Commit 761aa685 authored by Sophie Brun's avatar Sophie Brun

Import Upstream version 8.6

parent df4a29ee
Makefile
Makefile.in
*.o
hydra
hydra.exe
xhydra
xhydra.exe
hydra-gtk/config.log
hydra-gtk/config.status
hydra-gtk/errors
hydra-gtk/src/.deps/
hydra-gtk/stamp-h
pw-inspector
pw-inspector.exe
hydra.restore
LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS)
LOCAL_CFLAGS:= -O3 -DLIBOPENSSL -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE \
-DLIBMYSQLCLIENT -DLIBNCP -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DNO_RINDEX \
-DHAVE_MATH_H -DHAVE_MYSQL_H -DOPENSSL_NO_DEPRECATED -DNO_RSA_LEGACY \
LOCAL_CFLAGS:= -O3 -DLIBOPENSSL -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE \
-DLIBNCP -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DNO_RINDEX \
-DHAVE_MATH_H -DOPENSSL_NO_DEPRECATED -DNO_RSA_LEGACY \
-fdata-sections -ffunction-sections
LOCAL_LDFLAGS:=-Wl,--gc-sections
......@@ -13,10 +13,8 @@ LOCAL_C_INCLUDES:= \
external/openssl/include\
external/libssh/include\
external/libidn/lib\
external/libmysqlclient/include\
external/subversion/subversion/include\
external/apr/include\
external/firebird/include\
external/libncp/include\
external/libpcre
......@@ -58,6 +56,7 @@ LOCAL_SRC_FILES:= \
hydra-rexec.c\
hydra-rlogin.c\
hydra-rsh.c\
hydra-rtsp.c\
hydra-s7-300.c\
hydra-sapr3.c\
hydra-sip.c\
......@@ -78,9 +77,7 @@ LOCAL_SRC_FILES:= \
sasl.c
LOCAL_STATIC_LIBRARIES := \
libfbclient \
libidn \
libmysqlclient \
libncp \
libpcre \
libpcrecpp \
......@@ -91,11 +88,11 @@ LOCAL_STATIC_LIBRARIES := \
libapr-1 \
libaprutil-1 \
libiconv\
libneon
libneon\
libssl_static\
libcrypto_static
LOCAL_SHARED_LIBRARIES := \
libcrypto\
libssl\
libsqlite\
libexpat
......
Changelog for hydra
-------------------
Release 8.6-dev
* added radmin2 module by catatonic prime - great work!
* smb module now checks if SMBv1 is supported by the server and if signing is required
* http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch)
* Fix for SSL connections that failed with error:00000000:lib(0):func(0):reason(0) (thanks gaia@github for reporting)
* Added new command line option:
-c TIME: seconds between login attempts (over all threads, so -t 1 is recommended)
* Options put after -R (for loading a restore file) are now honored (and were disallowed before)
* merged several patches by Diadlo@github to make the code easier readable. thanks for that!
* merged a patch by Diadlo@github that moves the help output to the invididual module
Release 8.5
* New command line option:
-b : format option for -o output file (json only so far, happy for patches supporting others :) ) - thanks to veggiespam for the patch
* ./configure now honors the CC enviroment variable if present
* Fix for the restore file crash on some x64 platforms (finally! thanks to lukas227!)
* Changed the format of the restore file to detect cross platform copies
* Fixed a bug in the NCP module
* Favor strrchr() over rindex()
* Added refactoring patch by diadlo
* Updated man page with missing command line options
Release 8.4
! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix
* Proxy support re-implemented:
- HYDRA_PROXY[_HTTP] environment can be a text file with up to 64 entries
- HYDRA_PROXY_AUTH was deprecated, set login/password in HTTP_PROXY[_HTTP]
* New protocol: adam6500 - this one is work in progress, please test and report
* New protocol: rpcap - thanks to Petar Kaleychev <petar.kaleychev@gmail.com>
* New command line options:
-y : disables -x 1aA interpretation, thanks to crondaemon for the patch
-I : ignore an existing hydra.restore file (dont wait for 10 seconds)
* hydra-svn: works now with the current libsvn version
* hydra-ssh: initial check for password auth support now uses login supplied
* Fixed dpl4hydra to be able to update from the web again
* Fixed crash when -U was used without any service (thanks to thecarterb for reporting)
* Updated default password lists
* The protocols vnc, xmpp, telnet, imap, nntp and pcanywhere got accidentially long sleep commands due a patch in 8.2, fixed
* Added special error message for clueless users :)
Release 8.3
* Support for upcoming OpenSSL 1.1 added. needs testing.
* Fixed hydra redo bug (issue #113)
* Updated xhydra for new hydra features and options
* Some more command line error checking
* Ensured unneeded sockets are closed
Release 8.2
* Added RTSP module, thanks to jjavi89 for supplying!
* Added patch for ssh that fixes hydra stopping to connect, thanks to ShantonRU for the patch
* Added new -O option to hydra to support SSL servers that do not suport TLS
* Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames
* Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot!
* Added support in hydra-http for http-post (content length 0)
* Fixed important bug in http-*://server/url command line processing
* Added SSL SNI support
* Fixed bug in HTTP Form redirection following - thanks for everyone who reported and especially to Hayden Young for setting up a test page for debugging
* Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced)
* Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting!
* Fixed for SSL connection to support TLSv1.2 etc.
* Support for different RSA keylengths, thanks to fann95 for the patch
* Fixed a bug where the cisco-enable module was not working with the password-only logon mode
* Fixed an out of memory bug in http-form
* Fixed imap PLAIN method
* Fixed -x option to bail if it would generate too many passwords (more than 4 billion)
* Added warning if HYDRA_PROXY_CONNECT environment is detected, that is an outdated setting
* Added --fhs switch to configure (for Linux distribution usage)
* ... your patch?
Release 8.1
* David Maciejak, my co-maintainer moved to a different job and country and can not help with Hydra anymore - sadly! Wish you all the best!
* Added patch from Ander Juaristi which adds h/H header options for http-form-*, great work, thanks!
......
......@@ -13,8 +13,16 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
* Foundation, Inc.
*
* Free Software Foundation
* 51 Franklin Street, Fifth Floor
* Boston, MA 02110-1335
* USA
*
* Telephone: +1-617-542-5942
* Fax: +1-617-542-2652
* General email: info@fsf.org
*
* In addition, as a special exception, the copyright holders give
* permission to link the code of portions of this program with the
......
#
# Makefile for Hydra - (c) 2001-2014 by van Hauser / THC <vh@thc.org>
# Makefile for Hydra - (c) 2001-2017 by van Hauser / THC <vh@thc.org>
#
OPTS=-I. -O3
# -Wall -g -pedantic
LIBS=-lm
DIR=/bin
BINDIR = /bin
MANDIR ?= /man/man1/
DATADIR ?= /etc
DESTDIR ?=
SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \
hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \
hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \
hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \
hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c \
hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \
hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \
hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \
hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c \
hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c \
hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c hydra-svn.c \
hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \
hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \
hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \
hydra-rdp.c hydra-s7-300.c hydra-redis.c \
crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c
hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \
hydra-rpcap.c hydra-radmin2.c \
hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c
OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \
hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \
hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \
hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \
hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o \
hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \
hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \
hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \
hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \
hydra-rdp.o hydra-s7-300.c \
crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o
hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o \
hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o \
hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o hydra-svn.o \
hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \
hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \
hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \
hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \
hydra-rpcap.o hydra-radmin2.o \
crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o
BINS = hydra pw-inspector
EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \
......@@ -57,15 +64,15 @@ strip: all
-echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null
install: strip
-mkdir -p $(PREFIX)$(DIR)
cp -f hydra-wizard.sh $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 hydra-wizard.sh $(BINS)
-echo OK > /dev/null && test -x xhydra && cp xhydra $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 xhydra || echo OK > /dev/null
-sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh > $(PREFIX)/bin/dpl4hydra.sh
-chmod 755 $(PREFIX)/bin/dpl4hydra.sh
-mkdir -p $(PREFIX)/etc/
-cp -f *.csv $(PREFIX)/etc/
-mkdir -p $(PREFIX)/man/man1
-cp -f hydra.1 xhydra.1 pw-inspector.1 $(PREFIX)/man/man1
-mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR)
cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS)
-echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null
-sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh
-chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh
-mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR)
-cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR)
-mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR)
-cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR)
clean:
rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile
......
H Y D R A
(c) 2001-2014 by van Hauser / THC
(c) 2001-2017 by van Hauser / THC
<vh@thc.org> http://www.thc.org
many modules were written by David (dot) Maciejak @ gmail (dot) com
BFG code by Jan Dlabal <dlabaljan@gmail.com>
......@@ -18,7 +18,7 @@ INTRODUCTION
Number one of the biggest security holes are passwords, as every password
security study shows.
This tool is a proof of concept code, to give researchers and security
consultants the possiblity to show how easy it would be to gain unauthorized
consultants the possibility to show how easy it would be to gain unauthorized
access from remote to a system.
THIS TOOL IS FOR LEGAL PURPOSES ONLY!
......@@ -28,16 +28,17 @@ either support more than one protocol to attack or support parallized
connects.
It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris,
FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX.
FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS.
Currently this tool supports the following protocols:
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET,
HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP,
MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere,
PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP,
SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion,
Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY,
HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST,
HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener,
Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin,
Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5,
SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth,
VNC and XMPP.
However the module engine for new services is very easy so it won't take a
long time until even more services are supported.
......@@ -53,7 +54,7 @@ If you are interested in the current development state, the public development
repository is at Github:
svn co https://github.com/vanhauser-thc/thc-hydra
or
git clone https://github.com/vanhauser-thc/thc-hydra.git
git clone https://github.com/vanhauser-thc/thc-hydra
Use the development version at your own risk. It contains new features and
new bugs. Things might not work!
......@@ -82,7 +83,7 @@ install from the vendor's web sites.
For all other Linux derivates and BSD based systems, use the system
software installer and look for similar named libraries like in the
comand above. In all other cases you have to download all source libraries
command above. In all other cases you have to download all source libraries
and compile them manually.
......@@ -90,9 +91,9 @@ and compile them manually.
SUPPORTED PLATFORMS
-------------------
All UNIX platforms (linux, *bsd, solaris, etc.)
Mac OS/X
MacOS
Windows with Cygwin (both IPv4 and IPv6)
Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
......@@ -103,7 +104,7 @@ options available.
Type "./hydra -h" to see all available command line options.
Note that NO login/password file is included. Generate them yourself.
A default password list is hoever present, use "dpl4hydra.sh" to generate
A default password list is however present, use "dpl4hydra.sh" to generate
a list.
For Linux users, a GTK gui is available, try "./xhydra"
......@@ -164,6 +165,14 @@ target entry in the file, e.g.:
127.0.0.1
127.0.0.1:2121
Note that if you want to attach IPv6 targets, you must supply the -6 option
and *must* put IPv6 addresses in brackets in the file(!) like this:
foo.bar.com
target.com:21
[fe80::1%eth0]
[2001::1]
[2002::2]:8080
[2a01:24a:133:0:00:123:ff:1a]
LOGINS AND PASSWORDS
......@@ -187,7 +196,7 @@ specify "-e sn" on the command line.
But there are two more modes for trying passwords than -p/-P:
You can use text file which where a login and password pair is seperated by a colon,
You can use text file which where a login and password pair is separated by a colon,
e.g.:
admin:password
test:test
......@@ -216,7 +225,7 @@ Example:
SPECIAL OPTIONS FOR MODULES
---------------------------
Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m
commandline option, you can pass one option to a module.
command line option, you can pass one option to a module.
Many modules use this, a few require it!
To see the special option of a module, type:
......@@ -236,29 +245,32 @@ Examples (they are all equal):
RESTORING AN ABORTED/CRASHED SESSION
------------------------------------
When hydra is aborted with Control-C, killed or crashs, it leavs a
When hydra is aborted with Control-C, killed or crashes, it leaves a
"hydra.restore" file behind which contains all necessary information to
restore the session. This session file is written every 5 minutes.
NOTE: the hydra.restore file can NOT be copied to a different platform (e.g.
from little indian to big indian, or from solaris to aix)
from little endian to big endian, or from solaris to aix)
HOW TO SCAN/CRACK OVER A PROXY
------------------------------
The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works
just for the http/www service!).
just for the http services!).
The following syntax is valid:
HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
For all other services, use the HYDRA_PROXY variable to scan/crack
via by default a web proxy's CONNECT call. It uses the same syntax. eg:
HYDRA_PROXY=[http|socks4|socks5]://proxy_addr:proxy_port
HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/"
HYDRA_PROXY_HTTP="proxylist.txt"
The last example is a text file containing up to 64 proxies (in the same
format definition as the other examples).
For all other services, use the HYDRA_PROXY variable to scan/crack.
It uses the same syntax. eg:
HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port
for example:
HYDRA_PROXY=http://proxy.anonymizer.com:8000
If you require authentication for the proxy, use the HYDRA_PROXY_AUTH
environment variable:
HYDRA_PROXY_AUTH="the_login:the_password"
HYDRA_PROXY=connect://proxy.anonymizer.com:8000
HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080
HYDRA_PROXY=socksproxylist.txt
......@@ -275,10 +287,79 @@ ADDITIONAL HINTS
cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt
RESULTS OUTPUT
--------------
The results are output to stdio along with the other information. Via the -o
command line option, the results can also be written to a file. Using -b,
the format of the output can be specified. Currently, these are supported:
* `text` - plain text format
* `jsonv1` - JSON data using version 1.x of the schema (defined below).
* `json` - JSON data using the latest version of the schema, currently there
is only version 1.
If using JSON output, the results file may not be valid JSON if there are
serious errors in booting Hydra.
### JSON Schema
Here is an example of the JSON output. Notes on some of the fields:
* `errormessages` - an array of zero or more strings that are normally printed
to stderr at the end of the Hydra's run. The text is very free form.
* `success` - indication if Hydra ran correctly without error (**NOT** if
passwords were detected). This parameter is either the JSON value `true`
or `false` depending on completion.
* `quantityfound` - How many username+password combinations discovered.
* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00,
2.03, etc. Hydra will make second tuple of the version to always be two
digits to make it easier for downstream processors (as opposed to v1.1 vs
v1.10). The minor-level versions are additive, so 1.02 will contain more
fields than version 1.00 and will be backward compatible. Version 2.x will
break something from version 1.x output.
Version 1.00 example:
```
{
"errormessages": [
"[ERROR] Error Message of Something",
"[ERROR] Another Message",
"These are very free form"
],
"generator": {
"built": "2017-03-01 14:44:22",
"commandline": "hydra -b jsonv1 -o results.json ... ...",
"jsonoutputversion": "1.00",
"server": "127.0.0.1",
"service": "http-post-form",
"software": "Hydra",
"version": "v8.5"
},
"quantityfound": 2,
"results": [
{
"host": "127.0.0.1",
"login": "bill@example.com",
"password": "bill",
"port": 9999,
"service": "http-post-form"
},
{
"host": "127.0.0.1",
"login": "joe@example.com",
"password": "joe",
"port": 9999,
"service": "http-post-form"
}
],
"success": false
}
```
SPEED
-----
through the parallizing feature, this password cracker tool can be very
through the parallelizing feature, this password cracker tool can be very
fast, however it depends on the protocol. The fastest are generally POP3
and FTP.
Experiment with the task option (-t) to speed things up! The higher - the
......@@ -321,7 +402,6 @@ BUGS & FEATURES
Hydra:
Email me or David if you find bugs or if you have written a new module.
vh@thc.org (and put "antispam" in the subject line)
David (dot) Maciejak @ gmail (dot) com
You should use PGP to encrypt emails to vh@thc.org :
......
Prio 1:
* add cookie support to hydra-http.c
* hydra-smb more than 1 connection?
* add help hints?
* test teamspeak, icq
......@@ -9,6 +10,9 @@ Prio 1:
* add snmpv3 privacy support
* http: option to specify an url for testing if the login was right or wrong
* does hydra-oracle work with service names? (often SIDs do not work anymore)
* fix crash for -R on x64
* IPv6 addresses in txt file does not work
* prot://ipv6addr:port does not have []
Prio 2:
......
......@@ -6,21 +6,54 @@
#include <string.h>
#include <math.h>
#include <ctype.h>
#ifdef __sun
#include <sys/int_types.h>
#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
#include <inttypes.h>
#else
#include <stdint.h>
#endif
#include "bfg.h"
bf_option bf_options;
#ifdef HAVE_MATH_H
extern int debug;
extern int32_t debug;
static int32_t add_single_char(char ch, char flags, int32_t* crs_len) {
if ((ch >= '2' && ch <= '9') || ch == '0') {
if ((flags & BF_NUMS) > 0) {
printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", ch);
return 0;
}
//printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", ch);
}
if (tolower((int32_t) ch) >= 'b' && tolower((int32_t) ch) <= 'z') {
if ((ch <= 'Z' && (flags & BF_UPPER) > 0) || (ch > 'Z' && (flags & BF_UPPER) > 0)) {
printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", ch, ch <= 'Z' ? 'A' : 'a');
return 0;
}
//printf("[WARNING] adding character %c for -x, note that '%c' will add all %scase letters\n", ch, ch <= 'Z' ? 'A' : 'a', ch <= 'Z' ? "up" : "low");
}
(*crs_len)++;
if (BF_CHARSMAX - *crs_len < 1) {
free(bf_options.crs);
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
return 1;
} else {
bf_options.crs[*crs_len - 1] = ch;
bf_options.crs[*crs_len] = '\0';
}
return 0;
}
// return values : 0 on success, 1 on error
//
// note that we check for -x .:.:ab but not for -x .:.:ba
//
int bf_init(char *arg) {
int i = 0;
int crs_len = 0;
int32_t bf_init(char *arg) {
int32_t i = 0;
int32_t crs_len = 0;
char flags = 0;
char *tmp = strchr(arg, ':');
......@@ -69,80 +102,64 @@ int bf_init(char *arg) {
bf_options.crs[0] = 0;
for (; tmp[i]; i++) {
switch (tmp[i]) {
case 'a':
crs_len += 26;
if (BF_CHARSMAX - crs_len < 1) {
free(bf_options.crs);
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
return 1;
} else if (flags & BF_LOWER) {
free(bf_options.crs);
fprintf(stderr, "Error: 'a' specified more than once in charset!\n");
return 1;
} else {
strcat(bf_options.crs, "abcdefghijklmnopqrstuvwxyz");
flags |= BF_LOWER;
}
break;
case 'A':
crs_len += 26;
if (BF_CHARSMAX - crs_len < 1) {
free(bf_options.crs);
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
if (bf_options.disable_symbols) {
if (add_single_char(tmp[i], flags, &crs_len) == -1)
return 1;
} else if (flags & BF_UPPER) {
free(bf_options.crs);
fprintf(stderr, "Error: 'A' specified more than once in charset!\n");
return 1;
} else {
strcat(bf_options.crs, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
flags |= BF_UPPER;
}
break;
case '1':
crs_len += 10;
if (BF_CHARSMAX - crs_len < 1) {
free(bf_options.crs);
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
return 1;
} else if (flags & BF_NUMS) {
free(bf_options.crs);
fprintf(stderr, "Error: '1' specified more than once in charset!\n");
return 1;
} else {
strcat(bf_options.crs, "0123456789");
flags |= BF_NUMS;
}
break;
default:
if ((tmp[i] >= '2' && tmp[i] <= '9') || tmp[i] == '0') {
if ((flags & BF_NUMS) > 0) {
printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", tmp[i]);
continue;
} else {
switch (tmp[i]) {
case 'a':
crs_len += 26;
if (BF_CHARSMAX - crs_len < 1) {
free(bf_options.crs);
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
return 1;
} else if (flags & BF_LOWER) {
free(bf_options.crs);
fprintf(stderr, "Error: 'a' specified more than once in charset!\n");
return 1;
} else {
strcat(bf_options.crs, "abcdefghijklmnopqrstuvwxyz");
flags |= BF_LOWER;
}
printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", tmp[i]);
}
if (tolower((int) tmp[i]) >= 'b' && tolower((int) tmp[i]) <= 'z') {
if ((tmp[i] <= 'Z' && (flags & BF_UPPER) > 0) || (tmp[i] > 'Z' && (flags & BF_UPPER) > 0)) {
printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a');
continue;
break;
case 'A':
crs_len += 26;
if (BF_CHARSMAX - crs_len < 1) {
free(bf_options.crs);
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
return 1;
} else if (flags & BF_UPPER) {
free(bf_options.crs);
fprintf(stderr, "Error: 'A' specified more than once in charset!\n");
return 1;
} else {
strcat(bf_options.crs, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
flags |= BF_UPPER;
}
printf("[WARNING] adding character %c for -x, note that '%c' will add all %scase letters\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a', tmp[i] <= 'Z' ? "up" : "low");
}
crs_len++;
if (BF_CHARSMAX - crs_len < 1) {
free(bf_options.crs);
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
return 1;
} else {
bf_options.crs[crs_len - 1] = tmp[i];
bf_options.crs[crs_len] = '\0';
break;
case '1':
crs_len += 10;
if (BF_CHARSMAX - crs_len < 1) {
free(bf_options.crs);
fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX);
return 1;
} else if (flags & BF_NUMS) {
free(bf_options.crs);
fprintf(stderr, "Error: '1' specified more than once in charset!\n");
return 1;
} else {
strcat(bf_options.crs, "0123456789");
flags |= BF_NUMS;
}
break;
default:
if (add_single_char(tmp[i], flags, &crs_len) == -1)
return 1;
break;
}
break;
}
}
......@@ -150,24 +167,31 @@ int bf_init(char *arg) {
bf_options.current = bf_options.from;
memset((char *) bf_options.state, 0, sizeof(bf_options.state));
if (debug)
printf("[DEBUG] bfg INIT: from %d, to %d, len: %d, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs);
printf("[DEBUG] bfg INIT: from %u, to %u, len: %u, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs);
return 0;
}
unsigned long int bf_get_pcount() {
int i;
unsigned long int count = 0;
uint64_t bf_get_pcount() {