Re: fix security/hydra ssh

2020-11-13 Thread Sebastian Reitenbach 
Hi,

Am Freitag, November 13, 2020 14:13 CET, schrieb Stuart Henderson 
:

> On 2020/11/13 00:12, Sebastian Reitenbach wrote:
> > Hi,
> >
> > trying Hydra to brute force SSH doesn't seem to work as it should. running 
> > with -v , it can successfully detect password logins work, but later on 
> > fails on each attempt, with 'Library not initialized.' error, so doesn't 
> > find valid credentials.
> >
> > attached patch fixes it for me, however, don't really know why it's needed.
> > had to add ssh_init() before starting each new session.
> > Looking at the docs, I believe it should not be necessary:
> > https://api.libssh.org/stable/group__libssh.html#ga3ebf8d6920e563f3b032e3cd5277598e
> >
> > Also I might remember wrongly, but at some earlier point in time, SSH brute 
> > force did work.
> > Applying same treatment to sshkey brute force, as from the code, seems to 
> > probably have same issue, but not tested.
> >
> > Anyone with a better idea, or OK?
>
> The same change was made to hydra-ssh.c upstream in 2018 ...
>
> https://github.com/vanhauser-thc/thc-hydra/commit/a2de33fd2bcd50fa876dcfd121740074fb1064d0
> https://github.com/vanhauser-thc/thc-hydra/issues/366
> https://github.com/vanhauser-thc/thc-hydra/pull/367
>
> ... so it's probably better to first update the port.
>
> Can you give this a go instead? It updates, modernizes the port a bit,
> adds a couple of other protocols, removes a bogus patch-Makefile and
> sets PATCHORIG to avoid that happening again, and switches the configure
> patch from "disable the protocols we don't want" to "whitelist the
> protocols we do want" which simplifies the patch and makes it less
> likely to conflict with future updates.

Even better, and it fixes ssh bruteforcing for me. Haven't yet tested any
other protocol.

Sebastian
>
> Index: Makefile
> ===
> RCS file: /cvs/ports/security/hydra/Makefile,v
> retrieving revision 1.61
> diff -u -p -r1.61 Makefile
> --- Makefile  12 Jul 2019 20:49:03 -  1.61
> +++ Makefile  13 Nov 2020 13:10:56 -
> @@ -3,69 +3,69 @@
>  COMMENT-main=parallelized network logon cracker
>  COMMENT-gui= GTK frontend for hydra
>
> -VERSION= 8.6
> +VERSION= 9.1
>  PKGNAME-main=hydra-${VERSION}
>  PKGNAME-gui= hydra-gui-${VERSION}
> -REVISION-main=   0
>
>  CATEGORIES=  security
>
>  GH_ACCOUNT = vanhauser-thc
>  GH_PROJECT = thc-hydra
> -GH_TAGNAME = ${VERSION}
> -
> -HOMEPAGE=https://thc.org/thc-hydra/
> +GH_TAGNAME = v${VERSION}
>
>  # AGPLv3 (GNU Affero Public License)
>  PERMIT_PACKAGE=  Yes
>
> -WANTLIB= c z
> +WANTLIB =c z
> +
> +WANTLIB-main =   ${WANTLIB} crypto curses freerdp2 gcrypt idn m mariadb
> +WANTLIB-main +=  memcached pcre pq ssh ssl winpr2
> +
> +WANTLIB-gui =${WANTLIB}
> +WANTLIB-gui +=   X11 Xcomposite Xcursor Xdamage Xext Xfixes Xi Xinerama
> +WANTLIB-gui +=   Xrandr Xrender atk-1.0 cairo fontconfig freetype 
> gdk-x11-2.0
> +WANTLIB-gui +=   gdk_pixbuf-2.0 gio-2.0 glib-2.0 gobject-2.0 gtk-x11-2.0
> +WANTLIB-gui +=   intl pango-1.0 pangocairo-1.0 pangoft2-1.0 harfbuzz
>
> -PSEUDO_FLAVORS=  no_x11
> +PSEUDO_FLAVORS=  no_gui
>  FLAVOR?=
>
> -MULTI_PACKAGES=  -main
> +MULTI_PACKAGES=  -main -gui
>
>  CONFIGURE_STYLE=gnu
>
> -USE_GMAKE=   Yes
> +USE_GMAKE=   Yes
>  NO_TEST= Yes
> -MAKE_FLAGS=  CC=${CC}
> +MAKE_FLAGS=  CC="${CC}"
> +PATCHORIG=   .orig.port
>
> -CONFIGURE_ARGS = --with-ssl=prefix="/usr/include" \
> - --with-ssl-lib=prefix="/usr/lib" \
> - --prefix=${LOCALBASE}
> -
> -.if ${FLAVOR:Mno_x11}
> -ALL_TARGET=  hydra pw-inspector
> -.else
> -MULTI_PACKAGES+=-gui
> -ALL_TARGET=  all
> -.endif
> +CONFIGURE_ARGS=  --nostrip \
> + --with-ssl=prefix="/usr/include" \
> + --with-ssl-lib=prefix="/usr/lib" \
> + --prefix=${LOCALBASE}
>
>  LIB_DEPENDS-main=databases/mariadb,-main \
>   databases/postgresql,-main \
>   devel/libidn \
> + devel/libmemcached \
>   devel/pcre \
>   security/libgcrypt \
> - security/libssh
> -RUN_DEPENDS-main=
> -
> -WANTLIB-main=${WANTLIB} m crypto curses gcrypt idn mysqlclient pcre 
> pq ssh ssl
> + security/libssh \
> + x11/freerdp
>
>  LIB_DEPENDS-gui=x11/gtk+2
> -
>  RUN_DEPENDS-gui=${BASE_PKGPATH},-main
> +DEBUG_PACKAGES=  ${BUILD_PACKAGES}
> +
> +.include 
>
> -WANTLIB-gui += X11 Xcomposite Xcursor Xdamage Xext Xfixes Xi Xinerama
> -WANTLIB-gui += Xrandr Xrender atk-1.0 cairo fontconfig freetype gdk-x11-2.0
> -WANTLIB-gui += gdk_pixbuf-2.0 gio-2.0 glib-2.0 gobject-2.0 gtk-x11-2.0
> -WANTLIB-gui += intl pango-1.0 pangocairo-1.0 pangoft2-1.0 ${WANTLIB}
> +.if !${BUILD_PACKAGES:M-gui}
> +ALL_TARGET=  hydra pw-inspector
> +.endif
>
>  post-install:
>   ${INSTALL_DATA_DIR}

Re: fix security/hydra ssh

2020-11-13 Thread Stuart Henderson 
On 2020/11/13 00:12, Sebastian Reitenbach wrote:
> Hi,
> 
> trying Hydra to brute force SSH doesn't seem to work as it should. running 
> with -v , it can successfully detect password logins work, but later on fails 
> on each attempt, with 'Library not initialized.' error, so doesn't find valid 
> credentials.
> 
> attached patch fixes it for me, however, don't really know why it's needed.
> had to add ssh_init() before starting each new session.
> Looking at the docs, I believe it should not be necessary:
> https://api.libssh.org/stable/group__libssh.html#ga3ebf8d6920e563f3b032e3cd5277598e
> 
> Also I might remember wrongly, but at some earlier point in time, SSH brute 
> force did work.
> Applying same treatment to sshkey brute force, as from the code, seems to 
> probably have same issue, but not tested.
> 
> Anyone with a better idea, or OK?

The same change was made to hydra-ssh.c upstream in 2018 ...

https://github.com/vanhauser-thc/thc-hydra/commit/a2de33fd2bcd50fa876dcfd121740074fb1064d0
https://github.com/vanhauser-thc/thc-hydra/issues/366
https://github.com/vanhauser-thc/thc-hydra/pull/367

... so it's probably better to first update the port.

Can you give this a go instead? It updates, modernizes the port a bit,
adds a couple of other protocols, removes a bogus patch-Makefile and
sets PATCHORIG to avoid that happening again, and switches the configure
patch from "disable the protocols we don't want" to "whitelist the
protocols we do want" which simplifies the patch and makes it less
likely to conflict with future updates.

Index: Makefile
===
RCS file: /cvs/ports/security/hydra/Makefile,v
retrieving revision 1.61
diff -u -p -r1.61 Makefile
--- Makefile12 Jul 2019 20:49:03 -  1.61
+++ Makefile13 Nov 2020 13:10:56 -
@@ -3,69 +3,69 @@
 COMMENT-main=  parallelized network logon cracker
 COMMENT-gui=   GTK frontend for hydra
 
-VERSION=   8.6
+VERSION=   9.1
 PKGNAME-main=  hydra-${VERSION}
 PKGNAME-gui=   hydra-gui-${VERSION}
-REVISION-main= 0
 
 CATEGORIES=security
 
 GH_ACCOUNT =   vanhauser-thc
 GH_PROJECT =   thc-hydra
-GH_TAGNAME =   ${VERSION}
-
-HOMEPAGE=  https://thc.org/thc-hydra/
+GH_TAGNAME =   v${VERSION}
 
 # AGPLv3 (GNU Affero Public License)
 PERMIT_PACKAGE=Yes
 
-WANTLIB=   c z
+WANTLIB =  c z
+
+WANTLIB-main = ${WANTLIB} crypto curses freerdp2 gcrypt idn m mariadb
+WANTLIB-main +=memcached pcre pq ssh ssl winpr2
+
+WANTLIB-gui =  ${WANTLIB}
+WANTLIB-gui += X11 Xcomposite Xcursor Xdamage Xext Xfixes Xi Xinerama
+WANTLIB-gui += Xrandr Xrender atk-1.0 cairo fontconfig freetype gdk-x11-2.0
+WANTLIB-gui += gdk_pixbuf-2.0 gio-2.0 glib-2.0 gobject-2.0 gtk-x11-2.0
+WANTLIB-gui += intl pango-1.0 pangocairo-1.0 pangoft2-1.0 harfbuzz
 
-PSEUDO_FLAVORS=no_x11
+PSEUDO_FLAVORS=no_gui
 FLAVOR?=
 
-MULTI_PACKAGES=-main
+MULTI_PACKAGES=-main -gui
 
 CONFIGURE_STYLE=gnu
 
-USE_GMAKE= Yes
+USE_GMAKE= Yes
 NO_TEST=   Yes
-MAKE_FLAGS=CC=${CC}
+MAKE_FLAGS=CC="${CC}"
+PATCHORIG= .orig.port
 
-CONFIGURE_ARGS =   --with-ssl=prefix="/usr/include" \
-   --with-ssl-lib=prefix="/usr/lib" \
-   --prefix=${LOCALBASE}
-
-.if ${FLAVOR:Mno_x11}
-ALL_TARGET=hydra pw-inspector
-.else
-MULTI_PACKAGES+=-gui
-ALL_TARGET=all
-.endif
+CONFIGURE_ARGS=--nostrip \
+   --with-ssl=prefix="/usr/include" \
+   --with-ssl-lib=prefix="/usr/lib" \
+   --prefix=${LOCALBASE}
 
 LIB_DEPENDS-main=  databases/mariadb,-main \
databases/postgresql,-main \
devel/libidn \
+   devel/libmemcached \
devel/pcre \
security/libgcrypt \
-   security/libssh
-RUN_DEPENDS-main=
-
-WANTLIB-main=  ${WANTLIB} m crypto curses gcrypt idn mysqlclient pcre pq ssh 
ssl
+   security/libssh \
+   x11/freerdp
 
 LIB_DEPENDS-gui=x11/gtk+2
-
 RUN_DEPENDS-gui=${BASE_PKGPATH},-main
+DEBUG_PACKAGES=${BUILD_PACKAGES}
+
+.include 
 
-WANTLIB-gui += X11 Xcomposite Xcursor Xdamage Xext Xfixes Xi Xinerama
-WANTLIB-gui += Xrandr Xrender atk-1.0 cairo fontconfig freetype gdk-x11-2.0
-WANTLIB-gui += gdk_pixbuf-2.0 gio-2.0 glib-2.0 gobject-2.0 gtk-x11-2.0
-WANTLIB-gui += intl pango-1.0 pangocairo-1.0 pangoft2-1.0 ${WANTLIB}
+.if !${BUILD_PACKAGES:M-gui}
+ALL_TARGET=hydra pw-inspector
+.endif
 
 post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/hydra
-   ${INSTALL_DATA} ${WRKSRC}/{README,LICENSE} ${PREFIX}/share/doc/hydra
-   ${INSTALL_DATA} ${WRKSRC}/{README,LICENSE} ${PREFIX}/share/doc/hydra
+   ${INSTALL_DATA} ${WRKSRC}/{README.md,LICENSE} ${PREFIX}/share/doc/hydra
mv ${PREFIX}/etc/* ${PREFIX}/share/doc/hydra/ && rm -r ${PREFIX}/etc
 
 .include 
Index: distinfo

fix security/hydra ssh

2020-11-12 Thread Sebastian Reitenbach 
Hi,

trying Hydra to brute force SSH doesn't seem to work as it should. running with 
-v , it can successfully detect password logins work, but later on fails on 
each attempt, with 'Library not initialized.' error, so doesn't find valid 
credentials.

attached patch fixes it for me, however, don't really know why it's needed.
had to add ssh_init() before starting each new session.
Looking at the docs, I believe it should not be necessary:
https://api.libssh.org/stable/group__libssh.html#ga3ebf8d6920e563f3b032e3cd5277598e

Also I might remember wrongly, but at some earlier point in time, SSH brute 
force did work.
Applying same treatment to sshkey brute force, as from the code, seems to 
probably have same issue, but not tested.

Anyone with a better idea, or OK?

cheers,
Sebastian

? hydra-fix-ssh
Index: Makefile
===
RCS file: /cvs/ports/security/hydra/Makefile,v
retrieving revision 1.61
diff -u -r1.61 Makefile
--- Makefile12 Jul 2019 20:49:03 -  1.61
+++ Makefile12 Nov 2020 23:03:14 -
@@ -6,7 +6,7 @@
 VERSION=   8.6
 PKGNAME-main=  hydra-${VERSION}
 PKGNAME-gui=   hydra-gui-${VERSION}
-REVISION-main= 0
+REVISION-main= 1

 CATEGORIES=security

Index: patches/patch-hydra-ssh_c
===
RCS file: patches/patch-hydra-ssh_c
diff -N patches/patch-hydra-ssh_c
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-hydra-ssh_c   12 Nov 2020 23:03:14 -
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+For some reason, this needs to be called to
+Initialize global cryptographic data structures
+
+Index: hydra-ssh.c
+--- hydra-ssh.c.orig
 hydra-ssh.c
+@@ -39,6 +39,7 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, u
+   ssh_free(session);
+ }
+
++ssh_init();
+ session = ssh_new();
+ ssh_options_set(session, SSH_OPTIONS_PORT, );
+ ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip));
Index: patches/patch-hydra-sshkey_c
===
RCS file: patches/patch-hydra-sshkey_c
diff -N patches/patch-hydra-sshkey_c
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-hydra-sshkey_c12 Nov 2020 23:03:14 -
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+For some reason, this needs to be called to
+Initialize global cryptographic data structures
+
+Index: hydra-sshkey.c
+--- hydra-sshkey.c.orig
 hydra-sshkey.c
+@@ -39,6 +39,7 @@ int32_t start_sshkey(int32_t s, char *ip, int32_t port
+   ssh_free(session);
+ }
+
++ssh_init();
+ session = ssh_new();
+ ssh_options_set(session, SSH_OPTIONS_PORT, );
+ ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip));