github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-06 04:51:40 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

pre-8.0 fixes

Browse source
This commit is contained in:
vanhauser-thc 2014-04-28 11:04:38 +02:00
parent 76c6145106
commit ebbd664e07
18 changed files with 199 additions and 129 deletions
Download patch file Download diff file Expand all files Collapse all files

10
hydra-afp.c
View file

@ -44,7 +44,7 @@ static int server_subconnect(struct afp_url url) {
struct afp_server *server = NULL; struct afp_server *server = NULL;
conn_req = malloc(sizeof(struct afp_connection_request)); conn_req = malloc(sizeof(struct afp_connection_request));
server = malloc(sizeof(struct afp_server)); // server = malloc(sizeof(struct afp_server));
memset(conn_req, 0, sizeof(struct afp_connection_request)); memset(conn_req, 0, sizeof(struct afp_connection_request));
@ -97,10 +97,10 @@ int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, F
strncpy(tmpurl.servername, hydra_address2string(ip), AFP_SERVER_NAME_LEN - 1); strncpy(tmpurl.servername, hydra_address2string(ip), AFP_SERVER_NAME_LEN - 1);
tmpurl.servername[AFP_SERVER_NAME_LEN] = 0; tmpurl.servername[AFP_SERVER_NAME_LEN] = 0;
strncpy(mlogin, login, AFP_MAX_USERNAME_LEN); strncpy(mlogin, login, AFP_MAX_USERNAME_LEN - 1);
mlogin[AFP_MAX_USERNAME_LEN] = 0; mlogin[AFP_MAX_USERNAME_LEN - 1] = 0;
strncpy(mpass, pass, AFP_MAX_PASSWORD_LEN); strncpy(mpass, pass, AFP_MAX_PASSWORD_LEN - 1);
mpass[AFP_MAX_PASSWORD_LEN] = 0; mpass[AFP_MAX_PASSWORD_LEN - 1] = 0;
memcpy(&tmpurl.username, mlogin, AFP_MAX_USERNAME_LEN); memcpy(&tmpurl.username, mlogin, AFP_MAX_USERNAME_LEN);
memcpy(&tmpurl.password, mpass, AFP_MAX_PASSWORD_LEN); memcpy(&tmpurl.password, mpass, AFP_MAX_PASSWORD_LEN);

2
hydra-cisco-enable.c
View file

@ -120,6 +120,8 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
} }
} }
if (buf != NULL)
free(buf);
buf = hydra_receive_line(sock); buf = hydra_receive_line(sock);
if (hydra_strcasestr(buf, "ress ENTER") != NULL) { if (hydra_strcasestr(buf, "ress ENTER") != NULL) {
hydra_send(sock, "\r\n", 2, 0); hydra_send(sock, "\r\n", 2, 0);

3
hydra-cisco.c
View file

@ -58,6 +58,7 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr,
if (buf != NULL && strstr(buf, "assw") != NULL) { if (buf != NULL && strstr(buf, "assw") != NULL) {
hydra_completed_pair(); hydra_completed_pair();
free(buf); free(buf);
buf = NULL;
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3; return 3;
if (strlen(pass = hydra_get_next_password()) == 0) if (strlen(pass = hydra_get_next_password()) == 0)
@ -73,6 +74,8 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1; return 1;
} }
do { do {
if (buf != NULL)
free(buf);
buf = hydra_receive_line(s); buf = hydra_receive_line(s);
if (buf != NULL) { if (buf != NULL) {
if (buf[strlen(buf) - 1] == '\n') if (buf[strlen(buf) - 1] == '\n')

4
hydra-http-form.c
View file

@ -399,8 +399,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
str3[strlen(str) - strlen(str2) - 1] = 0; str3[strlen(str) - strlen(str2) - 1] = 0;
} }
} else { } else {
strncpy(str2, webtarget, sizeof(str2)); strncpy(str2, webtarget, sizeof(str2) - 1);
str2[sizeof(str2)] = 0; str2[sizeof(str2) - 1] = 0;
if (redirected_url_buff[0] != '/') { if (redirected_url_buff[0] != '/') {
//it's a relative path, so we have to concatenate it //it's a relative path, so we have to concatenate it
//with the path from the first url given //with the path from the first url given

1
hydra-http-proxy-urlenum.c
View file

@ -176,6 +176,7 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c
if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0) if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0)
return 1; return 1;
free(buf);
buf = hydra_receive_line(s); buf = hydra_receive_line(s);
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
free(buf); free(buf);

141
hydra-http-proxy.c
View file

@ -2,8 +2,8 @@
#include "sasl.h" #include "sasl.h"
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf;
static int http_proxy_auth_mechanism = AUTH_ERROR; static int http_proxy_auth_mechanism = AUTH_ERROR;
char *http_proxy_buf = NULL;
int start_http_proxy(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int start_http_proxy(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = ""; char *empty = "";
@ -31,21 +31,42 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
strcat(host, "\r\n"); strcat(host, "\r\n");
} }
if (http_proxy_auth_mechanism == AUTH_ERROR) { if (http_proxy_auth_mechanism != AUTH_BASIC && (http_proxy_auth_mechanism == AUTH_ERROR || http_proxy_buf == NULL)) {
//send dummy request //send dummy request
sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, header); sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, header);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1; return 3;
//receive first 40x //receive first 40x
buf = hydra_receive_line(s); http_proxy_buf = hydra_receive_line(s);
while (buf != NULL && strstr(buf, "HTTP/") == NULL) { while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/") == NULL) {
free(buf); free(http_proxy_buf);
buf = hydra_receive_line(s); http_proxy_buf = hydra_receive_line(s);
}
if (http_proxy_buf == NULL) {
if (verbose)
hydra_report(stderr, "[ERROR] Server did not answer\n");
return 3;
} }
if (debug) if (debug)
hydra_report(stderr, "S:%s\n", buf); hydra_report(stderr, "S:%s\n", http_proxy_buf);
http_proxy_buf = hydra_receive_line(s);
while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) {
free(http_proxy_buf);
http_proxy_buf = hydra_receive_line(s);
}
if (http_proxy_buf == NULL) {
if (verbose)
hydra_report(stderr, "[ERROR] Proxy seems not to require authentication\n");
return 3;
}
if (debug)
hydra_report(stderr, "S:%s\n", http_proxy_buf);
//after the first query we should have been disconnected from web server //after the first query we should have been disconnected from web server
s = hydra_disconnect(s); s = hydra_disconnect(s);
@ -56,7 +77,7 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
} }
} }
if (hydra_strcasestr(buf, "Proxy-Authenticate: Basic") != NULL) { if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Basic") != NULL) {
http_proxy_auth_mechanism = AUTH_BASIC; http_proxy_auth_mechanism = AUTH_BASIC;
sprintf(buffer2, "%.50s:%.50s", login, pass); sprintf(buffer2, "%.50s:%.50s", login, pass);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
@ -64,25 +85,26 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
if (debug) if (debug)
hydra_report(stderr, "C:%s\n", buffer); hydra_report(stderr, "C:%s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1; return 3;
buf = hydra_receive_line(s); free(http_proxy_buf);
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { http_proxy_buf = hydra_receive_line(s);
free(buf); while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) {
buf = hydra_receive_line(s); free(http_proxy_buf);
http_proxy_buf = hydra_receive_line(s);
} }
//if server cut the connection, just exit cleanly or //if server cut the connection, just exit cleanly or
//this will be an infinite loop //this will be an infinite loop
if (buf == NULL) { if (http_proxy_buf == NULL) {
if (verbose) if (verbose)
hydra_report(stderr, "[ERROR] Server did not answer\n"); hydra_report(stderr, "[ERROR] Server did not answer\n");
return 3; return 3;
} }
if (debug) if (debug)
hydra_report(stderr, "S:%s\n", buf); hydra_report(stderr, "S:%s\n", http_proxy_buf);
} else { } else {
if (hydra_strcasestr(buf, "Proxy-Authenticate: NTLM") != NULL) { if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM") != NULL) {
unsigned char buf1[4096]; unsigned char buf1[4096];
unsigned char buf2[4096]; unsigned char buf2[4096];
@ -98,13 +120,14 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
//send the first.. //send the first..
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1; return 3;
//receive challenge //receive challenge
buf = hydra_receive_line(s); free(http_proxy_buf);
while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) { http_proxy_buf = hydra_receive_line(s);
free(buf); while (http_proxy_buf != NULL && (pos = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM ")) == NULL) {
buf = hydra_receive_line(s); free(http_proxy_buf);
http_proxy_buf = hydra_receive_line(s);
} }
if (pos != NULL) { if (pos != NULL) {
char *str; char *str;
@ -118,9 +141,11 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
} }
} }
//recover challenge //recover challenge
if (buf != NULL && strlen(buf) >= 4) { if (http_proxy_buf != NULL && strlen(http_proxy_buf) >= 4) {
from64tobits((char *) buf1, pos); from64tobits((char *) buf1, pos);
free(buf); free(http_proxy_buf);
http_proxy_buf = NULL;
return 3;
} }
//Send response //Send response
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
@ -129,24 +154,26 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
if (debug) if (debug)
hydra_report(stderr, "C:%s\n", buffer); hydra_report(stderr, "C:%s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
return 1; return 3;
buf = hydra_receive_line(s); if (http_proxy_buf != NULL)
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { free(http_proxy_buf);
free(buf); http_proxy_buf = hydra_receive_line(s);
buf = hydra_receive_line(s); while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) {
free(http_proxy_buf);
http_proxy_buf = hydra_receive_line(s);
} }
if (buf == NULL) if (http_proxy_buf == NULL)
return 1; return 3;
} else { } else {
#ifdef LIBOPENSSL #ifdef LIBOPENSSL
if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) { if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) {
char *pbuffer; char *pbuffer;
http_proxy_auth_mechanism = AUTH_DIGESTMD5; http_proxy_auth_mechanism = AUTH_DIGESTMD5;
pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest "); pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest ");
strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer));
buffer[sizeof(buffer) - 1] = '\0'; buffer[sizeof(buffer) - 1] = '\0';
pbuffer = NULL; pbuffer = NULL;
@ -159,26 +186,29 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
if (debug) if (debug)
hydra_report(stderr, "C:%s\n", buffer2); hydra_report(stderr, "C:%s\n", buffer2);
if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0) if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0)
return 1; return 3;
buf = hydra_receive_line(s); free(http_proxy_buf);
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { http_proxy_buf = hydra_receive_line(s);
free(buf); while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) {
buf = hydra_receive_line(s); free(http_proxy_buf);
http_proxy_buf = hydra_receive_line(s);
} }
if (debug && buf != NULL) if (debug && http_proxy_buf != NULL)
hydra_report(stderr, "S:%s\n", buf); hydra_report(stderr, "S:%s\n", http_proxy_buf);
if (buf == NULL) if (http_proxy_buf == NULL)
return 1; return 3;
} else } else
#endif #endif
{ {
if (buf != NULL) { if (http_proxy_buf != NULL) {
buf[strlen(buf) - 1] = '\0'; // buf[strlen(http_proxy_buf) - 1] = '\0';
hydra_report(stderr, "Unsupported Auth type:\n%s\n", buf); hydra_report(stderr, "Unsupported Auth type:\n%s\n", http_proxy_buf);
free(http_proxy_buf);
http_proxy_buf = NULL;
} else { } else {
hydra_report(stderr, "Unsupported Auth type\n"); hydra_report(stderr, "Unsupported Auth type\n");
} }
@ -187,23 +217,32 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
} }
} }
ptr = ((char *) index(buf, ' ')) + 1; ptr = ((char *) index(http_proxy_buf, ' ')) + 1;
if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) { if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) {
hydra_report_found_host(port, ip, "http-proxy", fp); hydra_report_found_host(port, ip, "http-proxy", fp);
hydra_completed_pair_found(); hydra_completed_pair_found();
free(http_proxy_buf);
http_proxy_buf = NULL;
} else { } else {
if (*ptr != '4') if (*ptr != '4')
hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(buf, ' ') + 1), login, pass); hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(http_proxy_buf, ' ') + 1), login, pass);
else if (verbose && *(ptr + 2) == '3') else if (verbose && *(ptr + 2) == '3')
hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass); hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass);
hydra_completed_pair(); hydra_completed_pair();
free(http_proxy_buf);
http_proxy_buf = hydra_receive_line(s);
while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) {
free(http_proxy_buf);
http_proxy_buf = hydra_receive_line(s);
}
} }
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3; return 3;
return 1; if (http_proxy_buf != NULL)
return 2;
else
return 1;
} }
void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
@ -219,6 +258,8 @@ void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr,
switch (run) { switch (run) {
case 1: /* connect and service init function */ case 1: /* connect and service init function */
{ {
if (http_proxy_buf != NULL)
free(http_proxy_buf);
if (sock >= 0) if (sock >= 0)
sock = hydra_disconnect(sock); sock = hydra_disconnect(sock);
// usleep(275000); // usleep(275000);

65
hydra-http.c
View file

@ -4,6 +4,7 @@
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *webtarget = NULL; char *webtarget = NULL;
char *slash = "/"; char *slash = "/";
char *http_buf = NULL;
int webport, freemischttp = 0; int webport, freemischttp = 0;
int http_auth_mechanism = AUTH_BASIC; int http_auth_mechanism = AUTH_BASIC;
@ -12,7 +13,7 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
char *empty = ""; char *empty = "";
char *login, *pass, buffer[500], buffer2[500]; char *login, *pass, buffer[500], buffer2[500];
char *header = ""; /* XXX TODO */ char *header = ""; /* XXX TODO */
char *ptr, *fooptr, *buf; char *ptr, *fooptr;
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
@ -20,7 +21,7 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
pass = empty; pass = empty;
// we must reset this if buf is NULL and we do MD5 digest // we must reset this if buf is NULL and we do MD5 digest
if (buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5) if (http_buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5)
http_auth_mechanism = AUTH_BASIC; http_auth_mechanism = AUTH_BASIC;
switch (http_auth_mechanism) { switch (http_auth_mechanism) {
@ -47,7 +48,7 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
case AUTH_DIGESTMD5:{ case AUTH_DIGESTMD5:{
char *pbuffer; char *pbuffer;
pbuffer = hydra_strcasestr(buf, "WWW-Authenticate: Digest "); pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest ");
strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer)); strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer));
buffer[sizeof(buffer) - 1] = '\0'; buffer[sizeof(buffer) - 1] = '\0';
@ -93,15 +94,15 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1; return 1;
//receive challenge //receive challenge
if (buf != NULL) if (http_buf != NULL)
free(buf); free(http_buf);
buf = hydra_receive_line(s); http_buf = hydra_receive_line(s);
while (buf != NULL && (pos = hydra_strcasestr(buf, "WWW-Authenticate: NTLM ")) == NULL) { while (http_buf != NULL && (pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM ")) == NULL) {
free(buf); free(http_buf);
buf = hydra_receive_line(s); http_buf = hydra_receive_line(s);
} }
if (buf == NULL) if (http_buf == NULL)
return 1; return 1;
if (pos != NULL) { if (pos != NULL) {
@ -117,8 +118,8 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
} }
//recover challenge //recover challenge
from64tobits((char *) buf1, pos); from64tobits((char *) buf1, pos);
free(buf); free(http_buf);
buf = NULL; http_buf = NULL;
//Send response //Send response
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
@ -148,63 +149,63 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1; return 1;
} }
if (buf != NULL) if (http_buf != NULL)
free(buf); free(http_buf);
buf = hydra_receive_line(s); http_buf = hydra_receive_line(s);
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { while (http_buf != NULL && strstr(http_buf, "HTTP/1.") == NULL) {
free(buf); free(http_buf);
buf = hydra_receive_line(s); http_buf = hydra_receive_line(s);
} }
//if server cut the connection, just exit cleanly or //if server cut the connection, just exit cleanly or
//this will be an infinite loop //this will be an infinite loop
if (buf == NULL) { if (http_buf == NULL) {
if (verbose) if (verbose)
hydra_report(stderr, "[ERROR] Server did not answer\n"); hydra_report(stderr, "[ERROR] Server did not answer\n");
return 3; return 3;
} }
if (debug) if (debug)
hydra_report(stderr, "S:%s\n", buf); hydra_report(stderr, "S:%s\n", http_buf);
ptr = ((char *) index(buf, ' ')) + 1; ptr = ((char *) index(http_buf, ' ')) + 1;
if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) {
hydra_report_found_host(port, ip, "www", fp); hydra_report_found_host(port, ip, "www", fp);
hydra_completed_pair_found(); hydra_completed_pair_found();
if (buf != NULL) { if (http_buf != NULL) {
free(buf); free(http_buf);
buf = NULL; http_buf = NULL;
} }
} else { } else {
if (ptr != NULL && *ptr != '4') if (ptr != NULL && *ptr != '4')
fprintf(stderr, "[WARNING] Unusual return code: %c for %s:%s\n", (char) *(index(buf, ' ') + 1), login, pass); fprintf(stderr, "[WARNING] Unusual return code: %c for %s:%s\n", (char) *(index(http_buf, ' ') + 1), login, pass);
//the first authentication type failed, check the type from server header //the first authentication type failed, check the type from server header
if ((hydra_strcasestr(buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) { if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) {
//seems the auth supported is not Basic shceme so testing further //seems the auth supported is not Basic shceme so testing further
int find_auth = 0; int find_auth = 0;
if (hydra_strcasestr(buf, "WWW-Authenticate: NTLM") != NULL) { if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) {
http_auth_mechanism = AUTH_NTLM; http_auth_mechanism = AUTH_NTLM;
find_auth = 1; find_auth = 1;
} }
#ifdef LIBOPENSSL #ifdef LIBOPENSSL
if (hydra_strcasestr(buf, "WWW-Authenticate: Digest") != NULL) { if (hydra_strcasestr(http_buf, "WWW-Authenticate: Digest") != NULL) {
http_auth_mechanism = AUTH_DIGESTMD5; http_auth_mechanism = AUTH_DIGESTMD5;
find_auth = 1; find_auth = 1;
} }
#endif #endif
if (find_auth) { if (find_auth) {
// free(buf); // free(http_buf);
// buf = NULL; // http_buf = NULL;
return 1; return 1;
} }
} }
hydra_completed_pair(); hydra_completed_pair();
} }
// free(buf); // free(http_buf);
// buf = NULL; // http_buf = NULL;
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3; return 3;
return 1; return 1;

4
hydra-irc.c
View file

@ -144,7 +144,9 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE *
hydra_child_exit(1); hydra_child_exit(1);
} }
ret = hydra_recv(sock, buffer, sizeof(buffer)); buffer[0] = 0;
if ((ret = hydra_recv(sock, buffer, sizeof(buffer))) >= 0)
buffer[ret] = 0;
/* ERROR :Bad password */ /* ERROR :Bad password */
#ifdef HAVE_PCRE #ifdef HAVE_PCRE

28
hydra-mysql.c
View file

@ -39,9 +39,9 @@ char mysqlsalt[9];
/* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */ /* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */
char *hydra_mysql_receive_line(int socket) { char *hydra_mysql_receive_line(int socket) {
char buf[300], *buff, *buff2; char buf[300], *buff, *buff2;
int i = 0, j = 0; int i = 0, j = 0, buff_size = 300;
buff = malloc(sizeof(buf)); buff = malloc(buff_size);
if (buff == NULL) if (buff == NULL)
return NULL; return NULL;
memset(buff, 0, sizeof(buf)); memset(buff, 0, sizeof(buf));
@ -63,13 +63,17 @@ char *hydra_mysql_receive_line(int socket) {
j = 1; j = 1;
while (hydra_data_ready(socket) > 0 && j > 0) { while (hydra_data_ready(socket) > 0 && j > 0) {
j = internal__hydra_recv(socket, buf, sizeof(buf)); j = internal__hydra_recv(socket, buf, sizeof(buf));
if (j > 65535 || i + j > 65535 || (buff2 = realloc(buff, i + j)) == NULL) { if (j > 0) {
free(buff); if (i + j > buff_size || (buff2 = realloc(buff, i + j)) == NULL) {
return NULL; free(buff);
} else return NULL;
buff = buff2; } else {
memcpy(buff + i, &buf, j); buff = buff2;
i = i + j; buff_size = i + j;
}
memcpy(buff + i, &buf, j);
i += j;
}
} }
if (debug) if (debug)
@ -177,13 +181,13 @@ int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscp
pass = hydra_get_next_password(); pass = hydra_get_next_password();
if (miscptr) if (miscptr)
strncpy(database, miscptr, sizeof(database)); strncpy(database, miscptr, sizeof(database) - 1);
else { else {
strncpy(database, DEFAULT_DB, sizeof(database)); strncpy(database, DEFAULT_DB, sizeof(database) - 1);
if (verbose) if (verbose)
hydra_report(stderr, "[VERBOSE] using default db 'mysql'\n"); hydra_report(stderr, "[VERBOSE] using default db 'mysql'\n");
} }
database[sizeof(database)] = 0; database[sizeof(database) - 1] = 0;
/* read server greeting */ /* read server greeting */
res = hydra_mysql_init(sock); res = hydra_mysql_init(sock);

9
hydra-pcanywhere.c
View file

@ -62,8 +62,8 @@ void pca_encrypt(char *cleartxt) {
char passwd[128]; char passwd[128];
int i; int i;
strncpy(passwd, cleartxt, sizeof(passwd)); strncpy(passwd, cleartxt, sizeof(passwd) - 1);
passwd[sizeof(passwd)] = 0; passwd[sizeof(passwd) - 1] = 0;
if (strlen(cleartxt) > 0) { if (strlen(cleartxt) > 0) {
passwd[0] = (passwd[0] ^ 0xab); passwd[0] = (passwd[0] ^ 0xab);
for (i = 1; i < strlen(passwd); i++) for (i = 1; i < strlen(passwd); i++)
@ -192,9 +192,10 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis
} }
ret = hydra_recv(s, buffer, sizeof(buffer)); ret = hydra_recv(s, buffer, sizeof(buffer));
if (ret == -1) { if (ret < 0)
return 1; return 1;
} else
buffer[ret] = 0;
clean_buffer(buffer, ret); clean_buffer(buffer, ret);
/*show_buffer(buffer,ret); */ /*show_buffer(buffer,ret); */

6
hydra-postgres.c
View file

@ -29,10 +29,10 @@ int start_postgres(int s, char *ip, int port, unsigned char options, char *miscp
PGconn *pgconn; PGconn *pgconn;
if (miscptr) if (miscptr)
strncpy(database, miscptr, sizeof(database)); strncpy(database, miscptr, sizeof(database) - 1);
else else
strncpy(database, DEFAULT_DB, sizeof(database)); strncpy(database, DEFAULT_DB, sizeof(database) - 1);
database[sizeof(database)] = 0; database[sizeof(database) - 1] = 0;
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;

7
hydra-rlogin.c
View file

@ -40,8 +40,11 @@ int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr
} }
ret = hydra_recv(s, buffer, sizeof(buffer)); ret = hydra_recv(s, buffer, sizeof(buffer));
/* 0x00 is sent but hydra_recv transformed it */ /* 0x00 is sent but hydra_recv transformed it */
if (strlen(buffer) == 0) if (strlen(buffer) == 0) {
ret = hydra_recv(s, buffer, sizeof(buffer)); ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
if (ret >= 0)
buffer[ret] = 0;
}
if (ret > 0 && (strstr(buffer, "rlogind:") != NULL)) if (ret > 0 && (strstr(buffer, "rlogind:") != NULL))
return 1; return 1;

4
hydra-rsh.c
View file

@ -36,7 +36,9 @@ int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, F
return 4; return 4;
} }
ret = hydra_recv(s, buffer, sizeof(buffer)); buffer[0] = 0;
if ((ret = hydra_recv(s, buffer, sizeof(buffer))) >= 0)
buffer[ret] = 0;
/* 0x00 is sent but hydra_recv transformed it */ /* 0x00 is sent but hydra_recv transformed it */
if (strlen(buffer) == 0) if (strlen(buffer) == 0)
ret = hydra_recv(s, buffer, sizeof(buffer) - 1); ret = hydra_recv(s, buffer, sizeof(buffer) - 1);

3
hydra-sip.c
View file

@ -152,7 +152,8 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
try++; try++;
if (hydra_data_ready_timed(s, 5, 0) > 0) { if (hydra_data_ready_timed(s, 5, 0) > 0) {
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
i = hydra_recv(s, (char *) buf, sizeof(buf)); if ((i = hydra_recv(s, (char *) buf, sizeof(buf))) >= 0)
buf[i] = 0;
if (verbose) if (verbose)
hydra_report(stderr, "[INFO] S: %s\n", buf); hydra_report(stderr, "[INFO] S: %s\n", buf);
sip_code = get_sip_code(buf); sip_code = get_sip_code(buf);

8
hydra-smb.c
View file

@ -977,8 +977,10 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc
memset(LMhash, 0, 24); memset(LMhash, 0, 24);
ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *) challenge); ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *) challenge);
if (ret == -1) if (ret == -1) {
free(LMv2hash);
return -1; return -1;
}
memcpy(buf + iOffset, LMhash, 24); memcpy(buf + iOffset, LMhash, 24);
free(LMhash); free(LMhash);
@ -1053,8 +1055,10 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc
memset(LMv2hash, 0, 24); memset(LMv2hash, 0, 24);
ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword); ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword);
if (ret == -1) if (ret == -1) {
free(LMv2hash);
return -1; return -1;
}
memcpy(buf + iOffset, LMv2hash, 24); memcpy(buf + iOffset, LMv2hash, 24);
free(LMv2hash); free(LMv2hash);

27
hydra-xmpp.c
View file

@ -4,7 +4,6 @@
/* david: ref http://xmpp.org/rfcs/rfc3920.html */ /* david: ref http://xmpp.org/rfcs/rfc3920.html */
extern char *HYDRA_EXIT; extern char *HYDRA_EXIT;
char *buf;
static char *domain = NULL; static char *domain = NULL;
int xmpp_auth_mechanism = AUTH_ERROR; int xmpp_auth_mechanism = AUTH_ERROR;
@ -22,7 +21,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
char *CHALLENGE_END_STR = "</challenge>"; char *CHALLENGE_END_STR = "</challenge>";
char *RESPONSE_STR = "<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>"; char *RESPONSE_STR = "<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>";
char *RESPONSE_END_STR = "</response>"; char *RESPONSE_END_STR = "</response>";
char *fooptr; char *fooptr, *buf;
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
@ -49,9 +48,10 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
hydra_send(s, buffer, strlen(buffer), 0); hydra_send(s, buffer, strlen(buffer), 0);
usleep(300000); usleep(300000);
buf = hydra_receive_line(s); if ((buf = hydra_receive_line(s)) == NULL)
return 3;
if (verbose) if (debug)
hydra_report(stderr, "DEBUG S: %s\n", buf); hydra_report(stderr, "DEBUG S: %s\n", buf);
if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) {
@ -72,7 +72,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
buffer2[chglen] = '\0'; buffer2[chglen] = '\0';
memset(buffer, 0, sizeof(buffer)); memset(buffer, 0, sizeof(buffer));
from64tobits((char *) buffer, buffer2); from64tobits((char *) buffer, buffer2);
if (verbose) if (debug)
hydra_report(stderr, "DEBUG S: %s\n", buffer); hydra_report(stderr, "DEBUG S: %s\n", buffer);
} }
@ -84,7 +84,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
if (verbose) if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer); hydra_report(stderr, "DEBUG C: %s\n", buffer);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
free(buf); free(buf);
@ -126,7 +126,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
memset(buffer2, 0, sizeof(buffer)); memset(buffer2, 0, sizeof(buffer));
sasl_plain(buffer2, login, pass); sasl_plain(buffer2, login, pass);
sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
if (verbose) if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer); hydra_report(stderr, "DEBUG C: %s\n", buffer);
} }
@ -140,11 +140,12 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) { if (rc) {
free(buf);
return 3; return 3;
} }
sprintf(buffer, "%.200s %.250s", preplogin, buffer2); sprintf(buffer, "%.200s %.250s", preplogin, buffer2);
if (verbose) if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer); hydra_report(stderr, "DEBUG C: %s\n", buffer);
hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer));
sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR); sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR);
@ -157,9 +158,11 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
memset(buffer2, 0, sizeof(buffer2)); memset(buffer2, 0, sizeof(buffer2));
fooptr = buffer2; fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL);
if (fooptr == NULL) if (fooptr == NULL) {
free(buf);
return 3; return 3;
if (verbose) }
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer2); hydra_report(stderr, "DEBUG C: %s\n", buffer2);
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
@ -172,6 +175,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) { if (rc) {
free(buf);
return 3; return 3;
} }
@ -181,6 +185,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
free(buf);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1; return 1;
} }
@ -274,7 +279,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1, tls = 0; int run = 1, next_run = 1, sock = -1, tls = 0;
char buffer[500]; char buffer[500], *buf = NULL;
int myport = PORT_XMPP, mysslport = PORT_XMPP_SSL, disable_tls = 0; int myport = PORT_XMPP, mysslport = PORT_XMPP_SSL, disable_tls = 0;
char *enddomain = NULL; char *enddomain = NULL;

2
hydra.c
View file

@ -302,7 +302,7 @@ void help(int ext) {
#ifdef HAVE_MATH_H #ifdef HAVE_MATH_H
" [-x MIN:MAX:CHARSET]" " [-x MIN:MAX:CHARSET]"
#endif #endif
" [-SuvV46] " " [-SuvVd46] "
//"[server service [OPT]]|" //"[server service [OPT]]|"
"[service://server[:PORT][/OPT]]\n"); "[service://server[:PORT][/OPT]]\n");
printf("\nOptions:\n"); printf("\nOptions:\n");

4
sasl.c
View file

@ -641,7 +641,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
} }
/*client-final-message */ /*client-final-message */
if (verbose) if (debug)
hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage); hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage);
//r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096 //r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096
@ -711,7 +711,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20); to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20);
snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64); snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64);
if (verbose) if (debug)
hydra_report(stderr, "DEBUG C: %s\n", result); hydra_report(stderr, "DEBUG C: %s\n", result);
free(preppasswd); free(preppasswd);
} }