network/hydra: Updated for version 7.1 (+new maintainer)

Signed-off-by: Niels Horn <niels.horn@slackbuilds.org>

network/hydra/README

@@ -1,3 +1,5 @@
+Hydra (A very fast network login cracker)
+
 One of the biggest security holes are user passwords, as every
 password security study shows. This tool is a proof of concept,
 to give researchers and security consultants a way to demonstrate
@@ -6,3 +8,16 @@ how easy it would be to gain unauthorized access to a remote system.
 
 This requires libssh (not libssh2).  postgresql is optional, as is
 sap, but sap is not available at SlackBuilds.org.
+
+This SlackBuild includes an option to omit the GTK-based frontend xhydra.
+To omit xhydra, just pass XHYDRA=0 to the script:
+    XHYDRA=0 sh hydra.SlackBuild
+
+See the README installed in /usr/doc/hydra-7.1 for more info, or visit the
+website:
+    http://freeworld.thc.org/thc-hydra
+
+NOTE:
+There is a utility, dpl4hydra.sh, that is installed in the documentation
+directory in this SlackBuild due to it being somewhat broken.
+

network/hydra/hydra.SlackBuild

@@ -1,18 +1,18 @@
 #!/bin/sh
 # Slackware build script for Hydra
 # Written by Larry Hajali <larryhaja[at]gmail[dot]com>
+# Updated by Kent Fritz <fritz.kent@gmail.com>
 
 PRGNAM=hydra
-VERSION=${VERSION:-5.4}
-BUILD=${BUILD:-2}
+VERSION=${VERSION:-7.1}
+BUILD=${BUILD:-1}
 TAG=${TAG:-_SBo}
+XHYDRA=${XHYDRA:-1}
 
-# Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
   case "$( uname -m )" in
     i?86) ARCH=i486 ;;
     arm*) ARCH=arm ;;
-    # Unless $ARCH is already set, use uname -m for all other archs:
        *) ARCH=$( uname -m ) ;;
   esac
 fi
@@ -36,6 +36,14 @@ else
   LIBDIRSUFFIX=""
 fi
 
+if [ "$XHYDRA" = "1" ]; then
+    CONFIG_OPTS=""
+    MAKE_OPTS=""
+else 
+    CONFIG_OPTS="--disable-xhydra"
+    MAKE_OPTS="XHYDRA_SUPPORT="
+fi
+
 set -e
 
 rm -rf $PKG
@@ -52,49 +60,43 @@ find . \
  \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
  -exec chmod 644 {} \;
 
-# Removes a glibc error when http-form option is used
-# Patch from gentoo: http://bugs.gentoo.org/show_bug.cgi?id=209116
-patch -p0 < $CWD/patches/hydra-http-form.patch
 
-# Add ability to specify additional libdir locations to search, and also
-# merge in some precursors for the next patch
-patch -p1 < $CWD/patches/hydra-5.4-configure_fixups.patch
+echo CONFIG_OPTS is $CONFIG_OPTS
+./configure $CONFIG_OPTS
+make OPTS="-I. $SLKCFLAGS" $MAKE_OPTS
+make install PREFIX=$PKG/usr DIR=/bin
 
-# Patch needed to compile against new versions of libssh.
-patch -p1 < $CWD/patches/hydra-5.4-libssh-0.4.patch
-
-# Fixup Makefile.am before configuring
-patch -p1 < $CWD/patches/hydra-5.4-Makefile_am.patch
-
-# sed statements cleans up some code for the gui
-sed -i 's|/foo/bar/protected.html|/|' hydra-gtk/xhydra.glade
-sed -i 's|/foo/bar/protected.html|/|' hydra-gtk/src/interface.c
-
-EXTRA_LIBDIRS="/lib64 /usr/lib64" \
-./configure \
-  --enable-pw-inspector=yes \
-  --enable-static=no
-
-make EXTRA_CFLAGS="$SLKCFLAGS"
-make install PREFIX=$PKG DIR=/usr/bin
-
-find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
-  | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+# remove dpl4hydra stuff as it is somewhat broken
+rm $PKG/usr/bin/dpl4hydra*
 
 # Add a desktop menu item
-mkdir -p $PKG/usr/share/{applications,pixmaps}
-install -m 0644 $CWD/$PRGNAM.desktop $PKG/usr/share/applications/
-cat $CWD/$PRGNAM.png > $PKG/usr/share/pixmaps/$PRGNAM.png
+if [ "$XHYDRA" = "1" ]; then
+  mkdir -p $PKG/usr/share/{applications,pixmaps}
+  install -m 0644 $CWD/$PRGNAM.desktop $PKG/usr/share/applications/
+  convert hydra-logo.ico $PKG/usr/share/pixmaps/$PRGNAM.png
+fi
+
+if [ "$XHYDRA" = "0" ]; then
+  rm $PKG/usr/man/man1/xhydra.1
+fi
+find $PKG/usr/man -type f -exec gzip -9 {} \;
 
 mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
 cp -a \
-  CHANGES LICENSE* README TODO hydra-gtk/COPYING hydra-gtk/INSTALL \
+  CHANGES LICENSE* README dpl4hydra* \
   $PKG/usr/doc/$PRGNAM-$VERSION
+if [ "$XHYDRA" = "1" ]; then
+  mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION/hydra-gtk
+  cp -a hydra-gtk/COPYING hydra-gtk/INSTALL hydra-gtk/README \
+    $PKG/usr/doc/$PRGNAM-$VERSION/hydra-gtk
+fi
 cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
 
 mkdir -p $PKG/install
 cat $CWD/slack-desc > $PKG/install/slack-desc
-cat $CWD/doinst.sh > $PKG/install/doinst.sh
+if [ "$XHYDRA" = "1" ]; then
+  cat $CWD/doinst.sh > $PKG/install/doinst.sh
+fi
 
 cd $PKG
 /sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}

network/hydra/hydra.info

@@ -1,10 +1,10 @@
 PRGNAM="hydra"
-VERSION="5.4"
-HOMEPAGE="http://freeworld.thc.org/thc-hydra/"
-DOWNLOAD="http://freeworld.thc.org/releases/hydra-5.4-src.tar.gz"
-MD5SUM="fa08b465d19321e77b1a0ef912eeecc1"
+VERSION="7.1"
+HOMEPAGE="http://freeworld.thc.org/thc-hydra"
+DOWNLOAD="http://www.thc.org/releases/hydra-7.1-src.tar.gz"
+MD5SUM="0c3a6a351cb2e233cb989f0bcdd75edf"
 DOWNLOAD_x86_64=""
 MD5SUM_x86_64=""
-MAINTAINER="Larry Hajali"
-EMAIL="larryhaja[at]gmail[dot]com"
-APPROVED="dsomero"
+MAINTAINER="Kent Fritz"
+EMAIL="fritz.kent@gmail.com"
+APPROVED="Niels Horn"

network/hydra/patches/hydra-5.4-Makefile_am.patch

@@ -1,13 +0,0 @@
-diff -Nur hydra-5.4-src.orig/Makefile.am hydra-5.4-src/Makefile.am
---- hydra-5.4-src.orig/Makefile.am	2006-05-05 09:10:44.000000000 -0500
-+++ hydra-5.4-src/Makefile.am	2009-07-05 11:23:02.983188212 -0500
-@@ -2,7 +2,8 @@
- # Makefile for Hydra - (c) 2001-2006 by van Hauser / THC <vh@thc.org>
- #
- 
--OPTS=-I. -Wall -O2
-+EXTRA_CFLAGS=
-+OPTS=-I. -Wall $(EXTRA_CFLAGS)
- # -ggdb -pedantic
- LIBS=-lm
- DIR=/bin

network/hydra/patches/hydra-5.4-configure_fixups.patch

@@ -1,127 +0,0 @@
-diff -Nur hydra-5.4-src.orig/configure hydra-5.4-src/configure
---- hydra-5.4-src.orig/configure	2006-01-20 07:44:15.000000000 -0600
-+++ hydra-5.4-src/configure	2009-07-05 21:21:59.288865180 -0500
-@@ -35,11 +35,12 @@
- MANDIR=""
- XHYDRA_SUPPORT=""
- LIBDIRS=`cat /etc/ld.so.conf 2> /dev/null`
-+EXTRA_LIBDIRS?=
- STRIP="strip"
- echo
- 
- echo "Checking for openssl (libssl/ssl.h) ..."
--for i in  $LIBDIRS /lib  /usr/lib /usr/local/lib /opt/local/lib \
-+for i in $EXTRA_LIBDIRS $LIBDIRS /lib  /usr/lib /usr/local/lib /opt/local/lib \
- /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl \
- /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib .
- do
-@@ -97,7 +98,7 @@
- fi
- 
- echo "Checking for Postgres (libpq) ..."
--for i in  $LIBDIRS /lib  /usr/lib /usr/local/lib /opt/local/lib .
-+for i in $EXTRA_LIBDIRS $LIBDIRS /lib  /usr/lib /usr/local/lib /opt/local/lib .
- do
-     if [ "X" = "X$POSTGRES_PATH" ]; then
-         if [ -f "$i/libpq.so" -o -f "$i/libpq.dylib" ]; then
-@@ -118,11 +119,11 @@
-     echo "                              ... NOT found, module postgres disabled"
- fi
- 
--echo "Checking for SVN (ibsvn_client-1 libapr-0.so libaprutil-0.so) ..."
--for i in  $LIBDIRS /lib  /usr/lib /usr/local/lib /opt/local/lib .
-+echo "Checking for SVN (ibsvn_client-1 libapr-1.so libaprutil-1.so) ..."
-+for i in $EXTRA_LIBDIRS $LIBDIRS /lib  /usr/lib /usr/local/lib /opt/local/lib .
- do
-     if [ "X" = "X$SVN_PATH" ]; then
--        if [ -f "$i/libsvn_client-1.so" ]&&[ -f "$i/libapr-0.so" ]&&[ -f "$i/libaprutil-0.so" ]; then
-+        if [ -f "$i/libsvn_client-1.so" ]&&[ -f "$i/libapr-1.so" ]&&[ -f "$i/libaprutil-1.so" ]; then
-             SVN_PATH="$i"
-         fi
-     fi
-@@ -143,7 +144,7 @@
- fi
- 
- echo "Checking for SAP/R3 (librfc/saprfc.h) ..."
--for i in  $LIBDIRS /lib  /usr/lib /usr/local/lib /opt/local/lib .
-+for i in $EXTRA_LIBDIRS $LIBDIRS /lib  /usr/lib /usr/local/lib /opt/local/lib .
- do
-     if [ "X" = "X$SAPR3_PATH" ]; then
-         if [ -f "$i/librfc.a" -o -f "$i/librfc.dylib" -o "$i/librfc32.dll" ]; then
-@@ -183,7 +184,7 @@
- fi
- 
- echo "Checking for libssh (libssh/libssh.h) ..."
--for i in  $LIBDIRS /lib  /usr/lib /usr/local/lib /opt/local/lib .
-+for i in $EXTRA_LIBDIRS $LIBDIRS /lib  /usr/lib /usr/local/lib /opt/local/lib .
- do
-     if [ "X" = "X$SSH_PATH" ]; then
-         if [ -f "$i/libssh.so" -o -f "$i/libssh.dylib" ]; then
-@@ -202,8 +203,8 @@
-         fi
-     fi  
-     if [ "X" = "X$APR_IPATH" ]; then
--        if [ -d "$i/apr-0" ]; then
--            APR_IPATH="$i/apr-0"
-+        if [ -d "$i/apr-1" ]; then
-+            APR_IPATH="$i/apr-1"
-         fi
-     fi  
- done
-@@ -220,8 +221,8 @@
-         fi
-     fi  
-     if [ "X" = "X$APR_IPATH" ]; then
--        if [ -d "$i/apr-0" ]; then
--            APR_IPATH="$i/apr-0"
-+        if [ -d "$i/apr-1" ]; then
-+            APR_IPATH="$i/apr-1"
-         fi
-     fi  
- done
-@@ -243,11 +244,11 @@
- 
- if [ -n "$SSH_PATH" ]; then
-     echo "                                      ... found"
--    echo 'NOTE: ensure that you have libssh v0.11 installed!! Get it from http://0xbadc0de.be !'
-+    echo 'NOTE: ensure that you have libssh v0.4 installed!! Get it from http://0xbadc0de.be !'
- fi
- if [ "X" = "X$SSH_PATH" ]; then
-     echo "                                      ... NOT found, module ssh2 disabled"
--    echo 'Get it from http://0xbadc0de.be/ - use v0.11!'
-+    echo 'Get it from http://0xbadc0de.be/ - use v0.4 or later!'
- fi
- if [ "$SSH_IPATH" = "/usr/include" ]; then
-     SSH_IPATH=""
-@@ -262,7 +263,7 @@
- SYS=`uname -s`
- if [ "$SYS" = "SunOS" ]; then
-     echo "Checking for Solaris libraries ..."
--    for i in  /lib /usr/lib /usr/local/lib $LIBDIRS .
-+    for i in  /lib /usr/lib /usr/local/lib $EXTRA_LIBDIRS $LIBDIRS .
-     do
-         if [ "X" = "X$NSL_PATH" ]; then
-             if [ -f "$i/libnsl.so" ]; then
-@@ -334,6 +335,9 @@
- if [ -n "$SSH_PATH" ]; then
-     XDEFINES="$XDEFINES -DLIBSSH"
- fi
-+
-+XDEFINES="$XDEFINES -D_GNU_SOURCE"
-+
- OLDPATH=""
- for i in $SSL_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH; do
-     if [ "$OLDPATH" = "$i" ]; then
-@@ -379,10 +383,10 @@
-     XLIBS="$XLIBS -lpq"
- fi
- if [ -n "$SVN_PATH" ]; then
--    XLIBS="$XLIBS -lsvn_client-1 -lapr-0 -laprutil-0"
-+    XLIBS="$XLIBS -lsvn_client-1 -lapr-1 -laprutil-1"
- fi
- if [ -n "$SVN_PATH" ]; then
--    XLIBS="$XLIBS -lsvn_client-1 -lapr-0 -laprutil-0"
-+    XLIBS="$XLIBS -lsvn_client-1 -lapr-1 -laprutil-1"
- fi
- if [ -n "$SSH_PATH" ]; then
-     XLIBS="$XLIBS -lssh"

network/hydra/patches/hydra-5.4-libssh-0.4.patch

@@ -1,187 +0,0 @@
-diff -Naur hydra-5.4-src.orig/hydra-ssh2.c hydra-5.4-src/hydra-ssh2.c
---- hydra-5.4-src.orig/hydra-ssh2.c	2007-03-22 14:04:29.000000000 +0000
-+++ hydra-5.4-src/hydra-ssh2.c	2009-12-18 03:12:56.000000000 +0000
-@@ -7,12 +7,51 @@
- }
- #else
- 
--#warning "If compilation of hydra-ssh2 fails, you are not using v0.11. Download from http://www.0xbadc0de.be/"
-+#warning "If compilation of hydra-ssh2 fails, you are not using v0.4. Download from http://www.libssh.org/"
- 
- #include <libssh/libssh.h>
- 
- extern char *HYDRA_EXIT;
- 
-+/* try to authenticate with one password */
-+static int
-+try_password(ssh_session ssh_session, char *password){
-+  int auth_state;
-+  int i;
-+  /* printf("ssh-trying pass \"%s\"\n",password); */
-+  /* We try keyboard-interactive when it's supported. kbdint is
-+   * what openssh tries first when logging somewhere.
-+   */
-+  auth_state = ssh_userauth_kbdint(ssh_session, NULL, NULL);
-+  if(auth_state == SSH_AUTH_INFO){
-+    i=0;
-+    /* we feed 10 password responses at max. Keybint is challenge-response
-+     * based so the server could ask unrelated questions
-+     */
-+    while(auth_state == SSH_AUTH_INFO && i<10){
-+      ssh_userauth_kbdint_setanswer(ssh_session, i, password);
-+      auth_state = ssh_userauth_kbdint(ssh_session, NULL, NULL);
-+      i++;
-+    }
-+    /* Partial authentication is specific to SSH : the password is valid but
-+     * an other authentication token is needed (generaly private key)
-+     */
-+    if(auth_state == SSH_AUTH_PARTIAL)
-+        auth_state = SSH_AUTH_SUCCESS;
-+    if(auth_state == SSH_AUTH_INFO)
-+        auth_state = SSH_AUTH_ERROR;
-+    return auth_state;
-+  }
-+  if(auth_state == SSH_AUTH_ERROR)
-+    return auth_state;
-+  /* Keyboard-interactive is not supported so we run through the password
-+   * method */
-+  auth_state = ssh_userauth_password(ssh_session, NULL, password);
-+  if(auth_state == SSH_AUTH_PARTIAL)
-+    auth_state = SSH_AUTH_SUCCESS;
-+  return auth_state;
-+}
-+
- int
- start_ssh2(int s, unsigned long int ip, int port, unsigned char options, char *miscptr, FILE * fp)
- {
-@@ -21,17 +60,17 @@
-   char *buf;
-   char *rc;
-   struct sockaddr_in targetip;
--  SSH_SESSION *ssh_session;
--  SSH_OPTIONS *ssh_opt;
-+  ssh_session ssh_session;
-+  char buffer[64], firstlogin[128];
-   int auth_state;
--  int i = 0;
-+  const int btrue = 1;
- 
-   if (strlen(login = hydra_get_next_login()) == 0)
-     login = empty;
-   if (strlen(pass = hydra_get_next_password()) == 0)
-     pass = empty;
- 
--  ssh_opt=options_new();
-+  ssh_session=ssh_new();
-   memset(&targetip, 0, sizeof(targetip));
-   memcpy(&targetip.sin_addr.s_addr, &ip, 4);
-   targetip.sin_family = AF_INET;
-@@ -41,16 +80,18 @@
-   buf = malloc(20);
-   inet_ntop(AF_INET, &targetip.sin_addr, buf, 20);
- #endif
--  options_set_wanted_method(ssh_opt,KEX_COMP_C_S,"none");
--  options_set_wanted_method(ssh_opt,KEX_COMP_S_C,"none");
--  options_set_port(ssh_opt, port);
--  options_set_host(ssh_opt, buf);
--  options_set_username(ssh_opt, login);
--
--  if ((ssh_session = ssh_connect(ssh_opt)) == NULL) {
-+  snprintf(firstlogin,sizeof(firstlogin),"%s",login);
-+  ssh_options_set(ssh_session, SSH_OPTIONS_SSH1, &btrue);
-+  ssh_options_set(ssh_session, SSH_OPTIONS_PORT, &port);
-+  ssh_options_set(ssh_session, SSH_OPTIONS_HOST, buf);
-+  ssh_options_set(ssh_session, SSH_OPTIONS_USER, login);
-+  /* printf("ssh-connecting with login \"%s\"\n",login); */
-+  if (ssh_connect(ssh_session) == SSH_ERROR) {
-     rc = ssh_get_error(ssh_session);
-     if ((rc != NULL) && (rc[0] != '\0')) {
--      if (strncmp("connect:", ssh_get_error(ssh_session), strlen("connect:")) == 0)
-+      snprintf(buffer,sizeof(buffer),"%s",rc);
-+      ssh_disconnect(ssh_session);
-+      if (strncmp("connect:", buffer, strlen("connect:")) == 0)
-         return 3;
-       else
-         return 4;
-@@ -60,43 +101,54 @@
-   free(buf);
-   buf = NULL;
- #endif
--
--  do {
--    /* why this crap? */
--    auth_state = ssh_userauth_kbdint(ssh_session, login, NULL);
--    while (i < 10 && auth_state == SSH_AUTH_INFO) {
--      ssh_userauth_kbdint_setanswer(ssh_session, i, pass);
--      auth_state = ssh_userauth_kbdint(ssh_session, login, NULL);
--      i++;
--    }
--    
--    if (auth_state == SSH_AUTH_SUCCESS || ssh_userauth_password(ssh_session, login, pass) == SSH_AUTH_SUCCESS) {
--      ssh_disconnect(ssh_session);	/* this automagically frees the ssh_opt buffer */
--      hydra_report_found_host(port, ip, "ssh2", fp);
--      hydra_completed_pair_found();
--      if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
--        return 2;
--      /* free(ssh_opt); */ /* DOUBLE FREE ! */
-+  /* None method is important since it can flag passwordless servers */
-+  auth_state=ssh_userauth_none(ssh_session, login);
-+  if(auth_state == SSH_AUTH_SUCCESS){
-+    /* passwordless server */
-+    hydra_report_found_host(port, ip, "ssh2", fp);
-+    hydra_completed_pair_found();
-+    ssh_disconnect(ssh_session);
-+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
-+      return 2;
-+    else
-       return 1;
--    } else {
--      if (ssh_error_code(ssh_session) == 1) {
--        hydra_completed_pair();
-+  }
-+ 
-+  do {
-+    auth_state=try_password(ssh_session, pass);
-+      if (auth_state == SSH_AUTH_SUCCESS) {
-+        ssh_disconnect(ssh_session);	/* this automagically frees the ssh_opt buffer */
-+        hydra_report_found_host(port, ip, "ssh2", fp);
-+        hydra_completed_pair_found();
-         if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
-           return 2;
-+        return 1;
-       } else {
--        ssh_disconnect(ssh_session);	/* this automagically frees the ssh_opt buffer */
--        hydra_completed_pair(); /* really? */
--        if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
-+        if (auth_state == SSH_AUTH_DENIED) {
-+        hydra_completed_pair();
-+        if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0){
-+          ssh_disconnect(ssh_session);
-           return 2;
--        /* free(ssh_opt); */ /* DOUBLE FREE ! */
-+          }
-+        /* set a new password to try */
-+        login=hydra_get_next_login();
-+        if(strcmp(login,firstlogin) != 0){
-+            /* we can't try a new login without a new session. */
-+            ssh_disconnect(ssh_session);
-+            //hydra_completed_pair_skip();
-+            return 1;
-+        }
-+        pass=hydra_get_next_password();
-+        /* try again using same session */
-+      } else {
-+        ssh_disconnect(ssh_session);	/* this automagically frees the ssh_opt buffer */
-+        /* there was an error. The password was not really tried.*/
-+        //hydra_completed_pair_skip();
-         return 1;
-       }
-     }
-   } while(1);
- 
--  /* not reached */
--
--  /* free(ssh_opt); */ /* risk of double free */
-   return 1;
- }
- 

network/hydra/patches/hydra-http-form.patch

@@ -1,18 +0,0 @@
---- hydra-http-form.old	2008-02-06 09:42:49.000000000 +0000
-+++ hydra-http-form.c	2008-02-06 09:43:45.000000000 +0000
-@@ -149,7 +149,6 @@
-   }
- 
-   if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
--    free(updvariables);
-     free(upd2variables);
-     return 1;
-   }
-@@ -183,7 +182,6 @@
- */
- 
-   free(buf);
--  free(updvariables);
-   free(upd2variables);
- 
-   if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)