github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-07 05:21:37 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Direct HTTP working.

Browse source
This commit is contained in:
ajuaristi 2014-07-29 21:19:53 +02:00
parent 8722f8a55c
commit f0fc03e53b
1 changed files with 343 additions and 342 deletions
Download patch file Download diff file Expand all files Collapse all files

481
hydra-http-form.c
View file

@ -96,6 +96,8 @@ extern char *slash;
int webport, freemischttpform = 0; int webport, freemischttpform = 0;
char bufferurl[1024], cookieurl[1024] = "", userheader[1024] = "", *url, *variables, *optional1; char bufferurl[1024], cookieurl[1024] = "", userheader[1024] = "", *url, *variables, *optional1;
char *cookie_request, *normal_request; // Buffers for HTTP headers
ptr_header_node ptr_head = NULL; ptr_header_node ptr_head = NULL;
/* /*
@ -194,6 +196,22 @@ void hdrrep(char * oldvalue, char * newvalue){
} }
} }
void hdrrepv(char * hdrname, char * new_value){
ptr_header_node cur_ptr = NULL;
for(cur_ptr = ptr_head; cur_ptr; cur_ptr = cur_ptr->next){
if((cur_ptr->type == HEADER_TYPE_DEFAULT) && strcmp(cur_ptr->header, hdrname)){
cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(new_value));
if(cur_ptr->value)
strcpy(cur_ptr->value, new_value);
else{
hydra_report(stderr, "[ERROR] Out of memory");
hydra_child_exit(1);
}
}
}
}
void cleanup(){ void cleanup(){
ptr_header_node cur_ptr = ptr_head, next_ptr = cur_ptr; ptr_header_node cur_ptr = ptr_head, next_ptr = cur_ptr;
@ -211,68 +229,69 @@ void cleanup(){
* Concat all the headers in the list in a single string. * Concat all the headers in the list in a single string.
* Leave the list itself intact: do not clean it here. * Leave the list itself intact: do not clean it here.
*/ */
char * stringify_headers(char * http_request){ char * stringify_headers(){
char * headers_str = NULL; char * headers_str = NULL;
ptr_header_node cur_ptr = ptr_head; ptr_header_node cur_ptr = ptr_head;
int ttl_size = strlen(http_request); int ttl_size = 0;
while(cur_ptr){ for(; cur_ptr; cur_ptr = cur_ptr->next)
if(cur_ptr->header && cur_ptr->value){ // Check for NULLs ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 3;
ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 1;
if(headers_str) headers_str = (char *) malloc(ttl_size + 1);
headers_str = (char *) realloc(headers_str, sizeof(char) * ttl_size);
else{ if(headers_str){
// Garbage appears when strcat()-ing, if we don't blank the newly allocated memory memset(headers_str, 0, ttl_size + 1);
headers_str = (char *) malloc(sizeof(char) * ttl_size); for(cur_ptr = ptr_head; cur_ptr; cur_ptr = cur_ptr->next){
if(headers_str)
memset(headers_str, 0, sizeof(char) * ttl_size);
}
if(headers_str){ // Check for errors
strcat(headers_str, cur_ptr->header); strcat(headers_str, cur_ptr->header);
strcat(headers_str, ": "); strcat(headers_str, ":");
strcat(headers_str, cur_ptr->value); strcat(headers_str, cur_ptr->value);
strcat(headers_str, "\r\n"); strcat(headers_str, "\r\n");
}else{
// Error: out of memory
hydra_report(stderr, "Out of memory for HTTP headers");
hydra_child_exit(1);
} }
} }
// Get to the next header
cur_ptr = cur_ptr->next;
}
return headers_str; return headers_str;
} }
char * prepare_http_request(char * method, char * path, char * postdata){ char * prepare_http_request(char * type, char * path, char * params, char * headers){
char * request = NULL, *headers = NULL; unsigned int reqlen = 0;
char tail[] = " HTTP/1.0", char * http_request = NULL;
http_request[1030];
int req_len = (strlen(method) + strlen(path) + 1) <= 1030 ? (strlen(method) + strlen(path) + 1) : 1030;
memset(http_request, 0, 1030); if(type && path && headers){
reqlen = strlen(path) + strlen(headers) + 20;
if(params)
reqlen += strlen(params);
if(strcmp(method, "GET") == 0) http_request = (char *) malloc(reqlen);
if(http_request){
memset(http_request, 0, reqlen);
// append the request verb (GET or POST)
if(strcmp(type, "GET") == 0)
strcat(http_request, "GET "); strcat(http_request, "GET ");
else if(strcmp(method, "POST") == 0) else
strcat(http_request, "POST "); strcat(http_request, "POST ");
strncat(http_request, path, 1030 - sizeof(tail) - 5); // append the request path
strcat(http_request, tail); strcat(http_request, path);
headers = stringify_headers(http_request); // if GET, append the params now
request = (char *) malloc(strlen(http_request) + strlen(headers) + 5 + (strcmp(method, "POST") == 0 && postdata? strlen(postdata) : 0)); if(params && strcmp(type, "GET") == 0){
if(request && headers){ strcat(http_request, "?");
strcpy(request, http_request); strcat(http_request, params);
strcat(request, "\r\n");
strcat(request, headers);
strcat(request, "\r\n");
if(strcmp(method, "POST") == 0 && postdata)
strcat(request, postdata);
} }
return request; // append the headers
strcat(http_request, " HTTP/1.0\r\n");
strcat(http_request, headers);
strcat(http_request, "\r\n");
// if POST, append the params now
if(params && strcmp(type, "POST") == 0)
strcat(http_request, params);
}
}
return http_request;
} }
int strpos(char *str, char *target) { int strpos(char *str, char *target) {
@ -352,9 +371,11 @@ int analyze_server_response(int s) {
endcookie1 = strchr(str, '\n'); endcookie1 = strchr(str, '\n');
endcookie2 = strchr(str, ';'); endcookie2 = strchr(str, ';');
//terminate string after cookie data //terminate string after cookie data
if (endcookie1 != NULL && endcookie1 < endcookie2) if (endcookie1 != NULL && ((endcookie1 < endcookie2) || (endcookie2 == NULL))){
if(*(endcookie1 - 1) == '\r')
endcookie1--;
*endcookie1 = 0; *endcookie1 = 0;
else if (endcookie2 != NULL) }else if (endcookie2 != NULL)
*endcookie2 = 0; *endcookie2 = 0;
// is the cookie already there? if yes, remove it! // is the cookie already there? if yes, remove it!
if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) { if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) {
@ -423,10 +444,10 @@ void hydra_reconnect(int s, char *ip, int port, unsigned char options) {
int start_http_form(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) { int start_http_form(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) {
char *empty = ""; char *empty = "";
char *buffer, // Buffer for HTTP headers char * buffer;
*proxy_string;
char *login, *pass, clogin[256], cpass[256]; char *login, *pass, clogin[256], cpass[256];
char header[8096], *upd3variables, cuserheader[1024]; char header[8096], *upd3variables, cuserheader[1024];
char *http_request;
int found = !success_cond, i, j; int found = !success_cond, i, j;
char content_length[MAX_CONTENT_LENGTH]; char content_length[MAX_CONTENT_LENGTH];
@ -449,106 +470,35 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
hdrrep("^USER^", clogin); hdrrep("^USER^", clogin);
hdrrep("^PASS^", cpass); hdrrep("^PASS^", cpass);
///////////////////////////////////////////////////////////////////////////////////////////////////////////
/* again: no snprintf to be portable. dont worry, buffer cant overflow */ /* again: no snprintf to be portable. dont worry, buffer cant overflow */
if (use_proxy == 1 && proxy_authentication != NULL) { if (use_proxy == 1 && proxy_authentication != NULL) {
// proxy with authentication
add_header("Host", webtarget, HEADER_TYPE_DEFAULT);
add_header("User-Agent", "Mozilla 5.0 (Hydra Proxy Auth)", HEADER_TYPE_DEFAULT);
proxy_string = (char *) malloc(strlen(proxy_authentication) + 6);
if(proxy_string) {
strcpy(proxy_string, "Basic ");
strncat(proxy_string, proxy_authentication, strlen(proxy_authentication) - 6);
add_header("Proxy-Authorization", proxy_string, HEADER_TYPE_DEFAULT);
}else{
hydra_report(stderr, "Out of memory for \"Proxy-Authorization\" header.");
hydra_child_exit(1);
}
if (getcookie) { if (getcookie) {
//doing a GET to save cookies //buffer = prepare_http_request(type, url, NULL);
// sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla 5.0 (Hydra Proxy Auth)\r\n%s%s\r\n",
// webtarget, webport, cookieurl, webtarget, proxy_authentication, header, cuserheader);
buffer = prepare_http_request(type, url, NULL);
hydra_report(stdout, "HTTP headers (Proxy Auth Cookies): %s", buffer); hydra_report(stdout, "HTTP headers (Proxy Auth Cookies): %s", buffer);
/* if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
} }
i = analyze_server_response(s); // return value ignored //buffer = prepare_http_request(type, url, NULL);
if (strlen(cookie) > 0) {
sprintf(header, "Cookie: %s\r\n", cookie);
}
hydra_reconnect(s, ip, port, options);*/
}
buffer = prepare_http_request(type, url, NULL);
hydra_report(stdout, "HTTP headers (Proxy Auth): %s", buffer); hydra_report(stdout, "HTTP headers (Proxy Auth): %s", buffer);
/*if (strcmp(type, "POST") == 0) {
sprintf(buffer,
"POST http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy Auth)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s",
webtarget, webport, url, webtarget, proxy_authentication, (int) strlen(upd3variables), header, cuserheader, upd3variables);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
} else {
sprintf(buffer,
"GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy Auth)\r\n%s%s\r\n",
webtarget, webport, url, upd3variables, webtarget, proxy_authentication, header, cuserheader);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
}*/
} else { } else {
if (use_proxy == 1) { if (use_proxy == 1) {
// proxy without authentication // proxy without authentication
add_header("Host", webtarget, HEADER_TYPE_DEFAULT);
add_header("User-Agent", "Mozilla/5.0 (Hydra Proxy)", HEADER_TYPE_DEFAULT);
if (getcookie) { if (getcookie) {
//doing a GET to get cookies //doing a GET to get cookies
buffer = prepare_http_request(type, url, NULL); //buffer = prepare_http_request(type, url, NULL);
hydra_report(stdout, "HTTP headers (Proxy Noauth Cookies): %s", buffer); hydra_report(stdout, "HTTP headers (Proxy Noauth Cookies): %s", buffer);
// sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy)\r\n%s%s\r\n", webtarget, webport, cookieurl, webtarget, header,
// cuserheader);
/* if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
} }
i = analyze_server_response(s); // ignore result //buffer = prepare_http_request(type, url, NULL);
if (strlen(cookie) > 0) {
sprintf(header, "Cookie: %s\r\n", cookie);
}
hydra_reconnect(s, ip, port, options);*/
}
buffer = prepare_http_request(type, url, NULL);
hydra_report(stdout, "HTTP headers (Proxy Noauth): %s", buffer); hydra_report(stdout, "HTTP headers (Proxy Noauth): %s", buffer);
/*if (strcmp(type, "POST") == 0) {
sprintf(buffer,
"POST http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s",
webtarget, webport, url, webtarget, (int) strlen(upd3variables), header, cuserheader, upd3variables);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
} else {
sprintf(buffer, "GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s%s\r\n", webtarget, webport, url, upd3variables, webtarget,
header, cuserheader);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
}*/
} else { } else {
// direct web server, no proxy // direct web server, no proxy
add_header("Host", webtarget, HEADER_TYPE_DEFAULT);
add_header("User-Agent", "Mozilla/5.0 (Hydra)", HEADER_TYPE_DEFAULT);
if (getcookie) { if (getcookie) {
//doing a GET to save cookies //doing a GET to save cookies
buffer = prepare_http_request(type, url, NULL); http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request);
hydra_report(stdout, "HTTP headers (Direct Cookies): %s", buffer); if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1; return 1;
}
i = analyze_server_response(s); // ignore result i = analyze_server_response(s); // ignore result
if (strlen(cookie) > 0) { if (strlen(cookie) > 0){
add_header("Cookie", cookie, HEADER_TYPE_DEFAULT); add_header("Cookie", cookie, HEADER_TYPE_DEFAULT);
normal_request = stringify_headers();
} }
hydra_reconnect(s, ip, port, options); hydra_reconnect(s, ip, port, options);
} }
@ -558,34 +508,35 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables));
add_header("Content-Length", content_length, HEADER_TYPE_DEFAULT); add_header("Content-Length", content_length, HEADER_TYPE_DEFAULT);
add_header("Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); add_header("Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
buffer = prepare_http_request(type, url, upd3variables); normal_request = stringify_headers();
hydra_report(stdout, "HTTP headers (Direct): %s", buffer); http_request = prepare_http_request("POST", url, upd3variables, normal_request);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1; return 1;
}
} else { } else {
buffer = prepare_http_request(type, url, NULL); normal_request = stringify_headers();
hydra_report(stdout, "HTTP headers (Direct): %s", buffer); http_request = prepare_http_request("GET", url, upd3variables, normal_request);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1; return 1;
} }
} }
} }
}
/*found = analyze_server_response(s); found = analyze_server_response(s);
if (auth_flag) { // we received a 401 error - user using wrong module if (auth_flag) { // we received a 401 error - user using wrong module
hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP error code 401. Use module \"http%s-get\" instead.\n", hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP error code 401. Use module \"http%s-get\" instead.\n",
(options & OPTION_SSL) > 0 ? "s" : ""); (options & OPTION_SSL) > 0 ? "s" : "");
return 4; return 4;
} }
if (strlen(cookie) > 0) {
sprintf(header, "Cookie: %.1000s\r\n", cookie); if (strlen(cookie) > 0)
} add_header("Cookie", cookie, HEADER_TYPE_DEFAULT);
//if page was redirected, follow the location header //if page was redirected, follow the location header
redirected_cpt = MAX_REDIRECT; redirected_cpt = MAX_REDIRECT;
if (debug) if (debug)
printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff);
while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) {
//we have to split the location //we have to split the location
char *startloc, *endloc; char *startloc, *endloc;
@ -674,19 +625,21 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", webtarget, webport, str3, str2, header); sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", webtarget, webport, str3, str2, header);
} else { } else {
//direct web server, no proxy //direct web server, no proxy
sprintf(buffer, "GET %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", str3, str2, header); //sprintf(buffer, "GET %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", str3, str2, header);
hdrrepv("Host", str2);
normal_request = stringify_headers();
http_request = prepare_http_request("GET", str3, NULL, normal_request);
} }
} }
hydra_reconnect(s, ip, port, options); hydra_reconnect(s, ip, port, options);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1; return 1;
}
found = analyze_server_response(s); found = analyze_server_response(s);
if (strlen(cookie) > 0) { if (strlen(cookie) > 0)
sprintf(header, "Cookie: %s\r\n", cookie); add_header("Cookie", cookie, HEADER_TYPE_DEFAULT);
}
} }
} }
@ -697,24 +650,113 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
} else { } else {
hydra_completed_pair(); hydra_completed_pair();
} }
return 1;*/
//////////////////////////////////////////////////////////////////////////////////////////////////////////
/* char * http_request = prepare_http_request(type, url);
hydra_report(stdout, "HTTP headers:\n%s\r\n", http_request);*/
hydra_child_exit(1);
return 1; return 1;
} }
void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) { void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) {
int run = 1, next_run = 1, sock = -1; int run = 1, next_run = 1, sock = -1;
int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL;
char *ptr, *ptr2;
// register our socket descriptor
hydra_register_socket(sp); hydra_register_socket(sp);
/*
* Iterate through the runs. Values are the following:
* - 1 -> Open connection to remote server.
* - 2 -> Run password attempts.
* - 3 -> Disconnect and end with success.
* - 4 -> Disconnect and end with error.
*/
while (1) {
if (run == 2) {
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(1);
}
}
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int) getpid());
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_http_form(sock, ip, port, options, miscptr, fp, type);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(0);
break;
case 4: /* silent error exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(1);
break;
default:
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
if (freemischttpform)
free(miscptr);
}
void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
service_http_form(ip, sp, options, miscptr, fp, port, "GET");
}
void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
service_http_form(ip, sp, options, miscptr, fp, port, "POST");
}
int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
char *ptr, *ptr2;
char *proxy_string;
if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) { if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) {
webtarget += strlen("://"); webtarget += strlen("://");
if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */
@ -742,9 +784,9 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F
if (port != 0) if (port != 0)
webport = port; webport = port;
else if ((options & OPTION_SSL) == 0) else if ((options & OPTION_SSL) == 0)
webport = myport; webport = PORT_HTTP;
else else
webport = mysslport; webport = PORT_HTTP_SSL;
sprintf(bufferurl, "%.1000s", miscptr); sprintf(bufferurl, "%.1000s", miscptr);
url = bufferurl; url = bufferurl;
@ -785,11 +827,11 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F
if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ ) if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ )
hydra_child_exit(2); hydra_child_exit(2);
//printf("url: %s, var: %s, cond: %s, opt: %s\n", url, variables, cond, optional1); //printf("url: %s, var: %s, cond: %s, opt: %s\n", url, variables, cond, optional1);
if (*cond == 0) { if (*cond == 0) {
fprintf(stderr, "[ERROR] invalid number of parameters in module option\n"); fprintf(stderr, "[ERROR] invalid number of parameters in module option\n");
hydra_child_exit(2); return -1;
} }
sprintf(cookieurl, "%.1000s", url); sprintf(cookieurl, "%.1000s", url);
@ -843,8 +885,7 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F
} }
// Error: abort execution // Error: abort execution
hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); hydra_report(stderr, "[ERROR] Out of memory for HTTP headers.");
hydra_child_exit(1); return -1;
break;
case 'H': case 'H':
// add a new header, or replace an existing one's value // add a new header, or replace an existing one's value
ptr = optional1 + 2; ptr = optional1 + 2;
@ -869,99 +910,59 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F
} }
// Error: abort execution // Error: abort execution
hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); hydra_report(stderr, "[ERROR] Out of memory for HTTP headers.");
hydra_child_exit(1); return -1;
break;
// no default // no default
} }
} }
while (1) { /* again: no snprintf to be portable. dont worry, buffer cant overflow */
if (run == 2) { if (use_proxy == 1 && proxy_authentication != NULL) {
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { // proxy with authentication
if (freemischttpform) add_header("Host", webtarget, HEADER_TYPE_DEFAULT);
free(miscptr); add_header("User-Agent", "Mozilla 5.0 (Hydra Proxy Auth)", HEADER_TYPE_DEFAULT);
freemischttpform = 0; proxy_string = (char *) malloc(strlen(proxy_authentication) + 6);
hydra_child_exit(1); if(proxy_string) {
strcpy(proxy_string, "Basic ");
strncat(proxy_string, proxy_authentication, strlen(proxy_authentication) - 6);
add_header("Proxy-Authorization", proxy_string, HEADER_TYPE_DEFAULT);
}else{
hydra_report(stderr, "Out of memory for \"Proxy-Authorization\" header.");
return -1;
} }
if (getcookie) {
//doing a GET to save cookies
cookie_request = stringify_headers();
hydra_report(stdout, "HTTP headers (Proxy Auth Cookies): %s", cookie_request);
} }
switch (run) { normal_request = stringify_headers();
case 1: /* connect and service init function */ hydra_report(stdout, "HTTP headers (Proxy Auth): %s", normal_request);
{
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else { } else {
if (port != 0) if (use_proxy == 1) {
mysslport = port; // proxy without authentication
sock = hydra_connect_ssl(ip, mysslport); add_header("Host", webtarget, HEADER_TYPE_DEFAULT);
port = mysslport; add_header("User-Agent", "Mozilla/5.0 (Hydra Proxy)", HEADER_TYPE_DEFAULT);
if (getcookie) {
//doing a GET to get cookies
cookie_request = stringify_headers();
hydra_report(stdout, "HTTP headers (Proxy Noauth Cookies): %s", cookie_request);
} }
if (sock < 0) { normal_request = stringify_headers();
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_report(stdout, "HTTP headers (Proxy Noauth): %s", normal_request);
if (freemischttpform) } else {
free(miscptr); // direct web server, no proxy
freemischttpform = 0; add_header("Host", webtarget, HEADER_TYPE_DEFAULT);
hydra_child_exit(1); add_header("User-Agent", "Mozilla/5.0 (Hydra)", HEADER_TYPE_DEFAULT);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_http_form(sock, ip, port, options, miscptr, fp, type);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(0);
break;
case 4: /* silent error exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(1);
break;
default:
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
if (freemischttpform)
free(miscptr);
}
void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { if (getcookie) {
//// //doing a GET to save cookies
service_http_form(ip, sp, options, miscptr, fp, port, "GET"); cookie_request = stringify_headers();
} // hydra_report(stdout, "HTTP headers (Direct Cookies): %s", cookie_request);
}
void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { normal_request = stringify_headers();
//// // hydra_report(stdout, "HTTP Headers (Direct): %s", normal_request);
service_http_form(ip, sp, options, miscptr, fp, port, "POST"); }
} }
int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0; return 0;
} }