#include "hydra-mod.h" /* RFC 1258 client have to use port from 512 -> 1023 or server is denying the connection no memleaks found on 110425 */ #define TERM "vt100/9600" extern char *HYDRA_EXIT; int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; int32_t ret; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; memset(buffer2, 0, sizeof(buffer2)); bptr++; strcpy(bptr, login); bptr += 1 + strlen(login); strcpy(bptr, login); bptr += 1 + strlen(login); strcpy(bptr, TERM); if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(login) + strlen(TERM), 0) < 0) { return 4; } buffer[0] = 0; if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) >= 0) buffer[ret] = 0; /* 0x00 is sent but hydra_recv transformed it */ if (strlen(buffer) == 0) { ret = hydra_recv(s, buffer, sizeof(buffer) - 1); } if (ret >= 0) buffer[ret] = 0; if (ret > 0 && (strstr(buffer, "rlogind:") != NULL)) return 1; if (ret > 0 && (strstr(buffer, "ssword") != NULL)) { if (strlen((pass = hydra_get_next_password())) == 0) pass = empty; sprintf(buffer2, "%s\r", pass); if (hydra_send(s, buffer2, 1 + strlen(pass), 0) < 0) { return 1; } memset(buffer, 0, sizeof(buffer)); ret = hydra_recv(s, buffer, sizeof(buffer)); if (strcmp(buffer, "\r\n")) if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) buffer[ret] = 0; } /* Authentication failure */ if (ret > 0 && (strstr(buffer, "ssword") == NULL)) { #ifdef HAVE_PCRE if (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)")) { #else /* check for failure and incorrect msg */ if ((strstr(buffer, "ailure") == NULL) && (strstr(buffer, "ncorrect") == NULL) && (strstr(buffer, "denied") == NULL)) { #endif hydra_report_found_host(port, ip, "rlogin", fp); hydra_completed_pair_found(); } else { hydra_completed_pair(); } } else { /* if password is asked a second time, it means the pass we provided is * wrong */ hydra_completed_pair(); } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { next_run = 0; switch (run) { case 1: /* connect and service init function */ { /* 512 -> 1023 */ hydra_set_srcport(1023); if (sock >= 0) sock = hydra_disconnect(sock); // usleepn(275); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; } case 2: /* run the cracking function */ next_run = start_rlogin(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; }