From cffaa421a73c90a83ba820636ab41d2ab1d50427 Mon Sep 17 00:00:00 2001 From: owein Date: Mon, 21 Oct 2019 20:11:38 +0200 Subject: [PATCH] fixed http-post --- hydra-http-form.c | 6 +++--- hydra.c | 22 ++++++++++++++++++---- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 5fa0fff..bafbb10 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1329,9 +1329,9 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { // by default condition is a fail success_cond = 0; } - - printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); - + + fprintf(stderr, "miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + /* * Parse the user-supplied options. * Beware of the backslashes (\)! diff --git a/hydra.c b/hydra.c index 78f77e8..3ccdf19 100644 --- a/hydra.c +++ b/hydra.c @@ -502,9 +502,8 @@ void help(int32_t ext) { "passwords from FILE\n"); PRINT_EXTEND(ext, #ifdef HAVE_MATH_H - " -x MIN:MAX:CHARSET password bruteforce generation, type " - "\"-x -h\" to get help\n" - " -y disable use of symbols in bruteforce, see above\n" + " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" + " -y disable use of symbols in bruteforce, see above\n" #endif " -e nsr try \"n\" null password, \"s\" login as pass " "and/or \"r\" reversed login\n" @@ -591,6 +590,7 @@ void help_bfg() { "others,\n" " just add their real representation.\n" " -y disable the use of the above letters as placeholders\n\n" + " -r use 'rain' to explode the linearity of the generation. "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all " "lowercase letters\n" @@ -3178,7 +3178,6 @@ int main(int argc, char *argv[]) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } - if (strstr(hydra_options.miscptr, "\\:") != NULL) { fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module " "option, no parameter verification is performed.\n"); @@ -3207,8 +3206,13 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); exit(-1); } +<<<<<<< HEAD switch (optional1[0]) { case 'C': // fall through +======= + switch (optional1[0]){ + case 'C': // fall through +>>>>>>> 6dfd77a (fixed http-post) case 'c': if (optional1[1] != '=' || optional1[2] != '/') { fprintf(stderr, @@ -3344,6 +3348,16 @@ int main(int argc, char *argv[]) { hydra_options.max_use = MAXTASKS; } // script kiddie patch + if (hydra_options.server != NULL && ( + hydra_strcasestr(hydra_options.server, ".outlook.com") != NULL || + hydra_strcasestr(hydra_options.server, ".hotmail.com") != NULL || + hydra_strcasestr(hydra_options.server, ".yahoo.") != NULL || + hydra_strcasestr(hydra_options.server, ".gmx.") != NULL || + hydra_strcasestr(hydra_options.server, ".web.de") != NULL || + hydra_strcasestr(hydra_options.server, ".gmail.") != NULL || + hydra_strcasestr(hydra_options.server, "googlemail.") != NULL + )) { + fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?!\n"); fprintf(stderr, "[WARNING] !read the above!\n"); sleep(5); }