thc-hydra icon indicating copy to clipboard operation
thc-hydra copied to clipboard

Published 20 hours ago verified publisher icon vanhauser-thc

Error in retrying authentication after connection failure

Open leimingyong opened this issue 2 years ago • 4 comments 

If there are abnormal errors such as connection failure in password blasting, for example, when hydra exits with hydra_child_exit(1) and hydra_child_exit(2), it will reconnect and retry the username and password used this time. However, an error occurred in the function hydra_send_next_pair, which caused the username to be updated to the next username, but the password still used this time. 

The reason is that after entering the function hydra_send_next_pair, the “hydra_heads[head_no]->redo” is judged, and “hydra_heads[head_no]->redo” and “snpdone” are reassigned, resulting in the following conditions not being met, the username and password of the group are recognized as complete, and the subsequent username and password acquisition also has an exception, which eventually leads to The username and password that were re-attempted to crack are inconsistent with those in the dictionary, resulting in false positives.

The hydra log is as follows, pay attention to the relevant log of child 7.

11111

The relevant username-password pairs in the dictionary are as follows:
leimingyong:1234
admin:leimingyong
sa:myPassword
Administrator:root@123

1645181198(1)

The logic in the above figure will cause the judgment in the figure below to fail, so that the process enters the complete logic of else.

1645181244(1)

At present, the first judgment logic is blocked, and the username and password guessed are normal. I am not sure whether this method is completely correct.

This issue will cause the correct username-password pair "admin:1234" for the following situations to be reported twice.
 test:1234
 admin:1234

English is not very good, please understand.Thanks!

leimingyong avatar Feb 18 '22 10:02 leimingyong

could you provide a fix? (sending a pull request)

vanhauser-thc avatar Feb 19 '22 08:02 vanhauser-thc

As shown in the figure below, at the beginning of the function hydra_send_next_pair, redo, snp_is_redo and snpdone are not assigned values, and the function logic is normal after shielding.

if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) {

/* leimingyong delete for RE-ATTEMPT retry logic error 2022-02-18
hydra_heads[head_no]->redo = 0;
snp_is_redo = 1;
snpdone = 1;
*/

if (debug)
{
    printf("[DEBUG] hydra_send_next_pair head_no %d, redo %d, curlogin %s, curpass %s\n", 
        head_no, hydra_heads[head_no]->redo, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr);
}

}else

1645406798(1)

leimingyong avatar Feb 21 '22 01:02 leimingyong

I tried to make a fix, can you please retry?

vanhauser-thc avatar Feb 21 '22 13:02 vanhauser-thc

I tried again, but the result is still not good. log as shown below: 1645497802(1)

The relative order in the dictionary is as follows: 1645498011(1)

leimingyong avatar Feb 22 '22 02:02 leimingyong