From acc73f29f6d4c728d67f20f37e72ab66537b74f8 Mon Sep 17 00:00:00 2001 From: Larry Hajali Date: Thu, 13 May 2010 00:36:43 +0200 Subject: network/hydra: Updated for version 5.4 --- network/hydra/README | 10 +- network/hydra/configure.patch | 61 ------ network/hydra/doinst.sh | 5 +- network/hydra/hydra-http-form.patch | 18 -- network/hydra/hydra-libssh-0.2.patch | 213 --------------------- network/hydra/hydra.SlackBuild | 46 +++-- network/hydra/hydra.desktop | 11 +- network/hydra/hydra.info | 2 + network/hydra/patches/hydra-5.4-Makefile_am.patch | 13 ++ .../hydra/patches/hydra-5.4-configure_fixups.patch | 127 ++++++++++++ network/hydra/patches/hydra-5.4-libssh-0.4.patch | 187 ++++++++++++++++++ network/hydra/patches/hydra-http-form.patch | 18 ++ network/hydra/slack-desc | 6 +- 13 files changed, 385 insertions(+), 332 deletions(-) delete mode 100644 network/hydra/configure.patch delete mode 100644 network/hydra/hydra-http-form.patch delete mode 100644 network/hydra/hydra-libssh-0.2.patch create mode 100644 network/hydra/patches/hydra-5.4-Makefile_am.patch create mode 100644 network/hydra/patches/hydra-5.4-configure_fixups.patch create mode 100644 network/hydra/patches/hydra-5.4-libssh-0.4.patch create mode 100644 network/hydra/patches/hydra-http-form.patch (limited to 'network') diff --git a/network/hydra/README b/network/hydra/README index baecf37d4c..693c60fc5d 100644 --- a/network/hydra/README +++ b/network/hydra/README @@ -4,11 +4,5 @@ to give researchers and security consultants a way to demonstrate how easy it would be to gain unauthorized access to a remote system. THIS TOOL IS FOR LEGAL PURPOSES ONLY! -Requires: - subversion (available in Slackware) - apr & apr-util (available in Slackware) - libssh (not libssh2, available at Slackbuilds.org) - -Optional: - postgresql (available at Slackbuilds.org) - sap (available at http://www.sap.com/solutions/netweaver/linux/eval/index.asp) +This requires libssh (not libssh2). postgresql is optional, as is +sap, but sap is not available at SlackBuilds.org. diff --git a/network/hydra/configure.patch b/network/hydra/configure.patch deleted file mode 100644 index c1cfadfe93..0000000000 --- a/network/hydra/configure.patch +++ /dev/null @@ -1,61 +0,0 @@ ---- configure.old 2007-04-08 23:15:36.000000000 +0200 -+++ configure 2007-04-08 23:16:55.000000000 +0200 -@@ -118,11 +118,11 @@ - echo " ... NOT found, module postgres disabled" - fi - --echo "Checking for SVN (ibsvn_client-1 libapr-0.so libaprutil-0.so) ..." -+echo "Checking for SVN (ibsvn_client-1 libapr-1.so libaprutil-1.so) ..." - for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib . - do - if [ "X" = "X$SVN_PATH" ]; then -- if [ -f "$i/libsvn_client-1.so" ]&&[ -f "$i/libapr-0.so" ]&&[ -f "$i/libaprutil-0.so" ]; then -+ if [ -f "$i/libsvn_client-1.so" ]&&[ -f "$i/libapr-1.so" ]&&[ -f "$i/libaprutil-1.so" ]; then - SVN_PATH="$i" - fi - fi -@@ -202,8 +202,8 @@ - fi - fi - if [ "X" = "X$APR_IPATH" ]; then -- if [ -d "$i/apr-0" ]; then -- APR_IPATH="$i/apr-0" -+ if [ -d "$i/apr-1" ]; then -+ APR_IPATH="$i/apr-1" - fi - fi - done -@@ -220,8 +220,8 @@ - fi - fi - if [ "X" = "X$APR_IPATH" ]; then -- if [ -d "$i/apr-0" ]; then -- APR_IPATH="$i/apr-0" -+ if [ -d "$i/apr-1" ]; then -+ APR_IPATH="$i/apr-1" - fi - fi - done -@@ -334,6 +334,9 @@ - if [ -n "$SSH_PATH" ]; then - XDEFINES="$XDEFINES -DLIBSSH" - fi -+ -+XDEFINES="$XDEFINES -D_GNU_SOURCE" -+ - OLDPATH="" - for i in $SSL_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH; do - if [ "$OLDPATH" = "$i" ]; then -@@ -379,10 +382,10 @@ - XLIBS="$XLIBS -lpq" - fi - if [ -n "$SVN_PATH" ]; then -- XLIBS="$XLIBS -lsvn_client-1 -lapr-0 -laprutil-0" -+ XLIBS="$XLIBS -lsvn_client-1 -lapr-1 -laprutil-1" - fi - if [ -n "$SVN_PATH" ]; then -- XLIBS="$XLIBS -lsvn_client-1 -lapr-0 -laprutil-0" -+ XLIBS="$XLIBS -lsvn_client-1 -lapr-1 -laprutil-1" - fi - if [ -n "$SSH_PATH" ]; then - XLIBS="$XLIBS -lssh" diff --git a/network/hydra/doinst.sh b/network/hydra/doinst.sh index 852990f3c9..4e8ba7071d 100644 --- a/network/hydra/doinst.sh +++ b/network/hydra/doinst.sh @@ -1,3 +1,4 @@ if [ -x /usr/bin/update-desktop-database ]; then - /usr/bin/update-desktop-database usr/share/applications > /dev/null 2>&1 -fi + /usr/bin/update-desktop-database -q usr/share/applications >/dev/null 2>&1 +fi + diff --git a/network/hydra/hydra-http-form.patch b/network/hydra/hydra-http-form.patch deleted file mode 100644 index 6dde09cdf1..0000000000 --- a/network/hydra/hydra-http-form.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- hydra-http-form.old 2008-02-06 09:42:49.000000000 +0000 -+++ hydra-http-form.c 2008-02-06 09:43:45.000000000 +0000 -@@ -149,7 +149,6 @@ - } - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { -- free(updvariables); - free(upd2variables); - return 1; - } -@@ -183,7 +182,6 @@ - */ - - free(buf); -- free(updvariables); - free(upd2variables); - - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) diff --git a/network/hydra/hydra-libssh-0.2.patch b/network/hydra/hydra-libssh-0.2.patch deleted file mode 100644 index b15f6ec135..0000000000 --- a/network/hydra/hydra-libssh-0.2.patch +++ /dev/null @@ -1,213 +0,0 @@ -Les sous-répertoires hydra-5.4-src/arm et hydra-5.4-src-libssh0.2/arm sont identiques. -diff -u hydra-5.4-src/configure hydra-5.4-src-libssh0.2/configure ---- hydra-5.4-src/configure 2006-01-20 14:44:15.000000000 +0100 -+++ hydra-5.4-src-libssh0.2/configure 2008-10-31 22:32:47.000000000 +0100 -@@ -243,11 +243,11 @@ - - if [ -n "$SSH_PATH" ]; then - echo " ... found" -- echo 'NOTE: ensure that you have libssh v0.11 installed!! Get it from http://0xbadc0de.be !' -+ echo 'NOTE: ensure that you have libssh v0.2 or later installed!! Get it from http://0xbadc0de.be !' - fi - if [ "X" = "X$SSH_PATH" ]; then - echo " ... NOT found, module ssh2 disabled" -- echo 'Get it from http://0xbadc0de.be/ - use v0.11!' -+ echo 'Get it from http://0xbadc0de.be/ - use v0.2 or later' - fi - if [ "$SSH_IPATH" = "/usr/include" ]; then - SSH_IPATH="" -Seulement dans hydra-5.4-src-libssh0.2/: .hydra-ftp.c.swp -Les sous-répertoires hydra-5.4-src/hydra-gtk et hydra-5.4-src-libssh0.2/hydra-gtk sont identiques. -Seulement dans hydra-5.4-src-libssh0.2/: .hydra-mod.c.swp -diff -u hydra-5.4-src/hydra-ssh2.c hydra-5.4-src-libssh0.2/hydra-ssh2.c ---- hydra-5.4-src/hydra-ssh2.c 2007-03-22 15:04:29.000000000 +0100 -+++ hydra-5.4-src-libssh0.2/hydra-ssh2.c 2008-11-01 21:21:08.000000000 +0100 -@@ -7,12 +7,51 @@ - } - #else - --#warning "If compilation of hydra-ssh2 fails, you are not using v0.11. Download from http://www.0xbadc0de.be/" -+#warning "If compilation of hydra-ssh2 fails, you are not using v0.2 or 0.2.1. Download from http://www.0xbadc0de.be/" - - #include - - extern char *HYDRA_EXIT; - -+/* try to authenticate with one password */ -+static int -+try_password(SSH_SESSION *ssh_session, char *password){ -+ int auth_state; -+ int i; -+ /* printf("ssh-trying pass \"%s\"\n",password); */ -+ /* We try keyboard-interactive when it's supported. kbdint is -+ * what openssh tries first when logging somewhere. -+ */ -+ auth_state = ssh_userauth_kbdint(ssh_session, NULL, NULL); -+ if(auth_state == SSH_AUTH_INFO){ -+ i=0; -+ /* we feed 10 password responses at max. Keybint is challenge-response -+ * based so the server could ask unrelated questions -+ */ -+ while(auth_state == SSH_AUTH_INFO && i<10){ -+ ssh_userauth_kbdint_setanswer(ssh_session, i, password); -+ auth_state = ssh_userauth_kbdint(ssh_session, NULL, NULL); -+ i++; -+ } -+ /* Partial authentication is specific to SSH : the password is valid but -+ * an other authentication token is needed (generaly private key) -+ */ -+ if(auth_state == SSH_AUTH_PARTIAL) -+ auth_state = SSH_AUTH_SUCCESS; -+ if(auth_state == SSH_AUTH_INFO) -+ auth_state = SSH_AUTH_ERROR; -+ return auth_state; -+ } -+ if(auth_state == SSH_AUTH_ERROR) -+ return auth_state; -+ /* Keyboard-interactive is not supported so we run through the password -+ * method */ -+ auth_state = ssh_userauth_password(ssh_session, NULL, password); -+ if(auth_state == SSH_AUTH_PARTIAL) -+ auth_state = SSH_AUTH_SUCCESS; -+ return auth_state; -+} -+ - int - start_ssh2(int s, unsigned long int ip, int port, unsigned char options, char *miscptr, FILE * fp) - { -@@ -20,18 +59,19 @@ - char *login, *pass; - char *buf; - char *rc; -+ char buffer[64]; - struct sockaddr_in targetip; - SSH_SESSION *ssh_session; - SSH_OPTIONS *ssh_opt; - int auth_state; -- int i = 0; -+ char firstlogin[128]; - - if (strlen(login = hydra_get_next_login()) == 0) - login = empty; - if (strlen(pass = hydra_get_next_password()) == 0) - pass = empty; -- -- ssh_opt=options_new(); -+ snprintf(firstlogin,sizeof(firstlogin),"%s",login); -+ ssh_opt=ssh_options_new(); - memset(&targetip, 0, sizeof(targetip)); - memcpy(&targetip.sin_addr.s_addr, &ip, 4); - targetip.sin_family = AF_INET; -@@ -41,16 +81,21 @@ - buf = malloc(20); - inet_ntop(AF_INET, &targetip.sin_addr, buf, 20); - #endif -- options_set_wanted_method(ssh_opt,KEX_COMP_C_S,"none"); -- options_set_wanted_method(ssh_opt,KEX_COMP_S_C,"none"); -- options_set_port(ssh_opt, port); -- options_set_host(ssh_opt, buf); -- options_set_username(ssh_opt, login); -- -- if ((ssh_session = ssh_connect(ssh_opt)) == NULL) { -+ ssh_options_allow_ssh1(ssh_opt,1); -+// ssh_options_set_wanted_algos (ssh_opt,KEX_COMP_C_S,"none"); -+// ssh_options_set_wanted_algos (ssh_opt,KEX_COMP_S_C,"none"); -+ ssh_options_set_port(ssh_opt, port); -+ ssh_options_set_host(ssh_opt, buf); -+ ssh_options_set_username(ssh_opt, login); -+ ssh_session=ssh_new(); -+ ssh_set_options(ssh_session,ssh_opt); -+ /* printf("ssh-connecting with login \"%s\"\n",login); */ -+ if (ssh_connect(ssh_session) == SSH_ERROR) { - rc = ssh_get_error(ssh_session); - if ((rc != NULL) && (rc[0] != '\0')) { -- if (strncmp("connect:", ssh_get_error(ssh_session), strlen("connect:")) == 0) -+ snprintf(buffer,sizeof(buffer),"%s",rc); -+ ssh_disconnect(ssh_session); -+ if (strncmp("connect:", buffer, strlen("connect:")) == 0) - return 3; - else - return 4; -@@ -60,43 +105,54 @@ - free(buf); - buf = NULL; - #endif -- -- do { -- /* why this crap? */ -- auth_state = ssh_userauth_kbdint(ssh_session, login, NULL); -- while (i < 10 && auth_state == SSH_AUTH_INFO) { -- ssh_userauth_kbdint_setanswer(ssh_session, i, pass); -- auth_state = ssh_userauth_kbdint(ssh_session, login, NULL); -- i++; -- } -- -- if (auth_state == SSH_AUTH_SUCCESS || ssh_userauth_password(ssh_session, login, pass) == SSH_AUTH_SUCCESS) { -- ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ -- hydra_report_found_host(port, ip, "ssh2", fp); -- hydra_completed_pair_found(); -- if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) -- return 2; -- /* free(ssh_opt); */ /* DOUBLE FREE ! */ -+ /* None method is important since it can flag passwordless servers */ -+ auth_state=ssh_userauth_none(ssh_session, login); -+ if(auth_state == SSH_AUTH_SUCCESS){ -+ /* passwordless server */ -+ hydra_report_found_host(port, ip, "ssh2", fp); -+ hydra_completed_pair_found(); -+ ssh_disconnect(ssh_session); -+ if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) -+ return 2; -+ else - return 1; -- } else { -- if (ssh_error_code(ssh_session) == 1) { -- hydra_completed_pair(); -+ } -+ -+ do { -+ auth_state=try_password(ssh_session, pass); -+ if (auth_state == SSH_AUTH_SUCCESS) { -+ ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ -+ hydra_report_found_host(port, ip, "ssh2", fp); -+ hydra_completed_pair_found(); - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) - return 2; -+ return 1; - } else { -- ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ -- hydra_completed_pair(); /* really? */ -- if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) -+ if (auth_state == SSH_AUTH_DENIED) { -+ hydra_completed_pair(); -+ if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0){ -+ ssh_disconnect(ssh_session); - return 2; -- /* free(ssh_opt); */ /* DOUBLE FREE ! */ -+ } -+ /* set a new password to try */ -+ login=hydra_get_next_login(); -+ if(strcmp(login,firstlogin) != 0){ -+ /* we can't try a new login without a new session. */ -+ ssh_disconnect(ssh_session); -+ //hydra_completed_pair_skip(); -+ return 1; -+ } -+ pass=hydra_get_next_password(); -+ /* try again using same session */ -+ } else { -+ ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ -+ /* there was an error. The password was not really tried.*/ -+ //hydra_completed_pair_skip(); - return 1; - } - } - } while(1); - -- /* not reached */ -- -- /* free(ssh_opt); */ /* risk of double free */ - return 1; - } - -Les sous-répertoires hydra-5.4-src/palm et hydra-5.4-src-libssh0.2/palm sont identiques. diff --git a/network/hydra/hydra.SlackBuild b/network/hydra/hydra.SlackBuild index e6dbd6bb87..4bcccd7da4 100644 --- a/network/hydra/hydra.SlackBuild +++ b/network/hydra/hydra.SlackBuild @@ -5,7 +5,7 @@ PRGNAM=hydra VERSION=${VERSION:-5.4} ARCH=${ARCH:-i486} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} TAG=${TAG:-_SBo} CWD=$(pwd) @@ -13,14 +13,15 @@ TMP=${TMP:-/tmp/SBo} PKG=$TMP/package-$PRGNAM OUTPUT=${OUTPUT:-/tmp} -DOCS="CHANGES LICENSE* README TODO hydra-gtk/COPYING hydra-gtk/INSTALL" - if [ "$ARCH" = "i486" ]; then SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" elif [ "$ARCH" = "i686" ]; then SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" fi set -e @@ -41,30 +42,35 @@ find . \ # Removes a glibc error when http-form option is used # Patch from gentoo: http://bugs.gentoo.org/show_bug.cgi?id=209116 -patch -p0 < $CWD/hydra-http-form.patch +patch -p0 < $CWD/patches/hydra-http-form.patch + +# Add ability to specify additional libdir locations to search, and also +# merge in some precursors for the next patch +patch -p1 < $CWD/patches/hydra-5.4-configure_fixups.patch + +# Patch needed to compile against new versions of libssh. +patch -p1 < $CWD/patches/hydra-5.4-libssh-0.4.patch -# Patches needed to compile against new versions of -# apr, apr-util, and libssh -patch -p0 < $CWD/configure.patch -patch -p1 < $CWD/hydra-libssh-0.2.patch +# Fixup Makefile.am before configuring +patch -p1 < $CWD/patches/hydra-5.4-Makefile_am.patch # sed statements cleans up some code for the gui -sed -i "s:\/foo\/bar\/protected.html:\/:" hydra-gtk/xhydra.glade -sed -i "s:\/foo\/bar\/protected.html:\/:" hydra-gtk/src/interface.c +sed -i 's|/foo/bar/protected.html|/|' hydra-gtk/xhydra.glade +sed -i 's|/foo/bar/protected.html|/|' hydra-gtk/src/interface.c -CFLAGS="$SLKCFLAGS" \ -CXXFLAGS="$SLKCFLAGS" \ +EXTRA_LIBDIRS="/lib64 /usr/lib64" \ ./configure \ --enable-pw-inspector=yes \ - --enable-static=no \ - --build=$ARCH-slackware-linux + --enable-static=no -make +make EXTRA_CFLAGS="$SLKCFLAGS" make install PREFIX=$PKG DIR=/usr/bin ( cd $PKG - find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true - find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | \ + xargs strip --strip-unneeded 2> /dev/null || true + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | \ + xargs strip --strip-unneeded 2> /dev/null || true ) # Add a desktop menu item @@ -73,7 +79,9 @@ install -m 0644 $CWD/$PRGNAM.desktop $PKG/usr/share/applications/ cat $CWD/$PRGNAM.png > $PKG/usr/share/pixmaps/$PRGNAM.png mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a $DOCS $PKG/usr/doc/$PRGNAM-$VERSION +cp -a \ + CHANGES LICENSE* README TODO hydra-gtk/COPYING hydra-gtk/INSTALL \ + $PKG/usr/doc/$PRGNAM-$VERSION cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild mkdir -p $PKG/install @@ -81,4 +89,4 @@ cat $CWD/slack-desc > $PKG/install/slack-desc cat $CWD/doinst.sh > $PKG/install/doinst.sh cd $PKG -/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/hydra/hydra.desktop b/network/hydra/hydra.desktop index 8b6d5143da..7b2e350d81 100644 --- a/network/hydra/hydra.desktop +++ b/network/hydra/hydra.desktop @@ -1,15 +1,10 @@ [Desktop Entry] -Version=5.4 -Encoding=UTF-8 GenericName= -SwallowExec= Name=Hydra MimeType= Exec=xhydra -Icon=/usr/share/pixmaps/hydra.png -TerminalOptions= -Path= +Icon=hydra Type=Application -Terminal=0 +Terminal=false Comment=Network login cracker -Categories=Application;Utility; \ No newline at end of file +Categories=Utility; diff --git a/network/hydra/hydra.info b/network/hydra/hydra.info index 027b1ad2c4..fde6b3fc8b 100644 --- a/network/hydra/hydra.info +++ b/network/hydra/hydra.info @@ -3,6 +3,8 @@ VERSION="5.4" HOMEPAGE="http://freeworld.thc.org/thc-hydra/" DOWNLOAD="http://freeworld.thc.org/releases/hydra-5.4-src.tar.gz" MD5SUM="fa08b465d19321e77b1a0ef912eeecc1" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" MAINTAINER="Larry Hajali" EMAIL="larryhaja[at]gmail[dot]com" APPROVED="dsomero" diff --git a/network/hydra/patches/hydra-5.4-Makefile_am.patch b/network/hydra/patches/hydra-5.4-Makefile_am.patch new file mode 100644 index 0000000000..3739d1fb20 --- /dev/null +++ b/network/hydra/patches/hydra-5.4-Makefile_am.patch @@ -0,0 +1,13 @@ +diff -Nur hydra-5.4-src.orig/Makefile.am hydra-5.4-src/Makefile.am +--- hydra-5.4-src.orig/Makefile.am 2006-05-05 09:10:44.000000000 -0500 ++++ hydra-5.4-src/Makefile.am 2009-07-05 11:23:02.983188212 -0500 +@@ -2,7 +2,8 @@ + # Makefile for Hydra - (c) 2001-2006 by van Hauser / THC + # + +-OPTS=-I. -Wall -O2 ++EXTRA_CFLAGS= ++OPTS=-I. -Wall $(EXTRA_CFLAGS) + # -ggdb -pedantic + LIBS=-lm + DIR=/bin diff --git a/network/hydra/patches/hydra-5.4-configure_fixups.patch b/network/hydra/patches/hydra-5.4-configure_fixups.patch new file mode 100644 index 0000000000..a622d7618b --- /dev/null +++ b/network/hydra/patches/hydra-5.4-configure_fixups.patch @@ -0,0 +1,127 @@ +diff -Nur hydra-5.4-src.orig/configure hydra-5.4-src/configure +--- hydra-5.4-src.orig/configure 2006-01-20 07:44:15.000000000 -0600 ++++ hydra-5.4-src/configure 2009-07-05 21:21:59.288865180 -0500 +@@ -35,11 +35,12 @@ + MANDIR="" + XHYDRA_SUPPORT="" + LIBDIRS=`cat /etc/ld.so.conf 2> /dev/null` ++EXTRA_LIBDIRS?= + STRIP="strip" + echo + + echo "Checking for openssl (libssl/ssl.h) ..." +-for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib \ ++for i in $EXTRA_LIBDIRS $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib \ + /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl \ + /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib . + do +@@ -97,7 +98,7 @@ + fi + + echo "Checking for Postgres (libpq) ..." +-for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib . ++for i in $EXTRA_LIBDIRS $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib . + do + if [ "X" = "X$POSTGRES_PATH" ]; then + if [ -f "$i/libpq.so" -o -f "$i/libpq.dylib" ]; then +@@ -118,11 +119,11 @@ + echo " ... NOT found, module postgres disabled" + fi + +-echo "Checking for SVN (ibsvn_client-1 libapr-0.so libaprutil-0.so) ..." +-for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib . ++echo "Checking for SVN (ibsvn_client-1 libapr-1.so libaprutil-1.so) ..." ++for i in $EXTRA_LIBDIRS $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib . + do + if [ "X" = "X$SVN_PATH" ]; then +- if [ -f "$i/libsvn_client-1.so" ]&&[ -f "$i/libapr-0.so" ]&&[ -f "$i/libaprutil-0.so" ]; then ++ if [ -f "$i/libsvn_client-1.so" ]&&[ -f "$i/libapr-1.so" ]&&[ -f "$i/libaprutil-1.so" ]; then + SVN_PATH="$i" + fi + fi +@@ -143,7 +144,7 @@ + fi + + echo "Checking for SAP/R3 (librfc/saprfc.h) ..." +-for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib . ++for i in $EXTRA_LIBDIRS $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib . + do + if [ "X" = "X$SAPR3_PATH" ]; then + if [ -f "$i/librfc.a" -o -f "$i/librfc.dylib" -o "$i/librfc32.dll" ]; then +@@ -183,7 +184,7 @@ + fi + + echo "Checking for libssh (libssh/libssh.h) ..." +-for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib . ++for i in $EXTRA_LIBDIRS $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib . + do + if [ "X" = "X$SSH_PATH" ]; then + if [ -f "$i/libssh.so" -o -f "$i/libssh.dylib" ]; then +@@ -202,8 +203,8 @@ + fi + fi + if [ "X" = "X$APR_IPATH" ]; then +- if [ -d "$i/apr-0" ]; then +- APR_IPATH="$i/apr-0" ++ if [ -d "$i/apr-1" ]; then ++ APR_IPATH="$i/apr-1" + fi + fi + done +@@ -220,8 +221,8 @@ + fi + fi + if [ "X" = "X$APR_IPATH" ]; then +- if [ -d "$i/apr-0" ]; then +- APR_IPATH="$i/apr-0" ++ if [ -d "$i/apr-1" ]; then ++ APR_IPATH="$i/apr-1" + fi + fi + done +@@ -243,11 +244,11 @@ + + if [ -n "$SSH_PATH" ]; then + echo " ... found" +- echo 'NOTE: ensure that you have libssh v0.11 installed!! Get it from http://0xbadc0de.be !' ++ echo 'NOTE: ensure that you have libssh v0.4 installed!! Get it from http://0xbadc0de.be !' + fi + if [ "X" = "X$SSH_PATH" ]; then + echo " ... NOT found, module ssh2 disabled" +- echo 'Get it from http://0xbadc0de.be/ - use v0.11!' ++ echo 'Get it from http://0xbadc0de.be/ - use v0.4 or later!' + fi + if [ "$SSH_IPATH" = "/usr/include" ]; then + SSH_IPATH="" +@@ -262,7 +263,7 @@ + SYS=`uname -s` + if [ "$SYS" = "SunOS" ]; then + echo "Checking for Solaris libraries ..." +- for i in /lib /usr/lib /usr/local/lib $LIBDIRS . ++ for i in /lib /usr/lib /usr/local/lib $EXTRA_LIBDIRS $LIBDIRS . + do + if [ "X" = "X$NSL_PATH" ]; then + if [ -f "$i/libnsl.so" ]; then +@@ -334,6 +335,9 @@ + if [ -n "$SSH_PATH" ]; then + XDEFINES="$XDEFINES -DLIBSSH" + fi ++ ++XDEFINES="$XDEFINES -D_GNU_SOURCE" ++ + OLDPATH="" + for i in $SSL_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH; do + if [ "$OLDPATH" = "$i" ]; then +@@ -379,10 +383,10 @@ + XLIBS="$XLIBS -lpq" + fi + if [ -n "$SVN_PATH" ]; then +- XLIBS="$XLIBS -lsvn_client-1 -lapr-0 -laprutil-0" ++ XLIBS="$XLIBS -lsvn_client-1 -lapr-1 -laprutil-1" + fi + if [ -n "$SVN_PATH" ]; then +- XLIBS="$XLIBS -lsvn_client-1 -lapr-0 -laprutil-0" ++ XLIBS="$XLIBS -lsvn_client-1 -lapr-1 -laprutil-1" + fi + if [ -n "$SSH_PATH" ]; then + XLIBS="$XLIBS -lssh" diff --git a/network/hydra/patches/hydra-5.4-libssh-0.4.patch b/network/hydra/patches/hydra-5.4-libssh-0.4.patch new file mode 100644 index 0000000000..d0933e4751 --- /dev/null +++ b/network/hydra/patches/hydra-5.4-libssh-0.4.patch @@ -0,0 +1,187 @@ +diff -Naur hydra-5.4-src.orig/hydra-ssh2.c hydra-5.4-src/hydra-ssh2.c +--- hydra-5.4-src.orig/hydra-ssh2.c 2007-03-22 14:04:29.000000000 +0000 ++++ hydra-5.4-src/hydra-ssh2.c 2009-12-18 03:12:56.000000000 +0000 +@@ -7,12 +7,51 @@ + } + #else + +-#warning "If compilation of hydra-ssh2 fails, you are not using v0.11. Download from http://www.0xbadc0de.be/" ++#warning "If compilation of hydra-ssh2 fails, you are not using v0.4. Download from http://www.libssh.org/" + + #include + + extern char *HYDRA_EXIT; + ++/* try to authenticate with one password */ ++static int ++try_password(ssh_session ssh_session, char *password){ ++ int auth_state; ++ int i; ++ /* printf("ssh-trying pass \"%s\"\n",password); */ ++ /* We try keyboard-interactive when it's supported. kbdint is ++ * what openssh tries first when logging somewhere. ++ */ ++ auth_state = ssh_userauth_kbdint(ssh_session, NULL, NULL); ++ if(auth_state == SSH_AUTH_INFO){ ++ i=0; ++ /* we feed 10 password responses at max. Keybint is challenge-response ++ * based so the server could ask unrelated questions ++ */ ++ while(auth_state == SSH_AUTH_INFO && i<10){ ++ ssh_userauth_kbdint_setanswer(ssh_session, i, password); ++ auth_state = ssh_userauth_kbdint(ssh_session, NULL, NULL); ++ i++; ++ } ++ /* Partial authentication is specific to SSH : the password is valid but ++ * an other authentication token is needed (generaly private key) ++ */ ++ if(auth_state == SSH_AUTH_PARTIAL) ++ auth_state = SSH_AUTH_SUCCESS; ++ if(auth_state == SSH_AUTH_INFO) ++ auth_state = SSH_AUTH_ERROR; ++ return auth_state; ++ } ++ if(auth_state == SSH_AUTH_ERROR) ++ return auth_state; ++ /* Keyboard-interactive is not supported so we run through the password ++ * method */ ++ auth_state = ssh_userauth_password(ssh_session, NULL, password); ++ if(auth_state == SSH_AUTH_PARTIAL) ++ auth_state = SSH_AUTH_SUCCESS; ++ return auth_state; ++} ++ + int + start_ssh2(int s, unsigned long int ip, int port, unsigned char options, char *miscptr, FILE * fp) + { +@@ -21,17 +60,17 @@ + char *buf; + char *rc; + struct sockaddr_in targetip; +- SSH_SESSION *ssh_session; +- SSH_OPTIONS *ssh_opt; ++ ssh_session ssh_session; ++ char buffer[64], firstlogin[128]; + int auth_state; +- int i = 0; ++ const int btrue = 1; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + +- ssh_opt=options_new(); ++ ssh_session=ssh_new(); + memset(&targetip, 0, sizeof(targetip)); + memcpy(&targetip.sin_addr.s_addr, &ip, 4); + targetip.sin_family = AF_INET; +@@ -41,16 +80,18 @@ + buf = malloc(20); + inet_ntop(AF_INET, &targetip.sin_addr, buf, 20); + #endif +- options_set_wanted_method(ssh_opt,KEX_COMP_C_S,"none"); +- options_set_wanted_method(ssh_opt,KEX_COMP_S_C,"none"); +- options_set_port(ssh_opt, port); +- options_set_host(ssh_opt, buf); +- options_set_username(ssh_opt, login); +- +- if ((ssh_session = ssh_connect(ssh_opt)) == NULL) { ++ snprintf(firstlogin,sizeof(firstlogin),"%s",login); ++ ssh_options_set(ssh_session, SSH_OPTIONS_SSH1, &btrue); ++ ssh_options_set(ssh_session, SSH_OPTIONS_PORT, &port); ++ ssh_options_set(ssh_session, SSH_OPTIONS_HOST, buf); ++ ssh_options_set(ssh_session, SSH_OPTIONS_USER, login); ++ /* printf("ssh-connecting with login \"%s\"\n",login); */ ++ if (ssh_connect(ssh_session) == SSH_ERROR) { + rc = ssh_get_error(ssh_session); + if ((rc != NULL) && (rc[0] != '\0')) { +- if (strncmp("connect:", ssh_get_error(ssh_session), strlen("connect:")) == 0) ++ snprintf(buffer,sizeof(buffer),"%s",rc); ++ ssh_disconnect(ssh_session); ++ if (strncmp("connect:", buffer, strlen("connect:")) == 0) + return 3; + else + return 4; +@@ -60,43 +101,54 @@ + free(buf); + buf = NULL; + #endif +- +- do { +- /* why this crap? */ +- auth_state = ssh_userauth_kbdint(ssh_session, login, NULL); +- while (i < 10 && auth_state == SSH_AUTH_INFO) { +- ssh_userauth_kbdint_setanswer(ssh_session, i, pass); +- auth_state = ssh_userauth_kbdint(ssh_session, login, NULL); +- i++; +- } +- +- if (auth_state == SSH_AUTH_SUCCESS || ssh_userauth_password(ssh_session, login, pass) == SSH_AUTH_SUCCESS) { +- ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ +- hydra_report_found_host(port, ip, "ssh2", fp); +- hydra_completed_pair_found(); +- if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) +- return 2; +- /* free(ssh_opt); */ /* DOUBLE FREE ! */ ++ /* None method is important since it can flag passwordless servers */ ++ auth_state=ssh_userauth_none(ssh_session, login); ++ if(auth_state == SSH_AUTH_SUCCESS){ ++ /* passwordless server */ ++ hydra_report_found_host(port, ip, "ssh2", fp); ++ hydra_completed_pair_found(); ++ ssh_disconnect(ssh_session); ++ if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) ++ return 2; ++ else + return 1; +- } else { +- if (ssh_error_code(ssh_session) == 1) { +- hydra_completed_pair(); ++ } ++ ++ do { ++ auth_state=try_password(ssh_session, pass); ++ if (auth_state == SSH_AUTH_SUCCESS) { ++ ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ ++ hydra_report_found_host(port, ip, "ssh2", fp); ++ hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; ++ return 1; + } else { +- ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ +- hydra_completed_pair(); /* really? */ +- if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) ++ if (auth_state == SSH_AUTH_DENIED) { ++ hydra_completed_pair(); ++ if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0){ ++ ssh_disconnect(ssh_session); + return 2; +- /* free(ssh_opt); */ /* DOUBLE FREE ! */ ++ } ++ /* set a new password to try */ ++ login=hydra_get_next_login(); ++ if(strcmp(login,firstlogin) != 0){ ++ /* we can't try a new login without a new session. */ ++ ssh_disconnect(ssh_session); ++ //hydra_completed_pair_skip(); ++ return 1; ++ } ++ pass=hydra_get_next_password(); ++ /* try again using same session */ ++ } else { ++ ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ ++ /* there was an error. The password was not really tried.*/ ++ //hydra_completed_pair_skip(); + return 1; + } + } + } while(1); + +- /* not reached */ +- +- /* free(ssh_opt); */ /* risk of double free */ + return 1; + } + diff --git a/network/hydra/patches/hydra-http-form.patch b/network/hydra/patches/hydra-http-form.patch new file mode 100644 index 0000000000..6dde09cdf1 --- /dev/null +++ b/network/hydra/patches/hydra-http-form.patch @@ -0,0 +1,18 @@ +--- hydra-http-form.old 2008-02-06 09:42:49.000000000 +0000 ++++ hydra-http-form.c 2008-02-06 09:43:45.000000000 +0000 +@@ -149,7 +149,6 @@ + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { +- free(updvariables); + free(upd2variables); + return 1; + } +@@ -183,7 +182,6 @@ + */ + + free(buf); +- free(updvariables); + free(upd2variables); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) diff --git a/network/hydra/slack-desc b/network/hydra/slack-desc index 7e82699f70..e32cecb904 100644 --- a/network/hydra/slack-desc +++ b/network/hydra/slack-desc @@ -7,13 +7,13 @@ |-----handy-ruler------------------------------------------------------| hydra: Hydra (A very fast network login cracker) -hydra: +hydra: hydra: One of the biggest security holes are user passwords, as every hydra: password security study shows. This tool is a proof of concept, hydra: to give researchers and security consultants a way to demonstrate hydra: how easy it would be to gain unauthorized access to a remote system. hydra: THIS TOOL IS FOR LEGAL PURPOSES ONLY! -hydra: +hydra: hydra: Homepage: http://freeworld.thc.org/thc-hydra/ -hydra: +hydra: hydra: -- cgit v1.2.3