"Fossies" - the Fresh Open Source Software Archive 
Member "authforce-0.9.9/src/main.c" (13 May 2007, 11296 Bytes) of package /linux/www/old/authforce-0.9.9.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "main.c" see the
Fossies "Dox" file reference documentation.
1 /* $Id: main.c,v 1.7 2001/04/28 20:32:47 kapheine Exp $ */
2
3 #include <config.h>
4 #include <stdio.h>
5 #include <stdlib.h>
6 #include <unistd.h>
7 #include <string.h>
8 #include <time.h>
9 #include <getopt.h>
10 #include "gettext.h"
11 #ifdef MEMWATCH
12 #include "memwatch.h"
13 #endif /* MEMWATCH */
14 #include "extern.h"
15 #ifdef ENABLE_NLS
16 #define _(x) dgettext(PACKAGE_NAME, x)
17 #else
18 #define _(x) (x)
19 #endif
20
21
22 static const char *program_name = PACKAGE;
23 static const char *author = "Zachary P. Landau";
24 static const char *version = VERSION;
25 static const char *email = "kapheine@divineinvasion.net";
26 static const char *description = "an HTTP authentication brute forcer";
27
28 /* command line configurable variables */
29 char datafile_path[60] = "data"; /* location of data files */
30 char username_file[80] = "username.lst"; /* file containing usernames */
31 char passwords_file[80] = "password.lst"; /* file with password rules */
32 char common_pairs_file[80] = "userpass.lst"; /* file containing common pairs */
33 #ifdef USE_DUMMY
34 char submit_dummy_file[80] = "dummy.lst"; /* file containing dummy combos */
35 #endif /* USE_DUMMY */
36 char logfile[80] = "/dev/null"; /* file to log to */
37 unsigned int max_users = 0; /* max number of users to try */
38 unsigned int max_connects = 0; /* max num of connects */
39 unsigned int per_user_delay = 0; /* delay between trying users */
40 unsigned int per_password_delay = 0; /* delay between attempt */
41 char user_agent[50]; /* username to pass to browser */
42 char url[160]; /* url to bruteforce */
43 char proxy[40] = "undef"; /* proxy support */
44 int quiet = 0; /* no output to stdout? */
45 int debug_level = 0; /* what level of debug messages to show 0-5 */
46 int beep = 0; /* beep on found? */
47 char pathlist[120] = DEFAULT_PATH;
48 char configlist[120] = DEFAULT_CONFIG;
49
50 char *user_pass[2]; /* username, password */
51 FILE *logfd; /* log file handle */
52 unsigned int found = 0; /* valid auth found */
53 unsigned int num_users = 0; /* cur number of users tried */
54 unsigned int no_ssl_fail = 0;
55 unsigned int auth_digest = 0;
56 int session_usernumber = 0; /* current usernumber */
57 int session_function = passwords_ident; /* current function */
58 int session_count = 0; /* current loop */
59 int resume_session = 0; /* resume old session? */
60 int save_session = 0; /* save session? */
61 char session_file[80] = "session.save"; /* file containing session data */
62 /*unsigned short acs = 0;*/ /* average connects per second */
63 char **master_password_list = NULL; /* master password list */
64
65 static const char *optstring = "bc:d:hl:p:P:qr::s::u:UvV";
66
67 struct option long_options[] = {
68 { "beep", 0, NULL, 'b' },
69 { "debug", 1, NULL, 'd' },
70 #ifdef USE_DUMMY
71 { "dummy-file", 1, NULL, 1 },
72 #endif /* USE_DUMMY */
73 { "help", 0, NULL, 'h' },
74 { "logfile", 1, NULL, 'l' },
75 { "max-connects", 1, NULL, 'c' },
76 { "max-users", 1, NULL, 'u' },
77 { "pairs-file", 1, NULL, 2 },
78 { "password-delay", 1, NULL, 3 },
79 { "password-file", 1, NULL, 4 },
80 { "path", 1, NULL, 'p' },
81 { "proxy", 1, NULL, 'P' },
82 { "quiet", 0, NULL, 'q' },
83 { "resume", 2, NULL, 'r' },
84 { "save", 2, NULL, 's' },
85 { "user-delay", 1, NULL, 5 },
86 { "user-agent", 1, NULL, 'a' },
87 { "username-file", 1, NULL, 6 },
88 { "no-ssl-fail", 0, NULL, 7 },
89 { "auth-digest", 0, NULL, 8 },
90 { "verbose", 0, NULL, 'v' },
91 { "version", 0, NULL, 'V' },
92 { NULL }
93 };
94
95 static void help(char *name) {
96
97 printf("%s %s, %s\n\n", program_name, version, description);
98 printf(_("usage: %s [OPTION]... URL\n\n"), name);
99 printf(_("options:\n"));
100 printf(_("\t-b,\t--beep\t\t\tbeep when a match is found\n"
101 "\t-d,\t--debug=NUMBER\t\t\tlevel of debugging\n"
102 "\t\t--dummy-file=FILE\tfile containing dummy matches\n"
103 "\t\t\t\t\t[username:password form]\n"
104 "\t-h,\t--help\t\t\tdisplay this help and exit\n"
105 "\t-l,\t--logfile=FILE\t\tset logfile to FILE\n"
106 "\t-r,\t--resume[=FILE]\t\tresume old session using FILE\n"
107 "\t\t\t\t\t[default session.save]\n"
108 "\t-s,\t--save[=FILE]\t\tsave session on SIGUSR1 to FILE\n"
109 "\t\t\t\t\t[default session.save]\n"
110 "\t-c,\t--max-connects=NUMBER\tdon't make more than NUMBER connections\n"
111 "\t-u,\t--max-users=NUMBER\tdon't try more than NUMBER users\n"
112 "\t-U,\t--user-agent=STRING\tset user agent to STRING\n"
113 "\t\t--pairs-file=FILE\tfile containing username:password pairs\n"
114 "\t\t--password-delay=NUMBER\tdelay for # seconds between attempts\n"
115 "\t\t--password-file=FILE\tfile containing common passwords\n"
116 "\t-p,\t--path=STRING\t\tlook for pathlist STRING\n"
117 "\t-P,\t--proxy=STRING\t\tset proxy to STRING\n"
118 "\t\t--auth-digest\t\tuse auth digest method\n"
119 "\t\t--no-ssl-fail\t\tdon't fail with self signed certs\n"
120 "\t-q,\t--quiet\t\t\tdon't output to stdout\n"
121 "\t\t--user-delay=NUMBER\tdelay for # seconds between usernames\n"
122 "\t\t--username-file=FILE\tfile containing list of usernames\n"
123 "\t\t--verbose\t\tbe verbose (default), opposite of --quiet\n"
124 "\t-V,\t--version\t\tprint version information and exit\n")
125 );
126 printf(_("\nReport bugs to <%s>.\n"), email);
127 exit(EXIT_SUCCESS);
128 }
129
130
131 static void initialize_main(int argc, char *argv[]) {
132 time_t now;
133 int optch;
134 int index = 0;
135 char *filename;
136
137 if (argc < 1) {
138 fprintf(stderr, _("%s: Missing arguments\n"), program_name);
139 fprintf(stderr, _("Try %s --help for more information.\n"), program_name);
140 exit(EXIT_FAILURE);
141 }
142
143 snprintf(user_agent, sizeof(user_agent), "%s/%s", program_name, version);
144
145 while ((filename = extract_colon_unit(configlist, &index)) != NULL) {
146 parse_config(filename);
147 free(filename);
148 }
149
150 while ((optch = getopt_long(argc, argv, optstring, long_options, NULL)) != -1) {
151 switch (optch) {
152 #ifdef USE_DUMMY
153 case 1:
154 strncpy(submit_dummy_file, optarg, sizeof(submit_dummy_file));
155 break;
156 #endif /* USE_DUMMY */
157 case 2:
158 strncpy(common_pairs_file, optarg, sizeof(common_pairs_file));
159 break;
160 case 3:
161 per_password_delay = atoi(optarg);
162 break;
163 case 4:
164 strncpy(passwords_file, optarg, sizeof(passwords_file));
165 break;
166 case 5:
167 per_user_delay = atoi(optarg);
168 break;
169 case 6:
170 strncpy(username_file, optarg, sizeof(username_file));
171 break;
172 case 7:
173 no_ssl_fail = 1;
174 break;
175 case 8:
176 auth_digest = 1;
177 break;
178 case 'a':
179 strncpy(user_agent, optarg, sizeof(user_agent));
180 break;
181 case 'b':
182 beep = 1;
183 break;
184 case 'c':
185 max_connects = atoi(optarg);
186 break;
187 case 'd':
188 debug_level = atoi(optarg);
189 break;
190 case 'h':
191 help((char*)program_name);
192 break;
193 case 'l':
194 strncpy(logfile, optarg, sizeof(logfile));
195 break;
196 case 'p':
197 strncpy(pathlist, optarg, sizeof(pathlist));
198 break;
199 case 'P':
200 strncpy(proxy, optarg, sizeof(proxy));
201 break;
202 case 'q':
203 quiet = 1;
204 break;
205 case 'r':
206 resume_session = 1;
207 if (optarg)
208 strncpy(session_file, optarg, sizeof(session_file));
209 break;
210 case 's':
211 save_session = 1;
212 if (optarg)
213 strncpy(session_file, optarg, sizeof(session_file));
214 break;
215 case 'u':
216 max_users = atoi(optarg);
217 break;
218 case 'v':
219 quiet = 0;
220 break;
221 case 'V':
222 printf( _("%s %s\n"
223 "\n"
224 "Copyright (C) 2000-2007 %s\n"
225 "There is NO warranty. You may redistribute this software\n"
226 "under the terms of the GNU General Public License.\n"
227 "For more information about these matters, see the files named COPYING\n"
228 "\n"
229 "Written by %s <%s>.\n")
230 , program_name, version, author, author, email);
231 exit(EXIT_SUCCESS);
232 break;
233 }
234 }
235
236 optch = argc - optind;
237 switch (optch) {
238 case 0:
239 fprintf(stderr, _("%s: missing URL\n"), program_name);
240 fprintf(stderr, _("Usage: %s [OPTION]... [URL]\n\n"), program_name);
241 fprintf(stderr, _("Try `%s --help` for more information.\n"), program_name);
242 exit(EXIT_FAILURE);
243 case 1:
244 break;
245 default:
246 fprintf(stderr, _("%s: too many URLs\n"), program_name);
247 fprintf(stderr, _("Usage: %s [OPTION]... [URL]\n\n"), program_name);
248 fprintf(stderr, _("Try %s --help for more information.\n"), program_name);
249 exit(EXIT_FAILURE);
250 }
251
252 strncpy(url, argv[optind], sizeof(url));
253
254 if (resume_session)
255 read_session(session_file);
256
257 if (save_session)
258 install_handler();
259
260 logfd = fopen(logfile, "w+");
261 if (!logfd) {
262 fprintf(stderr, _("initialize_data: couldn't open %s\n"), logfile);
263 exit(EXIT_FAILURE);
264 }
265 now = time(0);
266 fprintf(logfd, _("scan started: %s"), ctime(&now));
267
268 }
269
270 static void shutdown_main(void) {
271 time_t now;
272
273 now = time(0);
274 /* printf("sats: %f\n", acs);*/
275 fprintf(logfd, _("scan ended: %s"), ctime(&now));
276 fclose(logfd);
277 }
278
279 int main(int argc, char *argv[]) {
280 int i;
281 char **username_list;
282 char *username;
283 int result;
284 char *path = NULL;
285
286
287 #ifdef ENABLE_NLS
288 setlocale (LC_ALL, "");
289 bindtextdomain (PACKAGE, LOCALEDIR);
290 textdomain (PACKAGE);
291 #endif
292
293 user_pass[0] = (char*)malloc_w(sizeof(char)*41);
294 user_pass[1] = (char*)malloc_w(sizeof(char)*51);
295
296 initialize_main(argc, argv);
297 initialize_submit();
298
299 /* cheating way to avoid negative numbers :P */
300 if (abs(session_function) > 1) {
301 fprintf(stderr, _("main: session_function greater than 1\n"));
302 exit(EXIT_FAILURE);
303 }
304
305 if (session_function == passwords_ident) {
306
307 path = search_path(username_file, pathlist);
308 username_list = textlist(path);
309 free(path);
310
311 /* session_usernumber starts at 0, but num_lines starts at 1 */
312 if (abs(session_usernumber) > (num_lines+1)) {
313 fprintf(stderr, _("main: session_usernumber greater than num_lines\n"));
314 exit(EXIT_FAILURE);
315 }
316
317 i = session_usernumber;
318
319 path = search_path(passwords_file, pathlist);
320 master_password_list = textlist(path);
321
322 /* session_count starts at 0, but num_lines starts at 1 */
323 if (abs(session_count) > (num_lines+1)) {
324 fprintf(stderr, _("main: session_count greater than num_lines\n"));
325 exit(EXIT_FAILURE);
326 }
327
328 while ((username = username_list[i]) != NULL) {
329 result = process_passwords(username);
330 if (result == EXIT_SUCCESS) {
331 if (!quiet) {
332 printf(_("match [%s:%s]\n"), user_pass[0], user_pass[1]);
333 if (beep)
334 printf("\007");
335 }
336 fprintf(logfd, _("match [%s:%s]\n"), user_pass[0], user_pass[1]);
337 found++;
338 }
339 sleep(per_user_delay);
340 i++;
341 session_usernumber = i;
342 if (max_users == num_users && max_users != 0) {
343 if (!quiet)
344 printf(_("max users reached at %i\n"), num_users);
345 fprintf(logfd, _("max users reached at %i\n"), num_users);
346 break;
347 }
348 num_users++;
349 }
350 free_list(username_list);
351 free_list(master_password_list);
352 }
353
354
355 /* seperate because common_pairs uses different scheme */
356 common_pairs();
357
358 if (found > 0) {
359 if (!quiet)
360 printf(_("Congratulations: %i password%s found.\n"), found, found == 1 ? "" : "s");
361 fprintf(logfd, _("Congratulations: %i password%s found.\n"), found, found == 1 ? "" : "s");
362 } else {
363 if (!quiet)
364 printf(_("No passwords found.\n"));
365 fprintf(logfd, _("No passwords found.\n"));
366 }
367
368 free(user_pass[0]);
369 free(user_pass[1]);
370 #ifdef USE_DUMMY
371 free_list(submit_dummy_list);
372 #endif /* USE_DUMMY */
373
374 shutdown_submit();
375 shutdown_main();
376
377 if (found > 0)
378 exit(1); /* matches were found */
379 else
380 exit(0); /* matches were not found */
381 }