hydra-redis

1. diff -rupN hydra-7.6/hydra.c hydra-7.6-redis/hydra.c
2. --- hydra-7.6/hydra.c   2013-12-25 08:01:57.000000000 +0100
3. +++ hydra-7.6-redis/hydra.c     2014-02-10 13:48:06.205464035 +0100
4. @@ -118,6 +118,7 @@ extern int service_pcnfs_init(char *ip,
5.  extern int service_pop3_init(char *ip, int sp, unsigned char options,
6. char *miscptr, FILE * fp, int port);
7.  extern int service_http_proxy_init(char *ip, int sp, unsigned char
8. options, char *miscptr, FILE * fp, int port);
9.  extern int service_asterisk_init(char *ip, int sp, unsigned char
10. options, char *miscptr, FILE * fp, int port);
11. +extern int service_redis_init(char *ip, int sp, unsigned char
12. options, char *miscptr, FILE * fp, int port);
13.  extern int service_rexec_init(char *ip, int sp, unsigned char
14. options, char *miscptr, FILE * fp, int port);
15.  extern int service_rlogin_init(char *ip, int sp, unsigned char
16. options, char *miscptr, FILE * fp, int port);
17.  extern int service_rsh_init(char *ip, int sp, unsigned char options,
18. char *miscptr, FILE * fp, int port);
19. @@ -135,7 +136,7 @@ extern int service_s7_300_init(char *ip,
20.  
21.  
22.  // ADD NEW SERVICES HERE
23. -char *SERVICES = "asterisk afp cisco cisco-enable cvs firebird ftp
24. ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy
25. http-proxy-urlenum icq imap[s] irc ldap2[s]
26. ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle
27. oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp rexec
28. rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh
29. sshkey svn teamspeak telnet[s] vmauthd vnc xmpp";
30. +char *SERVICES = "redis asterisk afp cisco cisco-enable cvs firebird
31. ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy
32. http-proxy-urlenum icq imap[s] irc ldap2[s]
33. ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle
34. oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp rexec
35. rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh
36. sshkey svn teamspeak telnet[s] vmauthd vnc xmpp";
37.  
38.  #define MAXBUF       520
39.  #define MAXLINESIZE  ( ( MAXBUF / 2 ) - 4 )
40. @@ -1062,6 +1063,8 @@ void hydra_service_init(int target_no) {
41.  #endif
42.    if (strcmp(hydra_options.service, "ftp") == 0 ||
43. strcmp(hydra_options.service, "ftps") == 0)
44.      x = service_ftp_init(hydra_targets[target_no]->ip, -1, options,
45. hydra_options.miscptr, hydra_brains.ofp, port);
46. +  if (strcmp(hydra_options.service, "redis") == 0 ||
47. strcmp(hydra_options.service, "redis") == 0)
48. +    x = service_redis_init(hydra_targets[target_no]->ip, -1, options,
49. hydra_options.miscptr, hydra_brains.ofp, port);
50.    if (strcmp(hydra_options.service, "http-get") == 0 ||
51. strcmp(hydra_options.service, "http-head") == 0)
52.      x = service_http_init(hydra_targets[target_no]->ip, -1, options,
53. hydra_options.miscptr, hydra_brains.ofp, port);
54.    if (strcmp(hydra_options.service, "http-form") == 0 ||
55. strcmp(hydra_options.service, "http-get-form") == 0 ||
56. strcmp(hydra_options.service, "http-post-form") == 0)
57. @@ -1214,6 +1217,8 @@ int hydra_spawn_head(int head_no, int ta
58.          service_ftp(hydra_targets[target_no]->ip,
59. hydra_heads[head_no]->sp[1], options, hydra_options.miscptr,
60. hydra_brains.ofp, port);
61.        if (strcmp(hydra_options.service, "ftps") == 0)
62.          service_ftps(hydra_targets[target_no]->ip,
63. hydra_heads[head_no]->sp[1], options, hydra_options.miscptr,
64. hydra_brains.ofp, port);
65. +      if (strcmp(hydra_options.service, "redis") == 0)
66. +        service_redis(hydra_targets[target_no]->ip,
67. hydra_heads[head_no]->sp[1], options, hydra_options.miscptr,
68. hydra_brains.ofp, port);
69.        if (strcmp(hydra_options.service, "pop3") == 0)
70.          service_pop3(hydra_targets[target_no]->ip,
71. hydra_heads[head_no]->sp[1], options, hydra_options.miscptr,
72. hydra_brains.ofp, port);
73.        if (strcmp(hydra_options.service, "imap") == 0)
74. @@ -1430,6 +1435,7 @@ int hydra_lookup_port(char *service) {
75.      {"rdp", PORT_RDP, PORT_RDP_SSL},
76.      {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL},
77.      {"s7-300", PORT_S7_300, PORT_S7_300_SSL},
78. +    {"redis", PORT_REDIS, PORT_REDIS_SSL},
79.  // ADD NEW SERVICES HERE - add new port numbers to hydra.h
80.      {"", PORT_NOPORT, PORT_NOPORT}
81.    };
82. @@ -2471,6 +2477,8 @@ int main(int argc, char *argv[]) {
83.        fprintf(stderr, "[INFO] several providers have implemented
84. cracking protection, check with a small wordlist first - and stay
85. legal!\n");
86.        i = 1;
87.      }
88. +    if (strcmp(hydra_options.service, "redis") == 0)
89. +      i = 2;
90.      if (strcmp(hydra_options.service, "asterisk") == 0)
91.        i = 1;
92.      if (strcmp(hydra_options.service, "vmauthd") == 0)
93. @@ -2912,7 +2920,7 @@ int main(int argc, char *argv[]) {
94.        if (hydra_options.colonfile != NULL
95.            || ((hydra_options.login != NULL || hydra_options.loginfile
96. != NULL) && (hydra_options.pass != NULL || hydra_options.passfile !=
97. NULL || hydra_options.bfg > 0)))
98.          bail
99. -          ("The cisco, oracle-listener, s7-300, snmp and vnc modules
100. are only using the -p or -P option, not login (-l, -L) or colon file
101. (-C).\nUse the telnet module for cisco using \"Username:\"
102. authentication.\n");
103. +          ("The redis, cisco, oracle-listener, s7-300, snmp and vnc
104. modules are only using the -p or -P option, not login (-l, -L) or
105. colon file (-C).\nUse the telnet module for cisco using \"Username:\"
106. authentication.\n");
107.        if ((hydra_options.login != NULL || hydra_options.loginfile !=
108. NULL) && (hydra_options.pass == NULL || hydra_options.passfile ==
109. NULL)) {
110.          hydra_options.pass = hydra_options.login;
111.          hydra_options.passfile = hydra_options.loginfile;
112. diff -rupN hydra-7.6/hydra.h hydra-7.6-redis/hydra.h
113. --- hydra-7.6/hydra.h   2013-12-13 20:07:51.000000000 +0100
114. +++ hydra-7.6-redis/hydra.h     2014-02-10 13:07:04.929467717 +0100
115. @@ -116,6 +116,8 @@
116.  #define PORT_ASTERISK_SSL  5038
117.  #define PORT_S7_300      102
118.  #define PORT_S7_300_SSL  102
119. +#define PORT_REDIS      6379
120. +#define PORT_REDIS_SSL   6379
121.  
122.  #define False 0
123.  #define True  1
124. diff -rupN hydra-7.6/hydra-redis.c hydra-7.6-redis/hydra-redis.c
125. --- hydra-7.6/hydra-redis.c     1970-01-01 01:00:00.000000000 +0100
126. +++ hydra-7.6-redis/hydra-redis.c       2014-02-10 16:43:07.900448231 +0100
127. @@ -0,0 +1,104 @@
128. +#include "hydra-mod.h"
129. +
130. +extern char *HYDRA_EXIT;
131. +  char *buf;
132. +
133. +
134. +
135. +int start_redis(int s, char *ip, int port, unsigned char options,
136. char *miscptr, FILE * fp) {
137. +  char *pass, buffer[510];
138. +  char *empty = "";
139. +
140. +  if (strlen(pass = hydra_get_next_password()) == 0)
141. +    pass = empty;
142. +
143. +  sprintf(buffer, "AUTH %.250s\r\n", pass);
144. +
145. +  if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
146. +    return 1;
147. +  }
148. +  buf = hydra_receive_line(s);
149. +  if (buf[0] == '+') {
150. +    hydra_report_found_host(port, ip, "redis", fp);
151. +    hydra_completed_pair_found();
152. +    free(buf);
153. +    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
154. +      return 3;
155. +    return 1;
156. +  }
157. +  if (verbose)
158. +      hydra_report(stderr, "[VERBOSE] Authentication failed for
159. password %s\n", pass);
160. +      hydra_completed_pair();
161. +
162. +  free(buf);
163. +
164. +  return 1;
165. +}
166. +
167. +void service_redis_core(char *ip, int sp, unsigned char options, char
168. *miscptr, FILE * fp, int port, int tls) {
169. +  int run = 1, next_run = 1, sock = -1;
170. +  int myport = PORT_REDIS, mysslport = PORT_REDIS_SSL;
171. +
172. +  hydra_register_socket(sp);
173. +  if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
174. +    hydra_child_exit(0);
175. +  while (1) {
176. +    switch (run) {
177. +    case 1:                    /* connect and service init function */
178. +      if (sock >= 0)
179. +        sock = hydra_disconnect(sock);
180. +      if ((options & OPTION_SSL) == 0) {
181. +        if (port != 0)
182. +          myport = port;
183. +        sock = hydra_connect_tcp(ip, myport);
184. +        port = myport;
185. +      } else {
186. +        if (port != 0)
187. +          mysslport = port;
188. +        sock = hydra_connect_ssl(ip, mysslport);
189. +        port = mysslport;
190. +      }
191. +      if (sock < 0) {
192. +        if (verbose || debug)
193. +          hydra_report(stderr, "[ERROR] Child with pid %d
194. terminating, can not connect\n", (int) getpid());
195. +        hydra_child_exit(1);
196. +      }
197. +      usleep(250);
198. +      next_run = 2;
199. +      break;
200. +    case 2:                    /* run the cracking function */
201. +      next_run = start_redis(sock, ip, port, options, miscptr, fp);
202. +      break;
203. +    case 3:                    /* error exit */
204. +      if (sock >= 0)
205. +        sock = hydra_disconnect(sock);
206. +      hydra_child_exit(2);
207. +    case 4:                    /* clean exit */
208. +      if (sock >= 0)
209. +        sock = hydra_disconnect(sock);
210. +      hydra_child_exit(0);
211. +    default:
212. +      hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
213. +      hydra_child_exit(2);
214. +    }
215. +    run = next_run;
216. +  }
217. +}
218. +
219. +void service_redis(char *ip, int sp, unsigned char options, char
220. *miscptr, FILE * fp, int port) {
221. +  service_redis_core(ip, sp, options, miscptr, fp, port, 0);
222. +}
223. +
224. +int service_redis_init(char *ip, int sp, unsigned char options, char
225. *miscptr, FILE * fp, int port) {
226. +  // called before the childrens are forked off, so this is the function
227. +  // which should be filled if initial connections and service setup has to be
228. +  // performed once only.
229. +  //
230. +  // fill if needed.
231. +  //
232. +  // return codes:
233. +  //   0 all OK
234. +  //   -1  error, hydra will exit, so print a good error message here
235. +
236. +  return 0;
237. +}
238. Binary files hydra-7.6/.hydra-vnc.c.swp and
239. hydra-7.6-redis/.hydra-vnc.c.swp differ
240. diff -rupN hydra-7.6/Makefile.am hydra-7.6-redis/Makefile.am
241. --- hydra-7.6/Makefile.am       2013-12-25 08:06:44.000000000 +0100
242. +++ hydra-7.6-redis/Makefile.am 2014-02-10 13:11:26.013467283 +0100
243. @@ -6,7 +6,7 @@ OPTS=-I. -O3
244.  LIBS=-lm
245.  DIR=/bin
246.  
247. -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \
248. +SRC = hydra-redis.c hydra-vnc.c hydra-pcnfs.c hydra-rexec.c
249. hydra-nntp.c hydra-socks5.c \
250.        hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \
251.        hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \
252.        hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \
253. @@ -17,7 +17,7 @@ SRC = hydra-vnc.c hydra-pcnfs.c hydra-re
254.        hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \
255.        hydra-rdp.c hydra-s7-300.c \
256.        crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c
257. -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \
258. +OBJ = hydra-redis.o hydra-vnc.o hydra-pcnfs.o hydra-rexec.o
259. hydra-nntp.o hydra-socks5.o \
260.        hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \
261.        hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \
262.        hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \