Les sous-répertoires hydra-5.4-src/arm et hydra-5.4-src-libssh0.2/arm sont identiques. diff -u hydra-5.4-src/configure hydra-5.4-src-libssh0.2/configure --- hydra-5.4-src/configure 2006-01-20 14:44:15.000000000 +0100 +++ hydra-5.4-src-libssh0.2/configure 2008-10-31 22:32:47.000000000 +0100 @@ -243,11 +243,11 @@ if [ -n "$SSH_PATH" ]; then echo " ... found" - echo 'NOTE: ensure that you have libssh v0.11 installed!! Get it from http://0xbadc0de.be !' + echo 'NOTE: ensure that you have libssh v0.2 or later installed!! Get it from http://0xbadc0de.be !' fi if [ "X" = "X$SSH_PATH" ]; then echo " ... NOT found, module ssh2 disabled" - echo 'Get it from http://0xbadc0de.be/ - use v0.11!' + echo 'Get it from http://0xbadc0de.be/ - use v0.2 or later' fi if [ "$SSH_IPATH" = "/usr/include" ]; then SSH_IPATH="" Seulement dans hydra-5.4-src-libssh0.2/: .hydra-ftp.c.swp Les sous-répertoires hydra-5.4-src/hydra-gtk et hydra-5.4-src-libssh0.2/hydra-gtk sont identiques. Seulement dans hydra-5.4-src-libssh0.2/: .hydra-mod.c.swp diff -u hydra-5.4-src/hydra-ssh2.c hydra-5.4-src-libssh0.2/hydra-ssh2.c --- hydra-5.4-src/hydra-ssh2.c 2007-03-22 15:04:29.000000000 +0100 +++ hydra-5.4-src-libssh0.2/hydra-ssh2.c 2008-11-01 21:21:08.000000000 +0100 @@ -7,12 +7,51 @@ } #else -#warning "If compilation of hydra-ssh2 fails, you are not using v0.11. Download from http://www.0xbadc0de.be/" +#warning "If compilation of hydra-ssh2 fails, you are not using v0.2 or 0.2.1. Download from http://www.0xbadc0de.be/" #include extern char *HYDRA_EXIT; +/* try to authenticate with one password */ +static int +try_password(SSH_SESSION *ssh_session, char *password){ + int auth_state; + int i; + /* printf("ssh-trying pass \"%s\"\n",password); */ + /* We try keyboard-interactive when it's supported. kbdint is + * what openssh tries first when logging somewhere. + */ + auth_state = ssh_userauth_kbdint(ssh_session, NULL, NULL); + if(auth_state == SSH_AUTH_INFO){ + i=0; + /* we feed 10 password responses at max. Keybint is challenge-response + * based so the server could ask unrelated questions + */ + while(auth_state == SSH_AUTH_INFO && i<10){ + ssh_userauth_kbdint_setanswer(ssh_session, i, password); + auth_state = ssh_userauth_kbdint(ssh_session, NULL, NULL); + i++; + } + /* Partial authentication is specific to SSH : the password is valid but + * an other authentication token is needed (generaly private key) + */ + if(auth_state == SSH_AUTH_PARTIAL) + auth_state = SSH_AUTH_SUCCESS; + if(auth_state == SSH_AUTH_INFO) + auth_state = SSH_AUTH_ERROR; + return auth_state; + } + if(auth_state == SSH_AUTH_ERROR) + return auth_state; + /* Keyboard-interactive is not supported so we run through the password + * method */ + auth_state = ssh_userauth_password(ssh_session, NULL, password); + if(auth_state == SSH_AUTH_PARTIAL) + auth_state = SSH_AUTH_SUCCESS; + return auth_state; +} + int start_ssh2(int s, unsigned long int ip, int port, unsigned char options, char *miscptr, FILE * fp) { @@ -20,18 +59,19 @@ char *login, *pass; char *buf; char *rc; + char buffer[64]; struct sockaddr_in targetip; SSH_SESSION *ssh_session; SSH_OPTIONS *ssh_opt; int auth_state; - int i = 0; + char firstlogin[128]; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; - - ssh_opt=options_new(); + snprintf(firstlogin,sizeof(firstlogin),"%s",login); + ssh_opt=ssh_options_new(); memset(&targetip, 0, sizeof(targetip)); memcpy(&targetip.sin_addr.s_addr, &ip, 4); targetip.sin_family = AF_INET; @@ -41,16 +81,21 @@ buf = malloc(20); inet_ntop(AF_INET, &targetip.sin_addr, buf, 20); #endif - options_set_wanted_method(ssh_opt,KEX_COMP_C_S,"none"); - options_set_wanted_method(ssh_opt,KEX_COMP_S_C,"none"); - options_set_port(ssh_opt, port); - options_set_host(ssh_opt, buf); - options_set_username(ssh_opt, login); - - if ((ssh_session = ssh_connect(ssh_opt)) == NULL) { + ssh_options_allow_ssh1(ssh_opt,1); +// ssh_options_set_wanted_algos (ssh_opt,KEX_COMP_C_S,"none"); +// ssh_options_set_wanted_algos (ssh_opt,KEX_COMP_S_C,"none"); + ssh_options_set_port(ssh_opt, port); + ssh_options_set_host(ssh_opt, buf); + ssh_options_set_username(ssh_opt, login); + ssh_session=ssh_new(); + ssh_set_options(ssh_session,ssh_opt); + /* printf("ssh-connecting with login \"%s\"\n",login); */ + if (ssh_connect(ssh_session) == SSH_ERROR) { rc = ssh_get_error(ssh_session); if ((rc != NULL) && (rc[0] != '\0')) { - if (strncmp("connect:", ssh_get_error(ssh_session), strlen("connect:")) == 0) + snprintf(buffer,sizeof(buffer),"%s",rc); + ssh_disconnect(ssh_session); + if (strncmp("connect:", buffer, strlen("connect:")) == 0) return 3; else return 4; @@ -60,43 +105,54 @@ free(buf); buf = NULL; #endif - - do { - /* why this crap? */ - auth_state = ssh_userauth_kbdint(ssh_session, login, NULL); - while (i < 10 && auth_state == SSH_AUTH_INFO) { - ssh_userauth_kbdint_setanswer(ssh_session, i, pass); - auth_state = ssh_userauth_kbdint(ssh_session, login, NULL); - i++; - } - - if (auth_state == SSH_AUTH_SUCCESS || ssh_userauth_password(ssh_session, login, pass) == SSH_AUTH_SUCCESS) { - ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ - hydra_report_found_host(port, ip, "ssh2", fp); - hydra_completed_pair_found(); - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) - return 2; - /* free(ssh_opt); */ /* DOUBLE FREE ! */ + /* None method is important since it can flag passwordless servers */ + auth_state=ssh_userauth_none(ssh_session, login); + if(auth_state == SSH_AUTH_SUCCESS){ + /* passwordless server */ + hydra_report_found_host(port, ip, "ssh2", fp); + hydra_completed_pair_found(); + ssh_disconnect(ssh_session); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + else return 1; - } else { - if (ssh_error_code(ssh_session) == 1) { - hydra_completed_pair(); + } + + do { + auth_state=try_password(ssh_session, pass); + if (auth_state == SSH_AUTH_SUCCESS) { + ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ + hydra_report_found_host(port, ip, "ssh2", fp); + hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; + return 1; } else { - ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ - hydra_completed_pair(); /* really? */ - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + if (auth_state == SSH_AUTH_DENIED) { + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0){ + ssh_disconnect(ssh_session); return 2; - /* free(ssh_opt); */ /* DOUBLE FREE ! */ + } + /* set a new password to try */ + login=hydra_get_next_login(); + if(strcmp(login,firstlogin) != 0){ + /* we can't try a new login without a new session. */ + ssh_disconnect(ssh_session); + //hydra_completed_pair_skip(); + return 1; + } + pass=hydra_get_next_password(); + /* try again using same session */ + } else { + ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ + /* there was an error. The password was not really tried.*/ + //hydra_completed_pair_skip(); return 1; } } } while(1); - /* not reached */ - - /* free(ssh_opt); */ /* risk of double free */ return 1; } Les sous-répertoires hydra-5.4-src/palm et hydra-5.4-src-libssh0.2/palm sont identiques.