void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, int32_t tls) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_FTP, mysslport = PORT_FTP_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
hydra_child_exit(0);
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleepn(300);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
hydra_child_exit(1);
}
usleepn(250);
buf = hydra_receive_line(sock);
if (buf == NULL || buf[0] != '2') { /* check the first line */
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
if (buf != NULL)
free(buf);
hydra_child_exit(2);
}
while (buf != NULL && strncmp(buf, "220 ", 4) != 0 && strstr(buf, "\n220 ") == NULL) {
free(buf);
buf = hydra_receive_line(sock);
}
free(buf);
//this mode is manually chosen, so if it fails we giving up
if (tls) {
if (hydra_send(sock, "AUTH TLS\r\n", strlen("AUTH TLS\r\n"), 0) < 0) {
hydra_child_exit(2);
}
buf = hydra_receive_line(sock);
if (buf == NULL) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
}
if (buf[0] == '2') {
if ((hydra_connect_to_ssl(sock, hostname) == -1) && verbose) {
hydra_report(stderr, "[ERROR] Can't use TLS\n");
hydra_child_exit(2);
} else {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS connection done\n");
}
} else {
hydra_report(stderr, "[ERROR] TLS negotiation failed %s\n", buf);
hydra_child_exit(2);
}
free(buf);
}
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_ftp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* error exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
case 4: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1, i = 0;
int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 0;
char *buffer1 = "EHLO hydra\r\n";
char *buffer2 = "HELO hydra\r\n";
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = myport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
/* receive initial header */
if ((buf = hydra_receive_line(sock)) == NULL)
hydra_child_exit(2);
if (strstr(buf, "220") == NULL) {
hydra_report(stderr, "[WARNING] SMTP does not allow to connect: %s\n", buf);
free(buf);
hydra_child_exit(2);
}
while (strstr(buf, "220 ") == NULL) {
free(buf);
buf = hydra_receive_line(sock);
}
free(buf);
/* send ehlo and receive/ignore reply */
if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0)
hydra_child_exit(2);
buf = smtp_read_server_capacity(sock);
if (buf == NULL)
hydra_child_exit(2);
#ifdef LIBOPENSSLNEW
if (!disable_tls) {
/* if we got a positive answer */
if (buf[0] == '2') {
if (strstr(buf, "STARTTLS") != NULL) {
hydra_send(sock, "STARTTLS\r\n", strlen("STARTTLS\r\n"), 0);
free(buf);
buf = hydra_receive_line(sock);
if (buf[0] != '2') {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS negotiation failed\n");
} else {
free(buf);
if ((hydra_connect_to_ssl(sock) == -1)) {
if (verbose)
hydra_report(stderr, "[ERROR] Can't use TLS\n");
disable_tls = 1;
run = 1;
break;
} else {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS connection done\n");
}
/* ask again capability request but in TLS mode */
if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0)
hydra_child_exit(2);
buf = smtp_read_server_capacity(sock);
if (buf == NULL)
hydra_child_exit(2);
}
}
}
}
#endif
if (buf[0] != '2') {
if (hydra_send(sock, buffer2, strlen(buffer2), 0) < 0)
hydra_child_exit(2);
free(buf);
buf = smtp_read_server_capacity(sock);
if (buf == NULL)
hydra_child_exit(2);
}
if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) {
smtp_auth_mechanism = AUTH_NTLM;
}
#ifdef LIBOPENSSLNEW
if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "DIGEST-MD5") != NULL)) {
smtp_auth_mechanism = AUTH_DIGESTMD5;
}
if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "CRAM-MD5") != NULL)) {
smtp_auth_mechanism = AUTH_CRAMMD5;
}
#endif
if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "PLAIN") != NULL)) {
smtp_auth_mechanism = AUTH_PLAIN;
}
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
if (strncmp(miscptr, "LOGIN", 5) == 0)
smtp_auth_mechanism = AUTH_LOGIN;
if (strncmp(miscptr, "PLAIN", 5) == 0)
smtp_auth_mechanism = AUTH_PLAIN;
#ifdef LIBOPENSSLNEW
if (strncmp(miscptr, "CRAM-MD5", 8) == 0)
smtp_auth_mechanism = AUTH_CRAMMD5;
if (strncmp(miscptr, "DIGEST-MD5", 10) == 0)
smtp_auth_mechanism = AUTH_DIGESTMD5;
#endif
if (strncmp(miscptr, "NTLM", 4) == 0)
smtp_auth_mechanism = AUTH_NTLM;
}
if (verbose) {
switch (smtp_auth_mechanism) {
case AUTH_LOGIN:
hydra_report(stderr, "[VERBOSE] using SMTP LOGIN AUTH mechanism\n");
break;
case AUTH_PLAIN:
hydra_report(stderr, "[VERBOSE] using SMTP PLAIN AUTH mechanism\n");
break;
#ifdef LIBOPENSSLNEW
case AUTH_CRAMMD5:
hydra_report(stderr, "[VERBOSE] using SMTP CRAM-MD5 AUTH mechanism\n");
break;
case AUTH_DIGESTMD5:
hydra_report(stderr, "[VERBOSE] using SMTP DIGEST-MD5 AUTH mechanism\n");
break;
#endif
case AUTH_NTLM:
hydra_report(stderr, "[VERBOSE] using SMTP NTLM AUTH mechanism\n");
break;
}
}
free(buf);
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_smtp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0) {
sock = hydra_disconnect(sock);
}
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
int run = 1, next_run = 1, sock = -1, i;
char *ptr = NULL;
//extract data from the pool, ip is the key
if (plist == NULL)
if (service_pop3_init(ip, sp, options, miscptr, fp, port) != 0)
hydra_child_exit(2);
p = list_find(ip);
if (p == NULL) {
hydra_report(stderr, "[ERROR] Could not find ip %s in pool\n", hydra_address2string(ip));
return;
}
if (list_remove(p) != 0)
hydra_report(stderr, "[ERROR] Could not find ip %s in pool to free memory\n", hydra_address2string(ip));
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
sock = hydra_connect_tcp(ip, port);
} else {
sock = hydra_connect_ssl(ip, port);
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
buf = hydra_receive_line(sock);
if (buf == NULL || buf[0] != '+') { /* check the first line */
if (verbose || debug) hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
}
ptr = strstr(buf, "<");
if (ptr != NULL && buf[0] == '+') {
if (ptr[strlen(ptr) - 1] == '\n')
ptr[strlen(ptr) - 1] = 0;
if (ptr[strlen(ptr) - 1] == '\r')
ptr[strlen(ptr) - 1] = 0;
strcpy(apop_challenge, ptr);
}
free(buf);
#ifdef LIBOPENSSL
if (!p->disable_tls) {
/* check for STARTTLS, if available we may have access to more basic auth methods */
hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0);
buf = hydra_receive_line(sock);
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
} else {
free(buf);
if ((hydra_connect_to_ssl(sock) == -1)) {
if (verbose)
hydra_report(stderr, "[ERROR] Can't use TLS\n");
p->disable_tls = 1;
}
else {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS connection done\n");
}
}
}
#endif
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_pop3(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
case 4: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
int myport = PORT_POP3, mysslport = PORT_POP3_SSL;
char *ptr = NULL;
int sock = -1;
char *capa_str = "CAPA\r\n";
char *quit_str = "QUIT\r\n";
pool p;
p.pop3_auth_mechanism=AUTH_CLEAR;
p.disable_tls = 1;
memcpy(p.ip, ip, 36);
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(p.ip, myport);
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(p.ip, mysslport);
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int) getpid());
return -1;
}
buf = hydra_receive_line(sock);
if (buf == NULL || buf[0] != '+') { /* check the first line */
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf);
return -1;
}
ptr = strstr(buf, "<");
if (ptr != NULL && buf[0] == '+') {
if (ptr[strlen(ptr) - 1] == '\n')
ptr[strlen(ptr) - 1] = 0;
if (ptr[strlen(ptr) - 1] == '\r')
ptr[strlen(ptr) - 1] = 0;
strcpy(apop_challenge, ptr);
}
free(buf);
/* send capability request */
if (hydra_send(sock, capa_str, strlen(capa_str), 0) < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Can not send the CAPABILITY request\n");
return -1;
}
buf = pop3_read_server_capacity(sock);
if (buf == NULL) {
hydra_report(stderr, "[ERROR] No answer from CAPABILITY request\n");
return -1;
}
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
int i;
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) {
p.disable_tls = 0;
}
}
#ifdef LIBOPENSSL
if (!p.disable_tls) {
/* check for STARTTLS, if available we may have access to more basic auth methods */
if (strstr(buf, "STLS") != NULL) {
hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0);
free(buf);
buf = hydra_receive_line(sock);
if (buf[0] != '+') {
hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
} else {
free(buf);
if ((hydra_connect_to_ssl(sock) == -1)) {
if (verbose)
hydra_report(stderr, "[ERROR] Can't use TLS\n");
p.disable_tls = 1;
} else {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS connection done\n");
}
if (!p.disable_tls) {
/* ask again capability request but in TLS mode */
if (hydra_send(sock, capa_str, strlen(capa_str), 0) < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Can not send the CAPABILITY request\n");
return -1;
}
buf = pop3_read_server_capacity(sock);
if (buf == NULL) {
hydra_report(stderr, "[ERROR] No answer from CAPABILITY request\n");
return -1;
}
}
}
} else
hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
}
#endif
if (hydra_send(sock, quit_str, strlen(quit_str), 0) < 0) {
//we dont care if the server is not receiving the quit msg
}
hydra_disconnect(sock);
if (verbose)
hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf);
/* example:
+OK Capability list follows:
TOP
LOGIN-DELAY 180
UIDL
USER
SASL PLAIN LOGIN
*/
/* according to rfc 2449:
The POP3 AUTH command [POP-AUTH] permits the use of [SASL]
authentication mechanisms with POP3. The SASL capability
indicates that the AUTH command is available and that it supports
an optional base64 encoded second argument for an initial client
response as described in the SASL specification. The argument to
the SASL capability is a space separated list of SASL mechanisms
which are supported.
*/
/* which mean threre will *always* have a space before the LOGIN auth keyword */
if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) {
p.pop3_auth_mechanism = AUTH_NTLM;
}
#ifdef LIBOPENSSL
if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "DIGEST-MD5") != NULL)) {
p.pop3_auth_mechanism = AUTH_DIGESTMD5;
}
if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "CRAM-SHA256") != NULL)) {
p.pop3_auth_mechanism = AUTH_CRAMSHA256;
}
if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "CRAM-SHA1") != NULL)) {
p.pop3_auth_mechanism = AUTH_CRAMSHA1;
}
if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "CRAM-MD5") != NULL)) {
p.pop3_auth_mechanism = AUTH_CRAMMD5;
}
#endif
if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "PLAIN") != NULL)) {
p.pop3_auth_mechanism = AUTH_PLAIN;
}
if (strstr(buf, " LOGIN") != NULL) {
p.pop3_auth_mechanism = AUTH_LOGIN;
}
if (strstr(buf, "SASL") == NULL) {
#ifdef LIBOPENSSL
if (strlen(apop_challenge) == 0) {
p.pop3_auth_mechanism = AUTH_CLEAR;
} else {
p.pop3_auth_mechanism = AUTH_APOP;
}
#else
p.pop3_auth_mechanism = AUTH_CLEAR;
#endif
}
free(buf);
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
if (strstr(miscptr, "CLEAR"))
p.pop3_auth_mechanism = AUTH_CLEAR;
if (strstr(miscptr, "LOGIN"))
p.pop3_auth_mechanism = AUTH_LOGIN;
if (strstr(miscptr, "PLAIN"))
p.pop3_auth_mechanism = AUTH_PLAIN;
#ifdef LIBOPENSSL
if (strstr(miscptr, "APOP"))
p.pop3_auth_mechanism = AUTH_APOP;
if (strstr(miscptr, "CRAM-MD5"))
p.pop3_auth_mechanism = AUTH_CRAMMD5;
if (strstr(miscptr, "CRAM-SHA1"))
p.pop3_auth_mechanism = AUTH_CRAMSHA1;
if (strstr(miscptr, "CRAM-SHA256"))
p.pop3_auth_mechanism = AUTH_CRAMSHA256;
if (strstr(miscptr, "DIGEST-MD5"))
p.pop3_auth_mechanism = AUTH_DIGESTMD5;
#endif
if (strstr(miscptr, "NTLM"))
p.pop3_auth_mechanism = AUTH_NTLM;
}
if (verbose) {
switch (p.pop3_auth_mechanism) {
case AUTH_CLEAR:
hydra_report(stderr, "[VERBOSE] using POP3 CLEAR LOGIN mechanism\n");
break;
case AUTH_LOGIN:
hydra_report(stderr, "[VERBOSE] using POP3 LOGIN AUTH mechanism\n");
break;
case AUTH_PLAIN:
hydra_report(stderr, "[VERBOSE] using POP3 PLAIN AUTH mechanism\n");
break;
case AUTH_APOP:
#ifdef LIBOPENSSL
if (strlen(apop_challenge) == 0) {
hydra_report(stderr, "[VERBOSE] APOP not supported by server, using clear login\n");
p.pop3_auth_mechanism = AUTH_CLEAR;
} else {
hydra_report(stderr, "[VERBOSE] using POP3 APOP AUTH mechanism\n");
}
#else
p.pop3_auth_mechanism = AUTH_CLEAR;
#endif
break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:
hydra_report(stderr, "[VERBOSE] using POP3 CRAM-MD5 AUTH mechanism\n");
break;
case AUTH_CRAMSHA1:
hydra_report(stderr, "[VERBOSE] using POP3 CRAM-SHA1 AUTH mechanism\n");
break;
case AUTH_CRAMSHA256:
hydra_report(stderr, "[VERBOSE] using POP3 CRAM-SHA256 AUTH mechanism\n");
break;
case AUTH_DIGESTMD5:
hydra_report(stderr, "[VERBOSE] using POP3 DIGEST-MD5 AUTH mechanism\n");
break;
#endif
case AUTH_NTLM:
hydra_report(stderr, "[VERBOSE] using POP3 NTLM AUTH mechanism\n");
break;
}
}
if(!plist)
plist=list_create(p);
else
plist=list_insert(p);
return 0;
}
void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char version, int auth_method) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_LDAP, mysslport = PORT_LDAP_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(275000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
counter = 1;
if (tls_required) {
/* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC 2830 */
char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37";
if (hydra_send(sock, confidentiality_required, strlen(confidentiality_required), 0) < 0)
hydra_child_exit(1);
if ((buf = (unsigned char*) hydra_receive_line(sock)) == NULL)
hydra_child_exit(1);
if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) {
/* TLS option negociation goes well, now trying to connect */
if ((hydra_connect_to_ssl(sock) == -1) && verbose) {
hydra_report(stderr, "[ERROR] Can't use TLS\n");
hydra_child_exit(1);
} else {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS connection done\n");
counter++;
}
} else {
hydra_report(stderr, "[ERROR] Can't use TLS %s\n", buf);
hydra_child_exit(1);
}
}
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_ldap(sock, ip, port, options, miscptr, fp, version, auth_method);
counter++;
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 0;
char *buffer1 = "1 CAPABILITY\r\n";
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(275000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
buf = hydra_receive_line(sock);
if ((buf == NULL) || (strstr(buf, "OK") == NULL && buf[0] != '*')) { /* check the first line */
if (verbose || debug) hydra_report(stderr, "[ERROR] Not an IMAP protocol or service shutdown:\n");
if (buf != NULL)
free(buf);
hydra_child_exit(2);
}
free(buf);
/* send capability request */
if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0)
exit(-1);
counter = 2;
buf = imap_read_server_capacity(sock);
if (buf == NULL) {
hydra_child_exit(2);
}
#ifdef LIBOPENSSLNEW
if (!disable_tls) {
/* check for STARTTLS, if available we may have access to more basic auth methods */
if (strstr(buf, "STARTTLS") != NULL) {
hydra_send(sock, "2 STARTTLS\r\n", strlen("2 STARTTLS\r\n"), 0);
counter++;
free(buf);
buf = hydra_receive_line(sock);
if (buf == NULL || (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL)) {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS negotiation failed\n");
} else {
free(buf);
if ((hydra_connect_to_ssl(sock) == -1)) {
if (verbose)
hydra_report(stderr, "[ERROR] Can't use TLS\n");
disable_tls = 1;
run = 1;
break;
} else {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS connection done\n");
}
/* ask again capability request but in TLS mode */
if (hydra_send(sock, "3 CAPABILITY\r\n", strlen("3 CAPABILITY\r\n"), 0) < 0)
hydra_child_exit(2);
buf = imap_read_server_capacity(sock);
counter++;
if (buf == NULL)
hydra_child_exit(2);
}
}
}
#endif
if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) {
imap_auth_mechanism = AUTH_NTLM;
}
#ifdef LIBOPENSSLNEW
if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "SCRAM-SHA-1") != NULL)) {
imap_auth_mechanism = AUTH_SCRAMSHA1;
}
if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "DIGEST-MD5") != NULL)) {
imap_auth_mechanism = AUTH_DIGESTMD5;
}
if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "CRAM-SHA256") != NULL)) {
imap_auth_mechanism = AUTH_CRAMSHA256;
}
if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "CRAM-SHA1") != NULL)) {
imap_auth_mechanism = AUTH_CRAMSHA1;
}
if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "CRAM-MD5") != NULL)) {
imap_auth_mechanism = AUTH_CRAMMD5;
}
#endif
if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "PLAIN") != NULL)) {
imap_auth_mechanism = AUTH_PLAIN;
}
if (strstr(buf, "LOGIN") != NULL) {
imap_auth_mechanism = AUTH_LOGIN;
}
free(buf);
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
int i;
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
if (strncmp(miscptr, "CLEAR", 5) == 0)
imap_auth_mechanism = AUTH_CLEAR;
if (strncmp(miscptr, "LOGIN", 5) == 0)
imap_auth_mechanism = AUTH_LOGIN;
if (strncmp(miscptr, "PLAIN", 5) == 0)
imap_auth_mechanism = AUTH_PLAIN;
#ifdef LIBOPENSSLNEW
if (strncmp(miscptr, "CRAM-MD5", 8) == 0)
imap_auth_mechanism = AUTH_CRAMMD5;
if (strncmp(miscptr, "CRAM-SHA1", 9) == 0)
imap_auth_mechanism = AUTH_CRAMSHA1;
if (strncmp(miscptr, "CRAM-SHA256", 11) == 0)
imap_auth_mechanism = AUTH_CRAMSHA256;
if (strncmp(miscptr, "DIGEST-MD5", 10) == 0)
imap_auth_mechanism = AUTH_DIGESTMD5;
if (strncmp(miscptr, "SCRAM-SHA1", 10) == 0)
imap_auth_mechanism = AUTH_SCRAMSHA1;
#endif
if (strncmp(miscptr, "NTLM", 4) == 0)
imap_auth_mechanism = AUTH_NTLM;
}
if (verbose) {
switch (imap_auth_mechanism) {
case AUTH_CLEAR:
hydra_report(stderr, "[VERBOSE] using IMAP CLEAR LOGIN mechanism\n");
break;
case AUTH_LOGIN:
hydra_report(stderr, "[VERBOSE] using IMAP LOGIN AUTH mechanism\n");
break;
case AUTH_PLAIN:
hydra_report(stderr, "[VERBOSE] using IMAP PLAIN AUTH mechanism\n");
break;
#ifdef LIBOPENSSLNEW
case AUTH_CRAMMD5:
hydra_report(stderr, "[VERBOSE] using IMAP CRAM-MD5 AUTH mechanism\n");
break;
case AUTH_CRAMSHA1:
hydra_report(stderr, "[VERBOSE] using IMAP CRAM-SHA1 AUTH mechanism\n");
break;
case AUTH_CRAMSHA256:
hydra_report(stderr, "[VERBOSE] using IMAP CRAM-SHA256 AUTH mechanism\n");
break;
case AUTH_DIGESTMD5:
hydra_report(stderr, "[VERBOSE] using IMAP DIGEST-MD5 AUTH mechanism\n");
break;
case AUTH_SCRAMSHA1:
hydra_report(stderr, "[VERBOSE] using IMAP SCRAM-SHA1 AUTH mechanism\n");
break;
#endif
case AUTH_NTLM:
hydra_report(stderr, "[VERBOSE] using IMAP NTLM AUTH mechanism\n");
break;
}
}
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_imap(sock, ip, port, options, miscptr, fp);
counter++;
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int i = 0, run = 1, next_run = 1, sock = -1;
int myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0;
char *buffer1 = "CAPABILITIES\r\n";
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
// usleep(300000);
buf = hydra_receive_line(sock);
if (buf == NULL || buf[0] != '2') { /* check the first line */
if (verbose || debug) hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
}
free(buf);
/* send capability request */
if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0)
hydra_child_exit(2);
buf = nntp_read_server_capacity(sock);
if (buf == NULL) {
hydra_child_exit(2);
}
#ifdef LIBOPENSSL
if (!disable_tls) {
/* if we got a positive answer */
if (strstr(buf, "STARTTLS") != NULL) {
hydra_send(sock, "STARTTLS\r\n", strlen("STARTTLS\r\n"), 0);
free(buf);
buf = hydra_receive_line(sock);
/* 382 Begin TLS negotiation now */
if (buf == NULL || strstr(buf, "382") == NULL) {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS negotiation failed\n");
} else {
free(buf);
if ((hydra_connect_to_ssl(sock) == -1)) {
if (verbose)
hydra_report(stderr, "[ERROR] Can't use TLS\n");
disable_tls = 1;
run = 1;
break;
} else {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS connection done\n");
}
/* ask again capability request but in TLS mode */
if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0)
hydra_child_exit(2);
/* we asking again cause often plain and login can only
be negociate in SSL tunnel
*/
buf = nntp_read_server_capacity(sock);
if (buf == NULL) {
hydra_child_exit(2);
}
}
}
}
#endif
/*
AUTHINFO USER SASL
SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5
*/
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "SASL\\s.*NTLM")) {
#else
if (strstr(buf, "NTLM") != NULL) {
#endif
nntp_auth_mechanism = AUTH_NTLM;
}
#ifdef LIBOPENSSL
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "SASL\\s.*DIGEST-MD5")) {
#else
if (strstr(buf, "DIGEST-MD5") != NULL) {
#endif
nntp_auth_mechanism = AUTH_DIGESTMD5;
}
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "SASL\\s.*CRAM-MD5")) {
#else
if (strstr(buf, "CRAM-MD5") != NULL) {
#endif
nntp_auth_mechanism = AUTH_CRAMMD5;
}
#endif
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "SASL\\s.*PLAIN")) {
#else
if (strstr(buf, "PLAIN") != NULL) {
#endif
nntp_auth_mechanism = AUTH_PLAIN;
}
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "SASL\\s.*LOGIN")) {
#else
if (strstr(buf, "LOGIN") != NULL) {
#endif
nntp_auth_mechanism = AUTH_LOGIN;
}
#ifdef HAVE_PCRE
if (hydra_string_match(buf, "AUTHINFO\\sUSER")) {
#else
if (strstr(buf, "AUTHINFO USER") != NULL) {
#endif
nntp_auth_mechanism = AUTH_CLEAR;
}
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
if (strncmp(miscptr, "USER", 4) == 0)
nntp_auth_mechanism = AUTH_CLEAR;
if (strncmp(miscptr, "LOGIN", 5) == 0)
nntp_auth_mechanism = AUTH_LOGIN;
if (strncmp(miscptr, "PLAIN", 5) == 0)
nntp_auth_mechanism = AUTH_PLAIN;
#ifdef LIBOPENSSL
if (strncmp(miscptr, "CRAM-MD5", 8) == 0)
nntp_auth_mechanism = AUTH_CRAMMD5;
if (strncmp(miscptr, "DIGEST-MD5", 10) == 0)
nntp_auth_mechanism = AUTH_DIGESTMD5;
#endif
if (strncmp(miscptr, "NTLM", 4) == 0)
nntp_auth_mechanism = AUTH_NTLM;
}
if (verbose) {
switch (nntp_auth_mechanism) {
case AUTH_CLEAR:
hydra_report(stderr, "[VERBOSE] using NNTP AUTHINFO USER mechanism\n");
break;
case AUTH_LOGIN:
hydra_report(stderr, "[VERBOSE] using NNTP LOGIN AUTH mechanism\n");
break;
case AUTH_PLAIN:
hydra_report(stderr, "[VERBOSE] using NNTP PLAIN AUTH mechanism\n");
break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:
hydra_report(stderr, "[VERBOSE] using NNTP CRAM-MD5 AUTH mechanism\n");
break;
case AUTH_DIGESTMD5:
hydra_report(stderr, "[VERBOSE] using NNTP DIGEST-MD5 AUTH mechanism\n");
break;
#endif
case AUTH_NTLM:
hydra_report(stderr, "[VERBOSE] using NNTP NTLM AUTH mechanism\n");
break;
}
}
usleep(25000);
free(buf);
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_nntp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}
void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_VMAUTHD, mysslport = PORT_VMAUTHD_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
// usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = myport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
buf = hydra_receive_line(sock);
//fprintf(stderr, "%s\n",buf);
//220 VMware Authentication Daemon Version 1.00
//220 VMware Authentication Daemon Version 1.10: SSL Required
//220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC ,
if (buf == NULL || strstr(buf, "220 VMware Authentication Daemon Version ") == NULL) {
/* check the first line */
if (verbose || debug) hydra_report(stderr, "[ERROR] Not an vmware authd protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
}
if ((strstr(buf, "Version 1.00") == NULL) && (strstr(buf, "Version 1.10") == NULL)) {
free(buf);
hydra_report(stderr, "[ERROR] this vmware authd protocol is not supported, please report: %s\n", buf);
hydra_child_exit(2);
}
//by default this service is waiting for ssl connections
if (strstr(buf, "SSL Required") != NULL) {
if ((options & OPTION_SSL) == 0) {
//reconnecting using SSL
if (hydra_connect_to_ssl(sock) == -1) {
free(buf);
hydra_report(stderr, "[ERROR] Can't use SSL\n");
hydra_child_exit(2);
}
}
}
free(buf);
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_vmauthd(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1, tls = 0;
char buffer[500];
int myport = PORT_XMPP, mysslport = PORT_XMPP_SSL, disable_tls = 0;
char *enddomain = NULL;
//we have to pass the target here as the reverse dns resolution is not working for some servers
//try to extract only the domain name from the target
//so for o.nimbuzz.com will get nimbuzz.com
//and hermes.jabber.org will get jabber.org
domain = strchr(target, '.');
if (!domain) {
hydra_report(stderr, "[ERROR] can't extract the domain name, you have to specify a fqdn xmpp server, the domain name will be used in the jabber init request\n");
hydra_child_exit(1);
}
enddomain = strrchr(target, '.');
//check if target is not already a domain name aka only . char in the string
if (enddomain && (enddomain == domain)) {
domain = target;
} else {
//moving to pass the . char
domain = domain + 1;
}
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
memset(buffer, 0, sizeof(buffer));
snprintf(buffer, sizeof(buffer), "%s%s%s", JABBER_CLIENT_INIT_STR, domain, JABBER_CLIENT_INIT_END_STR);
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
hydra_child_exit(1);
}
//some server is longer to answer
usleep(300000);
buf = hydra_receive_line(sock);
if (buf == NULL)
hydra_child_exit(1);
if (strstr(buf, "<stream:stream") == NULL) {
if (verbose || debug)
hydra_report(stderr, "[ERROR] Not an xmpp protocol or service shutdown: %s\n", buf);
free(buf);
hydra_child_exit(1);
}
if (strstr(buf, "<stream:error")) {
if (strstr(buf, "<host-unknown"))
hydra_report(stderr, "[ERROR] %s host unknown, you have to specify a fqdn xmpp server, the domain name will be used in the jabber init request : %s\n", domain, buf);
else
hydra_report(stderr, "[ERROR] xmpp protocol : %s\n", buf);
free(buf);
hydra_child_exit(1);
}
/* try to identify which features is supported */
if (strstr(buf, ":xmpp-tls") != NULL) {
tls = 1;
}
if (strstr(buf, ":xmpp-sasl") != NULL) {
if (strstr(buf, "<mechanism>SCRAM-SHA-1</mechanism>") != NULL) {
xmpp_auth_mechanism = AUTH_SCRAMSHA1;
}
if (strstr(buf, "<mechanism>CRAM-MD5</mechanism>") != NULL) {
xmpp_auth_mechanism = AUTH_CRAMMD5;
}
if (strstr(buf, "<mechanism>DIGEST-MD5</mechanism>") != NULL) {
xmpp_auth_mechanism = AUTH_DIGESTMD5;
}
if (strstr(buf, "<mechanism>PLAIN</mechanism>") != NULL) {
xmpp_auth_mechanism = AUTH_PLAIN;
}
if (strstr(buf, "<mechanism>LOGIN</mechanism>") != NULL) {
xmpp_auth_mechanism = AUTH_LOGIN;
}
}
if (xmpp_auth_mechanism == AUTH_ERROR) {
/* no auth method identified */
hydra_report(stderr, "[ERROR] no authentication methods can be identified %s\n", buf);
free(buf);
hydra_child_exit(1);
}
free(buf);
if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
int i;
for (i = 0; i < strlen(miscptr); i++)
miscptr[i] = (char) toupper((int) miscptr[i]);
if (strncmp(miscptr, "LOGIN", 5) == 0)
xmpp_auth_mechanism = AUTH_LOGIN;
if (strncmp(miscptr, "PLAIN", 5) == 0)
xmpp_auth_mechanism = AUTH_PLAIN;
#ifdef LIBOPENSSL
if (strncmp(miscptr, "CRAM-MD5", 8) == 0)
xmpp_auth_mechanism = AUTH_CRAMMD5;
if (strncmp(miscptr, "SCRAM-SHA1", 10) == 0)
xmpp_auth_mechanism = AUTH_SCRAMSHA1;
if (strncmp(miscptr, "DIGEST-MD5", 10) == 0)
xmpp_auth_mechanism = AUTH_DIGESTMD5;
#endif
}
if (verbose) {
switch (xmpp_auth_mechanism) {
case AUTH_LOGIN:
hydra_report(stderr, "[VERBOSE] using XMPP LOGIN AUTH mechanism\n");
break;
case AUTH_PLAIN:
hydra_report(stderr, "[VERBOSE] using XMPP PLAIN AUTH mechanism\n");
break;
#ifdef LIBOPENSSL
case AUTH_CRAMMD5:
hydra_report(stderr, "[VERBOSE] using XMPP CRAM-MD5 AUTH mechanism\n");
break;
case AUTH_SCRAMSHA1:
hydra_report(stderr, "[VERBOSE] using XMPP SCRAM-SHA1 AUTH mechanism\n");
break;
case AUTH_DIGESTMD5:
hydra_report(stderr, "[VERBOSE] using XMPP DIGEST-MD5 AUTH mechanism\n");
break;
#endif
}
}
#ifdef LIBOPENSSL
//check if tls is not wanted and if tls is available
if (!disable_tls && tls) {
char *STARTTLS = "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>";
hydra_send(sock, STARTTLS, strlen(STARTTLS), 0);
usleep(300000);
buf = hydra_receive_line(sock);
if (buf == NULL || strstr(buf, "<failure") != NULL) {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS negotiation failed\n");
} else {
free(buf);
if ((hydra_connect_to_ssl(sock) == -1)) {
if (verbose)
hydra_report(stderr, "[ERROR] Can't use TLS\n");
disable_tls = 1;
run = 1;
break;
} else {
if (verbose)
hydra_report(stderr, "[VERBOSE] TLS connection done\n");
}
/* we have to resend the init stream */
memset(buffer, 0, sizeof(buffer));
snprintf(buffer, sizeof(buffer), "%s%s%s", JABBER_CLIENT_INIT_STR, domain, JABBER_CLIENT_INIT_END_STR);
if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
hydra_child_exit(1);
}
//some server is longer to answer
usleep(300000);
buf = hydra_receive_line(sock);
if ((buf == NULL) || (strstr(buf, "<stream:stream") == NULL))
hydra_child_exit(1);
}
free(buf);
}
#endif
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_xmpp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(2);
}
run = next_run;
}
}
