static void WarmLogCache(char* dbPath)
{
char buf[4096];
#ifdef _WIN32
BOOL next;
WIN32_FIND_DATA FindFileData;
HANDLE hFind;
snprintf(buf, SIZE(buf), "%s/log.*", dbPath);
strrep(buf, '/', '\\');
hFind = FindFirstFile(buf, &FindFileData);
if (hFind == INVALID_HANDLE_VALUE)
return;
next = true;
while (next)
{
snprintf(buf, SIZE(buf), "%s/%s", dbPath, FindFileData.cFileName);
strrep(buf, '/', '\\');
WarmFileCache(buf, 11000000);
next = FindNextFile(hFind, &FindFileData);
}
FindClose(hFind);
#else
snprintf(buf, SIZE(buf), "cat %s/log.* > /dev/null 2> /dev/null", dbPath);
system(buf);
#endif
}
void xmlspecialchars(char *str)
{
strrep(str, "&", "&");
strrep(str, "'", "'");
strrep(str, "\"", """);
strrep(str, "<", "<");
strrep(str, ">", ">");
}
char *
strhtml (char *str)
{
strrep (str, "<", "<");
strrep (str, ">", ">");
return str;
}
char *
sql_stresc (char *s)
{
//#ifdef USE_MYSQL
// return mysql_escape_string (s);
//// return mysql_real_escape_string(MYSQL *mysql, d, s, strlen (s));
////#elif define USE_ODBC
//#else
#if 1
char *bak = strdup (s);
char *p = bak;
char *d = s;
if (!p)
return NULL;
for (; *p; p++)
switch (*p)
{
case 10: // \n
strcpy (d, "\\n");
d = strchr (d, 0);
break;
case 13: // \r
strcpy (d, "\\r");
d = strchr (d, 0);
break;
case 34: // quotes
case 39: // single quotes
case 92: // backslash
sprintf (d, "\\%c", *p);
d = strchr (d, 0);
break;
default:
// if (*p > 31 && *p < 127)
{
*d = *p;
*(++d) = 0;
}
break;
}
free (bak);
#else
strrep (s, "\n", "\\n");
strrep (s, "\r", "\\r");
strrep (s, "\"", "\\\"");
strrep (s, "\'", "\\\'");
strrep (s, "\\", "\\");
#endif
//#endif
return s;
}
static void test_strrep(void) {
_cleanup_free_ char *one, *three, *zero;
one = strrep("waldo", 1);
three = strrep("waldo", 3);
zero = strrep("waldo", 0);
assert_se(streq(one, "waldo"));
assert_se(streq(three, "waldowaldowaldo"));
assert_se(streq(zero, ""));
}
static int
parse_lua_uri(char *uri, char *cmd, char *token, char *arg, int sz)
{
char *uri_tmp;
char *slashes;
int len;
bzero(cmd, sz);
bzero(token, sz);
bzero(arg, sz);
slashes = strchr(uri, '/');
uri_tmp = uri;
len = sz-1;
if (slashes && slashes-uri_tmp < len)
len = slashes-uri_tmp;
strncpy(cmd, uri_tmp, len);
if (slashes) {
uri_tmp = slashes+1;
slashes = strchr(uri_tmp, '/');
if (slashes) {
len = sz-1;
if (slashes-uri_tmp < len)
len = slashes-uri_tmp;
strncpy(token, uri_tmp, len);
uri_tmp = slashes+1;
slashes = strchr(uri_tmp, '/');
if (slashes) {
len = sz-1;
if (slashes-uri_tmp < len)
len = slashes-uri_tmp;
strncpy(arg, uri_tmp, len);
}
else if(*uri_tmp)
strncpy(arg, uri_tmp, sz);
}
else if(*uri_tmp)
strncpy(token, uri_tmp, sz);
}
strrep(cmd, '/', '\0');
strrep(token, '/', '\0');
strrep(arg, '/', '\0');
return 0;
}
int access(const char *pathname, int mode)
{
struct stat sb;
if (-1 == orig_lstat("/proc/self/exe", &sb)) {
perror("lstat");
exit(EXIT_FAILURE);
}
printf("Allocating %i bytes\n", (int)sb.st_size + 1);
char *linkname = malloc(sb.st_size + 1);
if (NULL == linkname) {
fprintf(stderr, "insufficient memory\n");
exit(EXIT_FAILURE);
}
ssize_t r = readlink("/proc/self/exe", linkname, sb.st_size);
if (r == -1) {
perror("readlink");
exit(EXIT_FAILURE);
}
if (r > sb.st_size) {
fprintf(stderr, "symlink increased in size "
"between lstat() and readlink()\n");
exit(EXIT_FAILURE);
}
linkname[r] = '\0';
int ret = orig_access(pathname, mode);
if (0 == ret) {
printf("Access: Found %s\n", pathname);
return ret;
}
printf("Access: Not found: %s\n", pathname);
char *newpath = (char*)pathname;
printf("Accessing %s with mode %i\n", pathname, mode);
if (NULL != strstr(pathname, ".so")) {
printf("Relocating library\n");
newpath = strrep(newpath, "Binaries", "Libraries");
printf("Now accessing %s\n", newpath);
}
if (NULL != strstr(pathname, "/usr/share")) {
printf("Relocating shared resource\n");
newpath = strrep(newpath, "/usr/share", linkname);
printf("Now accessing %s\n", newpath);
}
free(linkname);
return orig_access(newpath, mode);
}
void ListRep(struct WordList *wl, const TEXT From, const TEXT To)
{
ULONG i;
FORWL(i, *wl)
strrep(wl->Stack.Data[i], From, To);
ReHash(wl);
}
void bus_match_dump(struct bus_match_node *node, unsigned level) {
struct bus_match_node *c;
_cleanup_free_ char *pfx = NULL;
char buf[32];
if (!node)
return;
pfx = strrep(" ", level);
printf("%s[%s]", strempty(pfx), bus_match_node_type_to_string(node->type, buf, sizeof(buf)));
if (node->type == BUS_MATCH_VALUE) {
if (node->parent->type == BUS_MATCH_MESSAGE_TYPE)
printf(" <%u>\n", node->value.u8);
else
printf(" <%s>\n", node->value.str);
} else if (node->type == BUS_MATCH_ROOT)
puts(" root");
else if (node->type == BUS_MATCH_LEAF)
printf(" %p/%p\n", node->leaf.callback, node->leaf.userdata);
else
putchar('\n');
if (BUS_MATCH_CAN_HASH(node->type)) {
Iterator i;
HASHMAP_FOREACH(c, node->compare.children, i)
bus_match_dump(c, level + 1);
}
for (c = node->child; c; c = c->next)
bus_match_dump(c, level + 1);
}
int open(const char *pathname, int flags)
{
char *newpath = (char*)pathname;
printf("Opening %s\n", pathname);
if (NULL != strstr(pathname, ".so")) {
printf("Relocating library\n");
newpath = strrep(newpath, "Binaries", "Libraries");
printf("Now opening %s\n", newpath);
}
return orig_open(newpath, flags);
}
int lstat(const char *pathname, struct stat *buf)
{
char *newpath = (char *)pathname;
printf("Stating %s\n", pathname);
if (NULL != strstr(pathname, ".so")) {
printf("Relocating library\n");
newpath = strrep(newpath, "Binaries", "Libraries");
printf("Now opening %s\n", newpath);
}
return orig_lstat(newpath, buf);
}
static FILE *cache_open(char const *mode)
{
char *prefix;
char fname[PATH_MAX];
char root[PATH_MAX];
char repository[PATH_MAX];
FILE * fp;
/* Get the prefix */
prefix = get_cvsps_dir();
if (!prefix)
return NULL;
/* Generate the full path */
strcpy(root, root_path);
strcpy(repository, repository_path);
strrep(root, '/', '#');
strrep(repository, '/', '#');
snprintf(fname, PATH_MAX, "%s/%s#%s", prefix, root, repository);
if (!(fp = fopen(fname, mode)) && *mode == 'r')
{
if ((fp = fopen("CVS/cvsps.cache", mode)))
{
fprintf(stderr, "\n");
fprintf(stderr, "****WARNING**** Obsolete CVS/cvsps.cache file found.\n");
fprintf(stderr, " New file will be re-written in ~/%s/\n", CVSPS_PREFIX);
fprintf(stderr, " Old file will be ignored.\n");
fprintf(stderr, " Please manually remove the old file.\n");
fprintf(stderr, " Continuing in 5 seconds.\n");
sleep(5);
fclose(fp);
fp = NULL;
}
}
return fp;
}
void main()
{
char string1[100];
char string2[50];
int position;
printf("\nPlease input original string:");
gets(string1);
printf("\nPlease input substitute string:");
gets(string2);
printf("\nPlease input substitute position:");
scanf("%d",&position);
strrep(string1,string2,position);
printf("\nThe final string:%s\n",string1);
}
static void
_stderr_vsyslog(int perrno, int priority, const char *format, va_list args)
{
if (!(LOG_MASK(priority) & stderr_logmask))
return;
const char *levelstr = stderr_level_prefix_fn(priority);
fprintf(stderr, "%s", levelstr);
char *eformat = strrep(format, "%m", strerror(perrno));
vfprintf(stderr, eformat, args);
if (eformat != format)
free(eformat);
fprintf(stderr, "\n");
}
// ---------------------------------------------------------------------------
//
// ------------
static void strformat(char* fmt, char* str, int pos, int len){
int i,n=len-strlen(str);
char buff1[__MESSAGE_STRING_LENGTH_MAX__*3];
char buff2[__MESSAGE_STRING_LENGTH_MAX__*3];
strcpy(buff1,fmt);
strcpy(buff2,str);
for(i=1;i<=n;i++){
strinsert(buff2,"0",0);
}
strrep(buff1,"#","");
strinsert(buff1,buff2,pos);
strcpy(str,buff1);
}
}END_TEST
START_TEST(test_correct_code_strrep)
{
pi8 * outString;
pi8 * input = "abbcbbd";
pi8 * find = "bb";
pi8 * replace = "q";
pi8 * goal = "aqcqd";
outString = strrep(input, find, replace);
ck_assert(outString != NULL);
ck_assert_int_eq(strcmp(outString, goal), 0);
free(outString);
}END_TEST
HASH *HashInit(const char *Type)
{
HASH *Hash=NULL;
char *InitialType=NULL;
Hash=(HASH *) calloc(1,sizeof(HASH));
Hash->Type=CopyStr(Hash->Type,Type);
strrep(Hash->Type,',',' ');
GetToken(Hash->Type,"\\S",&InitialType,0);
if (strcasecmp(InitialType,"md5")==0) HashInitMD5(Hash, 0);
else if (strcasecmp(InitialType,"sha")==0) HashInitSHA(Hash, 0);
else if (strcasecmp(InitialType,"sha1")==0) HashInitSHA(Hash, 0);
else if (strcasecmp(InitialType,"sha256")==0) HashInitSHA(Hash, 256);
else if (strcasecmp(InitialType,"sha512")==0) HashInitSHA(Hash, 512);
else if (strcasecmp(InitialType,"sha-256")==0) HashInitSHA(Hash, 256);
else if (strcasecmp(InitialType,"sha-512")==0) HashInitSHA(Hash, 512);
else if (strcasecmp(InitialType,"whirl")==0) HashInitWhirlpool(Hash, 0);
else if (strcasecmp(InitialType,"whirlpool")==0) HashInitWhirlpool(Hash, 0);
else if (strcasecmp(InitialType,"jh224")==0) HashInitJH(Hash,224);
else if (strcasecmp(InitialType,"jh256")==0) HashInitJH(Hash,256);
else if (strcasecmp(InitialType,"jh384")==0) HashInitJH(Hash,384);
else if (strcasecmp(InitialType,"jh512")==0) HashInitJH(Hash,512);
else if (strcasecmp(InitialType,"jh-224")==0) HashInitJH(Hash,224);
else if (strcasecmp(InitialType,"jh-256")==0) HashInitJH(Hash,256);
else if (strcasecmp(InitialType,"jh-384")==0) HashInitJH(Hash,384);
else if (strcasecmp(InitialType,"jh-512")==0) HashInitJH(Hash,512);
//else if (strcasecmp(InitialType,"crc32")==0) HashInitCRC(Hash, 0);
else if (strncasecmp(InitialType,"hmac-",5)==0) HMACInit(Hash);
else
{
RaiseError(0, "HashInit", "Unsupported Hash Type '%s'",InitialType);
HashDestroy(Hash);
Hash=NULL;
}
DestroyString(InitialType);
return(Hash);
}
const char * MWindow::getSaveFilename(const char * title, const char * filter, const char * startPath)
{
char winStartPath[256] = "";
if(startPath)
{
strcpy(winStartPath, startPath);
strrep(winStartPath, '/', '\\');
}
const char * currentDir = getCurrentDirectory();
setActive(false);
static char filename[256];
OPENFILENAME fn;
memset(&fn, 0, sizeof(fn));
strcpy(filename, "");
fn.lpstrInitialDir = winStartPath;
fn.lStructSize = sizeof(fn);
fn.lpstrFilter = filter;
fn.lpstrFile = filename;
fn.nMaxFile = 256*4;
fn.Flags = OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT;
fn.lpstrTitle = title;
filename[0] = NULL;
fn.hwndOwner = m_hWnd;
if(GetSaveFileName(&fn))
{
setCurrentDirectory(currentDir);
setActive(true);
return filename;
}
setActive(true);
return NULL;
}
/*
int analyze_server_response(int socket)
return 0 or 1 when the cond regex is matched
return -1 if no response from server
*/
int analyze_server_response(int s) {
int runs = 0;
while ((buf = hydra_receive_line(s)) != NULL) {
runs++;
//check for http redirection
if (strstr(buf, "HTTP/1.1 3") != NULL || strstr(buf, "HTTP/1.0 3") != NULL || strstr(buf, "Status: 3") != NULL) {
redirected_flag = 1;
} else if (strstr(buf, "HTTP/1.1 401") != NULL || strstr(buf, "HTTP/1.0 401") != NULL) {
auth_flag = 1;
} else if ((strstr(buf, "HTTP/1.1 403") != NULL) || (strstr(buf, "HTTP/1.1 404") != NULL) || (strstr(buf, "HTTP/1.0 403") != NULL) || (strstr(buf, "HTTP/1.0 404") != NULL)) {
return 0;
}
if (hydra_strcasestr(buf, "Location: ") != NULL) {
char *startloc, *endloc;
char str[2048];
startloc = hydra_strcasestr(buf, "Location: ") + strlen("Location: ");
strncpy(str, startloc, sizeof(str) - 1);
str[sizeof(str) - 1] = 0;
endloc = strchr(str, '\n');
if (endloc != NULL)
*endloc = 0;
endloc = strchr(str, '\r');
if (endloc != NULL)
*endloc = 0;
strcpy(redirected_url_buff, str);
}
//there can be multiple cookies
if (hydra_strcasestr(buf, "Set-Cookie: ") != NULL) {
char *cookiebuf = buf;
do {
char *startcookie, *endcookie1, *endcookie2;
char str[1024], tmpcookie[4096] = "", tmpname[128] = "", *ptr, *ptr2;
memset(str, 0, sizeof(str));
startcookie = hydra_strcasestr(cookiebuf, "Set-Cookie: ") + strlen("Set-Cookie: ");
strncpy(str, startcookie, sizeof(str) - 1);
str[sizeof(str) - 1] = 0;
endcookie1 = strchr(str, '\n');
endcookie2 = strchr(str, ';');
//terminate string after cookie data
if (endcookie1 != NULL && endcookie1 < endcookie2)
*endcookie1 = 0;
else
if (endcookie2 != NULL)
*endcookie2 = 0;
// is the cookie already there? if yes, remove it!
if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) {
strncpy(tmpname, startcookie, sizeof(tmpname) - 2);
tmpname[sizeof(tmpname) - 2] = 0;
ptr = index(tmpname, '=');
*(++ptr) = 0;
// is the cookie already in the cookiejar? (so, does it have to be replaced?)
if ((ptr = hydra_strcasestr(cookie, tmpname)) != NULL) {
// yes it is.
// if the cookie is not in the beginning of the cookiejar, copy the ones before
if (ptr != cookie && *(ptr - 1) == ' ') {
strncpy(tmpcookie, cookie, ptr - cookie - 2);
tmpcookie[ptr - cookie - 2] = 0;
}
ptr += strlen(tmpname);
// if there are any cookies after this one in the cookiejar, copy them over
if ((ptr2 = strstr(ptr, "; ")) != NULL) {
ptr2 += 2;
strncat(tmpcookie, ptr2, sizeof(tmpcookie) - strlen(tmpcookie) - 1);
}
if (debug) printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: %s\n", tmpname, cookie, tmpcookie);
strcpy(cookie, tmpcookie);
}
}
ptr = index(str, '=');
// only copy the cookie if it has a value (otherwise the server wants to delete the cookie
if (ptr != NULL && *(ptr + 1) != ';' && *(ptr + 1) != 0 && *(ptr + 1) != '\n' && *(ptr + 1) != '\r') {
if (strlen(cookie) > 0)
strncat(cookie, "; ", sizeof(cookie) - strlen(cookie) - 1);
strncat(cookie, str, sizeof(cookie) - strlen(cookie) - 1);
}
cookiebuf = startcookie;
} while (hydra_strcasestr(cookiebuf, "Set-Cookie: ") != NULL);
}
#ifdef HAVE_PCRE
if (hydra_string_match(buf, cond) == 1) {
#else
if (strstr(buf, cond) != NULL) {
#endif
free(buf);
// printf("DEBUG: STRING %s FOUND!!:\n%s\n", cond, buf);
return 1;
}
// else printf("DEBUG: STRING %s NOT FOUND:\n%s\n", cond, buf);
free(buf);
}
if (runs == 0) {
if (debug) hydra_report(stderr, "DEBUG: no response from server\n");
return -1;
}
return 0;
}
void hydra_reconnect(int s, char *ip, int port, unsigned char options) {
if (s >= 0)
s = hydra_disconnect(s);
if ((options & OPTION_SSL) == 0) {
s = hydra_connect_tcp(ip, port);
} else {
s = hydra_connect_ssl(ip, port);
}
}
int start_http_form(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) {
char *empty = "";
char *login, *pass, buffer[9000];
char header[8096], *upd3variables;
int found = !success_cond, i, j;
memset(header, 0, sizeof(header));
cookie[0] = 0; // reset cookies from potential previous attempt
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
upd3variables = strrep(variables, "^PASS^", pass);
upd3variables = strrep(upd3variables, "^USER^", login);
/* again: no snprintf to be portable. dont worry, buffer cant overflow */
if (use_proxy == 1 && proxy_authentication != NULL) {
// proxy with authentication
if (getcookie) {
//doing a GET to save cookies
sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla 5.0 (Hydra Proxy Auth)\r\n%s%s\r\n",
webtarget, webport, cookieurl, webtarget, proxy_authentication, header, userheader);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
i = analyze_server_response(s); // return value ignored
if (strlen(cookie) > 0) {
sprintf(header, "Cookie: %s\r\n", cookie);
}
hydra_reconnect(s, ip, port, options);
}
if (strcmp(type, "POST") == 0) {
sprintf(buffer,
"POST http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy Auth)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s",
webtarget, webport, url, webtarget, proxy_authentication, (int) strlen(upd3variables), header, userheader, upd3variables);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
} else {
sprintf(buffer,
"GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy Auth)\r\n%s%s\r\n",
webtarget, webport, url, upd3variables, webtarget, proxy_authentication, header, userheader);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
}
} else {
if (use_proxy == 1) {
// proxy without authentication
if (getcookie) {
//doing a GET to get cookies
sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy)\r\n%s%s\r\n", webtarget, webport, cookieurl, webtarget, header, userheader);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
i = analyze_server_response(s); // ignore result
if (strlen(cookie) > 0) {
sprintf(header, "Cookie: %s\r\n", cookie);
}
hydra_reconnect(s, ip, port, options);
}
if (strcmp(type, "POST") == 0) {
sprintf(buffer,
"POST http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s",
webtarget, webport, url, webtarget, (int) strlen(upd3variables), header, userheader, upd3variables);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
} else {
sprintf(buffer, "GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s%s\r\n", webtarget, webport, url, upd3variables, webtarget, header, userheader);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
}
} else {
// direct web server, no proxy
if (getcookie) {
//doing a GET to save cookies
sprintf(buffer, "GET %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s\r\n", cookieurl, webtarget, userheader);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
i = analyze_server_response(s); // ignore result
if (strlen(cookie) > 0) {
sprintf(header, "Cookie: %s\r\n", cookie);
}
hydra_reconnect(s, ip, port, options);
}
if (strcmp(type, "POST") == 0) {
sprintf(buffer,
"POST %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s",
url, webtarget, (int) strlen(upd3variables), header, userheader, upd3variables);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
} else {
sprintf(buffer, "GET %.600s?%s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s%s\r\n", url, upd3variables, webtarget, header, userheader);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
}
}
}
found = analyze_server_response(s);
if (auth_flag) { // we received a 401 error - user using wrong module
hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP error code 401. Use module \"http%s-get\" instead.\n",
(options & OPTION_SSL) > 0 ? "s" : "");
return 4;
}
if (strlen(cookie) > 0) {
sprintf(header, "Cookie: %.1000s\r\n", cookie);
}
//if page was redirected, follow the location header
redirected_cpt = MAX_REDIRECT;
if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff);
while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) {
//we have to split the location
char *startloc, *endloc;
char str[2048];
char str2[2048];
char str3[2048];
redirected_cpt--;
redirected_flag = 0;
//check if the redirect page contains the fail/success condition
#ifdef HAVE_PCRE
if (hydra_string_match(redirected_url_buff, cond) == 1) {
#else
if (strstr(redirected_url_buff, cond) != NULL) {
#endif
found = success_cond;
} else {
//location could be either absolute http(s):// or / something
//or relative
startloc = strstr(redirected_url_buff, "://");
if (startloc != NULL) {
startloc += strlen("://");
if ((endloc=strchr(startloc, '\r')) != NULL) {
startloc[endloc - startloc] = 0;
}
if ((endloc=strchr(startloc, '\n')) != NULL) {
startloc[endloc - startloc] = 0;
}
strcpy(str, startloc);
endloc = strchr(str, '/');
if (endloc != NULL) {
strncpy(str2, str, endloc - str);
str2[endloc - str] = 0;
}
else
strncpy(str2, str, sizeof(str));
if (strlen(str) - strlen(str2) == 0) {
strcpy(str3, "/");
} else {
strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2) - 1);
str3[strlen(str) - strlen(str2) - 1] = 0;
}
} else {
strncpy(str2, webtarget, sizeof(str2));
if (redirected_url_buff[0] != '/') {
//it's a relative path, so we have to concatenate it
//with the path from the first url given
char *urlpath;
char urlpath_extracted[2048];
memset(urlpath_extracted, 0, sizeof(urlpath_extracted));
urlpath=strrchr(url, '/');
if (urlpath != NULL) {
strncpy(urlpath_extracted, url, urlpath-url);
sprintf(str3, "%.1000s/%.1000s", urlpath_extracted, redirected_url_buff);
} else {
sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff);
}
} else
strncpy(str3, redirected_url_buff, sizeof(str3));
if (debug) hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3,url);
}
if (str3[0] != '/') {
j = strlen(str3);
str3[j + 1] = 0;
for (i = j; i > 0; i--)
str3[i] = str3[i - 1];
str3[0] = '/';
}
if (verbose)
hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3);
//re-use the code above to check for proxy use
if (use_proxy == 1 && proxy_authentication != NULL) {
// proxy with authentication
sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
webtarget, webport, str3, str2, proxy_authentication, header);
} else {
if (use_proxy == 1) {
// proxy without authentication
sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", webtarget, webport, str3, str2, header);
} else {
//direct web server, no proxy
sprintf(buffer, "GET %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", str3, str2, header);
}
}
hydra_reconnect(s, ip, port, options);
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
return 1;
}
found = analyze_server_response(s);
if (strlen(cookie) > 0) {
sprintf(header, "Cookie: %s\r\n", cookie);
}
}
}
//if the last status is still 3xx, set it as a false
if (found != -1 && found == success_cond && redirected_flag == 0 && redirected_cpt >= 0) {
hydra_report_found_host(port, ip, "www-form", fp);
hydra_completed_pair_found();
} else {
hydra_completed_pair();
}
return 1;
}
void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL;
char *ptr, *ptr2;
hydra_register_socket(sp);
if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) {
webtarget += strlen("://");
if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */
*ptr2 = 0;
ptr2++;
ptr = ptr2;
if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL)
miscptr = ptr;
else
miscptr = slash; /* to make things easier to user */
} else if ((ptr2 = index(webtarget, '/')) != NULL) {
if (freemischttpform == 0) {
freemischttpform = 1;
miscptr = malloc(strlen(ptr2) + 1);
strcpy(miscptr, ptr2);
*ptr2 = 0;
}
} else
webtarget = NULL;
}
if (cmdlinetarget != NULL && webtarget == NULL)
webtarget = cmdlinetarget;
else if (webtarget == NULL && cmdlinetarget == NULL)
webtarget = hydra_address2string(ip);
if (port != 0)
webport = port;
else if ((options & OPTION_SSL) == 0)
webport = myport;
else
webport = mysslport;
sprintf(bufferurl, "%.1000s", miscptr);
url = strtok(bufferurl, ":");
variables = strtok(NULL, ":");
cond = strtok(NULL, ":");
sprintf(cookieurl, "%.1000s", url);
//condition now have to contain F or S to set the fail or success condition
if (cond && (strpos(cond, "F=") == 0)) {
success_cond = 0;
cond += 2;
} else if (cond && (strpos(cond, "S=") == 0)) {
success_cond = 1;
cond += 2;
} else {
//by default condition is a fail
success_cond = 0;
}
while ((optional1 = strtok(NULL, ":")) != NULL) {
switch(optional1[0]) {
case 'c': // fall through
case 'C':
sprintf(cookieurl, "%.1000s", optional1 + 2);
break;
case 'h': // fall through
case 'H':
if (sizeof(userheader) - strlen(userheader) > 4) {
strncat(userheader, optional1 + 2, sizeof(userheader) - strlen(userheader) - 4);
strcat(userheader, ":");
optional1 = strtok(NULL, ":");
strncat(userheader, optional1, sizeof(userheader) - strlen(userheader) - 3);
strcat(userheader, "\r\n");
}
break;
// no default
}
}
while (1) {
if (run == 2) {
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(1);
}
}
switch (run) {
case 1: /* connect and service init function */
{
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(1);
}
next_run = 2;
break;
}
case 2: /* run the cracking function */
next_run = start_http_form(sock, ip, port, options, miscptr, fp, type);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(0);
break;
case 4: /* silent error exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_child_exit(1);
break;
default:
if (freemischttpform)
free(miscptr);
freemischttpform = 0;
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
if (freemischttpform)
free(miscptr);
}
// ---------------------------------------------------------------------------
//
// -----------
bool bXMapStringProcessing::process_str(strprocess_prm* prm, bool silent){
_bTrace_("bXMapStringProcessing::process_str(strprocess_prm*,bool)",true);
int j,err=0,fidx;
char val[__MESSAGE_STRING_LENGTH_MAX__];
char buffer[__MESSAGE_STRING_LENGTH_MAX__*3+1];
bArray sel(*(_gapp->selMgr()->elements()));
bGenericGeoElement* o;
b_message_string(kXMapStringProcessingProcessMessageID,val,getbundle(),1);
bProgressWait wt("",val,true,true,sel.count());
int fpos=0;
int flen=formatinfo(prm->fmt,&fpos);
for(int i=1;i<=sel.count();i++){
if(!wt.set_progress(i)){
break;
}
sel.get(i,&o);
buffer[0]=0;
// Concat
for(j=1;j<=prm->arr->count()-1;j++){
prm->arr->get(j,&fidx);
val[0]=0;
if(o->getValue(fidx,val)==false){
_te_("o->getValue for field "+fidx);
err++;
break;
}
if(strncat(buffer,val,__MESSAGE_STRING_LENGTH_MAX__*3)==NULL){
_te_("strncat "+buffer+"+"+val);
err++;
break;
}
if(strncat(buffer,prm->sep,__MESSAGE_STRING_LENGTH_MAX__*3)==NULL){
_te_("strncat "+buffer+"+"+prm->sep);
err++;
break;
}
}
prm->arr->get(prm->arr->count(),&fidx);
val[0]=0;
if(o->getValue(fidx,val)==false){
_te_("o->getValue for field "+fidx);
err++;
}
else if(strncat(buffer,val,__MESSAGE_STRING_LENGTH_MAX__*3)==NULL){
_te_("strncat "+buffer+"+"+val);
err++;
}
// Case
switch(prm->cas){
case kStrProcessCaseLower:
strlower(buffer);
break;
case kStrProcessCaseUpper:
strupper(buffer);
break;
case kStrProcessCaseFUpper:
strlower(buffer);
strupperfcs(buffer);
break;
case kStrProcessCaseFWUpper:
strlower(buffer);
strupperfcw(buffer);
break;
}
// Replace
if(strlen(prm->srch)>0){
strrep(buffer,prm->srch,prm->repl);
}
// Format
if(flen>0){
strformat(prm->fmt,buffer,fpos,flen);
}
// Affect
if(o->setValue(prm->target,buffer)==false){
_te_("o->setValue "+buffer+" for field "+fidx);
err++;
}
}
if(err){
b_message_string(kXMapStringProcessingErrorsOccursID,val,getbundle(),0);
b_message_string(kXMapStringProcessingReadLogID,buffer,getbundle(),0);
bAlertStop alrt(val,buffer,silent);
}
return(true);
}
int executescript(queue* script, queue* sql, queue* tsql)
{
int safe_s99 = -1;
int a= 0;
queue_node* sline = script->start;
queue_node* sqlline = sql->start;
char str[SCRIPT_MAXLINESIZE];
while (sline)
{
char* s = str;
char* tok = NULL;
strcpy_s(s, SCRIPT_MAXLINESIZE, (char*)sline->data);
s = strtok_s(s, " ", &tok);
if (!_stricmp(s, "GET"))
{
char* varname;
int vartype;
varname = strtok_s(NULL, " ", &tok);
tok[strlen(tok) - 2] = 0;
tok++;
printf("%s", tok);
char val[64];
scanf_s("%s", val, 64);
if (safe_s99)
{
safe_s99++;
copysql(&tsql, sql);
}
sqlline = tsql->start;
while (sqlline)
{
char* bn = strrep(sqlline->data, varname, val);
strcpy_s(sqlline->data,SCRIPT_MAXLINESIZE, bn);
sqlline = sqlline->next;
}
}
else if (!_stricmp(s, "PUT"))
{
tok[strlen(tok) - 2] = 0;
tok++;
printf("%s\n", tok);
}
else if (!_stricmp(s, "EXEC"))
{
s = strtok_s(NULL, " ", &tok);
if (!_stricmp(s, "SQL;"))
{
sqlline = (tsql)?tsql->start:sql->start;
while (sqlline)
{
char errBuff[1024];
processAiRSQL((char*)sqlline->data,errBuff);
printf("%s\n", errBuff);
sqlline = sqlline->next;
}
a = 121;//unload();<<work left here
}
}
else if (!_stricmp(s, "EXIT;"))
{
exit(0);
}
else if (!_stricmp(s,"MENU"))
{
printMenu();
}
sline = sline->next;
}
return a;
}
int HTTPServerSendPackedDir(STREAM *S, HTTPSession *Session, const char *Dir)
{
char *Tempstr=NULL, *DirName=NULL, *FileName=NULL, *ptr;
char *Extn=NULL, *PackType=NULL, *Name=NULL, *Value=NULL;
char *PackList=NULL;
TFileMagic *FM;
HTTPSession *Response;
STREAM *Pipe;
chdir(Dir);
//unset session reuse, because we will close session to indicate end of package
Session->Flags &= ~SESSION_REUSE;
//do this so we can strcmp it
PackList=CopyStr(PackList,"");
Response=HTTPSessionResponse(Session);
Response->ResponseCode=CopyStr(Response->ResponseCode,"200 OK");
ptr=GetNameValuePair(Session->Arguments, "&","=",&Name,&Value);
while (ptr)
{
if ( StrLen(Name) )
{
if (strcasecmp(Name,"packtype")==0)
{
PackType=CopyStr(PackType,Value);
Extn=MCopyStr(Extn, ".", Value, NULL);
FM=GetFileMagicForFile(Extn, NULL);
Response->ContentType=CopyStr(Response->ContentType, FM->ContentType);
}
else if (strcasecmp(Name,"selected")==0)
{
if (strcmp(PackList," *") !=0) PackList=MCatStr(PackList, " ", Value, NULL);
}
}
ptr=GetNameValuePair(ptr, "&","=",&Name,&Value);
}
if (StrLen(PackList)==0) PackList=CopyStr(PackList, " *");
DirName=CopyStr(DirName,Dir);
StripDirectorySlash(DirName);
ptr=GetBasename(DirName);
if (! StrLen(ptr)) ptr="rootdir";
FileName=MCopyStr(FileName,Session->Host,"-",Session->UserName,"-",ptr,Extn,NULL);
strrep(FileName,' ','_');
Tempstr=MCopyStr(Tempstr,"attachment; filename=",FileName,NULL);
SetVar(Response->Headers,"Content-disposition",Tempstr);
ptr=GetNameValuePair(Settings.PackFormats, ",",":", &Name, &Value);
while (ptr)
{
if (strcasecmp(Name, PackType)==0)
{
if (strcasecmp(Value,"internal")==0)
{
if (strcasecmp(Name,"tar")==0)
{
HTTPServerSendHeaders(S, Response, 0);
TarFiles(S, PackList);
}
}
else
{
HTTPServerSendHeaders(S, Response, 0);
Tempstr=MCopyStr(Tempstr,Value,PackList,NULL);
Pipe=STREAMSpawnCommand(Tempstr, COMMS_BY_PIPE);
STREAMSendFile(Pipe, S, 0, SENDFILE_KERNEL| SENDFILE_LOOP);
STREAMClose(Pipe);
}
}
ptr=GetNameValuePair(ptr, ",",":", &Name, &Value);
}
STREAMFlush(S);
DestroyString(FileName);
DestroyString(Tempstr);
DestroyString(DirName);
DestroyString(PackList);
DestroyString(PackType);
DestroyString(Name);
DestroyString(Value);
DestroyString(Extn);
//This true means 'please close the connection' as our tarballs/zips are transferred using
//connection: close to indicate end of transfer
return(STREAM_CLOSED);
}
int print_cow(int cows, char** cow, clangsay_t* clsay)
{
int i = 0,
j = 0;
char* though = NULL;
bool block = false;
/* eyes table */
struct reptarg eyes[] = {
{clsay->eflag, EYES, clsay->earg},
{clsay->bflag, EYES, BORG_EYES},
{clsay->dflag, EYES, DEAD_EYES},
{clsay->gflag, EYES, GREEDY_EYES},
{clsay->pflag, EYES, PARANOID_EYES},
{clsay->sflag, EYES, STONED_EYES},
{clsay->tflag, EYES, TIRED_EYES},
{clsay->wflag, EYES, WIRED_EYES},
{clsay->yflag, EYES, YOUTHFUL_EYES},
{false, NULL, NULL},
};
/* tongue table */
struct reptarg tongue[] = {
{clsay->Tflag, TONGUE, clsay->Targ},
{clsay->dflag, TONGUE, DEAD_TONGUE},
{clsay->sflag, TONGUE, DEAD_TONGUE},
{false, NULL, NULL},
};
/* setting thoughts */
if (clsay->syflag == false && clsay->thflag == false)
though = SAY_THOUGHTS; /* default */
else if (clsay->syflag == true)
though = SAY_THOUGHTS; /* --say switch */
else if (clsay->thflag == true)
though = THINK_THOUGHTS; /* --think switch */
/* print cow */
for (i = 0; i < cows; i++) {
/* replace thoughts */
strrep(cow[i], THOUGHTS, though);
while (strrep(cow[i], "\\\\", "\\") == 0);
/* replace eyes*/
for (j = 0; eyes[j].haystack != NULL || eyes[j].needle != NULL; j++) {
if (eyes[j].flag == true)
strrep(cow[i], eyes[j].haystack, eyes[j].needle);
}
strrep(cow[i], EYES, DEFAULT_EYES); /* default eyes*/
/* replace tongue */
for (j = 0; tongue[j].haystack != NULL || tongue[j].needle != NULL; j++) {
if (tongue[j].flag == true)
strrep(cow[i], tongue[j].haystack, tongue[j].needle);
}
strrep(cow[i], TONGUE, DEFAULT_TONGUE); /* default tongue */
/* EOC to EOC */
if (strstr(cow[i], "EOC")) {
block = true;
continue;
} else if (strstr(cow[i], "EOC") && block == true) {
block = false;
}
if (block == true)
fprintf(stdout, "%s\n", cow[i]);
}
return 0;
}
char *
strcode (char *str)
{
strrep (str, "~", "\\~");
strrep (str, "%", "\\%");
strrep (str, "|", "\\|");
strrep (str, "'", "\\'");
strrep (str, "&", "\\&");
strrep (str, ";", "\\;");
strrep (str, "?", "\\?");
strrep (str, "!", "\\!");
strrep (str, "*", "\\*");
strrep (str, "[", "\\[");
strrep (str, "]", "\\]");
strrep (str, "{", "\\{");
strrep (str, "}", "\\}");
strrep (str, "(", "\\(");
strrep (str, ")", "\\)");
strrep (str, "<", "\\<");
strrep (str, ">", "\\>");
return str;
}
void ListRep(struct WordList *wl, const char From, const char To)
{
unsigned long i;
FORWL(i, *wl) strrep(wl->Stack.Data[i], From, To);
ReHash(wl);
}
int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char version, int auth_method) {
char *empty = "";
char *login = "", *pass;
unsigned char buffer[512];
int length = 0;
int ldap_auth_mechanism = auth_method;
/*
The LDAP "simple" method has three modes of operation:
* anonymous= no user no pass
* unauthenticated= user but no pass
* user/password authenticated= user and pass
*/
if ((miscptr != NULL) && (ldap_auth_mechanism == AUTH_CLEAR)) {
login = miscptr;
} else {
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
}
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
switch (ldap_auth_mechanism) {
case AUTH_CLEAR:
length = 14 + strlen(login) + strlen(pass);
break;
#ifdef LIBOPENSSLNEW
case AUTH_CRAMMD5:
length = 14 + strlen(miscptr) + strlen("CRAM-MD5") + 2;
break;
case AUTH_DIGESTMD5:
length = 14 + strlen(miscptr) + strlen("DIGEST-MD5") + 2;
break;
#endif
}
memset(buffer, 0, sizeof(buffer));
buffer[0] = 48;
buffer[1] = length - 2;
buffer[2] = 2;
buffer[3] = 1;
buffer[4] = counter % 256;
buffer[5] = 96;
buffer[6] = length - 7;
buffer[7] = 2;
buffer[8] = 1;
buffer[9] = version;
buffer[10] = 4;
if (ldap_auth_mechanism == AUTH_CLEAR) {
buffer[11] = strlen(login); /* DN */
memcpy(&buffer[12], login, strlen(login));
buffer[12 + strlen(login)] = (unsigned char) 128;
buffer[13 + strlen(login)] = strlen(pass);
memcpy(&buffer[14 + strlen(login)], pass, strlen(pass)); /* PASS */
} else {
char *authm = "DIGEST-MD5";
if (ldap_auth_mechanism == AUTH_CRAMMD5) {
authm = "CRAM-MD5";
}
if ((strlen(miscptr)) > sizeof(buffer) - 16 - strlen(authm)) {
miscptr[sizeof(buffer) - 16 - strlen(authm)] = '\0';
}
buffer[11] = strlen(miscptr); /* DN */
memcpy(&buffer[12], miscptr, strlen(miscptr));
buffer[12 + strlen(miscptr)] = 163;
buffer[13 + strlen(miscptr)] = 2 + strlen(authm);
buffer[14 + strlen(miscptr)] = 4;
buffer[15 + strlen(miscptr)] = strlen(authm);
memcpy(&buffer[16 + strlen(miscptr)], authm, strlen(authm));
}
if (hydra_send(s, (char*)buffer, length, 0) < 0)
return 1;
if ((buf = (unsigned char*) hydra_receive_line(s)) == NULL)
return 1;
if (buf[0] != 0 && buf[0] != 32 && buf[9] == 2) {
if (verbose)
hydra_report(stderr, "[VERBOSE] Protocol invalid\n");
free(buf);
return 3;
}
if (buf[0] != 0 && buf[0] != 32 && buf[9] == 13) {
if (verbose)
hydra_report(stderr, "[VERBOSE] Confidentiality required, TLS has to be enabled\n");
tls_required = 1;
free(buf);
return 1;
}
if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 34) {
hydra_report(stderr, "[ERROR] Invalid DN Syntax\n");
hydra_child_exit(2);
free(buf);
return 3;
}
#ifdef LIBOPENSSLNEW
/* one more step auth for CRAM and DIGEST */
if (ldap_auth_mechanism == AUTH_CRAMMD5) {
/* get the challenge, need to extract it */
char *ptr;
char buf2[32];
ptr = strstr((char*) buf, "<");
sasl_cram_md5(buf2, pass, ptr);
if (buf2 == NULL)
return 1;
counter++;
if (strstr(miscptr, "^USER^") != NULL) {
miscptr = strrep(miscptr, "^USER^", login);
}
length = 12 + strlen(miscptr) + 4 + strlen("CRAM-MD5") + 2 + strlen(login) + 1 + strlen(buf2);
memset(buffer, 0, sizeof(buffer));
buffer[0] = 48;
buffer[1] = length - 2;
buffer[2] = 2;
buffer[3] = 1;
buffer[4] = counter % 256;
buffer[5] = 96;
buffer[6] = length - 7;
buffer[7] = 2;
buffer[8] = 1;
buffer[9] = version;
buffer[10] = 4;
buffer[11] = strlen(miscptr); /* DN */
memcpy(&buffer[12], miscptr, strlen(miscptr));
buffer[12 + strlen(miscptr)] = 163;
buffer[13 + strlen(miscptr)] = 2 + strlen("CRAM-MD5") + 2 + strlen(login) + 1 + strlen(buf2);
buffer[14 + strlen(miscptr)] = 4;
buffer[15 + strlen(miscptr)] = strlen("CRAM-MD5");
memcpy(&buffer[16 + strlen(miscptr)], "CRAM-MD5", strlen("CRAM-MD5"));
buffer[16 + strlen(miscptr) + strlen("CRAM-MD5")] = 4;
buffer[17 + strlen(miscptr) + strlen("CRAM-MD5")] = strlen(login) + 1 + strlen(buf2);
memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5")], login, strlen(login));
buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login)] = ' ';
memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login) + 1], buf2, strlen(buf2));
if (hydra_send(s, (char*)buffer, length, 0) < 0)
return 1;
free(buf);
if ((buf = (unsigned char*) hydra_receive_line(s)) == NULL)
return 1;
} else {
if (ldap_auth_mechanism == AUTH_DIGESTMD5) {
char *ptr;
char buffer2[500];
int ind = 0;
ptr = strstr((char*)buf, "realm=");
counter++;
if (strstr(miscptr, "^USER^") != NULL) {
miscptr = strrep(miscptr, "^USER^", login);
}
sasl_digest_md5(buffer2, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL);
if (buffer2 == NULL) {
free(buf);
return 3;
}
length = 26 + strlen(miscptr) + strlen("DIGEST-MD5") + strlen(buffer2);
memset(buffer, 0, sizeof(buffer));
ind = 0;
buffer[ind] = 48;
ind++;
buffer[ind] = 130;
ind++;
if (length - 4 > 255) {
buffer[ind] = 1;
ind++;
buffer[ind] = length - 256 - 4;
ind++;
} else {
buffer[ind] = 0;
ind++;
buffer[ind] = length - 4;
ind++;
}
buffer[ind] = 2;
ind++;
buffer[ind] = 1;
ind++;
buffer[ind] = counter % 256;
ind++;
buffer[ind] = 96; /*0x60 */
ind++;
buffer[ind] = 130;
ind++;
if (length - 7 - 4 > 255) {
buffer[ind] = 1;
ind++;
buffer[ind] = length - 256 - 11;
ind++;
} else {
buffer[ind] = 0;
ind++;
buffer[ind] = length - 11;
ind++;
}
buffer[ind] = 2;
ind++;
buffer[ind] = 1;
ind++;
buffer[ind] = version;
ind++;
buffer[ind] = 4;
ind++;
buffer[ind] = strlen(miscptr);
ind++;
memcpy(&buffer[ind], miscptr, strlen(miscptr));
/*DN*/ buffer[ind + strlen(miscptr)] = 163; //0xa3
ind++;
buffer[ind + strlen(miscptr)] = 130; //0x82
ind++;
if (strlen(buffer2) + 6 + strlen("DIGEST-MD5") > 255) {
buffer[ind + strlen(miscptr)] = 1;
ind++;
buffer[ind + strlen(miscptr)] = strlen(buffer2) + 6 + strlen("DIGEST-MD5") - 256;
} else {
buffer[ind + strlen(miscptr)] = 0;
ind++;
buffer[ind + strlen(miscptr)] = strlen(buffer2) + 6 + strlen("DIGEST-MD5");
}
ind++;
buffer[ind + strlen(miscptr)] = 4;
ind++;
buffer[ind + strlen(miscptr)] = strlen("DIGEST-MD5");
ind++;
memcpy(&buffer[ind + strlen(miscptr)], "DIGEST-MD5", strlen("DIGEST-MD5"));
buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 4;
ind++;
buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 130;
ind++;
if (strlen(buffer2) > 255) {
buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 1;
ind++;
buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = strlen(buffer2) - 256;
} else {
buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 0;
ind++;
buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = strlen(buffer2);
}
ind++;
memcpy(&buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")], buffer2, strlen(buffer2));
ind++;
if (hydra_send(s, (char*)buffer, length, 0) < 0)
return 1;
free(buf);
if ((buf = (unsigned char*) hydra_receive_line(s)) == NULL)
return 1;
}
}
#endif
/* success is: 0a 01 00 - failure is: 0a 01 31 */
if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) {
hydra_report_found_host(port, ip, "ldap", fp);
hydra_completed_pair_found();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 7) {
hydra_report(stderr, "[ERROR] Unknown authentication method\n");
free(buf);
hydra_child_exit(2);
}
if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 53) {
if (verbose)
hydra_report(stderr, "[VERBOSE] Server unwilling to perform action, maybe deny by server config or too busy when tried login: %s password: %s\n", login, pass);
free(buf);
return 1;
}
if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 2) {
hydra_report(stderr, "[ERROR] Invalid protocol version, you tried ldap%c, better try ldap%c\n", version + '0', version == 2 ? '3' : '2');
free(buf);
hydra_child_exit(2);
sleep(1);
hydra_child_exit(2);
}
//0 0x30, 0x84, 0x20, 0x20, 0x20, 0x10, 0x02, 0x01,
//8 0x01, 0x61, 0x84, 0x20, 0x20, 0x20, 0x07, 0x0a,
//16 0x01, 0x20, 0x04, 0x20, 0x04, 0x20, 0x00, 0x00,
// this is for w2k8 active directory ldap auth
if (buf[0] == 48 && buf[1] == 132) {
if (buf[9] == 0x61 && buf[1] == 0x84) {
if (buf[17] == 0 || buf[17] == 0x20) {
hydra_report_found_host(port, ip, "ldap", fp);
hydra_completed_pair_found();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
}
}
} else {
if (buf[9] != 49 && buf[9] != 2 && buf[9] != 53) {
hydra_report(stderr, "[ERROR] Uh, unknown LDAP response! Please report this: \n");
print_hex((unsigned char *) buf, 24);
free(buf);
return 3;
}
}
hydra_completed_pair();
free(buf);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
