github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-21 22:03:46 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixed http-post

Browse source
This commit is contained in:
owein 2019-10-21 20:11:38 +02:00 committed by yvain douard
commit cffaa421a7
2 changed files with 21 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hydra-http-form.c
View file

@ -1330,7 +1330,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
success_cond = 0;
}
printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond);
fprintf(stderr, "miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond);
/*
* Parse the user-supplied options.

22
hydra.c
View file

@ -502,9 +502,8 @@ void help(int32_t ext) {
"passwords from FILE\n");
PRINT_EXTEND(ext,
#ifdef HAVE_MATH_H
" -x MIN:MAX:CHARSET password bruteforce generation, type "
"\"-x -h\" to get help\n"
" -y disable use of symbols in bruteforce, see above\n"
" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n"
" -y disable use of symbols in bruteforce, see above\n"
#endif
" -e nsr try \"n\" null password, \"s\" login as pass "
"and/or \"r\" reversed login\n"
@ -591,6 +590,7 @@ void help_bfg() {
"others,\n"
" just add their real representation.\n"
" -y disable the use of the above letters as placeholders\n\n"
" -r use 'rain' to explode the linearity of the generation.
"Examples:\n"
" -x 3:5:a generate passwords from length 3 to 5 with all "
"lowercase letters\n"
@ -3178,7 +3178,6 @@ int main(int argc, char *argv[]) {
printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP"));
use_proxy = 1;
}
if (strstr(hydra_options.miscptr, "\\:") != NULL) {
fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module "
"option, no parameter verification is performed.\n");
@ -3207,8 +3206,13 @@ int main(int argc, char *argv[]) {
fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1);
exit(-1);
}
<<<<<<< HEAD
switch (optional1[0]) {
case 'C': // fall through
=======
switch (optional1[0]){
case 'C': // fall through
>>>>>>> 6dfd77a (fixed http-post)
case 'c':
if (optional1[1] != '=' || optional1[2] != '/') {
fprintf(stderr,
@ -3344,6 +3348,16 @@ int main(int argc, char *argv[]) {
hydra_options.max_use = MAXTASKS;
}
// script kiddie patch
if (hydra_options.server != NULL && (
hydra_strcasestr(hydra_options.server, ".outlook.com") != NULL ||
hydra_strcasestr(hydra_options.server, ".hotmail.com") != NULL ||
hydra_strcasestr(hydra_options.server, ".yahoo.") != NULL ||
hydra_strcasestr(hydra_options.server, ".gmx.") != NULL ||
hydra_strcasestr(hydra_options.server, ".web.de") != NULL ||
hydra_strcasestr(hydra_options.server, ".gmail.") != NULL ||
hydra_strcasestr(hydra_options.server, "googlemail.") != NULL
)) {
fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?!\n");
fprintf(stderr, "[WARNING] !read the above!\n");
sleep(5);
}