github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-19 13:01:00 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Bugfix for issue 121 -- increased URL/POST/cookie data size to 6096 bytes from 1000 bytes.

Browse source
This commit is contained in:
petrock6 2017-05-20 02:58:47 -05:00
commit df5ec9ea30
3 changed files with 22 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

25
hydra-http-form.c
View file

@ -84,7 +84,7 @@ char cookie[4096] = "", cmiscptr[1024];
extern char *webtarget; extern char *webtarget;
extern char *slash; extern char *slash;
int webport, freemischttpform = 0; int webport, freemischttpform = 0;
char bufferurl[1024], cookieurl[1024] = "", userheader[1024] = "", *url, *variables, *optional1; char bufferurl[6096+24], cookieurl[6096+24] = "", userheader[6096+24] = "", *url, *variables, *optional1;
#define MAX_REDIRECT 8 #define MAX_REDIRECT 8
#define MAX_CONTENT_LENGTH 20 #define MAX_CONTENT_LENGTH 20
@ -678,8 +678,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables));
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", content_length); hdrrepv(&ptr_head, "Content-Length", content_length);
else else
add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
cookie_header = stringify_cookies(ptr_cookie); cookie_header = stringify_cookies(ptr_cookie);
@ -1056,7 +1056,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
else else
webport = PORT_HTTP_SSL; webport = PORT_HTTP_SSL;
sprintf(bufferurl, "%.1000s", miscptr); sprintf(bufferurl, "%.6096s", miscptr);
url = bufferurl; url = bufferurl;
ptr = url; ptr = url;
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
@ -1162,14 +1162,15 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
case 'H': case 'H':
// add a new header, or replace an existing one's value // add a new header, or replace an existing one's value
ptr = optional1 + 2; ptr = optional1 + 2;
while (*ptr != 0 && *ptr != ':') while (*ptr != 0 && *ptr != ':') ptr++;
ptr++;
if (*(ptr - 1) == '\\') if (*(ptr - 1) == '\\')
*(ptr - 1) = 0; *(ptr - 1) = 0;
if (*ptr != 0){
*ptr = 0; if (*ptr != 0) {
ptr += 2; *ptr = 0;
} ptr += 2;
}
ptr2 = ptr; ptr2 = ptr;
while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\'))
ptr2++; ptr2++;

9
hydra-mod.c
View file

@ -1040,8 +1040,13 @@ int make_to_lower(char *buf) {
char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { char *hydra_strrep(char *string, char *oldpiece, char *newpiece) {
int str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len; int str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len;
char *c, oldstring[1024], newstring[1024]; char *c, oldstring[6096], newstring[6096]; //updated due to issue 192 on github.
static char finalstring[1024]; static char finalstring[6096];
if(strlen(string) > 6096) {
hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6096 characters.\n");
exit(-1);
}
if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1
|| (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece))) || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece)))

4
hydra.c
View file

@ -3249,7 +3249,7 @@ int main(int argc, char *argv[]) {
if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0
|| strcmp(hydra_options.service, "https-post-form") == 0) { || strcmp(hydra_options.service, "https-post-form") == 0) {
char bufferurl[1024], *url, *variables, *cond, *optional1; char bufferurl[6096+24], *url, *variables, *cond, *optional1; //6096 comes from issue 192 on github. Extra 24 bytes for null padding.
if (strncmp(hydra_options.service, "http-", 5) == 0) { if (strncmp(hydra_options.service, "http-", 5) == 0) {
i = 1; i = 1;
@ -3284,7 +3284,7 @@ int main(int argc, char *argv[]) {
if (strstr(hydra_options.miscptr, "\\:") != NULL) { if (strstr(hydra_options.miscptr, "\\:") != NULL) {
fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n"); fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n");
} else { } else {
sprintf(bufferurl, "%.1000s", hydra_options.miscptr); sprintf(bufferurl, "%.6096s", hydra_options.miscptr);
url = strtok(bufferurl, ":"); url = strtok(bufferurl, ":");
variables = strtok(NULL, ":"); variables = strtok(NULL, ":");
cond = strtok(NULL, ":"); cond = strtok(NULL, ":");