no one is safe ...

fixing hydra form-based-authentication brute forcing

Hydra sollte eigentlich form-based-authentication attacks unterstützen, leider ist die Backtrack Version buggy wodurch sich hydra nur mit folgender Fehlermeldung verabschiedet:

*** glibc detected *** hydra: free(): invalid pointer: 0x0806ba00 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7cbf454]
/lib/tls/i686/cmov/libc.so.6(cfree+0x96)[0xb7cc14b6]
hydra[0x805833a]
hydra[0x80587a9]
hydra[0x805897d]
hydra[0x805eebc]
hydra[0x80624aa]
hydra[0x8064112]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7c66685]
hydra[0x8049e31]
======= Memory map: ========
08048000-0806a000 r-xp 00000000 08:01 172266     /usr/bin/hydra
0806a000-0806b000 r--p 00021000 08:01 172266     /usr/bin/hydra
0806b000-0806c000 rw-p 00022000 08:01 172266     /usr/bin/hydra
0806c000-0806d000 rw-p 0806c000 00:00 0
08ddd000-08dfe000 rw-p 08ddd000 00:00 0          [heap]
b7af1000-b7afe000 r-xp 00000000 08:01 294398     /lib/libgcc_s.so.1
b7afe000-b7aff000 r--p 0000c000 08:01 294398     /lib/libgcc_s.so.1
b7aff000-b7b00000 rw-p 0000d000 08:01 294398     /lib/libgcc_s.so.1
b7b00000-b7b21000 rw-p b7b00000 00:00 0
b7b21000-b7c00000 ---p b7b21000 00:00 0
b7c0c000-b7c1c000 r-xp 00000000 08:01 303770     /lib/tls/i686/cmov/libresolv-2.8.90.so
b7c1c000-b7c1d000 r--p 0000f000 08:01 303770     /lib/tls/i686/cmov/libresolv-2.8.90.so
b7c1d000-b7c1e000 rw-p 00010000 08:01 303770     /lib/tls/i686/cmov/libresolv-2.8.90.so
b7c1e000-b7c20000 rw-p b7c1e000 00:00 0
b7c20000-b7c24000 r-xp 00000000 08:01 303757     /lib/tls/i686/cmov/libnss_dns-2.8.90.so
b7c24000-b7c25000 r--p 00003000 08:01 303757     /lib/tls/i686/cmov/libnss_dns-2.8.90.so
b7c25000-b7c26000 rw-p 00004000 08:01 303757     /lib/tls/i686/cmov/libnss_dns-2.8.90.so
b7c26000-b7c28000 r-xp 00000000 08:01 294435     /lib/libnss_mdns4_minimal.so.2
b7c28000-b7c29000 rw-p 00001000 08:01 294435     /lib/libnss_mdns4_minimal.so.2
b7c29000-b7c33000 r-xp 00000000 08:01 303759     /lib/tls/i686/cmov/libnss_files-2.8.90.so
b7c33000-b7c34000 r--p 00009000 08:01 303759     /lib/tls/i686/cmov/libnss_files-2.8.90.so
b7c34000-b7c35000 rw-p 0000a000 08:01 303759     /lib/tls/i686/cmov/libnss_files-2.8.90.so
b7c35000-b7c36000 rw-p b7c35000 00:00 0
b7c36000-b7c4a000 r-xp 00000000 08:01 177069     /usr/lib/libz.so.1.2.3.3
b7c4a000-b7c4c000 rw-p 00013000 08:01 177069     /usr/lib/libz.so.1.2.3.3
b7c4c000-b7c4e000 r-xp 00000000 08:01 303748     /lib/tls/i686/cmov/libdl-2.8.90.so
b7c4e000-b7c4f000 r--p 00001000 08:01 303748     /lib/tls/i686/cmov/libdl-2.8.90.so
b7c4f000-b7c50000 rw-p 00002000 08:01 303748     /lib/tls/i686/cmov/libdl-2.8.90.so
b7c50000-b7da8000 r-xp 00000000 08:01 303742     /lib/tls/i686/cmov/libc-2.8.90.so
b7da8000-b7daa000 r--p 00158000 08:01 303742     /lib/tls/i686/cmov/libc-2.8.90.so
b7daa000-b7dab000 rw-p 0015a000 08:01 303742     /lib/tls/i686/cmov/libc-2.8.90.so
b7dab000-b7dae000 rw-p b7dab000 00:00 0
b7dae000-b7ee1000 r-xp 00000000 08:01 205390     /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7ee1000-b7ee9000 r--p 00132000 08:01 205390     /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7ee9000-b7ef6000 rw-p 0013a000 08:01 205390     /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7ef6000-b7efa000 rw-p b7ef6000 00:00 0
b7efa000-b7f3c000 r-xp 00000000 08:01 205391     /usr/lib/i686/cmov/libssl.so.0.9.8
b7f3c000-b7f3d000 r--p 00041000 08:01 205391     /usr/lib/i686/cmov/libssl.so.0.9.8
b7f3d000-b7f40000 rw-p 00042000 08:01 205391     /usr/lib/i686/cmov/libssl.so.0.9.8
b7f40000-b7f64000 r-xp 00000000 08:01 303750     /lib/tls/i686/cmov/libm-2.8.90.so
b7f64000-b7f65000 r--p 00023000 08:01 303750     /lib/tls/i686/cmov/libm-2.8.90.so
b7f65000-b7f66000 rw-p 00024000 08:01 303750     /lib/tls/i686/cmov/libm-2.8.90.so
b7f77000-b7f79000 rw-p b7f77000 00:00 0
b7f79000-b7f93000 r-xp 00000000 08:01 294356     /lib/ld-2.8.90.so
b7f93000-b7f94000 rw-p b7f93000 00:00 0
b7f94000-b7f95000 r--p 0001a000 08:01 294356     /lib/ld-2.8.90.so
b7f95000-b7f96000 rw-p 0001b000 08:01 294356     /lib/ld-2.8.90.so
bfc80000-bfc95000 rw-p bffeb000 00:00 0          [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]
Hydra (http://www.thc.org) finished at 2009-07-01 11:36:52

Im Bugzilla von Gentoo ist ein Fix hierfür zu finden. Um Hydra nun zu patchen gehen Sie wie folgt vor:

m1k3@m1k3BT:~$ tar xzf hydra-5.4-src.tar.gz
m1k3@m1k3BT:~$ cd hydra-5.4-src/
m1k3@m1k3BT:~/hydra-5.4-src$ patch -p1 < ../hydra-http-form.patch
missing header for unified diff at line 3 of patch
can't find file to patch at input line 3
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|--- hydra-http-form.old        2008-02-06 09:42:49.000000000 +0000
|+++ hydra-http-form.c  2008-02-06 09:43:45.000000000 +0000
--------------------------
File to patch: hydra-http-form.c
patching file hydra-http-form.c

m1k3@m1k3BT:~/hydra-5.4-src$ ./configure --prefix=/opt/hydra --disable-xhydra

Im Makefile die Einträge -lpq und -DLIBPOSTGRES entfernen.

m1k3@m1k3BT:~/hydra-5.4-src$ make
m1k3@m1k3BT:~/hydra-5.4-src$ sudo make install

Ab sofort können Sie die Option http-post-form nutzen und somit auch form-based-authentication auf Passwortschwächen analysieren.

m-1-k-3