SHARE
TWEET

hydra-redis

a guest Feb 15th, 2014 172 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. diff -rupN hydra-7.6/hydra.c hydra-7.6-redis/hydra.c
  2. --- hydra-7.6/hydra.c   2013-12-25 08:01:57.000000000 +0100
  3. +++ hydra-7.6-redis/hydra.c     2014-02-10 13:48:06.205464035 +0100
  4. @@ -118,6 +118,7 @@ extern int service_pcnfs_init(char *ip,
  5.  extern int service_pop3_init(char *ip, int sp, unsigned char options,
  6. char *miscptr, FILE * fp, int port);
  7.  extern int service_http_proxy_init(char *ip, int sp, unsigned char
  8. options, char *miscptr, FILE * fp, int port);
  9.  extern int service_asterisk_init(char *ip, int sp, unsigned char
  10. options, char *miscptr, FILE * fp, int port);
  11. +extern int service_redis_init(char *ip, int sp, unsigned char
  12. options, char *miscptr, FILE * fp, int port);
  13.  extern int service_rexec_init(char *ip, int sp, unsigned char
  14. options, char *miscptr, FILE * fp, int port);
  15.  extern int service_rlogin_init(char *ip, int sp, unsigned char
  16. options, char *miscptr, FILE * fp, int port);
  17.  extern int service_rsh_init(char *ip, int sp, unsigned char options,
  18. char *miscptr, FILE * fp, int port);
  19. @@ -135,7 +136,7 @@ extern int service_s7_300_init(char *ip,
  20.  
  21.  
  22.  // ADD NEW SERVICES HERE
  23. -char *SERVICES = "asterisk afp cisco cisco-enable cvs firebird ftp
  24. ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy
  25. http-proxy-urlenum icq imap[s] irc ldap2[s]
  26. ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle
  27. oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp rexec
  28. rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh
  29. sshkey svn teamspeak telnet[s] vmauthd vnc xmpp";
  30. +char *SERVICES = "redis asterisk afp cisco cisco-enable cvs firebird
  31. ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy
  32. http-proxy-urlenum icq imap[s] irc ldap2[s]
  33. ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle
  34. oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp rexec
  35. rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh
  36. sshkey svn teamspeak telnet[s] vmauthd vnc xmpp";
  37.  
  38.  #define MAXBUF       520
  39.  #define MAXLINESIZE  ( ( MAXBUF / 2 ) - 4 )
  40. @@ -1062,6 +1063,8 @@ void hydra_service_init(int target_no) {
  41.  #endif
  42.    if (strcmp(hydra_options.service, "ftp") == 0 ||
  43. strcmp(hydra_options.service, "ftps") == 0)
  44.      x = service_ftp_init(hydra_targets[target_no]->ip, -1, options,
  45. hydra_options.miscptr, hydra_brains.ofp, port);
  46. +  if (strcmp(hydra_options.service, "redis") == 0 ||
  47. strcmp(hydra_options.service, "redis") == 0)
  48. +    x = service_redis_init(hydra_targets[target_no]->ip, -1, options,
  49. hydra_options.miscptr, hydra_brains.ofp, port);
  50.    if (strcmp(hydra_options.service, "http-get") == 0 ||
  51. strcmp(hydra_options.service, "http-head") == 0)
  52.      x = service_http_init(hydra_targets[target_no]->ip, -1, options,
  53. hydra_options.miscptr, hydra_brains.ofp, port);
  54.    if (strcmp(hydra_options.service, "http-form") == 0 ||
  55. strcmp(hydra_options.service, "http-get-form") == 0 ||
  56. strcmp(hydra_options.service, "http-post-form") == 0)
  57. @@ -1214,6 +1217,8 @@ int hydra_spawn_head(int head_no, int ta
  58.          service_ftp(hydra_targets[target_no]->ip,
  59. hydra_heads[head_no]->sp[1], options, hydra_options.miscptr,
  60. hydra_brains.ofp, port);
  61.        if (strcmp(hydra_options.service, "ftps") == 0)
  62.          service_ftps(hydra_targets[target_no]->ip,
  63. hydra_heads[head_no]->sp[1], options, hydra_options.miscptr,
  64. hydra_brains.ofp, port);
  65. +      if (strcmp(hydra_options.service, "redis") == 0)
  66. +        service_redis(hydra_targets[target_no]->ip,
  67. hydra_heads[head_no]->sp[1], options, hydra_options.miscptr,
  68. hydra_brains.ofp, port);
  69.        if (strcmp(hydra_options.service, "pop3") == 0)
  70.          service_pop3(hydra_targets[target_no]->ip,
  71. hydra_heads[head_no]->sp[1], options, hydra_options.miscptr,
  72. hydra_brains.ofp, port);
  73.        if (strcmp(hydra_options.service, "imap") == 0)
  74. @@ -1430,6 +1435,7 @@ int hydra_lookup_port(char *service) {
  75.      {"rdp", PORT_RDP, PORT_RDP_SSL},
  76.      {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL},
  77.      {"s7-300", PORT_S7_300, PORT_S7_300_SSL},
  78. +    {"redis", PORT_REDIS, PORT_REDIS_SSL},
  79.  // ADD NEW SERVICES HERE - add new port numbers to hydra.h
  80.      {"", PORT_NOPORT, PORT_NOPORT}
  81.    };
  82. @@ -2471,6 +2477,8 @@ int main(int argc, char *argv[]) {
  83.        fprintf(stderr, "[INFO] several providers have implemented
  84. cracking protection, check with a small wordlist first - and stay
  85. legal!\n");
  86.        i = 1;
  87.      }
  88. +    if (strcmp(hydra_options.service, "redis") == 0)
  89. +      i = 2;
  90.      if (strcmp(hydra_options.service, "asterisk") == 0)
  91.        i = 1;
  92.      if (strcmp(hydra_options.service, "vmauthd") == 0)
  93. @@ -2912,7 +2920,7 @@ int main(int argc, char *argv[]) {
  94.        if (hydra_options.colonfile != NULL
  95.            || ((hydra_options.login != NULL || hydra_options.loginfile
  96. != NULL) && (hydra_options.pass != NULL || hydra_options.passfile !=
  97. NULL || hydra_options.bfg > 0)))
  98.          bail
  99. -          ("The cisco, oracle-listener, s7-300, snmp and vnc modules
  100. are only using the -p or -P option, not login (-l, -L) or colon file
  101. (-C).\nUse the telnet module for cisco using \"Username:\"
  102. authentication.\n");
  103. +          ("The redis, cisco, oracle-listener, s7-300, snmp and vnc
  104. modules are only using the -p or -P option, not login (-l, -L) or
  105. colon file (-C).\nUse the telnet module for cisco using \"Username:\"
  106. authentication.\n");
  107.        if ((hydra_options.login != NULL || hydra_options.loginfile !=
  108. NULL) && (hydra_options.pass == NULL || hydra_options.passfile ==
  109. NULL)) {
  110.          hydra_options.pass = hydra_options.login;
  111.          hydra_options.passfile = hydra_options.loginfile;
  112. diff -rupN hydra-7.6/hydra.h hydra-7.6-redis/hydra.h
  113. --- hydra-7.6/hydra.h   2013-12-13 20:07:51.000000000 +0100
  114. +++ hydra-7.6-redis/hydra.h     2014-02-10 13:07:04.929467717 +0100
  115. @@ -116,6 +116,8 @@
  116.  #define PORT_ASTERISK_SSL  5038
  117.  #define PORT_S7_300      102
  118.  #define PORT_S7_300_SSL  102
  119. +#define PORT_REDIS      6379
  120. +#define PORT_REDIS_SSL   6379
  121.  
  122.  #define False 0
  123.  #define True  1
  124. diff -rupN hydra-7.6/hydra-redis.c hydra-7.6-redis/hydra-redis.c
  125. --- hydra-7.6/hydra-redis.c     1970-01-01 01:00:00.000000000 +0100
  126. +++ hydra-7.6-redis/hydra-redis.c       2014-02-10 16:43:07.900448231 +0100
  127. @@ -0,0 +1,104 @@
  128. +#include "hydra-mod.h"
  129. +
  130. +extern char *HYDRA_EXIT;
  131. +  char *buf;
  132. +
  133. +
  134. +
  135. +int start_redis(int s, char *ip, int port, unsigned char options,
  136. char *miscptr, FILE * fp) {
  137. +  char *pass, buffer[510];
  138. +  char *empty = "";
  139. +
  140. +  if (strlen(pass = hydra_get_next_password()) == 0)
  141. +    pass = empty;
  142. +
  143. +  sprintf(buffer, "AUTH %.250s\r\n", pass);
  144. +
  145. +  if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
  146. +    return 1;
  147. +  }
  148. +  buf = hydra_receive_line(s);
  149. +  if (buf[0] == '+') {
  150. +    hydra_report_found_host(port, ip, "redis", fp);
  151. +    hydra_completed_pair_found();
  152. +    free(buf);
  153. +    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
  154. +      return 3;
  155. +    return 1;
  156. +  }
  157. +  if (verbose)
  158. +      hydra_report(stderr, "[VERBOSE] Authentication failed for
  159. password %s\n", pass);
  160. +      hydra_completed_pair();
  161. +
  162. +  free(buf);
  163. +
  164. +  return 1;
  165. +}
  166. +
  167. +void service_redis_core(char *ip, int sp, unsigned char options, char
  168. *miscptr, FILE * fp, int port, int tls) {
  169. +  int run = 1, next_run = 1, sock = -1;
  170. +  int myport = PORT_REDIS, mysslport = PORT_REDIS_SSL;
  171. +
  172. +  hydra_register_socket(sp);
  173. +  if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
  174. +    hydra_child_exit(0);
  175. +  while (1) {
  176. +    switch (run) {
  177. +    case 1:                    /* connect and service init function */
  178. +      if (sock >= 0)
  179. +        sock = hydra_disconnect(sock);
  180. +      if ((options & OPTION_SSL) == 0) {
  181. +        if (port != 0)
  182. +          myport = port;
  183. +        sock = hydra_connect_tcp(ip, myport);
  184. +        port = myport;
  185. +      } else {
  186. +        if (port != 0)
  187. +          mysslport = port;
  188. +        sock = hydra_connect_ssl(ip, mysslport);
  189. +        port = mysslport;
  190. +      }
  191. +      if (sock < 0) {
  192. +        if (verbose || debug)
  193. +          hydra_report(stderr, "[ERROR] Child with pid %d
  194. terminating, can not connect\n", (int) getpid());
  195. +        hydra_child_exit(1);
  196. +      }
  197. +      usleep(250);
  198. +      next_run = 2;
  199. +      break;
  200. +    case 2:                    /* run the cracking function */
  201. +      next_run = start_redis(sock, ip, port, options, miscptr, fp);
  202. +      break;
  203. +    case 3:                    /* error exit */
  204. +      if (sock >= 0)
  205. +        sock = hydra_disconnect(sock);
  206. +      hydra_child_exit(2);
  207. +    case 4:                    /* clean exit */
  208. +      if (sock >= 0)
  209. +        sock = hydra_disconnect(sock);
  210. +      hydra_child_exit(0);
  211. +    default:
  212. +      hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
  213. +      hydra_child_exit(2);
  214. +    }
  215. +    run = next_run;
  216. +  }
  217. +}
  218. +
  219. +void service_redis(char *ip, int sp, unsigned char options, char
  220. *miscptr, FILE * fp, int port) {
  221. +  service_redis_core(ip, sp, options, miscptr, fp, port, 0);
  222. +}
  223. +
  224. +int service_redis_init(char *ip, int sp, unsigned char options, char
  225. *miscptr, FILE * fp, int port) {
  226. +  // called before the childrens are forked off, so this is the function
  227. +  // which should be filled if initial connections and service setup has to be
  228. +  // performed once only.
  229. +  //
  230. +  // fill if needed.
  231. +  //
  232. +  // return codes:
  233. +  //   0 all OK
  234. +  //   -1  error, hydra will exit, so print a good error message here
  235. +
  236. +  return 0;
  237. +}
  238. Binary files hydra-7.6/.hydra-vnc.c.swp and
  239. hydra-7.6-redis/.hydra-vnc.c.swp differ
  240. diff -rupN hydra-7.6/Makefile.am hydra-7.6-redis/Makefile.am
  241. --- hydra-7.6/Makefile.am       2013-12-25 08:06:44.000000000 +0100
  242. +++ hydra-7.6-redis/Makefile.am 2014-02-10 13:11:26.013467283 +0100
  243. @@ -6,7 +6,7 @@ OPTS=-I. -O3
  244.  LIBS=-lm
  245.  DIR=/bin
  246.  
  247. -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \
  248. +SRC = hydra-redis.c hydra-vnc.c hydra-pcnfs.c hydra-rexec.c
  249. hydra-nntp.c hydra-socks5.c \
  250.        hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \
  251.        hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \
  252.        hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \
  253. @@ -17,7 +17,7 @@ SRC = hydra-vnc.c hydra-pcnfs.c hydra-re
  254.        hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \
  255.        hydra-rdp.c hydra-s7-300.c \
  256.        crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c
  257. -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \
  258. +OBJ = hydra-redis.o hydra-vnc.o hydra-pcnfs.o hydra-rexec.o
  259. hydra-nntp.o hydra-socks5.o \
  260.        hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \
  261.        hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \
  262.        hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top