Scriptable network authentication cracker (formerly `badtouch`)
Home Page: https://crates.io/crates/authoscope
License: GNU General Public License v3.0
I'm an open-source developer with a background in offensive security, web security, computer networks and supply-chain security.
I package software in the official repositories of multiple Linux distributions:
All my open-source work is currently funded by myself and donations from Github Sponsors.
You can find me as kpcyrd on irc (hackint, libera, oftc, overthewire), Twitter DM to @kpcyrd or DM kpcyrd on cncf slack. I read my emails infrequently.
"Credential confirmation" should be replaced with "Combolist".
We might want to rename the subcommand as well, from badtouch creds to badtouch combo, but if we do this we should still accept creds as an alias.
when -o out is set, the credentials that have been found should be written to the file out. This is needed to keep track of very large tests.
I'm not sure about the format yet, I think it should default to:
script:user:password
Possible variations:
user:passwordIt should be possible to naively implement arbitrary (text) protocols using badtouch, using functions similar to the socket functions provided by pwntools.
This allows more creative solutions for #58, eg by talking to an smtpd.
sock_connect(host, port, {fam='ipv4', timeout=3, ssl=true, ssl_verify=false, newline="\r\n"}), create a connectionsock_send(sock, data), send datasock_recv(sock), receive up to 4096 bytessock_sendline(sock, line), send a line, automatically adds a newlinesock_recvline(sock), receive a line, strips newlinesock_recvall(sock), receive until EOFsock_recvline_contains(sock, needle), receive lines until one contains at least one needle, then return that line (supports string and list of strings)sock_recvline_regex(sock, regex), receive lines until one matches the regex, then return that linesock_recvn(sock, n), receive exactly n bytessock_recvuntil(sock, delim), receive until a sequence of bytes is found, then return all data including the sequence (supports string and list of strings)sock_sendafter(sock, delim, data), shorthand for sock_recvuntil(sock, delim) and sock_send(sock, data)sock_unrecv(sock, data), put data back into the buffered readersock_newline(sock, "\r\n"), update the newlineIt turned out the scheduler is surprisingly inefficient at loading very large lists. After some math it turns out it needs to be redesigned to allow lists of that size in one go:
On a 64bit system, even just collecting the pointers of all newlines takes a very large amount of memory:
14_000_000_000 * 8 = 112000000000 # 104.3 GiB
Three important bits we need to keep in mind for feature parity with the current system:
To support lists that large, we'd have to change the scheduler design:
Memory-wise, this would be one of the most lightweight solutions.
This could be applied to dict-style runs as well:
offset number of attemptslimit number of attemptsIt would be quirky to use though.
To avoid overhead that comes from our data structures, we could just map the whole file into ram and then operate on slices. Since we need to process this list in parallel we could assign this file into chunks of a specific size and each worker is able to process this chunk individually, no synchronization needed until the end of that chunk has been reached.
This still requires enough ram to load the whole file at once.
We can simply scan the file in the main thread, count the credentials, seek back to 0 and then lock the file handle in a mutex:
This would introduce the need for an exception message to the msg loop since reading from the file might fail in a non-recoverable way.
Note that there's also some overhead by the way the threadpool currently works, which allocates some memory for each job that we want to run. While this isn't much, keep in mind that a single byte per credential would result in 14gb.
In the end, I'm not sure if tests that large are realistic and how much effort should go into this.
authoscope v0.8.0
OpenSSL 3.0.2
I attempted to build the package as follows:
cargo build --release --locked
Updating crates.io index
Downloading crates ...
Downloaded async-trait v0.1.50
Downloaded cipher v0.2.5
Downloaded byte-tools v0.3.1
Downloaded futures-core v0.3.15
Downloaded futures-channel v0.3.15
Downloaded keccak v0.1.0
Downloaded hmac v0.11.0
Downloaded itoa v0.4.7
Downloaded markup5ever v0.10.1
Downloaded num-bigint v0.2.6
Downloaded maplit v1.0.2
Downloaded openssl v0.10.34
Downloaded rand_chacha v0.3.0
Downloaded quote v1.0.9
Downloaded proc-macro2 v1.0.27
Downloaded mio v0.7.11
Downloaded pkg-config v0.3.19
Downloaded new_debug_unreachable v1.0.4
Downloaded lexical v5.2.2
Downloaded matches v0.1.8
Downloaded num-integer v0.1.44
Downloaded sha1 v0.6.0
Downloaded serde_derive v1.0.126
Downloaded h2 v0.3.3
Downloaded serde_urlencoded v0.7.0
Downloaded reqwest v0.11.3
Downloaded slab v0.4.3
Downloaded sha2 v0.9.5
Downloaded serde v1.0.126
Downloaded smallvec v1.6.1
Downloaded nix v0.20.0
Downloaded socket2 v0.3.19
Downloaded futures-executor v0.3.15
Downloaded crypto-mac v0.11.0
Downloaded socket2 v0.4.0
Downloaded pbr v1.0.4
Downloaded humantime v2.1.0
Downloaded lru v0.6.5
Downloaded num_cpus v1.13.0
Downloaded num-traits v0.2.14
Downloaded idna v0.2.3
Downloaded mysql v20.1.0
Downloaded rlimit v0.5.4
Downloaded sha-1 v0.9.6
Downloaded rand_core v0.6.2
Downloaded subtle v2.4.0
Downloaded threadpool v1.8.1
Downloaded thiserror-impl v1.0.25
Downloaded tinyvec v1.2.0
Downloaded time-macros v0.1.1
Downloaded thiserror v1.0.25
Downloaded opaque-debug v0.3.0
Downloaded openssl-probe v0.1.4
Downloaded opaque-debug v0.2.3
Downloaded memchr v2.4.0
Downloaded termios v0.3.3
Downloaded tokio-native-tls v0.3.0
Downloaded tracing-core v0.1.18
Downloaded typenum v1.13.0
Downloaded unicode-bidi v0.3.5
Downloaded unicode-width v0.1.8
Downloaded arrayvec v0.5.2
Downloaded ahash v0.4.7
Downloaded autocfg v1.0.1
Downloaded unicode-segmentation v1.7.1
Downloaded siphasher v0.3.5
Downloaded anyhow v1.0.40
Downloaded syn v1.0.72
Downloaded base64 v0.13.0
Downloaded phf_generator v0.8.0
Downloaded tokio-util v0.6.7
Downloaded phf_macros v0.8.0
Downloaded base64 v0.12.3
Downloaded pem v0.8.3
Downloaded digest v0.8.1
Downloaded toml v0.5.8
Downloaded termios v0.2.2
Downloaded tokio-stream v0.1.6
Downloaded block-buffer v0.9.0
Downloaded string_cache v0.8.1
Downloaded twox-hash v1.6.0
Downloaded phf_codegen v0.8.0
Downloaded block-padding v0.1.5
Downloaded block-buffer v0.7.3
Downloaded phf v0.8.0
Downloaded percent-encoding v2.1.0
Downloaded once_cell v1.7.2
Downloaded structopt-derive v0.4.14
Downloaded bufstream v0.1.4
Downloaded block-padding v0.2.1
Downloaded structopt v0.3.21
Downloaded cfg-if v1.0.0
Downloaded cfg-if v0.1.10
Downloaded mysql_common v0.24.1
Downloaded standback v0.2.17
Downloaded bytes v0.5.6
Downloaded nodrop v0.1.14
Downloaded lua52-sys v0.1.2
Downloaded bytes v1.0.1
Downloaded cc v1.0.68
Downloaded ansi_term v0.11.0
Downloaded atty v0.2.14
Downloaded byteorder v1.4.3
Downloaded precomputed-hash v0.1.1
Downloaded phf_shared v0.8.0
Downloaded openssl-sys v0.9.63
Downloaded proc-macro-error v1.0.4
Downloaded chrono v0.4.19
Downloaded proc-macro-error-attr v1.0.4
Downloaded pin-project v1.0.7
Downloaded bigdecimal v0.1.2
Downloaded proc-macro-hack v0.5.19
Downloaded blowfish v0.7.0
Downloaded proc-macro-nested v0.1.7
Downloaded tracing v0.1.26
Downloaded pin-project-lite v0.2.6
Downloaded tokio-macros v1.2.0
Downloaded cpufeatures v0.1.4
Downloaded colored v2.0.0
Downloaded rand_chacha v0.2.2
Downloaded rand v0.7.3
Downloaded servo_arc v0.1.1
Downloaded termcolor v1.1.2
Downloaded selectors v0.22.0
Downloaded cssparser v0.27.2
Downloaded dtoa-short v0.3.3
Downloaded dirs-sys-next v0.1.2
Downloaded fnv v1.0.7
Downloaded dirs-next v2.0.0
Downloaded digest v0.9.0
Downloaded crossbeam-utils v0.8.4
Downloaded crc32fast v1.2.1
Downloaded foreign-types v0.3.2
Downloaded rand v0.8.3
Downloaded fxhash v0.2.1
Downloaded rand_pcg v0.2.1
Downloaded clap v2.33.3
Downloaded aho-corasick v0.7.18
Downloaded bitflags v1.2.1
Downloaded stable_deref_trait v1.2.0
Downloaded ppv-lite86 v0.2.10
Downloaded http v0.2.4
Downloaded lexical-core v0.7.6
Downloaded foreign-types-shared v0.1.1
Downloaded const_fn v0.4.8
Downloaded env_logger v0.8.3
Downloaded convert_case v0.4.0
Downloaded tokio v1.6.0
Downloaded strsim v0.8.0
Downloaded unicode-normalization v0.1.17
Downloaded utf-8 v0.7.6
Downloaded string_cache_codegen v0.5.1
Downloaded ryu v1.0.5
Downloaded time-macros-impl v0.1.1
Downloaded tendril v0.4.2
Downloaded textwrap v0.11.0
Downloaded rand_core v0.5.1
Downloaded serde_json v1.0.64
Downloaded flate2 v1.0.20
Downloaded futures-task v0.3.15
Downloaded generic-array v0.14.4
Downloaded sha2 v0.8.2
Downloaded generic-array v0.12.4
Downloaded url v2.2.2
Downloaded want v0.3.0
Downloaded regex-syntax v0.6.25
Downloaded sha3 v0.9.1
Downloaded version_check v0.9.3
Downloaded unicode-xid v0.2.2
Downloaded mac v0.1.1
Downloaded derive_utils v0.11.2
Downloaded getch v0.2.1
Downloaded bcrypt v0.9.0
Downloaded futures-io v0.3.15
Downloaded futures-sink v0.3.15
Downloaded futures-macro v0.3.15
Downloaded httpdate v1.0.1
Downloaded heck v0.3.2
Downloaded http-body v0.4.2
Downloaded derive_more v0.99.14
Downloaded ipnet v2.3.0
Downloaded html5ever v0.25.1
Downloaded fake-simd v0.1.2
Downloaded kuchiki v0.8.1
Downloaded lazy_static v1.4.0
Downloaded futf v0.1.4
Downloaded indexmap v1.6.2
Downloaded md-5 v0.9.1
Downloaded log v0.4.14
Downloaded hyper v0.14.8
Downloaded lber v0.3.0
Downloaded io-enum v0.2.6
Downloaded nix v0.19.1
Downloaded pin-utils v0.1.0
Downloaded pin-project-internal v1.0.7
Downloaded cssparser-macros v0.6.0
Downloaded dtoa v0.4.8
Downloaded form_urlencoded v1.0.1
Downloaded getrandom v0.1.16
Downloaded hyper-tls v0.5.0
Downloaded thin-slice v0.1.1
Downloaded mime v0.3.16
Downloaded native-tls v0.2.7
Downloaded crossbeam-channel v0.5.1
Downloaded time v0.2.26
Downloaded httparse v1.4.1
Downloaded time v0.1.43
Downloaded tower-service v0.3.1
Downloaded static_assertions v1.1.0
Downloaded getrandom v0.2.3
Downloaded hashbrown v0.9.1
Downloaded futures v0.3.15
Downloaded futures-util v0.3.15
Downloaded try-lock v0.2.3
Downloaded uuid v0.8.2
Downloaded vec_map v0.8.2
Downloaded tinyvec_macros v0.1.0
Downloaded regex v1.5.4
Downloaded libc v0.2.95
Downloaded nom v2.2.1
Downloaded hlua-badtouch v0.4.2
Downloaded encoding_rs v0.8.28
Downloaded libz-sys v1.1.3
Downloaded rust_decimal v1.14.1
Downloaded ldap3 v0.9.3
Compiling libc v0.2.95
Compiling proc-macro2 v1.0.27
Compiling unicode-xid v0.2.2
Compiling syn v1.0.72
Compiling autocfg v1.0.1
Compiling cfg-if v1.0.0
Compiling version_check v0.9.3
Compiling getrandom v0.1.16
Compiling proc-macro-hack v0.5.19
Compiling cc v1.0.68
Compiling pkg-config v0.3.19
Compiling log v0.4.14
Compiling typenum v1.13.0
Compiling memchr v2.4.0
Compiling lazy_static v1.4.0
Compiling bitflags v1.2.1
Compiling serde_derive v1.0.126
Compiling ppv-lite86 v0.2.10
Compiling serde v1.0.126
Compiling siphasher v0.3.5
Compiling pin-project-lite v0.2.6
Compiling futures-core v0.3.15
Compiling itoa v0.4.7
Compiling bytes v1.0.1
Compiling matches v0.1.8
Compiling byteorder v1.4.3
Compiling proc-macro-nested v0.1.7
Compiling futures-channel v0.3.15
Compiling futures-task v0.3.15
Compiling futures-sink v0.3.15
Compiling ryu v1.0.5
Compiling once_cell v1.7.2
Compiling ahash v0.4.7
Compiling pin-utils v0.1.0
Compiling openssl v0.10.34
Compiling foreign-types-shared v0.1.1
Compiling slab v0.4.3
Compiling futures-io v0.3.15
Compiling tinyvec_macros v0.1.0
Compiling native-tls v0.2.7
Compiling openssl-probe v0.1.4
Compiling fnv v1.0.7
Compiling opaque-debug v0.3.0
Compiling new_debug_unreachable v1.0.4
Compiling percent-encoding v2.1.0
Compiling crc32fast v1.2.1
Compiling const_fn v0.4.8
Compiling serde_json v1.0.64
Compiling byte-tools v0.3.1
Compiling regex-syntax v0.6.25
Compiling precomputed-hash v0.1.1
Compiling lexical-core v0.7.6
Compiling block-padding v0.2.1
Compiling arrayvec v0.5.2
Compiling static_assertions v1.1.0
Compiling mac v0.1.1
Compiling httparse v1.4.1
Compiling dtoa v0.4.8
Compiling try-lock v0.2.3
Compiling utf-8 v0.7.6
Compiling base64 v0.13.0
Compiling cfg-if v0.1.10
Compiling async-trait v0.1.50
Compiling unicode-width v0.1.8
Compiling encoding_rs v0.8.28
Compiling convert_case v0.4.0
Compiling stable_deref_trait v1.2.0
Compiling unicode-segmentation v1.7.1
Compiling httpdate v1.0.1
Compiling tower-service v0.3.1
Compiling nodrop v0.1.14
Compiling opaque-debug v0.2.3
Compiling smallvec v1.6.1
Compiling fake-simd v0.1.2
Compiling ansi_term v0.11.0
Compiling strsim v0.8.0
Compiling mysql v20.1.0
Compiling vec_map v0.8.2
Compiling bytes v0.5.6
Compiling nom v2.2.1
Compiling base64 v0.12.3
Compiling subtle v2.4.0
Compiling thin-slice v0.1.1
Compiling sha1 v0.6.0
Compiling anyhow v1.0.40
Compiling uuid v0.8.2
Compiling cpufeatures v0.1.4
Compiling bufstream v0.1.4
Compiling humantime v2.1.0
Compiling keccak v0.1.0
Compiling ipnet v2.3.0
Compiling mime v0.3.16
Compiling maplit v1.0.2
Compiling termcolor v1.1.2
Compiling unicode-bidi v0.3.5
Compiling tracing-core v0.1.18
Compiling foreign-types v0.3.2
Compiling tinyvec v1.2.0
Compiling phf_shared v0.8.0
Compiling hashbrown v0.9.1
Compiling fxhash v0.2.1
Compiling block-padding v0.1.5
Compiling form_urlencoded v1.0.1
Compiling futf v0.1.4
Compiling generic-array v0.14.4
Compiling standback v0.2.17
Compiling proc-macro-error-attr v1.0.4
Compiling proc-macro-error v1.0.4
Compiling time v0.2.26
Compiling textwrap v0.11.0
Compiling servo_arc v0.1.1
Compiling dtoa-short v0.3.3
Compiling http v0.2.4
Compiling futures-macro v0.3.15
Compiling tokio v1.6.0
Compiling num-traits v0.2.14
Compiling futures-util v0.3.15
Compiling num-integer v0.1.44
Compiling indexmap v1.6.2
Compiling num-bigint v0.2.6
Compiling crossbeam-utils v0.8.4
Compiling io-enum v0.2.6
Compiling heck v0.3.2
Compiling tendril v0.4.2
Compiling tracing v0.1.26
Compiling lru v0.6.5
Compiling want v0.3.0
Compiling lber v0.3.0
Compiling aho-corasick v0.7.18
Compiling openssl-sys v0.9.63
Compiling libz-sys v1.1.3
Compiling lua52-sys v0.1.2
Compiling quote v1.0.9
Compiling unicode-normalization v0.1.17
Compiling crossbeam-channel v0.5.1
Compiling generic-array v0.12.4
The following warnings were emitted during compilation:
warning: build/expando.c:4:24: error: pasting "RUST_VERSION_OPENSSL_" and "(" does not give a valid preprocessing token
warning: 4 | #define VERSION2(n, v) RUST_VERSION_##n##_##v
warning: | ^~~~~~~~~~~~~
warning: build/expando.c:5:23: note: in expansion of macro ‘VERSION2’
warning: 5 | #define VERSION(n, v) VERSION2(n, v)
warning: | ^~~~~~~~
warning: build/expando.c:10:1: note: in expansion of macro ‘VERSION’
warning: 10 | VERSION(OPENSSL, OPENSSL_VERSION_NUMBER)
warning: | ^~~~~~~
error: failed to run custom build command for `openssl-sys v0.9.63`
Caused by:
process didn't exit successfully: `/build/authoscope/src/authoscope-0.8.0/target/release/build/openssl-sys-d45d89f43d486731/build-script-main` (exit status: 101)
--- stdout
cargo:rustc-cfg=const_fn
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR
X86_64_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR unset
cargo:rerun-if-env-changed=OPENSSL_LIB_DIR
OPENSSL_LIB_DIR unset
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_INCLUDE_DIR
X86_64_UNKNOWN_LINUX_GNU_OPENSSL_INCLUDE_DIR unset
cargo:rerun-if-env-changed=OPENSSL_INCLUDE_DIR
OPENSSL_INCLUDE_DIR unset
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR
X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR unset
cargo:rerun-if-env-changed=OPENSSL_DIR
OPENSSL_DIR unset
cargo:rerun-if-env-changed=OPENSSL_NO_PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG
cargo:rerun-if-env-changed=OPENSSL_STATIC
cargo:rerun-if-env-changed=OPENSSL_DYNAMIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_STATIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_DYNAMIC
cargo:rerun-if-env-changed=PKG_CONFIG_PATH_x86_64-unknown-linux-gnu
cargo:rerun-if-env-changed=PKG_CONFIG_PATH_x86_64_unknown_linux_gnu
cargo:rerun-if-env-changed=HOST_PKG_CONFIG_PATH
cargo:rerun-if-env-changed=PKG_CONFIG_PATH
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_x86_64-unknown-linux-gnu
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_x86_64_unknown_linux_gnu
cargo:rerun-if-env-changed=HOST_PKG_CONFIG_LIBDIR
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_x86_64-unknown-linux-gnu
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_x86_64_unknown_linux_gnu
cargo:rerun-if-env-changed=HOST_PKG_CONFIG_SYSROOT_DIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR
cargo:rerun-if-env-changed=SYSROOT
cargo:rerun-if-env-changed=OPENSSL_STATIC
cargo:rerun-if-env-changed=OPENSSL_DYNAMIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_STATIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_DYNAMIC
cargo:rustc-link-lib=ssl
cargo:rustc-link-lib=crypto
cargo:rerun-if-env-changed=PKG_CONFIG
cargo:rerun-if-env-changed=OPENSSL_STATIC
cargo:rerun-if-env-changed=OPENSSL_DYNAMIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_STATIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_DYNAMIC
cargo:rerun-if-env-changed=PKG_CONFIG_PATH_x86_64-unknown-linux-gnu
cargo:rerun-if-env-changed=PKG_CONFIG_PATH_x86_64_unknown_linux_gnu
cargo:rerun-if-env-changed=HOST_PKG_CONFIG_PATH
cargo:rerun-if-env-changed=PKG_CONFIG_PATH
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_x86_64-unknown-linux-gnu
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_x86_64_unknown_linux_gnu
cargo:rerun-if-env-changed=HOST_PKG_CONFIG_LIBDIR
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_x86_64-unknown-linux-gnu
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_x86_64_unknown_linux_gnu
cargo:rerun-if-env-changed=HOST_PKG_CONFIG_SYSROOT_DIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR
OPT_LEVEL = Some("3")
TARGET = Some("x86_64-unknown-linux-gnu")
HOST = Some("x86_64-unknown-linux-gnu")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = Some("-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -flto=auto")
CRATE_CC_NO_DEFAULTS = None
DEBUG = Some("false")
CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2")
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-march=x86-64" "-mtune=generic" "-O2" "-pipe" "-fno-plt" "-fexceptions" "-Wp,-D_FORTIFY_SOURCE=2" "-Wformat" "-Werror=format-security" "-fstack-clash-protection" "-fcf-protection" "-flto=auto" "-I" "/usr/include" "-E" "build/expando.c"
cargo:warning=build/expando.c:4:24: error: pasting "RUST_VERSION_OPENSSL_" and "(" does not give a valid preprocessing token
cargo:warning= 4 | #define VERSION2(n, v) RUST_VERSION_##n##_##v
cargo:warning= | ^~~~~~~~~~~~~
cargo:warning=build/expando.c:5:23: note: in expansion of macro ‘VERSION2’
cargo:warning= 5 | #define VERSION(n, v) VERSION2(n, v)
cargo:warning= | ^~~~~~~~
cargo:warning=build/expando.c:10:1: note: in expansion of macro ‘VERSION’
cargo:warning= 10 | VERSION(OPENSSL, OPENSSL_VERSION_NUMBER)
cargo:warning= | ^~~~~~~
exit status: 1
--- stderr
thread 'main' panicked at '
Header expansion error:
Error { kind: ToolExecError, message: "Command \"cc\" \"-O3\" \"-ffunction-sections\" \"-fdata-sections\" \"-fPIC\" \"-m64\" \"-march=x86-64\" \"-mtune=generic\" \"-O2\" \"-pipe\" \"-fno-plt\" \"-fexceptions\" \"-Wp,-D_FORTIFY_SOURCE=2\" \"-Wformat\" \"-Werror=format-security\" \"-fstack-clash-protection\" \"-fcf-protection\" \"-flto=auto\" \"-I\" \"/usr/include\" \"-E\" \"build/expando.c\" with args \"cc\" did not execute successfully (status code exit status: 1)." }
Failed to find OpenSSL development headers.
You can try fixing this setting the `OPENSSL_DIR` environment variable
pointing to your OpenSSL installation or installing OpenSSL headers package
specific to your distribution:
# On Ubuntu
sudo apt-get install libssl-dev
# On Arch Linux
sudo pacman -S openssl
# On Fedora
sudo dnf install openssl-devel
See rust-openssl README for more information:
https://github.com/sfackler/rust-openssl#linux
', /build/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-sys-0.9.63/build/main.rs:147:13
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
I was able to build the package after updating two crates, openssl to 0.10.38 and openssl-sys to 0.9.72.
There might be a need to have hash functions in the runtime to implement authentication. The following things should be supported:
Those functions should return a binary digest, in addition there should be two encoding functions:
badtouch is currently failing to build for Homebrew with Rust 1.49 on Apple Silicon: Homebrew/homebrew-core#68089
It appears this is due to a stale lock file, causing cargo install --locked to pull in dependencies that do not work for badtouch on Apple Silicon. Is it possible for the Cargo.lock file to be updated? If this could be done with a new release, that would be especially helpful.
Related: Homebrew/homebrew-core#68301
In case of docker images the shell expand for scripts/* is not going to work properly. scripts/ should be a valid argument, in this case every script in this folder is loaded.
Hi,
I have this error when I install badtouch in cargo: cargo install badtouch
error: failed to run custom build command for openssl v0.9.24
process didn't exit successfully: /tmp/user/0/cargo-installenmH0c/release/build/openssl-1a53f5853bfeae35/build-script-build (exit code: 101)
--- stderr
thread 'main' panicked at 'Unable to detect OpenSSL version', /usr/cargo/registry/src/github.com-1ecc6299db9ec823/openssl-0.9.24/build.rs:16:14
note: Run with RUST_BACKTRACE=1 for a backtrace.
warning: build failed, waiting for other jobs to finish...
error: failed to compile badtouch v0.6.1, intermediate artifacts can be found at /tmp/user/0/cargo-installenmH0c
Caused by:
build failed
I have by the way, the latest version of openssl installed v1.1.1b
Followup of #47
Especially for large tests one might need to pause program and resume eventually. The program could be enhanced with the following features:
Some of these may require replacing threadpool with a custom scheduler.
$ /usr/local/Cellar/badtouch/0.7.2/bin/badtouch oneshot -vvx true.lua foo
[2021-01-14T05:00:37Z DEBUG badtouch::ulimit] soft_limit=256, hard_limit=9223372036854775807
[2021-01-14T05:00:37Z INFO badtouch::ulimit] setting NOFILE limit to 9223372036854775807
Error: Failed to set RLIMIT_NOFILE
Caused by:
Invalid argument (os error 22)
full log, https://github.com/Homebrew/homebrew-core/runs/1683397269
relates to Homebrew/homebrew-core#68806
for wiki , Cargo deb , cargo ebuild tools will produce a debian pkg , and ebuild gentoo ebuild bash script.
https://crates.io/crates/cargo-rpm likewise rpm's ...
If a script wants to provide additional data of the user, the script could be changed from:
return is_validto something like
if is_valid then
req = http_request(session, 'GET', 'https://example.com/api/permissions', {})
resp = http_send(req)
if last_err() then
-- ignore this error and just report the login as valid instead of requeueing it
clear_err()
return true
end
loot['permissions'] = resp['text']
return true
else
return false
endbadtouch would need to add a dict/table named loot to the lua context before executing the script. After the script finished with success the loot table would be checked and if it's non-empty that data would be included in the report. This is difficult to fit into the regular combolist report we currently use, so we might have to limit this to json reports (and support json reports).
Followup of #47
There is currently no error handling in the runtime. Error handling should be added and in addition we should requeue attempts that failed due to an unexpected error.
Followup of #47
A different threadpool might be more efficient on ram. This might be interesting:
https://github.com/kinghajj/kirk
Related to #31
The essential feature of the badtouch runtime is the http library that's currently missing. It should be very similar to python-requests. Specifically, the following things need to be supported:
Followup of #47
Blocked by a8m/pb#62
There are some files and macros vendored that can be removed after this bug is fixed:
src/tty.rs can be deletedprintfl! can be deletedpb_writeln can be deletedpb.set_max_refresh_rate can be enabledThe python example in the readme currently doesn't do any error handling, so a network failure would not result in a retry but marks the attempt as failed.
The python example should use a different error code for exceptions and the lua wrapper should handle this error.
Error { last_error, next: Error { previous_error } }Err(_)Given a bug/feature that can be abused as an oracle if a user exists/doesn't exist, it should be possible to filter a list of usernames to those that actually exist on the system.
We would probably reuse the verify(user, password) function for this and provide nil as the password.
There should be additional tests in travis that spin up some services and ensure the commands work.
Hello @kpcyrd. Im currently searching a crate where i can something contribute. As i see, there are 2 contributors on this project, so do you work as a team only or can i contribute as well?
You can easily bump into the limit of open files (uname -n), this needs to be increased manually or by badtouch. If this limit is reached, it's hard to recover.
hlua has a type for Vec, which is AnyLuaString. The hex function currently uses a table for byte arrays, this should be refactored.
It might make sense to have a test subcommand that can be used to make sure the script works. This would call eg test_positive and test_negative that both wrap around the verify function, once with correct credentials and once with incorrect credentials.
Including passwords in the script seems counter intuitive, but those should be dummy accounts and the scripts that have those tests wouldn't be meant to be shared publicly. There might be a better way to do this though.
There should be a deprecation mechanism so we can add non-final functions to the badtouch runtime. Those functions can then trigger warnings before being removed eventually.
We should consider moving from hlua to rlua: https://github.com/chucklefish/rlua
Typically README's of such tools contain disclaimer like "you it at your own risk" or "usage of this tool outside your own network may incur legal penalties" or something like that...
In addition to #4 there should be first-class scraping support so html responses can be easily parsed.
It should be possible to stop the audit at a position and then resume at that position. I'm not yet sure how that should be implemented:
--continuable has been set, drains the remaining attempts into a save file that we can pick up againThis issue supersedes #3
Followup of #47
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.