mirror of
https://github.com/vanhauser-thc/thc-hydra.git
synced 2025-07-06 04:51:40 -07:00
pre-8.0 fixes
This commit is contained in:
vanhauser-thc
parent
76c6145106
commit
ebbd664e07
18 changed files with 199 additions and 129 deletions
10
hydra-afp.c
10
hydra-afp.c
|
|
@ -44,7 +44,7 @@ static int server_subconnect(struct afp_url url) {
|
|||
struct afp_server *server = NULL;
|
||||
|
||||
conn_req = malloc(sizeof(struct afp_connection_request));
|
||||
server = malloc(sizeof(struct afp_server));
|
||||
// server = malloc(sizeof(struct afp_server));
|
||||
|
||||
memset(conn_req, 0, sizeof(struct afp_connection_request));
|
||||
|
||||
|
|
@ -97,10 +97,10 @@ int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, F
|
|||
|
||||
strncpy(tmpurl.servername, hydra_address2string(ip), AFP_SERVER_NAME_LEN - 1);
|
||||
tmpurl.servername[AFP_SERVER_NAME_LEN] = 0;
|
||||
strncpy(mlogin, login, AFP_MAX_USERNAME_LEN);
|
||||
mlogin[AFP_MAX_USERNAME_LEN] = 0;
|
||||
strncpy(mpass, pass, AFP_MAX_PASSWORD_LEN);
|
||||
mpass[AFP_MAX_PASSWORD_LEN] = 0;
|
||||
strncpy(mlogin, login, AFP_MAX_USERNAME_LEN - 1);
|
||||
mlogin[AFP_MAX_USERNAME_LEN - 1] = 0;
|
||||
strncpy(mpass, pass, AFP_MAX_PASSWORD_LEN - 1);
|
||||
mpass[AFP_MAX_PASSWORD_LEN - 1] = 0;
|
||||
memcpy(&tmpurl.username, mlogin, AFP_MAX_USERNAME_LEN);
|
||||
memcpy(&tmpurl.password, mpass, AFP_MAX_PASSWORD_LEN);
|
||||
|
||||
|
|
|
|||
|
|
@ -120,6 +120,8 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr
|
|||
}
|
||||
}
|
||||
|
||||
if (buf != NULL)
|
||||
free(buf);
|
||||
buf = hydra_receive_line(sock);
|
||||
if (hydra_strcasestr(buf, "ress ENTER") != NULL) {
|
||||
hydra_send(sock, "\r\n", 2, 0);
|
||||
|
|
|
|||
|
|
@ -58,6 +58,7 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
if (buf != NULL && strstr(buf, "assw") != NULL) {
|
||||
hydra_completed_pair();
|
||||
free(buf);
|
||||
buf = NULL;
|
||||
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
|
||||
return 3;
|
||||
if (strlen(pass = hydra_get_next_password()) == 0)
|
||||
|
|
@ -73,6 +74,8 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
return 1;
|
||||
}
|
||||
do {
|
||||
if (buf != NULL)
|
||||
free(buf);
|
||||
buf = hydra_receive_line(s);
|
||||
if (buf != NULL) {
|
||||
if (buf[strlen(buf) - 1] == '\n')
|
||||
|
|
|
|||
|
|
@ -399,8 +399,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
|
|||
str3[strlen(str) - strlen(str2) - 1] = 0;
|
||||
}
|
||||
} else {
|
||||
strncpy(str2, webtarget, sizeof(str2));
|
||||
str2[sizeof(str2)] = 0;
|
||||
strncpy(str2, webtarget, sizeof(str2) - 1);
|
||||
str2[sizeof(str2) - 1] = 0;
|
||||
if (redirected_url_buff[0] != '/') {
|
||||
//it's a relative path, so we have to concatenate it
|
||||
//with the path from the first url given
|
||||
|
|
|
|||
|
|
@ -176,6 +176,7 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c
|
|||
if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0)
|
||||
return 1;
|
||||
|
||||
free(buf);
|
||||
buf = hydra_receive_line(s);
|
||||
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
|
||||
free(buf);
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@
|
|||
#include "sasl.h"
|
||||
|
||||
extern char *HYDRA_EXIT;
|
||||
char *buf;
|
||||
static int http_proxy_auth_mechanism = AUTH_ERROR;
|
||||
char *http_proxy_buf = NULL;
|
||||
|
||||
int start_http_proxy(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
|
||||
char *empty = "";
|
||||
|
|
@ -31,21 +31,42 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
|
|||
strcat(host, "\r\n");
|
||||
}
|
||||
|
||||
if (http_proxy_auth_mechanism == AUTH_ERROR) {
|
||||
if (http_proxy_auth_mechanism != AUTH_BASIC && (http_proxy_auth_mechanism == AUTH_ERROR || http_proxy_buf == NULL)) {
|
||||
//send dummy request
|
||||
sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, header);
|
||||
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
|
||||
return 1;
|
||||
return 3;
|
||||
|
||||
//receive first 40x
|
||||
buf = hydra_receive_line(s);
|
||||
while (buf != NULL && strstr(buf, "HTTP/") == NULL) {
|
||||
free(buf);
|
||||
buf = hydra_receive_line(s);
|
||||
http_proxy_buf = hydra_receive_line(s);
|
||||
while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/") == NULL) {
|
||||
free(http_proxy_buf);
|
||||
http_proxy_buf = hydra_receive_line(s);
|
||||
}
|
||||
|
||||
if (http_proxy_buf == NULL) {
|
||||
if (verbose)
|
||||
hydra_report(stderr, "[ERROR] Server did not answer\n");
|
||||
return 3;
|
||||
}
|
||||
|
||||
if (debug)
|
||||
hydra_report(stderr, "S:%s\n", buf);
|
||||
hydra_report(stderr, "S:%s\n", http_proxy_buf);
|
||||
|
||||
http_proxy_buf = hydra_receive_line(s);
|
||||
while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) {
|
||||
free(http_proxy_buf);
|
||||
http_proxy_buf = hydra_receive_line(s);
|
||||
}
|
||||
|
||||
if (http_proxy_buf == NULL) {
|
||||
if (verbose)
|
||||
hydra_report(stderr, "[ERROR] Proxy seems not to require authentication\n");
|
||||
return 3;
|
||||
}
|
||||
|
||||
if (debug)
|
||||
hydra_report(stderr, "S:%s\n", http_proxy_buf);
|
||||
|
||||
//after the first query we should have been disconnected from web server
|
||||
s = hydra_disconnect(s);
|
||||
|
|
@ -56,7 +77,7 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
|
|||
}
|
||||
}
|
||||
|
||||
if (hydra_strcasestr(buf, "Proxy-Authenticate: Basic") != NULL) {
|
||||
if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Basic") != NULL) {
|
||||
http_proxy_auth_mechanism = AUTH_BASIC;
|
||||
sprintf(buffer2, "%.50s:%.50s", login, pass);
|
||||
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
|
||||
|
|
@ -64,25 +85,26 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
|
|||
if (debug)
|
||||
hydra_report(stderr, "C:%s\n", buffer);
|
||||
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
|
||||
return 1;
|
||||
buf = hydra_receive_line(s);
|
||||
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
|
||||
free(buf);
|
||||
buf = hydra_receive_line(s);
|
||||
return 3;
|
||||
free(http_proxy_buf);
|
||||
http_proxy_buf = hydra_receive_line(s);
|
||||
while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) {
|
||||
free(http_proxy_buf);
|
||||
http_proxy_buf = hydra_receive_line(s);
|
||||
}
|
||||
|
||||
//if server cut the connection, just exit cleanly or
|
||||
//this will be an infinite loop
|
||||
if (buf == NULL) {
|
||||
if (http_proxy_buf == NULL) {
|
||||
if (verbose)
|
||||
hydra_report(stderr, "[ERROR] Server did not answer\n");
|
||||
return 3;
|
||||
}
|
||||
|
||||
if (debug)
|
||||
hydra_report(stderr, "S:%s\n", buf);
|
||||
hydra_report(stderr, "S:%s\n", http_proxy_buf);
|
||||
} else {
|
||||
if (hydra_strcasestr(buf, "Proxy-Authenticate: NTLM") != NULL) {
|
||||
if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM") != NULL) {
|
||||
|
||||
unsigned char buf1[4096];
|
||||
unsigned char buf2[4096];
|
||||
|
|
@ -98,13 +120,14 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
|
|||
//send the first..
|
||||
sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header);
|
||||
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
|
||||
return 1;
|
||||
return 3;
|
||||
|
||||
//receive challenge
|
||||
buf = hydra_receive_line(s);
|
||||
while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) {
|
||||
free(buf);
|
||||
buf = hydra_receive_line(s);
|
||||
free(http_proxy_buf);
|
||||
http_proxy_buf = hydra_receive_line(s);
|
||||
while (http_proxy_buf != NULL && (pos = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM ")) == NULL) {
|
||||
free(http_proxy_buf);
|
||||
http_proxy_buf = hydra_receive_line(s);
|
||||
}
|
||||
if (pos != NULL) {
|
||||
char *str;
|
||||
|
|
@ -118,9 +141,11 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
|
|||
}
|
||||
}
|
||||
//recover challenge
|
||||
if (buf != NULL && strlen(buf) >= 4) {
|
||||
if (http_proxy_buf != NULL && strlen(http_proxy_buf) >= 4) {
|
||||
from64tobits((char *) buf1, pos);
|
||||
free(buf);
|
||||
free(http_proxy_buf);
|
||||
http_proxy_buf = NULL;
|
||||
return 3;
|
||||
}
|
||||
//Send response
|
||||
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
|
||||
|
|
@ -129,24 +154,26 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
|
|||
if (debug)
|
||||
hydra_report(stderr, "C:%s\n", buffer);
|
||||
if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
|
||||
return 1;
|
||||
return 3;
|
||||
|
||||
buf = hydra_receive_line(s);
|
||||
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
|
||||
free(buf);
|
||||
buf = hydra_receive_line(s);
|
||||
if (http_proxy_buf != NULL)
|
||||
free(http_proxy_buf);
|
||||
http_proxy_buf = hydra_receive_line(s);
|
||||
while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) {
|
||||
free(http_proxy_buf);
|
||||
http_proxy_buf = hydra_receive_line(s);
|
||||
}
|
||||
|
||||
if (buf == NULL)
|
||||
return 1;
|
||||
if (http_proxy_buf == NULL)
|
||||
return 3;
|
||||
} else {
|
||||
#ifdef LIBOPENSSL
|
||||
if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) {
|
||||
if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) {
|
||||
|
||||
char *pbuffer;
|
||||
|
||||
http_proxy_auth_mechanism = AUTH_DIGESTMD5;
|
||||
pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest ");
|
||||
pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest ");
|
||||
strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer));
|
||||
buffer[sizeof(buffer) - 1] = '\0';
|
||||
pbuffer = NULL;
|
||||
|
|
@ -159,26 +186,29 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
|
|||
if (debug)
|
||||
hydra_report(stderr, "C:%s\n", buffer2);
|
||||
if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0)
|
||||
return 1;
|
||||
return 3;
|
||||
|
||||
buf = hydra_receive_line(s);
|
||||
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
|
||||
free(buf);
|
||||
buf = hydra_receive_line(s);
|
||||
free(http_proxy_buf);
|
||||
http_proxy_buf = hydra_receive_line(s);
|
||||
while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) {
|
||||
free(http_proxy_buf);
|
||||
http_proxy_buf = hydra_receive_line(s);
|
||||
}
|
||||
|
||||
if (debug && buf != NULL)
|
||||
hydra_report(stderr, "S:%s\n", buf);
|
||||
if (debug && http_proxy_buf != NULL)
|
||||
hydra_report(stderr, "S:%s\n", http_proxy_buf);
|
||||
|
||||
if (buf == NULL)
|
||||
return 1;
|
||||
if (http_proxy_buf == NULL)
|
||||
return 3;
|
||||
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
if (buf != NULL) {
|
||||
buf[strlen(buf) - 1] = '\0';
|
||||
hydra_report(stderr, "Unsupported Auth type:\n%s\n", buf);
|
||||
if (http_proxy_buf != NULL) {
|
||||
// buf[strlen(http_proxy_buf) - 1] = '\0';
|
||||
hydra_report(stderr, "Unsupported Auth type:\n%s\n", http_proxy_buf);
|
||||
free(http_proxy_buf);
|
||||
http_proxy_buf = NULL;
|
||||
} else {
|
||||
hydra_report(stderr, "Unsupported Auth type\n");
|
||||
}
|
||||
|
|
@ -187,23 +217,32 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis
|
|||
}
|
||||
}
|
||||
|
||||
ptr = ((char *) index(buf, ' ')) + 1;
|
||||
ptr = ((char *) index(http_proxy_buf, ' ')) + 1;
|
||||
if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) {
|
||||
hydra_report_found_host(port, ip, "http-proxy", fp);
|
||||
hydra_completed_pair_found();
|
||||
free(http_proxy_buf);
|
||||
http_proxy_buf = NULL;
|
||||
} else {
|
||||
if (*ptr != '4')
|
||||
hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(buf, ' ') + 1), login, pass);
|
||||
hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(http_proxy_buf, ' ') + 1), login, pass);
|
||||
else if (verbose && *(ptr + 2) == '3')
|
||||
hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass);
|
||||
hydra_completed_pair();
|
||||
free(http_proxy_buf);
|
||||
http_proxy_buf = hydra_receive_line(s);
|
||||
while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) {
|
||||
free(http_proxy_buf);
|
||||
http_proxy_buf = hydra_receive_line(s);
|
||||
}
|
||||
}
|
||||
|
||||
free(buf);
|
||||
|
||||
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
|
||||
return 3;
|
||||
return 1;
|
||||
if (http_proxy_buf != NULL)
|
||||
return 2;
|
||||
else
|
||||
return 1;
|
||||
}
|
||||
|
||||
void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
|
||||
|
|
@ -219,6 +258,8 @@ void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr,
|
|||
switch (run) {
|
||||
case 1: /* connect and service init function */
|
||||
{
|
||||
if (http_proxy_buf != NULL)
|
||||
free(http_proxy_buf);
|
||||
if (sock >= 0)
|
||||
sock = hydra_disconnect(sock);
|
||||
// usleep(275000);
|
||||
|
|
|
|||
65
hydra-http.c
65
hydra-http.c
|
|
@ -4,6 +4,7 @@
|
|||
extern char *HYDRA_EXIT;
|
||||
char *webtarget = NULL;
|
||||
char *slash = "/";
|
||||
char *http_buf = NULL;
|
||||
int webport, freemischttp = 0;
|
||||
|
||||
int http_auth_mechanism = AUTH_BASIC;
|
||||
|
|
@ -12,7 +13,7 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
char *empty = "";
|
||||
char *login, *pass, buffer[500], buffer2[500];
|
||||
char *header = ""; /* XXX TODO */
|
||||
char *ptr, *fooptr, *buf;
|
||||
char *ptr, *fooptr;
|
||||
|
||||
if (strlen(login = hydra_get_next_login()) == 0)
|
||||
login = empty;
|
||||
|
|
@ -20,7 +21,7 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
pass = empty;
|
||||
|
||||
// we must reset this if buf is NULL and we do MD5 digest
|
||||
if (buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5)
|
||||
if (http_buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5)
|
||||
http_auth_mechanism = AUTH_BASIC;
|
||||
|
||||
switch (http_auth_mechanism) {
|
||||
|
|
@ -47,7 +48,7 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
case AUTH_DIGESTMD5:{
|
||||
char *pbuffer;
|
||||
|
||||
pbuffer = hydra_strcasestr(buf, "WWW-Authenticate: Digest ");
|
||||
pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest ");
|
||||
strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer));
|
||||
buffer[sizeof(buffer) - 1] = '\0';
|
||||
|
||||
|
|
@ -93,15 +94,15 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
return 1;
|
||||
|
||||
//receive challenge
|
||||
if (buf != NULL)
|
||||
free(buf);
|
||||
buf = hydra_receive_line(s);
|
||||
while (buf != NULL && (pos = hydra_strcasestr(buf, "WWW-Authenticate: NTLM ")) == NULL) {
|
||||
free(buf);
|
||||
buf = hydra_receive_line(s);
|
||||
if (http_buf != NULL)
|
||||
free(http_buf);
|
||||
http_buf = hydra_receive_line(s);
|
||||
while (http_buf != NULL && (pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM ")) == NULL) {
|
||||
free(http_buf);
|
||||
http_buf = hydra_receive_line(s);
|
||||
}
|
||||
|
||||
if (buf == NULL)
|
||||
if (http_buf == NULL)
|
||||
return 1;
|
||||
|
||||
if (pos != NULL) {
|
||||
|
|
@ -117,8 +118,8 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
}
|
||||
//recover challenge
|
||||
from64tobits((char *) buf1, pos);
|
||||
free(buf);
|
||||
buf = NULL;
|
||||
free(http_buf);
|
||||
http_buf = NULL;
|
||||
|
||||
//Send response
|
||||
buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
|
||||
|
|
@ -148,63 +149,63 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
return 1;
|
||||
}
|
||||
|
||||
if (buf != NULL)
|
||||
free(buf);
|
||||
buf = hydra_receive_line(s);
|
||||
while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
|
||||
free(buf);
|
||||
buf = hydra_receive_line(s);
|
||||
if (http_buf != NULL)
|
||||
free(http_buf);
|
||||
http_buf = hydra_receive_line(s);
|
||||
while (http_buf != NULL && strstr(http_buf, "HTTP/1.") == NULL) {
|
||||
free(http_buf);
|
||||
http_buf = hydra_receive_line(s);
|
||||
}
|
||||
|
||||
//if server cut the connection, just exit cleanly or
|
||||
//this will be an infinite loop
|
||||
if (buf == NULL) {
|
||||
if (http_buf == NULL) {
|
||||
if (verbose)
|
||||
hydra_report(stderr, "[ERROR] Server did not answer\n");
|
||||
return 3;
|
||||
}
|
||||
|
||||
if (debug)
|
||||
hydra_report(stderr, "S:%s\n", buf);
|
||||
hydra_report(stderr, "S:%s\n", http_buf);
|
||||
|
||||
ptr = ((char *) index(buf, ' ')) + 1;
|
||||
ptr = ((char *) index(http_buf, ' ')) + 1;
|
||||
if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) {
|
||||
hydra_report_found_host(port, ip, "www", fp);
|
||||
hydra_completed_pair_found();
|
||||
if (buf != NULL) {
|
||||
free(buf);
|
||||
buf = NULL;
|
||||
if (http_buf != NULL) {
|
||||
free(http_buf);
|
||||
http_buf = NULL;
|
||||
}
|
||||
} else {
|
||||
if (ptr != NULL && *ptr != '4')
|
||||
fprintf(stderr, "[WARNING] Unusual return code: %c for %s:%s\n", (char) *(index(buf, ' ') + 1), login, pass);
|
||||
fprintf(stderr, "[WARNING] Unusual return code: %c for %s:%s\n", (char) *(index(http_buf, ' ') + 1), login, pass);
|
||||
|
||||
//the first authentication type failed, check the type from server header
|
||||
if ((hydra_strcasestr(buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) {
|
||||
if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) {
|
||||
//seems the auth supported is not Basic shceme so testing further
|
||||
int find_auth = 0;
|
||||
|
||||
if (hydra_strcasestr(buf, "WWW-Authenticate: NTLM") != NULL) {
|
||||
if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) {
|
||||
http_auth_mechanism = AUTH_NTLM;
|
||||
find_auth = 1;
|
||||
}
|
||||
#ifdef LIBOPENSSL
|
||||
if (hydra_strcasestr(buf, "WWW-Authenticate: Digest") != NULL) {
|
||||
if (hydra_strcasestr(http_buf, "WWW-Authenticate: Digest") != NULL) {
|
||||
http_auth_mechanism = AUTH_DIGESTMD5;
|
||||
find_auth = 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (find_auth) {
|
||||
// free(buf);
|
||||
// buf = NULL;
|
||||
// free(http_buf);
|
||||
// http_buf = NULL;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
hydra_completed_pair();
|
||||
}
|
||||
// free(buf);
|
||||
// buf = NULL;
|
||||
// free(http_buf);
|
||||
// http_buf = NULL;
|
||||
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
|
||||
return 3;
|
||||
return 1;
|
||||
|
|
|
|||
|
|
@ -144,7 +144,9 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE *
|
|||
hydra_child_exit(1);
|
||||
}
|
||||
|
||||
ret = hydra_recv(sock, buffer, sizeof(buffer));
|
||||
buffer[0] = 0;
|
||||
if ((ret = hydra_recv(sock, buffer, sizeof(buffer))) >= 0)
|
||||
buffer[ret] = 0;
|
||||
|
||||
/* ERROR :Bad password */
|
||||
#ifdef HAVE_PCRE
|
||||
|
|
|
|||
|
|
@ -39,9 +39,9 @@ char mysqlsalt[9];
|
|||
/* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */
|
||||
char *hydra_mysql_receive_line(int socket) {
|
||||
char buf[300], *buff, *buff2;
|
||||
int i = 0, j = 0;
|
||||
int i = 0, j = 0, buff_size = 300;
|
||||
|
||||
buff = malloc(sizeof(buf));
|
||||
buff = malloc(buff_size);
|
||||
if (buff == NULL)
|
||||
return NULL;
|
||||
memset(buff, 0, sizeof(buf));
|
||||
|
|
@ -63,13 +63,17 @@ char *hydra_mysql_receive_line(int socket) {
|
|||
j = 1;
|
||||
while (hydra_data_ready(socket) > 0 && j > 0) {
|
||||
j = internal__hydra_recv(socket, buf, sizeof(buf));
|
||||
if (j > 65535 || i + j > 65535 || (buff2 = realloc(buff, i + j)) == NULL) {
|
||||
free(buff);
|
||||
return NULL;
|
||||
} else
|
||||
buff = buff2;
|
||||
memcpy(buff + i, &buf, j);
|
||||
i = i + j;
|
||||
if (j > 0) {
|
||||
if (i + j > buff_size || (buff2 = realloc(buff, i + j)) == NULL) {
|
||||
free(buff);
|
||||
return NULL;
|
||||
} else {
|
||||
buff = buff2;
|
||||
buff_size = i + j;
|
||||
}
|
||||
memcpy(buff + i, &buf, j);
|
||||
i += j;
|
||||
}
|
||||
}
|
||||
|
||||
if (debug)
|
||||
|
|
@ -177,13 +181,13 @@ int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscp
|
|||
pass = hydra_get_next_password();
|
||||
|
||||
if (miscptr)
|
||||
strncpy(database, miscptr, sizeof(database));
|
||||
strncpy(database, miscptr, sizeof(database) - 1);
|
||||
else {
|
||||
strncpy(database, DEFAULT_DB, sizeof(database));
|
||||
strncpy(database, DEFAULT_DB, sizeof(database) - 1);
|
||||
if (verbose)
|
||||
hydra_report(stderr, "[VERBOSE] using default db 'mysql'\n");
|
||||
}
|
||||
database[sizeof(database)] = 0;
|
||||
database[sizeof(database) - 1] = 0;
|
||||
|
||||
/* read server greeting */
|
||||
res = hydra_mysql_init(sock);
|
||||
|
|
|
|||
|
|
@ -62,8 +62,8 @@ void pca_encrypt(char *cleartxt) {
|
|||
char passwd[128];
|
||||
int i;
|
||||
|
||||
strncpy(passwd, cleartxt, sizeof(passwd));
|
||||
passwd[sizeof(passwd)] = 0;
|
||||
strncpy(passwd, cleartxt, sizeof(passwd) - 1);
|
||||
passwd[sizeof(passwd) - 1] = 0;
|
||||
if (strlen(cleartxt) > 0) {
|
||||
passwd[0] = (passwd[0] ^ 0xab);
|
||||
for (i = 1; i < strlen(passwd); i++)
|
||||
|
|
@ -192,9 +192,10 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis
|
|||
}
|
||||
|
||||
ret = hydra_recv(s, buffer, sizeof(buffer));
|
||||
if (ret == -1) {
|
||||
if (ret < 0)
|
||||
return 1;
|
||||
}
|
||||
else
|
||||
buffer[ret] = 0;
|
||||
|
||||
clean_buffer(buffer, ret);
|
||||
/*show_buffer(buffer,ret); */
|
||||
|
|
|
|||
|
|
@ -29,10 +29,10 @@ int start_postgres(int s, char *ip, int port, unsigned char options, char *miscp
|
|||
PGconn *pgconn;
|
||||
|
||||
if (miscptr)
|
||||
strncpy(database, miscptr, sizeof(database));
|
||||
strncpy(database, miscptr, sizeof(database) - 1);
|
||||
else
|
||||
strncpy(database, DEFAULT_DB, sizeof(database));
|
||||
database[sizeof(database)] = 0;
|
||||
strncpy(database, DEFAULT_DB, sizeof(database) - 1);
|
||||
database[sizeof(database) - 1] = 0;
|
||||
|
||||
if (strlen(login = hydra_get_next_login()) == 0)
|
||||
login = empty;
|
||||
|
|
|
|||
|
|
@ -40,8 +40,11 @@ int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr
|
|||
}
|
||||
ret = hydra_recv(s, buffer, sizeof(buffer));
|
||||
/* 0x00 is sent but hydra_recv transformed it */
|
||||
if (strlen(buffer) == 0)
|
||||
ret = hydra_recv(s, buffer, sizeof(buffer));
|
||||
if (strlen(buffer) == 0) {
|
||||
ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
|
||||
if (ret >= 0)
|
||||
buffer[ret] = 0;
|
||||
}
|
||||
|
||||
if (ret > 0 && (strstr(buffer, "rlogind:") != NULL))
|
||||
return 1;
|
||||
|
|
|
|||
|
|
@ -36,7 +36,9 @@ int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, F
|
|||
return 4;
|
||||
}
|
||||
|
||||
ret = hydra_recv(s, buffer, sizeof(buffer));
|
||||
buffer[0] = 0;
|
||||
if ((ret = hydra_recv(s, buffer, sizeof(buffer))) >= 0)
|
||||
buffer[ret] = 0;
|
||||
/* 0x00 is sent but hydra_recv transformed it */
|
||||
if (strlen(buffer) == 0)
|
||||
ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
|
||||
|
|
|
|||
|
|
@ -152,7 +152,8 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
|
|||
try++;
|
||||
if (hydra_data_ready_timed(s, 5, 0) > 0) {
|
||||
memset(buf, 0, sizeof(buf));
|
||||
i = hydra_recv(s, (char *) buf, sizeof(buf));
|
||||
if ((i = hydra_recv(s, (char *) buf, sizeof(buf))) >= 0)
|
||||
buf[i] = 0;
|
||||
if (verbose)
|
||||
hydra_report(stderr, "[INFO] S: %s\n", buf);
|
||||
sip_code = get_sip_code(buf);
|
||||
|
|
|
|||
|
|
@ -977,8 +977,10 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc
|
|||
memset(LMhash, 0, 24);
|
||||
|
||||
ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *) challenge);
|
||||
if (ret == -1)
|
||||
if (ret == -1) {
|
||||
free(LMv2hash);
|
||||
return -1;
|
||||
}
|
||||
|
||||
memcpy(buf + iOffset, LMhash, 24);
|
||||
free(LMhash);
|
||||
|
|
@ -1053,8 +1055,10 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc
|
|||
memset(LMv2hash, 0, 24);
|
||||
|
||||
ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword);
|
||||
if (ret == -1)
|
||||
if (ret == -1) {
|
||||
free(LMv2hash);
|
||||
return -1;
|
||||
}
|
||||
|
||||
memcpy(buf + iOffset, LMv2hash, 24);
|
||||
free(LMv2hash);
|
||||
|
|
|
|||
27
hydra-xmpp.c
27
hydra-xmpp.c
|
|
@ -4,7 +4,6 @@
|
|||
/* david: ref http://xmpp.org/rfcs/rfc3920.html */
|
||||
|
||||
extern char *HYDRA_EXIT;
|
||||
char *buf;
|
||||
static char *domain = NULL;
|
||||
|
||||
int xmpp_auth_mechanism = AUTH_ERROR;
|
||||
|
|
@ -22,7 +21,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
char *CHALLENGE_END_STR = "</challenge>";
|
||||
char *RESPONSE_STR = "<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>";
|
||||
char *RESPONSE_END_STR = "</response>";
|
||||
char *fooptr;
|
||||
char *fooptr, *buf;
|
||||
|
||||
if (strlen(login = hydra_get_next_login()) == 0)
|
||||
login = empty;
|
||||
|
|
@ -49,9 +48,10 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
|
||||
hydra_send(s, buffer, strlen(buffer), 0);
|
||||
usleep(300000);
|
||||
buf = hydra_receive_line(s);
|
||||
if ((buf = hydra_receive_line(s)) == NULL)
|
||||
return 3;
|
||||
|
||||
if (verbose)
|
||||
if (debug)
|
||||
hydra_report(stderr, "DEBUG S: %s\n", buf);
|
||||
|
||||
if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) {
|
||||
|
|
@ -72,7 +72,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
buffer2[chglen] = '\0';
|
||||
memset(buffer, 0, sizeof(buffer));
|
||||
from64tobits((char *) buffer, buffer2);
|
||||
if (verbose)
|
||||
if (debug)
|
||||
hydra_report(stderr, "DEBUG S: %s\n", buffer);
|
||||
}
|
||||
|
||||
|
|
@ -84,7 +84,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
|
||||
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
|
||||
sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
|
||||
if (verbose)
|
||||
if (debug)
|
||||
hydra_report(stderr, "DEBUG C: %s\n", buffer);
|
||||
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
|
||||
free(buf);
|
||||
|
|
@ -126,7 +126,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
memset(buffer2, 0, sizeof(buffer));
|
||||
sasl_plain(buffer2, login, pass);
|
||||
sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
|
||||
if (verbose)
|
||||
if (debug)
|
||||
hydra_report(stderr, "DEBUG C: %s\n", buffer);
|
||||
|
||||
}
|
||||
|
|
@ -140,11 +140,12 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
|
||||
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
|
||||
if (rc) {
|
||||
free(buf);
|
||||
return 3;
|
||||
}
|
||||
|
||||
sprintf(buffer, "%.200s %.250s", preplogin, buffer2);
|
||||
if (verbose)
|
||||
if (debug)
|
||||
hydra_report(stderr, "DEBUG C: %s\n", buffer);
|
||||
hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer));
|
||||
sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR);
|
||||
|
|
@ -157,9 +158,11 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
memset(buffer2, 0, sizeof(buffer2));
|
||||
fooptr = buffer2;
|
||||
sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL);
|
||||
if (fooptr == NULL)
|
||||
if (fooptr == NULL) {
|
||||
free(buf);
|
||||
return 3;
|
||||
if (verbose)
|
||||
}
|
||||
if (debug)
|
||||
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
|
||||
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
|
||||
snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
|
||||
|
|
@ -172,6 +175,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
|
||||
|
||||
if (rc) {
|
||||
free(buf);
|
||||
return 3;
|
||||
}
|
||||
|
||||
|
|
@ -181,6 +185,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
|
||||
snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
|
||||
|
||||
free(buf);
|
||||
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
|
||||
return 1;
|
||||
}
|
||||
|
|
@ -274,7 +279,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr,
|
|||
|
||||
void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
|
||||
int run = 1, next_run = 1, sock = -1, tls = 0;
|
||||
char buffer[500];
|
||||
char buffer[500], *buf = NULL;
|
||||
int myport = PORT_XMPP, mysslport = PORT_XMPP_SSL, disable_tls = 0;
|
||||
char *enddomain = NULL;
|
||||
|
||||
|
|
|
|||
2
hydra.c
2
hydra.c
|
|
@ -302,7 +302,7 @@ void help(int ext) {
|
|||
#ifdef HAVE_MATH_H
|
||||
" [-x MIN:MAX:CHARSET]"
|
||||
#endif
|
||||
" [-SuvV46] "
|
||||
" [-SuvVd46] "
|
||||
//"[server service [OPT]]|"
|
||||
"[service://server[:PORT][/OPT]]\n");
|
||||
printf("\nOptions:\n");
|
||||
|
|
|
|||
4
sasl.c
4
sasl.c
|
|
@ -641,7 +641,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
|
|||
}
|
||||
|
||||
/*client-final-message */
|
||||
if (verbose)
|
||||
if (debug)
|
||||
hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage);
|
||||
|
||||
//r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096
|
||||
|
|
@ -711,7 +711,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
|
|||
to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20);
|
||||
|
||||
snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64);
|
||||
if (verbose)
|
||||
if (debug)
|
||||
hydra_report(stderr, "DEBUG C: %s\n", result);
|
||||
free(preppasswd);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue