Codebase list hydra / 70c065b
New upstream version 9.3 Daniel Echeverri 2 years ago
34 changed file(s) with 972 addition(s) and 769 deletion(s). Raw diff Collapse all Expand all
+14
-0
CHANGES less more
00 Changelog for hydra
11 -------------------
2
3 Release 9.3
4 * support Xcode compilation
5 * new module: cobaltstrike by ultimaiiii, thank you!
6 * fix for ssh to support -M or ip/range
7 * fix for rdp to detect empty passwords
8 * fix for http-form to no send empty headers
9 * fix for http on non-default ports when using with a proxy
10 * for vnc/cisco/... protocols that only check for a password, skip host
11 after the password is found
12 * fix to support IPv6 addresses in -M
13 * fix to test all entries in -C files, not exiting after the first found
14 * make disappearing targets faster to terminate on
15 * added "make uninstall"
216
317
418 Release 9.2
+20
-0
CITATION.cff less more
0 cff-version: 1.2.0
1 message: "If you use this software, please cite it as below."
2 authors:
3 - given-names: Marc
4 family-names: Heuse
5 name-particle: "van Hauser"
6 email: vh@thc.org
7 affiliation: The Hacker's Choice
8 title: "hydra"
9 version: 9.2
10 type: software
11 date-released: 2021-03-15
12 url: "https://github.com/vanhauser-thc/thc-hydra"
13 keywords:
14 - scanning
15 - passwords
16 - hacking
17 - pentesting
18 - securiy
19 license: AGPL-3.0-or-later
+17
-0
INSTALL less more
55 Redhat/Fedora: yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel
66 OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel
77
8
9 For Termux/Android you need the following setup:
10
11 Install the necessary dependencies
12 # pkg install -y x11-repo
13 # pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3
14 And then compiling hydra
15 # ./configure --prefix=$PREFIX
16 # make
17 # make install
18
19
20 To use xhydra, you will need to install a graphical output in termux, you can be guided from this article:
21
22 https://wiki.termux.com/wiki/Graphical_Environment
23
24
825 For the Oracle login module, install the basic and SDK packages:
926 http://www.oracle.com/technetwork/database/features/instant-client/index.html
1027
+3
-0
Makefile less more
22
33 clean:
44 cp -f Makefile.orig Makefile
5
6 uninstall:
7 @echo Error: you must run "./configure" first
+17
-5
Makefile.am less more
00 #
1 # Makefile for Hydra - (c) 2001-2020 by van Hauser / THC <vh@thc.org>
1 # Makefile for Hydra - (c) 2001-2022 by van Hauser / THC <vh@thc.org>
22 #
33 WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations
44 WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align
55 CFLAGS ?= -g
6 OPTS=-I. -O3 $(CFLAGS) -fcommon -Wl,--allow-multiple-definition
6 OPTS=-I. -O3 $(CFLAGS) -fcommon
77 # -Wall -g -pedantic
88 LIBS=-lm
99 DESTDIR ?=
1010 BINDIR = /bin
1111 MANDIR = /man/man1/
1212 DATADIR = /etc
13 PIXDIR = /share/pixmaps
14 APPDIR = /share/applications
1315
1416 SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \
1517 hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \
2224 hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \
2325 hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \
2426 hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \
25 hydra-rpcap.c hydra-radmin2.c \
27 hydra-rpcap.c hydra-radmin2.c hydra-cobaltstrike.c \
2628 hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \
2729 hydra-smb2.c
2830 OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \
2931 hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \
3032 hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \
31 hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \
33 hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \
3234 hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \
3335 hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \
3436 hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \
6466 $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS)
6567
6668 strip: all
67 strip $(BINS)
69 -strip $(BINS)
6870 -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null
6971
7072 install: strip
7779 -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR)
7880 -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR)
7981 -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR)
82 -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR)
83 -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/
84 -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR)
85 -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop
8086
8187 clean:
8288 rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile
8389 cp -f Makefile.orig Makefile
8490
91 uninstall:
92 -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh
93 -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv
94 -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1
95 -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png
96 -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop
+3
-0
Makefile.orig less more
22
33 clean:
44 cp -f Makefile.orig Makefile
5
6 uninstall:
7 @echo Error: you must run "./configure" first
+534
-0
README less more
0
1 H Y D R A
2
3 (c) 2001-2022 by van Hauser / THC
4 <vh@thc.org> https://github.com/vanhauser-thc/thc-hydra
5 many modules were written by David (dot) Maciejak @ gmail (dot) com
6 BFG code by Jan Dlabal <dlabaljan@gmail.com>
7
8 Licensed under AGPLv3 (see LICENSE file)
9
10 Please do not use in military or secret service organizations,
11 or for illegal purposes.
12 (This is the wish of the author and non-binding. Many people working
13 in these organizations do not care for laws and ethics anyways.
14 You are not one of the "good" ones if you ignore this.)
15
16
17
18 INTRODUCTION
19 ------------
20 Number one of the biggest security holes are passwords, as every password
21 security study shows.
22 This tool is a proof of concept code, to give researchers and security
23 consultants the possibility to show how easy it would be to gain unauthorized
24 access from remote to a system.
25
26 THIS TOOL IS FOR LEGAL PURPOSES ONLY!
27
28 There are already several login hacker tools available, however, none does
29 either support more than one protocol to attack or support parallelized
30 connects.
31
32 It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris,
33 FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS.
34
35 Currently this tool supports the following protocols:
36 Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
37 HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY,
38 HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST,
39 HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener,
40 Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin,
41 Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5,
42 SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth,
43 VNC and XMPP.
44
45 However the module engine for new services is very easy so it won't take a
46 long time until even more services are supported.
47 Your help in writing, enhancing or fixing modules is highly appreciated!! :-)
48
49
50
51 WHERE TO GET
52 ------------
53 You can always find the newest release/production version of hydra at its
54 project page at https://github.com/vanhauser-thc/thc-hydra/releases
55 If you are interested in the current development state, the public development
56 repository is at Github:
57 svn co https://github.com/vanhauser-thc/thc-hydra
58 or
59 git clone https://github.com/vanhauser-thc/thc-hydra
60 Use the development version at your own risk. It contains new features and
61 new bugs. Things might not work!
62
63
64
65 HOW TO COMPILE
66 --------------
67 To configure, compile and install hydra, just type:
68
69 ```
70 ./configure
71 make
72 make install
73 ```
74
75 If you want the ssh module, you have to setup libssh (not libssh2!) on your
76 system, get it from https://www.libssh.org, for ssh v1 support you also need
77 to add "-DWITH_SSH1=On" option in the cmake command line.
78 IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew!
79
80 If you use Ubuntu/Debian, this will install supplementary libraries needed
81 for a few optional modules (note that some might not be available on your distribution):
82
83 ```
84 apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
85 libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
86 firebird-dev libmemcached-dev libgpg-error-dev \
87 libgcrypt11-dev libgcrypt20-dev
88 ```
89
90 This enables all optional modules and features with the exception of Oracle,
91 SAP R/3, NCP and the apple filing protocol - which you will need to download and
92 install from the vendor's web sites.
93
94 For all other Linux derivates and BSD based systems, use the system
95 software installer and look for similarly named libraries like in the
96 command above. In all other cases, you have to download all source libraries
97 and compile them manually.
98
99
100
101 SUPPORTED PLATFORMS
102 -------------------
103 - All UNIX platforms (Linux, *BSD, Solaris, etc.)
104 - MacOS (basically a BSD clone)
105 - Windows with Cygwin (both IPv4 and IPv6)
106 - Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
107
108
109
110 HOW TO USE
111 ----------
112 If you just enter `hydra`, you will see a short summary of the important
113 options available.
114 Type `./hydra -h` to see all available command line options.
115
116 Note that NO login/password file is included. Generate them yourself.
117 A default password list is however present, use "dpl4hydra.sh" to generate
118 a list.
119
120 For Linux users, a GTK GUI is available, try `./xhydra`
121
122 For the command line usage, the syntax is as follows:
123 For attacking one target or a network, you can use the new "://" style:
124 hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS
125 The old mode can be used for these too, and additionally if you want to
126 specify your targets from a text file, you *must* use this one:
127
128 ```
129 hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS]
130 ```
131
132 Via the command line options you specify which logins to try, which passwords,
133 if SSL should be used, how many parallel tasks to use for attacking, etc.
134
135 PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp,
136 http-get or many others are available
137 TARGET is the target you want to attack
138 MODULE-OPTIONS are optional values which are special per PROTOCOL module
139
140 FIRST - select your target
141 you have three options on how to specify the target you want to attack:
142 1. a single target on the command line: just put the IP or DNS address in
143 2. a network range on the command line: CIDR specification like "192.168.0.0/24"
144 3. a list of hosts in a text file: one line per entry (see below)
145
146 SECOND - select your protocol
147 Try to avoid telnet, as it is unreliable to detect a correct or false login attempt.
148 Use a port scanner to see which protocols are enabled on the target.
149
150 THIRD - check if the module has optional parameters
151 hydra -U PROTOCOL
152 e.g. hydra -U smtp
153
154 FOURTH - the destination port
155 this is optional, if no port is supplied the default common port for the
156 PROTOCOL is used.
157 If you specify SSL to use ("-S" option), the SSL common port is used by default.
158
159
160 If you use "://" notation, you must use "[" "]" brackets if you want to supply
161 IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack:
162 hydra [some command line options] ftp://[192.168.0.0/24]/
163 hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM
164
165 Note that everything hydra does is IPv4 only!
166 If you want to attack IPv6 addresses, you must add the "-6" command line option.
167 All attacks are then IPv6 only!
168
169 If you want to supply your targets via a text file, you can not use the ://
170 notation but use the old style and just supply the protocol (and module options):
171 hydra [some command line options] -M targets.txt ftp
172 You can also supply the port for each target entry by adding ":<port>" after a
173 target entry in the file, e.g.:
174
175 ```
176 foo.bar.com
177 target.com:21
178 unusual.port.com:2121
179 default.used.here.com
180 127.0.0.1
181 127.0.0.1:2121
182 ```
183
184 Note that if you want to attach IPv6 targets, you must supply the -6 option
185 and *must* put IPv6 addresses in brackets in the file(!) like this:
186
187 ```
188 foo.bar.com
189 target.com:21
190 [fe80::1%eth0]
191 [2001::1]
192 [2002::2]:8080
193 [2a01:24a:133:0:00:123:ff:1a]
194 ```
195
196 LOGINS AND PASSWORDS
197 --------------------
198 You have many options on how to attack with logins and passwords
199 With -l for login and -p for password you tell hydra that this is the only
200 login and/or password to try.
201 With -L for logins and -P for passwords you supply text files with entries.
202 e.g.:
203
204 ```
205 hydra -l admin -p password ftp://localhost/
206 hydra -L default_logins.txt -p test ftp://localhost/
207 hydra -l admin -P common_passwords.txt ftp://localhost/
208 hydra -L logins.txt -P passwords.txt ftp://localhost/
209 ```
210
211 Additionally, you can try passwords based on the login via the "-e" option.
212 The "-e" option has three parameters:
213
214 ```
215 s - try the login as password
216 n - try an empty password
217 r - reverse the login and try it as password
218 ```
219
220 If you want to, e.g. try "try login as password and "empty password", you
221 specify "-e sn" on the command line.
222
223 But there are two more modes for trying passwords than -p/-P:
224 You can use text file which where a login and password pair is separated by a colon,
225 e.g.:
226
227 ```
228 admin:password
229 test:test
230 foo:bar
231 ```
232
233 This is a common default account style listing, that is also generated by the
234 dpl4hydra.sh default account file generator supplied with hydra.
235 You use such a text file with the -C option - note that in this mode you
236 can not use -l/-L/-p/-P options (-e nsr however you can).
237 Example:
238
239 ```
240 hydra -C default_accounts.txt ftp://localhost/
241 ```
242
243 And finally, there is a bruteforce mode with the -x option (which you can not
244 use with -p/-P/-C):
245
246 ```
247 -x minimum_length:maximum_length:charset
248 ```
249
250 the charset definition is `a` for lowercase letters, `A` for uppercase letters,
251 `1` for numbers and for anything else you supply it is their real representation.
252 Examples:
253
254 ```
255 -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
256 -x 2:5:/ generate passwords from length 2 to 5 containing only slashes
257 -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
258 ```
259
260 Example:
261
262 ```
263 hydra -l ftp -x 3:3:a ftp://localhost/
264 ```
265
266 SPECIAL OPTIONS FOR MODULES
267 ---------------------------
268 Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m
269 command line option, you can pass one option to a module.
270 Many modules use this, a few require it!
271
272 To see the special option of a module, type:
273
274 hydra -U <module>
275
276 e.g.
277
278 ./hydra -U http-post-form
279
280 The special options can be passed via the -m parameter, as 3rd command line
281 option or in the service://target/option format.
282
283 Examples (they are all equal):
284
285 ```
286 ./hydra -l test -p test -m PLAIN 127.0.0.1 imap
287 ./hydra -l test -p test 127.0.0.1 imap PLAIN
288 ./hydra -l test -p test imap://127.0.0.1/PLAIN
289 ```
290
291 RESTORING AN ABORTED/CRASHED SESSION
292 ------------------------------------
293 When hydra is aborted with Control-C, killed or crashes, it leaves a
294 "hydra.restore" file behind which contains all necessary information to
295 restore the session. This session file is written every 5 minutes.
296 NOTE: the hydra.restore file can NOT be copied to a different platform (e.g.
297 from little endian to big endian, or from Solaris to AIX)
298
299 HOW TO SCAN/CRACK OVER A PROXY
300 ------------------------------
301 The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works
302 just for the http services!).
303 The following syntax is valid:
304
305 ```
306 HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
307 HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/"
308 HYDRA_PROXY_HTTP="proxylist.txt"
309 ```
310
311 The last example is a text file containing up to 64 proxies (in the same
312 format definition as the other examples).
313
314 For all other services, use the HYDRA_PROXY variable to scan/crack.
315 It uses the same syntax. eg:
316
317 ```
318 HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port
319 ```
320
321 for example:
322
323 ```
324 HYDRA_PROXY=connect://proxy.anonymizer.com:8000
325 HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080
326 HYDRA_PROXY=socksproxylist.txt
327 ```
328
329 ADDITIONAL HINTS
330 ----------------
331 * sort your password files by likelihood and use the -u option to find
332 passwords much faster!
333 * uniq your dictionary files! this can save you a lot of time :-)
334 cat words.txt | sort | uniq > dictionary.txt
335 * if you know that the target is using a password policy (allowing users
336 only to choose a password with a minimum length of 6, containing a least one
337 letter and one number, etc. use the tool pw-inspector which comes along
338 with the hydra package to reduce the password list:
339 cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt
340
341
342 RESULTS OUTPUT
343 --------------
344
345 The results are output to stdio along with the other information. Via the -o
346 command line option, the results can also be written to a file. Using -b,
347 the format of the output can be specified. Currently, these are supported:
348
349 * `text` - plain text format
350 * `jsonv1` - JSON data using version 1.x of the schema (defined below).
351 * `json` - JSON data using the latest version of the schema, currently there
352 is only version 1.
353
354 If using JSON output, the results file may not be valid JSON if there are
355 serious errors in booting Hydra.
356
357
358 JSON Schema
359 -----------
360 Here is an example of the JSON output. Notes on some of the fields:
361
362 * `errormessages` - an array of zero or more strings that are normally printed
363 to stderr at the end of the Hydra's run. The text is very free form.
364 * `success` - indication if Hydra ran correctly without error (**NOT** if
365 passwords were detected). This parameter is either the JSON value `true`
366 or `false` depending on completion.
367 * `quantityfound` - How many username+password combinations discovered.
368 * `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00,
369 2.03, etc. Hydra will make second tuple of the version to always be two
370 digits to make it easier for downstream processors (as opposed to v1.1 vs
371 v1.10). The minor-level versions are additive, so 1.02 will contain more
372 fields than version 1.00 and will be backward compatible. Version 2.x will
373 break something from version 1.x output.
374
375 Version 1.00 example:
376 ```
377 {
378 "errormessages": [
379 "[ERROR] Error Message of Something",
380 "[ERROR] Another Message",
381 "These are very free form"
382 ],
383 "generator": {
384 "built": "2021-03-01 14:44:22",
385 "commandline": "hydra -b jsonv1 -o results.json ... ...",
386 "jsonoutputversion": "1.00",
387 "server": "127.0.0.1",
388 "service": "http-post-form",
389 "software": "Hydra",
390 "version": "v8.5"
391 },
392 "quantityfound": 2,
393 "results": [
394 {
395 "host": "127.0.0.1",
396 "login": "bill@example.com",
397 "password": "bill",
398 "port": 9999,
399 "service": "http-post-form"
400 },
401 {
402 "host": "127.0.0.1",
403 "login": "joe@example.com",
404 "password": "joe",
405 "port": 9999,
406 "service": "http-post-form"
407 }
408 ],
409 "success": false
410 }
411 ```
412
413
414 SPEED
415 -----
416 through the parallelizing feature, this password cracker tool can be very
417 fast, however it depends on the protocol. The fastest are generally POP3
418 and FTP.
419 Experiment with the task option (-t) to speed things up! The higher - the
420 faster ;-) (but too high - and it disables the service)
421
422
423
424 STATISTICS
425 ----------
426 Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing
427 295 entries (294 tries invalid logins, 1 valid). Every test was run three
428 times (only for "1 task" just once), and the average noted down.
429
430 ```
431 P A R A L L E L T A S K S
432 SERVICE 1 4 8 16 32 50 64 100 128
433 ------- --------------------------------------------------------------------
434 telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55*
435 ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32
436 pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50
437 imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21
438 ```
439
440 (*)
441 Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with
442 128 tasks, running four times resulted in timings between 28 and 97 seconds!
443 The reason for this is unknown...
444
445 guesses per task (rounded up):
446
447 295 74 38 19 10 6 5 3 3
448
449 guesses possible per connect (depends on the server software and config):
450
451 telnet 4
452 ftp 6
453 pop3 1
454 imap 3
455
456
457
458 BUGS & FEATURES
459 ---------------
460 Hydra:
461 Email me or David if you find bugs or if you have written a new module.
462 vh@thc.org (and put "antispam" in the subject line)
463
464
465 You should use PGP to encrypt emails to vh@thc.org :
466
467 ```
468 -----BEGIN PGP PUBLIC KEY BLOCK-----
469 Version: GnuPG v3.3.3 (vh@thc.org)
470
471 mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT
472 KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ
473 FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c
474 vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k
475 Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p
476 lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI
477 zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI
478 DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf
479 lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN
480 DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5
481 n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB
482 tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC
483 F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ
484 xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH
485 Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4
486 qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz
487 dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp
488 QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga
489 V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5
490 slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl
491 Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM
492 0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP
493 JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs
494 IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL
495 CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS
496 AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ
497 HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR
498 2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C
499 nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc
500 XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6
501 Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL
502 ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V
503 l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F
504 n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl
505 7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb
506 /hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii
507 tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5
508 Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR
509 gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt
510 x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62
511 0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS
512 +C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw
513 G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA
514 oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr
515 rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC
516 v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5
517 02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv
518 s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ
519 Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK
520 d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP
521 gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y
522 ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP
523 8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd
524 X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD
525 aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN
526 cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC
527 Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR
528 zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni
529 1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT
530 zB3yrr+vYBT0uDWmxwPjiJs=
531 =ytEf
532 -----END PGP PUBLIC KEY BLOCK-----
533 ```
+0
-534
README.md less more
0
1 H Y D R A
2
3 (c) 2001-2021 by van Hauser / THC
4 <vh@thc.org> https://github.com/vanhauser-thc/thc-hydra
5 many modules were written by David (dot) Maciejak @ gmail (dot) com
6 BFG code by Jan Dlabal <dlabaljan@gmail.com>
7
8 Licensed under AGPLv3 (see LICENSE file)
9
10 Please do not use in military or secret service organizations,
11 or for illegal purposes.
12 (This is the wish of the author and non-binding. Many people working
13 in these organizations do not care for laws and ethics anyways.
14 You are not one of the "good" ones if you ignore this.)
15
16
17
18 INTRODUCTION
19 ------------
20 Number one of the biggest security holes are passwords, as every password
21 security study shows.
22 This tool is a proof of concept code, to give researchers and security
23 consultants the possibility to show how easy it would be to gain unauthorized
24 access from remote to a system.
25
26 THIS TOOL IS FOR LEGAL PURPOSES ONLY!
27
28 There are already several login hacker tools available, however, none does
29 either support more than one protocol to attack or support parallelized
30 connects.
31
32 It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris,
33 FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS.
34
35 Currently this tool supports the following protocols:
36 Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
37 HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY,
38 HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST,
39 HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener,
40 Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin,
41 Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5,
42 SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth,
43 VNC and XMPP.
44
45 However the module engine for new services is very easy so it won't take a
46 long time until even more services are supported.
47 Your help in writing, enhancing or fixing modules is highly appreciated!! :-)
48
49
50
51 WHERE TO GET
52 ------------
53 You can always find the newest release/production version of hydra at its
54 project page at https://github.com/vanhauser-thc/thc-hydra/releases
55 If you are interested in the current development state, the public development
56 repository is at Github:
57 svn co https://github.com/vanhauser-thc/thc-hydra
58 or
59 git clone https://github.com/vanhauser-thc/thc-hydra
60 Use the development version at your own risk. It contains new features and
61 new bugs. Things might not work!
62
63
64
65 HOW TO COMPILE
66 --------------
67 To configure, compile and install hydra, just type:
68
69 ```
70 ./configure
71 make
72 make install
73 ```
74
75 If you want the ssh module, you have to setup libssh (not libssh2!) on your
76 system, get it from http://www.libssh.org, for ssh v1 support you also need
77 to add "-DWITH_SSH1=On" option in the cmake command line.
78 IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew!
79
80 If you use Ubuntu/Debian, this will install supplementary libraries needed
81 for a few optional modules (note that some might not be available on your distribution):
82
83 ```
84 apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
85 libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
86 firebird-dev libmemcached-dev libgpg-error-dev \
87 libgcrypt11-dev libgcrypt20-dev
88 ```
89
90 This enables all optional modules and features with the exception of Oracle,
91 SAP R/3, NCP and the apple filing protocol - which you will need to download and
92 install from the vendor's web sites.
93
94 For all other Linux derivates and BSD based systems, use the system
95 software installer and look for similarly named libraries like in the
96 command above. In all other cases, you have to download all source libraries
97 and compile them manually.
98
99
100
101 SUPPORTED PLATFORMS
102 -------------------
103 - All UNIX platforms (Linux, *BSD, Solaris, etc.)
104 - MacOS (basically a BSD clone)
105 - Windows with Cygwin (both IPv4 and IPv6)
106 - Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
107
108
109
110 HOW TO USE
111 ----------
112 If you just enter `hydra`, you will see a short summary of the important
113 options available.
114 Type `./hydra -h` to see all available command line options.
115
116 Note that NO login/password file is included. Generate them yourself.
117 A default password list is however present, use "dpl4hydra.sh" to generate
118 a list.
119
120 For Linux users, a GTK GUI is available, try `./xhydra`
121
122 For the command line usage, the syntax is as follows:
123 For attacking one target or a network, you can use the new "://" style:
124 hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS
125 The old mode can be used for these too, and additionally if you want to
126 specify your targets from a text file, you *must* use this one:
127
128 ```
129 hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS]
130 ```
131
132 Via the command line options you specify which logins to try, which passwords,
133 if SSL should be used, how many parallel tasks to use for attacking, etc.
134
135 PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp,
136 http-get or many others are available
137 TARGET is the target you want to attack
138 MODULE-OPTIONS are optional values which are special per PROTOCOL module
139
140 FIRST - select your target
141 you have three options on how to specify the target you want to attack:
142 1. a single target on the command line: just put the IP or DNS address in
143 2. a network range on the command line: CIDR specification like "192.168.0.0/24"
144 3. a list of hosts in a text file: one line per entry (see below)
145
146 SECOND - select your protocol
147 Try to avoid telnet, as it is unreliable to detect a correct or false login attempt.
148 Use a port scanner to see which protocols are enabled on the target.
149
150 THIRD - check if the module has optional parameters
151 hydra -U PROTOCOL
152 e.g. hydra -U smtp
153
154 FOURTH - the destination port
155 this is optional, if no port is supplied the default common port for the
156 PROTOCOL is used.
157 If you specify SSL to use ("-S" option), the SSL common port is used by default.
158
159
160 If you use "://" notation, you must use "[" "]" brackets if you want to supply
161 IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack:
162 hydra [some command line options] ftp://[192.168.0.0/24]/
163 hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM
164
165 Note that everything hydra does is IPv4 only!
166 If you want to attack IPv6 addresses, you must add the "-6" command line option.
167 All attacks are then IPv6 only!
168
169 If you want to supply your targets via a text file, you can not use the ://
170 notation but use the old style and just supply the protocol (and module options):
171 hydra [some command line options] -M targets.txt ftp
172 You can also supply the port for each target entry by adding ":<port>" after a
173 target entry in the file, e.g.:
174
175 ```
176 foo.bar.com
177 target.com:21
178 unusual.port.com:2121
179 default.used.here.com
180 127.0.0.1
181 127.0.0.1:2121
182 ```
183
184 Note that if you want to attach IPv6 targets, you must supply the -6 option
185 and *must* put IPv6 addresses in brackets in the file(!) like this:
186
187 ```
188 foo.bar.com
189 target.com:21
190 [fe80::1%eth0]
191 [2001::1]
192 [2002::2]:8080
193 [2a01:24a:133:0:00:123:ff:1a]
194 ```
195
196 LOGINS AND PASSWORDS
197 --------------------
198 You have many options on how to attack with logins and passwords
199 With -l for login and -p for password you tell hydra that this is the only
200 login and/or password to try.
201 With -L for logins and -P for passwords you supply text files with entries.
202 e.g.:
203
204 ```
205 hydra -l admin -p password ftp://localhost/
206 hydra -L default_logins.txt -p test ftp://localhost/
207 hydra -l admin -P common_passwords.txt ftp://localhost/
208 hydra -L logins.txt -P passwords.txt ftp://localhost/
209 ```
210
211 Additionally, you can try passwords based on the login via the "-e" option.
212 The "-e" option has three parameters:
213
214 ```
215 s - try the login as password
216 n - try an empty password
217 r - reverse the login and try it as password
218 ```
219
220 If you want to, e.g. try "try login as password and "empty password", you
221 specify "-e sn" on the command line.
222
223 But there are two more modes for trying passwords than -p/-P:
224 You can use text file which where a login and password pair is separated by a colon,
225 e.g.:
226
227 ```
228 admin:password
229 test:test
230 foo:bar
231 ```
232
233 This is a common default account style listing, that is also generated by the
234 dpl4hydra.sh default account file generator supplied with hydra.
235 You use such a text file with the -C option - note that in this mode you
236 can not use -l/-L/-p/-P options (-e nsr however you can).
237 Example:
238
239 ```
240 hydra -C default_accounts.txt ftp://localhost/
241 ```
242
243 And finally, there is a bruteforce mode with the -x option (which you can not
244 use with -p/-P/-C):
245
246 ```
247 -x minimum_length:maximum_length:charset
248 ```
249
250 the charset definition is `a` for lowercase letters, `A` for uppercase letters,
251 `1` for numbers and for anything else you supply it is their real representation.
252 Examples:
253
254 ```
255 -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
256 -x 2:5:/ generate passwords from length 2 to 5 containing only slashes
257 -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
258 ```
259
260 Example:
261
262 ```
263 hydra -l ftp -x 3:3:a ftp://localhost/
264 ```
265
266 SPECIAL OPTIONS FOR MODULES
267 ---------------------------
268 Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m
269 command line option, you can pass one option to a module.
270 Many modules use this, a few require it!
271
272 To see the special option of a module, type:
273
274 hydra -U <module>
275
276 e.g.
277
278 ./hydra -U http-post-form
279
280 The special options can be passed via the -m parameter, as 3rd command line
281 option or in the service://target/option format.
282
283 Examples (they are all equal):
284
285 ```
286 ./hydra -l test -p test -m PLAIN 127.0.0.1 imap
287 ./hydra -l test -p test 127.0.0.1 imap PLAIN
288 ./hydra -l test -p test imap://127.0.0.1/PLAIN
289 ```
290
291 RESTORING AN ABORTED/CRASHED SESSION
292 ------------------------------------
293 When hydra is aborted with Control-C, killed or crashes, it leaves a
294 "hydra.restore" file behind which contains all necessary information to
295 restore the session. This session file is written every 5 minutes.
296 NOTE: the hydra.restore file can NOT be copied to a different platform (e.g.
297 from little endian to big endian, or from Solaris to AIX)
298
299 HOW TO SCAN/CRACK OVER A PROXY
300 ------------------------------
301 The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works
302 just for the http services!).
303 The following syntax is valid:
304
305 ```
306 HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
307 HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/"
308 HYDRA_PROXY_HTTP="proxylist.txt"
309 ```
310
311 The last example is a text file containing up to 64 proxies (in the same
312 format definition as the other examples).
313
314 For all other services, use the HYDRA_PROXY variable to scan/crack.
315 It uses the same syntax. eg:
316
317 ```
318 HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port
319 ```
320
321 for example:
322
323 ```
324 HYDRA_PROXY=connect://proxy.anonymizer.com:8000
325 HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080
326 HYDRA_PROXY=socksproxylist.txt
327 ```
328
329 ADDITIONAL HINTS
330 ----------------
331 * sort your password files by likelihood and use the -u option to find
332 passwords much faster!
333 * uniq your dictionary files! this can save you a lot of time :-)
334 cat words.txt | sort | uniq > dictionary.txt
335 * if you know that the target is using a password policy (allowing users
336 only to choose a password with a minimum length of 6, containing a least one
337 letter and one number, etc. use the tool pw-inspector which comes along
338 with the hydra package to reduce the password list:
339 cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt
340
341
342 RESULTS OUTPUT
343 --------------
344
345 The results are output to stdio along with the other information. Via the -o
346 command line option, the results can also be written to a file. Using -b,
347 the format of the output can be specified. Currently, these are supported:
348
349 * `text` - plain text format
350 * `jsonv1` - JSON data using version 1.x of the schema (defined below).
351 * `json` - JSON data using the latest version of the schema, currently there
352 is only version 1.
353
354 If using JSON output, the results file may not be valid JSON if there are
355 serious errors in booting Hydra.
356
357
358 JSON Schema
359 -----------
360 Here is an example of the JSON output. Notes on some of the fields:
361
362 * `errormessages` - an array of zero or more strings that are normally printed
363 to stderr at the end of the Hydra's run. The text is very free form.
364 * `success` - indication if Hydra ran correctly without error (**NOT** if
365 passwords were detected). This parameter is either the JSON value `true`
366 or `false` depending on completion.
367 * `quantityfound` - How many username+password combinations discovered.
368 * `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00,
369 2.03, etc. Hydra will make second tuple of the version to always be two
370 digits to make it easier for downstream processors (as opposed to v1.1 vs
371 v1.10). The minor-level versions are additive, so 1.02 will contain more
372 fields than version 1.00 and will be backward compatible. Version 2.x will
373 break something from version 1.x output.
374
375 Version 1.00 example:
376 ```
377 {
378 "errormessages": [
379 "[ERROR] Error Message of Something",
380 "[ERROR] Another Message",
381 "These are very free form"
382 ],
383 "generator": {
384 "built": "2021-03-01 14:44:22",
385 "commandline": "hydra -b jsonv1 -o results.json ... ...",
386 "jsonoutputversion": "1.00",
387 "server": "127.0.0.1",
388 "service": "http-post-form",
389 "software": "Hydra",
390 "version": "v8.5"
391 },
392 "quantityfound": 2,
393 "results": [
394 {
395 "host": "127.0.0.1",
396 "login": "bill@example.com",
397 "password": "bill",
398 "port": 9999,
399 "service": "http-post-form"
400 },
401 {
402 "host": "127.0.0.1",
403 "login": "joe@example.com",
404 "password": "joe",
405 "port": 9999,
406 "service": "http-post-form"
407 }
408 ],
409 "success": false
410 }
411 ```
412
413
414 SPEED
415 -----
416 through the parallelizing feature, this password cracker tool can be very
417 fast, however it depends on the protocol. The fastest are generally POP3
418 and FTP.
419 Experiment with the task option (-t) to speed things up! The higher - the
420 faster ;-) (but too high - and it disables the service)
421
422
423
424 STATISTICS
425 ----------
426 Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing
427 295 entries (294 tries invalid logins, 1 valid). Every test was run three
428 times (only for "1 task" just once), and the average noted down.
429
430 ```
431 P A R A L L E L T A S K S
432 SERVICE 1 4 8 16 32 50 64 100 128
433 ------- --------------------------------------------------------------------
434 telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55*
435 ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32
436 pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50
437 imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21
438 ```
439
440 (*)
441 Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with
442 128 tasks, running four times resulted in timings between 28 and 97 seconds!
443 The reason for this is unknown...
444
445 guesses per task (rounded up):
446
447 295 74 38 19 10 6 5 3 3
448
449 guesses possible per connect (depends on the server software and config):
450
451 telnet 4
452 ftp 6
453 pop3 1
454 imap 3
455
456
457
458 BUGS & FEATURES
459 ---------------
460 Hydra:
461 Email me or David if you find bugs or if you have written a new module.
462 vh@thc.org (and put "antispam" in the subject line)
463
464
465 You should use PGP to encrypt emails to vh@thc.org :
466
467 ```
468 -----BEGIN PGP PUBLIC KEY BLOCK-----
469 Version: GnuPG v3.3.3 (vh@thc.org)
470
471 mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT
472 KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ
473 FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c
474 vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k
475 Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p
476 lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI
477 zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI
478 DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf
479 lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN
480 DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5
481 n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB
482 tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC
483 F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ
484 xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH
485 Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4
486 qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz
487 dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp
488 QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga
489 V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5
490 slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl
491 Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM
492 0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP
493 JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs
494 IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL
495 CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS
496 AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ
497 HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR
498 2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C
499 nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc
500 XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6
501 Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL
502 ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V
503 l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F
504 n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl
505 7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb
506 /hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii
507 tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5
508 Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR
509 gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt
510 x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62
511 0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS
512 +C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw
513 G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA
514 oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr
515 rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC
516 v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5
517 02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv
518 s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ
519 Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK
520 d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP
521 gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y
522 ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP
523 8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd
524 X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD
525 aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN
526 cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC
527 Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR
528 zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni
529 1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT
530 zB3yrr+vYBT0uDWmxwPjiJs=
531 =ytEf
532 -----END PGP PUBLIC KEY BLOCK-----
533 ```
+11
-4
configure less more
997997 if [ "X" = "X$MCACHED_IPATH" ]; then
998998 if [ -f "$i/memcached.h" ]; then
999999 MCACHED_IPATH="$i"
1000 fi
1001 if [ -f "$i/libmemcached/memcached.h" ]; then
1000 elif [ -f "$i/libmemcached/memcached.h" ]; then
10021001 MCACHED_IPATH="$i/libmemcached"
1003 fi
1004 if [ -f "$i/libmemcached-1.0/memcached.h" ]; then
1002 elif [ -f "$i/libmemcached-1.0/memcached.h" ]; then
10051003 MCACHED_IPATH="$i/libmemcached-1.0"
10061004 fi
10071005 fi
13611359 echo "int main() { char *x = strrchr(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c
13621360 $CC -o $TMPC $TMPC.c > /dev/null 2>&1
13631361 test -x $TMPC && STRRCHR=""
1362 rm -f $TMPC
1363 $CC -o $TMPC -Wl,--allow-multiple-definition $TMPC.c > /dev/null 2>&1
1364 WALLOW="no"
1365 test -x $TMPC && WALLOW="yes"
13641366 rm -f $TMPC $TMPC.c
13651367 echo " ... strrchr()$STRRCHR found"
13661368 if [ -n "$CRYPTO_PATH" ]; then
13901392 rm -f $TMPC $TMPC.c $TMPC.c.err
13911393 echo " Compiling... $GCCSEC"
13921394 echo " Linking... $LDSEC"
1395
1396 echo "Checking for --allow-multiple-definition linker option ... $WALLOW"
1397 if [ "$WALLOW" = "yes" ]; then
1398 GCCSECOPT="$GCCSECOPT -Wl,--allow-multiple-definition"
1399 fi
13931400
13941401 echo
13951402 XDEFINES=""
+0
-58
dpl4hydra_full.csv less more
24162416 dreambox,All models,all versions,http, telnet,root,dreambox,,
24172417 dreambox,All models,all versions,http,telnet,root,dreambox,gives access to a busybox allowing to control the box using basic unix commands embedded into busybox,
24182418 drupal.org,Drupal,,administrator,admin,admin,,,
2419 ducati,Diavel motorcycles,,console,,last 4 digits of the motorcycle's VIN,Start and drive the motorcycle without a key,This is the ignition password - if you have one of these bikes change the password ASAP as you may be liable for any accident damage caused by the thief!,
2420 ducati,Diavel,,,,Last 4 digits of VIN,,,
24212419 dupont,Digital Water Proofer,,,root,par0t,,,
24222420 dynalink,RTA020,,,admin,private,,,
24232421 dynalink,RTA020,,Admin,admin,private,,,
30603058 hewlettpackard,Officejet,all versions,http,admin,,admin,http interface,
30613059 hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,,
30623060 hewlettpackard,ProcCurve MSC-5100,,,admin,admin,,,
3063 hewlettpackard,Remote Insight Board,,,Administrator,The last eight digits of the serial number,,,
30643061 hewlettpackard,StoreOnce,,,HPSupport,badg3r5,,,
30653062 hewlettpackard,Vectra,,Console,,hewlpack,Admin,,
30663063 hewlettpackard,iLo,,http,Admin,Admin,Admin,,
36103607 iwill,PC BIOS,,,,iwill,,,
36113608 iwill,PC BIOS,,Admin,,iwill,,,
36123609 iwill,PC BIOS,,Console,,iwill,Admin,,
3613 jacksoncommunitycollege,My Network Services,,web,(first 7 letters of student's last name + first seven letters of first name + middle initial -- no spaces or punctuation),(First letter of first name Capitalized + First letter of last name in lowercase + day of birth {01-31} + birth year {2 digits} + last 4 digits of student ID),My Network Services access,,
36143610 jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,,
36153611 jamfsoftware,Casper Suite,,,jamfsoftware,jamfsw03,,,
36163612 janitza,UMG 508,,,Homepage Password,0th,,,
37853781 kyocera,FS6025MFP,,system menus,Admin,Admin,Admin,,
37863782 kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,,
37873783 kyocera,KM-4850W,,,admin,,,,
3788 kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address,
37893784 kyocera,TASKalfa 250 Ci,,,Admin,admin00,,if enable local authentification,
37903785 kyocera,TASKalfa 250ci,,IP,,admin00,,,
37913786 kyocera,TASKalfa 266ci,,Console Panel,Admin,Admin,Admin,,
51875182 oce,tcs500,Windows XP,all models,12.3.0(1668),console,http://192.168.0.81,,
51885183 ods,1094 IS Chassis,,,ods,ods,,4.x,
51895184 ods,1094,,,ods,ods,,,
5190 oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,,
5191 oki,B410,,http (dhcp),admin,last six charachter of mac address (upper case),,,
5192 oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,,
51935185 oki,B411,all ver,Http or AdminManager,root,aaaaaa,Administrator,,
5194 oki,B420,,http (dhcp),admin,last six charachter of mac address (upper case),,,
5195 oki,B430,,http (dhcp),admin,last six charachter of mac address (upper case),,,
51965186 oki,B431,all ver,Http or AdminManager,root,aaaaaa,Administrator,,
51975187 oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,,
5198 oki,B43xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
51995188 oki,B6100n,,,admin,OkiLAN,admin,with 61e(NIC),
52005189 oki,B6200n,,,admin,OkiLAN,admin,with 62e(NIC),
5201 oki,B6300,,,root,last six charachter of mac address,root,,
52025190 oki,B6300n,,,admin,OkiLAN,admin,with 62e(NIC),
5203 oki,B6500,,,root,(last 6 digits of MAC address),root,,
52045191 oki,B710,all,http://192.168.1.33,root,aaaaaa,Administrator,,
52055192 oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,,
52065193 oki,B720N,All versions,Web interface,root,aaaaaa,Root access,,
52075194 oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,,
52085195 oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC),
5209 oki,B930n,,,root,(last 4 digits of MAC address),root,,
5210 oki,C3200n,,Web Interface - Device IP,root,last 6 of MAC Address - case sensitive,,,
52115196 oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator,
52125197 oki,C3450,,http://192.168.1.50,admin,heslo,admin,,
5213 oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,,
5214 oki,C3450,,web,admin,last 6 digits of MAC code,Use uppercase letters,Administrator,
5215 oki,C3530,,console,admin,last 6 digits of MAC address,Admin,,
5216 oki,C380,,,admin,last 6 characters of the MAC ADRESS,,,
5217 oki,C51xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
52185198 oki,C530dn,A1.02,http://192.168.1.51,root,aaaaaa,Admin,,
5219 oki,C53xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
5220 oki,C54xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
52215199 oki,C5550 MFP,,http,,*blank*,Admin,,
5222 oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name,
52235200 oki,C5650dn,,,,000000,menu,,
52245201 oki,C5650n,,,,000000,menu,,
5225 oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models,
5226 oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,,
5227 oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,,
52285202 oki,C6050dn,,,,000000,menu,,
52295203 oki,C6050n,,,,000000,menu,,
52305204 oki,C610,,,admin,aaaaaa,admin,,
5231 oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers.,
5232 oki,C6150,N1.01 Network Firmware 08.51,ZeroConFig Bonjour,root,last six characters of MAC address,Basic Setup,Printer ID,Protocol
52335205 oki,C6150dn,,,,000000,menu,,
52345206 oki,C6150dtn,,,,000000,menu,,
52355207 oki,C6150hdn,,,,000000,menu,,
52365208 oki,C6150n,,,,000000,menu,,
52375209 oki,C7000,,,admin,OkiLAN,admin,with 6200e(NIC),
5238 oki,C7000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC),
5239 oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,,
52405210 oki,C711,,Web,admin,aaaaaa,Admin access,,
5241 oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,,
5242 oki,C7300,A3.14,may apply to other versions,Multi,root,Last six digits of default device name,Give this a try if the last six digits of the MAC don't work. I believe alpha characters would be uppercased if there were any present.,
5243 oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,,
5244 oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,,
5245 oki,C810,,http://192.168.0.1,root,Last 6 characters (chars uppercased) from MAC Address,,,
5246 oki,C821,all version?,HTTP,root,last six charachter of mac address,Admin,,
5247 oki,C830,all,web,root,last 6 digits of the MAC address,,,
5248 oki,C8800,,Web or Console,root,Last six characters of MAC address,,,
52495211 oki,C9000,,,admin,OkiLAN,admin,with 6200e(NIC),
5250 oki,C9000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC),
5251 oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,,
52525212 oki,C9650,,,,0000,Print statistics,,
52535213 oki,C9650,,,,aaaaaa,Administration,,
5254 oki,C9655,,HTTP,root,last 6 digits of MAC address,Administrator,,
52555214 oki,C9655,,printer menu,,aaaaaa,printer menubutton,,
5256 oki,C9800,,,root,(last 6 digits of MAC address),,,
5257 oki,C9850,,,root,(last 6 digits of MAC address),,,
52585215 oki,CX1145,,,,123456,,,
52595216 oki,CX2032 MFP,,http,,*blank*,Admin,,
52605217 oki,CX2033,,Printer Menu,,,,When asked for password just press OK,
52615218 oki,CX2633,,Web interface,admin,aaaaaa,admin,,
52625219 oki,CX2731,,Web interface,admin,aaaaaa,admin,,
5263 oki,CX3641,,,root,(last 6 digits of MAC address),,,
52645220 oki,Color 8 +14ex,,,admin,OkiLAN,admin,with 6100e(NIC),
5265 oki,ES3640,,,root,(last 6 digits of MAC address),,,
52665221 oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,,
52675222 oki,ES7120,,Web,root,aaaaaa,Admin,,
52685223 oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,,
52745229 oki,MC160,,Web,,sysAdmin,Admin,,
52755230 oki,MC342w,,,admin,aaaaaa,admin,,
52765231 oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,,
5277 oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,,
52785232 oki,MC361,,Web interface,admin,aaaaaa,admin,,
52795233 oki,MC560,,Printer Menu,,,,When asked for password just press OK,
52805234 oki,MC560,,Printer Menu,,,,When asked for password,
52845238 oki,ML3xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC)
52855239 oki,ML491n,,http://,Admin,OkiLAN,Admin,,
52865240 oki,ML4xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC)
5287 oki,ML8810,,,root,(last 6 digits of MAC address),,,
52885241 oki,N22113B,A2.00,http://192.168.1.9,,noe,Admin,,
52895242 oki,WebTools,,,Administrator,,,,
52905243 oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,,
5291 oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,,
5292 oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no,
52935244 oki,c511dn,B7.00,,admin,aaaaaa,Full administrator Access,the machine picks up dhcp address,manually configure static on machine directly if required or print a config page to get the dhcp address that was assigned.
5294 oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,,
5295 oki,c5300,,Console,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",,
5296 oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No,
5297 oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",admin,
5298 oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No,
5299 oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,,
53005245 oki,c5750,n1.02,http://192.168.0.200,,,,,
53015246 oki,c810,1.0,192.100.185.78,admin,admin,admin,,
53025247 olegkhabarov,Comfy CMS,,,username,password,,,
1009910044 telus,Telephony and internet services,,,(username),telus13,User,Initial password if issued in 2013,
1010010045 telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999,
1010110046 tenda,W150M,,192.168.1.1,admin,admin,Admin,,
10102 teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,,
1010310047 terayon,,,,admin,nms,,6.29,
1010410048 terayon,,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html,
1010510049 terayon,TeraLink 1000 Controller,,,admin,password,,,
1040210346 unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,,
1040310347 unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility,
1040410348 unitedtechnologiescorporation,Interlogix truVision IP Camera,,,admin,1234,,,
10405 universityoftennessee,All Employee and Student Services,,,<NetID> - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789,
10406 universityoftennessee,All Employee and Student Services,,,lt;NetIDgt; - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789,
1040710349 unix,Generic,,,adm,,,,
1040810350 unix,Generic,,,adm,adm,,,
1040910351 unix,Generic,,,admin,admin,,,
+0
-58
dpl4hydra_local.csv less more
24162416 dreambox,All models,all versions,http, telnet,root,dreambox,,
24172417 dreambox,All models,all versions,http,telnet,root,dreambox,gives access to a busybox allowing to control the box using basic unix commands embedded into busybox,
24182418 drupal.org,Drupal,,administrator,admin,admin,,,
2419 ducati,Diavel motorcycles,,console,,last 4 digits of the motorcycle's VIN,Start and drive the motorcycle without a key,This is the ignition password - if you have one of these bikes change the password ASAP as you may be liable for any accident damage caused by the thief!,
2420 ducati,Diavel,,,,Last 4 digits of VIN,,,
24212419 dupont,Digital Water Proofer,,,root,par0t,,,
24222420 dynalink,RTA020,,,admin,private,,,
24232421 dynalink,RTA020,,Admin,admin,private,,,
30603058 hewlettpackard,Officejet,all versions,http,admin,,admin,http interface,
30613059 hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,,
30623060 hewlettpackard,ProcCurve MSC-5100,,,admin,admin,,,
3063 hewlettpackard,Remote Insight Board,,,Administrator,The last eight digits of the serial number,,,
30643061 hewlettpackard,StoreOnce,,,HPSupport,badg3r5,,,
30653062 hewlettpackard,Vectra,,Console,,hewlpack,Admin,,
30663063 hewlettpackard,iLo,,http,Admin,Admin,Admin,,
36103607 iwill,PC BIOS,,,,iwill,,,
36113608 iwill,PC BIOS,,Admin,,iwill,,,
36123609 iwill,PC BIOS,,Console,,iwill,Admin,,
3613 jacksoncommunitycollege,My Network Services,,web,(first 7 letters of student's last name + first seven letters of first name + middle initial -- no spaces or punctuation),(First letter of first name Capitalized + First letter of last name in lowercase + day of birth {01-31} + birth year {2 digits} + last 4 digits of student ID),My Network Services access,,
36143610 jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,,
36153611 jamfsoftware,Casper Suite,,,jamfsoftware,jamfsw03,,,
36163612 janitza,UMG 508,,,Homepage Password,0th,,,
37853781 kyocera,FS6025MFP,,system menus,Admin,Admin,Admin,,
37863782 kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,,
37873783 kyocera,KM-4850W,,,admin,,,,
3788 kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address,
37893784 kyocera,TASKalfa 250 Ci,,,Admin,admin00,,if enable local authentification,
37903785 kyocera,TASKalfa 250ci,,IP,,admin00,,,
37913786 kyocera,TASKalfa 266ci,,Console Panel,Admin,Admin,Admin,,
51875182 oce,tcs500,Windows XP,all models,12.3.0(1668),console,http://192.168.0.81,,
51885183 ods,1094 IS Chassis,,,ods,ods,,4.x,
51895184 ods,1094,,,ods,ods,,,
5190 oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,,
5191 oki,B410,,http (dhcp),admin,last six charachter of mac address (upper case),,,
5192 oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,,
51935185 oki,B411,all ver,Http or AdminManager,root,aaaaaa,Administrator,,
5194 oki,B420,,http (dhcp),admin,last six charachter of mac address (upper case),,,
5195 oki,B430,,http (dhcp),admin,last six charachter of mac address (upper case),,,
51965186 oki,B431,all ver,Http or AdminManager,root,aaaaaa,Administrator,,
51975187 oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,,
5198 oki,B43xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
51995188 oki,B6100n,,,admin,OkiLAN,admin,with 61e(NIC),
52005189 oki,B6200n,,,admin,OkiLAN,admin,with 62e(NIC),
5201 oki,B6300,,,root,last six charachter of mac address,root,,
52025190 oki,B6300n,,,admin,OkiLAN,admin,with 62e(NIC),
5203 oki,B6500,,,root,(last 6 digits of MAC address),root,,
52045191 oki,B710,all,http://192.168.1.33,root,aaaaaa,Administrator,,
52055192 oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,,
52065193 oki,B720N,All versions,Web interface,root,aaaaaa,Root access,,
52075194 oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,,
52085195 oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC),
5209 oki,B930n,,,root,(last 4 digits of MAC address),root,,
5210 oki,C3200n,,Web Interface - Device IP,root,last 6 of MAC Address - case sensitive,,,
52115196 oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator,
52125197 oki,C3450,,http://192.168.1.50,admin,heslo,admin,,
5213 oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,,
5214 oki,C3450,,web,admin,last 6 digits of MAC code,Use uppercase letters,Administrator,
5215 oki,C3530,,console,admin,last 6 digits of MAC address,Admin,,
5216 oki,C380,,,admin,last 6 characters of the MAC ADRESS,,,
5217 oki,C51xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
52185198 oki,C530dn,A1.02,http://192.168.1.51,root,aaaaaa,Admin,,
5219 oki,C53xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
5220 oki,C54xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
52215199 oki,C5550 MFP,,http,,*blank*,Admin,,
5222 oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name,
52235200 oki,C5650dn,,,,000000,menu,,
52245201 oki,C5650n,,,,000000,menu,,
5225 oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models,
5226 oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,,
5227 oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,,
52285202 oki,C6050dn,,,,000000,menu,,
52295203 oki,C6050n,,,,000000,menu,,
52305204 oki,C610,,,admin,aaaaaa,admin,,
5231 oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers.,
5232 oki,C6150,N1.01 Network Firmware 08.51,ZeroConFig Bonjour,root,last six characters of MAC address,Basic Setup,Printer ID,Protocol
52335205 oki,C6150dn,,,,000000,menu,,
52345206 oki,C6150dtn,,,,000000,menu,,
52355207 oki,C6150hdn,,,,000000,menu,,
52365208 oki,C6150n,,,,000000,menu,,
52375209 oki,C7000,,,admin,OkiLAN,admin,with 6200e(NIC),
5238 oki,C7000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC),
5239 oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,,
52405210 oki,C711,,Web,admin,aaaaaa,Admin access,,
5241 oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,,
5242 oki,C7300,A3.14,may apply to other versions,Multi,root,Last six digits of default device name,Give this a try if the last six digits of the MAC don't work. I believe alpha characters would be uppercased if there were any present.,
5243 oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,,
5244 oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,,
5245 oki,C810,,http://192.168.0.1,root,Last 6 characters (chars uppercased) from MAC Address,,,
5246 oki,C821,all version?,HTTP,root,last six charachter of mac address,Admin,,
5247 oki,C830,all,web,root,last 6 digits of the MAC address,,,
5248 oki,C8800,,Web or Console,root,Last six characters of MAC address,,,
52495211 oki,C9000,,,admin,OkiLAN,admin,with 6200e(NIC),
5250 oki,C9000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC),
5251 oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,,
52525212 oki,C9650,,,,0000,Print statistics,,
52535213 oki,C9650,,,,aaaaaa,Administration,,
5254 oki,C9655,,HTTP,root,last 6 digits of MAC address,Administrator,,
52555214 oki,C9655,,printer menu,,aaaaaa,printer menubutton,,
5256 oki,C9800,,,root,(last 6 digits of MAC address),,,
5257 oki,C9850,,,root,(last 6 digits of MAC address),,,
52585215 oki,CX1145,,,,123456,,,
52595216 oki,CX2032 MFP,,http,,*blank*,Admin,,
52605217 oki,CX2033,,Printer Menu,,,,When asked for password just press OK,
52615218 oki,CX2633,,Web interface,admin,aaaaaa,admin,,
52625219 oki,CX2731,,Web interface,admin,aaaaaa,admin,,
5263 oki,CX3641,,,root,(last 6 digits of MAC address),,,
52645220 oki,Color 8 +14ex,,,admin,OkiLAN,admin,with 6100e(NIC),
5265 oki,ES3640,,,root,(last 6 digits of MAC address),,,
52665221 oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,,
52675222 oki,ES7120,,Web,root,aaaaaa,Admin,,
52685223 oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,,
52745229 oki,MC160,,Web,,sysAdmin,Admin,,
52755230 oki,MC342w,,,admin,aaaaaa,admin,,
52765231 oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,,
5277 oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,,
52785232 oki,MC361,,Web interface,admin,aaaaaa,admin,,
52795233 oki,MC560,,Printer Menu,,,,When asked for password just press OK,
52805234 oki,MC560,,Printer Menu,,,,When asked for password,
52845238 oki,ML3xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC)
52855239 oki,ML491n,,http://,Admin,OkiLAN,Admin,,
52865240 oki,ML4xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC)
5287 oki,ML8810,,,root,(last 6 digits of MAC address),,,
52885241 oki,N22113B,A2.00,http://192.168.1.9,,noe,Admin,,
52895242 oki,WebTools,,,Administrator,,,,
52905243 oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,,
5291 oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,,
5292 oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no,
52935244 oki,c511dn,B7.00,,admin,aaaaaa,Full administrator Access,the machine picks up dhcp address,manually configure static on machine directly if required or print a config page to get the dhcp address that was assigned.
5294 oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,,
5295 oki,c5300,,Console,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",,
5296 oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No,
5297 oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",admin,
5298 oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No,
5299 oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,,
53005245 oki,c5750,n1.02,http://192.168.0.200,,,,,
53015246 oki,c810,1.0,192.100.185.78,admin,admin,admin,,
53025247 olegkhabarov,Comfy CMS,,,username,password,,,
1009910044 telus,Telephony and internet services,,,(username),telus13,User,Initial password if issued in 2013,
1010010045 telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999,
1010110046 tenda,W150M,,192.168.1.1,admin,admin,Admin,,
10102 teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,,
1010310047 terayon,,,,admin,nms,,6.29,
1010410048 terayon,,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html,
1010510049 terayon,TeraLink 1000 Controller,,,admin,password,,,
1040210346 unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,,
1040310347 unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility,
1040410348 unitedtechnologiescorporation,Interlogix truVision IP Camera,,,admin,1234,,,
10405 universityoftennessee,All Employee and Student Services,,,<NetID> - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789,
10406 universityoftennessee,All Employee and Student Services,,,lt;NetIDgt; - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789,
1040710349 unix,Generic,,,adm,,,,
1040810350 unix,Generic,,,adm,adm,,,
1040910351 unix,Generic,,,admin,admin,,,
+1
-1
hydra-cisco.c less more
44 #endif
55
66 extern char *HYDRA_EXIT;
7 char *buf = NULL;
7 static char *buf = NULL;
88
99 int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
1010 char *empty = "";
+126
-0
hydra-cobaltstrike.c less more
0 #include "hydra-mod.h"
1
2 #define CSLEN 256
3
4 extern char *HYDRA_EXIT;
5 char *buf;
6
7 int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
8 char *empty = "";
9 char *pass, buffer[4 + 1 + 256];
10 char cs_pass[CSLEN + 1];
11 unsigned char len_pass;
12 unsigned char reply_byte_0;
13 unsigned char reply_byte_1;
14 unsigned char reply_byte_2;
15 unsigned char reply_byte_3;
16 int32_t ret = -1;
17
18 if (strlen(pass = hydra_get_next_password()) == 0)
19 pass = empty;
20 if (strlen(pass) > CSLEN)
21 pass[CSLEN - 1] = 0;
22 len_pass = strlen(pass);
23 memset(cs_pass, 0, CSLEN + 1);
24 strcpy(cs_pass, pass);
25
26 memset(buffer, 0x41, sizeof(buffer));
27 buffer[0] = 0x00;
28 buffer[1] = 0x00;
29 buffer[2] = 0xBE;
30 buffer[3] = 0xEF;
31 memcpy(buffer + 4, &len_pass, 1);
32 memcpy(buffer + 5, cs_pass, len_pass);
33
34 if (hydra_send(s, buffer, sizeof(buffer), 0) < 0)
35 return 1;
36
37 reply_byte_0 = 0x00;
38 ret = hydra_recv_nb(s, &reply_byte_0, 1);
39 if (ret <= 0)
40 return 3;
41
42 reply_byte_1 = 0x00;
43 ret = hydra_recv_nb(s, &reply_byte_1, 1);
44 if (ret <= 0)
45 return 3;
46
47 reply_byte_2 = 0x00;
48 ret = hydra_recv_nb(s, &reply_byte_2, 1);
49 if (ret <= 0)
50 return 3;
51
52 reply_byte_3 = 0x00;
53 ret = hydra_recv_nb(s, &reply_byte_3, 1);
54 if (ret <= 0)
55 return 3;
56
57 if (reply_byte_0 == 0x00 && reply_byte_1 == 0x00 && reply_byte_2 == 0xCA && reply_byte_3 == 0xFE) {
58 hydra_report_found_host(port, ip, "cobaltstrike", fp);
59 hydra_completed_pair_found();
60 free(buf);
61 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
62 return 2;
63 return 1;
64 }
65
66 free(buf);
67 hydra_completed_pair();
68 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
69 return 2;
70
71 return 1;
72 }
73
74 void service_cobaltstrike(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
75 int32_t run = 1, next_run = 1, sock = -1;
76 int32_t mysslport = PORT_COBALTSTRIKE_SSL;
77
78 hydra_register_socket(sp);
79 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
80 return;
81 while (1) {
82 switch (run) {
83 case 1: /* connect and service init function */
84 if (port != 0)
85 mysslport = port;
86 sock = hydra_connect_ssl(ip, mysslport, hostname);
87 port = mysslport;
88 if (sock < 0) {
89 hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
90 hydra_child_exit(1);
91 }
92 next_run = start_cobaltstrike(sock, ip, port, options, miscptr, fp);
93 hydra_disconnect(sock);
94 break;
95 case 2: /* clean exit */
96 if (sock >= 0)
97 sock = hydra_disconnect(sock);
98 hydra_child_exit(0);
99 return;
100 case 3: /* clean exit */
101 if (sock >= 0)
102 sock = hydra_disconnect(sock);
103 hydra_child_exit(2);
104 return;
105 default:
106 hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
107 hydra_child_exit(2);
108 }
109 run = next_run;
110 }
111 }
112
113 int32_t service_cobaltstrike_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
114 // called before the childrens are forked off, so this is the function
115 // which should be filled if initial connections and service setup has to be
116 // performed once only.
117 //
118 // fill if needed.
119 //
120 // return codes:
121 // 0 all OK
122 // -1 error, hydra will exit, so print a good error message here
123
124 return 0;
125 }
+1
-1
hydra-gtk/configure.in less more
99 AM_PROG_CC_STDC
1010 AC_HEADER_STDC
1111
12 pkg_modules="gtk+-2.0 >= 2.0.0"
12 pkg_modules="gtk+-3.0 >= 3.24.24"
1313 PKG_CHECK_MODULES(PACKAGE, [$pkg_modules])
1414 AC_SUBST(PACKAGE_CFLAGS)
1515 AC_SUBST(PACKAGE_LIBS)
+13
-10
hydra-http-form.c less more
256256 int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char type) {
257257 ptr_header_node cur_ptr = NULL;
258258 ptr_header_node existing_hdr, new_ptr;
259
260 if (!header || !value || !strlen(header) || !strlen(value))
261 return;
259262
260263 // get to the last header
261264 for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next)
571574 if (ret == NULL)
572575 return NULL;
573576
574 if (index(ret, '%') != NULL)
577 if (strchr(ret, '%') != NULL)
575578 ret = hydra_strrep(ret, "%", "%25");
576 if (index(ret, ' ') != NULL)
579 if (strchr(ret, ' ') != NULL)
577580 ret = hydra_strrep(ret, " ", "%20");
578 if (index(ret, '&') != NULL)
581 if (strchr(ret, '&') != NULL)
579582 ret = hydra_strrep(ret, "&", "%26");
580 if (index(ret, '#') != NULL)
583 if (strchr(ret, '#') != NULL)
581584 ret = hydra_strrep(ret, "#", "%23");
582 if (index(ret, '=') != NULL)
585 if (strchr(ret, '=') != NULL)
583586 ret = hydra_strrep(ret, "=", "%3D");
584 if (index(ret, '+') != NULL)
587 if (strchr(ret, '+') != NULL)
585588 ret = hydra_strrep(ret, "+", "%2B");
586589
587590 return ret;
645648 } else if (endcookie2 != NULL)
646649 *endcookie2 = 0;
647650 // is the cookie already there? if yes, remove it!
648 if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) {
651 if (strchr(startcookie, '=') != NULL && (ptr = strchr(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) {
649652 strncpy(tmpname, startcookie, sizeof(tmpname) - 2);
650653 tmpname[sizeof(tmpname) - 2] = 0;
651 ptr = index(tmpname, '=');
654 ptr = strchr(tmpname, '=');
652655 *(++ptr) = 0;
653656 // is the cookie already in the cookiejar? (so, does it have to be
654657 // replaced?)
674677 strcpy(cookie, tmpcookie);
675678 }
676679 }
677 ptr = index(str, '=');
680 ptr = strchr(str, '=');
678681 // only copy the cookie if it has a value (otherwise the server wants to
679682 // delete the cookie)
680683 if (ptr != NULL && *(ptr + 1) != ';' && *(ptr + 1) != 0 && *(ptr + 1) != '\n' && *(ptr + 1) != '\r') {
12851288
12861289 cond = ptr;
12871290
1288 if ((ptr2 = index(ptr, ':')) != NULL) {
1291 if ((ptr2 = strchr(ptr, ':')) != NULL) {
12891292 *ptr2++ = 0;
12901293 if (*ptr2)
12911294 optional1 = ptr2;
+6
-6
hydra-http-proxy-urlenum.c less more
2727 ptr++;
2828 strncpy(mhost, ptr, sizeof(mhost) - 1);
2929 mhost[sizeof(mhost) - 1] = 0;
30 if ((ptr = index(mhost, '/')) != NULL)
30 if ((ptr = strchr(mhost, '/')) != NULL)
3131 *ptr = 0;
32 if ((ptr = index(mhost, ']')) != NULL)
32 if ((ptr = strchr(mhost, ']')) != NULL)
3333 *ptr = 0;
34 else if ((ptr = index(mhost, ':')) != NULL)
34 else if ((ptr = strchr(mhost, ':')) != NULL)
3535 *ptr = 0;
3636
37 if (miscptr != NULL && index(miscptr, ':') != NULL) {
37 if (miscptr != NULL && strchr(miscptr, ':') != NULL) {
3838 strncpy(mlogin, miscptr, sizeof(mlogin) - 1);
3939 mlogin[sizeof(mlogin) - 1] = 0;
40 ptr = index(mlogin, ':');
40 ptr = strchr(mlogin, ':');
4141 *ptr++ = 0;
4242 strncpy(mpass, ptr, sizeof(mpass) - 1);
4343 mpass[sizeof(mpass) - 1] = 0;
214214 }
215215 }
216216 // result analysis
217 ptr = ((char *)index(buf, ' ')) + 1;
217 ptr = ((char *)strchr(buf, ' ')) + 1;
218218 if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) {
219219 hydra_report_found_host(port, ip, "http-proxy", fp);
220220 if (fp != stdout)
+5
-5
hydra-http-proxy.c less more
2323 sprintf(url, "%.500s", miscptr);
2424 ptr = strstr(miscptr, "://"); // :// check is in hydra.c
2525 sprintf(host, "Host: %.50s", ptr + 3);
26 if ((ptr = index(host, '/')) != NULL)
26 if ((ptr = strchr(host, '/')) != NULL)
2727 *ptr = 0;
28 if ((ptr = index(host + 6, ':')) != NULL && host[0] != '[')
28 if ((ptr = strchr(host + 6, ':')) != NULL && host[0] != '[')
2929 *ptr = 0;
3030 strcat(host, "\r\n");
3131 }
184184 char *pbuffer, *result;
185185
186186 http_proxy_auth_mechanism = AUTH_DIGESTMD5;
187 auth_hdr == NULL;
187 auth_hdr = NULL;
188188 pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest ");
189189 strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer));
190190 buffer[sizeof(buffer) - 1] = '\0';
231231 }
232232 }
233233
234 ptr = ((char *)index(http_proxy_buf, ' ')) + 1;
234 ptr = ((char *)strchr(http_proxy_buf, ' ')) + 1;
235235 if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2') || (*ptr == '4' && *(ptr + 2) == '4')) {
236236 hydra_report_found_host(port, ip, "http-proxy", fp);
237237 hydra_completed_pair_found();
239239 http_proxy_buf = NULL;
240240 } else {
241241 if (*ptr != '4')
242 hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char)*(index(http_proxy_buf, ' ') + 1), login, pass);
242 hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char)*(strchr(http_proxy_buf, ' ') + 1), login, pass);
243243 else if (verbose && *(ptr + 2) == '3')
244244 hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass);
245245 hydra_completed_pair();
+14
-14
hydra-http.c less more
5151 /* again: no snprintf to be portable. don't worry, buffer can't overflow */
5252 if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
5353 sprintf(buffer,
54 "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: "
54 "%s http://%s%.250s HTTP/1.1\r\nHost: %s\r\nConnection: "
5555 "close\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic "
5656 "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
57 type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication[selected_proxy], header);
57 type, webtarget, miscptr, webtarget, buffer2, proxy_authentication[selected_proxy], header);
5858 else {
5959 if (use_proxy == 1)
6060 sprintf(buffer,
61 "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: "
61 "%s http://%s%.250s HTTP/1.1\r\nHost: %s\r\nConnection: "
6262 "close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 "
6363 "(Hydra)\r\n%s\r\n",
64 type, webtarget, webport, miscptr, webtarget, buffer2, header);
64 type, webtarget, miscptr, webtarget, buffer2, header);
6565 else
6666 sprintf(buffer,
6767 "%s %.250s HTTP/1.1\r\nHost: %s\r\nConnection: "
109109 // send the first..
110110 if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
111111 sprintf(buffer,
112 "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
112 "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
113113 "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 "
114114 "(Hydra)\r\n%s\r\n",
115 type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
115 type, webtarget, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
116116 else {
117117 if (use_proxy == 1)
118118 sprintf(buffer,
119 "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
119 "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
120120 "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
121 type, webtarget, webport, miscptr, webtarget, buf1, header);
121 type, webtarget, miscptr, webtarget, buf1, header);
122122 else
123123 sprintf(buffer,
124124 "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
173173 // create the auth response
174174 if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
175175 sprintf(buffer,
176 "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
176 "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
177177 "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 "
178178 "(Hydra)\r\n%s\r\n",
179 type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
179 type, webtarget, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
180180 else {
181181 if (use_proxy == 1)
182182 sprintf(buffer,
183 "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
183 "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
184184 "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
185 type, webtarget, webport, miscptr, webtarget, buf1, header);
185 type, webtarget, miscptr, webtarget, buf1, header);
186186 else
187187 sprintf(buffer,
188188 "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
207207 complete_line = 0;
208208 tmpreplybuf[0] = 0;
209209
210 while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (index(http_buf, '\n') == NULL && complete_line == 0))) {
210 while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (strchr(http_buf, '\n') == NULL && complete_line == 0))) {
211211 if (debug)
212212 printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf);
213213 if (tmpreplybuf[0] == 0 && strstr(http_buf, "HTTP/1.") != NULL) {
244244 if (debug)
245245 hydra_report(stderr, "S:%s\n", http_buf);
246246
247 ptr = ((char *)index(http_buf, ' '));
247 ptr = ((char *)strchr(http_buf, ' '));
248248 if (ptr != NULL)
249249 ptr++;
250250 if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) {
+6
-4
hydra-mod.c less more
294294
295295 send(s, buf, strlen(buf), 0);
296296 if (debug) {
297 char *ptr = index(buf, '\r');
297 char *ptr = strchr(buf, '\r');
298298 if (ptr != NULL)
299299 *ptr = 0;
300300 printf("DEBUG_CONNECT_PROXY_SENT: %s\n", buf);
301301 }
302302 recv(s, buf, 4096, 0);
303 if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = index(buf, ' ')) != NULL && *++tmpptr == '2') {
303 if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = strchr(buf, ' ')) != NULL && *++tmpptr == '2') {
304304 if (debug)
305305 printf("DEBUG_CONNECT_PROXY_OK\n");
306306 } else {
636636 __fck = write(intern_socket, "C", 1);
637637 else if (code == 2) /* application protocol error or service shutdown */
638638 __fck = write(intern_socket, "E", 1);
639 // code 3 means exit without telling mommy about it - a bad idea. mommy should
639 else if (code == 3) /* application protocol error or service shutdown */
640 __fck = write(intern_socket, "D", 1);
641 // code 4 means exit without telling mommy about it - a bad idea. mommy should
640642 // know
641 else if (code == -1 || code > 3) {
643 else if (code == -1 || code > 4) {
642644 fprintf(stderr, "[TOTAL FUCKUP] a module should not use "
643645 "hydra_child_exit(-1) ! Fix it in the source please ...\n");
644646 __fck = write(intern_socket, "E", 1);
+9
-0
hydra-mod.h less more
6666 char *proxy_authentication[MAX_PROXY_COUNT];
6767 char *cmdlinetarget;
6868
69 #ifndef __APPLE__
6970 typedef int32_t BOOL;
71 #else /* __APPLE__ */
72 /* ensure compatibility with objc libraries */
73 #if (TARGET_OS_IPHONE && __LP64__) || TARGET_OS_WATCH
74 typedef bool BOOL;
75 #else
76 typedef signed char BOOL;
77 #endif
78 #endif /* __APPLE__ */
7079
7180 #define hydra_report fprintf
7281
+1
-1
hydra-mongodb.c less more
7171 mongoc_log_set_handler(NULL, NULL);
7272 bson_init(&q);
7373
74 snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s/?authSource=%s", login, pass, hydra_address2string(ip), miscptr);
74 snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s:%d/?authSource=%s", login, pass, hydra_address2string(ip), port, miscptr);
7575 client = mongoc_client_new(uri);
7676 if (!client)
7777 return 3;
+6
-1
hydra-rdp.c less more
2121 instance->settings->Username = login;
2222 instance->settings->Password = password;
2323 instance->settings->IgnoreCertificate = TRUE;
24 instance->settings->AuthenticationOnly = TRUE;
24 if (password[0] == 0)
25 instance->settings->AuthenticationOnly = FALSE;
26 else
27 instance->settings->AuthenticationOnly = TRUE;
2528 instance->settings->ServerHostname = server;
2629 instance->settings->ServerPort = port;
2730 instance->settings->Domain = domain;
31 instance->settings->MaxTimeInCheckLoop = 100;
2832 freerdp_connect(instance);
2933 err = freerdp_get_last_error(instance->context);
3034 return err;
5357 }
5458
5559 login_result = rdp_connect(server, port, domain, login, pass);
60 if (debug) hydra_report(stderr, "[DEBUG] rdp reported %08x\n", login_result);
5661 switch (login_result) {
5762 case 0:
5863 // login success
+5
-9
hydra-sip.c less more
4141 int32_t code;
4242 char tmpbuf[SIP_MAX_BUF], word[SIP_MAX_BUF];
4343
44 if (sscanf(buf, "%s %i %s", tmpbuf, &code, word) != 3)
44 if (sscanf(buf, "%256s %i %256s", tmpbuf, &code, word) != 3)
4545 return -1;
4646 return code;
4747 }
7070 }
7171
7272 int32_t has_sip_cred = 0;
73 int32_t try
74 = 0;
73 int32_t try = 0;
7574
7675 /* We have to check many times because server may begin to send "100 Trying"
7776 * before "401 Unauthorized" */
7877 while (try < 2 && !has_sip_cred) {
79 try
80 ++;
78 try++;
8179 if (hydra_data_ready_timed(s, 3, 0) > 0) {
8280 i = hydra_recv(s, (char *)buf, sizeof(buf) - 1);
8381 if (i > 0)
159157 if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
160158 return 3;
161159 }
162 try
163 = 0;
160 try = 0;
164161 int32_t has_resp = 0;
165162 int32_t sip_code = 0;
166163
167164 while (try < 2 && !has_resp) {
168 try
169 ++;
165 try++;
170166 if (hydra_data_ready_timed(s, 5, 0) > 0) {
171167 memset(buf, 0, sizeof(buf));
172168 if ((i = hydra_recv(s, (char *)buf, sizeof(buf) - 1)) >= 0)
+1
-1
hydra-smb.c less more
14931493 ctime = time(NULL);
14941494 do {
14951495 usleepn(300);
1496 } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 <= time(NULL));
1496 } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 >= time(NULL));
14971497
14981498 if (ready <= 0) {
14991499 fprintf(stderr, "[ERROR] no reply from target smb://%s:%d/\n", hostname, port);
+8
-2
hydra-smtp-enum.c less more
127127 //#endif
128128 // hydra_report(stderr, "Server %s", err);
129129 // }
130 if (strncmp(buf, "500 ", 4) == 0) {
130 if (strncmp(buf, "500 ", 4) == 0 || strncmp(buf, "502 ", 4) == 0) {
131131 hydra_report(stderr,
132132 "[ERROR] command is disabled on the server (choose "
133133 "different method): %s",
134134 buf);
135135 free(buf);
136 return 3;
136 return 4;
137137 }
138138 memset(buffer, 0, sizeof(buffer));
139139 // 503 5.5.1 Error: nested MAIL command
244244 }
245245 hydra_child_exit(0);
246246 return;
247 case 4: /* unsupported exit */
248 if (sock >= 0) {
249 sock = hydra_disconnect(sock);
250 }
251 hydra_child_exit(3);
252 return;
247253 default:
248254 hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
249255 hydra_child_exit(0);
+7
-5
hydra-ssh.c less more
3333 if (new_session) {
3434 if (session) {
3535 ssh_disconnect(session);
36 ssh_finalize();
37 ssh_free(session);
38 }
39
40 ssh_init();
36 // ssh_finalize();
37 ssh_free(session);
38 } else {
39 ssh_init();
40 }
41
4142 session = ssh_new();
4243 ssh_options_set(session, SSH_OPTIONS_PORT, &port);
4344 ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip));
172173 // 3 skip target because its unreachable
173174 #ifdef LIBSSH
174175 int32_t rc, method;
176 ssh_init();
175177 ssh_session session = ssh_new();
176178
177179 if (verbose || debug)
+2
-1
hydra-sshkey.c less more
3232 if (new_session) {
3333 if (session) {
3434 ssh_disconnect(session);
35 ssh_finalize();
3635 ssh_free(session);
36 } else {
37 ssh_init();
3738 }
3839
3940 session = ssh_new();
+30
-5
hydra-telnet.c less more
3535 if ((buf = hydra_receive_line(s)) == NULL)
3636 return 1;
3737
38 if (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL) {
38 if (strchr(buf, '/') != NULL || strchr(buf, '>') != NULL || strchr(buf, '%') != NULL || strchr(buf, '$') != NULL || strchr(buf, '#') != NULL) {
3939 hydra_report_found_host(port, ip, "telnet", fp);
4040 hydra_completed_pair_found();
4141 free(buf);
7474 }
7575
7676 /*win7 answering with do terminal type = 0xfd 0x18 */
77 while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) {
78 if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL && (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || index(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) {
77 while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "password:") == NULL || strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) {
78 if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "incorrect") == NULL && strstr(buf, "bad ") == NULL && (strchr(buf, '/') != NULL || strchr(buf, '>') != NULL || strchr(buf, '$') != NULL || strchr(buf, '#') != NULL || strchr(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) {
7979 hydra_report_found_host(port, ip, "telnet", fp);
8080 hydra_completed_pair_found();
8181 free(buf);
8282 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
8383 return 3;
8484 return 1;
85 }
86 free(buf);
85 } else if (buf && strstr(buf, "assword:")) {
86 hydra_completed_pair();
87 // printf("password prompt\n");
88 free(buf);
89 if (strlen(pass = hydra_get_next_password()) == 0)
90 pass = empty;
91 sprintf(buffer, "%s\r", pass);
92 if (no_line_mode) {
93 for (i = 0; i < strlen(buffer); i++) {
94 if (strcmp(&buffer[i], "\r") == 0) {
95 send(s, "\r\0", 2, 0);
96 } else {
97 send(s, &buffer[i], 1, 0);
98 }
99 usleepn(20);
100 }
101 } else {
102 if (hydra_send(s, buffer, strlen(buffer) + 1, 0) < 0) {
103 return 1;
104 }
105 }
106 } else if (buf && strstr(buf, "login:")) {
107 free(buf);
108 hydra_completed_pair();
109 return 2;
110 } else
111 free(buf);
87112 }
88113
89114 hydra_completed_pair();
+1
-1
hydra-vnc.c less more
1818 int32_t failed_auth = 0;
1919
2020 extern char *HYDRA_EXIT;
21 char *buf;
21 static char *buf;
2222
2323 /*
2424 * Encrypt CHALLENGESIZE bytes in memory using a password.
+1
-1
hydra.1 less more
0 .TH "HYDRA" "1" "01/01/2021"
0 .TH "HYDRA" "1" "01/01/2022"
11 .SH NAME
22 hydra \- a very fast network logon cracker which supports many different services
33 .SH SYNOPSIS
+98
-42
hydra.c less more
00 /*
1 * hydra (c) 2001-2021 by van Hauser / THC <vh@thc.org>
1 * hydra (c) 2001-2022 by van Hauser / THC <vh@thc.org>
22 * https://github.com/vanhauser-thc/thc-hydra
33 *
44 * Parallized network login hacker.
7777 extern void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
7878 extern void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
7979 extern void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
80 extern void service_cobaltstrike(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
8081 extern void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
8182 extern void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
8283 extern void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
177178 extern int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
178179 extern int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
179180 extern int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
181 extern int32_t service_cobaltstrike_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
180182 extern int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
181183 extern int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
182184 extern int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
201203 extern int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname);
202204
203205 // ADD NEW SERVICES HERE
204 char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] "
206 char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs firebird ftp[s] "
205207 "http[s]-{head|get|post} http[s]-{get|post}-form http-proxy "
206208 "http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] "
207209 "memcached mongodb mssql mysql ncp nntp oracle oracle-listener oracle-sid "
225227 #define RESTOREFILE "./hydra.restore"
226228
227229 #define PROGRAM "Hydra"
228 #define VERSION "v9.2"
230 #define VERSION "v9.3"
229231 #define AUTHOR "van Hauser/THC"
230232 #define EMAIL "<vh@thc.org>"
231233 #define AUTHOR2 "David Maciejak"
401403 {"memcached", service_mcached_init, service_mcached, NULL},
402404 #endif
403405 SERVICE(mssql),
406 SERVICE(cobaltstrike),
404407 #ifdef LIBMONGODB
405408 SERVICE3("mongodb", mongodb),
406409 #endif
592595 "others,\n"
593596 " just add their real representation.\n"
594597 " -y disable the use of the above letters as placeholders\n"
595 " -r use a shuffling method called 'rain' to try to break\n"
596 " the linearity of the bruteforce\n"
597598 "Examples:\n"
598599 " -x 3:5:a generate passwords from length 3 to 5 with all "
599600 "lowercase letters\n"
806807 fprintf(stderr,
807808 "[WARNING] restore file was created by version %c.%c, this is "
808809 "version %s\n",
809 buf[0], buf[2], VERSION);
810 buf[0], buf[1], VERSION);
810811 if (buf[2] != sizeof(int32_t) % 256 || buf[3] != sizeof(hydra_head *) % 256) {
811812 fprintf(stderr, "[ERROR] restore file was created on a different, "
812813 "incompatible processor platform!\n");
882883 printf("[DEBUG] reading restore file: Step 8 complete\n");
883884
884885 login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8);
886 if (!login_ptr) {
887 fprintf(stderr, "Error: malloc(%lu) failed\n", hydra_brains.sizelogin + hydra_brains.countlogin + 8);
888 exit(-1);
889 }
885890 fck = (int32_t)fread(login_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, 1, f);
886891 if (debug)
887892 printf("[DEBUG] reading restore file: Step 9 complete\n");
888893 if (!check_flag(hydra_options.mode, MODE_COLON_FILE)) { // NOT colonfile mode
889894 pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8);
895 if (!pass_ptr) {
896 fprintf(stderr, "Error: malloc(%lu) failed\n", hydra_brains.sizepass + hydra_brains.countpass + 8);
897 exit(-1);
898 }
890899 fck = (int32_t)fread(pass_ptr, hydra_brains.sizepass + hydra_brains.countpass + 8, 1, f);
891900 } else { // colonfile mode
892901 hydra_options.colonfile = empty_login; // dummy
896905 printf("[DEBUG] reading restore file: Step 10 complete\n");
897906
898907 hydra_targets = (hydra_target **)malloc((hydra_brains.targets + 3) * sizeof(hydra_target *));
908 if (!hydra_targets) {
909 fprintf(stderr, "Error: malloc(%lu) failed\n", (hydra_brains.targets + 3) * sizeof(hydra_target *));
910 exit(-1);
911 }
899912 for (j = 0; j < hydra_brains.targets; j++) {
900913 hydra_targets[j] = malloc(sizeof(hydra_target));
914 if (!hydra_targets[j]) {
915 fprintf(stderr, "Error: malloc(%lu) failed\n", sizeof(hydra_target));
916 exit(-1);
917 }
901918 fck = (int32_t)fread(hydra_targets[j], sizeof(hydra_target), 1, f);
902919 sck = fgets(out, sizeof(out), f);
903920 if (out[0] != 0 && out[strlen(out) - 1] == '\n')
949966 if (debug)
950967 printf("[DEBUG] reading restore file: Step 11 complete\n");
951968 hydra_heads = malloc(sizeof(hydra_head *) * hydra_options.max_use);
969 if (!hydra_heads) {
970 fprintf(stderr, "Error: malloc(%lu) failed\n", sizeof(hydra_head *) * hydra_options.max_use);
971 exit(-1);
972 }
952973 for (j = 0; j < hydra_options.max_use; j++) {
953974 hydra_heads[j] = malloc(sizeof(hydra_head));
975 if (!hydra_heads[j]) {
976 fprintf(stderr, "Error: malloc(%lu) failed\n", sizeof(hydra_head));
977 exit(-1);
978 }
954979 fck = (int32_t)fread(hydra_heads[j], sizeof(hydra_head), 1, f);
955980 hydra_heads[j]->sp[0] = -1;
956981 hydra_heads[j]->sp[1] = -1;
11061131 tmp[len] = 0;
11071132 }
11081133 if (colonmode) {
1109 if ((ptr2 = index(tmp, ':')) == NULL) {
1134 if ((ptr2 = strchr(tmp, ':')) == NULL) {
11101135 fprintf(stderr,
11111136 "[ERROR] invalid line in colon file (-C), missing colon "
11121137 "in line: %s\n",
13191344 {"memcached", PORT_MCACHED, PORT_MCACHED_SSL},
13201345 {"mongodb", PORT_MONGODB, PORT_MONGODB},
13211346 {"mssql", PORT_MSSQL, PORT_MSSQL_SSL},
1347 {"cobaltstrike", PORT_COBALTSTRIKE, PORT_COBALTSTRIKE_SSL},
13221348 {"mysql", PORT_MYSQL, PORT_MYSQL_SSL},
13231349 {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL},
13241350 {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL},
14601486 hydra_heads[head_no]->current_pass_ptr = empty_login;
14611487 }
14621488 if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) {
1463 if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.max_use == hydra_targets[target_no]->failed) {
1489 if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.max_use <= hydra_targets[target_no]->failed) {
14641490 if (hydra_targets[target_no]->ok == 1)
14651491 hydra_targets[target_no]->done = TARGET_ERROR; // mark target as done by errors
14661492 else
14691495 fprintf(stderr,
14701496 "[ERROR] Too many connect errors to target, disabling "
14711497 "%s://%s%s%s:%d\n",
1472 hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port);
1498 hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && strchr(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && strchr(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port);
1499 } else {
1500 hydra_targets[target_no]->failed++;
14731501 }
1474 if (hydra_brains.targets > hydra_brains.finished)
1502 if (hydra_brains.targets <= hydra_brains.finished)
14751503 hydra_kill_head(head_no, 1, 0);
14761504 else
14771505 hydra_kill_head(head_no, 1, 2);
1478 } // we keep the last one alive as long as it make sense
1506 }
1507 // we keep the last one alive as long as it make sense
14791508 } else {
14801509 // we need to put this in a list, otherwise we fail one login+pw test
14811510 if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.skip_redo == 0 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) {
14901519 hydra_heads[head_no]->current_login_ptr = empty_login;
14911520 hydra_heads[head_no]->current_pass_ptr = empty_login;
14921521 }
1522 /*
14931523 hydra_targets[target_no]->fail_count--;
14941524 if (k < 5 && hydra_targets[target_no]->ok)
14951525 hydra_targets[target_no]->fail_count--;
14961526 if (k == 2 && hydra_targets[target_no]->ok)
14971527 hydra_targets[target_no]->fail_count--;
1498 if (hydra_brains.targets > hydra_brains.finished)
1528 */
1529 if (hydra_brains.targets <= hydra_brains.finished)
14991530 hydra_kill_head(head_no, 1, 0);
15001531 else {
15011532 hydra_kill_head(head_no, 1, 2);
19061937 // the above line
19071938 }
19081939 if (debug || hydra_options.showAttempt) {
1909 printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %" hPRIu64 " of %" hPRIu64 " [child %d] (%d/%d)\n", hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no, hydra_targets[target_no]->redo_state ? hydra_targets[target_no]->redo_state - 1 : 0,
1910 hydra_targets[target_no]->redo);
1940 printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %" hPRIu64 " of %" hPRIu64 " [child %d] (%d/%d)\n",
1941 hydra_targets[target_no]->redo_state ? "REDO-"
1942 : snp_is_redo ? "RE-"
1943 : "",
1944 hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no, hydra_targets[target_no]->redo_state ? hydra_targets[target_no]->redo_state - 1 : 0, hydra_targets[target_no]->redo);
19111945 }
19121946 loop_cnt = 0;
19131947 return 0;
19321966 hydra_targets[target_no]->skipcnt++;
19331967 }
19341968 if (hydra_options.loop_mode == 0 && !check_flag(hydra_options.mode, MODE_COLON_FILE)) {
1935 if (memcmp(username, hydra_targets[target_no]->login_ptr, strlen(username)) == 0) {
1969 if (strcmp(username, hydra_targets[target_no]->login_ptr) == 0) {
19361970 if (debug)
19371971 printf("[DEBUG] skipping username %s\n", username);
19381972 // increase count
20222056 }
20232057 *sep = 0;
20242058 target_string = sep + 3;
2025 if ((sep = index(target_string, '@')) != NULL) {
2059 if ((sep = strchr(target_string, '@')) != NULL) {
20262060 auth_string = target_string;
20272061 *sep = 0;
20282062 target_string = sep + 1;
2029 if (index(auth_string, ':') == NULL) {
2063 if (strchr(auth_string, ':') == NULL) {
20302064 fprintf(stderr,
20312065 "[WARNING] %s has an invalid authentication definition %s, must "
20322066 "be in the format login:pass, entry ignored\n",
20342068 return;
20352069 }
20362070 }
2037 if ((sep = index(target_string, ':')) != NULL) {
2071 if ((sep = strchr(target_string, ':')) != NULL) {
20382072 *sep = 0;
20392073 port_string = sep + 1;
2040 if ((sep = index(port_string, '%')) != NULL) {
2074 if ((sep = strchr(port_string, '%')) != NULL) {
20412075 *sep = 0;
20422076 device_string = sep + 1;
20432077 }
2044 if ((sep = index(port_string, '/')) != NULL)
2078 if ((sep = strchr(port_string, '/')) != NULL)
20452079 *sep = 0;
20462080 port = atoi(port_string);
20472081 if (port < 1 || port > 65535) {
21512185 struct sockaddr_in6 *ipv6 = NULL;
21522186 struct sockaddr_in *ipv4 = NULL;
21532187
2154 printf("%s %s (c) 2021 by %s & %s - Please do not use in military or secret "
2188 printf("%s %s (c) 2022 by %s & %s - Please do not use in military or secret "
21552189 "service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\n",
21562190 PROGRAM, VERSION, AUTHOR, AUTHOR2);
21572191 #ifndef LIBAFP
21892223 #ifndef HAVE_GCRYPT
21902224 SERVICES = hydra_string_replace(SERVICES, "radmin2 ", "");
21912225 strcat(unsupported, "radmin2 ");
2226 #endif
2227 #ifndef LIBFREERDP
2228 SERVICES = hydra_string_replace(SERVICES, "rdp ", "");
2229 strcat(unsupported, "rdp ");
21922230 #endif
21932231 #ifndef LIBSAPR3
21942232 SERVICES = hydra_string_replace(SERVICES, "sapr3 ", "");
22352273 // for oracle-sid
22362274 SERVICES = hydra_string_replace(SERVICES, " oracle-sid", "");
22372275 strcat(unsupported, "SSL-services (ftps, sip, rdp, oracle-services, ...) ");
2238 #endif
2239
2240 #ifndef LIBFREERDP
2241 // for rdp
2242 SERVICES = hydra_string_replace(SERVICES, " rdp", "");
22432276 #endif
22442277
22452278 #ifndef HAVE_MATH_H
25702603
25712604 if (*target_pos == '[') {
25722605 target_pos++;
2573 if ((param_pos = index(target_pos, ']')) == NULL)
2606 if ((param_pos = strchr(target_pos, ']')) == NULL)
25742607 bail("no closing ']' found in target definition");
25752608 *param_pos++ = 0;
25762609 if (*param_pos == ':')
25772610 port_pos = ++param_pos;
2578 if ((param_pos = index(param_pos, '/')) != NULL)
2611 if ((param_pos = strchr(param_pos, '/')) != NULL)
25792612 *param_pos++ = 0;
25802613 } else {
2581 port_pos = index(target_pos, ':');
2582 param_pos = index(target_pos, '/');
2614 port_pos = strchr(target_pos, ':');
2615 param_pos = strchr(target_pos, '/');
25832616 if (port_pos != NULL && param_pos != NULL && port_pos > param_pos)
25842617 port_pos = NULL;
25852618 if (port_pos != NULL)
25862619 *port_pos++ = 0;
25872620 if (param_pos != NULL)
25882621 *param_pos++ = 0;
2589 if (port_pos != NULL && index(port_pos, ':') != NULL) {
2622 if (port_pos != NULL && strchr(port_pos, ':') != NULL) {
25902623 if (prefer_ipv6)
25912624 bail("Illegal IPv6 target definition must be written within '[' "
25922625 "']'");
27752808 }
27762809 if (strcmp(hydra_options.service, "mssql") == 0)
27772810 i = 1;
2811 if (strcmp(hydra_options.service, "cobaltstrike") == 0)
2812 i = 2;
27782813 if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) {
27792814 i = 2;
27802815 hydra_options.service = malloc(strlen("oracle-listener") + 1);
28692904 "like parallel connections)\n");
28702905 hydra_options.tasks = 1;
28712906 }
2872 if (hydra_options.login != NULL && (index(hydra_options.login, '\\') != NULL || index(hydra_options.login, '/') != NULL))
2907 if (hydra_options.login != NULL && (strchr(hydra_options.login, '\\') != NULL || strchr(hydra_options.login, '/') != NULL))
28732908 fprintf(stderr, "[WARNING] potential windows domain specification found in "
28742909 "login. You must use the -m option to pass a domain.\n");
28752910 i = 1;
28932928 #if !defined(LIBSMBCLIENT)
28942929 bail("Compiled without LIBSMBCLIENT support, module not available!");
28952930 #else
2896 if (hydra_options.login != NULL && (index(hydra_options.login, '\\') != NULL || index(hydra_options.login, '/') != NULL))
2931 if (hydra_options.login != NULL && (strchr(hydra_options.login, '\\') != NULL || strchr(hydra_options.login, '/') != NULL))
28972932 fprintf(stderr, "[WARNING] potential windows domain specification found in "
28982933 "login. You must use the -m option to pass a domain.\n");
28992934 if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) {
32843319 }
32853320 hydra_options.port = port;
32863321 }
3322
3323 if (hydra_options.login == NULL && hydra_options.loginfile == NULL &&
3324 hydra_options.colonfile == NULL)
3325 hydra_options.exit_found = 1;
32873326
32883327 if (hydra_options.ssl == 0 && hydra_options.port == 443)
32893328 fprintf(stderr, "[WARNING] you specified port 443 for attacking a http "
35463585 if (*tmpptr == '[') {
35473586 tmpptr++;
35483587 hydra_targets[i]->target = tmpptr;
3549 if ((tmpptr2 = index(tmpptr, ']')) != NULL) {
3588 if ((tmpptr2 = strchr(tmpptr, ']')) != NULL) {
35503589 *tmpptr2++ = 0;
35513590 tmpptr = tmpptr2;
35523591 }
35533592 } else
35543593 hydra_targets[i]->target = tmpptr;
3555 if ((tmpptr2 = index(hydra_targets[i]->target, ':')) != NULL) {
3594 if ((tmpptr2 = strchr(tmpptr, ':')) != NULL) {
35563595 *tmpptr2++ = 0;
35573596 tmpptr = tmpptr2;
35583597 hydra_targets[i]->port = atoi(tmpptr2);
35683607 } else if (hydra_options.server == NULL) {
35693608 fprintf(stderr, "Error: no target server given, nor -M option used\n");
35703609 exit(-1);
3571 } else if (index(hydra_options.server, '/') != NULL) {
3610 } else if (strchr(hydra_options.server, '/') != NULL) {
35723611 if (cmdlinetarget == NULL)
35733612 bail("You seem to mix up \"service://target:port/options\" syntax with "
35743613 "\"target service options\" syntax. Read the README on how to use "
35753614 "hydra correctly!");
35763615 if (strstr(cmdlinetarget, "://") != NULL) {
3577 tmpptr = index(hydra_options.server, '/');
3616 tmpptr = strchr(hydra_options.server, '/');
35783617 if (tmpptr != NULL)
35793618 *tmpptr = 0;
35803619 countservers = hydra_brains.targets = 1;
35973636 exit(-1);
35983637 }
35993638 strcpy(tmpptr, hydra_options.server);
3600 tmpptr2 = index(tmpptr, '/');
3639 tmpptr2 = strchr(tmpptr, '/');
36013640 *tmpptr2++ = 0;
36023641 if ((k = atoi(tmpptr2)) < 16 || k > 31) {
36033642 fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server);
37633802 printf(" per task\n");
37643803
37653804 if (hydra_brains.targets == 1) {
3766 if (index(hydra_targets[0]->target, ':') == NULL) {
3805 if (strchr(hydra_targets[0]->target, ':') == NULL) {
37673806 printf("[DATA] attacking %s%s://%s:", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_targets[0]->target);
37683807 printf("%d%s%s\n", port, hydra_options.miscptr == NULL || hydra_options.miscptr[0] != '/' ? "/" : "", hydra_options.miscptr != NULL ? hydra_options.miscptr : "");
37693808 } else {
38393878 #ifdef AF_INET6
38403879 ipv6 = NULL;
38413880 #endif
3842 if ((device = index(hydra_targets[i]->target, '%')) != NULL)
3881 if ((device = strchr(hydra_targets[i]->target, '%')) != NULL)
38433882 *device++ = 0;
38443883 if (getaddrinfo(hydra_targets[i]->target, NULL, &hints, &res) != 0) {
38453884 if (use_proxy == 0) {
39053944 }
39063945 freeaddrinfo(res);
39073946 }
3908 // restore device information if present
3947 // restore device information if present (overwrite null bytes)
39093948 if (device != NULL) {
3910 *(device - 1) = '%';
3949 char *tmpptr = device - 1;
3950 *tmpptr = '%'; // you can ignore the compiler warning
39113951 fprintf(stderr, "[WARNING] not all modules support BINDTODEVICE for IPv6 "
39123952 "link local addresses, e.g. SSH does not\n");
39133953 }
41284168 fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack
41294169 break;
41304170
4171 case 'D': // disable target, unknown protocol or feature
4172 for (j = 0; j < hydra_brains.targets; j++)
4173 if (hydra_targets[j]->done == TARGET_ACTIVE) {
4174 hydra_targets[j]->done = TARGET_FINISHED;
4175 hydra_brains.finished++;
4176 }
4177 for (j = 0; j < hydra_options.max_use; j++)
4178 if (hydra_heads[j]->active >= 0 && hydra_heads[j]->target_no == target_no) {
4179 if (hydra_brains.targets > hydra_brains.finished)
4180 hydra_kill_head(j, 1, 0); // kill all heads working on the target
4181 else
4182 hydra_kill_head(j, 1, 2); // kill all heads working on the target
4183 }
4184 break;
4185
41314186 // we do not make a difference between 'C' and 'E' results - yet
41324187 case 'E': // head reports protocol error
41334188 case 'C': // head reports connect error
43344389 strncat(json_error, tmp_str, STRMAX);
43354390 strncat(json_error, "\"", STRMAX);
43364391 error = 1;
4392 hydra_restore_write(1);
43374393 }
43384394 // yeah we did it
43394395 printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time());
+2
-0
hydra.h less more
100100 #define PORT_MYSQL_SSL 3306
101101 #define PORT_MSSQL 1433
102102 #define PORT_MSSQL_SSL 1433
103 #define PORT_COBALTSTRIKE 50050
104 #define PORT_COBALTSTRIKE_SSL 50050
103105 #define PORT_POSTGRES 5432
104106 #define PORT_POSTGRES_SSL 5432
105107 #define PORT_ORACLE 1521
+10
-0
xhydra.desktop less more
0 [Desktop Entry]
1 Name=XHydra
2 GenericName=Hydra very fast network log-on cracker
3 Comment=GUI frontend for Hydra network log-on cracker
4 Version=1.0
5 Exec=xhydra
6 Icon=xhydra
7 Terminal=false
8 Type=Application
9 Categories=System;Security;GTK;
xhydra.png less more
Binary diff not shown