Merge pull request #1021 from lhywk/fix/null-check-start_redis

Fix Add NULL check to prevent NULL pointer dereference in start_redis( )

CHANGES

@@ -1,6 +1,19 @@
 Changelog for hydra
 -------------------
 
+Release 9.5
+* many modules did not support -W (all those that used a library for the
+  connection). All (or most?) should be fixed now.
+* http-form:
+  - The help for http-form was wrong. the condition variable must always be
+    the *last* parameter, not the third
+  - Proxy support was not working correctly
+* smb2: fix for updated libsmb2 which resulted in correct guessing attempts
+  not being detected
+* smtp: break early if the server does not allow authentication
+* rdp: detect more return codes that say a user is disabled etc.
+
+
 Release 9.4
 * Switched from pcre/pcre3 to pcre2 as pcre/pcre3 will be dropped from Debian
 * Small fix for weird RTSP servers

Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:buster-slim
+FROM debian:bookworm-slim
 
 ARG HYDRA_VERSION="github"
 
@@ -35,18 +35,23 @@ RUN set -x \
         gcc \
         1>/dev/null \
     # The next line fixes the curl "SSL certificate problem: unable to get local issuer certificate" for linux/arm
-    && c_rehash \
+    && c_rehash
-    # Get hydra sources and compile
+
-    && cd /src \
+# Get hydra sources and compile
-        && ./configure 1>/dev/null \
+RUN cd /src \
-        && make 1>/dev/null \
+        && make clean \
-        && make install \
+        && ./configure \
-    # Make clean
+        && make \
-    && apt-get purge -y make gcc libgpg-error-dev libgcrypt-dev \
+        && make install
+
+# Make clean
+RUN apt-get purge -y make gcc \
     && apt-get autoremove -y \
     && rm -rf /var/lib/apt/lists/* \
-    # Verify hydra installation
+    && rm -rf /src
-    && hydra -h || error_code=$? \
+
+# Verify hydra installation
+RUN hydra -h || error_code=$? \
     && if [ ! "${error_code}" -eq 255 ]; then echo "Wrong exit code for 'hydra help' command"; exit 1; fi \
     # Unprivileged user creation
     && echo 'hydra:x:10001:10001::/tmp:/sbin/nologin' > /etc/passwd \

INSTALL

@@ -24,5 +24,5 @@ https://wiki.termux.com/wiki/Graphical_Environment
 
 
 For the Oracle login module, install the basic and SDK packages:
- http://www.oracle.com/technetwork/database/features/instant-client/index.html
+ https://www.oracle.com/database/technologies/instant-client/downloads.html
 

Makefile.am

@@ -1,10 +1,11 @@
 #
-# Makefile for Hydra - (c) 2001-2022 by van Hauser / THC <vh@thc.org>
+# Makefile for Hydra - (c) 2001-2023 by van Hauser / THC <vh@thc.org>
 #
 WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations  -Wmissing-declarations
 WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align
 CFLAGS ?= -g
-OPTS=-I. -O3 $(CFLAGS) -fcommon
+OPTS=-I. -O3 $(CFLAGS) -fcommon -Wno-deprecated-declarations
+CPPFLAGS += -D_GNU_SOURCE
 # -Wall -g -pedantic
 LIBS=-lm
 DESTDIR ?=

README

@@ -1,7 +1,7 @@
 
 				  H Y D R A
 
-                      (c) 2001-2022 by van Hauser / THC
+                      (c) 2001-2023 by van Hauser / THC
              <vh@thc.org> https://github.com/vanhauser-thc/thc-hydra
        many modules were written by David (dot) Maciejak @ gmail (dot) com
                  BFG code by Jan Dlabal <dlabaljan@gmail.com>
@@ -96,7 +96,7 @@ for a few optional modules (note that some might not be available on your distri
 apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
                  libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
                  firebird-dev libmemcached-dev libgpg-error-dev \
-                 libgcrypt11-dev libgcrypt20-dev
+                 libgcrypt11-dev libgcrypt20-dev freetds-dev
 ```
 
 This enables all optional modules and features with the exception of Oracle,
@@ -267,6 +267,7 @@ Examples:
 -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
 -x 2:5:/ generate passwords from length 2 to 5 containing only slashes
 -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
+-x '3:3:aA1&~#\\ "\'<{([-|_^@)]=}>$%*?./§,;:!`' -v generates length 3 passwords with all 95 characters, and verbose. 
 ```
 
 Example:

configure

@@ -185,6 +185,32 @@ else
    echo "                                ... zlib not found, gzip support disabled"
 fi
 
+echo "Checking for sybdb (sybdb.h) ..."
+for i in $INCDIRS; do
+   if [ -f "$i/sybdb.h" ]; then
+	HAVE_SYBDB="y"
+   fi
+done
+
+if [ -n "$HAVE_SYBDB" ]; then
+   echo "                                ... found"
+else
+   echo "                                ... sybdb not found, MSSQL module will lack TDSv7 support"
+fi
+
+echo "Checking for sybfront (sybfront.h) ..."
+for i in $INCDIRS; do
+   if [ -f "$i/sybfront.h" ]; then
+	HAVE_SYBFRONT="y"
+   fi
+done
+
+if [ -n "$HAVE_SYBFRONT" ]; then
+   echo "                                ... found"
+else
+   echo "                                ... sybfront not found, MSSQL module will lack TDSv7 support"
+fi
+
 echo "Checking for openssl (libssl/libcrypto/ssl.h/sha.h) ..."
 if [ "X" != "X$DEBUG" ]; then
    echo DEBUG: SSL_LIB=$LIBDIRS `ls -d /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib 2> /dev/null`
@@ -966,7 +992,7 @@ if [ -n "$ORACLE_PATH" -a -n "$ORACLE_IPATH" ]; then
 fi
 if [ "X" = "X$ORACLE_PATH" -o "X" = "X$ORACLE_IPATH" ]; then
     echo "                                                            ... NOT found, module Oracle disabled"
-    echo "Get basic and sdk package from http://www.oracle.com/technetwork/database/features/instant-client/index.html"
+    echo "Get basic and sdk package from https://www.oracle.com/database/technologies/instant-client/downloads.html"
     ORACLE_PATH=""
     ORACLE_IPATH=""
 fi
@@ -1356,7 +1382,7 @@ echo "Checking for Android specialities ..."
 TMPC=comptest$$
 STRRCHR=" not"
 echo '#include <stdio.h>' > $TMPC.c
-echo '#include <strings.h>' >> $TMPC.c
+echo '#include <string.h>' >> $TMPC.c
 echo "int main() { char *x = strrchr(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c
 $CC -o $TMPC $TMPC.c > /dev/null 2>&1
 test -x $TMPC && STRRCHR=""
@@ -1496,6 +1522,12 @@ fi
 if [ -n "$RSA" ]; then
     XDEFINES="$XDEFINES -DNO_RSA_LEGACY"
 fi
+if [ -n "$HAVE_SYBDB" ]; then
+    XDEFINES="$XDEFINES -DHAVE_SYBDB"
+fi
+if [ -n "$HAVE_SYBFRONT" ]; then
+    XDEFINES="$XDEFINES -DHAVE_SYBFRONT"
+fi
 if [ -n "$HAVE_ZLIB" ]; then
     XDEFINES="$XDEFINES -DHAVE_ZLIB"
 fi
@@ -1627,6 +1659,9 @@ fi
 if [ -n "$HAVE_ZLIB" ]; then
     XLIBS="$XLIBS -lz"
 fi
+if [ -n "$HAVE_SYBDB" ]; then
+    XLIBS="$XLIBS -lsybdb"
+fi
 if [ -n "$CURSES_PATH" ]; then
     XLIBS="$XLIBS -lcurses"
 fi
@@ -1804,4 +1839,4 @@ if [ "x$NOSTRIP" = "x" ]; then
 else
   cat Makefile.am | sed 's/^install:.*/install:	all/'  >> Makefile
 fi
-echo "now type \"make\""
+echo "now type \"make\""

hydra-firebird.c

@@ -22,6 +22,7 @@ void dummy_firebird() { printf("\n"); }
 
 #define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb"
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 
 int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
@@ -124,6 +125,8 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr
        */
 
       next_run = start_firebird(sock, ip, port, options, miscptr, fp);
+      if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 3:
 

hydra-ftp.c

@@ -26,8 +26,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char
     if (verbose)
       printf("[INFO] user %s does not exist, skipping\n", login);
     hydra_completed_pair_skip();
-    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
+      free(buf);
       return 4;
+    }
     free(buf);
     return 1;
   }
@@ -35,8 +37,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char
   if (buf[0] == '2') {
     hydra_report_found_host(port, ip, "ftp", fp);
     hydra_completed_pair_found();
-    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
+      free(buf);
       return 4;
+    }
     free(buf);
     return 1;
   }
@@ -61,8 +65,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char
   if (buf[0] == '2') {
     hydra_report_found_host(port, ip, "ftp", fp);
     hydra_completed_pair_found();
-    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
+      free(buf);
       return 4;
+    }
     free(buf);
     return 1;
   }

hydra-gtk/configure

@@ -2391,7 +2391,7 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   for ac_declaration in \
-   '' \
+   '#include <stdlib.h>' \
    'extern "C" void std::exit (int) throw (); using std::exit;' \
    'extern "C" void std::exit (int); using std::exit;' \
    'extern "C" void exit (int) throw ();' \
@@ -3192,7 +3192,7 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   for ac_declaration in \
-   '' \
+   '#include <stdlib.h>' \
    'extern "C" void std::exit (int) throw (); using std::exit;' \
    'extern "C" void std::exit (int); using std::exit;' \
    'extern "C" void exit (int) throw ();' \
@@ -3797,8 +3797,8 @@ main ()
   for (i = 0; i < 256; i++)
     if (XOR (islower (i), ISLOWER (i))
 	|| toupper (i) != TOUPPER (i))
-      exit(2);
+      return 2;
-  exit (0);
+  return 0;
 }
 _ACEOF
 rm -f conftest$ac_exeext

hydra-http-form.c

@@ -20,33 +20,23 @@ Here's a couple of examples: -
 ./hydra -S -s 443 -l "<username>" -P pass.txt 10.221.64.2 https-get-form
 "/irmlab1/vulnapp.php:username=^USER^&pass=^PASS^:incorrect"
 
-The option field (following the service field) takes three ":" separated
+The option field (following the service field) takes ":" separated values:
-values and an optional fourth value, the first is the page on the server
+The first is the page on the server to GET or POST to.
-to GET or POST to, the second is the POST/GET variables (taken from either
+The second is the POST/GET variables (taken from either the browser, or a proxy
-the browser, or a proxy such as PAROS) with the varying usernames and passwords
+such as ZAP) with the varying usernames and passwords in the "^USER^" and
-in the "^USER^" and "^PASS^" placeholders, the third is the string that it
+"^PASS^" placeholders.
-checks for an *invalid* or *valid* login - any exception to this is counted
+The third + are optional parameters like C=, H= etc. (see below)
-as a success.
+The final(!) parameter is the string that it checks for an *invalid* or *valid*
+login
 So please:
  * invalid condition login should be preceded by "F="
  * valid condition login should be preceded by "S=".
-By default, if no header is found the condition is assume to be a fail,
+By default, if no header is found the condition is assume to be a fail (F=),
-so checking for *invalid* login.
+so checking for an *invalid* login string.
-The fourth optional value, can be a 'C' to define a different page to GET
-initial cookies from.
 
-If you specify the verbose flag (-v) it will show you the response from the
+If you specify the debug flag (-d) it will show you the response from the
 HTTP server which is useful for checking the result of a failed login to
-find something to pattern match against.
+find something to pattern match against. This should be done together with -t 1.
-
-Module initially written by Phil Robinson, IRM Plc (releases@irmplc.com),
-rewritten by David Maciejak
-
-Fix and issue with strtok use and implement 1 step location follow if HTTP
-3xx code is returned (david dot maciejak at gmail dot com)
-
-Added fail or success condition, getting cookies, and allow 5 redirections by
-david
 
 */
 
@@ -76,6 +66,8 @@ int32_t success_cond = 0;
 int32_t getcookie = 1;
 int32_t auth_flag = 0;
 int32_t code_302_is_success = 0;
+int32_t code_401_is_failure = 0;
+int32_t multipart_mode = 0;
 
 char cookie[4096] = "", cmiscptr[1024];
 
@@ -324,10 +316,15 @@ void hdrrep(ptr_header_node *ptr_head, char *oldvalue, char *newvalue) {
 
   for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) {
     if ((cur_ptr->type == HEADER_TYPE_USERHEADER || cur_ptr->type == HEADER_TYPE_USERHEADER_REPL) && strstr(cur_ptr->value, oldvalue)) {
-      cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(newvalue) + 1);
+      size_t oldlen = strlen(oldvalue);
-      if (cur_ptr->value)
+      size_t newlen = strlen(newvalue);
-        strcpy(cur_ptr->value, newvalue);
+      if (oldlen != newlen)
-      else {
+        cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(cur_ptr->value) - oldlen + newlen + 1);
+      if (cur_ptr->value) {
+        char *p = strstr(cur_ptr->value, oldvalue);
+        memmove(p + newlen, p + oldlen, strlen(p + oldlen) + 1);
+        memcpy(p, newvalue, newlen);
+      } else {
         hydra_report(stderr, "[ERROR] Out of memory (hddrep).\n");
         hydra_child_exit(0);
       }
@@ -394,7 +391,7 @@ char *stringify_headers(ptr_header_node *ptr_head) {
 }
 
 int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
-  char *ptr, *ptr2;
+  char *ptr, *ptr2, *tmp;
 
   if (miscptr == NULL)
     return 1;
@@ -442,9 +439,26 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
       sprintf(cookieurl, "%.1000s", hydra_strrep(miscptr + 2, "\\:", ":"));
       miscptr = ptr;
       break;
+    case '1':
+      code_401_is_failure = 1;
+      tmp = strchr(miscptr, ':');
+      if (tmp)
+        miscptr = tmp + 1;
+      else
+        miscptr += strlen(miscptr);
+      break;
     case '2':
       code_302_is_success = 1;
-      char *tmp = strchr(miscptr, ':');
+      tmp = strchr(miscptr, ':');
+      if (tmp)
+        miscptr = tmp + 1;
+      else
+        miscptr += strlen(miscptr);
+      break;
+      case 'm': // fall through
+      case 'M':
+      multipart_mode = 1;
+      tmp = strchr(miscptr, ':');
       if (tmp)
         miscptr = tmp + 1;
       else
@@ -528,6 +542,97 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
   return 1;
 }
 
+char *build_multipart_body(char *multipart_boundary) {
+  if (!variables)
+      return NULL;
+
+  char *body = NULL;
+  size_t body_size = 0;
+
+  // Duplicate "variables" for tokenizing
+  char *vars_dup = strdup(variables);
+  if (!vars_dup)
+      return NULL;
+
+  // Tokenize the string using '&' as a delimiter
+  char *pair = strtok(vars_dup, "&");
+  while (pair != NULL) {
+      // Find the '=' separator in each pair
+      char *equal_sign = strchr(pair, '=');
+      if (!equal_sign) {
+          pair = strtok(NULL, "&");
+          continue;
+      }
+      *equal_sign = '\0';
+      char *key = pair;
+      char *value = equal_sign + 1;
+
+      // Build the multipart section for the field
+      int section_len = snprintf(NULL, 0,
+          "--%s\r\n"
+          "Content-Disposition: form-data; name=\"%s\"\r\n"
+          "\r\n"
+          "%s\r\n",
+          multipart_boundary, key, value);
+          
+      char *section = malloc(section_len + 1);
+      if (!section) {
+          free(body);
+          free(vars_dup);
+          return NULL;
+      }
+      snprintf(section, section_len + 1,
+          "--%s\r\n"
+          "Content-Disposition: form-data; name=\"%s\"\r\n"
+          "\r\n"
+          "%s\r\n",
+          multipart_boundary, key, value);
+
+      // Reallocate the body buffer to add this section
+      size_t new_body_size = body_size + section_len;
+      char *new_body = realloc(body, new_body_size + 1); // +1 for null terminator
+      if (!new_body) {
+          free(section);
+          free(body);
+          free(vars_dup);
+          return NULL;
+      }
+      body = new_body;
+      if (body_size == 0)
+          strcpy(body, section);
+      else
+          strcat(body, section);
+      body_size = new_body_size;
+      free(section);
+
+      pair = strtok(NULL, "&");
+  }
+  free(vars_dup);
+
+  // Append the closing boundary: --<boundary>--\r\n
+  int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary);
+  char *closing = malloc(closing_len + 1);
+  if (!closing) {
+      free(body);
+      return NULL;
+  }
+  snprintf(closing, closing_len + 1, "--%s--\r\n", multipart_boundary);
+  
+  size_t final_size = body_size + closing_len;
+  char *final_body = realloc(body, final_size + 1);
+  if (!final_body) {
+      free(closing);
+      free(body);
+      return NULL;
+  }
+  body = final_body;
+  strcat(body, closing);
+  free(closing);
+
+  return body;
+}
+
+
 char *prepare_http_request(char *type, char *path, char *params, char *headers) {
   uint32_t reqlen = 0;
   char *http_request = NULL;
@@ -668,7 +773,7 @@ int32_t analyze_server_response(int32_t s) {
           if ((ptr = hydra_strcasestr(cookie, tmpname)) != NULL) {
             // yes it is.
             // if the cookie is not in the beginning of the cookiejar, copy the
-            // ones before
+           // ones before
             if (ptr != cookie && *(ptr - 1) == ' ') {
               strncpy(tmpcookie, cookie, ptr - cookie - 2);
               tmpcookie[ptr - cookie - 2] = 0;
@@ -736,7 +841,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
   char *http_request = NULL;
   int32_t found = !success_cond, i, j;
   char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH];
-
+  char content_type[256];
   memset(header, 0, sizeof(header));
   cookie[0] = 0; // reset cookies from potential previous attempt
 
@@ -756,10 +861,23 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
   clogin[sizeof(clogin) - 1] = 0;
   strncpy(cpass, html_encode(pass), sizeof(cpass) - 1);
   cpass[sizeof(cpass) - 1] = 0;
-  upd3variables = hydra_strrep(variables, "^USER^", clogin);
+
-  upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass);
+  if (multipart_mode) {
-  upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login);
+    snprintf(content_type, sizeof(content_type), "multipart/form-data; boundary=----THC-HydraBoundaryz2Z2z");
-  upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass);
+    char *multipart_body = build_multipart_body("----THC-HydraBoundaryz2Z2z");
+    upd3variables = multipart_body;
+
+}else{
+    snprintf(content_type, sizeof(content_type), "application/x-www-form-urlencoded");
+    upd3variables = variables;
+}
+
+    upd3variables = hydra_strrep(upd3variables, "^USER^", clogin);
+    upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass);
+    upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login);
+    upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass);
+
+  
 
   // Replace the user/pass placeholders in the user-supplied headers
   hdrrep(&ptr_head, "^USER^", clogin);
@@ -771,7 +889,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
   if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) {
     if (getcookie) {
       memset(proxy_string, 0, sizeof(proxy_string));
-      snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl);
+      snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl);
       if (http_request != NULL)
         free(http_request);
       http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request);
@@ -785,14 +903,14 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
     // now prepare for the "real" request
     if (strcmp(type, "POST") == 0) {
       memset(proxy_string, 0, sizeof(proxy_string));
-      snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url);
+      snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url);
       snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables));
       if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
         hdrrepv(&ptr_head, "Content-Length", content_length);
       else
         add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
       if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
-        add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
+          add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT);
       if (cookie_header != NULL)
         free(cookie_header);
       cookie_header = stringify_cookies(ptr_cookie);
@@ -806,8 +924,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
       if (http_request != NULL)
         free(http_request);
       http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request);
-      if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
+      if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
+        free(cookie_header);
         return 1;
+      }
     } else {
       if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
         hdrrepv(&ptr_head, "Content-Length", "0");
@@ -824,8 +944,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
       if (http_request != NULL)
         free(http_request);
       http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request);
-      if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
+      if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
+        free(cookie_header);
         return 1;
+      }
     }
   } else {
     if (use_proxy == 1) {
@@ -833,7 +955,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
       if (getcookie) {
         // doing a GET to get cookies
         memset(proxy_string, 0, sizeof(proxy_string));
-        snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl);
+        snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl);
         if (http_request != NULL)
           free(http_request);
         http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request);
@@ -847,14 +969,14 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
       // now prepare for the "real" request
       if (strcmp(type, "POST") == 0) {
         memset(proxy_string, 0, sizeof(proxy_string));
-        snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url);
+        snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url);
         snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables));
         if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
           hdrrepv(&ptr_head, "Content-Length", content_length);
         else
           add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
         if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
-          add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
+          add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT);
         if (cookie_header != NULL)
           free(cookie_header);
         cookie_header = stringify_cookies(ptr_cookie);
@@ -868,8 +990,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
         if (http_request != NULL)
           free(http_request);
         http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request);
-        if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
+        if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
+          free(cookie_header);
           return 1;
+        }
       } else {
         if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
           hdrrepv(&ptr_head, "Content-Length", "0");
@@ -886,8 +1010,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
         if (http_request != NULL)
           free(http_request);
         http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request);
-        if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
+        if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
+          free(cookie_header);
           return 1;
+        }
       }
     } else {
       // direct web server, no proxy
@@ -917,7 +1043,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
         else
           add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
         if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
-          add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
+          add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT);
         if (cookie_header != NULL)
           free(cookie_header);
         cookie_header = stringify_cookies(ptr_cookie);
@@ -931,8 +1057,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
         if (http_request != NULL)
           free(http_request);
         http_request = prepare_http_request("POST", url, upd3variables, normal_request);
-        if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
+        if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
+          free(cookie_header);
           return 1;
+        }
       } else {
         if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
           hdrrepv(&ptr_head, "Content-Length", "0");
@@ -949,8 +1077,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
         if (http_request != NULL)
           free(http_request);
         http_request = prepare_http_request("GET", url, upd3variables, normal_request);
-        if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
+        if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
+          free(cookie_header);
           return 1;
+        }
       }
     }
   }
@@ -964,12 +1094,17 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
     found = success_cond;
   }
 
-  if (auth_flag) { // we received a 401 error - user is using wrong module
+  if (auth_flag) { // we received a 401 error - user may be using wrong module
-    hydra_report(stderr,
+    if (code_401_is_failure) { // apparently they don't think so  -- treat 401 as failure
-                 "[ERROR] the target is using HTTP auth, not a web form, received HTTP "
+      hydra_completed_pair();
-                 "error code 401. Use module \"http%s-get\" instead.\n",
+      return 1;
-                 (options & OPTION_SSL) > 0 ? "s" : "");
+    } else {
-    return 2;
+      hydra_report(stderr,
+                   "[ERROR] received HTTP error code 401. The target may be using HTTP auth, "
+                   "not a web form.  Use module \"http%s-get\" instead, or set \"1=\".\n",
+                   (options & OPTION_SSL) > 0 ? "s" : "");
+      return 2;
+    }
   }
 
   if (strlen(cookie) > 0)
@@ -1082,7 +1217,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
         // proxy with authentication
         hdrrepv(&ptr_head, "Host", str2);
         memset(proxy_string, 0, sizeof(proxy_string));
-        snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3);
+        snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3);
         if (normal_request != NULL)
           free(normal_request);
         normal_request = stringify_headers(&ptr_head);
@@ -1094,7 +1229,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
           // proxy without authentication
           hdrrepv(&ptr_head, "Host", str2);
           memset(proxy_string, 0, sizeof(proxy_string));
-          snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3);
+          snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3);
           if (normal_request != NULL)
             free(normal_request);
           normal_request = stringify_headers(&ptr_head);
@@ -1115,8 +1250,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
 
       hydra_reconnect(s, ip, port, options, hostname);
 
-      if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
+      if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
+        free(cookie_header);
         return 1;
+      }
 
       found = analyze_server_response(s);
       if (strlen(cookie) > 0)
@@ -1434,28 +1571,29 @@ void usage_http_form(const char *service) {
          "redirections in\n"
          "a row. It always gathers a new cookie from the same URL without "
          "variables\n"
-         "The parameters take three \":\" separated values, plus optional "
+         "The parameters requires at a minimum three \":\" separated values,\n"
-         "values.\n"
+         "plus optional values.\n"
          "(Note: if you need a colon in the option string as value, escape it "
          "with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n"
-         "\nSyntax:   <url>:<form parameters>:<condition "
+         "\nSyntax: <url>:<form parameters>[:<optional>[:<optional>]:<condition string>\n"
-         "string>[:<optional>[:<optional>]\n"
+         "\nFirst is the page on the server to GET or POST to (URL), e.g. \"/login\".\n"
-         "First is the page on the server to GET or POST to (URL).\n"
+         "Second is the POST/GET variables (taken from either the browser, proxy, etc.)\n"
-         "Second is the POST/GET variables (taken from either the browser, proxy, "
+         " without the initial '?' character and the usernames and passwords being\n"
-         "etc.\n"
+         " replaced with \"^USER^\" (\"^USER64^\" for base64 encodings) and \"^PASS^\"\n"
-         " with url-encoded (resp. base64-encoded) usernames and passwords being "
+         " (\"^PASS64^\" for base64 encodings).\n"
-         "replaced in the\n"
+         "Third are optional parameters (see below)\n"
-         " \"^USER^\" (resp. \"^USER64^\") and \"^PASS^\" (resp. \"^PASS64^\") "
+         "Last is the string that it checks for an *invalid* login (by default).\n"
-         "placeholders (FORM PARAMETERS)\n"
+         " Invalid condition login check can be preceded by \"F=\", successful condition\n"
-         "Third is the string that it checks for an *invalid* login (by default)\n"
-         " Invalid condition login check can be preceded by \"F=\", successful "
-         "condition\n"
          " login check must be preceded by \"S=\".\n"
-         " This is where most people get it wrong. You have to check the webapp "
+         " This is where most people get it wrong! You have to check the webapp what a\n"
-         "what a\n"
+         " failed string looks like and put it in this parameter! Add the -d switch to see\n"
-         " failed string looks like and put it in this parameter! Add the -d switch to see\nthe sent/received data!\n"
+         " the sent/received data!\n"
-         "\nThe following parameters are optional:\n"
+         " Note that using invalid login condition checks can result in false positives!\n"
+         "\nThe following parameters are optional and are put between the form parameters\n"
+         "and the condition string; seperate them too with colons:\n"
+         " 1=                  401 error response is interpreted as user/pass wrong\n"
          " 2=                  302 page forward return codes identify a successful attempt\n"
+         " M=                  attack forms that use multipart format\n"
          " (c|C)=/page/uri     to define a different page to gather initial "
          "cookies from\n"
          " (g|G)=              skip pre-requests - only use this when no pre-cookies are required\n"
@@ -1469,24 +1607,29 @@ void usage_http_form(const char *service) {
          "exists, by the\n"
          "                 one supplied by the user, or add the header at the "
          "end\n"
-         "\nNote that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n"
+         "\nNote that if you are going to put colons (:) in your headers you should escape\n"
-         " All colons that are not option separators should be escaped (see the "
+         "them with a backslash (\\). All colons that are not option separators should be\n"
-         "examples above and below).\n"
+         "escaped (see the examples above and below).\n"
-         " You can specify a header without escaping the colons, but that way you "
+         "You can specify a header without escaping the colons, but that way you will not\n"
-         "will not be able to put colons\n"
+         "be able to put colons in the header value itself, as they will be interpreted by\n"
-         " in the header value itself, as they will be interpreted by hydra as "
+         "hydra as option separators.\n"
-         "option separators.\n"
          "\nExamples:\n"
          " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n"
          " \"/"
-         "login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=authlog=.*"
+         "login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=result="
          "success\"\n"
          " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n"
-         " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic "
+         " \"/:user=^USER&pass=^PASS^:H=Authorization\\: Basic "
          "dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n"
-         " \"/exchweb/bin/auth/"
+         " \"/exchweb/bin/auth/:F=failed"
          "owaauth.dll:destination=http%%3A%%2F%%2F<target>%%2Fexchange&flags=0&"
          "username=<domain>%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:"
-         "reason=:C=/exchweb\"\n",
+         "C=/exchweb\":reason=\n"
+         "To attack multiple targets, you can use the -M option with a file "
+         "containing the targets and their parameters.\n"
+         "Example file content:\n"
+         "  localhost:8443/login:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=401\n"
+         "  localhost:9443/login2:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=302\n"
+         "  ...\n\n",
          service);
 }

hydra-http.c

@@ -451,7 +451,7 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis
       start--;
     memset(start, '\0', condition_len);
     if (debug)
-      hydra_report(stderr, "Modificated options:%s\n", miscptr);
+      hydra_report(stderr, "Modified options:%s\n", miscptr);
   } else {
     if (debug)
       hydra_report(stderr, "Condition not found\n");
@@ -474,6 +474,12 @@ void usage_http(const char *service) {
          "       combination is invalid. Note: this must be the last option "
          "supplied.\n"
          "For example:  \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: "
-         "sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n",
+         "sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n"
+         "To attack multiple targets, you can use the -M option with a file "
+         "containing the targets and their parameters.\n"
+         "Example file content:\n"
+         "  localhost:5000/protected:A=BASIC\n"
+         "  localhost:5002/protected_path:A=NTLM\n"
+         "  ...\n\n",
          service);
 }

hydra-memcached.c

@@ -13,6 +13,7 @@ void dummy_mcached() { printf("\n"); }
 
 extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 
 int mcached_send_com_quit(int32_t sock) {
@@ -117,6 +118,8 @@ void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr,
     switch (run) {
     case 1:
       next_run = start_mcached(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 2:
       hydra_child_exit(0);

hydra-mod.c

@@ -662,10 +662,10 @@ char *hydra_get_next_pair() {
     pair[sizeof(pair) - 1] = 0;
     __fck = read(intern_socket, pair, sizeof(pair) - 1);
     // if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR");
-    if (memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0)
+    if (pair[0] == 0 || __fck <= 0)
-      return HYDRA_EXIT;
-    if (pair[0] == 0)
       return HYDRA_EMPTY;
+    if (__fck >= sizeof(HYDRA_EXIT) && memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0)
+      return HYDRA_EXIT;
   }
   return pair;
 }

hydra-mongodb.c

@@ -14,6 +14,7 @@ void dummy_mongodb() { printf("\n"); }
 
 extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 char *buf;
 
@@ -72,10 +73,17 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options,
   mongoc_log_set_handler(NULL, NULL);
   bson_init(&q);
 
-  snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s:%d/?authSource=%s", login, pass, hydra_address2string(ip), port, miscptr);
+  if (login[0] == '\0' && pass[0] == '\0') {
+    snprintf(uri, sizeof(uri), "mongodb://%s:%d/?authSource=%s", hydra_address2string(ip), port, miscptr);
+  } else {
+    snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s:%d/?authSource=%s", login, pass, hydra_address2string(ip), port, miscptr);
+  }
+
   client = mongoc_client_new(uri);
-  if (!client)
+  if (!client) {
+    hydra_completed_pair_skip();
     return 3;
+  }
 
   mongoc_client_set_appname(client, "hydra");
   collection = mongoc_client_get_collection(client, miscptr, "test");
@@ -90,11 +98,11 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options,
       mongoc_collection_destroy(collection);
       mongoc_client_destroy(client);
       mongoc_cleanup();
-      hydra_completed_pair_skip();
+      hydra_completed_pair();
       if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
         return 3;
       }
-      return 2;
+      return 1;
     }
   }
 
@@ -129,6 +137,8 @@ void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr,
     switch (run) {
     case 1:
       next_run = start_mongodb(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 2:
       hydra_child_exit(0);

hydra-mssql.c

@@ -1,10 +1,14 @@
 #include "hydra-mod.h"
-
-#define MSLEN 30
-
 extern char *HYDRA_EXIT;
 char *buf;
 
+#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB)
+#include <sybdb.h>
+#include <sybfront.h>
+#endif
+
+#define MSLEN 30
+
 unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00"
                         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
@@ -56,6 +60,7 @@ unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00"
 int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
   char *empty = "";
   char *login, *pass, buffer[1024];
+  char *ipaddr_str = hydra_address2string(ip);
   char ms_login[MSLEN + 1];
   char ms_pass[MSLEN + 1];
   unsigned char len_login, len_pass;
@@ -65,6 +70,42 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch
     login = empty;
   if (strlen(pass = hydra_get_next_password()) == 0)
     pass = empty;
+#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB)
+  if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){
+
+    DBPROCESS *dbproc;
+    LOGINREC *attempt;
+  
+    attempt = dblogin();
+  
+    DBSETLUSER(attempt, login);
+    DBSETLPWD(attempt, pass);
+  
+    // Connect without specifying a database
+    dbproc = dbopen(attempt, ipaddr_str);  
+  
+    if (dbproc != NULL) {
+      dbclose(dbproc);
+      dbexit();
+      hydra_report_found_host(port, ip, "mssql", fp);
+      hydra_completed_pair_found();
+      if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+        return 2;
+      return 1;
+    }
+  
+    hydra_completed_pair();
+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+      return 2;
+  
+    return 1;
+
+  }
+#else
+  if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){
+    fprintf(stderr,"[WARNING] To crack credentials longer than 30 characters, install freetds and recompile\n");
+  }
+#endif
   if (strlen(login) > MSLEN)
     login[MSLEN - 1] = 0;
   if (strlen(pass) > MSLEN)
@@ -119,6 +160,10 @@ void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, F
   int32_t run = 1, next_run = 1, sock = -1;
   int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL;
 
+  #if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB)
+  dbinit();
+  #endif
+
   hydra_register_socket(sp);
   if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
     return;

hydra-mysql.c

@@ -35,6 +35,7 @@ char *hydra_scramble(char *to, const char *message, const char *password);
 extern int32_t internal__hydra_recv(int32_t socket, char *buf, int32_t length);
 extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 char mysqlsalt[9];
 
@@ -332,6 +333,8 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F
       break;
     case 2: /* run the cracking function */
       next_run = start_mysql(sock, ip, port, options, miscptr, fp);
+      if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 3: /* clean exit */
       if (sock >= 0) {

hydra-oracle-listener.c

@@ -19,6 +19,7 @@ void dummy_oracle_listener() { printf("\n"); }
 #include <openssl/des.h>
 #define HASHSIZE 17
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 char *buf;
 unsigned char *hash;
@@ -304,6 +305,8 @@ void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *
       }
       /* run the cracking function */
       next_run = start_oracle_listener(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 3: /* clean exit */
       if (sock >= 0)

hydra-oracle-sid.c

@@ -16,6 +16,7 @@ void dummy_oracle_sid() { printf("\n"); }
 #include <openssl/des.h>
 #define HASHSIZE 16
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 char *buf;
 unsigned char *hash;
@@ -113,6 +114,8 @@ void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscp
       }
       /* run the cracking function */
       next_run = start_oracle_sid(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 3: /* clean exit */
       if (sock >= 0)

hydra-oracle.c

@@ -21,6 +21,7 @@ void dummy_oracle() { printf("\n"); }
 #include <stdbool.h>
 #include <sys/types.h>
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 
 OCIEnv *o_environment;
@@ -165,6 +166,8 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr,
       break;
     case 2:
       next_run = start_oracle(sock, ip, port, options, miscptr, fp);
+      if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 3: /* clean exit */
       if (sock >= 0)

hydra-pop3.c

@@ -109,7 +109,7 @@ char *pop3_read_server_capacity(int32_t sock) {
           buf[strlen(buf) - 1] = 0;
         if (buf[strlen(buf) - 1] == '\r')
           buf[strlen(buf) - 1] = 0;
-        if (*(ptr) == '.' || *(ptr) == '-')
+        if (buf[strlen(buf) - 1] == '.' || *(ptr) == '.' || *(ptr) == '-')
           resp = 1;
       }
     }

hydra-postgres.c

@@ -16,6 +16,7 @@ void dummy_postgres() { printf("\n"); }
 
 #define DEFAULT_DB "template1"
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 
 int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
@@ -40,7 +41,7 @@ int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options,
    *      Building the connection string
    */
 
-  snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass);
+  snprintf(connection_string, sizeof(connection_string), "host = '%s' port = '%d' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), port, database, login, pass);
 
   if (verbose)
     hydra_report(stderr, "connection string: %s\n", connection_string);
@@ -99,6 +100,8 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr
        *      Here we start the password cracking process
        */
       next_run = start_postgres(sock, ip, port, options, miscptr, fp);
+      if ((next_run == 2 || next_run == 1) && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 3:
       if (sock >= 0)

hydra-rdp.c

@@ -9,27 +9,37 @@
 
 #include "hydra-mod.h"
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 #ifndef LIBFREERDP
 void dummy_rdp() { printf("\n"); }
 #else
 
 #include <freerdp/freerdp.h>
+#include <freerdp/version.h>
 freerdp *instance = 0;
 BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) {
   int32_t err = 0;
 
-  instance->settings->Username = login;
+  rdpSettings* settings = instance->context->settings;
-  instance->settings->Password = password;
+
-  instance->settings->IgnoreCertificate = TRUE;
+  settings->Username = login;
+  settings->Password = password;
+  settings->IgnoreCertificate = TRUE;
   if (password[0] == 0)
-    instance->settings->AuthenticationOnly = FALSE;
+    settings->AuthenticationOnly = FALSE;
   else
-    instance->settings->AuthenticationOnly = TRUE;
+    settings->AuthenticationOnly = TRUE;
-  instance->settings->ServerHostname = server;
+  settings->ServerHostname = server;
-  instance->settings->ServerPort = port;
+  settings->ServerPort = port;
-  instance->settings->Domain = domain;
+  settings->Domain = domain;
-  instance->settings->MaxTimeInCheckLoop = 100;
+
+#if FREERDP_VERSION_MAJOR == 2
+  settings->MaxTimeInCheckLoop = 100;
+#endif
+  // freerdp timeout format is microseconds -> default:15000
+  settings->TcpConnectTimeout = hydra_options.waittime * 1000;
+  settings->TlsSecLevel = 0;
   freerdp_connect(instance);
   err = freerdp_get_last_error(instance->context);
   return err;
@@ -72,6 +82,10 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr,
     // login failure
     hydra_completed_pair();
     break;
+  case 0x0002000f:
+    // login failure
+    hydra_completed_pair_skip();
+    break;
   case 0x0002000d:
     hydra_report(stderr,
                  "[%d][rdp] account on %s might be valid but account not "
@@ -100,6 +114,7 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr,
 void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
   int32_t run = 1, next_run = 1;
   int32_t myport = PORT_RDP;
+  int32_t __first_rdp_connect = 1;
 
   if (port != 0)
     myport = port;
@@ -111,7 +126,13 @@ void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
     next_run = 0;
     switch (run) {
     case 1: /* run the cracking function */
+      if (__first_rdp_connect != 0)
+        __first_rdp_connect = 0;
+      else
+        sleep(hydra_options.conwait);
       next_run = start_rdp(ip, myport, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 2: /* clean exit */
       freerdp_disconnect(instance);

hydra-redis.c

@@ -24,6 +24,11 @@ int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, ch
     return 1;
   }
   buf = hydra_receive_line(s);
+  if (buf == NULL) {
+    hydra_report(stderr, "[ERROR] Failed to receive response from Redis server.\n");
+    return 3;
+  }
+
   if (buf[0] == '+') {
     hydra_report_found_host(port, ip, "redis", fp);
     hydra_completed_pair_found();

hydra-rtsp.c

@@ -6,10 +6,13 @@
 //
 //
 
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+
 #include "hydra-mod.h"
 #include "sasl.h"
 #include <stdio.h>
-#define _GNU_SOURCE
 #include <string.h>
 
 extern char *HYDRA_EXIT;

hydra-sapr3.c

@@ -14,6 +14,7 @@ const int32_t *__ctype_b;
 
 extern void flood(); /* for -lm */
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 RFC_ERROR_INFO_EX error_info;
 
@@ -99,6 +100,8 @@ void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, F
     switch (run) {
     case 1: /* connect and service init function */
       next_run = start_sapr3(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 2:
       hydra_child_exit(0);

hydra-smb.c

@@ -1280,8 +1280,8 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char
   } else if (SMBerr == 0x000193) { /* Valid password, account expired  */
     hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, account expired\n", port, ipaddr_str, login);
     hydra_report_found_host(port, ip, "smb", fp);
-    hydra_completed_pair_found();
+    hydra_completed_pair_skip();
-  } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired  */
+  } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, password expired  */
     hydra_report(stdout,
                  "[%d][smb] Host: %s Account: %s Valid password, password "
                  "expired and must be changed on next logon\n",
@@ -1304,14 +1304,13 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char
       hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n");
     hydra_completed_pair_skip();
   } else if (SMBerr == 0x000024) { /* change password on next login [success] */
-    hydra_report(stdout, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login);
+    hydra_report(stdout, "[%d][smb] Host: %s Account: %s Information: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login);
     hydra_completed_pair_found();
   } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */
     hydra_completed_pair();
   } else if (SMBerr == 0x000071) { /* password expired */
-    if (verbose)
+    hydra_report(stdout, "[%d][smb] Host: %s Account: %s Information: PASSWORD EXPIRED\n", port, ipaddr_str, login);
-      fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login);
+    hydra_completed_pair_found();
-    hydra_completed_pair_skip();
   } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled */ /* BF0002 on w2k */
     if (verbose)
       fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_DISABLED\n", port, ipaddr_str, login);

hydra-smb2.c

@@ -27,6 +27,7 @@
 #include <stdio.h>
 #include <string.h>
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 
 typedef struct creds {
@@ -126,6 +127,11 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) {
 
   */
   switch (errno) {
+  case 0:
+    // maybe false positive? unclear ... :( ... needs more testing
+    smbc_free_context(ctx, 1);
+    return true;
+    break;
   case ENOENT:
     // Noticed this when connecting to older samba servers on linux
     // where any credentials are accepted.
@@ -168,10 +174,15 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) {
 }
 
 void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
+  static int first_run = 0;
   hydra_register_socket(sp);
+
   while (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT))) {
     char *login, *pass;
 
+    if (first_run && hydra_options.conwait)
+      sleep(hydra_options.conwait);
+
     login = hydra_get_next_login();
     pass = hydra_get_next_password();
 
@@ -186,6 +197,8 @@ void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
     } else {
       hydra_completed_pair();
     }
+
+    first_run = 1;
   }
   EXIT_NORMAL;
 }

hydra-smtp.c

@@ -61,6 +61,10 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
       return 1;
     if (strstr(buf, "334") == NULL) {
       hydra_report(stderr, "[ERROR] SMTP PLAIN AUTH : %s\n", buf);
+      if (strstr(buf, "503") != NULL) {
+        free(buf);
+        return 4;
+      }
       free(buf);
       return 3;
     }
@@ -438,6 +442,12 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
       }
       hydra_child_exit(0);
       return;
+    case 4: /* error exit */
+      if (sock >= 0) {
+        sock = hydra_disconnect(sock);
+      }
+      hydra_child_exit(3);
+      return;
     default:
       hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
       hydra_child_exit(0);

hydra-ssh.c

@@ -47,6 +47,9 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char
     ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &hydra_options.waittime);
     ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
     ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
+    // might be better to add the legacy (first two for KEX and HOST) to the default instead of specifying the full list
+    ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256");
+    ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256");
     if (ssh_connect(session) != 0) {
       // if the connection was drop, exit and let hydra main handle it
       if (verbose)
@@ -119,6 +122,8 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
     switch (run) {
     case 1: /* connect and service init function */
       next_run = start_ssh(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 2:
       ssh_disconnect(session);
@@ -190,6 +195,9 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc
   ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &hydra_options.waittime);
   ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
   ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
+  // might be better to add the legacy (first two for KEX and HOST) to the default instead of specifying the full list
+  ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256");
+  ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256");
   if (ssh_connect(session) != 0) {
     fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d - %s\n", hydra_address2string_beautiful(ip), port, ssh_get_error(session));
     return 2;

hydra-sshkey.c

@@ -16,6 +16,7 @@ void dummy_sshkey() { printf("\n"); }
 #if LIBSSH_VERSION_MAJOR >= 0 && LIBSSH_VERSION_MINOR >= 4
 
 extern ssh_session session;
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 extern int32_t new_session;
 
@@ -117,6 +118,8 @@ void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr,
     switch (run) {
     case 1: /* connect and service init function */
       next_run = start_sshkey(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 2:
       ssh_disconnect(session);

hydra-svn.c

@@ -4,7 +4,9 @@
 #ifdef LIBSVN
 
 /* needed on openSUSE */
+#ifndef _GNU_SOURCE
 #define _GNU_SOURCE
+#endif
 
 #if !defined PATH_MAX && defined HAVE_SYS_PARAM_H
 #include <sys/param.h>
@@ -30,6 +32,7 @@ void dummy_svn() { printf("\n"); }
 
 extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 
 #define DEFAULT_BRANCH "trunk"
@@ -195,6 +198,8 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
       break;
     case 2:
       next_run = start_svn(sock, ip, port, options, miscptr, fp);
+      if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 3:
       if (sock >= 0)

hydra.1

@@ -1,4 +1,4 @@
-.TH "HYDRA" "1" "01/01/2022"
+.TH "HYDRA" "1" "01/01/2023"
 .SH NAME
 hydra \- a very fast network logon cracker which supports many different services
 .SH SYNOPSIS

hydra.c

@@ -1,5 +1,5 @@
 /*
- * hydra (c) 2001-2022 by van Hauser / THC <vh@thc.org>
+ * hydra (c) 2001-2023 by van Hauser / THC <vh@thc.org>
  * https://github.com/vanhauser-thc/thc-hydra
  *
  * Parallized network login hacker.
@@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire
 #define RESTOREFILE "./hydra.restore"
 
 #define PROGRAM "Hydra"
-#define VERSION "v9.4"
+#define VERSION "v9.6dev"
 #define AUTHOR "van Hauser/THC"
 #define EMAIL "<vh@thc.org>"
 #define AUTHOR2 "David Maciejak"
@@ -267,6 +267,7 @@ typedef struct {
 
 typedef struct {
   char *target;
+  char *miscptr;
   char ip[36];
   char *login_ptr;
   char *pass_ptr;
@@ -343,6 +344,11 @@ int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed
 int32_t child_head_no = -1, child_socket;
 int32_t total_redo_count = 0;
 
+// requred for distributed attack capability
+uint32_t num_segments = 0;
+uint32_t my_segment = 0;
+char junk_file[50];
+
 // moved for restore feature
 int32_t process_restore = 0, dont_unlink;
 char *login_ptr = NULL, *pass_ptr = "", *csv_ptr = NULL, *servers_ptr = NULL;
@@ -388,7 +394,7 @@ static const struct {
                 {"http-get-form", service_http_form_init, service_http_get_form, usage_http_form},
                 {"http-head", service_http_init, service_http_head, NULL},
                 {"http-form", service_http_form_init, NULL, usage_http_form},
-                {"http-post", NULL, service_http_post, usage_http},
+                {"http-post", service_http_init, service_http_post, usage_http},
                 {"http-post-form", service_http_form_init, service_http_post_form, usage_http_form},
                 SERVICE3("http-proxy", http_proxy),
                 SERVICE3("http-proxy-urlenum", http_proxy_urlenum),
@@ -519,6 +525,8 @@ void help(int32_t ext) {
                     "instead of -L/-P options\n"
                     "  -M FILE   list of servers to attack, one entry per "
                     "line, ':' to specify port\n");
+  PRINT_NORMAL(ext, "  -D XofY   Divide wordlist into Y segments and use the "
+                    "Xth segment.\n");
   PRINT_EXTEND(ext, "  -o FILE   write found login/password pairs to FILE instead of stdout\n"
                     "  -b FORMAT specify the format for the -o FILE: text(default), json, "
                     "jsonv1\n"
@@ -1174,13 +1182,12 @@ void hydra_service_init(int32_t target_no) {
   int32_t x = 99;
   int32_t i;
   hydra_target *t = hydra_targets[target_no];
-  char *miscptr = hydra_options.miscptr;
   FILE *ofp = hydra_brains.ofp;
 
   for (i = 0; x == 99 && i < sizeof(services) / sizeof(services[0]); i++) {
     if (strcmp(hydra_options.service, services[i].name) == 0) {
       if (services[i].init) {
-        x = services[i].init(t->ip, -1, options, miscptr, ofp, t->port, t->target);
+        x = services[i].init(t->ip, -1, options, t->miscptr, ofp, t->port, t->target);
         break;
       }
     }
@@ -1264,13 +1271,13 @@ int32_t hydra_spawn_head(int32_t head_no, int32_t target_no) {
 
       hydra_target *t = hydra_targets[target_no];
       int32_t sp = hydra_heads[head_no]->sp[1];
-      char *miscptr = hydra_options.miscptr;
+      // char *miscptr = hydra_options.miscptr;
       FILE *ofp = hydra_brains.ofp;
       hydra_target *head_target = hydra_targets[hydra_heads[head_no]->target_no];
       for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) {
         if (strcmp(hydra_options.service, services[i].name) == 0) {
           if (services[i].exec) {
-            services[i].exec(t->ip, sp, options, miscptr, ofp, t->port, head_target->target);
+            services[i].exec(t->ip, sp, options, t->miscptr, ofp, t->port, head_target->target);
             // just in case a module returns (which it shouldnt) we let it exit
             // here
             exit(-1);
@@ -1591,6 +1598,73 @@ char *hydra_reverse_login(int32_t head_no, char *login) {
   return hydra_heads[head_no]->reverse;
 }
 
+void delete_junk_files(){
+  remove(junk_file);
+}
+
+FILE *hydra_divide_file(FILE *file, uint32_t my_segment, uint32_t num_segments){
+
+  if(my_segment > num_segments){
+    fprintf(stderr, "[ERROR] in option -D XofY, X must not be greater than Y: %s\n", hydra_options.passfile);
+    return NULL;
+    }
+
+  FILE *output_file;
+  char line[500];
+  char output_file_name[50];
+
+  uint32_t line_number = 0;
+
+  double total_lines = countlines(file,0);
+
+  if(num_segments > total_lines){
+    fprintf(stderr, "[ERROR] in option -D XofY, Y must not be greater than the total number of lines in the file to be divided: %s\n", hydra_options.passfile);
+    return NULL;
+  }
+
+  double segment_size_double = total_lines / num_segments;
+
+  // round up segment_size_float to integer
+  uint64_t segment_size = (uint64_t)segment_size_double;
+  if(segment_size < segment_size_double)
+    segment_size++;
+
+  uint64_t segment_start = segment_size * (my_segment - 1) + 1;
+  uint64_t segment_end = segment_size * my_segment;
+
+  
+  
+  srand(time(NULL));
+  int filetag = rand();
+
+  sprintf(output_file_name, "segment_%d_%d.txt",filetag, my_segment);
+  output_file = fopen(output_file_name, "w");
+
+  if(!output_file){
+    fprintf(stderr, "[ERROR] Segment file empty: %s\n", hydra_options.passfile);
+    return NULL;
+  }
+
+  strcpy(junk_file, output_file_name);
+
+  atexit(delete_junk_files);
+
+  while(fgets(line, sizeof line, file) != NULL && line_number < segment_end){
+    line_number++;
+
+    if(line_number >= segment_start && line_number <= segment_end)
+      fprintf(output_file, "%s", line);
+    
+    }
+
+  rewind(file);
+  fclose(output_file);
+  output_file = fopen(output_file_name, "r");
+
+  return output_file;
+
+    }
+
 int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) {
   // variables moved to save stack
   snpdone = 0;
@@ -2045,7 +2119,7 @@ void process_proxy_line(int32_t type, char *string) {
     string[strlen(string) - 1] = 0;
   if (string[strlen(string) - 1] == '\r')
     string[strlen(string) - 1] = 0;
-  if (proxy_count > MAX_PROXY_COUNT) {
+  if (proxy_count >= MAX_PROXY_COUNT) {
     fprintf(stderr, "[WARNING] maximum amount of proxies loaded, ignoring this entry: %s\n", string);
     return;
   }
@@ -2171,13 +2245,13 @@ void process_proxy_line(int32_t type, char *string) {
 int main(int argc, char *argv[]) {
   char *proxy_string = NULL, *device = NULL, *memcheck;
   char *outfile_format_tmp;
-  FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL, *proxyfp;
+  FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL, *proxyfp, *filecloser=NULL;
   size_t countinfile = 1, sizeinfile = 0;
   uint64_t math2;
   int32_t i = 0, j = 0, k, error = 0, modusage = 0, ignore_restore = 0, do_switch;
   int32_t head_no = 0, target_no = 0, exit_condition = 0, readres;
   time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time;
-  char *tmpptr, *tmpptr2;
+  char *tmpptr, *tmpptr2, *tmpptr3;
   char rc, buf[MAXBUF];
   time_t last_attempt = 0;
   fd_set fdreadheads;
@@ -2186,7 +2260,7 @@ int main(int argc, char *argv[]) {
   struct sockaddr_in6 *ipv6 = NULL;
   struct sockaddr_in *ipv4 = NULL;
 
-  printf("%s %s (c) 2022 by %s & %s - Please do not use in military or secret "
+  printf("%s %s (c) 2023 by %s & %s - Please do not use in military or secret "
          "service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\n",
          PROGRAM, VERSION, AUTHOR, AUTHOR2);
 #ifndef LIBAFP
@@ -2307,6 +2381,7 @@ int main(int argc, char *argv[]) {
   hydra_options.loginfile = NULL;
   hydra_options.pass = NULL;
   hydra_options.passfile = NULL;
+  hydra_options.distributed = NULL;
   hydra_options.tasks = TASKS;
   hydra_options.max_use = MAXTASKS;
   hydra_options.outfile_format = FORMAT_PLAIN_TEXT;
@@ -2320,8 +2395,18 @@ int main(int argc, char *argv[]) {
     help(1);
   if (argc < 2)
     help(0);
-  while ((i = getopt(argc, argv, "hIq64Rrde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) {
+  while ((i = getopt(argc, argv, "hIq64Rrde:vVl:fFg:D:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) {
     switch (i) {
+    case 'D':
+      hydra_options.distributed = optarg;
+      if (sscanf(hydra_options.distributed, "%dof%d", &my_segment, &num_segments) != 2) {
+            fprintf(stderr, "Invalid format. Expected format -D XofY where X and Y are integers.\n");
+            exit(EXIT_FAILURE);
+        }
+      else{
+        fprintf(stdout, "Option \'D\': successfully set X to %d and Y to %d\n", my_segment, num_segments);
+      }
+      break;
     case 'h':
       help(1);
       break;
@@ -3201,77 +3286,79 @@ int main(int argc, char *argv[]) {
         bail("Compiled without SSL support, module not available");
 #endif
       }
-      if (hydra_options.miscptr == NULL) {
+      if (hydra_options.infile_ptr == NULL) {
-        fprintf(stderr, "[WARNING] You must supply the web page as an "
+        if (hydra_options.miscptr == NULL) {
-                        "additional option or via -m, default path set to /\n");
+          fprintf(stderr, "[WARNING] You must supply the web page as an "
-        hydra_options.miscptr = malloc(2);
+                          "additional option or via -m, default path set to /\n");
-        hydra_options.miscptr = "/";
+          hydra_options.miscptr = malloc(2);
-      }
+          hydra_options.miscptr = "/";
-      // if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr,
-      // "://") == NULL)
-      //  bail("The web page you supplied must start with a \"/\", \"http://\"
-      //  or \"https://\", e.g. \"/protected/login\"");
-      if (hydra_options.miscptr[0] != '/')
-        bail("optional parameter must start with a '/' slash!\n");
-      if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY"))
-        bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - "
-             "you can use only ONE for the service http-head/http-get!");
-      if (getenv("HYDRA_PROXY_HTTP")) {
-        printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP"));
-        use_proxy = 1;
-      }
-      if (strstr(hydra_options.miscptr, "\\:") != NULL) {
-        fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module "
-                        "option, no parameter verification is performed.\n");
-      } else {
-        sprintf(bufferurl, "%.6000s", hydra_options.miscptr);
-        url = strtok(bufferurl, ":");
-        variables = strtok(NULL, ":");
-        cond = strtok(NULL, ":");
-        optional1 = strtok(NULL, "\n");
-        if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL && strstr(variables, "^USER64^") == NULL && strstr(variables, "^PASS64^") == NULL)) {
-          fprintf(stderr,
-                  "[ERROR] the variables argument needs at least the strings "
-                  "^USER^, ^PASS^, ^USER64^ or ^PASS64^: %s\n",
-                  STR_NULL(variables));
-          exit(-1);
         }
-        if ((url == NULL) || (cond == NULL)) {
+        // if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr,
-          fprintf(stderr,
+        // "://") == NULL)
-                  "[ERROR] Wrong syntax, requires three arguments separated by "
+        //  bail("The web page you supplied must start with a \"/\", \"http://\"
-                  "a colon which may not be null: %s\n",
+        //  or \"https://\", e.g. \"/protected/login\"");
-                  bufferurl);
+        if (hydra_options.miscptr[0] != '/')
-          exit(-1);
+          bail("optional parameter must start with a '/' slash!\n");
+        if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY"))
+          bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - "
+              "you can use only ONE for the service http-head/http-get!");
+        if (getenv("HYDRA_PROXY_HTTP")) {
+          printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP"));
+          use_proxy = 1;
         }
-        while ((optional1 = strtok(NULL, ":")) != NULL) {
+        if (strstr(hydra_options.miscptr, "\\:") != NULL) {
-          if (optional1[1] != '=' && optional1[1] != ':' && optional1[1] != 0) {
+          fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module "
-            fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1);
+                          "option, no parameter verification is performed.\n");
+        } else {
+          sprintf(bufferurl, "%.6000s", hydra_options.miscptr);
+          url = strtok(bufferurl, ":");
+          variables = strtok(NULL, ":");
+          cond = strtok(NULL, ":");
+          optional1 = strtok(NULL, "\n");
+          if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL && strstr(variables, "^USER64^") == NULL && strstr(variables, "^PASS64^") == NULL)) {
+            fprintf(stderr,
+                    "[ERROR] the variables argument needs at least the strings "
+                    "^USER^, ^PASS^, ^USER64^ or ^PASS64^: %s\n",
+                    STR_NULL(variables));
             exit(-1);
           }
+          if ((url == NULL) || (cond == NULL)) {
+            fprintf(stderr,
+                    "[ERROR] Wrong syntax, requires three arguments separated by "
+                    "a colon which may not be null: %s\n",
+                    bufferurl);
+            exit(-1);
+          }
+          while ((optional1 = strtok(NULL, ":")) != NULL) {
+            if (optional1[1] != '=' && optional1[1] != ':' && optional1[1] != 0) {
+              fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1);
+              exit(-1);
+            }
 
-          switch (optional1[0]) {
+            switch (optional1[0]) {
-          case 'C': // fall through
+            case 'C': // fall through
-          case 'c':
+            case 'c':
-            if (optional1[1] != '=' || optional1[2] != '/') {
+              if (optional1[1] != '=' || optional1[2] != '/') {
-              fprintf(stderr,
+                fprintf(stderr,
-                      "[ERROR] Wrong syntax of parameter C, must look like "
+                        "[ERROR] Wrong syntax of parameter C, must look like "
-                      "'C=/url/of/page', not http:// etc.: %s\n",
+                        "'C=/url/of/page', not http:// etc.: %s\n",
-                      optional1);
+                        optional1);
-              exit(-1);
+                exit(-1);
+              }
+              break;
+            case 'H': // fall through
+            case 'h':
+              if (optional1[1] != '=' || strtok(NULL, ":") == NULL) {
+                fprintf(stderr,
+                        "[ERROR] Wrong syntax of parameter H, must look like "
+                        "'H=X-My-Header: MyValue', no http:// : %s\n",
+                        optional1);
+                exit(-1);
+              }
+              break;
+            default:
+              fprintf(stderr, "[ERROR] Unknown optional argument: %s\n", optional1);
             }
-            break;
-          case 'H': // fall through
-          case 'h':
-            if (optional1[1] != '=' || strtok(NULL, ":") == NULL) {
-              fprintf(stderr,
-                      "[ERROR] Wrong syntax of parameter H, must look like "
-                      "'H=X-My-Header: MyValue', no http:// : %s\n",
-                      optional1);
-              exit(-1);
-            }
-            break;
-          default:
-            fprintf(stderr, "[ERROR] Unknown optional argument: %s\n", optional1);
           }
         }
       }
@@ -3402,6 +3489,13 @@ int main(int argc, char *argv[]) {
           fprintf(stderr, "[ERROR] File for logins not found: %s\n", hydra_options.loginfile);
           exit(-1);
         }
+        else if (hydra_options.passfile == NULL){
+                if(my_segment && num_segments){
+                  filecloser = lfp;
+                  lfp = hydra_divide_file(lfp, my_segment, num_segments);
+                  fclose(filecloser);
+                }
+              }
         hydra_brains.countlogin = countlines(lfp, 0);
         hydra_brains.sizelogin = size_of_data;
         if (hydra_brains.countlogin == 0) {
@@ -3434,6 +3528,11 @@ int main(int argc, char *argv[]) {
           fprintf(stderr, "[ERROR] File for passwords not found: %s\n", hydra_options.passfile);
           exit(-1);
         }
+        else if(my_segment && num_segments){
+                  filecloser = pfp;
+                  pfp = hydra_divide_file(pfp, my_segment, num_segments);
+                  fclose(filecloser);
+                }
         hydra_brains.countpass = countlines(pfp, 0);
         hydra_brains.sizepass = size_of_data;
         if (hydra_brains.countpass == 0) {
@@ -3488,6 +3587,11 @@ int main(int argc, char *argv[]) {
         fprintf(stderr, "[ERROR] File for colon files (login:pass) not found: %s\n", hydra_options.colonfile);
         exit(-1);
       }
+      else if(my_segment && num_segments){
+        filecloser = cfp;
+        cfp = hydra_divide_file(cfp, my_segment, num_segments);
+        fclose(filecloser);
+      }
       hydra_brains.countlogin = countlines(cfp, 1);
       hydra_brains.sizelogin = size_of_data;
       if (hydra_brains.countlogin == 0) {
@@ -3543,7 +3647,7 @@ int main(int argc, char *argv[]) {
       fclose(rfp);
     }
 
-    if (hydra_options.infile_ptr != NULL) {
+    if (hydra_options.infile_ptr != NULL) {      
       if ((ifp = fopen(hydra_options.infile_ptr, "r")) == NULL) {
         fprintf(stderr, "[ERROR] File for targets not found: %s\n", hydra_options.infile_ptr);
         exit(-1);
@@ -3591,6 +3695,7 @@ int main(int argc, char *argv[]) {
           }
         } else
           hydra_targets[i]->target = tmpptr;
+        
         if ((tmpptr2 = strchr(tmpptr, ':')) != NULL) {
           *tmpptr2++ = 0;
           tmpptr = tmpptr2;
@@ -3600,6 +3705,13 @@ int main(int argc, char *argv[]) {
         }
         if (hydra_targets[i]->port == 0)
           hydra_targets[i]->port = hydra_options.port;
+
+        if ((tmpptr3 = strchr(tmpptr, '/')) != NULL) {
+          hydra_targets[i]->miscptr = tmpptr3;
+        }
+        else
+          hydra_targets[i]->miscptr = "/";
+
         while (*tmpptr != 0)
           tmpptr++;
         tmpptr++;
@@ -3622,6 +3734,7 @@ int main(int argc, char *argv[]) {
         memset(hydra_targets[0], 0, sizeof(hydra_target));
         hydra_targets[0]->target = servers_ptr = hydra_options.server;
         hydra_targets[0]->port = hydra_options.port;
+        hydra_targets[0]->miscptr = hydra_options.miscptr;
         sizeservers = strlen(hydra_options.server) + 1;
       } else {
         /* CIDR notation on command line, e.g. 192.168.0.0/24 */
@@ -3666,6 +3779,7 @@ int main(int argc, char *argv[]) {
           memcpy(&target.sin_addr.s_addr, (char *)&addr_cur2, 4);
           hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr)target.sin_addr));
           hydra_targets[i]->port = hydra_options.port;
+          hydra_targets[i]->miscptr = hydra_options.miscptr;
           addr_cur++;
           i++;
         }
@@ -3681,6 +3795,7 @@ int main(int argc, char *argv[]) {
       memset(hydra_targets[0], 0, sizeof(hydra_target));
       hydra_targets[0]->target = servers_ptr = hydra_options.server;
       hydra_targets[0]->port = hydra_options.port;
+      hydra_targets[0]->miscptr = hydra_options.miscptr;
       sizeservers = strlen(hydra_options.server) + 1;
     }
     for (i = 0; i < hydra_brains.targets; i++) {
@@ -4113,7 +4228,7 @@ int main(int argc, char *argv[]) {
                   } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) {
                     printf("[%d][%s] host: %s   login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr);
                   } else
-                    printf("[%d][%s] host: %s   login: %s   password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr);
+                    printf("[%d][%s] host: %s   misc: %s   login: %s   password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_targets[hydra_heads[head_no]->target_no]->miscptr, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr);
                 }
                 if (hydra_options.outfile_format == FORMAT_JSONV1 && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) {
                   fprintf(hydra_brains.ofp,
@@ -4408,4 +4523,4 @@ int main(int argc, char *argv[]) {
     return -1;
   else
     return 0;
-}
+}

hydra.h

@@ -194,6 +194,7 @@ typedef struct {
   int32_t cidr;
   int32_t time_next_attempt;
   output_format_t outfile_format;
+  char *distributed; // Use distributed computing by splitting user files on the fly
   char *login;
   char *loginfile;
   char *pass;

pw-inspector.1

@@ -42,7 +42,7 @@ upcase characters (A,B,C,D, etc.)
 numbers (1,2,3,4, etc.)
 .TP
 .B \-p 
-printable characters (which are not \-l/\-n/\-p, e.g. $,!,/,(,*, etc.)
+printable characters (which are not \-l/\-n/\-n, e.g. $,!,/,(,*, etc.)
 .TP
 .B \ -s
 special characters \- all others not withint the sets above

pw-inspector.c

@@ -30,7 +30,7 @@ void help() {
   printf("  -l         lowcase characters (a,b,c,d, etc.)\n");
   printf("  -u         upcase characters (A,B,C,D, etc.)\n");
   printf("  -n         numbers (1,2,3,4, etc.)\n");
-  printf("  -p         printable characters (which are not -l/-n/-p, e.g. "
+  printf("  -p         printable characters (which are not -l/-u/-n, e.g. "
          "$,!,/,(,*, etc.)\n");
   printf("  -s         special characters - all others not within the sets "
          "above\n");
@@ -50,7 +50,7 @@ int main(int argc, char *argv[]) {
   int32_t sets = 0, countsets = 0, minlen = 0, maxlen = MAXLENGTH, count = 0;
   int32_t set_low = 0, set_up = 0, set_no = 0, set_print = 0, set_other = 0;
   FILE *in = stdin, *out = stdout;
-  char buf[MAXLENGTH + 1];
+  unsigned char buf[MAXLENGTH + 1];
 
   prg = argv[0];
   if (argc < 2)
@@ -124,9 +124,9 @@ int main(int argc, char *argv[]) {
   if (countsets == 0)
     countsets = sets;
 
-  while (fgets(buf, sizeof(buf), in) != NULL) {
+  while (fgets((void *)buf, sizeof(buf), in) != NULL) {
-    i = -1;
+    int is_low = 0, is_up = 0, is_no = 0, is_print = 0, is_other = 0;
-    if (buf[0] == 0)
+    if (!buf[0])
       continue;
     if (buf[strlen(buf) - 1] == '\n')
       buf[strlen(buf) - 1] = 0;
@@ -134,40 +134,31 @@ int main(int argc, char *argv[]) {
       buf[strlen(buf) - 1] = 0;
     if (strlen(buf) >= minlen && strlen(buf) <= maxlen) {
       i = 0;
-      if (countsets > 0) {
+      j = 1;
-        if (set_low)
+      for (i = 0; i < strlen(buf) && j; i++) {
-          if (strpbrk(buf, "abcdefghijklmnopqrstuvwxyz") != NULL)
+        j = 0;
-            i++;
+        if (set_low && islower(buf[i])) {
-        if (set_up)
+          j = 1;
-          if (strpbrk(buf, "ABCDEFGHIJKLMNOPQRSTUVWXYZ") != NULL)
+          is_low = 1;
-            i++;
+        } else if (set_up && isupper(buf[i])) {
-        if (set_no)
+          j = 1;
-          if (strpbrk(buf, "0123456789") != NULL)
+          is_up = 1;
-            i++;
+        } else if (set_no && isdigit(buf[i])) {
-        if (set_print) {
+          j = 1;
-          j = 0;
+          is_no = 1;
-          for (k = 0; k < strlen(buf); k++)
+        } else if (set_print && isprint(buf[i]) && !isalnum(buf[i])) {
-            if (isprint((int32_t)buf[k]) != 0 && isalnum((int32_t)buf[k]) == 0)
+          j = 1;
-              j = 1;
+          is_print = 1;
-          if (j)
+        } else if (set_other && !isprint(buf[i])) {
-            i++;
+          j = 1;
-        }
+          is_other = 1;
-        if (set_other) {
-          j = 0;
-          for (k = 0; k < strlen(buf); k++)
-            if (isprint((int32_t)buf[k]) == 0 && isalnum((int32_t)buf[k]) == 0)
-              j = 1;
-          if (j)
-            i++;
         }
       }
-      if (i >= countsets) {
+      if (j && countsets <= is_low + is_up + is_no + is_print + is_other) {
         fprintf(out, "%s\n", buf);
         count++;
       }
     }
-    /* fprintf(stderr, "[DEBUG] i: %d  minlen: %d  maxlen: %d  len: %d\n", i,
-     * minlen, maxlen, strlen(buf)); */
   }
   fclose(in);
   fclose(out);