Merge branch 'master' into HEAD

Conflicts: Makefile.am hydra.c hydra.h Additional changes to better fit the newer design patterns.
garikello3d · Jul 7, 2017 · cf089a6 · cf089a6
2 parents 1503c8a + cea0053
commit cf089a6
Show file tree

Hide file tree

Showing 86 changed files with 2,837 additions and 2,297 deletions.
diff --git a/CHANGES b/CHANGES
@@ -1,17 +1,43 @@
 Changelog for hydra
 -------------------
 
-Release 8.4-dev
+Release 8.6-dev
+* smb module now checks if SMBv1 is supported by the server and now signing is required
+* http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch)
+* Fix for SSL connections that failed with error:00000000:lib(0):func(0):reason(0) (thanks gaia@github for reporting)
+* Added new command line option:
+   -c TIME: seconds between login attempts (over all threads, so -t 1 is recommended)
+* Options put after -R (for loading a restore file) are now honored (and were disallowed before)
+* merged several patches by Diadlo@github to make the code easier readable. thanks for that!
+* merged a patch by Diadlo@github that moves the help output to the invididual module
+
+
+Release 8.5
+* New command line option:
+   -b : format option for -o output file (json only so far, happy for patches supporting others :) ) - thanks to veggiespam for the patch
+* ./configure now honors the CC enviroment variable if present
+* Fix for the restore file crash on some x64 platforms (finally! thanks to lukas227!)
+* Changed the format of the restore file to detect cross platform copies
+* Fixed a bug in the NCP module
+* Favor strrchr() over rindex()
+* Added refactoring patch by diadlo
+* Updated man page with missing command line options
+
+
+Release 8.4
+! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix
 * Proxy support re-implemented:
   - HYDRA_PROXY[_HTTP] environment can be a text file with up to 64 entries
   - HYDRA_PROXY_AUTH was deprecated, set login/password in HTTP_PROXY[_HTTP]
 * New protocol: adam6500 - this one is work in progress, please test and report
-* New protocol: rpcap! thanks to Petar Kaleychev <[email protected]>
+* New protocol: rpcap - thanks to Petar Kaleychev <[email protected]>
 * New command line options:
    -y : disables -x 1aA interpretation, thanks to crondaemon for the patch
    -I : ignore an existing hydra.restore file (dont wait for 10 seconds)
-* Upgraded hydra-svn to work with the current libsvn version
+* hydra-svn: works now with the current libsvn version
+* hydra-ssh: initial check for password auth support now uses login supplied
 * Fixed dpl4hydra to be able to update from the web again
+* Fixed crash when -U was used without any service (thanks to thecarterb for reporting)
 * Updated default password lists
 * The protocols vnc, xmpp, telnet, imap, nntp and pcanywhere got accidentially long sleep commands due a patch in 8.2, fixed
 * Added special error message for clueless users :)
@@ -26,7 +52,7 @@ Release 8.3
 
 Release 8.2
 * Added RTSP module, thanks to jjavi89 for supplying!
-* Added patch for ssh that fixes hyra stopping to connect, thanks to ShantonRU for the patch
+* Added patch for ssh that fixes hydra stopping to connect, thanks to ShantonRU for the patch
 * Added new -O option to hydra to support SSL servers that do not suport TLS
 * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames
 * Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot!

diff --git a/Makefile.am b/Makefile.am
@@ -1,5 +1,5 @@
 #
-# Makefile for Hydra - (c) 2001-2016 by van Hauser / THC <[email protected]>
+# Makefile for Hydra - (c) 2001-2017 by van Hauser / THC <[email protected]>
 #
 OPTS=-I. -O3
 # -Wall -g -pedantic

diff --git a/README b/README
@@ -1,7 +1,7 @@
 
 				  H Y D R A
 
-                      (c) 2001-2016 by van Hauser / THC
+                      (c) 2001-2017 by van Hauser / THC
                        <[email protected]> http://www.thc.org
        many modules were written by David (dot) Maciejak @ gmail (dot) com
                  BFG code by Jan Dlabal <[email protected]>
@@ -28,7 +28,7 @@ either support more than one protocol to attack or support parallized
 connects.
 
 It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris,
-FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX.
+FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS.
 
 Currently this tool supports the following protocols:
  Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
@@ -54,7 +54,7 @@ If you are interested in the current development state, the public development
 repository is at Github:
   svn co https://github.com/vanhauser-thc/thc-hydra
  or
-  git clone https://github.com/vanhauser-thc/thc-hydra.git
+  git clone https://github.com/vanhauser-thc/thc-hydra
 Use the development version at your own risk. It contains new features and
 new bugs. Things might not work!
 
@@ -91,9 +91,9 @@ and compile them manually.
 SUPPORTED PLATFORMS
 -------------------
 All UNIX platforms (linux, *bsd, solaris, etc.)
-Mac OS/X
+MacOS
 Windows with Cygwin (both IPv4 and IPv6)
-Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
+Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
 
 
 
@@ -287,6 +287,75 @@ ADDITIONAL HINTS
     cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt
 
 
+RESULTS OUTPUT
+--------------
+
+The results are output to stdio along with the other information.  Via the -o
+command line option, the results can also be written to a file.  Using -b,
+the format of the output can be specified.  Currently, these are supported:
+* `text`   - plain text format
+* `jsonv1` - JSON data using version 1.x of the schema (defined below).
+* `json`   - JSON data using the latest version of the schema, currently there
+             is only version 1.
+
+If using JSON output, the results file may not be valid JSON if there are
+serious errors in booting Hydra.
+
+
+### JSON Schema
+Here is an example of the JSON output.  Notes on some of the fields:
+
+* `errormessages` - an array of zero or more strings that are normally printed
+   to stderr at the end of the Hydra's run.  The text is very free form.
+* `success` - indication if Hydra ran correctly without error (**NOT** if
+   passwords were detected).  This parameter is either the JSON value `true`
+   or `false` depending on completion.  
+* `quantityfound` - How many username+password combinations discovered.
+* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00,
+   2.03, etc.  Hydra will make second tuple of the version to always be two
+   digits to make it easier for downstream processors (as opposed to v1.1 vs
+   v1.10).  The minor-level versions are additive, so 1.02 will contain more
+   fields than version 1.00 and will be backward compatible.  Version 2.x will
+   break something from version 1.x output.  
+
+Version 1.00 example:
+```
+{
+    "errormessages": [
+        "[ERROR] Error Message of Something",
+        "[ERROR] Another Message",
+        "These are very free form"
+    ],
+    "generator": {
+        "built": "2017-03-01 14:44:22",
+        "commandline": "hydra -b jsonv1 -o results.json ... ...",
+        "jsonoutputversion": "1.00",
+        "server": "127.0.0.1",
+        "service": "http-post-form",
+        "software": "Hydra",
+        "version": "v8.5"
+    },
+    "quantityfound": 2,
+    "results": [
+        {
+            "host": "127.0.0.1",
+            "login": "[email protected]",
+            "password": "bill",
+            "port": 9999,
+            "service": "http-post-form"
+        },
+        {
+            "host": "127.0.0.1",
+            "login": "[email protected]",
+            "password": "joe",
+            "port": 9999,
+            "service": "http-post-form"
+        }
+    ],
+    "success": false
+}
+```
+
 
 SPEED
 -----

diff --git a/bfg.c b/bfg.c
@@ -6,23 +6,30 @@
 #include <string.h>
 #include <math.h>
 #include <ctype.h>
+#ifdef __sun
+  #include <sys/int_types.h>
+#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
+  #include <inttypes.h>
+#else
+  #include <stdint.h>
+#endif
 #include "bfg.h"
 
 bf_option bf_options;
 
 #ifdef HAVE_MATH_H
 
-extern int debug;
+extern int32_t debug;
 
-static int add_single_char(char ch, char flags, int* crs_len) {
+static int32_t add_single_char(char ch, char flags, int32_t* crs_len) {
   if ((ch >= '2' && ch <= '9') || ch == '0') {
     if ((flags & BF_NUMS) > 0) {
       printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", ch);
       return 0;
     }
     //printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", ch);
   }
-  if (tolower((int) ch) >= 'b' && tolower((int) ch) <= 'z') {
+  if (tolower((int32_t) ch) >= 'b' && tolower((int32_t) ch) <= 'z') {
     if ((ch <= 'Z' && (flags & BF_UPPER) > 0) || (ch > 'Z' && (flags & BF_UPPER) > 0)) {
       printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", ch, ch <= 'Z' ? 'A' : 'a');
       return 0;
@@ -38,14 +45,15 @@ static int add_single_char(char ch, char flags, int* crs_len) {
     bf_options.crs[*crs_len - 1] = ch;
     bf_options.crs[*crs_len] = '\0';
   }
+  return 0;
 }
 // return values : 0 on success, 1 on error
 //
 // note that we check for -x .:.:ab but not for -x .:.:ba
 //
-int bf_init(char *arg) {
-  int i = 0;
-  int crs_len = 0;
+int32_t bf_init(char *arg) {
+  int32_t i = 0;
+  int32_t crs_len = 0;
   char flags = 0;
   char *tmp = strchr(arg, ':');
 
@@ -165,10 +173,10 @@ int bf_init(char *arg) {
 }
 
 
-unsigned long int bf_get_pcount() {
-  int i;
+uint64_t bf_get_pcount() {
+  int32_t i;
   double count = 0;
-  unsigned long int foo;
+  uint64_t foo;
 
   for (i = bf_options.from; i <= bf_options.to; i++)
     count += (pow((double) bf_options.crs_len, (double) i));
@@ -183,7 +191,7 @@ unsigned long int bf_get_pcount() {
 
 
 char *bf_next() {
-  int i, pos = bf_options.current - 1;
+  int32_t i, pos = bf_options.current - 1;
 
   if (bf_options.current > bf_options.to)
     return NULL;                // we are done

diff --git a/bfg.h b/bfg.h
@@ -40,14 +40,14 @@ typedef struct {
   char *arg;                    /* argument received for bfg commandline option */
   char *crs;                    /* internal representation of charset */
   char *ptr;                    /* ptr to the last generated password */
-  unsigned int disable_symbols;
+  uint32_t disable_symbols;
 } bf_option;
 
 extern bf_option bf_options;
 
 #ifdef HAVE_MATH_H
-extern unsigned long int bf_get_pcount();
-extern int bf_init(char *arg);
+extern uint64_t bf_get_pcount();
+extern int32_t bf_init(char *arg);
 extern char *bf_next();
 #endif
 

diff --git a/configure b/configure
@@ -15,9 +15,13 @@ if [ "$1" = "-h" -o "$1" = "--help" ]; then
   echo "  --nostrip                  do not per default strip binaries before install"
   echo "  --debug                    show debug output to trace errors"
   echo "  --help                     this here"
+  echo
+  echo If the CC environment variable is set, this is used as the compiler for the configure tests. The default is \"gcc\" otherwise.
   exit 0
 fi
 
+test -z "$CC" && CC=gcc
+
 FHS=""
 SIXFOUR=""
 DEBUG=""
@@ -983,37 +987,37 @@ fi
 
 echo "Checking for Android specialities ..."
 TMPC=comptest$$
-RINDEX=" not"
+STRRCHR=" not"
 echo '#include <stdio.h>' > $TMPC.c
 echo '#include <strings.h>' >> $TMPC.c
-echo "int main() { char *x = rindex(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c
-gcc -o $TMPC $TMPC.c > /dev/null 2>&1
-test -x $TMPC && RINDEX=""
+echo "int main() { char *x = strrchr(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c
+$CC -o $TMPC $TMPC.c > /dev/null 2>&1
+test -x $TMPC && STRRCHR=""
 rm -f $TMPC $TMPC.c
-echo "                                  ... rindex()$RINDEX found"
+echo "                                  ... strrchr()$STRRCHR found"
 if [ -n "$CRYPTO_PATH" ]; then
   RSA=" not"
   echo '#include <stdio.h>' > $TMPC.c
   echo '#include <openssl/rsa.h>' >> $TMPC.c
   echo "int main() { RSA *rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c
 #echo "int main() { RSA *rsa; RSA_generate_key_ex(rsa, 1024, 0, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c
-  gcc -o $TMPC $TMPC.c -lssl -lcrypto > /dev/null 2>&1
+  $CC -o $TMPC $TMPC.c -lssl -lcrypto > /dev/null 2>&1
   test -x $TMPC && RSA=""
   rm -f $TMPC $TMPC.c
   echo "                                  ... RSA_generate_key()$RSA found"
 fi
 
-echo "Checking for secure compile option support in gcc ..."
+echo "Checking for secure compile option support in $CC ..."
 GCCSEC="no"
 LDSEC="no"
 GCCSECOPT="-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
 echo '#include <stdio.h>' > $TMPC.c
 echo 'int main() { printf(""); return 0; }' >> $TMPC.c
-gcc -pie -fPIE $GCCSEPOPT -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err
+$CC -pie -fPIE $GCCSEPOPT -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err
 test -x $TMPC && GCCSEC="yes"
 grep -q fPI $TMPC.c.err || GCCSECOPT="-pie -fPIE $GCCSECOPT"
 rm -f "$TMPC"
-gcc $GCCSECOPT -Wl,-z,now -Wl,-z,relro -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err
+$CC $GCCSECOPT -Wl,-z,now -Wl,-z,relro -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err
 test -x $TMPC && { LDSEC="yes" ; GCCSECOPT="$GCCSECOPT -Wl,-z,now -Wl,-z,relro" ; }
 rm -f $TMPC $TMPC.c $TMPC.c.err
 echo "                                                  Compiling... $GCCSEC"
@@ -1077,8 +1081,8 @@ fi
 if [ -n "$SSH_PATH" ]; then
     XDEFINES="$XDEFINES -DLIBSSH"
 fi
-if [ -n "$RINDEX" ]; then
-    XDEFINES="$XDEFINES -DNO_RINDEX"
+if [ -n "$STRRCHR" ]; then
+    XDEFINES="$XDEFINES -DNO_STRRCHR"
 fi
 if [ -n "$RSA" ]; then
     XDEFINES="$XDEFINES -DNO_RSA_LEGACY"
@@ -1244,6 +1248,10 @@ if [ "X" != "X$DEBUG" ]; then
    echo DEBUG: STRIP=$STRIP
 fi
 
+if [ "$SYSS" = "SunOS" ]; then
+   XLIBS="$XLIBS -lrt"
+fi
+
 echo "Writing Makefile.in ..."
 if [ "X" != "X$FHS" ]; then
   echo "MANDIR = /share/man/man1" >> Makefile.in
@@ -1287,7 +1295,7 @@ if [ "x$WINDRES" = "x" ]; then
   echo HYDRA_LOGO= >> Makefile
   echo PWI_LOGO= >> Makefile
 fi
-if [ "$GCCSEC" = "yes" ]; then
+if [ "$GCCSEC" = "yes" ] && [ "$SYSS" != "SunOS" ]; then
   echo "SEC=$GCCSECOPT" >> Makefile
 else
   echo "SEC=" >> Makefile

diff --git a/crc32.c b/crc32.c
@@ -1,4 +1,3 @@
-
 /*-
 *  COPYRIGHT (C) 1986 Gary S. Brown.  You may use this program, or
 *  code or tables extracted from it, as desired without restriction.
@@ -42,8 +41,15 @@
 */
 
 #include <sys/types.h>
+#ifdef __sun
+  #include <sys/int_types.h>
+#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
+  #include <inttypes.h>
+#else
+  #include <stdint.h>
+#endif
 
-unsigned int crc32_tab[] = {
+uint32_t crc32_tab[] = {
   0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
   0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
   0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
@@ -91,9 +97,9 @@ unsigned int crc32_tab[] = {
 
 #ifndef HAVE_ZLIB
 
-unsigned int crc32(const void *buf, unsigned int size) {
+uint32_t crc32(const void *buf, uint32_t size) {
   const unsigned char *p;
-  unsigned int crc;
+  uint32_t crc;
 
   p = buf;
   crc = ~0U;