github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-06 04:51:40 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into HEAD

Browse source 
Conflicts:
	Makefile.am
	hydra.c
	hydra.h

Additional changes to better fit the newer design patterns.
This commit is contained in:
catatonic 2017-07-07 20:52:58 +00:00
commit cf089a6c75
86 changed files with 2841 additions and 2301 deletions
Download patch file Download diff file Expand all files Collapse all files

34
CHANGES
View file

@ -1,17 +1,43 @@
Changelog for hydra
-------------------
Release 8.4-dev
Release 8.6-dev
* smb module now checks if SMBv1 is supported by the server and now signing is required
* http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch)
* Fix for SSL connections that failed with error:00000000:lib(0):func(0):reason(0) (thanks gaia@github for reporting)
* Added new command line option:
-c TIME: seconds between login attempts (over all threads, so -t 1 is recommended)
* Options put after -R (for loading a restore file) are now honored (and were disallowed before)
* merged several patches by Diadlo@github to make the code easier readable. thanks for that!
* merged a patch by Diadlo@github that moves the help output to the invididual module
Release 8.5
* New command line option:
-b : format option for -o output file (json only so far, happy for patches supporting others :) ) - thanks to veggiespam for the patch
* ./configure now honors the CC enviroment variable if present
* Fix for the restore file crash on some x64 platforms (finally! thanks to lukas227!)
* Changed the format of the restore file to detect cross platform copies
* Fixed a bug in the NCP module
* Favor strrchr() over rindex()
* Added refactoring patch by diadlo
* Updated man page with missing command line options
Release 8.4
! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix
* Proxy support re-implemented:
- HYDRA_PROXY[_HTTP] environment can be a text file with up to 64 entries
- HYDRA_PROXY_AUTH was deprecated, set login/password in HTTP_PROXY[_HTTP]
* New protocol: adam6500 - this one is work in progress, please test and report
* New protocol: rpcap! thanks to Petar Kaleychev <petar.kaleychev@gmail.com>
* New protocol: rpcap - thanks to Petar Kaleychev <petar.kaleychev@gmail.com>
* New command line options:
-y : disables -x 1aA interpretation, thanks to crondaemon for the patch
-I : ignore an existing hydra.restore file (dont wait for 10 seconds)
* Upgraded hydra-svn to work with the current libsvn version
* hydra-svn: works now with the current libsvn version
* hydra-ssh: initial check for password auth support now uses login supplied
* Fixed dpl4hydra to be able to update from the web again
* Fixed crash when -U was used without any service (thanks to thecarterb for reporting)
* Updated default password lists
* The protocols vnc, xmpp, telnet, imap, nntp and pcanywhere got accidentially long sleep commands due a patch in 8.2, fixed
* Added special error message for clueless users :)
@ -26,7 +52,7 @@ Release 8.3
Release 8.2
* Added RTSP module, thanks to jjavi89 for supplying!
* Added patch for ssh that fixes hyra stopping to connect, thanks to ShantonRU for the patch
* Added patch for ssh that fixes hydra stopping to connect, thanks to ShantonRU for the patch
* Added new -O option to hydra to support SSL servers that do not suport TLS
* Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames
* Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot!

2
Makefile.am Normal file → Executable file
View file

@ -1,5 +1,5 @@
#
# Makefile for Hydra - (c) 2001-2016 by van Hauser / THC <vh@thc.org>
# Makefile for Hydra - (c) 2001-2017 by van Hauser / THC <vh@thc.org>
#
OPTS=-I. -O3
# -Wall -g -pedantic

79
README
View file

@ -1,7 +1,7 @@
H Y D R A
(c) 2001-2016 by van Hauser / THC
(c) 2001-2017 by van Hauser / THC
<vh@thc.org> http://www.thc.org
many modules were written by David (dot) Maciejak @ gmail (dot) com
BFG code by Jan Dlabal <dlabaljan@gmail.com>
@ -28,7 +28,7 @@ either support more than one protocol to attack or support parallized
connects.
It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris,
FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX.
FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS.
Currently this tool supports the following protocols:
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
@ -54,7 +54,7 @@ If you are interested in the current development state, the public development
repository is at Github:
svn co https://github.com/vanhauser-thc/thc-hydra
or
git clone https://github.com/vanhauser-thc/thc-hydra.git
git clone https://github.com/vanhauser-thc/thc-hydra
Use the development version at your own risk. It contains new features and
new bugs. Things might not work!
@ -91,9 +91,9 @@ and compile them manually.
SUPPORTED PLATFORMS
-------------------
All UNIX platforms (linux, *bsd, solaris, etc.)
Mac OS/X
MacOS
Windows with Cygwin (both IPv4 and IPv6)
Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
@ -287,6 +287,75 @@ ADDITIONAL HINTS
cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt
RESULTS OUTPUT
--------------
The results are output to stdio along with the other information. Via the -o
command line option, the results can also be written to a file. Using -b,
the format of the output can be specified. Currently, these are supported:
* `text` - plain text format
* `jsonv1` - JSON data using version 1.x of the schema (defined below).
* `json` - JSON data using the latest version of the schema, currently there
is only version 1.
If using JSON output, the results file may not be valid JSON if there are
serious errors in booting Hydra.
### JSON Schema
Here is an example of the JSON output. Notes on some of the fields:
* `errormessages` - an array of zero or more strings that are normally printed
to stderr at the end of the Hydra's run. The text is very free form.
* `success` - indication if Hydra ran correctly without error (**NOT** if
passwords were detected). This parameter is either the JSON value `true`
or `false` depending on completion.
* `quantityfound` - How many username+password combinations discovered.
* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00,
2.03, etc. Hydra will make second tuple of the version to always be two
digits to make it easier for downstream processors (as opposed to v1.1 vs
v1.10). The minor-level versions are additive, so 1.02 will contain more
fields than version 1.00 and will be backward compatible. Version 2.x will
break something from version 1.x output.
Version 1.00 example:
```
{
"errormessages": [
"[ERROR] Error Message of Something",
"[ERROR] Another Message",
"These are very free form"
],
"generator": {
"built": "2017-03-01 14:44:22",
"commandline": "hydra -b jsonv1 -o results.json ... ...",
"jsonoutputversion": "1.00",
"server": "127.0.0.1",
"service": "http-post-form",
"software": "Hydra",
"version": "v8.5"
},
"quantityfound": 2,
"results": [
{
"host": "127.0.0.1",
"login": "bill@example.com",
"password": "bill",
"port": 9999,
"service": "http-post-form"
},
{
"host": "127.0.0.1",
"login": "joe@example.com",
"password": "joe",
"port": 9999,
"service": "http-post-form"
}
],
"success": false
}
```
SPEED
-----

28
bfg.c
View file

@ -6,15 +6,22 @@
#include <string.h>
#include <math.h>
#include <ctype.h>
#ifdef __sun
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#else
#include <stdint.h>
#endif
#include "bfg.h"
bf_option bf_options;
#ifdef HAVE_MATH_H
extern int debug;
extern int32_t debug;
static int add_single_char(char ch, char flags, int* crs_len) {
static int32_t add_single_char(char ch, char flags, int32_t* crs_len) {
if ((ch >= '2' && ch <= '9') || ch == '0') {
if ((flags & BF_NUMS) > 0) {
printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", ch);
@ -22,7 +29,7 @@ static int add_single_char(char ch, char flags, int* crs_len) {
}
//printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", ch);
}
if (tolower((int) ch) >= 'b' && tolower((int) ch) <= 'z') {
if (tolower((int32_t) ch) >= 'b' && tolower((int32_t) ch) <= 'z') {
if ((ch <= 'Z' && (flags & BF_UPPER) > 0) || (ch > 'Z' && (flags & BF_UPPER) > 0)) {
printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", ch, ch <= 'Z' ? 'A' : 'a');
return 0;
@ -38,14 +45,15 @@ static int add_single_char(char ch, char flags, int* crs_len) {
bf_options.crs[*crs_len - 1] = ch;
bf_options.crs[*crs_len] = '\0';
}
return 0;
}
// return values : 0 on success, 1 on error
//
// note that we check for -x .:.:ab but not for -x .:.:ba
//
int bf_init(char *arg) {
int i = 0;
int crs_len = 0;
int32_t bf_init(char *arg) {
int32_t i = 0;
int32_t crs_len = 0;
char flags = 0;
char *tmp = strchr(arg, ':');
@ -165,10 +173,10 @@ int bf_init(char *arg) {
}
unsigned long int bf_get_pcount() {
int i;
uint64_t bf_get_pcount() {
int32_t i;
double count = 0;
unsigned long int foo;
uint64_t foo;
for (i = bf_options.from; i <= bf_options.to; i++)
count += (pow((double) bf_options.crs_len, (double) i));
@ -183,7 +191,7 @@ unsigned long int bf_get_pcount() {
char *bf_next() {
int i, pos = bf_options.current - 1;
int32_t i, pos = bf_options.current - 1;
if (bf_options.current > bf_options.to)
return NULL; // we are done

6
bfg.h
View file

@ -40,14 +40,14 @@ typedef struct {
char *arg; /* argument received for bfg commandline option */
char *crs; /* internal representation of charset */
char *ptr; /* ptr to the last generated password */
unsigned int disable_symbols;
uint32_t disable_symbols;
} bf_option;
extern bf_option bf_options;
#ifdef HAVE_MATH_H
extern unsigned long int bf_get_pcount();
extern int bf_init(char *arg);
extern uint64_t bf_get_pcount();
extern int32_t bf_init(char *arg);
extern char *bf_next();
#endif

32
configure vendored
View file

@ -15,9 +15,13 @@ if [ "$1" = "-h" -o "$1" = "--help" ]; then
echo " --nostrip do not per default strip binaries before install"
echo " --debug show debug output to trace errors"
echo " --help this here"
echo
echo If the CC environment variable is set, this is used as the compiler for the configure tests. The default is \"gcc\" otherwise.
exit 0
fi
test -z "$CC" && CC=gcc
FHS=""
SIXFOUR=""
DEBUG=""
@ -983,37 +987,37 @@ fi
echo "Checking for Android specialities ..."
TMPC=comptest$$
RINDEX=" not"
STRRCHR=" not"
echo '#include <stdio.h>' > $TMPC.c
echo '#include <strings.h>' >> $TMPC.c
echo "int main() { char *x = rindex(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c
gcc -o $TMPC $TMPC.c > /dev/null 2>&1
test -x $TMPC && RINDEX=""
echo "int main() { char *x = strrchr(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c
$CC -o $TMPC $TMPC.c > /dev/null 2>&1
test -x $TMPC && STRRCHR=""
rm -f $TMPC $TMPC.c
echo " ... rindex()$RINDEX found"
echo " ... strrchr()$STRRCHR found"
if [ -n "$CRYPTO_PATH" ]; then
RSA=" not"
echo '#include <stdio.h>' > $TMPC.c
echo '#include <openssl/rsa.h>' >> $TMPC.c
echo "int main() { RSA *rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c
#echo "int main() { RSA *rsa; RSA_generate_key_ex(rsa, 1024, 0, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c
gcc -o $TMPC $TMPC.c -lssl -lcrypto > /dev/null 2>&1
$CC -o $TMPC $TMPC.c -lssl -lcrypto > /dev/null 2>&1
test -x $TMPC && RSA=""
rm -f $TMPC $TMPC.c
echo " ... RSA_generate_key()$RSA found"
fi
echo "Checking for secure compile option support in gcc ..."
echo "Checking for secure compile option support in $CC ..."
GCCSEC="no"
LDSEC="no"
GCCSECOPT="-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
echo '#include <stdio.h>' > $TMPC.c
echo 'int main() { printf(""); return 0; }' >> $TMPC.c
gcc -pie -fPIE $GCCSEPOPT -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err
$CC -pie -fPIE $GCCSEPOPT -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err
test -x $TMPC && GCCSEC="yes"
grep -q fPI $TMPC.c.err || GCCSECOPT="-pie -fPIE $GCCSECOPT"
rm -f "$TMPC"
gcc $GCCSECOPT -Wl,-z,now -Wl,-z,relro -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err
$CC $GCCSECOPT -Wl,-z,now -Wl,-z,relro -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err
test -x $TMPC && { LDSEC="yes" ; GCCSECOPT="$GCCSECOPT -Wl,-z,now -Wl,-z,relro" ; }
rm -f $TMPC $TMPC.c $TMPC.c.err
echo " Compiling... $GCCSEC"
@ -1077,8 +1081,8 @@ fi
if [ -n "$SSH_PATH" ]; then
XDEFINES="$XDEFINES -DLIBSSH"
fi
if [ -n "$RINDEX" ]; then
XDEFINES="$XDEFINES -DNO_RINDEX"
if [ -n "$STRRCHR" ]; then
XDEFINES="$XDEFINES -DNO_STRRCHR"
fi
if [ -n "$RSA" ]; then
XDEFINES="$XDEFINES -DNO_RSA_LEGACY"
@ -1244,6 +1248,10 @@ if [ "X" != "X$DEBUG" ]; then
echo DEBUG: STRIP=$STRIP
fi
if [ "$SYSS" = "SunOS" ]; then
XLIBS="$XLIBS -lrt"
fi
echo "Writing Makefile.in ..."
if [ "X" != "X$FHS" ]; then
echo "MANDIR = /share/man/man1" >> Makefile.in
@ -1287,7 +1295,7 @@ if [ "x$WINDRES" = "x" ]; then
echo HYDRA_LOGO= >> Makefile
echo PWI_LOGO= >> Makefile
fi
if [ "$GCCSEC" = "yes" ]; then
if [ "$GCCSEC" = "yes" ] && [ "$SYSS" != "SunOS" ]; then
echo "SEC=$GCCSECOPT" >> Makefile
else
echo "SEC=" >> Makefile

14
crc32.c
View file

@ -1,4 +1,3 @@
/*-
* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or
* code or tables extracted from it, as desired without restriction.
@ -42,8 +41,15 @@
*/
#include <sys/types.h>
#ifdef __sun
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#else
#include <stdint.h>
#endif
unsigned int crc32_tab[] = {
uint32_t crc32_tab[] = {
0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
@ -91,9 +97,9 @@ unsigned int crc32_tab[] = {
#ifndef HAVE_ZLIB
unsigned int crc32(const void *buf, unsigned int size) {
uint32_t crc32(const void *buf, uint32_t size) {
const unsigned char *p;
unsigned int crc;
uint32_t crc;
p = buf;
crc = ~0U;

2
crc32.h
View file

@ -4,7 +4,7 @@
#include <sys/types.h>
#ifndef HAVE_ZLIB
unsigned int crc32(const void *buf, unsigned int size);
uint32_t crc32(const void *buf, uint32_t size);
#endif
#endif

9
d3des.c
View file

@ -1,4 +1,3 @@
/* 2001 van Hauser for Hydra: commented out KnR Kn3 and Df_Key to remove
compiler warnings for unused definitions.
*/
@ -84,9 +83,9 @@ static unsigned char pc2[48] = {
void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */
unsigned char *key;
int edf;
int32_t edf;
{
register int i, j, l, m, n;
register int32_t i, j, l, m, n;
unsigned char pc1m[56], pcr[56];
unsigned long kn[32];
@ -132,7 +131,7 @@ static void cookey(raw1)
{
register unsigned long *cook, *raw0;
unsigned long dough[32];
register int i;
register int32_t i;
cook = dough;
for (i = 0; i < 16; i++, raw1++) {
@ -367,7 +366,7 @@ static void desfunc(block, keys)
register unsigned long *block, *keys;
{
register unsigned long fval, work, right, leftt;
register int round;
register int32_t round;
leftt = block[0];
right = block[1];

9
d3des.h
View file

@ -1,3 +1,10 @@
#ifdef __sun
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#else
#include <stdint.h>
#endif
/*
* This is D3DES (V5.09) by Richard Outerbridge with the double and
@ -23,7 +30,7 @@
#define EN0 0 /* MODE == encrypt */
#define DE1 1 /* MODE == decrypt */
extern void deskey(unsigned char *, int);
extern void deskey(unsigned char *, int32_t);
/* hexkey[8] MODE
* Sets the internal key register according to the hexadecimal

12
hmacmd5.c
View file

@ -43,8 +43,8 @@
the rfc 2104 version of hmac_md5 initialisation.
***********************************************************************/
void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context * ctx) {
int i;
void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context * ctx) {
int32_t i;
unsigned char tk[16];
/* if key is longer than 64 bytes reset it to key=MD5(key) */
@ -79,8 +79,8 @@ void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context
the microsoft version of hmac_md5 initialisation.
***********************************************************************/
void hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, HMACMD5Context * ctx) {
int i;
void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context * ctx) {
int32_t i;
/* if key is longer than 64 bytes truncate it */
if (key_len > 64) {
@ -107,7 +107,7 @@ void hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, HMACMD5Cont
update hmac_md5 "inner" buffer
***********************************************************************/
void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context * ctx) {
void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context * ctx) {
MD5_Update(&ctx->ctx, (void *) text, text_len); /* then text of datagram */
}
@ -131,7 +131,7 @@ void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx)
use the microsoft hmacmd5 init method because the key is 16 bytes.
************************************************************/
void hmac_md5(unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest) {
void hmac_md5(unsigned char key[16], unsigned char *data, int32_t data_len, unsigned char *digest) {
HMACMD5Context ctx;
hmac_md5_init_limK_to_64(key, 16, &ctx);

15
hmacmd5.h
View file

@ -29,6 +29,13 @@
*/
#ifdef __sun
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#else
#include <stdint.h>
#endif
#include <openssl/md5.h>
#ifndef _HMAC_MD5_H
@ -41,10 +48,10 @@ typedef struct {
#endif /* _HMAC_MD5_H */
void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context *ctx);
void hmac_md5_init_limK_to_64(const unsigned char* key, int key_len,HMACMD5Context *ctx);
void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context *ctx);
void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx);
void hmac_md5_init_limK_to_64(const unsigned char* key, int32_t key_len,HMACMD5Context *ctx);
void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context *ctx);
void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx);
void hmac_md5( unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest);
void hmac_md5( unsigned char key[16], unsigned char *data, int32_t data_len, unsigned char *digest);

17
hydra-adam6500.c
View file

@ -56,11 +56,11 @@ unsigned char adam6500_resp2[] = {
0x00, 0x00, 0x00
};
int start_adam6500(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *pass;
unsigned char buffer[300];
int i;
int32_t i;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
@ -90,9 +90,9 @@ int start_adam6500(int s, char *ip, int port, unsigned char options, char *miscp
return 1;
}
void service_adam6500(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1;
int myport = PORT_ADAM6500, mysslport = PORT_ADAM6500_SSL;
void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_ADAM6500, mysslport = PORT_ADAM6500_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -102,9 +102,6 @@ void service_adam6500(char *ip, int sp, unsigned char options, char *miscptr, FI
switch (run) {
case 1: /* connect and service init function */
{
unsigned char *buf2;
int f = 0;
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
@ -120,7 +117,7 @@ void service_adam6500(char *ip, int sp, unsigned char options, char *miscptr, FI
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
@ -148,7 +145,7 @@ void service_adam6500(char *ip, int sp, unsigned char options, char *miscptr, FI
}
}
int service_adam6500_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_adam6500_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

17
hydra-afp.c
View file

@ -1,4 +1,3 @@
/*
* Apple Filing Protocol Support - by David Maciejak @ GMAIL dot com
*
@ -27,7 +26,7 @@ void dummy_afp() {
extern char *HYDRA_EXIT;
void stdout_fct(void *priv, enum loglevels loglevel, int logtype, const char *message) {
void stdout_fct(void *priv, enum loglevels loglevel, int32_t logtype, const char *message) {
//fprintf(stderr, "[ERROR] Caught unknown error %s\n", message);
}
@ -39,7 +38,7 @@ static struct libafpclient afpclient = {
.loop_started = NULL,
};
static int server_subconnect(struct afp_url url) {
static int32_t server_subconnect(struct afp_url url) {
struct afp_connection_request *conn_req;
struct afp_server *server = NULL;
@ -78,7 +77,7 @@ static int server_subconnect(struct afp_url url) {
return 0;
}
int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, mlogin[AFP_MAX_USERNAME_LEN], mpass[AFP_MAX_PASSWORD_LEN];
struct afp_url tmpurl;
@ -119,9 +118,9 @@ int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 1;
}
void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_AFP;
void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_AFP;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -140,7 +139,7 @@ void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
port = myport;
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
@ -173,7 +172,7 @@ void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
#endif
int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_afp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

12
hydra-asterisk.c
View file

@ -11,7 +11,7 @@ extern char *HYDRA_EXIT;
char *buf;
int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "\"\"";
char *login, *pass, buffer[1024];
@ -62,9 +62,9 @@ int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscp
return 2;
}
void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_ASTERISK, mysslport = PORT_ASTERISK_SSL;
void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_ASTERISK, mysslport = PORT_ASTERISK_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -89,7 +89,7 @@ void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FI
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
buf = hydra_receive_line(sock);
@ -122,7 +122,7 @@ void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FI
}
}
int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_asterisk_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

38
hydra-cisco-enable.c
View file

@ -3,7 +3,7 @@
extern char *HYDRA_EXIT;
char *buf;
int start_cisco_enable(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *pass, buffer[300];
@ -58,9 +58,9 @@ int start_cisco_enable(int s, char *ip, int port, unsigned char options, char *m
return 3;
}
void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1;
int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL;
void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1;
int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL;
char buffer[300];
char *login;
@ -87,7 +87,7 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
port = mysslport;
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
@ -101,7 +101,7 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
sprintf(buffer, "%.250s\r\n", login);
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t) getpid());
hydra_child_exit(2);
}
}
@ -117,7 +117,7 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
sprintf(buffer, "%.250s\r\n", miscptr);
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t) getpid());
hydra_child_exit(2);
}
}
@ -132,7 +132,7 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
}
if (strstr(buf, "assw") != NULL) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int32_t) getpid());
hydra_child_exit(2);
}
free(buf);
@ -143,11 +143,11 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
case 2: /* run the cracking function */
{
unsigned char *buf2;
int f = 0;
int32_t f = 0;
sprintf(buffer, "%.250s\r\n", "ena");
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int32_t) getpid());
hydra_child_exit(2);
}
@ -160,11 +160,11 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
if (failc < retry) {
next_run = 1;
failc++;
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry);
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int32_t) getpid(), failc, retry);
sleep(3);
break;
} else {
fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid());
fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t) getpid());
hydra_child_exit(0);
}
}
@ -180,7 +180,7 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
case 3: /* clean exit */
sprintf(buffer, "%.250s\r\n", "exit");
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int32_t) getpid());
hydra_child_exit(0);
}
if (sock >= 0)
@ -196,7 +196,7 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
}
}
int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -209,3 +209,13 @@ int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *mis
return 0;
}
void usage_cisco_enable(const char* service) {
printf("Module cisco-enable is optionally taking the logon password for the cisco device\n"
"Note: if AAA authentication is used, use the -l option for the username\n"
"and the optional parameter for the password of the user.\n"
"Examples:\n"
" hydra -P pass.txt target cisco-enable (direct console access)\n"
" hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n"
" hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n");
}

22
hydra-cisco.c
View file

@ -7,7 +7,7 @@
extern char *HYDRA_EXIT;
char *buf = NULL;
int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *pass, buffer[300];
@ -115,9 +115,9 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1;
}
void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1;
int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL;
void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1;
int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -128,7 +128,7 @@ void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE
case 1: /* connect and service init function */
{
unsigned char *buf2;
int f = 0;
int32_t f = 0;
if (sock >= 0)
sock = hydra_disconnect(sock);
@ -147,7 +147,7 @@ void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
do {
@ -159,11 +159,11 @@ void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE
if (failc < retry) {
next_run = 1;
failc++;
if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry);
if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int32_t) getpid(), failc, retry);
sleep(3);
break;
} else {
if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid());
if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t) getpid());
hydra_child_exit(0);
}
}
@ -198,7 +198,7 @@ void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE
}
}
int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -211,3 +211,7 @@ int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, F
return 0;
}
void usage_cisco(const char* service) {
printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n");
}

20
hydra-cvs.c
View file

@ -1,14 +1,14 @@
#include "hydra-mod.h"
extern int hydra_data_ready_timed(int socket, long sec, long usec);
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
extern char *HYDRA_EXIT;
char *buf;
int start_cvs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_cvs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[1024], pass2[513];
int i;
int32_t i;
char *directory = miscptr;
/* evil cvs encryption sheme...
@ -85,9 +85,9 @@ int start_cvs(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 3;
}
void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_CVS, mysslport = PORT_CVS_SSL;
void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_CVS, mysslport = PORT_CVS_SSL;
hydra_register_socket(sp);
@ -118,7 +118,7 @@ void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = start_cvs(sock, ip, port, options, miscptr, fp);
@ -136,7 +136,7 @@ void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
}
int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -149,3 +149,7 @@ int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FIL
return 0;
}
void usage_cvs(const char* service) {
printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n");
}

17
hydra-firebird.c
View file

@ -1,4 +1,3 @@
/*
Firebird Support - by David Maciejak @ GMAIL dot com
@ -27,7 +26,7 @@ void dummy_firebird() {
extern char *HYDRA_EXIT;
int start_firebird(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass;
char database[256];
@ -87,9 +86,9 @@ int start_firebird(int s, char *ip, int port, unsigned char options, char *miscp
return 1;
}
void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL;
void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -113,7 +112,7 @@ void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FI
port = mysslport;
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
@ -146,7 +145,7 @@ void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FI
#endif
int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -159,3 +158,7 @@ int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr
return 0;
}
void usage_firebird(const char* service) {
printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n");
}

16
hydra-ftp.c
View file

@ -3,7 +3,7 @@
extern char *HYDRA_EXIT;
char *buf;
int start_ftp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "\"\"";
char *login, *pass, buffer[510];
@ -74,9 +74,9 @@ int start_ftp(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 2;
}
void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname, int tls) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_FTP, mysslport = PORT_FTP_SSL;
void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, int32_t tls) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_FTP, mysslport = PORT_FTP_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -100,7 +100,7 @@ void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FI
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
usleepn(250);
@ -167,15 +167,15 @@ void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FI
}
}
void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 0);
}
void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 1);
}
int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

24
hydra-gtk/src/callbacks.c
View file

@ -151,24 +151,24 @@ int hydra_get_options(char *options[]) {
}
/* get the pass, pass list, or generate */
/* The "generate" button was implemented by Petar Kaleychev <petar.kaleychev@gmail.com> */
/* The "generate" button was implemented by Petar Kaleychev <petar.kaleychev@gmail.com> */
widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass1");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
options[i++] = "-p";
widget = lookup_widget(GTK_WIDGET(wndMain), "entPass");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
}
widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass2");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
}
widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass2");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
options[i++] = "-P";
widget = lookup_widget(GTK_WIDGET(wndMain), "entPassFile");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
}
widget = lookup_widget(GTK_WIDGET(wndMain), "radioGenerate");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
options[i++] = "-x";
widget = lookup_widget(GTK_WIDGET(wndMain), "entGeneration");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
widget = lookup_widget(GTK_WIDGET(wndMain), "radioGenerate");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
options[i++] = "-x";
widget = lookup_widget(GTK_WIDGET(wndMain), "entGeneration");
options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
}
}
@ -297,7 +297,7 @@ int hydra_get_options(char *options[]) {
}
widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM");
if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
strcat(smbparm, "Hash");
strcat(smbparm, "Hash");
}
options[i++] = smbparm;
@ -540,6 +540,7 @@ int *popen_re_unbuffered(char *command) {
static int *pfd = NULL;
char *options[128];
hydra_pid = 0;
update_statusbar();
@ -562,6 +563,7 @@ int *popen_re_unbuffered(char *command) {
return NULL;
} else if (hydra_pid == 0) { /* child */
int k;
if (setpgid(getpid(), getpid()) < 0)
g_warning("popen_rw_unbuffered: setpgid() failed");
if (close(p_r[0]) < 0)
@ -701,6 +703,7 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) {
void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) {
GtkWidget *user, *pass;
user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername");;
pass = lookup_widget(GTK_WIDGET(wndMain), "frmPass");
@ -715,6 +718,7 @@ void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) {
void on_chkDisUser_toggled(GtkToggleButton * togglebutton, gpointer user_data) {
GtkWidget *radioUsername1, *radioUsername2, *entUsername, *entUsernameFile;
radioUsername1 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1");;
radioUsername2 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername2");
entUsername = lookup_widget(GTK_WIDGET(wndMain), "entUsername");

3
hydra-gtk/src/interface.c
View file

@ -222,6 +222,7 @@ GtkWidget *create_wndMain(void) {
gtk_widget_set_name(cmbProtocol, "cmbProtocol");
gtk_widget_show(cmbProtocol);
gtk_table_attach(GTK_TABLE(table8), cmbProtocol, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0);
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "adam6500");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "afp");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "asterisk");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "cisco");
@ -262,7 +263,9 @@ GtkWidget *create_wndMain(void) {
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "redis");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rexec");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rlogin");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rpcap");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rsh");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rtsp");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "s7-300");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sapr3");
cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sip");

20
hydra-gtk/xhydra.glade
View file

@ -549,6 +549,26 @@
<property name="label" translatable="yes">xmpp</property>
</widget>
</child>
<child>
<widget class="GtkListItem" id="listitem2120">
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="label" translatable="yes">adam6500</property>
</widget>
</child>
<child>
<widget class="GtkListItem" id="listitem2121">
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="label" translatable="yes">rpcap</property>
</widget>
</child>
<widget class="GtkListItem" id="listitem2122">
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="label" translatable="yes">rtsp</property>
</widget>
</child>
</widget>
</child>

159
hydra-http-form.c
View file

@ -75,24 +75,24 @@ typedef struct cookie_node {
struct cookie_node *next;
} t_cookie_node, *ptr_cookie_node;
int success_cond = 0;
int getcookie = 1;
int auth_flag = 0;
int32_t success_cond = 0;
int32_t getcookie = 1;
int32_t auth_flag = 0;
char cookie[4096] = "", cmiscptr[1024];
extern char *webtarget;
extern char *slash;
int webport, freemischttpform = 0;
char bufferurl[1024], cookieurl[1024] = "", userheader[1024] = "", *url, *variables, *optional1;
int32_t webport, freemischttpform = 0;
char bufferurl[6096+24], cookieurl[6096+24] = "", userheader[6096+24] = "", *url, *variables, *optional1;
#define MAX_REDIRECT 8
#define MAX_CONTENT_LENGTH 20
#define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2
char redirected_url_buff[2048] = "";
int redirected_flag = 0;
int redirected_cpt = MAX_REDIRECT;
int32_t redirected_flag = 0;
int32_t redirected_cpt = MAX_REDIRECT;
char *cookie_request, *normal_request; // Buffers for HTTP headers
@ -114,7 +114,28 @@ ptr_header_node header_exists(ptr_header_node * ptr_head, char *header_name, cha
return found_header;
}
int append_cookie(char *name, char *value, ptr_cookie_node *last_cookie)
#if defined(__sun)
/* Written by Kaveh R. Ghazi <ghazi@caip.rutgers.edu> */
char *
strndup (const char *s, size_t n)
{
char *result;
size_t len = strlen (s);
if (n < len)
len = n;
result = (char *) malloc (len + 1);
if (!result)
return 0;
memcpy (result, s, len);
result[len] = '\0';
return(result);
}
#endif
int32_t append_cookie(char *name, char *value, ptr_cookie_node *last_cookie)
{
ptr_cookie_node new_ptr = (ptr_cookie_node) malloc(sizeof(t_cookie_node));
if (!new_ptr)
@ -135,7 +156,7 @@ int append_cookie(char *name, char *value, ptr_cookie_node *last_cookie)
char * stringify_cookies(ptr_cookie_node ptr_cookie)
{
ptr_cookie_node cur_ptr = NULL;
unsigned int length = 1;
uint32_t length = 1;
char *cookie_hdr = (char *) malloc(length);
if (cookie_hdr) {
@ -174,10 +195,9 @@ success:
* +--------+
* Returns 1 if success, or 0 otherwise.
*/
int add_or_update_cookie(ptr_cookie_node * ptr_cookie, char * cookie_expr)
int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char * cookie_expr)
{
ptr_cookie_node cur_ptr = NULL, new_ptr = NULL;
char * cookie = strdup(cookie_expr);
ptr_cookie_node cur_ptr = NULL;
char * cookie_name = NULL,
* cookie_value = strstr(cookie_expr, "=");
if (cookie_value) {
@ -206,11 +226,11 @@ int add_or_update_cookie(ptr_cookie_node * ptr_cookie, char * cookie_expr)
return 1;
}
int process_cookies(ptr_cookie_node * ptr_cookie, char * cookie_expr)
int32_t process_cookies(ptr_cookie_node * ptr_cookie, char * cookie_expr)
{
char *tok = NULL;
char *expr = strdup(cookie_expr);
int res = 0;
int32_t res = 0;
if (strstr(cookie_expr, ";")) {
tok = strtok(expr, ";");
@ -236,7 +256,7 @@ int process_cookies(ptr_cookie_node * ptr_cookie, char * cookie_expr)
*
* Returns 1 if success, or 0 otherwise (out of memory).
*/
int add_header(ptr_header_node * ptr_head, char *header, char *value, char type) {
int32_t add_header(ptr_header_node * ptr_head, char *header, char *value, char type) {
ptr_header_node cur_ptr = NULL;
ptr_header_node existing_hdr, new_ptr;
@ -322,7 +342,7 @@ void hdrrepv(ptr_header_node * ptr_head, char *hdrname, char *new_value) {
if (cur_ptr->value)
strcpy(cur_ptr->value, new_value);
else {
hydra_report(stderr, "[ERROR] Out of memory (hdrrepv %lu)", strlen(new_value) + 1);
hydra_report(stderr, "[ERROR] Out of memory (hdrrepv %u)", strlen(new_value) + 1);
hydra_child_exit(0);
}
}
@ -348,7 +368,7 @@ void cleanup(ptr_header_node *ptr_head) {
char *stringify_headers(ptr_header_node * ptr_head) {
char *headers_str = NULL;
ptr_header_node cur_ptr = *ptr_head;
int ttl_size = 0;
int32_t ttl_size = 0;
for (; cur_ptr; cur_ptr = cur_ptr->next)
ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 4;
@ -370,7 +390,7 @@ char *stringify_headers(ptr_header_node * ptr_head) {
char *prepare_http_request(char *type, char *path, char *params, char *headers) {
unsigned int reqlen = 0;
uint32_t reqlen = 0;
char *http_request = NULL;
if (type && path && headers) {
@ -410,7 +430,7 @@ char *prepare_http_request(char *type, char *path, char *params, char *headers)
return http_request;
}
int strpos(char *str, char *target) {
int32_t strpos(char *str, char *target) {
char *res = strstr(str, target);
if (res == NULL)
@ -433,19 +453,22 @@ char *html_encode(char *string) {
ret = hydra_strrep(ret, "&", "%26");
if (index(ret, '#') != NULL)
ret = hydra_strrep(ret, "#", "%23");
if (index(ret, '=') != NULL)
ret = hydra_strrep(ret, "=", "%3D");
return ret;
}
/*
int analyze_server_response(int socket)
int32_t analyze_server_response(int32_t socket)
return 0 or 1 when the cond regex is matched
return -1 if no response from server
*/
int analyze_server_response(int s) {
int runs = 0;
int32_t analyze_server_response(int32_t s) {
int32_t runs = 0;
redirected_flag = 0;
auth_flag = 0;
while ((buf = hydra_receive_line(s)) != NULL) {
runs++;
//check for http redirection
@ -548,7 +571,7 @@ int analyze_server_response(int s) {
return 0;
}
void hydra_reconnect(int s, char *ip, int port, unsigned char options, char *hostname) {
void hydra_reconnect(int32_t s, char *ip, int32_t port, unsigned char options, char *hostname) {
if (s >= 0)
s = hydra_disconnect(s);
if ((options & OPTION_SSL) == 0) {
@ -558,13 +581,13 @@ void hydra_reconnect(int s, char *ip, int port, unsigned char options, char *hos
}
}
int start_http_form(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) {
int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) {
char *empty = "";
char *login, *pass, clogin[256], cpass[256];
char header[8096], *upd3variables;
char *cookie_header = NULL;
char *http_request;
int found = !success_cond, i, j;
int32_t found = !success_cond, i, j;
char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH];
memset(header, 0, sizeof(header));
@ -606,7 +629,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
if (strcmp(type, "POST") == 0) {
memset(proxy_string, 0, sizeof(proxy_string));
snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url);
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables));
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables));
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", content_length);
else
@ -654,11 +677,11 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
if (strcmp(type, "POST") == 0) {
memset(proxy_string, 0, sizeof(proxy_string));
snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url);
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables));
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables));
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", content_length);
else
add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
else
add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
cookie_header = stringify_cookies(ptr_cookie);
@ -700,7 +723,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
}
// now prepare for the "real" request
if (strcmp(type, "POST") == 0) {
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables));
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables));
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", content_length);
else
@ -825,6 +848,10 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
str3[0] = '/';
}
if(strrchr(url, ':') == NULL && port != 80) {
sprintf(str2, "%s:%d", str2, port);
}
if (verbose)
hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3);
@ -877,9 +904,9 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
return 1;
}
void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname, char *type, ptr_header_node * ptr_head, ptr_cookie_node * ptr_cookie) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL;
void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char *type, ptr_header_node * ptr_head, ptr_cookie_node * ptr_cookie) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL;
// register our socket descriptor
hydra_register_socket(sp);
@ -917,7 +944,7 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t) getpid());
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
@ -958,7 +985,7 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F
free(miscptr);
}
void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
ptr_cookie_node ptr_cookie = NULL;
ptr_header_node ptr_head = initialize(ip, options, miscptr);
@ -970,7 +997,7 @@ void service_http_get_form(char *ip, int sp, unsigned char options, char *miscpt
}
}
void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
ptr_cookie_node ptr_cookie = NULL;
ptr_header_node ptr_head = initialize(ip, options, miscptr);
@ -982,7 +1009,7 @@ void service_http_post_form(char *ip, int sp, unsigned char options, char *miscp
}
}
int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -1035,7 +1062,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
else
webport = PORT_HTTP_SSL;
sprintf(bufferurl, "%.1000s", miscptr);
sprintf(bufferurl, "%.6096s", miscptr);
url = bufferurl;
ptr = url;
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
@ -1141,14 +1168,15 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
case 'H':
// add a new header, or replace an existing one's value
ptr = optional1 + 2;
while (*ptr != 0 && *ptr != ':')
ptr++;
if (*(ptr - 1) == '\\')
*(ptr - 1) = 0;
if (*ptr != 0){
*ptr = 0;
ptr += 2;
}
while (*ptr != 0 && *ptr != ':') ptr++;
if (*(ptr - 1) == '\\')
*(ptr - 1) = 0;
if (*ptr != 0) {
*ptr = 0;
ptr += 2;
}
ptr2 = ptr;
while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\'))
ptr2++;
@ -1215,3 +1243,40 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
}
return ptr_head;
}
void usage_http_form(const char* service) {
printf("Module %s requires the page and the parameters for the web form.\n\n"
"By default this module is configured to follow a maximum of 5 redirections in\n"
"a row. It always gathers a new cookie from the same URL without variables\n"
"The parameters take three \":\" separated values, plus optional values.\n"
"(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n"
"\nSyntax: <url>:<form parameters>:<condition string>[:<optional>[:<optional>]\n"
"First is the page on the server to GET or POST to (URL).\n"
"Second is the POST/GET variables (taken from either the browser, proxy, etc.\n"
" with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n"
" placeholders (FORM PARAMETERS)\n"
"Third is the string that it checks for an *invalid* login (by default)\n"
" Invalid condition login check can be preceded by \"F=\", successful condition\n"
" login check must be preceded by \"S=\".\n"
" This is where most people get it wrong. You have to check the webapp what a\n"
" failed string looks like and put it in this parameter!\n"
"The following parameters are optional:\n"
" C=/page/uri to define a different page to gather initial cookies from\n"
" (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n"
" ^USER^ and ^PASS^ can also be put into these headers!\n"
" Note: 'h' will add the user-defined header at the end\n"
" regardless it's already being sent by Hydra or not.\n"
" 'H' will replace the value of that header if it exists, by the\n"
" one supplied by the user, or add the header at the end\n"
"Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n"
" All colons that are not option separators should be escaped (see the examples above and below).\n"
" You can specify a header without escaping the colons, but that way you will not be able to put colons\n"
" in the header value itself, as they will be interpreted by hydra as option separators.\n"
"\nExamples:\n"
" \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n"
" \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n"
" \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n"
" \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n"
" \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F<target>%%2Fexchange&flags=0&username=<domain>%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n",
service);
}

27
hydra-http-proxy-urlenum.c
View file

@ -3,15 +3,15 @@
extern char *HYDRA_EXIT;
char *buf;
static int http_proxy_auth_mechanism = AUTH_ERROR;
static int32_t http_proxy_auth_mechanism = AUTH_ERROR;
int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *hostname) {
int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500], mlogin[260], mpass[260], mhost[260];
char url[260], host[30];
char *header = ""; /* XXX TODO */
char *ptr;
int auth = 0;
int32_t auth = 0;
login = hydra_get_next_login();
if (login == NULL || strlen(login) == 0 || strstr(login, "://") == NULL) {
@ -210,8 +210,8 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c
if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) {
hydra_report_found_host(port, ip, "http-proxy", fp);
if (fp != stdout)
fprintf(fp, "[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url);
printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url);
fprintf(fp, "[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string_beautiful(ip), url);
printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string_beautiful(ip), url);
hydra_completed_pair_found();
} else {
if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */ ) {
@ -228,9 +228,9 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c
return 1;
}
void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL;
void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -256,7 +256,7 @@ void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *m
port = mysslport;
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -278,7 +278,7 @@ void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *m
}
}
int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -291,3 +291,10 @@ int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, cha
return 0;
}
void usage_http_proxy_urlenum(const char* service) {
printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n"
"The -L loginfile must contain the URL list to try through the proxy.\n"
"The proxy credentials cann be put as the optional parameter, e.g.\n"
" hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n");
}

19
hydra-http-proxy.c
View file

@ -2,10 +2,10 @@
#include "sasl.h"
extern char *HYDRA_EXIT;
static int http_proxy_auth_mechanism = AUTH_ERROR;
static int32_t http_proxy_auth_mechanism = AUTH_ERROR;
char *http_proxy_buf = NULL;
int start_http_proxy(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *hostname) {
int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500];
char url[210], host[30];
@ -246,9 +246,9 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
return 1;
}
void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL;
void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -277,7 +277,7 @@ void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr,
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -299,7 +299,7 @@ void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr,
}
}
int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -312,3 +312,8 @@ int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscp
return 0;
}
void usage_http_proxy(const char* service) {
printf("Module http-proxy is optionally taking the page to authenticate at.\n"
"Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n");
}

31
hydra-http.c
View file

@ -5,15 +5,15 @@ extern char *HYDRA_EXIT;
char *webtarget = NULL;
char *slash = "/";
char *http_buf = NULL;
int webport, freemischttp = 0;
int http_auth_mechanism = AUTH_BASIC;
int32_t webport, freemischttp = 0;
int32_t http_auth_mechanism = AUTH_BASIC;
int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) {
int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *type) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500];
char header[64] = "Content-Length: 0\r\n";
char *ptr, *fooptr;
int complete_line = 0;
int32_t complete_line = 0;
char tmpreplybuf[1024] = "", *tmpreplybufptr;
if (strlen(login = hydra_get_next_login()) == 0)
@ -212,7 +212,7 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
//the first authentication type failed, check the type from server header
if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) {
//seems the auth supported is not Basic shceme so testing further
int find_auth = 0;
int32_t find_auth = 0;
if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) {
http_auth_mechanism = AUTH_NTLM;
@ -240,9 +240,9 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1;
}
void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname, char *type) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL;
void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char *type) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL;
char *ptr, *ptr2;
hydra_register_socket(sp);
@ -299,7 +299,7 @@ void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE *
if (sock < 0) {
if (freemischttp)
free(miscptr);
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -325,19 +325,19 @@ void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
}
void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_http(ip, sp, options, miscptr, fp, port, hostname, "GET");
}
void service_http_post(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_http(ip, sp, options, miscptr, fp, port, hostname, "POST");
}
void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_http(ip, sp, options, miscptr, fp, port, hostname, "HEAD");
}
int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -350,3 +350,8 @@ int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FI
return 0;
}
void usage_http(const char* service) {
printf("Module %s requires the page to authenticate.\n"
"For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", service);
}

36
hydra-icq.c
View file

@ -1,8 +1,8 @@
#include "hydra-mod.h"
extern char *HYDRA_EXIT;
extern int child_head_no;
int seq = 1;
extern int32_t child_head_no;
int32_t seq = 1;
const unsigned char icq5_table[] = {
0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C,
@ -31,10 +31,10 @@ const unsigned char icq5_table[] = {
0x5A, 0x00, 0x00
};
void fix_packet(char *buf, int len) {
void fix_packet(char *buf, int32_t len) {
unsigned long c1, c2;
unsigned long r1, r2;
int pos, key, k;
int32_t pos, key, k;
c1 = buf[8];
c1 <<= 8;
@ -83,10 +83,10 @@ void icq_header(char *buf, unsigned short cmd, unsigned long uin) {
buf[9] = (uin >> 24) & 0xff;
}
int icq_login(int s, char *login, char *pass) {
int32_t icq_login(int32_t s, char *login, char *pass) {
unsigned long uin = strtoul(login, NULL, 10);
char buf[256];
int len;
int32_t len;
bzero(buf, sizeof(buf));
@ -103,7 +103,7 @@ int icq_login(int s, char *login, char *pass) {
return (hydra_send(s, buf, 43 + len, 0));
}
int icq_login_1(int s, char *login) {
int32_t icq_login_1(int32_t s, char *login) {
unsigned long uin = strtoul(login, NULL, 10);
char buf[64];
@ -111,7 +111,7 @@ int icq_login_1(int s, char *login) {
return (hydra_send(s, buf, 10, 0));
}
int icq_disconnect(int s, char *login) {
int32_t icq_disconnect(int32_t s, char *login) {
unsigned long uin = strtoul(login, NULL, 10);
char buf[64];
@ -123,7 +123,7 @@ int icq_disconnect(int s, char *login) {
return (hydra_send(s, buf, 34, 0));
}
int icq_ack(int s, char *login) {
int32_t icq_ack(int32_t s, char *login) {
unsigned long uin = strtoul(login, NULL, 10);
char buf[64];
@ -141,11 +141,11 @@ int icq_ack(int s, char *login) {
return (hydra_send(s, buf, 10, 0));
}
int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * fp) {
int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *miscptr, FILE * fp) {
unsigned char buf[1024];
char *login, *pass;
char *empty = "";
int i, r;
int32_t i, r;
if (strlen(login = hydra_get_next_login()) == 0)
return 2;
@ -153,7 +153,7 @@ int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE *
pass = empty;
for (i = 0; login[i]; i++)
if (!isdigit((int) login[i])) {
if (!isdigit((int32_t) login[i])) {
fprintf(stderr, "[ERROR] Invalid UIN %s\n, ignoring.", login);
hydra_completed_pair();
return 2;
@ -168,7 +168,7 @@ int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE *
if (r < 0) {
if (verbose)
fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int) getpid());
fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int32_t) getpid());
return 3;
}
@ -196,9 +196,9 @@ int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE *
return 1;
}
void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_ICQ;
void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_ICQ;
if (port)
myport = port;
@ -221,7 +221,7 @@ void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE *
sock = hydra_disconnect(sock);
sock = hydra_connect_udp(ip, myport);
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -241,7 +241,7 @@ void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
}
int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_icq_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

36
hydra-imap.c
View file

@ -3,13 +3,13 @@
extern char *HYDRA_EXIT;
char *buf;
int counter;
int32_t counter;
int imap_auth_mechanism = AUTH_CLEAR;
int32_t imap_auth_mechanism = AUTH_CLEAR;
char *imap_read_server_capacity(int sock) {
char *imap_read_server_capacity(int32_t sock) {
char *ptr = NULL;
int resp = 0;
int32_t resp = 0;
char *buf = NULL;
do {
@ -30,7 +30,7 @@ char *imap_read_server_capacity(int sock) {
buf[strlen(buf) - 1] = 0;
if (buf[strlen(buf) - 1] == '\r')
buf[strlen(buf) - 1] = 0;
if (isdigit((int) *ptr) && *(ptr + 1) == ' ') {
if (isdigit((int32_t) *ptr) && *(ptr + 1) == ' ') {
resp = 1;
}
}
@ -39,7 +39,7 @@ char *imap_read_server_capacity(int sock) {
return buf;
}
int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500], *fooptr;
@ -111,7 +111,7 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr,
case AUTH_CRAMMD5:
case AUTH_CRAMSHA1:
case AUTH_CRAMSHA256:{
int rc = 0;
int32_t rc = 0;
char *preplogin;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
@ -220,7 +220,7 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr,
char clientfirstmessagebare[200];
char serverfirstmessage[200];
char *preplogin;
int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
return 3;
@ -353,9 +353,9 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1;
}
void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 1;
void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 1;
char *buffer1 = "1 CAPABILITY\r\n";
hydra_register_socket(sp);
@ -380,7 +380,7 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
buf = hydra_receive_line(sock);
@ -404,10 +404,10 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
int i;
int32_t i;
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
miscptr[i] = (char) toupper((int32_t) miscptr[i]);
if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) {
disable_tls = 0;
@ -571,7 +571,7 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
}
int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -584,3 +584,9 @@ int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FI
return 0;
}
void usage_imap(const char* service) {
printf("Module imap is optionally taking one authentication type of:\n"
" CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
" CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n");
}

30
hydra-irc.c
View file

@ -9,12 +9,12 @@ RFC 1459: Internet Relay Chat Protocol
extern char *HYDRA_EXIT;
char *buf;
char buffer[300] = "";
int myport = PORT_IRC, mysslport = PORT_IRC_SSL;
int32_t myport = PORT_IRC, mysslport = PORT_IRC_SSL;
int start_oper_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_oper_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass;
int ret;
int32_t ret;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
@ -42,7 +42,7 @@ int start_oper_irc(int s, char *ip, int port, unsigned char options, char *miscp
return 2;
}
int send_nick(int s, char *ip, char *pass) {
int32_t send_nick(int32_t s, char *ip, char *pass) {
if (strlen(pass) > 0) {
sprintf(buffer, "PASS %s\r\n", pass);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
@ -53,14 +53,14 @@ int send_nick(int s, char *ip, char *pass) {
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return -1;
}
sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int) getpid(), (int) getpid(), hydra_address2string(ip));
sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int32_t) getpid(), (int32_t) getpid(), hydra_address2string(ip));
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return -1;
}
return 0;
}
int irc_server_connect(char *ip, int sock, int port, unsigned char options, char *hostname) {
int32_t irc_server_connect(char *ip, int32_t sock, int32_t port, unsigned char options, char *hostname) {
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(275);
@ -78,17 +78,17 @@ int irc_server_connect(char *ip, int sock, int port, unsigned char options, char
return sock;
}
int start_pass_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *hostname) {
int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname) {
char *empty = "";
char *pass;
int ret;
int32_t ret;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
s = irc_server_connect(ip, s, port, options, hostname);
if (s < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
return 3;
}
@ -118,8 +118,8 @@ int start_pass_irc(int s, char *ip, int port, unsigned char options, char *miscp
return 4;
}
void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1, ret;
void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1, ret;
char *buf;
hydra_register_socket(sp);
@ -133,7 +133,7 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE *
sock = irc_server_connect(ip, sock, port, options, hostname);
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
@ -209,7 +209,7 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
}
int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -222,3 +222,7 @@ int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FIL
return 0;
}
void usage_irc(const char* service) {
printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n");
}

45
hydra-ldap.c
View file

@ -4,15 +4,15 @@
extern char *HYDRA_EXIT;
unsigned char *buf;
int counter;
int tls_required = 0;
int32_t counter;
int32_t tls_required = 0;
int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char version, int auth_method) {
int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char version, int32_t auth_method) {
char *empty = "";
char *login = "", *pass, *fooptr = "";
unsigned char buffer[512];
int length = 0;
int ldap_auth_mechanism = auth_method;
int32_t length = 0;
int32_t ldap_auth_mechanism = auth_method;
/*
The LDAP "simple" method has three modes of operation:
@ -170,7 +170,7 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr,
if (ldap_auth_mechanism == AUTH_DIGESTMD5) {
char *ptr;
char buffer2[500];
int ind = 0;
int32_t ind = 0;
ptr = strstr((char *) buf, "realm=");
@ -351,9 +351,9 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr,
return 2;
}
void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname, char version, int auth_method) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_LDAP, mysslport = PORT_LDAP_SSL;
void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char version, int32_t auth_method) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_LDAP, mysslport = PORT_LDAP_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -377,7 +377,7 @@ void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
counter = 1;
@ -425,23 +425,23 @@ void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
}
void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_ldap(ip, sp, options, miscptr, fp, port, hostname, 2, AUTH_CLEAR);
}
void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CLEAR);
}
void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CRAMMD5);
}
void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_DIGESTMD5);
}
int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -451,6 +451,21 @@ int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FI
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
if (strlen(miscptr) > 220) {
fprintf(stderr, "[ERROR] the option string to this module may not be larger than 220 bytes\n");
return -1;
}
return 0;
}
void usage_ldap(const char* service) {
printf("Module %s is optionally taking the DN (depending of the auth method choosed\n"
"Note: you can also specify the DN as login when Simple auth method is used).\n"
"The keyword \"^USER^\" is replaced with the login.\n"
"Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n"
"unauthenticated (user but no pass), user/pass authenticated (user and pass).\n"
"So don't forget to set empty string as user/pass to test all modes.\n"
"Hint: to authenticate to a windows active directy ldap, this is usually\n"
" cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", service);
}

212
hydra-mod.c
View file

@ -27,27 +27,27 @@
#define SOCKS_DOMAIN 3
#define SOCKS_IPV6 4
extern int conwait;
extern int32_t conwait;
char quiet;
int do_retry = 1;
int module_auth_type = -1;
int intern_socket, extern_socket;
int32_t do_retry = 1;
int32_t module_auth_type = -1;
int32_t intern_socket, extern_socket;
char pair[260];
char HYDRA_EXIT[5] = "\x00\xff\x00\xff\x00";
char *HYDRA_EMPTY = "\x00\x00\x00\x00";
char *fe80 = "\xfe\x80\x00";
int fail = 0;
int alarm_went_off = 0;
int use_ssl = 0;
int32_t fail = 0;
int32_t alarm_went_off = 0;
int32_t use_ssl = 0;
char ipaddr_str[64];
int src_port = 0;
int __fck = 0;
int ssl_first = 1;
int __first_connect = 1;
int32_t src_port = 0;
int32_t __fck = 0;
int32_t ssl_first = 1;
int32_t __first_connect = 1;
char ipstring[64];
unsigned int colored_output = 1;
uint32_t colored_output = 1;
char quiet = 0;
int old_ssl = 0;
int32_t old_ssl = 0;
#ifdef LIBOPENSSL
SSL *ssl = NULL;
@ -56,7 +56,7 @@ RSA *rsa = NULL;
#endif
/* prototype */
int my_select(int fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec);
int32_t my_select(int32_t fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec);
/* ----------------- alarming functions ---------------- */
void alarming() {
@ -66,14 +66,14 @@ void alarming() {
/* uh, I think it's not good for performance if we try to reconnect to a timeout system!
* if (fail > MAX_CONNECT_RETRY) {
*/
//fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", (int) getpid());
//fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", (int32_t) getpid());
if (debug)
printf("DEBUG_CONNECT_TIMEOUT\n");
hydra_child_exit(1);
/*
* } else {
* if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], retrying (%d of %d retries)\n", (int)getpid(), fail, MAX_CONNECT_RETRY);
* if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], retrying (%d of %d retries)\n", (int32_t)getpid(), fail, MAX_CONNECT_RETRY);
* }
*/
}
@ -85,8 +85,8 @@ void interrupt() {
/* ----------------- internal functions ----------------- */
int internal__hydra_connect(char *host, int port, int protocol, int type) {
int s, ret = -1, ipv6 = 0, reset_selected = 0;
int32_t internal__hydra_connect(char *host, int32_t port, int32_t protocol, int32_t type) {
int32_t s, ret = -1, ipv6 = 0, reset_selected = 0;
#ifdef AF_INET6
struct sockaddr_in6 target6;
@ -95,7 +95,7 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) {
struct sockaddr_in target;
struct sockaddr_in sin;
char *buf, *tmpptr = NULL;
int err = 0;
int32_t err = 0;
if (proxy_count > 0 && use_proxy > 0 && selected_proxy == -1) {
reset_selected = 1;
@ -117,7 +117,7 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) {
s = socket(PF_INET, protocol, type);
if (s >= 0) {
if (src_port != 0) {
int bind_ok = 0;
int32_t bind_ok = 0;
#ifdef AF_INET6
if (ipv6) {
@ -221,9 +221,9 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) {
fail++;
if (verbose ) {
if (do_retry && fail <= MAX_CONNECT_RETRY)
fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int) getpid(), fail, MAX_CONNECT_RETRY);
fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int32_t) getpid(), fail, MAX_CONNECT_RETRY);
else
fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int) getpid());
fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int32_t) getpid());
}
}
} while (ret < 0 && fail <= MAX_CONNECT_RETRY && do_retry);
@ -232,7 +232,7 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) {
printf("DEBUG_CONNECT_UNREACHABLE\n");
/* we wont quit here, thats up to the module to decide what to do
* fprintf(stderr, "Process %d: Can not connect [unreachable], process exiting\n", (int)getpid());
* fprintf(stderr, "Process %d: Can not connect [unreachable], process exiting\n", (int32_t)getpid());
* hydra_child_exit(1);
*/
extern_socket = -1;
@ -317,7 +317,7 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) {
hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt);
err = 1;
}
if ((unsigned int) buf[1] == SOCKS_NOMETHOD) {
if ((unsigned char) buf[1] == SOCKS_NOMETHOD) {
hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n");
err = 1;
}
@ -329,7 +329,7 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) {
char *login = strtok(proxy_authentication[selected_proxy], ":");
char *pass = strtok(NULL, ":");
snprintf(buf, sizeof(buf), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass);
snprintf(buf, 4096, "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass);
cnt = hydra_send(s, buf, strlen(buf), 0);
if (cnt != strlen(buf)) {
@ -457,8 +457,8 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) {
}
#if defined(LIBOPENSSL) && !defined(LIBRESSL_VERSION_NUMBER)
RSA *ssl_temp_rsa_cb(SSL * ssl, int export, int keylength) {
int ok = 0;
RSA *ssl_temp_rsa_cb(SSL * ssl, int32_t export, int32_t keylength) {
int32_t ok = 0;
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
BIGNUM *n;
n = BN_new();
@ -490,10 +490,11 @@ RSA *ssl_temp_rsa_cb(SSL * ssl, int export, int keylength) {
#endif
return rsa;
}
#endif
int internal__hydra_connect_to_ssl(int socket, char *hostname) {
int err;
#if defined(LIBOPENSSL)
int32_t internal__hydra_connect_to_ssl(int32_t socket, char *hostname) {
int32_t err;
if (ssl_first) {
SSL_load_error_strings();
@ -513,10 +514,9 @@ int internal__hydra_connect_to_ssl(int socket, char *hostname) {
return -1;
}
} else {
// if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) {
#ifndef TLSv1_2_client_method
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define TLSv1_2_client_method TLSv1_client_method
#define TLSv1_2_client_method TLSv1_2_client_method
#else
#define TLSv1_2_client_method TLS_client_method
#endif
@ -574,8 +574,8 @@ int internal__hydra_connect_to_ssl(int socket, char *hostname) {
return socket;
}
int internal__hydra_connect_ssl(char *host, int port, int protocol, int type, char *hostname) {
int socket;
int32_t internal__hydra_connect_ssl(char *host, int32_t port, int32_t protocol, int32_t type, char *hostname) {
int32_t socket;
if ((socket = internal__hydra_connect(host, port, protocol, type)) < 0)
return -1;
@ -584,7 +584,7 @@ int internal__hydra_connect_ssl(char *host, int port, int protocol, int type, ch
}
#endif
int internal__hydra_recv(int socket, char *buf, int length) {
int32_t internal__hydra_recv(int32_t socket, char *buf, uint32_t length) {
#ifdef LIBOPENSSL
if (use_ssl) {
return SSL_read(ssl, buf, length);
@ -593,7 +593,7 @@ int internal__hydra_recv(int socket, char *buf, int length) {
return recv(socket, buf, length, 0);
}
int internal__hydra_send(int socket, char *buf, int size, int options) {
int32_t internal__hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options) {
#ifdef LIBOPENSSL
if (use_ssl) {
return SSL_write(ssl, buf, size);
@ -604,7 +604,7 @@ int internal__hydra_send(int socket, char *buf, int size, int options) {
/* ------------------ public functions ------------------ */
void hydra_child_exit(int code) {
void hydra_child_exit(int32_t code) {
char buf[2];
if (debug)
@ -628,7 +628,7 @@ void hydra_child_exit(int code) {
exit(0); // might be killed before reaching this
}
void hydra_register_socket(int s) {
void hydra_register_socket(int32_t s) {
intern_socket = s;
}
@ -694,21 +694,21 @@ void hydra_report_debug(FILE * st, char *format, ...) {
char bufOut[33000];
char temp[6];
unsigned char cTemp;
int i = 0;
int32_t i = 0, len;
if (format == NULL) {
fprintf(stderr, "[ERROR] no msg passed.\n");
} else {
va_start(ap, format);
memset(bufOut, 0, sizeof(bufOut));
memset(buf, 0, 512);
vsnprintf(buf, sizeof(buf), format, ap);
memset(buf, 0, sizeof(buf));
len = vsnprintf(buf, sizeof(buf), format, ap);
// Convert any chars less than 32d or greater than 126d to hex
for (i = 0; i < sizeof(buf); i++) {
for (i = 0; i < len; i++) {
memset(temp, 0, 6);
cTemp = (unsigned char) buf[i];
if ((cTemp < 32 && cTemp > 0) || cTemp > 126) {
if (cTemp < 32 || cTemp > 126) {
sprintf(temp, "[%02X]", cTemp);
} else
sprintf(temp, "%c", cTemp);
@ -724,7 +724,7 @@ void hydra_report_debug(FILE * st, char *format, ...) {
return;
}
void hydra_report_found(int port, char *svc, FILE * fp) {
void hydra_report_found(int32_t port, char *svc, FILE * fp) {
/*
if (!strcmp(svc, "rsh"))
if (colored_output)
@ -748,7 +748,7 @@ void hydra_report_found(int port, char *svc, FILE * fp) {
}
/* needed for irc module to display the general server password */
void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp) {
void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE * fp) {
/*
strcpy(ipaddr_str, hydra_address2string(ip));
if (colored_output)
@ -761,7 +761,7 @@ void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp) {
*/
}
void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp) {
void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE * fp) {
/* char *keyw = "password";
strcpy(ipaddr_str, hydra_address2string(ip));
@ -802,7 +802,7 @@ void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp) {
*/
}
void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg) {
void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE * fp, char *msg) {
/*
strcpy(ipaddr_str, hydra_address2string(ip));
if (colored_output)
@ -816,7 +816,7 @@ void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char
*/
}
int hydra_connect_to_ssl(int socket, char *hostname) {
int32_t hydra_connect_to_ssl(int32_t socket, char *hostname) {
#ifdef LIBOPENSSL
return (internal__hydra_connect_to_ssl(socket, hostname));
#else
@ -825,7 +825,7 @@ int hydra_connect_to_ssl(int socket, char *hostname) {
#endif
}
int hydra_connect_ssl(char *host, int port, char *hostname) {
int32_t hydra_connect_ssl(char *host, int32_t port, char *hostname) {
if (__first_connect != 0)
__first_connect = 0;
else
@ -838,7 +838,7 @@ int hydra_connect_ssl(char *host, int port, char *hostname) {
#endif
}
int hydra_connect_tcp(char *host, int port) {
int32_t hydra_connect_tcp(char *host, int32_t port) {
if (__first_connect != 0)
__first_connect = 0;
else
@ -846,7 +846,7 @@ int hydra_connect_tcp(char *host, int port) {
return (internal__hydra_connect(host, port, SOCK_STREAM, 6));
}
int hydra_connect_udp(char *host, int port) {
int32_t hydra_connect_udp(char *host, int32_t port) {
if (__first_connect != 0)
__first_connect = 0;
else
@ -854,7 +854,7 @@ int hydra_connect_udp(char *host, int port) {
return (internal__hydra_connect(host, port, SOCK_DGRAM, 17));
}
int hydra_disconnect(int socket) {
int32_t hydra_disconnect(int32_t socket) {
#ifdef LIBOPENSSL
if (use_ssl && SSL_get_fd(ssl) == socket) {
/* SSL_shutdown(ssl); ...skip this--it slows things down */
@ -869,7 +869,7 @@ int hydra_disconnect(int socket) {
return -1;
}
int hydra_data_ready_writing_timed(int socket, long sec, long usec) {
int32_t hydra_data_ready_writing_timed(int32_t socket, long sec, long usec) {
fd_set fds;
FD_ZERO(&fds);
@ -877,11 +877,11 @@ int hydra_data_ready_writing_timed(int socket, long sec, long usec) {
return (my_select(socket + 1, &fds, NULL, NULL, sec, usec));
}
int hydra_data_ready_writing(int socket) {
int32_t hydra_data_ready_writing(int32_t socket) {
return (hydra_data_ready_writing_timed(socket, 30, 0));
}
int hydra_data_ready_timed(int socket, long sec, long usec) {
int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec) {
fd_set fds;
FD_ZERO(&fds);
@ -889,12 +889,12 @@ int hydra_data_ready_timed(int socket, long sec, long usec) {
return (my_select(socket + 1, &fds, NULL, NULL, sec, usec));
}
int hydra_data_ready(int socket) {
int32_t hydra_data_ready(int32_t socket) {
return (hydra_data_ready_timed(socket, 0, 100));
}
int hydra_recv(int socket, char *buf, int length) {
int ret;
int32_t hydra_recv(int32_t socket, char *buf, uint32_t length) {
int32_t ret;
char text[64];
ret = internal__hydra_recv(socket, buf, length);
@ -906,8 +906,8 @@ int hydra_recv(int socket, char *buf, int length) {
return ret;
}
int hydra_recv_nb(int socket, char *buf, int length) {
int ret = -1;
int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length) {
int32_t ret = -1;
char text[64];
if (hydra_data_ready_timed(socket, (long) waittime, 0) > 0) {
@ -928,9 +928,9 @@ int hydra_recv_nb(int socket, char *buf, int length) {
return ret;
}
char *hydra_receive_line(int socket) {
char *hydra_receive_line(int32_t socket) {
char buf[1024], *buff, *buff2, text[64];
int i, j = 1, k, got = 0;
int32_t i, j = 1, k, got = 0;
if ((buff = malloc(sizeof(buf))) == NULL) {
fprintf(stderr, "[ERROR] could not malloc\n");
@ -1001,14 +1001,14 @@ char *hydra_receive_line(int socket) {
return buff;
}
int hydra_send(int socket, char *buf, int size, int options) {
int32_t hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options) {
char text[64];
if (debug) {
sprintf(text, "[DEBUG] SEND [pid:%d]", getpid());
hydra_dump_data(buf, size, text);
/* int k;
/* int32_t k;
char *debugbuf = malloc(size + 1);
if (debugbuf != NULL) {
@ -1027,25 +1027,30 @@ int hydra_send(int socket, char *buf, int size, int options) {
return (internal__hydra_send(socket, buf, size, options));
}
int make_to_lower(char *buf) {
int32_t make_to_lower(char *buf) {
if (buf == NULL)
return 1;
while (buf[0] != 0) {
buf[0] = tolower((int) buf[0]);
buf[0] = tolower((int32_t) buf[0]);
buf++;
}
return 1;
}
char *hydra_strrep(char *string, char *oldpiece, char *newpiece) {
int str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len;
char *c, oldstring[1024], newstring[1024];
static char finalstring[1024];
int32_t str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len;
char *c, oldstring[6096], newstring[6096]; //updated due to issue 192 on github.
static char finalstring[6096];
if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1
|| (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece)))
return NULL;
if (strlen(string) > 6000) {
hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6000 characters.\n");
exit(-1);
}
strcpy(newstring, string);
strcpy(oldstring, string);
@ -1097,15 +1102,15 @@ unsigned char hydra_conv64(unsigned char in) {
}
}
void hydra_tobase64(unsigned char *buf, int buflen, int bufsize) {
void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize) {
unsigned char small[3] = { 0, 0, 0 };
unsigned char big[5];
unsigned char *ptr = buf;
int i = bufsize;
unsigned int len = 0;
uint32_t i = bufsize;
uint32_t len = 0;
unsigned char bof[i];
if (buf == NULL || strlen((char *) buf) == 0)
if (buf == NULL || strlen((char *) buf) == 0 || buflen == 0)
return;
bof[0] = 0;
memset(big, 0, sizeof(big));
@ -1146,12 +1151,12 @@ void hydra_tobase64(unsigned char *buf, int buflen, int bufsize) {
strcpy((char *) buf, (char *) bof); /* can not overflow */
}
void hydra_dump_asciihex(unsigned char *string, int length) {
void hydra_dump_asciihex(unsigned char *string, int32_t length) {
unsigned char *p = (unsigned char *) string;
unsigned char lastrow_data[16];
int rows = length / HYDRA_DUMP_ROWS;
int lastrow = length % HYDRA_DUMP_ROWS;
int i, j;
int32_t rows = length / HYDRA_DUMP_ROWS;
int32_t lastrow = length % HYDRA_DUMP_ROWS;
int32_t i, j;
for (i = 0; i < rows; i++) {
printf("%04hx: ", i * 16);
@ -1222,16 +1227,45 @@ char *hydra_address2string(char *address) {
return NULL; // not reached
}
void hydra_set_srcport(int port) {
char *hydra_address2string_beautiful(char *address) {
struct sockaddr_in target;
struct sockaddr_in6 target6;
if (address[0] == 4) {
memcpy(&target.sin_addr.s_addr, &address[1], 4);
return inet_ntoa((struct in_addr) target.sin_addr);
} else
#ifdef AF_INET6
if (address[0] == 16) {
memcpy(&target6.sin6_addr, &address[1], 16);
ipstring[0] = '[';
inet_ntop(AF_INET6, &target6.sin6_addr, ipstring + 1, sizeof(ipstring) - 1);
if (address[17] != 0) {
strcat(ipstring, "%");
strcat(ipstring, address + 17);
}
strcat(ipstring, "]");
return ipstring;
} else
#endif
{
if (debug)
fprintf(stderr, "[ERROR] unknown address string size!\n");
return NULL;
}
return NULL; // not reached
}
void hydra_set_srcport(int32_t port) {
src_port = port;
}
#ifdef HAVE_PCRE
int hydra_string_match(char *str, const char *regex) {
int32_t hydra_string_match(char *str, const char *regex) {
pcre *re = NULL;
int offset_error = 0;
int32_t offset_error = 0;
const char *error = NULL;
int rc = 0;
int32_t rc = 0;
re = pcre_compile(regex, PCRE_CASELESS | PCRE_DOTALL, &error, &offset_error, NULL);
if (re == NULL) {
@ -1282,11 +1316,11 @@ char *hydra_strcasestr(const char *haystack, const char *needle) {
return NULL;
for (; *haystack; ++haystack) {
if (toupper((int) *haystack) == toupper((int) *needle)) {
if (toupper((int32_t) *haystack) == toupper((int32_t) *needle)) {
const char *h, *n;
for (h = haystack, n = needle; *h && *n; ++h, ++n) {
if (toupper((int) *h) != toupper((int) *n)) {
if (toupper((int32_t) *h) != toupper((int32_t) *n)) {
break;
}
}
@ -1298,12 +1332,12 @@ char *hydra_strcasestr(const char *haystack, const char *needle) {
return NULL;
}
void hydra_dump_data(unsigned char *buf, int len, char *text) {
void hydra_dump_data(unsigned char *buf, int32_t len, char *text) {
unsigned char *p = (unsigned char *) buf;
unsigned char lastrow_data[16];
int rows = len / 16;
int lastrow = len % 16;
int i, j;
int32_t rows = len / 16;
int32_t lastrow = len % 16;
int32_t i, j;
if (text != NULL && text[0] != 0)
printf("%s (%d bytes):\n", text, len);
@ -1357,8 +1391,8 @@ void hydra_dump_data(unsigned char *buf, int len, char *text) {
}
}
int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen) {
int i;
int32_t hydra_memsearch(char *haystack, int32_t hlen, char *needle, int32_t nlen) {
int32_t i;
for (i = 0; i <= hlen - nlen; i++)
if (memcmp(haystack + i, needle, nlen) == 0)

67
hydra-mod.h
View file

@ -5,60 +5,61 @@
extern char quiet;
extern void hydra_child_exit(int code);
extern void hydra_register_socket(int s);
extern void hydra_child_exit(int32_t code);
extern void hydra_register_socket(int32_t s);
extern char *hydra_get_next_pair();
extern char *hydra_get_next_login();
extern char *hydra_get_next_password();
extern void hydra_completed_pair();
extern void hydra_completed_pair_found();
extern void hydra_completed_pair_skip();
extern void hydra_report_found(int port, char *svc, FILE * fp);
extern void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp);
extern void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp);
extern void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg);
extern void hydra_report_found(int32_t port, char *svc, FILE * fp);
extern void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE * fp);
extern void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE * fp);
extern void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE * fp, char *msg);
extern void hydra_report_debug(FILE *st, char *format, ...);
extern int hydra_connect_to_ssl(int socket, char *hostname);
extern int hydra_connect_ssl(char *host, int port, char *hostname);
extern int hydra_connect_tcp(char *host, int port);
extern int hydra_connect_udp(char *host, int port);
extern int hydra_disconnect(int socket);
extern int hydra_data_ready(int socket);
extern int hydra_recv(int socket, char *buf, int length);
extern int hydra_recv_nb(int socket, char *buf, int length);
extern char *hydra_receive_line(int socket);
extern int hydra_send(int socket, char *buf, int size, int options);
extern int make_to_lower(char *buf);
extern int32_t hydra_connect_to_ssl(int32_t socket, char *hostname);
extern int32_t hydra_connect_ssl(char *host, int32_t port, char *hostname);
extern int32_t hydra_connect_tcp(char *host, int32_t port);
extern int32_t hydra_connect_udp(char *host, int32_t port);
extern int32_t hydra_disconnect(int32_t socket);
extern int32_t hydra_data_ready(int32_t socket);
extern int32_t hydra_recv(int32_t socket, char *buf, uint32_t length);
extern int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length);
extern char *hydra_receive_line(int32_t socket);
extern int32_t hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options);
extern int32_t make_to_lower(char *buf);
extern unsigned char hydra_conv64(unsigned char in);
extern void hydra_tobase64(unsigned char *buf, int buflen, int bufsize);
extern void hydra_dump_asciihex(unsigned char *string, int length);
extern void hydra_set_srcport(int port);
extern void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize);
extern void hydra_dump_asciihex(unsigned char *string, int32_t length);
extern void hydra_set_srcport(int32_t port);
extern char *hydra_address2string(char *address);
extern char *hydra_address2string_beautiful(char *address);
extern char *hydra_strcasestr(const char *haystack, const char *needle);
extern void hydra_dump_data(unsigned char *buf, int len, char *text);
extern int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen);
extern void hydra_dump_data(unsigned char *buf, int32_t len, char *text);
extern int32_t hydra_memsearch(char *haystack, int32_t hlen, char *needle, int32_t nlen);
extern char *hydra_strrep(char *string, char *oldpiece, char *newpiece);
#ifdef HAVE_PCRE
int hydra_string_match(char *str, const char *regex);
int32_t hydra_string_match(char *str, const char *regex);
#endif
char *hydra_string_replace(const char *string, const char *substr, const char *replacement);
int debug;
int verbose;
int waittime;
int port;
int found;
int proxy_count;
int use_proxy;
int selected_proxy;
int32_t debug;
int32_t verbose;
int32_t waittime;
int32_t port;
int32_t found;
int32_t proxy_count;
int32_t use_proxy;
int32_t selected_proxy;
char proxy_string_ip[MAX_PROXY_COUNT][36];
int proxy_string_port[MAX_PROXY_COUNT];
int32_t proxy_string_port[MAX_PROXY_COUNT];
char proxy_string_type[MAX_PROXY_COUNT][10];
char *proxy_authentication[MAX_PROXY_COUNT];
char *cmdlinetarget;
typedef int BOOL;
typedef int32_t BOOL;
#define hydra_report fprintf

14
hydra-mssql.c
View file

@ -45,13 +45,13 @@ unsigned char p_lng[] =
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" "\x00\x03\x00\x00\x00";
int start_mssql(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[1024];
char ms_login[MSLEN + 1];
char ms_pass[MSLEN + 1];
unsigned char len_login, len_pass;
int ret = -1;
int32_t ret = -1;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
@ -107,9 +107,9 @@ int start_mssql(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1;
}
void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL;
void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -129,7 +129,7 @@ void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = start_mssql(sock, ip, port, options, miscptr, fp);
@ -153,7 +153,7 @@ void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE
}
}
int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

32
hydra-mysql.c
View file

@ -11,7 +11,7 @@ void dummy_mysql() {
printf("\n");
}
void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
printf("\n");
}
#else
@ -35,16 +35,16 @@ MYSQL *mysql = NULL;
void hydra_hash_password(unsigned long *result, const char *password);
char *hydra_scramble(char *to, const char *message, const char *password);
extern int internal__hydra_recv(int socket, char *buf, int length);
extern int hydra_data_ready_timed(int socket, long sec, long usec);
extern int32_t internal__hydra_recv(int32_t socket, char *buf, int32_t length);
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
extern char *HYDRA_EXIT;
char mysqlsalt[9];
/* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */
char *hydra_mysql_receive_line(int socket) {
char *hydra_mysql_receive_line(int32_t socket) {
char buf[300], *buff, *buff2;
int i = 0, j = 0, buff_size = 300;
int32_t i = 0, j = 0, buff_size = 300;
buff = malloc(buff_size);
if (buff == NULL)
@ -87,7 +87,7 @@ char *hydra_mysql_receive_line(int socket) {
}
/* check if valid mysql protocol, mysql version and read salt */
char hydra_mysql_init(int sock) {
char hydra_mysql_init(int32_t sock) {
char *server_version, *pos, *buf;
unsigned char protocol;
@ -169,14 +169,14 @@ char hydra_mysql_parse_response(unsigned char *response) {
return 0;
}
char hydra_mysql_send_com_quit(int sock) {
char hydra_mysql_send_com_quit(int32_t sock) {
char com_quit_packet[5] = { 0x01, 0x00, 0x00, 0x00, 0x01 };
hydra_send(sock, com_quit_packet, 5, 0);
return 0;
}
int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *response = NULL, *login = NULL, *pass = NULL;
unsigned long response_len;
char res = 0;
@ -213,7 +213,7 @@ int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscp
}
/*mysql_options(&mysql,MYSQL_OPT_COMPRESS,0); */
if (!mysql_real_connect(mysql, hydra_address2string(ip), login, pass, database, 0, NULL, 0)) {
int my_errno = mysql_errno(mysql);
int32_t my_errno = mysql_errno(mysql);
if (debug)
hydra_report(stderr, "[ERROR] Failed to connect to database: %s\n", mysql_error(mysql));
@ -308,9 +308,9 @@ int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscp
return 1;
}
void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_MYSQL;
void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_MYSQL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -330,7 +330,7 @@ void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE
port = myport;
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -424,7 +424,7 @@ char *hydra_scramble(char *to, const char *message, const char *password) {
}
#endif
int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -437,3 +437,7 @@ int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, F
return 0;
}
void usage_mysql(const char* service) {
printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n");
}

29
hydra-ncp.c
View file

@ -1,4 +1,3 @@
/*
* Novell Network Core Protocol Support - by David Maciejak @ GMAIL dot com
* Tested on Netware 6.5
@ -26,7 +25,7 @@ void dummy_ncp() {
#include <ncp/nwcalls.h>
extern char *HYDRA_EXIT;
extern int child_head_no;
extern int32_t child_head_no;
typedef struct __NCP_DATA {
struct ncp_conn_spec spec;
@ -37,14 +36,14 @@ typedef struct __NCP_DATA {
//uncomment line below to see more trace stack
//#define NCP_DEBUG
int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *login;
char *pass;
char context[256];
unsigned int ncp_lib_error_code;
uint32_t ncp_lib_error_code;
char *empty = "";
int object_type = NCP_BINDERY_USER;
int32_t object_type = NCP_BINDERY_USER;
_NCP_DATA *session;
@ -64,8 +63,10 @@ int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 4;
}
memset(context, 0, sizeof(context));
strncpy(context, login, strlen(login));
strncpy(context + strlen(login), miscptr, sizeof(miscptr) + 1);
strncpy(context, login, sizeof(context) - 2);
context[sizeof(context) - 2] = 0;
strncpy(context + strlen(login), miscptr, sizeof(context) - strlen(login) - 1);
context[sizeof(context) - 1] = 0;
login = context;
}
}
@ -133,9 +134,9 @@ int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 1; //reconnect
}
void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_NCP;
void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_NCP;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -151,7 +152,7 @@ void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
sock = hydra_connect_tcp(ip, myport);
port = myport;
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -182,7 +183,7 @@ void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
#endif
int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -195,3 +196,7 @@ int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FIL
return 0;
}
void usage_ncp(const char* service) {
printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n");
}

38
hydra-nntp.c
View file

@ -10,14 +10,14 @@ RFC 4643: Network News Transfer Protocol (NNTP) Extension for Authentication
*/
int nntp_auth_mechanism = AUTH_CLEAR;
int32_t nntp_auth_mechanism = AUTH_CLEAR;
extern char *HYDRA_EXIT;
char *buf;
char *nntp_read_server_capacity(int sock) {
char *nntp_read_server_capacity(int32_t sock) {
char *ptr = NULL;
int resp = 0;
int32_t resp = 0;
char *buf = NULL;
do {
@ -25,20 +25,20 @@ char *nntp_read_server_capacity(int sock) {
free(buf);
ptr = buf = hydra_receive_line(sock);
if (buf != NULL) {
if (isdigit((int) buf[0]) && buf[3] == ' ')
if (isdigit((int32_t) buf[0]) && buf[3] == ' ')
resp = 1;
else {
if (buf[strlen(buf) - 1] == '\n')
buf[strlen(buf) - 1] = 0;
if (buf[strlen(buf) - 1] == '\r')
buf[strlen(buf) - 1] = 0;
#ifdef NO_RINDEX
if ((ptr = strrchr(buf, '\n')) != NULL) {
#else
#ifdef NO_STRRCHR
if ((ptr = rindex(buf, '\n')) != NULL) {
#else
if ((ptr = strrchr(buf, '\n')) != NULL) {
#endif
ptr++;
if (isdigit((int) *ptr) && *(ptr + 3) == ' ')
if (isdigit((int32_t) *ptr) && *(ptr + 3) == ' ')
resp = 1;
}
}
@ -47,10 +47,10 @@ char *nntp_read_server_capacity(int sock) {
return buf;
}
int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "\"\"";
char *login, *pass, buffer[500], buffer2[500], *fooptr;
int i = 1;
int32_t i = 1;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
@ -121,7 +121,7 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr,
break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:{
int rc = 0;
int32_t rc = 0;
char *preplogin;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
@ -266,9 +266,9 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr,
return 2;
}
void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int i = 0, run = 1, next_run = 1, sock = -1;
int myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0;
void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t i = 0, run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0;
char *buffer1 = "CAPABILITIES\r\n";
hydra_register_socket(sp);
@ -293,7 +293,7 @@ void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
// usleepn(300);
@ -405,7 +405,7 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
miscptr[i] = (char) toupper((int32_t) miscptr[i]);
if (strncmp(miscptr, "USER", 4) == 0)
nntp_auth_mechanism = AUTH_CLEAR;
@ -472,7 +472,7 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5
}
}
int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -485,3 +485,7 @@ int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FI
return 0;
}
void usage_nntp(const char* service) {
printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n");
}

45
hydra-oracle-listener.c
View file

@ -1,4 +1,3 @@
/*
david:
@ -18,18 +17,18 @@ void dummy_oracle_listener() {
printf("\n");
}
#else
#include <sasl.h>
#include "sasl.h"
#include <openssl/des.h>
#define HASHSIZE 17
extern char *HYDRA_EXIT;
char *buf;
unsigned char *hash;
int sid_mechanism = AUTH_PLAIN;
int32_t sid_mechanism = AUTH_PLAIN;
int initial_permutation(unsigned char **result, char *p_str, int *sz) {
int k = 0;
int i = strlen(p_str);
int32_t initial_permutation(unsigned char **result, char *p_str, int32_t *sz) {
int32_t k = 0;
int32_t i = strlen(p_str);
char *buff;
//expand the string with zero so that length is a multiple of 4
@ -67,8 +66,8 @@ int initial_permutation(unsigned char **result, char *p_str, int *sz) {
return 0;
}
int ora_hash(unsigned char **orahash, unsigned char *buf, int len) {
int i;
int32_t ora_hash(unsigned char **orahash, unsigned char *buf, int32_t len) {
int32_t i;
if ((*orahash = malloc(HASHSIZE)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n");
@ -81,8 +80,8 @@ int ora_hash(unsigned char **orahash, unsigned char *buf, int len) {
return 0;
}
int convert_byteorder(unsigned char **result, int size) {
int i = 0;
int32_t convert_byteorder(unsigned char **result, int32_t size) {
int32_t i = 0;
char *buff;
if ((buff = malloc(size)) == NULL) {
@ -103,8 +102,8 @@ int convert_byteorder(unsigned char **result, int size) {
return 0;
}
int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) {
int i = 0;
int32_t ora_descrypt(unsigned char **rs, unsigned char *result, int32_t siz) {
int32_t i = 0;
char lastkey[8];
DES_key_schedule ks1;
unsigned char key1[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
@ -138,9 +137,9 @@ int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) {
return 0;
}
int ora_hash_password(char *pass) {
int32_t ora_hash_password(char *pass) {
// secret hash function comes here, and written to char *hash
int siz = 0;
int32_t siz = 0;
unsigned char *desresult;
unsigned char *result;
char buff[strlen(pass) + 5];
@ -180,7 +179,7 @@ int ora_hash_password(char *pass) {
return 0;
}
int start_oracle_listener(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
unsigned char tns_packet_begin[22] = {
"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00"
};
@ -192,7 +191,7 @@ int start_oracle_listener(int s, char *ip, int port, unsigned char options, char
char *pass;
char connect_string[200];
char buffer2[260];
int siz = 0;
int32_t siz = 0;
memset(connect_string, 0, sizeof(connect_string));
memset(buffer2, 0, sizeof(buffer2));
@ -258,9 +257,9 @@ int start_oracle_listener(int s, char *ip, int port, unsigned char options, char
return 1;
}
void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL;
void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -301,7 +300,7 @@ void service_oracle_listener(char *ip, int sp, unsigned char options, char *misc
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
/* run the cracking function */
@ -325,7 +324,7 @@ void service_oracle_listener(char *ip, int sp, unsigned char options, char *misc
}
}
int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -339,4 +338,8 @@ int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *
return 0;
}
void usage_oracle_listener(const char* service) {
printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n");
}
#endif

14
hydra-oracle-sid.c
View file

@ -23,7 +23,7 @@ char *buf;
unsigned char *hash;
int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
/*
PP is the packet length
XX is the length of connect data
@ -39,7 +39,7 @@ int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *mis
char *login;
char connect_string[200];
char buffer2[260];
int siz = 0;
int32_t siz = 0;
memset(connect_string, 0, sizeof(connect_string));
memset(buffer2, 0, sizeof(buffer2));
@ -85,9 +85,9 @@ int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *mis
return 1;
}
void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL;
void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -110,7 +110,7 @@ void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr,
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
/* run the cracking function */
@ -134,7 +134,7 @@ void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr,
}
}
int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

16
hydra-oracle.c
View file

@ -40,7 +40,7 @@ void print_oracle_error(char *err) {
}
}
int start_oracle(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[200], sid[100];
@ -132,9 +132,9 @@ int start_oracle(int s, char *ip, int port, unsigned char options, char *miscptr
return 1;
}
void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_ORACLE;
void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_ORACLE;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -158,7 +158,7 @@ void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -183,7 +183,7 @@ void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE
#endif
int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -196,3 +196,7 @@ int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr,
return 0;
}
void usage_oracle(const char* service) {
printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n");
}

36
hydra-pcanywhere.c
View file

@ -8,9 +8,9 @@
extern char *HYDRA_EXIT;
int pcadebug = 0;
int32_t pcadebug = 0;
int send_cstring(int s, char *crypted_string) {
int32_t send_cstring(int32_t s, char *crypted_string) {
char buffer2[100], *bptr = buffer2;
char clientcryptheader[] = "\x06";
@ -25,8 +25,8 @@ int send_cstring(int s, char *crypted_string) {
return hydra_send(s, buffer2, 2 + strlen(crypted_string), 0);
}
void show_buffer(char *buffer, int size) {
int i;
void show_buffer(char *buffer, int32_t size) {
int32_t i;
printf("size: %d, buffer:\n", size);
for (i = 0; i < size; i++) {
@ -35,11 +35,11 @@ void show_buffer(char *buffer, int size) {
printf("\n");
}
void clean_buffer(char *buf, int size) {
int i;
void clean_buffer(char *buf, int32_t size) {
int32_t i;
for (i = 0; i < size; i++) {
int pos = buf[i];
int32_t pos = buf[i];
if (pos < 32 || pos > 126) {
// . char
@ -49,7 +49,7 @@ void clean_buffer(char *buf, int size) {
}
void print_encrypted_str(char *str) {
int i;
int32_t i;
printf("encode string: ");
for (i = 0; i < strlen(str); i++) {
@ -60,7 +60,7 @@ void print_encrypted_str(char *str) {
void pca_encrypt(char *cleartxt) {
char passwd[128];
int i;
int32_t i;
strncpy(passwd, cleartxt, sizeof(passwd) - 1);
passwd[sizeof(passwd) - 1] = 0;
@ -76,7 +76,7 @@ void pca_encrypt(char *cleartxt) {
void pca_decrypt(char *password) {
char cleartext[128];
int i;
int32_t i;
if (strlen(password) > 0) {
cleartext[0] = password[0] ^ 0xab;
@ -92,17 +92,17 @@ void debugprintf(char *msg) {
printf("debug: %s\n", msg);
}
int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass;
char buffer[2048] = "";
char clogin[128] = "";
char cpass[128] = "";
int ret, i;
int32_t ret, i;
char *client[4];
char *server[5];
int clientsize[4];
int32_t clientsize[4];
client[0] = "\x00\x00\x00\x00";
clientsize[0] = 4;
@ -224,9 +224,9 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis
return 1;
}
void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_PCANYWHERE, mysslport = PORT_PCANYWHERE_SSL;
void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_PCANYWHERE, mysslport = PORT_PCANYWHERE_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -251,7 +251,7 @@ void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr,
port = mysslport;
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
@ -278,7 +278,7 @@ void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr,
}
}
int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

10
hydra-pcnfs.c
View file

@ -33,7 +33,7 @@ struct pr_auth_args {
/* Lets start ... */
int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[LEN_HDR_RPC + LEN_AUTH_UNIX + LEN_HDR_PCN_AUTH];
char *ptr, *pkt = buffer;
@ -136,8 +136,8 @@ int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1;
}
void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp);
if (port == 0) {
@ -161,7 +161,7 @@ void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE
sock = hydra_disconnect(sock);
// usleepn(275);
if ((sock = hydra_connect_udp(ip, port)) < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -183,7 +183,7 @@ void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE
}
}
int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

49
hydra-pop3.c
View file

@ -6,9 +6,9 @@
typedef struct pool_str {
char ip[36];
/* int port;*/// not needed
int pop3_auth_mechanism;
int disable_tls;
/* int32_t port;*/// not needed
int32_t pop3_auth_mechanism;
int32_t disable_tls;
struct pool_str *next;
} pool;
@ -18,7 +18,7 @@ char apop_challenge[300] = "";
pool *plist = NULL, *p = NULL;
/* functions */
int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname);
int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname);
pool *list_create(pool data) {
pool *p;
@ -59,9 +59,9 @@ pool *list_find(char *ip) {
/* how to know when to release the mem ?
-> well, after _start has determined which pool number it is */
int list_remove(pool * node) {
int32_t list_remove(pool * node) {
pool *save, *list = plist;
int ok = -1;
int32_t ok = -1;
if (list == NULL || node == NULL)
return -2;
@ -78,9 +78,9 @@ int list_remove(pool * node) {
return ok;
}
char *pop3_read_server_capacity(int sock) {
char *pop3_read_server_capacity(int32_t sock) {
char *ptr = NULL;
int resp = 0;
int32_t resp = 0;
char *buf = NULL;
do {
@ -117,7 +117,7 @@ STLS
return buf;
}
int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "\"\"";
char *login, *pass, buffer[500], buffer2[500], *fooptr;
@ -137,7 +137,7 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr,
case AUTH_APOP:{
MD5_CTX c;
unsigned char md5_raw[MD5_DIGEST_LENGTH];
int i;
int32_t i;
char *pbuffer = buffer2;
MD5_Init(&c);
@ -216,7 +216,7 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr,
case AUTH_CRAMMD5:
case AUTH_CRAMSHA1:
case AUTH_CRAMSHA256:{
int rc = 0;
int32_t rc = 0;
char *preplogin;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
@ -413,8 +413,8 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr,
return 2;
}
void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
char *ptr = NULL;
//extract data from the pool, ip is the key
@ -448,7 +448,7 @@ void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
buf = hydra_receive_line(sock);
@ -513,10 +513,10 @@ void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int myport = PORT_POP3, mysslport = PORT_POP3_SSL;
int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t myport = PORT_POP3, mysslport = PORT_POP3_SSL;
char *ptr = NULL;
int sock = -1;
int32_t sock = -1;
char *capa_str = "CAPA\r\n";
char *quit_str = "QUIT\r\n";
pool p;
@ -525,9 +525,6 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI
p.disable_tls = 1;
memcpy(p.ip, ip, 36);
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(300);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
@ -539,7 +536,7 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int32_t) getpid());
return -1;
}
buf = hydra_receive_line(sock);
@ -574,10 +571,10 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI
}
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
int i;
int32_t i;
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
miscptr[i] = (char) toupper((int32_t) miscptr[i]);
if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) {
p.disable_tls = 0;
@ -778,3 +775,9 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI
return 0;
}
void usage_pop3(const char* service) {
printf("Module pop3 is optionally taking one authentication type of:\n"
" CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
" CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n");
}

17
hydra-postgres.c
View file

@ -1,4 +1,3 @@
/*
* PostgresSQL Support - by Diaul (at) devilopers.org
*
@ -21,7 +20,7 @@ void dummy_postgres() {
extern char *HYDRA_EXIT;
int start_postgres(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass;
char database[256];
@ -66,9 +65,9 @@ int start_postgres(int s, char *ip, int port, unsigned char options, char *miscp
return 1;
}
void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_POSTGRES, mysslport = PORT_POSTGRES_SSL;
void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_POSTGRES, mysslport = PORT_POSTGRES_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -93,7 +92,7 @@ void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FI
port = mysslport;
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -119,7 +118,7 @@ void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FI
#endif
int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -132,3 +131,7 @@ int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr
return 0;
}
void usage_postgres(const char* service) {
printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n");
}

54
hydra-radmin2.c
View file

@ -10,10 +10,10 @@ extern char *HYDRA_EXIT;
//RAdmin 2.x
struct rmessage {
char magic; //Indicates version, probably?
unsigned int length; //Total message size of data.
unsigned int checksum; //Checksum from type to end of data.
char type; //Command type, table below.
uint8_t magic; //Indicates version, probably?
uint32_t length; //Total message size of data.
uint32_t checksum; //Checksum from type to end of data.
uint8_t type; //Command type, table below.
unsigned char data[32]; //data to be sent.
};
@ -24,23 +24,23 @@ struct rmessage {
* [01][00000021][0f43d461] sum([1b6e779a f37189bb c1b22982 c80d1f4d 66678ff9 4b10f0ce eabff6e8 f4fb8338 3b] + zeropad(3)])
* Sum: is 0f43d461 (big endian)
*/
unsigned int checksum(struct rmessage *msg) {
int blen;
unsigned char *stream;
unsigned int sum;
uint32_t checksum(struct rmessage *msg) {
int32_t blen;
uint8_t *stream;
uint32_t sum;
blen = msg->length; //Get the real length.
blen += (4 - (blen % 4));
//Allocate a worksapce.
stream = calloc(blen, sizeof(unsigned char));
memcpy(stream, &msg->type, sizeof(unsigned char));
stream = calloc(blen, sizeof(uint8_t));
memcpy(stream, &msg->type, sizeof(uint8_t));
memcpy(stream+1, msg->data, blen-1);
sum = 0;
for(blen -= sizeof(unsigned int); blen > 0; blen -= sizeof(unsigned int)) {
sum += *(unsigned int *)(stream + blen);
for(blen -= sizeof(uint32_t); blen > 0; blen -= sizeof(uint32_t)) {
sum += *(uint32_t *)(stream + blen);
}
sum += *(unsigned int *)stream;
sum += *(uint32_t *)stream;
//Free the workspace.
free(stream);
@ -127,10 +127,10 @@ struct rmessage *buffer2message(char *buffer) {
//Start parsing...
msg->magic = buffer[0];
buffer += sizeof(char);
msg->length = ntohl(*((unsigned int *)(buffer)));
buffer += sizeof(unsigned int);
msg->checksum = ntohl(*((unsigned int *)(buffer)));
buffer += sizeof(unsigned int);
msg->length = ntohl(*((uint32_t *)(buffer)));
buffer += sizeof(uint32_t);
msg->checksum = ntohl(*((uint32_t *)(buffer)));
buffer += sizeof(uint32_t);
msg->type = buffer[0];
buffer += sizeof(char);
@ -164,23 +164,23 @@ struct rmessage *buffer2message(char *buffer) {
}
int start_radmin2(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_radmin2(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
return 0;
}
void service_radmin2(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
#ifdef HAVE_GCRYPT
int sock = -1;
int index;
int bytecount;
int32_t sock = -1;
int32_t index;
int32_t bytecount;
char *request;
struct rmessage *msg;
int myport = PORT_RADMIN2;
int32_t myport = PORT_RADMIN2;
char buffer[42];
char password[101];
unsigned char rawkey[16];
unsigned char *IV = "\xFE\xDC\xBA\x98\x76\x54\x32\x10\xA3\x9D\x4A\x18\xF8\x5B\x4A\x52";
unsigned char encrypted[32];
uint8_t rawkey[16];
uint8_t *IV = "\xFE\xDC\xBA\x98\x76\x54\x32\x10\xA3\x9D\x4A\x18\xF8\x5B\x4A\x52";
uint8_t encrypted[32];
gcry_error_t err;
gcry_cipher_hd_t cipher;
gcry_md_hd_t md;
@ -347,7 +347,7 @@ void service_radmin2(char *ip, int sp, unsigned char options, char *miscptr, FIL
#endif
}
int service_radmin2_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_radmin2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

194
hydra-rdp.c
View file

@ -51,8 +51,8 @@ BOOL g_bitmap_cache = True;
BOOL g_bitmap_cache_persist_enable = False;
BOOL g_bitmap_compression = True;
BOOL g_desktop_save = True;
int g_server_depth = -1;
int os_version = 0; //2000
int32_t g_server_depth = -1;
int32_t os_version = 0; //2000
uint32 g_rdp5_performanceflags = RDP5_NO_WALLPAPER | RDP5_NO_FULLWINDOWDRAG | RDP5_NO_MENUANIMATIONS;
@ -73,7 +73,7 @@ uint8 g_client_random[SEC_RANDOM_SIZE];
#define LOGIN_UNKN 0
#define LOGIN_SUCC 1
#define LOGIN_FAIL 2
int login_result = LOGIN_UNKN;
int32_t login_result = LOGIN_UNKN;
uint8 *g_next_packet;
uint32 g_rdp_shareid;
@ -102,15 +102,15 @@ static RDP_ORDER_STATE g_order_state;
#define STREAM_COUNT 1
int g_sock;
int32_t g_sock;
static struct stream g_in;
static struct stream g_out[STREAM_COUNT];
/* wait till socket is ready to write or timeout */
static BOOL tcp_can_send(int sck, int millis) {
static BOOL tcp_can_send(int32_t sck, int32_t millis) {
fd_set wfds;
struct timeval time;
int sel_count;
int32_t sel_count;
time.tv_sec = millis / 1000;
time.tv_usec = (millis * 1000) % 1000000;
@ -125,7 +125,7 @@ static BOOL tcp_can_send(int sck, int millis) {
/* Initialise TCP transport data packet */
STREAM tcp_init(uint32 maxlen) {
static int cur_stream_id = 0;
static int32_t cur_stream_id = 0;
STREAM result = NULL;
result = &g_out[cur_stream_id];
@ -144,8 +144,8 @@ STREAM tcp_init(uint32 maxlen) {
/* Send TCP transport data packet */
void tcp_send(STREAM s) {
int length = s->end - s->data;
int sent, total = 0;
int32_t length = s->end - s->data;
int32_t sent, total = 0;
while (total < length) {
@ -167,7 +167,7 @@ void tcp_send(STREAM s) {
/* Receive a message on the TCP layer */
STREAM tcp_recv(STREAM s, uint32 length) {
uint32 new_length, end_offset, p_offset;
int rcvd = 0;
int32_t rcvd = 0;
if (s == NULL) {
/* read into "new" stream */
@ -227,7 +227,7 @@ char *tcp_get_address() {
/* reset the state of the tcp layer */
void tcp_reset_state(void) {
int i;
int32_t i;
g_sock = -1; /* reset socket */
@ -263,8 +263,8 @@ void tcp_reset_state(void) {
uint16 g_mcs_userid;
/* Parse an ASN.1 BER header */
static BOOL ber_parse_header(STREAM s, int tagval, int *length) {
int tag, len;
static BOOL ber_parse_header(STREAM s, int32_t tagval, int32_t *length) {
int32_t tag, len;
if (tagval > 0xff) {
@ -292,7 +292,7 @@ static BOOL ber_parse_header(STREAM s, int tagval, int *length) {
}
/* Output an ASN.1 BER header */
static void ber_out_header(STREAM s, int tagval, int length) {
static void ber_out_header(STREAM s, int32_t tagval, int32_t length) {
if (tagval > 0xff) {
@ -309,13 +309,13 @@ static void ber_out_header(STREAM s, int tagval, int length) {
}
/* Output an ASN.1 BER integer */
static void ber_out_integer(STREAM s, int value) {
static void ber_out_integer(STREAM s, int32_t value) {
ber_out_header(s, BER_TAG_INTEGER, 2);
out_uint16_be(s, value);
}
/* Output a DOMAIN_PARAMS structure (ASN.1 BER) */
static void mcs_out_domain_params(STREAM s, int max_channels, int max_users, int max_tokens, int max_pdusize) {
static void mcs_out_domain_params(STREAM s, int32_t max_channels, int32_t max_users, int32_t max_tokens, int32_t max_pdusize) {
ber_out_header(s, MCS_TAG_DOMAIN_PARAMS, 32);
ber_out_integer(s, max_channels);
ber_out_integer(s, max_users);
@ -329,7 +329,7 @@ static void mcs_out_domain_params(STREAM s, int max_channels, int max_users, int
/* Parse a DOMAIN_PARAMS structure (ASN.1 BER) */
static BOOL mcs_parse_domain_params(STREAM s) {
int length = 0;
int32_t length = 0;
ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length);
in_uint8s(s, length);
@ -339,8 +339,8 @@ static BOOL mcs_parse_domain_params(STREAM s) {
/* Send an MCS_CONNECT_INITIAL message (ASN.1 BER) */
static void mcs_send_connect_initial(STREAM mcs_data) {
int datalen = mcs_data->end - mcs_data->data;
int length = 9 + 3 * 34 + 4 + datalen;
int32_t datalen = mcs_data->end - mcs_data->data;
int32_t length = 9 + 3 * 34 + 4 + datalen;
STREAM s;
s = iso_init(length + 5);
@ -368,7 +368,7 @@ static void mcs_send_connect_initial(STREAM mcs_data) {
/* Expect a MCS_CONNECT_RESPONSE message (ASN.1 BER) */
static BOOL mcs_recv_connect_response(STREAM mcs_data) {
uint8 result;
int length = 0;
int32_t length = 0;
STREAM s;
s = iso_recv(NULL);
@ -504,7 +504,7 @@ static BOOL mcs_recv_cjcf(void) {
}
/* Initialise an MCS transport data packet */
STREAM mcs_init(int length) {
STREAM mcs_init(int32_t length) {
STREAM s;
s = iso_init(length + 8);
@ -618,7 +618,7 @@ static void iso_send_msg(uint8 code) {
static void iso_send_connection_request(char *username) {
STREAM s;
int length = 30 + strlen(username);
int32_t length = 30 + strlen(username);
s = tcp_init(length);
@ -717,7 +717,7 @@ static STREAM iso_recv_msg(uint8 * code, uint8 * rdpver) {
}
/* Initialise ISO transport data packet */
STREAM iso_init(int length) {
STREAM iso_init(int32_t length) {
STREAM s;
s = tcp_init(length + 7);
@ -794,7 +794,7 @@ void iso_reset_state(void) {
tcp_reset_state();
}
static int g_rc4_key_len;
static int32_t g_rc4_key_len;
static SSL_RC4 g_rc4_decrypt_key;
static SSL_RC4 g_rc4_encrypt_key;
static uint32 g_server_public_key_len;
@ -809,8 +809,8 @@ static uint8 g_sec_crypted_random[SEC_MAX_MODULUS_SIZE];
uint16 g_server_rdp_version = 0;
/* These values must be available to reset state - Session Directory */
static int g_sec_encrypt_use_count = 0;
static int g_sec_decrypt_use_count = 0;
static int32_t g_sec_encrypt_use_count = 0;
static int32_t g_sec_decrypt_use_count = 0;
void ssl_sha1_init(SSL_SHA1 * sha1) {
@ -845,8 +845,8 @@ void ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len)
RC4(rc4, len, in_data, out_data);
}
static void reverse(uint8 * p, int len) {
int i, j;
static void reverse(uint8 * p, int32_t len) {
int32_t i, j;
uint8 temp;
for (i = 0, j = len - 1; i < j; i++, j--) {
@ -856,11 +856,11 @@ static void reverse(uint8 * p, int len) {
}
}
void ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) {
void ssl_rsa_encrypt(uint8 * out, uint8 * in, int32_t len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) {
BN_CTX *ctx;
BIGNUM *mod, *exp, *x, *y;
uint8 inr[SEC_MAX_MODULUS_SIZE];
int outlen;
int32_t outlen;
reverse(modulus, modulus_size);
reverse(exponent, SEC_EXPONENT_SIZE);
@ -879,7 +879,7 @@ void ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint
BN_mod_exp(y, x, exp, mod, ctx);
outlen = BN_bn2bin(y, out);
reverse(out, outlen);
if (outlen < (int) modulus_size)
if (outlen < (int32_t) modulus_size)
memset(out + outlen, 0, modulus_size - outlen);
BN_free(y);
@ -903,7 +903,7 @@ static void ssl_cert_free(X509 * cert) {
SSL_RKEY *ssl_cert_to_rkey(X509 * cert, uint32 * key_len) {
EVP_PKEY *epk = NULL;
SSL_RKEY *lkey;
int nid;
int32_t nid;
/* By some reason, Microsoft sets the OID of the Public RSA key to
the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"
@ -942,7 +942,7 @@ SSL_RKEY *ssl_cert_to_rkey(X509 * cert, uint32 * key_len) {
return lkey;
}
int ssl_cert_print_fp(FILE * fp, X509 * cert) {
int32_t ssl_cert_print_fp(FILE * fp, X509 * cert) {
return X509_print_fp(fp, cert);
}
@ -951,8 +951,8 @@ void ssl_rkey_free(SSL_RKEY * rkey) {
}
/* returns error */
int ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus, uint32 max_mod_len) {
int len;
int32_t ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus, uint32 max_mod_len) {
int32_t len;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
BIGNUM *n, *e, *d;
@ -960,7 +960,7 @@ int ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len,
n = BN_new();
e = BN_new();
RSA_get0_key(rkey, &n, &e, NULL);
if ((BN_num_bytes(e) > (int) max_exp_len) || (BN_num_bytes(n) > (int) max_mod_len)) {
if ((BN_num_bytes(e) > (int32_t) max_exp_len) || (BN_num_bytes(n) > (int32_t) max_mod_len)) {
return 1;
}
len = BN_bn2bin(e, exponent);
@ -970,7 +970,7 @@ int ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len,
BN_free(n);
BN_free(e);
#else
if ((BN_num_bytes(rkey->e) > (int) max_exp_len) || (BN_num_bytes(rkey->n) > (int) max_mod_len))
if ((BN_num_bytes(rkey->e) > (int32_t) max_exp_len) || (BN_num_bytes(rkey->n) > (int32_t) max_mod_len))
return 1;
len = BN_bn2bin(rkey->e, exponent);
reverse(exponent, len);
@ -986,7 +986,7 @@ BOOL ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_le
}
void ssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len, unsigned char *md) {
void ssl_hmac_md5(const void *key, int32_t key_len, const unsigned char *msg, int32_t msg_len, unsigned char *md) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
HMAC_CTX *ctx;
ctx = HMAC_CTX_new();
@ -1020,7 +1020,7 @@ void sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 sa
uint8 pad[4];
SSL_SHA1 sha1;
SSL_MD5 md5;
int i;
int32_t i;
for (i = 0; i < 3; i++) {
memset(pad, salt + i, i + 1);
@ -1060,7 +1060,7 @@ static void sec_make_40bit(uint8 * key) {
}
/* Generate encryption keys given client and server randoms */
static void sec_generate_keys(uint8 * client_random, uint8 * server_random, int rc4_key_size) {
static void sec_generate_keys(uint8 * client_random, uint8 * server_random, int32_t rc4_key_size) {
uint8 pre_master_secret[48];
uint8 master_secret[48];
uint8 key_block[48];
@ -1123,7 +1123,7 @@ void buf_out_uint32(uint8 * buffer, uint32 value) {
}
/* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */
void sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen) {
void sec_sign(uint8 * signature, int32_t siglen, uint8 * session_key, int32_t keylen, uint8 * data, int32_t datalen) {
uint8 shasig[20];
uint8 md5sig[16];
uint8 lenhdr[4];
@ -1175,7 +1175,7 @@ static void sec_update(uint8 * key, uint8 * update_key) {
}
/* Encrypt data using RC4 */
static void sec_encrypt(uint8 * data, int length) {
static void sec_encrypt(uint8 * data, int32_t length) {
if (g_sec_encrypt_use_count == 4096) {
sec_update(g_sec_encrypt_key, g_sec_encrypt_update_key);
ssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len);
@ -1187,7 +1187,7 @@ static void sec_encrypt(uint8 * data, int length) {
}
/* Decrypt data using RC4 */
void sec_decrypt(uint8 * data, int length) {
void sec_decrypt(uint8 * data, int32_t length) {
if (g_sec_decrypt_use_count == 4096) {
sec_update(g_sec_decrypt_key, g_sec_decrypt_update_key);
ssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len);
@ -1199,13 +1199,13 @@ void sec_decrypt(uint8 * data, int length) {
}
/* Perform an RSA public key encryption operation */
static void sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) {
static void sec_rsa_encrypt(uint8 * out, uint8 * in, int32_t len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) {
ssl_rsa_encrypt(out, in, len, modulus_size, modulus, exponent);
}
/* Initialise secure transport packet */
STREAM sec_init(uint32 flags, int maxlen) {
int hdrlen;
STREAM sec_init(uint32 flags, int32_t maxlen) {
int32_t hdrlen;
STREAM s;
// if (!g_licence_issued)
@ -1221,7 +1221,7 @@ STREAM sec_init(uint32 flags, int maxlen) {
/* Transmit secure transport packet over specified channel */
void sec_send_to_channel(STREAM s, uint32 flags, uint16 channel) {
int datalen;
int32_t datalen;
s_pop_layer(s, sec_hdr);
out_uint32_le(s, flags);
@ -1261,8 +1261,8 @@ static void sec_establish_key(void) {
}
/* Output a string in Unicode */
void rdp_out_unistr(STREAM s, char *string, int len) {
int i = 0, j = 0;
void rdp_out_unistr(STREAM s, char *string, int32_t len) {
int32_t i = 0, j = 0;
len += 2;
while (i < len) {
@ -1275,8 +1275,8 @@ void rdp_out_unistr(STREAM s, char *string, int len) {
/* Output connect initial data blob */
static void sec_out_mcs_data(STREAM s) {
char *g_hostname = "hydra";
int hostlen = 2 * strlen(g_hostname);
int length = 158 + 76 + 12 + 4;
int32_t hostlen = 2 * strlen(g_hostname);
int32_t length = 158 + 76 + 12 + 4;
/*
if (g_num_channels > 0)
@ -1720,9 +1720,9 @@ void sec_reset_state(void) {
/* Read field indicating which parameters are present */
static void rdp_in_present(STREAM s, uint32 * present, uint8 flags, int size) {
static void rdp_in_present(STREAM s, uint32 * present, uint8 flags, int32_t size) {
uint8 bits;
int i;
int32_t i;
if (flags & RDP_ORDER_SMALL) {
size--;
@ -1831,7 +1831,7 @@ static void process_rect(STREAM s, RECT_ORDER * os, uint32 present, BOOL delta)
/* Process a desktop save order */
static void process_desksave(STREAM s, DESKSAVE_ORDER * os, uint32 present, BOOL delta) {
int width, height;
//int32_t width, height;
if (present & 0x01)
in_uint32_le(s, os->offset);
@ -1853,8 +1853,8 @@ static void process_desksave(STREAM s, DESKSAVE_ORDER * os, uint32 present, BOOL
DEBUG(("DESKSAVE(l=%d,t=%d,r=%d,b=%d,off=%d,op=%d)\n", os->left, os->top, os->right, os->bottom, os->offset, os->action));
width = os->right - os->left + 1;
height = os->bottom - os->top + 1;
//width = os->right - os->left + 1;
//height = os->bottom - os->top + 1;
}
/* Process a memory blt order */
@ -1902,7 +1902,7 @@ static void process_memblt(STREAM s, MEMBLT_ORDER * os, uint32 present, BOOL del
/* Process a text order */
static void process_text2(STREAM s, TEXT2_ORDER * os, uint32 present, BOOL delta) {
int i;
int32_t i;
if (present & 0x000001)
in_uint8(s, os->font);
@ -1999,13 +1999,13 @@ static void process_secondary_order(STREAM s) {
* For very compact orders the length becomes negative
* so a signed integer must be used. */
uint16 length;
uint16 flags;
uint8 type;
//uint16 flags;
//uint8 type;
uint8 *next_order;
in_uint16_le(s, length);
in_uint16_le(s, flags); /* used by bmpcache2 */
in_uint8(s, type);
//in_uint16_le(s, flags); /* used by bmpcache2 */
//in_uint8(s, type);
next_order = s->p + (sint16) length + 7;
@ -2047,7 +2047,7 @@ void process_orders(STREAM s, uint16 num_orders) {
RDP_ORDER_STATE *os = &g_order_state;
uint32 present;
uint8 order_flags;
int size, processed = 0;
int32_t size, processed = 0;
BOOL delta;
while (processed < num_orders) {
@ -2148,7 +2148,7 @@ void rdp_disconnect(void) {
void rdp5_process(STREAM s) {
uint16 length, count;
uint8 type, ctype;
uint8 type/*, ctype*/;
uint8 *next;
struct stream *ts;
@ -2156,11 +2156,11 @@ void rdp5_process(STREAM s) {
while (s->p < s->end) {
in_uint8(s, type);
if (type & RDP5_COMPRESSED) {
in_uint8(s, ctype);
//in_uint8(s, ctype);
in_uint16_le(s, length);
type ^= RDP5_COMPRESSED;
} else {
ctype = 0;
//ctype = 0;
in_uint16_le(s, length);
}
g_next_packet = next = s->p + length;
@ -2256,7 +2256,7 @@ BOOL rdp_loop(BOOL * deactivated, uint32 * ext_disc_reason) {
}
/* Process incoming packets */
int rdp_main_loop(BOOL * deactivated, uint32 * ext_disc_reason) {
int32_t rdp_main_loop(BOOL * deactivated, uint32 * ext_disc_reason) {
while (rdp_loop(deactivated, ext_disc_reason)) {
if (login_result != LOGIN_UNKN) {
return login_result;
@ -2270,14 +2270,14 @@ int rdp_main_loop(BOOL * deactivated, uint32 * ext_disc_reason) {
/* Parse a logon info packet */
static void rdp_send_logon_info(uint32 flags, char *domain, char *user, char *password, char *program, char *directory) {
char *ipaddr = tcp_get_address();
int len_domain = 2 * strlen(domain);
int len_user = 2 * strlen(user);
int len_password = 2 * strlen(password);
int len_program = 2 * strlen(program);
int len_directory = 2 * strlen(directory);
int len_ip = 2 * strlen(ipaddr);
int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll");
int packetlen = 0;
int32_t len_domain = 2 * strlen(domain);
int32_t len_user = 2 * strlen(user);
int32_t len_password = 2 * strlen(password);
int32_t len_program = 2 * strlen(program);
int32_t len_directory = 2 * strlen(directory);
int32_t len_ip = 2 * strlen(ipaddr);
int32_t len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll");
int32_t packetlen = 0;
uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO;
STREAM s = NULL;
time_t t = time(NULL);
@ -2430,7 +2430,7 @@ BOOL rdp_connect(char *server, uint32 flags, char *domain, char *login, char *pa
return True;
}
int start_rdp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_rdp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass;
char server[64];
@ -2484,9 +2484,9 @@ int start_rdp(int s, char *ip, int port, unsigned char options, char *miscptr, F
}
/* Client program */
void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1;
int myport = PORT_RDP;
void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1;
int32_t myport = PORT_RDP;
if (port != 0)
myport = port;
@ -2502,7 +2502,7 @@ void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
rdesktop_reset_state();
g_sock = hydra_connect_tcp(ip, myport);
if (g_sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = start_rdp(g_sock, ip, port, options, miscptr, fp);
@ -2529,7 +2529,7 @@ void generate_random(uint8 * random) {
struct tms tmsbuf;
SSL_MD5 md5;
uint32 *r;
int fd, n;
int32_t fd, n;
/* If we have a kernel random device, try that first */
if (((fd = open("/dev/urandom", O_RDONLY)) != -1)
@ -2559,7 +2559,7 @@ void generate_random(uint8 * random) {
}
/* malloc; exit if out of memory */
void *xmalloc(int size) {
void *xmalloc(int32_t size) {
void *mem = malloc(size);
if (mem == NULL) {
@ -2634,9 +2634,9 @@ void unimpl(char *format, ...) {
}
/* produce a hex dump */
void hexdump(unsigned char *p, unsigned int len) {
void hexdump(unsigned char *p, uint32_t len) {
unsigned char *line = p;
int i, thisline, offset = 0;
int32_t i, thisline, offset = 0;
while (offset < len) {
printf("%04x ", offset);
@ -2660,7 +2660,7 @@ void hexdump(unsigned char *p, unsigned int len) {
}
/* Initialise an RDP data packet */
static STREAM rdp_init_data(int maxlen) {
static STREAM rdp_init_data(int32_t maxlen) {
STREAM s;
s = sec_init(g_encryption ? SEC_ENCRYPT : 0, maxlen + 18);
@ -2695,10 +2695,10 @@ static void rdp_send_data(STREAM s, uint8 data_pdu_type) {
*
* Returns str_len of string
*/
int rdp_in_unistr(STREAM s, char *string, int str_size, int in_len) {
int i = 0;
int len = in_len / 2;
int rem = 0;
int32_t rdp_in_unistr(STREAM s, char *string, int32_t str_size, int32_t in_len) {
int32_t i = 0;
int32_t len = in_len / 2;
int32_t rem = 0;
if (len > str_size - 1) {
warning("server sent an unexpectedly long string, truncating\n");
@ -2865,7 +2865,7 @@ static void rdp_out_order_caps(STREAM s) {
/* Output bitmap cache capability set */
static void rdp_out_bmpcache_caps(STREAM s) {
int Bpp;
int32_t Bpp;
out_uint16_le(s, RDP_CAPSET_BMPCACHE);
out_uint16_le(s, RDP_CAPLEN_BMPCACHE);
@ -3070,7 +3070,7 @@ static void rdp_process_bitmap_caps(STREAM s) {
/* Process server capabilities */
static void rdp_process_server_caps(STREAM s, uint16 length) {
int n;
int32_t n;
uint8 *next, *start;
uint16 ncapsets, capset_type, capset_length;
@ -3178,14 +3178,14 @@ void process_disconnect_pdu(STREAM s, uint32 * ext_disc_reason) {
/* Process data PDU */
static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason) {
uint8 data_pdu_type;
uint8 ctype;
//uint8 ctype;
uint16 clen;
uint32 len;
//uint32 len;
in_uint8s(s, 6); /* shareid, pad, streamid */
in_uint16_le(s, len);
//in_uint16_le(s, len);
in_uint8(s, data_pdu_type);
in_uint8(s, ctype);
//in_uint8(s, ctype);
in_uint16_le(s, clen);
clen -= 18;
@ -3234,7 +3234,7 @@ static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason) {
}
#endif
int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -3247,3 +3247,7 @@ int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FIL
return 0;
}
void usage_rdp(const char* service) {
printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n");
}

22
hydra-redis.c
View file

@ -3,7 +3,7 @@
extern char *HYDRA_EXIT;
char *buf;
int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *pass, buffer[510];
char *empty = "";
@ -11,7 +11,7 @@ int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr,
pass = empty;
char pass_num[50];
int pass_len = strlen(pass);
int32_t pass_len = strlen(pass);
snprintf(pass_num, 50, "%d", pass_len);
memset(buffer, 0, sizeof(buffer));
@ -51,9 +51,9 @@ int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1;
}
void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname, int tls) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_REDIS, mysslport = PORT_REDIS_SSL;
void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, int32_t tls) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -77,7 +77,7 @@ void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr,
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
usleepn(250);
@ -103,7 +103,7 @@ void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr,
}
}
void service_redis(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
service_redis_core(ip, sp, options, miscptr, fp, port, hostname, 0);
}
@ -122,7 +122,7 @@ void service_redis(char *ip, int sp, unsigned char options, char *miscptr, FILE
* (error) ERR operation not permitted (for older redis versions)
* That is used for initial password authentication and redis server response tests in service_redis_init
*/
int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -130,13 +130,11 @@ int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, F
// 0 - when the server is redis and it requires password
// 1 - when the server is not redis or when the server does not require password
int sock = -1;
int myport = PORT_REDIS, mysslport = PORT_REDIS_SSL;
int32_t sock = -1;
int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL;
char buffer[] = "*1\r\n$4\r\nping\r\n";
hydra_register_socket(sp);
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;

14
hydra-rexec.c
View file

@ -7,10 +7,10 @@
extern char *HYDRA_EXIT;
char *buf;
int start_rexec(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_rexec(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2;
int ret;
int32_t ret;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
@ -45,9 +45,9 @@ int start_rexec(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1;
}
void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_REXEC, mysslport = PORT_REXEC_SSL;
void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_REXEC, mysslport = PORT_REXEC_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -72,7 +72,7 @@ void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -95,7 +95,7 @@ void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE
}
}
int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_rexec_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

17
hydra-rlogin.c
View file

@ -14,10 +14,10 @@ no memleaks found on 110425
extern char *HYDRA_EXIT;
char *buf;
int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2;
int ret;
int32_t ret;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
@ -61,8 +61,7 @@ int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr
memset(buffer, 0, sizeof(buffer));
ret = hydra_recv(s, buffer, sizeof(buffer));
if (strcmp(buffer, "\r\n"))
ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
if (ret >= 0)
if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0)
buffer[ret] = 0;
}
/* Authentication failure */
@ -89,9 +88,9 @@ int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr
return 1;
}
void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL;
void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL;
hydra_register_socket(sp);
@ -119,7 +118,7 @@ void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -141,7 +140,7 @@ void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE
}
}
int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

18
hydra-rpcap.c
View file

@ -6,7 +6,7 @@
extern char *HYDRA_EXIT;
char *buf;
int start_rpcap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[1024];
@ -72,9 +72,9 @@ int start_rpcap(int s, char *ip, int port, unsigned char options, char *miscptr,
return 2;
}
void service_rpcap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_RPCAP, mysslport = PORT_RPCAP_SSL;
void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_RPCAP, mysslport = PORT_RPCAP_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -99,7 +99,7 @@ void service_rpcap(char *ip, int sp, unsigned char options, char *miscptr, FILE
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -119,19 +119,17 @@ void service_rpcap(char *ip, int sp, unsigned char options, char *miscptr, FILE
}
}
int service_rpcap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, performed once only.
// return codes:
// 0 - rpcap with authentication
// 1 - rpcap error or no need of authentication
int sock = -1;
int myport = PORT_RPCAP, mysslport = PORT_RPCAP_SSL;
int32_t sock = -1;
int32_t myport = PORT_RPCAP, mysslport = PORT_RPCAP_SSL;
char buffer[] = "\x00\x08\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00";
hydra_register_socket(sp);
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;

24
hydra-rsh.c
View file

@ -13,10 +13,10 @@ no memleaks found on 110425
extern char *HYDRA_EXIT;
char *buf;
int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, buffer[300] = "", buffer2[100], *bptr = buffer2;
int ret;
int32_t ret;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
@ -37,13 +37,11 @@ int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, F
}
buffer[0] = 0;
if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) >= 0)
if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0)
buffer[ret] = 0;
/* 0x00 is sent but hydra_recv transformed it */
if (strlen(buffer) == 0)
ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
if (ret >= 0)
buffer[ret] = 0;
else /* 0x00 is sent but hydra_recv transformed it */
if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0)
buffer[ret] = 0;
#ifdef HAVE_PCRE
if (ret > 0 && (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)"))) {
#else
@ -60,9 +58,9 @@ int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 1;
}
void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_RSH, mysslport = PORT_RSH_SSL;
void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_RSH, mysslport = PORT_RSH_SSL;
hydra_register_socket(sp);
@ -89,7 +87,7 @@ void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE *
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -111,7 +109,7 @@ void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
}
int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_rsh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

30
hydra-rtsp.c
View file

@ -16,7 +16,7 @@ char *buf;
char packet[500];
char packet2[500];
int is_Unauthorized(char *s) {
int32_t is_Unauthorized(char *s) {
if (strstr(s, "401 Unauthorized") != NULL) {
return 1;
@ -25,7 +25,7 @@ int is_Unauthorized(char *s) {
}
}
int is_NotFound(char *s) {
int32_t is_NotFound(char *s) {
if (strstr(s, "404 Stream Not Found") != NULL) {
return 1;
@ -34,7 +34,7 @@ int is_NotFound(char *s) {
}
}
int is_Authorized(char *s) {
int32_t is_Authorized(char *s) {
if (strstr(s, "200 OK") != NULL) {
return 1;
@ -43,7 +43,7 @@ int is_Authorized(char *s) {
}
}
int use_Basic_Auth(char *s) {
int32_t use_Basic_Auth(char *s) {
if (strstr(s, "WWW-Authenticate: Basic") != NULL) {
return 1;
@ -52,7 +52,7 @@ int use_Basic_Auth(char *s) {
}
}
int use_Digest_Auth(char *s) {
int32_t use_Digest_Auth(char *s) {
if (strstr(s, "WWW-Authenticate: Digest") != NULL) {
return 1;
@ -63,9 +63,7 @@ int use_Digest_Auth(char *s) {
void create_core_packet(int control, char *ip, int port) {
char buffer[500];
void create_core_packet(int32_t control, char *ip, int32_t port) {
char *target = hydra_address2string(ip);
if (control == 0) {
@ -78,7 +76,7 @@ void create_core_packet(int control, char *ip, int port) {
}
}
}
int start_rtsp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500];
@ -125,8 +123,7 @@ int start_rtsp(int s, char *ip, int port, unsigned char options, char *miscptr,
}
if (use_Digest_Auth(lresp) == 1) {
char *dbuf;
char dbuffer[500] = "";
char *dbuf = NULL;
char aux[500] = "";
char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest ");
@ -180,10 +177,9 @@ int start_rtsp(int s, char *ip, int port, unsigned char options, char *miscptr,
return 2;
}
void service_rtsp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_RTSP, mysslport = PORT_RTSP_SSL;
char *ptr, *ptr2;
void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_RTSP/*, mysslport = PORT_RTSP_SSL*/;
hydra_register_socket(sp);
@ -206,7 +202,7 @@ void service_rtsp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
@ -229,7 +225,7 @@ void service_rtsp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
}
int service_rtsp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

28
hydra-s7-300.c
View file

@ -15,13 +15,13 @@ unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" "\x00
unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" "\x04\x11\x45\x01\x00\xff\x09\x00\x08";
int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *pass, buffer[1024];
char context[S7PASSLEN + 1];
unsigned char encoded_password[S7PASSLEN];
char *spaces = " ";
int ret = -1;
int32_t ret = -1;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
@ -38,7 +38,7 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr
// encode password
encoded_password[0] = context[0] ^ 0x55;
encoded_password[1] = context[1] ^ 0x55;
int i;
int32_t i;
for (i = 2; i < S7PASSLEN; i++) {
encoded_password[i] = context[i] ^ encoded_password[i - 2] ^ 0x55;
@ -124,9 +124,9 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr
return 1;
}
void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int s7port = PORT_S7_300;
void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t s7port = PORT_S7_300;
if (port != 0)
s7port = port;
@ -139,7 +139,7 @@ void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE
case 1: /* connect and service init function */
sock = hydra_connect_tcp(ip, s7port);
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = start_s7_300(sock, ip, s7port, options, miscptr, fp);
@ -163,7 +163,7 @@ void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE
}
}
int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -175,15 +175,15 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr,
// 1 skip target without generating an error
// 2 skip target because of protocol problems
// 3 skip target because its unreachable
int sock = -1;
int s7port = PORT_S7_300;
int32_t sock = -1;
int32_t s7port = PORT_S7_300;
char *empty = "";
char *pass, buffer[1024];
char context[S7PASSLEN + 1];
unsigned char encoded_password[S7PASSLEN];
char *spaces = " ";
int ret = -1;
int i;
int32_t ret = -1;
int32_t i;
if (port != 0)
s7port = port;
@ -285,3 +285,7 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr,
return 0;
}
void usage_s7_300(const char* service) {
printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n");
}

22
hydra-sapr3.c
View file

@ -10,22 +10,22 @@ void dummy_sapr3() {
#include <ctype.h>
/* temporary workaround fix */
const int *__ctype_tolower;
const int *__ctype_toupper;
const int *__ctype_b;
const int32_t *__ctype_tolower;
const int32_t *__ctype_toupper;
const int32_t *__ctype_b;
extern void flood(); /* for -lm */
extern char *HYDRA_EXIT;
RFC_ERROR_INFO_EX error_info;
int start_sapr3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
RFC_HANDLE handle;
char *empty = "";
char *login, *pass, buffer[1024];
char *buf;
int i;
int sysnr = port % 100;
int32_t i;
int32_t sysnr = port % 100;
char opts[] = "RFCINI=N RFCTRACE=N BALANCE=N DEBUG=N TRACE=0 ABAP_DEBUG=0";
// char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y ABAP_DEBUG=Y";
@ -89,8 +89,8 @@ int start_sapr3(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1;
}
void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -117,7 +117,7 @@ void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE
#endif
int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -130,3 +130,7 @@ int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, F
return 0;
}
void usage_sapr3(const char* service) {
printf("Module sapr3 requires the client id, a number between 0 and 99\n\n");
}

62
hydra-sip.c
View file

@ -1,4 +1,3 @@
/* simple sip digest auth (md5) module 2009/02/19
* written by gh0st 2005
* modified by Jean-Baptiste Aviat <jba [at] hsc [dot] `french tld`> - should
@ -13,30 +12,41 @@ void dummy_sip() {
}
#else
#ifdef __sun
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#else
#include <stdint.h>
#endif
#include "sasl.h"
#include "hydra-mod.h"
extern int hydra_data_ready_timed(int socket, long sec, long usec);
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
char external_ip_addr[17] = "";
char *get_iface_ip(unsigned long int ip);
int cseq;
char *get_iface_ip(uint64_t ip);
int32_t cseq;
extern char *HYDRA_EXIT;
#define SIP_MAX_BUF 1024
void empty_register(char *buf, char *host, char *lhost, int port, int lport, char *user) {
void empty_register(char *buf, char *host, char *lhost, int32_t port, int32_t lport, char *user) {
memset(buf, 0, SIP_MAX_BUF);
snprintf(buf, SIP_MAX_BUF,
"REGISTER sip:%s SIP/2.0\r\n"
"Via: SIP/2.0/UDP %s:%i\r\n"
"From: <sip:%s@%s>\r\n"
"To: <sip:%s@%s>\r\n" "Call-ID: 1337@%s\r\n" "CSeq: %i REGISTER\r\n" "Content-Length: 0\r\n\r\n", host, lhost, lport, user, host, user, host, host, cseq);
"To: <sip:%s@%s>\r\n"
"Call-ID: 1337@%s\r\n"
"CSeq: %i REGISTER\r\n"
"Content-Length: 0\r\n\r\n",
host, lhost, lport, user, host, user, host, host, cseq);
}
int get_sip_code(char *buf) {
int code;
int32_t get_sip_code(char *buf) {
int32_t code;
char tmpbuf[SIP_MAX_BUF], word[SIP_MAX_BUF];
if (sscanf(buf, "%s %i %s", tmpbuf, &code, word) != 3)
@ -44,13 +54,13 @@ int get_sip_code(char *buf) {
return code;
}
int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, unsigned char options, char *miscptr, FILE * fp) {
char *login, *pass, *host, buffer[SIP_MAX_BUF];
int i;
int32_t i;
char buf[SIP_MAX_BUF];
if (strlen(login = hydra_get_next_login()) == 0)
login = NULL;
return 3;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = NULL;
@ -67,8 +77,8 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
return 3;
}
int has_sip_cred = 0;
int try = 0;
int32_t has_sip_cred = 0;
int32_t try = 0;
/* We have to check many times because server may begin to send "100 Trying"
* before "401 Unauthorized" */
@ -84,7 +94,7 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
}
if (strncmp(buf, "SIP/2.0 606", 11) == 0) {
char *ptr = NULL;
int i = 0;
int32_t i = 0;
// if we already tried to connect, exit
if (external_ip_addr[0]) {
@ -146,8 +156,8 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
return 3;
}
try = 0;
int has_resp = 0;
int sip_code = 0;
int32_t has_resp = 0;
int32_t sip_code = 0;
while (try < 2 && !has_resp) {
try++;
@ -176,11 +186,11 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
return 1;
}
void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_SIP, mysslport = PORT_SIP_SSL;
void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_SIP, mysslport = PORT_SIP_SSL;
char *lip = get_iface_ip((int) *(&ip[1]));
char *lip = get_iface_ip((int32_t) *(&ip[1]));
hydra_register_socket(sp);
@ -193,7 +203,7 @@ void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE *
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
run = 3;
int lport = 0;
int32_t lport = 0;
while (1) {
switch (run) {
@ -218,7 +228,7 @@ void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE *
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
free(lip);
hydra_child_exit(1);
}
@ -246,8 +256,8 @@ void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
}
char *get_iface_ip(unsigned long int ip) {
int sfd;
char *get_iface_ip(uint64_t ip) {
int32_t sfd;
sfd = socket(AF_INET, SOCK_DGRAM, 0);
@ -263,7 +273,7 @@ char *get_iface_ip(unsigned long int ip) {
return NULL;
}
struct sockaddr_in *local = malloc(sizeof(struct sockaddr_in));
int size = sizeof(struct sockaddr_in);
int32_t size = sizeof(struct sockaddr_in);
if (getsockname(sfd, (void *) local, (socklen_t *) & size)) {
perror("getsockname");
@ -289,7 +299,7 @@ char *get_iface_ip(unsigned long int ip) {
#endif
int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

163
hydra-smb.c
View file

@ -97,8 +97,8 @@ http://technet.microsoft.com/en-us/library/cc960646.aspx
#define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN)
#endif
#define IVAL_NC(buf,pos) (*(unsigned int *)((char *)(buf) + (pos))) /* Non const version of above. */
#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((unsigned int)(val))
#define IVAL_NC(buf,pos) (*(uint32_t *)((char *)(buf) + (pos))) /* Non const version of above. */
#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((uint32_t)(val))
#define TIME_FIXUP_CONSTANT_INT 11644473600LL
@ -108,15 +108,15 @@ static unsigned char challenge[8];
static unsigned char workgroup[16];
static unsigned char domain[16];
static unsigned char machine_name[16];
int hashFlag, accntFlag, protoFlag;
int32_t hashFlag, accntFlag, protoFlag;
int smb_auth_mechanism = AUTH_NTLM;
int security_mode = ENCRYPTED;
int32_t smb_auth_mechanism = AUTH_NTLM;
int32_t security_mode = ENCRYPTED;
static size_t UTF8_UTF16LE(unsigned char *in, int insize, unsigned char *out, int outsize)
static size_t UTF8_UTF16LE(unsigned char *in, int32_t insize, unsigned char *out, int32_t outsize)
{
int i=0,j=0;
unsigned long int ch;
int32_t i=0,j=0;
uint64_t ch;
if (debug) {
hydra_report(stderr, "[DEBUG] UTF8_UTF16LE in:\n");
hydra_dump_asciihex(in, insize);
@ -154,8 +154,8 @@ static size_t UTF8_UTF16LE(unsigned char *in, int insize, unsigned char *out, in
return j;
}
static unsigned char Get7Bits(unsigned char *input, int startBit) {
register unsigned int word;
static unsigned char Get7Bits(unsigned char *input, int32_t startBit) {
register uint32_t word;
word = (unsigned) input[startBit / 8] << 8;
word |= (unsigned) input[startBit / 8 + 1];
@ -197,15 +197,15 @@ void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher)
pass = users password
challenge = the challenge recieved from the server
*/
int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) {
int32_t HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) {
static unsigned char magic[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };
unsigned char password[14 + 1];
unsigned char lm_hash[21];
unsigned char lm_response[24];
int i = 0, j = 0;
int32_t i = 0, j = 0;
unsigned char *p = NULL;
char HexChar;
int HexValue;
int32_t HexValue;
memset(password, 0, 14 + 1);
memset(lm_hash, 0, 21);
@ -300,15 +300,15 @@ int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge
MakeNTLM
Function: Create a NTLM hash from the password
*/
int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) {
int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) {
MD4_CTX md4Context;
unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */
unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */
int i = 0, j = 0;
int mdlen;
int32_t i = 0, j = 0;
int32_t mdlen;
unsigned char *p = NULL;
char HexChar;
int HexValue;
int32_t HexValue;
/* Use NTLM Hash instead of password */
if (hashFlag == 1) {
@ -389,14 +389,14 @@ int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) {
samba-3.0.28a - libsmb/smbencrypt.c
jcifs - packet capture of LMv2-only connection
*/
int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *szPassword) {
int32_t HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *szPassword) {
unsigned char ntlm_hash[16];
unsigned char lmv2_response[24];
unsigned char unicodeUsername[20 * 2];
unsigned char unicodeTarget[256 * 2];
HMACMD5Context ctx;
unsigned char kr_buf[16];
int ret, i;
int32_t ret, i;
unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 };
memset(ntlm_hash, 0, 16);
@ -486,14 +486,14 @@ int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *sz
GPO: "Network Security: LAN Manager authentication level"
Setting: "Send NTLMv2 response only\refuse LM & NTLM"
*/
int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLogin, unsigned char *szPassword) {
int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned char *szLogin, unsigned char *szPassword) {
unsigned char ntlm_hash[16];
unsigned char ntlmv2_response[56 + 20 * 2 + 256 * 2];
unsigned char unicodeUsername[20 * 2];
unsigned char unicodeTarget[256 * 2];
HMACMD5Context ctx;
unsigned char kr_buf[16];
int ret, i, iTargetLen;
int32_t ret, i, iTargetLen;
unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 };
/*
@ -650,8 +650,8 @@ int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLog
pass = users password
challenge = the challenge recieved from the server
*/
int HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) {
int ret;
int32_t HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) {
int32_t ret;
unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */
unsigned char p21[21];
unsigned char ntlm_response[24];
@ -677,13 +677,13 @@ int HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *chall
Function: Request a new session from the server
Returns: TRUE on success else FALSE.
*/
int NBSSessionRequest(int s) {
int32_t NBSSessionRequest(int32_t s) {
char nb_name[32]; /* netbiosname */
char nb_local[32]; /* netbios localredirector */
unsigned char rqbuf[7] = { 0x81, 0x00, 0x00, 0x44, 0x20, 0x00, 0x20 };
char *buf;
unsigned char rbuf[400];
int k;
int32_t k;
/* if we are running in native mode (aka port 445) don't do netbios */
if (protoFlag == WIN2000_NATIVEMODE)
@ -726,7 +726,7 @@ int NBSSessionRequest(int s) {
The challenge is retrieved from the answer
No error checking is performed i.e cross your fingers....
*/
int SMBNegProt(int s) {
int32_t SMBNegProt(int32_t s) {
unsigned char buf[] = {
0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42,
0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0,
@ -778,9 +778,9 @@ int SMBNegProt(int s) {
unsigned char rbuf[400];
unsigned char sess_key[2];
unsigned char userid[2] = { 0xCD, 0xEF };
int i = 0, j = 0, k;
int iLength = 194;
int iResponseOffset = 73;
int32_t i = 0, j = 0, k;
int32_t iLength = 194;
int32_t iResponseOffset = 73;
memset((char *) rbuf, 0, 400);
@ -894,18 +894,18 @@ int SMBNegProt(int s) {
the server.
Returns: TRUE on success else FALSE.
*/
unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *miscptr) {
unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char *miscptr) {
unsigned char buf[512];
unsigned char *LMv2hash = NULL;
unsigned char *NTLMv2hash = NULL;
unsigned char *NTLMhash = NULL;
unsigned char *LMhash = NULL;
// unsigned char unicodeLogin[32 * 2];
int j;
int32_t j;
char bufReceive[512];
int nReceiveBufferSize = 0;
int ret;
int iByteCount = 0, iOffset = 0;
int32_t nReceiveBufferSize = 0;
int32_t ret;
int32_t iByteCount = 0, iOffset = 0;
if (accntFlag == 0) {
strcpy((char *) workgroup, "localhost");
@ -1197,10 +1197,10 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc
return (((bufReceive[41] & 0x01) << 24) | ((bufReceive[11] & 0xFF) << 16) | ((bufReceive[10] & 0xFF) << 8) | (bufReceive[9] & 0xFF));
}
int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass;
int SMBerr, SMBaction;
int32_t SMBerr, SMBaction;
unsigned long SMBSessionRet;
char ipaddr_str[64];
char ErrorCode[10];
@ -1221,7 +1221,7 @@ int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, F
SMBaction = ((unsigned long) SMBSessionRet & 0xFF000000) >> 24;
if (verbose)
hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (unsigned int) SMBSessionRet, SMBerr, SMBaction);
hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (uint32_t) SMBSessionRet, SMBerr, SMBaction);
/*
some error code are available here:
@ -1303,8 +1303,8 @@ int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 1;
}
void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
//default is both (local and domain) checks and normal passwd
accntFlag = 2; //BOTH
@ -1316,7 +1316,7 @@ void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE *
strupper(miscptr);
if (strstr(miscptr, "OTHER_DOMAIN:") != NULL) {
char *tmpdom;
int err = 0;
int32_t err = 0;
accntFlag = 4; //OTHER DOMAIN
tmpdom = strstr(miscptr, "OTHER_DOMAIN:");
@ -1401,7 +1401,7 @@ void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
}
if (sock < 0) {
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
if (NBSSessionRequest(sock) < 0) {
@ -1427,7 +1427,7 @@ void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
#endif
int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -1437,6 +1437,85 @@ int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FIL
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
time_t ctime;
int ready = 0, sock = hydra_connect_tcp(ip, port);
unsigned char buf[] = {
0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42,
0x72, 0x00, 0x00, 0x00, 0x00, 0x18, 0x43, 0xc8,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe, 0xff,
0x00, 0x00, 0x00, 0x00, 0x00, 0x9b, 0x00, 0x02,
0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f,
0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52,
0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02,
0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46,
0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52,
0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00,
0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f,
0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f,
0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00,
0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31,
0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e,
0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x44,
0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41,
0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41,
0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00,
0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02,
0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41,
0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e,
0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31,
0x32, 0x00 };
if (sock < 0) {
fprintf(stderr, "[ERROR] could not connect to target smb://%s:%d/\n", hostname, port);
return -1;
}
if (send(sock, buf, sizeof(buf), 0) < 0) {
fprintf(stderr, "[ERROR] unable to send to target smb://%s:%d/\n", hostname, port);
return -1;
}
ctime = time(NULL);
do {
usleepn(300);
} while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 <= time(NULL));
if (ready <= 0) {
fprintf(stderr, "[ERROR] no reply from target smb://%s:%d/\n", hostname, port);
return -1;
}
if ((ready = recv(sock, buf, sizeof(buf), 0)) < 40) {
fprintf(stderr, "[ERROR] invalid reply from target smb://%s:%d/\n", hostname, port);
return -1;
}
close(sock);
if (buf[37] == buf[38] && buf[38] == 0xff) {
fprintf(stderr, "[ERROR] target smb://%s:%d/ does not support SMBv1\n", hostname, port);
return -1;
}
if (buf[15] & 16 == 16) {
fprintf(stderr, "[ERROR] target smb://%s:%d/ requires signing which we do not support\n", hostname, port);
return -1;
}
return 0;
}
void usage_smb(const char* service) {
printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n"
"Note: you can set the group type using LOCAL or DOMAIN keyword\n"
" or other_domain:{value} to specify a trusted domain.\n"
" you can set the password type using HASH or MACHINE keyword\n"
" (to use the Machine's NetBIOS name as the password).\n"
" you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n"
"Example: \n"
" hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n"
" hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n"
" hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n");
}

25
hydra-smtp-enum.c
View file

@ -16,15 +16,15 @@ passwd will be used as the domain name
extern char *HYDRA_EXIT;
char *buf;
char *err = NULL;
int tosent = 0;
int32_t tosent = 0;
#define VRFY 0
#define EXPN 1
#define RCPT 2
int smtp_enum_cmd = VRFY;
int32_t smtp_enum_cmd = VRFY;
int start_smtp_enum(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[500];
@ -150,9 +150,9 @@ int start_smtp_enum(int s, char *ip, int port, unsigned char options, char *misc
return 2;
}
void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1, i = 0;
int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL;
void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1, i = 0;
int32_t myport = PORT_SMTP, mysslport = PORT_SMTP_SSL;
char *buffer = "HELO hydra\r\n";
hydra_register_socket(sp);
@ -175,7 +175,7 @@ void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, F
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
/* receive initial header */
@ -207,7 +207,7 @@ void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, F
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
miscptr[i] = (char) toupper((int32_t) miscptr[i]);
if (strncmp(miscptr, "EXPN", 4) == 0)
smtp_enum_cmd = EXPN;
@ -249,7 +249,7 @@ void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, F
}
}
int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -262,3 +262,10 @@ int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscpt
return 0;
}
void usage_smtp_enum(const char* service) {
printf("Module smtp-enum is optionally taking one SMTP command of:\n\n"
"VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n"
"login parameter is used as username and password parameter as the domain name\n"
"For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n");
}

38
hydra-smtp.c
View file

@ -2,11 +2,11 @@
#include "sasl.h"
extern char *HYDRA_EXIT;
int smtp_auth_mechanism = AUTH_LOGIN;
int32_t smtp_auth_mechanism = AUTH_LOGIN;
char *smtp_read_server_capacity(int sock) {
char *smtp_read_server_capacity(int32_t sock) {
char *ptr = NULL;
int resp = 0;
int32_t resp = 0;
char *buf = NULL;
do {
@ -14,20 +14,20 @@ char *smtp_read_server_capacity(int sock) {
free(buf);
ptr = buf = hydra_receive_line(sock);
if (buf != NULL) {
if (isdigit((int) buf[0]) && buf[3] == ' ')
if (isdigit((int32_t) buf[0]) && buf[3] == ' ')
resp = 1;
else {
if (buf[strlen(buf) - 1] == '\n')
buf[strlen(buf) - 1] = 0;
if (buf[strlen(buf) - 1] == '\r')
buf[strlen(buf) - 1] = 0;
#ifdef NO_RINDEX
if ((ptr = strrchr(buf, '\n')) != NULL) {
#else
#ifdef NO_STRRCHR
if ((ptr = rindex(buf, '\n')) != NULL) {
#else
if ((ptr = strrchr(buf, '\n')) != NULL) {
#endif
ptr++;
if (isdigit((int) *ptr) && *(ptr + 3) == ' ')
if (isdigit((int32_t) *ptr) && *(ptr + 3) == ' ')
resp = 1;
}
}
@ -36,7 +36,7 @@ char *smtp_read_server_capacity(int sock) {
return buf;
}
int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500], *fooptr, *buf;
@ -78,7 +78,7 @@ int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr,
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:{
int rc = 0;
int32_t rc = 0;
char *preplogin;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
@ -254,9 +254,9 @@ int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr,
return 2;
}
void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1, i = 0;
int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 1;
void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1, i = 0;
int32_t myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 1;
char *buf;
char *buffer1 = "EHLO hydra\r\n";
char *buffer2 = "HELO hydra\r\n";
@ -282,7 +282,7 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
@ -310,7 +310,7 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
miscptr[i] = (char) toupper((int32_t) miscptr[i]);
if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) {
disable_tls = 0;
@ -443,7 +443,7 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
}
int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -456,3 +456,9 @@ int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FI
return 0;
}
void usage_smtp(const char* service) {
printf("Module smtp is optionally taking one authentication type of:\n"
" LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"
"Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n");
}

56
hydra-snmp.c
View file

@ -7,13 +7,13 @@
#include <openssl/aes.h>
#endif
extern int hydra_data_ready_timed(int socket, long sec, long usec);
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
extern char *HYDRA_EXIT;
extern int child_head_no;
extern int32_t child_head_no;
char snmpv3buf[1024], *snmpv3info = NULL;
int snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0;
int32_t snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0;
unsigned char snmpv3_init[] = { 0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02,
0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00,
@ -196,11 +196,11 @@ void password_to_key_sha(u_char * password, /* IN */
}
#endif
int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256] = "", salt[8] = "";
int i, j, k, size, off = 0, off2 = 0, done = 0;
int32_t i, j, k, size, off = 0, off2 = 0;
unsigned char initVect[8], privacy_params[8];
int engine_boots = 0;
int32_t engine_boots = 0;
#ifdef LIBOPENSSL
DES_key_schedule symcbc;
@ -316,15 +316,15 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr,
/*
//PrivDES::encrypt(const unsigned char *key,
// const unsigned int /*key_len*///,
// const uint32_t key_len,
// const unsigned char *buffer,
// const unsigned int buffer_len,
// const uint32_t buffer_len,
// unsigned char *out_buffer,
// unsigned int *out_buffer_len,
// uint32_t *out_buffer_len,
// unsigned char *privacy_params,
// unsigned int *privacy_params_len,
// uint32_t *privacy_params_len,
// const unsigned long engine_boots,
// const unsigned long /*engine_time*/)
// const unsigned long engine_time)
// last 8 bytes of key are used as base for initialization vector */
k = 0;
memcpy((char *) initVect, key + 8, 8);
@ -347,9 +347,9 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr,
if (buffer_len % 8) {
unsigned char tmp_buf[8];
unsigned char *tmp_buf_ptr = tmp_buf;
int start = buffer_len - (buffer_len % 8);
int32_t start = buffer_len - (buffer_len % 8);
memset(tmp_buf, 0, 8);
for (unsigned int l = start; l < buffer_len; l++)
for (uint32_t l = start; l < buffer_len; l++)
*tmp_buf_ptr++ = buffer[l];
DES_ncbc_encrypt(tmp_buf, buf + start, 1, &symcbc, (const_DES_cblock*)(initVect), DES_ENCRYPT);
*out_buffer_len = buffer_len + 8 - (buffer_len % 8);
@ -470,9 +470,9 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1;
}
void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1, i = 0;
int myport = PORT_SNMP;
void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1, i = 0;
int32_t myport = PORT_SNMP;
char *lptr;
if (miscptr != NULL) {
@ -519,7 +519,7 @@ void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
hydra_register_socket(sp);
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int32_t) getpid());
hydra_child_exit(1);
}
@ -573,7 +573,7 @@ void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
}
int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -586,3 +586,23 @@ int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FI
return 0;
}
void usage_snmp(const char* service) {
printf("Module snmp is optionally taking the following parameters:\n"
" READ perform read requests (default)\n"
" WRITE perform write requests\n"
" 1 use SNMP version 1 (default)\n"
" 2 use SNMP version 2\n"
" 3 use SNMP version 3\n"
" Note that SNMP version 3 usually uses both login and passwords!\n"
" SNMP version 3 has the following optional sub parameters:\n"
" MD5 use MD5 authentication (default)\n"
" SHA use SHA authentication\n"
" DES use DES encryption\n"
" AES use AES encryption\n"
" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"
" only requires a password (or username) not both.\n"
"To combine the options, use colons (\":\"), e.g.:\n"
" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"
" hydra -P pass.txt -m 2 target.com snmp\n");
}

16
hydra-socks5.c
View file

@ -12,12 +12,12 @@ This module enable bruteforcing for socks5, only following types are supported:
extern char *HYDRA_EXIT;
unsigned char *buf;
int fail_cnt;
int32_t fail_cnt;
int start_socks5(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[300];
int pport, fud = 0;
int32_t pport, fud = 0;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
@ -104,9 +104,9 @@ int start_socks5(int s, char *ip, int port, unsigned char options, char *miscptr
return 2;
}
void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_SOCKS5, mysslport = PORT_SOCKS5_SSL;
void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_SOCKS5, mysslport = PORT_SOCKS5_SSL;
hydra_register_socket(sp);
if (port != 0)
@ -133,7 +133,7 @@ void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
next_run = 2;
@ -165,7 +165,7 @@ void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE
}
}
int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_socks5_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

31
hydra-ssh.c
View file

@ -20,12 +20,12 @@ void dummy_ssh() {
ssh_session session = NULL;
extern char *HYDRA_EXIT;
int new_session = 1;
int32_t new_session = 1;
int start_ssh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, keep_login[300];
int auth_state = 0, rc = 0, i = 0;
int32_t auth_state = 0, rc = 0, i = 0;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
@ -107,8 +107,8 @@ int start_ssh(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 1;
}
void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -151,7 +151,11 @@ void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE *
#endif
#endif
int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
//
// dirty workaround here: miscptr is the ptr to the logins, and the first one is used
// to test if password authentication is enabled!!
//
int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -164,18 +168,21 @@ int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FIL
// 2 skip target because of protocol problems
// 3 skip target because its unreachable
#ifdef LIBSSH
int rc, method;
int32_t rc, method;
ssh_session session = ssh_new();
if (verbose || debug)
printf("[INFO] Testing if password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port);
printf("[INFO] Testing if password authentication is supported by ssh://%s@%s:%d\n", miscptr == NULL ? "hydra" : miscptr, hydra_address2string_beautiful(ip), port);
ssh_options_set(session, SSH_OPTIONS_PORT, &port);
ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip));
ssh_options_set(session, SSH_OPTIONS_USER, "root");
if (miscptr == NULL)
ssh_options_set(session, SSH_OPTIONS_USER, "hydra");
else
ssh_options_set(session, SSH_OPTIONS_USER, miscptr);
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
if (ssh_connect(session) != 0) {
fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d - %s\n", hydra_address2string(ip), port, ssh_get_error(session));
fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d - %s\n", hydra_address2string_beautiful(ip), port, ssh_get_error(session));
return 2;
}
rc = ssh_userauth_none(session, NULL);
@ -186,11 +193,11 @@ int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FIL
if ((method & SSH_AUTH_METHOD_INTERACTIVE) || (method & SSH_AUTH_METHOD_PASSWORD)) {
if (verbose || debug)
printf("[INFO] Successful, password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port);
printf("[INFO] Successful, password authentication is supported by ssh://%s:%d\n", hydra_address2string_beautiful(ip), port);
return 0;
}
fprintf(stderr, "[ERROR] target ssh://%s:%d/ does not support password authentication.\n", hydra_address2string(ip), port);
fprintf(stderr, "[ERROR] target ssh://%s:%d/ does not support password authentication.\n", hydra_address2string_beautiful(ip), port);
return 1;
#else
return 0;

19
hydra-sshkey.c
View file

@ -19,12 +19,12 @@ void dummy_sshkey() {
extern ssh_session session;
extern char *HYDRA_EXIT;
extern int new_session;
extern int32_t new_session;
int start_sshkey(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *key, keep_login[300];
int auth_state = 0, rc = 0;
int32_t auth_state = 0, rc = 0;
ssh_private_key privkey;
if (strlen(login = hydra_get_next_login()) == 0)
@ -108,8 +108,8 @@ int start_sshkey(int s, char *ip, int port, unsigned char options, char *miscptr
return 1;
}
void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -151,7 +151,7 @@ void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE
#endif
#endif
int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -164,3 +164,10 @@ int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr,
return 0;
}
void usage_sshkey(const char* service) {
printf("Module sshkey does not provide additional options, although the semantic for\n"
"options -p and -P is changed:\n"
" -p expects a path to an unencrypted private key in PEM format.\n"
" -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n");
}

29
hydra-svn.c
View file

@ -23,7 +23,7 @@ void dummy_svn() {
}
#else
extern int hydra_data_ready_timed(int socket, long sec, long usec);
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
extern char *HYDRA_EXIT;
@ -50,8 +50,8 @@ static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, vo
return SVN_NO_ERROR;
}
int start_svn(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int ipv6 = 0;
int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
//int32_t ipv6 = 0;
char URL[1024];
char URLBRANCH[256];
const char *canonical;
@ -71,8 +71,8 @@ int start_svn(int s, char *ip, int port, unsigned char options, char *miscptr, F
if (svn_cmdline_init("hydra", stderr) != EXIT_SUCCESS)
return 4;
if (ip[0] == 16)
ipv6 = 1;
//if (ip[0] == 16)
// ipv6 = 1;
pool = svn_pool_create(NULL);
@ -103,10 +103,7 @@ int start_svn(int s, char *ip, int port, unsigned char options, char *miscptr, F
svn_auth_open(&ctx->auth_baton, providers, pool);
revision.kind = svn_opt_revision_head;
if (ipv6)
snprintf(URL, sizeof(URL), "svn://[%s]:%d/%s", hydra_address2string(ip), port, URLBRANCH);
else
snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string(ip), port, URLBRANCH);
snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string_beautiful(ip), port, URLBRANCH);
dirents = SVN_DIRENT_KIND;
canonical = svn_uri_canonicalize(URL, pool);
//err = svn_client_list2(canonical, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool);
@ -145,9 +142,9 @@ int start_svn(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 3;
}
void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_SVN, mysslport = PORT_SVN_SSL;
void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_SVN, mysslport = PORT_SVN_SSL;
hydra_register_socket(sp);
@ -174,7 +171,7 @@ void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
@ -199,7 +196,7 @@ void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE *
#endif
int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -212,3 +209,7 @@ int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FIL
return 0;
}
void usage_svn(const char* service) {
printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n");
}

18
hydra-teamspeak.c
View file

@ -33,12 +33,12 @@ struct team_speak {
char login[29];
};
extern int hydra_data_ready_timed(int socket, long sec, long usec);
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
extern char *HYDRA_EXIT;
char *buf;
int start_teamspeak(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass;
char buf[100];
@ -87,11 +87,11 @@ int start_teamspeak(int s, char *ip, int port, unsigned char options, char *misc
hydra_completed_pair_found();
}
if (buf[0x4B] != 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
} else {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
@ -102,9 +102,9 @@ int start_teamspeak(int s, char *ip, int port, unsigned char options, char *misc
return 1;
}
void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_TEAMSPEAK;
void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_TEAMSPEAK;
hydra_register_socket(sp);
@ -123,7 +123,7 @@ void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, F
sock = hydra_connect_udp(ip, myport);
port = myport;
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
}
@ -142,7 +142,7 @@ void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, F
}
}
int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_teamspeak_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

36
hydra-telnet.c
View file

@ -3,12 +3,12 @@
extern char *HYDRA_EXIT;
char *buf;
int no_line_mode;
int32_t no_line_mode;
int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, buffer[300];
int i = 0;
int32_t i = 0;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
@ -36,7 +36,7 @@ int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr
if ((buf = hydra_receive_line(s)) == NULL)
return 1;
if (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || index(buf, '%') != NULL) {
if (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL) {
hydra_report_found_host(port, ip, "telnet", fp);
hydra_completed_pair_found();
free(buf);
@ -76,10 +76,10 @@ int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr
/*win7 answering with do terminal type = 0xfd 0x18 */
while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) {
if ((miscptr != NULL && strstr(buf, miscptr) != NULL)
|| (miscptr == NULL
&& (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL
|| (strstr(buf, " failed") == NULL && index(buf, '%') != NULL) || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) {
if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL &&
strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL &&
(index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL ||
index(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) {
hydra_report_found_host(port, ip, "telnet", fp);
hydra_completed_pair_found();
free(buf);
@ -89,15 +89,16 @@ int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr
}
free(buf);
}
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1, fck;
int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL;
void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1, fck;
int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -105,8 +106,8 @@ void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE
if (miscptr != NULL)
make_to_lower(miscptr);
while (1) {
int first = 0;
int old_waittime = waittime;
int32_t first = 0;
int32_t old_waittime = waittime;
switch (run) {
case 1: /* connect and service init function */
@ -127,7 +128,7 @@ void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
if ((buf = hydra_receive_line(sock)) == NULL) { /* check the first line */
@ -203,7 +204,7 @@ void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE
}
}
int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -216,3 +217,8 @@ int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr,
return 0;
}
void usage_telnet(const char* service) {
printf("Module telnet is optionally taking the string which is displayed after\n"
"a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n");
}

8
hydra-time.c
View file

@ -2,14 +2,14 @@
#ifndef _WIN32
#include <time.h>
int sleepn(time_t seconds)
int32_t sleepn(time_t seconds)
{
struct timespec ts;
ts.tv_sec = seconds;
ts.tv_nsec = 0;
return nanosleep(&ts, NULL);
}
int usleepn(long int milisec) {
int32_t usleepn(uint64_t milisec) {
struct timespec ts;
ts.tv_sec = milisec / 1000;
ts.tv_nsec = (milisec % 1000) * 1000000L;
@ -19,12 +19,12 @@ int usleepn(long int milisec) {
#else
#include <windows.h>
int sleepn(unsigned int seconds)
int32_t sleepn(uint32_t seconds)
{
return SleepEx(milisec*1000,TRUE);
}
int usleepn(unsigned int milisec)
int32_t usleepn(uint32_t milisec)
{
return SleepEx(milisec,TRUE);
}

12
hydra-vmauthd.c
View file

@ -10,7 +10,7 @@ extern char *HYDRA_EXIT;
char *buf;
int start_vmauthd(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_vmauthd(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "\"\"";
char *login, *pass, buffer[300];
@ -65,9 +65,9 @@ int start_vmauthd(int s, char *ip, int port, unsigned char options, char *miscpt
return 2;
}
void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_VMAUTHD, mysslport = PORT_VMAUTHD_SSL;
void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_VMAUTHD, mysslport = PORT_VMAUTHD_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -92,7 +92,7 @@ void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FIL
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
buf = hydra_receive_line(sock);
@ -142,7 +142,7 @@ void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FIL
}
}
int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_vmauthd_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

20
hydra-vnc.c
View file

@ -15,8 +15,8 @@
//for RFB 3.7 and onwards
#define RFB37 2
int vnc_client_version = RFB33;
int failed_auth = 0;
int32_t vnc_client_version = RFB33;
int32_t failed_auth = 0;
extern char *HYDRA_EXIT;
char *buf;
@ -28,7 +28,7 @@ char *buf;
void vncEncryptBytes(unsigned char *bytes, char *passwd) {
unsigned char key[8];
int i;
int32_t i;
/* key is simply password padded with nulls */
for (i = 0; i < 8; i++) {
@ -44,7 +44,7 @@ void vncEncryptBytes(unsigned char *bytes, char *passwd) {
}
}
int start_vnc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *pass;
unsigned char buf2[CHALLENGESIZE + 4];
@ -55,7 +55,7 @@ int start_vnc(int s, char *ip, int port, unsigned char options, char *miscptr, F
recv(s, buf2, CHALLENGESIZE + 4, 0);
if (vnc_client_version == RFB37) {
int i;
int32_t i;
//fprintf(stderr,"number of security types supported: %d\n", buf2[0]);
if (buf2[0] == 0 || buf2[0] > CHALLENGESIZE + 4) {
@ -143,9 +143,9 @@ int start_vnc(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 1; /* never reached */
}
void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_VNC, mysslport = PORT_VNC_SSL;
void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_VNC, mysslport = PORT_VNC_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -167,7 +167,7 @@ void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE *
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
usleepn(300);
@ -229,7 +229,7 @@ void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
}
int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.

37
hydra-xmpp.c
View file

@ -6,12 +6,12 @@
extern char *HYDRA_EXIT;
static char *domain = NULL;
int xmpp_auth_mechanism = AUTH_ERROR;
int32_t xmpp_auth_mechanism = AUTH_ERROR;
char *JABBER_CLIENT_INIT_STR = "<?xml version='1.0' ?><stream:stream to='";
char *JABBER_CLIENT_INIT_END_STR = "' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>";
int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "\"\"";
char *login, *pass, buffer[500], buffer2[500];
char *AUTH_STR = "<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='";
@ -65,7 +65,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
if (!ptr)
ptr = strstr(buf, CHALLENGE_STR2);
char *ptr_end = strstr(ptr, CHALLENGE_END_STR);
int chglen = ptr_end - ptr - strlen(CHALLENGE_STR);
int32_t chglen = ptr_end - ptr - strlen(CHALLENGE_STR);
if ((chglen > 0) && (chglen < sizeof(buffer2))) {
strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen);
@ -100,7 +100,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
if (!ptr)
ptr = strstr(buf, CHALLENGE_STR2);
char *ptr_end = strstr(ptr, CHALLENGE_END_STR);
int chglen = ptr_end - ptr - strlen(CHALLENGE_STR);
int32_t chglen = ptr_end - ptr - strlen(CHALLENGE_STR);
if ((chglen > 0) && (chglen < sizeof(buffer2))) {
strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen);
@ -133,7 +133,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
}
break;
case AUTH_CRAMMD5:{
int rc = 0;
int32_t rc = 0;
char *preplogin;
memset(buffer2, 0, sizeof(buffer2));
@ -173,7 +173,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
/*client-first-message */
char clientfirstmessagebare[200];
char *preplogin;
int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
free(buf);
@ -201,7 +201,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
if (!ptr)
ptr = strstr(buf, CHALLENGE_STR2);
char *ptr_end = strstr(ptr, CHALLENGE_END_STR);
int chglen = ptr_end - ptr - strlen(CHALLENGE_STR);
int32_t chglen = ptr_end - ptr - strlen(CHALLENGE_STR);
if ((chglen > 0) && (chglen < sizeof(buffer2))) {
strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen);
@ -278,10 +278,10 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
return 3;
}
void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int run = 1, next_run = 1, sock = -1, tls = 0;
void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1, tls = 0;
char buffer[500], *buf = NULL;
int myport = PORT_XMPP, mysslport = PORT_XMPP_SSL, disable_tls = 0;
int32_t myport = PORT_XMPP, mysslport = PORT_XMPP_SSL, disable_tls = 0;
char *enddomain = NULL;
//we have to pass the target here as the reverse dns resolution is not working for some servers
@ -325,7 +325,7 @@ void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *m
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
memset(buffer, 0, sizeof(buffer));
@ -338,8 +338,7 @@ void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *m
do {
if ((buf = hydra_receive_line(sock)) == NULL) {
/* no auth method identified */
hydra_report(stderr, "[ERROR] no authentication methods can be identified %s\n", buf);
free(buf);
hydra_report(stderr, "[ERROR] no authentication methods can be identified\n");
hydra_child_exit(1);
}
@ -385,10 +384,10 @@ void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *m
} while (xmpp_auth_mechanism == AUTH_ERROR);
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
int i;
int32_t i;
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
miscptr[i] = (char) toupper((int32_t) miscptr[i]);
if (strncmp(miscptr, "LOGIN", 5) == 0)
xmpp_auth_mechanism = AUTH_LOGIN;
@ -486,7 +485,7 @@ void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *m
}
}
int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
@ -499,3 +498,9 @@ int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FI
return 0;
}
void usage_xmpp(const char* service) {
printf("Module xmpp is optionally taking one authentication type of:\n"
" LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n"
"Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n");
}

56
hydra.1
View file

@ -1,33 +1,38 @@
.TH "HYDRA" "1" "24/05/2012"
.TH "HYDRA" "1" "01/03/2017"
.SH NAME
hydra \- a very fast network logon cracker which support many different services
.SH SYNOPSIS
.B hydra
[[[\-l LOGIN|\-L FILE] [\-p PASS|\-P FILE|\-x OPT]] | [\-C FILE]] [\-e nsr]
[\-u] [\-f] [\-F] [\-M FILE] [\-o FILE] [\-t TASKS] [\-w TIME] [\-W TIME]
[\-m OPTIONS] [\-s PORT] [\-S] [\-4/6] [\-vV] [\-d]
[[[\-l LOGIN|\-L FILE] [\-p PASS|\-P FILE|\-x OPT \-y]] | [\-C FILE]]
[\-e nsr] [\-u] [\-f|\-F] [\-M FILE] [\-o FILE] [\-b FORMAT]
[\-t TASKS] [\-T TASKS] [\-w TIME] [\-W TIME] [\-m OPTIONS] [\-s PORT]
[\-c TIME] [\-S] [\-O] [\-4|6] [\-I] [\-vV] [\-d]
server service [OPTIONS]
.br
.SH DESCRIPTION
Hydra is a parallized login cracker which supports numerous protocols
Hydra is a parallelized login cracker which supports numerous protocols
to attack. New modules are easy to add, beside that, it is flexible and
very fast.
This tool gives researchers and security consultants the possiblity to
This tool gives researchers and security consultants the possibility to
show how easy it would be to gain unauthorized access from remote to a
system.
Currently this tool supports:
AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, FTPS,
HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY,
HTTP-PROXY-URLENUM, ICQ, IMAP, IRC, LDAP2, LDAP3, MS-SQL, MYSQL, NCP, NNTP,
Oracle, Oracle-Listener, Oracle-SID, PC-Anywhere, PCNFS, POP3, POSTGRES,
RDP, REXEC, RLOGIN, RSH, SAP/R3, SIP, SMB, SMTP, SMTP-Enum, SNMP,
SOCKS5, SSH(v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet,
VMware-Auth, VNC and XMPP.
For most protocols, SSL mode is available (e.g. https-get, ftp-ssl, etc.)
adam6500 afp asterisk cisco cisco-enable cvs firebird ftp ftps
http[s]-{head|get|post} http[s]-{get|post}-form http-proxy
http-proxy-urlenum icq imap[s] irc ldap2[s]
ldap3[-{cram|digest}md5][s] mssql mysql(v4) mysql5 ncp nntp
oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s]
postgres rdp redis rexec rlogin rpcap rsh rtsp s7-300 sapr3 sip
smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s]
vmauthd vnc xmpp
For most protocols SSL is supported (e.g. https-get, ftp-ssl, etc.).
If not all necessary libraries are found during compile time, your
available services will be less. Type "hydra" to see what is available.
available services will be less.
Type "hydra" to see what is available.
.SH Options
.TP
.B target
@ -42,11 +47,16 @@ Some modules have optional or mandatory options. type "hydra \-U <servicename>"
.TP
.B \-R
restore a previously aborted session. Requires a hydra.restore file was
written. No other options are allowed when using \-R
written. Options are restored, but can be changed by setting them after
\-R on the command line
.TP
.B \-S
connect via SSL
.TP
.TP
.B \-O
use old SSL v2 and v3
.TP
.B \-s PORT
if the service is on a different default port, define it here
.TP
@ -64,6 +74,9 @@ generate passwords from min to max length. charset can contain 1
The generated passwords will be of length 1 to 2 and contain
lowcase letters, numbers and/or percent signs and dots.
.TP
.B \-y
disable use of symbols in \-x bruteforce, see above
.TP
.B \-e nsr
additional checks, "n" for null password, "s" try login as pass, "r" try the reverse login as pass
.TP
@ -87,6 +100,9 @@ server list for parallel attacks, one entry per line
.B \-o FILE
write found login/password pairs to FILE instead of stdout
.TP
.B \-b FORMAT
specify the format for the \-o FILE: text(default), json, jsonv1
.TP
.B \-t TASKS
run TASKS number of connects in parallel (default: 16)
.TP
@ -100,14 +116,22 @@ defines the max wait time in seconds for responses (default: 32)
defines a wait time between each connection a task performs. This usually
only makes sense if a low task number is used, .e.g \-t 1
.TP
.B \-c TIME
the wait time in seconds per login attempt over all threads (-t 1 is recommended)
This usually only makes sense if a low task number is used, .e.g \-t 1
.TP
.B \-4 / \-6
prefer IPv4 (default) or IPv6 addresses
.TP
.B \-v / \-V
verbose mode / show login+pass combination for each attempt
.TP
.B \-d
debug mode
.TP
.B \-I
ignore an existing restore file (dont wait 10 seconds)
.TP
.B \-h, \-\-help
Show summary of options.
.SH SEE ALSO

2108
hydra.c
View file

File diff suppressed because it is too large Load diff

33
hydra.h Normal file → Executable file
View file

@ -1,6 +1,13 @@
#ifndef _HYDRA_H
#include <stdio.h>
#ifdef __sun
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#else
#include <stdint.h>
#endif
#include <string.h>
#include <stdarg.h>
#include <unistd.h>
@ -23,20 +30,20 @@
#include <errno.h>
#ifdef HAVE_OPENSSL
#define HYDRA_SSL
#define HYDRA_SSL
#endif
#ifdef HAVE_SSL
#ifndef HYDRA_SSL
#define HYDRA_SSL
#endif
#ifndef HYDRA_SSL
#define HYDRA_SSL
#endif
#endif
#ifdef LIBSSH
#include <libssh/libssh.h>
#include <libssh/libssh.h>
#endif
#ifdef HAVE_ZLIB
#include <zlib.h>
#include <zlib.h>
#endif
#define OPTION_SSL 1
@ -142,21 +149,17 @@
#define True 1
#ifndef INET_ADDRSTRLEN
#define INET_ADDRSTRLEN 16
#define INET_ADDRSTRLEN 16
#endif
#define MAX_PROXY_COUNT 64
#ifndef _WIN32
int sleepn(time_t seconds);
int usleepn(long int useconds);
int32_t sleepn(time_t seconds);
int32_t usleepn(uint64_t useconds);
#else
int sleepn(unsigned int seconds);
int usleepn(unsigned int useconds);
int32_t sleepn(uint32_t seconds);
int32_t usleepn(uint32_t useconds);
#endif
#define _HYDRA_H

132
libpq-fe.h
View file

@ -119,7 +119,7 @@ extern "C" {
*/
typedef struct pgNotify {
char *relname; /* notification condition name */
int be_pid; /* process ID of server process */
int32_t be_pid; /* process ID of server process */
char *extra; /* notification parameter */
} PGnotify;
@ -164,7 +164,7 @@ extern "C" {
* Display entered value as is "*"
* Password field - hide value "D" Debug
* option - don't show by default */
int dispsize; /* Field size in characters for dialog */
int32_t dispsize; /* Field size in characters for dialog */
} PQconninfoOption;
/* ----------------
@ -172,11 +172,11 @@ extern "C" {
* ----------------
*/
typedef struct {
int len;
int isint;
int32_t len;
int32_t isint;
union {
int *ptr; /* can't use void (dec compiler barfs) */
int integer;
int32_t *ptr; /* can't use void (dec compiler barfs) */
int32_t integer;
} u;
} PQArgBlock;
@ -215,14 +215,14 @@ extern "C" {
*/
/* Asynchronous (non-blocking) */
extern int PQresetStart(PGconn * conn);
extern int32_t PQresetStart(PGconn * conn);
extern PostgresPollingStatusType PQresetPoll(PGconn * conn);
/* Synchronous (blocking) */
extern void PQreset(PGconn * conn);
/* issue a cancel request */
extern int PQrequestCancel(PGconn * conn);
extern int32_t PQrequestCancel(PGconn * conn);
/* Accessor functions for PGconn objects */
extern char *PQdb(const PGconn * conn);
@ -235,12 +235,12 @@ extern "C" {
extern ConnStatusType PQstatus(const PGconn * conn);
extern PGTransactionStatusType PQtransactionStatus(const PGconn * conn);
extern const char *PQparameterStatus(const PGconn * conn, const char *paramName);
extern int PQprotocolVersion(const PGconn * conn);
extern int32_t PQprotocolVersion(const PGconn * conn);
extern char *PQerrorMessage(const PGconn * conn);
extern int PQsocket(const PGconn * conn);
extern int PQbackendPID(const PGconn * conn);
extern int PQclientEncoding(const PGconn * conn);
extern int PQsetClientEncoding(PGconn * conn, const char *encoding);
extern int32_t PQsocket(const PGconn * conn);
extern int32_t PQbackendPID(const PGconn * conn);
extern int32_t PQclientEncoding(const PGconn * conn);
extern int32_t PQsetClientEncoding(PGconn * conn, const char *encoding);
#ifdef USE_SSL
@ -265,74 +265,74 @@ extern "C" {
extern PGresult *PQexec(PGconn * conn, const char *query);
extern PGresult *PQexecParams(PGconn * conn,
const char *command,
int nParams, const Oid * paramTypes, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat);
int32_t nParams, const Oid * paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
extern PGresult *PQexecPrepared(PGconn * conn,
const char *stmtName, int nParams, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat);
const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
/* Interface for multiple-result or asynchronous queries */
extern int PQsendQuery(PGconn * conn, const char *query);
extern int PQsendQueryParams(PGconn * conn,
extern int32_t PQsendQuery(PGconn * conn, const char *query);
extern int32_t PQsendQueryParams(PGconn * conn,
const char *command,
int nParams, const Oid * paramTypes, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat);
extern int PQsendQueryPrepared(PGconn * conn,
const char *stmtName, int nParams, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat);
int32_t nParams, const Oid * paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
extern int32_t PQsendQueryPrepared(PGconn * conn,
const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
extern PGresult *PQgetResult(PGconn * conn);
/* Routines for managing an asynchronous query */
extern int PQisBusy(PGconn * conn);
extern int PQconsumeInput(PGconn * conn);
extern int32_t PQisBusy(PGconn * conn);
extern int32_t PQconsumeInput(PGconn * conn);
/* LISTEN/NOTIFY support */
extern PGnotify *PQnotifies(PGconn * conn);
/* Routines for copy in/out */
extern int PQputCopyData(PGconn * conn, const char *buffer, int nbytes);
extern int PQputCopyEnd(PGconn * conn, const char *errormsg);
extern int PQgetCopyData(PGconn * conn, char **buffer, int async);
extern int32_t PQputCopyData(PGconn * conn, const char *buffer, int32_t nbytes);
extern int32_t PQputCopyEnd(PGconn * conn, const char *errormsg);
extern int32_t PQgetCopyData(PGconn * conn, char **buffer, int32_t async);
/* Deprecated routines for copy in/out */
extern int PQgetline(PGconn * conn, char *string, int length);
extern int PQputline(PGconn * conn, const char *string);
extern int PQgetlineAsync(PGconn * conn, char *buffer, int bufsize);
extern int PQputnbytes(PGconn * conn, const char *buffer, int nbytes);
extern int PQendcopy(PGconn * conn);
extern int32_t PQgetline(PGconn * conn, char *string, int32_t length);
extern int32_t PQputline(PGconn * conn, const char *string);
extern int32_t PQgetlineAsync(PGconn * conn, char *buffer, int32_t bufsize);
extern int32_t PQputnbytes(PGconn * conn, const char *buffer, int32_t nbytes);
extern int32_t PQendcopy(PGconn * conn);
/* Set blocking/nonblocking connection to the backend */
extern int PQsetnonblocking(PGconn * conn, int arg);
extern int PQisnonblocking(const PGconn * conn);
extern int32_t PQsetnonblocking(PGconn * conn, int32_t arg);
extern int32_t PQisnonblocking(const PGconn * conn);
/* Force the write buffer to be written (or at least try) */
extern int PQflush(PGconn * conn);
extern int32_t PQflush(PGconn * conn);
/*
* "Fast path" interface --- not really recommended for application
* use
*/
extern PGresult *PQfn(PGconn * conn, int fnid, int *result_buf, int *result_len, int result_is_int, const PQArgBlock * args, int nargs);
extern PGresult *PQfn(PGconn * conn, int32_t fnid, int32_t *result_buf, int32_t *result_len, int32_t result_is_int, const PQArgBlock * args, int32_t nargs);
/* Accessor functions for PGresult objects */
extern ExecStatusType PQresultStatus(const PGresult * res);
extern char *PQresStatus(ExecStatusType status);
extern char *PQresultErrorMessage(const PGresult * res);
extern char *PQresultErrorField(const PGresult * res, int fieldcode);
extern int PQntuples(const PGresult * res);
extern int PQnfields(const PGresult * res);
extern int PQbinaryTuples(const PGresult * res);
extern char *PQfname(const PGresult * res, int field_num);
extern int PQfnumber(const PGresult * res, const char *field_name);
extern Oid PQftable(const PGresult * res, int field_num);
extern int PQftablecol(const PGresult * res, int field_num);
extern int PQfformat(const PGresult * res, int field_num);
extern Oid PQftype(const PGresult * res, int field_num);
extern int PQfsize(const PGresult * res, int field_num);
extern int PQfmod(const PGresult * res, int field_num);
extern char *PQresultErrorField(const PGresult * res, int32_t fieldcode);
extern int32_t PQntuples(const PGresult * res);
extern int32_t PQnfields(const PGresult * res);
extern int32_t PQbinaryTuples(const PGresult * res);
extern char *PQfname(const PGresult * res, int32_t field_num);
extern int32_t PQfnumber(const PGresult * res, const char *field_name);
extern Oid PQftable(const PGresult * res, int32_t field_num);
extern int32_t PQftablecol(const PGresult * res, int32_t field_num);
extern int32_t PQfformat(const PGresult * res, int32_t field_num);
extern Oid PQftype(const PGresult * res, int32_t field_num);
extern int32_t PQfsize(const PGresult * res, int32_t field_num);
extern int32_t PQfmod(const PGresult * res, int32_t field_num);
extern char *PQcmdStatus(PGresult * res);
extern char *PQoidStatus(const PGresult * res); /* old and ugly */
extern Oid PQoidValue(const PGresult * res); /* new and improved */
extern char *PQcmdTuples(PGresult * res);
extern char *PQgetvalue(const PGresult * res, int tup_num, int field_num);
extern int PQgetlength(const PGresult * res, int tup_num, int field_num);
extern int PQgetisnull(const PGresult * res, int tup_num, int field_num);
extern char *PQgetvalue(const PGresult * res, int32_t tup_num, int32_t field_num);
extern int32_t PQgetlength(const PGresult * res, int32_t tup_num, int32_t field_num);
extern int32_t PQgetisnull(const PGresult * res, int32_t tup_num, int32_t field_num);
/* Delete a PGresult */
extern void PQclear(PGresult * res);
@ -369,40 +369,40 @@ extern "C" {
*/
extern void
PQdisplayTuples(const PGresult * res, FILE * fp, /* where to send the output */
int fillAlign, /* pad the fields with spaces */
int32_t fillAlign, /* pad the fields with spaces */
const char *fieldSep, /* field separator */
int printHeader, /* display headers? */
int quiet);
int32_t printHeader, /* display headers? */
int32_t quiet);
extern void
PQprintTuples(const PGresult * res, FILE * fout, /* output stream */
int printAttName, /* print attribute names */
int terseOutput, /* delimiter bars */
int width); /* width of column, if 0, use variable
int32_t printAttName, /* print attribute names */
int32_t terseOutput, /* delimiter bars */
int32_t width); /* width of column, if 0, use variable
* width */
/* === in fe-lobj.c === */
/* Large-object access routines */
extern int lo_open(PGconn * conn, Oid lobjId, int mode);
extern int lo_close(PGconn * conn, int fd);
extern int lo_read(PGconn * conn, int fd, char *buf, size_t len);
extern int lo_write(PGconn * conn, int fd, char *buf, size_t len);
extern int lo_lseek(PGconn * conn, int fd, int offset, int whence);
extern Oid lo_creat(PGconn * conn, int mode);
extern int lo_tell(PGconn * conn, int fd);
extern int lo_unlink(PGconn * conn, Oid lobjId);
extern int32_t lo_open(PGconn * conn, Oid lobjId, int32_t mode);
extern int32_t lo_close(PGconn * conn, int32_t fd);
extern int32_t lo_read(PGconn * conn, int32_t fd, char *buf, size_t len);
extern int32_t lo_write(PGconn * conn, int32_t fd, char *buf, size_t len);
extern int32_t lo_lseek(PGconn * conn, int32_t fd, int32_t offset, int32_t whence);
extern Oid lo_creat(PGconn * conn, int32_t mode);
extern int32_t lo_tell(PGconn * conn, int32_t fd);
extern int32_t lo_unlink(PGconn * conn, Oid lobjId);
extern Oid lo_import(PGconn * conn, const char *filename);
extern int lo_export(PGconn * conn, Oid lobjId, const char *filename);
extern int32_t lo_export(PGconn * conn, Oid lobjId, const char *filename);
/* === in fe-misc.c === */
/* Determine length of multibyte encoded char at *s */
extern int PQmblen(const unsigned char *s, int encoding);
extern int32_t PQmblen(const unsigned char *s, int32_t encoding);
/* Get encoding id from environment variable PGCLIENTENCODING */
extern int PQenv2encoding(void);
extern int32_t PQenv2encoding(void);
#ifdef __cplusplus
}

98
ntlm.c
View file

@ -54,7 +54,7 @@
/*
This file implements macros for machine independent short and
int manipulation
int32_t manipulation
Here is a description of this file that I emailed to the samba list once:
@ -72,7 +72,7 @@ an optimisation. You can take it out completely and it will make no
difference. The routines (macros) in byteorder.h are totally byteorder
independent. The 386 optimsation just takes advantage of the fact that
the x86 processors don't care about alignment, so we don't have to
align ints on int boundaries etc. If there are other processors out
align ints on int32_t boundaries etc. If there are other processors out
there that aren't alignment sensitive then you could also define
CAREFUL_ALIGNMENT=0 on those processors as well.
@ -81,7 +81,7 @@ want to extract a 2 byte integer from a SMB packet and put it into a
type called uint16 that is in the local machines byte order, and you
want to do it with only the assumption that uint16 is _at_least_ 16
bits long (this last condition is very important for architectures
that don't have any int types that are 2 bytes long)
that don't have any int32_t types that are 2 bytes long)
You do this:
@ -207,10 +207,10 @@ it also defines lots of intermediate macros, just ignore those :-)
/* macros for reading / writing arrays */
#define SMBMACRO(macro,buf,pos,val,len,size) \
{ int l; for (l = 0; l < (len); l++) (val)[l] = macro((buf), (pos) + (size)*l); }
{ int32_t l; for (l = 0; l < (len); l++) (val)[l] = macro((buf), (pos) + (size)*l); }
#define SSMBMACRO(macro,buf,pos,val,len,size) \
{ int l; for (l = 0; l < (len); l++) macro((buf), (pos) + (size)*l, (val)[l]); }
{ int32_t l; for (l = 0; l < (len); l++) macro((buf), (pos) + (size)*l, (val)[l]); }
/* reads multiple data from an SMB buffer */
#define PCVAL(buf,pos,val,len) SMBMACRO(CVAL,buf,pos,val,len,1)
@ -259,7 +259,7 @@ it also defines lots of intermediate macros, just ignore those :-)
DEBUG(5,("%s%04x %s: ", \
tab_depth(depth), base,string)); \
if (charmode) print_asc(5, (unsigned char*)(outbuf), (len)); else \
{ int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (outbuf)[idx])); } } \
{ int32_t idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (outbuf)[idx])); } } \
DEBUG(5,("\n")); }
#define DBG_RW_PSVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \
@ -267,7 +267,7 @@ it also defines lots of intermediate macros, just ignore those :-)
DEBUG(5,("%s%04x %s: ", \
tab_depth(depth), base,string)); \
if (charmode) print_asc(5, (unsigned char*)(outbuf), 2*(len)); else \
{ int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (outbuf)[idx])); } } \
{ int32_t idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (outbuf)[idx])); } } \
DEBUG(5,("\n")); }
#define DBG_RW_PIVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \
@ -275,7 +275,7 @@ it also defines lots of intermediate macros, just ignore those :-)
DEBUG(5,("%s%04x %s: ", \
tab_depth(depth), base,string)); \
if (charmode) print_asc(5, (unsigned char*)(outbuf), 4*(len)); else \
{ int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (outbuf)[idx])); } } \
{ int32_t idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (outbuf)[idx])); } } \
DEBUG(5,("\n")); }
#define DBG_RW_CVAL(string,depth,base,read,inbuf,outbuf) \
@ -300,7 +300,7 @@ it also defines lots of intermediate macros, just ignore those :-)
/* NOTE: This code makes no attempt to be fast!
It assumes that a int is at least 32 bits long
It assumes that a int32_t is at least 32 bits long
*/
static uint32 A, B, C, D;
@ -317,7 +317,7 @@ static uint32 H(uint32 X, uint32 Y, uint32 Z) {
return X ^ Y ^ Z;
}
static uint32 lshift(uint32 x, int s) {
static uint32 lshift(uint32 x, int32_t s) {
x &= 0xFFFFFFFF;
return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s));
}
@ -328,7 +328,7 @@ static uint32 lshift(uint32 x, int s) {
/* this applies md4 to 64 byte chunks */
static void mdfour64(uint32 * M) {
int j;
int32_t j;
uint32 AA, BB, CC, DD;
uint32 X[16];
@ -406,7 +406,7 @@ static void mdfour64(uint32 * M) {
}
static void copy64(uint32 * M, unsigned char *in) {
int i;
int32_t i;
for (i = 0; i < 16; i++)
M[i] = (in[i * 4 + 3] << 24) | (in[i * 4 + 2] << 16) | (in[i * 4 + 1] << 8) | (in[i * 4 + 0] << 0);
@ -420,11 +420,11 @@ static void copy4(unsigned char *out, uint32 x) {
}
/* produce a md4 message digest from data of length n bytes */
void mdfour(unsigned char *out, unsigned char *in, int n) {
void mdfour(unsigned char *out, unsigned char *in, int32_t n) {
unsigned char buf[128];
uint32 M[16];
uint32 b = n * 8;
int i;
int32_t i;
A = 0x67452301;
B = 0xefcdab89;
@ -577,16 +577,16 @@ static uchar sbox[8][4][16] = {
{2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}
};
static void permute(char *out, char *in, uchar * p, int n) {
int i;
static void permute(char *out, char *in, uchar * p, int32_t n) {
int32_t i;
for (i = 0; i < n; i++)
out[i] = in[p[i] - 1];
}
static void l_shift(char *d, int count, int n) {
static void l_shift(char *d, int32_t count, int32_t n) {
char out[64];
int i;
int32_t i;
for (i = 0; i < n; i++)
out[i] = d[(i + count) % n];
@ -594,22 +594,22 @@ static void l_shift(char *d, int count, int n) {
d[i] = out[i];
}
static void concat(char *out, char *in1, char *in2, int l1, int l2) {
static void concat(char *out, char *in1, char *in2, int32_t l1, int32_t l2) {
while (l1--)
*out++ = *in1++;
while (l2--)
*out++ = *in2++;
}
void xor(char *out, char *in1, char *in2, int n) {
int i;
void xor(char *out, char *in1, char *in2, int32_t n) {
int32_t i;
for (i = 0; i < n; i++)
out[i] = in1[i] ^ in2[i];
}
static void dohash(char *out, char *in, char *key, int forw) {
int i, j, k;
static void dohash(char *out, char *in, char *key, int32_t forw) {
int32_t i, j, k;
char pk1[56];
char c[28];
char d[28];
@ -658,7 +658,7 @@ static void dohash(char *out, char *in, char *key, int forw) {
b[j][k] = erk[j * 6 + k];
for (j = 0; j < 8; j++) {
int m, n;
int32_t m, n;
m = (b[j][0] << 1) | b[j][5];
@ -688,7 +688,7 @@ static void dohash(char *out, char *in, char *key, int forw) {
}
static void str_to_key(unsigned char *str, unsigned char *key) {
int i;
int32_t i;
key[0] = str[0] >> 1;
key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2);
@ -704,8 +704,8 @@ static void str_to_key(unsigned char *str, unsigned char *key) {
}
static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int forw) {
int i;
static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int32_t forw) {
int32_t i;
char outb[64];
char inb[64];
char keyb[64];
@ -769,7 +769,7 @@ void cred_hash2(unsigned char *out, unsigned char *in, unsigned char *key) {
smbhash(out, buf, key2, 1);
}
void cred_hash3(unsigned char *out, unsigned char *in, unsigned char *key, int forw) {
void cred_hash3(unsigned char *out, unsigned char *in, unsigned char *key, int32_t forw) {
static unsigned char key2[8];
smbhash(out, in, key, forw);
@ -777,12 +777,12 @@ void cred_hash3(unsigned char *out, unsigned char *in, unsigned char *key, int f
smbhash(out + 8, in + 8, key2, forw);
}
void SamOEMhash(unsigned char *data, unsigned char *key, int val) {
void SamOEMhash(unsigned char *data, unsigned char *key, int32_t val) {
unsigned char s_box[256];
unsigned char index_i = 0;
unsigned char index_j = 0;
unsigned char j = 0;
int ind;
int32_t ind;
for (ind = 0; ind < 256; ind++) {
s_box[ind] = (unsigned char) ind;
@ -861,7 +861,7 @@ char *safe_strcpy(char *dest, const char *src, size_t maxlength) {
len = strlen(src);
if (len > maxlength) {
DEBUG(0, ("Error: string overflow by %d in safe_strcpy [%.50s]\n", (int) (len - maxlength), src));
DEBUG(0, ("Error: string overflow by %d in safe_strcpy [%.50s]\n", (int32_t) (len - maxlength), src));
len = maxlength;
}
@ -879,8 +879,8 @@ void strupper(char *s) {
if (skip != 0)
s += skip;
else {
if (islower((int) *s))
*s = toupper((int) *s);
if (islower((int32_t) *s))
*s = toupper((int32_t) *s);
s++;
}
}
@ -916,8 +916,8 @@ void SMBencrypt(uchar * passwd, uchar * c8, uchar * p24) {
}
/* Routines for Windows NT MD4 Hash functions. */
static int _my_wcslen(int16 * str) {
int len = 0;
static int32_t _my_wcslen(int16 * str) {
int32_t len = 0;
while (*str++ != 0)
len++;
@ -931,8 +931,8 @@ static int _my_wcslen(int16 * str) {
* format.
*/
static int _my_mbstowcs(int16 * dst, uchar * src, int len) {
int i;
static int32_t _my_mbstowcs(int16 * dst, uchar * src, int32_t len) {
int32_t i;
int16 val;
for (i = 0; i < len; i++) {
@ -951,7 +951,7 @@ static int _my_mbstowcs(int16 * dst, uchar * src, int len) {
*/
void E_md4hash(uchar * passwd, uchar * p16) {
int len;
int32_t len;
int16 wpwd[129];
/* Password cannot be longer than 128 characters */
@ -1051,7 +1051,7 @@ void SMBNTencrypt(uchar * passwd, uchar * c8, uchar * p24) {
#if 0
BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode) {
int new_pw_len = strlen(passwd) * (unicode ? 2 : 1);
int32_t new_pw_len = strlen(passwd) * (unicode ? 2 : 1);
if (new_pw_len > 512) {
DEBUG(0, ("make_oem_passwd_hash: new password is too long.\n"));
@ -1134,7 +1134,7 @@ else \
#define AddString(ptr, header, string) \
{ \
char *p = string; \
int len = 0; \
int32_t len = 0; \
if (p) len = strlen(p); \
AddBytes(ptr, header, ((unsigned char*)p), len); \
}
@ -1143,7 +1143,7 @@ AddBytes(ptr, header, ((unsigned char*)p), len); \
{ \
char *p = string; \
unsigned char *b = NULL; \
int len = 0; \
int32_t len = 0; \
if (p) \
{ \
len = strlen(p); \
@ -1162,21 +1162,21 @@ dumpRaw(fp,((unsigned char*)structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&s
static void dumpRaw(FILE * fp, unsigned char *buf, size_t len) {
int i;
int32_t i;
for (i = 0; i < (signed int) len; ++i)
for (i = 0; i < (int32_t) len; ++i)
fprintf(fp, "%02x ", buf[i]);
fprintf(fp, "\n");
}
static char *unicodeToString(char *p, size_t len) {
int i;
int32_t i;
static char buf[4096];
assert(len + 1 < sizeof buf);
for (i = 0; i < (signed int) len; ++i) {
for (i = 0; i < (int32_t) len; ++i) {
buf[i] = *p & 0x7f;
p += 2;
}
@ -1188,7 +1188,7 @@ static char *unicodeToString(char *p, size_t len) {
static unsigned char *strToUnicode(char *p) {
static unsigned char buf[4096];
size_t l = strlen(p);
int i = 0;
int32_t i = 0;
assert(l * 2 < sizeof buf);
@ -1377,7 +1377,7 @@ static const char base64val[] = {
#define DECODE64(c) (isascii(c) ? base64val[c] : BAD)
void to64frombits(unsigned char *out, const unsigned char *in, int inlen)
void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen)
/* raw bytes in quasi-big-endian order to base 64 string (NUL-terminated) */
{
@ -1402,11 +1402,11 @@ void to64frombits(unsigned char *out, const unsigned char *in, int inlen)
*out = '\0';
}
int from64tobits(char *out, const char *in)
int32_t from64tobits(char *out, const char *in)
/* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */
{
int len = 0;
int32_t len = 0;
register unsigned char digit1, digit2, digit3, digit4;
if (in[0] == '+' && in[1] == ' ')

21
ntlm.h
View file

@ -1,4 +1,3 @@
/* $Id$
Single file NTLM system to create and parse authentication messages.
@ -52,8 +51,8 @@
included bonus!!:
Base64 code
int from64tobits(char *out, const char *in);
void to64frombits(unsigned char *out, const unsigned char *in, int inlen);
int32_t from64tobits(char *out, const char *in);
void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen);
@ -66,8 +65,16 @@
* These structures are byte-order dependant, and should not
* be manipulated except by the use of the routines provided
*/
#ifdef __sun
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#else
#include <stdint.h>
#endif
typedef unsigned short uint16;
typedef unsigned int uint32;
typedef uint32_t uint32;
typedef unsigned char uint8;
typedef struct {
@ -131,10 +138,10 @@ void buildAuthResponse(tSmbNtlmAuthChallenge * challenge, tSmbNtlmAuthResponse *
//flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication
/* Base64 code*/
int from64tobits(char *out, const char *in);
void to64frombits(unsigned char *out, const unsigned char *in, int inlen);
int32_t from64tobits(char *out, const char *in);
void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen);
void xor(char *out, char *in1, char *in2, int n);
void xor(char *out, char *in1, char *in2, int32_t n);
// info functions
void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request);

14
performance.h
View file

@ -7,8 +7,8 @@
#include <fcntl.h>
/* handles select errors */
int my_select(int fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec) {
int ret_val;
int32_t my_select(int32_t fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec) {
int32_t ret_val;
struct timeval stv;
fd_set *fdr2, *fdw2, *fde2;
@ -28,13 +28,13 @@ int my_select(int fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec
}
/*reads in a non-blocking way*/
ssize_t read_safe(int fd, void *buffer, size_t len) {
int r = 0;
int total = 0;
int toread = len;
ssize_t read_safe(int32_t fd, void *buffer, size_t len) {
int32_t r = 0;
int32_t total = 0;
uint32_t toread = len;
fd_set fr;
struct timeval tv;
int ret = 0;
int32_t ret = 0;
(void)fcntl(fd, F_SETFL, O_NONBLOCK);
do {

4
postgres_ext.h
View file

@ -27,7 +27,7 @@
/*
* Object ID is a fundamental type in Postgres.
*/
typedef unsigned int Oid;
typedef uint32_t Oid;
#ifdef __cplusplus
#define InvalidOid (Oid(0))
@ -43,7 +43,7 @@ typedef unsigned int Oid;
/*
* NAMEDATALEN is the max length for system identifiers (e.g. table names,
* attribute names, function names, etc). It must be a multiple of
* sizeof(int) (typically 4).
* sizeof(int32_t) (typically 4).
*
* NOTE that databases with different NAMEDATALEN's cannot interoperate!
*/

12
pw-inspector.c
View file

@ -36,10 +36,10 @@ void help() {
exit(-1);
}
int main(int argc, char *argv[]) {
int i, j, k;
int sets = 0, countsets = 0, minlen = 0, maxlen = MAXLENGTH, count = 0;
int set_low = 0, set_up = 0, set_no = 0, set_print = 0, set_other = 0;
int32_t main(int32_t argc, char *argv[]) {
int32_t i, j, k;
int32_t sets = 0, countsets = 0, minlen = 0, maxlen = MAXLENGTH, count = 0;
int32_t set_low = 0, set_up = 0, set_no = 0, set_print = 0, set_other = 0;
FILE *in = stdin, *out = stdout;
char buf[MAXLENGTH + 1];
@ -136,7 +136,7 @@ int main(int argc, char *argv[]) {
if (set_print) {
j = 0;
for (k = 0; k < strlen(buf); k++)
if (isprint((int) buf[k]) != 0 && isalnum((int) buf[k]) == 0)
if (isprint((int32_t) buf[k]) != 0 && isalnum((int32_t) buf[k]) == 0)
j = 1;
if (j)
i++;
@ -144,7 +144,7 @@ int main(int argc, char *argv[]) {
if (set_other) {
j = 0;
for (k = 0; k < strlen(buf); k++)
if (isprint((int) buf[k]) == 0 && isalnum((int) buf[k]) == 0)
if (isprint((int32_t) buf[k]) == 0 && isalnum((int32_t) buf[k]) == 0)
j = 1;
if (j)
i++;

24
rdp.h
View file

@ -30,7 +30,7 @@
#include <windows.h>
#include <winsock.h>
#include <time.h>
#define DIR int
#define DIR int32_t
#else
#include <dirent.h>
#include <sys/time.h>
@ -142,7 +142,7 @@ typedef struct stream
unsigned char *p;
unsigned char *end;
unsigned char *data;
unsigned int size;
uint32_t size;
/* Offsets of various headers */
unsigned char *iso_hdr;
@ -216,8 +216,8 @@ typedef unsigned char uint8;
typedef signed char sint8;
typedef unsigned short uint16;
typedef signed short sint16;
typedef unsigned int uint32;
typedef signed int sint32;
typedef uint32_t uint32;
typedef int32_t sint32;
typedef struct _BOUNDS
{
@ -579,14 +579,14 @@ enum RDP_UPDATE_PDU_TYPE
#define RDP_INPUT_SCANCODE 4
/* iso.c */
STREAM iso_init(int length);
STREAM iso_init(int32_t length);
void iso_send(STREAM s);
STREAM iso_recv(uint8 * rdpver);
BOOL iso_connect(char *server, char *username, BOOL reconnect);
void iso_disconnect(void);
void iso_reset_state(void);
/* mcs.c */
STREAM mcs_init(int length);
STREAM mcs_init(int32_t length);
void mcs_send_to_channel(STREAM s, uint16 channel);
void mcs_send(STREAM s);
STREAM mcs_recv(uint16 * channel, uint8 * rdpver);
@ -598,14 +598,14 @@ void process_orders(STREAM s, uint16 num_orders);
void reset_order_state(void);
/* rdesktop.c */
void generate_random(uint8 * random);
void *xmalloc(int size);
void *xmalloc(int32_t size);
void exit_if_null(void *ptr);
char *xstrdup(const char *s);
void *xrealloc(void *oldmem, size_t size);
void error(char *format, ...);
void warning(char *format, ...);
void unimpl(char *format, ...);
void hexdump(unsigned char *p, unsigned int len);
void hexdump(unsigned char *p, uint32_t len);
/* rdp.c */
static void process_demand_active(STREAM s);
static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason);
@ -613,10 +613,10 @@ static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason);
void sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt);
void sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2);
void buf_out_uint32(uint8 * buffer, uint32 value);
void sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data,
int datalen);
void sec_decrypt(uint8 * data, int length);
STREAM sec_init(uint32 flags, int maxlen);
void sec_sign(uint8 * signature, int32_t siglen, uint8 * session_key, int32_t keylen, uint8 * data,
int32_t datalen);
void sec_decrypt(uint8 * data, int32_t length);
STREAM sec_init(uint32 flags, int32_t maxlen);
void sec_send_to_channel(STREAM s, uint32 flags, uint16 channel);
void sec_send(STREAM s, uint32 flags);
void sec_process_mcs_data(STREAM s);

60
sasl.c
View file

@ -1,14 +1,14 @@
#include "sasl.h"
extern int selected_proxy;
extern int32_t selected_proxy;
/*
print_hex is used for debug
it displays the string buf hexa values of size len
*/
int print_hex(unsigned char *buf, int len) {
int i;
int n;
int32_t print_hex(unsigned char *buf, int32_t len) {
int32_t i;
int32_t n;
for (i = 0, n = 0; i < len; i++) {
if (n > 7) {
@ -26,9 +26,9 @@ int print_hex(unsigned char *buf, int len) {
RFC 4013: SASLprep: Stringprep Profile for User Names and Passwords
code based on gsasl_saslprep from GSASL project
*/
int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out) {
int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out) {
#if LIBIDN
int rc;
int32_t rc;
rc = stringprep_profile(in, out, "SASLprep", (flags & SASL_ALLOW_UNASSIGNED) ? STRINGPREP_NO_UNASSIGNED : 0);
if (rc != STRINGPREP_OK) {
@ -71,7 +71,7 @@ the first parameter result must be able to hold at least 255 bytes!
void sasl_plain(char *result, char *login, char *pass) {
char *preplogin;
char *preppasswd;
int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
result = NULL;
@ -107,7 +107,7 @@ void sasl_cram_md5(char *result, char *pass, char *challenge) {
char opad[64];
unsigned char md5_raw[MD5_DIGEST_LENGTH];
MD5_CTX md5c;
int i, rc;
int32_t i, rc;
char *preppasswd;
if (challenge == NULL) {
@ -161,7 +161,7 @@ void sasl_cram_sha1(char *result, char *pass, char *challenge) {
char opad[64];
unsigned char sha1_raw[SHA_DIGEST_LENGTH];
SHA_CTX shac;
int i, rc;
int32_t i, rc;
char *preppasswd;
if (challenge == NULL) {
@ -215,7 +215,7 @@ void sasl_cram_sha256(char *result, char *pass, char *challenge) {
char opad[64];
unsigned char sha256_raw[SHA256_DIGEST_LENGTH];
SHA256_CTX sha256c;
int i, rc;
int32_t i, rc;
char *preppasswd;
if (challenge == NULL) {
@ -262,17 +262,17 @@ void sasl_cram_sha256(char *result, char *pass, char *challenge) {
RFC 2831: Using Digest Authentication as a SASL Mechanism
the parameter result must be able to hold at least 500 bytes!!
*/
void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int webport, char *header) {
void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header) {
char *pbuffer = NULL;
int array_size = 10;
int32_t array_size = 10;
unsigned char response[MD5_DIGEST_LENGTH];
char *array[array_size];
char buffer2[500], buffer3[500], nonce[200], realm[50], algo[20];
int i = 0, ind = 0, lastpos = 0, currentpos = 0, intq = 0, auth_find = 0;
int32_t i = 0, ind = 0, lastpos = 0, currentpos = 0, intq = 0, auth_find = 0;
MD5_CTX md5c;
char *preplogin;
char *preppasswd;
int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
memset(realm, 0, sizeof(realm));
if (rc) {
@ -286,7 +286,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
return;
}
//DEBUG S: nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess
//DEBUG S: nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess
//DEBUG S: nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int32_t,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess
//warning some not well configured xmpp server is sending no realm
//DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess
pbuffer = buffer;
@ -308,7 +308,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
currentpos = 0;
}
pbuffer++;
} while ((pbuffer[0] != '\0') && (pbuffer[0] > 31) && (ind < array_size));
} while ((pbuffer[0] > 31) && (ind < array_size));
//save the latest one
if (ind < array_size) {
array[ind] = malloc(currentpos + 1);
@ -321,7 +321,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
while ((array[i] != NULL) && (array[i][0] == ' ')) {
char *tmp = strdup(array[i]);
memset(array[i], 0, sizeof(array[i]));
//memset(array[i], 0, sizeof(array[i]));
strcpy(array[i], tmp + 1);
free(tmp);
}
@ -329,13 +329,13 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
//check if it contains double-quote
if (strstr(array[i], "\"") != NULL) {
//assume last char is also a double-quote
int nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1;
int32_t nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1;
if ((nonce_string_len > 0) && (nonce_string_len <= sizeof(nonce) - 1)) {
strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce=") + 1, nonce_string_len);
nonce[nonce_string_len] = '\0';
} else {
int j;
int32_t j;
for (j = 0; j < ind; j++)
if (array[j] != NULL)
@ -352,13 +352,13 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
if (strstr(array[i], "realm=") != NULL) {
if (strstr(array[i], "\"") != NULL) {
//assume last char is also a double-quote
int realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1;
int32_t realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1;
if ((realm_string_len > 0) && (realm_string_len <= sizeof(realm) - 1)) {
strncpy(realm, strstr(array[i], "realm=") + strlen("realm=") + 1, realm_string_len);
realm[realm_string_len] = '\0';
} else {
int i;
int32_t i;
for (i = 0; i < ind; i++)
if (array[i] != NULL)
@ -375,13 +375,13 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
if (strstr(array[i], "qop=") != NULL) {
/*
The value "auth" indicates authentication; the value "auth-int" indicates
The value "auth" indicates authentication; the value "auth-int32_t" indicates
authentication with integrity protection; the value "auth-conf"
indicates authentication with integrity protection and encryption.
*/
auth_find = 1;
if ((strstr(array[i], "\"auth\"") == NULL) && (strstr(array[i], "\"auth,") == NULL) && (strstr(array[i], ",auth\"") == NULL)) {
int j;
int32_t j;
for (j = 0; j < ind; j++)
if (array[j] != NULL)
@ -394,13 +394,13 @@ indicates authentication with integrity protection and encryption.
if (strstr(array[i], "algorithm=") != NULL) {
if (strstr(array[i], "\"") != NULL) {
//assume last char is also a double-quote
int algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1;
int32_t algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1;
if ((algo_string_len > 0) && (algo_string_len <= sizeof(algo) - 1)) {
strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm=") + 1, algo_string_len);
algo[algo_string_len] = '\0';
} else {
int j;
int32_t j;
for (j = 0; j < ind; j++)
if (array[j] != NULL)
@ -414,7 +414,7 @@ indicates authentication with integrity protection and encryption.
algo[sizeof(algo) - 1] = '\0';
}
if ((strstr(algo, "MD5") == NULL) && (strstr(algo, "md5") == NULL)) {
int j;
int32_t j;
for (j = 0; j < ind; j++)
if (array[j] != NULL)
@ -558,10 +558,10 @@ and my girlfriend that let me work on that 2 whole nights ;)
clientfirstmessagebare must be at least 500 bytes in size!
*/
void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage) {
int saltlen = 0;
int iter = 4096;
int32_t saltlen = 0;
int32_t iter = 4096;
char *salt, *nonce, *ic;
unsigned int resultlen = 0;
uint32_t resultlen = 0;
char clientfinalmessagewithoutproof[200];
char buffer[500];
unsigned char SaltedPassword[SHA_DIGEST_LENGTH];
@ -572,7 +572,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
char ClientProof[SHA_DIGEST_LENGTH];
unsigned char clientproof_b64[50];
char *preppasswd;
int rc = sasl_saslprep(pass, 0, &preppasswd);
int32_t rc = sasl_saslprep(pass, 0, &preppasswd);
if (rc) {
result = NULL;

6
sasl.h
View file

@ -32,10 +32,10 @@ typedef enum {
} sasl_saslprep_flags;
int print_hex(unsigned char *buf, int len);
int32_t print_hex(unsigned char *buf, int32_t len);
void sasl_plain(char *result, char *login, char *pass);
int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out);
int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out);
#ifdef LIBOPENSSL
#include <openssl/md5.h>
@ -45,6 +45,6 @@ int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out);
void sasl_cram_md5(char *result, char *pass, char *challenge);
void sasl_cram_sha1(char *result, char *pass, char *challenge);
void sasl_cram_sha256(char *result, char *pass, char *challenge);
void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int webport, char *header);
void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header);
void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage);
#endif

32
web/CHANGES
View file

@ -1,11 +1,37 @@
Changelog for hydra
-------------------
Release 8.4-dev
Release 8.6-dev
* ...
Release 8.5
* New command line option:
-b : format option for -o output file (json only so far, happy for patches supporting others :) ) - thanks to veggiespam for the patch
* ./configure now honors the CC enviroment variable if present
* Fix for the restore file crash on some x64 platforms (finally! thanks to lukas227!)
* Changed the format of the restore file to detect cross platform copies
* Fixed a bug in the NCP module
* Favor strrchr() over rindex()
* Added refactoring patch by diadlo
* Updated man page with missing command line options
Release 8.4
! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix
* Proxy support re-implemented:
- HYDRA_PROXY[_HTTP] environment can be a text file with up to 64 entries
- HYDRA_PROXY_AUTH was deprecated, set login/password in HTTP_PROXY[_HTTP]
* New command line option -y which disables -x 1aA interpretation, thanks to crondaemon for the patch
* New protocol: adam6500 - this one is work in progress, please test and report
* New protocol: rpcap - thanks to Petar Kaleychev <petar.kaleychev@gmail.com>
* New command line options:
-y : disables -x 1aA interpretation, thanks to crondaemon for the patch
-I : ignore an existing hydra.restore file (dont wait for 10 seconds)
* hydra-svn: works now with the current libsvn version
* hydra-ssh: initial check for password auth support now uses login supplied
* Fixed dpl4hydra to be able to update from the web again
* Fixed crash when -U was used without any service (thanks to thecarterb for reporting)
* Updated default password lists
* The protocols vnc, xmpp, telnet, imap, nntp and pcanywhere got accidentially long sleep commands due a patch in 8.2, fixed
* Added special error message for clueless users :)
@ -19,7 +45,7 @@ Release 8.3
Release 8.2
* Added RTSP module, thanks to jjavi89 for supplying!
* Added patch for ssh that fixes hyra stopping to connect, thanks to ShantonRU for the patch
* Added patch for ssh that fixes hydra stopping to connect, thanks to ShantonRU for the patch
* Added new -O option to hydra to support SSL servers that do not suport TLS
* Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames
* Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot!

79
web/README
View file

@ -1,7 +1,7 @@
H Y D R A
(c) 2001-2016 by van Hauser / THC
(c) 2001-2017 by van Hauser / THC
<vh@thc.org> http://www.thc.org
many modules were written by David (dot) Maciejak @ gmail (dot) com
BFG code by Jan Dlabal <dlabaljan@gmail.com>
@ -28,7 +28,7 @@ either support more than one protocol to attack or support parallized
connects.
It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris,
FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX.
FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS.
Currently this tool supports the following protocols:
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
@ -54,7 +54,7 @@ If you are interested in the current development state, the public development
repository is at Github:
svn co https://github.com/vanhauser-thc/thc-hydra
or
git clone https://github.com/vanhauser-thc/thc-hydra.git
git clone https://github.com/vanhauser-thc/thc-hydra
Use the development version at your own risk. It contains new features and
new bugs. Things might not work!
@ -91,9 +91,9 @@ and compile them manually.
SUPPORTED PLATFORMS
-------------------
All UNIX platforms (linux, *bsd, solaris, etc.)
Mac OS/X
MacOS
Windows with Cygwin (both IPv4 and IPv6)
Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
@ -287,6 +287,75 @@ ADDITIONAL HINTS
cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt
RESULTS OUTPUT
--------------
The results are output to stdio along with the other information. Via the -o
command line option, the results can also be written to a file. Using -b,
the format of the output can be specified. Currently, these are supported:
* `text` - plain text format
* `jsonv1` - JSON data using version 1.x of the schema (defined below).
* `json` - JSON data using the latest version of the schema, currently there
is only version 1.
If using JSON output, the results file may not be valid JSON if there are
serious errors in booting Hydra.
### JSON Schema
Here is an example of the JSON output. Notes on some of the fields:
* `errormessages` - an array of zero or more strings that are normally printed
to stderr at the end of the Hydra's run. The text is very free form.
* `success` - indication if Hydra ran correctly without error (**NOT** if
passwords were detected). This parameter is either the JSON value `true`
or `false` depending on completion.
* `quantityfound` - How many username+password combinations discovered.
* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00,
2.03, etc. Hydra will make second tuple of the version to always be two
digits to make it easier for downstream processors (as opposed to v1.1 vs
v1.10). The minor-level versions are additive, so 1.02 will contain more
fields than version 1.00 and will be backward compatible. Version 2.x will
break something from version 1.x output.
Version 1.00 example:
```
{
"errormessages": [
"[ERROR] Error Message of Something",
"[ERROR] Another Message",
"These are very free form"
],
"generator": {
"built": "2017-03-01 14:44:22",
"commandline": "hydra -b jsonv1 -o results.json ... ...",
"jsonoutputversion": "1.00",
"server": "127.0.0.1",
"service": "http-post-form",
"software": "Hydra",
"version": "v8.5"
},
"quantityfound": 2,
"results": [
{
"host": "127.0.0.1",
"login": "bill@example.com",
"password": "bill",
"port": 9999,
"service": "http-post-form"
},
{
"host": "127.0.0.1",
"login": "joe@example.com",
"password": "joe",
"port": 9999,
"service": "http-post-form"
}
],
"success": false
}
```
SPEED
-----

28
web/index.html
View file

@ -16,8 +16,8 @@
A very fast network logon cracker which support many different services.
See feature sets and services coverage <a href="network_password_cracker_comparison.html">page</a> - incl. a speed comparison against ncrack and medusa<br>
</h4><h3>
Current Version: 8.3
Last update 2016-08-11
Current Version: 8.5
Last update 2017-05-03
</h3>
</pre>
</td>
@ -27,21 +27,27 @@
[0x00] News and Changelog
<b> Check out the feature sets and services coverage <a href="network_password_cracker_comparison.html">page</a> - including a speed comparison against ncrack and medusa (yes, we win :-) )
Development just moved to a public github repository: <a href="https://github.com/vanhauser-thc/thc-hydra">https://github.com/vanhauser-thc/thc-hydra</a>
<b>
Check out the feature sets and services coverage <a href="network_password_cracker_comparison.html">page</a> - including a speed comparison against ncrack and medusa (yes, we win :-) )
Development code is available at a public github repository: <a href="https://github.com/vanhauser-thc/thc-hydra">https://github.com/vanhauser-thc/thc-hydra</a>
There is a new section below for online tutorials.
Read below for Linux compilation notes.
</b>
CHANGELOG for 8.3
CHANGELOG for 8.5
===================
! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
* Support for upcoming OpenSSL 1.1 added. needs testing.
* Fixed hydra redo bug (issue #113)
* Updated xhydra for new hydra features and options
* Some more command line error checking
* Ensured unneeded sockets are closed
! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix
* New command line option:
-b : format option for -o output file (json only so far, happy for patches supporting others :) ) - thanks to veggiespam for the patch
* ./configure now honors the CC enviroment variable if present
* Fix for the restore file crash on some x64 platforms (finally! thanks to lukas227!)
* Changed the format of the restore file to detect cross platform copies
* Fixed a bug in the NCP module
* Favor strrchr() over rindex()
* Added refactoring patch by diadlo
* Updated man page with missing command line options
You can also take a look at the full <a href="CHANGES">CHANGES</a> file
@ -126,7 +132,7 @@
[0x05] The Art of Downloading: Source and Binaries
1. PRODUCTION/RELEASE VERSION:
The source code of state-of-the-art Hydra: <a href="http://www.thc.org/releases/hydra-8.3.tar.gz">hydra-8.3.tar.gz</a>
The source code of state-of-the-art Hydra: <a href="http://www.thc.org/releases/hydra-8.5.tar.gz">hydra-8.5.tar.gz</a>
(compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, Android, iPhone, Blackberry 10, etc.)
2. DEVELOPMENT VERSION:

20
web/network_password_cracker_comparison.html
View file

@ -62,13 +62,13 @@ features are added to the project. If you find any inaccuracies
</td></tr>
<tr>
<td style="background-color: rgb(236, 236, 236); border: 1px solid rgb(204, 204, 204); padding: 2px 4px; font-weight: bold;"> Version
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;"> 8.3
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;"> 8.5
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;"> 2.1
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;"> 0.4 alpha
</td></tr>
<tr>
<td style="background-color: rgb(236, 236, 236); border: 1px solid rgb(204, 204, 204); padding: 2px 4px; font-weight: bold;"> Last Update
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;"> August 2016
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;"> May 2017
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;"> April 2012
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;"> April 2011
</td></tr>
@ -160,6 +160,14 @@ contact us as the service depends on RFC implementations, some adjustements may
</td><td style="padding: 2px 4px; background-color: rgb(236, 236, 236); border: 1px solid rgb(204, 204, 204); text-align: center; font-weight: bold;"> Ncrack
</td></tr>
<tr style="border-top: 2px solid rgb(204, 204, 204);">
<td style="background-color: rgb(236, 236, 236); border: 1px solid rgb(204, 204, 204); padding: 2px 4px; font-weight: bold;"> ADAM-6500
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;">
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;"><img alt="Yes" src="Tick.png" border="0" height="17" width="20">
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;"><img alt="No" src="Cross.png" border="0" height="17" width="20">
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;"><img alt="No" src="Cross.png" border="0" height="18" width="22">
</td></tr>
<tr style="border-top: 2px solid rgb(204, 204, 204);">
<td style="background-color: rgb(236, 236, 236); border: 1px solid rgb(204, 204, 204); padding: 2px 4px; font-weight: bold;"><a title="Apple Filing Protocol">AFP</a>
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;">
@ -564,6 +572,14 @@ contact us as the service depends on RFC implementations, some adjustements may
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;"><img alt="No" src="Cross.png" border="0" height="18" width="22">
</td></tr>
<tr style="border-top: 2px solid rgb(204, 204, 204);">
<td style="background-color: rgb(236, 236, 236); border: 1px solid rgb(204, 204, 204); padding: 2px 4px; font-weight: bold;"> RPCAP
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;">
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;"><img alt="Yes" src="Tick.png" border="0" height="17" width="20">
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;"><img alt="No" src="Cross.png" border="0" height="17" width="20">
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;"><img alt="No" src="Cross.png" border="0" height="18" width="22">
</td></tr>
<tr style="border-top: 2px solid rgb(204, 204, 204);">
<td style="background-color: rgb(236, 236, 236); border: 1px solid rgb(204, 204, 204); padding: 2px 4px; font-weight: bold;"> RSH
</td><td style="border: 1px solid rgb(204, 204, 204); padding: 2px 4px; text-align: center;">

4
xhydra.1
View file

@ -4,11 +4,11 @@ xhydra \- Gtk+2 frontend for thc-hydra
.SH SYNOPSIS
Execute xhydra in a terminal to start the application.
.SH DESCRIPTION
Hydra is a parallized login cracker which supports numerous protocols
Hydra is a parallelized login cracker which supports numerous protocols
to attack. New modules are easy to add, beside that, it is flexible and
very fast.
This tool gives researchers and security consultants the possiblity to
This tool gives researchers and security consultants the possibility to
show how easy it would be to gain unauthorized access from remote to a
system.