diff options
-rw-r--r-- | network/hydra/README | 14 | ||||
-rw-r--r-- | network/hydra/configure.patch | 61 | ||||
-rw-r--r-- | network/hydra/doinst.sh | 3 | ||||
-rw-r--r-- | network/hydra/hydra-http-form.patch | 18 | ||||
-rw-r--r-- | network/hydra/hydra-libssh-0.2.patch | 213 | ||||
-rw-r--r-- | network/hydra/hydra.SlackBuild | 84 | ||||
-rw-r--r-- | network/hydra/hydra.desktop | 15 | ||||
-rw-r--r-- | network/hydra/hydra.info | 8 | ||||
-rw-r--r-- | network/hydra/hydra.png | bin | 0 -> 3011 bytes | |||
-rw-r--r-- | network/hydra/slack-desc | 19 |
10 files changed, 435 insertions, 0 deletions
diff --git a/network/hydra/README b/network/hydra/README new file mode 100644 index 0000000000000..baecf37d4c481 --- /dev/null +++ b/network/hydra/README @@ -0,0 +1,14 @@ +One of the biggest security holes are user passwords, as every +password security study shows. This tool is a proof of concept, +to give researchers and security consultants a way to demonstrate +how easy it would be to gain unauthorized access to a remote system. + THIS TOOL IS FOR LEGAL PURPOSES ONLY! + +Requires: + subversion (available in Slackware) + apr & apr-util (available in Slackware) + libssh (not libssh2, available at Slackbuilds.org) + +Optional: + postgresql (available at Slackbuilds.org) + sap (available at http://www.sap.com/solutions/netweaver/linux/eval/index.asp) diff --git a/network/hydra/configure.patch b/network/hydra/configure.patch new file mode 100644 index 0000000000000..c1cfadfe93ec4 --- /dev/null +++ b/network/hydra/configure.patch @@ -0,0 +1,61 @@ +--- configure.old 2007-04-08 23:15:36.000000000 +0200 ++++ configure 2007-04-08 23:16:55.000000000 +0200 +@@ -118,11 +118,11 @@ + echo " ... NOT found, module postgres disabled" + fi + +-echo "Checking for SVN (ibsvn_client-1 libapr-0.so libaprutil-0.so) ..." ++echo "Checking for SVN (ibsvn_client-1 libapr-1.so libaprutil-1.so) ..." + for i in $LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib . + do + if [ "X" = "X$SVN_PATH" ]; then +- if [ -f "$i/libsvn_client-1.so" ]&&[ -f "$i/libapr-0.so" ]&&[ -f "$i/libaprutil-0.so" ]; then ++ if [ -f "$i/libsvn_client-1.so" ]&&[ -f "$i/libapr-1.so" ]&&[ -f "$i/libaprutil-1.so" ]; then + SVN_PATH="$i" + fi + fi +@@ -202,8 +202,8 @@ + fi + fi + if [ "X" = "X$APR_IPATH" ]; then +- if [ -d "$i/apr-0" ]; then +- APR_IPATH="$i/apr-0" ++ if [ -d "$i/apr-1" ]; then ++ APR_IPATH="$i/apr-1" + fi + fi + done +@@ -220,8 +220,8 @@ + fi + fi + if [ "X" = "X$APR_IPATH" ]; then +- if [ -d "$i/apr-0" ]; then +- APR_IPATH="$i/apr-0" ++ if [ -d "$i/apr-1" ]; then ++ APR_IPATH="$i/apr-1" + fi + fi + done +@@ -334,6 +334,9 @@ + if [ -n "$SSH_PATH" ]; then + XDEFINES="$XDEFINES -DLIBSSH" + fi ++ ++XDEFINES="$XDEFINES -D_GNU_SOURCE" ++ + OLDPATH="" + for i in $SSL_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH; do + if [ "$OLDPATH" = "$i" ]; then +@@ -379,10 +382,10 @@ + XLIBS="$XLIBS -lpq" + fi + if [ -n "$SVN_PATH" ]; then +- XLIBS="$XLIBS -lsvn_client-1 -lapr-0 -laprutil-0" ++ XLIBS="$XLIBS -lsvn_client-1 -lapr-1 -laprutil-1" + fi + if [ -n "$SVN_PATH" ]; then +- XLIBS="$XLIBS -lsvn_client-1 -lapr-0 -laprutil-0" ++ XLIBS="$XLIBS -lsvn_client-1 -lapr-1 -laprutil-1" + fi + if [ -n "$SSH_PATH" ]; then + XLIBS="$XLIBS -lssh" diff --git a/network/hydra/doinst.sh b/network/hydra/doinst.sh new file mode 100644 index 0000000000000..852990f3c979d --- /dev/null +++ b/network/hydra/doinst.sh @@ -0,0 +1,3 @@ +if [ -x /usr/bin/update-desktop-database ]; then + /usr/bin/update-desktop-database usr/share/applications > /dev/null 2>&1 +fi diff --git a/network/hydra/hydra-http-form.patch b/network/hydra/hydra-http-form.patch new file mode 100644 index 0000000000000..6dde09cdf1ed1 --- /dev/null +++ b/network/hydra/hydra-http-form.patch @@ -0,0 +1,18 @@ +--- hydra-http-form.old 2008-02-06 09:42:49.000000000 +0000 ++++ hydra-http-form.c 2008-02-06 09:43:45.000000000 +0000 +@@ -149,7 +149,6 @@ + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { +- free(updvariables); + free(upd2variables); + return 1; + } +@@ -183,7 +182,6 @@ + */ + + free(buf); +- free(updvariables); + free(upd2variables); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) diff --git a/network/hydra/hydra-libssh-0.2.patch b/network/hydra/hydra-libssh-0.2.patch new file mode 100644 index 0000000000000..b15f6ec1354c2 --- /dev/null +++ b/network/hydra/hydra-libssh-0.2.patch @@ -0,0 +1,213 @@ +Les sous-répertoires hydra-5.4-src/arm et hydra-5.4-src-libssh0.2/arm sont identiques. +diff -u hydra-5.4-src/configure hydra-5.4-src-libssh0.2/configure +--- hydra-5.4-src/configure 2006-01-20 14:44:15.000000000 +0100 ++++ hydra-5.4-src-libssh0.2/configure 2008-10-31 22:32:47.000000000 +0100 +@@ -243,11 +243,11 @@ + + if [ -n "$SSH_PATH" ]; then + echo " ... found" +- echo 'NOTE: ensure that you have libssh v0.11 installed!! Get it from http://0xbadc0de.be !' ++ echo 'NOTE: ensure that you have libssh v0.2 or later installed!! Get it from http://0xbadc0de.be !' + fi + if [ "X" = "X$SSH_PATH" ]; then + echo " ... NOT found, module ssh2 disabled" +- echo 'Get it from http://0xbadc0de.be/ - use v0.11!' ++ echo 'Get it from http://0xbadc0de.be/ - use v0.2 or later' + fi + if [ "$SSH_IPATH" = "/usr/include" ]; then + SSH_IPATH="" +Seulement dans hydra-5.4-src-libssh0.2/: .hydra-ftp.c.swp +Les sous-répertoires hydra-5.4-src/hydra-gtk et hydra-5.4-src-libssh0.2/hydra-gtk sont identiques. +Seulement dans hydra-5.4-src-libssh0.2/: .hydra-mod.c.swp +diff -u hydra-5.4-src/hydra-ssh2.c hydra-5.4-src-libssh0.2/hydra-ssh2.c +--- hydra-5.4-src/hydra-ssh2.c 2007-03-22 15:04:29.000000000 +0100 ++++ hydra-5.4-src-libssh0.2/hydra-ssh2.c 2008-11-01 21:21:08.000000000 +0100 +@@ -7,12 +7,51 @@ + } + #else + +-#warning "If compilation of hydra-ssh2 fails, you are not using v0.11. Download from http://www.0xbadc0de.be/" ++#warning "If compilation of hydra-ssh2 fails, you are not using v0.2 or 0.2.1. Download from http://www.0xbadc0de.be/" + + #include <libssh/libssh.h> + + extern char *HYDRA_EXIT; + ++/* try to authenticate with one password */ ++static int ++try_password(SSH_SESSION *ssh_session, char *password){ ++ int auth_state; ++ int i; ++ /* printf("ssh-trying pass \"%s\"\n",password); */ ++ /* We try keyboard-interactive when it's supported. kbdint is ++ * what openssh tries first when logging somewhere. ++ */ ++ auth_state = ssh_userauth_kbdint(ssh_session, NULL, NULL); ++ if(auth_state == SSH_AUTH_INFO){ ++ i=0; ++ /* we feed 10 password responses at max. Keybint is challenge-response ++ * based so the server could ask unrelated questions ++ */ ++ while(auth_state == SSH_AUTH_INFO && i<10){ ++ ssh_userauth_kbdint_setanswer(ssh_session, i, password); ++ auth_state = ssh_userauth_kbdint(ssh_session, NULL, NULL); ++ i++; ++ } ++ /* Partial authentication is specific to SSH : the password is valid but ++ * an other authentication token is needed (generaly private key) ++ */ ++ if(auth_state == SSH_AUTH_PARTIAL) ++ auth_state = SSH_AUTH_SUCCESS; ++ if(auth_state == SSH_AUTH_INFO) ++ auth_state = SSH_AUTH_ERROR; ++ return auth_state; ++ } ++ if(auth_state == SSH_AUTH_ERROR) ++ return auth_state; ++ /* Keyboard-interactive is not supported so we run through the password ++ * method */ ++ auth_state = ssh_userauth_password(ssh_session, NULL, password); ++ if(auth_state == SSH_AUTH_PARTIAL) ++ auth_state = SSH_AUTH_SUCCESS; ++ return auth_state; ++} ++ + int + start_ssh2(int s, unsigned long int ip, int port, unsigned char options, char *miscptr, FILE * fp) + { +@@ -20,18 +59,19 @@ + char *login, *pass; + char *buf; + char *rc; ++ char buffer[64]; + struct sockaddr_in targetip; + SSH_SESSION *ssh_session; + SSH_OPTIONS *ssh_opt; + int auth_state; +- int i = 0; ++ char firstlogin[128]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; +- +- ssh_opt=options_new(); ++ snprintf(firstlogin,sizeof(firstlogin),"%s",login); ++ ssh_opt=ssh_options_new(); + memset(&targetip, 0, sizeof(targetip)); + memcpy(&targetip.sin_addr.s_addr, &ip, 4); + targetip.sin_family = AF_INET; +@@ -41,16 +81,21 @@ + buf = malloc(20); + inet_ntop(AF_INET, &targetip.sin_addr, buf, 20); + #endif +- options_set_wanted_method(ssh_opt,KEX_COMP_C_S,"none"); +- options_set_wanted_method(ssh_opt,KEX_COMP_S_C,"none"); +- options_set_port(ssh_opt, port); +- options_set_host(ssh_opt, buf); +- options_set_username(ssh_opt, login); +- +- if ((ssh_session = ssh_connect(ssh_opt)) == NULL) { ++ ssh_options_allow_ssh1(ssh_opt,1); ++// ssh_options_set_wanted_algos (ssh_opt,KEX_COMP_C_S,"none"); ++// ssh_options_set_wanted_algos (ssh_opt,KEX_COMP_S_C,"none"); ++ ssh_options_set_port(ssh_opt, port); ++ ssh_options_set_host(ssh_opt, buf); ++ ssh_options_set_username(ssh_opt, login); ++ ssh_session=ssh_new(); ++ ssh_set_options(ssh_session,ssh_opt); ++ /* printf("ssh-connecting with login \"%s\"\n",login); */ ++ if (ssh_connect(ssh_session) == SSH_ERROR) { + rc = ssh_get_error(ssh_session); + if ((rc != NULL) && (rc[0] != '\0')) { +- if (strncmp("connect:", ssh_get_error(ssh_session), strlen("connect:")) == 0) ++ snprintf(buffer,sizeof(buffer),"%s",rc); ++ ssh_disconnect(ssh_session); ++ if (strncmp("connect:", buffer, strlen("connect:")) == 0) + return 3; + else + return 4; +@@ -60,43 +105,54 @@ + free(buf); + buf = NULL; + #endif +- +- do { +- /* why this crap? */ +- auth_state = ssh_userauth_kbdint(ssh_session, login, NULL); +- while (i < 10 && auth_state == SSH_AUTH_INFO) { +- ssh_userauth_kbdint_setanswer(ssh_session, i, pass); +- auth_state = ssh_userauth_kbdint(ssh_session, login, NULL); +- i++; +- } +- +- if (auth_state == SSH_AUTH_SUCCESS || ssh_userauth_password(ssh_session, login, pass) == SSH_AUTH_SUCCESS) { +- ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ +- hydra_report_found_host(port, ip, "ssh2", fp); +- hydra_completed_pair_found(); +- if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) +- return 2; +- /* free(ssh_opt); */ /* DOUBLE FREE ! */ ++ /* None method is important since it can flag passwordless servers */ ++ auth_state=ssh_userauth_none(ssh_session, login); ++ if(auth_state == SSH_AUTH_SUCCESS){ ++ /* passwordless server */ ++ hydra_report_found_host(port, ip, "ssh2", fp); ++ hydra_completed_pair_found(); ++ ssh_disconnect(ssh_session); ++ if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) ++ return 2; ++ else + return 1; +- } else { +- if (ssh_error_code(ssh_session) == 1) { +- hydra_completed_pair(); ++ } ++ ++ do { ++ auth_state=try_password(ssh_session, pass); ++ if (auth_state == SSH_AUTH_SUCCESS) { ++ ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ ++ hydra_report_found_host(port, ip, "ssh2", fp); ++ hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; ++ return 1; + } else { +- ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ +- hydra_completed_pair(); /* really? */ +- if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) ++ if (auth_state == SSH_AUTH_DENIED) { ++ hydra_completed_pair(); ++ if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0){ ++ ssh_disconnect(ssh_session); + return 2; +- /* free(ssh_opt); */ /* DOUBLE FREE ! */ ++ } ++ /* set a new password to try */ ++ login=hydra_get_next_login(); ++ if(strcmp(login,firstlogin) != 0){ ++ /* we can't try a new login without a new session. */ ++ ssh_disconnect(ssh_session); ++ //hydra_completed_pair_skip(); ++ return 1; ++ } ++ pass=hydra_get_next_password(); ++ /* try again using same session */ ++ } else { ++ ssh_disconnect(ssh_session); /* this automagically frees the ssh_opt buffer */ ++ /* there was an error. The password was not really tried.*/ ++ //hydra_completed_pair_skip(); + return 1; + } + } + } while(1); + +- /* not reached */ +- +- /* free(ssh_opt); */ /* risk of double free */ + return 1; + } + +Les sous-répertoires hydra-5.4-src/palm et hydra-5.4-src-libssh0.2/palm sont identiques. diff --git a/network/hydra/hydra.SlackBuild b/network/hydra/hydra.SlackBuild new file mode 100644 index 0000000000000..e6dbd6bb87b9c --- /dev/null +++ b/network/hydra/hydra.SlackBuild @@ -0,0 +1,84 @@ +#!/bin/sh +# Slackware build script for Hydra +# Written by Larry Hajali <larryhaja[at]gmail[dot]com> + +PRGNAM=hydra +VERSION=${VERSION:-5.4} +ARCH=${ARCH:-i486} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +DOCS="CHANGES LICENSE* README TODO hydra-gtk/COPYING hydra-gtk/INSTALL" + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION-src +tar xvf $CWD/$PRGNAM-$VERSION-src.tar.gz +cd $PRGNAM-$VERSION-src +mkdir -p $PKG/usr/bin +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +# Removes a glibc error when http-form option is used +# Patch from gentoo: http://bugs.gentoo.org/show_bug.cgi?id=209116 +patch -p0 < $CWD/hydra-http-form.patch + +# Patches needed to compile against new versions of +# apr, apr-util, and libssh +patch -p0 < $CWD/configure.patch +patch -p1 < $CWD/hydra-libssh-0.2.patch + +# sed statements cleans up some code for the gui +sed -i "s:\/foo\/bar\/protected.html:\/:" hydra-gtk/xhydra.glade +sed -i "s:\/foo\/bar\/protected.html:\/:" hydra-gtk/src/interface.c + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --enable-pw-inspector=yes \ + --enable-static=no \ + --build=$ARCH-slackware-linux + +make +make install PREFIX=$PKG DIR=/usr/bin + +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null +) + +# Add a desktop menu item +mkdir -p $PKG/usr/share/{applications,pixmaps} +install -m 0644 $CWD/$PRGNAM.desktop $PKG/usr/share/applications/ +cat $CWD/$PRGNAM.png > $PKG/usr/share/pixmaps/$PRGNAM.png + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a $DOCS $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz diff --git a/network/hydra/hydra.desktop b/network/hydra/hydra.desktop new file mode 100644 index 0000000000000..8b6d5143da64e --- /dev/null +++ b/network/hydra/hydra.desktop @@ -0,0 +1,15 @@ +[Desktop Entry] +Version=5.4 +Encoding=UTF-8 +GenericName= +SwallowExec= +Name=Hydra +MimeType= +Exec=xhydra +Icon=/usr/share/pixmaps/hydra.png +TerminalOptions= +Path= +Type=Application +Terminal=0 +Comment=Network login cracker +Categories=Application;Utility;
\ No newline at end of file diff --git a/network/hydra/hydra.info b/network/hydra/hydra.info new file mode 100644 index 0000000000000..027b1ad2c46b8 --- /dev/null +++ b/network/hydra/hydra.info @@ -0,0 +1,8 @@ +PRGNAM="hydra" +VERSION="5.4" +HOMEPAGE="http://freeworld.thc.org/thc-hydra/" +DOWNLOAD="http://freeworld.thc.org/releases/hydra-5.4-src.tar.gz" +MD5SUM="fa08b465d19321e77b1a0ef912eeecc1" +MAINTAINER="Larry Hajali" +EMAIL="larryhaja[at]gmail[dot]com" +APPROVED="dsomero" diff --git a/network/hydra/hydra.png b/network/hydra/hydra.png Binary files differnew file mode 100644 index 0000000000000..11ca62480c3f2 --- /dev/null +++ b/network/hydra/hydra.png diff --git a/network/hydra/slack-desc b/network/hydra/slack-desc new file mode 100644 index 0000000000000..7e82699f70d05 --- /dev/null +++ b/network/hydra/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +hydra: Hydra (A very fast network login cracker) +hydra: +hydra: One of the biggest security holes are user passwords, as every +hydra: password security study shows. This tool is a proof of concept, +hydra: to give researchers and security consultants a way to demonstrate +hydra: how easy it would be to gain unauthorized access to a remote system. +hydra: THIS TOOL IS FOR LEGAL PURPOSES ONLY! +hydra: +hydra: Homepage: http://freeworld.thc.org/thc-hydra/ +hydra: +hydra: |