mirror of
https://github.com/vanhauser-thc/thc-hydra.git
synced 2024-10-17 22:40:20 -07:00
240 lines
7.0 KiB
C
240 lines
7.0 KiB
C
#include "hydra-mod.h"
|
|
|
|
/*
|
|
|
|
RFC 1459: Internet Relay Chat Protocol
|
|
|
|
*/
|
|
|
|
extern char *HYDRA_EXIT;
|
|
char buffer[300] = "";
|
|
int32_t myport = PORT_IRC, mysslport = PORT_IRC_SSL;
|
|
|
|
int32_t start_oper_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
|
|
char *empty = "";
|
|
char *login, *pass;
|
|
int32_t ret;
|
|
|
|
if (strlen(login = hydra_get_next_login()) == 0)
|
|
login = empty;
|
|
if (strlen(pass = hydra_get_next_password()) == 0)
|
|
pass = empty;
|
|
|
|
sprintf(buffer, "OPER %s %s\r\n", login, pass);
|
|
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
|
|
return 3;
|
|
}
|
|
ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
|
|
if (ret >= 0)
|
|
buffer[ret] = 0;
|
|
/* :irc.debian.org 381 koma :You are now an IRC Operator */
|
|
/* :irc.debian.org 464 koma :Invalid password */
|
|
if ((ret > 0) && (strstr(buffer, " 381 ") != NULL)) {
|
|
hydra_report_found_host(port, ip, "irc", fp);
|
|
hydra_completed_pair_found();
|
|
} else {
|
|
hydra_completed_pair();
|
|
}
|
|
|
|
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
|
|
return 3;
|
|
return 2;
|
|
}
|
|
|
|
int32_t send_nick(int32_t s, char *ip, char *pass) {
|
|
if (strlen(pass) > 0) {
|
|
sprintf(buffer, "PASS %s\r\n", pass);
|
|
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
|
|
return -1;
|
|
}
|
|
}
|
|
sprintf(buffer, "CAP LS\r\n");
|
|
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
|
|
return -1;
|
|
}
|
|
sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int32_t)getpid(), (int32_t)getpid(), hydra_address2string(ip));
|
|
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
|
|
return -1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int32_t irc_server_connect(char *ip, int32_t sock, int32_t port, unsigned char options, char *hostname) {
|
|
if (sock >= 0)
|
|
sock = hydra_disconnect(sock);
|
|
// usleepn(275);
|
|
if ((options & OPTION_SSL) == 0) {
|
|
if (port != 0)
|
|
myport = port;
|
|
sock = hydra_connect_tcp(ip, myport);
|
|
port = myport;
|
|
} else {
|
|
if (port != 0)
|
|
mysslport = port;
|
|
sock = hydra_connect_ssl(ip, mysslport, hostname);
|
|
port = mysslport;
|
|
}
|
|
return sock;
|
|
}
|
|
|
|
int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) {
|
|
char *empty = "";
|
|
char *pass;
|
|
int32_t ret;
|
|
|
|
if (strlen(pass = hydra_get_next_password()) == 0)
|
|
pass = empty;
|
|
|
|
s = irc_server_connect(ip, s, port, options, hostname);
|
|
if (s < 0) {
|
|
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
|
|
return 3;
|
|
}
|
|
|
|
if (send_nick(s, ip, pass) < 0) {
|
|
return 3;
|
|
}
|
|
|
|
ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
|
|
if (ret >= 0)
|
|
buffer[ret] = 0;
|
|
#ifdef HAVE_PCRE
|
|
if ((ret > 0) && (!hydra_string_match(buffer, "ERROR\\s.*password"))) {
|
|
#else
|
|
if ((ret > 0) && (strstr(buffer, "ERROR") == NULL)) {
|
|
#endif
|
|
hydra_report_pass_found(port, ip, "irc", fp);
|
|
hydra_completed_pair_found();
|
|
hydra_report(stderr,
|
|
"[INFO] Server password '%s' is working, you can pass it as "
|
|
"argument\nto irc module to then try login/password oper mode\n",
|
|
pass);
|
|
} else {
|
|
if (verbose && (miscptr != NULL))
|
|
hydra_report(stderr,
|
|
"[VERBOSE] Server is requesting a general password, '%s' "
|
|
"you entered is not working\n",
|
|
miscptr);
|
|
hydra_completed_pair();
|
|
}
|
|
|
|
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
|
|
return 3;
|
|
return 4;
|
|
}
|
|
|
|
void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
|
|
int32_t run = 1, next_run = 1, sock = -1, ret;
|
|
char *buf;
|
|
|
|
hydra_register_socket(sp);
|
|
|
|
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
|
|
return;
|
|
while (1) {
|
|
next_run = 0;
|
|
switch (run) {
|
|
case 1: /* connect and service init function */
|
|
|
|
sock = irc_server_connect(ip, sock, port, options, hostname);
|
|
if (sock < 0) {
|
|
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
|
|
hydra_child_exit(1);
|
|
}
|
|
|
|
if (miscptr == NULL) {
|
|
miscptr = "";
|
|
}
|
|
if (send_nick(sock, ip, miscptr) < 0) {
|
|
hydra_child_exit(1);
|
|
}
|
|
|
|
buffer[0] = 0;
|
|
if ((ret = hydra_recv(sock, buffer, sizeof(buffer) - 1)) >= 0)
|
|
buffer[ret] = 0;
|
|
|
|
/* ERROR :Bad password */
|
|
#ifdef HAVE_PCRE
|
|
if ((ret > 0) && (hydra_string_match(buffer, "ERROR\\s.*password"))) {
|
|
#else
|
|
if ((ret > 0) && (strstr(buffer, "ERROR") != NULL)) {
|
|
#endif
|
|
if (verbose)
|
|
hydra_report(stderr, "[INFO] Server is requesting a password, will try to find it\n");
|
|
if (sock >= 0)
|
|
sock = hydra_disconnect(sock);
|
|
next_run = 4;
|
|
break;
|
|
}
|
|
|
|
while (hydra_data_ready(sock)) {
|
|
buf = hydra_receive_line(sock);
|
|
free(buf);
|
|
}
|
|
|
|
if ((ret > 0) && (strstr(buffer, " 432 ") != NULL)) {
|
|
/* :irc.debian.org 432 * hydra_5075 :Erroneous nickname */
|
|
if (verbose)
|
|
hydra_report(stderr, "[ERROR] Erroneous nickname\n");
|
|
hydra_child_exit(0);
|
|
}
|
|
|
|
if ((ret > 0) && (strstr(buffer, " 433 ") != NULL)) {
|
|
/* :irc.debian.org 433 * hydra :Nickname already in use */
|
|
if (verbose)
|
|
hydra_report(stderr, "[ERROR] Nickname already in use\n");
|
|
hydra_child_exit(0);
|
|
}
|
|
|
|
/* ERROR :Bad password is returned from ngircd when it s waiting for a
|
|
* server password */
|
|
if ((ret > 0) && (strstr(buffer, " 001 ") == NULL)) {
|
|
/* seems we not successfully connected */
|
|
hydra_report(stderr,
|
|
"[ERROR] should not be able to identify server msg, "
|
|
"please report it\n%s\n",
|
|
buffer);
|
|
hydra_child_exit(0);
|
|
}
|
|
|
|
next_run = 2;
|
|
break;
|
|
case 2: /* run the cracking function */
|
|
next_run = start_oper_irc(sock, ip, port, options, miscptr, fp);
|
|
break;
|
|
case 3: /* clean exit */
|
|
if (sock >= 0)
|
|
sock = hydra_disconnect(sock);
|
|
hydra_child_exit(0);
|
|
return;
|
|
case 4:
|
|
next_run = start_pass_irc(sock, ip, port, options, miscptr, fp, hostname);
|
|
break;
|
|
default:
|
|
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
|
|
hydra_child_exit(2);
|
|
}
|
|
run = next_run;
|
|
}
|
|
}
|
|
|
|
int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
|
|
// called before the childrens are forked off, so this is the function
|
|
// which should be filled if initial connections and service setup has to be
|
|
// performed once only.
|
|
//
|
|
// fill if needed.
|
|
//
|
|
// return codes:
|
|
// 0 all OK
|
|
// -1 error, hydra will exit, so print a good error message here
|
|
|
|
return 0;
|
|
}
|
|
|
|
void usage_irc(const char *service) {
|
|
printf("Module irc is optionally taking the general server password, if the "
|
|
"server is requiring one, and if none is passed the password from "
|
|
"-p/-P will be used\n\n");
|
|
}
|