diff -Nubr hydra-5.4-src_old/configure hydra-5.4-src/configure --- hydra-5.4-src_old/configure 2006-01-20 14:44:15.000000000 +0100 +++ hydra-5.4-src/configure 2007-09-04 22:24:22.000000000 +0200 @@ -23,6 +23,10 @@ SSL_IPATH="" CRYPTO_PATH="" POSTGRES_PATH="" +FIREBIRD_PATH="" +FIREBIRD_IPATH="" +NCP_PATH="" +NCP_IPATH="" SVN_PATH="" SVN_IPATH="" APR_IPATH="" @@ -96,7 +100,7 @@ SSL_IPATH="" fi -echo "Checking for Postgres (libpq) ..." +echo "Checking for Postgres (libpq.so) ..." for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib . do if [ "X" = "X$POSTGRES_PATH" ]; then @@ -105,7 +109,7 @@ fi fi if [ "X" = "X$POSTGRES_PATH" ]; then - TMP_LIB=`/bin/ls $i/libpq.so* /bin/cygpq*.dll 2> /dev/null | grep pq` + TMP_LIB=`/bin/ls $i/libpq.so /bin/cygpq*.dll 2> /dev/null | grep pq` if [ -n "$TMP_LIB" ]; then POSTGRES_PATH="$i" fi @@ -118,7 +122,7 @@ echo " ... NOT found, module postgres disabled" fi -echo "Checking for SVN (ibsvn_client-1 libapr-0.so libaprutil-0.so) ..." +echo "Checking for SVN (libsvn_client-1 libapr-0.so libaprutil-0.so) ..." for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib . do if [ "X" = "X$SVN_PATH" ]; then @@ -142,7 +146,75 @@ echo " ... NOT found, module svn disabled" fi -echo "Checking for SAP/R3 (librfc/saprfc.h) ..." +echo "Checking for Firebird (libfbclient.so / ibase.h) ..." +for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib . +do + if [ "X" = "X$FIREBIRD_PATH" ]; then + if [ -f "$i/libfbclient.so" ]; then + FIREBIRD_PATH="$i" + fi + fi + if [ "X" = "X$FIREBIRD_PATH" ]; then + TMP_LIB=`/bin/ls $i/libfbclient.so.* 2> /dev/null | grep libfbclient.` + if [ -n "$TMP_LIB" ]; then + FIREBIRD_PATH="$i" + fi + fi +done + +for i in /usr/local/include /*ssl/include /usr/include . +do + if [ "X" != "X$FIREBIRD_PATH" ]; then + if [ -f "$i/ibase.h" ]; then + FIREBIRD_IPATH="$i" + fi + fi +done + +if [ -n "$FIREBIRD_PATH" -a -n "$FIREBIRD_IPATH" ]; then + echo " ... found" +fi +if [ "X" = "X$FIREBIRD_PATH" -o "X" = "X$FIREBIRD_IPATH" ]; then + echo " ... NOT found, module firebird disabled" + FIREBIRD_PATH="" + FIREBIRD_IPATH="" +fi + +echo "Checking for NCP (libncp.so / nwcalls.h) ..." +for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib . +do + if [ "X" = "X$NCP_PATH" ]; then + if [ -f "$i/libncp.so" ]; then + NCP_PATH="$i" + fi + fi + if [ "X" = "X$NCP_PATH" ]; then + TMP_LIB=`/bin/ls $i/libncp.so.* 2> /dev/null | grep ncp.` + if [ -n "$TMP_LIB" ]; then + NCP_PATH="$i" + fi + fi +done + +for i in /usr/local/include /*ssl/include /usr/include . +do + if [ "X" != "X$NCP_PATH" ]; then + if [ -f "$i/ncp/nwcalls.h" ]; then + NCP_IPATH="$i" + fi + fi +done + +if [ -n "$NCP_PATH" -a -n "$NCP_IPATH" ]; then + echo " ... found" +fi +if [ "X" = "X$NCP_PATH" -o "X" = "X$NCP_IPATH" ]; then + echo " ... NOT found, module NCP disabled" + NCP_PATH="" + NCP_IPATH="" +fi + +echo "Checking for SAP/R3 (librfc / saprfc.h) ..." for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib . do if [ "X" = "X$SAPR3_PATH" ]; then @@ -306,7 +378,7 @@ echo fi -if [ -n "$SSL_PATH" -o -n "$CRYPTO_PATH" -o -n "$NSL_PATH" -o -n "$SOCKET_PATH" -o -n "$RESOLV_PATH" -o -n "$SAPR3_PATH" -o -n "$SSH_PATH" -o -n "$POSTGRES_PATH" -o -n "$SVN_PATH" ]; then +if [ -n "$SSL_PATH" -o -n "$CRYPTO_PATH" -o -n "$NSL_PATH" -o -n "$SOCKET_PATH" -o -n "$RESOLV_PATH" -o -n "$SAPR3_PATH" -o -n "$SSH_PATH" -o -n "$POSTGRES_PATH" -o -n "$SVN_PATH" -o -n "$FIREBIRD_PATH" -o -n "$NCP_PATH" ]; then XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/lib" fi if [ -n "$SSL_PATH" ]; then @@ -315,9 +387,17 @@ if [ -n "$SAPR3_PATH" ]; then XDEFINES="$XDEFINES -DLIBSAPR3" fi + if [ -n "$POSTGRES_PATH" ]; then XDEFINES="$XDEFINES -DLIBPOSTGRES" fi + +if [ -n "$FIREBIRD_PATH" ]; then + XDEFINES="$XDEFINES -DLIBFIREBIRD" +fi +if [ -n "$NCP_PATH" ]; then + XDEFINES="$XDEFINES -DLIBNCP" +fi if [ -n "$SVN_PATH" ]; then XDEFINES="$XDEFINES -DLIBSVN" fi @@ -335,7 +415,7 @@ XDEFINES="$XDEFINES -DLIBSSH" fi OLDPATH="" -for i in $SSL_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH; do +for i in $SSL_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH $FIREBIRD_PATH $NCP_PATH; do if [ "$OLDPATH" = "$i" ]; then OLDPATH="$i" else @@ -378,6 +458,12 @@ if [ -n "$POSTGRES_PATH" ]; then XLIBS="$XLIBS -lpq" fi +if [ -n "$FIREBIRD_PATH" ]; then + XLIBS="$XLIBS -lfbclient" +fi +if [ -n "$NCP_PATH" ]; then + XLIBS="$XLIBS -lncp" +fi if [ -n "$SVN_PATH" ]; then XLIBS="$XLIBS -lsvn_client-1 -lapr-0 -laprutil-0" fi diff -Nubr hydra-5.4-src_old/hydra.c hydra-5.4-src/hydra.c --- hydra-5.4-src_old/hydra.c 2007-03-22 15:04:29.000000000 +0100 +++ hydra-5.4-src/hydra.c 2007-09-04 22:47:11.000000000 +0200 @@ -44,7 +44,9 @@ extern void service_smtpauth(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_teamspeak(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_pcanywhere(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#ifdef LIBOPENSSL extern void service_sip(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif extern void service_pop3_ntlm(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_imap_ntlm(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_smtpauth_ntlm(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); @@ -52,6 +54,12 @@ #ifdef LIBPOSTGRES extern void service_postgres(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); #endif +#ifdef LIBFIREBIRD +extern void service_firebird(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBNCP +extern void service_ncp(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif #ifdef LIBOPENSSL extern void service_smbnt(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); #endif @@ -67,7 +75,7 @@ /* ADD NEW SERVICES HERE */ -#define SERVICES "telnet ftp pop3[-ntlm] imap[-ntlm] smb smbnt http[s]-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh2 smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd" +#define SERVICES "telnet ftp firebird pop3[-ntlm] imap[-ntlm] smb smbnt http[s]-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql ncp nntp oracle-listener postgres socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh2 smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd" /* ADD NEW SERVICES HERE */ @@ -650,6 +658,14 @@ if (strcmp(hydra_options.service, "postgres") == 0) service_postgres(hydra_targets[target_no]->ip, hydra_arms[arm_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); #endif +#ifdef LIBFIREBIRD + if (strcmp(hydra_options.service, "firebird") == 0) + service_firebird(hydra_targets[target_no]->ip, hydra_arms[arm_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBNCP + if (strcmp(hydra_options.service, "ncp") == 0) + service_ncp(hydra_targets[target_no]->ip, hydra_arms[arm_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif if (strcmp(hydra_options.service, "pcanywhere") == 0) service_pcanywhere(hydra_targets[target_no]->ip, hydra_arms[arm_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); if (strcmp(hydra_options.service, "csv") == 0) @@ -678,8 +694,10 @@ service_smtpauth_ntlm(hydra_targets[target_no]->ip, hydra_arms[arm_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); if (strcmp(hydra_options.service, "teamspeak") == 0) service_teamspeak(hydra_targets[target_no]->ip, hydra_arms[arm_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBOPENSSL if (strcmp(hydra_options.service, "sip") == 0) service_sip(hydra_targets[target_no]->ip, hydra_arms[arm_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif /* ADD NEW SERVICES HERE */ /* just in case a module returns (which it shouldnt) we let it exit here */ @@ -716,6 +734,7 @@ int i = 0; int port = -2; hydra_portlist hydra_portlists[] = { + {"firebird", PORT_FIREBIRD, PORT_FIREBIRD_SSL}, {"ftp", PORT_FTP, PORT_FTP_SSL}, {"http-head", PORT_HTTP, PORT_HTTP_SSL}, {"http-get", PORT_HTTP, PORT_HTTP_SSL}, @@ -756,6 +775,7 @@ {"snmp", PORT_SNMP, PORT_SNMP_SSL}, {"cvs", PORT_CVS, PORT_CVS_SSL}, {"svn", PORT_SVN, PORT_SVN_SSL}, + {"ncp", PORT_NCP, PORT_NCP_SSL}, {"smtp-auth", PORT_SMTPAUTH, PORT_SMTPAUTH_SSL}, {"smtp-auth-ntlm", PORT_SMTPAUTH, PORT_SMTPAUTH_SSL}, {"teamspeak", PORT_TEAMSPEAK, PORT_TEAMSPEAK_SSL}, @@ -1004,7 +1024,7 @@ break; #endif case 'g': - fprintf(stderr, "Warning: option -g is deprected, ignored.\n"); + fprintf(stderr, "Warning: option -g is deprecated, ignored.\n"); break; case 'T': hydra_options.max_use = atoi(optarg); @@ -1093,6 +1113,18 @@ #else bail("Compiled without LIBPOSTGRES support, module not available!"); #endif + if (strcmp(hydra_options.service, "firebird") == 0) +#ifdef LIBFIREBIRD + i = 1; +#else + bail("Compiled without LIBFIREBIRD support, module not available!"); +#endif + if (strcmp(hydra_options.service, "ncp") == 0) +#ifdef LIBNCP + i = 1; +#else + bail("Compiled without LIBNCP support, module not available!"); +#endif if (strcmp(hydra_options.service, "pcanywhere") == 0) i = 1; if (strcmp(hydra_options.service, "http-proxy") == 0 || strcmp(hydra_options.service, "http-proxy-ntlm") == 0) diff -Nubr hydra-5.4-src_old/hydra-firebird.c hydra-5.4-src/hydra-firebird.c --- hydra-5.4-src_old/hydra-firebird.c 1970-01-01 01:00:00.000000000 +0100 +++ hydra-5.4-src/hydra-firebird.c 2007-09-04 21:44:52.000000000 +0200 @@ -0,0 +1,160 @@ +/* + * Firebird Support - by David Maciejak @ GMAIL dot com + * + * you need to pass full path to the fdb file as OPT + */ + +#include "hydra-mod.h" + +#ifndef LIBFIREBIRD +void +dummy_firebird() +{ + printf("\n"); +} +#else + +#include +#include + +#define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_2_0\\security2.fdb" + +extern char *HYDRA_EXIT; + +int +start_firebird(int s, unsigned long int ip, int port, unsigned char options, char *miscptr, FILE * fp) +{ + char *empty = ""; + char *login, *pass; + char database[256]; + char connection_string[1024]; + struct in_addr remote_ip; + + isc_db_handle db = NULL; /* database handle */ + ISC_STATUS_ARRAY status; /* status vector */ + + char * dpb = NULL, /* DB parameter buffer */ + *d, *p; + + short dpb_length = 0; + long l,sweep_interval = 16384; + + if(miscptr) + strncpy(database,miscptr,sizeof(database)); + else + strncpy(database,DEFAULT_DB,sizeof(database)); + + remote_ip.s_addr = ip; + + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + dpb = (char *) malloc(7); + p = dpb; + *p++ = '\1'; + *p++ = isc_dpb_sweep_interval; + *p++ = '\4'; + l = isc_vax_integer((char *) &sweep_interval, 4); + d = (char *) &l; + *p++ = *d++; + *p++ = *d++; + *p++ = *d++; + *p = *d; + dpb_length = 7; + + /* Add user and password to dpb */ + isc_expand_dpb(&dpb, (short *) &dpb_length, + isc_dpb_user_name, login, + isc_dpb_password, pass, NULL); + + /* Create connection string */ + snprintf(connection_string, sizeof(connection_string), "%s:%s", inet_ntoa(remote_ip), database); + + if (isc_attach_database(status, 0, connection_string, &db, dpb_length, dpb)) + { + /* for debugging perpose */ + //isc_print_status(status); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + } + else { + isc_detach_database(status, &db); + isc_free(dpb); + hydra_report_found_host(port, ip, "firebird", fp); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } + return 1; +} + +void +service_firebird(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) +{ + int run = 1, next_run, sock = -1; + int myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) + { + + switch (run) + { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) + { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) + { + fprintf(stderr, "Error: Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + next_run = 2; + break; + + case 2: + + /* + * Here we start the password cracking process + */ + + next_run = start_firebird(sock, ip, port, options, miscptr, fp); + break; + case 3: + + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + + default: + + fprintf(stderr, "Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + exit(-1); + } + run = next_run; + } +} + +#endif diff -Nubr hydra-5.4-src_old/hydra-gtk/src/interface.c hydra-5.4-src/hydra-gtk/src/interface.c --- hydra-5.4-src_old/hydra-gtk/src/interface.c 2006-05-05 16:21:27.000000000 +0200 +++ hydra-5.4-src/hydra-gtk/src/interface.c 2007-09-04 21:34:37.000000000 +0200 @@ -222,6 +222,7 @@ cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "cisco"); cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "cisco-enable"); cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "cvs"); + cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "firebird"); cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "ftp"); cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "http-head"); cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "http-get"); @@ -236,6 +237,7 @@ cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "ldap2"); cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "ldap3"); cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "mysql"); + cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "ncp"); cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "nntp"); cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "pcnfs"); cmbProtocol_items = g_list_append (cmbProtocol_items, (gpointer) "pop3"); diff -Nubr hydra-5.4-src_old/hydra-gtk/xhydra.glade hydra-5.4-src/hydra-gtk/xhydra.glade --- hydra-5.4-src_old/hydra-gtk/xhydra.glade 2006-05-05 16:22:07.000000000 +0200 +++ hydra-5.4-src/hydra-gtk/xhydra.glade 2007-09-04 21:34:00.000000000 +0200 @@ -130,6 +130,14 @@ + + True + True + firebird + + + + True True @@ -242,6 +250,14 @@ + + True + True + ncp + + + + True True diff -Nubr hydra-5.4-src_old/hydra.h hydra-5.4-src/hydra.h --- hydra-5.4-src_old/hydra.h 2006-01-20 12:27:43.000000000 +0100 +++ hydra-5.4-src/hydra.h 2007-09-04 21:45:48.000000000 +0200 @@ -34,6 +34,8 @@ #define OPTION_SSL 1 #define PORT_NOPORT -1 +#define PORT_FIREBIRD 3050 +#define PORT_FIREBIRD_SSL 3050 #define PORT_FTP 21 #define PORT_FTP_SSL 990 #define PORT_TELNET 23 @@ -86,6 +88,8 @@ #define PORT_SNMP_SSL 1993 #define PORT_CVS 2401 #define PORT_CVS_SSL 2401 +#define PORT_NCP 524 +#define PORT_NCP_SSL 524 #define PORT_SVN 3690 #define PORT_SVN_SSL 3690 #define PORT_SMTPAUTH 25 diff -Nubr hydra-5.4-src_old/hydra-ncp.c hydra-5.4-src/hydra-ncp.c --- hydra-5.4-src_old/hydra-ncp.c 1970-01-01 01:00:00.000000000 +0100 +++ hydra-5.4-src/hydra-ncp.c 2007-09-04 21:50:18.000000000 +0200 @@ -0,0 +1,202 @@ +/* + * Novell Network Core Protocol Support - by David Maciejak @ GMAIL dot com + * Tested on Netware 6.5 + * + * you need to install libncp and libncp-dev (tested with version 2.2.6-3) + * + * you can passed full context as OPT + * + * example: ./hydra -L login -P passw 172.16.246.129 ncp .O=cx + * + */ + + +#include "hydra-mod.h" + +#ifndef LIBNCP +void +dummy_ncp() +{ + printf("\n"); +} +#else + +#include +#include +#include +#include + +extern char *HYDRA_EXIT; + +typedef struct __NCP_DATA { + struct ncp_conn_spec spec; + struct ncp_conn *conn; + char *context; +} _NCP_DATA; + +//uncomment line below to see more trace stack +//#define NCP_DEBUG + +int start_ncp(int s, unsigned long int ip, int port, unsigned char options, char *miscptr, FILE * fp) +{ + +char* login; +char* pass; +char context[256]; +unsigned int ncp_lib_error_code; +struct sockaddr_in remote_ip; +char *empty = ""; +int object_type = NCP_BINDERY_USER; + +_NCP_DATA* session; + + +memset(&remote_ip, 0, sizeof(remote_ip)); +memcpy(&remote_ip.sin_addr.s_addr, &ip, 4); +remote_ip.sin_family = AF_INET; + +session = malloc(sizeof(_NCP_DATA)); +memset(session, 0, sizeof(_NCP_DATA)); +login=empty; +pass=empty; + + + if (strlen(login = hydra_get_next_login()) == 0) { + login = empty; + } + else { + if (miscptr) { + if (strlen(miscptr)+strlen(login) > sizeof(context)) + { + return 4; + } + memset(context, 0, sizeof(context)); + strncpy(context, login, strlen(login)); + strncpy(context+strlen(login), miscptr, sizeof(miscptr)+1); + login=context; + } + } + + //login and password are case insensitive + //str_upper(login); + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + +ncp_lib_error_code = ncp_find_conn_spec3(inet_ntoa((struct in_addr) remote_ip.sin_addr), login, "", 1, getuid(), 0, &session->spec); +if (ncp_lib_error_code) +{ free(session);return 1;} + +ncp_lib_error_code = NWCCOpenConnByName(NULL, session->spec.server, NWCC_NAME_FORMAT_BIND, NWCC_OPEN_NEW_CONN, NWCC_RESERVED, &session->conn); +if (ncp_lib_error_code) +{ free(session);return 1;} + + memset(session->spec.password, 0, sizeof(session->spec.password)); + memcpy(session->spec.password, pass, strlen(pass)+1); + //str_upper(session->spec.password); + +ncp_lib_error_code = ncp_login_conn(session->conn, session->spec.user, object_type, session->spec.password); + switch (ncp_lib_error_code & 0x0000FFFF) + { + case 0x0000: /* Success */ + #ifdef NCP_DEBUG + printf("Connection success (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code); + #endif + ncp_close(session->conn); + hydra_report_found_host(port, ip, "ncp", fp); //ok + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; //exit + free(session); + return 2; //next + break; + case 0x89DE: /* PASSWORD INVALID */ + case 0x89F0: /* BIND WILDCARD INVALID */ + case 0x89FF: /* NO OBJ OR BAD PASSWORD */ + case 0xFD63: /* FAILED_AUTHENTICATION */ + case 0xFDA7: /* NO_SUCH_ENTRY */ + #ifdef NCP_DEBUG + printf("Incorrect password (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code); + #endif + ncp_close(session->conn); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + { + free(session); + return 2; //next + } + break; + default: + #ifdef NCP_DEBUG + printf("Failed to open connection. Error code: %X\n",ncp_lib_error_code); + #endif + if (session->conn != NULL) ncp_close(session->conn); + break; + } + free(session); + return 1; //reconnect +} + +void +service_ncp(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) +{ + int run = 1, next_run, sock = -1; + int myport = PORT_NCP; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) + { + + switch (run) + { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + if (sock < 0) + { + fprintf(stderr, "Error: Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + next_run = 2; + break; + + case 2: + + /* + * Here we start the password cracking process + */ + + next_run = start_ncp(sock, ip, port, options, miscptr, fp); + break; + case 3: + + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + + case 4: + + fprintf(stderr, "Optional parameter too long!\n"); + hydra_child_exit(0); + exit(-1); + + default: + + fprintf(stderr, "Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + exit(-1); + } + run = next_run; + } +} + +#endif diff -Nubr hydra-5.4-src_old/hydra-sip.c hydra-5.4-src/hydra-sip.c --- hydra-5.4-src_old/hydra-sip.c 2007-03-22 15:04:29.000000000 +0100 +++ hydra-5.4-src/hydra-sip.c 2007-08-23 18:42:21.000000000 +0200 @@ -1,5 +1,13 @@ // simple sip digest auth (md5) module // written by gh0st 2005 +#include "hydra-mod.h" +#ifndef LIBOPENSSL +void +dummy_sip() +{ + printf("\n"); +} +#else #include #include @@ -234,3 +242,5 @@ run = next_run; } } + +#endif diff -Nubr hydra-5.4-src_old/Makefile.am hydra-5.4-src/Makefile.am --- hydra-5.4-src_old/Makefile.am 2006-05-05 16:10:44.000000000 +0200 +++ hydra-5.4-src/Makefile.am 2007-09-04 21:46:39.000000000 +0200 @@ -12,7 +12,7 @@ hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ hydra-mysql.c hydra-http-proxy.c hydra-mssql.c hydra-smbnt.c \ hydra-snmp.c hydra-cvs.c hydra-smtpauth.c hydra-sapr3.c hydra-ssh2.c \ - hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \ + hydra-teamspeak.c hydra-postgres.c hydra-firebird.c hydra-ncp.c hydra-rsh.c hydra-rlogin.c \ hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-vmauthd.c \ hydra-http-proxy-auth-ntlm.c hydra-imap-ntlm.c hydra-pop3-ntlm.c hydra-smtpauth-ntlm.c \ hydra-http-form.c crc32.c d3des.c md4.c ntlm.c hydra-mod.c hydra.c @@ -21,7 +21,7 @@ hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ hydra-mysql.o hydra-http-proxy.o hydra-smbnt.o hydra-mssql.o \ hydra-snmp.o hydra-cvs.o hydra-smtpauth.o hydra-sapr3.o hydra-ssh2.o\ - hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \ + hydra-teamspeak.o hydra-postgres.o hydra-firebird.o hydra-ncp.o hydra-rsh.o hydra-rlogin.o \ hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-vmauthd.o \ hydra-http-proxy-auth-ntlm.o hydra-imap-ntlm.o hydra-pop3-ntlm.o hydra-smtpauth-ntlm.o \ hydra-http-form.o crc32.o d3des.o md4.o hydra-mod.o ntlm.o hydra.o @@ -37,7 +37,7 @@ @echo Now type "make install" hydra: $(OBJ) - $(CC) $(OPTS) $(LIBS) -o $(BIN) $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) || echo -e "\nIF YOU RECEIVED THE ERROR MESSAGE \"cannot find -lpq\" DO THE FOLLOWING:\n make clean; ./configure\n vi Makefile <- and remove the \"-lpq\" and \"-DLIBPOSTGRES\" statements\n make\n" + $(CC) $(OPTS) $(LIBS) -o $(BIN) $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) @echo @echo If men could get pregnant, abortion would be a sacrament @echo diff -Nubr hydra-5.4-src_old/README hydra-5.4-src/README --- hydra-5.4-src_old/README 2006-04-27 17:24:40.000000000 +0200 +++ hydra-5.4-src/README 2007-09-04 21:50:24.000000000 +0200 @@ -19,10 +19,10 @@ either support more than one protocol to attack or support parallized connects. Currently this tool supports: - TELNET, FTP, HTTP-GET, HTTP-HEAD, HTTPS-GET, HTTP-HEAD, HTTP-PROXY, + TELNET, FTP, Firebird, HTTP-GET, HTTP-HEAD, HTTPS-GET, HTTP-HEAD, HTTP-PROXY, HTTP-PROXY-NTLM, HTTP-FORM-GET HTTP-FORM-POST, HTTPS-FORM-GET, HTTPS-FORM-POSTLDAP2, LADP3, SMB, SMBNT, MS-SQL, MYSQL, POSTGRES, - POP3-NTLM, IMAP, IMAP-NTLM, NNTP, PCNFS, ICQ, SAP/R3, Cisco auth, + POP3-NTLM, IMAP, IMAP-NTLM, NCP, NNTP, PCNFS, ICQ, SAP/R3, Cisco auth, Cisco enable, SMTP-AUTH, SMTP-AUTH-NTLM, SSH2, SNMP, CVS, Cisco AAA, REXEC, SOCKS5, VNC, POP3 and VMware-Auth. However the module engine for new services is very easy so it won't take a @@ -91,7 +91,12 @@ telnet specified the string which is displayed after a successful login (case insensitive), use if the default in the telnet module produces too many false positives (OPTIONAL) +ncp full context can be passed for example ".O=cx" +firebird database name to attack (OPTIONAL), default is + C:\Program Files\Firebird\Firebird_2_0\security2.fdb postgres database name to attack (OPTIONAL, default is template1) + to compile this module be sure to have a library named libpq.so + or do a symbolic link to specific lib An example for how to use this with the www module to hand over the web page to authenticate to: