMPC.c.err || GCCSECOPT="-pie -fPIE $GCCSECOPT" rm -f "$TMPC" -gcc $GCCSECOPT -Wl,-z,now -Wl,-z,relro -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err +$CC $GCCSECOPT -Wl,-z,now -Wl,-z,relro -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err test -x $TMPC && { LDSEC="yes" ; GCCSECOPT="$GCCSECOPT -Wl,-z,now -Wl,-z,relro" ; } rm -f $TMPC $TMPC.c $TMPC.c.err echo " Compiling... $GCCSEC" @@ -1060,8 +1064,8 @@ fi if [ -n "$SSH_PATH" ]; then XDEFINES="$XDEFINES -DLIBSSH" fi -if [ -n "$RINDEX" ]; then - XDEFINES="$XDEFINES -DNO_RINDEX" +if [ -n "$STRRCHR" ]; then + XDEFINES="$XDEFINES -DNO_STRRCHR" fi if [ -n "$RSA" ]; then XDEFINES="$XDEFINES -DNO_RSA_LEGACY" diff --git a/hydra-nntp.c b/hydra-nntp.c index 890a5a6..bfa3108 100644 --- a/hydra-nntp.c +++ b/hydra-nntp.c @@ -32,10 +32,10 @@ char *nntp_read_server_capacity(int sock) { buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; -#ifdef NO_RINDEX - if ((ptr = strrchr(buf, '\n')) != NULL) { -#else +#ifdef NO_STRRCHR if ((ptr = rindex(buf, '\n')) != NULL) { +#else + if ((ptr = strrchr(buf, '\n')) != NULL) { #endif ptr++; if (isdigit((int) *ptr) && *(ptr + 3) == ' ') diff --git a/hydra-smtp.c b/hydra-smtp.c index 92ebe61..1f40110 100644 --- a/hydra-smtp.c +++ b/hydra-smtp.c @@ -21,10 +21,10 @@ char *smtp_read_server_capacity(int sock) { buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; -#ifdef NO_RINDEX - if ((ptr = strrchr(buf, '\n')) != NULL) { -#else +#ifdef NO_STRRCHR if ((ptr = rindex(buf, '\n')) != NULL) { +#else + if ((ptr = strrchr(buf, '\n')) != NULL) { #endif ptr++; if (isdigit((int) *ptr) && *(ptr + 3) == ' ') diff --git a/hydra.c b/hydra.c index 7c022e7..19eab9e 100644 --- a/hydra.c +++ b/hydra.c @@ -171,7 +171,7 @@ char *SERVICES = #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v8.4" +#define VERSION "v8.5-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define RESOURCE "http://www.thc.org/thc-hydra" From ae2f6b8b7649019a200e3068efc6b799f6cfec20 Mon Sep 17 00:00:00 2001 From: Gianfranco Costamagna Date: Mon, 13 Feb 2017 11:16:30 +0100 Subject: [PATCH 11/90] Fix manpage adding a missing newline A missing newline lead to https://bugs.debian.org/853807 --- hydra.1 | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra.1 b/hydra.1 index 98172de..053222b 100644 --- a/hydra.1 +++ b/hydra.1 @@ -105,6 +105,7 @@ prefer IPv4 (default) or IPv6 addresses .TP .B \-v / \-V verbose mode / show login+pass combination for each attempt +.TP .B \-d debug mode .TP From b14d5f32255ca37f806eb9eb0d0d3d5e47dff778 Mon Sep 17 00:00:00 2001 From: Gianfranco Costamagna Date: Mon, 13 Feb 2017 11:31:27 +0100 Subject: [PATCH 12/90] Fix typos on manpage (From Daniel Echeverry) --- hydra.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hydra.1 b/hydra.1 index 98172de..e08f497 100644 --- a/hydra.1 +++ b/hydra.1 @@ -9,11 +9,11 @@ hydra \- a very fast network logon cracker which support many different services server service [OPTIONS] .br .SH DESCRIPTION -Hydra is a parallized login cracker which supports numerous protocols +Hydra is a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. -This tool gives researchers and security consultants the possiblity to +This tool gives researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. From f32fe17851a7211a1f5ca16cb8b45f852e1a22e4 Mon Sep 17 00:00:00 2001 From: Gianfranco Costamagna Date: Mon, 13 Feb 2017 11:32:19 +0100 Subject: [PATCH 13/90] Fix typo on xhydra manpage (From Daniel Echeverry) --- xhydra.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xhydra.1 b/xhydra.1 index 0c5e740..453016a 100644 --- a/xhydra.1 +++ b/xhydra.1 @@ -4,11 +4,11 @@ xhydra \- Gtk+2 frontend for thc-hydra .SH SYNOPSIS Execute xhydra in a terminal to start the application. .SH DESCRIPTION -Hydra is a parallized login cracker which supports numerous protocols +Hydra is a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. -This tool gives researchers and security consultants the possiblity to +This tool gives researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. From 88f16b73d6d1feebbc2d032fa9552c13df5acb98 Mon Sep 17 00:00:00 2001 From: veggie spam Date: Wed, 1 Mar 2017 15:09:35 -0500 Subject: [PATCH 14/90] New feature: output results in JSON format. --- hydra.c | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 85 insertions(+), 10 deletions(-) diff --git a/hydra.c b/hydra.c index 19eab9e..528dd64 100644 --- a/hydra.c +++ b/hydra.c @@ -255,6 +255,7 @@ typedef struct { int exit_found; int max_use; int cidr; + int outfile_format; // 0 = plain text, 1 = JSONv1, [future --> ] 2 = JSONv2, 3=XMLv1, 4=... char *login; char *loginfile; char *pass; @@ -357,6 +358,8 @@ void help(int ext) { printf(" -M FILE list of servers to attack, one entry per line, ':' to specify port\n"); if (ext) printf(" -o FILE write found login/password pairs to FILE instead of stdout\n"); + if (ext) + printf(" -b FORMAT broker -o FILEs in (text[default], json, jsonv1) format\n"); if (ext) printf(" -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); printf(" -t TASKS run TASKS number of connects in parallel per target (default: %d)\n", TASKS); @@ -2340,6 +2343,7 @@ void process_proxy_line(int type, char *string) { int main(int argc, char *argv[]) { char *proxy_string = NULL, *device = NULL, *memcheck, *cmdtarget = NULL; + char *outfile_format_tmp; FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL, *proxyfp; size_t countinfile = 1, sizeinfile = 0; unsigned long int math2; @@ -2455,6 +2459,7 @@ int main(int argc, char *argv[]) { hydra_options.passfile = NULL; hydra_options.tasks = TASKS; hydra_options.max_use = MAXTASKS; + hydra_options.outfile_format = 0; hydra_brains.ofp = stdout; hydra_brains.targets = 1; hydra_options.waittime = waittime = WAITTIME; @@ -2465,7 +2470,7 @@ int main(int argc, char *argv[]) { help(1); if (argc < 2) help(0); - while ((i = getopt(argc, argv, "hIq64Rde:vVl:fFg:L:p:OP:o:M:C:t:T:m:w:W:s:SUux:y")) >= 0) { + while ((i = getopt(argc, argv, "hIq64Rde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:y")) >= 0) { switch (i) { case 'h': help(1); @@ -2548,6 +2553,20 @@ int main(int argc, char *argv[]) { hydra_options.outfile_ptr = optarg; // colored_output = 0; break; + case 'b': + outfile_format_tmp = optarg; + if (0==strcasecmp(outfile_format_tmp,"text")) + hydra_options.outfile_format = 0; + else if (0==strcasecmp(outfile_format_tmp,"json")) // latest json formatting. + hydra_options.outfile_format = 1; + else if (0==strcasecmp(outfile_format_tmp,"jsonv1")) + hydra_options.outfile_format = 1; + else { + fprintf(stderr, "[ERROR] Output file format must be (text, json, jsonv1)\n"); + exit(-1); + } + // colored_output = 0; + break; case 'M': hydra_options.infile_ptr = optarg; break; @@ -3721,11 +3740,26 @@ int main(int argc, char *argv[]) { perror("[ERROR] Error creating outputfile"); exit(-1); } - fprintf(hydra_brains.ofp, "# %s %s run at %s on %s %s (%s", PROGRAM, VERSION, hydra_build_time(), + if (hydra_options.outfile_format == 1) { // JSONv1 + fprintf(hydra_brains.ofp, "{ \"generator\": {\n" + "\t\"software\": \"%s\", \"version\": \"%s\", \"built\": \"%s\",\n" + "\t\"server\": \"%s\", \"service\": \"%s\", \"jsonoutputversion\": 1.0,\n" + "\t\"commandline\": \"%s", + PROGRAM, VERSION, hydra_build_time(), hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); - for (i = 1; i < argc; i++) - fprintf(hydra_brains.ofp, " %s", argv[i]); - fprintf(hydra_brains.ofp, ")\n"); + for (i = 1; i < argc; i++) { + char *t = hydra_string_replace(argv[i],"\"","\\\""); + fprintf(hydra_brains.ofp, " %s", t); + free(t); + } + fprintf(hydra_brains.ofp, "\"\n\t},\n\"results\": ["); + } else { // else default is plain text aka == 0 + fprintf(hydra_brains.ofp, "# %s %s run at %s on %s %s (%s", PROGRAM, VERSION, hydra_build_time(), + hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); + for (i = 1; i < argc; i++) + fprintf(hydra_brains.ofp, " %s", argv[i]); + fprintf(hydra_brains.ofp, ")\n"); + } } // we have to flush all writeable buffered file pointers before forking // set appropriate signals for mother @@ -3959,7 +3993,17 @@ int main(int argc, char *argv[]) { printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); } - if (hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { + if (hydra_options.outfile_format == 1 /* JSONv1 */ && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { + fprintf(hydra_brains.ofp, "%s\n\t{\"port\": %d, \"service\": \"%s\", \"host\": \"%s\", \"login\": \"%s\", \"password\": \"%s\"}", + hydra_brains.found != 0 ? "" : ",", // add comma if not first finding + hydra_targets[hydra_heads[head_no]->target_no]->port, + hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target !=NULL ? hydra_targets[hydra_heads[head_no]->target_no]->target : "", + hydra_heads[head_no]->current_login_ptr !=NULL ? hydra_string_replace(hydra_heads[head_no]->current_login_ptr,"\"","\\\"") : "", + hydra_heads[head_no]->current_pass_ptr != NULL ? hydra_string_replace(hydra_heads[head_no]->current_pass_ptr,"\"","\\\"") : "" + ); + fflush(hydra_brains.ofp); + } else if (hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { // else output format == 0 aka text if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) fprintf(hydra_brains.ofp, "[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, @@ -4162,22 +4206,53 @@ int main(int argc, char *argv[]) { hydra_restore_write(1); } } + #define STRMAX (10*1024) + char json_error[STRMAX+2], tmp_str[STRMAX+2]; + memset(json_error, 0, STRMAX+2); + memset(tmp_str, 0, STRMAX+2); if (error) { - fprintf(stderr, "[ERROR] %d target%s disabled because of too many errors\n", error, error == 1 ? " was" : "s were"); + snprintf(tmp_str, STRMAX, "[ERROR] %d target%s disabled because of too many errors", error, error == 1 ? " was" : "s were"); + fprintf(stderr, "%s\n", tmp_str); + strncat(json_error,"\"",STRMAX); + strncat(json_error,tmp_str,STRMAX); + strncat(json_error,"\"",STRMAX); error = 1; } if (k) { - fprintf(stderr, "[ERROR] %d target%s did not resolve or could not be connected\n", k, k == 1 ? "" : "s"); + snprintf(tmp_str, STRMAX, "[ERROR] %d target%s did not resolve or could not be connected", k, k == 1 ? "" : "s"); + fprintf(stderr, "%s\n", tmp_str); + if (*json_error) { + strncat(json_error,", ", STRMAX); + } + strncat(json_error,"\"",STRMAX); + strncat(json_error,tmp_str,STRMAX); + strncat(json_error,"\"",STRMAX); + error = 1; + if (*json_error) { + strncat(json_error,", ", STRMAX); + } error = 1; } if (j) { - fprintf(stderr, "[ERROR] %d target%s did not complete\n", j, j == 1 ? "" : "s"); + snprintf(tmp_str, STRMAX, "[ERROR] %d target%s did not complete", j, j == 1 ? "" : "s"); + fprintf(stderr, "%s\n", tmp_str); + if (*json_error) { + strncat(json_error,", ", STRMAX); + } + strncat(json_error,"\"",STRMAX); + strncat(json_error,tmp_str,STRMAX); + strncat(json_error,"\"",STRMAX); error = 1; } // yeah we did it printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); - if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) + if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) { + if (hydra_options.outfile_format == 1 /* JSONv1 */ ) { + fprintf(hydra_brains.ofp, "\n\t],\n\"status\": \"%s\",\n\"errormessages\": [ %s ],\n\"quantityfound\": %lu }\n", + (error ? "errors" : "success"), json_error, hydra_brains.found); + } fclose(hydra_brains.ofp); + } fflush(NULL); if (error || j || exit_condition < 0) From 09f5395b7a150becbc2a184c130a50b1251eaabd Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 2 Mar 2017 10:32:25 +0100 Subject: [PATCH 15/90] update command line --- CHANGES | 3 +++ hydra.1 | 36 +++++++++++++++++++++++++----------- hydra.c | 5 ++++- 3 files changed, 32 insertions(+), 12 deletions(-) diff --git a/CHANGES b/CHANGES index f6596c2..b43c89c 100644 --- a/CHANGES +++ b/CHANGES @@ -2,8 +2,11 @@ Changelog for hydra ------------------- Release 8.5-dev +* New command line option: + -b : format option for -o output file (json only so far, happy for patches supporting others :) ) - thanks to veggiespam for the patch * ./configure now honors the CC enviroment variable if present * Favor strrchr() over rindex() +* Updated man page with missing command line options Release 8.4 diff --git a/hydra.1 b/hydra.1 index 98e8f98..9f7e3eb 100644 --- a/hydra.1 +++ b/hydra.1 @@ -1,11 +1,12 @@ -.TH "HYDRA" "1" "24/05/2012" +.TH "HYDRA" "1" "01/03/2017" .SH NAME hydra \- a very fast network logon cracker which support many different services .SH SYNOPSIS .B hydra - [[[\-l LOGIN|\-L FILE] [\-p PASS|\-P FILE|\-x OPT]] | [\-C FILE]] [\-e nsr] - [\-u] [\-f] [\-F] [\-M FILE] [\-o FILE] [\-t TASKS] [\-w TIME] [\-W TIME] - [\-m OPTIONS] [\-s PORT] [\-S] [\-4/6] [\-vV] [\-d] + [[[\-l LOGIN|\-L FILE] [\-p PASS|\-P FILE|\-x OPT \-y]] | [\-C FILE]] [\-e nsr] + [\-u] [\-f|\-F] [\-M FILE] [\-o FILE] [\-b FORMAT] [\-t TASKS] [\-T TASKS] + [\-w TIME] [\-W TIME] [\-m OPTIONS] [\-s PORT] [\-S] [\-4|6] [\-O] [\-I] + [\-vV] [\-d] server service [OPTIONS] .br .SH DESCRIPTION @@ -18,13 +19,13 @@ show how easy it would be to gain unauthorized access from remote to a system. Currently this tool supports: - AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, FTPS, - HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, - HTTP-PROXY-URLENUM, ICQ, IMAP, IRC, LDAP2, LDAP3, MS-SQL, MYSQL, NCP, NNTP, - Oracle, Oracle-Listener, Oracle-SID, PC-Anywhere, PCNFS, POP3, POSTGRES, - RDP, REXEC, RLOGIN, RSH, SAP/R3, SIP, SMB, SMTP, SMTP-Enum, SNMP, - SOCKS5, SSH(v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, - VMware-Auth, VNC and XMPP. + adam6500 afp asterisk cisco cisco-enable cvs firebird ftp ftps + http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum + icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql(v4) mysql5 + ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres + rdp redis rexec rlogin rpcap rsh rtsp s7-300 sapr3 sip smb smtp[s] smtp-enum + snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp + For most protocols, SSL mode is available (e.g. https-get, ftp-ssl, etc.) If not all necessary libraries are found during compile time, your available services will be less. Type "hydra" to see what is available. @@ -47,6 +48,10 @@ written. No other options are allowed when using \-R .B \-S connect via SSL .TP +.TP +.B \-O +use old SSL v2 and v3 +.TP .B \-s PORT if the service is on a different default port, define it here .TP @@ -64,6 +69,9 @@ generate passwords from min to max length. charset can contain 1 The generated passwords will be of length 1 to 2 and contain lowcase letters, numbers and/or percent signs and dots. .TP +.B \-y +disable use of symbols in \-x bruteforce, see above +.TP .B \-e nsr additional checks, "n" for null password, "s" try login as pass, "r" try the reverse login as pass .TP @@ -87,6 +95,9 @@ server list for parallel attacks, one entry per line .B \-o FILE write found login/password pairs to FILE instead of stdout .TP +.B \-b FORMAT +specify the format for the \-o FILE: text(default), json, jsonv1 +.TP .B \-t TASKS run TASKS number of connects in parallel (default: 16) .TP @@ -109,6 +120,9 @@ verbose mode / show login+pass combination for each attempt .B \-d debug mode .TP +.B \-I +ignore an existing restore file (dont wait 10 seconds) +.TP .B \-h, \-\-help Show summary of options. .SH SEE ALSO diff --git a/hydra.c b/hydra.c index 528dd64..6d4b6a5 100644 --- a/hydra.c +++ b/hydra.c @@ -359,7 +359,7 @@ void help(int ext) { if (ext) printf(" -o FILE write found login/password pairs to FILE instead of stdout\n"); if (ext) - printf(" -b FORMAT broker -o FILEs in (text[default], json, jsonv1) format\n"); + printf(" -b FORMAT specify the format for the -o FILE: text(default), json, jsonv1\n"); if (ext) printf(" -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); printf(" -t TASKS run TASKS number of connects in parallel per target (default: %d)\n", TASKS); @@ -2664,6 +2664,9 @@ int main(int argc, char *argv[]) { bail("You can only use -L OR -l, not both\n"); if (hydra_options.pass != NULL && hydra_options.passfile != NULL) bail("You can only use -P OR -p, not both\n"); + if (hydra_options.outfile_format != 0 && hydra_options.outfile_ptr == NULL) + fprintf(stderr, "[WARNING] output file format specified (-b) - but no output file (-o)\n"); + if (hydra_options.restore) { hydra_restore_read(); // stuff we have to copy from the non-restore part From ace9e3565825f66593d26e6683ce2c68f5e7f4de Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 2 Mar 2017 10:58:40 +0100 Subject: [PATCH 16/90] man page beautification --- hydra.1 | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/hydra.1 b/hydra.1 index 9f7e3eb..20ae24d 100644 --- a/hydra.1 +++ b/hydra.1 @@ -3,10 +3,10 @@ hydra \- a very fast network logon cracker which support many different services .SH SYNOPSIS .B hydra - [[[\-l LOGIN|\-L FILE] [\-p PASS|\-P FILE|\-x OPT \-y]] | [\-C FILE]] [\-e nsr] - [\-u] [\-f|\-F] [\-M FILE] [\-o FILE] [\-b FORMAT] [\-t TASKS] [\-T TASKS] - [\-w TIME] [\-W TIME] [\-m OPTIONS] [\-s PORT] [\-S] [\-4|6] [\-O] [\-I] - [\-vV] [\-d] + [[[\-l LOGIN|\-L FILE] [\-p PASS|\-P FILE|\-x OPT \-y]] | [\-C FILE]] + [\-e nsr] [\-u] [\-f|\-F] [\-M FILE] [\-o FILE] [\-b FORMAT] + [\-t TASKS] [\-T TASKS] [\-w TIME] [\-W TIME] [\-m OPTIONS] [\-s PORT] + [\-S] [\-O] [\-4|6] [\-I] [\-vV] [\-d] server service [OPTIONS] .br .SH DESCRIPTION @@ -20,15 +20,19 @@ system. Currently this tool supports: adam6500 afp asterisk cisco cisco-enable cvs firebird ftp ftps - http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum - icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql(v4) mysql5 - ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres - rdp redis rexec rlogin rpcap rsh rtsp s7-300 sapr3 sip smb smtp[s] smtp-enum - snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp + http[s]-{head|get|post} http[s]-{get|post}-form http-proxy + http-proxy-urlenum icq imap[s] irc ldap2[s] + ldap3[-{cram|digest}md5][s] mssql mysql(v4) mysql5 ncp nntp + oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] + postgres rdp redis rexec rlogin rpcap rsh rtsp s7-300 sapr3 sip + smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] + vmauthd vnc xmpp - For most protocols, SSL mode is available (e.g. https-get, ftp-ssl, etc.) + For most protocols SSL is supported (e.g. https-get, ftp-ssl, etc.). If not all necessary libraries are found during compile time, your - available services will be less. Type "hydra" to see what is available. + available services will be less. + Type "hydra" to see what is available. + .SH Options .TP .B target From 971474c9d8c9b8979e55b06a9b661ed9189167ff Mon Sep 17 00:00:00 2001 From: veggie spam Date: Thu, 2 Mar 2017 10:23:49 -0500 Subject: [PATCH 17/90] Merge branch 'master' of https://github.com/veggiespam/thc-hydra From 517744ca3c07a05eb7e0a34d84f1b01206b344cd Mon Sep 17 00:00:00 2001 From: veggie spam Date: Thu, 2 Mar 2017 14:44:38 -0500 Subject: [PATCH 18/90] one bug, lots of minor updates --- README | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--- hydra.c | 8 +++--- 2 files changed, 76 insertions(+), 7 deletions(-) diff --git a/README b/README index b48bf5b..34436fa 100644 --- a/README +++ b/README @@ -28,7 +28,7 @@ either support more than one protocol to attack or support parallized connects. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, -FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX. +FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. Currently this tool supports the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, @@ -91,9 +91,9 @@ and compile them manually. SUPPORTED PLATFORMS ------------------- All UNIX platforms (linux, *bsd, solaris, etc.) -Mac OS/X +MacOS Windows with Cygwin (both IPv4 and IPv6) -Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) +Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) @@ -287,6 +287,75 @@ ADDITIONAL HINTS cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt +RESULTS OUTPUT +-------------- + +The results are output to stdio along with the other information. Via the -o +command line option, the results can also be written to a file. Using -b, +the format of the output can be specified. Currently, these are supported: +* `text` - plain text format +* `jsonv1` - JSON data using version 1.x of the schema (defined below). +* `json` - JSON data using the latest version of the schema, currently there + is only version 1. + +If using JSON output, the results file may not be valid JSON if there are +serious errors in booting Hydra. + + +### JSON Schema +Here is an example of the JSON output. Notes on some of the fields: + +* `errormessages` - an array of zero or more strings that are normally printed + to stderr at the end of the Hydra's run. The text is very free form. +* `success` - indication if Hydra ran correctly without error (**NOT** if + passwords were detected). This parameter is either the JSON value `true` + or `false` depending on completion. +* `quantityfound` - How many username+password combinations discovered. +* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00, + 2.03, etc. Hydra will make second tuple of the version to always be two + digits to make it easier for downstream processors (as opposed to v1.1 vs + v1.10). The minor-level versions are additive, so 1.02 will contain more + fields than version 1.00 and will be backward compatible. Version 2.x will + break something from version 1.x output. + +Version 1.00 example: +``` +{ + "errormessages": [ + "[ERROR] Error Message of Something", + "[ERROR] Another Message", + "These are very free form" + ], + "generator": { + "built": "2017-03-01 14:44:22", + "commandline": "hydra -b jsonv1 -o results.json ... ...", + "jsonoutputversion": "1.00", + "server": "127.0.0.1", + "service": "http-post-form", + "software": "Hydra", + "version": "v8.5-dev" + }, + "quantityfound": 2, + "results": [ + { + "host": "127.0.0.1", + "login": "bill@example.com", + "password": "bill", + "port": 9999, + "service": "http-post-form" + }, + { + "host": "127.0.0.1", + "login": "joe@example.com", + "password": "joe", + "port": 9999, + "service": "http-post-form" + } + ], + "success": false +} +``` + SPEED ----- diff --git a/hydra.c b/hydra.c index 6d4b6a5..5f1ccac 100644 --- a/hydra.c +++ b/hydra.c @@ -3746,7 +3746,7 @@ int main(int argc, char *argv[]) { if (hydra_options.outfile_format == 1) { // JSONv1 fprintf(hydra_brains.ofp, "{ \"generator\": {\n" "\t\"software\": \"%s\", \"version\": \"%s\", \"built\": \"%s\",\n" - "\t\"server\": \"%s\", \"service\": \"%s\", \"jsonoutputversion\": 1.0,\n" + "\t\"server\": \"%s\", \"service\": \"%s\", \"jsonoutputversion\": \"1.00\",\n" "\t\"commandline\": \"%s", PROGRAM, VERSION, hydra_build_time(), hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); @@ -3998,7 +3998,7 @@ int main(int argc, char *argv[]) { } if (hydra_options.outfile_format == 1 /* JSONv1 */ && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { fprintf(hydra_brains.ofp, "%s\n\t{\"port\": %d, \"service\": \"%s\", \"host\": \"%s\", \"login\": \"%s\", \"password\": \"%s\"}", - hydra_brains.found != 0 ? "" : ",", // add comma if not first finding + hydra_brains.found == 1 ? "" : ",", // prefix a comma if not first finding hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target !=NULL ? hydra_targets[hydra_heads[head_no]->target_no]->target : "", @@ -4251,8 +4251,8 @@ int main(int argc, char *argv[]) { printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) { if (hydra_options.outfile_format == 1 /* JSONv1 */ ) { - fprintf(hydra_brains.ofp, "\n\t],\n\"status\": \"%s\",\n\"errormessages\": [ %s ],\n\"quantityfound\": %lu }\n", - (error ? "errors" : "success"), json_error, hydra_brains.found); + fprintf(hydra_brains.ofp, "\n\t],\n\"success\": %s,\n\"errormessages\": [ %s ],\n\"quantityfound\": %lu }\n", + (error ? "false" : "true"), json_error, hydra_brains.found); } fclose(hydra_brains.ofp); } From cb40928c00e6df515fefafcc1ae0407883752a7e Mon Sep 17 00:00:00 2001 From: veggiespam Date: Thu, 2 Mar 2017 14:48:06 -0500 Subject: [PATCH 19/90] spacing --- README | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README b/README index 34436fa..6162cbd 100644 --- a/README +++ b/README @@ -293,10 +293,10 @@ RESULTS OUTPUT The results are output to stdio along with the other information. Via the -o command line option, the results can also be written to a file. Using -b, the format of the output can be specified. Currently, these are supported: -* `text` - plain text format +* `text` - plain text format * `jsonv1` - JSON data using version 1.x of the schema (defined below). -* `json` - JSON data using the latest version of the schema, currently there - is only version 1. +* `json` - JSON data using the latest version of the schema, currently there + is only version 1. If using JSON output, the results file may not be valid JSON if there are serious errors in booting Hydra. From 795e9c7baa16e65b48910f76c5466301076f6eba Mon Sep 17 00:00:00 2001 From: veggie spam Date: Thu, 2 Mar 2017 20:56:29 -0500 Subject: [PATCH 20/90] Buffer overrun in hydra_report_debug. --- hydra-mod.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/hydra-mod.c b/hydra-mod.c index 31487a5..00dc99a 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -695,21 +695,21 @@ void hydra_report_debug(FILE * st, char *format, ...) { char bufOut[33000]; char temp[6]; unsigned char cTemp; - int i = 0; + int i = 0, len; if (format == NULL) { fprintf(stderr, "[ERROR] no msg passed.\n"); } else { va_start(ap, format); memset(bufOut, 0, sizeof(bufOut)); - memset(buf, 0, 512); - vsnprintf(buf, sizeof(buf), format, ap); + memset(buf, 0, sizeof(buf)); + len = vsnprintf(buf, sizeof(buf), format, ap); // Convert any chars less than 32d or greater than 126d to hex - for (i = 0; i < sizeof(buf); i++) { + for (i = 0; i < len; i++) { memset(temp, 0, 6); cTemp = (unsigned char) buf[i]; - if ((cTemp < 32 && cTemp > 0) || cTemp > 126) { + if ((cTemp < 32 && cTemp >= 0) || cTemp > 126) { sprintf(temp, "[%02X]", cTemp); } else sprintf(temp, "%c", cTemp); From 34131739fe844a85e0df77e2febfebae9c0878bb Mon Sep 17 00:00:00 2001 From: Diadlo Date: Mon, 17 Apr 2017 22:34:04 +0300 Subject: [PATCH 21/90] Remove comparing unsigned value with zero --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 5f1ccac..a338026 100644 --- a/hydra.c +++ b/hydra.c @@ -4151,7 +4151,7 @@ int main(int argc, char *argv[]) { hydra_brains.sent, // tries (long unsigned int) ((elapsed_status - starttime) / 3600), // hours (long unsigned int) (((elapsed_status - starttime) % 3600) / 60), // minutes - (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent <= 0 ? 1 : (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent, // left todo + (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent, // left todo (long unsigned int) (((double) (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) ) / 3600, // hours (((long unsigned int) (((double) (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) From c760e7e5c5bbe75957e4a4003a14a1bee3a9c86c Mon Sep 17 00:00:00 2001 From: Diadlo Date: Mon, 17 Apr 2017 22:41:12 +0300 Subject: [PATCH 22/90] Fix size of pointer instead of size of data --- hydra-ncp.c | 2 +- hydra.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/hydra-ncp.c b/hydra-ncp.c index 7573e35..f4bc62f 100644 --- a/hydra-ncp.c +++ b/hydra-ncp.c @@ -65,7 +65,7 @@ int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, F } memset(context, 0, sizeof(context)); strncpy(context, login, strlen(login)); - strncpy(context + strlen(login), miscptr, sizeof(miscptr) + 1); + strncpy(context + strlen(login), miscptr, sizeof(char) + 1); login = context; } } diff --git a/hydra.c b/hydra.c index a338026..098dfeb 100644 --- a/hydra.c +++ b/hydra.c @@ -3512,7 +3512,7 @@ int main(int argc, char *argv[]) { exit(-1); } // if (countinfile > 60) fprintf(stderr, "[WARNING] the -M option is not working correctly at the moment for target lists > 60!\n"); - hydra_targets = malloc(sizeof(hydra_targets) * (countservers + 2) + 8); + hydra_targets = malloc(sizeof(hydra_target*) * (countservers + 2) + 8); if (hydra_targets == NULL) bail("Could not allocate enough memory for target data"); sizeinfile = size_of_data; @@ -3600,7 +3600,7 @@ int main(int argc, char *argv[]) { four_from = (addr4 & l); l = 1 << (32 - k); hydra_brains.targets = countservers = l; - hydra_targets = malloc(sizeof(hydra_targets) * (l + 2) + 8); + hydra_targets = malloc(sizeof(hydra_target*) * (l + 2) + 8); if (hydra_targets == NULL) bail("Could not allocate enough memory for target data"); i = 0; @@ -3864,7 +3864,7 @@ int main(int argc, char *argv[]) { #endif if (hydra_options.restore == 0) { - hydra_heads = malloc(sizeof(hydra_heads) * hydra_options.max_use); + hydra_heads = malloc(sizeof(hydra_head*) * hydra_options.max_use); target_no = 0; for (i = 0; i < hydra_options.max_use; i++) { hydra_heads[i] = malloc(sizeof(hydra_head)); From 1bf376baa3e5c4e4ed63abbb97629d38c8ec2e0c Mon Sep 17 00:00:00 2001 From: Diadlo Date: Mon, 17 Apr 2017 23:14:21 +0300 Subject: [PATCH 23/90] Refactor hydra_debug function --- hydra.c | 71 ++++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 47 insertions(+), 24 deletions(-) diff --git a/hydra.c b/hydra.c index 098dfeb..88ed522 100644 --- a/hydra.c +++ b/hydra.c @@ -660,42 +660,65 @@ void module_usage() { exit(0); } +#define STR_NULL(s) ((s) == NULL ? "(null)" : (s)) + void hydra_debug(int force, char *string) { - int i, active = 0, inactive = 0; + int active = 0; + int inactive = 0; + int i; if (!debug && !force) return; printf("[DEBUG] Code: %s Time: %lu\n", string, (unsigned long int) time(NULL)); printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks %d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s service %s\n", - hydra_options.mode, hydra_options.ssl, hydra_options.restore, hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, - hydra_options.try_null_password, hydra_options.try_password_same_as_login, hydra_options.try_password_reverse_login, hydra_options.exit_found, - hydra_options.miscptr == NULL ? "(null)" : hydra_options.miscptr, hydra_options.service); + hydra_options.mode, hydra_options.ssl, hydra_options.restore, + hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, + hydra_options.try_null_password, hydra_options.try_password_same_as_login, + hydra_options.try_password_reverse_login, hydra_options.exit_found, + STR_NULL(hydra_options.miscptr), hydra_options.service); + printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %lu todo %lu sent %lu found %lu countlogin %lu sizelogin %lu countpass %lu sizepass %lu\n", - hydra_brains.active, hydra_brains.targets, hydra_brains.finished, hydra_brains.todo_all + total_redo_count, hydra_brains.todo, hydra_brains.sent, hydra_brains.found, - (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.sizelogin, (unsigned long int) hydra_brains.countpass, + hydra_brains.active, hydra_brains.targets, hydra_brains.finished, + hydra_brains.todo_all + total_redo_count, hydra_brains.todo, + hydra_brains.sent, hydra_brains.found, + (unsigned long int) hydra_brains.countlogin, + (unsigned long int) hydra_brains.sizelogin, + (unsigned long int) hydra_brains.countpass, (unsigned long int) hydra_brains.sizepass); - for (i = 0; i < hydra_brains.targets; i++) + + for (i = 0; i < hydra_brains.targets; i++) { + hydra_target* target = hydra_targets[i]; printf ("[DEBUG] Target %d - target %s ip %s login_no %lu pass_no %lu sent %lu pass_state %d redo_state %d (%d redos) use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", - i, hydra_targets[i]->target == NULL ? "(null)" : hydra_targets[i]->target, hydra_address2string(hydra_targets[i]->ip), hydra_targets[i]->login_no, - hydra_targets[i]->pass_no, hydra_targets[i]->sent, hydra_targets[i]->pass_state, hydra_targets[i]->redo_state, hydra_targets[i]->redo, hydra_targets[i]->use_count, hydra_targets[i]->failed, hydra_targets[i]->done, - hydra_targets[i]->fail_count, hydra_targets[i]->login_ptr == NULL ? "(null)" : hydra_targets[i]->login_ptr, - hydra_targets[i]->pass_ptr == NULL ? "(null)" : hydra_targets[i]->pass_ptr); - if (hydra_heads != NULL) { - for (i = 0; i < hydra_options.max_use; i++) - if (hydra_heads[i]->active >= 0) { - printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr %s current_pass_ptr %s\n", - i, (int) hydra_heads[i]->pid, hydra_heads[i]->active, hydra_heads[i]->redo, - hydra_heads[i]->current_login_ptr == NULL ? "(null)" : hydra_heads[i]->current_login_ptr, - hydra_heads[i]->current_pass_ptr == NULL ? "(null)" : hydra_heads[i]->current_pass_ptr); - if (hydra_heads[i]->active == 0) - inactive++; - else - active++; - } - printf("[DEBUG] Tasks %d inactive %d active\n", inactive, active); + i, STR_NULL(target->target), hydra_address2string(target->ip), + target->login_no, target->pass_no, target->sent, + target->pass_state, target->redo_state, target->redo, + target->use_count, target->failed, target->done, + target->fail_count, + STR_NULL(target->login_ptr), + STR_NULL(target->pass_ptr)); } + + if (hydra_heads == NULL) { + return + } + + for (i = 0; i < hydra_options.max_use; i++) { + if (hydra_heads[i]->active >= 0) { + printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr %s current_pass_ptr %s\n", + i, (int) hydra_heads[i]->pid, + hydra_heads[i]->active, + hydra_heads[i]->redo, + STR_NULL(hydra_heads[i]->current_login_ptr), + STR_NULL(hydra_heads[i]->current_pass_ptr)); + if (hydra_heads[i]->active == 0) + inactive++; + else + active++; + } + } + printf("[DEBUG] Tasks %d inactive %d active\n", inactive, active); } void bail(char *text) { From d5827c418234ee7908fb252c18bbfe1bbd07069f Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 18 Apr 2017 09:42:09 +0200 Subject: [PATCH 24/90] fixes --- CHANGES | 2 ++ hydra-ncp.c | 6 ++++-- hydra.c | 11 ++++------- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index b43c89c..6a6c48e 100644 --- a/CHANGES +++ b/CHANGES @@ -5,7 +5,9 @@ Release 8.5-dev * New command line option: -b : format option for -o output file (json only so far, happy for patches supporting others :) ) - thanks to veggiespam for the patch * ./configure now honors the CC enviroment variable if present +* fixed a bug in the NCP module * Favor strrchr() over rindex() +* Added refactoring patch by diadlo * Updated man page with missing command line options diff --git a/hydra-ncp.c b/hydra-ncp.c index f4bc62f..44c084c 100644 --- a/hydra-ncp.c +++ b/hydra-ncp.c @@ -64,8 +64,10 @@ int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, F return 4; } memset(context, 0, sizeof(context)); - strncpy(context, login, strlen(login)); - strncpy(context + strlen(login), miscptr, sizeof(char) + 1); + strncpy(context, login, sizeof(context) - 2); + context[sizeof(context) - 2] = 0; + strncpy(context + strlen(login), miscptr, sizeof(context) - strlen(login) - 1); + context[sizeof(context) - 1] = 0; login = context; } } diff --git a/hydra.c b/hydra.c index 88ed522..a44511e 100644 --- a/hydra.c +++ b/hydra.c @@ -663,9 +663,7 @@ void module_usage() { #define STR_NULL(s) ((s) == NULL ? "(null)" : (s)) void hydra_debug(int force, char *string) { - int active = 0; - int inactive = 0; - int i; + int active = 0, inactive = 0, i; if (!debug && !force) return; @@ -700,9 +698,8 @@ void hydra_debug(int force, char *string) { STR_NULL(target->pass_ptr)); } - if (hydra_heads == NULL) { - return - } + if (hydra_heads == NULL) + return; for (i = 0; i < hydra_options.max_use; i++) { if (hydra_heads[i]->active >= 0) { @@ -4174,7 +4171,7 @@ int main(int argc, char *argv[]) { hydra_brains.sent, // tries (long unsigned int) ((elapsed_status - starttime) / 3600), // hours (long unsigned int) (((elapsed_status - starttime) % 3600) / 60), // minutes - (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent, // left todo + (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent != 0 ? (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent : 1, // left todo (long unsigned int) (((double) (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) ) / 3600, // hours (((long unsigned int) (((double) (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) From 1c3ebae99013f470612046f9c0cff9184fdd1601 Mon Sep 17 00:00:00 2001 From: Lukas Schwaighofer Date: Mon, 24 Apr 2017 18:21:25 +0200 Subject: [PATCH 25/90] do not assume sizeof(int) is the pointer size sizeof(int) is not necessarily the same as the pointer size. On my amd64 system sizeof(int) is 4 bytes while the pointer size is 8 bytes. The change solves https://github.com/vanhauser-thc/thc-hydra/issues/27 for me. --- hydra.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hydra.c b/hydra.c index a44511e..888e65e 100644 --- a/hydra.c +++ b/hydra.c @@ -967,7 +967,7 @@ void hydra_restore_read() { } if (debug) printf("[DEBUG] reading restore file: Step 11 complete\n"); - hydra_heads = malloc((hydra_options.max_use + 2) * sizeof(int) + 16); + hydra_heads = malloc(sizeof(hydra_head*) * hydra_options.max_use); for (j = 0; j < hydra_options.max_use; j++) { hydra_heads[j] = malloc(sizeof(hydra_head)); fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f); @@ -3583,7 +3583,7 @@ int main(int argc, char *argv[]) { if (tmpptr != NULL) *tmpptr = 0; countservers = hydra_brains.targets = 1; - hydra_targets = malloc(sizeof(int) * 4); + hydra_targets = malloc(sizeof(hydra_target*) * 4); hydra_targets[0] = malloc(sizeof(hydra_target)); memset(hydra_targets[0], 0, sizeof(hydra_target)); hydra_targets[0]->target = servers_ptr = hydra_options.server; @@ -3641,7 +3641,7 @@ int main(int argc, char *argv[]) { } } else { // standard: single target on command line countservers = hydra_brains.targets = 1; - hydra_targets = malloc(sizeof(int) * 4); + hydra_targets = malloc(sizeof(hydra_target*) * 4); hydra_targets[0] = malloc(sizeof(hydra_target)); memset(hydra_targets[0], 0, sizeof(hydra_target)); hydra_targets[0]->target = servers_ptr = hydra_options.server; From 59819655d1e13f712d4f4791d99b172699103979 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 3 May 2017 14:07:08 +0200 Subject: [PATCH 26/90] hydra v8.5 release --- CHANGES | 6 +++-- README | 2 +- hydra.c | 27 +++++++++++++++++--- web/network_password_cracker_comparison.html | 4 +-- 4 files changed, 31 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 6a6c48e..c185553 100644 --- a/CHANGES +++ b/CHANGES @@ -1,11 +1,13 @@ Changelog for hydra ------------------- -Release 8.5-dev +Release 8.5 * New command line option: -b : format option for -o output file (json only so far, happy for patches supporting others :) ) - thanks to veggiespam for the patch * ./configure now honors the CC enviroment variable if present -* fixed a bug in the NCP module +* Fix for the restore file crash on some x64 platforms (finally! thanks to lukas227!) +* Changed the format of the restore file to detect cross platform copies +* Fixed a bug in the NCP module * Favor strrchr() over rindex() * Added refactoring patch by diadlo * Updated man page with missing command line options diff --git a/README b/README index 6162cbd..072175a 100644 --- a/README +++ b/README @@ -333,7 +333,7 @@ Version 1.00 example: "server": "127.0.0.1", "service": "http-post-form", "software": "Hydra", - "version": "v8.5-dev" + "version": "v8.5" }, "quantityfound": 2, "results": [ diff --git a/hydra.c b/hydra.c index 888e65e..3f3f358 100644 --- a/hydra.c +++ b/hydra.c @@ -171,7 +171,7 @@ char *SERVICES = #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v8.5-dev" +#define VERSION "v8.5" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define RESOURCE "http://www.thc.org/thc-hydra" @@ -726,7 +726,7 @@ void bail(char *text) { void hydra_restore_write(int print_msg) { FILE *f; hydra_brain brain; - char mynull[4] = { 0, 0, 0, 0 }; + char mynull[4] = { 0, 0, 0, 0 }, buf[4]; int i = 0, j = 0; hydra_head hh; @@ -750,6 +750,11 @@ void hydra_restore_write(int print_msg) { printf("[DEBUG] Writing restore file... "); fprintf(f, "%s\n", PROGRAM); + buf[0] = VERSION[1]; + buf[1] = VERSION[3]; + buf[2] = sizeof(int) % 256; + buf[3] = sizeof(hydra_target*) % 256; + fwrite(buf, 1, 4, f); memcpy(&brain, &hydra_brains, sizeof(hydra_brain)); brain.targets = i; brain.ofp = NULL; @@ -815,7 +820,7 @@ void hydra_restore_write(int print_msg) { void hydra_restore_read() { FILE *f; - char mynull[4]; + char mynull[4], buf[4]; int i, j, orig_debug = debug; char out[1024]; @@ -834,6 +839,22 @@ void hydra_restore_read() { fprintf(stderr, "[ERROR] invalid restore file (begin)\n"); exit(-1); } + + if ((fck = (int) fread(buf, 1, 4, f)) != 4) { + fprintf(stderr, "[ERROR] invalid restore file (platform)\n"); + exit(-1); + } + if (buf[0] == 0 || buf[1] == 0) { + fprintf(stderr, "[ERROR] restore file is prior hydra version v8.5!\n"); + exit(-1); + } + if (buf[0] != VERSION[1] || buf[1] != VERSION[3]) + fprintf(stderr, "[WARNING] restore file was created by version %c.%c, this is version %s\n", buf[0], buf[2], VERSION); + if (buf[2] != sizeof(int) % 256 || buf[3] != sizeof(hydra_head*) % 256) { + fprintf(stderr, "[ERROR] restore file was created on a different, incompatible processor platform!\n"); + exit(-1); + } + fck = (int) fread(&bf_options, sizeof(bf_options), 1, f); fck = (int) fread(mynull, sizeof(mynull), 1, f); if (debug) diff --git a/web/network_password_cracker_comparison.html b/web/network_password_cracker_comparison.html index c2286a1..c72dbc3 100644 --- a/web/network_password_cracker_comparison.html +++ b/web/network_password_cracker_comparison.html @@ -62,13 +62,13 @@ features are added to the project. If you find any inaccuracies Version - 8.4 + 8.5 2.1 0.4 alpha Last Update - January 2017 + May 2017 April 2012 April 2011 From 639dce3be18831e03384482329e770ba6d12f6ef Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 3 May 2017 14:10:17 +0200 Subject: [PATCH 27/90] v8.6-dev init --- CHANGES | 4 ++++ hydra.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index c185553..249e2bb 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ Changelog for hydra ------------------- +Release 8.6-dev +* ... + + Release 8.5 * New command line option: -b : format option for -o output file (json only so far, happy for patches supporting others :) ) - thanks to veggiespam for the patch diff --git a/hydra.c b/hydra.c index 3f3f358..e394fbd 100644 --- a/hydra.c +++ b/hydra.c @@ -171,7 +171,7 @@ char *SERVICES = #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v8.5" +#define VERSION "v8.6-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define RESOURCE "http://www.thc.org/thc-hydra" From 0e0a7878dc83041099a12f822cf5d0541a70de22 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 3 May 2017 14:15:09 +0200 Subject: [PATCH 28/90] forgot to update web pages --- web/CHANGES | 16 +++++++++++ web/README | 75 ++++++++++++++++++++++++++++++++++++++++++++++++-- web/index.html | 35 ++++++++++------------- 3 files changed, 103 insertions(+), 23 deletions(-) diff --git a/web/CHANGES b/web/CHANGES index 49cf12d..249e2bb 100644 --- a/web/CHANGES +++ b/web/CHANGES @@ -1,6 +1,22 @@ Changelog for hydra ------------------- +Release 8.6-dev +* ... + + +Release 8.5 +* New command line option: + -b : format option for -o output file (json only so far, happy for patches supporting others :) ) - thanks to veggiespam for the patch +* ./configure now honors the CC enviroment variable if present +* Fix for the restore file crash on some x64 platforms (finally! thanks to lukas227!) +* Changed the format of the restore file to detect cross platform copies +* Fixed a bug in the NCP module +* Favor strrchr() over rindex() +* Added refactoring patch by diadlo +* Updated man page with missing command line options + + Release 8.4 ! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix * Proxy support re-implemented: diff --git a/web/README b/web/README index b48bf5b..072175a 100644 --- a/web/README +++ b/web/README @@ -28,7 +28,7 @@ either support more than one protocol to attack or support parallized connects. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, -FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX. +FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. Currently this tool supports the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, @@ -91,9 +91,9 @@ and compile them manually. SUPPORTED PLATFORMS ------------------- All UNIX platforms (linux, *bsd, solaris, etc.) -Mac OS/X +MacOS Windows with Cygwin (both IPv4 and IPv6) -Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) +Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) @@ -287,6 +287,75 @@ ADDITIONAL HINTS cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt +RESULTS OUTPUT +-------------- + +The results are output to stdio along with the other information. Via the -o +command line option, the results can also be written to a file. Using -b, +the format of the output can be specified. Currently, these are supported: +* `text` - plain text format +* `jsonv1` - JSON data using version 1.x of the schema (defined below). +* `json` - JSON data using the latest version of the schema, currently there + is only version 1. + +If using JSON output, the results file may not be valid JSON if there are +serious errors in booting Hydra. + + +### JSON Schema +Here is an example of the JSON output. Notes on some of the fields: + +* `errormessages` - an array of zero or more strings that are normally printed + to stderr at the end of the Hydra's run. The text is very free form. +* `success` - indication if Hydra ran correctly without error (**NOT** if + passwords were detected). This parameter is either the JSON value `true` + or `false` depending on completion. +* `quantityfound` - How many username+password combinations discovered. +* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00, + 2.03, etc. Hydra will make second tuple of the version to always be two + digits to make it easier for downstream processors (as opposed to v1.1 vs + v1.10). The minor-level versions are additive, so 1.02 will contain more + fields than version 1.00 and will be backward compatible. Version 2.x will + break something from version 1.x output. + +Version 1.00 example: +``` +{ + "errormessages": [ + "[ERROR] Error Message of Something", + "[ERROR] Another Message", + "These are very free form" + ], + "generator": { + "built": "2017-03-01 14:44:22", + "commandline": "hydra -b jsonv1 -o results.json ... ...", + "jsonoutputversion": "1.00", + "server": "127.0.0.1", + "service": "http-post-form", + "software": "Hydra", + "version": "v8.5" + }, + "quantityfound": 2, + "results": [ + { + "host": "127.0.0.1", + "login": "bill@example.com", + "password": "bill", + "port": 9999, + "service": "http-post-form" + }, + { + "host": "127.0.0.1", + "login": "joe@example.com", + "password": "joe", + "port": 9999, + "service": "http-post-form" + } + ], + "success": false +} +``` + SPEED ----- diff --git a/web/index.html b/web/index.html index 6d02e3a..ce6ba0e 100644 --- a/web/index.html +++ b/web/index.html @@ -16,8 +16,8 @@ A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa

- Current Version: 8.4 - Last update 2017-01-27 + Current Version: 8.5 + Last update 2017-05-03

@@ -27,32 +27,27 @@ [0x00] News and Changelog - Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) ) - Development just moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra + + Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) ) + Development code is available at a public github repository: https://github.com/vanhauser-thc/thc-hydra There is a new section below for online tutorials. Read below for Linux compilation notes. - CHANGELOG for 8.4 + CHANGELOG for 8.5 =================== ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra ! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix - * Proxy support re-implemented: - - HYDRA_PROXY[_HTTP] environment can be a text file with up to 64 entries - - HYDRA_PROXY_AUTH was deprecated, set login/password in HTTP_PROXY[_HTTP] - * New protocol: adam6500 - this one is work in progress, please test and report - * New protocol: rpcap - thanks to Petar Kaleychev - * New command line options: - -y : disables -x 1aA interpretation, thanks to crondaemon for the patch - -I : ignore an existing hydra.restore file (dont wait for 10 seconds) - * hydra-svn: works now with the current libsvn version - * hydra-ssh: initial check for password auth support now uses login supplied - * Fixed dpl4hydra to be able to update from the web again - * Fixed crash when -U was used without any service (thanks to thecarterb for reporting) - * Updated default password lists - * The protocols vnc, xmpp, telnet, imap, nntp and pcanywhere got accidentially long sleep commands due a patch in 8.2, fixed - * Added special error message for clueless users :) + * New command line option: + -b : format option for -o output file (json only so far, happy for patches supporting others :) ) - thanks to veggiespam for the patch + * ./configure now honors the CC enviroment variable if present + * Fix for the restore file crash on some x64 platforms (finally! thanks to lukas227!) + * Changed the format of the restore file to detect cross platform copies + * Fixed a bug in the NCP module + * Favor strrchr() over rindex() + * Added refactoring patch by diadlo + * Updated man page with missing command line options You can also take a look at the full CHANGES file From 4575af147696400b380e60f540f6b7632179aa98 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 3 May 2017 14:20:55 +0200 Subject: [PATCH 29/90] forgot to update web pages --- web/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/index.html b/web/index.html index ce6ba0e..bd6760f 100644 --- a/web/index.html +++ b/web/index.html @@ -132,7 +132,7 @@ [0x05] The Art of Downloading: Source and Binaries 1. PRODUCTION/RELEASE VERSION: - The source code of state-of-the-art Hydra: hydra-8.4.tar.gz + The source code of state-of-the-art Hydra: hydra-8.5.tar.gz (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, Android, iPhone, Blackberry 10, etc.) 2. DEVELOPMENT VERSION: From df5ec9ea308f5f1099e81953e764e76d48bd937a Mon Sep 17 00:00:00 2001 From: petrock6 Date: Sat, 20 May 2017 02:58:47 -0500 Subject: [PATCH 30/90] Bugfix for issue 121 -- increased URL/POST/cookie data size to 6096 bytes from 1000 bytes. --- hydra-http-form.c | 25 +++++++++++++------------ hydra-mod.c | 9 +++++++-- hydra.c | 4 ++-- 3 files changed, 22 insertions(+), 16 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 116e463..c07a4aa 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -84,7 +84,7 @@ char cookie[4096] = "", cmiscptr[1024]; extern char *webtarget; extern char *slash; int webport, freemischttpform = 0; -char bufferurl[1024], cookieurl[1024] = "", userheader[1024] = "", *url, *variables, *optional1; +char bufferurl[6096+24], cookieurl[6096+24] = "", userheader[6096+24] = "", *url, *variables, *optional1; #define MAX_REDIRECT 8 #define MAX_CONTENT_LENGTH 20 @@ -678,8 +678,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); cookie_header = stringify_cookies(ptr_cookie); @@ -1056,7 +1056,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { else webport = PORT_HTTP_SSL; - sprintf(bufferurl, "%.1000s", miscptr); + sprintf(bufferurl, "%.6096s", miscptr); url = bufferurl; ptr = url; while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) @@ -1162,14 +1162,15 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { case 'H': // add a new header, or replace an existing one's value ptr = optional1 + 2; - while (*ptr != 0 && *ptr != ':') - ptr++; - if (*(ptr - 1) == '\\') - *(ptr - 1) = 0; - if (*ptr != 0){ - *ptr = 0; - ptr += 2; - } + while (*ptr != 0 && *ptr != ':') ptr++; + + if (*(ptr - 1) == '\\') + *(ptr - 1) = 0; + + if (*ptr != 0) { + *ptr = 0; + ptr += 2; + } ptr2 = ptr; while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) ptr2++; diff --git a/hydra-mod.c b/hydra-mod.c index 00dc99a..83a65be 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -1040,8 +1040,13 @@ int make_to_lower(char *buf) { char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { int str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len; - char *c, oldstring[1024], newstring[1024]; - static char finalstring[1024]; + char *c, oldstring[6096], newstring[6096]; //updated due to issue 192 on github. + static char finalstring[6096]; + + if(strlen(string) > 6096) { + hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6096 characters.\n"); + exit(-1); + } if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece))) diff --git a/hydra.c b/hydra.c index e394fbd..520ef59 100644 --- a/hydra.c +++ b/hydra.c @@ -3249,7 +3249,7 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 || strcmp(hydra_options.service, "https-post-form") == 0) { - char bufferurl[1024], *url, *variables, *cond, *optional1; + char bufferurl[6096+24], *url, *variables, *cond, *optional1; //6096 comes from issue 192 on github. Extra 24 bytes for null padding. if (strncmp(hydra_options.service, "http-", 5) == 0) { i = 1; @@ -3284,7 +3284,7 @@ int main(int argc, char *argv[]) { if (strstr(hydra_options.miscptr, "\\:") != NULL) { fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n"); } else { - sprintf(bufferurl, "%.1000s", hydra_options.miscptr); + sprintf(bufferurl, "%.6096s", hydra_options.miscptr); url = strtok(bufferurl, ":"); variables = strtok(NULL, ":"); cond = strtok(NULL, ":"); From 3ed91cd18ffca504bd30a02a7745b4af9e790f7f Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 20 May 2017 15:44:42 +0200 Subject: [PATCH 31/90] fix --- CHANGES | 2 +- hydra-http-form.c | 2 ++ hydra-mod.c | 4 ++-- hydra.c | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 249e2bb..fb9ebcd 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ Changelog for hydra ------------------- Release 8.6-dev -* ... +* http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch) Release 8.5 diff --git a/hydra-http-form.c b/hydra-http-form.c index c07a4aa..f322650 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -454,6 +454,8 @@ char *html_encode(char *string) { ret = hydra_strrep(ret, "&", "%26"); if (index(ret, '#') != NULL) ret = hydra_strrep(ret, "#", "%23"); + if (index(ret, '=') != NULL) + ret = hydra_strrep(ret, "=", "%3D"); return ret; } diff --git a/hydra-mod.c b/hydra-mod.c index 83a65be..b675377 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -1043,8 +1043,8 @@ char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { char *c, oldstring[6096], newstring[6096]; //updated due to issue 192 on github. static char finalstring[6096]; - if(strlen(string) > 6096) { - hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6096 characters.\n"); + if(strlen(string) > 6000) { + hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6000 characters.\n"); exit(-1); } diff --git a/hydra.c b/hydra.c index 520ef59..f54554b 100644 --- a/hydra.c +++ b/hydra.c @@ -3284,7 +3284,7 @@ int main(int argc, char *argv[]) { if (strstr(hydra_options.miscptr, "\\:") != NULL) { fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n"); } else { - sprintf(bufferurl, "%.6096s", hydra_options.miscptr); + sprintf(bufferurl, "%.6000s", hydra_options.miscptr); url = strtok(bufferurl, ":"); variables = strtok(NULL, ":"); cond = strtok(NULL, ":"); From dfef658cf87ee08f5748612a6a3e0ea2c72f8416 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Thu, 1 Jun 2017 00:39:33 +0300 Subject: [PATCH 32/90] Create services vector --- hydra.c | 196 ++++++++++++++++++++++++++------------------------------ 1 file changed, 91 insertions(+), 105 deletions(-) diff --git a/hydra.c b/hydra.c index f54554b..c10f5f5 100644 --- a/hydra.c +++ b/hydra.c @@ -1184,132 +1184,118 @@ char *hydra_build_time() { return (char *) &datetime; } -void hydra_service_init(int target_no) { - int x = 99; +typedef void (*service_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); +typedef int (*service_init_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); +static const struct { + const char* name; + service_init_t init; + service_t exec; +} services[] = { + { "adam6500", service_adam6500_init, service_adam6500 }, #ifdef LIBAFP - if (strcmp(hydra_options.service, "afp") == 0) - x = service_afp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + { "afp", service_afp_init, service_afp }, #endif - if (strcmp(hydra_options.service, "asterisk") == 0) - x = service_asterisk_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "cisco-enable") == 0) - x = service_cisco_enable_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "cvs") == 0) - x = service_cvs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "adam6500") == 0) - x = service_adam6500_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "cisco") == 0) - x = service_cisco_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + { "asterisk", service_asterisk_init, service_asterisk }, + { "cisco", service_cisco_init, service_cisco }, + { "cisco-enable", service_cisco_enable_init, service_cisco_enable }, + { "cvs", service_cvs_init, service_cvs }, #ifdef LIBFIREBIRD - if (strcmp(hydra_options.service, "firebird") == 0) - x = service_firebird_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + { "firebird", service_firebird_init, service_firebird }, #endif - if (strcmp(hydra_options.service, "ftp") == 0 || strcmp(hydra_options.service, "ftps") == 0) - x = service_ftp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "redis") == 0 || strcmp(hydra_options.service, "redis") == 0) - x = service_redis_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) - x = service_http_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "http-form") == 0 || strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0) - x = service_http_form_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "http-proxy") == 0) - x = service_http_proxy_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) - x = service_http_proxy_urlenum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "icq") == 0) - x = service_icq_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "imap") == 0) - x = service_imap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "irc") == 0) - x = service_irc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strncmp(hydra_options.service, "ldap", 4) == 0) - x = service_ldap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); -#ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "sip") == 0) - x = service_sip_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "smb") == 0 || strcmp(hydra_options.service, "smbnt") == 0) - x = service_smb_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "oracle-listener") == 0) - x = service_oracle_listener_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "oracle-sid") == 0) - x = service_oracle_sid_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "rdp") == 0) - x = service_rdp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); -#endif - if (strcmp(hydra_options.service, "mssql") == 0) - x = service_mssql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + { "ftp", service_ftp_init, service_ftp }, + { "ftps", service_ftp_init, service_ftps }, + { "http-get", service_http_init, service_http_get }, + { "http-get-form", service_http_form_init, service_http_get_form }, + { "http-head", service_http_init, service_http_head }, + { "http-form", service_http_form_init, NULL }, + { "http-post", NULL, service_http_post }, + { "http-post-form", service_http_form_init, service_http_post_form }, + { "http-proxy", service_http_proxy_init, service_http_proxy }, + { "http-proxy-urlenum", service_http_proxy_urlenum_init, service_http_proxy_urlenum }, + { "icq", service_icq_init, service_icq }, + { "imap", service_imap_init, service_imap }, + { "irc", service_irc_init, service_irc }, + { "ldap2", service_ldap_init, service_ldap2 }, + { "ldap3", service_ldap_init, service_ldap3 }, + { "ldap3-crammd5", service_ldap_init, service_ldap3_cram_md5 }, + { "ldap3-digestmd5", service_ldap_init, service_ldap3_digest_md5 }, + { "mssql", service_mssql_init, service_mssql }, #ifdef HAVE_MATH_H - if (strcmp(hydra_options.service, "mysql") == 0) - x = service_mysql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + { "mysql", service_mysql_init, service_mysql }, #endif #ifdef LIBNCP - if (strcmp(hydra_options.service, "ncp") == 0) - x = service_ncp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + { "ncp", service_ncp_init, service_ncp }, #endif - if (strcmp(hydra_options.service, "nntp") == 0) - x = service_nntp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + { "nntp", service_nntp_init, service_nntp }, #ifdef LIBORACLE - if (strcmp(hydra_options.service, "oracle") == 0) - x = service_oracle_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + { "oracle", service_oracle_init, service_oracle }, #endif - if (strcmp(hydra_options.service, "pcanywhere") == 0) - x = service_pcanywhere_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "pcnfs") == 0) - x = service_pcnfs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "pop3") == 0) - x = service_pop3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); +#ifdef LIBOPENSSL + { "oracle-listener", service_oracle_listener_init, service_oracle_listener }, + { "oracle-sid", service_oracle_sid_init, service_oracle_sid }, +#endif + { "pcanywhere", service_pcanywhere_init, service_pcanywhere }, + { "pcnfs", service_pcnfs_init, service_pcnfs }, + { "pop3", service_pop3_init, service_pop3 }, #ifdef LIBPOSTGRES - if (strcmp(hydra_options.service, "postgres") == 0) - x = service_postgres_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + { "postgres", service_postgres_init, service_postgres }, #endif - if (strcmp(hydra_options.service, "rexec") == 0) - x = service_rexec_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "rlogin") == 0) - x = service_rlogin_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "rsh") == 0) - x = service_rsh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + { "redis", service_redis_init, service_redis }, + { "rexec", service_rexec_init, service_rexec }, +#ifdef LIBOPENSSL + { "rdp", service_rdp_init, service_rdp }, +#endif + { "rlogin", service_rlogin_init, service_rlogin }, + { "rsh", service_rsh_init, service_rsh }, + { "rtsp", service_rtsp_init, service_rtsp }, + { "rpcap", service_rpcap_init, service_rpcap }, + { "s7-300", service_s7_300_init, service_s7_300 }, #ifdef LIBSAPR3 - if (strcmp(hydra_options.service, "sapr3") == 0) - x = service_sapr3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + { "sapr3", service_sapr3_init, service_sapr3 }, #endif - if (strcmp(hydra_options.service, "smtp") == 0) - x = service_smtp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "smtp-enum") == 0) - x = service_smtp_enum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "snmp") == 0) - x = service_snmp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "socks5") == 0) - x = service_socks5_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); +#ifdef LIBOPENSSL + { "sip", service_sip_init, service_sip }, + { "smbnt", service_smb_init, service_smb }, + { "smb", service_smb_init, service_smb }, +#endif + { "smtp", service_smtp_init, service_smtp }, + { "smtp-enum", service_smtp_enum_init, service_smtp_enum }, + { "snmp", service_snmp_init, service_snmp }, + { "socks5", service_socks5_init, service_socks5 }, #ifdef LIBSSH - // dirty workaround here: - if (strcmp(hydra_options.service, "ssh") == 0) - x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, login_ptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "sshkey") == 0) - x = service_sshkey_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + { "ssh", NULL, service_ssh }, + { "sshkey", service_sshkey_init, service_sshkey }, #endif #ifdef LIBSVN - if (strcmp(hydra_options.service, "svn") == 0) - x = service_svn_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + { "svn", service_svn_init, service_svn }, #endif - if (strcmp(hydra_options.service, "teamspeak") == 0) - x = service_teamspeak_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "telnet") == 0) - x = service_telnet_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "vmauthd") == 0) - x = service_vmauthd_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "vnc") == 0) - x = service_vnc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "xmpp") == 0) - x = service_xmpp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "s7-300") == 0) - x = service_s7_300_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "rtsp") == 0) - x = service_rtsp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); - if (strcmp(hydra_options.service, "rpcap") == 0) - x = service_rpcap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + { "teamspeak", service_teamspeak_init, service_teamspeak }, + { "telnet", service_telnet_init, service_telnet }, + { "vmauthd", service_vmauthd_init, service_vmauthd }, + { "vnc", service_vnc_init, service_vnc }, + { "xmpp", service_xmpp_init, NULL } +}; + +void hydra_service_init(int target_no) { + int x = 99; + int i = 0; + + for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { + if (strcmp(hydra_options.service, services[i].name) == 0) { + if (services[i].init) { + x = services[i].init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + break; + } + } + } // ADD NEW SERVICES HERE + // dirty workaround here: +#ifdef LIBSSH + if (strcmp(hydra_options.service, "ssh") == 0) + x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, login_ptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); +#endif if (x != 0 && x != 99) { if (x > 0 && x < 4) From 5dc883fb4beda7cac87ac341edff2ef354fd94db Mon Sep 17 00:00:00 2001 From: Diadlo Date: Thu, 1 Jun 2017 00:25:41 +0300 Subject: [PATCH 33/90] Refactor service_init --- hydra.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/hydra.c b/hydra.c index c10f5f5..e4561c8 100644 --- a/hydra.c +++ b/hydra.c @@ -1280,11 +1280,14 @@ static const struct { void hydra_service_init(int target_no) { int x = 99; int i = 0; + hydra_target* t = hydra_targets[target_no]; + char* miscptr = hydra_options.miscptr; + FILE* ofp = hydra_brains.ofp; for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { if (strcmp(hydra_options.service, services[i].name) == 0) { if (services[i].init) { - x = services[i].init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + x = services[i].init(t->ip, -1, options, miscptr, ofp, t->port, t->target); break; } } @@ -1294,18 +1297,20 @@ void hydra_service_init(int target_no) { // dirty workaround here: #ifdef LIBSSH if (strcmp(hydra_options.service, "ssh") == 0) - x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, login_ptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[target_no]->target); + x = service_ssh_init(t->ip, -1, options, login_ptr, ofp, t->port, t->target); #endif - if (x != 0 && x != 99) { - if (x > 0 && x < 4) - hydra_targets[target_no]->done = x; - else - hydra_targets[target_no]->done = 2; - hydra_brains.finished++; - if (hydra_brains.targets == 1) - exit(-1); + if (x == 0 || x == 99) { + return; } + + if (x > 0 && x < 4) + hydra_targets[target_no]->done = x; + else + hydra_targets[target_no]->done = 2; + hydra_brains.finished++; + if (hydra_brains.targets == 1) + exit(-1); } From 8b6607aec0c36c8c4dbe7884553980c617109bb2 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Thu, 1 Jun 2017 00:36:53 +0300 Subject: [PATCH 34/90] Add using SERVICE macro --- hydra.c | 95 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 49 insertions(+), 46 deletions(-) diff --git a/hydra.c b/hydra.c index e4561c8..314cefa 100644 --- a/hydra.c +++ b/hydra.c @@ -1187,23 +1187,26 @@ char *hydra_build_time() { typedef void (*service_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); typedef int (*service_init_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); +#define SERVICE2(name, func) { name, service_##func##_init, service_##func } +#define SERVICE(name) { #name, service_##name##_init, service_##name } + static const struct { const char* name; service_init_t init; service_t exec; } services[] = { - { "adam6500", service_adam6500_init, service_adam6500 }, + SERVICE(adam6500), #ifdef LIBAFP - { "afp", service_afp_init, service_afp }, + SERVICE(afp), #endif - { "asterisk", service_asterisk_init, service_asterisk }, - { "cisco", service_cisco_init, service_cisco }, - { "cisco-enable", service_cisco_enable_init, service_cisco_enable }, - { "cvs", service_cvs_init, service_cvs }, + SERVICE(asterisk), + SERVICE(cisco), + SERVICE2("cisco-enable", cisco_enable), + SERVICE(cvs), #ifdef LIBFIREBIRD - { "firebird", service_firebird_init, service_firebird }, + SERVICE(firebird), #endif - { "ftp", service_ftp_init, service_ftp }, + SERVICE(ftp), { "ftps", service_ftp_init, service_ftps }, { "http-get", service_http_init, service_http_get }, { "http-get-form", service_http_form_init, service_http_get_form }, @@ -1211,69 +1214,69 @@ static const struct { { "http-form", service_http_form_init, NULL }, { "http-post", NULL, service_http_post }, { "http-post-form", service_http_form_init, service_http_post_form }, - { "http-proxy", service_http_proxy_init, service_http_proxy }, - { "http-proxy-urlenum", service_http_proxy_urlenum_init, service_http_proxy_urlenum }, - { "icq", service_icq_init, service_icq }, - { "imap", service_imap_init, service_imap }, - { "irc", service_irc_init, service_irc }, + SERVICE2("http-proxy", http_proxy), + SERVICE2("http-proxy-urlenum", http_proxy_urlenum), + SERVICE(icq), + SERVICE(imap), + SERVICE(irc), { "ldap2", service_ldap_init, service_ldap2 }, { "ldap3", service_ldap_init, service_ldap3 }, { "ldap3-crammd5", service_ldap_init, service_ldap3_cram_md5 }, { "ldap3-digestmd5", service_ldap_init, service_ldap3_digest_md5 }, - { "mssql", service_mssql_init, service_mssql }, + SERVICE(mssql), #ifdef HAVE_MATH_H - { "mysql", service_mysql_init, service_mysql }, + SERVICE(mysql), #endif #ifdef LIBNCP - { "ncp", service_ncp_init, service_ncp }, + SERVICE(ncp), #endif - { "nntp", service_nntp_init, service_nntp }, + SERVICE(nntp), #ifdef LIBORACLE - { "oracle", service_oracle_init, service_oracle }, + SERVICE(oracle), #endif #ifdef LIBOPENSSL - { "oracle-listener", service_oracle_listener_init, service_oracle_listener }, - { "oracle-sid", service_oracle_sid_init, service_oracle_sid }, + SERVICE2("oracle-listener", oracle_listener), + SERVICE2("oracle-sid", oracle_sid), #endif - { "pcanywhere", service_pcanywhere_init, service_pcanywhere }, - { "pcnfs", service_pcnfs_init, service_pcnfs }, - { "pop3", service_pop3_init, service_pop3 }, + SERVICE(pcanywhere), + SERVICE(pcnfs), + SERVICE(pop3), #ifdef LIBPOSTGRES - { "postgres", service_postgres_init, service_postgres }, + SERVICE(postgres), #endif - { "redis", service_redis_init, service_redis }, - { "rexec", service_rexec_init, service_rexec }, + SERVICE(redis), + SERVICE(rexec), #ifdef LIBOPENSSL - { "rdp", service_rdp_init, service_rdp }, + SERVICE(rdp), #endif - { "rlogin", service_rlogin_init, service_rlogin }, - { "rsh", service_rsh_init, service_rsh }, - { "rtsp", service_rtsp_init, service_rtsp }, - { "rpcap", service_rpcap_init, service_rpcap }, - { "s7-300", service_s7_300_init, service_s7_300 }, + SERVICE(rlogin), + SERVICE(rsh), + SERVICE(rtsp), + SERVICE(rpcap), + SERVICE2("s7-300", s7_300), #ifdef LIBSAPR3 - { "sapr3", service_sapr3_init, service_sapr3 }, + SERVICE(sapr3), #endif #ifdef LIBOPENSSL - { "sip", service_sip_init, service_sip }, - { "smbnt", service_smb_init, service_smb }, - { "smb", service_smb_init, service_smb }, + SERVICE(sip), + SERVICE2("smbnt", smb), + SERVICE(smb), #endif - { "smtp", service_smtp_init, service_smtp }, - { "smtp-enum", service_smtp_enum_init, service_smtp_enum }, - { "snmp", service_snmp_init, service_snmp }, - { "socks5", service_socks5_init, service_socks5 }, + SERVICE(smtp), + SERVICE2("smtp-enum", smtp_enum), + SERVICE(snmp), + SERVICE(socks5), #ifdef LIBSSH { "ssh", NULL, service_ssh }, - { "sshkey", service_sshkey_init, service_sshkey }, + SERVICE(sshkey), #endif #ifdef LIBSVN - { "svn", service_svn_init, service_svn }, + SERVICE(svn), #endif - { "teamspeak", service_teamspeak_init, service_teamspeak }, - { "telnet", service_telnet_init, service_telnet }, - { "vmauthd", service_vmauthd_init, service_vmauthd }, - { "vnc", service_vnc_init, service_vnc }, + SERVICE(teamspeak), + SERVICE(telnet), + SERVICE(vmauthd), + SERVICE(vnc), { "xmpp", service_xmpp_init, NULL } }; From 6edd64e6b68ccbf453c3bb54b79abc6dca922c54 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Thu, 1 Jun 2017 00:45:41 +0300 Subject: [PATCH 35/90] Refactor spawn_head --- hydra.c | 161 ++++++-------------------------------------------------- 1 file changed, 17 insertions(+), 144 deletions(-) diff --git a/hydra.c b/hydra.c index 314cefa..09ee76b 100644 --- a/hydra.c +++ b/hydra.c @@ -1364,152 +1364,25 @@ int hydra_spawn_head(int head_no, int target_no) { if (debug) printf("[DEBUG] head_no %d has pid %d\n", head_no, getpid()); - // now call crack module - if (strcmp(hydra_options.service, "asterisk") == 0) - service_asterisk(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "telnet") == 0) - service_telnet(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "ftp") == 0) { - - service_ftp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - + hydra_target* t = hydra_targets[target_no]; + int sp = hydra_heads[head_no]->sp[1]; + char* miscptr = hydra_options.miscptr; + FILE* ofp = hydra_brains.ofp; + hydra_target* head_target = hydra_targets[hydra_heads[head_no]->target_no]; + for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { + if (strcmp(hydra_options.service, services[i].name) == 0) { + if (services[i].exec) { + services[i].exec(t->ip, sp, options, miscptr, ofp, t->port, head_target->target); + // just in case a module returns (which it shouldnt) we let it exit here + exit(-1); + } + } } - if (strcmp(hydra_options.service, "ftps") == 0) - service_ftps(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "redis") == 0) - service_redis(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "pop3") == 0) - service_pop3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "imap") == 0) - service_imap(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "vmauthd") == 0) - service_vmauthd(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "ldap2") == 0) - service_ldap2(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "ldap3") == 0) - service_ldap3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "http-head") == 0) - service_http_head(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "ldap3-crammd5") == 0) - service_ldap3_cram_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "ldap3-digestmd5") == 0) - service_ldap3_digest_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "http-post") == 0) - service_http_post(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "http-get") == 0) - service_http_get(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "http-get-form") == 0) - service_http_get_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "http-post-form") == 0) - service_http_post_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "http-proxy") == 0) - service_http_proxy(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) - service_http_proxy_urlenum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "adam6500") == 0) - service_adam6500(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "cisco") == 0) - service_cisco(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "cisco-enable") == 0) - service_cisco_enable(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "socks5") == 0) - service_socks5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "vnc") == 0) - service_vnc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "rexec") == 0) - service_rexec(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "rlogin") == 0) - service_rlogin(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "rsh") == 0) - service_rsh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "nntp") == 0) - service_nntp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "icq") == 0) - service_icq(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "pcnfs") == 0) - service_pcnfs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#ifdef HAVE_MATH_H - if (strcmp(hydra_options.service, "mysql") == 0) - service_mysql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#endif - if (strcmp(hydra_options.service, "mssql") == 0) - service_mssql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "oracle-listener") == 0) - service_oracle_listener(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "oracle-sid") == 0) - service_oracle_sid(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#endif -#ifdef LIBORACLE - if (strcmp(hydra_options.service, "oracle") == 0) - service_oracle(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#endif -#ifdef LIBPOSTGRES - if (strcmp(hydra_options.service, "postgres") == 0) - service_postgres(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#endif -#ifdef LIBFIREBIRD - if (strcmp(hydra_options.service, "firebird") == 0) - service_firebird(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#endif -#ifdef LIBAFP - if (strcmp(hydra_options.service, "afp") == 0) - service_afp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#endif -#ifdef LIBNCP - if (strcmp(hydra_options.service, "ncp") == 0) - service_ncp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#endif - if (strcmp(hydra_options.service, "pcanywhere") == 0) - service_pcanywhere(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "cvs") == 0) - service_cvs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#ifdef LIBSVN - if (strcmp(hydra_options.service, "svn") == 0) - service_svn(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#endif - if (strcmp(hydra_options.service, "snmp") == 0) - service_snmp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#ifdef LIBOPENSSL - if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) - service_smb(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#endif -#ifdef LIBSAPR3 - if (strcmp(hydra_options.service, "sapr3") == 0) - service_sapr3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#endif -#ifdef LIBSSH - if (strcmp(hydra_options.service, "ssh") == 0) - service_ssh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "sshkey") == 0) - service_sshkey(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#endif - if (strcmp(hydra_options.service, "smtp") == 0) - service_smtp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "smtp-enum") == 0) - service_smtp_enum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "teamspeak") == 0) - service_teamspeak(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "sip") == 0) - service_sip(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#endif - if (strcmp(hydra_options.service, "xmpp") == 0) - service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "irc") == 0) - service_irc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "rdp") == 0) - service_rdp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); -#endif - if (strcmp(hydra_options.service, "s7-300") == 0) - service_s7_300(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "rtsp") == 0) - service_rtsp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - if (strcmp(hydra_options.service, "rpcap") == 0) - service_rpcap(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); - // ADD NEW SERVICES HERE + // FIXME: dirty workaround here + if (strcmp(hydra_options.service, "xmpp") == 0) { + service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); + } // just in case a module returns (which it shouldnt) we let it exit here exit(-1); From 0d6efda1d2e48bac7df2aac9b0668528ad7e3d4f Mon Sep 17 00:00:00 2001 From: Diadlo Date: Thu, 1 Jun 2017 23:56:06 +0300 Subject: [PATCH 36/90] Add swap function --- hydra.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/hydra.c b/hydra.c index f54554b..51e5b95 100644 --- a/hydra.c +++ b/hydra.c @@ -1771,6 +1771,14 @@ void hydra_increase_fail_count(int target_no, int head_no) { } } +void swap_chars(char* a, char* b) +{ + unsigned char keep; + keep = *a; + *a = *b; + *b = keep; +} + char *hydra_reverse_login(int head_no, char *login) { int i, j; char *start, *pos; @@ -1793,25 +1801,17 @@ char *hydra_reverse_login(int head_no, char *login) { while(start < --pos) { switch( (*pos & 0xF0) >> 4 ) { case 0xF: /* U+010000-U+10FFFF: four bytes. */ - keep = *pos; - *pos = *(pos-3); - *(pos-3) = keep; - keep = *(pos-1); - *(pos-1) = *(pos-2); - *(pos-2) = keep; + swap(pos, pos - 3); + swap(pos - 1, pos - 2); pos -= 3; break; case 0xE: /* U+000800-U+00FFFF: three bytes. */ - keep = *pos; - *pos = *(pos-2); - *(pos-2) = keep; + swap(pos, pos - 2); pos -= 2; break; case 0xC: /* fall-through */ case 0xD: /* U+000080-U+0007FF: two bytes. */ - keep = *pos; - *pos = *(pos-1); - *(pos-1) = keep; + swap(pos, pos - 1); pos--; break; } From 07d55e94afa8c4c54a002f04de07c0b8f5af70c6 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Fri, 2 Jun 2017 00:13:46 +0300 Subject: [PATCH 37/90] Add target_state_t enum --- hydra.c | 63 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 35 insertions(+), 28 deletions(-) diff --git a/hydra.c b/hydra.c index f54554b..6fbca31 100644 --- a/hydra.c +++ b/hydra.c @@ -200,6 +200,13 @@ typedef struct { time_t last_seen; } hydra_head; +typedef enum { + STATE_ACTIVE = 0, + STATE_FINISHED = 1, + STATE_ERROR = 2, + STATE_UNRESOLVED = 3 +} target_state_t; + typedef struct { char *target; char ip[36]; @@ -210,7 +217,7 @@ typedef struct { unsigned long int sent; int pass_state; int use_count; - int done; // 0 if active, 1 if finished scanning, 2 if error (for RESTOREFILE), 3 could not be resolved + target_state_t done; int fail_count; int redo_state; int redo; @@ -734,7 +741,7 @@ void hydra_restore_write(int print_msg) { return; for (i = 0; i < hydra_brains.targets; i++) - if (hydra_targets[j]->done != 1 && hydra_targets[j]->done != 3) + if (hydra_targets[j]->done != STATE_FINISHED && hydra_targets[j]->done != STATE_UNRESOLVED) j++; if (j == 0) { process_restore = 0; @@ -776,7 +783,7 @@ void hydra_restore_write(int print_msg) { if (hydra_options.colonfile == NULL || hydra_options.colonfile == empty_login) fck = fwrite(pass_ptr, hydra_brains.sizepass, 1, f); for (j = 0; j < hydra_brains.targets; j++) - if (hydra_targets[j]->done != 1) { + if (hydra_targets[j]->done != STATE_FINISHED) { fck = fwrite(hydra_targets[j], sizeof(hydra_target), 1, f); fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int) (hydra_targets[j]->login_ptr - login_ptr), (int) (hydra_targets[j]->pass_ptr - pass_ptr)); @@ -1315,7 +1322,7 @@ void hydra_service_init(int target_no) { if (x > 0 && x < 4) hydra_targets[target_no]->done = x; else - hydra_targets[target_no]->done = 2; + hydra_targets[target_no]->done = STATE_ERROR; hydra_brains.finished++; if (hydra_brains.targets == 1) exit(-1); @@ -1705,7 +1712,7 @@ void hydra_increase_fail_count(int target_no, int head_no) { k++; if (k <= 1) { // we need to put this in a list, otherwise we fail one login+pw test - if (hydra_targets[target_no]->done == 0 + if (hydra_targets[target_no]->done == STATE_ACTIVE && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { @@ -1720,11 +1727,11 @@ void hydra_increase_fail_count(int target_no, int head_no) { hydra_heads[head_no]->current_pass_ptr = empty_login; } if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) { - if (hydra_targets[target_no]->done == 0 && hydra_options.max_use == hydra_targets[target_no]->failed) { + if (hydra_targets[target_no]->done == STATE_ACTIVE && hydra_options.max_use == hydra_targets[target_no]->failed) { if (hydra_targets[target_no]->ok == 1) - hydra_targets[target_no]->done = 2; // mark target as done by errors + hydra_targets[target_no]->done = STATE_ERROR; // mark target as done by errors else - hydra_targets[target_no]->done = 3; // mark target as done by unable to connect + hydra_targets[target_no]->done = STATE_UNRESOLVED; // mark target as done by unable to connect hydra_brains.finished++; fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 @@ -1737,7 +1744,7 @@ void hydra_increase_fail_count(int target_no, int head_no) { } // we keep the last one alive as long as it make sense } else { // we need to put this in a list, otherwise we fail one login+pw test - if (hydra_targets[target_no]->done == 0 + if (hydra_targets[target_no]->done == STATE_ACTIVE && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { @@ -1832,8 +1839,8 @@ int hydra_send_next_pair(int target_no, int head_no) { snpdone = 1; } else { if (hydra_targets[target_no]->sent >= hydra_brains.todo + hydra_targets[target_no]->redo) { - if (hydra_targets[target_no]->done == 0) { - hydra_targets[target_no]->done = 1; + if (hydra_targets[target_no]->done == STATE_ACTIVE) { + hydra_targets[target_no]->done = STATE_FINISHED; hydra_brains.finished++; if (verbose) printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); @@ -1873,8 +1880,8 @@ int hydra_send_next_pair(int target_no, int head_no) { snpdone = 1; } else { // if a pair does not complete after this point it is lost - if (hydra_targets[target_no]->done == 0) { - hydra_targets[target_no]->done = 1; + if (hydra_targets[target_no]->done == STATE_ACTIVE) { + hydra_targets[target_no]->done = STATE_FINISHED; hydra_brains.finished++; if (verbose) printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); @@ -1883,7 +1890,7 @@ int hydra_send_next_pair(int target_no, int head_no) { return -1; } } else { // normale state, no redo - if (hydra_targets[target_no]->done) { + if (hydra_targets[target_no]->done != STATE_ACTIVE) { loop_cnt = 0; return -1; // head will be disabled by main while() } @@ -2099,8 +2106,8 @@ int hydra_send_next_pair(int target_no, int head_no) { if (!snpdone || hydra_targets[target_no]->skipcnt >= hydra_brains.countlogin) { fck = write(hydra_heads[head_no]->sp[0], HYDRA_EXIT, sizeof(HYDRA_EXIT)); if (hydra_targets[target_no]->use_count <= 1) { - if (hydra_targets[target_no]->done == 0) { - hydra_targets[target_no]->done = 1; + if (hydra_targets[target_no]->done == STATE_ACTIVE) { + hydra_targets[target_no]->done = STATE_FINISHED; hydra_brains.finished++; if (verbose) printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); @@ -2250,7 +2257,7 @@ int hydra_select_target() { int target_no = -1, i, j = -1000; for (i = 0; i < hydra_brains.targets; i++) - if (hydra_targets[i]->use_count < hydra_options.tasks && hydra_targets[i]->done == 0) + if (hydra_targets[i]->use_count < hydra_options.tasks && hydra_targets[i]->done == STATE_ACTIVE) if (j < hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count) { target_no = i; j = hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count; @@ -3840,7 +3847,7 @@ int main(int argc, char *argv[]) { printf("[failed for %s] ", hydra_targets[i]->target); else fprintf(stderr, "[ERROR] could not resolve address: %s\n", hydra_targets[i]->target); - hydra_targets[i]->done = 3; + hydra_targets[i]->done = STATE_UNRESOLVED; hydra_brains.finished++; } } else { @@ -3862,7 +3869,7 @@ int main(int argc, char *argv[]) { if ((strcmp(hydra_options.service, "socks5") == 0) || (strcmp(hydra_options.service, "sip") == 0)) { fprintf(stderr, "[ERROR] Target %s resolves to an IPv6 address, however module %s does not support this. Maybe try \"-4\" option. Sending in patches helps.\n", hydra_targets[i]->target, hydra_options.service); - hydra_targets[i]->done = 3; + hydra_targets[i]->done = STATE_UNRESOLVED; hydra_brains.finished++; } else { hydra_targets[i]->ip[0] = 16; @@ -3887,7 +3894,7 @@ int main(int argc, char *argv[]) { printf("[failed for %s] ", hydra_targets[i]->target); else fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", hydra_targets[i]->target); - hydra_targets[i]->done = 3; + hydra_targets[i]->done = STATE_UNRESOLVED; hydra_brains.finished++; } freeaddrinfo(res); @@ -4064,15 +4071,15 @@ int main(int argc, char *argv[]) { fflush(hydra_brains.ofp); } if (hydra_options.exit_found) { // option set says quit target after on valid login/pass pair is found - if (hydra_targets[hydra_heads[head_no]->target_no]->done == 0) { - hydra_targets[hydra_heads[head_no]->target_no]->done = 1; // mark target as done + if (hydra_targets[hydra_heads[head_no]->target_no]->done == STATE_ACTIVE) { + hydra_targets[hydra_heads[head_no]->target_no]->done = STATE_FINISHED; // mark target as done hydra_brains.finished++; printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); } if (hydra_options.exit_found == 2) { for (j = 0; j < hydra_brains.targets; j++) - if (hydra_targets[j]->done == 0) { - hydra_targets[j]->done = 1; + if (hydra_targets[j]->done == STATE_ACTIVE) { + hydra_targets[j]->done = STATE_FINISHED; hydra_brains.finished++; } } @@ -4210,18 +4217,18 @@ int main(int argc, char *argv[]) { j = k = error = 0; for (i = 0; i < hydra_brains.targets; i++) switch (hydra_targets[i]->done) { - case 3: + case STATE_UNRESOLVED: k++; break; - case 2: + case STATE_ERROR: if (hydra_targets[i]->ok == 0) k++; else error++; break; - case 1: + case STATE_FINISHED: break; - case 0: + case STATE_ACTIVE: if (hydra_targets[i]->ok == 0) k++; else From cdb9123e2869fed896a5fdfad99da604f764bf0b Mon Sep 17 00:00:00 2001 From: Diadlo Date: Fri, 2 Jun 2017 09:50:42 +0300 Subject: [PATCH 38/90] Add hydra_mode_t enum --- hydra.c | 46 ++++++++++++++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 16 deletions(-) diff --git a/hydra.c b/hydra.c index 6fbca31..bb84f2d 100644 --- a/hydra.c +++ b/hydra.c @@ -247,8 +247,18 @@ typedef struct { FILE *ofp; } hydra_brain; +typedef enum { + MODE_PASSWORD_LIST = 1, + MODE_LOGIN_LIST = 2, + MODE_PASSWORD_BRUTE = 4, + MODE_PASSWORD_REVERSE = 8, + MODE_PASSWORD_NULL = 16, + MODE_PASSWORD_SAME = 32, + MODE_COLON_FILE = 64 +} hydra_mode_t; + typedef struct { - int mode; // valid modes: 0 = -l -p, 1 = -l -P, 2 = -L -p, 3 = -L -P, 4 = -l -x, 6 = -L -x, +8 if -e r, +16 if -e n, +32 if -e s, 64 = -C | bit 128 undefined + hydra_mode_t mode; int loop_mode; // valid modes: 0 = password, 1 = user int ssl; int restore; @@ -330,6 +340,10 @@ int snpdone, snp_is_redo, snpbuflen, snpi, snpj, snpdont; #include "performance.h" +int inline check_flag(int value, int flag) { + return (value & flag) == flag; +} + void help(int ext) { printf("Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" #ifdef HAVE_MATH_H @@ -934,7 +948,7 @@ void hydra_restore_read() { fck = (int) fread(login_ptr, hydra_brains.sizelogin, 1, f); if (debug) printf("[DEBUG] reading restore file: Step 9 complete\n"); - if ((hydra_options.mode & 64) != 64) { // NOT colonfile mode + if (!check_flag(hydra_options.mode, MODE_COLON_FILE)) { // NOT colonfile mode pass_ptr = malloc(hydra_brains.sizepass); fck = (int) fread(pass_ptr, hydra_brains.sizepass, 1, f); } else { // colonfile mode @@ -1939,7 +1953,7 @@ int hydra_send_next_pair(int target_no, int head_no) { } // now we handle the -C -l/-L -p/-P data if (hydra_targets[target_no]->pass_state == 3 && snpdone == 0) { - if ((hydra_options.mode & 64) == 64) { // colon mode + if (check_flag(hydra_options.mode, MODE_COLON_FILE)) { // colon mode hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; hydra_targets[target_no]->login_no++; @@ -2008,17 +2022,17 @@ int hydra_send_next_pair(int target_no, int head_no) { if (hydra_targets[target_no]->pass_no < hydra_brains.countpass) { hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; if (hydra_targets[target_no]->pass_state == 0) { - if ((hydra_options.mode & 4) == 4) + if (check_flag(hydra_options.mode, MODE_PASSWORD_BRUTE)) hydra_heads[head_no]->current_pass_ptr = strdup(hydra_heads[head_no]->current_login_ptr); else hydra_heads[head_no]->current_pass_ptr = hydra_heads[head_no]->current_login_ptr; } else if (hydra_targets[target_no]->pass_state == 1) { - if ((hydra_options.mode & 4) == 4) + if (check_flag(hydra_options.mode, MODE_PASSWORD_BRUTE)) hydra_heads[head_no]->current_pass_ptr = strdup(empty_login); else hydra_heads[head_no]->current_pass_ptr = empty_login; } else if (hydra_targets[target_no]->pass_state == 2) { - if ((hydra_options.mode & 4) == 4) + if (check_flag(hydra_options.mode, MODE_PASSWORD_BRUTE)) hydra_heads[head_no]->current_pass_ptr = strdup(hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)); else hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); @@ -2048,7 +2062,7 @@ int hydra_send_next_pair(int target_no, int head_no) { if (snpdont) { hydra_targets[target_no]->pass_ptr = pass_ptr; } else { - if ((hydra_options.mode & 4) == 4) { // bfg mode + if (check_flag(hydra_options.mode, MODE_PASSWORD_BRUTE)) { #ifndef HAVE_MATH_H sleep(1); #else @@ -2129,7 +2143,7 @@ int hydra_send_next_pair(int target_no, int head_no) { if (debug) printf("[DEBUG] double found for %s == %s, skipping\n", hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi - 1]); // only if -l/L -p/P with -u and if loginptr was not justed increased - if ((hydra_options.mode & 64) != 64 && hydra_options.loop_mode == 0 && hydra_targets[target_no]->pass_no > 0) { // -l -P (not! -u) + if (!check_flag(hydra_options.mode, MODE_COLON_FILE) && hydra_options.loop_mode == 0 && hydra_targets[target_no]->pass_no > 0) { // -l -P (not! -u) // increase login_ptr to next hydra_targets[target_no]->login_no++; if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { @@ -2204,7 +2218,7 @@ void hydra_skip_user(int target_no, char *username) { strcpy(hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt], username); hydra_targets[target_no]->skipcnt++; } - if (hydra_options.loop_mode == 0 && (hydra_options.mode & 64) != 64) { + if (hydra_options.loop_mode == 0 && !check_flag(hydra_options.mode, MODE_COLON_FILE)) { if (memcmp(username, hydra_targets[target_no]->login_ptr, strlen(username)) == 0) { if (debug) printf("[DEBUG] skipping username %s\n", username); @@ -2554,15 +2568,15 @@ int main(int argc, char *argv[]) { switch (optarg[i]) { case 'r': hydra_options.try_password_reverse_login = 1; - hydra_options.mode = hydra_options.mode | 8; + hydra_options.mode = hydra_options.mode | MODE_PASSWORD_REVERSE; break; case 'n': hydra_options.try_null_password = 1; - hydra_options.mode = hydra_options.mode | 16; + hydra_options.mode = hydra_options.mode | MODE_PASSWORD_NULL; break; case 's': hydra_options.try_password_same_as_login = 1; - hydra_options.mode = hydra_options.mode | 32; + hydra_options.mode = hydra_options.mode | MODE_PASSWORD_SAME; break; default: fprintf(stderr, "[ERROR] unknown mode %c for option -e, only supporting \"n\", \"s\" and \"r\"\n", optarg[i]); @@ -2582,14 +2596,14 @@ int main(int argc, char *argv[]) { break; case 'L': hydra_options.loginfile = optarg; - hydra_options.mode = hydra_options.mode | 2; + hydra_options.mode = hydra_options.mode | MODE_LOGIN_LIST; break; case 'p': hydra_options.pass = optarg; break; case 'P': hydra_options.passfile = optarg; - hydra_options.mode = hydra_options.mode | 1; + hydra_options.mode = hydra_options.mode | MODE_PASSWORD_LIST; break; case 'f': hydra_options.exit_found = 1; @@ -2620,7 +2634,7 @@ int main(int argc, char *argv[]) { break; case 'C': hydra_options.colonfile = optarg; - hydra_options.mode = 64; + hydra_options.mode = MODE_COLON_FILE; break; case 'm': hydra_options.miscptr = optarg; @@ -2666,7 +2680,7 @@ int main(int argc, char *argv[]) { help_bfg(); bf_options.arg = optarg; hydra_options.bfg = 1; - hydra_options.mode = hydra_options.mode | 4; + hydra_options.mode = hydra_options.mode | MODE_PASSWORD_BRUTE; hydra_options.loop_mode = 1; break; #endif From 985f9c43b0991760a69990f01796fcfa3c80135a Mon Sep 17 00:00:00 2001 From: Diadlo Date: Fri, 2 Jun 2017 10:21:15 +0300 Subject: [PATCH 39/90] Add output_format_t enum --- hydra.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/hydra.c b/hydra.c index bb84f2d..e1b5d07 100644 --- a/hydra.c +++ b/hydra.c @@ -257,6 +257,13 @@ typedef enum { MODE_COLON_FILE = 64 } hydra_mode_t; +typedef enum { + FORMAT_PLAIN_TEXT, + FORMAT_JSONV1, + FORMAT_JSONV2, + FORMAT_XMLV1 +} output_format_t; + typedef struct { hydra_mode_t mode; int loop_mode; // valid modes: 0 = password, 1 = user @@ -272,7 +279,7 @@ typedef struct { int exit_found; int max_use; int cidr; - int outfile_format; // 0 = plain text, 1 = JSONv1, [future --> ] 2 = JSONv2, 3=XMLv1, 4=... + output_format_t outfile_format; char *login; char *loginfile; char *pass; @@ -2521,7 +2528,7 @@ int main(int argc, char *argv[]) { hydra_options.passfile = NULL; hydra_options.tasks = TASKS; hydra_options.max_use = MAXTASKS; - hydra_options.outfile_format = 0; + hydra_options.outfile_format = FORMAT_PLAIN_TEXT; hydra_brains.ofp = stdout; hydra_brains.targets = 1; hydra_options.waittime = waittime = WAITTIME; @@ -2618,11 +2625,11 @@ int main(int argc, char *argv[]) { case 'b': outfile_format_tmp = optarg; if (0==strcasecmp(outfile_format_tmp,"text")) - hydra_options.outfile_format = 0; + hydra_options.outfile_format = FORMAT_PLAIN_TEXT; else if (0==strcasecmp(outfile_format_tmp,"json")) // latest json formatting. - hydra_options.outfile_format = 1; + hydra_options.outfile_format = FORMAT_JSONV1; else if (0==strcasecmp(outfile_format_tmp,"jsonv1")) - hydra_options.outfile_format = 1; + hydra_options.outfile_format = FORMAT_JSONV1; else { fprintf(stderr, "[ERROR] Output file format must be (text, json, jsonv1)\n"); exit(-1); @@ -2726,7 +2733,7 @@ int main(int argc, char *argv[]) { bail("You can only use -L OR -l, not both\n"); if (hydra_options.pass != NULL && hydra_options.passfile != NULL) bail("You can only use -P OR -p, not both\n"); - if (hydra_options.outfile_format != 0 && hydra_options.outfile_ptr == NULL) + if (hydra_options.outfile_format != FORMAT_PLAIN_TEXT && hydra_options.outfile_ptr == NULL) fprintf(stderr, "[WARNING] output file format specified (-b) - but no output file (-o)\n"); if (hydra_options.restore) { @@ -3805,7 +3812,7 @@ int main(int argc, char *argv[]) { perror("[ERROR] Error creating outputfile"); exit(-1); } - if (hydra_options.outfile_format == 1) { // JSONv1 + if (hydra_options.outfile_format == FORMAT_JSONV1) { fprintf(hydra_brains.ofp, "{ \"generator\": {\n" "\t\"software\": \"%s\", \"version\": \"%s\", \"built\": \"%s\",\n" "\t\"server\": \"%s\", \"service\": \"%s\", \"jsonoutputversion\": \"1.00\",\n" @@ -4058,7 +4065,7 @@ int main(int argc, char *argv[]) { printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); } - if (hydra_options.outfile_format == 1 /* JSONv1 */ && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { + if (hydra_options.outfile_format == FORMAT_JSONV1 && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { fprintf(hydra_brains.ofp, "%s\n\t{\"port\": %d, \"service\": \"%s\", \"host\": \"%s\", \"login\": \"%s\", \"password\": \"%s\"}", hydra_brains.found == 1 ? "" : ",", // prefix a comma if not first finding hydra_targets[hydra_heads[head_no]->target_no]->port, @@ -4312,7 +4319,7 @@ int main(int argc, char *argv[]) { // yeah we did it printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) { - if (hydra_options.outfile_format == 1 /* JSONv1 */ ) { + if (hydra_options.outfile_format == FORMAT_JSONV1) { fprintf(hydra_brains.ofp, "\n\t],\n\"success\": %s,\n\"errormessages\": [ %s ],\n\"quantityfound\": %lu }\n", (error ? "false" : "true"), json_error, hydra_brains.found); } From 0519661f9514c3b711cfe3087430cb94fb3a9066 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Fri, 2 Jun 2017 10:58:10 +0300 Subject: [PATCH 40/90] Add using macros to align help text --- hydra.c | 149 ++++++++++++++++++++++++++------------------------------ 1 file changed, 70 insertions(+), 79 deletions(-) diff --git a/hydra.c b/hydra.c index f54554b..a4cee40 100644 --- a/hydra.c +++ b/hydra.c @@ -323,88 +323,78 @@ int snpdone, snp_is_redo, snpbuflen, snpi, snpj, snpdont; #include "performance.h" -void help(int ext) { - printf("Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" -#ifdef HAVE_MATH_H - " [-x MIN:MAX:CHARSET]" -#endif - " [-ISOuvVd46] " - //"[server service [OPT]]|" - "[service://server[:PORT][/OPT]]\n"); - printf("\nOptions:\n"); - if (ext) - printf(" -R restore a previous aborted/crashed session\n"); - if (ext) - printf(" -I ignore an existing restore file (dont wait 10 seconds)\n"); -#ifdef LIBOPENSSL - if (ext) - printf(" -S perform an SSL connect\n"); -#endif - if (ext) - printf(" -s PORT if the service is on a different default port, define it here\n"); - printf(" -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n"); - printf(" -p PASS or -P FILE try password PASS, or load several passwords from FILE\n"); -#ifdef HAVE_MATH_H - if (ext) { - printf(" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n"); - printf(" -y disable use of symbols in bruteforce, see above\n"); - } -#endif - if (ext) - printf(" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n"); - if (ext) - printf(" -u loop around users, not passwords (effective! implied with -x)\n"); - printf(" -C FILE colon separated \"login:pass\" format, instead of -L/-P options\n"); - printf(" -M FILE list of servers to attack, one entry per line, ':' to specify port\n"); - if (ext) - printf(" -o FILE write found login/password pairs to FILE instead of stdout\n"); - if (ext) - printf(" -b FORMAT specify the format for the -o FILE: text(default), json, jsonv1\n"); - if (ext) - printf(" -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); - printf(" -t TASKS run TASKS number of connects in parallel per target (default: %d)\n", TASKS); - if (ext) - printf(" -T TASKS run TASKS connects in parallel overall (for -M, default: %d)\n", MAXTASKS); - if (ext) - printf(" -w / -W TIME waittime for responses (%d) / between connects per thread (%d)\n", WAITTIME, conwait); - if (ext) - printf(" -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)\n"); - if (ext) - printf(" -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n"); - if (ext) - printf(" -O use old SSL v2 and v3\n"); - if (ext) - printf(" -q do not print messages about connection errors\n"); - printf(" -U service module usage details\n"); - if (ext == 0) - printf(" -h more command line options (COMPLETE HELP)\n"); - printf(" server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)\n"); - printf(" service the service to crack (see below for supported protocols)\n"); - printf(" OPT some service modules support additional input (-U for module help)\n"); +#define PRINT_NORMAL(ext, text, ...) printf(text, ##__VA_ARGS__) +#define PRINT_EXTEND(ext, text, ...) do { \ + if (ext) \ + printf(text, ##__VA_ARGS__); \ + } while(0) + +void help(int ext) { + PRINT_NORMAL(ext, "Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" + " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" +#ifdef HAVE_MATH_H + " [-x MIN:MAX:CHARSET]" +#endif + " [-ISOuvVd46] " + //"[server service [OPT]]|" + "[service://server[:PORT][/OPT]]\n"); + PRINT_NORMAL(ext, "\nOptions:\n"); + PRINT_EXTEND(ext, " -R restore a previous aborted/crashed session\n" + " -I ignore an existing restore file (dont wait 10 seconds)\n" +#ifdef LIBOPENSSL + " -S perform an SSL connect\n" +#endif + " -s PORT if the service is on a different default port, define it here\n"); + PRINT_NORMAL(ext, " -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n" + " -p PASS or -P FILE try password PASS, or load several passwords from FILE\n"); + PRINT_EXTEND(ext, +#ifdef HAVE_MATH_H + " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" + " -y disable use of symbols in bruteforce, see above\n" +#endif + " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" + " -u loop around users, not passwords (effective! implied with -x)\n"); + PRINT_NORMAL(ext, " -C FILE colon separated \"login:pass\" format, instead of -L/-P options\n" + " -M FILE list of servers to attack, one entry per line, ':' to specify port\n"); + PRINT_EXTEND(ext, " -o FILE write found login/password pairs to FILE instead of stdout\n" + " -b FORMAT specify the format for the -o FILE: text(default), json, jsonv1\n" + " -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); + PRINT_NORMAL(ext, " -t TASKS run TASKS number of connects in parallel per target (default: %d)\n", TASKS); + PRINT_EXTEND(ext, " -T TASKS run TASKS connects in parallel overall (for -M, default: %d)\n" + " -w / -W TIME waittime for responses (%d) / between connects per thread (%d)\n" + " -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)\n" + " -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n" + " -O use old SSL v2 and v3\n" + " -q do not print messages about connection errors\n", + MAXTASKS, WAITTIME, conwait + ); + PRINT_NORMAL(ext, " -U service module usage details\n" + " -h more command line options (COMPLETE HELP)\n" + " server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)\n" + " service the service to crack (see below for supported protocols)\n" + " OPT some service modules support additional input (-U for module help)\n"); + PRINT_NORMAL(ext, "\nSupported services: %s\n" + "\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\n" + "v3.0. The newest version is always available at %s\n" + "Don't use in military or secret service organizations, or for illegal purposes.\n", + SERVICES, PROGRAM, RESOURCE + ); - printf("\nSupported services: %s\n", SERVICES); - printf("\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\nv3.0. The newest version is always available at %s\n", PROGRAM, RESOURCE); - printf("Don't use in military or secret service organizations, or for illegal purposes.\n"); if (ext && strlen(unsupported) > 0) { if (unsupported[strlen(unsupported) - 1] == ' ') unsupported[strlen(unsupported) - 1] = 0; printf("These services were not compiled in: %s.\n", unsupported); } - if (ext) { - printf("\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY environment variables for a proxy setup.\n"); - printf("E.g. %% export HYDRA_PROXY=socks5://l:p@127.0.0.1:9150 (or: socks4:// connect://)\n"); - printf(" %% export HYDRA_PROXY=connect_and_socks_proxylist.txt (up to 64 entries)\n"); - printf(" %% export HYDRA_PROXY_HTTP=http://login:pass@proxy:8080\n"); - printf(" %% export HYDRA_PROXY_HTTP=proxylist.txt (up to 64 entries)\n"); - } - - printf("\nExample%s:%s hydra -l user -P passlist.txt ftp://192.168.0.1\n", ext == 0 ? "" : "s", ext == 0 ? "" : "\n"); - if (ext) { - printf(" hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN\n"); - printf(" hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5\n"); - printf(" hydra -l admin -p password ftp://[192.168.0.0/24]/\n"); - printf(" hydra -L logins.txt -P pws.txt -M targets.txt ssh\n"); - } + PRINT_EXTEND(ext, "\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY environment variables for a proxy setup.\n" + "E.g. %% export HYDRA_PROXY=socks5://l:p@127.0.0.1:9150 (or: socks4:// connect://)\n" + " %% export HYDRA_PROXY=connect_and_socks_proxylist.txt (up to 64 entries)\n" + " %% export HYDRA_PROXY_HTTP=http://login:pass@proxy:8080\n" + " %% export HYDRA_PROXY_HTTP=proxylist.txt (up to 64 entries)\n"); + PRINT_NORMAL(ext, "\nExample%s:%s hydra -l user -P passlist.txt ftp://192.168.0.1\n", ext == 0 ? "" : "s", ext == 0 ? "" : "\n"); + PRINT_EXTEND(ext, " hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN\n" + " hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5\n" + " hydra -l admin -p password ftp://[192.168.0.0/24]/\n" + " hydra -L logins.txt -P pws.txt -M targets.txt ssh\n"); exit(-1); } @@ -421,9 +411,10 @@ void help_bfg() { "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" - " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n" - " -x 3:5:aA1 -y generate passwords from length 3 to 5 with a, A and 1 only\n"); - printf("\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n"); + " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" + " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n" + " -x 3:5:aA1 -y generate passwords from length 3 to 5 with a, A and 1 only\n" + "\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n"); exit(-1); } From f7b122f6edfae76491054a89a51e864bd1852394 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 6 Jun 2017 15:22:37 +0200 Subject: [PATCH 41/90] cleanup --- hydra.c | 59 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 30 insertions(+), 29 deletions(-) diff --git a/hydra.c b/hydra.c index 10c069f..d68f872 100644 --- a/hydra.c +++ b/hydra.c @@ -187,6 +187,31 @@ extern int old_ssl; void hydra_kill_head(int head_no, int killit, int fail); +// some enum definitions +typedef enum { + STATE_ACTIVE = 0, + STATE_FINISHED = 1, + STATE_ERROR = 2, + STATE_UNRESOLVED = 3 +} target_state_t; + +typedef enum { + MODE_PASSWORD_LIST = 1, + MODE_LOGIN_LIST = 2, + MODE_PASSWORD_BRUTE = 4, + MODE_PASSWORD_REVERSE = 8, + MODE_PASSWORD_NULL = 16, + MODE_PASSWORD_SAME = 32, + MODE_COLON_FILE = 64 +} hydra_mode_t; + +typedef enum { + FORMAT_PLAIN_TEXT, + FORMAT_JSONV1, + FORMAT_JSONV2, + FORMAT_XMLV1 +} output_format_t; + // some structure definitions typedef struct { pid_t pid; @@ -200,13 +225,6 @@ typedef struct { time_t last_seen; } hydra_head; -typedef enum { - STATE_ACTIVE = 0, - STATE_FINISHED = 1, - STATE_ERROR = 2, - STATE_UNRESOLVED = 3 -} target_state_t; - typedef struct { char *target; char ip[36]; @@ -247,23 +265,6 @@ typedef struct { FILE *ofp; } hydra_brain; -typedef enum { - MODE_PASSWORD_LIST = 1, - MODE_LOGIN_LIST = 2, - MODE_PASSWORD_BRUTE = 4, - MODE_PASSWORD_REVERSE = 8, - MODE_PASSWORD_NULL = 16, - MODE_PASSWORD_SAME = 32, - MODE_COLON_FILE = 64 -} hydra_mode_t; - -typedef enum { - FORMAT_PLAIN_TEXT, - FORMAT_JSONV1, - FORMAT_JSONV2, - FORMAT_XMLV1 -} output_format_t; - typedef struct { hydra_mode_t mode; int loop_mode; // valid modes: 0 = password, 1 = user @@ -304,7 +305,6 @@ typedef struct { // external vars extern char HYDRA_EXIT[5]; - #if !defined(ANDROID) && !defined(__BIONIC__) extern int errno; #endif @@ -347,16 +347,17 @@ int snpdone, snp_is_redo, snpbuflen, snpi, snpj, snpdont; #include "performance.h" -int inline check_flag(int value, int flag) { - return (value & flag) == flag; -} - #define PRINT_NORMAL(ext, text, ...) printf(text, ##__VA_ARGS__) #define PRINT_EXTEND(ext, text, ...) do { \ if (ext) \ printf(text, ##__VA_ARGS__); \ } while(0) + +int inline check_flag(int value, int flag) { + return (value & flag) == flag; +} + void help(int ext) { PRINT_NORMAL(ext, "Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" From 5033c262dfca80727ecf76365428d2f9f0aa120a Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 6 Jun 2017 15:23:43 +0200 Subject: [PATCH 42/90] changelog update --- CHANGES | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGES b/CHANGES index fb9ebcd..3a851c2 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,7 @@ Changelog for hydra Release 8.6-dev * http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch) +* merged several patches by Diadlo@github to make the code easier readable. thanks for that! Release 8.5 From 66562bd73cbb904dc929575a32cbd71542f03a08 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Sat, 10 Jun 2017 23:54:32 +0300 Subject: [PATCH 43/90] Move null pointer check before pointer using --- hydra-mod.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/hydra-mod.c b/hydra-mod.c index b675377..fd16e54 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -1043,15 +1043,15 @@ char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { char *c, oldstring[6096], newstring[6096]; //updated due to issue 192 on github. static char finalstring[6096]; - if(strlen(string) > 6000) { - hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6000 characters.\n"); - exit(-1); - } - if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece))) return NULL; + if (strlen(string) > 6000) { + hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6000 characters.\n"); + exit(-1); + } + strcpy(newstring, string); strcpy(oldstring, string); From e95e036bbf31bf07780649db7a7e343298855d85 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Sat, 10 Jun 2017 23:54:59 +0300 Subject: [PATCH 44/90] Remove null pointer dereference --- hydra-xmpp.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hydra-xmpp.c b/hydra-xmpp.c index 7fb4462..db38fe0 100644 --- a/hydra-xmpp.c +++ b/hydra-xmpp.c @@ -338,8 +338,7 @@ void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *m do { if ((buf = hydra_receive_line(sock)) == NULL) { /* no auth method identified */ - hydra_report(stderr, "[ERROR] no authentication methods can be identified %s\n", buf); - free(buf); + hydra_report(stderr, "[ERROR] no authentication methods can be identified\n"); hydra_child_exit(1); } From 48709842a6afa4b37eb635e85149dad95c2b9142 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Sat, 10 Jun 2017 23:56:18 +0300 Subject: [PATCH 45/90] Replace possible null pointer no '(null)' string --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index b3a81aa..d9f07e9 100644 --- a/hydra.c +++ b/hydra.c @@ -3173,7 +3173,7 @@ int main(int argc, char *argv[]) { cond = strtok(NULL, ":"); optional1 = strtok(NULL, "\n"); if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL)) { - fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^ or ^PASS^: %s\n", variables); + fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^ or ^PASS^: %s\n", STR_NULL(variables)); exit(-1); } if ((url == NULL) || (cond == NULL)) { From 300fe2f19d7827588356e66b9010c95bad7d61d4 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Sat, 10 Jun 2017 23:56:52 +0300 Subject: [PATCH 46/90] Prevert using NULL login --- hydra-sip.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/hydra-sip.c b/hydra-sip.c index 3faea0b..3cf3b33 100644 --- a/hydra-sip.c +++ b/hydra-sip.c @@ -32,7 +32,11 @@ void empty_register(char *buf, char *host, char *lhost, int port, int lport, cha "REGISTER sip:%s SIP/2.0\r\n" "Via: SIP/2.0/UDP %s:%i\r\n" "From: \r\n" - "To: \r\n" "Call-ID: 1337@%s\r\n" "CSeq: %i REGISTER\r\n" "Content-Length: 0\r\n\r\n", host, lhost, lport, user, host, user, host, host, cseq); + "To: \r\n" + "Call-ID: 1337@%s\r\n" + "CSeq: %i REGISTER\r\n" + "Content-Length: 0\r\n\r\n", + host, lhost, lport, user, host, user, host, host, cseq); } int get_sip_code(char *buf) { @@ -50,7 +54,7 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt char buf[SIP_MAX_BUF]; if (strlen(login = hydra_get_next_login()) == 0) - login = NULL; + return 3; if (strlen(pass = hydra_get_next_password()) == 0) pass = NULL; From a01712370b483ad7a1f4029e4f2e5b3a5d73fc65 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Sat, 10 Jun 2017 23:31:45 +0300 Subject: [PATCH 47/90] Remove useless sock check in init functions 'sock' inited with -1 a few lines above, so condition is alwais false --- hydra-pop3.c | 3 --- hydra-redis.c | 2 -- hydra-rpcap.c | 2 -- 3 files changed, 7 deletions(-) diff --git a/hydra-pop3.c b/hydra-pop3.c index ac3c8a4..4481dfc 100644 --- a/hydra-pop3.c +++ b/hydra-pop3.c @@ -525,9 +525,6 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI p.disable_tls = 1; memcpy(p.ip, ip, 36); - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; diff --git a/hydra-redis.c b/hydra-redis.c index d388de2..61a08ea 100644 --- a/hydra-redis.c +++ b/hydra-redis.c @@ -135,8 +135,6 @@ int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, F char buffer[] = "*1\r\n$4\r\nping\r\n"; hydra_register_socket(sp); - if (sock >= 0) - sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; diff --git a/hydra-rpcap.c b/hydra-rpcap.c index fc9ce00..8272870 100644 --- a/hydra-rpcap.c +++ b/hydra-rpcap.c @@ -130,8 +130,6 @@ int service_rpcap_init(char *ip, int sp, unsigned char options, char *miscptr, F char buffer[] = "\x00\x08\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00"; hydra_register_socket(sp); - if (sock >= 0) - sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; From 18ae87b39624fac492f68cc0b5f964955f9d5fa1 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Sun, 11 Jun 2017 18:21:40 +0300 Subject: [PATCH 48/90] Remove useless null check 'while' has 2 pbuffer[0] checks: - pbuffer[0] not equal to 0 - pbuffer[0] more then 31 (first printable char) if pbuffer[0] more than 31 it's always not equal to 0 => first check is useless --- sasl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sasl.c b/sasl.c index d5239dc..dad73da 100644 --- a/sasl.c +++ b/sasl.c @@ -308,7 +308,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * currentpos = 0; } pbuffer++; - } while ((pbuffer[0] != '\0') && (pbuffer[0] > 31) && (ind < array_size)); + } while ((pbuffer[0] > 31) && (ind < array_size)); //save the latest one if (ind < array_size) { array[ind] = malloc(currentpos + 1); From 78c88159fa4fe9a5ba664a28b15f608ea43e03f1 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Sun, 11 Jun 2017 18:25:45 +0300 Subject: [PATCH 49/90] Remove reduant 'if' after 'else' if (A) { } else if (!A) { } --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index d9f07e9..25275e5 100644 --- a/hydra.c +++ b/hydra.c @@ -1944,7 +1944,7 @@ int hydra_send_next_pair(int target_no, int head_no) { hydra_targets[target_no]->login_no = 0; hydra_targets[target_no]->login_ptr = login_ptr; - } else if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + } else { hydra_targets[target_no]->login_ptr++; while (*hydra_targets[target_no]->login_ptr != 0) hydra_targets[target_no]->login_ptr++; From 39cf5133a65fffd547f06c271b9a93c840656c2d Mon Sep 17 00:00:00 2001 From: Diadlo Date: Sun, 11 Jun 2017 18:48:24 +0300 Subject: [PATCH 50/90] Extract maxfail in to a variable Reduce code duplication, make code easier to read --- hydra.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/hydra.c b/hydra.c index d9f07e9..644f212 100644 --- a/hydra.c +++ b/hydra.c @@ -1562,26 +1562,22 @@ void hydra_kill_head(int head_no, int killit, int fail) { } void hydra_increase_fail_count(int target_no, int head_no) { - int i, k; + int i, k, ok, success, tasks, a, b, maxfail; if (target_no < 0) return; + ok = hydra_targets[target_no]->ok; + tasks = hydra_options.tasks; + success = tasks - hydra_targets[target_no]->failed; + a = tasks <= 4 && ok ? 6 - tasks : 1; + b = success < 5 && ok ? 6 - success : 1; + maxfail = MAXFAIL + a + b + (ok ? 2 : -2); + hydra_targets[target_no]->fail_count++; if (debug) - printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count, - MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 - && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - - hydra_targets - [target_no]->failed) : 1) - + (hydra_targets[target_no]->ok ? 2 : -2)); - if (hydra_targets[target_no]->fail_count >= - MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 - && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - - hydra_targets - [target_no]->failed) : 1) + - (hydra_targets[target_no]->ok ? 2 : -2) - ) { + printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count, maxfail); + if (hydra_targets[target_no]->fail_count >= maxfail) { k = 0; for (i = 0; i < hydra_options.max_use; i++) if (hydra_heads[i]->active >= 0 && hydra_heads[i]->target_no == target_no) From 1043a120d7652cf1e43fb6a6c35a4c8a64cd4c51 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Mon, 12 Jun 2017 12:21:08 +0300 Subject: [PATCH 51/90] Replace one compare sign to make summands more generic --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 644f212..ad77185 100644 --- a/hydra.c +++ b/hydra.c @@ -1570,7 +1570,7 @@ void hydra_increase_fail_count(int target_no, int head_no) { ok = hydra_targets[target_no]->ok; tasks = hydra_options.tasks; success = tasks - hydra_targets[target_no]->failed; - a = tasks <= 4 && ok ? 6 - tasks : 1; + a = tasks < 5 && ok ? 6 - tasks : 1; b = success < 5 && ok ? 6 - success : 1; maxfail = MAXFAIL + a + b + (ok ? 2 : -2); From a47bd13c30e1e16038b8318d07a0bfdce92a157f Mon Sep 17 00:00:00 2001 From: Diadlo Date: Mon, 12 Jun 2017 12:23:17 +0300 Subject: [PATCH 52/90] Add maxfail default value Maxfail for '!ok' is always 0 --- hydra.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/hydra.c b/hydra.c index ad77185..b485118 100644 --- a/hydra.c +++ b/hydra.c @@ -1562,17 +1562,19 @@ void hydra_kill_head(int head_no, int killit, int fail) { } void hydra_increase_fail_count(int target_no, int head_no) { - int i, k, ok, success, tasks, a, b, maxfail; + int i, k, ok, maxfail = 0; if (target_no < 0) return; ok = hydra_targets[target_no]->ok; - tasks = hydra_options.tasks; - success = tasks - hydra_targets[target_no]->failed; - a = tasks < 5 && ok ? 6 - tasks : 1; - b = success < 5 && ok ? 6 - success : 1; - maxfail = MAXFAIL + a + b + (ok ? 2 : -2); + if (ok) { + const int tasks = hydra_options.tasks; + const int success = tasks - hydra_targets[target_no]->failed; + const int t = tasks < 5 && ok ? 6 - tasks : 1; + const int s = success < 5 && ok ? 6 - success : 1; + maxfail = MAXFAIL + t + s + (ok ? 2 : -2); + } hydra_targets[target_no]->fail_count++; if (debug) From e8e17d092d23b9f1108e85c96c01e4bf9d17e306 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Mon, 12 Jun 2017 12:24:21 +0300 Subject: [PATCH 53/90] Remove using 'ok' from 'if' where 'ok' is always true --- hydra.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/hydra.c b/hydra.c index b485118..b949a02 100644 --- a/hydra.c +++ b/hydra.c @@ -1567,13 +1567,12 @@ void hydra_increase_fail_count(int target_no, int head_no) { if (target_no < 0) return; - ok = hydra_targets[target_no]->ok; - if (ok) { + if (hydra_targets[target_no]->ok) { const int tasks = hydra_options.tasks; const int success = tasks - hydra_targets[target_no]->failed; - const int t = tasks < 5 && ok ? 6 - tasks : 1; - const int s = success < 5 && ok ? 6 - success : 1; - maxfail = MAXFAIL + t + s + (ok ? 2 : -2); + const int t = tasks < 5 ? 6 - tasks : 1; + const int s = success < 5 ? 6 - success : 1; + maxfail = MAXFAIL + t + s + 2; } hydra_targets[target_no]->fail_count++; From 13962a20a8455a93d82470178f8989cf290c5a0c Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 15 Jun 2017 11:45:46 +0200 Subject: [PATCH 54/90] fix for SSL error:00000000:lib(0):func(0):reason(0) bug --- CHANGES | 1 + hydra-mod.c | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 3a851c2..ee7a523 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,7 @@ Changelog for hydra Release 8.6-dev * http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch) +* Fix for SSL connections that failed with error:00000000:lib(0):func(0):reason(0) (thanks gaia@github for reporting) * merged several patches by Diadlo@github to make the code easier readable. thanks for that! diff --git a/hydra-mod.c b/hydra-mod.c index fd16e54..0b9fd78 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -514,10 +514,9 @@ int internal__hydra_connect_to_ssl(int socket, char *hostname) { return -1; } } else { -// if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) { #ifndef TLSv1_2_client_method #if OPENSSL_VERSION_NUMBER < 0x10100000L - #define TLSv1_2_client_method TLSv1_client_method + #define TLSv1_2_client_method TLSv1_2_client_method #else #define TLSv1_2_client_method TLS_client_method #endif From 21c4b99e1b078caacf28f90f36bef8ecb105fe93 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Wed, 21 Jun 2017 23:14:25 +0300 Subject: [PATCH 55/90] Use early break instead of large if --- hydra.c | 452 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 228 insertions(+), 224 deletions(-) diff --git a/hydra.c b/hydra.c index 00a32aa..15507be 100644 --- a/hydra.c +++ b/hydra.c @@ -450,231 +450,235 @@ void help_bfg() { void module_usage() { int find = 0; - if (hydra_options.service) { - printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service); - if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { - printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); - find = 1; - } - if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { - printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); - find = 1; - } - if (strcmp(hydra_options.service, "cvs") == 0) { - printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); - find = 1; - } - if (strcmp(hydra_options.service, "xmpp") == 0) { - printf("Module xmpp is optionally taking one authentication type of:\n" - " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" - "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "pop3") == 0)) { - printf("Module pop3 is optionally taking one authentication type of:\n" - " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "rdp") == 0)) { - printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) { - printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "nntp") == 0)) { - printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "imap") == 0)) { - printf("Module imap is optionally taking one authentication type of:\n" - " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) { - printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" - "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" - "login parameter is used as username and password parameter as the domain name\n" - "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "smtp")) == 0) { - printf("Module smtp is optionally taking one authentication type of:\n" - " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" - "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "svn") == 0)) { - printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "ncp") == 0)) { - printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "firebird") == 0)) { - printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "mysql") == 0)) { - printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "irc") == 0)) { - printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "postgres") == 0)) { - printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "telnet") == 0)) { - printf("Module telnet is optionally taking the string which is displayed after\n" - "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) { - printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "sshkey") == 0)) { - printf("Module sshkey does not provide additional options, although the semantic for\n" - "options -p and -P is changed:\n" - " -p expects a path to an unencrypted private key in PEM format.\n" - " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) { - printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" - "Note: if AAA authentication is used, use the -l option for the username\n" - "and the optional parameter for the password of the user.\n" - "Examples:\n" - " hydra -P pass.txt target cisco-enable (direct console access)\n" - " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" - " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "cisco") == 0)) { - printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "ldap2") == 0) - || (strcmp(hydra_options.service, "ldap3") == 0) - || (strcmp(hydra_options.service, "ldap3-crammd5") == 0) - || (strcmp(hydra_options.service, "ldap3-digestmd5") == 0)) - ) { - printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" - "Note: you can also specify the DN as login when Simple auth method is used).\n" - "The keyword \"^USER^\" is replaced with the login.\n" - "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" - "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" - "So don't forget to set empty string as user/pass to test all modes.\n" - "Hint: to authenticate to a windows active directy ldap, this is usually\n" - " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))) { - printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" - "Note: you can set the group type using LOCAL or DOMAIN keyword\n" - " or other_domain:{value} to specify a trusted domain.\n" - " you can set the password type using HASH or MACHINE keyword\n" - " (to use the Machine's NetBIOS name as the password).\n" - " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" - "Example: \n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" - " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "http-get-form") == 0) - || (strcmp(hydra_options.service, "https-get-form") == 0) - || (strcmp(hydra_options.service, "http-post-form") == 0) - || (strcmp(hydra_options.service, "https-post-form") == 0) - || (strncmp(hydra_options.service, "http-form", 9) == 0) - || (strncmp(hydra_options.service, "https-form", 10) == 0) - ) - ) { - printf("Module %s requires the page and the parameters for the web form.\n\n" - "By default this module is configured to follow a maximum of 5 redirections in\n" - "a row. It always gathers a new cookie from the same URL without variables\n" - "The parameters take three \":\" separated values, plus optional values.\n" - "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" - "\nSyntax: :
:[:[:]\n" - "First is the page on the server to GET or POST to (URL).\n" - "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" - " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" - " placeholders (FORM PARAMETERS)\n" - "Third is the string that it checks for an *invalid* login (by default)\n" - " Invalid condition login check can be preceded by \"F=\", successful condition\n" - " login check must be preceded by \"S=\".\n" - " This is where most people get it wrong. You have to check the webapp what a\n" - " failed string looks like and put it in this parameter!\n" - "The following parameters are optional:\n" - " C=/page/uri to define a different page to gather initial cookies from\n" - " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" - " ^USER^ and ^PASS^ can also be put into these headers!\n" - " Note: 'h' will add the user-defined header at the end\n" - " regardless it's already being sent by Hydra or not.\n" - " 'H' will replace the value of that header if it exists, by the\n" - " one supplied by the user, or add the header at the end\n" - "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" - " All colons that are not option separators should be escaped (see the examples above and below).\n" - " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" - " in the header value itself, as they will be interpreted by hydra as option separators.\n" - "\nExamples:\n" - " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" - " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" - " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" - " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" - " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", - hydra_options.service); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) { - printf("Module http-proxy is optionally taking the page to authenticate at.\n" - "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) { - printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" - "The -L loginfile must contain the URL list to try through the proxy.\n" - "The proxy credentials cann be put as the optional parameter, e.g.\n" - " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); - find = 1; - } - if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) { - printf("Module snmp is optionally taking the following parameters:\n"); - printf(" READ perform read requests (default)\n"); - printf(" WRITE perform write requests\n"); - printf(" 1 use SNMP version 1 (default)\n"); - printf(" 2 use SNMP version 2\n"); - printf(" 3 use SNMP version 3\n"); - printf(" Note that SNMP version 3 usually uses both login and passwords!\n"); - printf(" SNMP version 3 has the following optional sub parameters:\n"); - printf(" MD5 use MD5 authentication (default)\n"); - printf(" SHA use SHA authentication\n"); - printf(" DES use DES encryption\n"); - printf(" AES use AES encryption\n"); - printf(" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"); - printf(" only requires a password (or username) not both.\n"); - printf("To combine the options, use colons (\":\"), e.g.:\n"); - printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"); - printf(" hydra -P pass.txt -m 2 target.com snmp\n"); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "http-get") == 0) - || (strcmp(hydra_options.service, "https-get") == 0) - || (strcmp(hydra_options.service, "http-post") == 0) - || (strcmp(hydra_options.service, "https-post") == 0)) - ) { - printf("Module %s requires the page to authenticate.\n" - "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service); - find = 1; - } + if (!hydra_options.service) { + printf("The Module %s does not need or support optional parameters\n", hydra_options.service); + exit(0); } + + printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service); + if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { + printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); + find = 1; + } + if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { + printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); + find = 1; + } + if (strcmp(hydra_options.service, "cvs") == 0) { + printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); + find = 1; + } + if (strcmp(hydra_options.service, "xmpp") == 0) { + printf("Module xmpp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" + "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "pop3") == 0)) { + printf("Module pop3 is optionally taking one authentication type of:\n" + " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "rdp") == 0)) { + printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) { + printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "nntp") == 0)) { + printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "imap") == 0)) { + printf("Module imap is optionally taking one authentication type of:\n" + " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) { + printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" + "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" + "login parameter is used as username and password parameter as the domain name\n" + "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "smtp")) == 0) { + printf("Module smtp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" + "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "svn") == 0)) { + printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "ncp") == 0)) { + printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "firebird") == 0)) { + printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "mysql") == 0)) { + printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "irc") == 0)) { + printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "postgres") == 0)) { + printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "telnet") == 0)) { + printf("Module telnet is optionally taking the string which is displayed after\n" + "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) { + printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "sshkey") == 0)) { + printf("Module sshkey does not provide additional options, although the semantic for\n" + "options -p and -P is changed:\n" + " -p expects a path to an unencrypted private key in PEM format.\n" + " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) { + printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" + "Note: if AAA authentication is used, use the -l option for the username\n" + "and the optional parameter for the password of the user.\n" + "Examples:\n" + " hydra -P pass.txt target cisco-enable (direct console access)\n" + " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" + " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "cisco") == 0)) { + printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "ldap2") == 0) + || (strcmp(hydra_options.service, "ldap3") == 0) + || (strcmp(hydra_options.service, "ldap3-crammd5") == 0) + || (strcmp(hydra_options.service, "ldap3-digestmd5") == 0)) + ) { + printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" + "Note: you can also specify the DN as login when Simple auth method is used).\n" + "The keyword \"^USER^\" is replaced with the login.\n" + "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" + "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" + "So don't forget to set empty string as user/pass to test all modes.\n" + "Hint: to authenticate to a windows active directy ldap, this is usually\n" + " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))) { + printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" + "Note: you can set the group type using LOCAL or DOMAIN keyword\n" + " or other_domain:{value} to specify a trusted domain.\n" + " you can set the password type using HASH or MACHINE keyword\n" + " (to use the Machine's NetBIOS name as the password).\n" + " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" + "Example: \n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" + " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "http-get-form") == 0) + || (strcmp(hydra_options.service, "https-get-form") == 0) + || (strcmp(hydra_options.service, "http-post-form") == 0) + || (strcmp(hydra_options.service, "https-post-form") == 0) + || (strncmp(hydra_options.service, "http-form", 9) == 0) + || (strncmp(hydra_options.service, "https-form", 10) == 0) + ) + ) { + printf("Module %s requires the page and the parameters for the web form.\n\n" + "By default this module is configured to follow a maximum of 5 redirections in\n" + "a row. It always gathers a new cookie from the same URL without variables\n" + "The parameters take three \":\" separated values, plus optional values.\n" + "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" + "\nSyntax: ::[:[:]\n" + "First is the page on the server to GET or POST to (URL).\n" + "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" + " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" + " placeholders (FORM PARAMETERS)\n" + "Third is the string that it checks for an *invalid* login (by default)\n" + " Invalid condition login check can be preceded by \"F=\", successful condition\n" + " login check must be preceded by \"S=\".\n" + " This is where most people get it wrong. You have to check the webapp what a\n" + " failed string looks like and put it in this parameter!\n" + "The following parameters are optional:\n" + " C=/page/uri to define a different page to gather initial cookies from\n" + " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" + " ^USER^ and ^PASS^ can also be put into these headers!\n" + " Note: 'h' will add the user-defined header at the end\n" + " regardless it's already being sent by Hydra or not.\n" + " 'H' will replace the value of that header if it exists, by the\n" + " one supplied by the user, or add the header at the end\n" + "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" + " All colons that are not option separators should be escaped (see the examples above and below).\n" + " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" + " in the header value itself, as they will be interpreted by hydra as option separators.\n" + "\nExamples:\n" + " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" + " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" + " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", + hydra_options.service); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) { + printf("Module http-proxy is optionally taking the page to authenticate at.\n" + "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) { + printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" + "The -L loginfile must contain the URL list to try through the proxy.\n" + "The proxy credentials cann be put as the optional parameter, e.g.\n" + " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); + find = 1; + } + if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) { + printf("Module snmp is optionally taking the following parameters:\n"); + printf(" READ perform read requests (default)\n"); + printf(" WRITE perform write requests\n"); + printf(" 1 use SNMP version 1 (default)\n"); + printf(" 2 use SNMP version 2\n"); + printf(" 3 use SNMP version 3\n"); + printf(" Note that SNMP version 3 usually uses both login and passwords!\n"); + printf(" SNMP version 3 has the following optional sub parameters:\n"); + printf(" MD5 use MD5 authentication (default)\n"); + printf(" SHA use SHA authentication\n"); + printf(" DES use DES encryption\n"); + printf(" AES use AES encryption\n"); + printf(" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"); + printf(" only requires a password (or username) not both.\n"); + printf("To combine the options, use colons (\":\"), e.g.:\n"); + printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"); + printf(" hydra -P pass.txt -m 2 target.com snmp\n"); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "http-get") == 0) + || (strcmp(hydra_options.service, "https-get") == 0) + || (strcmp(hydra_options.service, "http-post") == 0) + || (strcmp(hydra_options.service, "https-post") == 0)) + ) { + printf("Module %s requires the page to authenticate.\n" + "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service); + find = 1; + } + if (!find) // this is also printed if the module does not exist at all printf("The Module %s does not need or support optional parameters\n", hydra_options.service); exit(0); From 9265272a3ed70277fc2059d834905f6f24a75611 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Wed, 21 Jun 2017 23:17:32 +0300 Subject: [PATCH 56/90] Use early return instead of 'find' flag It's increase performance --- hydra.c | 137 +++++++++++++++++++++++++++----------------------------- 1 file changed, 67 insertions(+), 70 deletions(-) diff --git a/hydra.c b/hydra.c index 15507be..1d81e02 100644 --- a/hydra.c +++ b/hydra.c @@ -448,8 +448,6 @@ void help_bfg() { } void module_usage() { - int find = 0; - if (!hydra_options.service) { printf("The Module %s does not need or support optional parameters\n", hydra_options.service); exit(0); @@ -458,100 +456,100 @@ void module_usage() { printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service); if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); - find = 1; + return; } if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); - find = 1; + return; } if (strcmp(hydra_options.service, "cvs") == 0) { printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); - find = 1; + return; } if (strcmp(hydra_options.service, "xmpp") == 0) { printf("Module xmpp is optionally taking one authentication type of:\n" " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "pop3") == 0)) { + if (strcmp(hydra_options.service, "pop3") == 0) { printf("Module pop3 is optionally taking one authentication type of:\n" " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "rdp") == 0)) { + if (strcmp(hydra_options.service, "rdp") == 0) { printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) { + if (strcmp(hydra_options.service, "s7-300") == 0) { printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "nntp") == 0)) { + if (strcmp(hydra_options.service, "nntp") == 0) { printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "imap") == 0)) { + if (strcmp(hydra_options.service, "imap") == 0) { printf("Module imap is optionally taking one authentication type of:\n" " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) { + if (strcmp(hydra_options.service, "smtp-enum") == 0) { printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" "login parameter is used as username and password parameter as the domain name\n" "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "smtp")) == 0) { + if (strcmp(hydra_options.service, "smtp") == 0) { printf("Module smtp is optionally taking one authentication type of:\n" " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "svn") == 0)) { + if (strcmp(hydra_options.service, "svn") == 0) { printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "ncp") == 0)) { + if (strcmp(hydra_options.service, "ncp") == 0) { printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "firebird") == 0)) { + if (strcmp(hydra_options.service, "firebird") == 0) { printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "mysql") == 0)) { + if (strcmp(hydra_options.service, "mysql") == 0) { printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "irc") == 0)) { + if (strcmp(hydra_options.service, "irc") == 0) { printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "postgres") == 0)) { + if (strcmp(hydra_options.service, "postgres") == 0) { printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "telnet") == 0)) { + if (strcmp(hydra_options.service, "telnet") == 0) { printf("Module telnet is optionally taking the string which is displayed after\n" "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) { + if (strcmp(hydra_options.service, "sapr3") == 0) { printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "sshkey") == 0)) { + if (strcmp(hydra_options.service, "sshkey") == 0) { printf("Module sshkey does not provide additional options, although the semantic for\n" "options -p and -P is changed:\n" " -p expects a path to an unencrypted private key in PEM format.\n" " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) { + if (strcmp(hydra_options.service, "cisco-enable") == 0) { printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" "Note: if AAA authentication is used, use the -l option for the username\n" "and the optional parameter for the password of the user.\n" @@ -559,16 +557,16 @@ void module_usage() { " hydra -P pass.txt target cisco-enable (direct console access)\n" " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "cisco") == 0)) { + if (strcmp(hydra_options.service, "cisco") == 0) { printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); - find = 1; + return; } - if (!find && ((strcmp(hydra_options.service, "ldap2") == 0) - || (strcmp(hydra_options.service, "ldap3") == 0) - || (strcmp(hydra_options.service, "ldap3-crammd5") == 0) - || (strcmp(hydra_options.service, "ldap3-digestmd5") == 0)) + if ((strcmp(hydra_options.service, "ldap2") == 0) + || (strcmp(hydra_options.service, "ldap3") == 0) + || (strcmp(hydra_options.service, "ldap3-crammd5") == 0) + || (strcmp(hydra_options.service, "ldap3-digestmd5") == 0) ) { printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" "Note: you can also specify the DN as login when Simple auth method is used).\n" @@ -578,9 +576,9 @@ void module_usage() { "So don't forget to set empty string as user/pass to test all modes.\n" "Hint: to authenticate to a windows active directy ldap, this is usually\n" " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service); - find = 1; + return; } - if (!find && ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))) { + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" "Note: you can set the group type using LOCAL or DOMAIN keyword\n" " or other_domain:{value} to specify a trusted domain.\n" @@ -591,15 +589,15 @@ void module_usage() { " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); - find = 1; + return; } - if (!find && ((strcmp(hydra_options.service, "http-get-form") == 0) - || (strcmp(hydra_options.service, "https-get-form") == 0) - || (strcmp(hydra_options.service, "http-post-form") == 0) - || (strcmp(hydra_options.service, "https-post-form") == 0) - || (strncmp(hydra_options.service, "http-form", 9) == 0) - || (strncmp(hydra_options.service, "https-form", 10) == 0) - ) + if ((strcmp(hydra_options.service, "http-get-form") == 0) + || (strcmp(hydra_options.service, "https-get-form") == 0) + || (strcmp(hydra_options.service, "http-post-form") == 0) + || (strcmp(hydra_options.service, "https-post-form") == 0) + || (strncmp(hydra_options.service, "http-form", 9) == 0) + || (strncmp(hydra_options.service, "https-form", 10) == 0) + ) { printf("Module %s requires the page and the parameters for the web form.\n\n" "By default this module is configured to follow a maximum of 5 redirections in\n" @@ -635,21 +633,21 @@ void module_usage() { " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", hydra_options.service); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) { + if (strcmp(hydra_options.service, "http-proxy") == 0) { printf("Module http-proxy is optionally taking the page to authenticate at.\n" "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); - find = 1; + return; } - if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) { + if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) { printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" "The -L loginfile must contain the URL list to try through the proxy.\n" "The proxy credentials cann be put as the optional parameter, e.g.\n" " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); - find = 1; + return; } - if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) { + if (strncmp(hydra_options.service, "snmp", 4) == 0) { printf("Module snmp is optionally taking the following parameters:\n"); printf(" READ perform read requests (default)\n"); printf(" WRITE perform write requests\n"); @@ -667,20 +665,19 @@ void module_usage() { printf("To combine the options, use colons (\":\"), e.g.:\n"); printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"); printf(" hydra -P pass.txt -m 2 target.com snmp\n"); - find = 1; + return; } - if (!find && ((strcmp(hydra_options.service, "http-get") == 0) - || (strcmp(hydra_options.service, "https-get") == 0) - || (strcmp(hydra_options.service, "http-post") == 0) - || (strcmp(hydra_options.service, "https-post") == 0)) + if ((strcmp(hydra_options.service, "http-get") == 0) + || (strcmp(hydra_options.service, "https-get") == 0) + || (strcmp(hydra_options.service, "http-post") == 0) + || (strcmp(hydra_options.service, "https-post") == 0) ) { printf("Module %s requires the page to authenticate.\n" "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service); - find = 1; + return; } - if (!find) // this is also printed if the module does not exist at all - printf("The Module %s does not need or support optional parameters\n", hydra_options.service); + printf("The Module %s does not need or support optional parameters\n", hydra_options.service); exit(0); } From 7e09c0b43eb29abb2c4457f69ca87e17324a6328 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Thu, 22 Jun 2017 00:36:57 +0300 Subject: [PATCH 57/90] Extrace each module usage in separate function --- hydra.c | 356 +++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 236 insertions(+), 120 deletions(-) diff --git a/hydra.c b/hydra.c index 1d81e02..ecc5634 100644 --- a/hydra.c +++ b/hydra.c @@ -447,6 +447,213 @@ void help_bfg() { exit(-1); } +void usage_oracle(const char* service) { + printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); +} + +void usage_oracle_listener(const char* service) { + printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); +} + +void usage_cvs(const char* service) { + printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); +} + +void usage_xmpp(const char* service) { + printf("Module xmpp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" + "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); +} + +void usage_pop3(const char* service) { + printf("Module pop3 is optionally taking one authentication type of:\n" + " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); +} + +void usage_rdp(const char* service) { + printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); +} + +void usage_s7_300(const char* service) { + printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); +} + +void usage_nntp(const char* service) { + printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); +} + +void usage_imap(const char* service) { + printf("Module imap is optionally taking one authentication type of:\n" + " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); +} + +void usage_smtp_enum(const char* service) { + printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" + "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" + "login parameter is used as username and password parameter as the domain name\n" + "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); +} + +void usage_smtp(const char* service) { + printf("Module smtp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" + "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); +} + +void usage_svn(const char* service) { + printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); +} + +void usage_ncp(const char* service) { + printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); +} + +void usage_firebird(const char* service) { + printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); +} + +void usage_mysql(const char* service) { + printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); +} + +void usage_irc(const char* service) { + printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); +} + +void usage_postgres(const char* service) { + printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); +} + +void usage_telnet(const char* service) { + printf("Module telnet is optionally taking the string which is displayed after\n" + "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); +} + +void usage_sapr3(const char* service) { + printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); +} + +void usage_sshkey(const char* service) { + printf("Module sshkey does not provide additional options, although the semantic for\n" + "options -p and -P is changed:\n" + " -p expects a path to an unencrypted private key in PEM format.\n" + " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); +} + +void usage_cisco_enable(const char* service) { + printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" + "Note: if AAA authentication is used, use the -l option for the username\n" + "and the optional parameter for the password of the user.\n" + "Examples:\n" + " hydra -P pass.txt target cisco-enable (direct console access)\n" + " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" + " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); +} + +void usage_cisco(const char* service) { + printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); +} + +void usage_ldap(const char* service) { + printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" + "Note: you can also specify the DN as login when Simple auth method is used).\n" + "The keyword \"^USER^\" is replaced with the login.\n" + "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" + "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" + "So don't forget to set empty string as user/pass to test all modes.\n" + "Hint: to authenticate to a windows active directy ldap, this is usually\n" + " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", service); +} + +void usage_smb(const char* service) { + printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" + "Note: you can set the group type using LOCAL or DOMAIN keyword\n" + " or other_domain:{value} to specify a trusted domain.\n" + " you can set the password type using HASH or MACHINE keyword\n" + " (to use the Machine's NetBIOS name as the password).\n" + " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" + "Example: \n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" + " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); +} + +void usage_http_form(const char* service) { + printf("Module %s requires the page and the parameters for the web form.\n\n" + "By default this module is configured to follow a maximum of 5 redirections in\n" + "a row. It always gathers a new cookie from the same URL without variables\n" + "The parameters take three \":\" separated values, plus optional values.\n" + "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" + "\nSyntax: ::[:[:]\n" + "First is the page on the server to GET or POST to (URL).\n" + "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" + " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" + " placeholders (FORM PARAMETERS)\n" + "Third is the string that it checks for an *invalid* login (by default)\n" + " Invalid condition login check can be preceded by \"F=\", successful condition\n" + " login check must be preceded by \"S=\".\n" + " This is where most people get it wrong. You have to check the webapp what a\n" + " failed string looks like and put it in this parameter!\n" + "The following parameters are optional:\n" + " C=/page/uri to define a different page to gather initial cookies from\n" + " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" + " ^USER^ and ^PASS^ can also be put into these headers!\n" + " Note: 'h' will add the user-defined header at the end\n" + " regardless it's already being sent by Hydra or not.\n" + " 'H' will replace the value of that header if it exists, by the\n" + " one supplied by the user, or add the header at the end\n" + "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" + " All colons that are not option separators should be escaped (see the examples above and below).\n" + " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" + " in the header value itself, as they will be interpreted by hydra as option separators.\n" + "\nExamples:\n" + " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" + " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" + " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", + service); +} + +void usage_http_proxy(const char* service) { + printf("Module http-proxy is optionally taking the page to authenticate at.\n" + "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); +} + +void usage_http_proxy_urlenum(const char* service) { + printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" + "The -L loginfile must contain the URL list to try through the proxy.\n" + "The proxy credentials cann be put as the optional parameter, e.g.\n" + " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); +} + +void usage_snmp(const char* service) { + printf("Module snmp is optionally taking the following parameters:\n" + " READ perform read requests (default)\n" + " WRITE perform write requests\n" + " 1 use SNMP version 1 (default)\n" + " 2 use SNMP version 2\n" + " 3 use SNMP version 3\n" + " Note that SNMP version 3 usually uses both login and passwords!\n" + " SNMP version 3 has the following optional sub parameters:\n" + " MD5 use MD5 authentication (default)\n" + " SHA use SHA authentication\n" + " DES use DES encryption\n" + " AES use AES encryption\n" + " if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n" + " only requires a password (or username) not both.\n" + "To combine the options, use colons (\":\"), e.g.:\n" + " hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n" + " hydra -P pass.txt -m 2 target.com snmp\n"); +} + +void usage_http(const char* service) { + printf("Module %s requires the page to authenticate.\n" + "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", service); +} + void module_usage() { if (!hydra_options.service) { printf("The Module %s does not need or support optional parameters\n", hydra_options.service); @@ -455,112 +662,91 @@ void module_usage() { printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service); if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { - printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); + usage_oracle(hydra_options.service); return; } if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { - printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); + usage_oracle_listener(hydra_options.service); return; } if (strcmp(hydra_options.service, "cvs") == 0) { - printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); + usage_cvs(hydra_options.service); return; } if (strcmp(hydra_options.service, "xmpp") == 0) { - printf("Module xmpp is optionally taking one authentication type of:\n" - " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" - "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); + usage_xmpp(hydra_options.service); return; } if (strcmp(hydra_options.service, "pop3") == 0) { - printf("Module pop3 is optionally taking one authentication type of:\n" - " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); + usage_pop3(hydra_options.service); return; } if (strcmp(hydra_options.service, "rdp") == 0) { - printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); + usage_rdp(hydra_options.service); return; } if (strcmp(hydra_options.service, "s7-300") == 0) { - printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); + usage_s7_300(hydra_options.service); return; } if (strcmp(hydra_options.service, "nntp") == 0) { - printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); + usage_nntp(hydra_options.service); return; } if (strcmp(hydra_options.service, "imap") == 0) { - printf("Module imap is optionally taking one authentication type of:\n" - " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); + usage_imap(hydra_options.service); return; } if (strcmp(hydra_options.service, "smtp-enum") == 0) { - printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" - "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" - "login parameter is used as username and password parameter as the domain name\n" - "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); + usage_smtp_enum(hydra_options.service); return; } if (strcmp(hydra_options.service, "smtp") == 0) { - printf("Module smtp is optionally taking one authentication type of:\n" - " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" - "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); + usage_smtp(hydra_options.service); return; } if (strcmp(hydra_options.service, "svn") == 0) { - printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); + usage_svn(hydra_options.service); return; } if (strcmp(hydra_options.service, "ncp") == 0) { - printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); + usage_ncp(hydra_options.service); return; } if (strcmp(hydra_options.service, "firebird") == 0) { - printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); + usage_firebird(hydra_options.service); return; } if (strcmp(hydra_options.service, "mysql") == 0) { - printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); + usage_mysql(hydra_options.service); return; } if (strcmp(hydra_options.service, "irc") == 0) { - printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); + usage_irc(hydra_options.service); return; } if (strcmp(hydra_options.service, "postgres") == 0) { - printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); + usage_postgres(hydra_options.service); return; } if (strcmp(hydra_options.service, "telnet") == 0) { - printf("Module telnet is optionally taking the string which is displayed after\n" - "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); + usage_telnet(hydra_options.service); return; } if (strcmp(hydra_options.service, "sapr3") == 0) { - printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); + usage_sapr3(hydra_options.service); return; } if (strcmp(hydra_options.service, "sshkey") == 0) { - printf("Module sshkey does not provide additional options, although the semantic for\n" - "options -p and -P is changed:\n" - " -p expects a path to an unencrypted private key in PEM format.\n" - " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); + usage_sshkey(hydra_options.service); return; } if (strcmp(hydra_options.service, "cisco-enable") == 0) { - printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" - "Note: if AAA authentication is used, use the -l option for the username\n" - "and the optional parameter for the password of the user.\n" - "Examples:\n" - " hydra -P pass.txt target cisco-enable (direct console access)\n" - " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" - " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); + usage_cisco_enable(hydra_options.service); return; } if (strcmp(hydra_options.service, "cisco") == 0) { - printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); + usage_cisco(hydra_options.service); return; } if ((strcmp(hydra_options.service, "ldap2") == 0) @@ -568,27 +754,11 @@ void module_usage() { || (strcmp(hydra_options.service, "ldap3-crammd5") == 0) || (strcmp(hydra_options.service, "ldap3-digestmd5") == 0) ) { - printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" - "Note: you can also specify the DN as login when Simple auth method is used).\n" - "The keyword \"^USER^\" is replaced with the login.\n" - "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" - "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" - "So don't forget to set empty string as user/pass to test all modes.\n" - "Hint: to authenticate to a windows active directy ldap, this is usually\n" - " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service); + usage_ldap(hydra_options.service); return; } if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { - printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" - "Note: you can set the group type using LOCAL or DOMAIN keyword\n" - " or other_domain:{value} to specify a trusted domain.\n" - " you can set the password type using HASH or MACHINE keyword\n" - " (to use the Machine's NetBIOS name as the password).\n" - " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" - "Example: \n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" - " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); + usage_smb(hydra_options.service); return; } if ((strcmp(hydra_options.service, "http-get-form") == 0) @@ -599,72 +769,19 @@ void module_usage() { || (strncmp(hydra_options.service, "https-form", 10) == 0) ) { - printf("Module %s requires the page and the parameters for the web form.\n\n" - "By default this module is configured to follow a maximum of 5 redirections in\n" - "a row. It always gathers a new cookie from the same URL without variables\n" - "The parameters take three \":\" separated values, plus optional values.\n" - "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" - "\nSyntax: ::[:[:]\n" - "First is the page on the server to GET or POST to (URL).\n" - "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" - " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" - " placeholders (FORM PARAMETERS)\n" - "Third is the string that it checks for an *invalid* login (by default)\n" - " Invalid condition login check can be preceded by \"F=\", successful condition\n" - " login check must be preceded by \"S=\".\n" - " This is where most people get it wrong. You have to check the webapp what a\n" - " failed string looks like and put it in this parameter!\n" - "The following parameters are optional:\n" - " C=/page/uri to define a different page to gather initial cookies from\n" - " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" - " ^USER^ and ^PASS^ can also be put into these headers!\n" - " Note: 'h' will add the user-defined header at the end\n" - " regardless it's already being sent by Hydra or not.\n" - " 'H' will replace the value of that header if it exists, by the\n" - " one supplied by the user, or add the header at the end\n" - "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" - " All colons that are not option separators should be escaped (see the examples above and below).\n" - " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" - " in the header value itself, as they will be interpreted by hydra as option separators.\n" - "\nExamples:\n" - " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" - " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" - " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" - " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" - " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", - hydra_options.service); + usage_http_form(hydra_options.service); return; } if (strcmp(hydra_options.service, "http-proxy") == 0) { - printf("Module http-proxy is optionally taking the page to authenticate at.\n" - "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); + usage_http_proxy(hydra_options.service); return; } if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) { - printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" - "The -L loginfile must contain the URL list to try through the proxy.\n" - "The proxy credentials cann be put as the optional parameter, e.g.\n" - " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); + usage_http_proxy_urlenum(hydra_options.service); return; } if (strncmp(hydra_options.service, "snmp", 4) == 0) { - printf("Module snmp is optionally taking the following parameters:\n"); - printf(" READ perform read requests (default)\n"); - printf(" WRITE perform write requests\n"); - printf(" 1 use SNMP version 1 (default)\n"); - printf(" 2 use SNMP version 2\n"); - printf(" 3 use SNMP version 3\n"); - printf(" Note that SNMP version 3 usually uses both login and passwords!\n"); - printf(" SNMP version 3 has the following optional sub parameters:\n"); - printf(" MD5 use MD5 authentication (default)\n"); - printf(" SHA use SHA authentication\n"); - printf(" DES use DES encryption\n"); - printf(" AES use AES encryption\n"); - printf(" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"); - printf(" only requires a password (or username) not both.\n"); - printf("To combine the options, use colons (\":\"), e.g.:\n"); - printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"); - printf(" hydra -P pass.txt -m 2 target.com snmp\n"); + usage_snmp(hydra_options.service); return; } if ((strcmp(hydra_options.service, "http-get") == 0) @@ -672,8 +789,7 @@ void module_usage() { || (strcmp(hydra_options.service, "http-post") == 0) || (strcmp(hydra_options.service, "https-post") == 0) ) { - printf("Module %s requires the page to authenticate.\n" - "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service); + usage_http(hydra_options.service); return; } From a8f8bdbc5f198a0d2dfc41112e035c7dbb69f6e2 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Thu, 22 Jun 2017 01:00:36 +0300 Subject: [PATCH 58/90] Add usage functions into service vector --- hydra.c | 219 +++++++++++++------------------------------------------- 1 file changed, 50 insertions(+), 169 deletions(-) diff --git a/hydra.c b/hydra.c index ecc5634..0b0ce76 100644 --- a/hydra.c +++ b/hydra.c @@ -655,142 +655,20 @@ void usage_http(const char* service) { } void module_usage() { + int i; if (!hydra_options.service) { printf("The Module %s does not need or support optional parameters\n", hydra_options.service); exit(0); } printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service); - if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { - usage_oracle(hydra_options.service); - return; - } - if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { - usage_oracle_listener(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "cvs") == 0) { - usage_cvs(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "xmpp") == 0) { - usage_xmpp(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "pop3") == 0) { - usage_pop3(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "rdp") == 0) { - usage_rdp(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "s7-300") == 0) { - usage_s7_300(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "nntp") == 0) { - usage_nntp(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "imap") == 0) { - usage_imap(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "smtp-enum") == 0) { - usage_smtp_enum(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "smtp") == 0) { - usage_smtp(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "svn") == 0) { - usage_svn(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "ncp") == 0) { - usage_ncp(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "firebird") == 0) { - usage_firebird(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "mysql") == 0) { - usage_mysql(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "irc") == 0) { - usage_irc(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "postgres") == 0) { - usage_postgres(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "telnet") == 0) { - usage_telnet(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "sapr3") == 0) { - usage_sapr3(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "sshkey") == 0) { - usage_sshkey(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "cisco-enable") == 0) { - usage_cisco_enable(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "cisco") == 0) { - usage_cisco(hydra_options.service); - return; - } - if ((strcmp(hydra_options.service, "ldap2") == 0) - || (strcmp(hydra_options.service, "ldap3") == 0) - || (strcmp(hydra_options.service, "ldap3-crammd5") == 0) - || (strcmp(hydra_options.service, "ldap3-digestmd5") == 0) - ) { - usage_ldap(hydra_options.service); - return; - } - if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { - usage_smb(hydra_options.service); - return; - } - if ((strcmp(hydra_options.service, "http-get-form") == 0) - || (strcmp(hydra_options.service, "https-get-form") == 0) - || (strcmp(hydra_options.service, "http-post-form") == 0) - || (strcmp(hydra_options.service, "https-post-form") == 0) - || (strncmp(hydra_options.service, "http-form", 9) == 0) - || (strncmp(hydra_options.service, "https-form", 10) == 0) - - ) { - usage_http_form(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "http-proxy") == 0) { - usage_http_proxy(hydra_options.service); - return; - } - if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) { - usage_http_proxy_urlenum(hydra_options.service); - return; - } - if (strncmp(hydra_options.service, "snmp", 4) == 0) { - usage_snmp(hydra_options.service); - return; - } - if ((strcmp(hydra_options.service, "http-get") == 0) - || (strcmp(hydra_options.service, "https-get") == 0) - || (strcmp(hydra_options.service, "http-post") == 0) - || (strcmp(hydra_options.service, "https-post") == 0) - ) { - usage_http(hydra_options.service); - return; + for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { + if (strcmp(hydra_options.service, services[i].name) == 0) { + if (services[i].usage) { + services[i].usage(hydra_options.service); + exit(0); + } + } } printf("The Module %s does not need or support optional parameters\n", hydra_options.service); @@ -1323,98 +1201,101 @@ char *hydra_build_time() { typedef void (*service_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); typedef int (*service_init_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); +typedef void (*service_usage_t)(const char* service); -#define SERVICE2(name, func) { name, service_##func##_init, service_##func } -#define SERVICE(name) { #name, service_##name##_init, service_##name } +#define SERVICE2(name, func) { name, service_##func##_init, service_##func, NULL } +#define SERVICE(name) { #name, service_##name##_init, service_##name, NULL } +#define SERVICE3(name, func) { name, service_##func##_init, service_##func, usage_##func } static const struct { const char* name; service_init_t init; service_t exec; + service_usage_t usage; } services[] = { SERVICE(adam6500), #ifdef LIBAFP SERVICE(afp), #endif SERVICE(asterisk), - SERVICE(cisco), - SERVICE2("cisco-enable", cisco_enable), - SERVICE(cvs), + SERVICE3("cisco", cisco), + SERVICE3("cisco-enable", cisco_enable), + SERVICE3("cvs", cvs), #ifdef LIBFIREBIRD - SERVICE(firebird), + SERVICE3("firebird", firebird), #endif SERVICE(ftp), { "ftps", service_ftp_init, service_ftps }, - { "http-get", service_http_init, service_http_get }, - { "http-get-form", service_http_form_init, service_http_get_form }, - { "http-head", service_http_init, service_http_head }, - { "http-form", service_http_form_init, NULL }, - { "http-post", NULL, service_http_post }, - { "http-post-form", service_http_form_init, service_http_post_form }, - SERVICE2("http-proxy", http_proxy), - SERVICE2("http-proxy-urlenum", http_proxy_urlenum), + { "http-get", service_http_init, service_http_get, usage_http }, + { "http-get-form", service_http_form_init, service_http_get_form, usage_http_form }, + { "http-head", service_http_init, service_http_head, NULL }, + { "http-form", service_http_form_init, NULL, usage_http_form }, + { "http-post", NULL, service_http_post, usage_http }, + { "http-post-form", service_http_form_init, service_http_post_form, usage_http_form }, + SERVICE3("http-proxy", http_proxy), + SERVICE3("http-proxy-urlenum", http_proxy_urlenum), SERVICE(icq), - SERVICE(imap), - SERVICE(irc), - { "ldap2", service_ldap_init, service_ldap2 }, - { "ldap3", service_ldap_init, service_ldap3 }, - { "ldap3-crammd5", service_ldap_init, service_ldap3_cram_md5 }, - { "ldap3-digestmd5", service_ldap_init, service_ldap3_digest_md5 }, + SERVICE3("imap", imap), + SERVICE3("irc", irc), + { "ldap2", service_ldap_init, service_ldap2, usage_ldap }, + { "ldap3", service_ldap_init, service_ldap3, usage_ldap }, + { "ldap3-crammd5", service_ldap_init, service_ldap3_cram_md5, usage_ldap }, + { "ldap3-digestmd5", service_ldap_init, service_ldap3_digest_md5, usage_ldap }, SERVICE(mssql), #ifdef HAVE_MATH_H - SERVICE(mysql), + SERVICE3("mysql", mysql), #endif #ifdef LIBNCP - SERVICE(ncp), + SERVICE3("ncp", ncp), #endif - SERVICE(nntp), + SERVICE3("nntp", nntp), #ifdef LIBORACLE - SERVICE(oracle), + SERVICE3("oracle", oracle), #endif #ifdef LIBOPENSSL - SERVICE2("oracle-listener", oracle_listener), + SERVICE3("oracle-listener", oracle_listener), SERVICE2("oracle-sid", oracle_sid), #endif SERVICE(pcanywhere), SERVICE(pcnfs), - SERVICE(pop3), + SERVICE3("pop3", pop3), #ifdef LIBPOSTGRES - SERVICE(postgres), + SERVICE3("postgres", postgres), #endif SERVICE(redis), SERVICE(rexec), #ifdef LIBOPENSSL - SERVICE(rdp), + SERVICE3("rdp", rdp), #endif SERVICE(rlogin), SERVICE(rsh), SERVICE(rtsp), SERVICE(rpcap), - SERVICE2("s7-300", s7_300), + SERVICE3("s7-300", s7_300), #ifdef LIBSAPR3 - SERVICE(sapr3), + SERVICE3("sarp3", sapr3), #endif #ifdef LIBOPENSSL SERVICE(sip), - SERVICE2("smbnt", smb), - SERVICE(smb), + SERVICE3("smbnt", smb), + SERVICE3("smb", smb), #endif - SERVICE(smtp), - SERVICE2("smtp-enum", smtp_enum), - SERVICE(snmp), + SERVICE3("smtp", smtp), + SERVICE3("smtp-enum", smtp_enum), + SERVICE3("snmp", snmp), SERVICE(socks5), #ifdef LIBSSH { "ssh", NULL, service_ssh }, - SERVICE(sshkey), + SERVICE3("sshkey", sshkey), #endif #ifdef LIBSVN - SERVICE(svn), + SERVICE3("svn", svn), #endif SERVICE(teamspeak), - SERVICE(telnet), + SERVICE3("telnet", telnet), SERVICE(vmauthd), SERVICE(vnc), - { "xmpp", service_xmpp_init, NULL } + { "xmpp", service_xmpp_init, NULL, usage_xmpp } }; void hydra_service_init(int target_no) { From bd8a901bea82bafd3c10dc9d5a346f2b379ab985 Mon Sep 17 00:00:00 2001 From: Diadlo Date: Thu, 22 Jun 2017 01:07:27 +0300 Subject: [PATCH 59/90] Move services and usage on the top of the hydra.c --- hydra.c | 230 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 131 insertions(+), 99 deletions(-) diff --git a/hydra.c b/hydra.c index 0b0ce76..56ded02 100644 --- a/hydra.c +++ b/hydra.c @@ -15,6 +15,37 @@ #include #endif +void usage_oracle(const char* service); +void usage_oracle_listener(const char* service); +void usage_cvs(const char* service); +void usage_xmpp(const char* service); +void usage_pop3(const char* service); +void usage_rdp(const char* service); +void usage_s7_300(const char* service); +void usage_nntp(const char* service); +void usage_imap(const char* service); +void usage_smtp_enum(const char* service); +void usage_smtp(const char* service); +void usage_svn(const char* service); +void usage_ncp(const char* service); +void usage_firebird(const char* service); +void usage_mysql(const char* service); +void usage_irc(const char* service); +void usage_postgres(const char* service); +void usage_telnet(const char* service); +void usage_sapr3(const char* service); +void usage_sshkey(const char* service); +void usage_cisco_enable(const char* service); +void usage_cisco(const char* service); +void usage_ldap(const char* service); +void usage_smb(const char* service); +void usage_http_form(const char* service); +void usage_http_proxy(const char* service); +void usage_http_proxy_urlenum(const char* service); +void usage_snmp(const char* service); +void usage_http(const char* service); + + extern void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); extern void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); extern void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); @@ -347,6 +378,106 @@ int snpdone, snp_is_redo, snpbuflen, snpi, snpj, snpdont; #include "performance.h" +typedef void (*service_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); +typedef int (*service_init_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); +typedef void (*service_usage_t)(const char* service); + +#define SERVICE2(name, func) { name, service_##func##_init, service_##func, NULL } +#define SERVICE(name) { #name, service_##name##_init, service_##name, NULL } +#define SERVICE3(name, func) { name, service_##func##_init, service_##func, usage_##func } + +static const struct { + const char* name; + service_init_t init; + service_t exec; + service_usage_t usage; +} services[] = { + SERVICE(adam6500), +#ifdef LIBAFP + SERVICE(afp), +#endif + SERVICE(asterisk), + SERVICE3("cisco", cisco), + SERVICE3("cisco-enable", cisco_enable), + SERVICE3("cvs", cvs), +#ifdef LIBFIREBIRD + SERVICE3("firebird", firebird), +#endif + SERVICE(ftp), + { "ftps", service_ftp_init, service_ftps }, + { "http-get", service_http_init, service_http_get, usage_http }, + { "http-get-form", service_http_form_init, service_http_get_form, usage_http_form }, + { "http-head", service_http_init, service_http_head, NULL }, + { "http-form", service_http_form_init, NULL, usage_http_form }, + { "http-post", NULL, service_http_post, usage_http }, + { "http-post-form", service_http_form_init, service_http_post_form, usage_http_form }, + SERVICE3("http-proxy", http_proxy), + SERVICE3("http-proxy-urlenum", http_proxy_urlenum), + SERVICE(icq), + SERVICE3("imap", imap), + SERVICE3("irc", irc), + { "ldap2", service_ldap_init, service_ldap2, usage_ldap }, + { "ldap3", service_ldap_init, service_ldap3, usage_ldap }, + { "ldap3-crammd5", service_ldap_init, service_ldap3_cram_md5, usage_ldap }, + { "ldap3-digestmd5", service_ldap_init, service_ldap3_digest_md5, usage_ldap }, + SERVICE(mssql), +#ifdef HAVE_MATH_H + SERVICE3("mysql", mysql), +#endif +#ifdef LIBNCP + SERVICE3("ncp", ncp), +#endif + SERVICE3("nntp", nntp), +#ifdef LIBORACLE + SERVICE3("oracle", oracle), +#endif +#ifdef LIBOPENSSL + SERVICE3("oracle-listener", oracle_listener), + SERVICE2("oracle-sid", oracle_sid), +#endif + SERVICE(pcanywhere), + SERVICE(pcnfs), + SERVICE3("pop3", pop3), +#ifdef LIBPOSTGRES + SERVICE3("postgres", postgres), +#endif + SERVICE(redis), + SERVICE(rexec), +#ifdef LIBOPENSSL + SERVICE3("rdp", rdp), +#endif + SERVICE(rlogin), + SERVICE(rsh), + SERVICE(rtsp), + SERVICE(rpcap), + SERVICE3("s7-300", s7_300), +#ifdef LIBSAPR3 + SERVICE3("sarp3", sapr3), +#endif +#ifdef LIBOPENSSL + SERVICE(sip), + SERVICE3("smbnt", smb), + SERVICE3("smb", smb), +#endif + SERVICE3("smtp", smtp), + SERVICE3("smtp-enum", smtp_enum), + SERVICE3("snmp", snmp), + SERVICE(socks5), +#ifdef LIBSSH + { "ssh", NULL, service_ssh }, + SERVICE3("sshkey", sshkey), +#endif +#ifdef LIBSVN + SERVICE3("svn", svn), +#endif + SERVICE(teamspeak), + SERVICE3("telnet", telnet), + SERVICE(vmauthd), + SERVICE(vnc), + { "xmpp", service_xmpp_init, NULL, usage_xmpp } +}; + + #define PRINT_NORMAL(ext, text, ...) printf(text, ##__VA_ARGS__) #define PRINT_EXTEND(ext, text, ...) do { \ if (ext) \ @@ -1199,105 +1330,6 @@ char *hydra_build_time() { return (char *) &datetime; } -typedef void (*service_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); -typedef int (*service_init_t)(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); -typedef void (*service_usage_t)(const char* service); - -#define SERVICE2(name, func) { name, service_##func##_init, service_##func, NULL } -#define SERVICE(name) { #name, service_##name##_init, service_##name, NULL } -#define SERVICE3(name, func) { name, service_##func##_init, service_##func, usage_##func } - -static const struct { - const char* name; - service_init_t init; - service_t exec; - service_usage_t usage; -} services[] = { - SERVICE(adam6500), -#ifdef LIBAFP - SERVICE(afp), -#endif - SERVICE(asterisk), - SERVICE3("cisco", cisco), - SERVICE3("cisco-enable", cisco_enable), - SERVICE3("cvs", cvs), -#ifdef LIBFIREBIRD - SERVICE3("firebird", firebird), -#endif - SERVICE(ftp), - { "ftps", service_ftp_init, service_ftps }, - { "http-get", service_http_init, service_http_get, usage_http }, - { "http-get-form", service_http_form_init, service_http_get_form, usage_http_form }, - { "http-head", service_http_init, service_http_head, NULL }, - { "http-form", service_http_form_init, NULL, usage_http_form }, - { "http-post", NULL, service_http_post, usage_http }, - { "http-post-form", service_http_form_init, service_http_post_form, usage_http_form }, - SERVICE3("http-proxy", http_proxy), - SERVICE3("http-proxy-urlenum", http_proxy_urlenum), - SERVICE(icq), - SERVICE3("imap", imap), - SERVICE3("irc", irc), - { "ldap2", service_ldap_init, service_ldap2, usage_ldap }, - { "ldap3", service_ldap_init, service_ldap3, usage_ldap }, - { "ldap3-crammd5", service_ldap_init, service_ldap3_cram_md5, usage_ldap }, - { "ldap3-digestmd5", service_ldap_init, service_ldap3_digest_md5, usage_ldap }, - SERVICE(mssql), -#ifdef HAVE_MATH_H - SERVICE3("mysql", mysql), -#endif -#ifdef LIBNCP - SERVICE3("ncp", ncp), -#endif - SERVICE3("nntp", nntp), -#ifdef LIBORACLE - SERVICE3("oracle", oracle), -#endif -#ifdef LIBOPENSSL - SERVICE3("oracle-listener", oracle_listener), - SERVICE2("oracle-sid", oracle_sid), -#endif - SERVICE(pcanywhere), - SERVICE(pcnfs), - SERVICE3("pop3", pop3), -#ifdef LIBPOSTGRES - SERVICE3("postgres", postgres), -#endif - SERVICE(redis), - SERVICE(rexec), -#ifdef LIBOPENSSL - SERVICE3("rdp", rdp), -#endif - SERVICE(rlogin), - SERVICE(rsh), - SERVICE(rtsp), - SERVICE(rpcap), - SERVICE3("s7-300", s7_300), -#ifdef LIBSAPR3 - SERVICE3("sarp3", sapr3), -#endif -#ifdef LIBOPENSSL - SERVICE(sip), - SERVICE3("smbnt", smb), - SERVICE3("smb", smb), -#endif - SERVICE3("smtp", smtp), - SERVICE3("smtp-enum", smtp_enum), - SERVICE3("snmp", snmp), - SERVICE(socks5), -#ifdef LIBSSH - { "ssh", NULL, service_ssh }, - SERVICE3("sshkey", sshkey), -#endif -#ifdef LIBSVN - SERVICE3("svn", svn), -#endif - SERVICE(teamspeak), - SERVICE3("telnet", telnet), - SERVICE(vmauthd), - SERVICE(vnc), - { "xmpp", service_xmpp_init, NULL, usage_xmpp } -}; - void hydra_service_init(int target_no) { int x = 99; int i; From d917d1aeba56e1514e04b31d352d60c2d1f270f8 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 23 Jun 2017 10:40:50 +0200 Subject: [PATCH 60/90] option -c test --- hydra.c | 291 ++++++++++++++++++++++++++++++-------------------------- 1 file changed, 156 insertions(+), 135 deletions(-) diff --git a/hydra.c b/hydra.c index 56ded02..4f409ce 100644 --- a/hydra.c +++ b/hydra.c @@ -2298,11 +2298,12 @@ int main(int argc, char *argv[]) { FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL, *proxyfp; size_t countinfile = 1, sizeinfile = 0; unsigned long int math2; - int i = 0, j = 0, k, error = 0, modusage = 0, ignore_restore = 0; - int head_no = 0, target_no = 0, exit_condition = 0, readres; + int i = 0, j = 0, k, error = 0, modusage = 0, ignore_restore = 0, do_switch; + int head_no = 0, target_no = 0, exit_condition = 0, readres, time_next_attempt = 0; time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time; char *tmpptr, *tmpptr2; char rc, buf[MAXBUF]; + time_t last_attempt = 0; fd_set fdreadheads; int max_fd; struct addrinfo hints, *res, *p; @@ -2421,7 +2422,7 @@ int main(int argc, char *argv[]) { help(1); if (argc < 2) help(0); - while ((i = getopt(argc, argv, "hIq64Rde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:y")) >= 0) { + while ((i = getopt(argc, argv, "hIq64Rde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:")) >= 0) { switch (i) { case 'h': help(1); @@ -2542,6 +2543,13 @@ int main(int argc, char *argv[]) { case 's': hydra_options.port = port = atoi(optarg); break; + case 'c': +#ifdef MSG_PEEK + time_next_attempt = atoi(optarg); +#else + fprintf(stderr, "[WARNING] -c option can not be used as your operating system is missing the MSG_PEEK feature\n"); +#endif + break; case 'S': #ifndef LIBOPENSSL fprintf(stderr, "[WARNING] hydra was compiled without SSL support. Install openssl and recompile! Option ignored...\n"); @@ -2611,6 +2619,8 @@ int main(int argc, char *argv[]) { printf("%s ", argv[i]); printf("\n"); } + if (hydra_options.tasks > 0 && time_next_attempt) + fprintf(stderr, "[WARNING] when using the -c option, you should also set the task per target to one (-t 1)\n"); if (hydra_options.login != NULL && hydra_options.loginfile != NULL) bail("You can only use -L OR -l, not both\n"); if (hydra_options.pass != NULL && hydra_options.passfile != NULL) @@ -3864,6 +3874,7 @@ int main(int argc, char *argv[]) { for (head_no = 0; head_no < hydra_options.max_use; head_no++) { if (debug > 1 && hydra_heads[head_no]->active != -1) printf("[DEBUG] head_no[%d] to target_no %d active %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->active); + switch (hydra_heads[head_no]->active) { case -1: // disabled head, ignored @@ -3888,13 +3899,22 @@ int main(int argc, char *argv[]) { break; case 1: if (FD_ISSET(hydra_heads[head_no]->sp[0], &fdreadheads)) { - readres = read_safe(hydra_heads[head_no]->sp[0], &rc, 1); - if (readres > 0) { - FD_CLR(hydra_heads[head_no]->sp[0], &fdreadheads); - hydra_heads[head_no]->last_seen = tmp_time; - if (debug) - printf("[DEBUG] head_no[%d] read %c\n", head_no, rc); - switch (rc) { + do_switch = 1; + if (time_next_attempt > 0) { + if (last_attempt + time_next_attempt >= time(NULL)) { + if (recv(hydra_heads[head_no]->sp[0], &rc, 1, MSG_PEEK) == 1 && (rc == 'N' || rc == 'n')) + do_switch = 0; + } else + last_attempt = time(NULL); + } + if (do_switch) { + readres = read_safe(hydra_heads[head_no]->sp[0], &rc, 1); + if (readres > 0) { + FD_CLR(hydra_heads[head_no]->sp[0], &fdreadheads); + hydra_heads[head_no]->last_seen = tmp_time; + if (debug) + printf("[DEBUG] head_no[%d] read %c\n", head_no, rc); + switch (rc) { // Valid Results: // n - mother says to itself that child requests next login/password pair // N - child requests next login/password pair @@ -3904,137 +3924,138 @@ int main(int argc, char *argv[]) { // f - child reports that the username does not exist // F - child reports that it found a valid login/password pair // and requests next pair. Sends login/pw pair with next msg! - case 'N': // head wants next pair - hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; - if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) - hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; - // no break here - case 'n': // mother sends this to itself initially - loop_cnt = 0; - if (hydra_send_next_pair(hydra_heads[head_no]->target_no, head_no) == -1) - hydra_kill_head(head_no, 1, 0); - break; - - case 'F': // valid password found - hydra_brains.found++; - if (colored_output) { - if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { - if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target); - else - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, - hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); - } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, - hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); - } else - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", - hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); - } else { - if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { - if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - printf("[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target); - else - printf("[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); - } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); - } else - printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); - } - if (hydra_options.outfile_format == FORMAT_JSONV1 && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { - fprintf(hydra_brains.ofp, "%s\n\t{\"port\": %d, \"service\": \"%s\", \"host\": \"%s\", \"login\": \"%s\", \"password\": \"%s\"}", - hydra_brains.found == 1 ? "" : ",", // prefix a comma if not first finding - hydra_targets[hydra_heads[head_no]->target_no]->port, - hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target !=NULL ? hydra_targets[hydra_heads[head_no]->target_no]->target : "", - hydra_heads[head_no]->current_login_ptr !=NULL ? hydra_string_replace(hydra_heads[head_no]->current_login_ptr,"\"","\\\"") : "", - hydra_heads[head_no]->current_pass_ptr != NULL ? hydra_string_replace(hydra_heads[head_no]->current_pass_ptr,"\"","\\\"") : "" - ); - fflush(hydra_brains.ofp); - } else if (hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { // else output format == 0 aka text - if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { - if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - fprintf(hydra_brains.ofp, "[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target); - else - fprintf(hydra_brains.ofp, "[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); - } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); - } else - fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); - fflush(hydra_brains.ofp); - } - if (hydra_options.exit_found) { // option set says quit target after on valid login/pass pair is found - if (hydra_targets[hydra_heads[head_no]->target_no]->done == STATE_ACTIVE) { - hydra_targets[hydra_heads[head_no]->target_no]->done = STATE_FINISHED; // mark target as done - hydra_brains.finished++; - printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); - } - if (hydra_options.exit_found == 2) { - for (j = 0; j < hydra_brains.targets; j++) - if (hydra_targets[j]->done == STATE_ACTIVE) { - hydra_targets[j]->done = STATE_FINISHED; - hydra_brains.finished++; - } - } - for (j = 0; j < hydra_options.max_use; j++) - if (hydra_heads[j]->active >= 0 && (hydra_heads[j]->target_no == target_no || hydra_options.exit_found == 2)) { - if (hydra_brains.targets > hydra_brains.finished && hydra_options.exit_found < 2) - hydra_kill_head(j, 1, 0); // kill all heads working on the target + case 'N': // head wants next pair + hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; + if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) + hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; + // no break here + case 'n': // mother sends this to itself initially + loop_cnt = 0; + if (hydra_send_next_pair(hydra_heads[head_no]->target_no, head_no) == -1) + hydra_kill_head(head_no, 1, 0); + break; + + case 'F': // valid password found + hydra_brains.found++; + if (colored_output) { + if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { + if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target); else - hydra_kill_head(j, 1, 2); // kill all heads working on the target + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, + hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, + hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + } else + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, + hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + } else { + if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { + if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + printf("[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target); + else + printf("[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { + printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + } else + printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + } + if (hydra_options.outfile_format == FORMAT_JSONV1 && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { + fprintf(hydra_brains.ofp, "%s\n\t{\"port\": %d, \"service\": \"%s\", \"host\": \"%s\", \"login\": \"%s\", \"password\": \"%s\"}", + hydra_brains.found == 1 ? "" : ",", // prefix a comma if not first finding + hydra_targets[hydra_heads[head_no]->target_no]->port, + hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target !=NULL ? hydra_targets[hydra_heads[head_no]->target_no]->target : "", + hydra_heads[head_no]->current_login_ptr !=NULL ? hydra_string_replace(hydra_heads[head_no]->current_login_ptr,"\"","\\\"") : "", + hydra_heads[head_no]->current_pass_ptr != NULL ? hydra_string_replace(hydra_heads[head_no]->current_pass_ptr,"\"","\\\"") : "" + ); + fflush(hydra_brains.ofp); + } else if (hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { // else output format == 0 aka text + if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { + if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + fprintf(hydra_brains.ofp, "[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target); + else + fprintf(hydra_brains.ofp, "[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { + fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + } else + fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + fflush(hydra_brains.ofp); + } + if (hydra_options.exit_found) { // option set says quit target after on valid login/pass pair is found + if (hydra_targets[hydra_heads[head_no]->target_no]->done == STATE_ACTIVE) { + hydra_targets[hydra_heads[head_no]->target_no]->done = STATE_FINISHED; // mark target as done + hydra_brains.finished++; + printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); } - continue; - } - // fall through - case 'f': // username identified as invalid - hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; - if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) - hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; - memset(buf, 0, sizeof(buf)); - read_safe(hydra_heads[head_no]->sp[0], buf, MAXBUF); - hydra_skip_user(hydra_heads[head_no]->target_no, buf); - fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack - break; - + if (hydra_options.exit_found == 2) { + for (j = 0; j < hydra_brains.targets; j++) + if (hydra_targets[j]->done == STATE_ACTIVE) { + hydra_targets[j]->done = STATE_FINISHED; + hydra_brains.finished++; + } + } + for (j = 0; j < hydra_options.max_use; j++) + if (hydra_heads[j]->active >= 0 && (hydra_heads[j]->target_no == target_no || hydra_options.exit_found == 2)) { + if (hydra_brains.targets > hydra_brains.finished && hydra_options.exit_found < 2) + hydra_kill_head(j, 1, 0); // kill all heads working on the target + else + hydra_kill_head(j, 1, 2); // kill all heads working on the target + } + continue; + } + // fall through + case 'f': // username identified as invalid + hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; + if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) + hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; + memset(buf, 0, sizeof(buf)); + read_safe(hydra_heads[head_no]->sp[0], buf, MAXBUF); + hydra_skip_user(hydra_heads[head_no]->target_no, buf); + fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack + break; + // we do not make a difference between 'C' and 'E' results - yet - case 'E': // head reports protocol error - case 'C': // head reports connect error - fck = write(hydra_heads[head_no]->sp[0], "Q", 1); - if (debug) { - printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, - hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); - } - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); - break; + case 'E': // head reports protocol error + case 'C': // head reports connect error + fck = write(hydra_heads[head_no]->sp[0], "Q", 1); + if (debug) { + printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, + hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); + } + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + break; - case 'Q': // head reports its quitting - fck = write(hydra_heads[head_no]->sp[0], "Q", 1); - if (debug) - printf("[DEBUG] child %d reported it quit\n", head_no); - hydra_kill_head(head_no, 1, 0); - break; - - default: - fprintf(stderr, "[ERROR] child %d sent nonsense data, killing and restarting it!\n", head_no); + case 'Q': // head reports its quitting + fck = write(hydra_heads[head_no]->sp[0], "Q", 1); + if (debug) + printf("[DEBUG] child %d reported it quit\n", head_no); + hydra_kill_head(head_no, 1, 0); + break; + + default: + fprintf(stderr, "[ERROR] child %d sent nonsense data, killing and restarting it!\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } // end switch + } // readres + if (readres == -1) { + if (verbose) + fprintf(stderr, "[WARNING] child %d seems to have died, restarting (this only happens if a module is bad) ... \n", head_no); hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } - } - if (readres == -1) { - if (verbose) - fprintf(stderr, "[WARNING] child %d seems to have died, restarting (this only happens if a module is bad) ... \n", head_no); - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); - } + } // end do_switch } else { if (hydra_heads[head_no]->last_seen + hydra_options.waittime > tmp_time) { // check if recover of timed-out head is necessary From 88aae592279141800da4565fb7598396fcf88ec8 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 23 Jun 2017 18:23:59 +0200 Subject: [PATCH 61/90] changed -R behaviour --- CHANGES | 3 +++ hydra.1 | 9 +++++++-- hydra.c | 18 +++++++++++------- 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index ee7a523..ec4f017 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changelog for hydra Release 8.6-dev * http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch) * Fix for SSL connections that failed with error:00000000:lib(0):func(0):reason(0) (thanks gaia@github for reporting) +* Added new command line option: + -c TIME: seconds between login attempts (over all threads, so -t 1 is recommended) +* Options put after -R (for loading a restore file) are now honored (and were disallowed before) * merged several patches by Diadlo@github to make the code easier readable. thanks for that! diff --git a/hydra.1 b/hydra.1 index 20ae24d..12e2e7c 100644 --- a/hydra.1 +++ b/hydra.1 @@ -6,7 +6,7 @@ hydra \- a very fast network logon cracker which support many different services [[[\-l LOGIN|\-L FILE] [\-p PASS|\-P FILE|\-x OPT \-y]] | [\-C FILE]] [\-e nsr] [\-u] [\-f|\-F] [\-M FILE] [\-o FILE] [\-b FORMAT] [\-t TASKS] [\-T TASKS] [\-w TIME] [\-W TIME] [\-m OPTIONS] [\-s PORT] - [\-S] [\-O] [\-4|6] [\-I] [\-vV] [\-d] + [\-c TIME] [\-S] [\-O] [\-4|6] [\-I] [\-vV] [\-d] server service [OPTIONS] .br .SH DESCRIPTION @@ -47,7 +47,8 @@ Some modules have optional or mandatory options. type "hydra \-U " .TP .B \-R restore a previously aborted session. Requires a hydra.restore file was -written. No other options are allowed when using \-R +written. Options are restored, but can be changed by setting them after +\-R on the command line .TP .B \-S connect via SSL @@ -115,6 +116,10 @@ defines the max wait time in seconds for responses (default: 32) defines a wait time between each connection a task performs. This usually only makes sense if a low task number is used, .e.g \-t 1 .TP +.B \-c TIME +the wait time in seconds per login attempt over all threads (-t 1 is recommended) +This usually only makes sense if a low task number is used, .e.g \-t 1 +.TP .B \-4 / \-6 prefer IPv4 (default) or IPv6 addresses .TP diff --git a/hydra.c b/hydra.c index 4f409ce..2385415 100644 --- a/hydra.c +++ b/hydra.c @@ -495,7 +495,7 @@ void help(int ext) { #ifdef HAVE_MATH_H " [-x MIN:MAX:CHARSET]" #endif - " [-ISOuvVd46] " + " [-c TIME] [-ISOuvVd46] " //"[server service [OPT]]|" "[service://server[:PORT][/OPT]]\n"); PRINT_NORMAL(ext, "\nOptions:\n"); @@ -521,7 +521,10 @@ void help(int ext) { " -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); PRINT_NORMAL(ext, " -t TASKS run TASKS number of connects in parallel per target (default: %d)\n", TASKS); PRINT_EXTEND(ext, " -T TASKS run TASKS connects in parallel overall (for -M, default: %d)\n" - " -w / -W TIME waittime for responses (%d) / between connects per thread (%d)\n" + " -w / -W TIME wait time for a response (%d) / between connects per thread (%d)\n" +#ifdef MSG_PEEK + " -c TIME wait time per login attempt over all threads (-t 1 is recommended)\n" +#endif " -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)\n" " -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n" " -O use old SSL v2 and v3\n" @@ -970,8 +973,7 @@ void hydra_restore_read() { int i, j, orig_debug = debug; char out[1024]; - if (debug) - printf("[DEBUG] reading restore file %s\n", RESTOREFILE); + printf("[INFORMATION] reading restore file %s\n", RESTOREFILE); if ((f = fopen(RESTOREFILE, "r")) == NULL) { fprintf(stderr, "[ERROR] restore file (%s) not found - ", RESTOREFILE); perror(""); @@ -2444,6 +2446,7 @@ int main(int argc, char *argv[]) { break; case 'R': hydra_options.restore = 1; + hydra_restore_read(); break; case 'I': ignore_restore = 1; // this is not to be saved in hydra_options! @@ -2610,7 +2613,8 @@ int main(int argc, char *argv[]) { printf("[DEBUG] Ouput color flag is %d\n", colored_output); if (hydra_options.restore && argc > 2 + debug + verbose) - bail("no option may be supplied together with -R"); + fprintf(stderr, "[WARNING] options after -R are now honored (since v8.6)\n"); +// bail("no option may be supplied together with -R"); printf("%s (%s) starting at %s\n", PROGRAM, RESOURCE, hydra_build_time()); if (debug) { @@ -2629,7 +2633,7 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[WARNING] output file format specified (-b) - but no output file (-o)\n"); if (hydra_options.restore) { - hydra_restore_read(); +// hydra_restore_read(); // stuff we have to copy from the non-restore part if (strncmp(hydra_options.service, "http-", 5) == 0) { if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) @@ -3456,7 +3460,7 @@ int main(int argc, char *argv[]) { } free(memcheck); if ((rfp = fopen(RESTOREFILE, "r")) != NULL) { - fprintf(stderr, "[WARNING] Restorefile (%s) from a previous session found, to prevent overwriting, %s\n", ignore_restore == 1 ? "ignored ..." : "you have 10 seconds to abort...", RESTOREFILE); + fprintf(stderr, "[WARNING] Restorefile (%s) from a previous session found, to prevent overwriting, %s\n", ignore_restore == 1 ? "ignored ..." : "you have 10 seconds to abort... (use option -I to skip waiting)", RESTOREFILE); if (ignore_restore != 1) sleep(10); fclose(rfp); From 51d881353b91348db86341d1a78ca9bade6ddaaa Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 23 Jun 2017 19:15:18 +0200 Subject: [PATCH 62/90] moved help to modules --- CHANGES | 1 + hydra-cisco-enable.c | 10 ++ hydra-cisco.c | 4 + hydra-cvs.c | 4 + hydra-firebird.c | 4 + hydra-http-form.c | 37 +++++++ hydra-http-proxy-urlenum.c | 7 ++ hydra-http-proxy.c | 5 + hydra-http.c | 5 + hydra-imap.c | 6 ++ hydra-irc.c | 4 + hydra-ldap.c | 11 ++ hydra-mysql.c | 4 + hydra-ncp.c | 4 + hydra-nntp.c | 4 + hydra-oracle-listener.c | 4 + hydra-oracle.c | 4 + hydra-pop3.c | 6 ++ hydra-postgres.c | 4 + hydra-rdp.c | 4 + hydra-s7-300.c | 4 + hydra-sapr3.c | 4 + hydra-smb.c | 13 +++ hydra-smtp-enum.c | 7 ++ hydra-smtp.c | 6 ++ hydra-snmp.c | 20 ++++ hydra-sshkey.c | 7 ++ hydra-svn.c | 4 + hydra-telnet.c | 5 + hydra-xmpp.c | 6 ++ hydra.c | 207 ------------------------------------- 31 files changed, 208 insertions(+), 207 deletions(-) diff --git a/CHANGES b/CHANGES index ec4f017..5dd7266 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,7 @@ Release 8.6-dev -c TIME: seconds between login attempts (over all threads, so -t 1 is recommended) * Options put after -R (for loading a restore file) are now honored (and were disallowed before) * merged several patches by Diadlo@github to make the code easier readable. thanks for that! +* merged a patch by Diadlo@github that moves the help output to the invididual module Release 8.5 diff --git a/hydra-cisco-enable.c b/hydra-cisco-enable.c index f943d5c..3113179 100644 --- a/hydra-cisco-enable.c +++ b/hydra-cisco-enable.c @@ -209,3 +209,13 @@ int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *mis return 0; } + +void usage_cisco_enable(const char* service) { + printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" + "Note: if AAA authentication is used, use the -l option for the username\n" + "and the optional parameter for the password of the user.\n" + "Examples:\n" + " hydra -P pass.txt target cisco-enable (direct console access)\n" + " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" + " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); +} diff --git a/hydra-cisco.c b/hydra-cisco.c index 3e45ad4..dcb50fc 100644 --- a/hydra-cisco.c +++ b/hydra-cisco.c @@ -211,3 +211,7 @@ int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, F return 0; } + +void usage_cisco(const char* service) { + printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); +} diff --git a/hydra-cvs.c b/hydra-cvs.c index 3995c95..0fa24e4 100644 --- a/hydra-cvs.c +++ b/hydra-cvs.c @@ -149,3 +149,7 @@ int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FIL return 0; } + +void usage_cvs(const char* service) { + printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); +} diff --git a/hydra-firebird.c b/hydra-firebird.c index f606f0e..006c5c0 100644 --- a/hydra-firebird.c +++ b/hydra-firebird.c @@ -159,3 +159,7 @@ int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr return 0; } + +void usage_firebird(const char* service) { + printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); +} diff --git a/hydra-http-form.c b/hydra-http-form.c index f322650..8d7ce36 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1239,3 +1239,40 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { } return ptr_head; } + +void usage_http_form(const char* service) { + printf("Module %s requires the page and the parameters for the web form.\n\n" + "By default this module is configured to follow a maximum of 5 redirections in\n" + "a row. It always gathers a new cookie from the same URL without variables\n" + "The parameters take three \":\" separated values, plus optional values.\n" + "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" + "\nSyntax: ::[:[:]\n" + "First is the page on the server to GET or POST to (URL).\n" + "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" + " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" + " placeholders (FORM PARAMETERS)\n" + "Third is the string that it checks for an *invalid* login (by default)\n" + " Invalid condition login check can be preceded by \"F=\", successful condition\n" + " login check must be preceded by \"S=\".\n" + " This is where most people get it wrong. You have to check the webapp what a\n" + " failed string looks like and put it in this parameter!\n" + "The following parameters are optional:\n" + " C=/page/uri to define a different page to gather initial cookies from\n" + " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" + " ^USER^ and ^PASS^ can also be put into these headers!\n" + " Note: 'h' will add the user-defined header at the end\n" + " regardless it's already being sent by Hydra or not.\n" + " 'H' will replace the value of that header if it exists, by the\n" + " one supplied by the user, or add the header at the end\n" + "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" + " All colons that are not option separators should be escaped (see the examples above and below).\n" + " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" + " in the header value itself, as they will be interpreted by hydra as option separators.\n" + "\nExamples:\n" + " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" + " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" + " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", + service); +} diff --git a/hydra-http-proxy-urlenum.c b/hydra-http-proxy-urlenum.c index 97dce71..2f265d4 100644 --- a/hydra-http-proxy-urlenum.c +++ b/hydra-http-proxy-urlenum.c @@ -291,3 +291,10 @@ int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, cha return 0; } + +void usage_http_proxy_urlenum(const char* service) { + printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" + "The -L loginfile must contain the URL list to try through the proxy.\n" + "The proxy credentials cann be put as the optional parameter, e.g.\n" + " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); +} diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index 6a5c578..d21ae90 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -312,3 +312,8 @@ int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscp return 0; } + +void usage_http_proxy(const char* service) { + printf("Module http-proxy is optionally taking the page to authenticate at.\n" + "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); +} diff --git a/hydra-http.c b/hydra-http.c index a7d773f..9e5a28e 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -350,3 +350,8 @@ int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_http(const char* service) { + printf("Module %s requires the page to authenticate.\n" + "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", service); +} diff --git a/hydra-imap.c b/hydra-imap.c index dcf45ed..07524d5 100644 --- a/hydra-imap.c +++ b/hydra-imap.c @@ -584,3 +584,9 @@ int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_imap(const char* service) { + printf("Module imap is optionally taking one authentication type of:\n" + " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); +} diff --git a/hydra-irc.c b/hydra-irc.c index 42e2043..bb79ee0 100644 --- a/hydra-irc.c +++ b/hydra-irc.c @@ -222,3 +222,7 @@ int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FIL return 0; } + +void usage_irc(const char* service) { + printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); +} diff --git a/hydra-ldap.c b/hydra-ldap.c index 517d3c0..b1514c4 100644 --- a/hydra-ldap.c +++ b/hydra-ldap.c @@ -454,3 +454,14 @@ int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_ldap(const char* service) { + printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" + "Note: you can also specify the DN as login when Simple auth method is used).\n" + "The keyword \"^USER^\" is replaced with the login.\n" + "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" + "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" + "So don't forget to set empty string as user/pass to test all modes.\n" + "Hint: to authenticate to a windows active directy ldap, this is usually\n" + " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", service); +} diff --git a/hydra-mysql.c b/hydra-mysql.c index babf4a8..df9dad4 100644 --- a/hydra-mysql.c +++ b/hydra-mysql.c @@ -437,3 +437,7 @@ int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, F return 0; } + +void usage_mysql(const char* service) { + printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); +} diff --git a/hydra-ncp.c b/hydra-ncp.c index 44c084c..ca22236 100644 --- a/hydra-ncp.c +++ b/hydra-ncp.c @@ -197,3 +197,7 @@ int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FIL return 0; } + +void usage_ncp(const char* service) { + printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); +} diff --git a/hydra-nntp.c b/hydra-nntp.c index bfa3108..82753d1 100644 --- a/hydra-nntp.c +++ b/hydra-nntp.c @@ -485,3 +485,7 @@ int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_nntp(const char* service) { + printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); +} diff --git a/hydra-oracle-listener.c b/hydra-oracle-listener.c index 5f58181..9a52cea 100644 --- a/hydra-oracle-listener.c +++ b/hydra-oracle-listener.c @@ -339,4 +339,8 @@ int service_oracle_listener_init(char *ip, int sp, unsigned char options, char * return 0; } +void usage_oracle_listener(const char* service) { + printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); +} + #endif diff --git a/hydra-oracle.c b/hydra-oracle.c index f590ea9..871adc8 100644 --- a/hydra-oracle.c +++ b/hydra-oracle.c @@ -196,3 +196,7 @@ int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, return 0; } + +void usage_oracle(const char* service) { + printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); +} diff --git a/hydra-pop3.c b/hydra-pop3.c index 4481dfc..1ae675b 100644 --- a/hydra-pop3.c +++ b/hydra-pop3.c @@ -775,3 +775,9 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_pop3(const char* service) { + printf("Module pop3 is optionally taking one authentication type of:\n" + " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); +} diff --git a/hydra-postgres.c b/hydra-postgres.c index e572622..056e23b 100644 --- a/hydra-postgres.c +++ b/hydra-postgres.c @@ -132,3 +132,7 @@ int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr return 0; } + +void usage_postgres(const char* service) { + printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); +} diff --git a/hydra-rdp.c b/hydra-rdp.c index 38c9c83..bd5b0e0 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -3247,3 +3247,7 @@ int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FIL return 0; } + +void usage_rdp(const char* service) { + printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); +} diff --git a/hydra-s7-300.c b/hydra-s7-300.c index b06e398..6ece2f8 100644 --- a/hydra-s7-300.c +++ b/hydra-s7-300.c @@ -285,3 +285,7 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, return 0; } + +void usage_s7_300(const char* service) { + printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); +} diff --git a/hydra-sapr3.c b/hydra-sapr3.c index bd46c3c..0eaa54a 100644 --- a/hydra-sapr3.c +++ b/hydra-sapr3.c @@ -130,3 +130,7 @@ int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, F return 0; } + +void usage_sapr3(const char* service) { + printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); +} diff --git a/hydra-smb.c b/hydra-smb.c index f0f5a40..0f669f2 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -1440,3 +1440,16 @@ int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FIL return 0; } + +void usage_smb(const char* service) { + printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" + "Note: you can set the group type using LOCAL or DOMAIN keyword\n" + " or other_domain:{value} to specify a trusted domain.\n" + " you can set the password type using HASH or MACHINE keyword\n" + " (to use the Machine's NetBIOS name as the password).\n" + " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" + "Example: \n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" + " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); +} diff --git a/hydra-smtp-enum.c b/hydra-smtp-enum.c index aad98f4..2e8e93b 100644 --- a/hydra-smtp-enum.c +++ b/hydra-smtp-enum.c @@ -262,3 +262,10 @@ int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscpt return 0; } + +void usage_smtp_enum(const char* service) { + printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" + "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" + "login parameter is used as username and password parameter as the domain name\n" + "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); +} diff --git a/hydra-smtp.c b/hydra-smtp.c index 1f40110..721671b 100644 --- a/hydra-smtp.c +++ b/hydra-smtp.c @@ -456,3 +456,9 @@ int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_smtp(const char* service) { + printf("Module smtp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" + "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); +} diff --git a/hydra-snmp.c b/hydra-snmp.c index 497b7b1..1af2d3d 100644 --- a/hydra-snmp.c +++ b/hydra-snmp.c @@ -586,3 +586,23 @@ int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_snmp(const char* service) { + printf("Module snmp is optionally taking the following parameters:\n" + " READ perform read requests (default)\n" + " WRITE perform write requests\n" + " 1 use SNMP version 1 (default)\n" + " 2 use SNMP version 2\n" + " 3 use SNMP version 3\n" + " Note that SNMP version 3 usually uses both login and passwords!\n" + " SNMP version 3 has the following optional sub parameters:\n" + " MD5 use MD5 authentication (default)\n" + " SHA use SHA authentication\n" + " DES use DES encryption\n" + " AES use AES encryption\n" + " if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n" + " only requires a password (or username) not both.\n" + "To combine the options, use colons (\":\"), e.g.:\n" + " hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n" + " hydra -P pass.txt -m 2 target.com snmp\n"); +} diff --git a/hydra-sshkey.c b/hydra-sshkey.c index 74df1e8..a8b3ec0 100644 --- a/hydra-sshkey.c +++ b/hydra-sshkey.c @@ -164,3 +164,10 @@ int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, return 0; } + +void usage_sshkey(const char* service) { + printf("Module sshkey does not provide additional options, although the semantic for\n" + "options -p and -P is changed:\n" + " -p expects a path to an unencrypted private key in PEM format.\n" + " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); +} diff --git a/hydra-svn.c b/hydra-svn.c index ec1efae..2e4b06a 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -212,3 +212,7 @@ int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FIL return 0; } + +void usage_svn(const char* service) { + printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); +} diff --git a/hydra-telnet.c b/hydra-telnet.c index b5ba065..caecdd4 100644 --- a/hydra-telnet.c +++ b/hydra-telnet.c @@ -217,3 +217,8 @@ int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, return 0; } + +void usage_telnet(const char* service) { + printf("Module telnet is optionally taking the string which is displayed after\n" + "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); +} diff --git a/hydra-xmpp.c b/hydra-xmpp.c index db38fe0..ffd2552 100644 --- a/hydra-xmpp.c +++ b/hydra-xmpp.c @@ -498,3 +498,9 @@ int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_xmpp(const char* service) { + printf("Module xmpp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" + "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); +} diff --git a/hydra.c b/hydra.c index 2385415..581fad7 100644 --- a/hydra.c +++ b/hydra.c @@ -581,213 +581,6 @@ void help_bfg() { exit(-1); } -void usage_oracle(const char* service) { - printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); -} - -void usage_oracle_listener(const char* service) { - printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); -} - -void usage_cvs(const char* service) { - printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); -} - -void usage_xmpp(const char* service) { - printf("Module xmpp is optionally taking one authentication type of:\n" - " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" - "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); -} - -void usage_pop3(const char* service) { - printf("Module pop3 is optionally taking one authentication type of:\n" - " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); -} - -void usage_rdp(const char* service) { - printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); -} - -void usage_s7_300(const char* service) { - printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); -} - -void usage_nntp(const char* service) { - printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); -} - -void usage_imap(const char* service) { - printf("Module imap is optionally taking one authentication type of:\n" - " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); -} - -void usage_smtp_enum(const char* service) { - printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" - "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" - "login parameter is used as username and password parameter as the domain name\n" - "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); -} - -void usage_smtp(const char* service) { - printf("Module smtp is optionally taking one authentication type of:\n" - " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" - "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); -} - -void usage_svn(const char* service) { - printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); -} - -void usage_ncp(const char* service) { - printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); -} - -void usage_firebird(const char* service) { - printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); -} - -void usage_mysql(const char* service) { - printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); -} - -void usage_irc(const char* service) { - printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); -} - -void usage_postgres(const char* service) { - printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); -} - -void usage_telnet(const char* service) { - printf("Module telnet is optionally taking the string which is displayed after\n" - "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); -} - -void usage_sapr3(const char* service) { - printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); -} - -void usage_sshkey(const char* service) { - printf("Module sshkey does not provide additional options, although the semantic for\n" - "options -p and -P is changed:\n" - " -p expects a path to an unencrypted private key in PEM format.\n" - " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); -} - -void usage_cisco_enable(const char* service) { - printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" - "Note: if AAA authentication is used, use the -l option for the username\n" - "and the optional parameter for the password of the user.\n" - "Examples:\n" - " hydra -P pass.txt target cisco-enable (direct console access)\n" - " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" - " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); -} - -void usage_cisco(const char* service) { - printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); -} - -void usage_ldap(const char* service) { - printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" - "Note: you can also specify the DN as login when Simple auth method is used).\n" - "The keyword \"^USER^\" is replaced with the login.\n" - "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" - "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" - "So don't forget to set empty string as user/pass to test all modes.\n" - "Hint: to authenticate to a windows active directy ldap, this is usually\n" - " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", service); -} - -void usage_smb(const char* service) { - printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" - "Note: you can set the group type using LOCAL or DOMAIN keyword\n" - " or other_domain:{value} to specify a trusted domain.\n" - " you can set the password type using HASH or MACHINE keyword\n" - " (to use the Machine's NetBIOS name as the password).\n" - " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" - "Example: \n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" - " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); -} - -void usage_http_form(const char* service) { - printf("Module %s requires the page and the parameters for the web form.\n\n" - "By default this module is configured to follow a maximum of 5 redirections in\n" - "a row. It always gathers a new cookie from the same URL without variables\n" - "The parameters take three \":\" separated values, plus optional values.\n" - "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" - "\nSyntax: ::[:[:]\n" - "First is the page on the server to GET or POST to (URL).\n" - "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" - " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" - " placeholders (FORM PARAMETERS)\n" - "Third is the string that it checks for an *invalid* login (by default)\n" - " Invalid condition login check can be preceded by \"F=\", successful condition\n" - " login check must be preceded by \"S=\".\n" - " This is where most people get it wrong. You have to check the webapp what a\n" - " failed string looks like and put it in this parameter!\n" - "The following parameters are optional:\n" - " C=/page/uri to define a different page to gather initial cookies from\n" - " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" - " ^USER^ and ^PASS^ can also be put into these headers!\n" - " Note: 'h' will add the user-defined header at the end\n" - " regardless it's already being sent by Hydra or not.\n" - " 'H' will replace the value of that header if it exists, by the\n" - " one supplied by the user, or add the header at the end\n" - "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" - " All colons that are not option separators should be escaped (see the examples above and below).\n" - " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" - " in the header value itself, as they will be interpreted by hydra as option separators.\n" - "\nExamples:\n" - " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" - " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" - " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" - " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" - " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", - service); -} - -void usage_http_proxy(const char* service) { - printf("Module http-proxy is optionally taking the page to authenticate at.\n" - "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); -} - -void usage_http_proxy_urlenum(const char* service) { - printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" - "The -L loginfile must contain the URL list to try through the proxy.\n" - "The proxy credentials cann be put as the optional parameter, e.g.\n" - " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); -} - -void usage_snmp(const char* service) { - printf("Module snmp is optionally taking the following parameters:\n" - " READ perform read requests (default)\n" - " WRITE perform write requests\n" - " 1 use SNMP version 1 (default)\n" - " 2 use SNMP version 2\n" - " 3 use SNMP version 3\n" - " Note that SNMP version 3 usually uses both login and passwords!\n" - " SNMP version 3 has the following optional sub parameters:\n" - " MD5 use MD5 authentication (default)\n" - " SHA use SHA authentication\n" - " DES use DES encryption\n" - " AES use AES encryption\n" - " if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n" - " only requires a password (or username) not both.\n" - "To combine the options, use colons (\":\"), e.g.:\n" - " hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n" - " hydra -P pass.txt -m 2 target.com snmp\n"); -} - -void usage_http(const char* service) { - printf("Module %s requires the page to authenticate.\n" - "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", service); -} - void module_usage() { int i; if (!hydra_options.service) { From 115a4d007a690621c10d763e08e11ddaa9348cc9 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 24 Jun 2017 15:18:40 +0200 Subject: [PATCH 63/90] forget to move -c option value to restore file data --- Makefile | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- hydra.c | 11 +++---- 2 files changed, 93 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 372e67e..9679ecb 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,90 @@ -all: - @echo Error: you must run "./configure" first +CC=gcc +STRIP=strip +XDEFINES= -DLIBOPENSSL -DHAVE_PCRE -DLIBSVN -DHAVE_ZLIB -DHAVE_MATH_H +XLIBS= -lz -lssl -lpcre -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lcrypto +XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib +XIPATHS= -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1 +PREFIX=/usr/local +XHYDRA_SUPPORT= +STRIP=strip + +HYDRA_LOGO=hydra-logo.o +PWI_LOGO=pw-inspector-logo.o +SEC=-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 + +# +# Makefile for Hydra - (c) 2001-2017 by van Hauser / THC +# +OPTS=-I. -O3 +# -Wall -g -pedantic +LIBS=-lm +BINDIR = /bin +MANDIR ?= /man/man1/ +DATADIR ?= /etc +DESTDIR ?= + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \ + hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c \ + hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \ + hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \ + hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-rdp.c hydra-s7-300.c hydra-redis.c hydra-adam6500.c \ + crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c hydra-rtsp.c hydra-time.c hydra-rpcap.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \ + hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o \ + hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \ + hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \ + hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \ + hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \ + hydra-rdp.o hydra-s7-300.c hydra-adam6500.o \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-rtsp.o hydra-time.o hydra-rpcap.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) + cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) + -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile + diff --git a/hydra.c b/hydra.c index 581fad7..7260b63 100644 --- a/hydra.c +++ b/hydra.c @@ -311,6 +311,7 @@ typedef struct { int exit_found; int max_use; int cidr; + int time_next_attempt; output_format_t outfile_format; char *login; char *loginfile; @@ -2094,7 +2095,7 @@ int main(int argc, char *argv[]) { size_t countinfile = 1, sizeinfile = 0; unsigned long int math2; int i = 0, j = 0, k, error = 0, modusage = 0, ignore_restore = 0, do_switch; - int head_no = 0, target_no = 0, exit_condition = 0, readres, time_next_attempt = 0; + int head_no = 0, target_no = 0, exit_condition = 0, readres; time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time; char *tmpptr, *tmpptr2; char rc, buf[MAXBUF]; @@ -2341,7 +2342,7 @@ int main(int argc, char *argv[]) { break; case 'c': #ifdef MSG_PEEK - time_next_attempt = atoi(optarg); + hydra_options.time_next_attempt = atoi(optarg); #else fprintf(stderr, "[WARNING] -c option can not be used as your operating system is missing the MSG_PEEK feature\n"); #endif @@ -2416,7 +2417,7 @@ int main(int argc, char *argv[]) { printf("%s ", argv[i]); printf("\n"); } - if (hydra_options.tasks > 0 && time_next_attempt) + if (hydra_options.tasks > 0 && hydra_options.time_next_attempt) fprintf(stderr, "[WARNING] when using the -c option, you should also set the task per target to one (-t 1)\n"); if (hydra_options.login != NULL && hydra_options.loginfile != NULL) bail("You can only use -L OR -l, not both\n"); @@ -3697,8 +3698,8 @@ int main(int argc, char *argv[]) { case 1: if (FD_ISSET(hydra_heads[head_no]->sp[0], &fdreadheads)) { do_switch = 1; - if (time_next_attempt > 0) { - if (last_attempt + time_next_attempt >= time(NULL)) { + if (hydra_options.time_next_attempt > 0) { + if (last_attempt + hydra_options.time_next_attempt >= time(NULL)) { if (recv(hydra_heads[head_no]->sp[0], &rc, 1, MSG_PEEK) == 1 && (rc == 'N' || rc == 'n')) do_switch = 0; } else From be47c0e475ad15d2ad9bb38fc32e8fe234dc1123 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 24 Jun 2017 15:18:55 +0200 Subject: [PATCH 64/90] makefile clean --- Makefile | 89 ++------------------------------------------------------ 1 file changed, 2 insertions(+), 87 deletions(-) diff --git a/Makefile b/Makefile index 9679ecb..372e67e 100644 --- a/Makefile +++ b/Makefile @@ -1,90 +1,5 @@ -CC=gcc -STRIP=strip -XDEFINES= -DLIBOPENSSL -DHAVE_PCRE -DLIBSVN -DHAVE_ZLIB -DHAVE_MATH_H -XLIBS= -lz -lssl -lpcre -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lcrypto -XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib -XIPATHS= -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1 -PREFIX=/usr/local -XHYDRA_SUPPORT= -STRIP=strip - -HYDRA_LOGO=hydra-logo.o -PWI_LOGO=pw-inspector-logo.o -SEC=-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 - -# -# Makefile for Hydra - (c) 2001-2017 by van Hauser / THC -# -OPTS=-I. -O3 -# -Wall -g -pedantic -LIBS=-lm -BINDIR = /bin -MANDIR ?= /man/man1/ -DATADIR ?= /etc -DESTDIR ?= - -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ - hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ - hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \ - hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c \ - hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \ - hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \ - hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \ - hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-rdp.c hydra-s7-300.c hydra-redis.c hydra-adam6500.c \ - crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c hydra-rtsp.c hydra-time.c hydra-rpcap.c -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ - hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ - hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \ - hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o \ - hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \ - hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \ - hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \ - hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \ - hydra-rdp.o hydra-s7-300.c hydra-adam6500.o \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-rtsp.o hydra-time.o hydra-rpcap.o -BINS = hydra pw-inspector - -EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ - hydra-mod.h hydra.h crc32.h d3des.h - -all: pw-inspector hydra $(XHYDRA_SUPPORT) - @echo - @echo Now type "make install" - -hydra: hydra.c $(OBJ) - $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) - @echo - @echo If men could get pregnant, abortion would be a sacrament - @echo - -xhydra: - -cd hydra-gtk && sh ./make_xhydra.sh - -pw-inspector: pw-inspector.c - -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c - -.c.o: - $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) - -strip: all - strip $(BINS) - -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null - -install: strip - -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) - cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) - -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) +all: + @echo Error: you must run "./configure" first clean: - rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile - From 6a6c58c9255dd2e3398757e2c29cf01abb54f99d Mon Sep 17 00:00:00 2001 From: mindon Date: Sat, 24 Jun 2017 08:26:39 -0500 Subject: [PATCH 65/90] Reset redirect flag and fix redirect port error issue fix following 2 issues: 1. when fail is a redirect url, matched is not - but the redirect flag is still 1 - causing match missed 2. when redirect to a relative url on a port not 80, it fails to attach the port to the redirect url --- hydra-http-form.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 8d7ce36..89eeb7c 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -468,7 +468,8 @@ return -1 if no response from server */ int analyze_server_response(int s) { int runs = 0; - + redirected_flag = 0; + auth_flag = 0; while ((buf = hydra_receive_line(s)) != NULL) { runs++; //check for http redirection @@ -848,6 +849,10 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc str3[0] = '/'; } + if(strrchr(url, ':') == NULL && port != 80) { + sprintf(str2, "%s:%d", str2, port); + } + if (verbose) hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3); From bea6cbe821dc61a329b152f7089ec1af521da7ec Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 25 Jun 2017 16:27:12 +0200 Subject: [PATCH 66/90] write restore file if final threads did not complete --- hydra.c | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/hydra.c b/hydra.c index 7260b63..9cde76c 100644 --- a/hydra.c +++ b/hydra.c @@ -2417,7 +2417,7 @@ int main(int argc, char *argv[]) { printf("%s ", argv[i]); printf("\n"); } - if (hydra_options.tasks > 0 && hydra_options.time_next_attempt) + if (hydra_options.tasks > 1 && hydra_options.time_next_attempt) fprintf(stderr, "[WARNING] when using the -c option, you should also set the task per target to one (-t 1)\n"); if (hydra_options.login != NULL && hydra_options.loginfile != NULL) bail("You can only use -L OR -l, not both\n"); @@ -3932,6 +3932,7 @@ int main(int argc, char *argv[]) { exit_condition = hydra_check_for_exit_condition(); } + process_restore = 0; if (debug) printf("[DEBUG] while loop left with %d\n", exit_condition); @@ -3961,6 +3962,26 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] illegal target result value (%d=>%d)\n", i, hydra_targets[i]->done); } + printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", + hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s"); + + if (error == 0 && j == 0) { + process_restore = 0; + unlink(RESTOREFILE); + } else { + k = 0; + for (j = 0; j < hydra_options.max_use; j++) + if (hydra_heads[j]->active > 0) + k++; + if (hydra_options.cidr == 0 && k == 0) { + printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); + hydra_restore_write(1); + } else if (k > 0) { + printf("[WARNING] Writing restore file because %d final worker threads did not complete until end.\n", k); + hydra_restore_write(1); + } + } + if (debug) printf("[DEBUG] killing all remaining childs now that might be stuck\n"); for (i = 0; i < hydra_options.max_use; i++) @@ -3968,18 +3989,7 @@ int main(int argc, char *argv[]) { hydra_kill_head(i, 1, 3); (void) wait3(NULL, WNOHANG, NULL); - printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", - hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s"); - if (error == 0 && j == 0) { - process_restore = 0; - unlink(RESTOREFILE); - } else { - if (hydra_options.cidr == 0) { - printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); - hydra_restore_write(1); - } - } - #define STRMAX (10*1024) +#define STRMAX (10*1024) char json_error[STRMAX+2], tmp_str[STRMAX+2]; memset(json_error, 0, STRMAX+2); memset(tmp_str, 0, STRMAX+2); From b4acb367f565e9c0bb3cf2c3215690912b63814a Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 25 Jun 2017 16:52:56 +0200 Subject: [PATCH 67/90] better head/target state documentation --- hydra.c | 113 +++++++++++++++++++++++++++++--------------------------- 1 file changed, 59 insertions(+), 54 deletions(-) diff --git a/hydra.c b/hydra.c index 9cde76c..5f3bb74 100644 --- a/hydra.c +++ b/hydra.c @@ -220,10 +220,16 @@ void hydra_kill_head(int head_no, int killit, int fail); // some enum definitions typedef enum { - STATE_ACTIVE = 0, - STATE_FINISHED = 1, - STATE_ERROR = 2, - STATE_UNRESOLVED = 3 + HEAD_DISABLED = -1, + HEAD_UNUSED = 0, + HEAD_ACTIVE = 1 +} head_state_t; + +typedef enum { + TARGET_ACTIVE = 0, + TARGET_FINISHED = 1, + TARGET_ERROR = 2, + TARGET_UNRESOLVED = 3 } target_state_t; typedef enum { @@ -251,7 +257,7 @@ typedef struct { char *current_login_ptr; char *current_pass_ptr; char reverse[256]; - int active; + head_state_t active; int redo; time_t last_seen; } hydra_head; @@ -645,14 +651,14 @@ void hydra_debug(int force, char *string) { return; for (i = 0; i < hydra_options.max_use; i++) { - if (hydra_heads[i]->active >= 0) { + if (hydra_heads[i]->active >= HEAD_UNUSED) { printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr %s current_pass_ptr %s\n", i, (int) hydra_heads[i]->pid, hydra_heads[i]->active, hydra_heads[i]->redo, STR_NULL(hydra_heads[i]->current_login_ptr), STR_NULL(hydra_heads[i]->current_pass_ptr)); - if (hydra_heads[i]->active == 0) + if (hydra_heads[i]->active == HEAD_UNUSED) inactive++; else active++; @@ -677,7 +683,7 @@ void hydra_restore_write(int print_msg) { return; for (i = 0; i < hydra_brains.targets; i++) - if (hydra_targets[j]->done != STATE_FINISHED && hydra_targets[j]->done != STATE_UNRESOLVED) + if (hydra_targets[j]->done != TARGET_FINISHED && hydra_targets[j]->done != TARGET_UNRESOLVED) j++; if (j == 0) { process_restore = 0; @@ -719,7 +725,7 @@ void hydra_restore_write(int print_msg) { if (hydra_options.colonfile == NULL || hydra_options.colonfile == empty_login) fck = fwrite(pass_ptr, hydra_brains.sizepass, 1, f); for (j = 0; j < hydra_brains.targets; j++) - if (hydra_targets[j]->done != STATE_FINISHED) { + if (hydra_targets[j]->done != TARGET_FINISHED) { fck = fwrite(hydra_targets[j], sizeof(hydra_target), 1, f); fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int) (hydra_targets[j]->login_ptr - login_ptr), (int) (hydra_targets[j]->pass_ptr - pass_ptr)); @@ -1152,7 +1158,7 @@ void hydra_service_init(int target_no) { if (x > 0 && x < 4) hydra_targets[target_no]->done = x; else - hydra_targets[target_no]->done = STATE_ERROR; + hydra_targets[target_no]->done = TARGET_ERROR; hydra_brains.finished++; if (hydra_brains.targets == 1) exit(-1); @@ -1168,7 +1174,7 @@ int hydra_spawn_head(int head_no, int target_no) { return -1; } - if (hydra_heads[head_no]->active < 0) { + if (hydra_heads[head_no]->active == HEAD_DISABLED) { printf("[DEBUG-ERROR] child %d should not be respawned!\n", head_no); return -1; } @@ -1235,7 +1241,7 @@ int hydra_spawn_head(int head_no, int target_no) { (void) fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); if (hydra_heads[head_no]->redo != 1) hydra_heads[head_no]->target_no = target_no; - hydra_heads[head_no]->active = 1; + hydra_heads[head_no]->active = HEAD_ACTIVE; hydra_targets[hydra_heads[head_no]->target_no]->use_count++; hydra_brains.active++; hydra_heads[head_no]->last_seen = time(NULL); @@ -1244,14 +1250,14 @@ int hydra_spawn_head(int head_no, int target_no) { } else { perror("[ERROR] Fork for children failed"); hydra_heads[head_no]->sp[0] = -1; - hydra_heads[head_no]->active = 0; + hydra_heads[head_no]->active = HEAD_UNUSED; return -1; } } } else { perror("[ERROR] socketpair creation failed"); hydra_heads[head_no]->sp[0] = -1; - hydra_heads[head_no]->active = 0; + hydra_heads[head_no]->active = HEAD_UNUSED; return -1; } return 0; @@ -1348,7 +1354,7 @@ void hydra_kill_head(int head_no, int killit, int fail) { printf("[DEBUG] head_no %d, kill %d, fail %d\n", head_no, killit, fail); if (head_no < 0) return; - if (hydra_heads[head_no]->active > 0 || (hydra_heads[head_no]->sp[0] > 2 && hydra_heads[head_no]->sp[1] > 2)) { + if (hydra_heads[head_no]->active == HEAD_ACTIVE || (hydra_heads[head_no]->sp[0] > 2 && hydra_heads[head_no]->sp[1] > 2)) { close(hydra_heads[head_no]->sp[0]); close(hydra_heads[head_no]->sp[1]); } @@ -1357,8 +1363,8 @@ void hydra_kill_head(int head_no, int killit, int fail) { kill(hydra_heads[head_no]->pid, SIGTERM); hydra_brains.active--; } - if (hydra_heads[head_no]->active > 0) { - hydra_heads[head_no]->active = 0; + if (hydra_heads[head_no]->active == HEAD_ACTIVE) { + hydra_heads[head_no]->active = HEAD_UNUSED; hydra_targets[hydra_heads[head_no]->target_no]->use_count--; } if (fail == 1) { @@ -1366,11 +1372,11 @@ void hydra_kill_head(int head_no, int killit, int fail) { hydra_heads[head_no]->redo = 1; } else if (fail == 2) { if (hydra_options.cidr != 1) - hydra_heads[head_no]->active = -1; + hydra_heads[head_no]->active = HEAD_DISABLED; if (hydra_heads[head_no]->target_no >= 0) hydra_targets[hydra_heads[head_no]->target_no]->failed++; } else if (fail == 3) { - hydra_heads[head_no]->active = -1; + hydra_heads[head_no]->active = HEAD_DISABLED; if (hydra_heads[head_no]->target_no >= 0) hydra_targets[hydra_heads[head_no]->target_no]->failed++; } @@ -1407,11 +1413,11 @@ void hydra_increase_fail_count(int target_no, int head_no) { if (hydra_targets[target_no]->fail_count >= maxfail) { k = 0; for (i = 0; i < hydra_options.max_use; i++) - if (hydra_heads[i]->active >= 0 && hydra_heads[i]->target_no == target_no) + if (hydra_heads[i]->active >= HEAD_UNUSED && hydra_heads[i]->target_no == target_no) k++; if (k <= 1) { // we need to put this in a list, otherwise we fail one login+pw test - if (hydra_targets[target_no]->done == STATE_ACTIVE + if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { @@ -1426,11 +1432,11 @@ void hydra_increase_fail_count(int target_no, int head_no) { hydra_heads[head_no]->current_pass_ptr = empty_login; } if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) { - if (hydra_targets[target_no]->done == STATE_ACTIVE && hydra_options.max_use == hydra_targets[target_no]->failed) { + if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.max_use == hydra_targets[target_no]->failed) { if (hydra_targets[target_no]->ok == 1) - hydra_targets[target_no]->done = STATE_ERROR; // mark target as done by errors + hydra_targets[target_no]->done = TARGET_ERROR; // mark target as done by errors else - hydra_targets[target_no]->done = STATE_UNRESOLVED; // mark target as done by unable to connect + hydra_targets[target_no]->done = TARGET_UNRESOLVED; // mark target as done by unable to connect hydra_brains.finished++; fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 @@ -1443,7 +1449,7 @@ void hydra_increase_fail_count(int target_no, int head_no) { } // we keep the last one alive as long as it make sense } else { // we need to put this in a list, otherwise we fail one login+pw test - if (hydra_targets[target_no]->done == STATE_ACTIVE + if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { @@ -1538,8 +1544,8 @@ int hydra_send_next_pair(int target_no, int head_no) { snpdone = 1; } else { if (hydra_targets[target_no]->sent >= hydra_brains.todo + hydra_targets[target_no]->redo) { - if (hydra_targets[target_no]->done == STATE_ACTIVE) { - hydra_targets[target_no]->done = STATE_FINISHED; + if (hydra_targets[target_no]->done == TARGET_ACTIVE) { + hydra_targets[target_no]->done = TARGET_FINISHED; hydra_brains.finished++; if (verbose) printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); @@ -1579,8 +1585,8 @@ int hydra_send_next_pair(int target_no, int head_no) { snpdone = 1; } else { // if a pair does not complete after this point it is lost - if (hydra_targets[target_no]->done == STATE_ACTIVE) { - hydra_targets[target_no]->done = STATE_FINISHED; + if (hydra_targets[target_no]->done == TARGET_ACTIVE) { + hydra_targets[target_no]->done = TARGET_FINISHED; hydra_brains.finished++; if (verbose) printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); @@ -1589,7 +1595,7 @@ int hydra_send_next_pair(int target_no, int head_no) { return -1; } } else { // normale state, no redo - if (hydra_targets[target_no]->done != STATE_ACTIVE) { + if (hydra_targets[target_no]->done != TARGET_ACTIVE) { loop_cnt = 0; return -1; // head will be disabled by main while() } @@ -1805,8 +1811,8 @@ int hydra_send_next_pair(int target_no, int head_no) { if (!snpdone || hydra_targets[target_no]->skipcnt >= hydra_brains.countlogin) { fck = write(hydra_heads[head_no]->sp[0], HYDRA_EXIT, sizeof(HYDRA_EXIT)); if (hydra_targets[target_no]->use_count <= 1) { - if (hydra_targets[target_no]->done == STATE_ACTIVE) { - hydra_targets[target_no]->done = STATE_FINISHED; + if (hydra_targets[target_no]->done == TARGET_ACTIVE) { + hydra_targets[target_no]->done = TARGET_FINISHED; hydra_brains.finished++; if (verbose) printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); @@ -1942,7 +1948,7 @@ int hydra_check_for_exit_condition() { if (hydra_brains.active < 1) { // no head active?! check if they are all disabled, if so, we are done for (i = 0; i < hydra_options.max_use && k == 0; i++) - if (hydra_heads[i]->active >= 0) + if (hydra_heads[i]->active >= HEAD_UNUSED) k = 1; if (k == 0) { fprintf(stderr, "[ERROR] all children were disabled due too many connection errors\n"); @@ -1956,7 +1962,7 @@ int hydra_select_target() { int target_no = -1, i, j = -1000; for (i = 0; i < hydra_brains.targets; i++) - if (hydra_targets[i]->use_count < hydra_options.tasks && hydra_targets[i]->done == STATE_ACTIVE) + if (hydra_targets[i]->use_count < hydra_options.tasks && hydra_targets[i]->done == TARGET_ACTIVE) if (j < hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count) { target_no = i; j = hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count; @@ -3558,7 +3564,7 @@ int main(int argc, char *argv[]) { printf("[failed for %s] ", hydra_targets[i]->target); else fprintf(stderr, "[ERROR] could not resolve address: %s\n", hydra_targets[i]->target); - hydra_targets[i]->done = STATE_UNRESOLVED; + hydra_targets[i]->done = TARGET_UNRESOLVED; hydra_brains.finished++; } } else { @@ -3580,7 +3586,7 @@ int main(int argc, char *argv[]) { if ((strcmp(hydra_options.service, "socks5") == 0) || (strcmp(hydra_options.service, "sip") == 0)) { fprintf(stderr, "[ERROR] Target %s resolves to an IPv6 address, however module %s does not support this. Maybe try \"-4\" option. Sending in patches helps.\n", hydra_targets[i]->target, hydra_options.service); - hydra_targets[i]->done = STATE_UNRESOLVED; + hydra_targets[i]->done = TARGET_UNRESOLVED; hydra_brains.finished++; } else { hydra_targets[i]->ip[0] = 16; @@ -3605,7 +3611,7 @@ int main(int argc, char *argv[]) { printf("[failed for %s] ", hydra_targets[i]->target); else fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", hydra_targets[i]->target); - hydra_targets[i]->done = STATE_UNRESOLVED; + hydra_targets[i]->done = TARGET_UNRESOLVED; hydra_brains.finished++; } freeaddrinfo(res); @@ -3660,7 +3666,7 @@ int main(int argc, char *argv[]) { max_fd = 0; FD_ZERO(&fdreadheads); for (head_no = 0, max_fd = 1; head_no < hydra_options.max_use; head_no++) { - if (hydra_heads[head_no]->active > 0) { + if (hydra_heads[head_no]->active == HEAD_ACTIVE) { FD_SET(hydra_heads[head_no]->sp[0], &fdreadheads); if (max_fd < hydra_heads[head_no]->sp[0]) max_fd = hydra_heads[head_no]->sp[0]; @@ -3670,14 +3676,13 @@ int main(int argc, char *argv[]) { tmp_time = time(NULL); for (head_no = 0; head_no < hydra_options.max_use; head_no++) { - if (debug > 1 && hydra_heads[head_no]->active != -1) + if (debug > 1 && hydra_heads[head_no]->active != HEAD_DISABLED) printf("[DEBUG] head_no[%d] to target_no %d active %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->active); switch (hydra_heads[head_no]->active) { - case -1: - // disabled head, ignored + case HEAD_DISABLED: break; - case 0: + case HEAD_UNUSED: if (hydra_heads[head_no]->redo) { hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); } else { @@ -3695,7 +3700,7 @@ int main(int argc, char *argv[]) { hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1 } break; - case 1: + case HEAD_ACTIVE: if (FD_ISSET(hydra_heads[head_no]->sp[0], &fdreadheads)) { do_switch = 1; if (hydra_options.time_next_attempt > 0) { @@ -3792,15 +3797,15 @@ int main(int argc, char *argv[]) { fflush(hydra_brains.ofp); } if (hydra_options.exit_found) { // option set says quit target after on valid login/pass pair is found - if (hydra_targets[hydra_heads[head_no]->target_no]->done == STATE_ACTIVE) { - hydra_targets[hydra_heads[head_no]->target_no]->done = STATE_FINISHED; // mark target as done + if (hydra_targets[hydra_heads[head_no]->target_no]->done == TARGET_ACTIVE) { + hydra_targets[hydra_heads[head_no]->target_no]->done = TARGET_FINISHED; // mark target as done hydra_brains.finished++; printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); } if (hydra_options.exit_found == 2) { for (j = 0; j < hydra_brains.targets; j++) - if (hydra_targets[j]->done == STATE_ACTIVE) { - hydra_targets[j]->done = STATE_FINISHED; + if (hydra_targets[j]->done == TARGET_ACTIVE) { + hydra_targets[j]->done = TARGET_FINISHED; hydra_brains.finished++; } } @@ -3906,7 +3911,7 @@ int main(int argc, char *argv[]) { } k = 0; for (j = 0; j < hydra_options.max_use; j++) - if (hydra_heads[j]->active >= 0) + if (hydra_heads[j]->active >= HEAD_UNUSED) k++; /* I think we don't need this anymore if ((hydra_brains.todo_all + total_redo_count) < hydra_brains.sent) { //in case of overflow of unsigned "-1" @@ -3940,18 +3945,18 @@ int main(int argc, char *argv[]) { j = k = error = 0; for (i = 0; i < hydra_brains.targets; i++) switch (hydra_targets[i]->done) { - case STATE_UNRESOLVED: + case TARGET_UNRESOLVED: k++; break; - case STATE_ERROR: + case TARGET_ERROR: if (hydra_targets[i]->ok == 0) k++; else error++; break; - case STATE_FINISHED: + case TARGET_FINISHED: break; - case STATE_ACTIVE: + case TARGET_ACTIVE: if (hydra_targets[i]->ok == 0) k++; else @@ -3971,7 +3976,7 @@ int main(int argc, char *argv[]) { } else { k = 0; for (j = 0; j < hydra_options.max_use; j++) - if (hydra_heads[j]->active > 0) + if (hydra_heads[j]->active == HEAD_ACTIVE) k++; if (hydra_options.cidr == 0 && k == 0) { printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); @@ -3985,7 +3990,7 @@ int main(int argc, char *argv[]) { if (debug) printf("[DEBUG] killing all remaining childs now that might be stuck\n"); for (i = 0; i < hydra_options.max_use; i++) - if (hydra_heads[i]->active > 0 && hydra_heads[i]->pid > 0) + if (hydra_heads[i]->active == HEAD_ACTIVE && hydra_heads[i]->pid > 0) hydra_kill_head(i, 1, 3); (void) wait3(NULL, WNOHANG, NULL); From 13942efbbd2918e54624933a81f1a31bf2c91536 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 26 Jun 2017 09:50:47 +0200 Subject: [PATCH 68/90] ? --- hydra.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/hydra.c b/hydra.c index 5f3bb74..ac8210e 100644 --- a/hydra.c +++ b/hydra.c @@ -3970,14 +3970,15 @@ int main(int argc, char *argv[]) { printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s"); - if (error == 0 && j == 0) { + k = 0; + for (j = 0; j < hydra_options.max_use; j++) + if (hydra_heads[j]->active == HEAD_ACTIVE) + k++; + + if (error == 0 && j == 0 && k == 0) { process_restore = 0; unlink(RESTOREFILE); } else { - k = 0; - for (j = 0; j < hydra_options.max_use; j++) - if (hydra_heads[j]->active == HEAD_ACTIVE) - k++; if (hydra_options.cidr == 0 && k == 0) { printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); hydra_restore_write(1); From 43c9ab09e57f061aa82391954d8c99aeceb7890d Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 26 Jun 2017 13:37:55 +0200 Subject: [PATCH 69/90] print test username --- hydra-ssh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-ssh.c b/hydra-ssh.c index cb3acfe..636237e 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -172,7 +172,7 @@ int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FIL ssh_session session = ssh_new(); if (verbose || debug) - printf("[INFO] Testing if password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port); + printf("[INFO] Testing if password authentication is supported by ssh://%s@%s:%d\n", miscptr == NULL ? "hydra" : "miscptr", hydra_address2string(ip), port); ssh_options_set(session, SSH_OPTIONS_PORT, &port); ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); if (miscptr == NULL) From eff86754f2810c220c7551357f6970ea9a3a010e Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 26 Jun 2017 16:35:38 +0200 Subject: [PATCH 70/90] fix --- hydra-ssh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-ssh.c b/hydra-ssh.c index 636237e..d73a949 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -172,7 +172,7 @@ int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FIL ssh_session session = ssh_new(); if (verbose || debug) - printf("[INFO] Testing if password authentication is supported by ssh://%s@%s:%d\n", miscptr == NULL ? "hydra" : "miscptr", hydra_address2string(ip), port); + printf("[INFO] Testing if password authentication is supported by ssh://%s@%s:%d\n", miscptr == NULL ? "hydra" : miscptr, hydra_address2string(ip), port); ssh_options_set(session, SSH_OPTIONS_PORT, &port); ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); if (miscptr == NULL) From b43514dc4576e7020ed48cb4bdee5e2a12e4c9d8 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 27 Jun 2017 11:12:47 +0200 Subject: [PATCH 71/90] -c enforces -t 1 now --- hydra.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/hydra.c b/hydra.c index ac8210e..e0eb9a4 100644 --- a/hydra.c +++ b/hydra.c @@ -530,7 +530,7 @@ void help(int ext) { PRINT_EXTEND(ext, " -T TASKS run TASKS connects in parallel overall (for -M, default: %d)\n" " -w / -W TIME wait time for a response (%d) / between connects per thread (%d)\n" #ifdef MSG_PEEK - " -c TIME wait time per login attempt over all threads (-t 1 is recommended)\n" + " -c TIME wait time per login attempt over all threads (enforces -t 1)\n" #endif " -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)\n" " -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n" @@ -2349,6 +2349,13 @@ int main(int argc, char *argv[]) { case 'c': #ifdef MSG_PEEK hydra_options.time_next_attempt = atoi(optarg); + if (hydra_options.time_next_attempt < 0) { + fprintf(stderr, "[ERROR] -c option value can not be negative\n"); + exit(-1); + } else if (hydra_options.time_next_attempt > 0) { + printf("[INFO] setting max tasks per host to 1 due to -c option usage\n"); + hydra_options.tasks = 1; + } #else fprintf(stderr, "[WARNING] -c option can not be used as your operating system is missing the MSG_PEEK feature\n"); #endif @@ -3970,12 +3977,13 @@ int main(int argc, char *argv[]) { printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s"); + error += j; k = 0; for (j = 0; j < hydra_options.max_use; j++) if (hydra_heads[j]->active == HEAD_ACTIVE) k++; - if (error == 0 && j == 0 && k == 0) { + if (error == 0 && k == 0) { process_restore = 0; unlink(RESTOREFILE); } else { @@ -4022,7 +4030,7 @@ int main(int argc, char *argv[]) { } error = 1; } - if (j) { + if (error) { snprintf(tmp_str, STRMAX, "[ERROR] %d target%s did not complete", j, j == 1 ? "" : "s"); fprintf(stderr, "%s\n", tmp_str); if (*json_error) { From abb83694aad34a63a8c83be78932c14e8bd5b844 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 27 Jun 2017 11:14:56 +0200 Subject: [PATCH 72/90] -c enforces -t 1 now --- hydra.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/hydra.c b/hydra.c index e0eb9a4..94310b4 100644 --- a/hydra.c +++ b/hydra.c @@ -2352,10 +2352,7 @@ int main(int argc, char *argv[]) { if (hydra_options.time_next_attempt < 0) { fprintf(stderr, "[ERROR] -c option value can not be negative\n"); exit(-1); - } else if (hydra_options.time_next_attempt > 0) { - printf("[INFO] setting max tasks per host to 1 due to -c option usage\n"); - hydra_options.tasks = 1; - } + } #else fprintf(stderr, "[WARNING] -c option can not be used as your operating system is missing the MSG_PEEK feature\n"); #endif @@ -2399,6 +2396,11 @@ int main(int argc, char *argv[]) { } } + if (hydra_options.time_next_attempt > 0 && hydra_options.tasks != 1) { + printf("[INFO] setting max tasks per host to 1 due to -c option usage\n"); + hydra_options.tasks = 1; + } + //check if output is redirected from the shell or in a file if (colored_output && !isatty(fileno(stdout))) colored_output = 0; From 74931e3b588d40d83da640d9bc7c7e2b2bcecfe5 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 27 Jun 2017 11:36:35 +0200 Subject: [PATCH 73/90] ensure null terminated entries in restore file --- hydra.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hydra.c b/hydra.c index 94310b4..de94138 100644 --- a/hydra.c +++ b/hydra.c @@ -721,9 +721,9 @@ void hydra_restore_write(int print_msg) { else fprintf(f, "%s\n", hydra_options.outfile_ptr); fprintf(f, "%s\n%s\n", hydra_options.miscptr == NULL ? "" : hydra_options.miscptr, hydra_options.service); - fck = fwrite(login_ptr, hydra_brains.sizelogin, 1, f); + fck = fwrite(login_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, 1, f); if (hydra_options.colonfile == NULL || hydra_options.colonfile == empty_login) - fck = fwrite(pass_ptr, hydra_brains.sizepass, 1, f); + fck = fwrite(pass_ptr, hydra_brains.sizepass + hydra_brains.countpass + 8, 1, f); for (j = 0; j < hydra_brains.targets; j++) if (hydra_targets[j]->done != TARGET_FINISHED) { fck = fwrite(hydra_targets[j], sizeof(hydra_target), 1, f); @@ -871,13 +871,13 @@ void hydra_restore_read() { if (debug) printf("[DEBUG] reading restore file: Step 8 complete\n"); - login_ptr = malloc(hydra_brains.sizelogin); - fck = (int) fread(login_ptr, hydra_brains.sizelogin, 1, f); + login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); + fck = (int) fread(login_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, 1, f); if (debug) printf("[DEBUG] reading restore file: Step 9 complete\n"); if (!check_flag(hydra_options.mode, MODE_COLON_FILE)) { // NOT colonfile mode - pass_ptr = malloc(hydra_brains.sizepass); - fck = (int) fread(pass_ptr, hydra_brains.sizepass, 1, f); + pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); + fck = (int) fread(pass_ptr, hydra_brains.sizepass + hydra_brains.countpass + 8, 1, f); } else { // colonfile mode hydra_options.colonfile = empty_login; // dummy pass_ptr = csv_ptr = login_ptr; From f124c26fc6e86cde8e5b009312c4e8ac0137b615 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 5 Jul 2017 08:48:00 +0200 Subject: [PATCH 74/90] big int to stdint switch --- Makefile | 89 ++++++- bfg.c | 27 +- bfg.h | 6 +- crc32.c | 14 +- crc32.h | 2 +- d3des.c | 9 +- d3des.h | 9 +- hmacmd5.c | 12 +- hmacmd5.h | 15 +- hydra-adam6500.c | 16 +- hydra-afp.c | 17 +- hydra-asterisk.c | 12 +- hydra-cisco-enable.c | 28 +-- hydra-cisco.c | 18 +- hydra-cvs.c | 16 +- hydra-firebird.c | 12 +- hydra-ftp.c | 16 +- hydra-http-form.c | 62 ++--- hydra-http-proxy-urlenum.c | 16 +- hydra-http-proxy.c | 14 +- hydra-http.c | 26 +- hydra-icq.c | 36 +-- hydra-imap.c | 30 +-- hydra-irc.c | 26 +- hydra-ldap.c | 30 +-- hydra-mod.c | 156 ++++++------ hydra-mod.h | 66 ++--- hydra-mssql.c | 14 +- hydra-mysql.c | 28 +-- hydra-ncp.c | 19 +- hydra-nntp.c | 28 +-- hydra-oracle-listener.c | 38 +-- hydra-oracle-sid.c | 14 +- hydra-oracle.c | 12 +- hydra-pcanywhere.c | 36 +-- hydra-pcnfs.c | 10 +- hydra-pop3.c | 40 +-- hydra-postgres.c | 12 +- hydra-rdp.c | 164 ++++++------ hydra-redis.c | 20 +- hydra-rexec.c | 14 +- hydra-rlogin.c | 14 +- hydra-rpcap.c | 16 +- hydra-rsh.c | 14 +- hydra-rtsp.c | 24 +- hydra-s7-300.c | 24 +- hydra-sapr3.c | 18 +- hydra-sip.c | 54 ++-- hydra-smb.c | 84 +++---- hydra-smtp-enum.c | 18 +- hydra-smtp.c | 26 +- hydra-snmp.c | 34 +-- hydra-socks5.c | 16 +- hydra-ssh.c | 14 +- hydra-sshkey.c | 12 +- hydra-svn.c | 16 +- hydra-teamspeak.c | 18 +- hydra-telnet.c | 20 +- hydra-time.c | 8 +- hydra-vmauthd.c | 12 +- hydra-vnc.c | 20 +- hydra-xmpp.c | 28 +-- hydra.c | 504 ++++++++++++++++++------------------- hydra.h | 9 +- libpq-fe.h | 132 +++++----- ntlm.c | 98 ++++---- ntlm.h | 21 +- performance.h | 14 +- postgres_ext.h | 4 +- pw-inspector.c | 12 +- rdp.h | 24 +- sasl.c | 56 ++--- sasl.h | 6 +- 73 files changed, 1364 insertions(+), 1235 deletions(-) diff --git a/Makefile b/Makefile index 372e67e..6019d93 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,90 @@ -all: - @echo Error: you must run "./configure" first +CC=gcc +STRIP=strip +XDEFINES= -DLIBOPENSSL -DHAVE_PCRE -DLIBSVN -DLIBSSH -DHAVE_ZLIB -DHAVE_MATH_H +XLIBS= -lz -lssl -lpcre -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto +XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib -L/usr/local/lib -L/lib +XIPATHS= -I/usr/include -I/usr/local/include -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1 +PREFIX=/usr/local +XHYDRA_SUPPORT= +STRIP=strip + +HYDRA_LOGO=hydra-logo.o +PWI_LOGO=pw-inspector-logo.o +SEC=-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 + +# +# Makefile for Hydra - (c) 2001-2017 by van Hauser / THC +# +OPTS=-I. -O3 +# -Wall -g -pedantic +LIBS=-lm +BINDIR = /bin +MANDIR ?= /man/man1/ +DATADIR ?= /etc +DESTDIR ?= + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \ + hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c \ + hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \ + hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \ + hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-rdp.c hydra-s7-300.c hydra-redis.c hydra-adam6500.c \ + crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c hydra-rtsp.c hydra-time.c hydra-rpcap.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \ + hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o \ + hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \ + hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \ + hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \ + hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \ + hydra-rdp.o hydra-s7-300.c hydra-adam6500.o \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-rtsp.o hydra-time.o hydra-rpcap.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) + cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) + -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile + diff --git a/bfg.c b/bfg.c index bfe5806..89b115b 100644 --- a/bfg.c +++ b/bfg.c @@ -6,15 +6,22 @@ #include #include #include +#ifdef __sun + #include +#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) + #include +#else + #include +#endif #include "bfg.h" bf_option bf_options; #ifdef HAVE_MATH_H -extern int debug; +extern int32_t debug; -static int add_single_char(char ch, char flags, int* crs_len) { +static int32_t add_single_char(char ch, char flags, int32_t* crs_len) { if ((ch >= '2' && ch <= '9') || ch == '0') { if ((flags & BF_NUMS) > 0) { printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", ch); @@ -22,7 +29,7 @@ static int add_single_char(char ch, char flags, int* crs_len) { } //printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", ch); } - if (tolower((int) ch) >= 'b' && tolower((int) ch) <= 'z') { + if (tolower((int32_t) ch) >= 'b' && tolower((int32_t) ch) <= 'z') { if ((ch <= 'Z' && (flags & BF_UPPER) > 0) || (ch > 'Z' && (flags & BF_UPPER) > 0)) { printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", ch, ch <= 'Z' ? 'A' : 'a'); return 0; @@ -43,9 +50,9 @@ static int add_single_char(char ch, char flags, int* crs_len) { // // note that we check for -x .:.:ab but not for -x .:.:ba // -int bf_init(char *arg) { - int i = 0; - int crs_len = 0; +int32_t bf_init(char *arg) { + int32_t i = 0; + int32_t crs_len = 0; char flags = 0; char *tmp = strchr(arg, ':'); @@ -165,10 +172,10 @@ int bf_init(char *arg) { } -unsigned long int bf_get_pcount() { - int i; +uint64_t bf_get_pcount() { + int32_t i; double count = 0; - unsigned long int foo; + uint64_t foo; for (i = bf_options.from; i <= bf_options.to; i++) count += (pow((double) bf_options.crs_len, (double) i)); @@ -183,7 +190,7 @@ unsigned long int bf_get_pcount() { char *bf_next() { - int i, pos = bf_options.current - 1; + int32_t i, pos = bf_options.current - 1; if (bf_options.current > bf_options.to) return NULL; // we are done diff --git a/bfg.h b/bfg.h index 3ed42d2..2ac5f49 100644 --- a/bfg.h +++ b/bfg.h @@ -40,14 +40,14 @@ typedef struct { char *arg; /* argument received for bfg commandline option */ char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ - unsigned int disable_symbols; + uint32_t disable_symbols; } bf_option; extern bf_option bf_options; #ifdef HAVE_MATH_H -extern unsigned long int bf_get_pcount(); -extern int bf_init(char *arg); +extern uint64_t bf_get_pcount(); +extern int32_t bf_init(char *arg); extern char *bf_next(); #endif diff --git a/crc32.c b/crc32.c index 44bd6ce..364cfa4 100644 --- a/crc32.c +++ b/crc32.c @@ -1,4 +1,3 @@ - /*- * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or * code or tables extracted from it, as desired without restriction. @@ -42,8 +41,15 @@ */ #include +#ifdef __sun + #include +#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) + #include +#else + #include +#endif -unsigned int crc32_tab[] = { +uint32_t crc32_tab[] = { 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, @@ -91,9 +97,9 @@ unsigned int crc32_tab[] = { #ifndef HAVE_ZLIB -unsigned int crc32(const void *buf, unsigned int size) { +uint32_t crc32(const void *buf, uint32_t size) { const unsigned char *p; - unsigned int crc; + uint32_t crc; p = buf; crc = ~0U; diff --git a/crc32.h b/crc32.h index cfd45cb..575aefa 100644 --- a/crc32.h +++ b/crc32.h @@ -4,7 +4,7 @@ #include #ifndef HAVE_ZLIB -unsigned int crc32(const void *buf, unsigned int size); +uint32_t crc32(const void *buf, uint32_t size); #endif #endif diff --git a/d3des.c b/d3des.c index 9dc4912..7f964ea 100644 --- a/d3des.c +++ b/d3des.c @@ -1,4 +1,3 @@ - /* 2001 van Hauser for Hydra: commented out KnR Kn3 and Df_Key to remove compiler warnings for unused definitions. */ @@ -84,9 +83,9 @@ static unsigned char pc2[48] = { void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ unsigned char *key; - int edf; + int32_t edf; { - register int i, j, l, m, n; + register int32_t i, j, l, m, n; unsigned char pc1m[56], pcr[56]; unsigned long kn[32]; @@ -132,7 +131,7 @@ static void cookey(raw1) { register unsigned long *cook, *raw0; unsigned long dough[32]; - register int i; + register int32_t i; cook = dough; for (i = 0; i < 16; i++, raw1++) { @@ -367,7 +366,7 @@ static void desfunc(block, keys) register unsigned long *block, *keys; { register unsigned long fval, work, right, leftt; - register int round; + register int32_t round; leftt = block[0]; right = block[1]; diff --git a/d3des.h b/d3des.h index 21a2003..18be88b 100644 --- a/d3des.h +++ b/d3des.h @@ -1,3 +1,10 @@ +#ifdef __sun + #include +#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) + #include +#else + #include +#endif /* * This is D3DES (V5.09) by Richard Outerbridge with the double and @@ -23,7 +30,7 @@ #define EN0 0 /* MODE == encrypt */ #define DE1 1 /* MODE == decrypt */ -extern void deskey(unsigned char *, int); +extern void deskey(unsigned char *, int32_t); /* hexkey[8] MODE * Sets the internal key register according to the hexadecimal diff --git a/hmacmd5.c b/hmacmd5.c index 63771be..9400aba 100644 --- a/hmacmd5.c +++ b/hmacmd5.c @@ -43,8 +43,8 @@ the rfc 2104 version of hmac_md5 initialisation. ***********************************************************************/ -void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context * ctx) { - int i; +void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context * ctx) { + int32_t i; unsigned char tk[16]; /* if key is longer than 64 bytes reset it to key=MD5(key) */ @@ -79,8 +79,8 @@ void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context the microsoft version of hmac_md5 initialisation. ***********************************************************************/ -void hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, HMACMD5Context * ctx) { - int i; +void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context * ctx) { + int32_t i; /* if key is longer than 64 bytes truncate it */ if (key_len > 64) { @@ -107,7 +107,7 @@ void hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, HMACMD5Cont update hmac_md5 "inner" buffer ***********************************************************************/ -void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context * ctx) { +void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context * ctx) { MD5_Update(&ctx->ctx, (void *) text, text_len); /* then text of datagram */ } @@ -131,7 +131,7 @@ void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx) use the microsoft hmacmd5 init method because the key is 16 bytes. ************************************************************/ -void hmac_md5(unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest) { +void hmac_md5(unsigned char key[16], unsigned char *data, int32_t data_len, unsigned char *digest) { HMACMD5Context ctx; hmac_md5_init_limK_to_64(key, 16, &ctx); diff --git a/hmacmd5.h b/hmacmd5.h index ce4299c..54e1393 100644 --- a/hmacmd5.h +++ b/hmacmd5.h @@ -29,6 +29,13 @@ */ +#ifdef __sun + #include +#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) + #include +#else + #include +#endif #include #ifndef _HMAC_MD5_H @@ -41,10 +48,10 @@ typedef struct { #endif /* _HMAC_MD5_H */ -void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context *ctx); -void hmac_md5_init_limK_to_64(const unsigned char* key, int key_len,HMACMD5Context *ctx); -void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context *ctx); +void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx); +void hmac_md5_init_limK_to_64(const unsigned char* key, int32_t key_len,HMACMD5Context *ctx); +void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context *ctx); void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx); -void hmac_md5( unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest); +void hmac_md5( unsigned char key[16], unsigned char *data, int32_t data_len, unsigned char *digest); diff --git a/hydra-adam6500.c b/hydra-adam6500.c index fc45ddb..de8ca15 100644 --- a/hydra-adam6500.c +++ b/hydra-adam6500.c @@ -56,11 +56,11 @@ unsigned char adam6500_resp2[] = { 0x00, 0x00, 0x00 }; -int start_adam6500(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *pass; unsigned char buffer[300]; - int i; + int32_t i; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; @@ -90,9 +90,9 @@ int start_adam6500(int s, char *ip, int port, unsigned char options, char *miscp return 1; } -void service_adam6500(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; - int myport = PORT_ADAM6500, mysslport = PORT_ADAM6500_SSL; +void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; + int32_t myport = PORT_ADAM6500, mysslport = PORT_ADAM6500_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -103,7 +103,7 @@ void service_adam6500(char *ip, int sp, unsigned char options, char *miscptr, FI case 1: /* connect and service init function */ { unsigned char *buf2; - int f = 0; + int32_t f = 0; if (sock >= 0) sock = hydra_disconnect(sock); @@ -120,7 +120,7 @@ void service_adam6500(char *ip, int sp, unsigned char options, char *miscptr, FI port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } @@ -148,7 +148,7 @@ void service_adam6500(char *ip, int sp, unsigned char options, char *miscptr, FI } } -int service_adam6500_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_adam6500_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-afp.c b/hydra-afp.c index 7495ce4..c940ce1 100644 --- a/hydra-afp.c +++ b/hydra-afp.c @@ -1,4 +1,3 @@ - /* * Apple Filing Protocol Support - by David Maciejak @ GMAIL dot com * @@ -27,7 +26,7 @@ void dummy_afp() { extern char *HYDRA_EXIT; -void stdout_fct(void *priv, enum loglevels loglevel, int logtype, const char *message) { +void stdout_fct(void *priv, enum loglevels loglevel, int32_t logtype, const char *message) { //fprintf(stderr, "[ERROR] Caught unknown error %s\n", message); } @@ -39,7 +38,7 @@ static struct libafpclient afpclient = { .loop_started = NULL, }; -static int server_subconnect(struct afp_url url) { +static int32_t server_subconnect(struct afp_url url) { struct afp_connection_request *conn_req; struct afp_server *server = NULL; @@ -78,7 +77,7 @@ static int server_subconnect(struct afp_url url) { return 0; } -int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, mlogin[AFP_MAX_USERNAME_LEN], mpass[AFP_MAX_PASSWORD_LEN]; struct afp_url tmpurl; @@ -119,9 +118,9 @@ int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, F return 1; } -void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_AFP; +void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_AFP; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -140,7 +139,7 @@ void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * port = myport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } @@ -173,7 +172,7 @@ void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * #endif -int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_afp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-asterisk.c b/hydra-asterisk.c index 13c53b5..5be7896 100644 --- a/hydra-asterisk.c +++ b/hydra-asterisk.c @@ -11,7 +11,7 @@ extern char *HYDRA_EXIT; char *buf; -int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\""; char *login, *pass, buffer[1024]; @@ -62,9 +62,9 @@ int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscp return 2; } -void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_ASTERISK, mysslport = PORT_ASTERISK_SSL; +void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_ASTERISK, mysslport = PORT_ASTERISK_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -89,7 +89,7 @@ void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FI if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); @@ -122,7 +122,7 @@ void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FI } } -int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_asterisk_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-cisco-enable.c b/hydra-cisco-enable.c index 3113179..4cc9bdf 100644 --- a/hydra-cisco-enable.c +++ b/hydra-cisco-enable.c @@ -3,7 +3,7 @@ extern char *HYDRA_EXIT; char *buf; -int start_cisco_enable(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *pass, buffer[300]; @@ -58,9 +58,9 @@ int start_cisco_enable(int s, char *ip, int port, unsigned char options, char *m return 3; } -void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; - int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; +void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; + int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; char buffer[300]; char *login; @@ -87,7 +87,7 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr port = mysslport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } @@ -101,7 +101,7 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr sprintf(buffer, "%.250s\r\n", login); if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t) getpid()); hydra_child_exit(2); } } @@ -117,7 +117,7 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr sprintf(buffer, "%.250s\r\n", miscptr); if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t) getpid()); hydra_child_exit(2); } } @@ -132,7 +132,7 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr } if (strstr(buf, "assw") != NULL) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int32_t) getpid()); hydra_child_exit(2); } free(buf); @@ -143,11 +143,11 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr case 2: /* run the cracking function */ { unsigned char *buf2; - int f = 0; + int32_t f = 0; sprintf(buffer, "%.250s\r\n", "ena"); if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int32_t) getpid()); hydra_child_exit(2); } @@ -160,11 +160,11 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr if (failc < retry) { next_run = 1; failc++; - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int32_t) getpid(), failc, retry); sleep(3); break; } else { - fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid()); + fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t) getpid()); hydra_child_exit(0); } } @@ -180,7 +180,7 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr case 3: /* clean exit */ sprintf(buffer, "%.250s\r\n", "exit"); if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int32_t) getpid()); hydra_child_exit(0); } if (sock >= 0) @@ -196,7 +196,7 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr } } -int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-cisco.c b/hydra-cisco.c index dcb50fc..6a65f77 100644 --- a/hydra-cisco.c +++ b/hydra-cisco.c @@ -7,7 +7,7 @@ extern char *HYDRA_EXIT; char *buf = NULL; -int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *pass, buffer[300]; @@ -115,9 +115,9 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; - int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; +void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; + int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -128,7 +128,7 @@ void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE case 1: /* connect and service init function */ { unsigned char *buf2; - int f = 0; + int32_t f = 0; if (sock >= 0) sock = hydra_disconnect(sock); @@ -147,7 +147,7 @@ void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } do { @@ -159,11 +159,11 @@ void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE if (failc < retry) { next_run = 1; failc++; - if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); + if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int32_t) getpid(), failc, retry); sleep(3); break; } else { - if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid()); + if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t) getpid()); hydra_child_exit(0); } } @@ -198,7 +198,7 @@ void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-cvs.c b/hydra-cvs.c index 0fa24e4..b745504 100644 --- a/hydra-cvs.c +++ b/hydra-cvs.c @@ -1,14 +1,14 @@ #include "hydra-mod.h" -extern int hydra_data_ready_timed(int socket, long sec, long usec); +extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; char *buf; -int start_cvs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_cvs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[1024], pass2[513]; - int i; + int32_t i; char *directory = miscptr; /* evil cvs encryption sheme... @@ -85,9 +85,9 @@ int start_cvs(int s, char *ip, int port, unsigned char options, char *miscptr, F return 3; } -void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_CVS, mysslport = PORT_CVS_SSL; +void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_CVS, mysslport = PORT_CVS_SSL; hydra_register_socket(sp); @@ -118,7 +118,7 @@ void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = start_cvs(sock, ip, port, options, miscptr, fp); @@ -136,7 +136,7 @@ void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-firebird.c b/hydra-firebird.c index 006c5c0..fbcad69 100644 --- a/hydra-firebird.c +++ b/hydra-firebird.c @@ -27,7 +27,7 @@ void dummy_firebird() { extern char *HYDRA_EXIT; -int start_firebird(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass; char database[256]; @@ -87,9 +87,9 @@ int start_firebird(int s, char *ip, int port, unsigned char options, char *miscp return 1; } -void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL; +void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -113,7 +113,7 @@ void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FI port = mysslport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } @@ -146,7 +146,7 @@ void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FI #endif -int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-ftp.c b/hydra-ftp.c index 8eab162..6b853eb 100644 --- a/hydra-ftp.c +++ b/hydra-ftp.c @@ -3,7 +3,7 @@ extern char *HYDRA_EXIT; char *buf; -int start_ftp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\""; char *login, *pass, buffer[510]; @@ -74,9 +74,9 @@ int start_ftp(int s, char *ip, int port, unsigned char options, char *miscptr, F return 2; } -void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname, int tls) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_FTP, mysslport = PORT_FTP_SSL; +void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, int32_t tls) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_FTP, mysslport = PORT_FTP_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -100,7 +100,7 @@ void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FI } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } usleepn(250); @@ -167,15 +167,15 @@ void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FI } } -void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 0); } -void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 1); } -int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-http-form.c b/hydra-http-form.c index 89eeb7c..4d84126 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -75,15 +75,15 @@ typedef struct cookie_node { struct cookie_node *next; } t_cookie_node, *ptr_cookie_node; -int success_cond = 0; -int getcookie = 1; -int auth_flag = 0; +int32_t success_cond = 0; +int32_t getcookie = 1; +int32_t auth_flag = 0; char cookie[4096] = "", cmiscptr[1024]; extern char *webtarget; extern char *slash; -int webport, freemischttpform = 0; +int32_t webport, freemischttpform = 0; char bufferurl[6096+24], cookieurl[6096+24] = "", userheader[6096+24] = "", *url, *variables, *optional1; #define MAX_REDIRECT 8 @@ -91,8 +91,8 @@ char bufferurl[6096+24], cookieurl[6096+24] = "", userheader[6096+24] = "", *url #define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2 char redirected_url_buff[2048] = ""; -int redirected_flag = 0; -int redirected_cpt = MAX_REDIRECT; +int32_t redirected_flag = 0; +int32_t redirected_cpt = MAX_REDIRECT; char *cookie_request, *normal_request; // Buffers for HTTP headers @@ -135,7 +135,7 @@ strndup (const char *s, size_t n) } #endif -int append_cookie(char *name, char *value, ptr_cookie_node *last_cookie) +int32_t append_cookie(char *name, char *value, ptr_cookie_node *last_cookie) { ptr_cookie_node new_ptr = (ptr_cookie_node) malloc(sizeof(t_cookie_node)); if (!new_ptr) @@ -156,7 +156,7 @@ int append_cookie(char *name, char *value, ptr_cookie_node *last_cookie) char * stringify_cookies(ptr_cookie_node ptr_cookie) { ptr_cookie_node cur_ptr = NULL; - unsigned int length = 1; + uint32_t length = 1; char *cookie_hdr = (char *) malloc(length); if (cookie_hdr) { @@ -195,7 +195,7 @@ success: * +--------+ * Returns 1 if success, or 0 otherwise. */ -int add_or_update_cookie(ptr_cookie_node * ptr_cookie, char * cookie_expr) +int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char * cookie_expr) { ptr_cookie_node cur_ptr = NULL, new_ptr = NULL; char * cookie = strdup(cookie_expr); @@ -227,11 +227,11 @@ int add_or_update_cookie(ptr_cookie_node * ptr_cookie, char * cookie_expr) return 1; } -int process_cookies(ptr_cookie_node * ptr_cookie, char * cookie_expr) +int32_t process_cookies(ptr_cookie_node * ptr_cookie, char * cookie_expr) { char *tok = NULL; char *expr = strdup(cookie_expr); - int res = 0; + int32_t res = 0; if (strstr(cookie_expr, ";")) { tok = strtok(expr, ";"); @@ -257,7 +257,7 @@ int process_cookies(ptr_cookie_node * ptr_cookie, char * cookie_expr) * * Returns 1 if success, or 0 otherwise (out of memory). */ -int add_header(ptr_header_node * ptr_head, char *header, char *value, char type) { +int32_t add_header(ptr_header_node * ptr_head, char *header, char *value, char type) { ptr_header_node cur_ptr = NULL; ptr_header_node existing_hdr, new_ptr; @@ -369,7 +369,7 @@ void cleanup(ptr_header_node *ptr_head) { char *stringify_headers(ptr_header_node * ptr_head) { char *headers_str = NULL; ptr_header_node cur_ptr = *ptr_head; - int ttl_size = 0; + int32_t ttl_size = 0; for (; cur_ptr; cur_ptr = cur_ptr->next) ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 4; @@ -391,7 +391,7 @@ char *stringify_headers(ptr_header_node * ptr_head) { char *prepare_http_request(char *type, char *path, char *params, char *headers) { - unsigned int reqlen = 0; + uint32_t reqlen = 0; char *http_request = NULL; if (type && path && headers) { @@ -431,7 +431,7 @@ char *prepare_http_request(char *type, char *path, char *params, char *headers) return http_request; } -int strpos(char *str, char *target) { +int32_t strpos(char *str, char *target) { char *res = strstr(str, target); if (res == NULL) @@ -462,12 +462,12 @@ char *html_encode(char *string) { /* -int analyze_server_response(int socket) +int32_t analyze_server_response(int32_t socket) return 0 or 1 when the cond regex is matched return -1 if no response from server */ -int analyze_server_response(int s) { - int runs = 0; +int32_t analyze_server_response(int32_t s) { + int32_t runs = 0; redirected_flag = 0; auth_flag = 0; while ((buf = hydra_receive_line(s)) != NULL) { @@ -572,7 +572,7 @@ int analyze_server_response(int s) { return 0; } -void hydra_reconnect(int s, char *ip, int port, unsigned char options, char *hostname) { +void hydra_reconnect(int32_t s, char *ip, int32_t port, unsigned char options, char *hostname) { if (s >= 0) s = hydra_disconnect(s); if ((options & OPTION_SSL) == 0) { @@ -582,13 +582,13 @@ void hydra_reconnect(int s, char *ip, int port, unsigned char options, char *hos } } -int start_http_form(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { +int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { char *empty = ""; char *login, *pass, clogin[256], cpass[256]; char header[8096], *upd3variables; char *cookie_header = NULL; char *http_request; - int found = !success_cond, i, j; + int32_t found = !success_cond, i, j; char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; memset(header, 0, sizeof(header)); @@ -630,7 +630,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); else @@ -678,7 +678,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); else @@ -724,7 +724,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc } // now prepare for the "real" request if (strcmp(type, "POST") == 0) { - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); else @@ -905,9 +905,9 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc return 1; } -void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname, char *type, ptr_header_node * ptr_head, ptr_cookie_node * ptr_cookie) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; +void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char *type, ptr_header_node * ptr_head, ptr_cookie_node * ptr_cookie) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; // register our socket descriptor hydra_register_socket(sp); @@ -945,7 +945,7 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t) getpid()); if (freemischttpform) free(miscptr); freemischttpform = 0; @@ -986,7 +986,7 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F free(miscptr); } -void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { ptr_cookie_node ptr_cookie = NULL; ptr_header_node ptr_head = initialize(ip, options, miscptr); @@ -998,7 +998,7 @@ void service_http_get_form(char *ip, int sp, unsigned char options, char *miscpt } } -void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { ptr_cookie_node ptr_cookie = NULL; ptr_header_node ptr_head = initialize(ip, options, miscptr); @@ -1010,7 +1010,7 @@ void service_http_post_form(char *ip, int sp, unsigned char options, char *miscp } } -int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-http-proxy-urlenum.c b/hydra-http-proxy-urlenum.c index 2f265d4..ae6097f 100644 --- a/hydra-http-proxy-urlenum.c +++ b/hydra-http-proxy-urlenum.c @@ -3,15 +3,15 @@ extern char *HYDRA_EXIT; char *buf; -static int http_proxy_auth_mechanism = AUTH_ERROR; +static int32_t http_proxy_auth_mechanism = AUTH_ERROR; -int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *hostname) { +int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500], mlogin[260], mpass[260], mhost[260]; char url[260], host[30]; char *header = ""; /* XXX TODO */ char *ptr; - int auth = 0; + int32_t auth = 0; login = hydra_get_next_login(); if (login == NULL || strlen(login) == 0 || strstr(login, "://") == NULL) { @@ -228,9 +228,9 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c return 1; } -void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; +void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -256,7 +256,7 @@ void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *m port = mysslport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = 2; @@ -278,7 +278,7 @@ void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *m } } -int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index d21ae90..26420af 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -2,10 +2,10 @@ #include "sasl.h" extern char *HYDRA_EXIT; -static int http_proxy_auth_mechanism = AUTH_ERROR; +static int32_t http_proxy_auth_mechanism = AUTH_ERROR; char *http_proxy_buf = NULL; -int start_http_proxy(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *hostname) { +int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500]; char url[210], host[30]; @@ -246,9 +246,9 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis return 1; } -void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; +void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -277,7 +277,7 @@ void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = 2; @@ -299,7 +299,7 @@ void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, } } -int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-http.c b/hydra-http.c index 9e5a28e..862bb68 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -5,15 +5,15 @@ extern char *HYDRA_EXIT; char *webtarget = NULL; char *slash = "/"; char *http_buf = NULL; -int webport, freemischttp = 0; -int http_auth_mechanism = AUTH_BASIC; +int32_t webport, freemischttp = 0; +int32_t http_auth_mechanism = AUTH_BASIC; -int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) { +int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *type) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500]; char header[64] = "Content-Length: 0\r\n"; char *ptr, *fooptr; - int complete_line = 0; + int32_t complete_line = 0; char tmpreplybuf[1024] = "", *tmpreplybufptr; if (strlen(login = hydra_get_next_login()) == 0) @@ -212,7 +212,7 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, //the first authentication type failed, check the type from server header if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) { //seems the auth supported is not Basic shceme so testing further - int find_auth = 0; + int32_t find_auth = 0; if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) { http_auth_mechanism = AUTH_NTLM; @@ -240,9 +240,9 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname, char *type) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; +void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char *type) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; char *ptr, *ptr2; hydra_register_socket(sp); @@ -299,7 +299,7 @@ void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * if (sock < 0) { if (freemischttp) free(miscptr); - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = 2; @@ -325,19 +325,19 @@ void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "GET"); } -void service_http_post(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "POST"); } -void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "HEAD"); } -int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-icq.c b/hydra-icq.c index 3e2722d..68fd667 100644 --- a/hydra-icq.c +++ b/hydra-icq.c @@ -1,8 +1,8 @@ #include "hydra-mod.h" extern char *HYDRA_EXIT; -extern int child_head_no; -int seq = 1; +extern int32_t child_head_no; +int32_t seq = 1; const unsigned char icq5_table[] = { 0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C, @@ -31,10 +31,10 @@ const unsigned char icq5_table[] = { 0x5A, 0x00, 0x00 }; -void fix_packet(char *buf, int len) { +void fix_packet(char *buf, int32_t len) { unsigned long c1, c2; unsigned long r1, r2; - int pos, key, k; + int32_t pos, key, k; c1 = buf[8]; c1 <<= 8; @@ -83,10 +83,10 @@ void icq_header(char *buf, unsigned short cmd, unsigned long uin) { buf[9] = (uin >> 24) & 0xff; } -int icq_login(int s, char *login, char *pass) { +int32_t icq_login(int32_t s, char *login, char *pass) { unsigned long uin = strtoul(login, NULL, 10); char buf[256]; - int len; + int32_t len; bzero(buf, sizeof(buf)); @@ -103,7 +103,7 @@ int icq_login(int s, char *login, char *pass) { return (hydra_send(s, buf, 43 + len, 0)); } -int icq_login_1(int s, char *login) { +int32_t icq_login_1(int32_t s, char *login) { unsigned long uin = strtoul(login, NULL, 10); char buf[64]; @@ -111,7 +111,7 @@ int icq_login_1(int s, char *login) { return (hydra_send(s, buf, 10, 0)); } -int icq_disconnect(int s, char *login) { +int32_t icq_disconnect(int32_t s, char *login) { unsigned long uin = strtoul(login, NULL, 10); char buf[64]; @@ -123,7 +123,7 @@ int icq_disconnect(int s, char *login) { return (hydra_send(s, buf, 34, 0)); } -int icq_ack(int s, char *login) { +int32_t icq_ack(int32_t s, char *login) { unsigned long uin = strtoul(login, NULL, 10); char buf[64]; @@ -141,11 +141,11 @@ int icq_ack(int s, char *login) { return (hydra_send(s, buf, 10, 0)); } -int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * fp) { +int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *miscptr, FILE * fp) { unsigned char buf[1024]; char *login, *pass; char *empty = ""; - int i, r; + int32_t i, r; if (strlen(login = hydra_get_next_login()) == 0) return 2; @@ -153,7 +153,7 @@ int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * pass = empty; for (i = 0; login[i]; i++) - if (!isdigit((int) login[i])) { + if (!isdigit((int32_t) login[i])) { fprintf(stderr, "[ERROR] Invalid UIN %s\n, ignoring.", login); hydra_completed_pair(); return 2; @@ -168,7 +168,7 @@ int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * if (r < 0) { if (verbose) - fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int) getpid()); + fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int32_t) getpid()); return 3; } @@ -196,9 +196,9 @@ int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * return 1; } -void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_ICQ; +void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_ICQ; if (port) myport = port; @@ -221,7 +221,7 @@ void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * sock = hydra_disconnect(sock); sock = hydra_connect_udp(ip, myport); if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = 2; @@ -241,7 +241,7 @@ void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_icq_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-imap.c b/hydra-imap.c index 07524d5..f9a3822 100644 --- a/hydra-imap.c +++ b/hydra-imap.c @@ -3,13 +3,13 @@ extern char *HYDRA_EXIT; char *buf; -int counter; +int32_t counter; -int imap_auth_mechanism = AUTH_CLEAR; +int32_t imap_auth_mechanism = AUTH_CLEAR; -char *imap_read_server_capacity(int sock) { +char *imap_read_server_capacity(int32_t sock) { char *ptr = NULL; - int resp = 0; + int32_t resp = 0; char *buf = NULL; do { @@ -30,7 +30,7 @@ char *imap_read_server_capacity(int sock) { buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; - if (isdigit((int) *ptr) && *(ptr + 1) == ' ') { + if (isdigit((int32_t) *ptr) && *(ptr + 1) == ' ') { resp = 1; } } @@ -39,7 +39,7 @@ char *imap_read_server_capacity(int sock) { return buf; } -int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500], *fooptr; @@ -111,7 +111,7 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, case AUTH_CRAMMD5: case AUTH_CRAMSHA1: case AUTH_CRAMSHA256:{ - int rc = 0; + int32_t rc = 0; char *preplogin; rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); @@ -220,7 +220,7 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, char clientfirstmessagebare[200]; char serverfirstmessage[200]; char *preplogin; - int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { return 3; @@ -353,9 +353,9 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 1; +void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 1; char *buffer1 = "1 CAPABILITY\r\n"; hydra_register_socket(sp); @@ -380,7 +380,7 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); @@ -404,10 +404,10 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * } if ((miscptr != NULL) && (strlen(miscptr) > 0)) { - int i; + int32_t i; for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int) miscptr[i]); + miscptr[i] = (char) toupper((int32_t) miscptr[i]); if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) { disable_tls = 0; @@ -571,7 +571,7 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-irc.c b/hydra-irc.c index bb79ee0..601715b 100644 --- a/hydra-irc.c +++ b/hydra-irc.c @@ -9,12 +9,12 @@ RFC 1459: Internet Relay Chat Protocol extern char *HYDRA_EXIT; char *buf; char buffer[300] = ""; -int myport = PORT_IRC, mysslport = PORT_IRC_SSL; +int32_t myport = PORT_IRC, mysslport = PORT_IRC_SSL; -int start_oper_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_oper_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass; - int ret; + int32_t ret; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -42,7 +42,7 @@ int start_oper_irc(int s, char *ip, int port, unsigned char options, char *miscp return 2; } -int send_nick(int s, char *ip, char *pass) { +int32_t send_nick(int32_t s, char *ip, char *pass) { if (strlen(pass) > 0) { sprintf(buffer, "PASS %s\r\n", pass); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -53,14 +53,14 @@ int send_nick(int s, char *ip, char *pass) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return -1; } - sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int) getpid(), (int) getpid(), hydra_address2string(ip)); + sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int32_t) getpid(), (int32_t) getpid(), hydra_address2string(ip)); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return -1; } return 0; } -int irc_server_connect(char *ip, int sock, int port, unsigned char options, char *hostname) { +int32_t irc_server_connect(char *ip, int32_t sock, int32_t port, unsigned char options, char *hostname) { if (sock >= 0) sock = hydra_disconnect(sock); // usleepn(275); @@ -78,17 +78,17 @@ int irc_server_connect(char *ip, int sock, int port, unsigned char options, char return sock; } -int start_pass_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *hostname) { +int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname) { char *empty = ""; char *pass; - int ret; + int32_t ret; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; s = irc_server_connect(ip, s, port, options, hostname); if (s < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); return 3; } @@ -118,8 +118,8 @@ int start_pass_irc(int s, char *ip, int port, unsigned char options, char *miscp return 4; } -void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1, ret; +void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1, ret; char *buf; hydra_register_socket(sp); @@ -133,7 +133,7 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * sock = irc_server_connect(ip, sock, port, options, hostname); if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } @@ -209,7 +209,7 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-ldap.c b/hydra-ldap.c index b1514c4..c14d20a 100644 --- a/hydra-ldap.c +++ b/hydra-ldap.c @@ -4,15 +4,15 @@ extern char *HYDRA_EXIT; unsigned char *buf; -int counter; -int tls_required = 0; +int32_t counter; +int32_t tls_required = 0; -int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char version, int auth_method) { +int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char version, int32_t auth_method) { char *empty = ""; char *login = "", *pass, *fooptr = ""; unsigned char buffer[512]; - int length = 0; - int ldap_auth_mechanism = auth_method; + int32_t length = 0; + int32_t ldap_auth_mechanism = auth_method; /* The LDAP "simple" method has three modes of operation: @@ -170,7 +170,7 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, if (ldap_auth_mechanism == AUTH_DIGESTMD5) { char *ptr; char buffer2[500]; - int ind = 0; + int32_t ind = 0; ptr = strstr((char *) buf, "realm="); @@ -351,9 +351,9 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, return 2; } -void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname, char version, int auth_method) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_LDAP, mysslport = PORT_LDAP_SSL; +void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char version, int32_t auth_method) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_LDAP, mysslport = PORT_LDAP_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -377,7 +377,7 @@ void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE * } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } counter = 1; @@ -425,23 +425,23 @@ void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 2, AUTH_CLEAR); } -void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CLEAR); } -void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CRAMMD5); } -void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_DIGESTMD5); } -int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-mod.c b/hydra-mod.c index 0b9fd78..3c9fc69 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -27,27 +27,27 @@ #define SOCKS_DOMAIN 3 #define SOCKS_IPV6 4 -extern int conwait; +extern int32_t conwait; char quiet; -int do_retry = 1; -int module_auth_type = -1; -int intern_socket, extern_socket; +int32_t do_retry = 1; +int32_t module_auth_type = -1; +int32_t intern_socket, extern_socket; char pair[260]; char HYDRA_EXIT[5] = "\x00\xff\x00\xff\x00"; char *HYDRA_EMPTY = "\x00\x00\x00\x00"; char *fe80 = "\xfe\x80\x00"; -int fail = 0; -int alarm_went_off = 0; -int use_ssl = 0; +int32_t fail = 0; +int32_t alarm_went_off = 0; +int32_t use_ssl = 0; char ipaddr_str[64]; -int src_port = 0; -int __fck = 0; -int ssl_first = 1; -int __first_connect = 1; +int32_t src_port = 0; +int32_t __fck = 0; +int32_t ssl_first = 1; +int32_t __first_connect = 1; char ipstring[64]; -unsigned int colored_output = 1; +uint32_t colored_output = 1; char quiet = 0; -int old_ssl = 0; +int32_t old_ssl = 0; #ifdef LIBOPENSSL SSL *ssl = NULL; @@ -56,7 +56,7 @@ RSA *rsa = NULL; #endif /* prototype */ -int my_select(int fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec); +int32_t my_select(int32_t fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec); /* ----------------- alarming functions ---------------- */ void alarming() { @@ -66,14 +66,14 @@ void alarming() { /* uh, I think it's not good for performance if we try to reconnect to a timeout system! * if (fail > MAX_CONNECT_RETRY) { */ - //fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", (int) getpid()); + //fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", (int32_t) getpid()); if (debug) printf("DEBUG_CONNECT_TIMEOUT\n"); hydra_child_exit(1); /* * } else { - * if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], retrying (%d of %d retries)\n", (int)getpid(), fail, MAX_CONNECT_RETRY); + * if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], retrying (%d of %d retries)\n", (int32_t)getpid(), fail, MAX_CONNECT_RETRY); * } */ } @@ -85,8 +85,8 @@ void interrupt() { /* ----------------- internal functions ----------------- */ -int internal__hydra_connect(char *host, int port, int protocol, int type) { - int s, ret = -1, ipv6 = 0, reset_selected = 0; +int32_t internal__hydra_connect(char *host, int32_t port, int32_t protocol, int32_t type) { + int32_t s, ret = -1, ipv6 = 0, reset_selected = 0; #ifdef AF_INET6 struct sockaddr_in6 target6; @@ -95,7 +95,7 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { struct sockaddr_in target; struct sockaddr_in sin; char *buf, *tmpptr = NULL; - int err = 0; + int32_t err = 0; if (proxy_count > 0 && use_proxy > 0 && selected_proxy == -1) { reset_selected = 1; @@ -117,7 +117,7 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { s = socket(PF_INET, protocol, type); if (s >= 0) { if (src_port != 0) { - int bind_ok = 0; + int32_t bind_ok = 0; #ifdef AF_INET6 if (ipv6) { @@ -221,9 +221,9 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { fail++; if (verbose ) { if (do_retry && fail <= MAX_CONNECT_RETRY) - fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int) getpid(), fail, MAX_CONNECT_RETRY); + fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int32_t) getpid(), fail, MAX_CONNECT_RETRY); else - fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int) getpid()); + fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int32_t) getpid()); } } } while (ret < 0 && fail <= MAX_CONNECT_RETRY && do_retry); @@ -232,7 +232,7 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { printf("DEBUG_CONNECT_UNREACHABLE\n"); /* we wont quit here, thats up to the module to decide what to do - * fprintf(stderr, "Process %d: Can not connect [unreachable], process exiting\n", (int)getpid()); + * fprintf(stderr, "Process %d: Can not connect [unreachable], process exiting\n", (int32_t)getpid()); * hydra_child_exit(1); */ extern_socket = -1; @@ -317,7 +317,7 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); err = 1; } - if ((unsigned int) buf[1] == SOCKS_NOMETHOD) { + if ((uint32_t) buf[1] == SOCKS_NOMETHOD) { hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n"); err = 1; } @@ -457,8 +457,8 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { } #if defined(LIBOPENSSL) && !defined(LIBRESSL_VERSION_NUMBER) -RSA *ssl_temp_rsa_cb(SSL * ssl, int export, int keylength) { - int ok = 0; +RSA *ssl_temp_rsa_cb(SSL * ssl, int32_t export, int32_t keylength) { + int32_t ok = 0; #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L BIGNUM *n; n = BN_new(); @@ -493,8 +493,8 @@ RSA *ssl_temp_rsa_cb(SSL * ssl, int export, int keylength) { #endif #if defined(LIBOPENSSL) -int internal__hydra_connect_to_ssl(int socket, char *hostname) { - int err; +int32_t internal__hydra_connect_to_ssl(int32_t socket, char *hostname) { + int32_t err; if (ssl_first) { SSL_load_error_strings(); @@ -574,8 +574,8 @@ int internal__hydra_connect_to_ssl(int socket, char *hostname) { return socket; } -int internal__hydra_connect_ssl(char *host, int port, int protocol, int type, char *hostname) { - int socket; +int32_t internal__hydra_connect_ssl(char *host, int32_t port, int32_t protocol, int32_t type, char *hostname) { + int32_t socket; if ((socket = internal__hydra_connect(host, port, protocol, type)) < 0) return -1; @@ -584,7 +584,7 @@ int internal__hydra_connect_ssl(char *host, int port, int protocol, int type, ch } #endif -int internal__hydra_recv(int socket, char *buf, int length) { +int32_t internal__hydra_recv(int32_t socket, char *buf, int32_t length) { #ifdef LIBOPENSSL if (use_ssl) { return SSL_read(ssl, buf, length); @@ -593,7 +593,7 @@ int internal__hydra_recv(int socket, char *buf, int length) { return recv(socket, buf, length, 0); } -int internal__hydra_send(int socket, char *buf, int size, int options) { +int32_t internal__hydra_send(int32_t socket, char *buf, int32_t size, int32_t options) { #ifdef LIBOPENSSL if (use_ssl) { return SSL_write(ssl, buf, size); @@ -604,7 +604,7 @@ int internal__hydra_send(int socket, char *buf, int size, int options) { /* ------------------ public functions ------------------ */ -void hydra_child_exit(int code) { +void hydra_child_exit(int32_t code) { char buf[2]; if (debug) @@ -628,7 +628,7 @@ void hydra_child_exit(int code) { exit(0); // might be killed before reaching this } -void hydra_register_socket(int s) { +void hydra_register_socket(int32_t s) { intern_socket = s; } @@ -694,7 +694,7 @@ void hydra_report_debug(FILE * st, char *format, ...) { char bufOut[33000]; char temp[6]; unsigned char cTemp; - int i = 0, len; + int32_t i = 0, len; if (format == NULL) { fprintf(stderr, "[ERROR] no msg passed.\n"); @@ -724,7 +724,7 @@ void hydra_report_debug(FILE * st, char *format, ...) { return; } -void hydra_report_found(int port, char *svc, FILE * fp) { +void hydra_report_found(int32_t port, char *svc, FILE * fp) { /* if (!strcmp(svc, "rsh")) if (colored_output) @@ -748,7 +748,7 @@ void hydra_report_found(int port, char *svc, FILE * fp) { } /* needed for irc module to display the general server password */ -void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp) { +void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE * fp) { /* strcpy(ipaddr_str, hydra_address2string(ip)); if (colored_output) @@ -761,7 +761,7 @@ void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp) { */ } -void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp) { +void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE * fp) { /* char *keyw = "password"; strcpy(ipaddr_str, hydra_address2string(ip)); @@ -802,7 +802,7 @@ void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp) { */ } -void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg) { +void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE * fp, char *msg) { /* strcpy(ipaddr_str, hydra_address2string(ip)); if (colored_output) @@ -816,7 +816,7 @@ void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char */ } -int hydra_connect_to_ssl(int socket, char *hostname) { +int32_t hydra_connect_to_ssl(int32_t socket, char *hostname) { #ifdef LIBOPENSSL return (internal__hydra_connect_to_ssl(socket, hostname)); #else @@ -825,7 +825,7 @@ int hydra_connect_to_ssl(int socket, char *hostname) { #endif } -int hydra_connect_ssl(char *host, int port, char *hostname) { +int32_t hydra_connect_ssl(char *host, int32_t port, char *hostname) { if (__first_connect != 0) __first_connect = 0; else @@ -838,7 +838,7 @@ int hydra_connect_ssl(char *host, int port, char *hostname) { #endif } -int hydra_connect_tcp(char *host, int port) { +int32_t hydra_connect_tcp(char *host, int32_t port) { if (__first_connect != 0) __first_connect = 0; else @@ -846,7 +846,7 @@ int hydra_connect_tcp(char *host, int port) { return (internal__hydra_connect(host, port, SOCK_STREAM, 6)); } -int hydra_connect_udp(char *host, int port) { +int32_t hydra_connect_udp(char *host, int32_t port) { if (__first_connect != 0) __first_connect = 0; else @@ -854,7 +854,7 @@ int hydra_connect_udp(char *host, int port) { return (internal__hydra_connect(host, port, SOCK_DGRAM, 17)); } -int hydra_disconnect(int socket) { +int32_t hydra_disconnect(int32_t socket) { #ifdef LIBOPENSSL if (use_ssl && SSL_get_fd(ssl) == socket) { /* SSL_shutdown(ssl); ...skip this--it slows things down */ @@ -869,7 +869,7 @@ int hydra_disconnect(int socket) { return -1; } -int hydra_data_ready_writing_timed(int socket, long sec, long usec) { +int32_t hydra_data_ready_writing_timed(int32_t socket, long sec, long usec) { fd_set fds; FD_ZERO(&fds); @@ -877,11 +877,11 @@ int hydra_data_ready_writing_timed(int socket, long sec, long usec) { return (my_select(socket + 1, &fds, NULL, NULL, sec, usec)); } -int hydra_data_ready_writing(int socket) { +int32_t hydra_data_ready_writing(int32_t socket) { return (hydra_data_ready_writing_timed(socket, 30, 0)); } -int hydra_data_ready_timed(int socket, long sec, long usec) { +int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec) { fd_set fds; FD_ZERO(&fds); @@ -889,12 +889,12 @@ int hydra_data_ready_timed(int socket, long sec, long usec) { return (my_select(socket + 1, &fds, NULL, NULL, sec, usec)); } -int hydra_data_ready(int socket) { +int32_t hydra_data_ready(int32_t socket) { return (hydra_data_ready_timed(socket, 0, 100)); } -int hydra_recv(int socket, char *buf, int length) { - int ret; +int32_t hydra_recv(int32_t socket, char *buf, int32_t length) { + int32_t ret; char text[64]; ret = internal__hydra_recv(socket, buf, length); @@ -906,8 +906,8 @@ int hydra_recv(int socket, char *buf, int length) { return ret; } -int hydra_recv_nb(int socket, char *buf, int length) { - int ret = -1; +int32_t hydra_recv_nb(int32_t socket, char *buf, int32_t length) { + int32_t ret = -1; char text[64]; if (hydra_data_ready_timed(socket, (long) waittime, 0) > 0) { @@ -928,9 +928,9 @@ int hydra_recv_nb(int socket, char *buf, int length) { return ret; } -char *hydra_receive_line(int socket) { +char *hydra_receive_line(int32_t socket) { char buf[1024], *buff, *buff2, text[64]; - int i, j = 1, k, got = 0; + int32_t i, j = 1, k, got = 0; if ((buff = malloc(sizeof(buf))) == NULL) { fprintf(stderr, "[ERROR] could not malloc\n"); @@ -1001,14 +1001,14 @@ char *hydra_receive_line(int socket) { return buff; } -int hydra_send(int socket, char *buf, int size, int options) { +int32_t hydra_send(int32_t socket, char *buf, int32_t size, int32_t options) { char text[64]; if (debug) { sprintf(text, "[DEBUG] SEND [pid:%d]", getpid()); hydra_dump_data(buf, size, text); -/* int k; +/* int32_t k; char *debugbuf = malloc(size + 1); if (debugbuf != NULL) { @@ -1027,18 +1027,18 @@ int hydra_send(int socket, char *buf, int size, int options) { return (internal__hydra_send(socket, buf, size, options)); } -int make_to_lower(char *buf) { +int32_t make_to_lower(char *buf) { if (buf == NULL) return 1; while (buf[0] != 0) { - buf[0] = tolower((int) buf[0]); + buf[0] = tolower((int32_t) buf[0]); buf++; } return 1; } char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { - int str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len; + int32_t str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len; char *c, oldstring[6096], newstring[6096]; //updated due to issue 192 on github. static char finalstring[6096]; @@ -1102,12 +1102,12 @@ unsigned char hydra_conv64(unsigned char in) { } } -void hydra_tobase64(unsigned char *buf, int buflen, int bufsize) { +void hydra_tobase64(unsigned char *buf, int32_t buflen, int32_t bufsize) { unsigned char small[3] = { 0, 0, 0 }; unsigned char big[5]; unsigned char *ptr = buf; - int i = bufsize; - unsigned int len = 0; + int32_t i = bufsize; + uint32_t len = 0; unsigned char bof[i]; if (buf == NULL || strlen((char *) buf) == 0) @@ -1151,12 +1151,12 @@ void hydra_tobase64(unsigned char *buf, int buflen, int bufsize) { strcpy((char *) buf, (char *) bof); /* can not overflow */ } -void hydra_dump_asciihex(unsigned char *string, int length) { +void hydra_dump_asciihex(unsigned char *string, int32_t length) { unsigned char *p = (unsigned char *) string; unsigned char lastrow_data[16]; - int rows = length / HYDRA_DUMP_ROWS; - int lastrow = length % HYDRA_DUMP_ROWS; - int i, j; + int32_t rows = length / HYDRA_DUMP_ROWS; + int32_t lastrow = length % HYDRA_DUMP_ROWS; + int32_t i, j; for (i = 0; i < rows; i++) { printf("%04hx: ", i * 16); @@ -1227,16 +1227,16 @@ char *hydra_address2string(char *address) { return NULL; // not reached } -void hydra_set_srcport(int port) { +void hydra_set_srcport(int32_t port) { src_port = port; } #ifdef HAVE_PCRE -int hydra_string_match(char *str, const char *regex) { +int32_t hydra_string_match(char *str, const char *regex) { pcre *re = NULL; - int offset_error = 0; + int32_t offset_error = 0; const char *error = NULL; - int rc = 0; + int32_t rc = 0; re = pcre_compile(regex, PCRE_CASELESS | PCRE_DOTALL, &error, &offset_error, NULL); if (re == NULL) { @@ -1287,11 +1287,11 @@ char *hydra_strcasestr(const char *haystack, const char *needle) { return NULL; for (; *haystack; ++haystack) { - if (toupper((int) *haystack) == toupper((int) *needle)) { + if (toupper((int32_t) *haystack) == toupper((int32_t) *needle)) { const char *h, *n; for (h = haystack, n = needle; *h && *n; ++h, ++n) { - if (toupper((int) *h) != toupper((int) *n)) { + if (toupper((int32_t) *h) != toupper((int32_t) *n)) { break; } } @@ -1303,12 +1303,12 @@ char *hydra_strcasestr(const char *haystack, const char *needle) { return NULL; } -void hydra_dump_data(unsigned char *buf, int len, char *text) { +void hydra_dump_data(unsigned char *buf, int32_t len, char *text) { unsigned char *p = (unsigned char *) buf; unsigned char lastrow_data[16]; - int rows = len / 16; - int lastrow = len % 16; - int i, j; + int32_t rows = len / 16; + int32_t lastrow = len % 16; + int32_t i, j; if (text != NULL && text[0] != 0) printf("%s (%d bytes):\n", text, len); @@ -1362,8 +1362,8 @@ void hydra_dump_data(unsigned char *buf, int len, char *text) { } } -int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen) { - int i; +int32_t hydra_memsearch(char *haystack, int32_t hlen, char *needle, int32_t nlen) { + int32_t i; for (i = 0; i <= hlen - nlen; i++) if (memcmp(haystack + i, needle, nlen) == 0) diff --git a/hydra-mod.h b/hydra-mod.h index e4dcbde..812e2d1 100644 --- a/hydra-mod.h +++ b/hydra-mod.h @@ -5,60 +5,60 @@ extern char quiet; -extern void hydra_child_exit(int code); -extern void hydra_register_socket(int s); +extern void hydra_child_exit(int32_t code); +extern void hydra_register_socket(int32_t s); extern char *hydra_get_next_pair(); extern char *hydra_get_next_login(); extern char *hydra_get_next_password(); extern void hydra_completed_pair(); extern void hydra_completed_pair_found(); extern void hydra_completed_pair_skip(); -extern void hydra_report_found(int port, char *svc, FILE * fp); -extern void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp); -extern void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp); -extern void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg); +extern void hydra_report_found(int32_t port, char *svc, FILE * fp); +extern void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE * fp); +extern void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE * fp); +extern void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE * fp, char *msg); extern void hydra_report_debug(FILE *st, char *format, ...); -extern int hydra_connect_to_ssl(int socket, char *hostname); -extern int hydra_connect_ssl(char *host, int port, char *hostname); -extern int hydra_connect_tcp(char *host, int port); -extern int hydra_connect_udp(char *host, int port); -extern int hydra_disconnect(int socket); -extern int hydra_data_ready(int socket); -extern int hydra_recv(int socket, char *buf, int length); -extern int hydra_recv_nb(int socket, char *buf, int length); -extern char *hydra_receive_line(int socket); -extern int hydra_send(int socket, char *buf, int size, int options); -extern int make_to_lower(char *buf); +extern int32_t hydra_connect_to_ssl(int32_t socket, char *hostname); +extern int32_t hydra_connect_ssl(char *host, int32_t port, char *hostname); +extern int32_t hydra_connect_tcp(char *host, int32_t port); +extern int32_t hydra_connect_udp(char *host, int32_t port); +extern int32_t hydra_disconnect(int32_t socket); +extern int32_t hydra_data_ready(int32_t socket); +extern int32_t hydra_recv(int32_t socket, char *buf, int32_t length); +extern int32_t hydra_recv_nb(int32_t socket, char *buf, int32_t length); +extern char *hydra_receive_line(int32_t socket); +extern int32_t hydra_send(int32_t socket, char *buf, int32_t size, int32_t options); +extern int32_t make_to_lower(char *buf); extern unsigned char hydra_conv64(unsigned char in); -extern void hydra_tobase64(unsigned char *buf, int buflen, int bufsize); -extern void hydra_dump_asciihex(unsigned char *string, int length); -extern void hydra_set_srcport(int port); +extern void hydra_tobase64(unsigned char *buf, int32_t buflen, int32_t bufsize); +extern void hydra_dump_asciihex(unsigned char *string, int32_t length); +extern void hydra_set_srcport(int32_t port); extern char *hydra_address2string(char *address); extern char *hydra_strcasestr(const char *haystack, const char *needle); -extern void hydra_dump_data(unsigned char *buf, int len, char *text); -extern int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen); +extern void hydra_dump_data(unsigned char *buf, int32_t len, char *text); +extern int32_t hydra_memsearch(char *haystack, int32_t hlen, char *needle, int32_t nlen); extern char *hydra_strrep(char *string, char *oldpiece, char *newpiece); #ifdef HAVE_PCRE -int hydra_string_match(char *str, const char *regex); +int32_t hydra_string_match(char *str, const char *regex); #endif char *hydra_string_replace(const char *string, const char *substr, const char *replacement); -int debug; -int verbose; -int waittime; -int port; -int found; -int proxy_count; -int use_proxy; -int selected_proxy; +int32_t debug; +int32_t verbose; +int32_t waittime; +int32_t port; +int32_t found; +int32_t proxy_count; +int32_t use_proxy; +int32_t selected_proxy; char proxy_string_ip[MAX_PROXY_COUNT][36]; -int proxy_string_port[MAX_PROXY_COUNT]; +int32_t proxy_string_port[MAX_PROXY_COUNT]; char proxy_string_type[MAX_PROXY_COUNT][10]; char *proxy_authentication[MAX_PROXY_COUNT]; char *cmdlinetarget; -typedef int BOOL; +typedef int32_t BOOL; #define hydra_report fprintf diff --git a/hydra-mssql.c b/hydra-mssql.c index 928a348..2f9608b 100644 --- a/hydra-mssql.c +++ b/hydra-mssql.c @@ -45,13 +45,13 @@ unsigned char p_lng[] = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" "\x00\x03\x00\x00\x00"; -int start_mssql(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[1024]; char ms_login[MSLEN + 1]; char ms_pass[MSLEN + 1]; unsigned char len_login, len_pass; - int ret = -1; + int32_t ret = -1; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -107,9 +107,9 @@ int start_mssql(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; +void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -129,7 +129,7 @@ void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = start_mssql(sock, ip, port, options, miscptr, fp); @@ -153,7 +153,7 @@ void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-mysql.c b/hydra-mysql.c index df9dad4..fdf1e81 100644 --- a/hydra-mysql.c +++ b/hydra-mysql.c @@ -11,7 +11,7 @@ void dummy_mysql() { printf("\n"); } -void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { printf("\n"); } #else @@ -35,16 +35,16 @@ MYSQL *mysql = NULL; void hydra_hash_password(unsigned long *result, const char *password); char *hydra_scramble(char *to, const char *message, const char *password); -extern int internal__hydra_recv(int socket, char *buf, int length); -extern int hydra_data_ready_timed(int socket, long sec, long usec); +extern int32_t internal__hydra_recv(int32_t socket, char *buf, int32_t length); +extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; char mysqlsalt[9]; /* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */ -char *hydra_mysql_receive_line(int socket) { +char *hydra_mysql_receive_line(int32_t socket) { char buf[300], *buff, *buff2; - int i = 0, j = 0, buff_size = 300; + int32_t i = 0, j = 0, buff_size = 300; buff = malloc(buff_size); if (buff == NULL) @@ -87,7 +87,7 @@ char *hydra_mysql_receive_line(int socket) { } /* check if valid mysql protocol, mysql version and read salt */ -char hydra_mysql_init(int sock) { +char hydra_mysql_init(int32_t sock) { char *server_version, *pos, *buf; unsigned char protocol; @@ -169,14 +169,14 @@ char hydra_mysql_parse_response(unsigned char *response) { return 0; } -char hydra_mysql_send_com_quit(int sock) { +char hydra_mysql_send_com_quit(int32_t sock) { char com_quit_packet[5] = { 0x01, 0x00, 0x00, 0x00, 0x01 }; hydra_send(sock, com_quit_packet, 5, 0); return 0; } -int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *response = NULL, *login = NULL, *pass = NULL; unsigned long response_len; char res = 0; @@ -213,7 +213,7 @@ int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscp } /*mysql_options(&mysql,MYSQL_OPT_COMPRESS,0); */ if (!mysql_real_connect(mysql, hydra_address2string(ip), login, pass, database, 0, NULL, 0)) { - int my_errno = mysql_errno(mysql); + int32_t my_errno = mysql_errno(mysql); if (debug) hydra_report(stderr, "[ERROR] Failed to connect to database: %s\n", mysql_error(mysql)); @@ -308,9 +308,9 @@ int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscp return 1; } -void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_MYSQL; +void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_MYSQL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -330,7 +330,7 @@ void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE port = myport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = 2; @@ -424,7 +424,7 @@ char *hydra_scramble(char *to, const char *message, const char *password) { } #endif -int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-ncp.c b/hydra-ncp.c index ca22236..5c68d13 100644 --- a/hydra-ncp.c +++ b/hydra-ncp.c @@ -1,4 +1,3 @@ - /* * Novell Network Core Protocol Support - by David Maciejak @ GMAIL dot com * Tested on Netware 6.5 @@ -26,7 +25,7 @@ void dummy_ncp() { #include extern char *HYDRA_EXIT; -extern int child_head_no; +extern int32_t child_head_no; typedef struct __NCP_DATA { struct ncp_conn_spec spec; @@ -37,14 +36,14 @@ typedef struct __NCP_DATA { //uncomment line below to see more trace stack //#define NCP_DEBUG -int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *login; char *pass; char context[256]; - unsigned int ncp_lib_error_code; + uint32_t ncp_lib_error_code; char *empty = ""; - int object_type = NCP_BINDERY_USER; + int32_t object_type = NCP_BINDERY_USER; _NCP_DATA *session; @@ -135,9 +134,9 @@ int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, F return 1; //reconnect } -void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_NCP; +void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_NCP; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -153,7 +152,7 @@ void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * sock = hydra_connect_tcp(ip, myport); port = myport; if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = 2; @@ -184,7 +183,7 @@ void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * #endif -int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-nntp.c b/hydra-nntp.c index 82753d1..f6b7f35 100644 --- a/hydra-nntp.c +++ b/hydra-nntp.c @@ -10,14 +10,14 @@ RFC 4643: Network News Transfer Protocol (NNTP) Extension for Authentication */ -int nntp_auth_mechanism = AUTH_CLEAR; +int32_t nntp_auth_mechanism = AUTH_CLEAR; extern char *HYDRA_EXIT; char *buf; -char *nntp_read_server_capacity(int sock) { +char *nntp_read_server_capacity(int32_t sock) { char *ptr = NULL; - int resp = 0; + int32_t resp = 0; char *buf = NULL; do { @@ -25,7 +25,7 @@ char *nntp_read_server_capacity(int sock) { free(buf); ptr = buf = hydra_receive_line(sock); if (buf != NULL) { - if (isdigit((int) buf[0]) && buf[3] == ' ') + if (isdigit((int32_t) buf[0]) && buf[3] == ' ') resp = 1; else { if (buf[strlen(buf) - 1] == '\n') @@ -38,7 +38,7 @@ char *nntp_read_server_capacity(int sock) { if ((ptr = strrchr(buf, '\n')) != NULL) { #endif ptr++; - if (isdigit((int) *ptr) && *(ptr + 3) == ' ') + if (isdigit((int32_t) *ptr) && *(ptr + 3) == ' ') resp = 1; } } @@ -47,10 +47,10 @@ char *nntp_read_server_capacity(int sock) { return buf; } -int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\""; char *login, *pass, buffer[500], buffer2[500], *fooptr; - int i = 1; + int32_t i = 1; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -121,7 +121,7 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, break; #ifdef LIBOPENSSL case AUTH_CRAMMD5:{ - int rc = 0; + int32_t rc = 0; char *preplogin; rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); @@ -266,9 +266,9 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, return 2; } -void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int i = 0, run = 1, next_run = 1, sock = -1; - int myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0; +void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t i = 0, run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0; char *buffer1 = "CAPABILITIES\r\n"; hydra_register_socket(sp); @@ -293,7 +293,7 @@ void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } // usleepn(300); @@ -405,7 +405,7 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 if ((miscptr != NULL) && (strlen(miscptr) > 0)) { for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int) miscptr[i]); + miscptr[i] = (char) toupper((int32_t) miscptr[i]); if (strncmp(miscptr, "USER", 4) == 0) nntp_auth_mechanism = AUTH_CLEAR; @@ -472,7 +472,7 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 } } -int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-oracle-listener.c b/hydra-oracle-listener.c index 9a52cea..f10d72d 100644 --- a/hydra-oracle-listener.c +++ b/hydra-oracle-listener.c @@ -25,11 +25,11 @@ void dummy_oracle_listener() { extern char *HYDRA_EXIT; char *buf; unsigned char *hash; -int sid_mechanism = AUTH_PLAIN; +int32_t sid_mechanism = AUTH_PLAIN; -int initial_permutation(unsigned char **result, char *p_str, int *sz) { - int k = 0; - int i = strlen(p_str); +int32_t initial_permutation(unsigned char **result, char *p_str, int32_t *sz) { + int32_t k = 0; + int32_t i = strlen(p_str); char *buff; //expand the string with zero so that length is a multiple of 4 @@ -67,8 +67,8 @@ int initial_permutation(unsigned char **result, char *p_str, int *sz) { return 0; } -int ora_hash(unsigned char **orahash, unsigned char *buf, int len) { - int i; +int32_t ora_hash(unsigned char **orahash, unsigned char *buf, int32_t len) { + int32_t i; if ((*orahash = malloc(HASHSIZE)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); @@ -81,8 +81,8 @@ int ora_hash(unsigned char **orahash, unsigned char *buf, int len) { return 0; } -int convert_byteorder(unsigned char **result, int size) { - int i = 0; +int32_t convert_byteorder(unsigned char **result, int32_t size) { + int32_t i = 0; char *buff; if ((buff = malloc(size)) == NULL) { @@ -103,8 +103,8 @@ int convert_byteorder(unsigned char **result, int size) { return 0; } -int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) { - int i = 0; +int32_t ora_descrypt(unsigned char **rs, unsigned char *result, int32_t siz) { + int32_t i = 0; char lastkey[8]; DES_key_schedule ks1; unsigned char key1[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; @@ -138,9 +138,9 @@ int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) { return 0; } -int ora_hash_password(char *pass) { +int32_t ora_hash_password(char *pass) { // secret hash function comes here, and written to char *hash - int siz = 0; + int32_t siz = 0; unsigned char *desresult; unsigned char *result; char buff[strlen(pass) + 5]; @@ -180,7 +180,7 @@ int ora_hash_password(char *pass) { return 0; } -int start_oracle_listener(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { unsigned char tns_packet_begin[22] = { "\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00" }; @@ -192,7 +192,7 @@ int start_oracle_listener(int s, char *ip, int port, unsigned char options, char char *pass; char connect_string[200]; char buffer2[260]; - int siz = 0; + int32_t siz = 0; memset(connect_string, 0, sizeof(connect_string)); memset(buffer2, 0, sizeof(buffer2)); @@ -258,9 +258,9 @@ int start_oracle_listener(int s, char *ip, int port, unsigned char options, char return 1; } -void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; +void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -301,7 +301,7 @@ void service_oracle_listener(char *ip, int sp, unsigned char options, char *misc } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } /* run the cracking function */ @@ -325,7 +325,7 @@ void service_oracle_listener(char *ip, int sp, unsigned char options, char *misc } } -int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-oracle-sid.c b/hydra-oracle-sid.c index 1444e59..7570379 100644 --- a/hydra-oracle-sid.c +++ b/hydra-oracle-sid.c @@ -23,7 +23,7 @@ char *buf; unsigned char *hash; -int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { /* PP is the packet length XX is the length of connect data @@ -39,7 +39,7 @@ int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *mis char *login; char connect_string[200]; char buffer2[260]; - int siz = 0; + int32_t siz = 0; memset(connect_string, 0, sizeof(connect_string)); memset(buffer2, 0, sizeof(buffer2)); @@ -85,9 +85,9 @@ int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *mis return 1; } -void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; +void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -110,7 +110,7 @@ void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } /* run the cracking function */ @@ -134,7 +134,7 @@ void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, } } -int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-oracle.c b/hydra-oracle.c index 871adc8..e598401 100644 --- a/hydra-oracle.c +++ b/hydra-oracle.c @@ -40,7 +40,7 @@ void print_oracle_error(char *err) { } } -int start_oracle(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[200], sid[100]; @@ -132,9 +132,9 @@ int start_oracle(int s, char *ip, int port, unsigned char options, char *miscptr return 1; } -void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_ORACLE; +void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_ORACLE; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -158,7 +158,7 @@ void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = 2; @@ -183,7 +183,7 @@ void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE #endif -int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-pcanywhere.c b/hydra-pcanywhere.c index 2161e1a..483e6fd 100644 --- a/hydra-pcanywhere.c +++ b/hydra-pcanywhere.c @@ -8,9 +8,9 @@ extern char *HYDRA_EXIT; -int pcadebug = 0; +int32_t pcadebug = 0; -int send_cstring(int s, char *crypted_string) { +int32_t send_cstring(int32_t s, char *crypted_string) { char buffer2[100], *bptr = buffer2; char clientcryptheader[] = "\x06"; @@ -25,8 +25,8 @@ int send_cstring(int s, char *crypted_string) { return hydra_send(s, buffer2, 2 + strlen(crypted_string), 0); } -void show_buffer(char *buffer, int size) { - int i; +void show_buffer(char *buffer, int32_t size) { + int32_t i; printf("size: %d, buffer:\n", size); for (i = 0; i < size; i++) { @@ -35,11 +35,11 @@ void show_buffer(char *buffer, int size) { printf("\n"); } -void clean_buffer(char *buf, int size) { - int i; +void clean_buffer(char *buf, int32_t size) { + int32_t i; for (i = 0; i < size; i++) { - int pos = buf[i]; + int32_t pos = buf[i]; if (pos < 32 || pos > 126) { // . char @@ -49,7 +49,7 @@ void clean_buffer(char *buf, int size) { } void print_encrypted_str(char *str) { - int i; + int32_t i; printf("encode string: "); for (i = 0; i < strlen(str); i++) { @@ -60,7 +60,7 @@ void print_encrypted_str(char *str) { void pca_encrypt(char *cleartxt) { char passwd[128]; - int i; + int32_t i; strncpy(passwd, cleartxt, sizeof(passwd) - 1); passwd[sizeof(passwd) - 1] = 0; @@ -76,7 +76,7 @@ void pca_encrypt(char *cleartxt) { void pca_decrypt(char *password) { char cleartext[128]; - int i; + int32_t i; if (strlen(password) > 0) { cleartext[0] = password[0] ^ 0xab; @@ -92,17 +92,17 @@ void debugprintf(char *msg) { printf("debug: %s\n", msg); } -int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass; char buffer[2048] = ""; char clogin[128] = ""; char cpass[128] = ""; - int ret, i; + int32_t ret, i; char *client[4]; char *server[5]; - int clientsize[4]; + int32_t clientsize[4]; client[0] = "\x00\x00\x00\x00"; clientsize[0] = 4; @@ -224,9 +224,9 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis return 1; } -void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_PCANYWHERE, mysslport = PORT_PCANYWHERE_SSL; +void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_PCANYWHERE, mysslport = PORT_PCANYWHERE_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -251,7 +251,7 @@ void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, port = mysslport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } @@ -278,7 +278,7 @@ void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, } } -int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-pcnfs.c b/hydra-pcnfs.c index 2707638..fed02dd 100644 --- a/hydra-pcnfs.c +++ b/hydra-pcnfs.c @@ -33,7 +33,7 @@ struct pr_auth_args { /* Lets start ... */ -int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[LEN_HDR_RPC + LEN_AUTH_UNIX + LEN_HDR_PCN_AUTH]; char *ptr, *pkt = buffer; @@ -136,8 +136,8 @@ int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; +void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); if (port == 0) { @@ -161,7 +161,7 @@ void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE sock = hydra_disconnect(sock); // usleepn(275); if ((sock = hydra_connect_udp(ip, port)) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = 2; @@ -183,7 +183,7 @@ void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-pop3.c b/hydra-pop3.c index 1ae675b..38897d0 100644 --- a/hydra-pop3.c +++ b/hydra-pop3.c @@ -6,9 +6,9 @@ typedef struct pool_str { char ip[36]; - /* int port;*/// not needed - int pop3_auth_mechanism; - int disable_tls; + /* int32_t port;*/// not needed + int32_t pop3_auth_mechanism; + int32_t disable_tls; struct pool_str *next; } pool; @@ -18,7 +18,7 @@ char apop_challenge[300] = ""; pool *plist = NULL, *p = NULL; /* functions */ -int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname); +int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); pool *list_create(pool data) { pool *p; @@ -59,9 +59,9 @@ pool *list_find(char *ip) { /* how to know when to release the mem ? -> well, after _start has determined which pool number it is */ -int list_remove(pool * node) { +int32_t list_remove(pool * node) { pool *save, *list = plist; - int ok = -1; + int32_t ok = -1; if (list == NULL || node == NULL) return -2; @@ -78,9 +78,9 @@ int list_remove(pool * node) { return ok; } -char *pop3_read_server_capacity(int sock) { +char *pop3_read_server_capacity(int32_t sock) { char *ptr = NULL; - int resp = 0; + int32_t resp = 0; char *buf = NULL; do { @@ -117,7 +117,7 @@ STLS return buf; } -int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\""; char *login, *pass, buffer[500], buffer2[500], *fooptr; @@ -137,7 +137,7 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, case AUTH_APOP:{ MD5_CTX c; unsigned char md5_raw[MD5_DIGEST_LENGTH]; - int i; + int32_t i; char *pbuffer = buffer2; MD5_Init(&c); @@ -216,7 +216,7 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, case AUTH_CRAMMD5: case AUTH_CRAMSHA1: case AUTH_CRAMSHA256:{ - int rc = 0; + int32_t rc = 0; char *preplogin; rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); @@ -413,8 +413,8 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, return 2; } -void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; +void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; char *ptr = NULL; //extract data from the pool, ip is the key @@ -448,7 +448,7 @@ void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); @@ -513,10 +513,10 @@ void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * } -int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int myport = PORT_POP3, mysslport = PORT_POP3_SSL; +int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t myport = PORT_POP3, mysslport = PORT_POP3_SSL; char *ptr = NULL; - int sock = -1; + int32_t sock = -1; char *capa_str = "CAPA\r\n"; char *quit_str = "QUIT\r\n"; pool p; @@ -536,7 +536,7 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int32_t) getpid()); return -1; } buf = hydra_receive_line(sock); @@ -571,10 +571,10 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI } if ((miscptr != NULL) && (strlen(miscptr) > 0)) { - int i; + int32_t i; for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int) miscptr[i]); + miscptr[i] = (char) toupper((int32_t) miscptr[i]); if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) { p.disable_tls = 0; diff --git a/hydra-postgres.c b/hydra-postgres.c index 056e23b..d27a78b 100644 --- a/hydra-postgres.c +++ b/hydra-postgres.c @@ -21,7 +21,7 @@ void dummy_postgres() { extern char *HYDRA_EXIT; -int start_postgres(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass; char database[256]; @@ -66,9 +66,9 @@ int start_postgres(int s, char *ip, int port, unsigned char options, char *miscp return 1; } -void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_POSTGRES, mysslport = PORT_POSTGRES_SSL; +void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_POSTGRES, mysslport = PORT_POSTGRES_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -93,7 +93,7 @@ void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FI port = mysslport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = 2; @@ -119,7 +119,7 @@ void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FI #endif -int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-rdp.c b/hydra-rdp.c index bd5b0e0..f8cf084 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -51,8 +51,8 @@ BOOL g_bitmap_cache = True; BOOL g_bitmap_cache_persist_enable = False; BOOL g_bitmap_compression = True; BOOL g_desktop_save = True; -int g_server_depth = -1; -int os_version = 0; //2000 +int32_t g_server_depth = -1; +int32_t os_version = 0; //2000 uint32 g_rdp5_performanceflags = RDP5_NO_WALLPAPER | RDP5_NO_FULLWINDOWDRAG | RDP5_NO_MENUANIMATIONS; @@ -73,7 +73,7 @@ uint8 g_client_random[SEC_RANDOM_SIZE]; #define LOGIN_UNKN 0 #define LOGIN_SUCC 1 #define LOGIN_FAIL 2 -int login_result = LOGIN_UNKN; +int32_t login_result = LOGIN_UNKN; uint8 *g_next_packet; uint32 g_rdp_shareid; @@ -102,15 +102,15 @@ static RDP_ORDER_STATE g_order_state; #define STREAM_COUNT 1 -int g_sock; +int32_t g_sock; static struct stream g_in; static struct stream g_out[STREAM_COUNT]; /* wait till socket is ready to write or timeout */ -static BOOL tcp_can_send(int sck, int millis) { +static BOOL tcp_can_send(int32_t sck, int32_t millis) { fd_set wfds; struct timeval time; - int sel_count; + int32_t sel_count; time.tv_sec = millis / 1000; time.tv_usec = (millis * 1000) % 1000000; @@ -125,7 +125,7 @@ static BOOL tcp_can_send(int sck, int millis) { /* Initialise TCP transport data packet */ STREAM tcp_init(uint32 maxlen) { - static int cur_stream_id = 0; + static int32_t cur_stream_id = 0; STREAM result = NULL; result = &g_out[cur_stream_id]; @@ -144,8 +144,8 @@ STREAM tcp_init(uint32 maxlen) { /* Send TCP transport data packet */ void tcp_send(STREAM s) { - int length = s->end - s->data; - int sent, total = 0; + int32_t length = s->end - s->data; + int32_t sent, total = 0; while (total < length) { @@ -167,7 +167,7 @@ void tcp_send(STREAM s) { /* Receive a message on the TCP layer */ STREAM tcp_recv(STREAM s, uint32 length) { uint32 new_length, end_offset, p_offset; - int rcvd = 0; + int32_t rcvd = 0; if (s == NULL) { /* read into "new" stream */ @@ -227,7 +227,7 @@ char *tcp_get_address() { /* reset the state of the tcp layer */ void tcp_reset_state(void) { - int i; + int32_t i; g_sock = -1; /* reset socket */ @@ -263,8 +263,8 @@ void tcp_reset_state(void) { uint16 g_mcs_userid; /* Parse an ASN.1 BER header */ -static BOOL ber_parse_header(STREAM s, int tagval, int *length) { - int tag, len; +static BOOL ber_parse_header(STREAM s, int32_t tagval, int32_t *length) { + int32_t tag, len; if (tagval > 0xff) { @@ -292,7 +292,7 @@ static BOOL ber_parse_header(STREAM s, int tagval, int *length) { } /* Output an ASN.1 BER header */ -static void ber_out_header(STREAM s, int tagval, int length) { +static void ber_out_header(STREAM s, int32_t tagval, int32_t length) { if (tagval > 0xff) { @@ -309,13 +309,13 @@ static void ber_out_header(STREAM s, int tagval, int length) { } /* Output an ASN.1 BER integer */ -static void ber_out_integer(STREAM s, int value) { +static void ber_out_integer(STREAM s, int32_t value) { ber_out_header(s, BER_TAG_INTEGER, 2); out_uint16_be(s, value); } /* Output a DOMAIN_PARAMS structure (ASN.1 BER) */ -static void mcs_out_domain_params(STREAM s, int max_channels, int max_users, int max_tokens, int max_pdusize) { +static void mcs_out_domain_params(STREAM s, int32_t max_channels, int32_t max_users, int32_t max_tokens, int32_t max_pdusize) { ber_out_header(s, MCS_TAG_DOMAIN_PARAMS, 32); ber_out_integer(s, max_channels); ber_out_integer(s, max_users); @@ -329,7 +329,7 @@ static void mcs_out_domain_params(STREAM s, int max_channels, int max_users, int /* Parse a DOMAIN_PARAMS structure (ASN.1 BER) */ static BOOL mcs_parse_domain_params(STREAM s) { - int length = 0; + int32_t length = 0; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); @@ -339,8 +339,8 @@ static BOOL mcs_parse_domain_params(STREAM s) { /* Send an MCS_CONNECT_INITIAL message (ASN.1 BER) */ static void mcs_send_connect_initial(STREAM mcs_data) { - int datalen = mcs_data->end - mcs_data->data; - int length = 9 + 3 * 34 + 4 + datalen; + int32_t datalen = mcs_data->end - mcs_data->data; + int32_t length = 9 + 3 * 34 + 4 + datalen; STREAM s; s = iso_init(length + 5); @@ -368,7 +368,7 @@ static void mcs_send_connect_initial(STREAM mcs_data) { /* Expect a MCS_CONNECT_RESPONSE message (ASN.1 BER) */ static BOOL mcs_recv_connect_response(STREAM mcs_data) { uint8 result; - int length = 0; + int32_t length = 0; STREAM s; s = iso_recv(NULL); @@ -504,7 +504,7 @@ static BOOL mcs_recv_cjcf(void) { } /* Initialise an MCS transport data packet */ -STREAM mcs_init(int length) { +STREAM mcs_init(int32_t length) { STREAM s; s = iso_init(length + 8); @@ -618,7 +618,7 @@ static void iso_send_msg(uint8 code) { static void iso_send_connection_request(char *username) { STREAM s; - int length = 30 + strlen(username); + int32_t length = 30 + strlen(username); s = tcp_init(length); @@ -717,7 +717,7 @@ static STREAM iso_recv_msg(uint8 * code, uint8 * rdpver) { } /* Initialise ISO transport data packet */ -STREAM iso_init(int length) { +STREAM iso_init(int32_t length) { STREAM s; s = tcp_init(length + 7); @@ -794,7 +794,7 @@ void iso_reset_state(void) { tcp_reset_state(); } -static int g_rc4_key_len; +static int32_t g_rc4_key_len; static SSL_RC4 g_rc4_decrypt_key; static SSL_RC4 g_rc4_encrypt_key; static uint32 g_server_public_key_len; @@ -809,8 +809,8 @@ static uint8 g_sec_crypted_random[SEC_MAX_MODULUS_SIZE]; uint16 g_server_rdp_version = 0; /* These values must be available to reset state - Session Directory */ -static int g_sec_encrypt_use_count = 0; -static int g_sec_decrypt_use_count = 0; +static int32_t g_sec_encrypt_use_count = 0; +static int32_t g_sec_decrypt_use_count = 0; void ssl_sha1_init(SSL_SHA1 * sha1) { @@ -845,8 +845,8 @@ void ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len) RC4(rc4, len, in_data, out_data); } -static void reverse(uint8 * p, int len) { - int i, j; +static void reverse(uint8 * p, int32_t len) { + int32_t i, j; uint8 temp; for (i = 0, j = len - 1; i < j; i++, j--) { @@ -856,11 +856,11 @@ static void reverse(uint8 * p, int len) { } } -void ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) { +void ssl_rsa_encrypt(uint8 * out, uint8 * in, int32_t len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) { BN_CTX *ctx; BIGNUM *mod, *exp, *x, *y; uint8 inr[SEC_MAX_MODULUS_SIZE]; - int outlen; + int32_t outlen; reverse(modulus, modulus_size); reverse(exponent, SEC_EXPONENT_SIZE); @@ -879,7 +879,7 @@ void ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint BN_mod_exp(y, x, exp, mod, ctx); outlen = BN_bn2bin(y, out); reverse(out, outlen); - if (outlen < (int) modulus_size) + if (outlen < (int32_t) modulus_size) memset(out + outlen, 0, modulus_size - outlen); BN_free(y); @@ -903,7 +903,7 @@ static void ssl_cert_free(X509 * cert) { SSL_RKEY *ssl_cert_to_rkey(X509 * cert, uint32 * key_len) { EVP_PKEY *epk = NULL; SSL_RKEY *lkey; - int nid; + int32_t nid; /* By some reason, Microsoft sets the OID of the Public RSA key to the oid for "MD5 with RSA Encryption" instead of "RSA Encryption" @@ -942,7 +942,7 @@ SSL_RKEY *ssl_cert_to_rkey(X509 * cert, uint32 * key_len) { return lkey; } -int ssl_cert_print_fp(FILE * fp, X509 * cert) { +int32_t ssl_cert_print_fp(FILE * fp, X509 * cert) { return X509_print_fp(fp, cert); } @@ -951,8 +951,8 @@ void ssl_rkey_free(SSL_RKEY * rkey) { } /* returns error */ -int ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus, uint32 max_mod_len) { - int len; +int32_t ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus, uint32 max_mod_len) { + int32_t len; #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) BIGNUM *n, *e, *d; @@ -960,7 +960,7 @@ int ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, n = BN_new(); e = BN_new(); RSA_get0_key(rkey, &n, &e, NULL); - if ((BN_num_bytes(e) > (int) max_exp_len) || (BN_num_bytes(n) > (int) max_mod_len)) { + if ((BN_num_bytes(e) > (int32_t) max_exp_len) || (BN_num_bytes(n) > (int32_t) max_mod_len)) { return 1; } len = BN_bn2bin(e, exponent); @@ -970,7 +970,7 @@ int ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, BN_free(n); BN_free(e); #else - if ((BN_num_bytes(rkey->e) > (int) max_exp_len) || (BN_num_bytes(rkey->n) > (int) max_mod_len)) + if ((BN_num_bytes(rkey->e) > (int32_t) max_exp_len) || (BN_num_bytes(rkey->n) > (int32_t) max_mod_len)) return 1; len = BN_bn2bin(rkey->e, exponent); reverse(exponent, len); @@ -986,7 +986,7 @@ BOOL ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_le } -void ssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len, unsigned char *md) { +void ssl_hmac_md5(const void *key, int32_t key_len, const unsigned char *msg, int32_t msg_len, unsigned char *md) { #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) HMAC_CTX *ctx; ctx = HMAC_CTX_new(); @@ -1020,7 +1020,7 @@ void sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 sa uint8 pad[4]; SSL_SHA1 sha1; SSL_MD5 md5; - int i; + int32_t i; for (i = 0; i < 3; i++) { memset(pad, salt + i, i + 1); @@ -1060,7 +1060,7 @@ static void sec_make_40bit(uint8 * key) { } /* Generate encryption keys given client and server randoms */ -static void sec_generate_keys(uint8 * client_random, uint8 * server_random, int rc4_key_size) { +static void sec_generate_keys(uint8 * client_random, uint8 * server_random, int32_t rc4_key_size) { uint8 pre_master_secret[48]; uint8 master_secret[48]; uint8 key_block[48]; @@ -1123,7 +1123,7 @@ void buf_out_uint32(uint8 * buffer, uint32 value) { } /* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */ -void sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen) { +void sec_sign(uint8 * signature, int32_t siglen, uint8 * session_key, int32_t keylen, uint8 * data, int32_t datalen) { uint8 shasig[20]; uint8 md5sig[16]; uint8 lenhdr[4]; @@ -1175,7 +1175,7 @@ static void sec_update(uint8 * key, uint8 * update_key) { } /* Encrypt data using RC4 */ -static void sec_encrypt(uint8 * data, int length) { +static void sec_encrypt(uint8 * data, int32_t length) { if (g_sec_encrypt_use_count == 4096) { sec_update(g_sec_encrypt_key, g_sec_encrypt_update_key); ssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len); @@ -1187,7 +1187,7 @@ static void sec_encrypt(uint8 * data, int length) { } /* Decrypt data using RC4 */ -void sec_decrypt(uint8 * data, int length) { +void sec_decrypt(uint8 * data, int32_t length) { if (g_sec_decrypt_use_count == 4096) { sec_update(g_sec_decrypt_key, g_sec_decrypt_update_key); ssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len); @@ -1199,13 +1199,13 @@ void sec_decrypt(uint8 * data, int length) { } /* Perform an RSA public key encryption operation */ -static void sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) { +static void sec_rsa_encrypt(uint8 * out, uint8 * in, int32_t len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) { ssl_rsa_encrypt(out, in, len, modulus_size, modulus, exponent); } /* Initialise secure transport packet */ -STREAM sec_init(uint32 flags, int maxlen) { - int hdrlen; +STREAM sec_init(uint32 flags, int32_t maxlen) { + int32_t hdrlen; STREAM s; // if (!g_licence_issued) @@ -1221,7 +1221,7 @@ STREAM sec_init(uint32 flags, int maxlen) { /* Transmit secure transport packet over specified channel */ void sec_send_to_channel(STREAM s, uint32 flags, uint16 channel) { - int datalen; + int32_t datalen; s_pop_layer(s, sec_hdr); out_uint32_le(s, flags); @@ -1261,8 +1261,8 @@ static void sec_establish_key(void) { } /* Output a string in Unicode */ -void rdp_out_unistr(STREAM s, char *string, int len) { - int i = 0, j = 0; +void rdp_out_unistr(STREAM s, char *string, int32_t len) { + int32_t i = 0, j = 0; len += 2; while (i < len) { @@ -1275,8 +1275,8 @@ void rdp_out_unistr(STREAM s, char *string, int len) { /* Output connect initial data blob */ static void sec_out_mcs_data(STREAM s) { char *g_hostname = "hydra"; - int hostlen = 2 * strlen(g_hostname); - int length = 158 + 76 + 12 + 4; + int32_t hostlen = 2 * strlen(g_hostname); + int32_t length = 158 + 76 + 12 + 4; /* if (g_num_channels > 0) @@ -1720,9 +1720,9 @@ void sec_reset_state(void) { /* Read field indicating which parameters are present */ -static void rdp_in_present(STREAM s, uint32 * present, uint8 flags, int size) { +static void rdp_in_present(STREAM s, uint32 * present, uint8 flags, int32_t size) { uint8 bits; - int i; + int32_t i; if (flags & RDP_ORDER_SMALL) { size--; @@ -1831,7 +1831,7 @@ static void process_rect(STREAM s, RECT_ORDER * os, uint32 present, BOOL delta) /* Process a desktop save order */ static void process_desksave(STREAM s, DESKSAVE_ORDER * os, uint32 present, BOOL delta) { - int width, height; + int32_t width, height; if (present & 0x01) in_uint32_le(s, os->offset); @@ -1902,7 +1902,7 @@ static void process_memblt(STREAM s, MEMBLT_ORDER * os, uint32 present, BOOL del /* Process a text order */ static void process_text2(STREAM s, TEXT2_ORDER * os, uint32 present, BOOL delta) { - int i; + int32_t i; if (present & 0x000001) in_uint8(s, os->font); @@ -2047,7 +2047,7 @@ void process_orders(STREAM s, uint16 num_orders) { RDP_ORDER_STATE *os = &g_order_state; uint32 present; uint8 order_flags; - int size, processed = 0; + int32_t size, processed = 0; BOOL delta; while (processed < num_orders) { @@ -2256,7 +2256,7 @@ BOOL rdp_loop(BOOL * deactivated, uint32 * ext_disc_reason) { } /* Process incoming packets */ -int rdp_main_loop(BOOL * deactivated, uint32 * ext_disc_reason) { +int32_t rdp_main_loop(BOOL * deactivated, uint32 * ext_disc_reason) { while (rdp_loop(deactivated, ext_disc_reason)) { if (login_result != LOGIN_UNKN) { return login_result; @@ -2270,14 +2270,14 @@ int rdp_main_loop(BOOL * deactivated, uint32 * ext_disc_reason) { /* Parse a logon info packet */ static void rdp_send_logon_info(uint32 flags, char *domain, char *user, char *password, char *program, char *directory) { char *ipaddr = tcp_get_address(); - int len_domain = 2 * strlen(domain); - int len_user = 2 * strlen(user); - int len_password = 2 * strlen(password); - int len_program = 2 * strlen(program); - int len_directory = 2 * strlen(directory); - int len_ip = 2 * strlen(ipaddr); - int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll"); - int packetlen = 0; + int32_t len_domain = 2 * strlen(domain); + int32_t len_user = 2 * strlen(user); + int32_t len_password = 2 * strlen(password); + int32_t len_program = 2 * strlen(program); + int32_t len_directory = 2 * strlen(directory); + int32_t len_ip = 2 * strlen(ipaddr); + int32_t len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll"); + int32_t packetlen = 0; uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO; STREAM s = NULL; time_t t = time(NULL); @@ -2430,7 +2430,7 @@ BOOL rdp_connect(char *server, uint32 flags, char *domain, char *login, char *pa return True; } -int start_rdp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rdp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass; char server[64]; @@ -2484,9 +2484,9 @@ int start_rdp(int s, char *ip, int port, unsigned char options, char *miscptr, F } /* Client program */ -void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1; - int myport = PORT_RDP; +void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1; + int32_t myport = PORT_RDP; if (port != 0) myport = port; @@ -2502,7 +2502,7 @@ void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE * rdesktop_reset_state(); g_sock = hydra_connect_tcp(ip, myport); if (g_sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = start_rdp(g_sock, ip, port, options, miscptr, fp); @@ -2529,7 +2529,7 @@ void generate_random(uint8 * random) { struct tms tmsbuf; SSL_MD5 md5; uint32 *r; - int fd, n; + int32_t fd, n; /* If we have a kernel random device, try that first */ if (((fd = open("/dev/urandom", O_RDONLY)) != -1) @@ -2559,7 +2559,7 @@ void generate_random(uint8 * random) { } /* malloc; exit if out of memory */ -void *xmalloc(int size) { +void *xmalloc(int32_t size) { void *mem = malloc(size); if (mem == NULL) { @@ -2634,9 +2634,9 @@ void unimpl(char *format, ...) { } /* produce a hex dump */ -void hexdump(unsigned char *p, unsigned int len) { +void hexdump(unsigned char *p, uint32_t len) { unsigned char *line = p; - int i, thisline, offset = 0; + int32_t i, thisline, offset = 0; while (offset < len) { printf("%04x ", offset); @@ -2660,7 +2660,7 @@ void hexdump(unsigned char *p, unsigned int len) { } /* Initialise an RDP data packet */ -static STREAM rdp_init_data(int maxlen) { +static STREAM rdp_init_data(int32_t maxlen) { STREAM s; s = sec_init(g_encryption ? SEC_ENCRYPT : 0, maxlen + 18); @@ -2695,10 +2695,10 @@ static void rdp_send_data(STREAM s, uint8 data_pdu_type) { * * Returns str_len of string */ -int rdp_in_unistr(STREAM s, char *string, int str_size, int in_len) { - int i = 0; - int len = in_len / 2; - int rem = 0; +int32_t rdp_in_unistr(STREAM s, char *string, int32_t str_size, int32_t in_len) { + int32_t i = 0; + int32_t len = in_len / 2; + int32_t rem = 0; if (len > str_size - 1) { warning("server sent an unexpectedly long string, truncating\n"); @@ -2865,7 +2865,7 @@ static void rdp_out_order_caps(STREAM s) { /* Output bitmap cache capability set */ static void rdp_out_bmpcache_caps(STREAM s) { - int Bpp; + int32_t Bpp; out_uint16_le(s, RDP_CAPSET_BMPCACHE); out_uint16_le(s, RDP_CAPLEN_BMPCACHE); @@ -3070,7 +3070,7 @@ static void rdp_process_bitmap_caps(STREAM s) { /* Process server capabilities */ static void rdp_process_server_caps(STREAM s, uint16 length) { - int n; + int32_t n; uint8 *next, *start; uint16 ncapsets, capset_type, capset_length; @@ -3234,7 +3234,7 @@ static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason) { } #endif -int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-redis.c b/hydra-redis.c index 61a08ea..76a6afb 100644 --- a/hydra-redis.c +++ b/hydra-redis.c @@ -3,7 +3,7 @@ extern char *HYDRA_EXIT; char *buf; -int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *pass, buffer[510]; char *empty = ""; @@ -11,7 +11,7 @@ int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr, pass = empty; char pass_num[50]; - int pass_len = strlen(pass); + int32_t pass_len = strlen(pass); snprintf(pass_num, 50, "%d", pass_len); memset(buffer, 0, sizeof(buffer)); @@ -51,9 +51,9 @@ int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname, int tls) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; +void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, int32_t tls) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -77,7 +77,7 @@ void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr, } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } usleepn(250); @@ -103,7 +103,7 @@ void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr, } } -void service_redis(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { service_redis_core(ip, sp, options, miscptr, fp, port, hostname, 0); } @@ -122,7 +122,7 @@ void service_redis(char *ip, int sp, unsigned char options, char *miscptr, FILE * (error) ERR operation not permitted (for older redis versions) * That is used for initial password authentication and redis server response tests in service_redis_init */ -int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. @@ -130,8 +130,8 @@ int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, F // 0 - when the server is redis and it requires password // 1 - when the server is not redis or when the server does not require password - int sock = -1; - int myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; + int32_t sock = -1; + int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; char buffer[] = "*1\r\n$4\r\nping\r\n"; hydra_register_socket(sp); diff --git a/hydra-rexec.c b/hydra-rexec.c index c71167f..5b7073a 100644 --- a/hydra-rexec.c +++ b/hydra-rexec.c @@ -7,10 +7,10 @@ extern char *HYDRA_EXIT; char *buf; -int start_rexec(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rexec(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; - int ret; + int32_t ret; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -45,9 +45,9 @@ int start_rexec(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_REXEC, mysslport = PORT_REXEC_SSL; +void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_REXEC, mysslport = PORT_REXEC_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -72,7 +72,7 @@ void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = 2; @@ -95,7 +95,7 @@ void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_rexec_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-rlogin.c b/hydra-rlogin.c index 2dc8ef6..b29ee5d 100644 --- a/hydra-rlogin.c +++ b/hydra-rlogin.c @@ -14,10 +14,10 @@ no memleaks found on 110425 extern char *HYDRA_EXIT; char *buf; -int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; - int ret; + int32_t ret; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -89,9 +89,9 @@ int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr return 1; } -void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL; +void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL; hydra_register_socket(sp); @@ -119,7 +119,7 @@ void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = 2; @@ -141,7 +141,7 @@ void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-rpcap.c b/hydra-rpcap.c index 8272870..2fa4956 100644 --- a/hydra-rpcap.c +++ b/hydra-rpcap.c @@ -6,7 +6,7 @@ extern char *HYDRA_EXIT; char *buf; -int start_rpcap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[1024]; @@ -72,9 +72,9 @@ int start_rpcap(int s, char *ip, int port, unsigned char options, char *miscptr, return 2; } -void service_rpcap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_RPCAP, mysslport = PORT_RPCAP_SSL; +void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_RPCAP, mysslport = PORT_RPCAP_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -99,7 +99,7 @@ void service_rpcap(char *ip, int sp, unsigned char options, char *miscptr, FILE if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = 2; @@ -119,14 +119,14 @@ void service_rpcap(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_rpcap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, performed once only. // return codes: // 0 - rpcap with authentication // 1 - rpcap error or no need of authentication - int sock = -1; - int myport = PORT_RPCAP, mysslport = PORT_RPCAP_SSL; + int32_t sock = -1; + int32_t myport = PORT_RPCAP, mysslport = PORT_RPCAP_SSL; char buffer[] = "\x00\x08\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00"; hydra_register_socket(sp); diff --git a/hydra-rsh.c b/hydra-rsh.c index deeb097..90496cc 100644 --- a/hydra-rsh.c +++ b/hydra-rsh.c @@ -13,10 +13,10 @@ no memleaks found on 110425 extern char *HYDRA_EXIT; char *buf; -int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, buffer[300] = "", buffer2[100], *bptr = buffer2; - int ret; + int32_t ret; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -60,9 +60,9 @@ int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, F return 1; } -void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_RSH, mysslport = PORT_RSH_SSL; +void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_RSH, mysslport = PORT_RSH_SSL; hydra_register_socket(sp); @@ -89,7 +89,7 @@ void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = 2; @@ -111,7 +111,7 @@ void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_rsh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 5b90522..41836ad 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -16,7 +16,7 @@ char *buf; char packet[500]; char packet2[500]; -int is_Unauthorized(char *s) { +int32_t is_Unauthorized(char *s) { if (strstr(s, "401 Unauthorized") != NULL) { return 1; @@ -25,7 +25,7 @@ int is_Unauthorized(char *s) { } } -int is_NotFound(char *s) { +int32_t is_NotFound(char *s) { if (strstr(s, "404 Stream Not Found") != NULL) { return 1; @@ -34,7 +34,7 @@ int is_NotFound(char *s) { } } -int is_Authorized(char *s) { +int32_t is_Authorized(char *s) { if (strstr(s, "200 OK") != NULL) { return 1; @@ -43,7 +43,7 @@ int is_Authorized(char *s) { } } -int use_Basic_Auth(char *s) { +int32_t use_Basic_Auth(char *s) { if (strstr(s, "WWW-Authenticate: Basic") != NULL) { return 1; @@ -52,7 +52,7 @@ int use_Basic_Auth(char *s) { } } -int use_Digest_Auth(char *s) { +int32_t use_Digest_Auth(char *s) { if (strstr(s, "WWW-Authenticate: Digest") != NULL) { return 1; @@ -63,7 +63,7 @@ int use_Digest_Auth(char *s) { -void create_core_packet(int control, char *ip, int port) { +void create_core_packet(int32_t control, char *ip, int32_t port) { char buffer[500]; char *target = hydra_address2string(ip); @@ -78,7 +78,7 @@ void create_core_packet(int control, char *ip, int port) { } } } -int start_rtsp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500]; @@ -180,9 +180,9 @@ int start_rtsp(int s, char *ip, int port, unsigned char options, char *miscptr, return 2; } -void service_rtsp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_RTSP, mysslport = PORT_RTSP_SSL; +void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_RTSP, mysslport = PORT_RTSP_SSL; char *ptr, *ptr2; hydra_register_socket(sp); @@ -206,7 +206,7 @@ void service_rtsp(char *ip, int sp, unsigned char options, char *miscptr, FILE * } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } @@ -229,7 +229,7 @@ void service_rtsp(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_rtsp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-s7-300.c b/hydra-s7-300.c index 6ece2f8..31b11aa 100644 --- a/hydra-s7-300.c +++ b/hydra-s7-300.c @@ -15,13 +15,13 @@ unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" "\x00 unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" "\x04\x11\x45\x01\x00\xff\x09\x00\x08"; -int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *pass, buffer[1024]; char context[S7PASSLEN + 1]; unsigned char encoded_password[S7PASSLEN]; char *spaces = " "; - int ret = -1; + int32_t ret = -1; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; @@ -38,7 +38,7 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr // encode password encoded_password[0] = context[0] ^ 0x55; encoded_password[1] = context[1] ^ 0x55; - int i; + int32_t i; for (i = 2; i < S7PASSLEN; i++) { encoded_password[i] = context[i] ^ encoded_password[i - 2] ^ 0x55; @@ -124,9 +124,9 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr return 1; } -void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int s7port = PORT_S7_300; +void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t s7port = PORT_S7_300; if (port != 0) s7port = port; @@ -139,7 +139,7 @@ void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE case 1: /* connect and service init function */ sock = hydra_connect_tcp(ip, s7port); if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = start_s7_300(sock, ip, s7port, options, miscptr, fp); @@ -163,7 +163,7 @@ void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. @@ -175,15 +175,15 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, // 1 skip target without generating an error // 2 skip target because of protocol problems // 3 skip target because its unreachable - int sock = -1; - int s7port = PORT_S7_300; + int32_t sock = -1; + int32_t s7port = PORT_S7_300; char *empty = ""; char *pass, buffer[1024]; char context[S7PASSLEN + 1]; unsigned char encoded_password[S7PASSLEN]; char *spaces = " "; - int ret = -1; - int i; + int32_t ret = -1; + int32_t i; if (port != 0) s7port = port; diff --git a/hydra-sapr3.c b/hydra-sapr3.c index 0eaa54a..c3b729d 100644 --- a/hydra-sapr3.c +++ b/hydra-sapr3.c @@ -10,22 +10,22 @@ void dummy_sapr3() { #include /* temporary workaround fix */ -const int *__ctype_tolower; -const int *__ctype_toupper; -const int *__ctype_b; +const int32_t *__ctype_tolower; +const int32_t *__ctype_toupper; +const int32_t *__ctype_b; extern void flood(); /* for -lm */ extern char *HYDRA_EXIT; RFC_ERROR_INFO_EX error_info; -int start_sapr3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { RFC_HANDLE handle; char *empty = ""; char *login, *pass, buffer[1024]; char *buf; - int i; - int sysnr = port % 100; + int32_t i; + int32_t sysnr = port % 100; char opts[] = "RFCINI=N RFCTRACE=N BALANCE=N DEBUG=N TRACE=0 ABAP_DEBUG=0"; // char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y ABAP_DEBUG=Y"; @@ -89,8 +89,8 @@ int start_sapr3(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; +void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -117,7 +117,7 @@ void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE #endif -int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-sip.c b/hydra-sip.c index 3cf3b33..c1411fb 100644 --- a/hydra-sip.c +++ b/hydra-sip.c @@ -1,4 +1,3 @@ - /* simple sip digest auth (md5) module 2009/02/19 * written by gh0st 2005 * modified by Jean-Baptiste Aviat - should @@ -13,20 +12,27 @@ void dummy_sip() { } #else +#ifdef __sun + #include +#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) + #include +#else + #include +#endif #include "sasl.h" #include "hydra-mod.h" -extern int hydra_data_ready_timed(int socket, long sec, long usec); +extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); char external_ip_addr[17] = ""; -char *get_iface_ip(unsigned long int ip); -int cseq; +char *get_iface_ip(uint64_t ip); +int32_t cseq; extern char *HYDRA_EXIT; #define SIP_MAX_BUF 1024 -void empty_register(char *buf, char *host, char *lhost, int port, int lport, char *user) { +void empty_register(char *buf, char *host, char *lhost, int32_t port, int32_t lport, char *user) { memset(buf, 0, SIP_MAX_BUF); snprintf(buf, SIP_MAX_BUF, "REGISTER sip:%s SIP/2.0\r\n" @@ -39,8 +45,8 @@ void empty_register(char *buf, char *host, char *lhost, int port, int lport, cha host, lhost, lport, user, host, user, host, host, cseq); } -int get_sip_code(char *buf) { - int code; +int32_t get_sip_code(char *buf) { + int32_t code; char tmpbuf[SIP_MAX_BUF], word[SIP_MAX_BUF]; if (sscanf(buf, "%s %i %s", tmpbuf, &code, word) != 3) @@ -48,9 +54,9 @@ int get_sip_code(char *buf) { return code; } -int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, unsigned char options, char *miscptr, FILE * fp) { char *login, *pass, *host, buffer[SIP_MAX_BUF]; - int i; + int32_t i; char buf[SIP_MAX_BUF]; if (strlen(login = hydra_get_next_login()) == 0) @@ -71,8 +77,8 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt return 3; } - int has_sip_cred = 0; - int try = 0; + int32_t has_sip_cred = 0; + int32_t try = 0; /* We have to check many times because server may begin to send "100 Trying" * before "401 Unauthorized" */ @@ -88,7 +94,7 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt } if (strncmp(buf, "SIP/2.0 606", 11) == 0) { char *ptr = NULL; - int i = 0; + int32_t i = 0; // if we already tried to connect, exit if (external_ip_addr[0]) { @@ -150,8 +156,8 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt return 3; } try = 0; - int has_resp = 0; - int sip_code = 0; + int32_t has_resp = 0; + int32_t sip_code = 0; while (try < 2 && !has_resp) { try++; @@ -180,11 +186,11 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt return 1; } -void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_SIP, mysslport = PORT_SIP_SSL; +void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_SIP, mysslport = PORT_SIP_SSL; - char *lip = get_iface_ip((int) *(&ip[1])); + char *lip = get_iface_ip((int32_t) *(&ip[1])); hydra_register_socket(sp); @@ -197,7 +203,7 @@ void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) run = 3; - int lport = 0; + int32_t lport = 0; while (1) { switch (run) { @@ -222,7 +228,7 @@ void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); free(lip); hydra_child_exit(1); } @@ -250,8 +256,8 @@ void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -char *get_iface_ip(unsigned long int ip) { - int sfd; +char *get_iface_ip(uint64_t ip) { + int32_t sfd; sfd = socket(AF_INET, SOCK_DGRAM, 0); @@ -267,7 +273,7 @@ char *get_iface_ip(unsigned long int ip) { return NULL; } struct sockaddr_in *local = malloc(sizeof(struct sockaddr_in)); - int size = sizeof(struct sockaddr_in); + int32_t size = sizeof(struct sockaddr_in); if (getsockname(sfd, (void *) local, (socklen_t *) & size)) { perror("getsockname"); @@ -293,7 +299,7 @@ char *get_iface_ip(unsigned long int ip) { #endif -int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-smb.c b/hydra-smb.c index 0f669f2..48f7d7e 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -97,8 +97,8 @@ http://technet.microsoft.com/en-us/library/cc960646.aspx #define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN) #endif -#define IVAL_NC(buf,pos) (*(unsigned int *)((char *)(buf) + (pos))) /* Non const version of above. */ -#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((unsigned int)(val)) +#define IVAL_NC(buf,pos) (*(uint32_t *)((char *)(buf) + (pos))) /* Non const version of above. */ +#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((uint32_t)(val)) #define TIME_FIXUP_CONSTANT_INT 11644473600LL @@ -108,15 +108,15 @@ static unsigned char challenge[8]; static unsigned char workgroup[16]; static unsigned char domain[16]; static unsigned char machine_name[16]; -int hashFlag, accntFlag, protoFlag; +int32_t hashFlag, accntFlag, protoFlag; -int smb_auth_mechanism = AUTH_NTLM; -int security_mode = ENCRYPTED; +int32_t smb_auth_mechanism = AUTH_NTLM; +int32_t security_mode = ENCRYPTED; -static size_t UTF8_UTF16LE(unsigned char *in, int insize, unsigned char *out, int outsize) +static size_t UTF8_UTF16LE(unsigned char *in, int32_t insize, unsigned char *out, int32_t outsize) { - int i=0,j=0; - unsigned long int ch; + int32_t i=0,j=0; + uint64_t ch; if (debug) { hydra_report(stderr, "[DEBUG] UTF8_UTF16LE in:\n"); hydra_dump_asciihex(in, insize); @@ -154,8 +154,8 @@ static size_t UTF8_UTF16LE(unsigned char *in, int insize, unsigned char *out, in return j; } -static unsigned char Get7Bits(unsigned char *input, int startBit) { - register unsigned int word; +static unsigned char Get7Bits(unsigned char *input, int32_t startBit) { + register uint32_t word; word = (unsigned) input[startBit / 8] << 8; word |= (unsigned) input[startBit / 8 + 1]; @@ -197,15 +197,15 @@ void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) pass = users password challenge = the challenge recieved from the server */ -int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) { +int32_t HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) { static unsigned char magic[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; unsigned char password[14 + 1]; unsigned char lm_hash[21]; unsigned char lm_response[24]; - int i = 0, j = 0; + int32_t i = 0, j = 0; unsigned char *p = NULL; char HexChar; - int HexValue; + int32_t HexValue; memset(password, 0, 14 + 1); memset(lm_hash, 0, 21); @@ -300,15 +300,15 @@ int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge MakeNTLM Function: Create a NTLM hash from the password */ -int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { +int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { MD4_CTX md4Context; unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */ - int i = 0, j = 0; - int mdlen; + int32_t i = 0, j = 0; + int32_t mdlen; unsigned char *p = NULL; char HexChar; - int HexValue; + int32_t HexValue; /* Use NTLM Hash instead of password */ if (hashFlag == 1) { @@ -389,14 +389,14 @@ int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { samba-3.0.28a - libsmb/smbencrypt.c jcifs - packet capture of LMv2-only connection */ -int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *szPassword) { +int32_t HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *szPassword) { unsigned char ntlm_hash[16]; unsigned char lmv2_response[24]; unsigned char unicodeUsername[20 * 2]; unsigned char unicodeTarget[256 * 2]; HMACMD5Context ctx; unsigned char kr_buf[16]; - int ret, i; + int32_t ret, i; unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }; memset(ntlm_hash, 0, 16); @@ -486,14 +486,14 @@ int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *sz GPO: "Network Security: LAN Manager authentication level" Setting: "Send NTLMv2 response only\refuse LM & NTLM" */ -int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLogin, unsigned char *szPassword) { +int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned char *szLogin, unsigned char *szPassword) { unsigned char ntlm_hash[16]; unsigned char ntlmv2_response[56 + 20 * 2 + 256 * 2]; unsigned char unicodeUsername[20 * 2]; unsigned char unicodeTarget[256 * 2]; HMACMD5Context ctx; unsigned char kr_buf[16]; - int ret, i, iTargetLen; + int32_t ret, i, iTargetLen; unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }; /* @@ -650,8 +650,8 @@ int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLog pass = users password challenge = the challenge recieved from the server */ -int HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) { - int ret; +int32_t HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) { + int32_t ret; unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ unsigned char p21[21]; unsigned char ntlm_response[24]; @@ -677,13 +677,13 @@ int HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *chall Function: Request a new session from the server Returns: TRUE on success else FALSE. */ -int NBSSessionRequest(int s) { +int32_t NBSSessionRequest(int32_t s) { char nb_name[32]; /* netbiosname */ char nb_local[32]; /* netbios localredirector */ unsigned char rqbuf[7] = { 0x81, 0x00, 0x00, 0x44, 0x20, 0x00, 0x20 }; char *buf; unsigned char rbuf[400]; - int k; + int32_t k; /* if we are running in native mode (aka port 445) don't do netbios */ if (protoFlag == WIN2000_NATIVEMODE) @@ -726,7 +726,7 @@ int NBSSessionRequest(int s) { The challenge is retrieved from the answer No error checking is performed i.e cross your fingers.... */ -int SMBNegProt(int s) { +int32_t SMBNegProt(int32_t s) { unsigned char buf[] = { 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0, @@ -778,9 +778,9 @@ int SMBNegProt(int s) { unsigned char rbuf[400]; unsigned char sess_key[2]; unsigned char userid[2] = { 0xCD, 0xEF }; - int i = 0, j = 0, k; - int iLength = 194; - int iResponseOffset = 73; + int32_t i = 0, j = 0, k; + int32_t iLength = 194; + int32_t iResponseOffset = 73; memset((char *) rbuf, 0, 400); @@ -894,18 +894,18 @@ int SMBNegProt(int s) { the server. Returns: TRUE on success else FALSE. */ -unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *miscptr) { +unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char *miscptr) { unsigned char buf[512]; unsigned char *LMv2hash = NULL; unsigned char *NTLMv2hash = NULL; unsigned char *NTLMhash = NULL; unsigned char *LMhash = NULL; // unsigned char unicodeLogin[32 * 2]; - int j; + int32_t j; char bufReceive[512]; - int nReceiveBufferSize = 0; - int ret; - int iByteCount = 0, iOffset = 0; + int32_t nReceiveBufferSize = 0; + int32_t ret; + int32_t iByteCount = 0, iOffset = 0; if (accntFlag == 0) { strcpy((char *) workgroup, "localhost"); @@ -1197,10 +1197,10 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc return (((bufReceive[41] & 0x01) << 24) | ((bufReceive[11] & 0xFF) << 16) | ((bufReceive[10] & 0xFF) << 8) | (bufReceive[9] & 0xFF)); } -int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass; - int SMBerr, SMBaction; + int32_t SMBerr, SMBaction; unsigned long SMBSessionRet; char ipaddr_str[64]; char ErrorCode[10]; @@ -1221,7 +1221,7 @@ int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, F SMBaction = ((unsigned long) SMBSessionRet & 0xFF000000) >> 24; if (verbose) - hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (unsigned int) SMBSessionRet, SMBerr, SMBaction); + hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (uint32_t) SMBSessionRet, SMBerr, SMBaction); /* some error code are available here: @@ -1303,8 +1303,8 @@ int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, F return 1; } -void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; +void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; //default is both (local and domain) checks and normal passwd accntFlag = 2; //BOTH @@ -1316,7 +1316,7 @@ void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * strupper(miscptr); if (strstr(miscptr, "OTHER_DOMAIN:") != NULL) { char *tmpdom; - int err = 0; + int32_t err = 0; accntFlag = 4; //OTHER DOMAIN tmpdom = strstr(miscptr, "OTHER_DOMAIN:"); @@ -1401,7 +1401,7 @@ void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } if (NBSSessionRequest(sock) < 0) { @@ -1427,7 +1427,7 @@ void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * } #endif -int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-smtp-enum.c b/hydra-smtp-enum.c index 2e8e93b..c7dccf2 100644 --- a/hydra-smtp-enum.c +++ b/hydra-smtp-enum.c @@ -16,15 +16,15 @@ passwd will be used as the domain name extern char *HYDRA_EXIT; char *buf; char *err = NULL; -int tosent = 0; +int32_t tosent = 0; #define VRFY 0 #define EXPN 1 #define RCPT 2 -int smtp_enum_cmd = VRFY; +int32_t smtp_enum_cmd = VRFY; -int start_smtp_enum(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[500]; @@ -150,9 +150,9 @@ int start_smtp_enum(int s, char *ip, int port, unsigned char options, char *misc return 2; } -void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1, i = 0; - int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL; +void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1, i = 0; + int32_t myport = PORT_SMTP, mysslport = PORT_SMTP_SSL; char *buffer = "HELO hydra\r\n"; hydra_register_socket(sp); @@ -175,7 +175,7 @@ void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, F port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } /* receive initial header */ @@ -207,7 +207,7 @@ void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, F if ((miscptr != NULL) && (strlen(miscptr) > 0)) { for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int) miscptr[i]); + miscptr[i] = (char) toupper((int32_t) miscptr[i]); if (strncmp(miscptr, "EXPN", 4) == 0) smtp_enum_cmd = EXPN; @@ -249,7 +249,7 @@ void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, F } } -int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-smtp.c b/hydra-smtp.c index 721671b..17df421 100644 --- a/hydra-smtp.c +++ b/hydra-smtp.c @@ -2,11 +2,11 @@ #include "sasl.h" extern char *HYDRA_EXIT; -int smtp_auth_mechanism = AUTH_LOGIN; +int32_t smtp_auth_mechanism = AUTH_LOGIN; -char *smtp_read_server_capacity(int sock) { +char *smtp_read_server_capacity(int32_t sock) { char *ptr = NULL; - int resp = 0; + int32_t resp = 0; char *buf = NULL; do { @@ -14,7 +14,7 @@ char *smtp_read_server_capacity(int sock) { free(buf); ptr = buf = hydra_receive_line(sock); if (buf != NULL) { - if (isdigit((int) buf[0]) && buf[3] == ' ') + if (isdigit((int32_t) buf[0]) && buf[3] == ' ') resp = 1; else { if (buf[strlen(buf) - 1] == '\n') @@ -27,7 +27,7 @@ char *smtp_read_server_capacity(int sock) { if ((ptr = strrchr(buf, '\n')) != NULL) { #endif ptr++; - if (isdigit((int) *ptr) && *(ptr + 3) == ' ') + if (isdigit((int32_t) *ptr) && *(ptr + 3) == ' ') resp = 1; } } @@ -36,7 +36,7 @@ char *smtp_read_server_capacity(int sock) { return buf; } -int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500], *fooptr, *buf; @@ -78,7 +78,7 @@ int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, #ifdef LIBOPENSSL case AUTH_CRAMMD5:{ - int rc = 0; + int32_t rc = 0; char *preplogin; rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); @@ -254,9 +254,9 @@ int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, return 2; } -void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1, i = 0; - int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 1; +void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1, i = 0; + int32_t myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 1; char *buf; char *buffer1 = "EHLO hydra\r\n"; char *buffer2 = "HELO hydra\r\n"; @@ -282,7 +282,7 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } @@ -310,7 +310,7 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * if ((miscptr != NULL) && (strlen(miscptr) > 0)) { for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int) miscptr[i]); + miscptr[i] = (char) toupper((int32_t) miscptr[i]); if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) { disable_tls = 0; @@ -443,7 +443,7 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-snmp.c b/hydra-snmp.c index 1af2d3d..0579ddb 100644 --- a/hydra-snmp.c +++ b/hydra-snmp.c @@ -7,13 +7,13 @@ #include #endif -extern int hydra_data_ready_timed(int socket, long sec, long usec); +extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; -extern int child_head_no; +extern int32_t child_head_no; char snmpv3buf[1024], *snmpv3info = NULL; -int snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0; +int32_t snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0; unsigned char snmpv3_init[] = { 0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00, @@ -196,11 +196,11 @@ void password_to_key_sha(u_char * password, /* IN */ } #endif -int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256] = "", salt[8] = ""; - int i, j, k, size, off = 0, off2 = 0, done = 0; + int32_t i, j, k, size, off = 0, off2 = 0, done = 0; unsigned char initVect[8], privacy_params[8]; - int engine_boots = 0; + int32_t engine_boots = 0; #ifdef LIBOPENSSL DES_key_schedule symcbc; @@ -316,13 +316,13 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, /* //PrivDES::encrypt(const unsigned char *key, - // const unsigned int /*key_len*///, + // const uint32_t /*key_len*///, // const unsigned char *buffer, -// const unsigned int buffer_len, +// const uint32_t buffer_len, // unsigned char *out_buffer, -// unsigned int *out_buffer_len, +// uint32_t *out_buffer_len, // unsigned char *privacy_params, -// unsigned int *privacy_params_len, +// uint32_t *privacy_params_len, // const unsigned long engine_boots, // const unsigned long /*engine_time*/) // last 8 bytes of key are used as base for initialization vector */ @@ -347,9 +347,9 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, if (buffer_len % 8) { unsigned char tmp_buf[8]; unsigned char *tmp_buf_ptr = tmp_buf; - int start = buffer_len - (buffer_len % 8); + int32_t start = buffer_len - (buffer_len % 8); memset(tmp_buf, 0, 8); - for (unsigned int l = start; l < buffer_len; l++) + for (uint32_t l = start; l < buffer_len; l++) *tmp_buf_ptr++ = buffer[l]; DES_ncbc_encrypt(tmp_buf, buf + start, 1, &symcbc, (const_DES_cblock*)(initVect), DES_ENCRYPT); *out_buffer_len = buffer_len + 8 - (buffer_len % 8); @@ -470,9 +470,9 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1, i = 0; - int myport = PORT_SNMP; +void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1, i = 0; + int32_t myport = PORT_SNMP; char *lptr; if (miscptr != NULL) { @@ -519,7 +519,7 @@ void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * hydra_register_socket(sp); if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int32_t) getpid()); hydra_child_exit(1); } @@ -573,7 +573,7 @@ void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-socks5.c b/hydra-socks5.c index 1c01a0e..6781916 100644 --- a/hydra-socks5.c +++ b/hydra-socks5.c @@ -12,12 +12,12 @@ This module enable bruteforcing for socks5, only following types are supported: extern char *HYDRA_EXIT; unsigned char *buf; -int fail_cnt; +int32_t fail_cnt; -int start_socks5(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[300]; - int pport, fud = 0; + int32_t pport, fud = 0; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -104,9 +104,9 @@ int start_socks5(int s, char *ip, int port, unsigned char options, char *miscptr return 2; } -void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_SOCKS5, mysslport = PORT_SOCKS5_SSL; +void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_SOCKS5, mysslport = PORT_SOCKS5_SSL; hydra_register_socket(sp); if (port != 0) @@ -133,7 +133,7 @@ void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } next_run = 2; @@ -165,7 +165,7 @@ void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_socks5_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-ssh.c b/hydra-ssh.c index d73a949..e0a67b1 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -20,12 +20,12 @@ void dummy_ssh() { ssh_session session = NULL; extern char *HYDRA_EXIT; -int new_session = 1; +int32_t new_session = 1; -int start_ssh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, keep_login[300]; - int auth_state = 0, rc = 0, i = 0; + int32_t auth_state = 0, rc = 0, i = 0; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -107,8 +107,8 @@ int start_ssh(int s, char *ip, int port, unsigned char options, char *miscptr, F return 1; } -void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; +void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -155,7 +155,7 @@ void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * // dirty workaround here: miscptr is the ptr to the logins, and the first one is used // to test if password authentication is enabled!! // -int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. @@ -168,7 +168,7 @@ int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FIL // 2 skip target because of protocol problems // 3 skip target because its unreachable #ifdef LIBSSH - int rc, method; + int32_t rc, method; ssh_session session = ssh_new(); if (verbose || debug) diff --git a/hydra-sshkey.c b/hydra-sshkey.c index a8b3ec0..e9f46c8 100644 --- a/hydra-sshkey.c +++ b/hydra-sshkey.c @@ -19,12 +19,12 @@ void dummy_sshkey() { extern ssh_session session; extern char *HYDRA_EXIT; -extern int new_session; +extern int32_t new_session; -int start_sshkey(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *key, keep_login[300]; - int auth_state = 0, rc = 0; + int32_t auth_state = 0, rc = 0; ssh_private_key privkey; if (strlen(login = hydra_get_next_login()) == 0) @@ -108,8 +108,8 @@ int start_sshkey(int s, char *ip, int port, unsigned char options, char *miscptr return 1; } -void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; +void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -151,7 +151,7 @@ void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE #endif #endif -int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-svn.c b/hydra-svn.c index 2e4b06a..11ed2f9 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -23,7 +23,7 @@ void dummy_svn() { } #else -extern int hydra_data_ready_timed(int socket, long sec, long usec); +extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; @@ -50,8 +50,8 @@ static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, vo return SVN_NO_ERROR; } -int start_svn(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { - int ipv6 = 0; +int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { + int32_t ipv6 = 0; char URL[1024]; char URLBRANCH[256]; const char *canonical; @@ -145,9 +145,9 @@ int start_svn(int s, char *ip, int port, unsigned char options, char *miscptr, F return 3; } -void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_SVN, mysslport = PORT_SVN_SSL; +void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_SVN, mysslport = PORT_SVN_SSL; hydra_register_socket(sp); @@ -174,7 +174,7 @@ void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } @@ -199,7 +199,7 @@ void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * #endif -int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-teamspeak.c b/hydra-teamspeak.c index c0e8b87..3d9df94 100644 --- a/hydra-teamspeak.c +++ b/hydra-teamspeak.c @@ -33,12 +33,12 @@ struct team_speak { char login[29]; }; -extern int hydra_data_ready_timed(int socket, long sec, long usec); +extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; char *buf; -int start_teamspeak(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass; char buf[100]; @@ -87,11 +87,11 @@ int start_teamspeak(int s, char *ip, int port, unsigned char options, char *misc hydra_completed_pair_found(); } if (buf[0x4B] != 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } } else { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } @@ -102,9 +102,9 @@ int start_teamspeak(int s, char *ip, int port, unsigned char options, char *misc return 1; } -void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_TEAMSPEAK; +void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_TEAMSPEAK; hydra_register_socket(sp); @@ -123,7 +123,7 @@ void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, F sock = hydra_connect_udp(ip, myport); port = myport; if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } } @@ -142,7 +142,7 @@ void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, F } } -int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_teamspeak_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-telnet.c b/hydra-telnet.c index caecdd4..b938271 100644 --- a/hydra-telnet.c +++ b/hydra-telnet.c @@ -3,12 +3,12 @@ extern char *HYDRA_EXIT; char *buf; -int no_line_mode; +int32_t no_line_mode; -int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[300]; - int i = 0; + int32_t i = 0; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -96,9 +96,9 @@ int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr return 2; } -void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1, fck; - int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; +void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1, fck; + int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -106,8 +106,8 @@ void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE if (miscptr != NULL) make_to_lower(miscptr); while (1) { - int first = 0; - int old_waittime = waittime; + int32_t first = 0; + int32_t old_waittime = waittime; switch (run) { case 1: /* connect and service init function */ @@ -128,7 +128,7 @@ void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } if ((buf = hydra_receive_line(sock)) == NULL) { /* check the first line */ @@ -204,7 +204,7 @@ void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-time.c b/hydra-time.c index 47f73d7..734e3c2 100644 --- a/hydra-time.c +++ b/hydra-time.c @@ -2,14 +2,14 @@ #ifndef _WIN32 #include -int sleepn(time_t seconds) +int32_t sleepn(time_t seconds) { struct timespec ts; ts.tv_sec = seconds; ts.tv_nsec = 0; return nanosleep(&ts, NULL); } -int usleepn(long int milisec) { +int32_t usleepn(int64_t milisec) { struct timespec ts; ts.tv_sec = milisec / 1000; ts.tv_nsec = (milisec % 1000) * 1000000L; @@ -19,12 +19,12 @@ int usleepn(long int milisec) { #else #include -int sleepn(unsigned int seconds) +int32_t sleepn(uint32_t seconds) { return SleepEx(milisec*1000,TRUE); } -int usleepn(unsigned int milisec) +int32_t usleepn(uint32_t milisec) { return SleepEx(milisec,TRUE); } diff --git a/hydra-vmauthd.c b/hydra-vmauthd.c index d223c22..7ed6174 100644 --- a/hydra-vmauthd.c +++ b/hydra-vmauthd.c @@ -10,7 +10,7 @@ extern char *HYDRA_EXIT; char *buf; -int start_vmauthd(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_vmauthd(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\""; char *login, *pass, buffer[300]; @@ -65,9 +65,9 @@ int start_vmauthd(int s, char *ip, int port, unsigned char options, char *miscpt return 2; } -void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_VMAUTHD, mysslport = PORT_VMAUTHD_SSL; +void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_VMAUTHD, mysslport = PORT_VMAUTHD_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -92,7 +92,7 @@ void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FIL if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); @@ -142,7 +142,7 @@ void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FIL } } -int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_vmauthd_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-vnc.c b/hydra-vnc.c index 598ffe3..ee8f582 100644 --- a/hydra-vnc.c +++ b/hydra-vnc.c @@ -15,8 +15,8 @@ //for RFB 3.7 and onwards #define RFB37 2 -int vnc_client_version = RFB33; -int failed_auth = 0; +int32_t vnc_client_version = RFB33; +int32_t failed_auth = 0; extern char *HYDRA_EXIT; char *buf; @@ -28,7 +28,7 @@ char *buf; void vncEncryptBytes(unsigned char *bytes, char *passwd) { unsigned char key[8]; - int i; + int32_t i; /* key is simply password padded with nulls */ for (i = 0; i < 8; i++) { @@ -44,7 +44,7 @@ void vncEncryptBytes(unsigned char *bytes, char *passwd) { } } -int start_vnc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *pass; unsigned char buf2[CHALLENGESIZE + 4]; @@ -55,7 +55,7 @@ int start_vnc(int s, char *ip, int port, unsigned char options, char *miscptr, F recv(s, buf2, CHALLENGESIZE + 4, 0); if (vnc_client_version == RFB37) { - int i; + int32_t i; //fprintf(stderr,"number of security types supported: %d\n", buf2[0]); if (buf2[0] == 0 || buf2[0] > CHALLENGESIZE + 4) { @@ -143,9 +143,9 @@ int start_vnc(int s, char *ip, int port, unsigned char options, char *miscptr, F return 1; /* never reached */ } -void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_VNC, mysslport = PORT_VNC_SSL; +void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_VNC, mysslport = PORT_VNC_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -167,7 +167,7 @@ void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); hydra_child_exit(1); } usleepn(300); @@ -229,7 +229,7 @@ void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) { +int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-xmpp.c b/hydra-xmpp.c index ffd2552..6f6b3cb 100644 --- a/hydra-xmpp.c +++ b/hydra-xmpp.c @@ -6,12 +6,12 @@ extern char *HYDRA_EXIT; static char *domain = NULL; -int xmpp_auth_mechanism = AUTH_ERROR; +int32_t xmpp_auth_mechanism = AUTH_ERROR; char *JABBER_CLIENT_INIT_STR = ""; -int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\""; char *login, *pass, buffer[500], buffer2[500]; char *AUTH_STR = "sp[0] = -1; hydra_heads[j]->sp[1] = -1; sck = fgets(out, sizeof(out), f); @@ -983,8 +983,8 @@ void hydra_restore_read() { hydra_debug(0, "hydra_restore_read"); } -void killed_childs(int signo) { - int pid, i; +void killed_childs(int32_t signo) { + int32_t pid, i; killed++; pid = wait3(NULL, WNOHANG, NULL); @@ -997,15 +997,15 @@ void killed_childs(int signo) { } } -void killed_childs_report(int signo) { +void killed_childs_report(int32_t signo) { if (debug) printf("[DEBUG] children crashed! (%d)\n", child_head_no); fck = write(child_socket, "E", 1); _exit(-1); } -void kill_children(int signo) { - int i; +void kill_children(int32_t signo) { + int32_t i; if (verbose) fprintf(stderr, "[ERROR] Received signal %d, going down ...\n", signo); @@ -1022,10 +1022,10 @@ void kill_children(int signo) { exit(0); } -unsigned long int countlines(FILE * fd, int colonmode) { +uint64_t countlines(FILE * fd, int32_t colonmode) { size_t clines = 0; char *buf = malloc(MAXLINESIZE); - int only_one_empty_line = 0; + int32_t only_one_empty_line = 0; #ifdef HAVE_ZLIB gzFile fp = gzdopen(fileno(fd), "r"); @@ -1064,10 +1064,10 @@ unsigned long int countlines(FILE * fd, int colonmode) { return clines; } -void fill_mem(char *ptr, FILE * fd, int colonmode) { +void fill_mem(char *ptr, FILE * fd, int32_t colonmode) { char tmp[MAXBUF + 4] = "", *ptr2; - unsigned int len; - int only_one_empty_line = 0; + uint32_t len; + int32_t only_one_empty_line = 0; #ifdef HAVE_ZLIB gzFile fp = gzdopen(fileno(fd), "r"); @@ -1132,9 +1132,9 @@ char *hydra_build_time() { return (char *) &datetime; } -void hydra_service_init(int target_no) { - int x = 99; - int i; +void hydra_service_init(int32_t target_no) { + int32_t x = 99; + int32_t i; hydra_target* t = hydra_targets[target_no]; char* miscptr = hydra_options.miscptr; FILE* ofp = hydra_brains.ofp; @@ -1165,8 +1165,8 @@ void hydra_service_init(int target_no) { } } -int hydra_spawn_head(int head_no, int target_no) { - int i; +int32_t hydra_spawn_head(int32_t head_no, int32_t target_no) { + int32_t i; if (head_no < 0 || head_no >= hydra_options.max_use || target_no < 0 || target_no >= hydra_brains.targets) { if (verbose > 1 || debug) @@ -1213,7 +1213,7 @@ int hydra_spawn_head(int head_no, int target_no) { printf("[DEBUG] head_no %d has pid %d\n", head_no, getpid()); hydra_target* t = hydra_targets[target_no]; - int sp = hydra_heads[head_no]->sp[1]; + int32_t sp = hydra_heads[head_no]->sp[1]; char* miscptr = hydra_options.miscptr; FILE* ofp = hydra_brains.ofp; hydra_target* head_target = hydra_targets[hydra_heads[head_no]->target_no]; @@ -1263,8 +1263,8 @@ int hydra_spawn_head(int head_no, int target_no) { return 0; } -int hydra_lookup_port(char *service) { - int i = 0, port = -2; +int32_t hydra_lookup_port(char *service) { + int32_t i = 0, port = -2; hydra_portlist hydra_portlists[] = { {"ftp", PORT_FTP, PORT_FTP_SSL}, @@ -1349,7 +1349,7 @@ int hydra_lookup_port(char *service) { } // killit = 1 : kill(pid); fail = 1 : redo, fail = 2/3 : disable -void hydra_kill_head(int head_no, int killit, int fail) { +void hydra_kill_head(int32_t head_no, int32_t killit, int32_t fail) { if (debug) printf("[DEBUG] head_no %d, kill %d, fail %d\n", head_no, killit, fail); if (head_no < 0) @@ -1393,17 +1393,17 @@ void hydra_kill_head(int head_no, int killit, int fail) { (void) wait3(NULL, WNOHANG, NULL); } -void hydra_increase_fail_count(int target_no, int head_no) { - int i, k, ok, maxfail = 0; +void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { + int32_t i, k, ok, maxfail = 0; if (target_no < 0) return; if (hydra_targets[target_no]->ok) { - const int tasks = hydra_options.tasks; - const int success = tasks - hydra_targets[target_no]->failed; - const int t = tasks < 5 ? 6 - tasks : 1; - const int s = success < 5 ? 6 - success : 1; + const int32_t tasks = hydra_options.tasks; + const int32_t success = tasks - hydra_targets[target_no]->failed; + const int32_t t = tasks < 5 ? 6 - tasks : 1; + const int32_t s = success < 5 ? 6 - success : 1; maxfail = MAXFAIL + t + s + 2; } @@ -1483,8 +1483,8 @@ void hydra_increase_fail_count(int target_no, int head_no) { } } -char *hydra_reverse_login(int head_no, char *login) { - int i, j; +char *hydra_reverse_login(int32_t head_no, char *login) { + int32_t i, j; char *start, *pos; unsigned char keep; @@ -1532,7 +1532,7 @@ char *hydra_reverse_login(int head_no, char *login) { return hydra_heads[head_no]->reverse; } -int hydra_send_next_pair(int target_no, int head_no) { +int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { // variables moved to save stack snpdone = 0; snp_is_redo = 0; @@ -1894,8 +1894,8 @@ int hydra_send_next_pair(int target_no, int head_no) { return -1; } -void hydra_skip_user(int target_no, char *username) { - int i; +void hydra_skip_user(int32_t target_no, char *username) { + int32_t i; if (username == NULL || *username == 0) return; @@ -1932,8 +1932,8 @@ void hydra_skip_user(int target_no, char *username) { } } -int hydra_check_for_exit_condition() { - int i, k = 0; +int32_t hydra_check_for_exit_condition() { + int32_t i, k = 0; if (hydra_brains.exit) { if (debug) @@ -1958,8 +1958,8 @@ int hydra_check_for_exit_condition() { return 0; } -int hydra_select_target() { - int target_no = -1, i, j = -1000; +int32_t hydra_select_target() { + int32_t target_no = -1, i, j = -1000; for (i = 0; i < hydra_brains.targets; i++) if (hydra_targets[i]->use_count < hydra_options.tasks && hydra_targets[i]->done == TARGET_ACTIVE) @@ -1970,9 +1970,9 @@ int hydra_select_target() { return target_no; } -void process_proxy_line(int type, char *string) { +void process_proxy_line(int32_t type, char *string) { char *type_string = string, *target_string, *port_string, *auth_string = NULL, *device_string = NULL, *sep; - int port; + int32_t port; struct addrinfo hints, *res, *p; struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; @@ -2094,20 +2094,20 @@ void process_proxy_line(int type, char *string) { proxy_count++; } -int main(int argc, char *argv[]) { +int32_t main(int32_t argc, char *argv[]) { char *proxy_string = NULL, *device = NULL, *memcheck, *cmdtarget = NULL; char *outfile_format_tmp; FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL, *proxyfp; size_t countinfile = 1, sizeinfile = 0; - unsigned long int math2; - int i = 0, j = 0, k, error = 0, modusage = 0, ignore_restore = 0, do_switch; - int head_no = 0, target_no = 0, exit_condition = 0, readres; + uint64_t math2; + int32_t i = 0, j = 0, k, error = 0, modusage = 0, ignore_restore = 0, do_switch; + int32_t head_no = 0, target_no = 0, exit_condition = 0, readres; time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time; char *tmpptr, *tmpptr2; char rc, buf[MAXBUF]; time_t last_attempt = 0; fd_set fdreadheads; - int max_fd; + int32_t max_fd; struct addrinfo hints, *res, *p; struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; @@ -3169,7 +3169,7 @@ int main(int argc, char *argv[]) { exit(-1); } if (hydra_brains.sizelogin > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizelogin); + fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (uint64_t) hydra_brains.sizelogin); exit(-1); } login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); @@ -3198,7 +3198,7 @@ int main(int argc, char *argv[]) { exit(-1); } if (hydra_brains.sizepass > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizepass); + fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (uint64_t) hydra_brains.sizepass); exit(-1); } pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); @@ -3245,7 +3245,7 @@ int main(int argc, char *argv[]) { exit(-1); } if (hydra_brains.sizelogin > MAX_BYTES / 2) { - fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (unsigned long int) hydra_brains.sizelogin); + fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (uint64_t) hydra_brains.sizelogin); exit(-1); } csv_ptr = malloc(hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); @@ -3291,11 +3291,11 @@ int main(int argc, char *argv[]) { bail("Could not allocate enough memory for target data"); sizeinfile = size_of_data; if (countinfile > MAX_LINES / 1000) { - fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int) countinfile); + fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int32_t) countinfile); exit(-1); } if (sizeinfile > MAX_BYTES / 1000) { - fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int) sizeinfile); + fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int32_t) sizeinfile); exit(-1); } if ((servers_ptr = malloc(sizeinfile + countservers + 8)) == NULL) @@ -3345,7 +3345,7 @@ int main(int argc, char *argv[]) { sizeservers = strlen(hydra_options.server) + 1; } else { /* CIDR notation on command line, e.g. 192.168.0.0/24 */ - unsigned int four_from, four_to, addr_cur, addr_cur2, k, l; + uint32_t four_from, four_to, addr_cur, addr_cur2, k, l; in_addr_t addr4; struct sockaddr_in target; @@ -3506,7 +3506,7 @@ int main(int argc, char *argv[]) { else printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", - (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); + (uint64_t) hydra_brains.countlogin, (uint64_t) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); printf("[DATA] attacking service %s on port %d%s\n", hydra_options.service, port, hydra_options.ssl == 1 ? " with SSL" : ""); if (hydra_options.miscptr != NULL && hydra_options.miscptr[0] != 0) @@ -3933,12 +3933,12 @@ int main(int argc, char *argv[]) { */ printf("[STATUS] %.2f tries/min, %lu tries in %02lu:%02luh, %lu to do in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min hydra_brains.sent, // tries - (long unsigned int) ((elapsed_status - starttime) / 3600), // hours - (long unsigned int) (((elapsed_status - starttime) % 3600) / 60), // minutes + (uint64_t) ((elapsed_status - starttime) / 3600), // hours + (uint64_t) (((elapsed_status - starttime) % 3600) / 60), // minutes (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent != 0 ? (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent : 1, // left todo - (long unsigned int) (((double) (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) + (uint64_t) (((double) (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) ) / 3600, // hours - (((long unsigned int) (((double) (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) + (((uint64_t) (((double) (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) ) % 3600) / 60) + 1, // min k); hydra_debug(0, "STATUS"); diff --git a/hydra.h b/hydra.h index 54373d4..d0e2f5c 100644 --- a/hydra.h +++ b/hydra.h @@ -1,6 +1,13 @@ #ifndef _HYDRA_H #include +#ifdef __sun + #include +#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) + #include +#else + #include +#endif #include #include #include @@ -149,7 +156,7 @@ #ifndef _WIN32 int sleepn(time_t seconds); -int usleepn(long int useconds); +int usleepn(long useconds); #else diff --git a/libpq-fe.h b/libpq-fe.h index 7d08744..d7cce84 100644 --- a/libpq-fe.h +++ b/libpq-fe.h @@ -119,7 +119,7 @@ extern "C" { */ typedef struct pgNotify { char *relname; /* notification condition name */ - int be_pid; /* process ID of server process */ + int32_t be_pid; /* process ID of server process */ char *extra; /* notification parameter */ } PGnotify; @@ -164,7 +164,7 @@ extern "C" { * Display entered value as is "*" * Password field - hide value "D" Debug * option - don't show by default */ - int dispsize; /* Field size in characters for dialog */ + int32_t dispsize; /* Field size in characters for dialog */ } PQconninfoOption; /* ---------------- @@ -172,11 +172,11 @@ extern "C" { * ---------------- */ typedef struct { - int len; - int isint; + int32_t len; + int32_t isint; union { - int *ptr; /* can't use void (dec compiler barfs) */ - int integer; + int32_t *ptr; /* can't use void (dec compiler barfs) */ + int32_t integer; } u; } PQArgBlock; @@ -215,14 +215,14 @@ extern "C" { */ /* Asynchronous (non-blocking) */ - extern int PQresetStart(PGconn * conn); + extern int32_t PQresetStart(PGconn * conn); extern PostgresPollingStatusType PQresetPoll(PGconn * conn); /* Synchronous (blocking) */ extern void PQreset(PGconn * conn); /* issue a cancel request */ - extern int PQrequestCancel(PGconn * conn); + extern int32_t PQrequestCancel(PGconn * conn); /* Accessor functions for PGconn objects */ extern char *PQdb(const PGconn * conn); @@ -235,12 +235,12 @@ extern "C" { extern ConnStatusType PQstatus(const PGconn * conn); extern PGTransactionStatusType PQtransactionStatus(const PGconn * conn); extern const char *PQparameterStatus(const PGconn * conn, const char *paramName); - extern int PQprotocolVersion(const PGconn * conn); + extern int32_t PQprotocolVersion(const PGconn * conn); extern char *PQerrorMessage(const PGconn * conn); - extern int PQsocket(const PGconn * conn); - extern int PQbackendPID(const PGconn * conn); - extern int PQclientEncoding(const PGconn * conn); - extern int PQsetClientEncoding(PGconn * conn, const char *encoding); + extern int32_t PQsocket(const PGconn * conn); + extern int32_t PQbackendPID(const PGconn * conn); + extern int32_t PQclientEncoding(const PGconn * conn); + extern int32_t PQsetClientEncoding(PGconn * conn, const char *encoding); #ifdef USE_SSL @@ -265,74 +265,74 @@ extern "C" { extern PGresult *PQexec(PGconn * conn, const char *query); extern PGresult *PQexecParams(PGconn * conn, const char *command, - int nParams, const Oid * paramTypes, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); + int32_t nParams, const Oid * paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); extern PGresult *PQexecPrepared(PGconn * conn, - const char *stmtName, int nParams, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); + const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); /* Interface for multiple-result or asynchronous queries */ - extern int PQsendQuery(PGconn * conn, const char *query); - extern int PQsendQueryParams(PGconn * conn, + extern int32_t PQsendQuery(PGconn * conn, const char *query); + extern int32_t PQsendQueryParams(PGconn * conn, const char *command, - int nParams, const Oid * paramTypes, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); - extern int PQsendQueryPrepared(PGconn * conn, - const char *stmtName, int nParams, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); + int32_t nParams, const Oid * paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); + extern int32_t PQsendQueryPrepared(PGconn * conn, + const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); extern PGresult *PQgetResult(PGconn * conn); /* Routines for managing an asynchronous query */ - extern int PQisBusy(PGconn * conn); - extern int PQconsumeInput(PGconn * conn); + extern int32_t PQisBusy(PGconn * conn); + extern int32_t PQconsumeInput(PGconn * conn); /* LISTEN/NOTIFY support */ extern PGnotify *PQnotifies(PGconn * conn); /* Routines for copy in/out */ - extern int PQputCopyData(PGconn * conn, const char *buffer, int nbytes); - extern int PQputCopyEnd(PGconn * conn, const char *errormsg); - extern int PQgetCopyData(PGconn * conn, char **buffer, int async); + extern int32_t PQputCopyData(PGconn * conn, const char *buffer, int32_t nbytes); + extern int32_t PQputCopyEnd(PGconn * conn, const char *errormsg); + extern int32_t PQgetCopyData(PGconn * conn, char **buffer, int32_t async); /* Deprecated routines for copy in/out */ - extern int PQgetline(PGconn * conn, char *string, int length); - extern int PQputline(PGconn * conn, const char *string); - extern int PQgetlineAsync(PGconn * conn, char *buffer, int bufsize); - extern int PQputnbytes(PGconn * conn, const char *buffer, int nbytes); - extern int PQendcopy(PGconn * conn); + extern int32_t PQgetline(PGconn * conn, char *string, int32_t length); + extern int32_t PQputline(PGconn * conn, const char *string); + extern int32_t PQgetlineAsync(PGconn * conn, char *buffer, int32_t bufsize); + extern int32_t PQputnbytes(PGconn * conn, const char *buffer, int32_t nbytes); + extern int32_t PQendcopy(PGconn * conn); /* Set blocking/nonblocking connection to the backend */ - extern int PQsetnonblocking(PGconn * conn, int arg); - extern int PQisnonblocking(const PGconn * conn); + extern int32_t PQsetnonblocking(PGconn * conn, int32_t arg); + extern int32_t PQisnonblocking(const PGconn * conn); /* Force the write buffer to be written (or at least try) */ - extern int PQflush(PGconn * conn); + extern int32_t PQflush(PGconn * conn); /* * "Fast path" interface --- not really recommended for application * use */ - extern PGresult *PQfn(PGconn * conn, int fnid, int *result_buf, int *result_len, int result_is_int, const PQArgBlock * args, int nargs); + extern PGresult *PQfn(PGconn * conn, int32_t fnid, int32_t *result_buf, int32_t *result_len, int32_t result_is_int, const PQArgBlock * args, int32_t nargs); /* Accessor functions for PGresult objects */ extern ExecStatusType PQresultStatus(const PGresult * res); extern char *PQresStatus(ExecStatusType status); extern char *PQresultErrorMessage(const PGresult * res); - extern char *PQresultErrorField(const PGresult * res, int fieldcode); - extern int PQntuples(const PGresult * res); - extern int PQnfields(const PGresult * res); - extern int PQbinaryTuples(const PGresult * res); - extern char *PQfname(const PGresult * res, int field_num); - extern int PQfnumber(const PGresult * res, const char *field_name); - extern Oid PQftable(const PGresult * res, int field_num); - extern int PQftablecol(const PGresult * res, int field_num); - extern int PQfformat(const PGresult * res, int field_num); - extern Oid PQftype(const PGresult * res, int field_num); - extern int PQfsize(const PGresult * res, int field_num); - extern int PQfmod(const PGresult * res, int field_num); + extern char *PQresultErrorField(const PGresult * res, int32_t fieldcode); + extern int32_t PQntuples(const PGresult * res); + extern int32_t PQnfields(const PGresult * res); + extern int32_t PQbinaryTuples(const PGresult * res); + extern char *PQfname(const PGresult * res, int32_t field_num); + extern int32_t PQfnumber(const PGresult * res, const char *field_name); + extern Oid PQftable(const PGresult * res, int32_t field_num); + extern int32_t PQftablecol(const PGresult * res, int32_t field_num); + extern int32_t PQfformat(const PGresult * res, int32_t field_num); + extern Oid PQftype(const PGresult * res, int32_t field_num); + extern int32_t PQfsize(const PGresult * res, int32_t field_num); + extern int32_t PQfmod(const PGresult * res, int32_t field_num); extern char *PQcmdStatus(PGresult * res); extern char *PQoidStatus(const PGresult * res); /* old and ugly */ extern Oid PQoidValue(const PGresult * res); /* new and improved */ extern char *PQcmdTuples(PGresult * res); - extern char *PQgetvalue(const PGresult * res, int tup_num, int field_num); - extern int PQgetlength(const PGresult * res, int tup_num, int field_num); - extern int PQgetisnull(const PGresult * res, int tup_num, int field_num); + extern char *PQgetvalue(const PGresult * res, int32_t tup_num, int32_t field_num); + extern int32_t PQgetlength(const PGresult * res, int32_t tup_num, int32_t field_num); + extern int32_t PQgetisnull(const PGresult * res, int32_t tup_num, int32_t field_num); /* Delete a PGresult */ extern void PQclear(PGresult * res); @@ -369,40 +369,40 @@ extern "C" { */ extern void PQdisplayTuples(const PGresult * res, FILE * fp, /* where to send the output */ - int fillAlign, /* pad the fields with spaces */ + int32_t fillAlign, /* pad the fields with spaces */ const char *fieldSep, /* field separator */ - int printHeader, /* display headers? */ - int quiet); + int32_t printHeader, /* display headers? */ + int32_t quiet); extern void PQprintTuples(const PGresult * res, FILE * fout, /* output stream */ - int printAttName, /* print attribute names */ - int terseOutput, /* delimiter bars */ - int width); /* width of column, if 0, use variable + int32_t printAttName, /* print attribute names */ + int32_t terseOutput, /* delimiter bars */ + int32_t width); /* width of column, if 0, use variable * width */ /* === in fe-lobj.c === */ /* Large-object access routines */ - extern int lo_open(PGconn * conn, Oid lobjId, int mode); - extern int lo_close(PGconn * conn, int fd); - extern int lo_read(PGconn * conn, int fd, char *buf, size_t len); - extern int lo_write(PGconn * conn, int fd, char *buf, size_t len); - extern int lo_lseek(PGconn * conn, int fd, int offset, int whence); - extern Oid lo_creat(PGconn * conn, int mode); - extern int lo_tell(PGconn * conn, int fd); - extern int lo_unlink(PGconn * conn, Oid lobjId); + extern int32_t lo_open(PGconn * conn, Oid lobjId, int32_t mode); + extern int32_t lo_close(PGconn * conn, int32_t fd); + extern int32_t lo_read(PGconn * conn, int32_t fd, char *buf, size_t len); + extern int32_t lo_write(PGconn * conn, int32_t fd, char *buf, size_t len); + extern int32_t lo_lseek(PGconn * conn, int32_t fd, int32_t offset, int32_t whence); + extern Oid lo_creat(PGconn * conn, int32_t mode); + extern int32_t lo_tell(PGconn * conn, int32_t fd); + extern int32_t lo_unlink(PGconn * conn, Oid lobjId); extern Oid lo_import(PGconn * conn, const char *filename); - extern int lo_export(PGconn * conn, Oid lobjId, const char *filename); + extern int32_t lo_export(PGconn * conn, Oid lobjId, const char *filename); /* === in fe-misc.c === */ /* Determine length of multibyte encoded char at *s */ - extern int PQmblen(const unsigned char *s, int encoding); + extern int32_t PQmblen(const unsigned char *s, int32_t encoding); /* Get encoding id from environment variable PGCLIENTENCODING */ - extern int PQenv2encoding(void); + extern int32_t PQenv2encoding(void); #ifdef __cplusplus } diff --git a/ntlm.c b/ntlm.c index 865dccf..19e54f4 100644 --- a/ntlm.c +++ b/ntlm.c @@ -54,7 +54,7 @@ /* This file implements macros for machine independent short and - int manipulation + int32_t manipulation Here is a description of this file that I emailed to the samba list once: @@ -72,7 +72,7 @@ an optimisation. You can take it out completely and it will make no difference. The routines (macros) in byteorder.h are totally byteorder independent. The 386 optimsation just takes advantage of the fact that the x86 processors don't care about alignment, so we don't have to -align ints on int boundaries etc. If there are other processors out +align ints on int32_t boundaries etc. If there are other processors out there that aren't alignment sensitive then you could also define CAREFUL_ALIGNMENT=0 on those processors as well. @@ -81,7 +81,7 @@ want to extract a 2 byte integer from a SMB packet and put it into a type called uint16 that is in the local machines byte order, and you want to do it with only the assumption that uint16 is _at_least_ 16 bits long (this last condition is very important for architectures -that don't have any int types that are 2 bytes long) +that don't have any int32_t types that are 2 bytes long) You do this: @@ -207,10 +207,10 @@ it also defines lots of intermediate macros, just ignore those :-) /* macros for reading / writing arrays */ #define SMBMACRO(macro,buf,pos,val,len,size) \ -{ int l; for (l = 0; l < (len); l++) (val)[l] = macro((buf), (pos) + (size)*l); } +{ int32_t l; for (l = 0; l < (len); l++) (val)[l] = macro((buf), (pos) + (size)*l); } #define SSMBMACRO(macro,buf,pos,val,len,size) \ -{ int l; for (l = 0; l < (len); l++) macro((buf), (pos) + (size)*l, (val)[l]); } +{ int32_t l; for (l = 0; l < (len); l++) macro((buf), (pos) + (size)*l, (val)[l]); } /* reads multiple data from an SMB buffer */ #define PCVAL(buf,pos,val,len) SMBMACRO(CVAL,buf,pos,val,len,1) @@ -259,7 +259,7 @@ it also defines lots of intermediate macros, just ignore those :-) DEBUG(5,("%s%04x %s: ", \ tab_depth(depth), base,string)); \ if (charmode) print_asc(5, (unsigned char*)(outbuf), (len)); else \ - { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (outbuf)[idx])); } } \ + { int32_t idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (outbuf)[idx])); } } \ DEBUG(5,("\n")); } #define DBG_RW_PSVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ @@ -267,7 +267,7 @@ it also defines lots of intermediate macros, just ignore those :-) DEBUG(5,("%s%04x %s: ", \ tab_depth(depth), base,string)); \ if (charmode) print_asc(5, (unsigned char*)(outbuf), 2*(len)); else \ - { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (outbuf)[idx])); } } \ + { int32_t idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (outbuf)[idx])); } } \ DEBUG(5,("\n")); } #define DBG_RW_PIVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ @@ -275,7 +275,7 @@ it also defines lots of intermediate macros, just ignore those :-) DEBUG(5,("%s%04x %s: ", \ tab_depth(depth), base,string)); \ if (charmode) print_asc(5, (unsigned char*)(outbuf), 4*(len)); else \ - { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (outbuf)[idx])); } } \ + { int32_t idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (outbuf)[idx])); } } \ DEBUG(5,("\n")); } #define DBG_RW_CVAL(string,depth,base,read,inbuf,outbuf) \ @@ -300,7 +300,7 @@ it also defines lots of intermediate macros, just ignore those :-) /* NOTE: This code makes no attempt to be fast! - It assumes that a int is at least 32 bits long + It assumes that a int32_t is at least 32 bits long */ static uint32 A, B, C, D; @@ -317,7 +317,7 @@ static uint32 H(uint32 X, uint32 Y, uint32 Z) { return X ^ Y ^ Z; } -static uint32 lshift(uint32 x, int s) { +static uint32 lshift(uint32 x, int32_t s) { x &= 0xFFFFFFFF; return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s)); } @@ -328,7 +328,7 @@ static uint32 lshift(uint32 x, int s) { /* this applies md4 to 64 byte chunks */ static void mdfour64(uint32 * M) { - int j; + int32_t j; uint32 AA, BB, CC, DD; uint32 X[16]; @@ -406,7 +406,7 @@ static void mdfour64(uint32 * M) { } static void copy64(uint32 * M, unsigned char *in) { - int i; + int32_t i; for (i = 0; i < 16; i++) M[i] = (in[i * 4 + 3] << 24) | (in[i * 4 + 2] << 16) | (in[i * 4 + 1] << 8) | (in[i * 4 + 0] << 0); @@ -420,11 +420,11 @@ static void copy4(unsigned char *out, uint32 x) { } /* produce a md4 message digest from data of length n bytes */ -void mdfour(unsigned char *out, unsigned char *in, int n) { +void mdfour(unsigned char *out, unsigned char *in, int32_t n) { unsigned char buf[128]; uint32 M[16]; uint32 b = n * 8; - int i; + int32_t i; A = 0x67452301; B = 0xefcdab89; @@ -577,16 +577,16 @@ static uchar sbox[8][4][16] = { {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}} }; -static void permute(char *out, char *in, uchar * p, int n) { - int i; +static void permute(char *out, char *in, uchar * p, int32_t n) { + int32_t i; for (i = 0; i < n; i++) out[i] = in[p[i] - 1]; } -static void l_shift(char *d, int count, int n) { +static void l_shift(char *d, int32_t count, int32_t n) { char out[64]; - int i; + int32_t i; for (i = 0; i < n; i++) out[i] = d[(i + count) % n]; @@ -594,22 +594,22 @@ static void l_shift(char *d, int count, int n) { d[i] = out[i]; } -static void concat(char *out, char *in1, char *in2, int l1, int l2) { +static void concat(char *out, char *in1, char *in2, int32_t l1, int32_t l2) { while (l1--) *out++ = *in1++; while (l2--) *out++ = *in2++; } -void xor(char *out, char *in1, char *in2, int n) { - int i; +void xor(char *out, char *in1, char *in2, int32_t n) { + int32_t i; for (i = 0; i < n; i++) out[i] = in1[i] ^ in2[i]; } -static void dohash(char *out, char *in, char *key, int forw) { - int i, j, k; +static void dohash(char *out, char *in, char *key, int32_t forw) { + int32_t i, j, k; char pk1[56]; char c[28]; char d[28]; @@ -658,7 +658,7 @@ static void dohash(char *out, char *in, char *key, int forw) { b[j][k] = erk[j * 6 + k]; for (j = 0; j < 8; j++) { - int m, n; + int32_t m, n; m = (b[j][0] << 1) | b[j][5]; @@ -688,7 +688,7 @@ static void dohash(char *out, char *in, char *key, int forw) { } static void str_to_key(unsigned char *str, unsigned char *key) { - int i; + int32_t i; key[0] = str[0] >> 1; key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2); @@ -704,8 +704,8 @@ static void str_to_key(unsigned char *str, unsigned char *key) { } -static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int forw) { - int i; +static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int32_t forw) { + int32_t i; char outb[64]; char inb[64]; char keyb[64]; @@ -769,7 +769,7 @@ void cred_hash2(unsigned char *out, unsigned char *in, unsigned char *key) { smbhash(out, buf, key2, 1); } -void cred_hash3(unsigned char *out, unsigned char *in, unsigned char *key, int forw) { +void cred_hash3(unsigned char *out, unsigned char *in, unsigned char *key, int32_t forw) { static unsigned char key2[8]; smbhash(out, in, key, forw); @@ -777,12 +777,12 @@ void cred_hash3(unsigned char *out, unsigned char *in, unsigned char *key, int f smbhash(out + 8, in + 8, key2, forw); } -void SamOEMhash(unsigned char *data, unsigned char *key, int val) { +void SamOEMhash(unsigned char *data, unsigned char *key, int32_t val) { unsigned char s_box[256]; unsigned char index_i = 0; unsigned char index_j = 0; unsigned char j = 0; - int ind; + int32_t ind; for (ind = 0; ind < 256; ind++) { s_box[ind] = (unsigned char) ind; @@ -861,7 +861,7 @@ char *safe_strcpy(char *dest, const char *src, size_t maxlength) { len = strlen(src); if (len > maxlength) { - DEBUG(0, ("Error: string overflow by %d in safe_strcpy [%.50s]\n", (int) (len - maxlength), src)); + DEBUG(0, ("Error: string overflow by %d in safe_strcpy [%.50s]\n", (int32_t) (len - maxlength), src)); len = maxlength; } @@ -879,8 +879,8 @@ void strupper(char *s) { if (skip != 0) s += skip; else { - if (islower((int) *s)) - *s = toupper((int) *s); + if (islower((int32_t) *s)) + *s = toupper((int32_t) *s); s++; } } @@ -916,8 +916,8 @@ void SMBencrypt(uchar * passwd, uchar * c8, uchar * p24) { } /* Routines for Windows NT MD4 Hash functions. */ -static int _my_wcslen(int16 * str) { - int len = 0; +static int32_t _my_wcslen(int16 * str) { + int32_t len = 0; while (*str++ != 0) len++; @@ -931,8 +931,8 @@ static int _my_wcslen(int16 * str) { * format. */ -static int _my_mbstowcs(int16 * dst, uchar * src, int len) { - int i; +static int32_t _my_mbstowcs(int16 * dst, uchar * src, int32_t len) { + int32_t i; int16 val; for (i = 0; i < len; i++) { @@ -951,7 +951,7 @@ static int _my_mbstowcs(int16 * dst, uchar * src, int len) { */ void E_md4hash(uchar * passwd, uchar * p16) { - int len; + int32_t len; int16 wpwd[129]; /* Password cannot be longer than 128 characters */ @@ -1051,7 +1051,7 @@ void SMBNTencrypt(uchar * passwd, uchar * c8, uchar * p24) { #if 0 BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode) { - int new_pw_len = strlen(passwd) * (unicode ? 2 : 1); + int32_t new_pw_len = strlen(passwd) * (unicode ? 2 : 1); if (new_pw_len > 512) { DEBUG(0, ("make_oem_passwd_hash: new password is too long.\n")); @@ -1134,7 +1134,7 @@ else \ #define AddString(ptr, header, string) \ { \ char *p = string; \ -int len = 0; \ +int32_t len = 0; \ if (p) len = strlen(p); \ AddBytes(ptr, header, ((unsigned char*)p), len); \ } @@ -1143,7 +1143,7 @@ AddBytes(ptr, header, ((unsigned char*)p), len); \ { \ char *p = string; \ unsigned char *b = NULL; \ -int len = 0; \ +int32_t len = 0; \ if (p) \ { \ len = strlen(p); \ @@ -1162,21 +1162,21 @@ dumpRaw(fp,((unsigned char*)structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&s static void dumpRaw(FILE * fp, unsigned char *buf, size_t len) { - int i; + int32_t i; - for (i = 0; i < (signed int) len; ++i) + for (i = 0; i < (int32_t) len; ++i) fprintf(fp, "%02x ", buf[i]); fprintf(fp, "\n"); } static char *unicodeToString(char *p, size_t len) { - int i; + int32_t i; static char buf[4096]; assert(len + 1 < sizeof buf); - for (i = 0; i < (signed int) len; ++i) { + for (i = 0; i < (int32_t) len; ++i) { buf[i] = *p & 0x7f; p += 2; } @@ -1188,7 +1188,7 @@ static char *unicodeToString(char *p, size_t len) { static unsigned char *strToUnicode(char *p) { static unsigned char buf[4096]; size_t l = strlen(p); - int i = 0; + int32_t i = 0; assert(l * 2 < sizeof buf); @@ -1377,7 +1377,7 @@ static const char base64val[] = { #define DECODE64(c) (isascii(c) ? base64val[c] : BAD) -void to64frombits(unsigned char *out, const unsigned char *in, int inlen) +void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen) /* raw bytes in quasi-big-endian order to base 64 string (NUL-terminated) */ { @@ -1402,11 +1402,11 @@ void to64frombits(unsigned char *out, const unsigned char *in, int inlen) *out = '\0'; } -int from64tobits(char *out, const char *in) +int32_t from64tobits(char *out, const char *in) /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */ { - int len = 0; + int32_t len = 0; register unsigned char digit1, digit2, digit3, digit4; if (in[0] == '+' && in[1] == ' ') diff --git a/ntlm.h b/ntlm.h index 1a7db63..85f8f7f 100644 --- a/ntlm.h +++ b/ntlm.h @@ -1,4 +1,3 @@ - /* $Id$ Single file NTLM system to create and parse authentication messages. @@ -52,8 +51,8 @@ included bonus!!: Base64 code - int from64tobits(char *out, const char *in); - void to64frombits(unsigned char *out, const unsigned char *in, int inlen); + int32_t from64tobits(char *out, const char *in); + void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen); @@ -66,8 +65,16 @@ * These structures are byte-order dependant, and should not * be manipulated except by the use of the routines provided */ +#ifdef __sun + #include +#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) + #include +#else + #include +#endif + typedef unsigned short uint16; -typedef unsigned int uint32; +typedef uint32_t uint32; typedef unsigned char uint8; typedef struct { @@ -131,10 +138,10 @@ void buildAuthResponse(tSmbNtlmAuthChallenge * challenge, tSmbNtlmAuthResponse * //flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication /* Base64 code*/ -int from64tobits(char *out, const char *in); -void to64frombits(unsigned char *out, const unsigned char *in, int inlen); +int32_t from64tobits(char *out, const char *in); +void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen); -void xor(char *out, char *in1, char *in2, int n); +void xor(char *out, char *in1, char *in2, int32_t n); // info functions void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request); diff --git a/performance.h b/performance.h index 0d753f7..2d4a682 100644 --- a/performance.h +++ b/performance.h @@ -7,8 +7,8 @@ #include /* handles select errors */ -int my_select(int fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec) { - int ret_val; +int32_t my_select(int32_t fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec) { + int32_t ret_val; struct timeval stv; fd_set *fdr2, *fdw2, *fde2; @@ -28,13 +28,13 @@ int my_select(int fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec } /*reads in a non-blocking way*/ -ssize_t read_safe(int fd, void *buffer, size_t len) { - int r = 0; - int total = 0; - int toread = len; +ssize_t read_safe(int32_t fd, void *buffer, size_t len) { + int32_t r = 0; + int32_t total = 0; + int32_t toread = len; fd_set fr; struct timeval tv; - int ret = 0; + int32_t ret = 0; (void)fcntl(fd, F_SETFL, O_NONBLOCK); do { diff --git a/postgres_ext.h b/postgres_ext.h index 20affdd..16ceadd 100644 --- a/postgres_ext.h +++ b/postgres_ext.h @@ -27,7 +27,7 @@ /* * Object ID is a fundamental type in Postgres. */ -typedef unsigned int Oid; +typedef uint32_t Oid; #ifdef __cplusplus #define InvalidOid (Oid(0)) @@ -43,7 +43,7 @@ typedef unsigned int Oid; /* * NAMEDATALEN is the max length for system identifiers (e.g. table names, * attribute names, function names, etc). It must be a multiple of - * sizeof(int) (typically 4). + * sizeof(int32_t) (typically 4). * * NOTE that databases with different NAMEDATALEN's cannot interoperate! */ diff --git a/pw-inspector.c b/pw-inspector.c index 003fd00..d5ca29c 100644 --- a/pw-inspector.c +++ b/pw-inspector.c @@ -36,10 +36,10 @@ void help() { exit(-1); } -int main(int argc, char *argv[]) { - int i, j, k; - int sets = 0, countsets = 0, minlen = 0, maxlen = MAXLENGTH, count = 0; - int set_low = 0, set_up = 0, set_no = 0, set_print = 0, set_other = 0; +int32_t main(int32_t argc, char *argv[]) { + int32_t i, j, k; + int32_t sets = 0, countsets = 0, minlen = 0, maxlen = MAXLENGTH, count = 0; + int32_t set_low = 0, set_up = 0, set_no = 0, set_print = 0, set_other = 0; FILE *in = stdin, *out = stdout; char buf[MAXLENGTH + 1]; @@ -136,7 +136,7 @@ int main(int argc, char *argv[]) { if (set_print) { j = 0; for (k = 0; k < strlen(buf); k++) - if (isprint((int) buf[k]) != 0 && isalnum((int) buf[k]) == 0) + if (isprint((int32_t) buf[k]) != 0 && isalnum((int32_t) buf[k]) == 0) j = 1; if (j) i++; @@ -144,7 +144,7 @@ int main(int argc, char *argv[]) { if (set_other) { j = 0; for (k = 0; k < strlen(buf); k++) - if (isprint((int) buf[k]) == 0 && isalnum((int) buf[k]) == 0) + if (isprint((int32_t) buf[k]) == 0 && isalnum((int32_t) buf[k]) == 0) j = 1; if (j) i++; diff --git a/rdp.h b/rdp.h index 0b7c496..1d3c7c4 100644 --- a/rdp.h +++ b/rdp.h @@ -30,7 +30,7 @@ #include #include #include -#define DIR int +#define DIR int32_t #else #include #include @@ -142,7 +142,7 @@ typedef struct stream unsigned char *p; unsigned char *end; unsigned char *data; - unsigned int size; + uint32_t size; /* Offsets of various headers */ unsigned char *iso_hdr; @@ -216,8 +216,8 @@ typedef unsigned char uint8; typedef signed char sint8; typedef unsigned short uint16; typedef signed short sint16; -typedef unsigned int uint32; -typedef signed int sint32; +typedef uint32_t uint32; +typedef int32_t sint32; typedef struct _BOUNDS { @@ -579,14 +579,14 @@ enum RDP_UPDATE_PDU_TYPE #define RDP_INPUT_SCANCODE 4 /* iso.c */ -STREAM iso_init(int length); +STREAM iso_init(int32_t length); void iso_send(STREAM s); STREAM iso_recv(uint8 * rdpver); BOOL iso_connect(char *server, char *username, BOOL reconnect); void iso_disconnect(void); void iso_reset_state(void); /* mcs.c */ -STREAM mcs_init(int length); +STREAM mcs_init(int32_t length); void mcs_send_to_channel(STREAM s, uint16 channel); void mcs_send(STREAM s); STREAM mcs_recv(uint16 * channel, uint8 * rdpver); @@ -598,14 +598,14 @@ void process_orders(STREAM s, uint16 num_orders); void reset_order_state(void); /* rdesktop.c */ void generate_random(uint8 * random); -void *xmalloc(int size); +void *xmalloc(int32_t size); void exit_if_null(void *ptr); char *xstrdup(const char *s); void *xrealloc(void *oldmem, size_t size); void error(char *format, ...); void warning(char *format, ...); void unimpl(char *format, ...); -void hexdump(unsigned char *p, unsigned int len); +void hexdump(unsigned char *p, uint32_t len); /* rdp.c */ static void process_demand_active(STREAM s); static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason); @@ -613,10 +613,10 @@ static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason); void sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt); void sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2); void buf_out_uint32(uint8 * buffer, uint32 value); -void sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, - int datalen); -void sec_decrypt(uint8 * data, int length); -STREAM sec_init(uint32 flags, int maxlen); +void sec_sign(uint8 * signature, int32_t siglen, uint8 * session_key, int32_t keylen, uint8 * data, + int32_t datalen); +void sec_decrypt(uint8 * data, int32_t length); +STREAM sec_init(uint32 flags, int32_t maxlen); void sec_send_to_channel(STREAM s, uint32 flags, uint16 channel); void sec_send(STREAM s, uint32 flags); void sec_process_mcs_data(STREAM s); diff --git a/sasl.c b/sasl.c index dad73da..cf2234e 100644 --- a/sasl.c +++ b/sasl.c @@ -1,14 +1,14 @@ #include "sasl.h" -extern int selected_proxy; +extern int32_t selected_proxy; /* print_hex is used for debug it displays the string buf hexa values of size len */ -int print_hex(unsigned char *buf, int len) { - int i; - int n; +int32_t print_hex(unsigned char *buf, int32_t len) { + int32_t i; + int32_t n; for (i = 0, n = 0; i < len; i++) { if (n > 7) { @@ -26,9 +26,9 @@ int print_hex(unsigned char *buf, int len) { RFC 4013: SASLprep: Stringprep Profile for User Names and Passwords code based on gsasl_saslprep from GSASL project */ -int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out) { +int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out) { #if LIBIDN - int rc; + int32_t rc; rc = stringprep_profile(in, out, "SASLprep", (flags & SASL_ALLOW_UNASSIGNED) ? STRINGPREP_NO_UNASSIGNED : 0); if (rc != STRINGPREP_OK) { @@ -71,7 +71,7 @@ the first parameter result must be able to hold at least 255 bytes! void sasl_plain(char *result, char *login, char *pass) { char *preplogin; char *preppasswd; - int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { result = NULL; @@ -107,7 +107,7 @@ void sasl_cram_md5(char *result, char *pass, char *challenge) { char opad[64]; unsigned char md5_raw[MD5_DIGEST_LENGTH]; MD5_CTX md5c; - int i, rc; + int32_t i, rc; char *preppasswd; if (challenge == NULL) { @@ -161,7 +161,7 @@ void sasl_cram_sha1(char *result, char *pass, char *challenge) { char opad[64]; unsigned char sha1_raw[SHA_DIGEST_LENGTH]; SHA_CTX shac; - int i, rc; + int32_t i, rc; char *preppasswd; if (challenge == NULL) { @@ -215,7 +215,7 @@ void sasl_cram_sha256(char *result, char *pass, char *challenge) { char opad[64]; unsigned char sha256_raw[SHA256_DIGEST_LENGTH]; SHA256_CTX sha256c; - int i, rc; + int32_t i, rc; char *preppasswd; if (challenge == NULL) { @@ -262,17 +262,17 @@ void sasl_cram_sha256(char *result, char *pass, char *challenge) { RFC 2831: Using Digest Authentication as a SASL Mechanism the parameter result must be able to hold at least 500 bytes!! */ -void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int webport, char *header) { +void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header) { char *pbuffer = NULL; - int array_size = 10; + int32_t array_size = 10; unsigned char response[MD5_DIGEST_LENGTH]; char *array[array_size]; char buffer2[500], buffer3[500], nonce[200], realm[50], algo[20]; - int i = 0, ind = 0, lastpos = 0, currentpos = 0, intq = 0, auth_find = 0; + int32_t i = 0, ind = 0, lastpos = 0, currentpos = 0, intq = 0, auth_find = 0; MD5_CTX md5c; char *preplogin; char *preppasswd; - int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); memset(realm, 0, sizeof(realm)); if (rc) { @@ -286,7 +286,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * return; } //DEBUG S: nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess -//DEBUG S: nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess +//DEBUG S: nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int32_t,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess //warning some not well configured xmpp server is sending no realm //DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess pbuffer = buffer; @@ -329,13 +329,13 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * //check if it contains double-quote if (strstr(array[i], "\"") != NULL) { //assume last char is also a double-quote - int nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1; + int32_t nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1; if ((nonce_string_len > 0) && (nonce_string_len <= sizeof(nonce) - 1)) { strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce=") + 1, nonce_string_len); nonce[nonce_string_len] = '\0'; } else { - int j; + int32_t j; for (j = 0; j < ind; j++) if (array[j] != NULL) @@ -352,13 +352,13 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * if (strstr(array[i], "realm=") != NULL) { if (strstr(array[i], "\"") != NULL) { //assume last char is also a double-quote - int realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1; + int32_t realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1; if ((realm_string_len > 0) && (realm_string_len <= sizeof(realm) - 1)) { strncpy(realm, strstr(array[i], "realm=") + strlen("realm=") + 1, realm_string_len); realm[realm_string_len] = '\0'; } else { - int i; + int32_t i; for (i = 0; i < ind; i++) if (array[i] != NULL) @@ -375,13 +375,13 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * if (strstr(array[i], "qop=") != NULL) { /* -The value "auth" indicates authentication; the value "auth-int" indicates +The value "auth" indicates authentication; the value "auth-int32_t" indicates authentication with integrity protection; the value "auth-conf" indicates authentication with integrity protection and encryption. */ auth_find = 1; if ((strstr(array[i], "\"auth\"") == NULL) && (strstr(array[i], "\"auth,") == NULL) && (strstr(array[i], ",auth\"") == NULL)) { - int j; + int32_t j; for (j = 0; j < ind; j++) if (array[j] != NULL) @@ -394,13 +394,13 @@ indicates authentication with integrity protection and encryption. if (strstr(array[i], "algorithm=") != NULL) { if (strstr(array[i], "\"") != NULL) { //assume last char is also a double-quote - int algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1; + int32_t algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1; if ((algo_string_len > 0) && (algo_string_len <= sizeof(algo) - 1)) { strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm=") + 1, algo_string_len); algo[algo_string_len] = '\0'; } else { - int j; + int32_t j; for (j = 0; j < ind; j++) if (array[j] != NULL) @@ -414,7 +414,7 @@ indicates authentication with integrity protection and encryption. algo[sizeof(algo) - 1] = '\0'; } if ((strstr(algo, "MD5") == NULL) && (strstr(algo, "md5") == NULL)) { - int j; + int32_t j; for (j = 0; j < ind; j++) if (array[j] != NULL) @@ -558,10 +558,10 @@ and my girlfriend that let me work on that 2 whole nights ;) clientfirstmessagebare must be at least 500 bytes in size! */ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage) { - int saltlen = 0; - int iter = 4096; + int32_t saltlen = 0; + int32_t iter = 4096; char *salt, *nonce, *ic; - unsigned int resultlen = 0; + uint32_t resultlen = 0; char clientfinalmessagewithoutproof[200]; char buffer[500]; unsigned char SaltedPassword[SHA_DIGEST_LENGTH]; @@ -572,7 +572,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha char ClientProof[SHA_DIGEST_LENGTH]; unsigned char clientproof_b64[50]; char *preppasswd; - int rc = sasl_saslprep(pass, 0, &preppasswd); + int32_t rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { result = NULL; diff --git a/sasl.h b/sasl.h index dd6725e..29622d7 100644 --- a/sasl.h +++ b/sasl.h @@ -32,10 +32,10 @@ typedef enum { } sasl_saslprep_flags; -int print_hex(unsigned char *buf, int len); +int32_t print_hex(unsigned char *buf, int32_t len); void sasl_plain(char *result, char *login, char *pass); -int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); +int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); #ifdef LIBOPENSSL #include @@ -45,6 +45,6 @@ int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); void sasl_cram_md5(char *result, char *pass, char *challenge); void sasl_cram_sha1(char *result, char *pass, char *challenge); void sasl_cram_sha256(char *result, char *pass, char *challenge); -void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int webport, char *header); +void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header); void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage); #endif From 044bab0c2c7a7841a3e7bae1b1c5b88a83ff124e Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 5 Jul 2017 08:48:20 +0200 Subject: [PATCH 75/90] makefile fix --- Makefile | 89 ++------------------------------------------------------ 1 file changed, 2 insertions(+), 87 deletions(-) diff --git a/Makefile b/Makefile index 6019d93..372e67e 100644 --- a/Makefile +++ b/Makefile @@ -1,90 +1,5 @@ -CC=gcc -STRIP=strip -XDEFINES= -DLIBOPENSSL -DHAVE_PCRE -DLIBSVN -DLIBSSH -DHAVE_ZLIB -DHAVE_MATH_H -XLIBS= -lz -lssl -lpcre -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto -XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib -L/usr/local/lib -L/lib -XIPATHS= -I/usr/include -I/usr/local/include -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1 -PREFIX=/usr/local -XHYDRA_SUPPORT= -STRIP=strip - -HYDRA_LOGO=hydra-logo.o -PWI_LOGO=pw-inspector-logo.o -SEC=-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 - -# -# Makefile for Hydra - (c) 2001-2017 by van Hauser / THC -# -OPTS=-I. -O3 -# -Wall -g -pedantic -LIBS=-lm -BINDIR = /bin -MANDIR ?= /man/man1/ -DATADIR ?= /etc -DESTDIR ?= - -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ - hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ - hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \ - hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c \ - hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \ - hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \ - hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \ - hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-rdp.c hydra-s7-300.c hydra-redis.c hydra-adam6500.c \ - crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c hydra-rtsp.c hydra-time.c hydra-rpcap.c -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ - hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ - hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \ - hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o \ - hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \ - hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \ - hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \ - hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \ - hydra-rdp.o hydra-s7-300.c hydra-adam6500.o \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-rtsp.o hydra-time.o hydra-rpcap.o -BINS = hydra pw-inspector - -EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ - hydra-mod.h hydra.h crc32.h d3des.h - -all: pw-inspector hydra $(XHYDRA_SUPPORT) - @echo - @echo Now type "make install" - -hydra: hydra.c $(OBJ) - $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) - @echo - @echo If men could get pregnant, abortion would be a sacrament - @echo - -xhydra: - -cd hydra-gtk && sh ./make_xhydra.sh - -pw-inspector: pw-inspector.c - -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c - -.c.o: - $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) - -strip: all - strip $(BINS) - -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null - -install: strip - -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) - cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) - -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) +all: + @echo Error: you must run "./configure" first clean: - rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile - From 644568954562264b8ea3ff16f1ed9490cc04d772 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 6 Jul 2017 21:29:59 +0200 Subject: [PATCH 76/90] show device on IPv6 LL addresses --- hydra-mod.c | 4 ++++ hydra.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/hydra-mod.c b/hydra-mod.c index 3c9fc69..2e9d763 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -1216,6 +1216,10 @@ char *hydra_address2string(char *address) { if (address[0] == 16) { memcpy(&target6.sin6_addr, &address[1], 16); inet_ntop(AF_INET6, &target6.sin6_addr, ipstring, sizeof(ipstring)); + if (hydra_targets[i]->ip[17] != 0) { + strcat(ipstring, "%"); + strcat(ipstring, hydra_targets[i]->ip[17]); + } return ipstring; } else #endif diff --git a/hydra.c b/hydra.c index 314ab47..227fa64 100644 --- a/hydra.c +++ b/hydra.c @@ -3564,9 +3564,9 @@ int32_t main(int32_t argc, char *argv[]) { ipv4 = NULL; #ifdef AF_INET6 ipv6 = NULL; +#endif if ((device = index(hydra_targets[i]->target, '%')) != NULL) *device++ = 0; -#endif if (getaddrinfo(hydra_targets[i]->target, NULL, &hints, &res) != 0) { if (use_proxy == 0) { if (verbose) From f4eb8d013214fa9c4f2860cccc86dd4efc92ec4e Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 6 Jul 2017 21:32:46 +0200 Subject: [PATCH 77/90] show device on IPv6 LL addresses --- hydra-mod.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hydra-mod.c b/hydra-mod.c index 2e9d763..1593639 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -1216,9 +1216,9 @@ char *hydra_address2string(char *address) { if (address[0] == 16) { memcpy(&target6.sin6_addr, &address[1], 16); inet_ntop(AF_INET6, &target6.sin6_addr, ipstring, sizeof(ipstring)); - if (hydra_targets[i]->ip[17] != 0) { + if (address[17] != 0) { strcat(ipstring, "%"); - strcat(ipstring, hydra_targets[i]->ip[17]); + strcat(ipstring, address + 17); } return ipstring; } else From bbb54239b79e3d3359be575b269942039ce1d435 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 6 Jul 2017 21:34:42 +0200 Subject: [PATCH 78/90] fix --- hydra.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/hydra.h b/hydra.h index d0e2f5c..d7ba0a8 100644 --- a/hydra.h +++ b/hydra.h @@ -1,4 +1,4 @@ -#ifndef _HYDRA_H + #include #ifdef __sun @@ -155,13 +155,13 @@ #ifndef _WIN32 -int sleepn(time_t seconds); -int usleepn(long useconds); +int32_t sleepn(time_t seconds); +int32_t usleepn(long useconds); #else -int sleepn(unsigned int seconds); -int usleepn(unsigned int useconds); +int32_t sleepn(uint32_t seconds); +int32_t usleepn(uint32_t useconds); #endif From e141c59d2a2460c9fd0cec9725dd7aa2c439203e Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 6 Jul 2017 21:37:59 +0200 Subject: [PATCH 79/90] fix --- hydra.h | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/hydra.h b/hydra.h index d7ba0a8..1184a00 100644 --- a/hydra.h +++ b/hydra.h @@ -1,4 +1,4 @@ - +#ifndef _HYDRA_H #include #ifdef __sun @@ -30,20 +30,20 @@ #include #ifdef HAVE_OPENSSL -#define HYDRA_SSL + #define HYDRA_SSL #endif #ifdef HAVE_SSL -#ifndef HYDRA_SSL -#define HYDRA_SSL -#endif + #ifndef HYDRA_SSL + #define HYDRA_SSL + #endif #endif #ifdef LIBSSH -#include + #include #endif #ifdef HAVE_ZLIB -#include + #include #endif #define OPTION_SSL 1 @@ -148,21 +148,17 @@ #define True 1 #ifndef INET_ADDRSTRLEN -#define INET_ADDRSTRLEN 16 + #define INET_ADDRSTRLEN 16 #endif #define MAX_PROXY_COUNT 64 #ifndef _WIN32 - -int32_t sleepn(time_t seconds); -int32_t usleepn(long useconds); - + int32_t sleepn(time_t seconds); + int32_t usleepn(long useconds); #else - -int32_t sleepn(uint32_t seconds); -int32_t usleepn(uint32_t useconds); - + int32_t sleepn(uint32_t seconds); + int32_t usleepn(uint32_t useconds); #endif #define _HYDRA_H From 7613700a5a9a3803757c2ad3a9d9f3a787bf98d2 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 6 Jul 2017 21:39:01 +0200 Subject: [PATCH 80/90] fix --- hydra.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.h b/hydra.h index 1184a00..cece25c 100644 --- a/hydra.h +++ b/hydra.h @@ -155,7 +155,7 @@ #ifndef _WIN32 int32_t sleepn(time_t seconds); - int32_t usleepn(long useconds); + int32_t usleepn(int64_t useconds); #else int32_t sleepn(uint32_t seconds); int32_t usleepn(uint32_t useconds); From 11176a1080d9aaae76ef91d2265a5f4e83435804 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 6 Jul 2017 22:25:09 +0200 Subject: [PATCH 81/90] stdint fixes --- hydra-http-form.c | 2 +- hydra-mod.c | 4 +++- hydra.c | 53 +++++++++++++++++++++++++---------------------- 3 files changed, 32 insertions(+), 27 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 4d84126..58f0ddf 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -343,7 +343,7 @@ void hdrrepv(ptr_header_node * ptr_head, char *hdrname, char *new_value) { if (cur_ptr->value) strcpy(cur_ptr->value, new_value); else { - hydra_report(stderr, "[ERROR] Out of memory (hdrrepv %lu)", strlen(new_value) + 1); + hydra_report(stderr, "[ERROR] Out of memory (hdrrepv %u)", strlen(new_value) + 1); hydra_child_exit(0); } } diff --git a/hydra-mod.c b/hydra-mod.c index 1593639..b2ab4c4 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -1215,11 +1215,13 @@ char *hydra_address2string(char *address) { #ifdef AF_INET6 if (address[0] == 16) { memcpy(&target6.sin6_addr, &address[1], 16); - inet_ntop(AF_INET6, &target6.sin6_addr, ipstring, sizeof(ipstring)); + ipstring[0] = '[ + inet_ntop(AF_INET6, &target6.sin6_addr, ipstring + 1, sizeof(ipstring) - 1); if (address[17] != 0) { strcat(ipstring, "%"); strcat(ipstring, address + 17); } + strcat(ipstring, "]"); return ipstring; } else #endif diff --git a/hydra.c b/hydra.c index 227fa64..1ec958f 100644 --- a/hydra.c +++ b/hydra.c @@ -617,7 +617,7 @@ void hydra_debug(int32_t force, char *string) { if (!debug && !force) return; - printf("[DEBUG] Code: %s Time: %lu\n", string, (uint64_t) time(NULL)); + printf("[DEBUG] Code: %s Time: %llu\n", string, (uint64_t) time(NULL)); printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks %d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s service %s\n", hydra_options.mode, hydra_options.ssl, hydra_options.restore, hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, @@ -625,7 +625,7 @@ void hydra_debug(int32_t force, char *string) { hydra_options.try_password_reverse_login, hydra_options.exit_found, STR_NULL(hydra_options.miscptr), hydra_options.service); - printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %lu todo %lu sent %lu found %lu countlogin %lu sizelogin %lu countpass %lu sizepass %lu\n", + printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %llu todo %llu sent %llu found %llu countlogin %llu sizelogin %llu countpass %llu sizepass %llu\n", hydra_brains.active, hydra_brains.targets, hydra_brains.finished, hydra_brains.todo_all + total_redo_count, hydra_brains.todo, hydra_brains.sent, hydra_brains.found, @@ -637,7 +637,7 @@ void hydra_debug(int32_t force, char *string) { for (i = 0; i < hydra_brains.targets; i++) { hydra_target* target = hydra_targets[i]; printf - ("[DEBUG] Target %d - target %s ip %s login_no %lu pass_no %lu sent %lu pass_state %d redo_state %d (%d redos) use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", + ("[DEBUG] Target %d - target %s ip %s login_no %llu pass_no %llu sent %llu pass_state %d redo_state %d (%d redos) use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", i, STR_NULL(target->target), hydra_address2string(target->ip), target->login_no, target->pass_no, target->sent, target->pass_state, target->redo_state, target->redo, @@ -740,7 +740,7 @@ void hydra_restore_write(int32_t print_msg) { for (j = 0; j < hydra_options.max_use; j++) { memcpy((char *) &hh, hydra_heads[j], sizeof(hydra_head)); if (j == 0 && debug) { - printf("[DEBUG] sizeof hydra_head: %lu\n", sizeof(hydra_head)); + printf("[DEBUG] sizeof hydra_head: %u\n", sizeof(hydra_head)); printf("[DEBUG] memcmp: %d\n", memcmp(hydra_heads[j], &hh, sizeof(hydra_head))); } hh.active = 0; // re-enable disabled heads @@ -1556,14 +1556,14 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { if (debug) printf - ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %lu/%lu, passcnt %lu/%lu, loop_cnt %d\n", + ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %llu/%llu, passcnt %llu/%llu, loop_cnt %d\n", target_no, head_no, hydra_targets[target_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); if (loop_cnt > (hydra_brains.countlogin * 2) + 1 && loop_cnt > (hydra_brains.countpass * 2) + 1) { if (debug) - printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %lu, todo %lu)\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); + printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %llu, todo %llu)\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); return -1; } @@ -1573,7 +1573,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { snpdone = 1; } else { if (debug && (hydra_heads[head_no]->current_login_ptr != NULL || hydra_heads[head_no]->current_pass_ptr != NULL)) - printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", + printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - %llu of %llu\n", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo); hydra_heads[head_no]->redo = 0; @@ -1883,7 +1883,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { return 0; // not prevent disabling it, if its needed its already done in the above line } if (debug || hydra_options.showAttempt) { - printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %lu of %lu [child %d] (%d/%d)\n", + printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %llu of %llu [child %d] (%d/%d)\n", hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no, hydra_targets[target_no]->redo_state ? hydra_targets[target_no]->redo_state - 1 : 0, hydra_targets[target_no]->redo); } @@ -3165,11 +3165,11 @@ int32_t main(int32_t argc, char *argv[]) { exit(-1); } if (hydra_brains.countlogin > MAX_LINES) { - fprintf(stderr, "[ERROR] Maximum number of logins is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countlogin); + fprintf(stderr, "[ERROR] Maximum number of logins is %d, this file has %llu entries.\n", MAX_LINES, hydra_brains.countlogin); exit(-1); } if (hydra_brains.sizelogin > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (uint64_t) hydra_brains.sizelogin); + fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %llu bytes.\n", MAX_BYTES, (uint64_t) hydra_brains.sizelogin); exit(-1); } login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); @@ -3194,11 +3194,11 @@ int32_t main(int32_t argc, char *argv[]) { exit(-1); } if (hydra_brains.countpass > MAX_LINES) { - fprintf(stderr, "[ERROR] Maximum number of passwords is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countpass); + fprintf(stderr, "[ERROR] Maximum number of passwords is %d, this file has %llu entries.\n", MAX_LINES, hydra_brains.countpass); exit(-1); } if (hydra_brains.sizepass > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (uint64_t) hydra_brains.sizepass); + fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %llu bytes.\n", MAX_BYTES, (uint64_t) hydra_brains.sizepass); exit(-1); } pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); @@ -3241,11 +3241,11 @@ int32_t main(int32_t argc, char *argv[]) { exit(-1); } if (hydra_brains.countlogin > MAX_LINES / 2) { - fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %lu entries.\n", MAX_LINES / 2, hydra_brains.countlogin); + fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %llu entries.\n", MAX_LINES / 2, hydra_brains.countlogin); exit(-1); } if (hydra_brains.sizelogin > MAX_BYTES / 2) { - fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (uint64_t) hydra_brains.sizelogin); + fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %llu bytes.\n", MAX_BYTES / 2, (uint64_t) hydra_brains.sizelogin); exit(-1); } csv_ptr = malloc(hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); @@ -3465,7 +3465,7 @@ int32_t main(int32_t argc, char *argv[]) { bail("No login/password combination given!"); if (hydra_brains.todo < hydra_options.tasks) { if (verbose && hydra_options.tasks != TASKS) - printf("[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to %lu\n", hydra_brains.todo); + printf("[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to %llu\n", hydra_brains.todo); hydra_options.tasks = hydra_brains.todo; } } @@ -3500,13 +3500,16 @@ int32_t main(int32_t argc, char *argv[]) { if (hydra_options.ssl) options = options | OPTION_SSL; if (hydra_options.colonfile != NULL) - printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", + printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %llu login tr%s, ~%llu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, math2 == 1 ? "y" : "ies"); else - printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", - hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", - (uint64_t) hydra_brains.countlogin, (uint64_t) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); + printf("[DATA] max %d task%s per %d server%s, overall %d task%s, %llu login tr%s (l:%llu/p:%llu), ~%llu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", + hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", + hydra_options.max_use, hydra_options.max_use == 1 ? "" : "s", + hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", + (uint64_t) hydra_brains.countlogin, (uint64_t) hydra_brains.countpass, + math2, math2 == 1 ? "y" : "ies"); printf("[DATA] attacking service %s on port %d%s\n", hydra_options.service, port, hydra_options.ssl == 1 ? " with SSL" : ""); if (hydra_options.miscptr != NULL && hydra_options.miscptr[0] != 0) @@ -3843,7 +3846,7 @@ int32_t main(int32_t argc, char *argv[]) { case 'C': // head reports connect error fck = write(hydra_heads[head_no]->sp[0], "Q", 1); if (debug) { - printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", + printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %llu of %llu\n", hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); } @@ -3892,7 +3895,7 @@ int32_t main(int32_t argc, char *argv[]) { hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } } - //if (debug) printf("DEBUG: bug hunt: %lu %lu\n", hydra_brains.todo_all, hydra_brains.sent); + //if (debug) printf("DEBUG: bug hunt: %llu %llu\n", hydra_brains.todo_all, hydra_brains.sent); usleepn(USLEEP_LOOP); (void) wait3(NULL, WNOHANG, NULL); @@ -3927,11 +3930,11 @@ int32_t main(int32_t argc, char *argv[]) { for (i = 0; i < hydra_options.max_use; i++) if (hydra_heads[i]->active > 0 && hydra_heads[i]->pid > 0) hydra_kill_head(i, 1, 3); - printf("[BUG] %lu + %d < %lu\n", hydra_brains.todo_all, total_redo_count, hydra_brains.sent); + printf("[BUG] %llu + %d < %llu\n", hydra_brains.todo_all, total_redo_count, hydra_brains.sent); bail("[BUG] Weird bug detected where more tests were performed than possible. Please rerun with -d command line switch and post all output plus command line here: https://github.com/vanhauser-thc/thc-hydra/issues/113 or send it in an email to vh@thc.org"); } */ - printf("[STATUS] %.2f tries/min, %lu tries in %02lu:%02luh, %lu to do in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min + printf("[STATUS] %.2f tries/min, %llu tries in %02llu:%02lluh, %llu to do in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min hydra_brains.sent, // tries (uint64_t) ((elapsed_status - starttime) / 3600), // hours (uint64_t) (((elapsed_status - starttime) % 3600) / 60), // minutes @@ -3976,7 +3979,7 @@ int32_t main(int32_t argc, char *argv[]) { fprintf(stderr, "[ERROR] illegal target result value (%d=>%d)\n", i, hydra_targets[i]->done); } - printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", + printf("%d of %d target%s%scompleted, %llu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s"); error += j; @@ -4047,7 +4050,7 @@ int32_t main(int32_t argc, char *argv[]) { printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) { if (hydra_options.outfile_format == FORMAT_JSONV1) { - fprintf(hydra_brains.ofp, "\n\t],\n\"success\": %s,\n\"errormessages\": [ %s ],\n\"quantityfound\": %lu }\n", + fprintf(hydra_brains.ofp, "\n\t],\n\"success\": %s,\n\"errormessages\": [ %s ],\n\"quantityfound\": %llu }\n", (error ? "false" : "true"), json_error, hydra_brains.found); } fclose(hydra_brains.ofp); From 4c6cbf03a7b14717e35ccb4356c7d8104800fb93 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 6 Jul 2017 22:26:08 +0200 Subject: [PATCH 82/90] stdint fixes --- hydra-mod.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-mod.c b/hydra-mod.c index b2ab4c4..b87a07c 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -1215,7 +1215,7 @@ char *hydra_address2string(char *address) { #ifdef AF_INET6 if (address[0] == 16) { memcpy(&target6.sin6_addr, &address[1], 16); - ipstring[0] = '[ + ipstring[0] = '['; inet_ntop(AF_INET6, &target6.sin6_addr, ipstring + 1, sizeof(ipstring) - 1); if (address[17] != 0) { strcat(ipstring, "%"); From 4ab31cd18e8e35257e47efd90d67f9969f9f7c98 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 6 Jul 2017 22:34:55 +0200 Subject: [PATCH 83/90] ipv6 pretty print --- hydra-firebird.c | 1 - hydra-http-proxy-urlenum.c | 4 ++-- hydra-mod.c | 23 +++++++++++++++++++++++ hydra-postgres.c | 1 - hydra-ssh.c | 8 ++++---- hydra-svn.c | 5 +---- hydra.c | 3 ++- 7 files changed, 32 insertions(+), 13 deletions(-) diff --git a/hydra-firebird.c b/hydra-firebird.c index fbcad69..1b5228b 100644 --- a/hydra-firebird.c +++ b/hydra-firebird.c @@ -1,4 +1,3 @@ - /* Firebird Support - by David Maciejak @ GMAIL dot com diff --git a/hydra-http-proxy-urlenum.c b/hydra-http-proxy-urlenum.c index ae6097f..5abaaea 100644 --- a/hydra-http-proxy-urlenum.c +++ b/hydra-http-proxy-urlenum.c @@ -210,8 +210,8 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) { hydra_report_found_host(port, ip, "http-proxy", fp); if (fp != stdout) - fprintf(fp, "[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url); - printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url); + fprintf(fp, "[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string_beautiful(ip), url); + printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string_beautiful(ip), url); hydra_completed_pair_found(); } else { if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */ ) { diff --git a/hydra-mod.c b/hydra-mod.c index b87a07c..2f86963 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -1208,6 +1208,29 @@ char *hydra_address2string(char *address) { struct sockaddr_in target; struct sockaddr_in6 target6; + if (address[0] == 4) { + memcpy(&target.sin_addr.s_addr, &address[1], 4); + return inet_ntoa((struct in_addr) target.sin_addr); + } else +#ifdef AF_INET6 + if (address[0] == 16) { + memcpy(&target6.sin6_addr, &address[1], 16); + inet_ntop(AF_INET6, &target6.sin6_addr, ipstring, sizeof(ipstring)); + return ipstring; + } else +#endif + { + if (debug) + fprintf(stderr, "[ERROR] unknown address string size!\n"); + return NULL; + } + return NULL; // not reached +} + +char *hydra_address2string_beautiful(char *address) { + struct sockaddr_in target; + struct sockaddr_in6 target6; + if (address[0] == 4) { memcpy(&target.sin_addr.s_addr, &address[1], 4); return inet_ntoa((struct in_addr) target.sin_addr); diff --git a/hydra-postgres.c b/hydra-postgres.c index d27a78b..0be1363 100644 --- a/hydra-postgres.c +++ b/hydra-postgres.c @@ -1,4 +1,3 @@ - /* * PostgresSQL Support - by Diaul (at) devilopers.org * diff --git a/hydra-ssh.c b/hydra-ssh.c index e0a67b1..0834713 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -172,7 +172,7 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc ssh_session session = ssh_new(); if (verbose || debug) - printf("[INFO] Testing if password authentication is supported by ssh://%s@%s:%d\n", miscptr == NULL ? "hydra" : miscptr, hydra_address2string(ip), port); + printf("[INFO] Testing if password authentication is supported by ssh://%s@%s:%d\n", miscptr == NULL ? "hydra" : miscptr, hydra_address2string_beautiful(ip), port); ssh_options_set(session, SSH_OPTIONS_PORT, &port); ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); if (miscptr == NULL) @@ -182,7 +182,7 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); if (ssh_connect(session) != 0) { - fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d - %s\n", hydra_address2string(ip), port, ssh_get_error(session)); + fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d - %s\n", hydra_address2string_beautiful(ip), port, ssh_get_error(session)); return 2; } rc = ssh_userauth_none(session, NULL); @@ -193,11 +193,11 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc if ((method & SSH_AUTH_METHOD_INTERACTIVE) || (method & SSH_AUTH_METHOD_PASSWORD)) { if (verbose || debug) - printf("[INFO] Successful, password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port); + printf("[INFO] Successful, password authentication is supported by ssh://%s:%d\n", hydra_address2string_beautiful(ip), port); return 0; } - fprintf(stderr, "[ERROR] target ssh://%s:%d/ does not support password authentication.\n", hydra_address2string(ip), port); + fprintf(stderr, "[ERROR] target ssh://%s:%d/ does not support password authentication.\n", hydra_address2string_beautiful(ip), port); return 1; #else return 0; diff --git a/hydra-svn.c b/hydra-svn.c index 11ed2f9..cdee8ec 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -103,10 +103,7 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char svn_auth_open(&ctx->auth_baton, providers, pool); revision.kind = svn_opt_revision_head; - if (ipv6) - snprintf(URL, sizeof(URL), "svn://[%s]:%d/%s", hydra_address2string(ip), port, URLBRANCH); - else - snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string(ip), port, URLBRANCH); + snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string_beautiful(ip), port, URLBRANCH); dirents = SVN_DIRENT_KIND; canonical = svn_uri_canonicalize(URL, pool); //err = svn_client_list2(canonical, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool); diff --git a/hydra.c b/hydra.c index 1ec958f..c335e2b 100644 --- a/hydra.c +++ b/hydra.c @@ -211,6 +211,7 @@ extern char *hydra_strcasestr(const char *haystack, const char *needle); extern void hydra_tobase64(unsigned char *buf, int32_t buflen, int32_t bufsize); extern char *hydra_string_replace(const char *string, const char *substr, const char *replacement); extern char *hydra_address2string(char *address); +extern char *hydra_address2string_beautiful(char *address); extern int32_t colored_output; extern char quiet; extern int32_t do_retry; @@ -638,7 +639,7 @@ void hydra_debug(int32_t force, char *string) { hydra_target* target = hydra_targets[i]; printf ("[DEBUG] Target %d - target %s ip %s login_no %llu pass_no %llu sent %llu pass_state %d redo_state %d (%d redos) use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", - i, STR_NULL(target->target), hydra_address2string(target->ip), + i, STR_NULL(target->target), hydra_address2string_beautiful(target->ip), target->login_no, target->pass_no, target->sent, target->pass_state, target->redo_state, target->redo, target->use_count, target->failed, target->done, From 859b7aa443b17bc50108603716d89a2e52ee9268 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 6 Jul 2017 22:35:45 +0200 Subject: [PATCH 84/90] ipv6 pretty print --- hydra-mod.h | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra-mod.h b/hydra-mod.h index 812e2d1..c4032fd 100644 --- a/hydra-mod.h +++ b/hydra-mod.h @@ -34,6 +34,7 @@ extern void hydra_tobase64(unsigned char *buf, int32_t buflen, int32_t bufsize); extern void hydra_dump_asciihex(unsigned char *string, int32_t length); extern void hydra_set_srcport(int32_t port); extern char *hydra_address2string(char *address); +extern char *hydra_address2string_beautiful(char *address); extern char *hydra_strcasestr(const char *haystack, const char *needle); extern void hydra_dump_data(unsigned char *buf, int32_t len, char *text); extern int32_t hydra_memsearch(char *haystack, int32_t hlen, char *needle, int32_t nlen); From 5a19c1787e51dc7ea2b84a8c0d1365ad9f747488 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 6 Jul 2017 22:58:31 +0200 Subject: [PATCH 85/90] small info changes --- hydra.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/hydra.c b/hydra.c index c335e2b..61344bb 100644 --- a/hydra.c +++ b/hydra.c @@ -3512,9 +3512,16 @@ int32_t main(int32_t argc, char *argv[]) { (uint64_t) hydra_brains.countlogin, (uint64_t) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); - printf("[DATA] attacking service %s on port %d%s\n", hydra_options.service, port, hydra_options.ssl == 1 ? " with SSL" : ""); - if (hydra_options.miscptr != NULL && hydra_options.miscptr[0] != 0) - printf("[DATA] with additional data %s\n", hydra_options.miscptr); + if (hydra_brains.targets == 1) { + if (index(hydra_targets[0]->target, ':') == NULL) + printf("[DATA] attacking %s%s://%s:%d/%s\n", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_targets[0]->target, port, hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); + else + printf("[DATA] attacking %s%s://[%s]:%d/%s\n", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_targets[0]->target, port, hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); + } else + printf("[DATA] attacking %s%s://(%d targets):%d/%s\n", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_brains.targets, port, hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); + //service %s on port %d%s\n", hydra_options.service, port, hydra_options.ssl == 1 ? " with SSL" : ""); +// if (hydra_options.miscptr != NULL && hydra_options.miscptr[0] != 0) +// printf("[DATA] with additional data %s\n", hydra_options.miscptr); if (hydra_options.outfile_ptr != NULL) { if ((hydra_brains.ofp = fopen(hydra_options.outfile_ptr, "a+")) == NULL) { @@ -3629,6 +3636,9 @@ int32_t main(int32_t argc, char *argv[]) { } freeaddrinfo(res); } + // restore device information if present + if (device != NULL) + *(device - 1) = '%'; } if (verbose) printf("[VERBOSE] resolving done\n"); From 789214cc7e34be3e916ed54dca27cf0a2ca682ef Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 6 Jul 2017 23:02:05 +0200 Subject: [PATCH 86/90] warn on BINDTODEVICE not supported in some modules --- hydra.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 61344bb..0520e28 100644 --- a/hydra.c +++ b/hydra.c @@ -3637,8 +3637,10 @@ int32_t main(int32_t argc, char *argv[]) { freeaddrinfo(res); } // restore device information if present - if (device != NULL) + if (device != NULL) { *(device - 1) = '%'; + fprintf(stderr, "[WARNING] not all modules support BINDTODEVICE for IPv6 link local addresses, e.g. SSH does not\n"); + } } if (verbose) printf("[VERBOSE] resolving done\n"); From 185021d47471dfafee31ac145abd830743e0f7bc Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 6 Jul 2017 23:09:44 +0200 Subject: [PATCH 87/90] compile fix for debug --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 0520e28..edd71de 100644 --- a/hydra.c +++ b/hydra.c @@ -493,7 +493,7 @@ static const struct { } while(0) -int32_t inline check_flag(int32_t value, int32_t flag) { +int32_t /*inline*/ check_flag(int32_t value, int32_t flag) { // inline does not compile with debug return (value & flag) == flag; } From 1a72fe023ec50309b0b60e0cd0d2f79e812f692b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 7 Jul 2017 11:21:46 +0200 Subject: [PATCH 88/90] cleanup --- bfg.c | 1 + hydra-adam6500.c | 5 +---- hydra-http-form.c | 3 +-- hydra-ldap.c | 4 ++++ hydra-mod.c | 22 +++++++++++----------- hydra-mod.h | 8 ++++---- hydra-oracle-listener.c | 3 +-- hydra-rdp.c | 28 ++++++++++++++-------------- hydra-rlogin.c | 3 +-- hydra-rsh.c | 10 ++++------ hydra-rtsp.c | 8 ++------ hydra-snmp.c | 6 +++--- hydra-svn.c | 6 +++--- hydra-time.c | 2 +- hydra.c | 11 ++++++----- hydra.h | 2 +- performance.h | 2 +- sasl.c | 2 +- 18 files changed, 60 insertions(+), 66 deletions(-) diff --git a/bfg.c b/bfg.c index 89b115b..a3a1dad 100644 --- a/bfg.c +++ b/bfg.c @@ -45,6 +45,7 @@ static int32_t add_single_char(char ch, char flags, int32_t* crs_len) { bf_options.crs[*crs_len - 1] = ch; bf_options.crs[*crs_len] = '\0'; } + return 0; } // return values : 0 on success, 1 on error // diff --git a/hydra-adam6500.c b/hydra-adam6500.c index de8ca15..9382fd1 100644 --- a/hydra-adam6500.c +++ b/hydra-adam6500.c @@ -91,7 +91,7 @@ int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, } void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; + int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_ADAM6500, mysslport = PORT_ADAM6500_SSL; hydra_register_socket(sp); @@ -102,9 +102,6 @@ void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr switch (run) { case 1: /* connect and service init function */ { - unsigned char *buf2; - int32_t f = 0; - if (sock >= 0) sock = hydra_disconnect(sock); // usleepn(275); diff --git a/hydra-http-form.c b/hydra-http-form.c index 58f0ddf..ca039d6 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -197,8 +197,7 @@ success: */ int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char * cookie_expr) { - ptr_cookie_node cur_ptr = NULL, new_ptr = NULL; - char * cookie = strdup(cookie_expr); + ptr_cookie_node cur_ptr = NULL; char * cookie_name = NULL, * cookie_value = strstr(cookie_expr, "="); if (cookie_value) { diff --git a/hydra-ldap.c b/hydra-ldap.c index c14d20a..a2100c5 100644 --- a/hydra-ldap.c +++ b/hydra-ldap.c @@ -451,6 +451,10 @@ int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *mis // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here + if (strlen(miscptr) > 220) { + fprintf(stderr, "[ERROR] the option string to this module may not be larger than 220 bytes\n"); + return -1; + } return 0; } diff --git a/hydra-mod.c b/hydra-mod.c index 2f86963..88229a1 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -317,7 +317,7 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t protocol, int3 hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); err = 1; } - if ((uint32_t) buf[1] == SOCKS_NOMETHOD) { + if ((unsigned char) buf[1] == SOCKS_NOMETHOD) { hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n"); err = 1; } @@ -329,7 +329,7 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t protocol, int3 char *login = strtok(proxy_authentication[selected_proxy], ":"); char *pass = strtok(NULL, ":"); - snprintf(buf, sizeof(buf), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); + snprintf(buf, 4096, "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); cnt = hydra_send(s, buf, strlen(buf), 0); if (cnt != strlen(buf)) { @@ -584,7 +584,7 @@ int32_t internal__hydra_connect_ssl(char *host, int32_t port, int32_t protocol, } #endif -int32_t internal__hydra_recv(int32_t socket, char *buf, int32_t length) { +int32_t internal__hydra_recv(int32_t socket, char *buf, uint32_t length) { #ifdef LIBOPENSSL if (use_ssl) { return SSL_read(ssl, buf, length); @@ -593,7 +593,7 @@ int32_t internal__hydra_recv(int32_t socket, char *buf, int32_t length) { return recv(socket, buf, length, 0); } -int32_t internal__hydra_send(int32_t socket, char *buf, int32_t size, int32_t options) { +int32_t internal__hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options) { #ifdef LIBOPENSSL if (use_ssl) { return SSL_write(ssl, buf, size); @@ -708,7 +708,7 @@ void hydra_report_debug(FILE * st, char *format, ...) { for (i = 0; i < len; i++) { memset(temp, 0, 6); cTemp = (unsigned char) buf[i]; - if ((cTemp < 32 && cTemp >= 0) || cTemp > 126) { + if (cTemp < 32 || cTemp > 126) { sprintf(temp, "[%02X]", cTemp); } else sprintf(temp, "%c", cTemp); @@ -893,7 +893,7 @@ int32_t hydra_data_ready(int32_t socket) { return (hydra_data_ready_timed(socket, 0, 100)); } -int32_t hydra_recv(int32_t socket, char *buf, int32_t length) { +int32_t hydra_recv(int32_t socket, char *buf, uint32_t length) { int32_t ret; char text[64]; @@ -906,7 +906,7 @@ int32_t hydra_recv(int32_t socket, char *buf, int32_t length) { return ret; } -int32_t hydra_recv_nb(int32_t socket, char *buf, int32_t length) { +int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length) { int32_t ret = -1; char text[64]; @@ -1001,7 +1001,7 @@ char *hydra_receive_line(int32_t socket) { return buff; } -int32_t hydra_send(int32_t socket, char *buf, int32_t size, int32_t options) { +int32_t hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options) { char text[64]; if (debug) { @@ -1102,15 +1102,15 @@ unsigned char hydra_conv64(unsigned char in) { } } -void hydra_tobase64(unsigned char *buf, int32_t buflen, int32_t bufsize) { +void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize) { unsigned char small[3] = { 0, 0, 0 }; unsigned char big[5]; unsigned char *ptr = buf; - int32_t i = bufsize; + uint32_t i = bufsize; uint32_t len = 0; unsigned char bof[i]; - if (buf == NULL || strlen((char *) buf) == 0) + if (buf == NULL || strlen((char *) buf) == 0 || buflen == 0) return; bof[0] = 0; memset(big, 0, sizeof(big)); diff --git a/hydra-mod.h b/hydra-mod.h index c4032fd..bf72b7c 100644 --- a/hydra-mod.h +++ b/hydra-mod.h @@ -24,13 +24,13 @@ extern int32_t hydra_connect_tcp(char *host, int32_t port); extern int32_t hydra_connect_udp(char *host, int32_t port); extern int32_t hydra_disconnect(int32_t socket); extern int32_t hydra_data_ready(int32_t socket); -extern int32_t hydra_recv(int32_t socket, char *buf, int32_t length); -extern int32_t hydra_recv_nb(int32_t socket, char *buf, int32_t length); +extern int32_t hydra_recv(int32_t socket, char *buf, uint32_t length); +extern int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length); extern char *hydra_receive_line(int32_t socket); -extern int32_t hydra_send(int32_t socket, char *buf, int32_t size, int32_t options); +extern int32_t hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options); extern int32_t make_to_lower(char *buf); extern unsigned char hydra_conv64(unsigned char in); -extern void hydra_tobase64(unsigned char *buf, int32_t buflen, int32_t bufsize); +extern void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize); extern void hydra_dump_asciihex(unsigned char *string, int32_t length); extern void hydra_set_srcport(int32_t port); extern char *hydra_address2string(char *address); diff --git a/hydra-oracle-listener.c b/hydra-oracle-listener.c index f10d72d..4f32997 100644 --- a/hydra-oracle-listener.c +++ b/hydra-oracle-listener.c @@ -1,4 +1,3 @@ - /* david: @@ -18,7 +17,7 @@ void dummy_oracle_listener() { printf("\n"); } #else -#include +#include "sasl.h" #include #define HASHSIZE 17 diff --git a/hydra-rdp.c b/hydra-rdp.c index f8cf084..af281a4 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -1831,7 +1831,7 @@ static void process_rect(STREAM s, RECT_ORDER * os, uint32 present, BOOL delta) /* Process a desktop save order */ static void process_desksave(STREAM s, DESKSAVE_ORDER * os, uint32 present, BOOL delta) { - int32_t width, height; + //int32_t width, height; if (present & 0x01) in_uint32_le(s, os->offset); @@ -1853,8 +1853,8 @@ static void process_desksave(STREAM s, DESKSAVE_ORDER * os, uint32 present, BOOL DEBUG(("DESKSAVE(l=%d,t=%d,r=%d,b=%d,off=%d,op=%d)\n", os->left, os->top, os->right, os->bottom, os->offset, os->action)); - width = os->right - os->left + 1; - height = os->bottom - os->top + 1; + //width = os->right - os->left + 1; + //height = os->bottom - os->top + 1; } /* Process a memory blt order */ @@ -1999,13 +1999,13 @@ static void process_secondary_order(STREAM s) { * For very compact orders the length becomes negative * so a signed integer must be used. */ uint16 length; - uint16 flags; - uint8 type; + //uint16 flags; + //uint8 type; uint8 *next_order; in_uint16_le(s, length); - in_uint16_le(s, flags); /* used by bmpcache2 */ - in_uint8(s, type); + //in_uint16_le(s, flags); /* used by bmpcache2 */ + //in_uint8(s, type); next_order = s->p + (sint16) length + 7; @@ -2148,7 +2148,7 @@ void rdp_disconnect(void) { void rdp5_process(STREAM s) { uint16 length, count; - uint8 type, ctype; + uint8 type/*, ctype*/; uint8 *next; struct stream *ts; @@ -2156,11 +2156,11 @@ void rdp5_process(STREAM s) { while (s->p < s->end) { in_uint8(s, type); if (type & RDP5_COMPRESSED) { - in_uint8(s, ctype); + //in_uint8(s, ctype); in_uint16_le(s, length); type ^= RDP5_COMPRESSED; } else { - ctype = 0; + //ctype = 0; in_uint16_le(s, length); } g_next_packet = next = s->p + length; @@ -3178,14 +3178,14 @@ void process_disconnect_pdu(STREAM s, uint32 * ext_disc_reason) { /* Process data PDU */ static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason) { uint8 data_pdu_type; - uint8 ctype; + //uint8 ctype; uint16 clen; - uint32 len; + //uint32 len; in_uint8s(s, 6); /* shareid, pad, streamid */ - in_uint16_le(s, len); + //in_uint16_le(s, len); in_uint8(s, data_pdu_type); - in_uint8(s, ctype); + //in_uint8(s, ctype); in_uint16_le(s, clen); clen -= 18; diff --git a/hydra-rlogin.c b/hydra-rlogin.c index b29ee5d..5819250 100644 --- a/hydra-rlogin.c +++ b/hydra-rlogin.c @@ -61,8 +61,7 @@ int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, c memset(buffer, 0, sizeof(buffer)); ret = hydra_recv(s, buffer, sizeof(buffer)); if (strcmp(buffer, "\r\n")) - ret = hydra_recv(s, buffer, sizeof(buffer) - 1); - if (ret >= 0) + if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) buffer[ret] = 0; } /* Authentication failure */ diff --git a/hydra-rsh.c b/hydra-rsh.c index 90496cc..67c5e5b 100644 --- a/hydra-rsh.c +++ b/hydra-rsh.c @@ -37,13 +37,11 @@ int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char } buffer[0] = 0; - if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) >= 0) + if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) buffer[ret] = 0; - /* 0x00 is sent but hydra_recv transformed it */ - if (strlen(buffer) == 0) - ret = hydra_recv(s, buffer, sizeof(buffer) - 1); - if (ret >= 0) - buffer[ret] = 0; + else /* 0x00 is sent but hydra_recv transformed it */ + if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) + buffer[ret] = 0; #ifdef HAVE_PCRE if (ret > 0 && (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)"))) { #else diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 41836ad..e0eb6b5 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -64,8 +64,6 @@ int32_t use_Digest_Auth(char *s) { void create_core_packet(int32_t control, char *ip, int32_t port) { - - char buffer[500]; char *target = hydra_address2string(ip); if (control == 0) { @@ -125,8 +123,7 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha } if (use_Digest_Auth(lresp) == 1) { - char *dbuf; - char dbuffer[500] = ""; + char *dbuf = NULL; char aux[500] = ""; char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); @@ -182,8 +179,7 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; - int32_t myport = PORT_RTSP, mysslport = PORT_RTSP_SSL; - char *ptr, *ptr2; + int32_t myport = PORT_RTSP/*, mysslport = PORT_RTSP_SSL*/; hydra_register_socket(sp); diff --git a/hydra-snmp.c b/hydra-snmp.c index 0579ddb..f3235e0 100644 --- a/hydra-snmp.c +++ b/hydra-snmp.c @@ -198,7 +198,7 @@ void password_to_key_sha(u_char * password, /* IN */ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256] = "", salt[8] = ""; - int32_t i, j, k, size, off = 0, off2 = 0, done = 0; + int32_t i, j, k, size, off = 0, off2 = 0; unsigned char initVect[8], privacy_params[8]; int32_t engine_boots = 0; @@ -316,7 +316,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha /* //PrivDES::encrypt(const unsigned char *key, - // const uint32_t /*key_len*///, +// const uint32_t key_len, // const unsigned char *buffer, // const uint32_t buffer_len, // unsigned char *out_buffer, @@ -324,7 +324,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha // unsigned char *privacy_params, // uint32_t *privacy_params_len, // const unsigned long engine_boots, -// const unsigned long /*engine_time*/) +// const unsigned long engine_time) // last 8 bytes of key are used as base for initialization vector */ k = 0; memcpy((char *) initVect, key + 8, 8); diff --git a/hydra-svn.c b/hydra-svn.c index cdee8ec..207b32f 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -51,7 +51,7 @@ static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, vo } int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { - int32_t ipv6 = 0; + //int32_t ipv6 = 0; char URL[1024]; char URLBRANCH[256]; const char *canonical; @@ -71,8 +71,8 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char if (svn_cmdline_init("hydra", stderr) != EXIT_SUCCESS) return 4; - if (ip[0] == 16) - ipv6 = 1; + //if (ip[0] == 16) + // ipv6 = 1; pool = svn_pool_create(NULL); diff --git a/hydra-time.c b/hydra-time.c index 734e3c2..bbd068d 100644 --- a/hydra-time.c +++ b/hydra-time.c @@ -9,7 +9,7 @@ int32_t sleepn(time_t seconds) ts.tv_nsec = 0; return nanosleep(&ts, NULL); } -int32_t usleepn(int64_t milisec) { +int32_t usleepn(uint64_t milisec) { struct timespec ts; ts.tv_sec = milisec / 1000; ts.tv_nsec = (milisec % 1000) * 1000000L; diff --git a/hydra.c b/hydra.c index edd71de..4171d29 100644 --- a/hydra.c +++ b/hydra.c @@ -412,7 +412,7 @@ static const struct { SERVICE3("firebird", firebird), #endif SERVICE(ftp), - { "ftps", service_ftp_init, service_ftps }, + { "ftps", service_ftp_init, service_ftps, NULL }, { "http-get", service_http_init, service_http_get, usage_http }, { "http-get-form", service_http_form_init, service_http_get_form, usage_http_form }, { "http-head", service_http_init, service_http_head, NULL }, @@ -472,7 +472,7 @@ static const struct { SERVICE3("snmp", snmp), SERVICE(socks5), #ifdef LIBSSH - { "ssh", NULL, service_ssh }, + { "ssh", NULL, service_ssh, NULL }, SERVICE3("sshkey", sshkey), #endif #ifdef LIBSVN @@ -907,7 +907,7 @@ void hydra_restore_read() { hydra_targets[j]->pass_ptr = malloc(strlen(out) + 1); strcpy(hydra_targets[j]->pass_ptr, out); } - if (hydra_targets[j]->redo > 0) + if (hydra_targets[j]->redo > 0) { if (debug) printf("[DEBUG] target %d redo %d\n", j, hydra_targets[j]->redo); for (i = 0; i < hydra_targets[j]->redo; i++) { sck = fgets(out, sizeof(out), f); @@ -921,6 +921,7 @@ void hydra_restore_read() { hydra_targets[j]->redo_pass[i] = malloc(strlen(out) + 1); strcpy(hydra_targets[j]->redo_pass[i], out); } + } if (hydra_targets[j]->skipcnt >= hydra_brains.countlogin) hydra_targets[j]->skipcnt = 0; if (hydra_targets[j]->skipcnt > 0) @@ -1395,7 +1396,7 @@ void hydra_kill_head(int32_t head_no, int32_t killit, int32_t fail) { } void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { - int32_t i, k, ok, maxfail = 0; + int32_t i, k, maxfail = 0; if (target_no < 0) return; @@ -3947,7 +3948,7 @@ int32_t main(int32_t argc, char *argv[]) { bail("[BUG] Weird bug detected where more tests were performed than possible. Please rerun with -d command line switch and post all output plus command line here: https://github.com/vanhauser-thc/thc-hydra/issues/113 or send it in an email to vh@thc.org"); } */ - printf("[STATUS] %.2f tries/min, %llu tries in %02llu:%02lluh, %llu to do in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min + printf("[STATUS] %.2f tries/min, %llu tries in %02llu:%02lluh, %llu to do in %02llu:%02lluh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min hydra_brains.sent, // tries (uint64_t) ((elapsed_status - starttime) / 3600), // hours (uint64_t) (((elapsed_status - starttime) % 3600) / 60), // minutes diff --git a/hydra.h b/hydra.h index cece25c..62560d2 100644 --- a/hydra.h +++ b/hydra.h @@ -155,7 +155,7 @@ #ifndef _WIN32 int32_t sleepn(time_t seconds); - int32_t usleepn(int64_t useconds); + int32_t usleepn(uint64_t useconds); #else int32_t sleepn(uint32_t seconds); int32_t usleepn(uint32_t useconds); diff --git a/performance.h b/performance.h index 2d4a682..10759f8 100644 --- a/performance.h +++ b/performance.h @@ -31,7 +31,7 @@ int32_t my_select(int32_t fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, ssize_t read_safe(int32_t fd, void *buffer, size_t len) { int32_t r = 0; int32_t total = 0; - int32_t toread = len; + uint32_t toread = len; fd_set fr; struct timeval tv; int32_t ret = 0; diff --git a/sasl.c b/sasl.c index cf2234e..ba08978 100644 --- a/sasl.c +++ b/sasl.c @@ -321,7 +321,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * while ((array[i] != NULL) && (array[i][0] == ' ')) { char *tmp = strdup(array[i]); - memset(array[i], 0, sizeof(array[i])); + //memset(array[i], 0, sizeof(array[i])); strcpy(array[i], tmp + 1); free(tmp); } From 15e534fbbfabcc6f234a4545ae093f56525da01b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 7 Jul 2017 18:05:59 +0200 Subject: [PATCH 89/90] smbv1 check --- CHANGES | 1 + hydra-smb.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+) diff --git a/CHANGES b/CHANGES index 5dd7266..37f5b4d 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,7 @@ Changelog for hydra ------------------- Release 8.6-dev +* smb module now checks if SMBv1 is supported by the server * http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch) * Fix for SSL connections that failed with error:00000000:lib(0):func(0):reason(0) (thanks gaia@github for reporting) * Added new command line option: diff --git a/hydra-smb.c b/hydra-smb.c index 48f7d7e..afc8ec6 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -1437,7 +1437,66 @@ int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *misc // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here + time_t ctime; + int ready = 0, sock = hydra_connect_tcp(ip, port); + unsigned char buf[] = { + 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, + 0x72, 0x00, 0x00, 0x00, 0x00, 0x18, 0x43, 0xc8, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe, 0xff, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x9b, 0x00, 0x02, + 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, + 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, + 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, + 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, + 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, + 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, + 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, + 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, + 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, + 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, + 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, + 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, + 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, + 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, + 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, + 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, + 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, + 0x32, 0x00 }; + + if (sock < 0) { + fprintf(stderr, "[ERROR] could not connect to target smb://%s:%d/\n", hostname, port); + return -1; + } + + if (send(sock, buf, sizeof(buf), 0) < 0) { + fprintf(stderr, "[ERROR] unable to send to target smb://%s:%d/\n", hostname, port); + return -1; + } + + ctime = time(NULL); + do { + usleepn(300); + } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 < time(NULL)); + + if (ready <= 0) { + fprintf(stderr, "[ERROR] no reply from target smb://%s:%d/\n", hostname, port); + return -1; + } + + if ((ready = recv(sock, buf, sizeof(buf), 0)) < 40) { + fprintf(stderr, "[ERROR] invalid reply from target smb://%s:%d/\n", hostname, port); + return -1; + } + + if (buf[37] == buf[38] && buf[38] == 0xff) { + fprintf(stderr, "[ERROR] target smb://%s:%d/ does not support SMBv1\n", hostname, port); + return -1; + } + return 0; } From cea00533ea8d87e242e66f921110de7dbf47c31f Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 7 Jul 2017 18:26:17 +0200 Subject: [PATCH 90/90] smb req signing check --- CHANGES | 2 +- hydra-smb.c | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 37f5b4d..237e1a6 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ Changelog for hydra ------------------- Release 8.6-dev -* smb module now checks if SMBv1 is supported by the server +* smb module now checks if SMBv1 is supported by the server and now signing is required * http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch) * Fix for SSL connections that failed with error:00000000:lib(0):func(0):reason(0) (thanks gaia@github for reporting) * Added new command line option: diff --git a/hydra-smb.c b/hydra-smb.c index afc8ec6..3be4170 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -1480,7 +1480,7 @@ int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *misc ctime = time(NULL); do { usleepn(300); - } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 < time(NULL)); + } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 <= time(NULL)); if (ready <= 0) { fprintf(stderr, "[ERROR] no reply from target smb://%s:%d/\n", hostname, port); @@ -1491,12 +1491,19 @@ int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *misc fprintf(stderr, "[ERROR] invalid reply from target smb://%s:%d/\n", hostname, port); return -1; } + + close(sock); if (buf[37] == buf[38] && buf[38] == 0xff) { fprintf(stderr, "[ERROR] target smb://%s:%d/ does not support SMBv1\n", hostname, port); return -1; } + if (buf[15] & 16 == 16) { + fprintf(stderr, "[ERROR] target smb://%s:%d/ requires signing which we do not support\n", hostname, port); + return -1; + } + return 0; }