Patch for THC's Hydra that adds a dependency checks for openssl needed for the SIP module, modifies checks for libpq.so for Postgresql module, adds a new module for Netware NCP and for Firebird database.
a644e2e1a9eb85606bd9b9f29ac096834058d72e8ab3dca236b8146d7a98e302diff -Nubr hydra-5.4-src_old/configure hydra-5.4-src/configure
--- hydra-5.4-src_old/configure 2006-01-20 14:44:15.000000000 +0100
+++ hydra-5.4-src/configure 2007-09-04 22:24:22.000000000 +0200
@@ -23,6 +23,10 @@
SSL_IPATH=""
CRYPTO_PATH=""
POSTGRES_PATH=""
+FIREBIRD_PATH=""
+FIREBIRD_IPATH=""
+NCP_PATH=""
+NCP_IPATH=""
SVN_PATH=""
SVN_IPATH=""
APR_IPATH=""
@@ -96,7 +100,7 @@
SSL_IPATH=""
fi
-echo "Checking for Postgres (libpq) ..."
+echo "Checking for Postgres (libpq.so) ..."
for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib .
do
if [ "X" = "X$POSTGRES_PATH" ]; then
@@ -105,7 +109,7 @@
fi
fi
if [ "X" = "X$POSTGRES_PATH" ]; then
- TMP_LIB=`/bin/ls $i/libpq.so* /bin/cygpq*.dll 2> /dev/null | grep pq`
+ TMP_LIB=`/bin/ls $i/libpq.so /bin/cygpq*.dll 2> /dev/null | grep pq`
if [ -n "$TMP_LIB" ]; then
POSTGRES_PATH="$i"
fi
@@ -118,7 +122,7 @@
echo " ... NOT found, module postgres disabled"
fi
-echo "Checking for SVN (ibsvn_client-1 libapr-0.so libaprutil-0.so) ..."
+echo "Checking for SVN (libsvn_client-1 libapr-0.so libaprutil-0.so) ..."
for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib .
do
if [ "X" = "X$SVN_PATH" ]; then
@@ -142,7 +146,75 @@
echo " ... NOT found, module svn disabled"
fi
-echo "Checking for SAP/R3 (librfc/saprfc.h) ..."
+echo "Checking for Firebird (libfbclient.so / ibase.h) ..."
+for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib .
+do
+ if [ "X" = "X$FIREBIRD_PATH" ]; then
+ if [ -f "$i/libfbclient.so" ]; then
+ FIREBIRD_PATH="$i"
+ fi
+ fi
+ if [ "X" = "X$FIREBIRD_PATH" ]; then
+ TMP_LIB=`/bin/ls $i/libfbclient.so.* 2> /dev/null | grep libfbclient.`
+ if [ -n "$TMP_LIB" ]; then
+ FIREBIRD_PATH="$i"
+ fi
+ fi
+done
+
+for i in /usr/local/include /*ssl/include /usr/include .
+do
+ if [ "X" != "X$FIREBIRD_PATH" ]; then
+ if [ -f "$i/ibase.h" ]; then
+ FIREBIRD_IPATH="$i"
+ fi
+ fi
+done
+
+if [ -n "$FIREBIRD_PATH" -a -n "$FIREBIRD_IPATH" ]; then
+ echo " ... found"
+fi
+if [ "X" = "X$FIREBIRD_PATH" -o "X" = "X$FIREBIRD_IPATH" ]; then
+ echo " ... NOT found, module firebird disabled"
+ FIREBIRD_PATH=""
+ FIREBIRD_IPATH=""
+fi
+
+echo "Checking for NCP (libncp.so / nwcalls.h) ..."
+for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib .
+do
+ if [ "X" = "X$NCP_PATH" ]; then
+ if [ -f "$i/libncp.so" ]; then
+ NCP_PATH="$i"
+ fi
+ fi
+ if [ "X" = "X$NCP_PATH" ]; then
+ TMP_LIB=`/bin/ls $i/libncp.so.* 2> /dev/null | grep ncp.`
+ if [ -n "$TMP_LIB" ]; then
+ NCP_PATH="$i"
+ fi
+ fi
+done
+
+for i in /usr/local/include /*ssl/include /usr/include .
+do
+ if [ "X" != "X$NCP_PATH" ]; then
+ if [ -f "$i/ncp/nwcalls.h" ]; then
+ NCP_IPATH="$i"
+ fi
+ fi
+done
+
+if [ -n "$NCP_PATH" -a -n "$NCP_IPATH" ]; then
+ echo " ... found"
+fi
+if [ "X" = "X$NCP_PATH" -o "X" = "X$NCP_IPATH" ]; then
+ echo " ... NOT found, module NCP disabled"
+ NCP_PATH=""
+ NCP_IPATH=""
+fi
+
+echo "Checking for SAP/R3 (librfc / saprfc.h) ..."
for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib .
do
if [ "X" = "X$SAPR3_PATH" ]; then
@@ -306,7 +378,7 @@
echo
fi
-if [ -n "$SSL_PATH" -o -n "$CRYPTO_PATH" -o -n "$NSL_PATH" -o -n "$SOCKET_PATH" -o -n "$RESOLV_PATH" -o -n "$SAPR3_PATH" -o -n "$SSH_PATH" -o -n "$POSTGRES_PATH" -o -n "$SVN_PATH" ]; then
+if [ -n "$SSL_PATH" -o -n "$CRYPTO_PATH" -o -n "$NSL_PATH" -o -n "$SOCKET_PATH" -o -n "$RESOLV_PATH" -o -n "$SAPR3_PATH" -o -n "$SSH_PATH" -o -n "$POSTGRES_PATH" -o -n "$SVN_PATH" -o -n "$FIREBIRD_PATH" -o -n "$NCP_PATH" ]; then
XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/lib"
fi
if [ -n "$SSL_PATH" ]; then
@@ -315,9 +387,17 @@
if [ -n "$SAPR3_PATH" ]; then
XDEFINES="$XDEFINES -DLIBSAPR3"
fi
+
if [ -n "$POSTGRES_PATH" ]; then
XDEFINES="$XDEFINES -DLIBPOSTGRES"
fi
+
+if [ -n "$FIREBIRD_PATH" ]; then
+ XDEFINES="$XDEFINES -DLIBFIREBIRD"
+fi
+if [ -n "$NCP_PATH" ]; then
+ XDEFINES="$XDEFINES -DLIBNCP"
+fi
if [ -n "$SVN_PATH" ]; then
XDEFINES="$XDEFINES -DLIBSVN"
fi
@@ -335,7 +415,7 @@
XDEFINES="$XDEFINES -DLIBSSH"
fi
OLDPATH=""
-for i in $SSL_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH; do
+for i in $SSL_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH $FIREBIRD_PATH $NCP_PATH; do
if [ "$OLDPATH" = "$i" ]; then
OLDPATH="$i"
else
@@ -378,6 +458,12 @@
if [ -n "$POSTGRES_PATH" ]; then
XLIBS="$XLIBS -lpq"
fi
+if [ -n "$FIREBIRD_PATH" ]; then
+ XLIBS="$XLIBS -lfbclient"
+fi
+if [ -n "$NCP_PATH" ]; then
+ XLIBS="$XLIBS -lncp"
+fi
if [ -n "$SVN_PATH" ]; then
XLIBS="$XLIBS -lsvn_client-1 -lapr-0 -laprutil-0"
fi
diff -Nubr hydra-5.4-src_old/hydra.c hydra-5.4-src/hydra.c
--- hydra-5.4-src_old/hydra.c 2007-03-22 15:04:29.000000000 +0100
+++ hydra-5.4-src/hydra.c 2007-09-04 22:47:11.000000000 +0200
@@ -44,7 +44,9 @@
extern void service_smtpauth(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
extern void service_teamspeak(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
extern void service_pcanywhere(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
+#ifdef LIBOPENSSL
extern void service_sip(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
+#endif
extern void service_pop3_ntlm(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
extern void service_imap_ntlm(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
extern void service_smtpauth_ntlm(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
@@ -52,6 +54,12 @@
#ifdef LIBPOSTGRES
extern void service_postgres(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
#endif
+#ifdef LIBFIREBIRD
+extern void service_firebird(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
+#endif
+#ifdef LIBNCP
+extern void service_ncp(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
+#endif
#ifdef LIBOPENSSL
extern void service_smbnt(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
#endif
@@ -67,7 +75,7 @@
/* ADD NEW SERVICES HERE */
-#define SERVICES "telnet ftp pop3[-ntlm] imap[-ntlm] smb smbnt http[s]-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh2 smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd"
+#define SERVICES "telnet ftp firebird pop3[-ntlm] imap[-ntlm] smb smbnt http[s]-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql ncp nntp oracle-listener postgres socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh2 smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd"
/* ADD NEW SERVICES HERE */
@@ -650,6 +658,14 @@
if (strcmp(hydra_options.service, "postgres") == 0)
service_postgres(hydra_targets[target_no]->ip, hydra_arms[arm_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
#endif
+#ifdef LIBFIREBIRD
+ if (strcmp(hydra_options.service, "firebird") == 0)
+ service_firebird(hydra_targets[target_no]->ip, hydra_arms[arm_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
+#endif
+#ifdef LIBNCP
+ if (strcmp(hydra_options.service, "ncp") == 0)
+ service_ncp(hydra_targets[target_no]->ip, hydra_arms[arm_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
+#endif
if (strcmp(hydra_options.service, "pcanywhere") == 0)
service_pcanywhere(hydra_targets[target_no]->ip, hydra_arms[arm_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
if (strcmp(hydra_options.service, "csv") == 0)
@@ -678,8 +694,10 @@
service_smtpauth_ntlm(hydra_targets[target_no]->ip, hydra_arms[arm_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
if (strcmp(hydra_options.service, "teamspeak") == 0)
service_teamspeak(hydra_targets[target_no]->ip, hydra_arms[arm_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
+#ifdef LIBOPENSSL
if (strcmp(hydra_options.service, "sip") == 0)
service_sip(hydra_targets[target_no]->ip, hydra_arms[arm_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
+#endif
/* ADD NEW SERVICES HERE */
/* just in case a module returns (which it shouldnt) we let it exit here */
@@ -716,6 +734,7 @@
int i = 0;
int port = -2;
hydra_portlist hydra_portlists[] = {
+ {"firebird", PORT_FIREBIRD, PORT_FIREBIRD_SSL},
{"ftp", PORT_FTP, PORT_FTP_SSL},
{"http-head", PORT_HTTP, PORT_HTTP_SSL},
{"http-get", PORT_HTTP, PORT_HTTP_SSL},
@@ -756,6 +775,7 @@
{"snmp", PORT_SNMP, PORT_SNMP_SSL},
{"cvs", PORT_CVS, PORT_CVS_SSL},
{"svn", PORT_SVN, PORT_SVN_SSL},
+ {"ncp", PORT_NCP, PORT_NCP_SSL},
{"smtp-auth", PORT_SMTPAUTH, PORT_SMTPAUTH_SSL},
{"smtp-auth-ntlm", PORT_SMTPAUTH, PORT_SMTPAUTH_SSL},
{"teamspeak", PORT_TEAMSPEAK, PORT_TEAMSPEAK_SSL},
@@ -1004,7 +1024,7 @@
break;
#endif
case 'g':
- fprintf(stderr, "Warning: option -g is deprected, ignored.\n");
+ fprintf(stderr, "Warning: option -g is deprecated, ignored.\n");
break;
case 'T':
hydra_options.max_use = atoi(optarg);
@@ -1093,6 +1113,18 @@
#else
bail("Compiled without LIBPOSTGRES support, module not available!");
#endif
+ if (strcmp(hydra_options.service, "firebird") == 0)
+#ifdef LIBFIREBIRD
+ i = 1;
+#else
+ bail("Compiled without LIBFIREBIRD support, module not available!");
+#endif
+ if (strcmp(hydra_options.service, "ncp") == 0)
+#ifdef LIBNCP
+ i = 1;
+#else
+ bail("Compiled without LIBNCP support, module not available!");
+#endif
if (strcmp(hydra_options.service, "pcanywhere") == 0)
i = 1;
if (strcmp(hydra_options.service, "http-proxy") == 0 || strcmp(hydra_options.service, "http-proxy-ntlm") == 0)
diff -Nubr hydra-5.4-src_old/hydra-firebird.c hydra-5.4-src/hydra-firebird.c
--- hydra-5.4-src_old/hydra-firebird.c 1970-01-01 01:00:00.000000000 +0100
+++ hydra-5.4-src/hydra-firebird.c 2007-09-04 21:44:52.000000000 +0200
@@ -0,0 +1,160 @@
+/*
+ * Firebird Support - by David Maciejak @ GMAIL dot com
+ *
+ * you need to pass full path to the fdb file as OPT
+ */
+
+#include "hydra-mod.h"
+
+#ifndef LIBFIREBIRD
+void
+dummy_firebird()
+{
+ printf("\n");
+}
+#else
+
+#include <stdio.h>
+#include <ibase.h>
+
+#define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_2_0\\security2.fdb"
+
+extern char *HYDRA_EXIT;
+
+int
+start_firebird(int s, unsigned long int ip, int port, unsigned char options, char *miscptr, FILE * fp)
+{
+ char *empty = "";
+ char *login, *pass;
+ char database[256];
+ char connection_string[1024];
+ struct in_addr remote_ip;
+
+ isc_db_handle db = NULL; /* database handle */
+ ISC_STATUS_ARRAY status; /* status vector */
+
+ char * dpb = NULL, /* DB parameter buffer */
+ *d, *p;
+
+ short dpb_length = 0;
+ long l,sweep_interval = 16384;
+
+ if(miscptr)
+ strncpy(database,miscptr,sizeof(database));
+ else
+ strncpy(database,DEFAULT_DB,sizeof(database));
+
+ remote_ip.s_addr = ip;
+
+
+ if (strlen(login = hydra_get_next_login()) == 0)
+ login = empty;
+ if (strlen(pass = hydra_get_next_password()) == 0)
+ pass = empty;
+
+ dpb = (char *) malloc(7);
+ p = dpb;
+ *p++ = '\1';
+ *p++ = isc_dpb_sweep_interval;
+ *p++ = '\4';
+ l = isc_vax_integer((char *) &sweep_interval, 4);
+ d = (char *) &l;
+ *p++ = *d++;
+ *p++ = *d++;
+ *p++ = *d++;
+ *p = *d;
+ dpb_length = 7;
+
+ /* Add user and password to dpb */
+ isc_expand_dpb(&dpb, (short *) &dpb_length,
+ isc_dpb_user_name, login,
+ isc_dpb_password, pass, NULL);
+
+ /* Create connection string */
+ snprintf(connection_string, sizeof(connection_string), "%s:%s", inet_ntoa(remote_ip), database);
+
+ if (isc_attach_database(status, 0, connection_string, &db, dpb_length, dpb))
+ {
+ /* for debugging perpose */
+ //isc_print_status(status);
+ hydra_completed_pair();
+ if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+ return 2;
+ }
+ else {
+ isc_detach_database(status, &db);
+ isc_free(dpb);
+ hydra_report_found_host(port, ip, "firebird", fp);
+ hydra_completed_pair();
+ if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+ return 3;
+ return 2;
+ }
+ return 1;
+}
+
+void
+service_firebird(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port)
+{
+ int run = 1, next_run, sock = -1;
+ int myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL;
+
+ hydra_register_socket(sp);
+ if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+ return;
+
+ while (1)
+ {
+
+ switch (run)
+ {
+ case 1: /* connect and service init function */
+ if (sock >= 0)
+ sock = hydra_disconnect(sock);
+ if ((options & OPTION_SSL) == 0)
+ {
+ if (port != 0)
+ myport = port;
+ sock = hydra_connect_tcp(ip, myport);
+ port = myport;
+ } else {
+ if (port != 0)
+ mysslport = port;
+ sock = hydra_connect_ssl(ip, mysslport);
+ port = mysslport;
+ }
+ if (sock < 0)
+ {
+ fprintf(stderr, "Error: Child with pid %d terminating, can not connect\n", (int) getpid());
+ hydra_child_exit(1);
+ }
+
+ next_run = 2;
+ break;
+
+ case 2:
+
+ /*
+ * Here we start the password cracking process
+ */
+
+ next_run = start_firebird(sock, ip, port, options, miscptr, fp);
+ break;
+ case 3:
+
+ if (sock >= 0)
+ sock = hydra_disconnect(sock);
+ hydra_child_exit(0);
+ return;
+
+ default:
+
+ fprintf(stderr, "Caught unknown return code, exiting!\n");
+ hydra_child_exit(0);
+ exit(-1);
+ }
+ run = next_run;
+ }
+}
+
+#endif
diff -Nubr hydra-5.4-src_old/hydra-gtk/src/interface.c hydra-5.4-src/hydra-gtk/src/interface.c
--- hydra-5.4-src_old/hydra-gtk/src/interface.c 2006-05-05 16:21:27.000000000 +0200
+++ hydra-5.4-src/hydra-gtk/src/interface.c 2007-09-04 21:34:37.000000000 +0200
@@ -222,6 +222,7 @@
cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "cisco");
cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "cisco-enable");
cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "cvs");
+ cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "firebird");
cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "ftp");
cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "http-head");
cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "http-get");
@@ -236,6 +237,7 @@
cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "ldap2");
cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "ldap3");
cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "mysql");
+ cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "ncp");
cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "nntp");
cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "pcnfs");
cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "pop3");
diff -Nubr hydra-5.4-src_old/hydra-gtk/xhydra.glade hydra-5.4-src/hydra-gtk/xhydra.glade
--- hydra-5.4-src_old/hydra-gtk/xhydra.glade 2006-05-05 16:22:07.000000000 +0200
+++ hydra-5.4-src/hydra-gtk/xhydra.glade 2007-09-04 21:34:00.000000000 +0200
@@ -130,6 +130,14 @@
</child>
<child>
+ <widget class="GtkListItem" id="listitem1827">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">firebird</property>
+ </widget>
+ </child>
+
+ <child>
<widget class="GtkListItem" id="listitem1787">
<property name="visible">True</property>
<property name="can_focus">True</property>
@@ -242,6 +250,14 @@
</child>
<child>
+ <widget class="GtkListItem" id="listitem1826">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">ncp</property>
+ </widget>
+ </child>
+
+ <child>
<widget class="GtkListItem" id="listitem1795">
<property name="visible">True</property>
<property name="can_focus">True</property>
diff -Nubr hydra-5.4-src_old/hydra.h hydra-5.4-src/hydra.h
--- hydra-5.4-src_old/hydra.h 2006-01-20 12:27:43.000000000 +0100
+++ hydra-5.4-src/hydra.h 2007-09-04 21:45:48.000000000 +0200
@@ -34,6 +34,8 @@
#define OPTION_SSL 1
#define PORT_NOPORT -1
+#define PORT_FIREBIRD 3050
+#define PORT_FIREBIRD_SSL 3050
#define PORT_FTP 21
#define PORT_FTP_SSL 990
#define PORT_TELNET 23
@@ -86,6 +88,8 @@
#define PORT_SNMP_SSL 1993
#define PORT_CVS 2401
#define PORT_CVS_SSL 2401
+#define PORT_NCP 524
+#define PORT_NCP_SSL 524
#define PORT_SVN 3690
#define PORT_SVN_SSL 3690
#define PORT_SMTPAUTH 25
diff -Nubr hydra-5.4-src_old/hydra-ncp.c hydra-5.4-src/hydra-ncp.c
--- hydra-5.4-src_old/hydra-ncp.c 1970-01-01 01:00:00.000000000 +0100
+++ hydra-5.4-src/hydra-ncp.c 2007-09-04 21:50:18.000000000 +0200
@@ -0,0 +1,202 @@
+/*
+ * Novell Network Core Protocol Support - by David Maciejak @ GMAIL dot com
+ * Tested on Netware 6.5
+ *
+ * you need to install libncp and libncp-dev (tested with version 2.2.6-3)
+ *
+ * you can passed full context as OPT
+ *
+ * example: ./hydra -L login -P passw 172.16.246.129 ncp .O=cx
+ *
+ */
+
+
+#include "hydra-mod.h"
+
+#ifndef LIBNCP
+void
+dummy_ncp()
+{
+ printf("\n");
+}
+#else
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <ncp/nwcalls.h>
+
+extern char *HYDRA_EXIT;
+
+typedef struct __NCP_DATA {
+ struct ncp_conn_spec spec;
+ struct ncp_conn *conn;
+ char *context;
+} _NCP_DATA;
+
+//uncomment line below to see more trace stack
+//#define NCP_DEBUG
+
+int start_ncp(int s, unsigned long int ip, int port, unsigned char options, char *miscptr, FILE * fp)
+{
+
+char* login;
+char* pass;
+char context[256];
+unsigned int ncp_lib_error_code;
+struct sockaddr_in remote_ip;
+char *empty = "";
+int object_type = NCP_BINDERY_USER;
+
+_NCP_DATA* session;
+
+
+memset(&remote_ip, 0, sizeof(remote_ip));
+memcpy(&remote_ip.sin_addr.s_addr, &ip, 4);
+remote_ip.sin_family = AF_INET;
+
+session = malloc(sizeof(_NCP_DATA));
+memset(session, 0, sizeof(_NCP_DATA));
+login=empty;
+pass=empty;
+
+
+ if (strlen(login = hydra_get_next_login()) == 0) {
+ login = empty;
+ }
+ else {
+ if (miscptr) {
+ if (strlen(miscptr)+strlen(login) > sizeof(context))
+ {
+ return 4;
+ }
+ memset(context, 0, sizeof(context));
+ strncpy(context, login, strlen(login));
+ strncpy(context+strlen(login), miscptr, sizeof(miscptr)+1);
+ login=context;
+ }
+ }
+
+ //login and password are case insensitive
+ //str_upper(login);
+
+ if (strlen(pass = hydra_get_next_password()) == 0)
+ pass = empty;
+
+ncp_lib_error_code = ncp_find_conn_spec3(inet_ntoa((struct in_addr) remote_ip.sin_addr), login, "", 1, getuid(), 0, &session->spec);
+if (ncp_lib_error_code)
+{ free(session);return 1;}
+
+ncp_lib_error_code = NWCCOpenConnByName(NULL, session->spec.server, NWCC_NAME_FORMAT_BIND, NWCC_OPEN_NEW_CONN, NWCC_RESERVED, &session->conn);
+if (ncp_lib_error_code)
+{ free(session);return 1;}
+
+ memset(session->spec.password, 0, sizeof(session->spec.password));
+ memcpy(session->spec.password, pass, strlen(pass)+1);
+ //str_upper(session->spec.password);
+
+ncp_lib_error_code = ncp_login_conn(session->conn, session->spec.user, object_type, session->spec.password);
+ switch (ncp_lib_error_code & 0x0000FFFF)
+ {
+ case 0x0000: /* Success */
+ #ifdef NCP_DEBUG
+ printf("Connection success (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code);
+ #endif
+ ncp_close(session->conn);
+ hydra_report_found_host(port, ip, "ncp", fp); //ok
+ hydra_completed_pair();
+ if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+ return 3; //exit
+ free(session);
+ return 2; //next
+ break;
+ case 0x89DE: /* PASSWORD INVALID */
+ case 0x89F0: /* BIND WILDCARD INVALID */
+ case 0x89FF: /* NO OBJ OR BAD PASSWORD */
+ case 0xFD63: /* FAILED_AUTHENTICATION */
+ case 0xFDA7: /* NO_SUCH_ENTRY */
+ #ifdef NCP_DEBUG
+ printf("Incorrect password (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code);
+ #endif
+ ncp_close(session->conn);
+ hydra_completed_pair();
+ if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+ {
+ free(session);
+ return 2; //next
+ }
+ break;
+ default:
+ #ifdef NCP_DEBUG
+ printf("Failed to open connection. Error code: %X\n",ncp_lib_error_code);
+ #endif
+ if (session->conn != NULL) ncp_close(session->conn);
+ break;
+ }
+ free(session);
+ return 1; //reconnect
+}
+
+void
+service_ncp(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port)
+{
+ int run = 1, next_run, sock = -1;
+ int myport = PORT_NCP;
+
+ hydra_register_socket(sp);
+ if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+ return;
+
+ while (1)
+ {
+
+ switch (run)
+ {
+ case 1: /* connect and service init function */
+ if (sock >= 0)
+ sock = hydra_disconnect(sock);
+ if (port != 0)
+ myport = port;
+ sock = hydra_connect_tcp(ip, myport);
+ port = myport;
+ if (sock < 0)
+ {
+ fprintf(stderr, "Error: Child with pid %d terminating, can not connect\n", (int) getpid());
+ hydra_child_exit(1);
+ }
+
+ next_run = 2;
+ break;
+
+ case 2:
+
+ /*
+ * Here we start the password cracking process
+ */
+
+ next_run = start_ncp(sock, ip, port, options, miscptr, fp);
+ break;
+ case 3:
+
+ if (sock >= 0)
+ sock = hydra_disconnect(sock);
+ hydra_child_exit(0);
+ return;
+
+ case 4:
+
+ fprintf(stderr, "Optional parameter too long!\n");
+ hydra_child_exit(0);
+ exit(-1);
+
+ default:
+
+ fprintf(stderr, "Caught unknown return code, exiting!\n");
+ hydra_child_exit(0);
+ exit(-1);
+ }
+ run = next_run;
+ }
+}
+
+#endif
diff -Nubr hydra-5.4-src_old/hydra-sip.c hydra-5.4-src/hydra-sip.c
--- hydra-5.4-src_old/hydra-sip.c 2007-03-22 15:04:29.000000000 +0100
+++ hydra-5.4-src/hydra-sip.c 2007-08-23 18:42:21.000000000 +0200
@@ -1,5 +1,13 @@
// simple sip digest auth (md5) module
// written by gh0st 2005
+#include "hydra-mod.h"
+#ifndef LIBOPENSSL
+void
+dummy_sip()
+{
+ printf("\n");
+}
+#else
#include <openssl/ssl.h>
#include <openssl/err.h>
@@ -234,3 +242,5 @@
run = next_run;
}
}
+
+#endif
diff -Nubr hydra-5.4-src_old/Makefile.am hydra-5.4-src/Makefile.am
--- hydra-5.4-src_old/Makefile.am 2006-05-05 16:10:44.000000000 +0200
+++ hydra-5.4-src/Makefile.am 2007-09-04 21:46:39.000000000 +0200
@@ -12,7 +12,7 @@
hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \
hydra-mysql.c hydra-http-proxy.c hydra-mssql.c hydra-smbnt.c \
hydra-snmp.c hydra-cvs.c hydra-smtpauth.c hydra-sapr3.c hydra-ssh2.c \
- hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \
+ hydra-teamspeak.c hydra-postgres.c hydra-firebird.c hydra-ncp.c hydra-rsh.c hydra-rlogin.c \
hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-vmauthd.c \
hydra-http-proxy-auth-ntlm.c hydra-imap-ntlm.c hydra-pop3-ntlm.c hydra-smtpauth-ntlm.c \
hydra-http-form.c crc32.c d3des.c md4.c ntlm.c hydra-mod.c hydra.c
@@ -21,7 +21,7 @@
hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \
hydra-mysql.o hydra-http-proxy.o hydra-smbnt.o hydra-mssql.o \
hydra-snmp.o hydra-cvs.o hydra-smtpauth.o hydra-sapr3.o hydra-ssh2.o\
- hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \
+ hydra-teamspeak.o hydra-postgres.o hydra-firebird.o hydra-ncp.o hydra-rsh.o hydra-rlogin.o \
hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-vmauthd.o \
hydra-http-proxy-auth-ntlm.o hydra-imap-ntlm.o hydra-pop3-ntlm.o hydra-smtpauth-ntlm.o \
hydra-http-form.o crc32.o d3des.o md4.o hydra-mod.o ntlm.o hydra.o
@@ -37,7 +37,7 @@
@echo Now type "make install"
hydra: $(OBJ)
- $(CC) $(OPTS) $(LIBS) -o $(BIN) $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) || echo -e "\nIF YOU RECEIVED THE ERROR MESSAGE \"cannot find -lpq\" DO THE FOLLOWING:\n make clean; ./configure\n vi Makefile <- and remove the \"-lpq\" and \"-DLIBPOSTGRES\" statements\n make\n"
+ $(CC) $(OPTS) $(LIBS) -o $(BIN) $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS)
@echo
@echo If men could get pregnant, abortion would be a sacrament
@echo
diff -Nubr hydra-5.4-src_old/README hydra-5.4-src/README
--- hydra-5.4-src_old/README 2006-04-27 17:24:40.000000000 +0200
+++ hydra-5.4-src/README 2007-09-04 21:50:24.000000000 +0200
@@ -19,10 +19,10 @@
either support more than one protocol to attack or support parallized
connects.
Currently this tool supports:
- TELNET, FTP, HTTP-GET, HTTP-HEAD, HTTPS-GET, HTTP-HEAD, HTTP-PROXY,
+ TELNET, FTP, Firebird, HTTP-GET, HTTP-HEAD, HTTPS-GET, HTTP-HEAD, HTTP-PROXY,
HTTP-PROXY-NTLM, HTTP-FORM-GET HTTP-FORM-POST, HTTPS-FORM-GET,
HTTPS-FORM-POSTLDAP2, LADP3, SMB, SMBNT, MS-SQL, MYSQL, POSTGRES,
- POP3-NTLM, IMAP, IMAP-NTLM, NNTP, PCNFS, ICQ, SAP/R3, Cisco auth,
+ POP3-NTLM, IMAP, IMAP-NTLM, NCP, NNTP, PCNFS, ICQ, SAP/R3, Cisco auth,
Cisco enable, SMTP-AUTH, SMTP-AUTH-NTLM, SSH2, SNMP, CVS, Cisco AAA,
REXEC, SOCKS5, VNC, POP3 and VMware-Auth.
However the module engine for new services is very easy so it won't take a
@@ -91,7 +91,12 @@
telnet specified the string which is displayed after a successful
login (case insensitive), use if the default in the telnet
module produces too many false positives (OPTIONAL)
+ncp full context can be passed for example ".O=cx"
+firebird database name to attack (OPTIONAL), default is
+ C:\Program Files\Firebird\Firebird_2_0\security2.fdb
postgres database name to attack (OPTIONAL, default is template1)
+ to compile this module be sure to have a library named libpq.so
+ or do a symbolic link to specific lib
An example for how to use this with the www module to hand over the web page
to authenticate to:
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed