forked from vanhauser-thc/thc-hydra
-
Notifications
You must be signed in to change notification settings - Fork 0
/
hydra-firebird.c
167 lines (135 loc) · 4.65 KB
/
hydra-firebird.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
/*
Firebird Support - by David Maciejak @ GMAIL dot com
you need to pass full path to the fdb file as argument
default account is SYSDBA/masterkey
on Firebird 2.0, access to the database file directly
is not possible anymore, in verbose mode you will see
the msg: "no permission for direct access to security database"
*/
#include "hydra-mod.h"
#ifndef LIBFIREBIRD
void dummy_firebird() { printf("\n"); }
#else
#include <ibase.h>
#include <stdio.h>
#define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb"
extern hydra_option hydra_options;
extern char *HYDRA_EXIT;
int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *login, *pass;
char database[256];
char connection_string[1024];
isc_db_handle db; /* database handle */
ISC_STATUS_ARRAY status; /* status vector */
char *dpb = NULL; /* DB parameter buffer */
short dpb_length = 0;
if (miscptr)
strncpy(database, miscptr, sizeof(database));
else
strncpy(database, DEFAULT_DB, sizeof(database));
database[sizeof(database) - 1] = 0;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
dpb_length = (short)(1 + strlen(login) + 2 + strlen(pass) + 2);
if ((dpb = (char *)malloc(dpb_length)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n");
return 1;
}
/* Add user and password to dpb */
*dpb = isc_dpb_version1;
dpb_length = 1;
isc_modify_dpb(&dpb, &dpb_length, isc_dpb_user_name, login, strlen(login));
isc_modify_dpb(&dpb, &dpb_length, isc_dpb_password, pass, strlen(pass));
/* Create connection string */
snprintf(connection_string, sizeof(connection_string), "%s:%s", hydra_address2string(ip), database);
if (isc_attach_database(status, 0, connection_string, &db, dpb_length, dpb)) {
/* for debugging perpose */
if (verbose) {
hydra_report(stderr, "[VERBOSE] ");
isc_print_status(status);
}
isc_free(dpb);
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
} else {
isc_detach_database(status, &db);
isc_free(dpb);
hydra_report_found_host(port, ip, "firebird", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 2;
}
return 1;
}
void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
if (quiet != 1)
fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
hydra_child_exit(1);
}
next_run = 2;
break;
case 2:
/*
* Here we start the password cracking process
*/
next_run = start_firebird(sock, ip, port, options, miscptr, fp);
if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
sleep(hydra_options.conwait);
break;
case 3:
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
default:
fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
#endif
int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
return 0;
}
void usage_firebird(const char *service) {
printf("Module firebird is optionally taking the database path to attack,\n"
"default is \"C:\\Program "
"Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n");
}