Imported Upstream version 8.0
Julián Moreno Patiño
9 years ago
0 | 0 | Changelog for hydra |
1 | 1 | ------------------- |
2 | ||
3 | Release 8.0 | |
4 | ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra | |
5 | * Added module for redis (submitted by Alejandro Ramos, thanks!) | |
6 | * Added patch which adds Unicode support for the SMB module (thanks to Max Kosmach) | |
7 | * Added initial interactive password authentication test for ssh (thanks to Joshua Houghton) | |
8 | * Added patch for xhydra that adds bruteforce generator to the GUI (thanks to Petar Kaleychev) | |
9 | * Target on the command line can now be a CIDR definition, e.g. 192.168.0.0/24 | |
10 | * with -M <targetfile>, you can now specify a port for each entry (use "target:port" per line) | |
11 | * Verified that hydra compiles cleanly on QNX / Blackberry 10 :-) | |
12 | * Bugfixes for -x option: | |
13 | - password tries were lost when connection errors happened (thanks to Vineet Kumar for reporting) | |
14 | - fixed crash when used together with -e option | |
15 | * Fixed a bug that hydra would not compile without libssh (introduced in v7.6) | |
16 | * Various bugfixes if many targets where attacked in parallel | |
17 | * Cygwin's Postgresql is working again, hence configure detection re-enabled | |
18 | * Added gcc compilation security options (if detected to be supported by configure script) | |
19 | * Enhancements to the secure compilation options | |
20 | * Checked code with cppcheck and fixed some minor issues. | |
21 | * Checked code with Coverity. Fixed a lot of small and medium issues. | |
22 | ||
23 | ||
24 | Release 7.6 | |
25 | * Added a wizard script for hydra based on a script by Shivang Desai <shivang.ice.2010@gmail.com> | |
26 | * Added module for Siemens S7-300 (submitted by Alexander Timorin and Sergey Gordeychik, thanks!) | |
27 | * HTTP HEAD/GET: MD5 digest auth was not working, fixed (thanks to Paul Kenyon) | |
28 | * SMTP Enum: HELO is now always sent, better 500 error detection | |
29 | * hydra main: | |
30 | - fixed a bug in the IPv6 address parsing when a port was supplied | |
31 | - added info message for pop3, imap and smtp protocol usage | |
32 | * hydra GTK: missed some services, added | |
33 | * dpl4hydra.sh: | |
34 | - added Siemens S7-300 common passwords to default password list | |
35 | - more broad searching in the list | |
36 | * Performed code indention on all C files :-) | |
37 | * Makefile patch to ensure .../etc directory is there (thanks to vonnyfly) | |
38 | ||
2 | 39 | |
3 | 40 | Release 7.5 |
4 | 41 | * Moved the license from GPLv3 to AGPLv3 (see LICENSE file) |
6 | 43 | * Added support for Android where some functions are not available |
7 | 44 | * hydra main: |
8 | 45 | - reduced the screen output if run without -h, full screen with -h |
9 | - fix for ipv6 and port parsing with service://[ipv6address]:port/OPTIONS | |
46 | - fix for IPv6 and port parsing with service://[ipv6address]:port/OPTIONS | |
10 | 47 | - fixed -o output (thanks to www417) |
11 | 48 | - warning if HYDRA_PROXY is defined but the module does not use it |
12 | 49 | - fixed an issue with large input files and long entries |
25 | 62 | disabled on Cygwin |
26 | 63 | |
27 | 64 | |
28 | Release 7.4.x FIX RELEASES for bugs introduced in 7.4 | |
65 | Release 7.4.3 FIX RELEASES for bugs introduced in 7.4 | |
29 | 66 | * Quickfix for people who do not have libssh installed (won't compile otherwise) |
30 | 67 | * Quickfix for http-get/http-head and irc module which would not run due a new feature. |
31 | 68 | * Fix for the ssh module that breaks an endless loop if a service becomes unavailable (thanks to shark0der(at)gmail(dot)com for reporting) |
192 | 229 | * Add support for CRAM-MD5 and DIGEST-MD5 auth to ldap module |
193 | 230 | * Fix SASL PLAIN auth method issue |
194 | 231 | * Add TLS negotiation support for smtp-auth, pop3, imap, ftp and ldap |
195 | * Added man pages from debian maintainers | |
232 | * Added man pages from Debian maintainers | |
196 | 233 | * Checked Teamspeak module, works on TS2 protocol |
197 | 234 | * Add support for SCRAM-SHA1 (RFC 5802), first auth cracker to support it, yeah ! |
198 | 235 | * New module: XMPP with TLS negotiation and LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1 support |
214 | 251 | |
215 | 252 | |
216 | 253 | Release 6.1 |
217 | * More license updates for the files for the debian guys | |
254 | * More license updates for the files for the Debian guys | |
218 | 255 | * Fix for the configure script to correctly detect postgresql |
219 | 256 | * Add checks for libssh v0.4 and support for ssh v1 |
220 | 257 | * Merge all latest crypto code in sasl files |
222 | 259 | |
223 | 260 | |
224 | 261 | Release 6.0 |
225 | * Added GPL exception clause to license to allow linking to OpenSSL - debian people need this | |
262 | * Added GPL exception clause to license to allow linking to OpenSSL - Debian people need this | |
226 | 263 | * IPv6 support finally added. Note: sip and socks5 modules do not support IPv6 yet |
227 | 264 | * Changes to code and configure script to ensure clean compile on Solaris 11, |
228 | 265 | OSX, FreeBSD 8.1, Cygwin and Linux |
0 | type "./configure", then "make" and finally "make install" | |
0 | type "./configure", then "make" and finally "sudo make install" | |
1 | ||
2 | For special modules you need to install software packages before | |
3 | you run "./configure": | |
4 | Ubuntu/Debian: apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev libncurses5-dev | |
5 | Redhat/Fedora: yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel | |
6 | OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel | |
7 | ||
8 | For the Oracle login module, install the basic and SDK packages: | |
9 | http://www.oracle.com/technetwork/database/features/instant-client/index.html | |
10 |
0 | 0 | # |
1 | # Makefile for Hydra - (c) 2001-2013 by van Hauser / THC <vh@thc.org> | |
1 | # Makefile for Hydra - (c) 2001-2014 by van Hauser / THC <vh@thc.org> | |
2 | 2 | # |
3 | 3 | OPTS=-I. -O3 |
4 | 4 | # -Wall -g -pedantic |
14 | 14 | hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \ |
15 | 15 | hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \ |
16 | 16 | hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ |
17 | hydra-rdp.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c | |
17 | hydra-rdp.c hydra-s7-300.c hydra-redis.c \ | |
18 | crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c | |
18 | 19 | OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ |
19 | 20 | hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ |
20 | 21 | hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ |
23 | 24 | hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \ |
24 | 25 | hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \ |
25 | 26 | hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \ |
26 | hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ | |
27 | hydra-rdp.o crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o | |
27 | hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \ | |
28 | hydra-rdp.o hydra-s7-300.c \ | |
29 | crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o | |
28 | 30 | BINS = hydra pw-inspector |
29 | 31 | |
30 | 32 | EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ |
35 | 37 | @echo Now type "make install" |
36 | 38 | |
37 | 39 | hydra: hydra.c $(OBJ) |
38 | $(CC) $(OPTS) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) | |
40 | $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) | |
39 | 41 | @echo |
40 | 42 | @echo If men could get pregnant, abortion would be a sacrament |
41 | 43 | @echo |
44 | 46 | -cd hydra-gtk && sh ./make_xhydra.sh |
45 | 47 | |
46 | 48 | pw-inspector: pw-inspector.c |
47 | -$(CC) $(OPTS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c | |
49 | -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c | |
48 | 50 | |
49 | 51 | .c.o: |
50 | $(CC) $(OPTS) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) | |
52 | $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) | |
51 | 53 | |
52 | 54 | strip: all |
53 | 55 | strip $(BINS) |
54 | 56 | -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null |
55 | 57 | |
56 | 58 | install: strip |
57 | -mkdir -p $(PREFIX)$(DIR) | |
58 | cp -f $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 $(BINS) | |
59 | -mkdir -p $(PREFIX)$(DIR) | |
60 | cp -f hydra-wizard.sh $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 hydra-wizard.sh $(BINS) | |
59 | 61 | -echo OK > /dev/null && test -x xhydra && cp xhydra $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 xhydra || echo OK > /dev/null |
60 | # -cp -f dpl4hydra.sh ($PREFIX)/dpl4hydra.sh | |
61 | 62 | -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh > $(PREFIX)/bin/dpl4hydra.sh |
62 | 63 | -chmod 755 $(PREFIX)/bin/dpl4hydra.sh |
64 | -mkdir -p $(PREFIX)/etc/ | |
63 | 65 | -cp -f *.csv $(PREFIX)/etc/ |
64 | 66 | -mkdir -p $(PREFIX)/man/man1 |
65 | 67 | -cp -f hydra.1 xhydra.1 pw-inspector.1 $(PREFIX)/man/man1 |
68 | 70 | rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile |
69 | 71 | cp -f Makefile.orig Makefile |
70 | 72 | |
71 | backup: | |
72 | tar czvf ../hydra-dev.tgz *.c *.h README Makefile.am configure TODO CHANGES INSTALL LICENCE | |
73 | ||
74 | revise: | |
75 | mv ../hydra-dev.tgz ../hydra-dev-old.tgz |
0 | 0 | |
1 | 1 | H Y D R A |
2 | 2 | |
3 | (c) 2001-2013 by van Hauser / THC | |
3 | (c) 2001-2014 by van Hauser / THC | |
4 | 4 | <vh@thc.org> http://www.thc.org |
5 | 5 | co-maintained by David (dot) Maciejak @ gmail (dot) com |
6 | 6 | BFG code by Jan Dlabal <dlabaljan@gmail.com> |
7 | 7 | |
8 | 8 | Licensed under AGPLv3 (see LICENSE file) |
9 | ||
10 | Please do not use in military or secret service organizations, | |
11 | or for illegal purposes. | |
9 | 12 | |
10 | 13 | |
11 | 14 | |
23 | 26 | either support more than one protocol to attack or support parallized |
24 | 27 | connects. |
25 | 28 | |
26 | It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD | |
27 | and OSX. | |
28 | ||
29 | Currently this tool supports: | |
30 | ||
29 | It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, | |
30 | FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX. | |
31 | ||
32 | Currently this tool supports the following protocols: | |
31 | 33 | Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, |
32 | 34 | HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, |
33 | 35 | HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, |
42 | 44 | |
43 | 45 | |
44 | 46 | |
47 | WHERE TO GET | |
48 | ------------ | |
49 | You can always find the newest release/production version of hydra at its | |
50 | project page at https://www.thc.org/thc-hydra | |
51 | If you are interested in the current development state, the public development | |
52 | repository is at Github: | |
53 | svn co https://github.com/vanhauser-thc/thc-hydra | |
54 | or | |
55 | git clone https://github.com/vanhauser-thc/thc-hydra.git | |
56 | Use the development version at your own risk. It contains new features and | |
57 | new bugs. Things might not work! | |
58 | ||
59 | ||
60 | ||
45 | 61 | HOW TO COMPILE |
46 | 62 | -------------- |
47 | For hydra, just type: | |
63 | To configure, compile and install hydra, just type: | |
48 | 64 | |
49 | 65 | ./configure |
50 | 66 | make |
51 | 67 | make install |
52 | 68 | |
53 | If you need ssh module support, you have to setup libssh on your system, | |
54 | get it from http://www.libssh.org, for ssh v1 support you also need to add | |
55 | "-DWITH_SSH1=On" option in the cmake command line. | |
56 | ||
57 | If you use Ubuntu, this will install supplementary libraries needed for a | |
58 | few optional modules: | |
69 | If you want the ssh module, you have to setup libssh (not libssh2!) on your | |
70 | system, get it from http://www.libssh.org, for ssh v1 support you also need | |
71 | to add "-DWITH_SSH1=On" option in the cmake command line. | |
72 | ||
73 | If you use Ubuntu/Debian, this will install supplementary libraries needed | |
74 | for a few optional modules: | |
59 | 75 | apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ |
60 | 76 | libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ |
61 | 77 | firebird2.1-dev libncp-dev |
74 | 90 | ------------------- |
75 | 91 | All UNIX platforms (linux, *bsd, solaris, etc.) |
76 | 92 | Mac OS/X |
77 | Windows with Cygwin (both ipv4 and ipv6) | |
78 | Mobile systems based on Linux or Mac OS/X (e.g. Android, iPhone, Zaurus, iPaq) | |
93 | Windows with Cygwin (both IPv4 and IPv6) | |
94 | Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) | |
79 | 95 | |
80 | 96 | |
81 | 97 | |
82 | 98 | HOW TO USE |
83 | 99 | ---------- |
84 | Type "./configure", followed by "make" to compile hydra and then | |
85 | "./hydra -h" to see the command line options. | |
86 | You make also type "make install" to install hydra to /usr/local/bin. | |
100 | If you just enter "hydra", you will see a short summary of the important | |
101 | options available. | |
102 | Type "./hydra -h" to see all available command line options. | |
103 | ||
87 | 104 | Note that NO login/password file is included. Generate them yourself. |
105 | A default password list is hoever present, use "dpl4hydra.sh" to generate | |
106 | a list. | |
107 | ||
88 | 108 | For Linux users, a GTK gui is available, try "./xhydra" |
109 | ||
110 | For the command line usage, the syntax is as follows: | |
111 | For attacking one target or a network, you can use the new "://" style: | |
112 | hydra [some command line options] PROTOCOL://TARGET:PORT/OPTIONS | |
113 | The old mode can be used for these too, and additionally if you want to | |
114 | specify your targets from a text file, you *must* use this one: | |
115 | hydra [some command line options] [-s port] TARGET PROTOCOL OPTIONS | |
116 | ||
117 | Via the command line options you specify which logins to try, which passwords, | |
118 | if SSL should be used, how many parallel tasks to use for attacking, etc. | |
119 | ||
120 | PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, | |
121 | http-get or many others are vailable | |
122 | TARGET is the target you want to attack | |
123 | OPTIONS are optional values which are special per PROTOCOL module | |
124 | ||
125 | FIRST - select your target | |
126 | you have three options on how to specify the target you want to attack: | |
127 | 1. a single target on the command line: just put the IP or DNS address in | |
128 | 2. a network range on the command line: CIDR specification like "192.168.0.0/24" | |
129 | 3. a list of hosts in a text file: one line per entry (see below) | |
130 | ||
131 | SECOND - select your protocol | |
132 | Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. | |
133 | Use a port scanner to see which protocols are enabled on the target. | |
134 | ||
135 | THIRD - check if the module has optional parameters | |
136 | hydra -U PROTOCOL | |
137 | e.g. hydra -U smtp | |
138 | ||
139 | FOURTH - the destination port | |
140 | this is optional! if no port is supplied the default common port for the | |
141 | PROTOCOL is used. | |
142 | If you specify SSL to use ("-S" option), the SSL common port is used by default. | |
143 | ||
144 | ||
145 | If you use "://" notation, you must use "[" "]" brackets if you want to supply | |
146 | IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: | |
147 | hydra [some command line options] ftp://[192.168.0.0/24]/ | |
148 | hydra [some command line options] -6 smtp://[2001:db8::1]/NTLM | |
149 | ||
150 | Note that everything hydra does is IPv4 only! | |
151 | If you want to attack IPv6 addresses, you must add the "-6" command line option. | |
152 | All attacks are then IPv6 only! | |
153 | ||
154 | If you want to supply your targets via a text file, you can not use the :// | |
155 | notation but use the old style and just supply the protocol (and module options): | |
156 | hydra [some command line options] -M targets.txt ftp | |
157 | You can supply also port for each target entry by adding ":<port>" after a | |
158 | target entry in the file, e.g.: | |
159 | foo.bar.com | |
160 | target.com:21 | |
161 | unusual.port.com:2121 | |
162 | default.used.here.com | |
163 | 127.0.0.1 | |
164 | 127.0.0.1:2121 | |
165 | ||
166 | ||
167 | ||
168 | LOGINS AND PASSWORDS | |
169 | -------------------- | |
170 | You have many options on how to attack with logins and passwords | |
171 | With -l for login and -p for password you tell hydra that this is the only | |
172 | login and/or password to try. | |
173 | With -L for logins and -P for passwords you supply text files with entries. | |
174 | e.g.: | |
175 | hydra -l admin -p password ftp://localhost/ | |
176 | hydra -L default_logins.txt -p test ftp://localhost/ | |
177 | hydra -l admin -P common_passwords.txt ftp://localhost/ | |
178 | hydra -L logins.txt -P passwords.txt ftp://localhost/ | |
179 | Additionally, you can try passwords based on the login via the "-e" option. | |
180 | The "-e" option has three parameters: | |
181 | s - try the login as password | |
182 | n - try an empty password | |
183 | r - reverse the login and try it as password | |
184 | If you want to, e.g. try "try login as password and "empty password", you | |
185 | specify "-e sn" on the command line. | |
186 | ||
187 | ||
188 | But there are two more modes for trying passwords than -p/-P: | |
189 | You can use text file which where a login and password pair is seperated by a colon, | |
190 | e.g.: | |
191 | admin:password | |
192 | test:test | |
193 | foo:bar | |
194 | This is a common default account style listing, that is also generated by the | |
195 | dpl4hydra.sh default account file generator supplied with hydra. | |
196 | You use such a text file with the -C option - note that in this mode you | |
197 | can not use -l/-L/-p/-P options (-e nsr however you can). | |
198 | Example: | |
199 | hydra -C default_accounts.txt ftp://localhost/ | |
200 | ||
201 | And finally, there is a bruteforce mode with the -x option (which you can not | |
202 | use with -p/-P/-C): | |
203 | -x minimum_length:maximum_length:charset | |
204 | the charset definition is 'a' for lowercase letters, 'A' for uppercase letters, | |
205 | '1' for numbers and for anything else you supply it is their real representation. | |
206 | Examples: | |
207 | -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters | |
208 | -x 2:5:/ generate passwords from length 2 to 5 containing only slashes | |
209 | -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers | |
210 | Example: | |
211 | hydra -l ftp -x 3:3:a ftp://localhost/ | |
89 | 212 | |
90 | 213 | |
91 | 214 | |
115 | 238 | When hydra is aborted with Control-C, killed or crashs, it leavs a |
116 | 239 | "hydra.restore" file behind which contains all necessary information to |
117 | 240 | restore the session. This session file is written every 5 minutes. |
118 | NOTE: if you are cracking parallel hosts (-M option), this feature doesnt | |
119 | work, and is therefore disabled! | |
120 | 241 | NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. |
121 | 242 | from little indian to big indian, or from solaris to aix) |
122 | 243 | |
202 | 323 | David (dot) Maciejak @ gmail (dot) com |
203 | 324 | |
204 | 325 | |
205 | Type Bits/KeyID Date User ID | |
206 | pub 2048/CDD6A571 1998/04/27 van Hauser / THC <vh@reptile.rug.ac.be> | |
326 | You should use PGP to encrypt emails to vh@thc.org : | |
207 | 327 | |
208 | 328 | -----BEGIN PGP PUBLIC KEY BLOCK----- |
209 | Version: 2.6.3i | |
210 | ||
211 | mQENAzVE0A4AAAEIAOzKPhKBDFDyeTvMKQ1xx6781tEdIYgrkrsUEL6VoJ8H8CIU | |
212 | SeXDuCVu3JlMKITD6nPMFJ/DT0iKHgnHUZGdCQEk/b1YHUYOcig1DPGsg3WeTX7L | |
213 | XL1M4DwqDvPz5QUQ+U+VHuNOUzgxfcjhHsjJj2qorVZ/T5x4k3U960CMJ11eOVNC | |
214 | meD/+c6a2FfLZJG0sJ/kIZ9HUkY/dvXDInOJaalQc1mYjkvfcPsSzas4ddiXiDyc | |
215 | QcKX+HAXIdmT7bjq5+JS6yspnBvIZC55tB7ci2axTjwpkdzJBZIkCoBlWsDXNwyq | |
216 | s70Lo3H9dcaNt4ubz5OMVIvJHFMCEtIGS83WpXEABRG0J3ZhbiBIYXVzZXIgLyBU | |
217 | SEMgPHZoQHJlcHRpbGUucnVnLmFjLmJlPokAlQMFEDVE0D7Kb9wCOxiMfQEBvpAD | |
218 | /3UCDgJs1CNg/zpLhRuUBlYsZ1kimb9cbB/ufL1I4lYM5WMyw+YfGN0p02oY4pVn | |
219 | CQN6ca5OsqeXHWfn7LxBT3lXEPCckd+vb9LPPCzuDPS/zYnOkUXgUQdPo69B04dl | |
220 | C9C1YXcZjplYso2q3NYnuc0lu7WVD0qT52snNUDkd19ciQEVAwUQNUTQDhLSBkvN | |
221 | 1qVxAQGRTwgA05OmurXHVByFcvDaBRMhX6pKbTiVKh8HdJa8IdvuqHOcYFZ2L+xZ | |
222 | PAQy2WCqeakvss9Xn9I28/PQZ+6TmqWUmG0qgxe5MwkaXWxszKwRsQ8hH+bcppsZ | |
223 | 2/Q3BxSfPege4PPwFWsajnymsnmhdVvvrt69grzJDm+iMK0WR33+RvtgjUj+i22X | |
224 | lpt5hLHufDatQzukMu4R84M1tbGnUCNF0wICrU4U503yCA4DT/1eMoDXI0BQXmM/ | |
225 | Ygk9bO2Icy+lw1WPodrWmg4TJhdIgxuYlNLIu6TyqDYxjA/c525cBbdqwoE+YvUI | |
226 | o7CN/bJN0bKg1Y/BMTHEK3mpRLLWxVMRYw== | |
227 | =MdzX | |
329 | Version: GnuPG v3.3.3 (vh@thc.org) | |
330 | ||
331 | mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT | |
332 | KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ | |
333 | FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c | |
334 | vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k | |
335 | Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p | |
336 | lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI | |
337 | zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI | |
338 | DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf | |
339 | lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN | |
340 | DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5 | |
341 | n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB | |
342 | tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC | |
343 | F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ | |
344 | xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH | |
345 | Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4 | |
346 | qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz | |
347 | dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp | |
348 | QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga | |
349 | V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5 | |
350 | slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl | |
351 | Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM | |
352 | 0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP | |
353 | JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs | |
354 | IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL | |
355 | CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS | |
356 | AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ | |
357 | HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR | |
358 | 2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C | |
359 | nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc | |
360 | XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6 | |
361 | Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL | |
362 | ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V | |
363 | l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F | |
364 | n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl | |
365 | 7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb | |
366 | /hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii | |
367 | tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5 | |
368 | Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR | |
369 | gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt | |
370 | x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62 | |
371 | 0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS | |
372 | +C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw | |
373 | G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA | |
374 | oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr | |
375 | rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC | |
376 | v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5 | |
377 | 02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv | |
378 | s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ | |
379 | Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK | |
380 | d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP | |
381 | gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y | |
382 | ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP | |
383 | 8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd | |
384 | X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD | |
385 | aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN | |
386 | cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC | |
387 | Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR | |
388 | zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni | |
389 | 1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT | |
390 | zB3yrr+vYBT0uDWmxwPjiJs= | |
391 | =ytEf | |
228 | 392 | -----END PGP PUBLIC KEY BLOCK----- |
0 | ||
1 | Prio 1: | |
2 | * hydra-smb more than 1 connection? | |
3 | * add help hints? | |
4 | * test teamspeak, icq | |
5 | * check all modules to ensure no check is lost because of a timeout, buf == NULL etc. | |
6 | * optimize smtp module | |
7 | * optimize ssl performance | |
8 | * add snmpv3 privacy support | |
9 | * http: option to specify an url for testing if the login was right or wrong | |
10 | * does hydra-oracle work with service names? (often SIDs do not work anymore) | |
11 | ||
12 | ||
13 | Prio 2: | |
14 | * add support for IPv6 Link Local Addresses like fe80::1%eth0 for Solaris and *BSD | |
15 | * add crack info when key is pressed | |
16 | * hydra-smb support NTLMv2 (when its fixed) | |
17 | * support for 802.1x EAP via libpcap | |
18 | * TN3270, and TN3270 user enumeration | |
19 | * Support nmap -o and -oM output files | |
20 | ||
21 | ||
22 | Prio 3: | |
23 | * Specify user-agent for http-form module as extra optional option | |
24 | * ipv6 support for sip | |
25 | * add RIP, OSPF, BGP, PIM | |
26 | * add diameter support | |
27 | * round robin proxy support ? | |
28 | * add tn5250 support | |
29 | * Add Sybase support, using freetds lib (can be used for ms-sql) | |
30 | * Add Informix ? |
0 | ||
0 | 1 | /* code original by Jan Dlabal <dlabaljan@gmail.com>, partially rewritten by vh */ |
1 | 2 | |
2 | 3 | #include <stdio.h> |
68 | 69 | |
69 | 70 | for (; tmp[i]; i++) { |
70 | 71 | switch (tmp[i]) { |
71 | case 'a': | |
72 | case 'a': | |
72 | 73 | crs_len += 26; |
73 | 74 | if (BF_CHARSMAX - crs_len < 1) { |
74 | 75 | free(bf_options.crs); |
84 | 85 | } |
85 | 86 | break; |
86 | 87 | |
87 | case 'A': | |
88 | case 'A': | |
88 | 89 | crs_len += 26; |
89 | 90 | if (BF_CHARSMAX - crs_len < 1) { |
90 | 91 | free(bf_options.crs); |
100 | 101 | } |
101 | 102 | break; |
102 | 103 | |
103 | case '1': | |
104 | case '1': | |
104 | 105 | crs_len += 10; |
105 | 106 | if (BF_CHARSMAX - crs_len < 1) { |
106 | 107 | free(bf_options.crs); |
116 | 117 | } |
117 | 118 | break; |
118 | 119 | |
119 | default: | |
120 | default: | |
120 | 121 | if ((tmp[i] >= '2' && tmp[i] <= '9') || tmp[i] == '0') { |
121 | 122 | if ((flags & BF_NUMS) > 0) { |
122 | 123 | printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", tmp[i]); |
124 | 125 | } |
125 | 126 | printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", tmp[i]); |
126 | 127 | } |
127 | if (tolower((int)tmp[i]) >= 'b' && tolower((int)tmp[i]) <= 'z') { | |
128 | if (tolower((int) tmp[i]) >= 'b' && tolower((int) tmp[i]) <= 'z') { | |
128 | 129 | if ((tmp[i] <= 'Z' && (flags & BF_UPPER) > 0) || (tmp[i] > 'Z' && (flags & BF_UPPER) > 0)) { |
129 | 130 | printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a'); |
130 | 131 | continue; |
146 | 147 | |
147 | 148 | bf_options.crs_len = crs_len; |
148 | 149 | bf_options.current = bf_options.from; |
149 | memset((char*)bf_options.state, 0, sizeof(bf_options.state)); | |
150 | memset((char *) bf_options.state, 0, sizeof(bf_options.state)); | |
150 | 151 | if (debug) |
151 | 152 | printf("[DEBUG] bfg INIT: from %d, to %d, len: %d, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs); |
152 | 153 | |
166 | 167 | |
167 | 168 | char *bf_next() { |
168 | 169 | int i, pos = bf_options.current - 1; |
169 | ||
170 | ||
170 | 171 | if (bf_options.current > bf_options.to) |
171 | return NULL; // we are done | |
172 | ||
172 | return NULL; // we are done | |
173 | ||
173 | 174 | if ((bf_options.ptr = malloc(BF_CHARSMAX)) == NULL) { |
174 | 175 | fprintf(stderr, "Error: Can not allocate memory for -x data!\n"); |
175 | 176 | return NULL; |
190 | 191 | bf_options.state[pos] = 0; |
191 | 192 | pos--; |
192 | 193 | } |
193 | ||
194 | ||
194 | 195 | if (pos < 0) { |
195 | 196 | bf_options.current++; |
196 | memset((char*)bf_options.state, 0, sizeof(bf_options.state)); | |
197 | } | |
198 | ||
197 | memset((char *) bf_options.state, 0, sizeof(bf_options.state)); | |
198 | } | |
199 | ||
199 | 200 | return bf_options.ptr; |
200 | 201 | } |
201 | 202 |
263 | 263 | fi |
264 | 264 | |
265 | 265 | echo "Checking for Postgres (libpq.so, libpq-fe.h) ..." |
266 | if [ "$SYSO" = "Cygwin" ]; then | |
267 | echo " ... DISABLED - postgres is buggy in Cygwin at the moment" | |
268 | POSTGRES_PATH="" | |
269 | POSTGRES_IPATH="" | |
270 | else | |
266 | #if [ "$SYSO" = "Cygwin" ]; then | |
267 | # echo " ... DISABLED - postgres is buggy in Cygwin at the moment" | |
268 | # POSTGRES_PATH="" | |
269 | # POSTGRES_IPATH="" | |
270 | #else | |
271 | 271 | for i in $LIBDIRS ; do |
272 | 272 | if [ "X" = "X$POSTGRES_PATH" ]; then |
273 | 273 | if [ -f "$i/libpq.so" -o -f "$i/libpq.dylib" -o -f "$i/libpq.a" ]; then |
312 | 312 | POSTGRES_PATH="" |
313 | 313 | POSTGRES_IPATH="" |
314 | 314 | fi |
315 | fi | |
315 | #fi | |
316 | 316 | |
317 | 317 | echo "Checking for SVN (libsvn_client-1 libapr-1.so libaprutil-1.so) ..." |
318 | 318 | for i in $LIBDIRS ; do |
335 | 335 | fi |
336 | 336 | fi |
337 | 337 | if [ "X" = "X$SVN_PATH" ]; then |
338 | TMP_LIB=`/bin/ls $i/libsvn_client*.so* 2> /dev/null | grep libsvn_client.` | |
339 | if [ -n "$TMP_LIB" ]; then | |
338 | TMP_LIB1=`/bin/ls $i/libsvn_client*.so* 2> /dev/null | grep libsvn_client.` | |
339 | TMP_LIB2=`/bin/ls $i/libapr-1*.so* 2> /dev/null | grep libsvn_client.` | |
340 | TMP_LIB3=`/bin/ls $i/libaprutil-1*.so* 2> /dev/null | grep libsvn_client.` | |
341 | if [ -n "$TMP_LIB1" -a -n "$TMP_LIB2" -a -n "$TMP_LIB3" ]; then | |
340 | 342 | SVN_PATH="$i" |
341 | 343 | APR_PATH="$i" |
342 | 344 | fi |
343 | 345 | fi |
344 | 346 | if [ "X" = "X$SVN_PATH" ]; then |
345 | TMP_LIB=`/bin/ls $i/libsvn_client*.dll* 2> /dev/null | grep libsvn_client.` | |
346 | if [ -n "$TMP_LIB" ]; then | |
347 | TMP_LIB1=`/bin/ls $i/libsvn_client*.dll* 2> /dev/null | grep libsvn_client.` | |
348 | TMP_LIB2=`/bin/ls $i/libapr-1*.dll* 2> /dev/null | grep libsvn_client.` | |
349 | TMP_LIB3=`/bin/ls $i/libaprutil-1*.dll* 2> /dev/null | grep libsvn_client.` | |
350 | if [ -n "$TMP_LIB1" -a -n "$TMP_LIB2" -a -n "$TMP_LIB3" ]; then | |
347 | 351 | SVN_PATH="$i" |
348 | 352 | APR_PATH="$i" |
349 | 353 | fi |
821 | 825 | rm -f $TMPC $TMPC.c |
822 | 826 | echo " ... RSA_generate_key()$RSA found" |
823 | 827 | fi |
828 | ||
829 | echo "Checking for secure compile option support in gcc ..." | |
830 | GCCSEC="no" | |
831 | LDSEC="no" | |
832 | GCCSECOPT="-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2" | |
833 | echo '#include <stdio.h>' > $TMPC.c | |
834 | echo 'int main() { printf(""); return 0; }' >> $TMPC.c | |
835 | gcc -pie -fPIE $GCCSEPOPT -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err | |
836 | test -x $TMPC && GCCSEC="yes" | |
837 | grep -q fPI $TMPC.c.err || GCCSECOPT="-pie -fPIE $GCCSECOPT" | |
838 | rm -f "$TMPC" | |
839 | gcc $GCCSECOPT -Wl,-z,now -Wl,-z,relro -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err | |
840 | test -x $TMPC && { LDSEC="yes" ; GCCSECOPT="$GCCSECOPT -Wl,-z,now -Wl,-z,relro" ; } | |
841 | rm -f $TMPC $TMPC.c $TMPC.c.err | |
842 | echo " Compiling... $GCCSEC" | |
843 | echo " Linking... $LDSEC" | |
824 | 844 | |
825 | 845 | echo |
826 | 846 | XDEFINES="" |
1029 | 1049 | echo HYDRA_LOGO= >> Makefile |
1030 | 1050 | echo PWI_LOGO= >> Makefile |
1031 | 1051 | fi |
1052 | if [ "$GCCSEC" = "yes" ]; then | |
1053 | echo "SEC=$GCCSECOPT" >> Makefile | |
1054 | else | |
1055 | echo "SEC=" >> Makefile | |
1056 | fi | |
1057 | echo >> Makefile | |
1032 | 1058 | if [ "x$NOSTRIP" = "x" ]; then |
1033 | 1059 | cat Makefile.am >> Makefile |
1034 | 1060 | else |
171 | 171 | return; |
172 | 172 | } |
173 | 173 | |
174 | void des(inblock, outblock) | |
175 | unsigned char *inblock, *outblock; | |
176 | { | |
174 | void des(unsigned char *inblock, unsigned char *outblock) { | |
177 | 175 | unsigned long work[2]; |
178 | 176 | |
179 | 177 | scrunch(inblock, work); |
110 | 110 | |
111 | 111 | generate () |
112 | 112 | { |
113 | HYDRAFILE=`echo dpl4hydra_${BRAND}.lst | sed 's/ /_/g'` | |
113 | HYDRAFILE=`echo "dpl4hydra_${BRAND}.lst" | tr '/ =:@\\|;<>"'"'" '_____________'` | |
114 | 114 | |
115 | 115 | if [ ! -r $FULLFILE ]; then |
116 | 116 | echo |
132 | 132 | cat $FULLFILE 2>/dev/null | grep -i "$PATTERN" | awk -F"," '{ print $5":"$6 }' | sed 's/^[ \t]*//' | sed 's/[ \t]*$//' | sort | uniq > $HYDRAFILE |
133 | 133 | |
134 | 134 | ENTRIES=`wc -l $HYDRAFILE | awk '{ print $1 }'` |
135 | if [ $ENTRIES -eq 0 ]; then | |
135 | if [ "$ENTRIES" -eq 0 ]; then | |
136 | 136 | rm -f $HYDRAFILE |
137 | 137 | echo |
138 | 138 | echo "ERROR: No matching entries found for $BRAND systems." >&2 |
140 | 140 | echo |
141 | 141 | exit 1 |
142 | 142 | else |
143 | if [ $ENTRIES -eq 1 ]; then | |
143 | if [ "$ENTRIES" -eq 1 ]; then | |
144 | 144 | echo |
145 | 145 | echo "File $HYDRAFILE was created with one entry." |
146 | 146 | echo |
180 | 180 | "-a" | "all" | "-all" | "--all") PATTERN="," |
181 | 181 | BRAND="all" |
182 | 182 | generate;; |
183 | *) PATTERN="^${OPT}," | |
184 | BRAND=$OPT | |
183 | *) PATTERN="${OPT}" | |
184 | BRAND="$OPT" | |
185 | 185 | generate;; |
186 | 186 | esac |
6914 | 6914 | zyxel,linux,4,http://192.168.1.1:8080,user,mr37net,root,-, |
6915 | 6915 | zyxel,p-660hw,t1,http://192.168.1.1,,,admin,, |
6916 | 6916 | zyxel,zyxer,cable moden,http:192.168.1.1:8080,webadmin,1234,user,desprogamado, |
6917 | siemens s7-300,,,,,',,, | |
6918 | siemens s7-300,,,,,'',,, | |
6919 | siemens s7-300,,,,,''',,, | |
6920 | siemens s7-300,,,,,'''',,, | |
6921 | siemens s7-300,,,,,''''',,, | |
6922 | siemens s7-300,,,,,'''''',,, | |
6923 | siemens s7-300,,,,,''''''',,, | |
6924 | siemens s7-300,,,,,'''''''',,, | |
6925 | siemens s7-300,,,,,-,,, | |
6926 | siemens s7-300,,,,,--,,, | |
6927 | siemens s7-300,,,,,---,,, | |
6928 | siemens s7-300,,,,,----,,, | |
6929 | siemens s7-300,,,,,-----,,, | |
6930 | siemens s7-300,,,,,------,,, | |
6931 | siemens s7-300,,,,,-------,,, | |
6932 | siemens s7-300,,,,,--------,,, | |
6933 | siemens s7-300,,,,,!manage,,, | |
6934 | siemens s7-300,,,,,!MANAGE,,, | |
6935 | siemens s7-300,,,,,$secure$,,, | |
6936 | siemens s7-300,,,,,*,,, | |
6937 | siemens s7-300,,,,,**,,, | |
6938 | siemens s7-300,,,,,***,,, | |
6939 | siemens s7-300,,,,,****,,, | |
6940 | siemens s7-300,,,,,*****,,, | |
6941 | siemens s7-300,,,,,******,,, | |
6942 | siemens s7-300,,,,,*******,,, | |
6943 | siemens s7-300,,,,,********,,, | |
6944 | siemens s7-300,,,,,,,,, | |
6945 | siemens s7-300,,,,,,,,,, | |
6946 | siemens s7-300,,,,,,,,,,, | |
6947 | siemens s7-300,,,,,,,,,,,, | |
6948 | siemens s7-300,,,,,,,,,,,,, | |
6949 | siemens s7-300,,,,,,,,,,,,,, | |
6950 | siemens s7-300,,,,,,,,,,,,,,, | |
6951 | siemens s7-300,,,,,,,,,,,,,,,, | |
6952 | siemens s7-300,,,,,.,,, | |
6953 | siemens s7-300,,,,,..,,, | |
6954 | siemens s7-300,,,,,...,,, | |
6955 | siemens s7-300,,,,,....,,, | |
6956 | siemens s7-300,,,,,.....,,, | |
6957 | siemens s7-300,,,,,......,,, | |
6958 | siemens s7-300,,,,,.......,,, | |
6959 | siemens s7-300,,,,,........,,, | |
6960 | siemens s7-300,,,,,/,,, | |
6961 | siemens s7-300,,,,,//,,, | |
6962 | siemens s7-300,,,,,///,,, | |
6963 | siemens s7-300,,,,,////,,, | |
6964 | siemens s7-300,,,,,/////,,, | |
6965 | siemens s7-300,,,,,//////,,, | |
6966 | siemens s7-300,,,,,///////,,, | |
6967 | siemens s7-300,,,,,////////,,, | |
6968 | siemens s7-300,,,,,;,,, | |
6969 | siemens s7-300,,,,,;;,,, | |
6970 | siemens s7-300,,,,,;;;,,, | |
6971 | siemens s7-300,,,,,;;;;,,, | |
6972 | siemens s7-300,,,,,;;;;;,,, | |
6973 | siemens s7-300,,,,,;;;;;;,,, | |
6974 | siemens s7-300,,,,,;;;;;;;,,, | |
6975 | siemens s7-300,,,,,;;;;;;;;,,, | |
6976 | siemens s7-300,,,,,@#$123,,, | |
6977 | siemens s7-300,,,,,[,,, | |
6978 | siemens s7-300,,,,,[[,,, | |
6979 | siemens s7-300,,,,,[[[,,, | |
6980 | siemens s7-300,,,,,[[[[,,, | |
6981 | siemens s7-300,,,,,[[[[[,,, | |
6982 | siemens s7-300,,,,,[[[[[[,,, | |
6983 | siemens s7-300,,,,,[[[[[[[,,, | |
6984 | siemens s7-300,,,,,[[[[[[[[,,, | |
6985 | siemens s7-300,,,,,],,, | |
6986 | siemens s7-300,,,,,]],,, | |
6987 | siemens s7-300,,,,,]]],,, | |
6988 | siemens s7-300,,,,,]]]],,, | |
6989 | siemens s7-300,,,,,]]]]],,, | |
6990 | siemens s7-300,,,,,]]]]]],,, | |
6991 | siemens s7-300,,,,,]]]]]]],,, | |
6992 | siemens s7-300,,,,,]]]]]]]],,, | |
6993 | siemens s7-300,,,,,_Cisco,,, | |
6994 | siemens s7-300,,,,,`,,, | |
6995 | siemens s7-300,,,,,``,,, | |
6996 | siemens s7-300,,,,,```,,, | |
6997 | siemens s7-300,,,,,````,,, | |
6998 | siemens s7-300,,,,,`````,,, | |
6999 | siemens s7-300,,,,,``````,,, | |
7000 | siemens s7-300,,,,,```````,,, | |
7001 | siemens s7-300,,,,,````````,,, | |
7002 | siemens s7-300,,,,,+,,, | |
7003 | siemens s7-300,,,,,++,,, | |
7004 | siemens s7-300,,,,,+++,,, | |
7005 | siemens s7-300,,,,,++++,,, | |
7006 | siemens s7-300,,,,,+++++,,, | |
7007 | siemens s7-300,,,,,++++++,,, | |
7008 | siemens s7-300,,,,,+++++++,,, | |
7009 | siemens s7-300,,,,,++++++++,,, | |
7010 | siemens s7-300,,,,,=,,, | |
7011 | siemens s7-300,,,,,==,,, | |
7012 | siemens s7-300,,,,,===,,, | |
7013 | siemens s7-300,,,,,====,,, | |
7014 | siemens s7-300,,,,,=====,,, | |
7015 | siemens s7-300,,,,,======,,, | |
7016 | siemens s7-300,,,,,=======,,, | |
7017 | siemens s7-300,,,,,========,,, | |
7018 | siemens s7-300,,,,,0,,, | |
7019 | siemens s7-300,,,,,00,,, | |
7020 | siemens s7-300,,,,,000,,, | |
7021 | siemens s7-300,,,,,0000,,, | |
7022 | siemens s7-300,,,,,00000,,, | |
7023 | siemens s7-300,,,,,000000,,, | |
7024 | siemens s7-300,,,,,0000000,,, | |
7025 | siemens s7-300,,,,,00000000,,, | |
7026 | siemens s7-300,,,,,00000001,,, | |
7027 | siemens s7-300,,,,,0000001,,, | |
7028 | siemens s7-300,,,,,000001,,, | |
7029 | siemens s7-300,,,,,00001,,, | |
7030 | siemens s7-300,,,,,0001,,, | |
7031 | siemens s7-300,,,,,001,,, | |
7032 | siemens s7-300,,,,,050952,,, | |
7033 | siemens s7-300,,,,,0P3N,,, | |
7034 | siemens s7-300,,,,,1,,, | |
7035 | siemens s7-300,,,,,100,,, | |
7036 | siemens s7-300,,,,,1000,,, | |
7037 | siemens s7-300,,,,,10000,,, | |
7038 | siemens s7-300,,,,,100000,,, | |
7039 | siemens s7-300,,,,,1000000,,, | |
7040 | siemens s7-300,,,,,10000000,,, | |
7041 | siemens s7-300,,,,,10041979,,, | |
7042 | siemens s7-300,,,,,1064,,, | |
7043 | siemens s7-300,,,,,11,,, | |
7044 | siemens s7-300,,,,,111,,, | |
7045 | siemens s7-300,,,,,1111,,, | |
7046 | siemens s7-300,,,,,11111,,, | |
7047 | siemens s7-300,,,,,111111,,, | |
7048 | siemens s7-300,,,,,1111111,,, | |
7049 | siemens s7-300,,,,,11111111,,, | |
7050 | siemens s7-300,,,,,11112222,,, | |
7051 | siemens s7-300,,,,,112233,,, | |
7052 | siemens s7-300,,,,,11223344,,, | |
7053 | siemens s7-300,,,,,123,,, | |
7054 | siemens s7-300,,,,,123123,,, | |
7055 | siemens s7-300,,,,,12314500,,, | |
7056 | siemens s7-300,,,,,123321,,, | |
7057 | siemens s7-300,,,,,1234,,, | |
7058 | siemens s7-300,,,,,12344321,,, | |
7059 | siemens s7-300,,,,,12345,,, | |
7060 | siemens s7-300,,,,,123456,,, | |
7061 | siemens s7-300,,,,,1234567,,, | |
7062 | siemens s7-300,,,,,12345678,,, | |
7063 | siemens s7-300,,,,,12348765,,, | |
7064 | siemens s7-300,,,,,123654,,, | |
7065 | siemens s7-300,,,,,123asd,,, | |
7066 | siemens s7-300,,,,,123ASD,,, | |
7067 | siemens s7-300,,,,,123qwe,,, | |
7068 | siemens s7-300,,,,,123QWE,,, | |
7069 | siemens s7-300,,,,,1246,,, | |
7070 | siemens s7-300,,,,,128bit,,, | |
7071 | siemens s7-300,,,,,128BIT,,, | |
7072 | siemens s7-300,,,,,1313,,, | |
7073 | siemens s7-300,,,,,1502,,, | |
7074 | siemens s7-300,,,,,151298,,, | |
7075 | siemens s7-300,,,,,166816,,, | |
7076 | siemens s7-300,,,,,180497,,, | |
7077 | siemens s7-300,,,,,1890agb,,, | |
7078 | siemens s7-300,,,,,1890AGB,,, | |
7079 | siemens s7-300,,,,,1954,,, | |
7080 | siemens s7-300,,,,,1G2W3E,,, | |
7081 | siemens s7-300,,,,,1q2w3e,,, | |
7082 | siemens s7-300,,,,,2,,, | |
7083 | siemens s7-300,,,,,21,,, | |
7084 | siemens s7-300,,,,,21241036,,, | |
7085 | siemens s7-300,,,,,2128506,,, | |
7086 | siemens s7-300,,,,,22,,, | |
7087 | siemens s7-300,,,,,222,,, | |
7088 | siemens s7-300,,,,,2222,,, | |
7089 | siemens s7-300,,,,,22222,,, | |
7090 | siemens s7-300,,,,,222222,,, | |
7091 | siemens s7-300,,,,,2222222,,, | |
7092 | siemens s7-300,,,,,22222222,,, | |
7093 | siemens s7-300,,,,,266344,,, | |
7094 | siemens s7-300,,,,,281067,,, | |
7095 | siemens s7-300,,,,,281068,,, | |
7096 | siemens s7-300,,,,,2BW9,,, | |
7097 | siemens s7-300,,,,,2WSXcder,,, | |
7098 | siemens s7-300,,,,,3,,, | |
7099 | siemens s7-300,,,,,31994,,, | |
7100 | siemens s7-300,,,,,321,,, | |
7101 | siemens s7-300,,,,,33,,, | |
7102 | siemens s7-300,,,,,333,,, | |
7103 | siemens s7-300,,,,,3333,,, | |
7104 | siemens s7-300,,,,,33333,,, | |
7105 | siemens s7-300,,,,,333333,,, | |
7106 | siemens s7-300,,,,,3333333,,, | |
7107 | siemens s7-300,,,,,33333333,,, | |
7108 | siemens s7-300,,,,,3477,,, | |
7109 | siemens s7-300,,,,,355025,,, | |
7110 | siemens s7-300,,,,,3597,,, | |
7111 | siemens s7-300,,,,,3ascotel,,, | |
7112 | siemens s7-300,,,,,3ASCOTEL,,, | |
7113 | siemens s7-300,,,,,3ep5w2u,,, | |
7114 | siemens s7-300,,,,,3orro,,, | |
7115 | siemens s7-300,,,,,3ORRO,,, | |
7116 | siemens s7-300,,,,,3ware,,, | |
7117 | siemens s7-300,,,,,3WARE,,, | |
7118 | siemens s7-300,,,,,4,,, | |
7119 | siemens s7-300,,,,,42296795,,, | |
7120 | siemens s7-300,,,,,4321,,, | |
7121 | siemens s7-300,,,,,44,,, | |
7122 | siemens s7-300,,,,,444,,, | |
7123 | siemens s7-300,,,,,4444,,, | |
7124 | siemens s7-300,,,,,44444,,, | |
7125 | siemens s7-300,,,,,444444,,, | |
7126 | siemens s7-300,,,,,4444444,,, | |
7127 | siemens s7-300,,,,,44444444,,, | |
7128 | siemens s7-300,,,,,4ert,,, | |
7129 | siemens s7-300,,,,,4ERT,,, | |
7130 | siemens s7-300,,,,,4G5K,,, | |
7131 | siemens s7-300,,,,,4G7S,,, | |
7132 | siemens s7-300,,,,,4getme2,,, | |
7133 | siemens s7-300,,,,,4tas,,, | |
7134 | siemens s7-300,,,,,4TAS,,, | |
7135 | siemens s7-300,,,,,5,,, | |
7136 | siemens s7-300,,,,,5001,,, | |
7137 | siemens s7-300,,,,,5150,,, | |
7138 | siemens s7-300,,,,,5201314,,, | |
7139 | siemens s7-300,,,,,54321,,, | |
7140 | siemens s7-300,,,,,55,,, | |
7141 | siemens s7-300,,,,,55055,,, | |
7142 | siemens s7-300,,,,,555,,, | |
7143 | siemens s7-300,,,,,5555,,, | |
7144 | siemens s7-300,,,,,55555,,, | |
7145 | siemens s7-300,,,,,555555,,, | |
7146 | siemens s7-300,,,,,5555555,,, | |
7147 | siemens s7-300,,,,,55555555,,, | |
7148 | siemens s7-300,,,,,56789,,, | |
7149 | siemens s7-300,,,,,5693,,, | |
7150 | siemens s7-300,,,,,5777364,,, | |
7151 | siemens s7-300,,,,,5860,,, | |
7152 | siemens s7-300,,,,,589589,,, | |
7153 | siemens s7-300,,,,,6,,, | |
7154 | siemens s7-300,,,,,60587,,, | |
7155 | siemens s7-300,,,,,654321,,, | |
7156 | siemens s7-300,,,,,66,,, | |
7157 | siemens s7-300,,,,,666,,, | |
7158 | siemens s7-300,,,,,6666,,, | |
7159 | siemens s7-300,,,,,66666,,, | |
7160 | siemens s7-300,,,,,666666,,, | |
7161 | siemens s7-300,,,,,6666666,,, | |
7162 | siemens s7-300,,,,,66666666,,, | |
7163 | siemens s7-300,,,,,66808920,,, | |
7164 | siemens s7-300,,,,,6969,,, | |
7165 | siemens s7-300,,,,,7,,, | |
7166 | siemens s7-300,,,,,7654321,,, | |
7167 | siemens s7-300,,,,,77,,, | |
7168 | siemens s7-300,,,,,777,,, | |
7169 | siemens s7-300,,,,,7777,,, | |
7170 | siemens s7-300,,,,,77777,,, | |
7171 | siemens s7-300,,,,,777777,,, | |
7172 | siemens s7-300,,,,,7777777,,, | |
7173 | siemens s7-300,,,,,77777777,,, | |
7174 | siemens s7-300,,,,,7SH4,,, | |
7175 | siemens s7-300,,,,,8,,, | |
7176 | siemens s7-300,,,,,8111,,, | |
7177 | siemens s7-300,,,,,8429,,, | |
7178 | siemens s7-300,,,,,851141,,, | |
7179 | siemens s7-300,,,,,86844,,, | |
7180 | siemens s7-300,,,,,8746550,,, | |
7181 | siemens s7-300,,,,,87654321,,, | |
7182 | siemens s7-300,,,,,88,,, | |
7183 | siemens s7-300,,,,,888,,, | |
7184 | siemens s7-300,,,,,8888,,, | |
7185 | siemens s7-300,,,,,88888,,, | |
7186 | siemens s7-300,,,,,888888,,, | |
7187 | siemens s7-300,,,,,8888888,,, | |
7188 | siemens s7-300,,,,,88888888,,, | |
7189 | siemens s7-300,,,,,88981684,,, | |
7190 | siemens s7-300,,,,,9,,, | |
7191 | siemens s7-300,,,,,901100,,, | |
7192 | siemens s7-300,,,,,99,,, | |
7193 | siemens s7-300,,,,,999,,, | |
7194 | siemens s7-300,,,,,9999,,, | |
7195 | siemens s7-300,,,,,99999,,, | |
7196 | siemens s7-300,,,,,999999,,, | |
7197 | siemens s7-300,,,,,9999999,,, | |
7198 | siemens s7-300,,,,,99999999,,, | |
7199 | siemens s7-300,,,,,9W5K,,, | |
7200 | siemens s7-300,,,,,a,,, | |
7201 | siemens s7-300,,,,,A,,, | |
7202 | siemens s7-300,,,,,a/d,,, | |
7203 | siemens s7-300,,,,,A/D,,, | |
7204 | siemens s7-300,,,,,aa,,, | |
7205 | siemens s7-300,,,,,AA,,, | |
7206 | siemens s7-300,,,,,aaa,,, | |
7207 | siemens s7-300,,,,,AAA,,, | |
7208 | siemens s7-300,,,,,aaaa,,, | |
7209 | siemens s7-300,,,,,AAAA,,, | |
7210 | siemens s7-300,,,,,aaaaa,,, | |
7211 | siemens s7-300,,,,,AAAAA,,, | |
7212 | siemens s7-300,,,,,aaaaaa,,, | |
7213 | siemens s7-300,,,,,AAAAAA,,, | |
7214 | siemens s7-300,,,,,aaaaaaa,,, | |
7215 | siemens s7-300,,,,,AAAAAAA,,, | |
7216 | siemens s7-300,,,,,aaaaaaaa,,, | |
7217 | siemens s7-300,,,,,AAAAAAAA,,, | |
7218 | siemens s7-300,,,,,aabbcc,,, | |
7219 | siemens s7-300,,,,,AABBCC,,, | |
7220 | siemens s7-300,,,,,aaeon,,, | |
7221 | siemens s7-300,,,,,AAEON,,, | |
7222 | siemens s7-300,,,,,aavid,,, | |
7223 | siemens s7-300,,,,,AAVID,,, | |
7224 | siemens s7-300,,,,,ab,,, | |
7225 | siemens s7-300,,,,,AB,,, | |
7226 | siemens s7-300,,,,,abb,,, | |
7227 | siemens s7-300,,,,,ABB,,, | |
7228 | siemens s7-300,,,,,abc,,, | |
7229 | siemens s7-300,,,,,ABC,,, | |
7230 | siemens s7-300,,,,,abc123,,, | |
7231 | siemens s7-300,,,,,ABC123,,, | |
7232 | siemens s7-300,,,,,abcd,,, | |
7233 | siemens s7-300,,,,,ABCD,,, | |
7234 | siemens s7-300,,,,,abcde,,, | |
7235 | siemens s7-300,,,,,ABCDE,,, | |
7236 | siemens s7-300,,,,,ABCDEF,,, | |
7237 | siemens s7-300,,,,,abcdefg,,, | |
7238 | siemens s7-300,,,,,ABCDEFG,,, | |
7239 | siemens s7-300,,,,,abcdefgh,,, | |
7240 | siemens s7-300,,,,,ABCDEFGH,,, | |
7241 | siemens s7-300,,,,,abelconn,,, | |
7242 | siemens s7-300,,,,,ABELCONN,,, | |
7243 | siemens s7-300,,,,,abov,,, | |
7244 | siemens s7-300,,,,,ABOV,,, | |
7245 | siemens s7-300,,,,,abracon,,, | |
7246 | siemens s7-300,,,,,ABRACON,,, | |
7247 | siemens s7-300,,,,,absopuls,,, | |
7248 | siemens s7-300,,,,,ABSOPULS,,, | |
7249 | siemens s7-300,,,,,abtech,,, | |
7250 | siemens s7-300,,,,,ABTECH,,, | |
7251 | siemens s7-300,,,,,abunlock,,, | |
7252 | siemens s7-300,,,,,ABUNLOCK,,, | |
7253 | siemens s7-300,,,,,acam,,, | |
7254 | siemens s7-300,,,,,ACAM,,, | |
7255 | siemens s7-300,,,,,acc,,, | |
7256 | siemens s7-300,,,,,ACC,,, | |
7257 | siemens s7-300,,,,,access,,, | |
7258 | siemens s7-300,,,,,ACCESS,,, | |
7259 | siemens s7-300,,,,,accord,,, | |
7260 | siemens s7-300,,,,,ACCORD,,, | |
7261 | siemens s7-300,,,,,acon,,, | |
7262 | siemens s7-300,,,,,ACON,,, | |
7263 | siemens s7-300,,,,,acopian,,, | |
7264 | siemens s7-300,,,,,ACOPIAN,,, | |
7265 | siemens s7-300,,,,,acp,,, | |
7266 | siemens s7-300,,,,,ACP,,, | |
7267 | siemens s7-300,,,,,actel,,, | |
7268 | siemens s7-300,,,,,ACTEL,,, | |
7269 | siemens s7-300,,,,,activex,,, | |
7270 | siemens s7-300,,,,,ACTIVEX,,, | |
7271 | siemens s7-300,,,,,adactus,,, | |
7272 | siemens s7-300,,,,,ADACTUS,,, | |
7273 | siemens s7-300,,,,,adam,,, | |
7274 | siemens s7-300,,,,,ADAM,,, | |
7275 | siemens s7-300,,,,,adc,,, | |
7276 | siemens s7-300,,,,,ADC,,, | |
7277 | siemens s7-300,,,,,adcdef,,, | |
7278 | siemens s7-300,,,,,adda,,, | |
7279 | siemens s7-300,,,,,ADDA,,, | |
7280 | siemens s7-300,,,,,adels,,, | |
7281 | siemens s7-300,,,,,ADELS,,, | |
7282 | siemens s7-300,,,,,adfexc,,, | |
7283 | siemens s7-300,,,,,ADFEXC,,, | |
7284 | siemens s7-300,,,,,adi,,, | |
7285 | siemens s7-300,,,,,ADI,,, | |
7286 | siemens s7-300,,,,,admin,,, | |
7287 | siemens s7-300,,,,,ADMIN,,, | |
7288 | siemens s7-300,,,,,admin123,,, | |
7289 | siemens s7-300,,,,,ADMIN123,,, | |
7290 | siemens s7-300,,,,,adminttd,,, | |
7291 | siemens s7-300,,,,,ADMINTTD,,, | |
7292 | siemens s7-300,,,,,adslroot,,, | |
7293 | siemens s7-300,,,,,ADSLROOT,,, | |
7294 | siemens s7-300,,,,,adtran,,, | |
7295 | siemens s7-300,,,,,ADTRAN,,, | |
7296 | siemens s7-300,,,,,advanced,,, | |
7297 | siemens s7-300,,,,,ADVANCED,,, | |
7298 | siemens s7-300,,,,,advantec,,, | |
7299 | siemens s7-300,,,,,ADVANTEC,,, | |
7300 | siemens s7-300,,,,,aeg mis,,, | |
7301 | siemens s7-300,,,,,AEG MIS,,, | |
7302 | siemens s7-300,,,,,aeg,,, | |
7303 | siemens s7-300,,,,,AEG,,, | |
7304 | siemens s7-300,,,,,AEM,,, | |
7305 | siemens s7-300,,,,,aem,,, | |
7306 | siemens s7-300,,,,,aeroflex,,, | |
7307 | siemens s7-300,,,,,Aeroflex,,, | |
7308 | siemens s7-300,,,,,AEROFLEX,,, | |
7309 | siemens s7-300,,,,,aft,,, | |
7310 | siemens s7-300,,,,,AFT,,, | |
7311 | siemens s7-300,,,,,aitech,,, | |
7312 | siemens s7-300,,,,,AITECH,,, | |
7313 | siemens s7-300,,,,,akiwa,,, | |
7314 | siemens s7-300,,,,,AKIWA,,, | |
7315 | siemens s7-300,,,,,albright,,, | |
7316 | siemens s7-300,,,,,ALBRIGHT,,, | |
7317 | siemens s7-300,,,,,alcor,,, | |
7318 | siemens s7-300,,,,,ALCOR,,, | |
7319 | siemens s7-300,,,,,aleph,,, | |
7320 | siemens s7-300,,,,,ALEPH,,, | |
7321 | siemens s7-300,,,,,ALFA,,, | |
7322 | siemens s7-300,,,,,alfaMag,,, | |
7323 | siemens s7-300,,,,,ALFAMAG,,, | |
7324 | siemens s7-300,,,,,alfa'r,,, | |
7325 | siemens s7-300,,,,,ALFA'R,,, | |
7326 | siemens s7-300,,,,,alfatron,,, | |
7327 | siemens s7-300,,,,,ALFATRON,,, | |
7328 | siemens s7-300,,,,,ali,,, | |
7329 | siemens s7-300,,,,,ALI,,, | |
7330 | siemens s7-300,,,,,all,,, | |
7331 | siemens s7-300,,,,,ALL,,, | |
7332 | siemens s7-300,,,,,allegro,,, | |
7333 | siemens s7-300,,,,,ALLEGRO,,, | |
7334 | siemens s7-300,,,,,allen,,, | |
7335 | siemens s7-300,,,,,ALLEN,,, | |
7336 | siemens s7-300,,,,,alliance,,, | |
7337 | siemens s7-300,,,,,ALLIANCE,,, | |
7338 | siemens s7-300,,,,,allied,,, | |
7339 | siemens s7-300,,,,,ALLIED,,, | |
7340 | siemens s7-300,,,,,alpha,,, | |
7341 | siemens s7-300,,,,,alpha,,, | |
7342 | siemens s7-300,,,,,alpine,,, | |
7343 | siemens s7-300,,,,,ALPINE,,, | |
7344 | siemens s7-300,,,,,alps,,, | |
7345 | siemens s7-300,,,,,ALPS,,, | |
7346 | siemens s7-300,,,,,altera,,, | |
7347 | siemens s7-300,,,,,ALTERA,,, | |
7348 | siemens s7-300,,,,,amber,,, | |
7349 | siemens s7-300,,,,,AMBER,,, | |
7350 | siemens s7-300,,,,,amd,,, | |
7351 | siemens s7-300,,,,,AMD,,, | |
7352 | siemens s7-300,,,,,american,,, | |
7353 | siemens s7-300,,,,,AMERICAN,,, | |
7354 | siemens s7-300,,,,,ametherm,,, | |
7355 | siemens s7-300,,,,,AMETHERM,,, | |
7356 | siemens s7-300,,,,,ami,,, | |
7357 | siemens s7-300,,,,,AMI,,, | |
7358 | siemens s7-300,,,,,amic,,, | |
7359 | siemens s7-300,,,,,AMIC,,, | |
7360 | siemens s7-300,,,,,amis,,, | |
7361 | siemens s7-300,,,,,AMIS,,, | |
7362 | siemens s7-300,,,,,ammc,,, | |
7363 | siemens s7-300,,,,,AMMC,,, | |
7364 | siemens s7-300,,,,,amp,,, | |
7365 | siemens s7-300,,,,,AMP,,, | |
7366 | siemens s7-300,,,,,amperite,,, | |
7367 | siemens s7-300,,,,,AMPERITE,,, | |
7368 | siemens s7-300,,,,,amphenol,,, | |
7369 | siemens s7-300,,,,,AMPHENOL,,, | |
7370 | siemens s7-300,,,,,ampire,,, | |
7371 | siemens s7-300,,,,,AMPIRE,,, | |
7372 | siemens s7-300,,,,,amt,,, | |
7373 | siemens s7-300,,,,,AMT,,, | |
7374 | siemens s7-300,,,,,anachip,,, | |
7375 | siemens s7-300,,,,,ANACHIP,,, | |
7376 | siemens s7-300,,,,,anadigic,,, | |
7377 | siemens s7-300,,,,,ANADIGIC,,, | |
7378 | siemens s7-300,,,,,anadigm,,, | |
7379 | siemens s7-300,,,,,ANADIGM,,, | |
7380 | siemens s7-300,,,,,analog,,, | |
7381 | siemens s7-300,,,,,ANALOG,,, | |
7382 | siemens s7-300,,,,,analogic,,, | |
7383 | siemens s7-300,,,,,ANALOGIC,,, | |
7384 | siemens s7-300,,,,,anaren,,, | |
7385 | siemens s7-300,,,,,ANAREN,,, | |
7386 | siemens s7-300,,,,,angel,,, | |
7387 | siemens s7-300,,,,,ANGEL,,, | |
7388 | siemens s7-300,,,,,angle,,, | |
7389 | siemens s7-300,,,,,ANGLE,,, | |
7390 | siemens s7-300,,,,,anicust,,, | |
7391 | siemens s7-300,,,,,ANICUST,,, | |
7392 | siemens s7-300,,,,,anla,,, | |
7393 | siemens s7-300,,,,,ANLA,,, | |
7394 | siemens s7-300,,,,,anleim,,, | |
7395 | siemens s7-300,,,,,Anleim,,, | |
7396 | siemens s7-300,,,,,ANLEIM,,, | |
7397 | siemens s7-300,,,,,anritsu,,, | |
7398 | siemens s7-300,,,,,ANRITSU,,, | |
7399 | siemens s7-300,,,,,ANS#150,,, | |
7400 | siemens s7-300,,,,,anshan,,, | |
7401 | siemens s7-300,,,,,ANSHAN,,, | |
7402 | siemens s7-300,,,,,ansmann,,, | |
7403 | siemens s7-300,,,,,ANSMANN,,, | |
7404 | siemens s7-300,,,,,any@,,, | |
7405 | siemens s7-300,,,,,anycom,,, | |
7406 | siemens s7-300,,,,,ANYCOM,,, | |
7407 | siemens s7-300,,,,,anydata,,, | |
7408 | siemens s7-300,,,,,ANYDATA,,, | |
7409 | siemens s7-300,,,,,anyone,,, | |
7410 | siemens s7-300,,,,,ANYONE,,, | |
7411 | siemens s7-300,,,,,anyway,,, | |
7412 | siemens s7-300,,,,,ANYWAY,,, | |
7413 | siemens s7-300,,,,,apbodiur,,, | |
7414 | siemens s7-300,,,,,APBODIUR,,, | |
7415 | siemens s7-300,,,,,apc,,, | |
7416 | siemens s7-300,,,,,APC,,, | |
7417 | siemens s7-300,,,,,apem,,, | |
7418 | siemens s7-300,,,,,APEM,,, | |
7419 | siemens s7-300,,,,,apex,,, | |
7420 | siemens s7-300,,,,,APEX,,, | |
7421 | siemens s7-300,,,,,api,,, | |
7422 | siemens s7-300,,,,,API,,, | |
7423 | siemens s7-300,,,,,aplus,,, | |
7424 | siemens s7-300,,,,,APLUS,,, | |
7425 | siemens s7-300,,,,,apm,,, | |
7426 | siemens s7-300,,,,,APM,,, | |
7427 | siemens s7-300,,,,,a-power,,, | |
7428 | siemens s7-300,,,,,A-POWER,,, | |
7429 | siemens s7-300,,,,,app,,, | |
7430 | siemens s7-300,,,,,APP,,, | |
7431 | siemens s7-300,,,,,applied,,, | |
7432 | siemens s7-300,,,,,APPLIED,,, | |
7433 | siemens s7-300,,,,,apra,,, | |
7434 | siemens s7-300,,,,,APRA,,, | |
7435 | siemens s7-300,,,,,arsenal,,, | |
7436 | siemens s7-300,,,,,ARSENAL,,, | |
7437 | siemens s7-300,,,,,articon,,, | |
7438 | siemens s7-300,,,,,ARTICON,,, | |
7439 | siemens s7-300,,,,,asante,,, | |
7440 | siemens s7-300,,,,,Asante,,, | |
7441 | siemens s7-300,,,,,ASANTE,,, | |
7442 | siemens s7-300,,,,,ascend,,, | |
7443 | siemens s7-300,,,,,Ascend,,, | |
7444 | siemens s7-300,,,,,ASCEND,,, | |
7445 | siemens s7-300,,,,,asd,,, | |
7446 | siemens s7-300,,,,,ASD,,, | |
7447 | siemens s7-300,,,,,asdf,,, | |
7448 | siemens s7-300,,,,,ASDF,,, | |
7449 | siemens s7-300,,,,,asdfg,,, | |
7450 | siemens s7-300,,,,,ASDFG,,, | |
7451 | siemens s7-300,,,,,asdfgh,,, | |
7452 | siemens s7-300,,,,,asdfgh,,, | |
7453 | siemens s7-300,,,,,ASDFGH,,, | |
7454 | siemens s7-300,,,,,asdfghj,,, | |
7455 | siemens s7-300,,,,,ASDFGHJ,,, | |
7456 | siemens s7-300,,,,,asdfghjk,,, | |
7457 | siemens s7-300,,,,,ASDFGHJK,,, | |
7458 | siemens s7-300,,,,,asi,,, | |
7459 | siemens s7-300,,,,,ASI,,, | |
7460 | siemens s7-300,,,,,asutp,,, | |
7461 | siemens s7-300,,,,,ASUTP,,, | |
7462 | siemens s7-300,,,,,at4400,,, | |
7463 | siemens s7-300,,,,,AT4400,,, | |
7464 | siemens s7-300,,,,,atc,,, | |
7465 | siemens s7-300,,,,,atc,,, | |
7466 | siemens s7-300,,,,,ATC,,, | |
7467 | siemens s7-300,,,,,atc123,,, | |
7468 | siemens s7-300,,,,,ATC123,,, | |
7469 | siemens s7-300,,,,,atlantis,,, | |
7470 | siemens s7-300,,,,,ATLANTIS,,, | |
7471 | siemens s7-300,,,,,attack,,, | |
7472 | siemens s7-300,,,,,ATTACK,,, | |
7473 | siemens s7-300,,,,,autohors,,, | |
7474 | siemens s7-300,,,,,AUTOHORS,,, | |
7475 | siemens s7-300,,,,,azsxdc,,, | |
7476 | siemens s7-300,,,,,AZSXDC,,, | |
7477 | siemens s7-300,,,,,b,,, | |
7478 | siemens s7-300,,,,,B,,, | |
7479 | siemens s7-300,,,,,b&r,,, | |
7480 | siemens s7-300,,,,,B&R,,, | |
7481 | siemens s7-300,,,,,B2H4,,, | |
7482 | siemens s7-300,,,,,B9W3,,, | |
7483 | siemens s7-300,,,,,back,,, | |
7484 | siemens s7-300,,,,,BACK,,, | |
7485 | siemens s7-300,,,,,backdoor,,, | |
7486 | siemens s7-300,,,,,BACKDOOR,,, | |
7487 | siemens s7-300,,,,,badboy,,, | |
7488 | siemens s7-300,,,,,BADBOY,,, | |
7489 | siemens s7-300,,,,,barricade,,, | |
7490 | siemens s7-300,,,,,BARRICADE,,, | |
7491 | siemens s7-300,,,,,baseball,,, | |
7492 | siemens s7-300,,,,,BASEBALL,,, | |
7493 | siemens s7-300,,,,,bb,,, | |
7494 | siemens s7-300,,,,,BB,,, | |
7495 | siemens s7-300,,,,,bbb,,, | |
7496 | siemens s7-300,,,,,BBB,,, | |
7497 | siemens s7-300,,,,,bbbb,,, | |
7498 | siemens s7-300,,,,,BBBB,,, | |
7499 | siemens s7-300,,,,,bbbbb,,, | |
7500 | siemens s7-300,,,,,BBBBB,,, | |
7501 | siemens s7-300,,,,,bbbbbb,,, | |
7502 | siemens s7-300,,,,,BBBBBB,,, | |
7503 | siemens s7-300,,,,,bbbbbbb,,, | |
7504 | siemens s7-300,,,,,BBBBBBB,,, | |
7505 | siemens s7-300,,,,,bbbbbbbb,,, | |
7506 | siemens s7-300,,,,,BBBBBBBB,,, | |
7507 | siemens s7-300,,,,,bciimpw,,, | |
7508 | siemens s7-300,,,,,BCIIMPW,,, | |
7509 | siemens s7-300,,,,,bcimpw,,, | |
7510 | siemens s7-300,,,,,BCIMPW,,, | |
7511 | siemens s7-300,,,,,bcnaspw,,, | |
7512 | siemens s7-300,,,,,BCNASPW,,, | |
7513 | siemens s7-300,,,,,beatch,,, | |
7514 | siemens s7-300,,,,,BEATCH,,, | |
7515 | siemens s7-300,,,,,beerbeer,,, | |
7516 | siemens s7-300,,,,,BEERBEER,,, | |
7517 | siemens s7-300,,,,,betera,,, | |
7518 | siemens s7-300,,,,,BETERA,,, | |
7519 | siemens s7-300,,,,,bible,,, | |
7520 | siemens s7-300,,,,,BIBLE,,, | |
7521 | siemens s7-300,,,,,bintec,,, | |
7522 | siemens s7-300,,,,,BINTEC,,, | |
7523 | siemens s7-300,,,,,birdie,,, | |
7524 | siemens s7-300,,,,,BIRDIE,,, | |
7525 | siemens s7-300,,,,,black,,, | |
7526 | siemens s7-300,,,,,BLACK,,, | |
7527 | siemens s7-300,,,,,blaster,,, | |
7528 | siemens s7-300,,,,,BLASTER,,, | |
7529 | siemens s7-300,,,,,blender,,, | |
7530 | siemens s7-300,,,,,BLENDER,,, | |
7531 | siemens s7-300,,,,,blink,,, | |
7532 | siemens s7-300,,,,,BLINK,,, | |
7533 | siemens s7-300,,,,,blink182,,, | |
7534 | siemens s7-300,,,,,BLINK182,,, | |
7535 | siemens s7-300,,,,,bluepw,,, | |
7536 | siemens s7-300,,,,,BLUEPW,,, | |
7537 | siemens s7-300,,,,,bowling,,, | |
7538 | siemens s7-300,,,,,BOWLING,,, | |
7539 | siemens s7-300,,,,,bradley,,, | |
7540 | siemens s7-300,,,,,BRADLEY,,, | |
7541 | siemens s7-300,,,,,bridge,,, | |
7542 | siemens s7-300,,,,,BRIDGE,,, | |
7543 | siemens s7-300,,,,,bright,,, | |
7544 | siemens s7-300,,,,,BRIGHT,,, | |
7545 | siemens s7-300,,,,,c,,, | |
7546 | siemens s7-300,,,,,C,,, | |
7547 | siemens s7-300,,,,,ca01,,, | |
7548 | siemens s7-300,,,,,CA01,,, | |
7549 | siemens s7-300,,,,,cacadmin,,, | |
7550 | siemens s7-300,,,,,CACADMIN,,, | |
7551 | siemens s7-300,,,,,cactus,,, | |
7552 | siemens s7-300,,,,,CACTUS,,, | |
7553 | siemens s7-300,,,,,calvin,,, | |
7554 | siemens s7-300,,,,,CALVIN,,, | |
7555 | siemens s7-300,,,,,can,,, | |
7556 | siemens s7-300,,,,,CAN,,, | |
7557 | siemens s7-300,,,,,canbus,,, | |
7558 | siemens s7-300,,,,,CANBUS,,, | |
7559 | siemens s7-300,,,,,carolian,,, | |
7560 | siemens s7-300,,,,,CAROLIAN,,, | |
7561 | siemens s7-300,,,,,cascade,,, | |
7562 | siemens s7-300,,,,,CASCADE,,, | |
7563 | siemens s7-300,,,,,cc,,, | |
7564 | siemens s7-300,,,,,CC,,, | |
7565 | siemens s7-300,,,,,ccc,,, | |
7566 | siemens s7-300,,,,,CCC,,, | |
7567 | siemens s7-300,,,,,cccc,,, | |
7568 | siemens s7-300,,,,,CCCC,,, | |
7569 | siemens s7-300,,,,,ccccc,,, | |
7570 | siemens s7-300,,,,,CCCCC,,, | |
7571 | siemens s7-300,,,,,cccccc,,, | |
7572 | siemens s7-300,,,,,CCCCCC,,, | |
7573 | siemens s7-300,,,,,ccccccc,,, | |
7574 | siemens s7-300,,,,,CCCCCCC,,, | |
7575 | siemens s7-300,,,,,cccccccc,,, | |
7576 | siemens s7-300,,,,,CCCCCCCC,,, | |
7577 | siemens s7-300,,,,,ccrusr,,, | |
7578 | siemens s7-300,,,,,CCRUSR,,, | |
7579 | siemens s7-300,,,,,cellit,,, | |
7580 | siemens s7-300,,,,,CELLIT,,, | |
7581 | siemens s7-300,,,,,cfc,,, | |
7582 | siemens s7-300,,,,,CFC,,, | |
7583 | siemens s7-300,,,,,CHABGEME,,, | |
7584 | siemens s7-300,,,,,changeme,,, | |
7585 | siemens s7-300,,,,,CHANGEME,,, | |
7586 | siemens s7-300,,,,,changit,,, | |
7587 | siemens s7-300,,,,,CHANGIT,,, | |
7588 | siemens s7-300,,,,,charlie,,, | |
7589 | siemens s7-300,,,,,CHARLIE,,, | |
7590 | siemens s7-300,,,,,cisco,,, | |
7591 | siemens s7-300,,,,,Cisco,,, | |
7592 | siemens s7-300,,,,,CISCO,,, | |
7593 | siemens s7-300,,,,,citel,,, | |
7594 | siemens s7-300,,,,,CITEL,,, | |
7595 | siemens s7-300,,,,,client,,, | |
7596 | siemens s7-300,,,,,CLIENT,,, | |
7597 | siemens s7-300,,,,,cmaker,,, | |
7598 | siemens s7-300,,,,,CMAKER,,, | |
7599 | siemens s7-300,,,,,cms500,,, | |
7600 | siemens s7-300,,,,,CMS500,,, | |
7601 | siemens s7-300,,,,,cnas,,, | |
7602 | siemens s7-300,,,,,CNAS,,, | |
7603 | siemens s7-300,,,,,cody,,, | |
7604 | siemens s7-300,,,,,CODY,,, | |
7605 | siemens s7-300,,,,,cognos,,, | |
7606 | siemens s7-300,,,,,COGNOS,,, | |
7607 | siemens s7-300,,,,,Col2ogro2,,, | |
7608 | siemens s7-300,,,,,computer,,, | |
7609 | siemens s7-300,,,,,COMPUTER,,, | |
7610 | siemens s7-300,,,,,connect,,, | |
7611 | siemens s7-300,,,,,CONNECT,,, | |
7612 | siemens s7-300,,,,,conv,,, | |
7613 | siemens s7-300,,,,,CONV,,, | |
7614 | siemens s7-300,,,,,cool,,, | |
7615 | siemens s7-300,,,,,COOL,,, | |
7616 | siemens s7-300,,,,,corecess,,, | |
7617 | siemens s7-300,,,,,CORECESS,,, | |
7618 | siemens s7-300,,,,,cosmos,,, | |
7619 | siemens s7-300,,,,,COSMOS,,, | |
7620 | siemens s7-300,,,,,craft,,, | |
7621 | siemens s7-300,,,,,CRAFT,,, | |
7622 | siemens s7-300,,,,,craftpw,,, | |
7623 | siemens s7-300,,,,,CRAFTPW,,, | |
7624 | siemens s7-300,,,,,crftpw,,, | |
7625 | siemens s7-300,,,,,CRFTPW,,, | |
7626 | siemens s7-300,,,,,crystal,,, | |
7627 | siemens s7-300,,,,,CRYSTAL,,, | |
7628 | siemens s7-300,,,,,ct/1,,, | |
7629 | siemens s7-300,,,,,customer,,, | |
7630 | siemens s7-300,,,,,CUSTOMER,,, | |
7631 | siemens s7-300,,,,,custpw,,, | |
7632 | siemens s7-300,,,,,CUSTPW,,, | |
7633 | siemens s7-300,,,,,d,,, | |
7634 | siemens s7-300,,,,,D,,, | |
7635 | siemens s7-300,,,,,d.e.b.u.g,,, | |
7636 | siemens s7-300,,,,,d00m,,, | |
7637 | siemens s7-300,,,,,D00M,,, | |
7638 | siemens s7-300,,,,,dadmin01,,, | |
7639 | siemens s7-300,,,,,DADMIN01,,, | |
7640 | siemens s7-300,,,,,danger,,, | |
7641 | siemens s7-300,,,,,DANGER,,, | |
7642 | siemens s7-300,,,,,database,,, | |
7643 | siemens s7-300,,,,,DATABASE,,, | |
7644 | siemens s7-300,,,,,davox,,, | |
7645 | siemens s7-300,,,,,dbps,,, | |
7646 | siemens s7-300,,,,,DBPS,,, | |
7647 | siemens s7-300,,,,,dd,,, | |
7648 | siemens s7-300,,,,,DD,,, | |
7649 | siemens s7-300,,,,,ddd,,, | |
7650 | siemens s7-300,,,,,DDD,,, | |
7651 | siemens s7-300,,,,,dddd,,, | |
7652 | siemens s7-300,,,,,DDDD,,, | |
7653 | siemens s7-300,,,,,ddddd,,, | |
7654 | siemens s7-300,,,,,DDDDD,,, | |
7655 | siemens s7-300,,,,,dddddd,,, | |
7656 | siemens s7-300,,,,,DDDDDD,,, | |
7657 | siemens s7-300,,,,,ddddddd,,, | |
7658 | siemens s7-300,,,,,DDDDDDD,,, | |
7659 | siemens s7-300,,,,,dddddddd,,, | |
7660 | siemens s7-300,,,,,DDDDDDDD,,, | |
7661 | siemens s7-300,,,,,dean,,, | |
7662 | siemens s7-300,,,,,DEAN,,, | |
7663 | siemens s7-300,,,,,default,,, | |
7664 | siemens s7-300,,,,,DEFAULT,,, | |
7665 | siemens s7-300,,,,,delevan,,, | |
7666 | siemens s7-300,,,,,demo,,, | |
7667 | siemens s7-300,,,,,DEMO,,, | |
7668 | siemens s7-300,,,,,denise,,, | |
7669 | siemens s7-300,,,,,DENISE,,, | |
7670 | siemens s7-300,,,,,derparol,,, | |
7671 | siemens s7-300,,,,,DERPAROL,,, | |
7672 | siemens s7-300,,,,,DEVEVAN,,, | |
7673 | siemens s7-300,,,,,device,,, | |
7674 | siemens s7-300,,,,,DEVICE,,, | |
7675 | siemens s7-300,,,,,devices,,, | |
7676 | siemens s7-300,,,,,DEVICES,,, | |
7677 | siemens s7-300,,,,,dhs3mt,,, | |
7678 | siemens s7-300,,,,,DHS3MT,,, | |
7679 | siemens s7-300,,,,,dhs3pms,,, | |
7680 | siemens s7-300,,,,,DHS3PMS,,, | |
7681 | siemens s7-300,,,,,diabl0,,, | |
7682 | siemens s7-300,,,,,DIABL0,,, | |
7683 | siemens s7-300,,,,,diablo,,, | |
7684 | siemens s7-300,,,,,DIABLO,,, | |
7685 | siemens s7-300,,,,,diamond,,, | |
7686 | siemens s7-300,,,,,DIAMOND,,, | |
7687 | siemens s7-300,,,,,digital,,, | |
7688 | siemens s7-300,,,,,DIGITAL,,, | |
7689 | siemens s7-300,,,,,DL20,,, | |
7690 | siemens s7-300,,,,,dlink,,, | |
7691 | siemens s7-300,,,,,D-Link,,, | |
7692 | siemens s7-300,,,,,DLINK,,, | |
7693 | siemens s7-300,,,,,dollar,,, | |
7694 | siemens s7-300,,,,,DOLLAR,,, | |
7695 | siemens s7-300,,,,,doom,,, | |
7696 | siemens s7-300,,,,,DOOM,,, | |
7697 | siemens s7-300,,,,,draadloos,,, | |
7698 | siemens s7-300,,,,,DRAADLOOS,,, | |
7699 | siemens s7-300,,,,,drivees,,, | |
7700 | siemens s7-300,,,,,DRIVEES,,, | |
7701 | siemens s7-300,,,,,e,,, | |
7702 | siemens s7-300,,,,,E,,, | |
7703 | siemens s7-300,,,,,echo,,, | |
7704 | siemens s7-300,,,,,ECHO,,, | |
7705 | siemens s7-300,,,,,ee,,, | |
7706 | siemens s7-300,,,,,EE,,, | |
7707 | siemens s7-300,,,,,eee,,, | |
7708 | siemens s7-300,,,,,EEE,,, | |
7709 | siemens s7-300,,,,,eeee,,, | |
7710 | siemens s7-300,,,,,EEEE,,, | |
7711 | siemens s7-300,,,,,eeeee,,, | |
7712 | siemens s7-300,,,,,EEEEE,,, | |
7713 | siemens s7-300,,,,,eeeeee,,, | |
7714 | siemens s7-300,,,,,EEEEEE,,, | |
7715 | siemens s7-300,,,,,eeeeeee,,, | |
7716 | siemens s7-300,,,,,EEEEEEE,,, | |
7717 | siemens s7-300,,,,,eeeeeeee,,, | |
7718 | siemens s7-300,,,,,EEEEEEEE,,, | |
7719 | siemens s7-300,,,,,EGDFV,,, | |
7720 | siemens s7-300,,,,,electrin,,, | |
7721 | siemens s7-300,,,,,ELECTRIN,,, | |
7722 | siemens s7-300,,,,,elvis,,, | |
7723 | siemens s7-300,,,,,ELVIS,,, | |
7724 | siemens s7-300,,,,,enable,,, | |
7725 | siemens s7-300,,,,,ENABLE,,, | |
7726 | siemens s7-300,,,,,energy,,, | |
7727 | siemens s7-300,,,,,ENERGY,,, | |
7728 | siemens s7-300,,,,,engineer,,, | |
7729 | siemens s7-300,,,,,ENGINEER,,, | |
7730 | siemens s7-300,,,,,eqdfv,,, | |
7731 | siemens s7-300,,,,,err0r,,, | |
7732 | siemens s7-300,,,,,ERR0R,,, | |
7733 | siemens s7-300,,,,,error,,, | |
7734 | siemens s7-300,,,,,evening,,, | |
7735 | siemens s7-300,,,,,EVENING,,, | |
7736 | siemens s7-300,,,,,Exabyte,,, | |
7737 | siemens s7-300,,,,,EXABYTE,,, | |
7738 | siemens s7-300,,,,,expert03,,, | |
7739 | siemens s7-300,,,,,EXPERT03,,, | |
7740 | siemens s7-300,,,,,f,,, | |
7741 | siemens s7-300,,,,,F,,, | |
7742 | siemens s7-300,,,,,father,,, | |
7743 | siemens s7-300,,,,,FATHER,,, | |
7744 | siemens s7-300,,,,,fbd,,, | |
7745 | siemens s7-300,,,,,FBD,,, | |
7746 | siemens s7-300,,,,,ff,,, | |
7747 | siemens s7-300,,,,,FF,,, | |
7748 | siemens s7-300,,,,,fff,,, | |
7749 | siemens s7-300,,,,,FFF,,, | |
7750 | siemens s7-300,,,,,ffff,,, | |
7751 | siemens s7-300,,,,,FFFF,,, | |
7752 | siemens s7-300,,,,,fffff,,, | |
7753 | siemens s7-300,,,,,FFFFF,,, | |
7754 | siemens s7-300,,,,,ffffff,,, | |
7755 | siemens s7-300,,,,,FFFFFF,,, | |
7756 | siemens s7-300,,,,,fffffff,,, | |
7757 | siemens s7-300,,,,,FFFFFFF,,, | |
7758 | siemens s7-300,,,,,ffffffff,,, | |
7759 | siemens s7-300,,,,,FFFFFFFF,,, | |
7760 | siemens s7-300,,,,,field,,, | |
7761 | siemens s7-300,,,,,FIELD,,, | |
7762 | siemens s7-300,,,,,fire,,, | |
7763 | siemens s7-300,,,,,FIRE,,, | |
7764 | siemens s7-300,,,,,Fireport,,, | |
7765 | siemens s7-300,,,,,FIREPORT,,, | |
7766 | siemens s7-300,,,,,fish,,, | |
7767 | siemens s7-300,,,,,FISH,,, | |
7768 | siemens s7-300,,,,,fivranne,,, | |
7769 | siemens s7-300,,,,,FIVRANNE,,, | |
7770 | siemens s7-300,,,,,flash,,, | |
7771 | siemens s7-300,,,,,FLASH,,, | |
7772 | siemens s7-300,,,,,flex,,, | |
7773 | siemens s7-300,,,,,FLEX,,, | |
7774 | siemens s7-300,,,,,flexible,,, | |
7775 | siemens s7-300,,,,,FLEXIBLE,,, | |
7776 | siemens s7-300,,,,,football,,, | |
7777 | siemens s7-300,,,,,FOOTBALL,,, | |
7778 | siemens s7-300,,,,,friend,,, | |
7779 | siemens s7-300,,,,,FRIEND,,, | |
7780 | siemens s7-300,,,,,fuck,,, | |
7781 | siemens s7-300,,,,,FUCK,,, | |
7782 | siemens s7-300,,,,,fuckoff,,, | |
7783 | siemens s7-300,,,,,FUCKOFF,,, | |
7784 | siemens s7-300,,,,,fuckyou,,, | |
7785 | siemens s7-300,,,,,FUCKYOU,,, | |
7786 | siemens s7-300,,,,,g,,, | |
7787 | siemens s7-300,,,,,G,,, | |
7788 | siemens s7-300,,,,,g00gle,,, | |
7789 | siemens s7-300,,,,,G00GLE,,, | |
7790 | siemens s7-300,,,,,G0F9,,, | |
7791 | siemens s7-300,,,,,G0K1,,, | |
7792 | siemens s7-300,,,,,G6K6,,, | |
7793 | siemens s7-300,,,,,gama,,, | |
7794 | siemens s7-300,,,,,GAMA,,, | |
7795 | siemens s7-300,,,,,ganteng,,, | |
7796 | siemens s7-300,,,,,GAWSED,,, | |
7797 | siemens s7-300,,,,,Geardog,,, | |
7798 | siemens s7-300,,,,,GEARDOG,,, | |
7799 | siemens s7-300,,,,,gen1,,, | |
7800 | siemens s7-300,,,,,gen2,,, | |
7801 | siemens s7-300,,,,,gfcc,,, | |
7802 | siemens s7-300,,,,,GFCC,,, | |
7803 | siemens s7-300,,,,,gfccdjhl,,, | |
7804 | siemens s7-300,,,,,GFCCDJHL,,, | |
7805 | siemens s7-300,,,,,gfhjkm,,, | |
7806 | siemens s7-300,,,,,gfhjkm,,, | |
7807 | siemens s7-300,,,,,GFHJKM,,, | |
7808 | siemens s7-300,,,,,gg,,, | |
7809 | siemens s7-300,,,,,GG,,, | |
7810 | siemens s7-300,,,,,ggg,,, | |
7811 | siemens s7-300,,,,,GGG,,, | |
7812 | siemens s7-300,,,,,gggg,,, | |
7813 | siemens s7-300,,,,,GGGG,,, | |
7814 | siemens s7-300,,,,,ggggg,,, | |
7815 | siemens s7-300,,,,,GGGGG,,, | |
7816 | siemens s7-300,,,,,gggggg,,, | |
7817 | siemens s7-300,,,,,GGGGGG,,, | |
7818 | siemens s7-300,,,,,ggggggg,,, | |
7819 | siemens s7-300,,,,,GGGGGGG,,, | |
7820 | siemens s7-300,,,,,gggggggg,,, | |
7821 | siemens s7-300,,,,,GGGGGGGG,,, | |
7822 | siemens s7-300,,,,,ghbdtn,,, | |
7823 | siemens s7-300,,,,,GHBDTN,,, | |
7824 | siemens s7-300,,,,,GHOST,,, | |
7825 | siemens s7-300,,,,,ghost,,, | |
7826 | siemens s7-300,,,,,goal,,, | |
7827 | siemens s7-300,,,,,GOAL,,, | |
7828 | siemens s7-300,,,,,golf,,, | |
7829 | siemens s7-300,,,,,GOLF,,, | |
7830 | siemens s7-300,,,,,google,,, | |
7831 | siemens s7-300,,,,,GOOGLE,,, | |
7832 | siemens s7-300,,,,,got,,, | |
7833 | siemens s7-300,,,,,GOT,,, | |
7834 | siemens s7-300,,,,,guest,,, | |
7835 | siemens s7-300,,,,,GUEST,,, | |
7836 | siemens s7-300,,,,,h,,, | |
7837 | siemens s7-300,,,,,H,,, | |
7838 | siemens s7-300,,,,,hardware,,, | |
7839 | siemens s7-300,,,,,HARDWARE,,, | |
7840 | siemens s7-300,,,,,harley,,, | |
7841 | siemens s7-300,,,,,helen,,, | |
7842 | siemens s7-300,,,,,HELEN,,, | |
7843 | siemens s7-300,,,,,hello,,, | |
7844 | siemens s7-300,,,,,HELLO,,, | |
7845 | siemens s7-300,,,,,help,,, | |
7846 | siemens s7-300,,,,,HELP,,, | |
7847 | siemens s7-300,,,,,help1954,,, | |
7848 | siemens s7-300,,,,,HELP1954,,, | |
7849 | siemens s7-300,,,,,Helpdesk,,, | |
7850 | siemens s7-300,,,,,HELPDESK,,, | |
7851 | siemens s7-300,,,,,hexseal,,, | |
7852 | siemens s7-300,,,,,HEXSEAL,,, | |
7853 | siemens s7-300,,,,,hh,,, | |
7854 | siemens s7-300,,,,,HH,,, | |
7855 | siemens s7-300,,,,,hhh,,, | |
7856 | siemens s7-300,,,,,HHH,,, | |
7857 | siemens s7-300,,,,,hhhh,,, | |
7858 | siemens s7-300,,,,,HHHH,,, | |
7859 | siemens s7-300,,,,,hhhhh,,, | |
7860 | siemens s7-300,,,,,HHHHH,,, | |
7861 | siemens s7-300,,,,,hhhhhh,,, | |
7862 | siemens s7-300,,,,,HHHHHH,,, | |
7863 | siemens s7-300,,,,,hhhhhhh,,, | |
7864 | siemens s7-300,,,,,HHHHHHH,,, | |
7865 | siemens s7-300,,,,,hhhhhhhh,,, | |
7866 | siemens s7-300,,,,,HHHHHHHH,,, | |
7867 | siemens s7-300,,,,,highspeed,,, | |
7868 | siemens s7-300,,,,,HIGHSPEED,,, | |
7869 | siemens s7-300,,,,,hinear,,, | |
7870 | siemens s7-300,,,,,HINEAR,,, | |
7871 | siemens s7-300,,,,,home,,, | |
7872 | siemens s7-300,,,,,HOME,,, | |
7873 | siemens s7-300,,,,,homeplug,,, | |
7874 | siemens s7-300,,,,,HomePlug,,, | |
7875 | siemens s7-300,,,,,HOMEPLUG,,, | |
7876 | siemens s7-300,,,,,honda,,, | |
7877 | siemens s7-300,,,,,HONDA,,, | |
7878 | siemens s7-300,,,,,HP,,, | |
7879 | siemens s7-300,,,,,hp.com,,, | |
7880 | siemens s7-300,,,,,hpoffice,,, | |
7881 | siemens s7-300,,,,,HPOFFICE,,, | |
7882 | siemens s7-300,,,,,hponly,,, | |
7883 | siemens s7-300,,,,,HPONLY,,, | |
7884 | siemens s7-300,,,,,HPP187,,, | |
7885 | siemens s7-300,,,,,HPP189,,, | |
7886 | siemens s7-300,,,,,HPP196,,, | |
7887 | siemens s7-300,,,,,hrloo,,, | |
7888 | siemens s7-300,,,,,HRLOO,,, | |
7889 | siemens s7-300,,,,,hsadb,,, | |
7890 | siemens s7-300,,,,,http,,, | |
7891 | siemens s7-300,,,,,HTTP,,, | |
7892 | siemens s7-300,,,,,i,,, | |
7893 | siemens s7-300,,,,,I,,, | |
7894 | siemens s7-300,,,,,iDirect,,, | |
7895 | siemens s7-300,,,,,IDIRECT,,, | |
7896 | siemens s7-300,,,,,ii,,, | |
7897 | siemens s7-300,,,,,II,,, | |
7898 | siemens s7-300,,,,,iii,,, | |
7899 | siemens s7-300,,,,,III,,, | |
7900 | siemens s7-300,,,,,iiii,,, | |
7901 | siemens s7-300,,,,,IIII,,, | |
7902 | siemens s7-300,,,,,iiiii,,, | |
7903 | siemens s7-300,,,,,IIIII,,, | |
7904 | siemens s7-300,,,,,iiiiii,,, | |
7905 | siemens s7-300,,,,,IIIIII,,, | |
7906 | siemens s7-300,,,,,iiiiiii,,, | |
7907 | siemens s7-300,,,,,IIIIIII,,, | |
7908 | siemens s7-300,,,,,iiiiiiii,,, | |
7909 | siemens s7-300,,,,,IIIIIIII,,, | |
7910 | siemens s7-300,,,,,ILMI,,, | |
7911 | siemens s7-300,,,,,iloveyou,,, | |
7912 | siemens s7-300,,,,,ILOVEYOU,,, | |
7913 | siemens s7-300,,,,,images,,, | |
7914 | siemens s7-300,,,,,IMAGES,,, | |
7915 | siemens s7-300,,,,,inads,,, | |
7916 | siemens s7-300,,,,,INADS,,, | |
7917 | siemens s7-300,,,,,inc,,, | |
7918 | siemens s7-300,,,,,INC,,, | |
7919 | siemens s7-300,,,,,indspw,,, | |
7920 | siemens s7-300,,,,,INDSPW,,, | |
7921 | siemens s7-300,,,,,inferno,,, | |
7922 | siemens s7-300,,,,,INFERNO,,, | |
7923 | siemens s7-300,,,,,initpw,,, | |
7924 | siemens s7-300,,,,,INITPW,,, | |
7925 | siemens s7-300,,,,,Inmet,,, | |
7926 | siemens s7-300,,,,,inmet,,, | |
7927 | siemens s7-300,,,,,INMET,,, | |
7928 | siemens s7-300,,,,,Intel,,, | |
7929 | siemens s7-300,,,,,INTEL,,, | |
7930 | siemens s7-300,,,,,internet,,, | |
7931 | siemens s7-300,,,,,Internet,,, | |
7932 | siemens s7-300,,,,,INTERNET,,, | |
7933 | siemens s7-300,,,,,INTX3,,, | |
7934 | siemens s7-300,,,,,ironport,,, | |
7935 | siemens s7-300,,,,,IRONPORT,,, | |
7936 | siemens s7-300,,,,,isee,,, | |
7937 | siemens s7-300,,,,,ISEE,,, | |
7938 | siemens s7-300,,,,,isp,,, | |
7939 | siemens s7-300,,,,,ISP,,, | |
7940 | siemens s7-300,,,,,ITF3000,,, | |
7941 | siemens s7-300,,,,,j,,, | |
7942 | siemens s7-300,,,,,J,,, | |
7943 | siemens s7-300,,,,,J6R6,,, | |
7944 | siemens s7-300,,,,,J6W8,,, | |
7945 | siemens s7-300,,,,,jack,,, | |
7946 | siemens s7-300,,,,,JACK,,, | |
7947 | siemens s7-300,,,,,janet,,, | |
7948 | siemens s7-300,,,,,JANET,,, | |
7949 | siemens s7-300,,,,,jannie,,, | |
7950 | siemens s7-300,,,,,JANNIE,,, | |
7951 | siemens s7-300,,,,,jasmine,,, | |
7952 | siemens s7-300,,,,,JASMINE,,, | |
7953 | siemens s7-300,,,,,JDE,,, | |
7954 | siemens s7-300,,,,,jj,,, | |
7955 | siemens s7-300,,,,,JJ,,, | |
7956 | siemens s7-300,,,,,jjj,,, | |
7957 | siemens s7-300,,,,,JJJ,,, | |
7958 | siemens s7-300,,,,,jjjj,,, | |
7959 | siemens s7-300,,,,,JJJJ,,, | |
7960 | siemens s7-300,,,,,jjjjj,,, | |
7961 | siemens s7-300,,,,,JJJJJ,,, | |
7962 | siemens s7-300,,,,,jjjjjj,,, | |
7963 | siemens s7-300,,,,,JJJJJJ,,, | |
7964 | siemens s7-300,,,,,jjjjjjj,,, | |
7965 | siemens s7-300,,,,,JJJJJJJ,,, | |
7966 | siemens s7-300,,,,,jjjjjjjj,,, | |
7967 | siemens s7-300,,,,,JJJJJJJJ,,, | |
7968 | siemens s7-300,,,,,JOCKER,,, | |
7969 | siemens s7-300,,,,,john,,, | |
7970 | siemens s7-300,,,,,JOHN,,, | |
7971 | siemens s7-300,,,,,joker,,, | |
7972 | siemens s7-300,,,,,jordan,,, | |
7973 | siemens s7-300,,,,,JORDAN,,, | |
7974 | siemens s7-300,,,,,jordan23,,, | |
7975 | siemens s7-300,,,,,JORDAN23,,, | |
7976 | siemens s7-300,,,,,JR58,,, | |
7977 | siemens s7-300,,,,,JR59,,, | |
7978 | siemens s7-300,,,,,k,,, | |
7979 | siemens s7-300,,,,,K,,, | |
7980 | siemens s7-300,,,,,kermit,,, | |
7981 | siemens s7-300,,,,,KERMIT,,, | |
7982 | siemens s7-300,,,,,killer,,, | |
7983 | siemens s7-300,,,,,KILLER,,, | |
7984 | siemens s7-300,,,,,killme,,, | |
7985 | siemens s7-300,,,,,kilo1987,,, | |
7986 | siemens s7-300,,,,,KILO1987,,, | |
7987 | siemens s7-300,,,,,kk,,, | |
7988 | siemens s7-300,,,,,KK,,, | |
7989 | siemens s7-300,,,,,kkk,,, | |
7990 | siemens s7-300,,,,,KKK,,, | |
7991 | siemens s7-300,,,,,kkkk,,, | |
7992 | siemens s7-300,,,,,KKKK,,, | |
7993 | siemens s7-300,,,,,kkkkk,,, | |
7994 | siemens s7-300,,,,,KKKKK,,, | |
7995 | siemens s7-300,,,,,kkkkkk,,, | |
7996 | siemens s7-300,,,,,KKKKKK,,, | |
7997 | siemens s7-300,,,,,kkkkkkk,,, | |
7998 | siemens s7-300,,,,,KKKKKKK,,, | |
7999 | siemens s7-300,,,,,kkkkkkkk,,, | |
8000 | siemens s7-300,,,,,KKKKKKKK,,, | |
8001 | siemens s7-300,,,,,korn,,, | |
8002 | siemens s7-300,,,,,KORN,,, | |
8003 | siemens s7-300,,,,,l,,, | |
8004 | siemens s7-300,,,,,L,,, | |
8005 | siemens s7-300,,,,,lad,,, | |
8006 | siemens s7-300,,,,,LAD,,, | |
8007 | siemens s7-300,,,,,laflaf,,, | |
8008 | siemens s7-300,,,,,LAFLAF,,, | |
8009 | siemens s7-300,,,,,letacla,,, | |
8010 | siemens s7-300,,,,,LETACLA,,, | |
8011 | siemens s7-300,,,,,letmein,,, | |
8012 | siemens s7-300,,,,,letmein,,, | |
8013 | siemens s7-300,,,,,LETMEIN,,, | |
8014 | siemens s7-300,,,,,level1,,, | |
8015 | siemens s7-300,,,,,LEVEL1,,, | |
8016 | siemens s7-300,,,,,leviton,,, | |
8017 | siemens s7-300,,,,,LEVITON,,, | |
8018 | siemens s7-300,,,,,LILLME,,, | |
8019 | siemens s7-300,,,,,linga,,, | |
8020 | siemens s7-300,,,,,LINGA,,, | |
8021 | siemens s7-300,,,,,linux,,, | |
8022 | siemens s7-300,,,,,LINUX,,, | |
8023 | siemens s7-300,,,,,lisa,,, | |
8024 | siemens s7-300,,,,,LISA,,, | |
8025 | siemens s7-300,,,,,ll,,, | |
8026 | siemens s7-300,,,,,LL,,, | |
8027 | siemens s7-300,,,,,llatsni,,, | |
8028 | siemens s7-300,,,,,LLATSNI,,, | |
8029 | siemens s7-300,,,,,lll,,, | |
8030 | siemens s7-300,,,,,LLL,,, | |
8031 | siemens s7-300,,,,,llll,,, | |
8032 | siemens s7-300,,,,,LLLL,,, | |
8033 | siemens s7-300,,,,,lllll,,, | |
8034 | siemens s7-300,,,,,LLLLL,,, | |
8035 | siemens s7-300,,,,,llllll,,, | |
8036 | siemens s7-300,,,,,LLLLLL,,, | |
8037 | siemens s7-300,,,,,lllllll,,, | |
8038 | siemens s7-300,,,,,LLLLLLL,,, | |
8039 | siemens s7-300,,,,,llllllll,,, | |
8040 | siemens s7-300,,,,,LLLLLLLL,,, | |
8041 | siemens s7-300,,,,,locatepw,,, | |
8042 | siemens s7-300,,,,,LOCATEPW,,, | |
8043 | siemens s7-300,,,,,lock,,, | |
8044 | siemens s7-300,,,,,LOCK,,, | |
8045 | siemens s7-300,,,,,login,,, | |
8046 | siemens s7-300,,,,,LOGIN,,, | |
8047 | siemens s7-300,,,,,looker,,, | |
8048 | siemens s7-300,,,,,LOOKER,,, | |
8049 | siemens s7-300,,,,,lotus,,, | |
8050 | siemens s7-300,,,,,LOTUS,,, | |
8051 | siemens s7-300,,,,,love,,, | |
8052 | siemens s7-300,,,,,LOVE,,, | |
8053 | siemens s7-300,,,,,ltd,,, | |
8054 | siemens s7-300,,,,,LTD,,, | |
8055 | siemens s7-300,,,,,lucky,,, | |
8056 | siemens s7-300,,,,,LUCKY,,, | |
8057 | siemens s7-300,,,,,m,,, | |
8058 | siemens s7-300,,,,,M,,, | |
8059 | siemens s7-300,,,,,m1122,,, | |
8060 | siemens s7-300,,,,,M1122,,, | |
8061 | siemens s7-300,,,,,mail,,, | |
8062 | siemens s7-300,,,,,MAIL,,, | |
8063 | siemens s7-300,,,,,maint,,, | |
8064 | siemens s7-300,,,,,MAINT,,, | |
8065 | siemens s7-300,,,,,maintpw,,, | |
8066 | siemens s7-300,,,,,MAINTPW,,, | |
8067 | siemens s7-300,,,,,manager,,, | |
8068 | siemens s7-300,,,,,Manager,,, | |
8069 | siemens s7-300,,,,,MANAGER,,, | |
8070 | siemens s7-300,,,,,maniac,,, | |
8071 | siemens s7-300,,,,,MANIAC,,, | |
8072 | siemens s7-300,,,,,master,,, | |
8073 | siemens s7-300,,,,,Master,,, | |
8074 | siemens s7-300,,,,,MASTER,,, | |
8075 | siemens s7-300,,,,,masterkey,,, | |
8076 | siemens s7-300,,,,,MASTERKEY,,, | |
8077 | siemens s7-300,,,,,Mau'dib,,, | |
8078 | siemens s7-300,,,,,mediator,,, | |
8079 | siemens s7-300,,,,,MEDIATOR,,, | |
8080 | siemens s7-300,,,,,medion,,, | |
8081 | siemens s7-300,,,,,MEDION,,, | |
8082 | siemens s7-300,,,,,MGR,,, | |
8083 | siemens s7-300,,,,,micro,,, | |
8084 | siemens s7-300,,,,,MICRO,,, | |
8085 | siemens s7-300,,,,,microwav,,, | |
8086 | siemens s7-300,,,,,MICROWAV,,, | |
8087 | siemens s7-300,,,,,miller,,, | |
8088 | siemens s7-300,,,,,MILLLER,,, | |
8089 | siemens s7-300,,,,,MiniAP,,, | |
8090 | siemens s7-300,,,,,mis,,, | |
8091 | siemens s7-300,,,,,MIS,,, | |
8092 | siemens s7-300,,,,,MJSSSJJ,,, | |
8093 | siemens s7-300,,,,,MJSSSJJ,,, | |
8094 | siemens s7-300,,,,,MJSSSJJ_,,, | |
8095 | siemens s7-300,,,,,mlusr,,, | |
8096 | siemens s7-300,,,,,MLUSR,,, | |
8097 | siemens s7-300,,,,,mm,,, | |
8098 | siemens s7-300,,,,,MM,,, | |
8099 | siemens s7-300,,,,,mmm,,, | |
8100 | siemens s7-300,,,,,MMM,,, | |
8101 | siemens s7-300,,,,,mmmm,,, | |
8102 | siemens s7-300,,,,,MMMM,,, | |
8103 | siemens s7-300,,,,,mmmmm,,, | |
8104 | siemens s7-300,,,,,MMMMM,,, | |
8105 | siemens s7-300,,,,,mmmmmm,,, | |
8106 | siemens s7-300,,,,,MMMMMM,,, | |
8107 | siemens s7-300,,,,,mmmmmmm,,, | |
8108 | siemens s7-300,,,,,MMMMMMM,,, | |
8109 | siemens s7-300,,,,,mmmmmmmm,,, | |
8110 | siemens s7-300,,,,,MMMMMMMM,,, | |
8111 | siemens s7-300,,,,,modul,,, | |
8112 | siemens s7-300,,,,,MODUL,,, | |
8113 | siemens s7-300,,,,,module,,, | |
8114 | siemens s7-300,,,,,MODULE,,, | |
8115 | siemens s7-300,,,,,money,,, | |
8116 | siemens s7-300,,,,,MONEY,,, | |
8117 | siemens s7-300,,,,,monitor,,, | |
8118 | siemens s7-300,,,,,MONITOR,,, | |
8119 | siemens s7-300,,,,,monkey,,, | |
8120 | siemens s7-300,,,,,MONKEY,,, | |
8121 | siemens s7-300,,,,,mosmatic,,, | |
8122 | siemens s7-300,,,,,MOSMATIC,,, | |
8123 | siemens s7-300,,,,,mother,,, | |
8124 | siemens s7-300,,,,,MOTHER,,, | |
8125 | siemens s7-300,,,,,motorola,,, | |
8126 | siemens s7-300,,,,,MOTOROLA,,, | |
8127 | siemens s7-300,,,,,mouse,,, | |
8128 | siemens s7-300,,,,,MOUSE,,, | |
8129 | siemens s7-300,,,,,MPE,,, | |
8130 | siemens s7-300,,,,,MServer,,, | |
8131 | siemens s7-300,,,,,mtch,,, | |
8132 | siemens s7-300,,,,,MTCH,,, | |
8133 | siemens s7-300,,,,,Multi,,, | |
8134 | siemens s7-300,,,,,mustang,,, | |
8135 | siemens s7-300,,,,,MUSTANG,,, | |
8136 | siemens s7-300,,,,,mypass,,, | |
8137 | siemens s7-300,,,,,MYPASS,,, | |
8138 | siemens s7-300,,,,,mypass123,,, | |
8139 | siemens s7-300,,,,,MYPASS123,,, | |
8140 | siemens s7-300,,,,,mypc,,, | |
8141 | siemens s7-300,,,,,MYPC,,, | |
8142 | siemens s7-300,,,,,mypc123,,, | |
8143 | siemens s7-300,,,,,MYPC123,,, | |
8144 | siemens s7-300,,,,,myspace,,, | |
8145 | siemens s7-300,,,,,MYSPACE,,, | |
8146 | siemens s7-300,,,,,myspace1,,, | |
8147 | siemens s7-300,,,,,MYSPACE1,,, | |
8148 | siemens s7-300,,,,,n,,, | |
8149 | siemens s7-300,,,,,N,,, | |
8150 | siemens s7-300,,,,,n/a,,, | |
8151 | siemens s7-300,,,,,N/A,,, | |
8152 | siemens s7-300,,,,,naadmin,,, | |
8153 | siemens s7-300,,,,,NAADMIN,,, | |
8154 | siemens s7-300,,,,,naranja,,, | |
8155 | siemens s7-300,,,,,NARANJA,,, | |
8156 | siemens s7-300,,,,,NAU,,, | |
8157 | siemens s7-300,,,,,Net,,, | |
8158 | siemens s7-300,,,,,NET,,, | |
8159 | siemens s7-300,,,,,netadmin,,, | |
8160 | siemens s7-300,,,,,NETADMIN,,, | |
8161 | siemens s7-300,,,,,netbase,,, | |
8162 | siemens s7-300,,,,,NETBASE,,, | |
8163 | siemens s7-300,,,,,NetCache,,, | |
8164 | siemens s7-300,,,,,NETCACHE,,, | |
8165 | siemens s7-300,,,,,NetICs,,, | |
8166 | siemens s7-300,,,,,netman,,, | |
8167 | siemens s7-300,,,,,NETMAN,,, | |
8168 | siemens s7-300,,,,,netopia,,, | |
8169 | siemens s7-300,,,,,NETOPIA,,, | |
8170 | siemens s7-300,,,,,netscreen,,, | |
8171 | siemens s7-300,,,,,NETSCREEN,,, | |
8172 | siemens s7-300,,,,,netutil,,, | |
8173 | siemens s7-300,,,,,NETUTIL,,, | |
8174 | siemens s7-300,,,,,NetVCR,,, | |
8175 | siemens s7-300,,,,,NETVCR,,, | |
8176 | siemens s7-300,,,,,network,,, | |
8177 | siemens s7-300,,,,,NETWORK,,, | |
8178 | siemens s7-300,,,,,newpass,,, | |
8179 | siemens s7-300,,,,,NEWPASS,,, | |
8180 | siemens s7-300,,,,,niconex,,, | |
8181 | siemens s7-300,,,,,NICONEX,,, | |
8182 | siemens s7-300,,,,,nimdaten,,, | |
8183 | siemens s7-300,,,,,NIMDATEN,,, | |
8184 | siemens s7-300,,,,,nmspw,,, | |
8185 | siemens s7-300,,,,,NMSPW,,, | |
8186 | siemens s7-300,,,,,nn,,, | |
8187 | siemens s7-300,,,,,NN,,, | |
8188 | siemens s7-300,,,,,nnn,,, | |
8189 | siemens s7-300,,,,,NNN,,, | |
8190 | siemens s7-300,,,,,nnnn,,, | |
8191 | siemens s7-300,,,,,NNNN,,, | |
8192 | siemens s7-300,,,,,nnnnn,,, | |
8193 | siemens s7-300,,,,,NNNNN,,, | |
8194 | siemens s7-300,,,,,nnnnnn,,, | |
8195 | siemens s7-300,,,,,NNNNNN,,, | |
8196 | siemens s7-300,,,,,nnnnnnn,,, | |
8197 | siemens s7-300,,,,,NNNNNNN,,, | |
8198 | siemens s7-300,,,,,nnnnnnnn,,, | |
8199 | siemens s7-300,,,,,NNNNNNNN,,, | |
8200 | siemens s7-300,,,,,nokai,,, | |
8201 | siemens s7-300,,,,,NOKAI,,, | |
8202 | siemens s7-300,,,,,notused,,, | |
8203 | siemens s7-300,,,,,NOTUSED,,, | |
8204 | siemens s7-300,,,,,noway,,, | |
8205 | siemens s7-300,,,,,NOWAY,,, | |
8206 | siemens s7-300,,,,,NSADB,,, | |
8207 | siemens s7-300,,,,,ntacdmax,,, | |
8208 | siemens s7-300,,,,,NTACDMAX,,, | |
8209 | siemens s7-300,,,,,null,,, | |
8210 | siemens s7-300,,,,,NULL,,, | |
8211 | siemens s7-300,,,,,o,,, | |
8212 | siemens s7-300,,,,,O,,, | |
8213 | siemens s7-300,,,,,OCS,,, | |
8214 | siemens s7-300,,,,,oem,,, | |
8215 | siemens s7-300,,,,,OEM,,, | |
8216 | siemens s7-300,,,,,OkiLAN,,, | |
8217 | siemens s7-300,,,,,OKILAN,,, | |
8218 | siemens s7-300,,,,,omron,,, | |
8219 | siemens s7-300,,,,,OMRON,,, | |
8220 | siemens s7-300,,,,,oo,,, | |
8221 | siemens s7-300,,,,,OO,,, | |
8222 | siemens s7-300,,,,,ooo,,, | |
8223 | siemens s7-300,,,,,OOO,,, | |
8224 | siemens s7-300,,,,,oooo,,, | |
8225 | siemens s7-300,,,,,OOOO,,, | |
8226 | siemens s7-300,,,,,ooooo,,, | |
8227 | siemens s7-300,,,,,OOOOO,,, | |
8228 | siemens s7-300,,,,,oooooo,,, | |
8229 | siemens s7-300,,,,,OOOOOO,,, | |
8230 | siemens s7-300,,,,,ooooooo,,, | |
8231 | siemens s7-300,,,,,OOOOOOO,,, | |
8232 | siemens s7-300,,,,,oooooooo,,, | |
8233 | siemens s7-300,,,,,OOOOOOOO,,, | |
8234 | siemens s7-300,,,,,op3n,,, | |
8235 | siemens s7-300,,,,,operator,,, | |
8236 | siemens s7-300,,,,,OPERATOR,,, | |
8237 | siemens s7-300,,,,,Opto,,, | |
8238 | siemens s7-300,,,,,OPTO,,, | |
8239 | siemens s7-300,,,,,owner,,, | |
8240 | siemens s7-300,,,,,OWNER,,, | |
8241 | siemens s7-300,,,,,p,,, | |
8242 | siemens s7-300,,,,,P,,, | |
8243 | siemens s7-300,,,,,P@55w0rd!,,, | |
8244 | siemens s7-300,,,,,pas,,, | |
8245 | siemens s7-300,,,,,PAS,,, | |
8246 | siemens s7-300,,,,,pass,,, | |
8247 | siemens s7-300,,,,,PASS,,, | |
8248 | siemens s7-300,,,,,PASSAGE,,, | |
8249 | siemens s7-300,,,,,passage,,, | |
8250 | siemens s7-300,,,,,passw,,, | |
8251 | siemens s7-300,,,,,PASSW,,, | |
8252 | siemens s7-300,,,,,passwd,,, | |
8253 | siemens s7-300,,,,,PASSWD,,, | |
8254 | siemens s7-300,,,,,passwo,,, | |
8255 | siemens s7-300,,,,,PASSWO,,, | |
8256 | siemens s7-300,,,,,passwor,,, | |
8257 | siemens s7-300,,,,,PASSWOR,,, | |
8258 | siemens s7-300,,,,,password,,, | |
8259 | siemens s7-300,,,,,PASSWORD,,, | |
8260 | siemens s7-300,,,,,pat,,, | |
8261 | siemens s7-300,,,,,PAT,,, | |
8262 | siemens s7-300,,,,,paterna,,, | |
8263 | siemens s7-300,,,,,PATERNA,,, | |
8264 | siemens s7-300,,,,,patrick,,, | |
8265 | siemens s7-300,,,,,PATRICK,,, | |
8266 | siemens s7-300,,,,,patrol,,, | |
8267 | siemens s7-300,,,,,PATROL,,, | |
8268 | siemens s7-300,,,,,PBX,,, | |
8269 | siemens s7-300,,,,,pbxk1064,,, | |
8270 | siemens s7-300,,,,,PBXK1064,,, | |
8271 | siemens s7-300,,,,,pcs7,,, | |
8272 | siemens s7-300,,,,,PCS7,,, | |
8273 | siemens s7-300,,,,,pentium,,, | |
8274 | siemens s7-300,,,,,PENTIUM,,, | |
8275 | siemens s7-300,,,,,pento,,, | |
8276 | siemens s7-300,,,,,PENTO,,, | |
8277 | siemens s7-300,,,,,pepper,,, | |
8278 | siemens s7-300,,,,,PEPPER,,, | |
8279 | siemens s7-300,,,,,pepsi,,, | |
8280 | siemens s7-300,,,,,PEPSI,,, | |
8281 | siemens s7-300,,,,,permit,,, | |
8282 | siemens s7-300,,,,,PERMIT,,, | |
8283 | siemens s7-300,,,,,personal,,, | |
8284 | siemens s7-300,,,,,PERSONAL,,, | |
8285 | siemens s7-300,,,,,pfsense,,, | |
8286 | siemens s7-300,,,,,PFSENSE,,, | |
8287 | siemens s7-300,,,,,photonix,,, | |
8288 | siemens s7-300,,,,,PHOTONIX,,, | |
8289 | siemens s7-300,,,,,pilou,,, | |
8290 | siemens s7-300,,,,,PILOU,,, | |
8291 | siemens s7-300,,,,,piranha,,, | |
8292 | siemens s7-300,,,,,PIRANHA,,, | |
8293 | siemens s7-300,,,,,plc,,, | |
8294 | siemens s7-300,,,,,PLC,,, | |
8295 | siemens s7-300,,,,,plcsim,,, | |
8296 | siemens s7-300,,,,,PLCSIM,,, | |
8297 | siemens s7-300,,,,,PlsChgMe,,, | |
8298 | siemens s7-300,,,,,poerty,,, | |
8299 | siemens s7-300,,,,,POERTY,,, | |
8300 | siemens s7-300,,,,,policy,,, | |
8301 | siemens s7-300,,,,,POLICY,,, | |
8302 | siemens s7-300,,,,,Posterie,,, | |
8303 | siemens s7-300,,,,,POSTERIE,,, | |
8304 | siemens s7-300,,,,,power,,, | |
8305 | siemens s7-300,,,,,POWER,,, | |
8306 | siemens s7-300,,,,,pp,,, | |
8307 | siemens s7-300,,,,,PP,,, | |
8308 | siemens s7-300,,,,,ppp,,, | |
8309 | siemens s7-300,,,,,PPP,,, | |
8310 | siemens s7-300,,,,,pppp,,, | |
8311 | siemens s7-300,,,,,PPPP,,, | |
8312 | siemens s7-300,,,,,ppppp,,, | |
8313 | siemens s7-300,,,,,PPPPP,,, | |
8314 | siemens s7-300,,,,,pppppp,,, | |
8315 | siemens s7-300,,,,,PPPPPP,,, | |
8316 | siemens s7-300,,,,,ppppppp,,, | |
8317 | siemens s7-300,,,,,PPPPPPP,,, | |
8318 | siemens s7-300,,,,,pppppppp,,, | |
8319 | siemens s7-300,,,,,PPPPPPPP,,, | |
8320 | siemens s7-300,,,,,princess,,, | |
8321 | siemens s7-300,,,,,PRINCESS,,, | |
8322 | siemens s7-300,,,,,private,,, | |
8323 | siemens s7-300,,,,,PRIVATE,,, | |
8324 | siemens s7-300,,,,,proddta,,, | |
8325 | siemens s7-300,,,,,PRODDTA,,, | |
8326 | siemens s7-300,,,,,profibus,,, | |
8327 | siemens s7-300,,,,,PROFIBUS,,, | |
8328 | siemens s7-300,,,,,Protector,,, | |
8329 | siemens s7-300,,,,,PROTECTOR,,, | |
8330 | siemens s7-300,,,,,protool,,, | |
8331 | siemens s7-300,,,,,PROTOOL,,, | |
8332 | siemens s7-300,,,,,public,,, | |
8333 | siemens s7-300,,,,,PUBLIC,,, | |
8334 | siemens s7-300,,,,,pusy,,, | |
8335 | siemens s7-300,,,,,PUSY,,, | |
8336 | siemens s7-300,,,,,pw123,,, | |
8337 | siemens s7-300,,,,,PW123,,, | |
8338 | siemens s7-300,,,,,pwd,,, | |
8339 | siemens s7-300,,,,,PWD,,, | |
8340 | siemens s7-300,,,,,q,,, | |
8341 | siemens s7-300,,,,,Q,,, | |
8342 | siemens s7-300,,,,,qawsed,,, | |
8343 | siemens s7-300,,,,,qq,,, | |
8344 | siemens s7-300,,,,,QQ,,, | |
8345 | siemens s7-300,,,,,qq520,,, | |
8346 | siemens s7-300,,,,,QQ520,,, | |
8347 | siemens s7-300,,,,,qqq,,, | |
8348 | siemens s7-300,,,,,QQQ,,, | |
8349 | siemens s7-300,,,,,qqqq,,, | |
8350 | siemens s7-300,,,,,QQQQ,,, | |
8351 | siemens s7-300,,,,,qqqqq,,, | |
8352 | siemens s7-300,,,,,QQQQQ,,, | |
8353 | siemens s7-300,,,,,qqqqqq,,, | |
8354 | siemens s7-300,,,,,QQQQQQ,,, | |
8355 | siemens s7-300,,,,,qqqqqqq,,, | |
8356 | siemens s7-300,,,,,QQQQQQQ,,, | |
8357 | siemens s7-300,,,,,qqqqqqqq,,, | |
8358 | siemens s7-300,,,,,QQQQQQQQ,,, | |
8359 | siemens s7-300,,,,,qwe,,, | |
8360 | siemens s7-300,,,,,qwer,,, | |
8361 | siemens s7-300,,,,,QWER,,, | |
8362 | siemens s7-300,,,,,QWERT,,, | |
8363 | siemens s7-300,,,,,qwerty,,, | |
8364 | siemens s7-300,,,,,QWERTY,,, | |
8365 | siemens s7-300,,,,,qwerty1,,, | |
8366 | siemens s7-300,,,,,qwertyu,,, | |
8367 | siemens s7-300,,,,,QWERTYU,,, | |
8368 | siemens s7-300,,,,,qwertyui,,, | |
8369 | siemens s7-300,,,,,QWERTYUI,,, | |
8370 | siemens s7-300,,,,,r,,, | |
8371 | siemens s7-300,,,,,R,,, | |
8372 | siemens s7-300,,,,,r@p8p0r+,,, | |
8373 | siemens s7-300,,,,,R1QTPS,,, | |
8374 | siemens s7-300,,,,,rade0n,,, | |
8375 | siemens s7-300,,,,,RADE0N,,, | |
8376 | siemens s7-300,,,,,RADEON,,, | |
8377 | siemens s7-300,,,,,radius,,, | |
8378 | siemens s7-300,,,,,RADIUS,,, | |
8379 | siemens s7-300,,,,,radware,,, | |
8380 | siemens s7-300,,,,,RADWARE,,, | |
8381 | siemens s7-300,,,,,rdfhnbhf,,, | |
8382 | siemens s7-300,,,,,RDFHNBHF,,, | |
8383 | siemens s7-300,,,,,recovery,,, | |
8384 | siemens s7-300,,,,,RECOVERY,,, | |
8385 | siemens s7-300,,,,,rego,,, | |
8386 | siemens s7-300,,,,,REGO,,, | |
8387 | siemens s7-300,,,,,remote,,, | |
8388 | siemens s7-300,,,,,REMOTE,,, | |
8389 | siemens s7-300,,,,,rip000,,, | |
8390 | siemens s7-300,,,,,RIP000,,, | |
8391 | siemens s7-300,,,,,rittal,,, | |
8392 | siemens s7-300,,,,,RITTAL,,, | |
8393 | siemens s7-300,,,,,robele,,, | |
8394 | siemens s7-300,,,,,ROBELLE,,, | |
8395 | siemens s7-300,,,,,root,,, | |
8396 | siemens s7-300,,,,,ROOT,,, | |
8397 | siemens s7-300,,,,,ROOT500,,, | |
8398 | siemens s7-300,,,,,router,,, | |
8399 | siemens s7-300,,,,,ROUTER,,, | |
8400 | siemens s7-300,,,,,rr,,, | |
8401 | siemens s7-300,,,,,RR,,, | |
8402 | siemens s7-300,,,,,rrr,,, | |
8403 | siemens s7-300,,,,,RRR,,, | |
8404 | siemens s7-300,,,,,rrrr,,, | |
8405 | siemens s7-300,,,,,RRRR,,, | |
8406 | siemens s7-300,,,,,rrrrr,,, | |
8407 | siemens s7-300,,,,,RRRRR,,, | |
8408 | siemens s7-300,,,,,rrrrrr,,, | |
8409 | siemens s7-300,,,,,RRRRRR,,, | |
8410 | siemens s7-300,,,,,rrrrrrr,,, | |
8411 | siemens s7-300,,,,,RRRRRRR,,, | |
8412 | siemens s7-300,,,,,rrrrrrrr,,, | |
8413 | siemens s7-300,,,,,RRRRRRRR,,, | |
8414 | siemens s7-300,,,,,rs4igoy,,, | |
8415 | siemens s7-300,,,,,RS4IGOY,,, | |
8416 | siemens s7-300,,,,,RSX,,, | |
8417 | siemens s7-300,,,,,rtyhn,,, | |
8418 | siemens s7-300,,,,,RTYHN,,, | |
8419 | siemens s7-300,,,,,run-p,,, | |
8420 | siemens s7-300,,,,,RUN-P,,, | |
8421 | siemens s7-300,,,,,russia,,, | |
8422 | siemens s7-300,,,,,RUSSIA,,, | |
8423 | siemens s7-300,,,,,rwmaint,,, | |
8424 | siemens s7-300,,,,,RWMAINT,,, | |
8425 | siemens s7-300,,,,,s,,, | |
8426 | siemens s7-300,,,,,S,,, | |
8427 | siemens s7-300,,,,,s7,,, | |
8428 | siemens s7-300,,,,,S7,,, | |
8429 | siemens s7-300,,,,,s7-300,,, | |
8430 | siemens s7-300,,,,,S7-300,,, | |
8431 | siemens s7-300,,,,,s7-400,,, | |
8432 | siemens s7-300,,,,,S7-400,,, | |
8433 | siemens s7-300,,,,,scout,,, | |
8434 | siemens s7-300,,,,,SCOUT,,, | |
8435 | siemens s7-300,,,,,search,,, | |
8436 | siemens s7-300,,,,,SEARCH,,, | |
8437 | siemens s7-300,,,,,secret,,, | |
8438 | siemens s7-300,,,,,SECRET,,, | |
8439 | siemens s7-300,,,,,secure,,, | |
8440 | siemens s7-300,,,,,SECURE,,, | |
8441 | siemens s7-300,,,,,security,,, | |
8442 | siemens s7-300,,,,,SECURITY,,, | |
8443 | siemens s7-300,,,,,sekret,,, | |
8444 | siemens s7-300,,,,,SEKRET,,, | |
8445 | siemens s7-300,,,,,Sensor,,, | |
8446 | siemens s7-300,,,,,serco,,, | |
8447 | siemens s7-300,,,,,SERCO,,, | |
8448 | siemens s7-300,,,,,serial#,,, | |
8449 | siemens s7-300,,,,,serovox,,, | |
8450 | siemens s7-300,,,,,SEROVOX,,, | |
8451 | siemens s7-300,,,,,server,,, | |
8452 | siemens s7-300,,,,,SERVER,,, | |
8453 | siemens s7-300,,,,,SESAME,,, | |
8454 | siemens s7-300,,,,,setherco,,, | |
8455 | siemens s7-300,,,,,SETHERCO,,, | |
8456 | siemens s7-300,,,,,setup,,, | |
8457 | siemens s7-300,,,,,SETUP,,, | |
8458 | siemens s7-300,,,,,sex,,, | |
8459 | siemens s7-300,,,,,SEX,,, | |
8460 | siemens s7-300,,,,,sgena,,, | |
8461 | siemens s7-300,,,,,SGENA,,, | |
8462 | siemens s7-300,,,,,sgilent,,, | |
8463 | siemens s7-300,,,,,SGILENT,,, | |
8464 | siemens s7-300,,,,,shadow,,, | |
8465 | siemens s7-300,,,,,SHADOW,,, | |
8466 | siemens s7-300,,,,,Sharp,,, | |
8467 | siemens s7-300,,,,,sicostart,,, | |
8468 | siemens s7-300,,,,,SICOSTART,,, | |
8469 | siemens s7-300,,,,,siemens,,, | |
8470 | siemens s7-300,,,,,SIEMENS,,, | |
8471 | siemens s7-300,,,,,simatic,,, | |
8472 | siemens s7-300,,,,,SIMATIC,,, | |
8473 | siemens s7-300,,,,,simens,,, | |
8474 | siemens s7-300,,,,,SIMENS,,, | |
8475 | siemens s7-300,,,,,simo,,, | |
8476 | siemens s7-300,,,,,SIMO,,, | |
8477 | siemens s7-300,,,,,simocode,,, | |
8478 | siemens s7-300,,,,,SIMOCODE,,, | |
8479 | siemens s7-300,,,,,simoreg,,, | |
8480 | siemens s7-300,,,,,SIMOREG,,, | |
8481 | siemens s7-300,,,,,simovert,,, | |
8482 | siemens s7-300,,,,,SIMOVERT,,, | |
8483 | siemens s7-300,,,,,simtec,,, | |
8484 | siemens s7-300,,,,,SIMTEC,,, | |
8485 | siemens s7-300,,,,,sirborn,,, | |
8486 | siemens s7-300,,,,,SIRBORN,,, | |
8487 | siemens s7-300,,,,,sitop,,, | |
8488 | siemens s7-300,,,,,SITOP,,, | |
8489 | siemens s7-300,,,,,SKY_FOX,,, | |
8490 | siemens s7-300,,,,,slave,,, | |
8491 | siemens s7-300,,,,,SLAVE,,, | |
8492 | siemens s7-300,,,,,slipknot,,, | |
8493 | siemens s7-300,,,,,SLIPKNOT,,, | |
8494 | siemens s7-300,,,,,SMDR,,, | |
8495 | siemens s7-300,,,,,smile,,, | |
8496 | siemens s7-300,,,,,SMILE,,, | |
8497 | siemens s7-300,,,,,smuser,,, | |
8498 | siemens s7-300,,,,,SMUSER,,, | |
8499 | siemens s7-300,,,,,snoopy,,, | |
8500 | siemens s7-300,,,,,SNOOPY,,, | |
8501 | siemens s7-300,,,,,soccer,,, | |
8502 | siemens s7-300,,,,,SOCCER,,, | |
8503 | siemens s7-300,,,,,solution,,, | |
8504 | siemens s7-300,,,,,SOLUTION,,, | |
8505 | siemens s7-300,,,,,SpIp,,, | |
8506 | siemens s7-300,,,,,ss,,, | |
8507 | siemens s7-300,,,,,SS,,, | |
8508 | siemens s7-300,,,,,SSA,,, | |
8509 | siemens s7-300,,,,,sss,,, | |
8510 | siemens s7-300,,,,,SSS,,, | |
8511 | siemens s7-300,,,,,ssss,,, | |
8512 | siemens s7-300,,,,,SSSS,,, | |
8513 | siemens s7-300,,,,,sssss,,, | |
8514 | siemens s7-300,,,,,SSSSS,,, | |
8515 | siemens s7-300,,,,,ssssss,,, | |
8516 | siemens s7-300,,,,,SSSSSS,,, | |
8517 | siemens s7-300,,,,,sssssss,,, | |
8518 | siemens s7-300,,,,,SSSSSSS,,, | |
8519 | siemens s7-300,,,,,ssssssss,,, | |
8520 | siemens s7-300,,,,,SSSSSSSS,,, | |
8521 | siemens s7-300,,,,,stan,,, | |
8522 | siemens s7-300,,,,,STAN,,, | |
8523 | siemens s7-300,,,,,star,,, | |
8524 | siemens s7-300,,,,,STAR,,, | |
8525 | siemens s7-300,,,,,starwar,,, | |
8526 | siemens s7-300,,,,,STARWAR,,, | |
8527 | siemens s7-300,,,,,step5,,, | |
8528 | siemens s7-300,,,,,STEP5,,, | |
8529 | siemens s7-300,,,,,step7,,, | |
8530 | siemens s7-300,,,,,STEP7,,, | |
8531 | siemens s7-300,,,,,stimpy,,, | |
8532 | siemens s7-300,,,,,STIMPY,,, | |
8533 | siemens s7-300,,,,,stl,,, | |
8534 | siemens s7-300,,,,,STL,,, | |
8535 | siemens s7-300,,,,,stop,,, | |
8536 | siemens s7-300,,,,,STOP,,, | |
8537 | siemens s7-300,,,,,ststic,,, | |
8538 | siemens s7-300,,,,,STSTIC,,, | |
8539 | siemens s7-300,,,,,summer,,, | |
8540 | siemens s7-300,,,,,SUMMER,,, | |
8541 | siemens s7-300,,,,,sunrise,,, | |
8542 | siemens s7-300,,,,,SUNRISE,,, | |
8543 | siemens s7-300,,,,,Super,,, | |
8544 | siemens s7-300,,,,,superid,,, | |
8545 | siemens s7-300,,,,,SUPERID,,, | |
8546 | siemens s7-300,,,,,superman,,, | |
8547 | siemens s7-300,,,,,SUPERMAN,,, | |
8548 | siemens s7-300,,,,,support,,, | |
8549 | siemens s7-300,,,,,SUPPORT,,, | |
8550 | siemens s7-300,,,,,surt,,, | |
8551 | siemens s7-300,,,,,SURT,,, | |
8552 | siemens s7-300,,,,,switch,,, | |
8553 | siemens s7-300,,,,,SWITCH,,, | |
8554 | siemens s7-300,,,,,sybase,,, | |
8555 | siemens s7-300,,,,,SYBASE,,, | |
8556 | siemens s7-300,,,,,Symbol,,, | |
8557 | siemens s7-300,,,,,SYMBOL,,, | |
8558 | siemens s7-300,,,,,synnet,,, | |
8559 | siemens s7-300,,,,,SYNNET,,, | |
8560 | siemens s7-300,,,,,sysadm,,, | |
8561 | siemens s7-300,,,,,SYSADM,,, | |
8562 | siemens s7-300,,,,,SYSDISC,,, | |
8563 | siemens s7-300,,,,,sysdisk,,, | |
8564 | siemens s7-300,,,,,system,,, | |
8565 | siemens s7-300,,,,,SYSTEM,,, | |
8566 | siemens s7-300,,,,,t,,, | |
8567 | siemens s7-300,,,,,T,,, | |
8568 | siemens s7-300,,,,,talent,,, | |
8569 | siemens s7-300,,,,,TALENT,,, | |
8570 | siemens s7-300,,,,,TALINUZ,,, | |
8571 | siemens s7-300,,,,,talisman,,, | |
8572 | siemens s7-300,,,,,TALISMAN,,, | |
8573 | siemens s7-300,,,,,TANDBERG,,, | |
8574 | siemens s7-300,,,,,TCH,,, | |
8575 | siemens s7-300,,,,,tech,,, | |
8576 | siemens s7-300,,,,,TECH,,, | |
8577 | siemens s7-300,,,,,telco,,, | |
8578 | siemens s7-300,,,,,TELCO,,, | |
8579 | siemens s7-300,,,,,telecom,,, | |
8580 | siemens s7-300,,,,,Telecom,,, | |
8581 | siemens s7-300,,,,,TELECOM,,, | |
8582 | siemens s7-300,,,,,telesup,,, | |
8583 | siemens s7-300,,,,,TELESUP,,, | |
8584 | siemens s7-300,,,,,tellabs#1,,, | |
8585 | siemens s7-300,,,,,telus,,, | |
8586 | siemens s7-300,,,,,TELUS,,, | |
8587 | siemens s7-300,,,,,temp,,, | |
8588 | siemens s7-300,,,,,TEMP,,, | |
8589 | siemens s7-300,,,,,temp123,,, | |
8590 | siemens s7-300,,,,,TEMP123,,, | |
8591 | siemens s7-300,,,,,test,,, | |
8592 | siemens s7-300,,,,,TEST,,, | |
8593 | siemens s7-300,,,,,test123,,, | |
8594 | siemens s7-300,,,,,TEST123,,, | |
8595 | siemens s7-300,,,,,thomas,,, | |
8596 | siemens s7-300,,,,,Thomas,,, | |
8597 | siemens s7-300,,,,,THOMAS,,, | |
8598 | siemens s7-300,,,,,tiaranet,,, | |
8599 | siemens s7-300,,,,,TIARANET,,, | |
8600 | siemens s7-300,,,,,tiger123,,, | |
8601 | siemens s7-300,,,,,TIGER123,,, | |
8602 | siemens s7-300,,,,,timely,,, | |
8603 | siemens s7-300,,,,,TIMELY,,, | |
8604 | siemens s7-300,,,,,tini,,, | |
8605 | siemens s7-300,,,,,TINI,,, | |
8606 | siemens s7-300,,,,,tivonpw,,, | |
8607 | siemens s7-300,,,,,TIVONPW,,, | |
8608 | siemens s7-300,,,,,tjm,,, | |
8609 | siemens s7-300,,,,,TJM,,, | |
8610 | siemens s7-300,,,,,tlah,,, | |
8611 | siemens s7-300,,,,,TLAH,,, | |
8612 | siemens s7-300,,,,,toolset,,, | |
8613 | siemens s7-300,,,,,TOOLSET,,, | |
8614 | siemens s7-300,,,,,trancell,,, | |
8615 | siemens s7-300,,,,,TRANCELL,,, | |
8616 | siemens s7-300,,,,,tratata,,, | |
8617 | siemens s7-300,,,,,TRATATA,,, | |
8618 | siemens s7-300,,,,,tslinux,,, | |
8619 | siemens s7-300,,,,,TSLINUX,,, | |
8620 | siemens s7-300,,,,,tt,,, | |
8621 | siemens s7-300,,,,,TT,,, | |
8622 | siemens s7-300,,,,,ttt,,, | |
8623 | siemens s7-300,,,,,TTT,,, | |
8624 | siemens s7-300,,,,,tttt,,, | |
8625 | siemens s7-300,,,,,TTTT,,, | |
8626 | siemens s7-300,,,,,ttttt,,, | |
8627 | siemens s7-300,,,,,TTTTT,,, | |
8628 | siemens s7-300,,,,,tttttt,,, | |
8629 | siemens s7-300,,,,,TTTTTT,,, | |
8630 | siemens s7-300,,,,,ttttttt,,, | |
8631 | siemens s7-300,,,,,TTTTTTT,,, | |
8632 | siemens s7-300,,,,,tttttttt,,, | |
8633 | siemens s7-300,,,,,TTTTTTTT,,, | |
8634 | siemens s7-300,,,,,tuborg,,, | |
8635 | siemens s7-300,,,,,TUBORG,,, | |
8636 | siemens s7-300,,,,,tuxalize,,, | |
8637 | siemens s7-300,,,,,TUXALIZE,,, | |
8638 | siemens s7-300,,,,,tx100,,, | |
8639 | siemens s7-300,,,,,TX100,,, | |
8640 | siemens s7-300,,,,,u,,, | |
8641 | siemens s7-300,,,,,U,,, | |
8642 | siemens s7-300,,,,,uplink,,, | |
8643 | siemens s7-300,,,,,UPLINK,,, | |
8644 | siemens s7-300,,,,,user,,, | |
8645 | siemens s7-300,,,,,USER,,, | |
8646 | siemens s7-300,,,,,uu,,, | |
8647 | siemens s7-300,,,,,UU,,, | |
8648 | siemens s7-300,,,,,uuu,,, | |
8649 | siemens s7-300,,,,,UUU,,, | |
8650 | siemens s7-300,,,,,uuuu,,, | |
8651 | siemens s7-300,,,,,UUUU,,, | |
8652 | siemens s7-300,,,,,uuuuu,,, | |
8653 | siemens s7-300,,,,,UUUUU,,, | |
8654 | siemens s7-300,,,,,uuuuuu,,, | |
8655 | siemens s7-300,,,,,UUUUUU,,, | |
8656 | siemens s7-300,,,,,uuuuuuu,,, | |
8657 | siemens s7-300,,,,,UUUUUUU,,, | |
8658 | siemens s7-300,,,,,uuuuuuuu,,, | |
8659 | siemens s7-300,,,,,UUUUUUUU,,, | |
8660 | siemens s7-300,,,,,v,,, | |
8661 | siemens s7-300,,,,,V,,, | |
8662 | siemens s7-300,,,,,vesoft,,, | |
8663 | siemens s7-300,,,,,VESOFT,,, | |
8664 | siemens s7-300,,,,,visual,,, | |
8665 | siemens s7-300,,,,,VISUAL,,, | |
8666 | siemens s7-300,,,,,vjqgfhjkm,,, | |
8667 | siemens s7-300,,,,,VJQGFHJKM,,, | |
8668 | siemens s7-300,,,,,vodka,,, | |
8669 | siemens s7-300,,,,,VODKA,,, | |
8670 | siemens s7-300,,,,,volition,,, | |
8671 | siemens s7-300,,,,,VOLITION,,, | |
8672 | siemens s7-300,,,,,vv,,, | |
8673 | siemens s7-300,,,,,VV,,, | |
8674 | siemens s7-300,,,,,vvv,,, | |
8675 | siemens s7-300,,,,,VVV,,, | |
8676 | siemens s7-300,,,,,vvvv,,, | |
8677 | siemens s7-300,,,,,VVVV,,, | |
8678 | siemens s7-300,,,,,vvvvv,,, | |
8679 | siemens s7-300,,,,,VVVVV,,, | |
8680 | siemens s7-300,,,,,vvvvvv,,, | |
8681 | siemens s7-300,,,,,VVVVVV,,, | |
8682 | siemens s7-300,,,,,vvvvvvv,,, | |
8683 | siemens s7-300,,,,,VVVVVVV,,, | |
8684 | siemens s7-300,,,,,vvvvvvvv,,, | |
8685 | siemens s7-300,,,,,VVVVVVVV,,, | |
8686 | siemens s7-300,,,,,w,,, | |
8687 | siemens s7-300,,,,,W,,, | |
8688 | siemens s7-300,,,,,W9F3,,, | |
8689 | siemens s7-300,,,,,webadmin,,, | |
8690 | siemens s7-300,,,,,WEBADMIN,,, | |
8691 | siemens s7-300,,,,,win,,, | |
8692 | siemens s7-300,,,,,WIN,,, | |
8693 | siemens s7-300,,,,,wincc,,, | |
8694 | siemens s7-300,,,,,WINCC,,, | |
8695 | siemens s7-300,,,,,winterm,,, | |
8696 | siemens s7-300,,,,,WINTERM,,, | |
8697 | siemens s7-300,,,,,Wireless,,, | |
8698 | siemens s7-300,,,,,WIRELESS,,, | |
8699 | siemens s7-300,,,,,wizard,,, | |
8700 | siemens s7-300,,,,,WIZARD,,, | |
8701 | siemens s7-300,,,,,wlsedb,,, | |
8702 | siemens s7-300,,,,,WLSEDB,,, | |
8703 | siemens s7-300,,,,,wolf,,, | |
8704 | siemens s7-300,,,,,WONF,,, | |
8705 | siemens s7-300,,,,,ww,,, | |
8706 | siemens s7-300,,,,,WW,,, | |
8707 | siemens s7-300,,,,,www,,, | |
8708 | siemens s7-300,,,,,WWW,,, | |
8709 | siemens s7-300,,,,,wwww,,, | |
8710 | siemens s7-300,,,,,WWWW,,, | |
8711 | siemens s7-300,,,,,wwwww,,, | |
8712 | siemens s7-300,,,,,WWWWW,,, | |
8713 | siemens s7-300,,,,,wwwwww,,, | |
8714 | siemens s7-300,,,,,WWWWWW,,, | |
8715 | siemens s7-300,,,,,wwwwwww,,, | |
8716 | siemens s7-300,,,,,WWWWWWW,,, | |
8717 | siemens s7-300,,,,,wwwwwwww,,, | |
8718 | siemens s7-300,,,,,WWWWWWWW,,, | |
8719 | siemens s7-300,,,,,wyse,,, | |
8720 | siemens s7-300,,,,,WYSE,,, | |
8721 | siemens s7-300,,,,,x,,, | |
8722 | siemens s7-300,,,,,X,,, | |
8723 | siemens s7-300,,,,,x40rocks,,, | |
8724 | siemens s7-300,,,,,X40ROCKS,,, | |
8725 | siemens s7-300,,,,,x-admin,,, | |
8726 | siemens s7-300,,,,,X-ADMIN,,, | |
8727 | siemens s7-300,,,,,xbox,,, | |
8728 | siemens s7-300,,,,,XBOX,,, | |
8729 | siemens s7-300,,,,,xlserver,,, | |
8730 | siemens s7-300,,,,,XLSERVER,,, | |
8731 | siemens s7-300,,,,,xx,,, | |
8732 | siemens s7-300,,,,,XX,,, | |
8733 | siemens s7-300,,,,,xxx,,, | |
8734 | siemens s7-300,,,,,XXX,,, | |
8735 | siemens s7-300,,,,,xxxx,,, | |
8736 | siemens s7-300,,,,,XXXX,,, | |
8737 | siemens s7-300,,,,,xxxxx,,, | |
8738 | siemens s7-300,,,,,XXXXX,,, | |
8739 | siemens s7-300,,,,,xxxxxx,,, | |
8740 | siemens s7-300,,,,,XXXXXX,,, | |
8741 | siemens s7-300,,,,,xxxxxxx,,, | |
8742 | siemens s7-300,,,,,XXXXXXX,,, | |
8743 | siemens s7-300,,,,,xxxxxxxx,,, | |
8744 | siemens s7-300,,,,,XXXXXXXX,,, | |
8745 | siemens s7-300,,,,,xxyyzz,,, | |
8746 | siemens s7-300,,,,,XXYYZZ,,, | |
8747 | siemens s7-300,,,,,y,,, | |
8748 | siemens s7-300,,,,,Y,,, | |
8749 | siemens s7-300,,,,,yxcv,,, | |
8750 | siemens s7-300,,,,,YXCV,,, | |
8751 | siemens s7-300,,,,,yy,,, | |
8752 | siemens s7-300,,,,,YY,,, | |
8753 | siemens s7-300,,,,,yyy,,, | |
8754 | siemens s7-300,,,,,YYY,,, | |
8755 | siemens s7-300,,,,,yyyy,,, | |
8756 | siemens s7-300,,,,,YYYY,,, | |
8757 | siemens s7-300,,,,,yyyyy,,, | |
8758 | siemens s7-300,,,,,YYYYY,,, | |
8759 | siemens s7-300,,,,,yyyyyy,,, | |
8760 | siemens s7-300,,,,,YYYYYY,,, | |
8761 | siemens s7-300,,,,,yyyyyyy,,, | |
8762 | siemens s7-300,,,,,YYYYYYY,,, | |
8763 | siemens s7-300,,,,,yyyyyyyy,,, | |
8764 | siemens s7-300,,,,,YYYYYYYY,,, | |
8765 | siemens s7-300,,,,,z,,, | |
8766 | siemens s7-300,,,,,Z,,, | |
8767 | siemens s7-300,,,,,z0ne,,, | |
8768 | siemens s7-300,,,,,Z0NE,,, | |
8769 | siemens s7-300,,,,,zettler,,, | |
8770 | siemens s7-300,,,,,ZETTLER,,, | |
8771 | siemens s7-300,,,,,zippo,,, | |
8772 | siemens s7-300,,,,,ZIPPO,,, | |
8773 | siemens s7-300,,,,,zone,,, | |
8774 | siemens s7-300,,,,,ZONE,,, | |
8775 | siemens s7-300,,,,,zoomadsl,,, | |
8776 | siemens s7-300,,,,,ZOOMADSL,,, | |
8777 | siemens s7-300,,,,,zorro,,, | |
8778 | siemens s7-300,,,,,ZORRO,,, | |
8779 | siemens s7-300,,,,,zorromen,,, | |
8780 | siemens s7-300,,,,,ZORROMEN,,, | |
8781 | siemens s7-300,,,,,zxc,,, | |
8782 | siemens s7-300,,,,,ZXC,,, | |
8783 | siemens s7-300,,,,,zxcv,,, | |
8784 | siemens s7-300,,,,,ZXCV,,, | |
8785 | siemens s7-300,,,,,zxcvb,,, | |
8786 | siemens s7-300,,,,,ZXCVB,,, | |
8787 | siemens s7-300,,,,,zxcvbn,,, | |
8788 | siemens s7-300,,,,,ZXCVBN,,, | |
8789 | siemens s7-300,,,,,zxcvbnm,,, | |
8790 | siemens s7-300,,,,,ZXCVBNM,,, | |
8791 | siemens s7-300,,,,,zxcvbnm,,,, | |
8792 | siemens s7-300,,,,,ZXCVBNM,,,, | |
8793 | siemens s7-300,,,,,zz,,, | |
8794 | siemens s7-300,,,,,ZZ,,, | |
8795 | siemens s7-300,,,,,zzz,,, | |
8796 | siemens s7-300,,,,,ZZZ,,, | |
8797 | siemens s7-300,,,,,zzzz,,, | |
8798 | siemens s7-300,,,,,ZZZZ,,, | |
8799 | siemens s7-300,,,,,zzzzz,,, | |
8800 | siemens s7-300,,,,,ZZZZZ,,, | |
8801 | siemens s7-300,,,,,zzzzzz,,, | |
8802 | siemens s7-300,,,,,ZZZZZZ,,, | |
8803 | siemens s7-300,,,,,zzzzzzz,,, | |
8804 | siemens s7-300,,,,,ZZZZZZZ,,, | |
8805 | siemens s7-300,,,,,zzzzzzzz,,, | |
8806 | siemens s7-300,,,,,ZZZZZZZZ,,, |
6914 | 6914 | zyxel,linux,4,http://192.168.1.1:8080,user,mr37net,root,-, |
6915 | 6915 | zyxel,p-660hw,t1,http://192.168.1.1,,,admin,, |
6916 | 6916 | zyxel,zyxer,cable moden,http:192.168.1.1:8080,webadmin,1234,user,desprogamado, |
6917 | siemens s7-300,,,,,',,, | |
6918 | siemens s7-300,,,,,'',,, | |
6919 | siemens s7-300,,,,,''',,, | |
6920 | siemens s7-300,,,,,'''',,, | |
6921 | siemens s7-300,,,,,''''',,, | |
6922 | siemens s7-300,,,,,'''''',,, | |
6923 | siemens s7-300,,,,,''''''',,, | |
6924 | siemens s7-300,,,,,'''''''',,, | |
6925 | siemens s7-300,,,,,-,,, | |
6926 | siemens s7-300,,,,,--,,, | |
6927 | siemens s7-300,,,,,---,,, | |
6928 | siemens s7-300,,,,,----,,, | |
6929 | siemens s7-300,,,,,-----,,, | |
6930 | siemens s7-300,,,,,------,,, | |
6931 | siemens s7-300,,,,,-------,,, | |
6932 | siemens s7-300,,,,,--------,,, | |
6933 | siemens s7-300,,,,,!manage,,, | |
6934 | siemens s7-300,,,,,!MANAGE,,, | |
6935 | siemens s7-300,,,,,$secure$,,, | |
6936 | siemens s7-300,,,,,*,,, | |
6937 | siemens s7-300,,,,,**,,, | |
6938 | siemens s7-300,,,,,***,,, | |
6939 | siemens s7-300,,,,,****,,, | |
6940 | siemens s7-300,,,,,*****,,, | |
6941 | siemens s7-300,,,,,******,,, | |
6942 | siemens s7-300,,,,,*******,,, | |
6943 | siemens s7-300,,,,,********,,, | |
6944 | siemens s7-300,,,,,,,,, | |
6945 | siemens s7-300,,,,,,,,,, | |
6946 | siemens s7-300,,,,,,,,,,, | |
6947 | siemens s7-300,,,,,,,,,,,, | |
6948 | siemens s7-300,,,,,,,,,,,,, | |
6949 | siemens s7-300,,,,,,,,,,,,,, | |
6950 | siemens s7-300,,,,,,,,,,,,,,, | |
6951 | siemens s7-300,,,,,,,,,,,,,,,, | |
6952 | siemens s7-300,,,,,.,,, | |
6953 | siemens s7-300,,,,,..,,, | |
6954 | siemens s7-300,,,,,...,,, | |
6955 | siemens s7-300,,,,,....,,, | |
6956 | siemens s7-300,,,,,.....,,, | |
6957 | siemens s7-300,,,,,......,,, | |
6958 | siemens s7-300,,,,,.......,,, | |
6959 | siemens s7-300,,,,,........,,, | |
6960 | siemens s7-300,,,,,/,,, | |
6961 | siemens s7-300,,,,,//,,, | |
6962 | siemens s7-300,,,,,///,,, | |
6963 | siemens s7-300,,,,,////,,, | |
6964 | siemens s7-300,,,,,/////,,, | |
6965 | siemens s7-300,,,,,//////,,, | |
6966 | siemens s7-300,,,,,///////,,, | |
6967 | siemens s7-300,,,,,////////,,, | |
6968 | siemens s7-300,,,,,;,,, | |
6969 | siemens s7-300,,,,,;;,,, | |
6970 | siemens s7-300,,,,,;;;,,, | |
6971 | siemens s7-300,,,,,;;;;,,, | |
6972 | siemens s7-300,,,,,;;;;;,,, | |
6973 | siemens s7-300,,,,,;;;;;;,,, | |
6974 | siemens s7-300,,,,,;;;;;;;,,, | |
6975 | siemens s7-300,,,,,;;;;;;;;,,, | |
6976 | siemens s7-300,,,,,@#$123,,, | |
6977 | siemens s7-300,,,,,[,,, | |
6978 | siemens s7-300,,,,,[[,,, | |
6979 | siemens s7-300,,,,,[[[,,, | |
6980 | siemens s7-300,,,,,[[[[,,, | |
6981 | siemens s7-300,,,,,[[[[[,,, | |
6982 | siemens s7-300,,,,,[[[[[[,,, | |
6983 | siemens s7-300,,,,,[[[[[[[,,, | |
6984 | siemens s7-300,,,,,[[[[[[[[,,, | |
6985 | siemens s7-300,,,,,],,, | |
6986 | siemens s7-300,,,,,]],,, | |
6987 | siemens s7-300,,,,,]]],,, | |
6988 | siemens s7-300,,,,,]]]],,, | |
6989 | siemens s7-300,,,,,]]]]],,, | |
6990 | siemens s7-300,,,,,]]]]]],,, | |
6991 | siemens s7-300,,,,,]]]]]]],,, | |
6992 | siemens s7-300,,,,,]]]]]]]],,, | |
6993 | siemens s7-300,,,,,_Cisco,,, | |
6994 | siemens s7-300,,,,,`,,, | |
6995 | siemens s7-300,,,,,``,,, | |
6996 | siemens s7-300,,,,,```,,, | |
6997 | siemens s7-300,,,,,````,,, | |
6998 | siemens s7-300,,,,,`````,,, | |
6999 | siemens s7-300,,,,,``````,,, | |
7000 | siemens s7-300,,,,,```````,,, | |
7001 | siemens s7-300,,,,,````````,,, | |
7002 | siemens s7-300,,,,,+,,, | |
7003 | siemens s7-300,,,,,++,,, | |
7004 | siemens s7-300,,,,,+++,,, | |
7005 | siemens s7-300,,,,,++++,,, | |
7006 | siemens s7-300,,,,,+++++,,, | |
7007 | siemens s7-300,,,,,++++++,,, | |
7008 | siemens s7-300,,,,,+++++++,,, | |
7009 | siemens s7-300,,,,,++++++++,,, | |
7010 | siemens s7-300,,,,,=,,, | |
7011 | siemens s7-300,,,,,==,,, | |
7012 | siemens s7-300,,,,,===,,, | |
7013 | siemens s7-300,,,,,====,,, | |
7014 | siemens s7-300,,,,,=====,,, | |
7015 | siemens s7-300,,,,,======,,, | |
7016 | siemens s7-300,,,,,=======,,, | |
7017 | siemens s7-300,,,,,========,,, | |
7018 | siemens s7-300,,,,,0,,, | |
7019 | siemens s7-300,,,,,00,,, | |
7020 | siemens s7-300,,,,,000,,, | |
7021 | siemens s7-300,,,,,0000,,, | |
7022 | siemens s7-300,,,,,00000,,, | |
7023 | siemens s7-300,,,,,000000,,, | |
7024 | siemens s7-300,,,,,0000000,,, | |
7025 | siemens s7-300,,,,,00000000,,, | |
7026 | siemens s7-300,,,,,00000001,,, | |
7027 | siemens s7-300,,,,,0000001,,, | |
7028 | siemens s7-300,,,,,000001,,, | |
7029 | siemens s7-300,,,,,00001,,, | |
7030 | siemens s7-300,,,,,0001,,, | |
7031 | siemens s7-300,,,,,001,,, | |
7032 | siemens s7-300,,,,,050952,,, | |
7033 | siemens s7-300,,,,,0P3N,,, | |
7034 | siemens s7-300,,,,,1,,, | |
7035 | siemens s7-300,,,,,100,,, | |
7036 | siemens s7-300,,,,,1000,,, | |
7037 | siemens s7-300,,,,,10000,,, | |
7038 | siemens s7-300,,,,,100000,,, | |
7039 | siemens s7-300,,,,,1000000,,, | |
7040 | siemens s7-300,,,,,10000000,,, | |
7041 | siemens s7-300,,,,,10041979,,, | |
7042 | siemens s7-300,,,,,1064,,, | |
7043 | siemens s7-300,,,,,11,,, | |
7044 | siemens s7-300,,,,,111,,, | |
7045 | siemens s7-300,,,,,1111,,, | |
7046 | siemens s7-300,,,,,11111,,, | |
7047 | siemens s7-300,,,,,111111,,, | |
7048 | siemens s7-300,,,,,1111111,,, | |
7049 | siemens s7-300,,,,,11111111,,, | |
7050 | siemens s7-300,,,,,11112222,,, | |
7051 | siemens s7-300,,,,,112233,,, | |
7052 | siemens s7-300,,,,,11223344,,, | |
7053 | siemens s7-300,,,,,123,,, | |
7054 | siemens s7-300,,,,,123123,,, | |
7055 | siemens s7-300,,,,,12314500,,, | |
7056 | siemens s7-300,,,,,123321,,, | |
7057 | siemens s7-300,,,,,1234,,, | |
7058 | siemens s7-300,,,,,12344321,,, | |
7059 | siemens s7-300,,,,,12345,,, | |
7060 | siemens s7-300,,,,,123456,,, | |
7061 | siemens s7-300,,,,,1234567,,, | |
7062 | siemens s7-300,,,,,12345678,,, | |
7063 | siemens s7-300,,,,,12348765,,, | |
7064 | siemens s7-300,,,,,123654,,, | |
7065 | siemens s7-300,,,,,123asd,,, | |
7066 | siemens s7-300,,,,,123ASD,,, | |
7067 | siemens s7-300,,,,,123qwe,,, | |
7068 | siemens s7-300,,,,,123QWE,,, | |
7069 | siemens s7-300,,,,,1246,,, | |
7070 | siemens s7-300,,,,,128bit,,, | |
7071 | siemens s7-300,,,,,128BIT,,, | |
7072 | siemens s7-300,,,,,1313,,, | |
7073 | siemens s7-300,,,,,1502,,, | |
7074 | siemens s7-300,,,,,151298,,, | |
7075 | siemens s7-300,,,,,166816,,, | |
7076 | siemens s7-300,,,,,180497,,, | |
7077 | siemens s7-300,,,,,1890agb,,, | |
7078 | siemens s7-300,,,,,1890AGB,,, | |
7079 | siemens s7-300,,,,,1954,,, | |
7080 | siemens s7-300,,,,,1G2W3E,,, | |
7081 | siemens s7-300,,,,,1q2w3e,,, | |
7082 | siemens s7-300,,,,,2,,, | |
7083 | siemens s7-300,,,,,21,,, | |
7084 | siemens s7-300,,,,,21241036,,, | |
7085 | siemens s7-300,,,,,2128506,,, | |
7086 | siemens s7-300,,,,,22,,, | |
7087 | siemens s7-300,,,,,222,,, | |
7088 | siemens s7-300,,,,,2222,,, | |
7089 | siemens s7-300,,,,,22222,,, | |
7090 | siemens s7-300,,,,,222222,,, | |
7091 | siemens s7-300,,,,,2222222,,, | |
7092 | siemens s7-300,,,,,22222222,,, | |
7093 | siemens s7-300,,,,,266344,,, | |
7094 | siemens s7-300,,,,,281067,,, | |
7095 | siemens s7-300,,,,,281068,,, | |
7096 | siemens s7-300,,,,,2BW9,,, | |
7097 | siemens s7-300,,,,,2WSXcder,,, | |
7098 | siemens s7-300,,,,,3,,, | |
7099 | siemens s7-300,,,,,31994,,, | |
7100 | siemens s7-300,,,,,321,,, | |
7101 | siemens s7-300,,,,,33,,, | |
7102 | siemens s7-300,,,,,333,,, | |
7103 | siemens s7-300,,,,,3333,,, | |
7104 | siemens s7-300,,,,,33333,,, | |
7105 | siemens s7-300,,,,,333333,,, | |
7106 | siemens s7-300,,,,,3333333,,, | |
7107 | siemens s7-300,,,,,33333333,,, | |
7108 | siemens s7-300,,,,,3477,,, | |
7109 | siemens s7-300,,,,,355025,,, | |
7110 | siemens s7-300,,,,,3597,,, | |
7111 | siemens s7-300,,,,,3ascotel,,, | |
7112 | siemens s7-300,,,,,3ASCOTEL,,, | |
7113 | siemens s7-300,,,,,3ep5w2u,,, | |
7114 | siemens s7-300,,,,,3orro,,, | |
7115 | siemens s7-300,,,,,3ORRO,,, | |
7116 | siemens s7-300,,,,,3ware,,, | |
7117 | siemens s7-300,,,,,3WARE,,, | |
7118 | siemens s7-300,,,,,4,,, | |
7119 | siemens s7-300,,,,,42296795,,, | |
7120 | siemens s7-300,,,,,4321,,, | |
7121 | siemens s7-300,,,,,44,,, | |
7122 | siemens s7-300,,,,,444,,, | |
7123 | siemens s7-300,,,,,4444,,, | |
7124 | siemens s7-300,,,,,44444,,, | |
7125 | siemens s7-300,,,,,444444,,, | |
7126 | siemens s7-300,,,,,4444444,,, | |
7127 | siemens s7-300,,,,,44444444,,, | |
7128 | siemens s7-300,,,,,4ert,,, | |
7129 | siemens s7-300,,,,,4ERT,,, | |
7130 | siemens s7-300,,,,,4G5K,,, | |
7131 | siemens s7-300,,,,,4G7S,,, | |
7132 | siemens s7-300,,,,,4getme2,,, | |
7133 | siemens s7-300,,,,,4tas,,, | |
7134 | siemens s7-300,,,,,4TAS,,, | |
7135 | siemens s7-300,,,,,5,,, | |
7136 | siemens s7-300,,,,,5001,,, | |
7137 | siemens s7-300,,,,,5150,,, | |
7138 | siemens s7-300,,,,,5201314,,, | |
7139 | siemens s7-300,,,,,54321,,, | |
7140 | siemens s7-300,,,,,55,,, | |
7141 | siemens s7-300,,,,,55055,,, | |
7142 | siemens s7-300,,,,,555,,, | |
7143 | siemens s7-300,,,,,5555,,, | |
7144 | siemens s7-300,,,,,55555,,, | |
7145 | siemens s7-300,,,,,555555,,, | |
7146 | siemens s7-300,,,,,5555555,,, | |
7147 | siemens s7-300,,,,,55555555,,, | |
7148 | siemens s7-300,,,,,56789,,, | |
7149 | siemens s7-300,,,,,5693,,, | |
7150 | siemens s7-300,,,,,5777364,,, | |
7151 | siemens s7-300,,,,,5860,,, | |
7152 | siemens s7-300,,,,,589589,,, | |
7153 | siemens s7-300,,,,,6,,, | |
7154 | siemens s7-300,,,,,60587,,, | |
7155 | siemens s7-300,,,,,654321,,, | |
7156 | siemens s7-300,,,,,66,,, | |
7157 | siemens s7-300,,,,,666,,, | |
7158 | siemens s7-300,,,,,6666,,, | |
7159 | siemens s7-300,,,,,66666,,, | |
7160 | siemens s7-300,,,,,666666,,, | |
7161 | siemens s7-300,,,,,6666666,,, | |
7162 | siemens s7-300,,,,,66666666,,, | |
7163 | siemens s7-300,,,,,66808920,,, | |
7164 | siemens s7-300,,,,,6969,,, | |
7165 | siemens s7-300,,,,,7,,, | |
7166 | siemens s7-300,,,,,7654321,,, | |
7167 | siemens s7-300,,,,,77,,, | |
7168 | siemens s7-300,,,,,777,,, | |
7169 | siemens s7-300,,,,,7777,,, | |
7170 | siemens s7-300,,,,,77777,,, | |
7171 | siemens s7-300,,,,,777777,,, | |
7172 | siemens s7-300,,,,,7777777,,, | |
7173 | siemens s7-300,,,,,77777777,,, | |
7174 | siemens s7-300,,,,,7SH4,,, | |
7175 | siemens s7-300,,,,,8,,, | |
7176 | siemens s7-300,,,,,8111,,, | |
7177 | siemens s7-300,,,,,8429,,, | |
7178 | siemens s7-300,,,,,851141,,, | |
7179 | siemens s7-300,,,,,86844,,, | |
7180 | siemens s7-300,,,,,8746550,,, | |
7181 | siemens s7-300,,,,,87654321,,, | |
7182 | siemens s7-300,,,,,88,,, | |
7183 | siemens s7-300,,,,,888,,, | |
7184 | siemens s7-300,,,,,8888,,, | |
7185 | siemens s7-300,,,,,88888,,, | |
7186 | siemens s7-300,,,,,888888,,, | |
7187 | siemens s7-300,,,,,8888888,,, | |
7188 | siemens s7-300,,,,,88888888,,, | |
7189 | siemens s7-300,,,,,88981684,,, | |
7190 | siemens s7-300,,,,,9,,, | |
7191 | siemens s7-300,,,,,901100,,, | |
7192 | siemens s7-300,,,,,99,,, | |
7193 | siemens s7-300,,,,,999,,, | |
7194 | siemens s7-300,,,,,9999,,, | |
7195 | siemens s7-300,,,,,99999,,, | |
7196 | siemens s7-300,,,,,999999,,, | |
7197 | siemens s7-300,,,,,9999999,,, | |
7198 | siemens s7-300,,,,,99999999,,, | |
7199 | siemens s7-300,,,,,9W5K,,, | |
7200 | siemens s7-300,,,,,a,,, | |
7201 | siemens s7-300,,,,,A,,, | |
7202 | siemens s7-300,,,,,a/d,,, | |
7203 | siemens s7-300,,,,,A/D,,, | |
7204 | siemens s7-300,,,,,aa,,, | |
7205 | siemens s7-300,,,,,AA,,, | |
7206 | siemens s7-300,,,,,aaa,,, | |
7207 | siemens s7-300,,,,,AAA,,, | |
7208 | siemens s7-300,,,,,aaaa,,, | |
7209 | siemens s7-300,,,,,AAAA,,, | |
7210 | siemens s7-300,,,,,aaaaa,,, | |
7211 | siemens s7-300,,,,,AAAAA,,, | |
7212 | siemens s7-300,,,,,aaaaaa,,, | |
7213 | siemens s7-300,,,,,AAAAAA,,, | |
7214 | siemens s7-300,,,,,aaaaaaa,,, | |
7215 | siemens s7-300,,,,,AAAAAAA,,, | |
7216 | siemens s7-300,,,,,aaaaaaaa,,, | |
7217 | siemens s7-300,,,,,AAAAAAAA,,, | |
7218 | siemens s7-300,,,,,aabbcc,,, | |
7219 | siemens s7-300,,,,,AABBCC,,, | |
7220 | siemens s7-300,,,,,aaeon,,, | |
7221 | siemens s7-300,,,,,AAEON,,, | |
7222 | siemens s7-300,,,,,aavid,,, | |
7223 | siemens s7-300,,,,,AAVID,,, | |
7224 | siemens s7-300,,,,,ab,,, | |
7225 | siemens s7-300,,,,,AB,,, | |
7226 | siemens s7-300,,,,,abb,,, | |
7227 | siemens s7-300,,,,,ABB,,, | |
7228 | siemens s7-300,,,,,abc,,, | |
7229 | siemens s7-300,,,,,ABC,,, | |
7230 | siemens s7-300,,,,,abc123,,, | |
7231 | siemens s7-300,,,,,ABC123,,, | |
7232 | siemens s7-300,,,,,abcd,,, | |
7233 | siemens s7-300,,,,,ABCD,,, | |
7234 | siemens s7-300,,,,,abcde,,, | |
7235 | siemens s7-300,,,,,ABCDE,,, | |
7236 | siemens s7-300,,,,,ABCDEF,,, | |
7237 | siemens s7-300,,,,,abcdefg,,, | |
7238 | siemens s7-300,,,,,ABCDEFG,,, | |
7239 | siemens s7-300,,,,,abcdefgh,,, | |
7240 | siemens s7-300,,,,,ABCDEFGH,,, | |
7241 | siemens s7-300,,,,,abelconn,,, | |
7242 | siemens s7-300,,,,,ABELCONN,,, | |
7243 | siemens s7-300,,,,,abov,,, | |
7244 | siemens s7-300,,,,,ABOV,,, | |
7245 | siemens s7-300,,,,,abracon,,, | |
7246 | siemens s7-300,,,,,ABRACON,,, | |
7247 | siemens s7-300,,,,,absopuls,,, | |
7248 | siemens s7-300,,,,,ABSOPULS,,, | |
7249 | siemens s7-300,,,,,abtech,,, | |
7250 | siemens s7-300,,,,,ABTECH,,, | |
7251 | siemens s7-300,,,,,abunlock,,, | |
7252 | siemens s7-300,,,,,ABUNLOCK,,, | |
7253 | siemens s7-300,,,,,acam,,, | |
7254 | siemens s7-300,,,,,ACAM,,, | |
7255 | siemens s7-300,,,,,acc,,, | |
7256 | siemens s7-300,,,,,ACC,,, | |
7257 | siemens s7-300,,,,,access,,, | |
7258 | siemens s7-300,,,,,ACCESS,,, | |
7259 | siemens s7-300,,,,,accord,,, | |
7260 | siemens s7-300,,,,,ACCORD,,, | |
7261 | siemens s7-300,,,,,acon,,, | |
7262 | siemens s7-300,,,,,ACON,,, | |
7263 | siemens s7-300,,,,,acopian,,, | |
7264 | siemens s7-300,,,,,ACOPIAN,,, | |
7265 | siemens s7-300,,,,,acp,,, | |
7266 | siemens s7-300,,,,,ACP,,, | |
7267 | siemens s7-300,,,,,actel,,, | |
7268 | siemens s7-300,,,,,ACTEL,,, | |
7269 | siemens s7-300,,,,,activex,,, | |
7270 | siemens s7-300,,,,,ACTIVEX,,, | |
7271 | siemens s7-300,,,,,adactus,,, | |
7272 | siemens s7-300,,,,,ADACTUS,,, | |
7273 | siemens s7-300,,,,,adam,,, | |
7274 | siemens s7-300,,,,,ADAM,,, | |
7275 | siemens s7-300,,,,,adc,,, | |
7276 | siemens s7-300,,,,,ADC,,, | |
7277 | siemens s7-300,,,,,adcdef,,, | |
7278 | siemens s7-300,,,,,adda,,, | |
7279 | siemens s7-300,,,,,ADDA,,, | |
7280 | siemens s7-300,,,,,adels,,, | |
7281 | siemens s7-300,,,,,ADELS,,, | |
7282 | siemens s7-300,,,,,adfexc,,, | |
7283 | siemens s7-300,,,,,ADFEXC,,, | |
7284 | siemens s7-300,,,,,adi,,, | |
7285 | siemens s7-300,,,,,ADI,,, | |
7286 | siemens s7-300,,,,,admin,,, | |
7287 | siemens s7-300,,,,,ADMIN,,, | |
7288 | siemens s7-300,,,,,admin123,,, | |
7289 | siemens s7-300,,,,,ADMIN123,,, | |
7290 | siemens s7-300,,,,,adminttd,,, | |
7291 | siemens s7-300,,,,,ADMINTTD,,, | |
7292 | siemens s7-300,,,,,adslroot,,, | |
7293 | siemens s7-300,,,,,ADSLROOT,,, | |
7294 | siemens s7-300,,,,,adtran,,, | |
7295 | siemens s7-300,,,,,ADTRAN,,, | |
7296 | siemens s7-300,,,,,advanced,,, | |
7297 | siemens s7-300,,,,,ADVANCED,,, | |
7298 | siemens s7-300,,,,,advantec,,, | |
7299 | siemens s7-300,,,,,ADVANTEC,,, | |
7300 | siemens s7-300,,,,,aeg mis,,, | |
7301 | siemens s7-300,,,,,AEG MIS,,, | |
7302 | siemens s7-300,,,,,aeg,,, | |
7303 | siemens s7-300,,,,,AEG,,, | |
7304 | siemens s7-300,,,,,AEM,,, | |
7305 | siemens s7-300,,,,,aem,,, | |
7306 | siemens s7-300,,,,,aeroflex,,, | |
7307 | siemens s7-300,,,,,Aeroflex,,, | |
7308 | siemens s7-300,,,,,AEROFLEX,,, | |
7309 | siemens s7-300,,,,,aft,,, | |
7310 | siemens s7-300,,,,,AFT,,, | |
7311 | siemens s7-300,,,,,aitech,,, | |
7312 | siemens s7-300,,,,,AITECH,,, | |
7313 | siemens s7-300,,,,,akiwa,,, | |
7314 | siemens s7-300,,,,,AKIWA,,, | |
7315 | siemens s7-300,,,,,albright,,, | |
7316 | siemens s7-300,,,,,ALBRIGHT,,, | |
7317 | siemens s7-300,,,,,alcor,,, | |
7318 | siemens s7-300,,,,,ALCOR,,, | |
7319 | siemens s7-300,,,,,aleph,,, | |
7320 | siemens s7-300,,,,,ALEPH,,, | |
7321 | siemens s7-300,,,,,ALFA,,, | |
7322 | siemens s7-300,,,,,alfaMag,,, | |
7323 | siemens s7-300,,,,,ALFAMAG,,, | |
7324 | siemens s7-300,,,,,alfa'r,,, | |
7325 | siemens s7-300,,,,,ALFA'R,,, | |
7326 | siemens s7-300,,,,,alfatron,,, | |
7327 | siemens s7-300,,,,,ALFATRON,,, | |
7328 | siemens s7-300,,,,,ali,,, | |
7329 | siemens s7-300,,,,,ALI,,, | |
7330 | siemens s7-300,,,,,all,,, | |
7331 | siemens s7-300,,,,,ALL,,, | |
7332 | siemens s7-300,,,,,allegro,,, | |
7333 | siemens s7-300,,,,,ALLEGRO,,, | |
7334 | siemens s7-300,,,,,allen,,, | |
7335 | siemens s7-300,,,,,ALLEN,,, | |
7336 | siemens s7-300,,,,,alliance,,, | |
7337 | siemens s7-300,,,,,ALLIANCE,,, | |
7338 | siemens s7-300,,,,,allied,,, | |
7339 | siemens s7-300,,,,,ALLIED,,, | |
7340 | siemens s7-300,,,,,alpha,,, | |
7341 | siemens s7-300,,,,,alpha,,, | |
7342 | siemens s7-300,,,,,alpine,,, | |
7343 | siemens s7-300,,,,,ALPINE,,, | |
7344 | siemens s7-300,,,,,alps,,, | |
7345 | siemens s7-300,,,,,ALPS,,, | |
7346 | siemens s7-300,,,,,altera,,, | |
7347 | siemens s7-300,,,,,ALTERA,,, | |
7348 | siemens s7-300,,,,,amber,,, | |
7349 | siemens s7-300,,,,,AMBER,,, | |
7350 | siemens s7-300,,,,,amd,,, | |
7351 | siemens s7-300,,,,,AMD,,, | |
7352 | siemens s7-300,,,,,american,,, | |
7353 | siemens s7-300,,,,,AMERICAN,,, | |
7354 | siemens s7-300,,,,,ametherm,,, | |
7355 | siemens s7-300,,,,,AMETHERM,,, | |
7356 | siemens s7-300,,,,,ami,,, | |
7357 | siemens s7-300,,,,,AMI,,, | |
7358 | siemens s7-300,,,,,amic,,, | |
7359 | siemens s7-300,,,,,AMIC,,, | |
7360 | siemens s7-300,,,,,amis,,, | |
7361 | siemens s7-300,,,,,AMIS,,, | |
7362 | siemens s7-300,,,,,ammc,,, | |
7363 | siemens s7-300,,,,,AMMC,,, | |
7364 | siemens s7-300,,,,,amp,,, | |
7365 | siemens s7-300,,,,,AMP,,, | |
7366 | siemens s7-300,,,,,amperite,,, | |
7367 | siemens s7-300,,,,,AMPERITE,,, | |
7368 | siemens s7-300,,,,,amphenol,,, | |
7369 | siemens s7-300,,,,,AMPHENOL,,, | |
7370 | siemens s7-300,,,,,ampire,,, | |
7371 | siemens s7-300,,,,,AMPIRE,,, | |
7372 | siemens s7-300,,,,,amt,,, | |
7373 | siemens s7-300,,,,,AMT,,, | |
7374 | siemens s7-300,,,,,anachip,,, | |
7375 | siemens s7-300,,,,,ANACHIP,,, | |
7376 | siemens s7-300,,,,,anadigic,,, | |
7377 | siemens s7-300,,,,,ANADIGIC,,, | |
7378 | siemens s7-300,,,,,anadigm,,, | |
7379 | siemens s7-300,,,,,ANADIGM,,, | |
7380 | siemens s7-300,,,,,analog,,, | |
7381 | siemens s7-300,,,,,ANALOG,,, | |
7382 | siemens s7-300,,,,,analogic,,, | |
7383 | siemens s7-300,,,,,ANALOGIC,,, | |
7384 | siemens s7-300,,,,,anaren,,, | |
7385 | siemens s7-300,,,,,ANAREN,,, | |
7386 | siemens s7-300,,,,,angel,,, | |
7387 | siemens s7-300,,,,,ANGEL,,, | |
7388 | siemens s7-300,,,,,angle,,, | |
7389 | siemens s7-300,,,,,ANGLE,,, | |
7390 | siemens s7-300,,,,,anicust,,, | |
7391 | siemens s7-300,,,,,ANICUST,,, | |
7392 | siemens s7-300,,,,,anla,,, | |
7393 | siemens s7-300,,,,,ANLA,,, | |
7394 | siemens s7-300,,,,,anleim,,, | |
7395 | siemens s7-300,,,,,Anleim,,, | |
7396 | siemens s7-300,,,,,ANLEIM,,, | |
7397 | siemens s7-300,,,,,anritsu,,, | |
7398 | siemens s7-300,,,,,ANRITSU,,, | |
7399 | siemens s7-300,,,,,ANS#150,,, | |
7400 | siemens s7-300,,,,,anshan,,, | |
7401 | siemens s7-300,,,,,ANSHAN,,, | |
7402 | siemens s7-300,,,,,ansmann,,, | |
7403 | siemens s7-300,,,,,ANSMANN,,, | |
7404 | siemens s7-300,,,,,any@,,, | |
7405 | siemens s7-300,,,,,anycom,,, | |
7406 | siemens s7-300,,,,,ANYCOM,,, | |
7407 | siemens s7-300,,,,,anydata,,, | |
7408 | siemens s7-300,,,,,ANYDATA,,, | |
7409 | siemens s7-300,,,,,anyone,,, | |
7410 | siemens s7-300,,,,,ANYONE,,, | |
7411 | siemens s7-300,,,,,anyway,,, | |
7412 | siemens s7-300,,,,,ANYWAY,,, | |
7413 | siemens s7-300,,,,,apbodiur,,, | |
7414 | siemens s7-300,,,,,APBODIUR,,, | |
7415 | siemens s7-300,,,,,apc,,, | |
7416 | siemens s7-300,,,,,APC,,, | |
7417 | siemens s7-300,,,,,apem,,, | |
7418 | siemens s7-300,,,,,APEM,,, | |
7419 | siemens s7-300,,,,,apex,,, | |
7420 | siemens s7-300,,,,,APEX,,, | |
7421 | siemens s7-300,,,,,api,,, | |
7422 | siemens s7-300,,,,,API,,, | |
7423 | siemens s7-300,,,,,aplus,,, | |
7424 | siemens s7-300,,,,,APLUS,,, | |
7425 | siemens s7-300,,,,,apm,,, | |
7426 | siemens s7-300,,,,,APM,,, | |
7427 | siemens s7-300,,,,,a-power,,, | |
7428 | siemens s7-300,,,,,A-POWER,,, | |
7429 | siemens s7-300,,,,,app,,, | |
7430 | siemens s7-300,,,,,APP,,, | |
7431 | siemens s7-300,,,,,applied,,, | |
7432 | siemens s7-300,,,,,APPLIED,,, | |
7433 | siemens s7-300,,,,,apra,,, | |
7434 | siemens s7-300,,,,,APRA,,, | |
7435 | siemens s7-300,,,,,arsenal,,, | |
7436 | siemens s7-300,,,,,ARSENAL,,, | |
7437 | siemens s7-300,,,,,articon,,, | |
7438 | siemens s7-300,,,,,ARTICON,,, | |
7439 | siemens s7-300,,,,,asante,,, | |
7440 | siemens s7-300,,,,,Asante,,, | |
7441 | siemens s7-300,,,,,ASANTE,,, | |
7442 | siemens s7-300,,,,,ascend,,, | |
7443 | siemens s7-300,,,,,Ascend,,, | |
7444 | siemens s7-300,,,,,ASCEND,,, | |
7445 | siemens s7-300,,,,,asd,,, | |
7446 | siemens s7-300,,,,,ASD,,, | |
7447 | siemens s7-300,,,,,asdf,,, | |
7448 | siemens s7-300,,,,,ASDF,,, | |
7449 | siemens s7-300,,,,,asdfg,,, | |
7450 | siemens s7-300,,,,,ASDFG,,, | |
7451 | siemens s7-300,,,,,asdfgh,,, | |
7452 | siemens s7-300,,,,,asdfgh,,, | |
7453 | siemens s7-300,,,,,ASDFGH,,, | |
7454 | siemens s7-300,,,,,asdfghj,,, | |
7455 | siemens s7-300,,,,,ASDFGHJ,,, | |
7456 | siemens s7-300,,,,,asdfghjk,,, | |
7457 | siemens s7-300,,,,,ASDFGHJK,,, | |
7458 | siemens s7-300,,,,,asi,,, | |
7459 | siemens s7-300,,,,,ASI,,, | |
7460 | siemens s7-300,,,,,asutp,,, | |
7461 | siemens s7-300,,,,,ASUTP,,, | |
7462 | siemens s7-300,,,,,at4400,,, | |
7463 | siemens s7-300,,,,,AT4400,,, | |
7464 | siemens s7-300,,,,,atc,,, | |
7465 | siemens s7-300,,,,,atc,,, | |
7466 | siemens s7-300,,,,,ATC,,, | |
7467 | siemens s7-300,,,,,atc123,,, | |
7468 | siemens s7-300,,,,,ATC123,,, | |
7469 | siemens s7-300,,,,,atlantis,,, | |
7470 | siemens s7-300,,,,,ATLANTIS,,, | |
7471 | siemens s7-300,,,,,attack,,, | |
7472 | siemens s7-300,,,,,ATTACK,,, | |
7473 | siemens s7-300,,,,,autohors,,, | |
7474 | siemens s7-300,,,,,AUTOHORS,,, | |
7475 | siemens s7-300,,,,,azsxdc,,, | |
7476 | siemens s7-300,,,,,AZSXDC,,, | |
7477 | siemens s7-300,,,,,b,,, | |
7478 | siemens s7-300,,,,,B,,, | |
7479 | siemens s7-300,,,,,b&r,,, | |
7480 | siemens s7-300,,,,,B&R,,, | |
7481 | siemens s7-300,,,,,B2H4,,, | |
7482 | siemens s7-300,,,,,B9W3,,, | |
7483 | siemens s7-300,,,,,back,,, | |
7484 | siemens s7-300,,,,,BACK,,, | |
7485 | siemens s7-300,,,,,backdoor,,, | |
7486 | siemens s7-300,,,,,BACKDOOR,,, | |
7487 | siemens s7-300,,,,,badboy,,, | |
7488 | siemens s7-300,,,,,BADBOY,,, | |
7489 | siemens s7-300,,,,,barricade,,, | |
7490 | siemens s7-300,,,,,BARRICADE,,, | |
7491 | siemens s7-300,,,,,baseball,,, | |
7492 | siemens s7-300,,,,,BASEBALL,,, | |
7493 | siemens s7-300,,,,,bb,,, | |
7494 | siemens s7-300,,,,,BB,,, | |
7495 | siemens s7-300,,,,,bbb,,, | |
7496 | siemens s7-300,,,,,BBB,,, | |
7497 | siemens s7-300,,,,,bbbb,,, | |
7498 | siemens s7-300,,,,,BBBB,,, | |
7499 | siemens s7-300,,,,,bbbbb,,, | |
7500 | siemens s7-300,,,,,BBBBB,,, | |
7501 | siemens s7-300,,,,,bbbbbb,,, | |
7502 | siemens s7-300,,,,,BBBBBB,,, | |
7503 | siemens s7-300,,,,,bbbbbbb,,, | |
7504 | siemens s7-300,,,,,BBBBBBB,,, | |
7505 | siemens s7-300,,,,,bbbbbbbb,,, | |
7506 | siemens s7-300,,,,,BBBBBBBB,,, | |
7507 | siemens s7-300,,,,,bciimpw,,, | |
7508 | siemens s7-300,,,,,BCIIMPW,,, | |
7509 | siemens s7-300,,,,,bcimpw,,, | |
7510 | siemens s7-300,,,,,BCIMPW,,, | |
7511 | siemens s7-300,,,,,bcnaspw,,, | |
7512 | siemens s7-300,,,,,BCNASPW,,, | |
7513 | siemens s7-300,,,,,beatch,,, | |
7514 | siemens s7-300,,,,,BEATCH,,, | |
7515 | siemens s7-300,,,,,beerbeer,,, | |
7516 | siemens s7-300,,,,,BEERBEER,,, | |
7517 | siemens s7-300,,,,,betera,,, | |
7518 | siemens s7-300,,,,,BETERA,,, | |
7519 | siemens s7-300,,,,,bible,,, | |
7520 | siemens s7-300,,,,,BIBLE,,, | |
7521 | siemens s7-300,,,,,bintec,,, | |
7522 | siemens s7-300,,,,,BINTEC,,, | |
7523 | siemens s7-300,,,,,birdie,,, | |
7524 | siemens s7-300,,,,,BIRDIE,,, | |
7525 | siemens s7-300,,,,,black,,, | |
7526 | siemens s7-300,,,,,BLACK,,, | |
7527 | siemens s7-300,,,,,blaster,,, | |
7528 | siemens s7-300,,,,,BLASTER,,, | |
7529 | siemens s7-300,,,,,blender,,, | |
7530 | siemens s7-300,,,,,BLENDER,,, | |
7531 | siemens s7-300,,,,,blink,,, | |
7532 | siemens s7-300,,,,,BLINK,,, | |
7533 | siemens s7-300,,,,,blink182,,, | |
7534 | siemens s7-300,,,,,BLINK182,,, | |
7535 | siemens s7-300,,,,,bluepw,,, | |
7536 | siemens s7-300,,,,,BLUEPW,,, | |
7537 | siemens s7-300,,,,,bowling,,, | |
7538 | siemens s7-300,,,,,BOWLING,,, | |
7539 | siemens s7-300,,,,,bradley,,, | |
7540 | siemens s7-300,,,,,BRADLEY,,, | |
7541 | siemens s7-300,,,,,bridge,,, | |
7542 | siemens s7-300,,,,,BRIDGE,,, | |
7543 | siemens s7-300,,,,,bright,,, | |
7544 | siemens s7-300,,,,,BRIGHT,,, | |
7545 | siemens s7-300,,,,,c,,, | |
7546 | siemens s7-300,,,,,C,,, | |
7547 | siemens s7-300,,,,,ca01,,, | |
7548 | siemens s7-300,,,,,CA01,,, | |
7549 | siemens s7-300,,,,,cacadmin,,, | |
7550 | siemens s7-300,,,,,CACADMIN,,, | |
7551 | siemens s7-300,,,,,cactus,,, | |
7552 | siemens s7-300,,,,,CACTUS,,, | |
7553 | siemens s7-300,,,,,calvin,,, | |
7554 | siemens s7-300,,,,,CALVIN,,, | |
7555 | siemens s7-300,,,,,can,,, | |
7556 | siemens s7-300,,,,,CAN,,, | |
7557 | siemens s7-300,,,,,canbus,,, | |
7558 | siemens s7-300,,,,,CANBUS,,, | |
7559 | siemens s7-300,,,,,carolian,,, | |
7560 | siemens s7-300,,,,,CAROLIAN,,, | |
7561 | siemens s7-300,,,,,cascade,,, | |
7562 | siemens s7-300,,,,,CASCADE,,, | |
7563 | siemens s7-300,,,,,cc,,, | |
7564 | siemens s7-300,,,,,CC,,, | |
7565 | siemens s7-300,,,,,ccc,,, | |
7566 | siemens s7-300,,,,,CCC,,, | |
7567 | siemens s7-300,,,,,cccc,,, | |
7568 | siemens s7-300,,,,,CCCC,,, | |
7569 | siemens s7-300,,,,,ccccc,,, | |
7570 | siemens s7-300,,,,,CCCCC,,, | |
7571 | siemens s7-300,,,,,cccccc,,, | |
7572 | siemens s7-300,,,,,CCCCCC,,, | |
7573 | siemens s7-300,,,,,ccccccc,,, | |
7574 | siemens s7-300,,,,,CCCCCCC,,, | |
7575 | siemens s7-300,,,,,cccccccc,,, | |
7576 | siemens s7-300,,,,,CCCCCCCC,,, | |
7577 | siemens s7-300,,,,,ccrusr,,, | |
7578 | siemens s7-300,,,,,CCRUSR,,, | |
7579 | siemens s7-300,,,,,cellit,,, | |
7580 | siemens s7-300,,,,,CELLIT,,, | |
7581 | siemens s7-300,,,,,cfc,,, | |
7582 | siemens s7-300,,,,,CFC,,, | |
7583 | siemens s7-300,,,,,CHABGEME,,, | |
7584 | siemens s7-300,,,,,changeme,,, | |
7585 | siemens s7-300,,,,,CHANGEME,,, | |
7586 | siemens s7-300,,,,,changit,,, | |
7587 | siemens s7-300,,,,,CHANGIT,,, | |
7588 | siemens s7-300,,,,,charlie,,, | |
7589 | siemens s7-300,,,,,CHARLIE,,, | |
7590 | siemens s7-300,,,,,cisco,,, | |
7591 | siemens s7-300,,,,,Cisco,,, | |
7592 | siemens s7-300,,,,,CISCO,,, | |
7593 | siemens s7-300,,,,,citel,,, | |
7594 | siemens s7-300,,,,,CITEL,,, | |
7595 | siemens s7-300,,,,,client,,, | |
7596 | siemens s7-300,,,,,CLIENT,,, | |
7597 | siemens s7-300,,,,,cmaker,,, | |
7598 | siemens s7-300,,,,,CMAKER,,, | |
7599 | siemens s7-300,,,,,cms500,,, | |
7600 | siemens s7-300,,,,,CMS500,,, | |
7601 | siemens s7-300,,,,,cnas,,, | |
7602 | siemens s7-300,,,,,CNAS,,, | |
7603 | siemens s7-300,,,,,cody,,, | |
7604 | siemens s7-300,,,,,CODY,,, | |
7605 | siemens s7-300,,,,,cognos,,, | |
7606 | siemens s7-300,,,,,COGNOS,,, | |
7607 | siemens s7-300,,,,,Col2ogro2,,, | |
7608 | siemens s7-300,,,,,computer,,, | |
7609 | siemens s7-300,,,,,COMPUTER,,, | |
7610 | siemens s7-300,,,,,connect,,, | |
7611 | siemens s7-300,,,,,CONNECT,,, | |
7612 | siemens s7-300,,,,,conv,,, | |
7613 | siemens s7-300,,,,,CONV,,, | |
7614 | siemens s7-300,,,,,cool,,, | |
7615 | siemens s7-300,,,,,COOL,,, | |
7616 | siemens s7-300,,,,,corecess,,, | |
7617 | siemens s7-300,,,,,CORECESS,,, | |
7618 | siemens s7-300,,,,,cosmos,,, | |
7619 | siemens s7-300,,,,,COSMOS,,, | |
7620 | siemens s7-300,,,,,craft,,, | |
7621 | siemens s7-300,,,,,CRAFT,,, | |
7622 | siemens s7-300,,,,,craftpw,,, | |
7623 | siemens s7-300,,,,,CRAFTPW,,, | |
7624 | siemens s7-300,,,,,crftpw,,, | |
7625 | siemens s7-300,,,,,CRFTPW,,, | |
7626 | siemens s7-300,,,,,crystal,,, | |
7627 | siemens s7-300,,,,,CRYSTAL,,, | |
7628 | siemens s7-300,,,,,ct/1,,, | |
7629 | siemens s7-300,,,,,customer,,, | |
7630 | siemens s7-300,,,,,CUSTOMER,,, | |
7631 | siemens s7-300,,,,,custpw,,, | |
7632 | siemens s7-300,,,,,CUSTPW,,, | |
7633 | siemens s7-300,,,,,d,,, | |
7634 | siemens s7-300,,,,,D,,, | |
7635 | siemens s7-300,,,,,d.e.b.u.g,,, | |
7636 | siemens s7-300,,,,,d00m,,, | |
7637 | siemens s7-300,,,,,D00M,,, | |
7638 | siemens s7-300,,,,,dadmin01,,, | |
7639 | siemens s7-300,,,,,DADMIN01,,, | |
7640 | siemens s7-300,,,,,danger,,, | |
7641 | siemens s7-300,,,,,DANGER,,, | |
7642 | siemens s7-300,,,,,database,,, | |
7643 | siemens s7-300,,,,,DATABASE,,, | |
7644 | siemens s7-300,,,,,davox,,, | |
7645 | siemens s7-300,,,,,dbps,,, | |
7646 | siemens s7-300,,,,,DBPS,,, | |
7647 | siemens s7-300,,,,,dd,,, | |
7648 | siemens s7-300,,,,,DD,,, | |
7649 | siemens s7-300,,,,,ddd,,, | |
7650 | siemens s7-300,,,,,DDD,,, | |
7651 | siemens s7-300,,,,,dddd,,, | |
7652 | siemens s7-300,,,,,DDDD,,, | |
7653 | siemens s7-300,,,,,ddddd,,, | |
7654 | siemens s7-300,,,,,DDDDD,,, | |
7655 | siemens s7-300,,,,,dddddd,,, | |
7656 | siemens s7-300,,,,,DDDDDD,,, | |
7657 | siemens s7-300,,,,,ddddddd,,, | |
7658 | siemens s7-300,,,,,DDDDDDD,,, | |
7659 | siemens s7-300,,,,,dddddddd,,, | |
7660 | siemens s7-300,,,,,DDDDDDDD,,, | |
7661 | siemens s7-300,,,,,dean,,, | |
7662 | siemens s7-300,,,,,DEAN,,, | |
7663 | siemens s7-300,,,,,default,,, | |
7664 | siemens s7-300,,,,,DEFAULT,,, | |
7665 | siemens s7-300,,,,,delevan,,, | |
7666 | siemens s7-300,,,,,demo,,, | |
7667 | siemens s7-300,,,,,DEMO,,, | |
7668 | siemens s7-300,,,,,denise,,, | |
7669 | siemens s7-300,,,,,DENISE,,, | |
7670 | siemens s7-300,,,,,derparol,,, | |
7671 | siemens s7-300,,,,,DERPAROL,,, | |
7672 | siemens s7-300,,,,,DEVEVAN,,, | |
7673 | siemens s7-300,,,,,device,,, | |
7674 | siemens s7-300,,,,,DEVICE,,, | |
7675 | siemens s7-300,,,,,devices,,, | |
7676 | siemens s7-300,,,,,DEVICES,,, | |
7677 | siemens s7-300,,,,,dhs3mt,,, | |
7678 | siemens s7-300,,,,,DHS3MT,,, | |
7679 | siemens s7-300,,,,,dhs3pms,,, | |
7680 | siemens s7-300,,,,,DHS3PMS,,, | |
7681 | siemens s7-300,,,,,diabl0,,, | |
7682 | siemens s7-300,,,,,DIABL0,,, | |
7683 | siemens s7-300,,,,,diablo,,, | |
7684 | siemens s7-300,,,,,DIABLO,,, | |
7685 | siemens s7-300,,,,,diamond,,, | |
7686 | siemens s7-300,,,,,DIAMOND,,, | |
7687 | siemens s7-300,,,,,digital,,, | |
7688 | siemens s7-300,,,,,DIGITAL,,, | |
7689 | siemens s7-300,,,,,DL20,,, | |
7690 | siemens s7-300,,,,,dlink,,, | |
7691 | siemens s7-300,,,,,D-Link,,, | |
7692 | siemens s7-300,,,,,DLINK,,, | |
7693 | siemens s7-300,,,,,dollar,,, | |
7694 | siemens s7-300,,,,,DOLLAR,,, | |
7695 | siemens s7-300,,,,,doom,,, | |
7696 | siemens s7-300,,,,,DOOM,,, | |
7697 | siemens s7-300,,,,,draadloos,,, | |
7698 | siemens s7-300,,,,,DRAADLOOS,,, | |
7699 | siemens s7-300,,,,,drivees,,, | |
7700 | siemens s7-300,,,,,DRIVEES,,, | |
7701 | siemens s7-300,,,,,e,,, | |
7702 | siemens s7-300,,,,,E,,, | |
7703 | siemens s7-300,,,,,echo,,, | |
7704 | siemens s7-300,,,,,ECHO,,, | |
7705 | siemens s7-300,,,,,ee,,, | |
7706 | siemens s7-300,,,,,EE,,, | |
7707 | siemens s7-300,,,,,eee,,, | |
7708 | siemens s7-300,,,,,EEE,,, | |
7709 | siemens s7-300,,,,,eeee,,, | |
7710 | siemens s7-300,,,,,EEEE,,, | |
7711 | siemens s7-300,,,,,eeeee,,, | |
7712 | siemens s7-300,,,,,EEEEE,,, | |
7713 | siemens s7-300,,,,,eeeeee,,, | |
7714 | siemens s7-300,,,,,EEEEEE,,, | |
7715 | siemens s7-300,,,,,eeeeeee,,, | |
7716 | siemens s7-300,,,,,EEEEEEE,,, | |
7717 | siemens s7-300,,,,,eeeeeeee,,, | |
7718 | siemens s7-300,,,,,EEEEEEEE,,, | |
7719 | siemens s7-300,,,,,EGDFV,,, | |
7720 | siemens s7-300,,,,,electrin,,, | |
7721 | siemens s7-300,,,,,ELECTRIN,,, | |
7722 | siemens s7-300,,,,,elvis,,, | |
7723 | siemens s7-300,,,,,ELVIS,,, | |
7724 | siemens s7-300,,,,,enable,,, | |
7725 | siemens s7-300,,,,,ENABLE,,, | |
7726 | siemens s7-300,,,,,energy,,, | |
7727 | siemens s7-300,,,,,ENERGY,,, | |
7728 | siemens s7-300,,,,,engineer,,, | |
7729 | siemens s7-300,,,,,ENGINEER,,, | |
7730 | siemens s7-300,,,,,eqdfv,,, | |
7731 | siemens s7-300,,,,,err0r,,, | |
7732 | siemens s7-300,,,,,ERR0R,,, | |
7733 | siemens s7-300,,,,,error,,, | |
7734 | siemens s7-300,,,,,evening,,, | |
7735 | siemens s7-300,,,,,EVENING,,, | |
7736 | siemens s7-300,,,,,Exabyte,,, | |
7737 | siemens s7-300,,,,,EXABYTE,,, | |
7738 | siemens s7-300,,,,,expert03,,, | |
7739 | siemens s7-300,,,,,EXPERT03,,, | |
7740 | siemens s7-300,,,,,f,,, | |
7741 | siemens s7-300,,,,,F,,, | |
7742 | siemens s7-300,,,,,father,,, | |
7743 | siemens s7-300,,,,,FATHER,,, | |
7744 | siemens s7-300,,,,,fbd,,, | |
7745 | siemens s7-300,,,,,FBD,,, | |
7746 | siemens s7-300,,,,,ff,,, | |
7747 | siemens s7-300,,,,,FF,,, | |
7748 | siemens s7-300,,,,,fff,,, | |
7749 | siemens s7-300,,,,,FFF,,, | |
7750 | siemens s7-300,,,,,ffff,,, | |
7751 | siemens s7-300,,,,,FFFF,,, | |
7752 | siemens s7-300,,,,,fffff,,, | |
7753 | siemens s7-300,,,,,FFFFF,,, | |
7754 | siemens s7-300,,,,,ffffff,,, | |
7755 | siemens s7-300,,,,,FFFFFF,,, | |
7756 | siemens s7-300,,,,,fffffff,,, | |
7757 | siemens s7-300,,,,,FFFFFFF,,, | |
7758 | siemens s7-300,,,,,ffffffff,,, | |
7759 | siemens s7-300,,,,,FFFFFFFF,,, | |
7760 | siemens s7-300,,,,,field,,, | |
7761 | siemens s7-300,,,,,FIELD,,, | |
7762 | siemens s7-300,,,,,fire,,, | |
7763 | siemens s7-300,,,,,FIRE,,, | |
7764 | siemens s7-300,,,,,Fireport,,, | |
7765 | siemens s7-300,,,,,FIREPORT,,, | |
7766 | siemens s7-300,,,,,fish,,, | |
7767 | siemens s7-300,,,,,FISH,,, | |
7768 | siemens s7-300,,,,,fivranne,,, | |
7769 | siemens s7-300,,,,,FIVRANNE,,, | |
7770 | siemens s7-300,,,,,flash,,, | |
7771 | siemens s7-300,,,,,FLASH,,, | |
7772 | siemens s7-300,,,,,flex,,, | |
7773 | siemens s7-300,,,,,FLEX,,, | |
7774 | siemens s7-300,,,,,flexible,,, | |
7775 | siemens s7-300,,,,,FLEXIBLE,,, | |
7776 | siemens s7-300,,,,,football,,, | |
7777 | siemens s7-300,,,,,FOOTBALL,,, | |
7778 | siemens s7-300,,,,,friend,,, | |
7779 | siemens s7-300,,,,,FRIEND,,, | |
7780 | siemens s7-300,,,,,fuck,,, | |
7781 | siemens s7-300,,,,,FUCK,,, | |
7782 | siemens s7-300,,,,,fuckoff,,, | |
7783 | siemens s7-300,,,,,FUCKOFF,,, | |
7784 | siemens s7-300,,,,,fuckyou,,, | |
7785 | siemens s7-300,,,,,FUCKYOU,,, | |
7786 | siemens s7-300,,,,,g,,, | |
7787 | siemens s7-300,,,,,G,,, | |
7788 | siemens s7-300,,,,,g00gle,,, | |
7789 | siemens s7-300,,,,,G00GLE,,, | |
7790 | siemens s7-300,,,,,G0F9,,, | |
7791 | siemens s7-300,,,,,G0K1,,, | |
7792 | siemens s7-300,,,,,G6K6,,, | |
7793 | siemens s7-300,,,,,gama,,, | |
7794 | siemens s7-300,,,,,GAMA,,, | |
7795 | siemens s7-300,,,,,ganteng,,, | |
7796 | siemens s7-300,,,,,GAWSED,,, | |
7797 | siemens s7-300,,,,,Geardog,,, | |
7798 | siemens s7-300,,,,,GEARDOG,,, | |
7799 | siemens s7-300,,,,,gen1,,, | |
7800 | siemens s7-300,,,,,gen2,,, | |
7801 | siemens s7-300,,,,,gfcc,,, | |
7802 | siemens s7-300,,,,,GFCC,,, | |
7803 | siemens s7-300,,,,,gfccdjhl,,, | |
7804 | siemens s7-300,,,,,GFCCDJHL,,, | |
7805 | siemens s7-300,,,,,gfhjkm,,, | |
7806 | siemens s7-300,,,,,gfhjkm,,, | |
7807 | siemens s7-300,,,,,GFHJKM,,, | |
7808 | siemens s7-300,,,,,gg,,, | |
7809 | siemens s7-300,,,,,GG,,, | |
7810 | siemens s7-300,,,,,ggg,,, | |
7811 | siemens s7-300,,,,,GGG,,, | |
7812 | siemens s7-300,,,,,gggg,,, | |
7813 | siemens s7-300,,,,,GGGG,,, | |
7814 | siemens s7-300,,,,,ggggg,,, | |
7815 | siemens s7-300,,,,,GGGGG,,, | |
7816 | siemens s7-300,,,,,gggggg,,, | |
7817 | siemens s7-300,,,,,GGGGGG,,, | |
7818 | siemens s7-300,,,,,ggggggg,,, | |
7819 | siemens s7-300,,,,,GGGGGGG,,, | |
7820 | siemens s7-300,,,,,gggggggg,,, | |
7821 | siemens s7-300,,,,,GGGGGGGG,,, | |
7822 | siemens s7-300,,,,,ghbdtn,,, | |
7823 | siemens s7-300,,,,,GHBDTN,,, | |
7824 | siemens s7-300,,,,,GHOST,,, | |
7825 | siemens s7-300,,,,,ghost,,, | |
7826 | siemens s7-300,,,,,goal,,, | |
7827 | siemens s7-300,,,,,GOAL,,, | |
7828 | siemens s7-300,,,,,golf,,, | |
7829 | siemens s7-300,,,,,GOLF,,, | |
7830 | siemens s7-300,,,,,google,,, | |
7831 | siemens s7-300,,,,,GOOGLE,,, | |
7832 | siemens s7-300,,,,,got,,, | |
7833 | siemens s7-300,,,,,GOT,,, | |
7834 | siemens s7-300,,,,,guest,,, | |
7835 | siemens s7-300,,,,,GUEST,,, | |
7836 | siemens s7-300,,,,,h,,, | |
7837 | siemens s7-300,,,,,H,,, | |
7838 | siemens s7-300,,,,,hardware,,, | |
7839 | siemens s7-300,,,,,HARDWARE,,, | |
7840 | siemens s7-300,,,,,harley,,, | |
7841 | siemens s7-300,,,,,helen,,, | |
7842 | siemens s7-300,,,,,HELEN,,, | |
7843 | siemens s7-300,,,,,hello,,, | |
7844 | siemens s7-300,,,,,HELLO,,, | |
7845 | siemens s7-300,,,,,help,,, | |
7846 | siemens s7-300,,,,,HELP,,, | |
7847 | siemens s7-300,,,,,help1954,,, | |
7848 | siemens s7-300,,,,,HELP1954,,, | |
7849 | siemens s7-300,,,,,Helpdesk,,, | |
7850 | siemens s7-300,,,,,HELPDESK,,, | |
7851 | siemens s7-300,,,,,hexseal,,, | |
7852 | siemens s7-300,,,,,HEXSEAL,,, | |
7853 | siemens s7-300,,,,,hh,,, | |
7854 | siemens s7-300,,,,,HH,,, | |
7855 | siemens s7-300,,,,,hhh,,, | |
7856 | siemens s7-300,,,,,HHH,,, | |
7857 | siemens s7-300,,,,,hhhh,,, | |
7858 | siemens s7-300,,,,,HHHH,,, | |
7859 | siemens s7-300,,,,,hhhhh,,, | |
7860 | siemens s7-300,,,,,HHHHH,,, | |
7861 | siemens s7-300,,,,,hhhhhh,,, | |
7862 | siemens s7-300,,,,,HHHHHH,,, | |
7863 | siemens s7-300,,,,,hhhhhhh,,, | |
7864 | siemens s7-300,,,,,HHHHHHH,,, | |
7865 | siemens s7-300,,,,,hhhhhhhh,,, | |
7866 | siemens s7-300,,,,,HHHHHHHH,,, | |
7867 | siemens s7-300,,,,,highspeed,,, | |
7868 | siemens s7-300,,,,,HIGHSPEED,,, | |
7869 | siemens s7-300,,,,,hinear,,, | |
7870 | siemens s7-300,,,,,HINEAR,,, | |
7871 | siemens s7-300,,,,,home,,, | |
7872 | siemens s7-300,,,,,HOME,,, | |
7873 | siemens s7-300,,,,,homeplug,,, | |
7874 | siemens s7-300,,,,,HomePlug,,, | |
7875 | siemens s7-300,,,,,HOMEPLUG,,, | |
7876 | siemens s7-300,,,,,honda,,, | |
7877 | siemens s7-300,,,,,HONDA,,, | |
7878 | siemens s7-300,,,,,HP,,, | |
7879 | siemens s7-300,,,,,hp.com,,, | |
7880 | siemens s7-300,,,,,hpoffice,,, | |
7881 | siemens s7-300,,,,,HPOFFICE,,, | |
7882 | siemens s7-300,,,,,hponly,,, | |
7883 | siemens s7-300,,,,,HPONLY,,, | |
7884 | siemens s7-300,,,,,HPP187,,, | |
7885 | siemens s7-300,,,,,HPP189,,, | |
7886 | siemens s7-300,,,,,HPP196,,, | |
7887 | siemens s7-300,,,,,hrloo,,, | |
7888 | siemens s7-300,,,,,HRLOO,,, | |
7889 | siemens s7-300,,,,,hsadb,,, | |
7890 | siemens s7-300,,,,,http,,, | |
7891 | siemens s7-300,,,,,HTTP,,, | |
7892 | siemens s7-300,,,,,i,,, | |
7893 | siemens s7-300,,,,,I,,, | |
7894 | siemens s7-300,,,,,iDirect,,, | |
7895 | siemens s7-300,,,,,IDIRECT,,, | |
7896 | siemens s7-300,,,,,ii,,, | |
7897 | siemens s7-300,,,,,II,,, | |
7898 | siemens s7-300,,,,,iii,,, | |
7899 | siemens s7-300,,,,,III,,, | |
7900 | siemens s7-300,,,,,iiii,,, | |
7901 | siemens s7-300,,,,,IIII,,, | |
7902 | siemens s7-300,,,,,iiiii,,, | |
7903 | siemens s7-300,,,,,IIIII,,, | |
7904 | siemens s7-300,,,,,iiiiii,,, | |
7905 | siemens s7-300,,,,,IIIIII,,, | |
7906 | siemens s7-300,,,,,iiiiiii,,, | |
7907 | siemens s7-300,,,,,IIIIIII,,, | |
7908 | siemens s7-300,,,,,iiiiiiii,,, | |
7909 | siemens s7-300,,,,,IIIIIIII,,, | |
7910 | siemens s7-300,,,,,ILMI,,, | |
7911 | siemens s7-300,,,,,iloveyou,,, | |
7912 | siemens s7-300,,,,,ILOVEYOU,,, | |
7913 | siemens s7-300,,,,,images,,, | |
7914 | siemens s7-300,,,,,IMAGES,,, | |
7915 | siemens s7-300,,,,,inads,,, | |
7916 | siemens s7-300,,,,,INADS,,, | |
7917 | siemens s7-300,,,,,inc,,, | |
7918 | siemens s7-300,,,,,INC,,, | |
7919 | siemens s7-300,,,,,indspw,,, | |
7920 | siemens s7-300,,,,,INDSPW,,, | |
7921 | siemens s7-300,,,,,inferno,,, | |
7922 | siemens s7-300,,,,,INFERNO,,, | |
7923 | siemens s7-300,,,,,initpw,,, | |
7924 | siemens s7-300,,,,,INITPW,,, | |
7925 | siemens s7-300,,,,,Inmet,,, | |
7926 | siemens s7-300,,,,,inmet,,, | |
7927 | siemens s7-300,,,,,INMET,,, | |
7928 | siemens s7-300,,,,,Intel,,, | |
7929 | siemens s7-300,,,,,INTEL,,, | |
7930 | siemens s7-300,,,,,internet,,, | |
7931 | siemens s7-300,,,,,Internet,,, | |
7932 | siemens s7-300,,,,,INTERNET,,, | |
7933 | siemens s7-300,,,,,INTX3,,, | |
7934 | siemens s7-300,,,,,ironport,,, | |
7935 | siemens s7-300,,,,,IRONPORT,,, | |
7936 | siemens s7-300,,,,,isee,,, | |
7937 | siemens s7-300,,,,,ISEE,,, | |
7938 | siemens s7-300,,,,,isp,,, | |
7939 | siemens s7-300,,,,,ISP,,, | |
7940 | siemens s7-300,,,,,ITF3000,,, | |
7941 | siemens s7-300,,,,,j,,, | |
7942 | siemens s7-300,,,,,J,,, | |
7943 | siemens s7-300,,,,,J6R6,,, | |
7944 | siemens s7-300,,,,,J6W8,,, | |
7945 | siemens s7-300,,,,,jack,,, | |
7946 | siemens s7-300,,,,,JACK,,, | |
7947 | siemens s7-300,,,,,janet,,, | |
7948 | siemens s7-300,,,,,JANET,,, | |
7949 | siemens s7-300,,,,,jannie,,, | |
7950 | siemens s7-300,,,,,JANNIE,,, | |
7951 | siemens s7-300,,,,,jasmine,,, | |
7952 | siemens s7-300,,,,,JASMINE,,, | |
7953 | siemens s7-300,,,,,JDE,,, | |
7954 | siemens s7-300,,,,,jj,,, | |
7955 | siemens s7-300,,,,,JJ,,, | |
7956 | siemens s7-300,,,,,jjj,,, | |
7957 | siemens s7-300,,,,,JJJ,,, | |
7958 | siemens s7-300,,,,,jjjj,,, | |
7959 | siemens s7-300,,,,,JJJJ,,, | |
7960 | siemens s7-300,,,,,jjjjj,,, | |
7961 | siemens s7-300,,,,,JJJJJ,,, | |
7962 | siemens s7-300,,,,,jjjjjj,,, | |
7963 | siemens s7-300,,,,,JJJJJJ,,, | |
7964 | siemens s7-300,,,,,jjjjjjj,,, | |
7965 | siemens s7-300,,,,,JJJJJJJ,,, | |
7966 | siemens s7-300,,,,,jjjjjjjj,,, | |
7967 | siemens s7-300,,,,,JJJJJJJJ,,, | |
7968 | siemens s7-300,,,,,JOCKER,,, | |
7969 | siemens s7-300,,,,,john,,, | |
7970 | siemens s7-300,,,,,JOHN,,, | |
7971 | siemens s7-300,,,,,joker,,, | |
7972 | siemens s7-300,,,,,jordan,,, | |
7973 | siemens s7-300,,,,,JORDAN,,, | |
7974 | siemens s7-300,,,,,jordan23,,, | |
7975 | siemens s7-300,,,,,JORDAN23,,, | |
7976 | siemens s7-300,,,,,JR58,,, | |
7977 | siemens s7-300,,,,,JR59,,, | |
7978 | siemens s7-300,,,,,k,,, | |
7979 | siemens s7-300,,,,,K,,, | |
7980 | siemens s7-300,,,,,kermit,,, | |
7981 | siemens s7-300,,,,,KERMIT,,, | |
7982 | siemens s7-300,,,,,killer,,, | |
7983 | siemens s7-300,,,,,KILLER,,, | |
7984 | siemens s7-300,,,,,killme,,, | |
7985 | siemens s7-300,,,,,kilo1987,,, | |
7986 | siemens s7-300,,,,,KILO1987,,, | |
7987 | siemens s7-300,,,,,kk,,, | |
7988 | siemens s7-300,,,,,KK,,, | |
7989 | siemens s7-300,,,,,kkk,,, | |
7990 | siemens s7-300,,,,,KKK,,, | |
7991 | siemens s7-300,,,,,kkkk,,, | |
7992 | siemens s7-300,,,,,KKKK,,, | |
7993 | siemens s7-300,,,,,kkkkk,,, | |
7994 | siemens s7-300,,,,,KKKKK,,, | |
7995 | siemens s7-300,,,,,kkkkkk,,, | |
7996 | siemens s7-300,,,,,KKKKKK,,, | |
7997 | siemens s7-300,,,,,kkkkkkk,,, | |
7998 | siemens s7-300,,,,,KKKKKKK,,, | |
7999 | siemens s7-300,,,,,kkkkkkkk,,, | |
8000 | siemens s7-300,,,,,KKKKKKKK,,, | |
8001 | siemens s7-300,,,,,korn,,, | |
8002 | siemens s7-300,,,,,KORN,,, | |
8003 | siemens s7-300,,,,,l,,, | |
8004 | siemens s7-300,,,,,L,,, | |
8005 | siemens s7-300,,,,,lad,,, | |
8006 | siemens s7-300,,,,,LAD,,, | |
8007 | siemens s7-300,,,,,laflaf,,, | |
8008 | siemens s7-300,,,,,LAFLAF,,, | |
8009 | siemens s7-300,,,,,letacla,,, | |
8010 | siemens s7-300,,,,,LETACLA,,, | |
8011 | siemens s7-300,,,,,letmein,,, | |
8012 | siemens s7-300,,,,,letmein,,, | |
8013 | siemens s7-300,,,,,LETMEIN,,, | |
8014 | siemens s7-300,,,,,level1,,, | |
8015 | siemens s7-300,,,,,LEVEL1,,, | |
8016 | siemens s7-300,,,,,leviton,,, | |
8017 | siemens s7-300,,,,,LEVITON,,, | |
8018 | siemens s7-300,,,,,LILLME,,, | |
8019 | siemens s7-300,,,,,linga,,, | |
8020 | siemens s7-300,,,,,LINGA,,, | |
8021 | siemens s7-300,,,,,linux,,, | |
8022 | siemens s7-300,,,,,LINUX,,, | |
8023 | siemens s7-300,,,,,lisa,,, | |
8024 | siemens s7-300,,,,,LISA,,, | |
8025 | siemens s7-300,,,,,ll,,, | |
8026 | siemens s7-300,,,,,LL,,, | |
8027 | siemens s7-300,,,,,llatsni,,, | |
8028 | siemens s7-300,,,,,LLATSNI,,, | |
8029 | siemens s7-300,,,,,lll,,, | |
8030 | siemens s7-300,,,,,LLL,,, | |
8031 | siemens s7-300,,,,,llll,,, | |
8032 | siemens s7-300,,,,,LLLL,,, | |
8033 | siemens s7-300,,,,,lllll,,, | |
8034 | siemens s7-300,,,,,LLLLL,,, | |
8035 | siemens s7-300,,,,,llllll,,, | |
8036 | siemens s7-300,,,,,LLLLLL,,, | |
8037 | siemens s7-300,,,,,lllllll,,, | |
8038 | siemens s7-300,,,,,LLLLLLL,,, | |
8039 | siemens s7-300,,,,,llllllll,,, | |
8040 | siemens s7-300,,,,,LLLLLLLL,,, | |
8041 | siemens s7-300,,,,,locatepw,,, | |
8042 | siemens s7-300,,,,,LOCATEPW,,, | |
8043 | siemens s7-300,,,,,lock,,, | |
8044 | siemens s7-300,,,,,LOCK,,, | |
8045 | siemens s7-300,,,,,login,,, | |
8046 | siemens s7-300,,,,,LOGIN,,, | |
8047 | siemens s7-300,,,,,looker,,, | |
8048 | siemens s7-300,,,,,LOOKER,,, | |
8049 | siemens s7-300,,,,,lotus,,, | |
8050 | siemens s7-300,,,,,LOTUS,,, | |
8051 | siemens s7-300,,,,,love,,, | |
8052 | siemens s7-300,,,,,LOVE,,, | |
8053 | siemens s7-300,,,,,ltd,,, | |
8054 | siemens s7-300,,,,,LTD,,, | |
8055 | siemens s7-300,,,,,lucky,,, | |
8056 | siemens s7-300,,,,,LUCKY,,, | |
8057 | siemens s7-300,,,,,m,,, | |
8058 | siemens s7-300,,,,,M,,, | |
8059 | siemens s7-300,,,,,m1122,,, | |
8060 | siemens s7-300,,,,,M1122,,, | |
8061 | siemens s7-300,,,,,mail,,, | |
8062 | siemens s7-300,,,,,MAIL,,, | |
8063 | siemens s7-300,,,,,maint,,, | |
8064 | siemens s7-300,,,,,MAINT,,, | |
8065 | siemens s7-300,,,,,maintpw,,, | |
8066 | siemens s7-300,,,,,MAINTPW,,, | |
8067 | siemens s7-300,,,,,manager,,, | |
8068 | siemens s7-300,,,,,Manager,,, | |
8069 | siemens s7-300,,,,,MANAGER,,, | |
8070 | siemens s7-300,,,,,maniac,,, | |
8071 | siemens s7-300,,,,,MANIAC,,, | |
8072 | siemens s7-300,,,,,master,,, | |
8073 | siemens s7-300,,,,,Master,,, | |
8074 | siemens s7-300,,,,,MASTER,,, | |
8075 | siemens s7-300,,,,,masterkey,,, | |
8076 | siemens s7-300,,,,,MASTERKEY,,, | |
8077 | siemens s7-300,,,,,Mau'dib,,, | |
8078 | siemens s7-300,,,,,mediator,,, | |
8079 | siemens s7-300,,,,,MEDIATOR,,, | |
8080 | siemens s7-300,,,,,medion,,, | |
8081 | siemens s7-300,,,,,MEDION,,, | |
8082 | siemens s7-300,,,,,MGR,,, | |
8083 | siemens s7-300,,,,,micro,,, | |
8084 | siemens s7-300,,,,,MICRO,,, | |
8085 | siemens s7-300,,,,,microwav,,, | |
8086 | siemens s7-300,,,,,MICROWAV,,, | |
8087 | siemens s7-300,,,,,miller,,, | |
8088 | siemens s7-300,,,,,MILLLER,,, | |
8089 | siemens s7-300,,,,,MiniAP,,, | |
8090 | siemens s7-300,,,,,mis,,, | |
8091 | siemens s7-300,,,,,MIS,,, | |
8092 | siemens s7-300,,,,,MJSSSJJ,,, | |
8093 | siemens s7-300,,,,,MJSSSJJ,,, | |
8094 | siemens s7-300,,,,,MJSSSJJ_,,, | |
8095 | siemens s7-300,,,,,mlusr,,, | |
8096 | siemens s7-300,,,,,MLUSR,,, | |
8097 | siemens s7-300,,,,,mm,,, | |
8098 | siemens s7-300,,,,,MM,,, | |
8099 | siemens s7-300,,,,,mmm,,, | |
8100 | siemens s7-300,,,,,MMM,,, | |
8101 | siemens s7-300,,,,,mmmm,,, | |
8102 | siemens s7-300,,,,,MMMM,,, | |
8103 | siemens s7-300,,,,,mmmmm,,, | |
8104 | siemens s7-300,,,,,MMMMM,,, | |
8105 | siemens s7-300,,,,,mmmmmm,,, | |
8106 | siemens s7-300,,,,,MMMMMM,,, | |
8107 | siemens s7-300,,,,,mmmmmmm,,, | |
8108 | siemens s7-300,,,,,MMMMMMM,,, | |
8109 | siemens s7-300,,,,,mmmmmmmm,,, | |
8110 | siemens s7-300,,,,,MMMMMMMM,,, | |
8111 | siemens s7-300,,,,,modul,,, | |
8112 | siemens s7-300,,,,,MODUL,,, | |
8113 | siemens s7-300,,,,,module,,, | |
8114 | siemens s7-300,,,,,MODULE,,, | |
8115 | siemens s7-300,,,,,money,,, | |
8116 | siemens s7-300,,,,,MONEY,,, | |
8117 | siemens s7-300,,,,,monitor,,, | |
8118 | siemens s7-300,,,,,MONITOR,,, | |
8119 | siemens s7-300,,,,,monkey,,, | |
8120 | siemens s7-300,,,,,MONKEY,,, | |
8121 | siemens s7-300,,,,,mosmatic,,, | |
8122 | siemens s7-300,,,,,MOSMATIC,,, | |
8123 | siemens s7-300,,,,,mother,,, | |
8124 | siemens s7-300,,,,,MOTHER,,, | |
8125 | siemens s7-300,,,,,motorola,,, | |
8126 | siemens s7-300,,,,,MOTOROLA,,, | |
8127 | siemens s7-300,,,,,mouse,,, | |
8128 | siemens s7-300,,,,,MOUSE,,, | |
8129 | siemens s7-300,,,,,MPE,,, | |
8130 | siemens s7-300,,,,,MServer,,, | |
8131 | siemens s7-300,,,,,mtch,,, | |
8132 | siemens s7-300,,,,,MTCH,,, | |
8133 | siemens s7-300,,,,,Multi,,, | |
8134 | siemens s7-300,,,,,mustang,,, | |
8135 | siemens s7-300,,,,,MUSTANG,,, | |
8136 | siemens s7-300,,,,,mypass,,, | |
8137 | siemens s7-300,,,,,MYPASS,,, | |
8138 | siemens s7-300,,,,,mypass123,,, | |
8139 | siemens s7-300,,,,,MYPASS123,,, | |
8140 | siemens s7-300,,,,,mypc,,, | |
8141 | siemens s7-300,,,,,MYPC,,, | |
8142 | siemens s7-300,,,,,mypc123,,, | |
8143 | siemens s7-300,,,,,MYPC123,,, | |
8144 | siemens s7-300,,,,,myspace,,, | |
8145 | siemens s7-300,,,,,MYSPACE,,, | |
8146 | siemens s7-300,,,,,myspace1,,, | |
8147 | siemens s7-300,,,,,MYSPACE1,,, | |
8148 | siemens s7-300,,,,,n,,, | |
8149 | siemens s7-300,,,,,N,,, | |
8150 | siemens s7-300,,,,,n/a,,, | |
8151 | siemens s7-300,,,,,N/A,,, | |
8152 | siemens s7-300,,,,,naadmin,,, | |
8153 | siemens s7-300,,,,,NAADMIN,,, | |
8154 | siemens s7-300,,,,,naranja,,, | |
8155 | siemens s7-300,,,,,NARANJA,,, | |
8156 | siemens s7-300,,,,,NAU,,, | |
8157 | siemens s7-300,,,,,Net,,, | |
8158 | siemens s7-300,,,,,NET,,, | |
8159 | siemens s7-300,,,,,netadmin,,, | |
8160 | siemens s7-300,,,,,NETADMIN,,, | |
8161 | siemens s7-300,,,,,netbase,,, | |
8162 | siemens s7-300,,,,,NETBASE,,, | |
8163 | siemens s7-300,,,,,NetCache,,, | |
8164 | siemens s7-300,,,,,NETCACHE,,, | |
8165 | siemens s7-300,,,,,NetICs,,, | |
8166 | siemens s7-300,,,,,netman,,, | |
8167 | siemens s7-300,,,,,NETMAN,,, | |
8168 | siemens s7-300,,,,,netopia,,, | |
8169 | siemens s7-300,,,,,NETOPIA,,, | |
8170 | siemens s7-300,,,,,netscreen,,, | |
8171 | siemens s7-300,,,,,NETSCREEN,,, | |
8172 | siemens s7-300,,,,,netutil,,, | |
8173 | siemens s7-300,,,,,NETUTIL,,, | |
8174 | siemens s7-300,,,,,NetVCR,,, | |
8175 | siemens s7-300,,,,,NETVCR,,, | |
8176 | siemens s7-300,,,,,network,,, | |
8177 | siemens s7-300,,,,,NETWORK,,, | |
8178 | siemens s7-300,,,,,newpass,,, | |
8179 | siemens s7-300,,,,,NEWPASS,,, | |
8180 | siemens s7-300,,,,,niconex,,, | |
8181 | siemens s7-300,,,,,NICONEX,,, | |
8182 | siemens s7-300,,,,,nimdaten,,, | |
8183 | siemens s7-300,,,,,NIMDATEN,,, | |
8184 | siemens s7-300,,,,,nmspw,,, | |
8185 | siemens s7-300,,,,,NMSPW,,, | |
8186 | siemens s7-300,,,,,nn,,, | |
8187 | siemens s7-300,,,,,NN,,, | |
8188 | siemens s7-300,,,,,nnn,,, | |
8189 | siemens s7-300,,,,,NNN,,, | |
8190 | siemens s7-300,,,,,nnnn,,, | |
8191 | siemens s7-300,,,,,NNNN,,, | |
8192 | siemens s7-300,,,,,nnnnn,,, | |
8193 | siemens s7-300,,,,,NNNNN,,, | |
8194 | siemens s7-300,,,,,nnnnnn,,, | |
8195 | siemens s7-300,,,,,NNNNNN,,, | |
8196 | siemens s7-300,,,,,nnnnnnn,,, | |
8197 | siemens s7-300,,,,,NNNNNNN,,, | |
8198 | siemens s7-300,,,,,nnnnnnnn,,, | |
8199 | siemens s7-300,,,,,NNNNNNNN,,, | |
8200 | siemens s7-300,,,,,nokai,,, | |
8201 | siemens s7-300,,,,,NOKAI,,, | |
8202 | siemens s7-300,,,,,notused,,, | |
8203 | siemens s7-300,,,,,NOTUSED,,, | |
8204 | siemens s7-300,,,,,noway,,, | |
8205 | siemens s7-300,,,,,NOWAY,,, | |
8206 | siemens s7-300,,,,,NSADB,,, | |
8207 | siemens s7-300,,,,,ntacdmax,,, | |
8208 | siemens s7-300,,,,,NTACDMAX,,, | |
8209 | siemens s7-300,,,,,null,,, | |
8210 | siemens s7-300,,,,,NULL,,, | |
8211 | siemens s7-300,,,,,o,,, | |
8212 | siemens s7-300,,,,,O,,, | |
8213 | siemens s7-300,,,,,OCS,,, | |
8214 | siemens s7-300,,,,,oem,,, | |
8215 | siemens s7-300,,,,,OEM,,, | |
8216 | siemens s7-300,,,,,OkiLAN,,, | |
8217 | siemens s7-300,,,,,OKILAN,,, | |
8218 | siemens s7-300,,,,,omron,,, | |
8219 | siemens s7-300,,,,,OMRON,,, | |
8220 | siemens s7-300,,,,,oo,,, | |
8221 | siemens s7-300,,,,,OO,,, | |
8222 | siemens s7-300,,,,,ooo,,, | |
8223 | siemens s7-300,,,,,OOO,,, | |
8224 | siemens s7-300,,,,,oooo,,, | |
8225 | siemens s7-300,,,,,OOOO,,, | |
8226 | siemens s7-300,,,,,ooooo,,, | |
8227 | siemens s7-300,,,,,OOOOO,,, | |
8228 | siemens s7-300,,,,,oooooo,,, | |
8229 | siemens s7-300,,,,,OOOOOO,,, | |
8230 | siemens s7-300,,,,,ooooooo,,, | |
8231 | siemens s7-300,,,,,OOOOOOO,,, | |
8232 | siemens s7-300,,,,,oooooooo,,, | |
8233 | siemens s7-300,,,,,OOOOOOOO,,, | |
8234 | siemens s7-300,,,,,op3n,,, | |
8235 | siemens s7-300,,,,,operator,,, | |
8236 | siemens s7-300,,,,,OPERATOR,,, | |
8237 | siemens s7-300,,,,,Opto,,, | |
8238 | siemens s7-300,,,,,OPTO,,, | |
8239 | siemens s7-300,,,,,owner,,, | |
8240 | siemens s7-300,,,,,OWNER,,, | |
8241 | siemens s7-300,,,,,p,,, | |
8242 | siemens s7-300,,,,,P,,, | |
8243 | siemens s7-300,,,,,P@55w0rd!,,, | |
8244 | siemens s7-300,,,,,pas,,, | |
8245 | siemens s7-300,,,,,PAS,,, | |
8246 | siemens s7-300,,,,,pass,,, | |
8247 | siemens s7-300,,,,,PASS,,, | |
8248 | siemens s7-300,,,,,PASSAGE,,, | |
8249 | siemens s7-300,,,,,passage,,, | |
8250 | siemens s7-300,,,,,passw,,, | |
8251 | siemens s7-300,,,,,PASSW,,, | |
8252 | siemens s7-300,,,,,passwd,,, | |
8253 | siemens s7-300,,,,,PASSWD,,, | |
8254 | siemens s7-300,,,,,passwo,,, | |
8255 | siemens s7-300,,,,,PASSWO,,, | |
8256 | siemens s7-300,,,,,passwor,,, | |
8257 | siemens s7-300,,,,,PASSWOR,,, | |
8258 | siemens s7-300,,,,,password,,, | |
8259 | siemens s7-300,,,,,PASSWORD,,, | |
8260 | siemens s7-300,,,,,pat,,, | |
8261 | siemens s7-300,,,,,PAT,,, | |
8262 | siemens s7-300,,,,,paterna,,, | |
8263 | siemens s7-300,,,,,PATERNA,,, | |
8264 | siemens s7-300,,,,,patrick,,, | |
8265 | siemens s7-300,,,,,PATRICK,,, | |
8266 | siemens s7-300,,,,,patrol,,, | |
8267 | siemens s7-300,,,,,PATROL,,, | |
8268 | siemens s7-300,,,,,PBX,,, | |
8269 | siemens s7-300,,,,,pbxk1064,,, | |
8270 | siemens s7-300,,,,,PBXK1064,,, | |
8271 | siemens s7-300,,,,,pcs7,,, | |
8272 | siemens s7-300,,,,,PCS7,,, | |
8273 | siemens s7-300,,,,,pentium,,, | |
8274 | siemens s7-300,,,,,PENTIUM,,, | |
8275 | siemens s7-300,,,,,pento,,, | |
8276 | siemens s7-300,,,,,PENTO,,, | |
8277 | siemens s7-300,,,,,pepper,,, | |
8278 | siemens s7-300,,,,,PEPPER,,, | |
8279 | siemens s7-300,,,,,pepsi,,, | |
8280 | siemens s7-300,,,,,PEPSI,,, | |
8281 | siemens s7-300,,,,,permit,,, | |
8282 | siemens s7-300,,,,,PERMIT,,, | |
8283 | siemens s7-300,,,,,personal,,, | |
8284 | siemens s7-300,,,,,PERSONAL,,, | |
8285 | siemens s7-300,,,,,pfsense,,, | |
8286 | siemens s7-300,,,,,PFSENSE,,, | |
8287 | siemens s7-300,,,,,photonix,,, | |
8288 | siemens s7-300,,,,,PHOTONIX,,, | |
8289 | siemens s7-300,,,,,pilou,,, | |
8290 | siemens s7-300,,,,,PILOU,,, | |
8291 | siemens s7-300,,,,,piranha,,, | |
8292 | siemens s7-300,,,,,PIRANHA,,, | |
8293 | siemens s7-300,,,,,plc,,, | |
8294 | siemens s7-300,,,,,PLC,,, | |
8295 | siemens s7-300,,,,,plcsim,,, | |
8296 | siemens s7-300,,,,,PLCSIM,,, | |
8297 | siemens s7-300,,,,,PlsChgMe,,, | |
8298 | siemens s7-300,,,,,poerty,,, | |
8299 | siemens s7-300,,,,,POERTY,,, | |
8300 | siemens s7-300,,,,,policy,,, | |
8301 | siemens s7-300,,,,,POLICY,,, | |
8302 | siemens s7-300,,,,,Posterie,,, | |
8303 | siemens s7-300,,,,,POSTERIE,,, | |
8304 | siemens s7-300,,,,,power,,, | |
8305 | siemens s7-300,,,,,POWER,,, | |
8306 | siemens s7-300,,,,,pp,,, | |
8307 | siemens s7-300,,,,,PP,,, | |
8308 | siemens s7-300,,,,,ppp,,, | |
8309 | siemens s7-300,,,,,PPP,,, | |
8310 | siemens s7-300,,,,,pppp,,, | |
8311 | siemens s7-300,,,,,PPPP,,, | |
8312 | siemens s7-300,,,,,ppppp,,, | |
8313 | siemens s7-300,,,,,PPPPP,,, | |
8314 | siemens s7-300,,,,,pppppp,,, | |
8315 | siemens s7-300,,,,,PPPPPP,,, | |
8316 | siemens s7-300,,,,,ppppppp,,, | |
8317 | siemens s7-300,,,,,PPPPPPP,,, | |
8318 | siemens s7-300,,,,,pppppppp,,, | |
8319 | siemens s7-300,,,,,PPPPPPPP,,, | |
8320 | siemens s7-300,,,,,princess,,, | |
8321 | siemens s7-300,,,,,PRINCESS,,, | |
8322 | siemens s7-300,,,,,private,,, | |
8323 | siemens s7-300,,,,,PRIVATE,,, | |
8324 | siemens s7-300,,,,,proddta,,, | |
8325 | siemens s7-300,,,,,PRODDTA,,, | |
8326 | siemens s7-300,,,,,profibus,,, | |
8327 | siemens s7-300,,,,,PROFIBUS,,, | |
8328 | siemens s7-300,,,,,Protector,,, | |
8329 | siemens s7-300,,,,,PROTECTOR,,, | |
8330 | siemens s7-300,,,,,protool,,, | |
8331 | siemens s7-300,,,,,PROTOOL,,, | |
8332 | siemens s7-300,,,,,public,,, | |
8333 | siemens s7-300,,,,,PUBLIC,,, | |
8334 | siemens s7-300,,,,,pusy,,, | |
8335 | siemens s7-300,,,,,PUSY,,, | |
8336 | siemens s7-300,,,,,pw123,,, | |
8337 | siemens s7-300,,,,,PW123,,, | |
8338 | siemens s7-300,,,,,pwd,,, | |
8339 | siemens s7-300,,,,,PWD,,, | |
8340 | siemens s7-300,,,,,q,,, | |
8341 | siemens s7-300,,,,,Q,,, | |
8342 | siemens s7-300,,,,,qawsed,,, | |
8343 | siemens s7-300,,,,,qq,,, | |
8344 | siemens s7-300,,,,,QQ,,, | |
8345 | siemens s7-300,,,,,qq520,,, | |
8346 | siemens s7-300,,,,,QQ520,,, | |
8347 | siemens s7-300,,,,,qqq,,, | |
8348 | siemens s7-300,,,,,QQQ,,, | |
8349 | siemens s7-300,,,,,qqqq,,, | |
8350 | siemens s7-300,,,,,QQQQ,,, | |
8351 | siemens s7-300,,,,,qqqqq,,, | |
8352 | siemens s7-300,,,,,QQQQQ,,, | |
8353 | siemens s7-300,,,,,qqqqqq,,, | |
8354 | siemens s7-300,,,,,QQQQQQ,,, | |
8355 | siemens s7-300,,,,,qqqqqqq,,, | |
8356 | siemens s7-300,,,,,QQQQQQQ,,, | |
8357 | siemens s7-300,,,,,qqqqqqqq,,, | |
8358 | siemens s7-300,,,,,QQQQQQQQ,,, | |
8359 | siemens s7-300,,,,,qwe,,, | |
8360 | siemens s7-300,,,,,qwer,,, | |
8361 | siemens s7-300,,,,,QWER,,, | |
8362 | siemens s7-300,,,,,QWERT,,, | |
8363 | siemens s7-300,,,,,qwerty,,, | |
8364 | siemens s7-300,,,,,QWERTY,,, | |
8365 | siemens s7-300,,,,,qwerty1,,, | |
8366 | siemens s7-300,,,,,qwertyu,,, | |
8367 | siemens s7-300,,,,,QWERTYU,,, | |
8368 | siemens s7-300,,,,,qwertyui,,, | |
8369 | siemens s7-300,,,,,QWERTYUI,,, | |
8370 | siemens s7-300,,,,,r,,, | |
8371 | siemens s7-300,,,,,R,,, | |
8372 | siemens s7-300,,,,,r@p8p0r+,,, | |
8373 | siemens s7-300,,,,,R1QTPS,,, | |
8374 | siemens s7-300,,,,,rade0n,,, | |
8375 | siemens s7-300,,,,,RADE0N,,, | |
8376 | siemens s7-300,,,,,RADEON,,, | |
8377 | siemens s7-300,,,,,radius,,, | |
8378 | siemens s7-300,,,,,RADIUS,,, | |
8379 | siemens s7-300,,,,,radware,,, | |
8380 | siemens s7-300,,,,,RADWARE,,, | |
8381 | siemens s7-300,,,,,rdfhnbhf,,, | |
8382 | siemens s7-300,,,,,RDFHNBHF,,, | |
8383 | siemens s7-300,,,,,recovery,,, | |
8384 | siemens s7-300,,,,,RECOVERY,,, | |
8385 | siemens s7-300,,,,,rego,,, | |
8386 | siemens s7-300,,,,,REGO,,, | |
8387 | siemens s7-300,,,,,remote,,, | |
8388 | siemens s7-300,,,,,REMOTE,,, | |
8389 | siemens s7-300,,,,,rip000,,, | |
8390 | siemens s7-300,,,,,RIP000,,, | |
8391 | siemens s7-300,,,,,rittal,,, | |
8392 | siemens s7-300,,,,,RITTAL,,, | |
8393 | siemens s7-300,,,,,robele,,, | |
8394 | siemens s7-300,,,,,ROBELLE,,, | |
8395 | siemens s7-300,,,,,root,,, | |
8396 | siemens s7-300,,,,,ROOT,,, | |
8397 | siemens s7-300,,,,,ROOT500,,, | |
8398 | siemens s7-300,,,,,router,,, | |
8399 | siemens s7-300,,,,,ROUTER,,, | |
8400 | siemens s7-300,,,,,rr,,, | |
8401 | siemens s7-300,,,,,RR,,, | |
8402 | siemens s7-300,,,,,rrr,,, | |
8403 | siemens s7-300,,,,,RRR,,, | |
8404 | siemens s7-300,,,,,rrrr,,, | |
8405 | siemens s7-300,,,,,RRRR,,, | |
8406 | siemens s7-300,,,,,rrrrr,,, | |
8407 | siemens s7-300,,,,,RRRRR,,, | |
8408 | siemens s7-300,,,,,rrrrrr,,, | |
8409 | siemens s7-300,,,,,RRRRRR,,, | |
8410 | siemens s7-300,,,,,rrrrrrr,,, | |
8411 | siemens s7-300,,,,,RRRRRRR,,, | |
8412 | siemens s7-300,,,,,rrrrrrrr,,, | |
8413 | siemens s7-300,,,,,RRRRRRRR,,, | |
8414 | siemens s7-300,,,,,rs4igoy,,, | |
8415 | siemens s7-300,,,,,RS4IGOY,,, | |
8416 | siemens s7-300,,,,,RSX,,, | |
8417 | siemens s7-300,,,,,rtyhn,,, | |
8418 | siemens s7-300,,,,,RTYHN,,, | |
8419 | siemens s7-300,,,,,run-p,,, | |
8420 | siemens s7-300,,,,,RUN-P,,, | |
8421 | siemens s7-300,,,,,russia,,, | |
8422 | siemens s7-300,,,,,RUSSIA,,, | |
8423 | siemens s7-300,,,,,rwmaint,,, | |
8424 | siemens s7-300,,,,,RWMAINT,,, | |
8425 | siemens s7-300,,,,,s,,, | |
8426 | siemens s7-300,,,,,S,,, | |
8427 | siemens s7-300,,,,,s7,,, | |
8428 | siemens s7-300,,,,,S7,,, | |
8429 | siemens s7-300,,,,,s7-300,,, | |
8430 | siemens s7-300,,,,,S7-300,,, | |
8431 | siemens s7-300,,,,,s7-400,,, | |
8432 | siemens s7-300,,,,,S7-400,,, | |
8433 | siemens s7-300,,,,,scout,,, | |
8434 | siemens s7-300,,,,,SCOUT,,, | |
8435 | siemens s7-300,,,,,search,,, | |
8436 | siemens s7-300,,,,,SEARCH,,, | |
8437 | siemens s7-300,,,,,secret,,, | |
8438 | siemens s7-300,,,,,SECRET,,, | |
8439 | siemens s7-300,,,,,secure,,, | |
8440 | siemens s7-300,,,,,SECURE,,, | |
8441 | siemens s7-300,,,,,security,,, | |
8442 | siemens s7-300,,,,,SECURITY,,, | |
8443 | siemens s7-300,,,,,sekret,,, | |
8444 | siemens s7-300,,,,,SEKRET,,, | |
8445 | siemens s7-300,,,,,Sensor,,, | |
8446 | siemens s7-300,,,,,serco,,, | |
8447 | siemens s7-300,,,,,SERCO,,, | |
8448 | siemens s7-300,,,,,serial#,,, | |
8449 | siemens s7-300,,,,,serovox,,, | |
8450 | siemens s7-300,,,,,SEROVOX,,, | |
8451 | siemens s7-300,,,,,server,,, | |
8452 | siemens s7-300,,,,,SERVER,,, | |
8453 | siemens s7-300,,,,,SESAME,,, | |
8454 | siemens s7-300,,,,,setherco,,, | |
8455 | siemens s7-300,,,,,SETHERCO,,, | |
8456 | siemens s7-300,,,,,setup,,, | |
8457 | siemens s7-300,,,,,SETUP,,, | |
8458 | siemens s7-300,,,,,sex,,, | |
8459 | siemens s7-300,,,,,SEX,,, | |
8460 | siemens s7-300,,,,,sgena,,, | |
8461 | siemens s7-300,,,,,SGENA,,, | |
8462 | siemens s7-300,,,,,sgilent,,, | |
8463 | siemens s7-300,,,,,SGILENT,,, | |
8464 | siemens s7-300,,,,,shadow,,, | |
8465 | siemens s7-300,,,,,SHADOW,,, | |
8466 | siemens s7-300,,,,,Sharp,,, | |
8467 | siemens s7-300,,,,,sicostart,,, | |
8468 | siemens s7-300,,,,,SICOSTART,,, | |
8469 | siemens s7-300,,,,,siemens,,, | |
8470 | siemens s7-300,,,,,SIEMENS,,, | |
8471 | siemens s7-300,,,,,simatic,,, | |
8472 | siemens s7-300,,,,,SIMATIC,,, | |
8473 | siemens s7-300,,,,,simens,,, | |
8474 | siemens s7-300,,,,,SIMENS,,, | |
8475 | siemens s7-300,,,,,simo,,, | |
8476 | siemens s7-300,,,,,SIMO,,, | |
8477 | siemens s7-300,,,,,simocode,,, | |
8478 | siemens s7-300,,,,,SIMOCODE,,, | |
8479 | siemens s7-300,,,,,simoreg,,, | |
8480 | siemens s7-300,,,,,SIMOREG,,, | |
8481 | siemens s7-300,,,,,simovert,,, | |
8482 | siemens s7-300,,,,,SIMOVERT,,, | |
8483 | siemens s7-300,,,,,simtec,,, | |
8484 | siemens s7-300,,,,,SIMTEC,,, | |
8485 | siemens s7-300,,,,,sirborn,,, | |
8486 | siemens s7-300,,,,,SIRBORN,,, | |
8487 | siemens s7-300,,,,,sitop,,, | |
8488 | siemens s7-300,,,,,SITOP,,, | |
8489 | siemens s7-300,,,,,SKY_FOX,,, | |
8490 | siemens s7-300,,,,,slave,,, | |
8491 | siemens s7-300,,,,,SLAVE,,, | |
8492 | siemens s7-300,,,,,slipknot,,, | |
8493 | siemens s7-300,,,,,SLIPKNOT,,, | |
8494 | siemens s7-300,,,,,SMDR,,, | |
8495 | siemens s7-300,,,,,smile,,, | |
8496 | siemens s7-300,,,,,SMILE,,, | |
8497 | siemens s7-300,,,,,smuser,,, | |
8498 | siemens s7-300,,,,,SMUSER,,, | |
8499 | siemens s7-300,,,,,snoopy,,, | |
8500 | siemens s7-300,,,,,SNOOPY,,, | |
8501 | siemens s7-300,,,,,soccer,,, | |
8502 | siemens s7-300,,,,,SOCCER,,, | |
8503 | siemens s7-300,,,,,solution,,, | |
8504 | siemens s7-300,,,,,SOLUTION,,, | |
8505 | siemens s7-300,,,,,SpIp,,, | |
8506 | siemens s7-300,,,,,ss,,, | |
8507 | siemens s7-300,,,,,SS,,, | |
8508 | siemens s7-300,,,,,SSA,,, | |
8509 | siemens s7-300,,,,,sss,,, | |
8510 | siemens s7-300,,,,,SSS,,, | |
8511 | siemens s7-300,,,,,ssss,,, | |
8512 | siemens s7-300,,,,,SSSS,,, | |
8513 | siemens s7-300,,,,,sssss,,, | |
8514 | siemens s7-300,,,,,SSSSS,,, | |
8515 | siemens s7-300,,,,,ssssss,,, | |
8516 | siemens s7-300,,,,,SSSSSS,,, | |
8517 | siemens s7-300,,,,,sssssss,,, | |
8518 | siemens s7-300,,,,,SSSSSSS,,, | |
8519 | siemens s7-300,,,,,ssssssss,,, | |
8520 | siemens s7-300,,,,,SSSSSSSS,,, | |
8521 | siemens s7-300,,,,,stan,,, | |
8522 | siemens s7-300,,,,,STAN,,, | |
8523 | siemens s7-300,,,,,star,,, | |
8524 | siemens s7-300,,,,,STAR,,, | |
8525 | siemens s7-300,,,,,starwar,,, | |
8526 | siemens s7-300,,,,,STARWAR,,, | |
8527 | siemens s7-300,,,,,step5,,, | |
8528 | siemens s7-300,,,,,STEP5,,, | |
8529 | siemens s7-300,,,,,step7,,, | |
8530 | siemens s7-300,,,,,STEP7,,, | |
8531 | siemens s7-300,,,,,stimpy,,, | |
8532 | siemens s7-300,,,,,STIMPY,,, | |
8533 | siemens s7-300,,,,,stl,,, | |
8534 | siemens s7-300,,,,,STL,,, | |
8535 | siemens s7-300,,,,,stop,,, | |
8536 | siemens s7-300,,,,,STOP,,, | |
8537 | siemens s7-300,,,,,ststic,,, | |
8538 | siemens s7-300,,,,,STSTIC,,, | |
8539 | siemens s7-300,,,,,summer,,, | |
8540 | siemens s7-300,,,,,SUMMER,,, | |
8541 | siemens s7-300,,,,,sunrise,,, | |
8542 | siemens s7-300,,,,,SUNRISE,,, | |
8543 | siemens s7-300,,,,,Super,,, | |
8544 | siemens s7-300,,,,,superid,,, | |
8545 | siemens s7-300,,,,,SUPERID,,, | |
8546 | siemens s7-300,,,,,superman,,, | |
8547 | siemens s7-300,,,,,SUPERMAN,,, | |
8548 | siemens s7-300,,,,,support,,, | |
8549 | siemens s7-300,,,,,SUPPORT,,, | |
8550 | siemens s7-300,,,,,surt,,, | |
8551 | siemens s7-300,,,,,SURT,,, | |
8552 | siemens s7-300,,,,,switch,,, | |
8553 | siemens s7-300,,,,,SWITCH,,, | |
8554 | siemens s7-300,,,,,sybase,,, | |
8555 | siemens s7-300,,,,,SYBASE,,, | |
8556 | siemens s7-300,,,,,Symbol,,, | |
8557 | siemens s7-300,,,,,SYMBOL,,, | |
8558 | siemens s7-300,,,,,synnet,,, | |
8559 | siemens s7-300,,,,,SYNNET,,, | |
8560 | siemens s7-300,,,,,sysadm,,, | |
8561 | siemens s7-300,,,,,SYSADM,,, | |
8562 | siemens s7-300,,,,,SYSDISC,,, | |
8563 | siemens s7-300,,,,,sysdisk,,, | |
8564 | siemens s7-300,,,,,system,,, | |
8565 | siemens s7-300,,,,,SYSTEM,,, | |
8566 | siemens s7-300,,,,,t,,, | |
8567 | siemens s7-300,,,,,T,,, | |
8568 | siemens s7-300,,,,,talent,,, | |
8569 | siemens s7-300,,,,,TALENT,,, | |
8570 | siemens s7-300,,,,,TALINUZ,,, | |
8571 | siemens s7-300,,,,,talisman,,, | |
8572 | siemens s7-300,,,,,TALISMAN,,, | |
8573 | siemens s7-300,,,,,TANDBERG,,, | |
8574 | siemens s7-300,,,,,TCH,,, | |
8575 | siemens s7-300,,,,,tech,,, | |
8576 | siemens s7-300,,,,,TECH,,, | |
8577 | siemens s7-300,,,,,telco,,, | |
8578 | siemens s7-300,,,,,TELCO,,, | |
8579 | siemens s7-300,,,,,telecom,,, | |
8580 | siemens s7-300,,,,,Telecom,,, | |
8581 | siemens s7-300,,,,,TELECOM,,, | |
8582 | siemens s7-300,,,,,telesup,,, | |
8583 | siemens s7-300,,,,,TELESUP,,, | |
8584 | siemens s7-300,,,,,tellabs#1,,, | |
8585 | siemens s7-300,,,,,telus,,, | |
8586 | siemens s7-300,,,,,TELUS,,, | |
8587 | siemens s7-300,,,,,temp,,, | |
8588 | siemens s7-300,,,,,TEMP,,, | |
8589 | siemens s7-300,,,,,temp123,,, | |
8590 | siemens s7-300,,,,,TEMP123,,, | |
8591 | siemens s7-300,,,,,test,,, | |
8592 | siemens s7-300,,,,,TEST,,, | |
8593 | siemens s7-300,,,,,test123,,, | |
8594 | siemens s7-300,,,,,TEST123,,, | |
8595 | siemens s7-300,,,,,thomas,,, | |
8596 | siemens s7-300,,,,,Thomas,,, | |
8597 | siemens s7-300,,,,,THOMAS,,, | |
8598 | siemens s7-300,,,,,tiaranet,,, | |
8599 | siemens s7-300,,,,,TIARANET,,, | |
8600 | siemens s7-300,,,,,tiger123,,, | |
8601 | siemens s7-300,,,,,TIGER123,,, | |
8602 | siemens s7-300,,,,,timely,,, | |
8603 | siemens s7-300,,,,,TIMELY,,, | |
8604 | siemens s7-300,,,,,tini,,, | |
8605 | siemens s7-300,,,,,TINI,,, | |
8606 | siemens s7-300,,,,,tivonpw,,, | |
8607 | siemens s7-300,,,,,TIVONPW,,, | |
8608 | siemens s7-300,,,,,tjm,,, | |
8609 | siemens s7-300,,,,,TJM,,, | |
8610 | siemens s7-300,,,,,tlah,,, | |
8611 | siemens s7-300,,,,,TLAH,,, | |
8612 | siemens s7-300,,,,,toolset,,, | |
8613 | siemens s7-300,,,,,TOOLSET,,, | |
8614 | siemens s7-300,,,,,trancell,,, | |
8615 | siemens s7-300,,,,,TRANCELL,,, | |
8616 | siemens s7-300,,,,,tratata,,, | |
8617 | siemens s7-300,,,,,TRATATA,,, | |
8618 | siemens s7-300,,,,,tslinux,,, | |
8619 | siemens s7-300,,,,,TSLINUX,,, | |
8620 | siemens s7-300,,,,,tt,,, | |
8621 | siemens s7-300,,,,,TT,,, | |
8622 | siemens s7-300,,,,,ttt,,, | |
8623 | siemens s7-300,,,,,TTT,,, | |
8624 | siemens s7-300,,,,,tttt,,, | |
8625 | siemens s7-300,,,,,TTTT,,, | |
8626 | siemens s7-300,,,,,ttttt,,, | |
8627 | siemens s7-300,,,,,TTTTT,,, | |
8628 | siemens s7-300,,,,,tttttt,,, | |
8629 | siemens s7-300,,,,,TTTTTT,,, | |
8630 | siemens s7-300,,,,,ttttttt,,, | |
8631 | siemens s7-300,,,,,TTTTTTT,,, | |
8632 | siemens s7-300,,,,,tttttttt,,, | |
8633 | siemens s7-300,,,,,TTTTTTTT,,, | |
8634 | siemens s7-300,,,,,tuborg,,, | |
8635 | siemens s7-300,,,,,TUBORG,,, | |
8636 | siemens s7-300,,,,,tuxalize,,, | |
8637 | siemens s7-300,,,,,TUXALIZE,,, | |
8638 | siemens s7-300,,,,,tx100,,, | |
8639 | siemens s7-300,,,,,TX100,,, | |
8640 | siemens s7-300,,,,,u,,, | |
8641 | siemens s7-300,,,,,U,,, | |
8642 | siemens s7-300,,,,,uplink,,, | |
8643 | siemens s7-300,,,,,UPLINK,,, | |
8644 | siemens s7-300,,,,,user,,, | |
8645 | siemens s7-300,,,,,USER,,, | |
8646 | siemens s7-300,,,,,uu,,, | |
8647 | siemens s7-300,,,,,UU,,, | |
8648 | siemens s7-300,,,,,uuu,,, | |
8649 | siemens s7-300,,,,,UUU,,, | |
8650 | siemens s7-300,,,,,uuuu,,, | |
8651 | siemens s7-300,,,,,UUUU,,, | |
8652 | siemens s7-300,,,,,uuuuu,,, | |
8653 | siemens s7-300,,,,,UUUUU,,, | |
8654 | siemens s7-300,,,,,uuuuuu,,, | |
8655 | siemens s7-300,,,,,UUUUUU,,, | |
8656 | siemens s7-300,,,,,uuuuuuu,,, | |
8657 | siemens s7-300,,,,,UUUUUUU,,, | |
8658 | siemens s7-300,,,,,uuuuuuuu,,, | |
8659 | siemens s7-300,,,,,UUUUUUUU,,, | |
8660 | siemens s7-300,,,,,v,,, | |
8661 | siemens s7-300,,,,,V,,, | |
8662 | siemens s7-300,,,,,vesoft,,, | |
8663 | siemens s7-300,,,,,VESOFT,,, | |
8664 | siemens s7-300,,,,,visual,,, | |
8665 | siemens s7-300,,,,,VISUAL,,, | |
8666 | siemens s7-300,,,,,vjqgfhjkm,,, | |
8667 | siemens s7-300,,,,,VJQGFHJKM,,, | |
8668 | siemens s7-300,,,,,vodka,,, | |
8669 | siemens s7-300,,,,,VODKA,,, | |
8670 | siemens s7-300,,,,,volition,,, | |
8671 | siemens s7-300,,,,,VOLITION,,, | |
8672 | siemens s7-300,,,,,vv,,, | |
8673 | siemens s7-300,,,,,VV,,, | |
8674 | siemens s7-300,,,,,vvv,,, | |
8675 | siemens s7-300,,,,,VVV,,, | |
8676 | siemens s7-300,,,,,vvvv,,, | |
8677 | siemens s7-300,,,,,VVVV,,, | |
8678 | siemens s7-300,,,,,vvvvv,,, | |
8679 | siemens s7-300,,,,,VVVVV,,, | |
8680 | siemens s7-300,,,,,vvvvvv,,, | |
8681 | siemens s7-300,,,,,VVVVVV,,, | |
8682 | siemens s7-300,,,,,vvvvvvv,,, | |
8683 | siemens s7-300,,,,,VVVVVVV,,, | |
8684 | siemens s7-300,,,,,vvvvvvvv,,, | |
8685 | siemens s7-300,,,,,VVVVVVVV,,, | |
8686 | siemens s7-300,,,,,w,,, | |
8687 | siemens s7-300,,,,,W,,, | |
8688 | siemens s7-300,,,,,W9F3,,, | |
8689 | siemens s7-300,,,,,webadmin,,, | |
8690 | siemens s7-300,,,,,WEBADMIN,,, | |
8691 | siemens s7-300,,,,,win,,, | |
8692 | siemens s7-300,,,,,WIN,,, | |
8693 | siemens s7-300,,,,,wincc,,, | |
8694 | siemens s7-300,,,,,WINCC,,, | |
8695 | siemens s7-300,,,,,winterm,,, | |
8696 | siemens s7-300,,,,,WINTERM,,, | |
8697 | siemens s7-300,,,,,Wireless,,, | |
8698 | siemens s7-300,,,,,WIRELESS,,, | |
8699 | siemens s7-300,,,,,wizard,,, | |
8700 | siemens s7-300,,,,,WIZARD,,, | |
8701 | siemens s7-300,,,,,wlsedb,,, | |
8702 | siemens s7-300,,,,,WLSEDB,,, | |
8703 | siemens s7-300,,,,,wolf,,, | |
8704 | siemens s7-300,,,,,WONF,,, | |
8705 | siemens s7-300,,,,,ww,,, | |
8706 | siemens s7-300,,,,,WW,,, | |
8707 | siemens s7-300,,,,,www,,, | |
8708 | siemens s7-300,,,,,WWW,,, | |
8709 | siemens s7-300,,,,,wwww,,, | |
8710 | siemens s7-300,,,,,WWWW,,, | |
8711 | siemens s7-300,,,,,wwwww,,, | |
8712 | siemens s7-300,,,,,WWWWW,,, | |
8713 | siemens s7-300,,,,,wwwwww,,, | |
8714 | siemens s7-300,,,,,WWWWWW,,, | |
8715 | siemens s7-300,,,,,wwwwwww,,, | |
8716 | siemens s7-300,,,,,WWWWWWW,,, | |
8717 | siemens s7-300,,,,,wwwwwwww,,, | |
8718 | siemens s7-300,,,,,WWWWWWWW,,, | |
8719 | siemens s7-300,,,,,wyse,,, | |
8720 | siemens s7-300,,,,,WYSE,,, | |
8721 | siemens s7-300,,,,,x,,, | |
8722 | siemens s7-300,,,,,X,,, | |
8723 | siemens s7-300,,,,,x40rocks,,, | |
8724 | siemens s7-300,,,,,X40ROCKS,,, | |
8725 | siemens s7-300,,,,,x-admin,,, | |
8726 | siemens s7-300,,,,,X-ADMIN,,, | |
8727 | siemens s7-300,,,,,xbox,,, | |
8728 | siemens s7-300,,,,,XBOX,,, | |
8729 | siemens s7-300,,,,,xlserver,,, | |
8730 | siemens s7-300,,,,,XLSERVER,,, | |
8731 | siemens s7-300,,,,,xx,,, | |
8732 | siemens s7-300,,,,,XX,,, | |
8733 | siemens s7-300,,,,,xxx,,, | |
8734 | siemens s7-300,,,,,XXX,,, | |
8735 | siemens s7-300,,,,,xxxx,,, | |
8736 | siemens s7-300,,,,,XXXX,,, | |
8737 | siemens s7-300,,,,,xxxxx,,, | |
8738 | siemens s7-300,,,,,XXXXX,,, | |
8739 | siemens s7-300,,,,,xxxxxx,,, | |
8740 | siemens s7-300,,,,,XXXXXX,,, | |
8741 | siemens s7-300,,,,,xxxxxxx,,, | |
8742 | siemens s7-300,,,,,XXXXXXX,,, | |
8743 | siemens s7-300,,,,,xxxxxxxx,,, | |
8744 | siemens s7-300,,,,,XXXXXXXX,,, | |
8745 | siemens s7-300,,,,,xxyyzz,,, | |
8746 | siemens s7-300,,,,,XXYYZZ,,, | |
8747 | siemens s7-300,,,,,y,,, | |
8748 | siemens s7-300,,,,,Y,,, | |
8749 | siemens s7-300,,,,,yxcv,,, | |
8750 | siemens s7-300,,,,,YXCV,,, | |
8751 | siemens s7-300,,,,,yy,,, | |
8752 | siemens s7-300,,,,,YY,,, | |
8753 | siemens s7-300,,,,,yyy,,, | |
8754 | siemens s7-300,,,,,YYY,,, | |
8755 | siemens s7-300,,,,,yyyy,,, | |
8756 | siemens s7-300,,,,,YYYY,,, | |
8757 | siemens s7-300,,,,,yyyyy,,, | |
8758 | siemens s7-300,,,,,YYYYY,,, | |
8759 | siemens s7-300,,,,,yyyyyy,,, | |
8760 | siemens s7-300,,,,,YYYYYY,,, | |
8761 | siemens s7-300,,,,,yyyyyyy,,, | |
8762 | siemens s7-300,,,,,YYYYYYY,,, | |
8763 | siemens s7-300,,,,,yyyyyyyy,,, | |
8764 | siemens s7-300,,,,,YYYYYYYY,,, | |
8765 | siemens s7-300,,,,,z,,, | |
8766 | siemens s7-300,,,,,Z,,, | |
8767 | siemens s7-300,,,,,z0ne,,, | |
8768 | siemens s7-300,,,,,Z0NE,,, | |
8769 | siemens s7-300,,,,,zettler,,, | |
8770 | siemens s7-300,,,,,ZETTLER,,, | |
8771 | siemens s7-300,,,,,zippo,,, | |
8772 | siemens s7-300,,,,,ZIPPO,,, | |
8773 | siemens s7-300,,,,,zone,,, | |
8774 | siemens s7-300,,,,,ZONE,,, | |
8775 | siemens s7-300,,,,,zoomadsl,,, | |
8776 | siemens s7-300,,,,,ZOOMADSL,,, | |
8777 | siemens s7-300,,,,,zorro,,, | |
8778 | siemens s7-300,,,,,ZORRO,,, | |
8779 | siemens s7-300,,,,,zorromen,,, | |
8780 | siemens s7-300,,,,,ZORROMEN,,, | |
8781 | siemens s7-300,,,,,zxc,,, | |
8782 | siemens s7-300,,,,,ZXC,,, | |
8783 | siemens s7-300,,,,,zxcv,,, | |
8784 | siemens s7-300,,,,,ZXCV,,, | |
8785 | siemens s7-300,,,,,zxcvb,,, | |
8786 | siemens s7-300,,,,,ZXCVB,,, | |
8787 | siemens s7-300,,,,,zxcvbn,,, | |
8788 | siemens s7-300,,,,,ZXCVBN,,, | |
8789 | siemens s7-300,,,,,zxcvbnm,,, | |
8790 | siemens s7-300,,,,,ZXCVBNM,,, | |
8791 | siemens s7-300,,,,,zxcvbnm,,,, | |
8792 | siemens s7-300,,,,,ZXCVBNM,,,, | |
8793 | siemens s7-300,,,,,zz,,, | |
8794 | siemens s7-300,,,,,ZZ,,, | |
8795 | siemens s7-300,,,,,zzz,,, | |
8796 | siemens s7-300,,,,,ZZZ,,, | |
8797 | siemens s7-300,,,,,zzzz,,, | |
8798 | siemens s7-300,,,,,ZZZZ,,, | |
8799 | siemens s7-300,,,,,zzzzz,,, | |
8800 | siemens s7-300,,,,,ZZZZZ,,, | |
8801 | siemens s7-300,,,,,zzzzzz,,, | |
8802 | siemens s7-300,,,,,ZZZZZZ,,, | |
8803 | siemens s7-300,,,,,zzzzzzz,,, | |
8804 | siemens s7-300,,,,,ZZZZZZZ,,, | |
8805 | siemens s7-300,,,,,zzzzzzzz,,, | |
8806 | siemens s7-300,,,,,ZZZZZZZZ,,, |
0 | ||
0 | 1 | /* |
1 | 2 | Unix SMB/CIFS implementation. |
2 | 3 | HMAC MD5 code for use in NTLMv2 |
32 | 33 | the rfc 2104 version of hmac_md5 initialisation. |
33 | 34 | ***********************************************************************/ |
34 | 35 | |
35 | void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context *ctx) | |
36 | { | |
37 | int i; | |
38 | unsigned char tk[16]; | |
36 | void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context * ctx) { | |
37 | int i; | |
38 | unsigned char tk[16]; | |
39 | 39 | |
40 | /* if key is longer than 64 bytes reset it to key=MD5(key) */ | |
41 | if (key_len > 64) { | |
42 | MD5_CTX tctx; | |
40 | /* if key is longer than 64 bytes reset it to key=MD5(key) */ | |
41 | if (key_len > 64) { | |
42 | MD5_CTX tctx; | |
43 | 43 | |
44 | MD5_Init(&tctx); | |
45 | MD5_Update(&tctx, (void *)key, key_len); | |
46 | MD5_Final(tk, &tctx); | |
44 | MD5_Init(&tctx); | |
45 | MD5_Update(&tctx, (void *) key, key_len); | |
46 | MD5_Final(tk, &tctx); | |
47 | 47 | |
48 | key = tk; | |
49 | key_len = 16; | |
50 | } | |
48 | key = tk; | |
49 | key_len = 16; | |
50 | } | |
51 | 51 | |
52 | /* start out by storing key in pads */ | |
53 | ZERO_STRUCT(ctx->k_ipad); | |
54 | ZERO_STRUCT(ctx->k_opad); | |
55 | memcpy( ctx->k_ipad, key, key_len); | |
56 | memcpy( ctx->k_opad, key, key_len); | |
52 | /* start out by storing key in pads */ | |
53 | ZERO_STRUCT(ctx->k_ipad); | |
54 | ZERO_STRUCT(ctx->k_opad); | |
55 | memcpy(ctx->k_ipad, key, key_len); | |
56 | memcpy(ctx->k_opad, key, key_len); | |
57 | 57 | |
58 | /* XOR key with ipad and opad values */ | |
59 | for (i=0; i<64; i++) { | |
60 | ctx->k_ipad[i] ^= 0x36; | |
61 | ctx->k_opad[i] ^= 0x5c; | |
62 | } | |
58 | /* XOR key with ipad and opad values */ | |
59 | for (i = 0; i < 64; i++) { | |
60 | ctx->k_ipad[i] ^= 0x36; | |
61 | ctx->k_opad[i] ^= 0x5c; | |
62 | } | |
63 | 63 | |
64 | MD5_Init(&ctx->ctx); | |
65 | MD5_Update(&ctx->ctx, ctx->k_ipad, 64); | |
64 | MD5_Init(&ctx->ctx); | |
65 | MD5_Update(&ctx->ctx, ctx->k_ipad, 64); | |
66 | 66 | } |
67 | 67 | |
68 | 68 | /*********************************************************************** |
69 | 69 | the microsoft version of hmac_md5 initialisation. |
70 | 70 | ***********************************************************************/ |
71 | 71 | |
72 | void hmac_md5_init_limK_to_64(const unsigned char* key, int key_len, | |
73 | HMACMD5Context *ctx) | |
74 | { | |
75 | int i; | |
72 | void hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, HMACMD5Context * ctx) { | |
73 | int i; | |
76 | 74 | |
77 | /* if key is longer than 64 bytes truncate it */ | |
78 | if (key_len > 64) { | |
79 | key_len = 64; | |
80 | } | |
75 | /* if key is longer than 64 bytes truncate it */ | |
76 | if (key_len > 64) { | |
77 | key_len = 64; | |
78 | } | |
81 | 79 | |
82 | /* start out by storing key in pads */ | |
83 | ZERO_STRUCT(ctx->k_ipad); | |
84 | ZERO_STRUCT(ctx->k_opad); | |
85 | memcpy( ctx->k_ipad, key, key_len); | |
86 | memcpy( ctx->k_opad, key, key_len); | |
80 | /* start out by storing key in pads */ | |
81 | ZERO_STRUCT(ctx->k_ipad); | |
82 | ZERO_STRUCT(ctx->k_opad); | |
83 | memcpy(ctx->k_ipad, key, key_len); | |
84 | memcpy(ctx->k_opad, key, key_len); | |
87 | 85 | |
88 | /* XOR key with ipad and opad values */ | |
89 | for (i=0; i<64; i++) { | |
90 | ctx->k_ipad[i] ^= 0x36; | |
91 | ctx->k_opad[i] ^= 0x5c; | |
92 | } | |
86 | /* XOR key with ipad and opad values */ | |
87 | for (i = 0; i < 64; i++) { | |
88 | ctx->k_ipad[i] ^= 0x36; | |
89 | ctx->k_opad[i] ^= 0x5c; | |
90 | } | |
93 | 91 | |
94 | MD5_Init(&ctx->ctx); | |
95 | MD5_Update(&ctx->ctx, ctx->k_ipad, 64); | |
92 | MD5_Init(&ctx->ctx); | |
93 | MD5_Update(&ctx->ctx, ctx->k_ipad, 64); | |
96 | 94 | } |
97 | 95 | |
98 | 96 | /*********************************************************************** |
99 | 97 | update hmac_md5 "inner" buffer |
100 | 98 | ***********************************************************************/ |
101 | 99 | |
102 | void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context *ctx) | |
103 | { | |
104 | MD5_Update(&ctx->ctx, (void *)text, text_len); /* then text of datagram */ | |
100 | void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context * ctx) { | |
101 | MD5_Update(&ctx->ctx, (void *) text, text_len); /* then text of datagram */ | |
105 | 102 | } |
106 | 103 | |
107 | 104 | /*********************************************************************** |
108 | 105 | finish off hmac_md5 "inner" buffer and generate outer one. |
109 | 106 | ***********************************************************************/ |
110 | void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx) | |
107 | void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx) | |
108 | { | |
109 | MD5_CTX ctx_o; | |
111 | 110 | |
112 | { | |
113 | MD5_CTX ctx_o; | |
111 | MD5_Final(digest, &ctx->ctx); | |
114 | 112 | |
115 | MD5_Final(digest, &ctx->ctx); | |
116 | ||
117 | MD5_Init(&ctx_o); | |
118 | MD5_Update(&ctx_o, ctx->k_opad, 64); | |
119 | MD5_Update(&ctx_o, digest, 16); | |
120 | MD5_Final(digest, &ctx_o); | |
113 | MD5_Init(&ctx_o); | |
114 | MD5_Update(&ctx_o, ctx->k_opad, 64); | |
115 | MD5_Update(&ctx_o, digest, 16); | |
116 | MD5_Final(digest, &ctx_o); | |
121 | 117 | } |
122 | 118 | |
123 | 119 | /*********************************************************** |
125 | 121 | use the microsoft hmacmd5 init method because the key is 16 bytes. |
126 | 122 | ************************************************************/ |
127 | 123 | |
128 | void hmac_md5( unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest) | |
129 | { | |
130 | HMACMD5Context ctx; | |
131 | hmac_md5_init_limK_to_64(key, 16, &ctx); | |
132 | if (data_len != 0) | |
133 | { | |
134 | hmac_md5_update(data, data_len, &ctx); | |
135 | } | |
136 | hmac_md5_final(digest, &ctx); | |
124 | void hmac_md5(unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest) { | |
125 | HMACMD5Context ctx; | |
126 | ||
127 | hmac_md5_init_limK_to_64(key, 16, &ctx); | |
128 | if (data_len != 0) { | |
129 | hmac_md5_update(data, data_len, &ctx); | |
130 | } | |
131 | hmac_md5_final(digest, &ctx); | |
137 | 132 | } |
138 | 133 | |
139 | 134 | #endif |
43 | 43 | struct afp_server *server = NULL; |
44 | 44 | |
45 | 45 | conn_req = malloc(sizeof(struct afp_connection_request)); |
46 | server = malloc(sizeof(struct afp_server)); | |
46 | // server = malloc(sizeof(struct afp_server)); | |
47 | 47 | |
48 | 48 | memset(conn_req, 0, sizeof(struct afp_connection_request)); |
49 | 49 | |
66 | 66 | //fprintf(stderr, "Initiating connection attempt.\n"); |
67 | 67 | if ((server = afp_server_full_connect(NULL, conn_req)) == NULL) { |
68 | 68 | FREE(conn_req); |
69 | FREE(server); | |
69 | // FREE(server); | |
70 | 70 | return -1; |
71 | 71 | } |
72 | 72 | //fprintf(stderr, "Connected to server: %s via UAM: %s\n", server->server_name_printable, uam_bitmap_to_string(server->using_uam)); |
79 | 79 | |
80 | 80 | int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { |
81 | 81 | char *empty = ""; |
82 | char *login, *pass; | |
82 | char *login, *pass, mlogin[AFP_MAX_USERNAME_LEN], mpass[AFP_MAX_PASSWORD_LEN]; | |
83 | 83 | struct afp_url tmpurl; |
84 | 84 | |
85 | 85 | /* Build AFP authentication request */ |
96 | 96 | |
97 | 97 | strncpy(tmpurl.servername, hydra_address2string(ip), AFP_SERVER_NAME_LEN - 1); |
98 | 98 | tmpurl.servername[AFP_SERVER_NAME_LEN] = 0; |
99 | memcpy(&tmpurl.username, login, AFP_MAX_USERNAME_LEN); | |
100 | memcpy(&tmpurl.password, pass, AFP_MAX_PASSWORD_LEN); | |
99 | strncpy(mlogin, login, AFP_MAX_USERNAME_LEN - 1); | |
100 | mlogin[AFP_MAX_USERNAME_LEN - 1] = 0; | |
101 | strncpy(mpass, pass, AFP_MAX_PASSWORD_LEN - 1); | |
102 | mpass[AFP_MAX_PASSWORD_LEN - 1] = 0; | |
103 | memcpy(&tmpurl.username, mlogin, AFP_MAX_USERNAME_LEN); | |
104 | memcpy(&tmpurl.password, mpass, AFP_MAX_PASSWORD_LEN); | |
101 | 105 | |
102 | 106 | if (server_subconnect(tmpurl) == 0) { |
103 | 107 | hydra_report_found_host(port, ip, "afp", fp); |
135 | 139 | port = myport; |
136 | 140 | } |
137 | 141 | if (sock < 0) { |
138 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
142 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
139 | 143 | hydra_child_exit(1); |
140 | 144 | } |
141 | 145 | |
168 | 172 | |
169 | 173 | #endif |
170 | 174 | |
171 | int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
175 | int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
172 | 176 | // called before the childrens are forked off, so this is the function |
173 | 177 | // which should be filled if initial connections and service setup has to be |
174 | 178 | // performed once only. |
27 | 27 | memset(buffer, 0, sizeof(buffer)); |
28 | 28 | sprintf(buffer, "Action: Login\r\nUsername: %.250s\r\nSecret: %.250s\r\n\r\n", login, pass); |
29 | 29 | |
30 | if (verbose || debug) | |
31 | hydra_report(stderr, "[VERBOSE] C: %s\n", buffer); | |
30 | if (debug) | |
31 | hydra_report(stderr, "[DEBUG] C: %s\n", buffer); | |
32 | 32 | |
33 | 33 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { |
34 | 34 | return 1; |
36 | 36 | if ((buf = hydra_receive_line(s)) == NULL) |
37 | 37 | return 1; |
38 | 38 | |
39 | if (verbose || debug) | |
40 | hydra_report(stderr, "[VERBOSE] S: %s\n", buf); | |
39 | if (debug) | |
40 | hydra_report(stderr, "[DEBUG] S: %s\n", buf); | |
41 | 41 | |
42 | 42 | if (buf == NULL || (strstr(buf, "Response: ") == NULL)) { |
43 | 43 | hydra_report(stderr, "[ERROR] Asterisk Call Manager protocol error or service shutdown: %s\n", buf); |
83 | 83 | if (port != 0) |
84 | 84 | mysslport = port; |
85 | 85 | sock = hydra_connect_ssl(ip, mysslport); |
86 | port = myport; | |
86 | port = mysslport; | |
87 | 87 | } |
88 | 88 | |
89 | 89 | if (sock < 0) { |
98 | 98 | |
99 | 99 | if (buf == NULL || strstr(buf, "Asterisk Call Manager/") == NULL) { |
100 | 100 | /* check the first line */ |
101 | if (verbose || debug) hydra_report(stderr, "[ERROR] Not an Asterisk Call Manager protocol or service shutdown: %s\n", buf); | |
101 | if (verbose || debug) | |
102 | hydra_report(stderr, "[ERROR] Not an Asterisk Call Manager protocol or service shutdown: %s\n", buf); | |
102 | 103 | hydra_child_exit(2); |
103 | 104 | } |
104 | 105 | free(buf); |
120 | 121 | } |
121 | 122 | } |
122 | 123 | |
123 | int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
124 | int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
124 | 125 | // called before the childrens are forked off, so this is the function |
125 | 126 | // which should be filled if initial connections and service setup has to be |
126 | 127 | // performed once only. |
86 | 86 | port = mysslport; |
87 | 87 | } |
88 | 88 | if (sock < 0) { |
89 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
89 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
90 | 90 | hydra_child_exit(1); |
91 | 91 | } |
92 | 92 | |
100 | 100 | |
101 | 101 | sprintf(buffer, "%.250s\r\n", login); |
102 | 102 | if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { |
103 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); | |
103 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); | |
104 | 104 | hydra_child_exit(2); |
105 | 105 | } |
106 | 106 | } |
107 | 107 | |
108 | 108 | if (miscptr != NULL) { |
109 | if (buf != NULL) | |
110 | free(buf); | |
109 | 111 | while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) { |
110 | 112 | if (hydra_strcasestr(buf, "ress ENTER") != NULL) |
111 | 113 | hydra_send(sock, "\r\n", 2, 0); |
114 | 116 | |
115 | 117 | sprintf(buffer, "%.250s\r\n", miscptr); |
116 | 118 | if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { |
117 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); | |
119 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); | |
118 | 120 | hydra_child_exit(2); |
119 | 121 | } |
120 | 122 | } |
121 | 123 | |
124 | if (buf != NULL) | |
125 | free(buf); | |
122 | 126 | buf = hydra_receive_line(sock); |
123 | 127 | if (hydra_strcasestr(buf, "ress ENTER") != NULL) { |
124 | 128 | hydra_send(sock, "\r\n", 2, 0); |
127 | 131 | } |
128 | 132 | |
129 | 133 | if (strstr(buf, "assw") != NULL) { |
130 | fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int) getpid()); | |
134 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int) getpid()); | |
131 | 135 | hydra_child_exit(2); |
132 | 136 | } |
133 | 137 | free(buf); |
142 | 146 | |
143 | 147 | sprintf(buffer, "%.250s\r\n", "ena"); |
144 | 148 | if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { |
145 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int) getpid()); | |
149 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int) getpid()); | |
146 | 150 | hydra_child_exit(2); |
147 | 151 | } |
148 | 152 | |
155 | 159 | if (failc < retry) { |
156 | 160 | next_run = 1; |
157 | 161 | failc++; |
158 | fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); | |
162 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); | |
159 | 163 | sleep(3); |
160 | 164 | break; |
161 | 165 | } else { |
175 | 179 | case 3: /* clean exit */ |
176 | 180 | sprintf(buffer, "%.250s\r\n", "exit"); |
177 | 181 | if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { |
178 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int) getpid()); | |
182 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int) getpid()); | |
179 | 183 | hydra_child_exit(0); |
180 | 184 | } |
181 | 185 | if (sock >= 0) |
191 | 195 | } |
192 | 196 | } |
193 | 197 | |
194 | int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
198 | int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
195 | 199 | // called before the childrens are forked off, so this is the function |
196 | 200 | // which should be filled if initial connections and service setup has to be |
197 | 201 | // performed once only. |
4 | 4 | #endif |
5 | 5 | |
6 | 6 | extern char *HYDRA_EXIT; |
7 | char *buf; | |
7 | char *buf = NULL; | |
8 | 8 | |
9 | 9 | int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { |
10 | 10 | char *empty = ""; |
24 | 24 | } |
25 | 25 | sleep(1); |
26 | 26 | do { |
27 | buf = hydra_receive_line(s); | |
27 | if (buf != NULL) | |
28 | free(buf); | |
29 | if ((buf = hydra_receive_line(s)) == NULL) | |
30 | return 3; | |
28 | 31 | if (buf[strlen(buf) - 1] == '\n') |
29 | 32 | buf[strlen(buf) - 1] = 0; |
30 | 33 | if (buf[strlen(buf) - 1] == '\r') |
48 | 51 | return 1; |
49 | 52 | } |
50 | 53 | do { |
51 | buf = hydra_receive_line(s); | |
54 | free(buf); | |
55 | if ((buf = hydra_receive_line(s)) == NULL) | |
56 | return 3; | |
52 | 57 | if (buf[strlen(buf) - 1] == '\n') |
53 | 58 | buf[strlen(buf) - 1] = 0; |
54 | 59 | if (buf[strlen(buf) - 1] == '\r') |
57 | 62 | if (buf != NULL && strstr(buf, "assw") != NULL) { |
58 | 63 | hydra_completed_pair(); |
59 | 64 | free(buf); |
65 | buf = NULL; | |
60 | 66 | if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) |
61 | 67 | return 3; |
62 | 68 | if (strlen(pass = hydra_get_next_password()) == 0) |
72 | 78 | return 1; |
73 | 79 | } |
74 | 80 | do { |
81 | if (buf != NULL) | |
82 | free(buf); | |
75 | 83 | buf = hydra_receive_line(s); |
76 | if (buf[strlen(buf) - 1] == '\n') | |
77 | buf[strlen(buf) - 1] = 0; | |
78 | if (buf[strlen(buf) - 1] == '\r') | |
79 | buf[strlen(buf) - 1] = 0; | |
80 | } while (strlen(buf) <= 1); | |
84 | if (buf != NULL) { | |
85 | if (buf[strlen(buf) - 1] == '\n') | |
86 | buf[strlen(buf) - 1] = 0; | |
87 | if (buf[strlen(buf) - 1] == '\r') | |
88 | buf[strlen(buf) - 1] = 0; | |
89 | } | |
90 | } while (buf != NULL && strlen(buf) <= 1); | |
81 | 91 | } |
82 | 92 | |
83 | 93 | } |
143 | 153 | if (failc < retry) { |
144 | 154 | next_run = 1; |
145 | 155 | failc++; |
146 | hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); | |
156 | if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); | |
147 | 157 | sleep(3); |
148 | 158 | break; |
149 | 159 | } else { |
150 | hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid()); | |
160 | if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid()); | |
151 | 161 | hydra_child_exit(0); |
152 | 162 | } |
153 | 163 | } |
182 | 192 | } |
183 | 193 | } |
184 | 194 | |
185 | int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
195 | int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
186 | 196 | // called before the childrens are forked off, so this is the function |
187 | 197 | // which should be filled if initial connections and service setup has to be |
188 | 198 | // performed once only. |
135 | 135 | } |
136 | 136 | } |
137 | 137 | |
138 | int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
138 | int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
139 | 139 | // called before the childrens are forked off, so this is the function |
140 | 140 | // which should be filled if initial connections and service setup has to be |
141 | 141 | // performed once only. |
0 | ||
0 | 1 | /* |
1 | 2 | |
2 | 3 | Firebird Support - by David Maciejak @ GMAIL dot com |
31 | 32 | char database[256]; |
32 | 33 | char connection_string[1024]; |
33 | 34 | |
34 | isc_db_handle db; /* database handle */ | |
35 | isc_db_handle db; /* database handle */ | |
35 | 36 | ISC_STATUS_ARRAY status; /* status vector */ |
36 | 37 | |
37 | 38 | char *dpb = NULL; /* DB parameter buffer */ |
41 | 42 | strncpy(database, miscptr, sizeof(database)); |
42 | 43 | else |
43 | 44 | strncpy(database, DEFAULT_DB, sizeof(database)); |
45 | database[sizeof(database) - 1] = 0; | |
44 | 46 | |
45 | 47 | if (strlen(login = hydra_get_next_login()) == 0) |
46 | 48 | login = empty; |
47 | 49 | if (strlen(pass = hydra_get_next_password()) == 0) |
48 | 50 | pass = empty; |
49 | 51 | |
50 | dpb_length = (short)(1 + strlen(login) + 2 + strlen(pass) + 2); | |
51 | if ((dpb = (char*)malloc(dpb_length)) == NULL) { | |
52 | hydra_report(stderr, "[ERROR] Can't allocate memory\n"); | |
53 | return 1; | |
52 | dpb_length = (short) (1 + strlen(login) + 2 + strlen(pass) + 2); | |
53 | if ((dpb = (char *) malloc(dpb_length)) == NULL) { | |
54 | hydra_report(stderr, "[ERROR] Can't allocate memory\n"); | |
55 | return 1; | |
54 | 56 | } |
55 | 57 | |
56 | 58 | /* Add user and password to dpb */ |
110 | 112 | port = mysslport; |
111 | 113 | } |
112 | 114 | if (sock < 0) { |
113 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
115 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
114 | 116 | hydra_child_exit(1); |
115 | 117 | } |
116 | 118 | |
143 | 145 | |
144 | 146 | #endif |
145 | 147 | |
146 | int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
148 | int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
147 | 149 | // called before the childrens are forked off, so this is the function |
148 | 150 | // which should be filled if initial connections and service setup has to be |
149 | 151 | // performed once only. |
38 | 38 | } |
39 | 39 | if (buf[0] != '3') { |
40 | 40 | if (buf) { |
41 | if (verbose || debug) hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); | |
41 | if (verbose || debug) | |
42 | hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); | |
42 | 43 | free(buf); |
43 | 44 | } |
44 | 45 | return 3; |
102 | 103 | usleep(250); |
103 | 104 | buf = hydra_receive_line(sock); |
104 | 105 | if (buf == NULL || buf[0] != '2') { /* check the first line */ |
105 | if (verbose || debug) hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); | |
106 | if (verbose || debug) | |
107 | hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); | |
106 | 108 | hydra_child_exit(2); |
107 | 109 | if (buf != NULL) |
108 | 110 | free(buf); |
122 | 124 | } |
123 | 125 | buf = hydra_receive_line(sock); |
124 | 126 | if (buf == NULL) { |
125 | if (verbose || debug) hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); | |
127 | if (verbose || debug) | |
128 | hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); | |
126 | 129 | hydra_child_exit(2); |
127 | 130 | } |
128 | 131 | if (buf[0] == '2') { |
169 | 172 | service_ftp_core(ip, sp, options, miscptr, fp, port, 1); |
170 | 173 | } |
171 | 174 | |
172 | int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
175 | int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
173 | 176 | // called before the childrens are forked off, so this is the function |
174 | 177 | // which should be filled if initial connections and service setup has to be |
175 | 178 | // performed once only. |
127 | 127 | options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); |
128 | 128 | } |
129 | 129 | |
130 | /* get the pass, or pass list */ | |
130 | /* get the pass, pass list, or generate */ | |
131 | /* The "generate" button was implemented by Petar Kaleychev <petar.kaleychev@gmail.com> */ | |
131 | 132 | widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass1"); |
132 | 133 | if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { |
133 | 134 | options[i++] = "-p"; |
134 | 135 | widget = lookup_widget(GTK_WIDGET(wndMain), "entPass"); |
135 | 136 | options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); |
136 | } else { | |
137 | } | |
138 | widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass2"); | |
139 | if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { | |
137 | 140 | options[i++] = "-P"; |
138 | 141 | widget = lookup_widget(GTK_WIDGET(wndMain), "entPassFile"); |
139 | 142 | options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); |
143 | } | |
144 | widget = lookup_widget(GTK_WIDGET(wndMain), "radioGenerate"); | |
145 | if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { | |
146 | options[i++] = "-x"; | |
147 | widget = lookup_widget(GTK_WIDGET(wndMain), "entGeneration"); | |
148 | options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); | |
140 | 149 | } |
141 | 150 | } |
142 | 151 |
8 | 8 | |
9 | 9 | #include <sys/types.h> |
10 | 10 | #include <sys/stat.h> |
11 | #ifdef HAVE_UNISTD_H | |
11 | 12 | #include <unistd.h> |
13 | #endif | |
12 | 14 | #include <string.h> |
13 | 15 | #include <stdio.h> |
14 | 16 | |
74 | 76 | GtkWidget *radioPass1; |
75 | 77 | GSList *radioPass1_group = NULL; |
76 | 78 | GtkWidget *radioPass2; |
79 | GtkWidget *radioGenerate; | |
80 | GtkWidget *entGeneration; | |
77 | 81 | GtkWidget *labelpass; |
78 | 82 | GtkWidget *frame8; |
79 | 83 | GtkWidget *table5; |
256 | 260 | cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rexec"); |
257 | 261 | cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rlogin"); |
258 | 262 | cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rsh"); |
263 | cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "s7-300"); | |
259 | 264 | cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sapr3"); |
260 | 265 | cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sip"); |
261 | 266 | cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smb"); |
263 | 268 | cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "snmp"); |
264 | 269 | cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "socks5"); |
265 | 270 | cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ssh"); |
271 | cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sshkey"); | |
266 | 272 | cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "svn"); |
267 | 273 | cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "teamspeak"); |
268 | 274 | cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "telnet"); |
439 | 445 | gtk_widget_show(frmPass); |
440 | 446 | gtk_box_pack_start(GTK_BOX(vbox2), frmPass, TRUE, TRUE, 0); |
441 | 447 | |
442 | table3 = gtk_table_new(2, 2, FALSE); | |
448 | table3 = gtk_table_new (3, 2, FALSE); | |
443 | 449 | gtk_widget_set_name(table3, "table3"); |
444 | 450 | gtk_widget_show(table3); |
445 | 451 | gtk_container_add(GTK_CONTAINER(frmPass), table3); |
471 | 477 | gtk_table_attach(GTK_TABLE(table3), radioPass2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); |
472 | 478 | gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass2), radioPass1_group); |
473 | 479 | radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass2)); |
480 | radioGenerate = gtk_radio_button_new_with_mnemonic (NULL, "Generate"); | |
481 | gtk_widget_set_name (radioGenerate, "radioGenerate"); | |
482 | gtk_widget_show (radioGenerate); | |
483 | gtk_table_attach (GTK_TABLE (table3), radioGenerate, 0, 1, 2, 3, | |
484 | (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), | |
485 | (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); | |
486 | gtk_radio_button_set_group (GTK_RADIO_BUTTON (radioGenerate), radioPass1_group); | |
487 | radioPass1_group = gtk_radio_button_get_group (GTK_RADIO_BUTTON (radioGenerate)); | |
488 | ||
489 | entGeneration = gtk_entry_new (); | |
490 | gtk_widget_set_name (entGeneration, "entGeneration"); | |
491 | gtk_widget_show (entGeneration); | |
492 | gtk_table_attach (GTK_TABLE (table3), entGeneration, 1, 2, 2, 3, | |
493 | (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), | |
494 | (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); | |
495 | gtk_tooltips_set_tip (tooltips, entGeneration, "Generate passwords", NULL); | |
496 | gtk_entry_set_text (GTK_ENTRY (entGeneration), "1:1:a"); | |
474 | 497 | |
475 | 498 | labelpass = gtk_label_new("Password"); |
476 | 499 | gtk_widget_set_name(labelpass, "labelpass"); |
1014 | 1037 | GLADE_HOOKUP_OBJECT(wndMain, entPass, "entPass"); |
1015 | 1038 | GLADE_HOOKUP_OBJECT(wndMain, radioPass1, "radioPass1"); |
1016 | 1039 | GLADE_HOOKUP_OBJECT(wndMain, radioPass2, "radioPass2"); |
1040 | GLADE_HOOKUP_OBJECT(wndMain, radioGenerate, "radioGenerate"); | |
1041 | GLADE_HOOKUP_OBJECT(wndMain, entGeneration, "entGeneration"); | |
1017 | 1042 | GLADE_HOOKUP_OBJECT(wndMain, labelpass, "labelpass"); |
1018 | 1043 | GLADE_HOOKUP_OBJECT(wndMain, frame8, "frame8"); |
1019 | 1044 | GLADE_HOOKUP_OBJECT(wndMain, table5, "table5"); |
405 | 405 | <property name="visible">True</property> |
406 | 406 | <property name="can_focus">True</property> |
407 | 407 | <property name="label" translatable="yes">vnc</property> |
408 | </widget> | |
409 | </child> | |
410 | ||
411 | <child> | |
412 | <widget class="GtkListItem" id="listitem2100"> | |
413 | <property name="visible">True</property> | |
414 | <property name="can_focus">True</property> | |
415 | <property name="label" translatable="yes">sshkey</property> | |
416 | </widget> | |
417 | </child> | |
418 | <child> | |
419 | <widget class="GtkListItem" id="listitem2101"> | |
420 | <property name="visible">True</property> | |
421 | <property name="can_focus">True</property> | |
422 | <property name="label" translatable="yes">s7-300</property> | |
423 | </widget> | |
424 | </child> | |
425 | <child> | |
426 | <widget class="GtkListItem" id="listitem2102"> | |
427 | <property name="visible">True</property> | |
428 | <property name="can_focus">True</property> | |
429 | <property name="label" translatable="yes"></property> | |
430 | </widget> | |
431 | </child> | |
432 | <child> | |
433 | <widget class="GtkListItem" id="listitem2103"> | |
434 | <property name="visible">True</property> | |
435 | <property name="can_focus">True</property> | |
436 | <property name="label" translatable="yes">afp</property> | |
437 | </widget> | |
438 | </child> | |
439 | <child> | |
440 | <widget class="GtkListItem" id="listitem2104"> | |
441 | <property name="visible">True</property> | |
442 | <property name="can_focus">True</property> | |
443 | <property name="label" translatable="yes">ftps</property> | |
444 | </widget> | |
445 | </child> | |
446 | <child> | |
447 | <widget class="GtkListItem" id="listitem2105"> | |
448 | <property name="visible">True</property> | |
449 | <property name="can_focus">True</property> | |
450 | <property name="label" translatable="yes">http-get-form</property> | |
451 | </widget> | |
452 | </child> | |
453 | <child> | |
454 | <widget class="GtkListItem" id="listitem2106"> | |
455 | <property name="visible">True</property> | |
456 | <property name="can_focus">True</property> | |
457 | <property name="label" translatable="yes">http-post-form</property> | |
458 | </widget> | |
459 | </child> | |
460 | <child> | |
461 | <widget class="GtkListItem" id="listitem2107"> | |
462 | <property name="visible">True</property> | |
463 | <property name="can_focus">True</property> | |
464 | <property name="label" translatable="yes">http-proxy-url</property> | |
465 | </widget> | |
466 | </child> | |
467 | <child> | |
468 | <widget class="GtkListItem" id="listitem2108"> | |
469 | <property name="visible">True</property> | |
470 | <property name="can_focus">True</property> | |
471 | <property name="label" translatable="yes">https-get-form</property> | |
472 | </widget> | |
473 | </child> | |
474 | <child> | |
475 | <widget class="GtkListItem" id="listitem2109"> | |
476 | <property name="visible">True</property> | |
477 | <property name="can_focus">True</property> | |
478 | <property name="label" translatable="yes">https-post-form</property> | |
479 | </widget> | |
480 | </child> | |
481 | <child> | |
482 | <widget class="GtkListItem" id="listitem2110"> | |
483 | <property name="visible">True</property> | |
484 | <property name="can_focus">True</property> | |
485 | <property name="label" translatable="yes">irc</property> | |
486 | </widget> | |
487 | </child> | |
488 | <child> | |
489 | <widget class="GtkListItem" id="listitem2111"> | |
490 | <property name="visible">True</property> | |
491 | <property name="can_focus">True</property> | |
492 | <property name="label" translatable="yes">ldap3-crammd5</property> | |
493 | </widget> | |
494 | </child> | |
495 | <child> | |
496 | <widget class="GtkListItem" id="listitem2112"> | |
497 | <property name="visible">True</property> | |
498 | <property name="can_focus">True</property> | |
499 | <property name="label" translatable="yes">ldap3-digestmd5</property> | |
500 | </widget> | |
501 | </child> | |
502 | <child> | |
503 | <widget class="GtkListItem" id="listitem2113"> | |
504 | <property name="visible">True</property> | |
505 | <property name="can_focus">True</property> | |
506 | <property name="label" translatable="yes">mssql</property> | |
507 | </widget> | |
508 | </child> | |
509 | <child> | |
510 | <widget class="GtkListItem" id="listitem2114"> | |
511 | <property name="visible">True</property> | |
512 | <property name="can_focus">True</property> | |
513 | <property name="label" translatable="yes">oracle</property> | |
514 | </widget> | |
515 | </child> | |
516 | <child> | |
517 | <widget class="GtkListItem" id="listitem2115"> | |
518 | <property name="visible">True</property> | |
519 | <property name="can_focus">True</property> | |
520 | <property name="label" translatable="yes">oracle-sid</property> | |
521 | </widget> | |
522 | </child> | |
523 | <child> | |
524 | <widget class="GtkListItem" id="listitem2116"> | |
525 | <property name="visible">True</property> | |
526 | <property name="can_focus">True</property> | |
527 | <property name="label" translatable="yes">oracle-listener</property> | |
528 | </widget> | |
529 | </child> | |
530 | <child> | |
531 | <widget class="GtkListItem" id="listitem2117"> | |
532 | <property name="visible">True</property> | |
533 | <property name="can_focus">True</property> | |
534 | <property name="label" translatable="yes">rdp</property> | |
535 | </widget> | |
536 | </child> | |
537 | <child> | |
538 | <widget class="GtkListItem" id="listitem2118"> | |
539 | <property name="visible">True</property> | |
540 | <property name="can_focus">True</property> | |
541 | <property name="label" translatable="yes">ssh</property> | |
542 | </widget> | |
543 | </child> | |
544 | <child> | |
545 | <widget class="GtkListItem" id="listitem2119"> | |
546 | <property name="visible">True</property> | |
547 | <property name="can_focus">True</property> | |
548 | <property name="label" translatable="yes">xmpp</property> | |
408 | 549 | </widget> |
409 | 550 | </child> |
410 | 551 |
0 | ||
0 | 1 | /* |
1 | 2 | |
2 | 3 | Hydra Form Module |
60 | 61 | |
61 | 62 | char redirected_url_buff[2048] = ""; |
62 | 63 | int redirected_flag = 0; |
64 | ||
63 | 65 | #define MAX_REDIRECT 8 |
64 | 66 | int redirected_cpt = MAX_REDIRECT; |
65 | 67 | char cookie[4096] = "", cmiscptr[1024]; |
80 | 82 | |
81 | 83 | char *html_encode(char *string) { |
82 | 84 | char *ret = string; |
83 | ||
85 | ||
84 | 86 | if (ret == NULL) |
85 | 87 | return NULL; |
86 | ||
88 | ||
87 | 89 | if (index(ret, '%') != NULL) |
88 | 90 | ret = hydra_strrep(ret, "%", "%25"); |
89 | 91 | if (index(ret, ' ') != NULL) |
131 | 133 | *endloc = 0; |
132 | 134 | strcpy(redirected_url_buff, str); |
133 | 135 | } |
134 | ||
135 | 136 | //there can be multiple cookies |
136 | 137 | if (hydra_strcasestr(buf, "Set-Cookie: ") != NULL) { |
137 | 138 | char *cookiebuf = buf; |
149 | 150 | //terminate string after cookie data |
150 | 151 | if (endcookie1 != NULL && endcookie1 < endcookie2) |
151 | 152 | *endcookie1 = 0; |
152 | else | |
153 | if (endcookie2 != NULL) | |
154 | *endcookie2 = 0; | |
153 | else if (endcookie2 != NULL) | |
154 | *endcookie2 = 0; | |
155 | 155 | // is the cookie already there? if yes, remove it! |
156 | 156 | if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) { |
157 | 157 | strncpy(tmpname, startcookie, sizeof(tmpname) - 2); |
172 | 172 | ptr2 += 2; |
173 | 173 | strncat(tmpcookie, ptr2, sizeof(tmpcookie) - strlen(tmpcookie) - 1); |
174 | 174 | } |
175 | if (debug) printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: %s\n", tmpname, cookie, tmpcookie); | |
175 | if (debug) | |
176 | printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: %s\n", tmpname, cookie, tmpcookie); | |
176 | 177 | strcpy(cookie, tmpcookie); |
177 | 178 | } |
178 | 179 | } |
199 | 200 | free(buf); |
200 | 201 | } |
201 | 202 | if (runs == 0) { |
202 | if (debug) hydra_report(stderr, "DEBUG: no response from server\n"); | |
203 | if (debug) | |
204 | hydra_report(stderr, "DEBUG: no response from server\n"); | |
203 | 205 | return -1; |
204 | 206 | } |
205 | 207 | return 0; |
236 | 238 | upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); |
237 | 239 | if (strstr(userheader, "^USER^") == NULL && strstr(userheader, "^PASS^") == NULL) { |
238 | 240 | strcpy(cuserheader, userheader); |
239 | } else { // we use the encoded version | |
241 | } else { // we use the encoded version | |
240 | 242 | strncpy(cuserheader, hydra_strrep(userheader, "^USER^", clogin), sizeof(cuserheader) - 1); |
241 | cuserheader[ sizeof(cuserheader) - 1] = 0; | |
243 | cuserheader[sizeof(cuserheader) - 1] = 0; | |
242 | 244 | strncpy(cuserheader, hydra_strrep(cuserheader, "^PASS^", cpass), sizeof(cuserheader) - 1); |
243 | cuserheader[ sizeof(cuserheader) - 1] = 0; | |
245 | cuserheader[sizeof(cuserheader) - 1] = 0; | |
244 | 246 | } |
245 | 247 | |
246 | 248 | /* again: no snprintf to be portable. dont worry, buffer cant overflow */ |
253 | 255 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { |
254 | 256 | return 1; |
255 | 257 | } |
256 | i = analyze_server_response(s); // return value ignored | |
258 | i = analyze_server_response(s); // return value ignored | |
257 | 259 | if (strlen(cookie) > 0) { |
258 | 260 | sprintf(header, "Cookie: %s\r\n", cookie); |
259 | 261 | } |
280 | 282 | // proxy without authentication |
281 | 283 | if (getcookie) { |
282 | 284 | //doing a GET to get cookies |
283 | sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy)\r\n%s%s\r\n", webtarget, webport, cookieurl, webtarget, header, cuserheader); | |
285 | sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy)\r\n%s%s\r\n", webtarget, webport, cookieurl, webtarget, header, | |
286 | cuserheader); | |
284 | 287 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { |
285 | 288 | return 1; |
286 | 289 | } |
299 | 302 | return 1; |
300 | 303 | } |
301 | 304 | } else { |
302 | sprintf(buffer, "GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s%s\r\n", webtarget, webport, url, upd3variables, webtarget, header, cuserheader); | |
305 | sprintf(buffer, "GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s%s\r\n", webtarget, webport, url, upd3variables, webtarget, | |
306 | header, cuserheader); | |
303 | 307 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { |
304 | 308 | return 1; |
305 | 309 | } |
346 | 350 | } |
347 | 351 | //if page was redirected, follow the location header |
348 | 352 | redirected_cpt = MAX_REDIRECT; |
349 | if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); | |
353 | if (debug) | |
354 | printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); | |
350 | 355 | while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { |
351 | 356 | //we have to split the location |
352 | 357 | char *startloc, *endloc; |
370 | 375 | if (startloc != NULL) { |
371 | 376 | startloc += strlen("://"); |
372 | 377 | |
373 | if ((endloc=strchr(startloc, '\r')) != NULL) { | |
378 | if ((endloc = strchr(startloc, '\r')) != NULL) { | |
374 | 379 | startloc[endloc - startloc] = 0; |
375 | 380 | } |
376 | if ((endloc=strchr(startloc, '\n')) != NULL) { | |
381 | if ((endloc = strchr(startloc, '\n')) != NULL) { | |
377 | 382 | startloc[endloc - startloc] = 0; |
378 | 383 | } |
379 | strcpy(str, startloc); | |
384 | strncpy(str, startloc, sizeof(str)); | |
385 | str[sizeof(str) - 1] = 0; | |
380 | 386 | |
381 | 387 | endloc = strchr(str, '/'); |
382 | 388 | if (endloc != NULL) { |
383 | 389 | strncpy(str2, str, endloc - str); |
384 | 390 | str2[endloc - str] = 0; |
385 | } | |
386 | else | |
387 | strncpy(str2, str, sizeof(str)); | |
391 | } else | |
392 | strncpy(str2, str, sizeof(str)); | |
388 | 393 | |
389 | 394 | if (strlen(str) - strlen(str2) == 0) { |
390 | 395 | strcpy(str3, "/"); |
391 | 396 | } else { |
392 | strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2) - 1); | |
393 | str3[strlen(str) - strlen(str2) - 1] = 0; | |
397 | strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2)); | |
398 | str3[strlen(str) - strlen(str2)] = 0; | |
394 | 399 | } |
395 | 400 | } else { |
396 | strncpy(str2, webtarget, sizeof(str2)); | |
401 | strncpy(str2, webtarget, sizeof(str2) - 1); | |
402 | str2[sizeof(str2) - 1] = 0; | |
397 | 403 | if (redirected_url_buff[0] != '/') { |
398 | 404 | //it's a relative path, so we have to concatenate it |
399 | 405 | //with the path from the first url given |
400 | 406 | char *urlpath; |
401 | 407 | char urlpath_extracted[2048]; |
408 | ||
402 | 409 | memset(urlpath_extracted, 0, sizeof(urlpath_extracted)); |
403 | 410 | |
404 | urlpath=strrchr(url, '/'); | |
411 | urlpath = strrchr(url, '/'); | |
405 | 412 | if (urlpath != NULL) { |
406 | strncpy(urlpath_extracted, url, urlpath-url); | |
413 | strncpy(urlpath_extracted, url, urlpath - url); | |
407 | 414 | sprintf(str3, "%.1000s/%.1000s", urlpath_extracted, redirected_url_buff); |
408 | 415 | } else { |
409 | 416 | sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff); |
410 | 417 | } |
411 | 418 | } else |
412 | 419 | strncpy(str3, redirected_url_buff, sizeof(str3)); |
413 | if (debug) hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3,url); | |
420 | if (debug) | |
421 | hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url); | |
414 | 422 | } |
415 | 423 | if (str3[0] != '/') { |
416 | 424 | j = strlen(str3); |
501 | 509 | sprintf(bufferurl, "%.1000s", miscptr); |
502 | 510 | url = bufferurl; |
503 | 511 | ptr = url; |
504 | while (*ptr != 0 && ( *ptr != ':' || *(ptr - 1) == '\\' )) | |
512 | while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) | |
505 | 513 | ptr++; |
506 | 514 | if (*ptr != 0) |
507 | 515 | *ptr++ = 0; |
508 | 516 | variables = ptr; |
509 | while (*ptr != 0 && ( *ptr != ':' || *(ptr - 1) == '\\' )) | |
517 | while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) | |
510 | 518 | ptr++; |
511 | 519 | if (*ptr != 0) |
512 | 520 | *ptr++ = 0; |
513 | 521 | cond = ptr; |
514 | while (*ptr != 0 && ( *ptr != ':' || *(ptr - 1) == '\\' )) | |
522 | while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) | |
515 | 523 | ptr++; |
516 | 524 | if (*ptr != 0) |
517 | 525 | *ptr++ = 0; |
518 | 526 | optional1 = ptr; |
519 | 527 | if (strstr(url, "\\:") != NULL) { |
520 | if ((ptr = malloc(strlen(url))) != NULL) { | |
528 | if ((ptr = malloc(strlen(url))) != NULL) { // no need for +1 | |
521 | 529 | strcpy(ptr, hydra_strrep(url, "\\:", ":")); |
522 | 530 | url = ptr; |
523 | 531 | } |
524 | 532 | } |
525 | 533 | if (strstr(variables, "\\:") != NULL) { |
526 | if ((ptr = malloc(strlen(variables))) != NULL) { | |
534 | if ((ptr = malloc(strlen(variables))) != NULL) { // no need for +1 | |
527 | 535 | strcpy(ptr, hydra_strrep(variables, "\\:", ":")); |
528 | 536 | variables = ptr; |
529 | 537 | } |
530 | 538 | } |
531 | 539 | if (strstr(cond, "\\:") != NULL) { |
532 | if ((ptr = malloc(strlen(cond))) != NULL) { | |
533 | strcpy(ptr, hydra_strrep(cond, "\\:", ":")); | |
540 | if ((ptr = malloc(strlen(cond))) != NULL) { // no need for +1 | |
541 | strcpy(ptr, hydra_strrep(cond, "\\:", ":")); | |
534 | 542 | cond = ptr; |
535 | 543 | } |
536 | 544 | } |
537 | if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL*/) | |
545 | if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ ) | |
538 | 546 | hydra_child_exit(2); |
539 | 547 | |
540 | 548 | //printf("url: %s, var: %s, cond: %s, opt: %s\n", url, variables, cond, optional1); |
541 | 549 | |
542 | 550 | if (*cond == 0) { |
543 | 551 | fprintf(stderr, "[ERROR] invalid number of parameters in module option\n"); |
544 | hydra_child_exit(2); | |
552 | hydra_child_exit(2); | |
545 | 553 | } |
546 | 554 | |
547 | 555 | sprintf(cookieurl, "%.1000s", url); |
557 | 565 | //by default condition is a fail |
558 | 566 | success_cond = 0; |
559 | 567 | } |
560 | ||
561 | while (/*(optional1 = strtok(NULL, ":")) != NULL*/ *optional1 != 0 ) { | |
562 | switch(optional1[0]) { | |
563 | case 'c': // fall through | |
564 | case 'C': | |
565 | ptr = optional1 + 2; | |
566 | while (*ptr != 0 && ( *ptr != ':' || *(ptr - 1) == '\\' )) | |
567 | ptr++; | |
568 | if (*ptr != 0) | |
569 | *ptr++ = 0; | |
570 | sprintf(cookieurl, "%.1000s", hydra_strrep(optional1 + 2, "\\:", ":")); | |
571 | optional1 = ptr; | |
572 | break; | |
573 | case 'h': // fall through | |
574 | case 'H': | |
575 | ptr = optional1 + 2; | |
576 | while (*ptr != 0 && ( *ptr != ':' || *(ptr - 1) == '\\' )) | |
577 | ptr++; | |
578 | if (*ptr != 0) | |
579 | *ptr++ = 0; | |
580 | ptr2 = ptr; | |
581 | while (*ptr2 != 0 && ( *ptr2 != ':' || *(ptr2 - 1) == '\\' )) | |
582 | ptr2++; | |
583 | if (*ptr2 != 0) | |
584 | *ptr2++ = 0; | |
585 | if (sizeof(userheader) - strlen(userheader) > 4) { | |
586 | strncat(userheader, optional1 + 2, sizeof(userheader) - strlen(userheader) - 4); | |
587 | strcat(userheader, ":"); | |
588 | strncat(userheader, hydra_strrep(ptr, "\\:", ":"), sizeof(userheader) - strlen(userheader) - 3); | |
589 | strcat(userheader, "\r\n"); | |
590 | } | |
591 | optional1 = ptr2; | |
592 | break; | |
568 | ||
569 | while ( /*(optional1 = strtok(NULL, ":")) != NULL */ *optional1 != 0) { | |
570 | switch (optional1[0]) { | |
571 | case 'c': // fall through | |
572 | case 'C': | |
573 | ptr = optional1 + 2; | |
574 | while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) | |
575 | ptr++; | |
576 | if (*ptr != 0) | |
577 | *ptr++ = 0; | |
578 | sprintf(cookieurl, "%.1000s", hydra_strrep(optional1 + 2, "\\:", ":")); | |
579 | optional1 = ptr; | |
580 | break; | |
581 | case 'h': // fall through | |
582 | case 'H': | |
583 | ptr = optional1 + 2; | |
584 | while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) | |
585 | ptr++; | |
586 | if (*ptr != 0) | |
587 | *ptr++ = 0; | |
588 | ptr2 = ptr; | |
589 | while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) | |
590 | ptr2++; | |
591 | if (*ptr2 != 0) | |
592 | *ptr2++ = 0; | |
593 | if (sizeof(userheader) - strlen(userheader) > 4) { | |
594 | strncat(userheader, optional1 + 2, sizeof(userheader) - strlen(userheader) - 4); | |
595 | strcat(userheader, ":"); | |
596 | strncat(userheader, hydra_strrep(ptr, "\\:", ":"), sizeof(userheader) - strlen(userheader) - 3); | |
597 | strcat(userheader, "\r\n"); | |
598 | } | |
599 | optional1 = ptr2; | |
600 | break; | |
593 | 601 | // no default |
594 | 602 | } |
595 | 603 | } |
669 | 677 | service_http_form(ip, sp, options, miscptr, fp, port, "POST"); |
670 | 678 | } |
671 | 679 | |
672 | int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
680 | int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
673 | 681 | // called before the childrens are forked off, so this is the function |
674 | 682 | // which should be filled if initial connections and service setup has to be |
675 | 683 | // performed once only. |
18 | 18 | return 1; |
19 | 19 | } |
20 | 20 | pass = hydra_get_next_password(); |
21 | pass = empty; // ignored | |
21 | pass = empty; // ignored | |
22 | 22 | |
23 | 23 | strncpy(url, login, sizeof(url) - 1); |
24 | 24 | url[sizeof(url) - 1] = 0; |
31 | 31 | *ptr = 0; |
32 | 32 | if ((ptr = index(mhost, ']')) != NULL) |
33 | 33 | *ptr = 0; |
34 | else | |
35 | if ((ptr = index(mhost, ':')) != NULL) | |
36 | *ptr = 0; | |
34 | else if ((ptr = index(mhost, ':')) != NULL) | |
35 | *ptr = 0; | |
37 | 36 | |
38 | 37 | if (miscptr != NULL && index(miscptr, ':') != NULL) { |
39 | 38 | strncpy(mlogin, miscptr, sizeof(mlogin) - 1); |
40 | 39 | mlogin[sizeof(mlogin) - 1] = 0; |
41 | 40 | ptr = index(mlogin, ':'); |
42 | 41 | *ptr++ = 0; |
43 | strncpy(mpass, ptr, sizeof(mpass) -1); | |
42 | strncpy(mpass, ptr, sizeof(mpass) - 1); | |
44 | 43 | mpass[sizeof(mpass) - 1] = 0; |
45 | 44 | auth = 1; |
46 | 45 | } |
47 | 46 | |
48 | 47 | if (http_proxy_auth_mechanism == AUTH_ERROR) { |
49 | 48 | //send dummy request |
50 | sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", | |
51 | url, mhost, header); | |
49 | sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, mhost, header); | |
52 | 50 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) |
53 | 51 | return 1; |
54 | 52 | |
81 | 79 | hydra_report(stderr, "C:%s\n", buffer); |
82 | 80 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) |
83 | 81 | return 1; |
82 | free(buf); | |
84 | 83 | buf = hydra_receive_line(s); |
85 | 84 | while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { |
86 | 85 | free(buf); |
90 | 89 | //if server cut the connection, just exit cleanly or |
91 | 90 | //this will be an infinite loop |
92 | 91 | if (buf == NULL) { |
93 | if (verbose) | |
94 | hydra_report(stderr, "[ERROR] Server did not answer\n"); | |
95 | return 3; | |
92 | if (verbose) | |
93 | hydra_report(stderr, "[ERROR] Server did not answer\n"); | |
94 | return 3; | |
96 | 95 | } |
97 | 96 | |
98 | 97 | if (debug) |
111 | 110 | |
112 | 111 | /* to be portable, no snprintf, buffer is big enough so it cant overflow */ |
113 | 112 | //send the first.. |
114 | sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); | |
113 | sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, | |
114 | header); | |
115 | 115 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) |
116 | 116 | return 1; |
117 | 117 | |
118 | 118 | //receive challenge |
119 | free(buf); | |
119 | 120 | buf = hydra_receive_line(s); |
120 | 121 | while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) { |
121 | 122 | free(buf); |
122 | 123 | buf = hydra_receive_line(s); |
123 | 124 | } |
124 | if (pos != NULL) { | |
125 | if (pos != NULL) { | |
125 | 126 | char *str; |
126 | 127 | |
127 | pos+=25; | |
128 | if ((str=strchr(pos, '\r')) != NULL) { | |
128 | pos += 25; | |
129 | if ((str = strchr(pos, '\r')) != NULL) { | |
129 | 130 | pos[str - pos] = 0; |
130 | 131 | } |
131 | if ((str=strchr(pos, '\n')) != NULL) { | |
132 | pos[str - pos] = 0; } | |
133 | } | |
134 | ||
132 | if ((str = strchr(pos, '\n')) != NULL) { | |
133 | pos[str - pos] = 0; | |
134 | } | |
135 | } | |
135 | 136 | //recover challenge |
136 | 137 | if (buf != NULL) { |
137 | from64tobits((char *) buf1, pos); | |
138 | if (strlen(buf) >= 4) | |
139 | from64tobits((char *) buf1, pos); | |
138 | 140 | free(buf); |
139 | 141 | } |
140 | 142 | //Send response |
141 | 143 | buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); |
142 | 144 | to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); |
143 | sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); | |
145 | sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, | |
146 | header); | |
144 | 147 | if (debug) |
145 | 148 | hydra_report(stderr, "C:%s\n", buffer); |
146 | 149 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) |
164 | 167 | strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); |
165 | 168 | buffer[sizeof(buffer) - 1] = '\0'; |
166 | 169 | |
167 | sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "proxy", host, 0, header); | |
168 | if (buffer2 == NULL) | |
170 | pbuffer = buffer2; | |
171 | sasl_digest_md5(pbuffer, login, pass, buffer, miscptr, "proxy", host, 0, header); | |
172 | if (pbuffer == NULL) | |
169 | 173 | return 3; |
170 | 174 | |
171 | 175 | if (debug) |
173 | 177 | if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0) |
174 | 178 | return 1; |
175 | 179 | |
180 | free(buf); | |
176 | 181 | buf = hydra_receive_line(s); |
177 | 182 | while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { |
178 | 183 | free(buf); |
199 | 204 | } |
200 | 205 | } |
201 | 206 | } |
202 | ||
203 | 207 | // result analysis |
204 | 208 | ptr = ((char *) index(buf, ' ')) + 1; |
205 | if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || | |
206 | strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) { | |
209 | if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) { | |
207 | 210 | hydra_report_found_host(port, ip, "http-proxy", fp); |
208 | 211 | if (fp != stdout) |
209 | 212 | fprintf(fp, "[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url); |
210 | 213 | printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url); |
211 | 214 | hydra_completed_pair_found(); |
212 | 215 | } else { |
213 | if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0*/) { | |
216 | if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */ ) { | |
214 | 217 | hydra_report(stderr, "[ERROR] Proxy reports bad credentials!\n"); |
215 | 218 | return 3; |
216 | } | |
219 | } | |
217 | 220 | hydra_completed_pair(); |
218 | 221 | } |
219 | 222 | |
252 | 255 | port = mysslport; |
253 | 256 | } |
254 | 257 | if (sock < 0) { |
255 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
258 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
256 | 259 | hydra_child_exit(1); |
257 | 260 | } |
258 | 261 | next_run = 2; |
274 | 277 | } |
275 | 278 | } |
276 | 279 | |
277 | int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
280 | int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
278 | 281 | // called before the childrens are forked off, so this is the function |
279 | 282 | // which should be filled if initial connections and service setup has to be |
280 | 283 | // performed once only. |
1 | 1 | #include "sasl.h" |
2 | 2 | |
3 | 3 | extern char *HYDRA_EXIT; |
4 | char *buf; | |
5 | 4 | static int http_proxy_auth_mechanism = AUTH_ERROR; |
5 | char *http_proxy_buf = NULL; | |
6 | 6 | |
7 | 7 | int start_http_proxy(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { |
8 | 8 | char *empty = ""; |
9 | 9 | char *login, *pass, buffer[500], buffer2[500]; |
10 | 10 | char url[210], host[30]; |
11 | 11 | char *header = ""; /* XXX TODO */ |
12 | char *ptr; | |
12 | char *ptr, *fooptr; | |
13 | 13 | |
14 | 14 | if (strlen(login = hydra_get_next_login()) == 0) |
15 | 15 | login = empty; |
21 | 21 | strcpy(host, "Host: www.microsoft.com\r\n"); |
22 | 22 | } else { |
23 | 23 | sprintf(url, "%.200s", miscptr); |
24 | ptr = strstr(miscptr, "://"); // :// check is in hydra.c | |
24 | ptr = strstr(miscptr, "://"); // :// check is in hydra.c | |
25 | 25 | sprintf(host, "Host: %.200s", ptr + 3); |
26 | 26 | if ((ptr = index(host, '/')) != NULL) |
27 | 27 | *ptr = 0; |
30 | 30 | strcat(host, "\r\n"); |
31 | 31 | } |
32 | 32 | |
33 | if (http_proxy_auth_mechanism == AUTH_ERROR) { | |
33 | if (http_proxy_auth_mechanism != AUTH_BASIC && (http_proxy_auth_mechanism == AUTH_ERROR || http_proxy_buf == NULL)) { | |
34 | 34 | //send dummy request |
35 | 35 | sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, header); |
36 | 36 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) |
37 | return 1; | |
37 | return 3; | |
38 | 38 | |
39 | 39 | //receive first 40x |
40 | buf = hydra_receive_line(s); | |
41 | while (buf != NULL && strstr(buf, "HTTP/") == NULL) { | |
42 | free(buf); | |
43 | buf = hydra_receive_line(s); | |
40 | http_proxy_buf = hydra_receive_line(s); | |
41 | while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/") == NULL) { | |
42 | free(http_proxy_buf); | |
43 | http_proxy_buf = hydra_receive_line(s); | |
44 | } | |
45 | ||
46 | if (http_proxy_buf == NULL) { | |
47 | if (verbose) | |
48 | hydra_report(stderr, "[ERROR] Server did not answer\n"); | |
49 | return 3; | |
44 | 50 | } |
45 | 51 | |
46 | 52 | if (debug) |
47 | hydra_report(stderr, "S:%s\n", buf); | |
53 | hydra_report(stderr, "S:%s\n", http_proxy_buf); | |
54 | ||
55 | free(http_proxy_buf); | |
56 | http_proxy_buf = hydra_receive_line(s); | |
57 | while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) { | |
58 | free(http_proxy_buf); | |
59 | http_proxy_buf = hydra_receive_line(s); | |
60 | } | |
61 | ||
62 | if (http_proxy_buf == NULL) { | |
63 | if (verbose) | |
64 | hydra_report(stderr, "[ERROR] Proxy seems not to require authentication\n"); | |
65 | return 3; | |
66 | } | |
67 | ||
68 | if (debug) | |
69 | hydra_report(stderr, "S:%s\n", http_proxy_buf); | |
48 | 70 | |
49 | 71 | //after the first query we should have been disconnected from web server |
50 | 72 | s = hydra_disconnect(s); |
55 | 77 | } |
56 | 78 | } |
57 | 79 | |
58 | if (hydra_strcasestr(buf, "Proxy-Authenticate: Basic") != NULL) { | |
80 | if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Basic") != NULL) { | |
59 | 81 | http_proxy_auth_mechanism = AUTH_BASIC; |
60 | 82 | sprintf(buffer2, "%.50s:%.50s", login, pass); |
61 | 83 | hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); |
63 | 85 | if (debug) |
64 | 86 | hydra_report(stderr, "C:%s\n", buffer); |
65 | 87 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) |
66 | return 1; | |
67 | buf = hydra_receive_line(s); | |
68 | while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { | |
69 | free(buf); | |
70 | buf = hydra_receive_line(s); | |
88 | return 3; | |
89 | free(http_proxy_buf); | |
90 | http_proxy_buf = hydra_receive_line(s); | |
91 | while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) { | |
92 | free(http_proxy_buf); | |
93 | http_proxy_buf = hydra_receive_line(s); | |
71 | 94 | } |
72 | 95 | |
73 | 96 | //if server cut the connection, just exit cleanly or |
74 | 97 | //this will be an infinite loop |
75 | if (buf == NULL) { | |
98 | if (http_proxy_buf == NULL) { | |
76 | 99 | if (verbose) |
77 | hydra_report(stderr, "[ERROR] Server did not answer\n"); | |
100 | hydra_report(stderr, "[ERROR] Server did not answer\n"); | |
78 | 101 | return 3; |
79 | 102 | } |
80 | 103 | |
81 | 104 | if (debug) |
82 | hydra_report(stderr, "S:%s\n", buf); | |
105 | hydra_report(stderr, "S:%s\n", http_proxy_buf); | |
83 | 106 | } else { |
84 | if (hydra_strcasestr(buf, "Proxy-Authenticate: NTLM") != NULL) { | |
107 | if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM") != NULL) { | |
85 | 108 | |
86 | 109 | unsigned char buf1[4096]; |
87 | 110 | unsigned char buf2[4096]; |
97 | 120 | //send the first.. |
98 | 121 | sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); |
99 | 122 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) |
100 | return 1; | |
123 | return 3; | |
101 | 124 | |
102 | 125 | //receive challenge |
103 | buf = hydra_receive_line(s); | |
104 | while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) { | |
105 | free(buf); | |
106 | buf = hydra_receive_line(s); | |
126 | free(http_proxy_buf); | |
127 | http_proxy_buf = hydra_receive_line(s); | |
128 | while (http_proxy_buf != NULL && (pos = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM ")) == NULL) { | |
129 | free(http_proxy_buf); | |
130 | http_proxy_buf = hydra_receive_line(s); | |
107 | 131 | } |
108 | 132 | if (pos != NULL) { |
109 | 133 | char *str; |
110 | 134 | |
111 | pos+=25; | |
112 | if ((str=strchr(pos, '\r')) != NULL) { | |
135 | pos += 25; | |
136 | if ((str = strchr(pos, '\r')) != NULL) { | |
113 | 137 | pos[str - pos] = 0; |
114 | 138 | } |
115 | if ((str=strchr(pos, '\n')) != NULL) { | |
116 | pos[str - pos] = 0; } | |
139 | if ((str = strchr(pos, '\n')) != NULL) { | |
140 | pos[str - pos] = 0; | |
141 | } | |
117 | 142 | } |
118 | 143 | //recover challenge |
119 | if (buf != NULL) { | |
144 | if (http_proxy_buf != NULL && strlen(http_proxy_buf) >= 4) { | |
120 | 145 | from64tobits((char *) buf1, pos); |
121 | free(buf); | |
122 | } | |
123 | ||
146 | free(http_proxy_buf); | |
147 | http_proxy_buf = NULL; | |
148 | return 3; | |
149 | } | |
124 | 150 | //Send response |
125 | 151 | buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); |
126 | 152 | to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); |
128 | 154 | if (debug) |
129 | 155 | hydra_report(stderr, "C:%s\n", buffer); |
130 | 156 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) |
131 | return 1; | |
132 | ||
133 | buf = hydra_receive_line(s); | |
134 | while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { | |
135 | free(buf); | |
136 | buf = hydra_receive_line(s); | |
137 | } | |
138 | ||
139 | if (buf == NULL) | |
140 | return 1; | |
157 | return 3; | |
158 | ||
159 | if (http_proxy_buf != NULL) | |
160 | free(http_proxy_buf); | |
161 | http_proxy_buf = hydra_receive_line(s); | |
162 | while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) { | |
163 | free(http_proxy_buf); | |
164 | http_proxy_buf = hydra_receive_line(s); | |
165 | } | |
166 | ||
167 | if (http_proxy_buf == NULL) | |
168 | return 3; | |
141 | 169 | } else { |
142 | 170 | #ifdef LIBOPENSSL |
143 | if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) { | |
171 | if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) { | |
144 | 172 | |
145 | 173 | char *pbuffer; |
146 | 174 | |
147 | 175 | http_proxy_auth_mechanism = AUTH_DIGESTMD5; |
148 | pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest "); | |
176 | pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest "); | |
149 | 177 | strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); |
150 | 178 | buffer[sizeof(buffer) - 1] = '\0'; |
151 | ||
152 | sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "proxy", host, 0, header); | |
153 | if (buffer2 == NULL) | |
179 | pbuffer = NULL; | |
180 | ||
181 | fooptr = buffer2; | |
182 | sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "proxy", host, 0, header); | |
183 | if (fooptr == NULL) | |
154 | 184 | return 3; |
155 | 185 | |
156 | 186 | if (debug) |
157 | 187 | hydra_report(stderr, "C:%s\n", buffer2); |
158 | 188 | if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0) |
159 | return 1; | |
160 | ||
161 | buf = hydra_receive_line(s); | |
162 | while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { | |
163 | free(buf); | |
164 | buf = hydra_receive_line(s); | |
165 | } | |
166 | ||
167 | if (debug && buf != NULL) | |
168 | hydra_report(stderr, "S:%s\n", buf); | |
169 | ||
170 | if (buf == NULL) | |
171 | return 1; | |
189 | return 3; | |
190 | ||
191 | free(http_proxy_buf); | |
192 | http_proxy_buf = hydra_receive_line(s); | |
193 | while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) { | |
194 | free(http_proxy_buf); | |
195 | http_proxy_buf = hydra_receive_line(s); | |
196 | } | |
197 | ||
198 | if (debug && http_proxy_buf != NULL) | |
199 | hydra_report(stderr, "S:%s\n", http_proxy_buf); | |
200 | ||
201 | if (http_proxy_buf == NULL) | |
202 | return 3; | |
172 | 203 | |
173 | 204 | } else |
174 | 205 | #endif |
175 | 206 | { |
176 | if (buf != NULL) { | |
177 | buf[strlen(buf) - 1] = '\0'; | |
178 | hydra_report(stderr, "Unsupported Auth type:\n%s\n", buf); | |
207 | if (http_proxy_buf != NULL) { | |
208 | // buf[strlen(http_proxy_buf) - 1] = '\0'; | |
209 | hydra_report(stderr, "Unsupported Auth type:\n%s\n", http_proxy_buf); | |
210 | free(http_proxy_buf); | |
211 | http_proxy_buf = NULL; | |
179 | 212 | } else { |
180 | 213 | hydra_report(stderr, "Unsupported Auth type\n"); |
181 | 214 | } |
184 | 217 | } |
185 | 218 | } |
186 | 219 | |
187 | ptr = ((char *) index(buf, ' ')) + 1; | |
220 | ptr = ((char *) index(http_proxy_buf, ' ')) + 1; | |
188 | 221 | if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) { |
189 | 222 | hydra_report_found_host(port, ip, "http-proxy", fp); |
190 | 223 | hydra_completed_pair_found(); |
224 | free(http_proxy_buf); | |
225 | http_proxy_buf = NULL; | |
191 | 226 | } else { |
192 | 227 | if (*ptr != '4') |
193 | hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(buf, ' ') + 1), login, pass); | |
194 | else | |
195 | if (verbose && *(ptr + 2) == '3') | |
196 | hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass); | |
228 | hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(http_proxy_buf, ' ') + 1), login, pass); | |
229 | else if (verbose && *(ptr + 2) == '3') | |
230 | hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass); | |
197 | 231 | hydra_completed_pair(); |
198 | } | |
199 | ||
200 | free(buf); | |
232 | free(http_proxy_buf); | |
233 | http_proxy_buf = hydra_receive_line(s); | |
234 | while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) { | |
235 | free(http_proxy_buf); | |
236 | http_proxy_buf = hydra_receive_line(s); | |
237 | } | |
238 | } | |
201 | 239 | |
202 | 240 | if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) |
203 | 241 | return 3; |
204 | return 1; | |
242 | if (http_proxy_buf != NULL) | |
243 | return 2; | |
244 | else | |
245 | return 1; | |
205 | 246 | } |
206 | 247 | |
207 | 248 | void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { |
217 | 258 | switch (run) { |
218 | 259 | case 1: /* connect and service init function */ |
219 | 260 | { |
261 | if (http_proxy_buf != NULL) | |
262 | free(http_proxy_buf); | |
220 | 263 | if (sock >= 0) |
221 | 264 | sock = hydra_disconnect(sock); |
222 | 265 | // usleep(275000); |
233 | 276 | } |
234 | 277 | |
235 | 278 | if (sock < 0) { |
236 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
279 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
237 | 280 | hydra_child_exit(1); |
238 | 281 | } |
239 | 282 | next_run = 2; |
255 | 298 | } |
256 | 299 | } |
257 | 300 | |
258 | int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
301 | int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
259 | 302 | // called before the childrens are forked off, so this is the function |
260 | 303 | // which should be filled if initial connections and service setup has to be |
261 | 304 | // performed once only. |
1 | 1 | #include "sasl.h" |
2 | 2 | |
3 | 3 | extern char *HYDRA_EXIT; |
4 | char *buf; | |
5 | 4 | char *webtarget = NULL; |
6 | 5 | char *slash = "/"; |
6 | char *http_buf = NULL; | |
7 | 7 | int webport, freemischttp = 0; |
8 | 8 | |
9 | 9 | int http_auth_mechanism = AUTH_BASIC; |
12 | 12 | char *empty = ""; |
13 | 13 | char *login, *pass, buffer[500], buffer2[500]; |
14 | 14 | char *header = ""; /* XXX TODO */ |
15 | char *ptr; | |
15 | char *ptr, *fooptr; | |
16 | 16 | |
17 | 17 | if (strlen(login = hydra_get_next_login()) == 0) |
18 | 18 | login = empty; |
19 | 19 | if (strlen(pass = hydra_get_next_password()) == 0) |
20 | 20 | pass = empty; |
21 | ||
22 | // we must reset this if buf is NULL and we do MD5 digest | |
23 | if (http_buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5) | |
24 | http_auth_mechanism = AUTH_BASIC; | |
21 | 25 | |
22 | 26 | switch (http_auth_mechanism) { |
23 | 27 | case AUTH_BASIC: |
43 | 47 | case AUTH_DIGESTMD5:{ |
44 | 48 | char *pbuffer; |
45 | 49 | |
46 | pbuffer = hydra_strcasestr(buf, "WWW-Authenticate: Digest "); | |
50 | pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest "); | |
47 | 51 | strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer)); |
48 | 52 | buffer[sizeof(buffer) - 1] = '\0'; |
49 | 53 | |
50 | sasl_digest_md5(buffer2, login, pass, buffer, miscptr, type, webtarget, webport, header); | |
51 | if (buffer2 == NULL) { | |
54 | fooptr = buffer2; | |
55 | sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); | |
56 | if (fooptr == NULL) { | |
52 | 57 | return 3; |
53 | 58 | } |
54 | 59 | |
72 | 77 | /* to be portable, no snprintf, buffer is big enough so it cant overflow */ |
73 | 78 | //send the first.. |
74 | 79 | if (use_proxy == 1 && proxy_authentication != NULL) |
75 | sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", | |
80 | sprintf(buffer, | |
81 | "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", | |
76 | 82 | type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header); |
77 | 83 | else { |
78 | 84 | if (use_proxy == 1) |
79 | 85 | sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", |
80 | 86 | type, webtarget, webport, miscptr, webtarget, buf1, header); |
81 | 87 | else |
82 | sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, buf1, header); | |
88 | sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, | |
89 | buf1, header); | |
83 | 90 | } |
84 | 91 | |
85 | 92 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) |
86 | 93 | return 1; |
87 | 94 | |
88 | 95 | //receive challenge |
89 | buf = hydra_receive_line(s); | |
90 | while (buf != NULL && (pos = hydra_strcasestr(buf, "WWW-Authenticate: NTLM ")) == NULL) { | |
91 | free(buf); | |
92 | buf = hydra_receive_line(s); | |
93 | } | |
94 | ||
95 | if (buf == NULL) | |
96 | if (http_buf != NULL) | |
97 | free(http_buf); | |
98 | http_buf = hydra_receive_line(s); | |
99 | while (http_buf != NULL && (pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM ")) == NULL) { | |
100 | free(http_buf); | |
101 | http_buf = hydra_receive_line(s); | |
102 | } | |
103 | ||
104 | if (http_buf == NULL) | |
96 | 105 | return 1; |
97 | 106 | |
98 | 107 | if (pos != NULL) { |
99 | 108 | char *str; |
100 | 109 | |
101 | pos+=23; | |
102 | if ((str=strchr(pos, '\r')) != NULL) { | |
110 | pos += 23; | |
111 | if ((str = strchr(pos, '\r')) != NULL) { | |
103 | 112 | pos[str - pos] = 0; |
104 | 113 | } |
105 | if ((str=strchr(pos, '\n')) != NULL) { | |
106 | pos[str - pos] = 0; } | |
107 | } | |
108 | ||
114 | if ((str = strchr(pos, '\n')) != NULL) { | |
115 | pos[str - pos] = 0; | |
116 | } | |
117 | } | |
109 | 118 | //recover challenge |
110 | 119 | from64tobits((char *) buf1, pos); |
111 | free(buf); | |
120 | free(http_buf); | |
121 | http_buf = NULL; | |
112 | 122 | |
113 | 123 | //Send response |
114 | 124 | buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); |
116 | 126 | |
117 | 127 | //create the auth response |
118 | 128 | if (use_proxy == 1 && proxy_authentication != NULL) |
119 | sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", | |
129 | sprintf(buffer, | |
130 | "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", | |
120 | 131 | type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header); |
121 | 132 | else { |
122 | 133 | if (use_proxy == 1) |
123 | 134 | sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", |
124 | 135 | type, webtarget, webport, miscptr, webtarget, buf1, header); |
125 | 136 | else |
126 | sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, buf1, header); | |
137 | sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, | |
138 | buf1, header); | |
127 | 139 | } |
128 | 140 | |
129 | 141 | if (debug) |
136 | 148 | return 1; |
137 | 149 | } |
138 | 150 | |
139 | buf = hydra_receive_line(s); | |
140 | while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { | |
141 | free(buf); | |
142 | buf = hydra_receive_line(s); | |
151 | if (http_buf != NULL) | |
152 | free(http_buf); | |
153 | http_buf = hydra_receive_line(s); | |
154 | while (http_buf != NULL && strstr(http_buf, "HTTP/1.") == NULL) { | |
155 | free(http_buf); | |
156 | http_buf = hydra_receive_line(s); | |
143 | 157 | } |
144 | 158 | |
145 | 159 | //if server cut the connection, just exit cleanly or |
146 | 160 | //this will be an infinite loop |
147 | if (buf == NULL) { | |
161 | if (http_buf == NULL) { | |
148 | 162 | if (verbose) |
149 | 163 | hydra_report(stderr, "[ERROR] Server did not answer\n"); |
150 | 164 | return 3; |
151 | 165 | } |
152 | 166 | |
153 | 167 | if (debug) |
154 | hydra_report(stderr, "S:%s\n", buf); | |
155 | ||
156 | ptr = ((char *) index(buf, ' ')) + 1; | |
168 | hydra_report(stderr, "S:%s\n", http_buf); | |
169 | ||
170 | ptr = ((char *) index(http_buf, ' ')) + 1; | |
157 | 171 | if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { |
158 | 172 | hydra_report_found_host(port, ip, "www", fp); |
159 | 173 | hydra_completed_pair_found(); |
174 | if (http_buf != NULL) { | |
175 | free(http_buf); | |
176 | http_buf = NULL; | |
177 | } | |
160 | 178 | } else { |
161 | 179 | if (ptr != NULL && *ptr != '4') |
162 | fprintf(stderr, "[WARNING] Unusual return code: %c for %s:%s\n", (char) *(index(buf, ' ') + 1), login, pass); | |
180 | fprintf(stderr, "[WARNING] Unusual return code: %c for %s:%s\n", (char) *(index(http_buf, ' ') + 1), login, pass); | |
163 | 181 | |
164 | 182 | //the first authentication type failed, check the type from server header |
165 | if ((hydra_strcasestr(buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) { | |
183 | if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) { | |
166 | 184 | //seems the auth supported is not Basic shceme so testing further |
167 | 185 | int find_auth = 0; |
168 | 186 | |
169 | if (hydra_strcasestr(buf, "WWW-Authenticate: NTLM") != NULL) { | |
187 | if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) { | |
170 | 188 | http_auth_mechanism = AUTH_NTLM; |
171 | 189 | find_auth = 1; |
172 | 190 | } |
173 | 191 | #ifdef LIBOPENSSL |
174 | if (hydra_strcasestr(buf, "WWW-Authenticate: Digest") != NULL) { | |
192 | if (hydra_strcasestr(http_buf, "WWW-Authenticate: Digest") != NULL) { | |
175 | 193 | http_auth_mechanism = AUTH_DIGESTMD5; |
176 | 194 | find_auth = 1; |
177 | 195 | } |
178 | 196 | #endif |
179 | 197 | |
180 | 198 | if (find_auth) { |
181 | free(buf); | |
199 | // free(http_buf); | |
200 | // http_buf = NULL; | |
182 | 201 | return 1; |
183 | 202 | } |
184 | 203 | } |
185 | 204 | hydra_completed_pair(); |
186 | 205 | } |
187 | free(buf); | |
206 | // free(http_buf); | |
207 | // http_buf = NULL; | |
188 | 208 | if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) |
189 | 209 | return 3; |
190 | 210 | return 1; |
191 | ||
192 | 211 | } |
193 | 212 | |
194 | 213 | void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) { |
250 | 269 | if (sock < 0) { |
251 | 270 | if (freemischttp) |
252 | 271 | free(miscptr); |
253 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
272 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
254 | 273 | hydra_child_exit(1); |
255 | 274 | } |
256 | 275 | next_run = 2; |
284 | 303 | service_http(ip, sp, options, miscptr, fp, port, "HEAD"); |
285 | 304 | } |
286 | 305 | |
287 | int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
306 | int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
288 | 307 | // called before the childrens are forked off, so this is the function |
289 | 308 | // which should be filled if initial connections and service setup has to be |
290 | 309 | // performed once only. |
220 | 220 | sock = hydra_disconnect(sock); |
221 | 221 | sock = hydra_connect_udp(ip, myport); |
222 | 222 | if (sock < 0) { |
223 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
223 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
224 | 224 | hydra_child_exit(1); |
225 | 225 | } |
226 | 226 | next_run = 2; |
240 | 240 | } |
241 | 241 | } |
242 | 242 | |
243 | int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
243 | int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
244 | 244 | // called before the childrens are forked off, so this is the function |
245 | 245 | // which should be filled if initial connections and service setup has to be |
246 | 246 | // performed once only. |
40 | 40 | |
41 | 41 | int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { |
42 | 42 | char *empty = ""; |
43 | char *login, *pass, buffer[500], buffer2[500]; | |
43 | char *login, *pass, buffer[500], buffer2[500], *fooptr; | |
44 | 44 | |
45 | 45 | if (strlen(login = hydra_get_next_login()) == 0) |
46 | 46 | login = empty; |
197 | 197 | from64tobits((char *) buffer, buf); |
198 | 198 | free(buf); |
199 | 199 | |
200 | if (verbose) | |
200 | if (debug) | |
201 | 201 | hydra_report(stderr, "DEBUG S: %s\n", buffer); |
202 | 202 | |
203 | sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); | |
204 | if (buffer2 == NULL) | |
205 | return 3; | |
206 | if (verbose) | |
203 | fooptr = buffer2; | |
204 | sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); | |
205 | if (fooptr == NULL) | |
206 | return 3; | |
207 | if (debug) | |
207 | 208 | hydra_report(stderr, "DEBUG C: %s\n", buffer2); |
208 | 209 | hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); |
209 | 210 | sprintf(buffer, "%s\r\n", buffer2); |
246 | 247 | if (buf == NULL) |
247 | 248 | return 1; |
248 | 249 | if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { |
249 | if (verbose || debug) hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); | |
250 | if (verbose || debug) | |
251 | hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); | |
250 | 252 | free(buf); |
251 | 253 | return 1; |
252 | 254 | } else { |
259 | 261 | serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; |
260 | 262 | |
261 | 263 | memset(buffer2, 0, sizeof(buffer2)); |
262 | sasl_scram_sha1(buffer2, pass, clientfirstmessagebare, serverfirstmessage); | |
263 | if (buffer2 == NULL) { | |
264 | fooptr = buffer2; | |
265 | sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); | |
266 | if (fooptr == NULL) { | |
264 | 267 | hydra_report(stderr, "[ERROR] Can't compute client response\n"); |
265 | 268 | return 1; |
266 | 269 | } |
297 | 300 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) |
298 | 301 | return 1; |
299 | 302 | if ((buf = hydra_receive_line(s)) == NULL) |
300 | return (1); | |
303 | return 1; | |
304 | if (strlen(buf) < 6) { | |
305 | free(buf); | |
306 | return 1; | |
307 | } | |
301 | 308 | |
302 | 309 | //recover challenge |
303 | 310 | from64tobits((char *) buf1, buf + 2); |
374 | 381 | buf = hydra_receive_line(sock); |
375 | 382 | |
376 | 383 | if ((buf == NULL) || (strstr(buf, "OK") == NULL && buf[0] != '*')) { /* check the first line */ |
377 | if (verbose || debug) hydra_report(stderr, "[ERROR] Not an IMAP protocol or service shutdown:\n"); | |
384 | if (verbose || debug) | |
385 | hydra_report(stderr, "[ERROR] Not an IMAP protocol or service shutdown:\n"); | |
378 | 386 | if (buf != NULL) |
379 | 387 | free(buf); |
380 | 388 | hydra_child_exit(2); |
400 | 408 | disable_tls = 0; |
401 | 409 | } |
402 | 410 | } |
403 | ||
404 | 411 | #ifdef LIBOPENSSL |
405 | 412 | if (!disable_tls) { |
406 | /* check for STARTTLS, if available we may have access to more basic auth methods */ | |
407 | if (strstr(buf, "STARTTLS") != NULL) { | |
413 | /* check for STARTTLS, if available we may have access to more basic auth methods */ | |
414 | if (strstr(buf, "STARTTLS") != NULL) { | |
408 | 415 | hydra_send(sock, "2 STARTTLS\r\n", strlen("2 STARTTLS\r\n"), 0); |
409 | 416 | counter++; |
410 | 417 | free(buf); |
411 | 418 | buf = hydra_receive_line(sock); |
412 | 419 | if (buf == NULL || (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL)) { |
413 | hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); | |
420 | hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); | |
414 | 421 | } else { |
415 | 422 | free(buf); |
416 | 423 | if ((hydra_connect_to_ssl(sock) == -1)) { |
417 | 424 | if (verbose) |
418 | hydra_report(stderr, "[ERROR] Can't use TLS\n"); | |
425 | hydra_report(stderr, "[ERROR] Can't use TLS\n"); | |
419 | 426 | disable_tls = 1; |
420 | 427 | run = 1; |
421 | 428 | break; |
422 | 429 | } else { |
423 | 430 | if (verbose) |
424 | hydra_report(stderr, "[VERBOSE] TLS connection done\n"); | |
431 | hydra_report(stderr, "[VERBOSE] TLS connection done\n"); | |
425 | 432 | } |
426 | 433 | /* ask again capability request but in TLS mode */ |
427 | 434 | if (hydra_send(sock, "3 CAPABILITY\r\n", strlen("3 CAPABILITY\r\n"), 0) < 0) |
431 | 438 | if (buf == NULL) |
432 | 439 | hydra_child_exit(2); |
433 | 440 | } |
434 | } else | |
441 | } else | |
435 | 442 | hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); |
436 | 443 | } |
437 | 444 | #endif |
438 | 445 | |
439 | 446 | if (verbose) |
440 | hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); | |
447 | hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); | |
441 | 448 | |
442 | 449 | //authentication should be listed AUTH= like in the extract below |
443 | 450 | //STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 |
559 | 566 | } |
560 | 567 | } |
561 | 568 | |
562 | int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
569 | int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
563 | 570 | // called before the childrens are forked off, so this is the function |
564 | 571 | // which should be filled if initial connections and service setup has to be |
565 | 572 | // performed once only. |
24 | 24 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { |
25 | 25 | return 3; |
26 | 26 | } |
27 | ret = hydra_recv(s, buffer, sizeof(buffer)); | |
27 | ret = hydra_recv(s, buffer, sizeof(buffer) - 1); | |
28 | if (ret >= 0) | |
29 | buffer[ret] = 0; | |
28 | 30 | /* :irc.debian.org 381 koma :You are now an IRC Operator */ |
29 | 31 | /* :irc.debian.org 464 koma :Invalid password */ |
30 | 32 | if ((ret > 0) && (strstr(buffer, " 381 ") != NULL)) { |
93 | 95 | return 3; |
94 | 96 | } |
95 | 97 | |
96 | ret = hydra_recv(s, buffer, sizeof(buffer)); | |
98 | ret = hydra_recv(s, buffer, sizeof(buffer) - 1); | |
99 | if (ret >= 0) | |
100 | buffer[ret] = 0; | |
97 | 101 | #ifdef HAVE_PCRE |
98 | 102 | if ((ret > 0) && (!hydra_string_match(buffer, "ERROR\\s.*password"))) { |
99 | 103 | #else |
139 | 143 | hydra_child_exit(1); |
140 | 144 | } |
141 | 145 | |
142 | ret = hydra_recv(sock, buffer, sizeof(buffer)); | |
146 | buffer[0] = 0; | |
147 | if ((ret = hydra_recv(sock, buffer, sizeof(buffer) - 1)) >= 0) | |
148 | buffer[ret] = 0; | |
143 | 149 | |
144 | 150 | /* ERROR :Bad password */ |
145 | 151 | #ifdef HAVE_PCRE |
202 | 208 | } |
203 | 209 | } |
204 | 210 | |
205 | int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
211 | int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
206 | 212 | // called before the childrens are forked off, so this is the function |
207 | 213 | // which should be filled if initial connections and service setup has to be |
208 | 214 | // performed once only. |
8 | 8 | |
9 | 9 | int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char version, int auth_method) { |
10 | 10 | char *empty = ""; |
11 | char *login = "", *pass; | |
11 | char *login = "", *pass, *fooptr = ""; | |
12 | 12 | unsigned char buffer[512]; |
13 | 13 | int length = 0; |
14 | 14 | int ldap_auth_mechanism = auth_method; |
26 | 26 | if (strlen(login = hydra_get_next_login()) == 0) |
27 | 27 | login = empty; |
28 | 28 | } |
29 | if (miscptr == NULL) | |
30 | miscptr = fooptr; | |
29 | 31 | |
30 | 32 | if (strlen(pass = hydra_get_next_password()) == 0) |
31 | 33 | pass = empty; |
84 | 86 | buffer[15 + strlen(miscptr)] = strlen(authm); |
85 | 87 | memcpy(&buffer[16 + strlen(miscptr)], authm, strlen(authm)); |
86 | 88 | } |
87 | if (hydra_send(s, (char*)buffer, length, 0) < 0) | |
89 | if (hydra_send(s, (char *) buffer, length, 0) < 0) | |
88 | 90 | return 1; |
89 | if ((buf = (unsigned char*) hydra_receive_line(s)) == NULL) | |
91 | if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) | |
90 | 92 | return 1; |
91 | 93 | |
92 | 94 | if (buf[0] != 0 && buf[0] != 32 && buf[9] == 2) { |
118 | 120 | char *ptr; |
119 | 121 | char buf2[32]; |
120 | 122 | |
121 | ptr = strstr((char*) buf, "<"); | |
122 | sasl_cram_md5(buf2, pass, ptr); | |
123 | if (buf2 == NULL) | |
123 | ptr = strstr((char *) buf, "<"); | |
124 | fooptr = buf2; | |
125 | sasl_cram_md5(fooptr, pass, ptr); | |
126 | if (fooptr == NULL) | |
124 | 127 | return 1; |
125 | 128 | counter++; |
126 | 129 | if (strstr(miscptr, "^USER^") != NULL) { |
157 | 160 | buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login)] = ' '; |
158 | 161 | memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login) + 1], buf2, strlen(buf2)); |
159 | 162 | |
160 | if (hydra_send(s, (char*)buffer, length, 0) < 0) | |
163 | if (hydra_send(s, (char *) buffer, length, 0) < 0) | |
161 | 164 | return 1; |
162 | 165 | free(buf); |
163 | if ((buf = (unsigned char*) hydra_receive_line(s)) == NULL) | |
166 | if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) | |
164 | 167 | return 1; |
165 | 168 | } else { |
166 | 169 | if (ldap_auth_mechanism == AUTH_DIGESTMD5) { |
168 | 171 | char buffer2[500]; |
169 | 172 | int ind = 0; |
170 | 173 | |
171 | ptr = strstr((char*)buf, "realm="); | |
174 | ptr = strstr((char *) buf, "realm="); | |
172 | 175 | |
173 | 176 | counter++; |
174 | 177 | if (strstr(miscptr, "^USER^") != NULL) { |
175 | 178 | miscptr = hydra_strrep(miscptr, "^USER^", login); |
176 | 179 | } |
177 | 180 | |
178 | sasl_digest_md5(buffer2, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL); | |
179 | if (buffer2 == NULL) { | |
181 | fooptr = buffer2; | |
182 | sasl_digest_md5(fooptr, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL); | |
183 | if (fooptr == NULL) { | |
180 | 184 | free(buf); |
181 | 185 | return 3; |
182 | 186 | } |
274 | 278 | memcpy(&buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")], buffer2, strlen(buffer2)); |
275 | 279 | ind++; |
276 | 280 | |
277 | if (hydra_send(s, (char*)buffer, length, 0) < 0) | |
281 | if (hydra_send(s, (char *) buffer, length, 0) < 0) | |
278 | 282 | return 1; |
279 | 283 | free(buf); |
280 | if ((buf = (unsigned char*) hydra_receive_line(s)) == NULL) | |
284 | if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) | |
281 | 285 | return 1; |
282 | 286 | } |
283 | 287 | } |
313 | 317 | sleep(1); |
314 | 318 | hydra_child_exit(2); |
315 | 319 | } |
316 | ||
317 | 320 | //0 0x30, 0x84, 0x20, 0x20, 0x20, 0x10, 0x02, 0x01, |
318 | 321 | //8 0x01, 0x61, 0x84, 0x20, 0x20, 0x20, 0x07, 0x0a, |
319 | 322 | //16 0x01, 0x20, 0x04, 0x20, 0x04, 0x20, 0x00, 0x00, |
384 | 387 | if (hydra_send(sock, confidentiality_required, strlen(confidentiality_required), 0) < 0) |
385 | 388 | hydra_child_exit(1); |
386 | 389 | |
387 | if ((buf = (unsigned char*) hydra_receive_line(sock)) == NULL) | |
390 | if ((buf = (unsigned char *) hydra_receive_line(sock)) == NULL) | |
388 | 391 | hydra_child_exit(1); |
389 | 392 | |
390 | 393 | if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) { |
437 | 440 | service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_DIGESTMD5); |
438 | 441 | } |
439 | 442 | |
440 | int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
443 | int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
441 | 444 | // called before the childrens are forked off, so this is the function |
442 | 445 | // which should be filled if initial connections and service setup has to be |
443 | 446 | // performed once only. |
15 | 15 | #define SOCKS_V5 5 |
16 | 16 | #define SOCKS_V4 4 |
17 | 17 | #define SOCKS_NOAUTH 0 |
18 | ||
18 | 19 | /* http://tools.ietf.org/html/rfc1929 */ |
19 | 20 | #define SOCKS_PASSAUTH 2 |
20 | 21 | #define SOCKS_NOMETHOD 0xff |
24 | 25 | #define SOCKS_IPV6 4 |
25 | 26 | |
26 | 27 | extern int conwait; |
27 | ||
28 | char quiet; | |
29 | int do_retry = 1; | |
28 | 30 | int module_auth_type = -1; |
29 | 31 | int intern_socket, extern_socket; |
30 | 32 | char pair[260]; |
41 | 43 | int __first_connect = 1; |
42 | 44 | char ipstring[64]; |
43 | 45 | unsigned int colored_output = 1; |
46 | char quiet = 0; | |
44 | 47 | |
45 | 48 | #ifdef LIBOPENSSL |
46 | 49 | SSL *ssl = NULL; |
55 | 58 | void alarming() { |
56 | 59 | fail++; |
57 | 60 | alarm_went_off++; |
61 | ||
58 | 62 | /* uh, I think it's not good for performance if we try to reconnect to a timeout system! |
59 | 63 | * if (fail > MAX_CONNECT_RETRY) { |
60 | 64 | */ |
62 | 66 | if (debug) |
63 | 67 | printf("DEBUG_CONNECT_TIMEOUT\n"); |
64 | 68 | hydra_child_exit(1); |
69 | ||
65 | 70 | /* |
66 | 71 | * } else { |
67 | 72 | * if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], retrying (%d of %d retries)\n", (int)getpid(), fail, MAX_CONNECT_RETRY); |
78 | 83 | |
79 | 84 | int internal__hydra_connect(char *host, int port, int protocol, int type) { |
80 | 85 | int s, ret = -1, ipv6 = 0; |
86 | ||
81 | 87 | #ifdef AF_INET6 |
82 | 88 | struct sockaddr_in6 target6; |
83 | 89 | struct sockaddr_in6 sin6; |
139 | 145 | } else { |
140 | 146 | if (errno == EACCES && (getuid() > 0)) { |
141 | 147 | fprintf(stderr, "[ERROR] You need to be root to test this service\n"); |
148 | close(s); | |
142 | 149 | return -1; |
143 | 150 | } |
144 | 151 | } |
200 | 207 | alarm(0); |
201 | 208 | if (ret < 0 && alarm_went_off == 0) { |
202 | 209 | fail++; |
203 | if (verbose && fail <= MAX_CONNECT_RETRY) | |
204 | fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int) getpid(), fail, MAX_CONNECT_RETRY); | |
205 | } | |
206 | } while (ret < 0 && fail <= MAX_CONNECT_RETRY); | |
210 | if (verbose ) { | |
211 | if (do_retry && fail <= MAX_CONNECT_RETRY) | |
212 | fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int) getpid(), fail, MAX_CONNECT_RETRY); | |
213 | else | |
214 | fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int) getpid()); | |
215 | } | |
216 | } | |
217 | } while (ret < 0 && fail <= MAX_CONNECT_RETRY && do_retry); | |
207 | 218 | if (ret < 0 && fail > MAX_CONNECT_RETRY) { |
208 | 219 | if (debug) |
209 | 220 | printf("DEBUG_CONNECT_UNREACHABLE\n"); |
213 | 224 | * hydra_child_exit(1); |
214 | 225 | */ |
215 | 226 | extern_socket = -1; |
227 | close(s); | |
216 | 228 | ret = -1; |
217 | 229 | return ret; |
218 | 230 | } |
225 | 237 | if (use_proxy == 2) { |
226 | 238 | if ((buf = malloc(4096)) == NULL) { |
227 | 239 | fprintf(stderr, "[ERROR] could not malloc()\n"); |
240 | close(s); | |
228 | 241 | return -1; |
229 | 242 | } |
230 | 243 | memset(&target, 0, sizeof(target)); |
243 | 256 | #endif |
244 | 257 | |
245 | 258 | if (hydra_strcasestr(proxy_string_type, "connect") || hydra_strcasestr(proxy_string_type, "http")) { |
246 | if (proxy_authentication == NULL) | |
259 | if (proxy_authentication == NULL) | |
247 | 260 | if (host[0] == 16) |
248 | 261 | snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port); |
249 | 262 | else |
250 | 263 | snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port); |
251 | else | |
252 | if (host[0] == 16) | |
253 | snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication); | |
254 | else | |
255 | snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication); | |
256 | ||
257 | send(s, buf, strlen(buf), 0); | |
258 | recv(s, buf, 4096, 0); | |
259 | if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = index(buf, ' ')) != NULL && *++tmpptr == '2') { | |
264 | else if (host[0] == 16) | |
265 | snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication); | |
266 | else | |
267 | snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication); | |
268 | ||
269 | send(s, buf, strlen(buf), 0); | |
270 | recv(s, buf, 4096, 0); | |
271 | if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = index(buf, ' ')) != NULL && *++tmpptr == '2') { | |
260 | 272 | if (debug) |
261 | 273 | printf("DEBUG_CONNECT_PROXY_OK\n"); |
262 | } else { | |
274 | } else { | |
263 | 275 | if (debug) |
264 | 276 | printf("DEBUG_CONNECT_PROXY_FAILED (Code: %c%c%c)\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2)); |
265 | 277 | if (verbose) |
266 | 278 | fprintf(stderr, "[ERROR] CONNECT call to proxy failed with code %c%c%c\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2)); |
267 | 279 | err = 1; |
268 | } | |
269 | free(buf); | |
280 | } | |
281 | // free(buf); | |
270 | 282 | } else { |
271 | 283 | if (hydra_strcasestr(proxy_string_type, "socks5")) { |
272 | char buf[1024]; | |
273 | size_t cnt, wlen; | |
284 | // char buf[1024]; | |
285 | size_t cnt, wlen; | |
274 | 286 | |
275 | 287 | /* socks v5 support */ |
276 | buf[0] = SOCKS_V5; | |
277 | buf[1] = 1; | |
278 | if (proxy_authentication == NULL) | |
279 | buf[2] = SOCKS_NOAUTH; | |
288 | buf[0] = SOCKS_V5; | |
289 | buf[1] = 1; | |
290 | if (proxy_authentication == NULL) | |
291 | buf[2] = SOCKS_NOAUTH; | |
280 | 292 | else |
281 | buf[2] = SOCKS_PASSAUTH; | |
282 | cnt = hydra_send(s, buf, 3, 0); | |
283 | if (cnt != 3) { | |
284 | hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/3)\n", cnt); | |
293 | buf[2] = SOCKS_PASSAUTH; | |
294 | cnt = hydra_send(s, buf, 3, 0); | |
295 | if (cnt != 3) { | |
296 | hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/3)\n", cnt); | |
285 | 297 | err = 1; |
286 | 298 | } else { |
287 | cnt = hydra_recv(s, buf, 2); | |
288 | if (cnt != 2) { | |
289 | hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); | |
299 | cnt = hydra_recv(s, buf, 2); | |
300 | if (cnt != 2) { | |
301 | hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); | |
290 | 302 | err = 1; |
291 | 303 | } |
292 | if ((unsigned int) buf[1] == SOCKS_NOMETHOD) { | |
293 | hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n"); | |
304 | if ((unsigned int) buf[1] == SOCKS_NOMETHOD) { | |
305 | hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n"); | |
294 | 306 | err = 1; |
295 | 307 | } |
296 | 308 | /* SOCKS_DOMAIN not supported here, do we need it ? */ |
298 | 310 | /* send user/pass */ |
299 | 311 | if (proxy_authentication != NULL) { |
300 | 312 | //format was checked previously |
301 | char *login=strtok(proxy_authentication, ":"); | |
302 | char *pass=strtok(NULL, ":"); | |
313 | char *login = strtok(proxy_authentication, ":"); | |
314 | char *pass = strtok(NULL, ":"); | |
315 | ||
303 | 316 | snprintf(buf, sizeof(buf), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); |
304 | 317 | |
305 | cnt = hydra_send(s, buf, strlen(buf), 0); | |
306 | if (cnt != strlen(buf)) { | |
307 | hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/3)\n", cnt); | |
308 | err = 1; | |
309 | } else { | |
310 | cnt = hydra_recv(s, buf, 2); | |
311 | if (cnt != 2) { | |
312 | hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); | |
313 | err = 1; | |
314 | } | |
315 | if (buf[1] != 0) { | |
316 | hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication failure\n"); | |
317 | err = 1; | |
318 | } else { | |
318 | cnt = hydra_send(s, buf, strlen(buf), 0); | |
319 | if (cnt != strlen(buf)) { | |
320 | hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/3)\n", cnt); | |
321 | err = 1; | |
322 | } else { | |
323 | cnt = hydra_recv(s, buf, 2); | |
324 | if (cnt != 2) { | |
325 | hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); | |
326 | err = 1; | |
327 | } | |
328 | if (buf[1] != 0) { | |
329 | hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication failure\n"); | |
330 | err = 1; | |
331 | } else { | |
319 | 332 | if (debug) |
320 | hydra_report(stderr, "[DEBUG] SOCKS5 proxy authentication success\n"); | |
321 | } | |
322 | } | |
333 | hydra_report(stderr, "[DEBUG] SOCKS5 proxy authentication success\n"); | |
334 | } | |
335 | } | |
323 | 336 | } |
324 | ||
325 | 337 | #ifdef AF_INET6 |
326 | 338 | if (ipv6) { |
327 | /* Version 5, connect: IPv6 address */ | |
328 | buf[0] = SOCKS_V5; | |
329 | buf[1] = SOCKS_CONNECT; | |
330 | buf[2] = 0; | |
331 | buf[3] = SOCKS_IPV6; | |
332 | memcpy(buf + 4, &target6.sin6_addr, sizeof target6.sin6_addr); | |
333 | memcpy(buf + 20, &target6.sin6_port, sizeof target6.sin6_port); | |
334 | wlen = 22; | |
339 | /* Version 5, connect: IPv6 address */ | |
340 | buf[0] = SOCKS_V5; | |
341 | buf[1] = SOCKS_CONNECT; | |
342 | buf[2] = 0; | |
343 | buf[3] = SOCKS_IPV6; | |
344 | memcpy(buf + 4, &target6.sin6_addr, sizeof target6.sin6_addr); | |
345 | memcpy(buf + 20, &target6.sin6_port, sizeof target6.sin6_port); | |
346 | wlen = 22; | |
335 | 347 | } else { |
336 | 348 | #endif |
337 | /* Version 5, connect: IPv4 address */ | |
338 | buf[0] = SOCKS_V5; | |
339 | buf[1] = SOCKS_CONNECT; | |
340 | buf[2] = 0; | |
341 | buf[3] = SOCKS_IPV4; | |
342 | memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr); | |
343 | memcpy(buf + 8, &target.sin_port, sizeof target.sin_port); | |
344 | wlen = 10; | |
349 | /* Version 5, connect: IPv4 address */ | |
350 | buf[0] = SOCKS_V5; | |
351 | buf[1] = SOCKS_CONNECT; | |
352 | buf[2] = 0; | |
353 | buf[3] = SOCKS_IPV4; | |
354 | memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr); | |
355 | memcpy(buf + 8, &target.sin_port, sizeof target.sin_port); | |
356 | wlen = 10; | |
345 | 357 | #ifdef AF_INET6 |
346 | 358 | } |
347 | 359 | #endif |
348 | cnt = hydra_send(s, buf, wlen, 0); | |
349 | if (cnt != wlen) { | |
350 | hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/%zu)\n", cnt, wlen); | |
351 | err = 1; | |
360 | cnt = hydra_send(s, buf, wlen, 0); | |
361 | if (cnt != wlen) { | |
362 | hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/%zu)\n", cnt, wlen); | |
363 | err = 1; | |
352 | 364 | } else { |
353 | cnt=hydra_recv(s, buf, 10); | |
354 | if (cnt != 10) { | |
355 | hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/10)\n", cnt); | |
356 | err = 1; | |
357 | } | |
358 | if (buf[1] != 0) { | |
365 | cnt = hydra_recv(s, buf, 10); | |
366 | if (cnt != 10) { | |
367 | hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/10)\n", cnt); | |
368 | err = 1; | |
369 | } | |
370 | if (buf[1] != 0) { | |
359 | 371 | /* 0x05 = connection refused by destination host */ |
360 | 372 | if (buf[1] == 5) |
361 | hydra_report(stderr, "[ERROR] SOCKS proxy request failed\n"); | |
373 | hydra_report(stderr, "[ERROR] SOCKS proxy request failed\n"); | |
362 | 374 | else |
363 | 375 | hydra_report(stderr, "[ERROR] SOCKS error %d\n", buf[1]); |
364 | err = 1; | |
365 | } | |
376 | err = 1; | |
377 | } | |
366 | 378 | } |
367 | 379 | } |
368 | 380 | } |
369 | 381 | } else { |
370 | 382 | if (hydra_strcasestr(proxy_string_type, "socks4")) { |
371 | if (ipv6) { | |
383 | if (ipv6) { | |
372 | 384 | hydra_report(stderr, "[ERROR] SOCKS4 proxy does not support IPv6\n"); |
373 | 385 | err = 1; |
374 | } else { | |
375 | char buf[1024]; | |
376 | size_t cnt, wlen; | |
386 | } else { | |
387 | // char buf[1024]; | |
388 | size_t cnt, wlen; | |
377 | 389 | |
378 | 390 | /* socks v4 support */ |
379 | buf[0] = SOCKS_V4; | |
380 | buf[1] = SOCKS_CONNECT; /* connect */ | |
381 | memcpy(buf + 2, &target.sin_port, sizeof target.sin_port); | |
382 | memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr); | |
383 | buf[8] = 0; /* empty username */ | |
384 | wlen = 9; | |
385 | cnt = hydra_send(s, buf, wlen, 0); | |
386 | if (cnt != wlen) { | |
387 | hydra_report(stderr, "[ERROR] SOCKS4 proxy write failed (%zu/%zu)\n", cnt, wlen); | |
388 | err = 1; | |
391 | buf[0] = SOCKS_V4; | |
392 | buf[1] = SOCKS_CONNECT; /* connect */ | |
393 | memcpy(buf + 2, &target.sin_port, sizeof target.sin_port); | |
394 | memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr); | |
395 | buf[8] = 0; /* empty username */ | |
396 | wlen = 9; | |
397 | cnt = hydra_send(s, buf, wlen, 0); | |
398 | if (cnt != wlen) { | |
399 | hydra_report(stderr, "[ERROR] SOCKS4 proxy write failed (%zu/%zu)\n", cnt, wlen); | |
400 | err = 1; | |
389 | 401 | } else { |
390 | cnt=hydra_recv(s, buf, 8); | |
391 | if (cnt != 8) { | |
392 | hydra_report(stderr, "[ERROR] SOCKS4 proxy read failed (%zu/8)\n", cnt); | |
393 | err = 1; | |
394 | } | |
395 | if (buf[1] != 90) { | |
402 | cnt = hydra_recv(s, buf, 8); | |
403 | if (cnt != 8) { | |
404 | hydra_report(stderr, "[ERROR] SOCKS4 proxy read failed (%zu/8)\n", cnt); | |
405 | err = 1; | |
406 | } | |
407 | if (buf[1] != 90) { | |
396 | 408 | /* 91 = 0x5b = request rejected or failed */ |
397 | 409 | if (buf[1] == 91) |
398 | hydra_report(stderr, "[ERROR] SOCKS proxy request failed\n"); | |
410 | hydra_report(stderr, "[ERROR] SOCKS proxy request failed\n"); | |
399 | 411 | else |
400 | hydra_report(stderr, "[ERROR] SOCKS error %d\n", buf[1]); | |
401 | err = 1; | |
402 | } | |
403 | } | |
412 | hydra_report(stderr, "[ERROR] SOCKS error %d\n", buf[1]); | |
413 | err = 1; | |
414 | } | |
415 | } | |
404 | 416 | } |
405 | } else { | |
406 | hydra_report(stderr, "[ERROR] Unknown proxy type: %s, valid type are \"connect\", \"socks4\" or \"socks5\"\n", proxy_string_type); | |
407 | err = 1; | |
408 | } | |
417 | } else { | |
418 | hydra_report(stderr, "[ERROR] Unknown proxy type: %s, valid type are \"connect\", \"socks4\" or \"socks5\"\n", proxy_string_type); | |
419 | err = 1; | |
420 | } | |
409 | 421 | } |
410 | 422 | } |
423 | free(buf); | |
411 | 424 | } |
412 | 425 | if (err) { |
413 | 426 | close(s); |
414 | 427 | extern_socket = -1; |
415 | 428 | ret = -1; |
416 | free(buf); | |
417 | 429 | return ret; |
418 | 430 | } |
419 | 431 | fail = 0; |
428 | 440 | #ifdef NO_RSA_LEGACY |
429 | 441 | RSA *private = RSA_new(); |
430 | 442 | BIGNUM *f4 = BN_new(); |
443 | ||
431 | 444 | BN_set_word(f4, RSA_F4); |
432 | RSA_generate_key_ex(rsa,1024, f4, NULL); | |
445 | RSA_generate_key_ex(rsa, 1024, f4, NULL); | |
433 | 446 | #else |
434 | 447 | rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL); |
435 | 448 | #endif |
444 | 457 | if (ssl_first) { |
445 | 458 | SSL_load_error_strings(); |
446 | 459 | // SSL_add_ssl_algoritms(); |
447 | SSL_library_init(); // ? | |
460 | SSL_library_init(); // ? | |
448 | 461 | ssl_first = 0; |
449 | 462 | } |
450 | 463 | |
651 | 664 | fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login()); |
652 | 665 | else |
653 | 666 | fprintf(fp, "[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); |
667 | else if (colored_output) | |
668 | fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); | |
654 | 669 | else |
655 | if (colored_output) | |
656 | fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); | |
657 | else | |
658 | fprintf(fp, "[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); | |
670 | fprintf(fp, "[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); | |
659 | 671 | |
660 | 672 | if (stdout != fp) { |
661 | 673 | if (!strcmp(svc, "rsh")) |
671 | 683 | void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp) { |
672 | 684 | strcpy(ipaddr_str, hydra_address2string(ip)); |
673 | 685 | if (colored_output) |
674 | fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); | |
686 | fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); | |
675 | 687 | else |
676 | fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); | |
688 | fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); | |
677 | 689 | if (stdout != fp) |
678 | 690 | printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); |
679 | 691 | fflush(fp); |
693 | 705 | else if (!strcmp(svc, "snmp3")) |
694 | 706 | if (colored_output) |
695 | 707 | fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); |
696 | else | |
708 | else | |
697 | 709 | fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); |
698 | 710 | else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) |
699 | 711 | if (colored_output) |
700 | 712 | fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); |
701 | else | |
713 | else | |
702 | 714 | fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); |
715 | else if (colored_output) | |
716 | fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, | |
717 | hydra_get_next_password()); | |
703 | 718 | else |
704 | if (colored_output) | |
705 | fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); | |
706 | else | |
707 | fprintf(fp, "[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); | |
719 | fprintf(fp, "[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); | |
708 | 720 | if (stdout != fp) { |
709 | 721 | if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) |
710 | 722 | printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login()); |
722 | 734 | void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg) { |
723 | 735 | strcpy(ipaddr_str, hydra_address2string(ip)); |
724 | 736 | if (colored_output) |
725 | fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m password: \e[32m%s\e[0m [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg); | |
737 | fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m password: \e[32m%s\e[0m [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), | |
738 | hydra_get_next_password(), msg); | |
726 | 739 | else |
727 | 740 | fprintf(fp, "[%d][%s] host: %s login: %s password: %s [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg); |
728 | 741 | if (stdout != fp) |
821 | 834 | int hydra_recv_nb(int socket, char *buf, int length) { |
822 | 835 | int ret = -1; |
823 | 836 | char text[64]; |
824 | ||
837 | ||
825 | 838 | if (hydra_data_ready_timed(socket, (long) waittime, 0) > 0) { |
826 | 839 | if ((ret = internal__hydra_recv(socket, buf, length)) <= 0) { |
827 | 840 | buf[0] = 0; |
828 | sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); | |
829 | hydra_dump_data(buf, ret, text); | |
841 | if (debug) { | |
842 | sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); | |
843 | hydra_dump_data(buf, ret, text); | |
844 | } | |
830 | 845 | return ret; |
831 | 846 | } |
832 | 847 | if (debug) { |
839 | 854 | } |
840 | 855 | |
841 | 856 | char *hydra_receive_line(int socket) { |
842 | char buf[1024], *buff, text[64]; | |
857 | char buf[1024], *buff, *buff2, text[64]; | |
843 | 858 | int i, j = 1, k, got = 0; |
844 | 859 | |
845 | 860 | if ((buff = malloc(sizeof(buf))) == NULL) { |
871 | 886 | free(buff); |
872 | 887 | return NULL; |
873 | 888 | } else { |
874 | if (got > 0) { | |
875 | for (k = 0; k < got; k++) | |
876 | if (buff[k] == 0) | |
877 | buff[k] = 32; | |
878 | buff[got] = 0; | |
879 | usleep(100); | |
880 | } | |
889 | if (got > 0) { | |
890 | for (k = 0; k < got; k++) | |
891 | if (buff[k] == 0) | |
892 | buff[k] = 32; | |
893 | buff[got] = 0; | |
894 | usleep(100); | |
895 | } | |
881 | 896 | } |
882 | 897 | |
883 | 898 | while (hydra_data_ready(socket) > 0 && j > 0) { |
887 | 902 | if (buf[k] == 0) |
888 | 903 | buf[k] = 32; |
889 | 904 | buf[j] = 0; |
890 | buff = realloc(buff, got + j + 1); | |
905 | if ((buff2 = realloc(buff, got + j + 1)) == NULL) { | |
906 | free(buff); | |
907 | return NULL; | |
908 | } else | |
909 | buff = buff2; | |
891 | 910 | memcpy(buff + got, &buf, j + 1); |
892 | 911 | got += j; |
893 | 912 | buff[got] = 0; |
909 | 928 | |
910 | 929 | int hydra_send(int socket, char *buf, int size, int options) { |
911 | 930 | char text[64]; |
912 | ||
931 | ||
913 | 932 | if (debug) { |
914 | 933 | sprintf(text, "[DEBUG] SEND [pid:%d]", getpid()); |
915 | 934 | hydra_dump_data(buf, size, text); |
935 | ||
916 | 936 | /* int k; |
917 | 937 | char *debugbuf = malloc(size + 1); |
918 | 938 | |
927 | 947 | free(debugbuf); |
928 | 948 | }*/ |
929 | 949 | } |
950 | ||
930 | 951 | /* if (hydra_data_ready_writing(socket)) < 1) return -1; XXX maybe needed in the future */ |
931 | 952 | return (internal__hydra_send(socket, buf, size, options)); |
932 | 953 | } |
946 | 967 | char *c, oldstring[1024]; |
947 | 968 | static char newstring[1024]; |
948 | 969 | |
949 | if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece) )) | |
970 | if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 | |
971 | || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece))) | |
950 | 972 | return NULL; |
951 | 973 | |
952 | 974 | strcpy(newstring, string); |
953 | 975 | strcpy(oldstring, string); |
954 | 976 | |
955 | // while ((c = (char *) strstr(oldstring, oldpiece)) != NULL) { | |
956 | c = (char *) strstr(oldstring, oldpiece); | |
957 | new_len = strlen(newpiece); | |
958 | old_len = strlen(oldpiece); | |
959 | end = strlen(oldstring) - old_len; | |
960 | oldpiece_index = c - oldstring; | |
961 | newstr_index = 0; | |
962 | str_index = 0; | |
963 | while (c != NULL && str_index <= end) { | |
964 | /* Copy characters from the left of matched pattern occurence */ | |
965 | cpy_len = oldpiece_index - str_index; | |
966 | strncpy(newstring + newstr_index, oldstring + str_index, cpy_len); | |
967 | newstr_index += cpy_len; | |
968 | str_index += cpy_len; | |
969 | ||
970 | /* Copy replacement characters instead of matched pattern */ | |
971 | strcpy(newstring + newstr_index, newpiece); | |
972 | newstr_index += new_len; | |
973 | str_index += old_len; | |
974 | /* Check for another pattern match */ | |
975 | if ((c = (char *) strstr(oldstring + str_index, oldpiece)) != NULL) | |
976 | oldpiece_index = c - oldstring; | |
977 | } | |
978 | /* Copy remaining characters from the right of last matched pattern */ | |
979 | strcpy(newstring + newstr_index, oldstring + str_index); | |
980 | strcpy(oldstring, newstring); | |
977 | // while ((c = (char *) strstr(oldstring, oldpiece)) != NULL) { | |
978 | c = (char *) strstr(oldstring, oldpiece); | |
979 | new_len = strlen(newpiece); | |
980 | old_len = strlen(oldpiece); | |
981 | end = strlen(oldstring) - old_len; | |
982 | oldpiece_index = c - oldstring; | |
983 | newstr_index = 0; | |
984 | str_index = 0; | |
985 | while (c != NULL && str_index <= end) { | |
986 | /* Copy characters from the left of matched pattern occurence */ | |
987 | cpy_len = oldpiece_index - str_index; | |
988 | strncpy(newstring + newstr_index, oldstring + str_index, cpy_len); | |
989 | newstr_index += cpy_len; | |
990 | str_index += cpy_len; | |
991 | ||
992 | /* Copy replacement characters instead of matched pattern */ | |
993 | strcpy(newstring + newstr_index, newpiece); | |
994 | newstr_index += new_len; | |
995 | str_index += old_len; | |
996 | /* Check for another pattern match */ | |
997 | if ((c = (char *) strstr(oldstring + str_index, oldpiece)) != NULL) | |
998 | oldpiece_index = c - oldstring; | |
999 | } | |
1000 | /* Copy remaining characters from the right of last matched pattern */ | |
1001 | strcpy(newstring + newstr_index, oldstring + str_index); | |
1002 | strcpy(oldstring, newstring); | |
981 | 1003 | // } |
982 | 1004 | return newstring; |
983 | 1005 | } |
1179 | 1201 | return NULL; |
1180 | 1202 | |
1181 | 1203 | for (; *haystack; ++haystack) { |
1182 | if (toupper((int)*haystack) == toupper((int)*needle)) { | |
1204 | if (toupper((int) *haystack) == toupper((int) *needle)) { | |
1183 | 1205 | const char *h, *n; |
1184 | 1206 | |
1185 | 1207 | for (h = haystack, n = needle; *h && *n; ++h, ++n) { |
1186 | if (toupper((int)*h) != toupper((int)*n)) { | |
1208 | if (toupper((int) *h) != toupper((int) *n)) { | |
1187 | 1209 | break; |
1188 | 1210 | } |
1189 | 1211 | } |
1256 | 1278 | |
1257 | 1279 | int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen) { |
1258 | 1280 | int i; |
1259 | ||
1281 | ||
1260 | 1282 | for (i = 0; i <= hlen - nlen; i++) |
1261 | 1283 | if (memcmp(haystack + i, needle, nlen) == 0) |
1262 | 1284 | return i; |
1 | 1 | #define _HYDRA_MOD_H |
2 | 2 | |
3 | 3 | #include "hydra.h" |
4 | ||
5 | extern char quiet; | |
4 | 6 | |
5 | 7 | extern void hydra_child_exit(int code); |
6 | 8 | extern void hydra_register_socket(int s); |
82 | 82 | return 1; |
83 | 83 | if (hydra_send(s, (char *) p_lng, 71, 0) < 0) |
84 | 84 | return 1; |
85 | ||
85 | ||
86 | 86 | memset(buffer, 0, sizeof(buffer)); |
87 | ret=hydra_recv_nb(s, buffer, sizeof(buffer)); | |
87 | ret = hydra_recv_nb(s, buffer, sizeof(buffer)); | |
88 | 88 | |
89 | 89 | if (ret <= 0) |
90 | 90 | return 3; |
152 | 152 | } |
153 | 153 | } |
154 | 154 | |
155 | int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
155 | int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
156 | 156 | // called before the childrens are forked off, so this is the function |
157 | 157 | // which should be filled if initial connections and service setup has to be |
158 | 158 | // performed once only. |
37 | 37 | |
38 | 38 | /* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */ |
39 | 39 | char *hydra_mysql_receive_line(int socket) { |
40 | char buf[300], *buff; | |
41 | int i = 0, j = 0; | |
42 | ||
43 | buff = malloc(sizeof(buf)); | |
40 | char buf[300], *buff, *buff2; | |
41 | int i = 0, j = 0, buff_size = 300; | |
42 | ||
43 | buff = malloc(buff_size); | |
44 | 44 | if (buff == NULL) |
45 | 45 | return NULL; |
46 | 46 | memset(buff, 0, sizeof(buf)); |
54 | 54 | } |
55 | 55 | if (i <= 0) { |
56 | 56 | if (debug) |
57 | hydra_report_debug(stderr,"DEBUG_RECV_BEGIN|%s|END\n", buff); | |
57 | hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END\n"); | |
58 | 58 | free(buff); |
59 | 59 | return NULL; |
60 | 60 | } |
62 | 62 | j = 1; |
63 | 63 | while (hydra_data_ready(socket) > 0 && j > 0) { |
64 | 64 | j = internal__hydra_recv(socket, buf, sizeof(buf)); |
65 | buff = realloc(buff, i + j); | |
66 | if (buff == NULL) | |
67 | return NULL; | |
68 | memcpy(buff + i, &buf, j); | |
69 | i = i + j; | |
65 | if (j > 0) { | |
66 | if (i + j > buff_size || (buff2 = realloc(buff, i + j)) == NULL) { | |
67 | free(buff); | |
68 | return NULL; | |
69 | } else { | |
70 | buff = buff2; | |
71 | buff_size = i + j; | |
72 | } | |
73 | memcpy(buff + i, &buf, j); | |
74 | i += j; | |
75 | } | |
70 | 76 | } |
71 | 77 | |
72 | 78 | if (debug) |
73 | hydra_report_debug(stderr,"DEBUG_RECV_BEGIN|%s|END\n", buff); | |
79 | hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END\n", buff); | |
74 | 80 | return buff; |
75 | 81 | } |
76 | 82 | |
174 | 180 | pass = hydra_get_next_password(); |
175 | 181 | |
176 | 182 | if (miscptr) |
177 | strncpy(database, miscptr, sizeof(database)); | |
183 | strncpy(database, miscptr, sizeof(database) - 1); | |
178 | 184 | else { |
179 | strncpy(database, DEFAULT_DB, sizeof(database)); | |
185 | strncpy(database, DEFAULT_DB, sizeof(database) - 1); | |
180 | 186 | if (verbose) |
181 | 187 | hydra_report(stderr, "[VERBOSE] using default db 'mysql'\n"); |
182 | 188 | } |
189 | database[sizeof(database) - 1] = 0; | |
183 | 190 | |
184 | 191 | /* read server greeting */ |
185 | 192 | res = hydra_mysql_init(sock); |
194 | 201 | if (mysql == NULL) { |
195 | 202 | mysql = mysql_init(NULL); |
196 | 203 | if (mysql == NULL) { |
197 | hydra_report(stderr, "[ERROR] Insufficient memory to allocate new mysql object\n"); | |
198 | return 1; | |
204 | hydra_report(stderr, "[ERROR] Insufficient memory to allocate new mysql object\n"); | |
205 | return 1; | |
199 | 206 | } |
200 | 207 | } |
201 | 208 | /*mysql_options(&mysql,MYSQL_OPT_COMPRESS,0); */ |
202 | 209 | if (!mysql_real_connect(mysql, hydra_address2string(ip), login, pass, database, 0, NULL, 0)) { |
203 | 210 | int my_errno = mysql_errno(mysql); |
211 | ||
204 | 212 | if (debug) |
205 | 213 | hydra_report(stderr, "[ERROR] Failed to connect to database: %s\n", mysql_error(mysql)); |
206 | 214 | |
207 | 215 | /* |
208 | Error: 1049 SQLSTATE: 42000 (ER_BAD_DB_ERROR) | |
209 | Message: Unknown database '%s' | |
210 | */ | |
216 | Error: 1049 SQLSTATE: 42000 (ER_BAD_DB_ERROR) | |
217 | Message: Unknown database '%s' | |
218 | */ | |
211 | 219 | if (my_errno == 1049) { |
212 | 220 | hydra_report(stderr, "[ERROR] Unknown database: %s\n", database); |
213 | 221 | } |
217 | 225 | } |
218 | 226 | |
219 | 227 | /* |
220 | http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html | |
221 | ||
222 | Error: 1044 SQLSTATE: 42000 (ER_DBACCESS_DENIED_ERROR) | |
223 | Message: Access denied for user '%s'@'%s' to database '%s' | |
224 | ||
225 | Error: 1045 SQLSTATE: 28000 (ER_ACCESS_DENIED_ERROR) | |
226 | Message: Access denied for user '%s'@'%s' (using password: %s) | |
227 | ||
228 | */ | |
228 | http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html | |
229 | ||
230 | Error: 1044 SQLSTATE: 42000 (ER_DBACCESS_DENIED_ERROR) | |
231 | Message: Access denied for user '%s'@'%s' to database '%s' | |
232 | ||
233 | Error: 1045 SQLSTATE: 28000 (ER_ACCESS_DENIED_ERROR) | |
234 | Message: Access denied for user '%s'@'%s' (using password: %s) | |
235 | ||
236 | */ | |
229 | 237 | |
230 | 238 | //if the error is more critical, we just try to reconnect |
231 | 239 | //to the db later with the mysql_init |
232 | if ((my_errno != 1044)&&(my_errno != 1045)) { | |
240 | if ((my_errno != 1044) && (my_errno != 1045)) { | |
233 | 241 | mysql_close(mysql); |
234 | 242 | mysql = NULL; |
235 | 243 | } |
316 | 324 | port = myport; |
317 | 325 | } |
318 | 326 | if (sock < 0) { |
319 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
327 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
320 | 328 | hydra_child_exit(1); |
321 | 329 | } |
322 | 330 | next_run = 2; |
344 | 352 | |
345 | 353 | |
346 | 354 | #endif |
355 | ||
347 | 356 | /************************************************************************/ |
348 | 357 | |
349 | 358 | /* code belowe is copied from mysql 3.23.57 source code (www.mysql.com) */ |
358 | 367 | double max_value_dbl; |
359 | 368 | }; |
360 | 369 | |
361 | void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */ | |
370 | void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */ | |
362 | 371 | rand_st->max_value = 0x3FFFFFFFL; |
363 | 372 | rand_st->max_value_dbl = (double) rand_st->max_value; |
364 | 373 | rand_st->seed1 = seed1 % rand_st->max_value; |
409 | 418 | } |
410 | 419 | #endif |
411 | 420 | |
412 | int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
421 | int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
413 | 422 | // called before the childrens are forked off, so this is the function |
414 | 423 | // which should be filled if initial connections and service setup has to be |
415 | 424 | // performed once only. |
150 | 150 | sock = hydra_connect_tcp(ip, myport); |
151 | 151 | port = myport; |
152 | 152 | if (sock < 0) { |
153 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
153 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
154 | 154 | hydra_child_exit(1); |
155 | 155 | } |
156 | 156 | next_run = 2; |
181 | 181 | |
182 | 182 | #endif |
183 | 183 | |
184 | int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
184 | int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
185 | 185 | // called before the childrens are forked off, so this is the function |
186 | 186 | // which should be filled if initial connections and service setup has to be |
187 | 187 | // performed once only. |
48 | 48 | |
49 | 49 | int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { |
50 | 50 | char *empty = "\"\""; |
51 | char *login, *pass, buffer[300], buffer2[500]; | |
51 | char *login, *pass, buffer[500], buffer2[500], *fooptr; | |
52 | 52 | int i = 1; |
53 | 53 | |
54 | 54 | if (strlen(login = hydra_get_next_login()) == 0) |
59 | 59 | while (i > 0 && hydra_data_ready(s) > 0) |
60 | 60 | i = hydra_recv(s, buffer, 300); |
61 | 61 | |
62 | if (i < 0) | |
63 | i = 0; | |
64 | buffer[i] = 0; | |
65 | ||
62 | 66 | switch (nntp_auth_mechanism) { |
63 | 67 | case AUTH_LOGIN: |
64 | 68 | sprintf(buffer, "AUTHINFO SASL LOGIN\r\n"); |
155 | 159 | //receive |
156 | 160 | if ((buf = hydra_receive_line(s)) == NULL) |
157 | 161 | return 1; |
158 | if (buf == NULL || strstr(buf, "383") == NULL) { | |
162 | if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { | |
159 | 163 | hydra_report(stderr, "[ERROR] NNTP DIGEST-MD5 AUTH : %s\n", buf); |
160 | 164 | free(buf); |
161 | 165 | return 3; |
164 | 168 | from64tobits((char *) buffer, buf + 4); |
165 | 169 | free(buf); |
166 | 170 | |
167 | if (verbose) | |
171 | if (debug) | |
168 | 172 | hydra_report(stderr, "DEBUG S: %s\n", buffer); |
169 | sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); | |
170 | if (buffer2 == NULL) | |
173 | fooptr = buffer2; | |
174 | sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); | |
175 | if (fooptr == NULL) | |
171 | 176 | return 3; |
172 | 177 | |
173 | if (verbose) | |
178 | if (debug) | |
174 | 179 | hydra_report(stderr, "DEBUG C: %s\n", buffer2); |
175 | 180 | hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); |
176 | 181 | sprintf(buffer, "%s\r\n", buffer2); |
186 | 191 | //send auth and receive challenge |
187 | 192 | buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); |
188 | 193 | to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); |
189 | sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char*)buf1); | |
194 | sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char *) buf1); | |
190 | 195 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { |
191 | 196 | return 1; |
192 | 197 | } |
193 | 198 | if ((buf = hydra_receive_line(s)) == NULL) |
194 | 199 | return 1; |
195 | if (buf == NULL || strstr(buf, "383") == NULL) { | |
200 | if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { | |
196 | 201 | hydra_report(stderr, "[ERROR] NNTP NTLM AUTH : %s\n", buf); |
197 | 202 | free(buf); |
198 | 203 | return 3; |
203 | 208 | |
204 | 209 | buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); |
205 | 210 | to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); |
206 | sprintf(buffer, "%s\r\n", (char*)buf1); | |
211 | sprintf(buffer, "%s\r\n", (char *) buf1); | |
207 | 212 | } |
208 | 213 | break; |
209 | 214 | |
217 | 222 | if (buf == NULL) |
218 | 223 | return 1; |
219 | 224 | if (buf[0] != '3') { |
220 | if (verbose || debug) hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); | |
225 | if (verbose || debug) | |
226 | hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); | |
221 | 227 | free(buf); |
222 | 228 | return (3); |
223 | 229 | } |
285 | 291 | // usleep(300000); |
286 | 292 | buf = hydra_receive_line(sock); |
287 | 293 | if (buf == NULL || buf[0] != '2') { /* check the first line */ |
288 | if (verbose || debug) hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); | |
294 | if (verbose || debug) | |
295 | hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); | |
289 | 296 | hydra_child_exit(2); |
290 | 297 | } |
291 | 298 | free(buf); |
300 | 307 | } |
301 | 308 | #ifdef LIBOPENSSL |
302 | 309 | if (!disable_tls) { |
303 | /* if we got a positive answer */ | |
304 | if (strstr(buf, "STARTTLS") != NULL) { | |
310 | /* if we got a positive answer */ | |
311 | if (strstr(buf, "STARTTLS") != NULL) { | |
305 | 312 | hydra_send(sock, "STARTTLS\r\n", strlen("STARTTLS\r\n"), 0); |
306 | 313 | free(buf); |
307 | 314 | buf = hydra_receive_line(sock); |
314 | 321 | free(buf); |
315 | 322 | if ((hydra_connect_to_ssl(sock) == -1)) { |
316 | 323 | if (verbose) |
317 | hydra_report(stderr, "[ERROR] Can't use TLS\n"); | |
324 | hydra_report(stderr, "[ERROR] Can't use TLS\n"); | |
318 | 325 | disable_tls = 1; |
319 | 326 | run = 1; |
320 | 327 | break; |
321 | 328 | } else { |
322 | 329 | if (verbose) |
323 | hydra_report(stderr, "[VERBOSE] TLS connection done\n"); | |
330 | hydra_report(stderr, "[VERBOSE] TLS connection done\n"); | |
324 | 331 | } |
325 | 332 | /* ask again capability request but in TLS mode */ |
326 | 333 | if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) |
333 | 340 | hydra_child_exit(2); |
334 | 341 | } |
335 | 342 | } |
336 | } | |
343 | } | |
337 | 344 | } |
338 | 345 | #endif |
339 | 346 | |
457 | 464 | } |
458 | 465 | } |
459 | 466 | |
460 | int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
467 | int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
461 | 468 | // called before the childrens are forked off, so this is the function |
462 | 469 | // which should be filled if initial connections and service setup has to be |
463 | 470 | // performed once only. |
0 | ||
0 | 1 | /* |
1 | 2 | david: |
2 | 3 | |
36 | 37 | } |
37 | 38 | *sz = 2 * i; |
38 | 39 | |
39 | if ((buff = malloc(i)) == NULL) { | |
40 | hydra_report(stderr, "[ERROR] Can't allocate memory\n"); | |
41 | return 1; | |
42 | } | |
43 | memset(buff, 0, i); | |
44 | strncpy(buff, p_str, strlen(p_str)); | |
40 | if ((buff = malloc(i + 4)) == NULL) { | |
41 | hydra_report(stderr, "[ERROR] Can't allocate memory\n"); | |
42 | return 1; | |
43 | } | |
44 | memset(buff, 0, i + 4); | |
45 | strcpy(buff, p_str); | |
45 | 46 | |
46 | 47 | //swap the order of every byte pair |
47 | 48 | for (k = 0; k < i; k += 2) { |
156 | 157 | |
157 | 158 | if (convert_byteorder(&result, siz)) { |
158 | 159 | hydra_report(stderr, "[ERROR] ora_hash_password: in convert_byteorder\n"); |
160 | free(result); | |
159 | 161 | return 1; |
160 | 162 | } |
161 | 163 | if (ora_descrypt(&desresult, result, siz)) { |
162 | 164 | hydra_report(stderr, "[ERROR] ora_hash_password: in DES crypt\n"); |
165 | free(result); | |
163 | 166 | return 1; |
164 | 167 | } |
165 | 168 | free(result); |
166 | 169 | if (ora_hash(&result, desresult, siz)) { |
167 | 170 | hydra_report(stderr, "[ERROR] ora_hash_password: in extracting Oracle hash\n"); |
171 | free(desresult); | |
168 | 172 | return 1; |
169 | 173 | } |
170 | 174 | |
320 | 324 | } |
321 | 325 | } |
322 | 326 | |
323 | int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
327 | int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
324 | 328 | // called before the childrens are forked off, so this is the function |
325 | 329 | // which should be filled if initial connections and service setup has to be |
326 | 330 | // performed once only. |
0 | ||
0 | 1 | /* |
1 | 2 | david: |
2 | 3 | |
132 | 133 | } |
133 | 134 | } |
134 | 135 | |
135 | int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
136 | int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
136 | 137 | // called before the childrens are forked off, so this is the function |
137 | 138 | // which should be filled if initial connections and service setup has to be |
138 | 139 | // performed once only. |
49 | 49 | if (strlen(pass = hydra_get_next_password()) == 0) |
50 | 50 | pass = empty; |
51 | 51 | |
52 | strncpy(sid, miscptr, sizeof(sid)); | |
52 | strncpy(sid, miscptr, sizeof(sid) - 1); | |
53 | sid[sizeof(sid) - 1] = 0; | |
53 | 54 | snprintf(buffer, sizeof(buffer), "//%s:%d/%s", hydra_address2string(ip), port, sid); |
54 | 55 | |
55 | 56 | /* |
174 | 175 | |
175 | 176 | #endif |
176 | 177 | |
177 | int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
178 | int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
178 | 179 | // called before the childrens are forked off, so this is the function |
179 | 180 | // which should be filled if initial connections and service setup has to be |
180 | 181 | // performed once only. |
61 | 61 | char passwd[128]; |
62 | 62 | int i; |
63 | 63 | |
64 | strcpy(passwd, cleartxt); | |
64 | strncpy(passwd, cleartxt, sizeof(passwd) - 1); | |
65 | passwd[sizeof(passwd) - 1] = 0; | |
65 | 66 | if (strlen(cleartxt) > 0) { |
66 | 67 | passwd[0] = (passwd[0] ^ 0xab); |
67 | 68 | for (i = 1; i < strlen(passwd); i++) |
138 | 139 | return 1; |
139 | 140 | } |
140 | 141 | |
141 | ret = hydra_recv(s, buffer, sizeof(buffer)); | |
142 | ret = hydra_recv(s, buffer, sizeof(buffer) - 1); | |
142 | 143 | if (ret == -1) { |
143 | 144 | return 1; |
144 | 145 | } |
146 | 147 | if (i == 3) { |
147 | 148 | if (ret == 3) { |
148 | 149 | /*one more to get the login prompt */ |
149 | ret = hydra_recv(s, buffer, sizeof(buffer)); | |
150 | } | |
151 | } | |
150 | ret = hydra_recv(s, buffer, sizeof(buffer) - 1); | |
151 | } | |
152 | } | |
153 | ||
154 | if (ret >= 0) | |
155 | buffer[ret] = 0; | |
152 | 156 | |
153 | 157 | if (i == 0 || i == 3) |
154 | 158 | clean_buffer(buffer, ret); |
155 | 159 | |
156 | /*show_buffer(buffer,ret); */ | |
160 | if (debug) show_buffer(buffer, ret); | |
157 | 161 | |
158 | 162 | if (i == 2) { |
159 | 163 | clean_buffer(buffer, ret); |
164 | buffer[sizeof(buffer) - 1] = 0; | |
160 | 165 | if (strstr(buffer, server[i + 2]) != NULL) { |
161 | 166 | fprintf(stderr, "[ERROR] PC Anywhere host denying connection because you have requested a lower encrypt level\n"); |
162 | 167 | return 3; |
174 | 179 | if (send_cstring(s, clogin) < 0) { |
175 | 180 | return 1; |
176 | 181 | } |
177 | ret = hydra_recv(s, buffer, sizeof(buffer)); | |
178 | if (ret == -1) { | |
179 | return 1; | |
180 | } | |
182 | ret = hydra_recv(s, buffer, sizeof(buffer) - 1); | |
183 | if (ret < 0) { | |
184 | return 1; | |
185 | } | |
186 | buffer[ret] = 0; | |
181 | 187 | clean_buffer(buffer, ret); |
182 | 188 | /*show_buffer(buffer,ret); */ |
183 | 189 | if (strstr(buffer, "Enter password:") == NULL) { |
190 | 196 | } |
191 | 197 | |
192 | 198 | ret = hydra_recv(s, buffer, sizeof(buffer)); |
193 | if (ret == -1) { | |
194 | return 1; | |
195 | } | |
199 | if (ret < 0) | |
200 | return 1; | |
201 | else | |
202 | buffer[ret] = 0; | |
196 | 203 | |
197 | 204 | clean_buffer(buffer, ret); |
198 | 205 | /*show_buffer(buffer,ret); */ |
243 | 250 | port = mysslport; |
244 | 251 | } |
245 | 252 | if (sock < 0) { |
246 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
253 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
247 | 254 | hydra_child_exit(1); |
248 | 255 | } |
249 | 256 | |
270 | 277 | } |
271 | 278 | } |
272 | 279 | |
273 | int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
280 | int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
274 | 281 | // called before the childrens are forked off, so this is the function |
275 | 282 | // which should be filled if initial connections and service setup has to be |
276 | 283 | // performed once only. |
160 | 160 | sock = hydra_disconnect(sock); |
161 | 161 | // usleep(275000); |
162 | 162 | if ((sock = hydra_connect_udp(ip, port)) < 0) { |
163 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
163 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
164 | 164 | hydra_child_exit(1); |
165 | 165 | } |
166 | 166 | next_run = 2; |
182 | 182 | } |
183 | 183 | } |
184 | 184 | |
185 | int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
185 | int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
186 | 186 | // called before the childrens are forked off, so this is the function |
187 | 187 | // which should be filled if initial connections and service setup has to be |
188 | 188 | // performed once only. |
4 | 4 | |
5 | 5 | typedef struct pool_str { |
6 | 6 | char ip[36]; |
7 | /* int port;*/ // not needed | |
7 | ||
8 | /* int port;*/// not needed | |
8 | 9 | int pop3_auth_mechanism; |
9 | 10 | int disable_tls; |
10 | 11 | struct pool_str *next; |
16 | 17 | pool *plist = NULL, *p = NULL; |
17 | 18 | |
18 | 19 | /* functions */ |
19 | int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
20 | int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
20 | 21 | |
21 | 22 | pool *list_create(pool data) { |
22 | 23 | pool *p; |
23 | ||
24 | ||
24 | 25 | if (!(p = malloc(sizeof(pool)))) |
25 | 26 | return NULL; |
26 | 27 | |
27 | memcpy(p->ip, data.ip, 36); | |
28 | memcpy(p->ip, data.ip, 36); | |
28 | 29 | //p->port = data.port; |
29 | 30 | p->pop3_auth_mechanism = data.pop3_auth_mechanism; |
30 | 31 | p->disable_tls = data.disable_tls; |
31 | p->next=NULL; | |
32 | p->next = NULL; | |
32 | 33 | |
33 | 34 | return p; |
34 | 35 | } |
36 | 37 | pool *list_insert(pool data) { |
37 | 38 | pool *newnode; |
38 | 39 | |
39 | newnode=list_create(data); | |
40 | newnode = list_create(data); | |
40 | 41 | newnode->next = plist; |
41 | plist = newnode->next; // to be sure! | |
42 | plist = newnode->next; // to be sure! | |
42 | 43 | |
43 | 44 | return newnode; |
44 | 45 | } |
46 | 47 | pool *list_find(char *ip) { |
47 | 48 | pool *node = plist; |
48 | 49 | |
49 | while(node != NULL) { | |
50 | while (node != NULL) { | |
50 | 51 | if (memcmp(node->ip, ip, 36) == 0) |
51 | 52 | return node; |
52 | 53 | node = node->next; |
57 | 58 | |
58 | 59 | /* how to know when to release the mem ? |
59 | 60 | -> well, after _start has determined which pool number it is */ |
60 | int list_remove(pool *node) { | |
61 | int list_remove(pool * node) { | |
61 | 62 | pool *save, *list = plist; |
62 | 63 | int ok = -1; |
63 | ||
64 | ||
64 | 65 | if (list == NULL || node == NULL) |
65 | 66 | return -2; |
66 | ||
67 | ||
67 | 68 | do { |
68 | 69 | save = list->next; |
69 | 70 | if (list != node) |
72 | 73 | ok = 0; |
73 | 74 | list = save; |
74 | 75 | } while (list != NULL); |
75 | ||
76 | ||
76 | 77 | return ok; |
77 | 78 | } |
78 | 79 | |
117 | 118 | |
118 | 119 | int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { |
119 | 120 | char *empty = "\"\""; |
120 | char *login, *pass, buffer[500], buffer2[500]; | |
121 | char *login, *pass, buffer[500], buffer2[500], *fooptr; | |
121 | 122 | |
122 | 123 | if (strlen(login = hydra_get_next_login()) == 0) |
123 | 124 | login = empty; |
299 | 300 | from64tobits((char *) buffer, buf); |
300 | 301 | free(buf); |
301 | 302 | |
302 | if (verbose) | |
303 | hydra_report(stderr, "[VERBOSE] S: %s\n", buffer); | |
304 | ||
305 | sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); | |
306 | if (buffer2 == NULL) | |
303 | if (debug) | |
304 | hydra_report(stderr, "[DEBUG] S: %s\n", buffer); | |
305 | ||
306 | fooptr = buffer2; | |
307 | sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); | |
308 | if (fooptr == NULL) | |
307 | 309 | return 3; |
308 | 310 | |
309 | if (verbose) | |
310 | hydra_report(stderr, "[VERBOSE] C: %s\n", buffer2); | |
311 | if (debug) | |
312 | hydra_report(stderr, "[DEBUG] C: %s\n", buffer2); | |
311 | 313 | hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); |
312 | 314 | sprintf(buffer, "%s\r\n", buffer2); |
313 | 315 | } |
340 | 342 | sprintf(buffer, "%s\r\n", buf1); |
341 | 343 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) |
342 | 344 | return 1; |
343 | if ((buf = hydra_receive_line(s)) == NULL) | |
345 | if ((buf = hydra_receive_line(s)) == NULL || strlen(buf) < 6) | |
344 | 346 | return 4; |
345 | 347 | |
346 | 348 | //recover challenge |
376 | 378 | |
377 | 379 | if ((buf = hydra_receive_line(s)) == NULL) { |
378 | 380 | return 4; |
379 | } | |
381 | } | |
380 | 382 | |
381 | 383 | if (buf[0] == '+') { |
382 | 384 | hydra_report_found_host(port, ip, "pop3", fp); |
402 | 404 | return 2; |
403 | 405 | } |
404 | 406 | |
405 | void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
407 | void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
406 | 408 | int run = 1, next_run = 1, sock = -1, i; |
407 | 409 | char *ptr = NULL; |
408 | 410 | |
428 | 430 | case 1: /* connect and service init function */ |
429 | 431 | |
430 | 432 | if (sock >= 0) |
431 | sock = hydra_disconnect(sock); | |
432 | // usleep(300000); | |
433 | if ((options & OPTION_SSL) == 0) { | |
434 | sock = hydra_connect_tcp(ip, port); | |
435 | } else { | |
436 | sock = hydra_connect_ssl(ip, port); | |
437 | } | |
438 | if (sock < 0) { | |
439 | if (verbose || debug) | |
440 | hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
441 | hydra_child_exit(1); | |
442 | } | |
443 | buf = hydra_receive_line(sock); | |
444 | if (buf == NULL || buf[0] != '+') { /* check the first line */ | |
445 | if (verbose || debug) hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf); | |
446 | hydra_child_exit(2); | |
447 | } | |
448 | ||
449 | ptr = strstr(buf, "<"); | |
450 | if (ptr != NULL && buf[0] == '+') { | |
451 | if (ptr[strlen(ptr) - 1] == '\n') | |
452 | ptr[strlen(ptr) - 1] = 0; | |
453 | if (ptr[strlen(ptr) - 1] == '\r') | |
454 | ptr[strlen(ptr) - 1] = 0; | |
455 | strcpy(apop_challenge, ptr); | |
456 | } | |
457 | free(buf); | |
458 | ||
459 | #ifdef LIBOPENSSL | |
460 | if (!p->disable_tls) { | |
461 | /* check for STARTTLS, if available we may have access to more basic auth methods */ | |
462 | hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); | |
463 | buf = hydra_receive_line(sock); | |
464 | if (buf[0] != '+') { | |
465 | hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); | |
466 | } else { | |
467 | free(buf); | |
468 | if ((hydra_connect_to_ssl(sock) == -1)) { | |
469 | if (verbose) | |
470 | hydra_report(stderr, "[ERROR] Can't use TLS\n"); | |
471 | p->disable_tls = 1; | |
472 | } | |
473 | else { | |
474 | if (verbose) | |
475 | hydra_report(stderr, "[VERBOSE] TLS connection done\n"); | |
476 | } | |
477 | } | |
478 | } | |
433 | sock = hydra_disconnect(sock); | |
434 | // usleep(300000); | |
435 | if ((options & OPTION_SSL) == 0) { | |
436 | sock = hydra_connect_tcp(ip, port); | |
437 | } else { | |
438 | sock = hydra_connect_ssl(ip, port); | |
439 | } | |
440 | if (sock < 0) { | |
441 | if (verbose || debug) | |
442 | hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
443 | hydra_child_exit(1); | |
444 | } | |
445 | buf = hydra_receive_line(sock); | |
446 | if (buf == NULL || buf[0] != '+') { /* check the first line */ | |
447 | if (verbose || debug) | |
448 | hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf); | |
449 | hydra_child_exit(2); | |
450 | } | |
451 | ||
452 | ptr = strstr(buf, "<"); | |
453 | if (ptr != NULL && buf[0] == '+') { | |
454 | if (ptr[strlen(ptr) - 1] == '\n') | |
455 | ptr[strlen(ptr) - 1] = 0; | |
456 | if (ptr[strlen(ptr) - 1] == '\r') | |
457 | ptr[strlen(ptr) - 1] = 0; | |
458 | strcpy(apop_challenge, ptr); | |
459 | } | |
460 | free(buf); | |
461 | ||
462 | #ifdef LIBOPENSSL | |
463 | if (!p->disable_tls) { | |
464 | /* check for STARTTLS, if available we may have access to more basic auth methods */ | |
465 | hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); | |
466 | buf = hydra_receive_line(sock); | |
467 | if (buf[0] != '+') { | |
468 | hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); | |
469 | } else { | |
470 | free(buf); | |
471 | if ((hydra_connect_to_ssl(sock) == -1)) { | |
472 | if (verbose) | |
473 | hydra_report(stderr, "[ERROR] Can't use TLS\n"); | |
474 | p->disable_tls = 1; | |
475 | } else { | |
476 | if (verbose) | |
477 | hydra_report(stderr, "[VERBOSE] TLS connection done\n"); | |
478 | } | |
479 | } | |
480 | } | |
479 | 481 | #endif |
480 | 482 | |
481 | 483 | next_run = 2; |
502 | 504 | } |
503 | 505 | |
504 | 506 | |
505 | int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
507 | int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
506 | 508 | int myport = PORT_POP3, mysslport = PORT_POP3_SSL; |
507 | 509 | char *ptr = NULL; |
508 | 510 | int sock = -1; |
510 | 512 | char *quit_str = "QUIT\r\n"; |
511 | 513 | pool p; |
512 | 514 | |
513 | p.pop3_auth_mechanism=AUTH_CLEAR; | |
515 | p.pop3_auth_mechanism = AUTH_CLEAR; | |
514 | 516 | p.disable_tls = 1; |
515 | 517 | memcpy(p.ip, ip, 36); |
516 | 518 | |
532 | 534 | return -1; |
533 | 535 | } |
534 | 536 | buf = hydra_receive_line(sock); |
535 | if (buf == NULL || buf[0] != '+') { /* check the first line */ | |
537 | if (buf == NULL || buf[0] != '+') { /* check the first line */ | |
536 | 538 | if (verbose || debug) |
537 | 539 | hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf); |
538 | 540 | return -1; |
549 | 551 | free(buf); |
550 | 552 | |
551 | 553 | /* send capability request */ |
552 | if (hydra_send(sock, capa_str, strlen(capa_str), 0) < 0) { | |
554 | if (hydra_send(sock, capa_str, strlen(capa_str), 0) < 0) { | |
553 | 555 | if (verbose || debug) |
554 | 556 | hydra_report(stderr, "[ERROR] Can not send the CAPABILITY request\n"); |
555 | 557 | return -1; |
572 | 574 | p.disable_tls = 0; |
573 | 575 | } |
574 | 576 | } |
575 | ||
576 | 577 | |
577 | 578 | #ifdef LIBOPENSSL |
578 | 579 | if (!p.disable_tls) { |
582 | 583 | free(buf); |
583 | 584 | buf = hydra_receive_line(sock); |
584 | 585 | if (buf[0] != '+') { |
585 | hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); | |
586 | hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); | |
586 | 587 | } else { |
587 | 588 | free(buf); |
588 | 589 | if ((hydra_connect_to_ssl(sock) == -1)) { |
605 | 606 | hydra_report(stderr, "[ERROR] No answer from CAPABILITY request\n"); |
606 | 607 | return -1; |
607 | 608 | } |
608 | } | |
609 | } | |
609 | 610 | } |
610 | 611 | } else |
611 | 612 | hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); |
613 | 614 | #endif |
614 | 615 | |
615 | 616 | if (hydra_send(sock, quit_str, strlen(quit_str), 0) < 0) { |
616 | //we dont care if the server is not receiving the quit msg | |
617 | //we dont care if the server is not receiving the quit msg | |
617 | 618 | } |
618 | 619 | hydra_disconnect(sock); |
619 | 620 | |
621 | 622 | if (verbose) |
622 | 623 | hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); |
623 | 624 | |
624 | /* example: | |
625 | +OK Capability list follows: | |
626 | TOP | |
627 | LOGIN-DELAY 180 | |
628 | UIDL | |
629 | USER | |
630 | SASL PLAIN LOGIN | |
631 | */ | |
632 | ||
633 | /* according to rfc 2449: | |
634 | The POP3 AUTH command [POP-AUTH] permits the use of [SASL] | |
635 | authentication mechanisms with POP3. The SASL capability | |
636 | indicates that the AUTH command is available and that it supports | |
637 | an optional base64 encoded second argument for an initial client | |
638 | response as described in the SASL specification. The argument to | |
639 | the SASL capability is a space separated list of SASL mechanisms | |
640 | which are supported. | |
641 | */ | |
625 | /* example: | |
626 | +OK Capability list follows: | |
627 | TOP | |
628 | LOGIN-DELAY 180 | |
629 | UIDL | |
630 | USER | |
631 | SASL PLAIN LOGIN | |
632 | */ | |
633 | ||
634 | /* according to rfc 2449: | |
635 | The POP3 AUTH command [POP-AUTH] permits the use of [SASL] | |
636 | authentication mechanisms with POP3. The SASL capability | |
637 | indicates that the AUTH command is available and that it supports | |
638 | an optional base64 encoded second argument for an initial client | |
639 | response as described in the SASL specification. The argument to | |
640 | the SASL capability is a space separated list of SASL mechanisms | |
641 | which are supported. | |
642 | */ | |
642 | 643 | |
643 | 644 | /* which mean threre will *always* have a space before the LOGIN auth keyword */ |
644 | 645 | if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) { |
761 | 762 | } |
762 | 763 | } |
763 | 764 | |
764 | if(!plist) | |
765 | plist=list_create(p); | |
766 | else | |
767 | plist=list_insert(p); | |
765 | if (!plist) | |
766 | plist = list_create(p); | |
767 | else | |
768 | plist = list_insert(p); | |
768 | 769 | |
769 | 770 | return 0; |
770 | 771 | } |
28 | 28 | PGconn *pgconn; |
29 | 29 | |
30 | 30 | if (miscptr) |
31 | strncpy(database, miscptr, sizeof(database)); | |
31 | strncpy(database, miscptr, sizeof(database) - 1); | |
32 | 32 | else |
33 | strncpy(database, DEFAULT_DB, sizeof(database)); | |
33 | strncpy(database, DEFAULT_DB, sizeof(database) - 1); | |
34 | database[sizeof(database) - 1] = 0; | |
34 | 35 | |
35 | 36 | if (strlen(login = hydra_get_next_login()) == 0) |
36 | 37 | login = empty; |
91 | 92 | port = mysslport; |
92 | 93 | } |
93 | 94 | if (sock < 0) { |
94 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
95 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
95 | 96 | hydra_child_exit(1); |
96 | 97 | } |
97 | 98 | next_run = 2; |
117 | 118 | |
118 | 119 | #endif |
119 | 120 | |
120 | int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
121 | int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
121 | 122 | // called before the childrens are forked off, so this is the function |
122 | 123 | // which should be filled if initial connections and service setup has to be |
123 | 124 | // performed once only. |
0 | ||
0 | 1 | /* |
1 | 2 | david: this module is heavily based on rdesktop v 1.7.0 |
2 | 3 | |
51 | 52 | BOOL g_bitmap_compression = True; |
52 | 53 | BOOL g_desktop_save = True; |
53 | 54 | int g_server_depth = -1; |
54 | int os_version = 0; //2000 | |
55 | int os_version = 0; //2000 | |
55 | 56 | |
56 | 57 | uint32 g_rdp5_performanceflags = RDP5_NO_WALLPAPER | RDP5_NO_FULLWINDOWDRAG | RDP5_NO_MENUANIMATIONS; |
57 | 58 | |
643 | 644 | |
644 | 645 | /* Send a single input event fast JL, this is required for win8 */ |
645 | 646 | void rdp_send_fast_input_kbd(uint32 time, uint16 flags, uint16 param1) { |
646 | STREAM s; | |
647 | uint8 fast_flags = 0; | |
648 | uint8 len=4; | |
649 | ||
650 | fast_flags |= (flags & RDP_KEYRELEASE) ? FASTPATH_INPUT_KBDFLAGS_RELEASE : 0; | |
651 | s = tcp_init(len); | |
652 | out_uint8(s, (1 << 2)); //one event | |
653 | out_uint8(s, len); | |
654 | out_uint8(s, fast_flags|(FASTPATH_INPUT_EVENT_SCANCODE<<5)); | |
655 | out_uint8(s, param1); | |
656 | s_mark_end(s); | |
657 | tcp_send(s); | |
647 | STREAM s; | |
648 | uint8 fast_flags = 0; | |
649 | uint8 len = 4; | |
650 | ||
651 | fast_flags |= (flags & RDP_KEYRELEASE) ? FASTPATH_INPUT_KBDFLAGS_RELEASE : 0; | |
652 | s = tcp_init(len); | |
653 | out_uint8(s, (1 << 2)); //one event | |
654 | out_uint8(s, len); | |
655 | out_uint8(s, fast_flags | (FASTPATH_INPUT_EVENT_SCANCODE << 5)); | |
656 | out_uint8(s, param1); | |
657 | s_mark_end(s); | |
658 | tcp_send(s); | |
658 | 659 | } |
659 | 660 | |
660 | 661 | /* Send a single input event fast JL, this is required for win8 */ |
661 | void rdp_send_fast_input_mouse(uint32 time, uint16 flags, uint16 param1,uint16 param2) { | |
662 | STREAM s; | |
663 | uint8 len=9; | |
664 | ||
665 | s = tcp_init(len); | |
666 | out_uint8(s, (1 << 2)); //one event | |
667 | out_uint8(s, len); | |
668 | out_uint8(s, (FASTPATH_INPUT_EVENT_MOUSE<<5)); | |
669 | out_uint16(s, flags); | |
670 | out_uint16(s, param1); | |
671 | out_uint16(s, param2); | |
672 | s_mark_end(s); | |
673 | tcp_send(s); | |
662 | void rdp_send_fast_input_mouse(uint32 time, uint16 flags, uint16 param1, uint16 param2) { | |
663 | STREAM s; | |
664 | uint8 len = 9; | |
665 | ||
666 | s = tcp_init(len); | |
667 | out_uint8(s, (1 << 2)); //one event | |
668 | out_uint8(s, len); | |
669 | out_uint8(s, (FASTPATH_INPUT_EVENT_MOUSE << 5)); | |
670 | out_uint16(s, flags); | |
671 | out_uint16(s, param1); | |
672 | out_uint16(s, param2); | |
673 | s_mark_end(s); | |
674 | tcp_send(s); | |
674 | 675 | } |
675 | 676 | |
676 | 677 | |
785 | 786 | /* Disconnect from the ISO layer */ |
786 | 787 | void iso_disconnect(void) { |
787 | 788 | iso_send_msg(ISO_PDU_DR); |
788 | g_sock=hydra_disconnect(g_sock); | |
789 | g_sock = hydra_disconnect(g_sock); | |
789 | 790 | } |
790 | 791 | |
791 | 792 | /* reset the state to support reconnecting */ |
1576 | 1577 | /* Receive secure transport packet */ |
1577 | 1578 | STREAM sec_recv(uint8 * rdpver) { |
1578 | 1579 | uint32 sec_flags; |
1579 | uint16 channel = 0 ; | |
1580 | uint16 channel = 0; | |
1580 | 1581 | STREAM s; |
1581 | 1582 | |
1582 | 1583 | while ((s = mcs_recv(&channel, rdpver)) != NULL) { |
1855 | 1856 | DEBUG(("MEMBLT(op=0x%x,x=%d,y=%d,cx=%d,cy=%d,id=%d,idx=%d)\n", os->opcode, os->x, os->y, os->cx, os->cy, os->cache_id, os->cache_idx)); |
1856 | 1857 | //MEMBLT(op=0xcc,x=640,y=128,cx=64,cy=64,id=2,idx=117) => win8 failed |
1857 | 1858 | |
1858 | if ((os->opcode == 0xcc && os->x == 740 && os->y == 448 && os->cx == 60 && os->cy == 56 && os->cache_id == 2)|| | |
1859 | (os->opcode == 0xcc && os->x == 640 && os->y == 128 && os->cx == 64 && os->cy == 64 && os->cache_id == 2 && os->cache_idx > 100)) | |
1860 | { | |
1859 | if ((os->opcode == 0xcc && os->x == 740 && os->y == 448 && os->cx == 60 && os->cy == 56 && os->cache_id == 2) || | |
1860 | (os->opcode == 0xcc && os->x == 640 && os->y == 128 && os->cx == 64 && os->cy == 64 && os->cache_id == 2 && os->cache_idx > 100)) { | |
1861 | 1861 | if (debug) |
1862 | 1862 | hydra_report(stderr, "[DEBUG] Login failed from process_memblt\n"); |
1863 | 1863 | login_result = LOGIN_FAIL; |
1865 | 1865 | } |
1866 | 1866 | |
1867 | 1867 | /* Process a text order */ |
1868 | static void process_text2(STREAM s, TEXT2_ORDER *os, uint32 present, BOOL delta) { | |
1868 | static void process_text2(STREAM s, TEXT2_ORDER * os, uint32 present, BOOL delta) { | |
1869 | 1869 | int i; |
1870 | 1870 | |
1871 | 1871 | if (present & 0x000001) |
1944 | 1944 | //on win2k, error can be fe 00 00 or fe 02 00 |
1945 | 1945 | if (((os->text[0] == 254) && (os->text[2] == 0)) || (!memcmp(os->text, LOGON_MESSAGE_FAILED_XP, 18))) { |
1946 | 1946 | if (debug) |
1947 | hydra_report(stderr,"[DEBUG] login failed from process_text2\n"); | |
1947 | hydra_report(stderr, "[DEBUG] login failed from process_text2\n"); | |
1948 | 1948 | login_result = LOGIN_FAIL; |
1949 | 1949 | } else { |
1950 | 1950 | //if it's not an well known error and if it's not just traffic from win 2000 server |
1951 | 1951 | |
1952 | 1952 | if ((os_version == 2000) && (os->length > 50)) { |
1953 | 1953 | if (debug) |
1954 | hydra_report(stderr,"[DEBUG] login success from process_text2\n"); | |
1954 | hydra_report(stderr, "[DEBUG] login success from process_text2\n"); | |
1955 | 1955 | login_result = LOGIN_SUCC; |
1956 | 1956 | } |
1957 | 1957 | } |
1974 | 1974 | next_order = s->p + (sint16) length + 7; |
1975 | 1975 | |
1976 | 1976 | /* |
1977 | switch (type) | |
1978 | { | |
1979 | case RDP_ORDER_RAW_BMPCACHE: | |
1980 | break; | |
1981 | ||
1982 | case RDP_ORDER_COLCACHE: | |
1983 | break; | |
1984 | ||
1985 | case RDP_ORDER_BMPCACHE: | |
1986 | break; | |
1987 | ||
1988 | case RDP_ORDER_FONTCACHE: | |
1989 | process_fontcache(s); | |
1990 | break; | |
1991 | ||
1992 | case RDP_ORDER_RAW_BMPCACHE2: | |
1993 | break; | |
1994 | ||
1995 | case RDP_ORDER_BMPCACHE2: | |
1996 | break; | |
1997 | ||
1998 | case RDP_ORDER_BRUSHCACHE: | |
1999 | process_brushcache(s, flags); | |
2000 | break; | |
2001 | ||
2002 | default: | |
2003 | unimpl("secondary order %d\n", type); | |
2004 | } | |
2005 | */ | |
1977 | switch (type) | |
1978 | { | |
1979 | case RDP_ORDER_RAW_BMPCACHE: | |
1980 | break; | |
1981 | ||
1982 | case RDP_ORDER_COLCACHE: | |
1983 | break; | |
1984 | ||
1985 | case RDP_ORDER_BMPCACHE: | |
1986 | break; | |
1987 | ||
1988 | case RDP_ORDER_FONTCACHE: | |
1989 | process_fontcache(s); | |
1990 | break; | |
1991 | ||
1992 | case RDP_ORDER_RAW_BMPCACHE2: | |
1993 | break; | |
1994 | ||
1995 | case RDP_ORDER_BMPCACHE2: | |
1996 | break; | |
1997 | ||
1998 | case RDP_ORDER_BRUSHCACHE: | |
1999 | process_brushcache(s, flags); | |
2000 | break; | |
2001 | ||
2002 | default: | |
2003 | unimpl("secondary order %d\n", type); | |
2004 | } | |
2005 | */ | |
2006 | 2006 | s->p = next_order; |
2007 | 2007 | } |
2008 | 2008 | |
2086 | 2086 | case RDP_ORDER_TEXT2: |
2087 | 2087 | process_text2(s, &os->text2, present, delta); |
2088 | 2088 | break; |
2089 | ||
2089 | ||
2090 | 2090 | default: |
2091 | 2091 | if (debug) |
2092 | 2092 | printf("[DEBUG] unknown order_type: %d\n", os->order_type); |
2423 | 2423 | strcpy(server, hydra_address2string(ip)); |
2424 | 2424 | |
2425 | 2425 | if ((miscptr != NULL) && (strlen(miscptr) > 0)) { |
2426 | strncpy(domain, miscptr, sizeof(domain)); | |
2426 | strncpy(domain, miscptr, sizeof(domain) - 1); | |
2427 | domain[sizeof(domain) - 1] = 0; | |
2427 | 2428 | } |
2428 | 2429 | |
2429 | 2430 | if (!rdp_connect(server, flags, domain, login, pass, shell, directory, g_redirect)) |
2434 | 2435 | if (login_result == LOGIN_SUCC) { |
2435 | 2436 | hydra_report_found_host(port, ip, "rdp", fp); |
2436 | 2437 | hydra_completed_pair_found(); |
2437 | } else { | |
2438 | } else { | |
2438 | 2439 | hydra_completed_pair(); |
2439 | 2440 | } |
2440 | 2441 | |
2462 | 2463 | rdesktop_reset_state(); |
2463 | 2464 | g_sock = hydra_connect_tcp(ip, myport); |
2464 | 2465 | if (g_sock < 0) { |
2465 | hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
2466 | hydra_child_exit(1); | |
2466 | hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
2467 | hydra_child_exit(1); | |
2467 | 2468 | } |
2468 | 2469 | next_run = start_rdp(g_sock, ip, port, options, miscptr, fp); |
2469 | 2470 | break; |
2707 | 2708 | STREAM s; |
2708 | 2709 | |
2709 | 2710 | switch (message_type) { |
2710 | case RDP_INPUT_MOUSE: | |
2711 | rdp_send_fast_input_mouse(time,device_flags, param1,param2); | |
2712 | break; | |
2713 | case RDP_INPUT_SCANCODE: | |
2714 | rdp_send_fast_input_kbd(time,device_flags, param1); | |
2715 | break; | |
2716 | default: | |
2717 | s = rdp_init_data(16); | |
2718 | out_uint16_le(s, 1); /* number of events */ | |
2719 | out_uint16(s, 0); /* pad */ | |
2720 | out_uint32_le(s, time); | |
2721 | out_uint16_le(s, message_type); | |
2722 | out_uint16_le(s, device_flags); | |
2723 | out_uint16_le(s, param1); | |
2724 | out_uint16_le(s, param2); | |
2725 | s_mark_end(s); | |
2726 | rdp_send_data(s, RDP_DATA_PDU_INPUT); | |
2711 | case RDP_INPUT_MOUSE: | |
2712 | rdp_send_fast_input_mouse(time, device_flags, param1, param2); | |
2713 | break; | |
2714 | case RDP_INPUT_SCANCODE: | |
2715 | rdp_send_fast_input_kbd(time, device_flags, param1); | |
2716 | break; | |
2717 | default: | |
2718 | s = rdp_init_data(16); | |
2719 | out_uint16_le(s, 1); /* number of events */ | |
2720 | out_uint16(s, 0); /* pad */ | |
2721 | out_uint32_le(s, time); | |
2722 | out_uint16_le(s, message_type); | |
2723 | out_uint16_le(s, device_flags); | |
2724 | out_uint16_le(s, param1); | |
2725 | out_uint16_le(s, param2); | |
2726 | s_mark_end(s); | |
2727 | rdp_send_data(s, RDP_DATA_PDU_INPUT); | |
2727 | 2728 | } |
2728 | 2729 | } |
2729 | 2730 | |
2799 | 2800 | order_caps[11] = (g_desktop_save ? 1 : 0); /* desksave */ |
2800 | 2801 | order_caps[13] = 1; /* memblt */ |
2801 | 2802 | order_caps[14] = 1; /* triblt */ |
2802 | order_caps[20] = 1; /* polygon */ | |
2803 | order_caps[21] = 1; /* polygon2 */ | |
2803 | order_caps[20] = 1; /* polygon */ | |
2804 | order_caps[21] = 1; /* polygon2 */ | |
2804 | 2805 | order_caps[22] = 1; /* polyline */ |
2805 | order_caps[25] = 1; /* ellipse */ | |
2806 | order_caps[26] = 1; /* ellipse2 */ | |
2806 | order_caps[25] = 1; /* ellipse */ | |
2807 | order_caps[26] = 1; /* ellipse2 */ | |
2807 | 2808 | order_caps[27] = 1; /* text2 */ |
2808 | 2809 | out_uint16_le(s, RDP_CAPSET_ORDER); |
2809 | 2810 | out_uint16_le(s, RDP_CAPLEN_ORDER); |
3082 | 3083 | rdp_recv(&type); /* RDP_PDU_SYNCHRONIZE */ |
3083 | 3084 | rdp_recv(&type); /* RDP_CTL_COOPERATE */ |
3084 | 3085 | rdp_recv(&type); /* RDP_CTL_GRANT_CONTROL */ |
3085 | rdp_send_input(0, 0, 0, 0, 0); /* RDP_INPUT_SYNCHRONIZE */ | |
3086 | rdp_send_input(0, 0, 0, 0, 0); /* RDP_INPUT_SYNCHRONIZE */ | |
3086 | 3087 | // here? XXX TODO BUGFIX |
3087 | 3088 | |
3088 | 3089 | if (g_use_rdp5) { |
3194 | 3195 | } |
3195 | 3196 | #endif |
3196 | 3197 | |
3197 | int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
3198 | int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
3198 | 3199 | // called before the childrens are forked off, so this is the function |
3199 | 3200 | // which should be filled if initial connections and service setup has to be |
3200 | 3201 | // performed once only. |
0 | #include "hydra-mod.h" | |
1 | ||
2 | extern char *HYDRA_EXIT; | |
3 | char *buf; | |
4 | ||
5 | int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { | |
6 | char *pass, buffer[510]; | |
7 | char *empty = ""; | |
8 | ||
9 | if (strlen(pass = hydra_get_next_password()) == 0) | |
10 | pass = empty; | |
11 | ||
12 | sprintf(buffer, "AUTH %.250s\r\n", pass); | |
13 | ||
14 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { | |
15 | return 1; | |
16 | } | |
17 | buf = hydra_receive_line(s); | |
18 | if (buf[0] == '+') { | |
19 | hydra_report_found_host(port, ip, "redis", fp); | |
20 | hydra_completed_pair_found(); | |
21 | free(buf); | |
22 | if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) | |
23 | return 3; | |
24 | return 1; | |
25 | } | |
26 | if (verbose > 1) | |
27 | hydra_report(stderr, "[VERBOSE] Authentication failed for password %s\n", pass); | |
28 | hydra_completed_pair(); | |
29 | ||
30 | free(buf); | |
31 | ||
32 | return 1; | |
33 | } | |
34 | ||
35 | void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, int tls) { | |
36 | int run = 1, next_run = 1, sock = -1; | |
37 | int myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; | |
38 | ||
39 | hydra_register_socket(sp); | |
40 | if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) | |
41 | hydra_child_exit(0); | |
42 | ||
43 | while (1) { | |
44 | switch (run) { | |
45 | case 1: /* connect and service init function */ | |
46 | if (sock >= 0) | |
47 | sock = hydra_disconnect(sock); | |
48 | if ((options & OPTION_SSL) == 0) { | |
49 | if (port != 0) | |
50 | myport = port; | |
51 | sock = hydra_connect_tcp(ip, myport); | |
52 | port = myport; | |
53 | } else { | |
54 | if (port != 0) | |
55 | mysslport = port; | |
56 | sock = hydra_connect_ssl(ip, mysslport); | |
57 | port = mysslport; | |
58 | } | |
59 | if (sock < 0) { | |
60 | if (verbose || debug) | |
61 | hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
62 | hydra_child_exit(1); | |
63 | } | |
64 | usleep(250); | |
65 | next_run = 2; | |
66 | break; | |
67 | case 2: /* run the cracking function */ | |
68 | next_run = start_redis(sock, ip, port, options, miscptr, fp); | |
69 | break; | |
70 | case 3: /* error exit */ | |
71 | if (sock >= 0) | |
72 | sock = hydra_disconnect(sock); | |
73 | hydra_child_exit(2); | |
74 | case 4: /* clean exit */ | |
75 | if (sock >= 0) | |
76 | sock = hydra_disconnect(sock); | |
77 | hydra_child_exit(0); | |
78 | default: | |
79 | hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); | |
80 | hydra_child_exit(2); | |
81 | } | |
82 | run = next_run; | |
83 | } | |
84 | } | |
85 | ||
86 | void service_redis(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
87 | service_redis_core(ip, sp, options, miscptr, fp, port, 0); | |
88 | } | |
89 | ||
90 | int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
91 | // called before the childrens are forked off, so this is the function | |
92 | // which should be filled if initial connections and service setup has to be | |
93 | // performed once only. | |
94 | // | |
95 | // fill if needed. | |
96 | // | |
97 | // return codes: | |
98 | // 0 all OK | |
99 | // -1 error, hydra will exit, so print a good error message here | |
100 | ||
101 | return 0; | |
102 | } |
31 | 31 | return 1; |
32 | 32 | } |
33 | 33 | |
34 | ret = hydra_recv(s, buffer, sizeof(buffer)); | |
34 | ret = hydra_recv(s, buffer, sizeof(buffer) - 1); | |
35 | 35 | |
36 | 36 | if (ret > 0 && buffer[0] == 0) { |
37 | 37 | hydra_report_found_host(port, ip, "rexec", fp); |
94 | 94 | } |
95 | 95 | } |
96 | 96 | |
97 | int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
97 | int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
98 | 98 | // called before the childrens are forked off, so this is the function |
99 | 99 | // which should be filled if initial connections and service setup has to be |
100 | 100 | // performed once only. |
37 | 37 | if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(login) + strlen(TERM), 0) < 0) { |
38 | 38 | return 4; |
39 | 39 | } |
40 | ret = hydra_recv(s, buffer, sizeof(buffer)); | |
40 | buffer[0] = 0; | |
41 | if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) >= 0) | |
42 | buffer[ret] = 0; | |
41 | 43 | /* 0x00 is sent but hydra_recv transformed it */ |
42 | if (strlen(buffer) == 0) | |
43 | ret = hydra_recv(s, buffer, sizeof(buffer)); | |
44 | if (strlen(buffer) == 0) { | |
45 | ret = hydra_recv(s, buffer, sizeof(buffer) - 1); | |
46 | } | |
47 | if (ret >= 0) | |
48 | buffer[ret] = 0; | |
44 | 49 | |
45 | 50 | if (ret > 0 && (strstr(buffer, "rlogind:") != NULL)) |
46 | 51 | return 1; |
47 | 52 | |
48 | 53 | if (ret > 0 && (strstr(buffer, "ssword") != NULL)) { |
49 | if (strlen(pass = hydra_get_next_password()) == 0) | |
54 | if (strlen((pass = hydra_get_next_password())) == 0) | |
50 | 55 | pass = empty; |
51 | 56 | sprintf(buffer2, "%s\r", pass); |
52 | 57 | if (hydra_send(s, buffer2, 1 + strlen(pass), 0) < 0) { |
55 | 60 | memset(buffer, 0, sizeof(buffer)); |
56 | 61 | ret = hydra_recv(s, buffer, sizeof(buffer)); |
57 | 62 | if (strcmp(buffer, "\r\n")) |
58 | ret = hydra_recv(s, buffer, sizeof(buffer)); | |
63 | ret = hydra_recv(s, buffer, sizeof(buffer) - 1); | |
64 | if (ret >= 0) | |
65 | buffer[ret] = 0; | |
59 | 66 | } |
60 | 67 | /* Authentication failure */ |
61 | 68 | |
133 | 140 | } |
134 | 141 | } |
135 | 142 | |
136 | int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
143 | int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
137 | 144 | // called before the childrens are forked off, so this is the function |
138 | 145 | // which should be filled if initial connections and service setup has to be |
139 | 146 | // performed once only. |
35 | 35 | return 4; |
36 | 36 | } |
37 | 37 | |
38 | ret = hydra_recv(s, buffer, sizeof(buffer)); | |
38 | buffer[0] = 0; | |
39 | if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) >= 0) | |
40 | buffer[ret] = 0; | |
39 | 41 | /* 0x00 is sent but hydra_recv transformed it */ |
40 | 42 | if (strlen(buffer) == 0) |
41 | ret = hydra_recv(s, buffer, sizeof(buffer)); | |
43 | ret = hydra_recv(s, buffer, sizeof(buffer) - 1); | |
44 | if (ret >= 0) | |
45 | buffer[ret] = 0; | |
42 | 46 | #ifdef HAVE_PCRE |
43 | 47 | if (ret > 0 && (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)"))) { |
44 | 48 | #else |
106 | 110 | } |
107 | 111 | } |
108 | 112 | |
109 | int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
113 | int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
110 | 114 | // called before the childrens are forked off, so this is the function |
111 | 115 | // which should be filled if initial connections and service setup has to be |
112 | 116 | // performed once only. |
0 | // submitted by Alexander Timorin <ATimorin@ptsecurity.com> and Sergey Gordeychik | |
1 | ||
2 | #include "hydra-mod.h" | |
3 | ||
4 | #define S7PASSLEN 8 | |
5 | ||
6 | extern char *HYDRA_EXIT; | |
7 | ||
8 | unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" "\x01\x0a"; | |
9 | ||
10 | unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" "\x01\x00\x01\x01\xe0"; | |
11 | ||
12 | unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" "\x32\x00\x04"; | |
13 | ||
14 | unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" "\x04\x11\x45\x01\x00\xff\x09\x00\x08"; | |
15 | ||
16 | ||
17 | int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { | |
18 | char *empty = ""; | |
19 | char *pass, buffer[1024]; | |
20 | char context[S7PASSLEN + 1]; | |
21 | unsigned char encoded_password[S7PASSLEN]; | |
22 | char *spaces = " "; | |
23 | int ret = -1; | |
24 | ||
25 | if (strlen(pass = hydra_get_next_password()) == 0) | |
26 | pass = empty; | |
27 | ||
28 | // prepare password | |
29 | memset(context, 0, sizeof(context)); | |
30 | if (strlen(pass) < S7PASSLEN) { | |
31 | strncpy(context, pass, strlen(pass)); | |
32 | strncat(context, spaces, S7PASSLEN - strlen(pass)); | |
33 | } else { | |
34 | strncpy(context, pass, S7PASSLEN); | |
35 | } | |
36 | ||
37 | // encode password | |
38 | encoded_password[0] = context[0] ^ 0x55; | |
39 | encoded_password[1] = context[1] ^ 0x55; | |
40 | int i; | |
41 | ||
42 | for (i = 2; i < S7PASSLEN; i++) { | |
43 | encoded_password[i] = context[i] ^ encoded_password[i - 2] ^ 0x55; | |
44 | } | |
45 | ||
46 | // send p_cotp and check first 2 bytes of answer | |
47 | if (hydra_send(s, (char *) p_cotp, 22, 0) < 0) | |
48 | return 1; | |
49 | memset(buffer, 0, sizeof(buffer)); | |
50 | ret = hydra_recv_nb(s, buffer, sizeof(buffer)); | |
51 | ||
52 | if (ret <= 0) | |
53 | return 3; | |
54 | ||
55 | if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) | |
56 | return 3; | |
57 | ||
58 | // send p_s7_negotiate_pdu and check first 2 bytes of answer | |
59 | if (hydra_send(s, (char *) p_s7_negotiate_pdu, 25, 0) < 0) | |
60 | return 1; | |
61 | memset(buffer, 0, sizeof(buffer)); | |
62 | ret = hydra_recv_nb(s, buffer, sizeof(buffer)); | |
63 | ||
64 | if (ret <= 0) | |
65 | return 3; | |
66 | ||
67 | if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) | |
68 | return 3; | |
69 | ||
70 | // send p_s7_read_szl and check first 2 bytes of answer | |
71 | if (hydra_send(s, (char *) p_s7_read_szl, 33, 0) < 0) | |
72 | return 1; | |
73 | memset(buffer, 0, sizeof(buffer)); | |
74 | ret = hydra_recv_nb(s, buffer, sizeof(buffer)); | |
75 | ||
76 | if (ret <= 0) | |
77 | return 3; | |
78 | ||
79 | if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) | |
80 | return 3; | |
81 | ||
82 | // so now add encoded_password to p_s7_password_request and send | |
83 | memset(buffer, 0, sizeof(buffer)); | |
84 | memcpy(buffer, p_s7_password_request, 29); | |
85 | memcpy(buffer + 29, encoded_password, S7PASSLEN); | |
86 | ||
87 | if (hydra_send(s, buffer, 29 + S7PASSLEN, 0) < 0) | |
88 | return 1; | |
89 | ||
90 | memset(buffer, 0, sizeof(buffer)); | |
91 | ret = hydra_recv_nb(s, buffer, sizeof(buffer)); | |
92 | ||
93 | if (ret <= 0) | |
94 | return 3; | |
95 | ||
96 | // now check answer | |
97 | // 0x0000 - valid password | |
98 | // 0xd605 - no password | |
99 | // 0xd602 - wrong password | |
100 | if (ret > 30) { | |
101 | if (buffer[27] == '\x00' && buffer[28] == '\x00') { | |
102 | hydra_report_found_host(port, ip, "s7-300", fp); | |
103 | hydra_completed_pair_found(); | |
104 | if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) | |
105 | return 2; | |
106 | return 1; | |
107 | } | |
108 | ||
109 | if (buffer[27] == '\xd6' && buffer[28] == '\x05') { | |
110 | //hydra_report_found_host(port, ip, "s7-300", fp); | |
111 | hydra_completed_pair_found(); | |
112 | hydra_report(stderr, "[INFO] No password protection enabled\n"); | |
113 | if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) | |
114 | return 2; | |
115 | return 1; | |
116 | } | |
117 | } | |
118 | ||
119 | hydra_completed_pair(); | |
120 | if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) | |
121 | return 2; | |
122 | ||
123 | return 1; | |
124 | } | |
125 | ||
126 | void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
127 | int run = 1, next_run = 1, sock = -1; | |
128 | int s7port = PORT_S7_300; | |
129 | ||
130 | if (port != 0) | |
131 | s7port = port; | |
132 | ||
133 | hydra_register_socket(sp); | |
134 | if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) | |
135 | return; | |
136 | while (1) { | |
137 | switch (run) { | |
138 | case 1: /* connect and service init function */ | |
139 | sock = hydra_connect_tcp(ip, s7port); | |
140 | if (sock < 0) { | |
141 | hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
142 | hydra_child_exit(1); | |
143 | } | |
144 | next_run = start_s7_300(sock, ip, s7port, options, miscptr, fp); | |
145 | sock = hydra_disconnect(sock); | |
146 | break; | |
147 | case 2: /* clean exit */ | |
148 | if (sock >= 0) | |
149 | sock = hydra_disconnect(sock); | |
150 | hydra_child_exit(0); | |
151 | return; | |
152 | case 3: /* clean exit */ | |
153 | if (sock >= 0) | |
154 | sock = hydra_disconnect(sock); | |
155 | hydra_child_exit(2); | |
156 | return; | |
157 | default: | |
158 | hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); | |
159 | hydra_child_exit(2); | |
160 | } | |
161 | run = next_run; | |
162 | } | |
163 | } | |
164 | ||
165 | int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
166 | // called before the childrens are forked off, so this is the function | |
167 | // which should be filled if initial connections and service setup has to be | |
168 | // performed once only. | |
169 | // | |
170 | // fill if needed. | |
171 | // | |
172 | // return codes: | |
173 | // 0 all OK | |
174 | // 1 skip target without generating an error | |
175 | // 2 skip target because of protocol problems | |
176 | // 3 skip target because its unreachable | |
177 | int sock = -1; | |
178 | int s7port = PORT_S7_300; | |
179 | char *empty = ""; | |
180 | char *pass, buffer[1024]; | |
181 | char context[S7PASSLEN + 1]; | |
182 | unsigned char encoded_password[S7PASSLEN]; | |
183 | char *spaces = " "; | |
184 | int ret = -1; | |
185 | int i; | |
186 | ||
187 | if (port != 0) | |
188 | s7port = port; | |
189 | ||
190 | if (debug || verbose) | |
191 | printf("[INFO] Checking authentication setup...\n"); | |
192 | ||
193 | sock = hydra_connect_tcp(ip, s7port); | |
194 | if (sock < 0) { | |
195 | hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", s7port); | |
196 | return 2; | |
197 | } | |
198 | ||
199 | pass = empty; | |
200 | ||
201 | // prepare password | |
202 | memset(context, 0, sizeof(context)); | |
203 | strncat(context, spaces, S7PASSLEN - strlen(pass)); | |
204 | ||
205 | // encode password | |
206 | encoded_password[0] = context[0] ^ 0x55; | |
207 | encoded_password[1] = context[1] ^ 0x55; | |
208 | for (i = 2; i < S7PASSLEN; i++) { | |
209 | encoded_password[i] = context[i] ^ encoded_password[i - 2] ^ 0x55; | |
210 | } | |
211 | ||
212 | // send p_cotp and check first 2 bytes of answer | |
213 | if (hydra_send(sock, (char *) p_cotp, 22, 0) < 0) { | |
214 | fprintf(stderr, "[ERROR] can not send data to service\n"); | |
215 | return 3; | |
216 | } | |
217 | memset(buffer, 0, sizeof(buffer)); | |
218 | if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) { | |
219 | fprintf(stderr, "[ERROR] did not received data from the service\n"); | |
220 | return 3; | |
221 | } | |
222 | ||
223 | if (ret < 2 || (buffer[0] != 0x03 && buffer[1] != 0x00)) { | |
224 | fprintf(stderr, "[ERROR] invalid reply to init packet\n"); | |
225 | return 3; | |
226 | } | |
227 | // send p_s7_negotiate_pdu and check first 2 bytes of answer | |
228 | if (hydra_send(sock, (char *) p_s7_negotiate_pdu, 25, 0) < 0) { | |
229 | fprintf(stderr, "[ERROR] can not send data to service (2)\n"); | |
230 | return 3; | |
231 | } | |
232 | memset(buffer, 0, sizeof(buffer)); | |
233 | if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) { | |
234 | fprintf(stderr, "[ERROR] did not received data from the service (2)\n"); | |
235 | return 3; | |
236 | } | |
237 | ||
238 | if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) { | |
239 | fprintf(stderr, "[ERROR] invalid reply to init packet (2)\n"); | |
240 | return 3; | |
241 | } | |
242 | // send p_s7_read_szl and check first 2 bytes of answer | |
243 | if (hydra_send(sock, (char *) p_s7_read_szl, 33, 0) < 0) { | |
244 | fprintf(stderr, "[ERROR] can not send data to service (3)\n"); | |
245 | return 3; | |
246 | } | |
247 | memset(buffer, 0, sizeof(buffer)); | |
248 | if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) >= 0) { | |
249 | fprintf(stderr, "[ERROR] did not received data from the service (3)\n"); | |
250 | return 3; | |
251 | } | |
252 | ||
253 | if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) { | |
254 | fprintf(stderr, "[ERROR] invalid reply to init packet (3)\n"); | |
255 | return 3; | |
256 | } | |
257 | // so now add encoded_password to p_s7_password_request and send | |
258 | memset(buffer, 0, sizeof(buffer)); | |
259 | memcpy(buffer, p_s7_password_request, 29); | |
260 | memcpy(buffer + 29, encoded_password, S7PASSLEN); | |
261 | ||
262 | if (hydra_send(sock, buffer, 29 + S7PASSLEN, 0) < 0) { | |
263 | fprintf(stderr, "[ERROR] can not send data to service (4)\n"); | |
264 | return 3; | |
265 | } | |
266 | ||
267 | memset(buffer, 0, sizeof(buffer)); | |
268 | if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) { | |
269 | fprintf(stderr, "[ERROR] did not received data from the service (4)\n"); | |
270 | return 3; | |
271 | } | |
272 | // now check answer | |
273 | // 0x0000 - valid password | |
274 | // 0xd605 - no password | |
275 | // 0xd602 - wrong password | |
276 | if (ret > 30) { | |
277 | if ((buffer[27] == '\x00' && buffer[28] == '\x00') || (buffer[27] == '\xd6' && buffer[28] == '\x05')) { | |
278 | hydra_report(stderr, "[INFO] No password protection enabled, no password tests are necessary!\n"); | |
279 | return 1; | |
280 | } | |
281 | } | |
282 | ||
283 | sock = hydra_disconnect(sock); | |
284 | ||
285 | return 0; | |
286 | } |
116 | 116 | |
117 | 117 | #endif |
118 | 118 | |
119 | int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
119 | int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
120 | 120 | // called before the childrens are forked off, so this is the function |
121 | 121 | // which should be filled if initial connections and service setup has to be |
122 | 122 | // performed once only. |
0 | ||
0 | 1 | /* simple sip digest auth (md5) module 2009/02/19 |
1 | 2 | * written by gh0st 2005 |
2 | 3 | * modified by Jean-Baptiste Aviat <jba [at] hsc [dot] `french tld`> - should |
73 | 74 | while (try < 2 && !has_sip_cred) { |
74 | 75 | try++; |
75 | 76 | if (hydra_data_ready_timed(s, 3, 0) > 0) { |
76 | i = hydra_recv(s, (char *) buf, sizeof(buf)); | |
77 | buf[sizeof(buf) - 1] = '\0'; | |
77 | i = hydra_recv(s, (char *) buf, sizeof(buf) - 1); | |
78 | if (i > 0) | |
79 | buf[i] = '\0'; | |
78 | 80 | if (strncmp(buf, "SIP/2.0 404", 11) == 0) { |
79 | hydra_report(stdout, "[ERROR] Get error code 404 : user '%s' not found\n", login); | |
80 | return 2; | |
81 | hydra_report(stdout, "[ERROR] Get error code 404 : user '%s' not found\n", login); | |
82 | return 2; | |
81 | 83 | } |
82 | 84 | if (strncmp(buf, "SIP/2.0 606", 11) == 0) { |
83 | char *ptr=NULL; | |
85 | char *ptr = NULL; | |
84 | 86 | int i = 0; |
85 | 87 | |
86 | 88 | // if we already tried to connect, exit |
87 | 89 | if (external_ip_addr[0]) { |
88 | hydra_report(stdout, "[ERROR] Get error code 606 : session is not acceptable by the server\n"); | |
90 | hydra_report(stdout, "[ERROR] Get error code 606 : session is not acceptable by the server\n"); | |
89 | 91 | return 2; |
90 | 92 | } |
91 | ||
93 | ||
92 | 94 | if (verbose) |
93 | 95 | hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not acceptable by the server,\n" |
94 | "maybe it's an addressing issue as you are using NAT, trying to reconnect\n" | |
95 | "using addr from the server reply\n"); | |
96 | "maybe it's an addressing issue as you are using NAT, trying to reconnect\n" "using addr from the server reply\n"); | |
96 | 97 | /* |
97 | SIP/2.0 606 Not Acceptable | |
98 | Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137 | |
99 | */ | |
98 | SIP/2.0 606 Not Acceptable | |
99 | Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137 | |
100 | */ | |
100 | 101 | #ifdef HAVE_PCRE |
101 | 102 | if (hydra_string_match(buf, "Via: SIP.*received=")) { |
102 | ptr=strstr(buf, "received="); | |
103 | ptr = strstr(buf, "received="); | |
103 | 104 | #else |
104 | if ((ptr=strstr(buf, "received="))) { | |
105 | if ((ptr = strstr(buf, "received="))) { | |
105 | 106 | #endif |
106 | strncpy(external_ip_addr, ptr+strlen("received="), sizeof(external_ip_addr)); | |
107 | external_ip_addr[sizeof(external_ip_addr) - 1] = '\0'; | |
108 | for (i = 0; i < strlen(external_ip_addr); i++) { | |
109 | if (external_ip_addr[i] <= 32) { | |
110 | external_ip_addr[i] = '\0'; | |
107 | strncpy(external_ip_addr, ptr + strlen("received="), sizeof(external_ip_addr)); | |
108 | external_ip_addr[sizeof(external_ip_addr) - 1] = '\0'; | |
109 | for (i = 0; i < strlen(external_ip_addr); i++) { | |
110 | if (external_ip_addr[i] <= 32) { | |
111 | external_ip_addr[i] = '\0'; | |
112 | } | |
111 | 113 | } |
112 | } | |
113 | if (verbose) | |
114 | hydra_report(stderr, "[VERBOSE] Will reconnect using external IP address %s\n", external_ip_addr); | |
115 | return 1; | |
114 | if (verbose) | |
115 | hydra_report(stderr, "[VERBOSE] Will reconnect using external IP address %s\n", external_ip_addr); | |
116 | return 1; | |
116 | 117 | } |
117 | 118 | hydra_report(stderr, "[ERROR] Could not find external IP address in server answer\n"); |
118 | 119 | return 2; |
123 | 124 | hydra_report(stderr, "[ERROR] no www-authenticate header found!\n"); |
124 | 125 | return -1; |
125 | 126 | } |
126 | if (verbose) | |
127 | if (debug) | |
127 | 128 | hydra_report(stderr, "[INFO] S: %s\n", buf); |
128 | 129 | char buffer2[512]; |
130 | ||
129 | 131 | sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL); |
130 | 132 | |
131 | 133 | memset(buffer, 0, SIP_MAX_BUF); |
134 | 136 | "Via: SIP/2.0/UDP %s:%i\n" |
135 | 137 | "From: <sip:%s@%s>\n" |
136 | 138 | "To: <sip:%s@%s>\n" |
137 | "Call-ID: 1337@%s\n" | |
138 | "CSeq: %i REGISTER\n" | |
139 | "Authorization: Digest %s\n" | |
140 | "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2); | |
139 | "Call-ID: 1337@%s\n" "CSeq: %i REGISTER\n" "Authorization: Digest %s\n" "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2); | |
141 | 140 | |
142 | 141 | cseq++; |
143 | if (verbose) | |
142 | if (debug) | |
144 | 143 | hydra_report(stderr, "[INFO] C: %s\n", buffer); |
145 | 144 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { |
146 | 145 | return 3; |
153 | 152 | try++; |
154 | 153 | if (hydra_data_ready_timed(s, 5, 0) > 0) { |
155 | 154 | memset(buf, 0, sizeof(buf)); |
156 | i = hydra_recv(s, (char *) buf, sizeof(buf)); | |
157 | if (verbose) | |
155 | if ((i = hydra_recv(s, (char *) buf, sizeof(buf) - 1)) >= 0) | |
156 | buf[i] = 0; | |
157 | if (debug) | |
158 | 158 | hydra_report(stderr, "[INFO] S: %s\n", buf); |
159 | 159 | sip_code = get_sip_code(buf); |
160 | 160 | if (sip_code >= 200 && sip_code < 300) { |
180 | 180 | int myport = PORT_SIP, mysslport = PORT_SIP_SSL; |
181 | 181 | |
182 | 182 | char *lip = get_iface_ip((int) *(&ip[1])); |
183 | ||
183 | 184 | hydra_register_socket(sp); |
184 | 185 | |
185 | 186 | // FIXME IPV6 |
245 | 246 | } |
246 | 247 | |
247 | 248 | char *get_iface_ip(unsigned long int ip) { |
248 | ||
249 | 249 | int sfd; |
250 | 250 | |
251 | 251 | sfd = socket(AF_INET, SOCK_DGRAM, 0); |
288 | 288 | |
289 | 289 | #endif |
290 | 290 | |
291 | int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
291 | int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
292 | 292 | // called before the childrens are forked off, so this is the function |
293 | 293 | // which should be filled if initial connections and service setup has to be |
294 | 294 | // performed once only. |
0 | 0 | #include "hydra-mod.h" |
1 | 1 | #ifndef LIBOPENSSL |
2 | void | |
3 | dummy_smb() | |
4 | { | |
2 | void dummy_smb() { | |
5 | 3 | printf("\n"); |
6 | 4 | } |
7 | 5 | #else |
9 | 7 | #include <openssl/des.h> |
10 | 8 | #include "hmacmd5.h" |
11 | 9 | #include "sasl.h" |
10 | ||
11 | // FIXME XXX BUG: several malloc()s without return code checking | |
12 | ||
12 | 13 | |
13 | 14 | /* |
14 | 15 | |
86 | 87 | #ifndef CHAR_BIT |
87 | 88 | #define CHAR_BIT 8 |
88 | 89 | #endif |
89 | ||
90 | ||
90 | 91 | #ifndef TIME_T_MIN |
91 | 92 | #define TIME_T_MIN ((time_t)0 < (time_t) -1 ? (time_t) 0 \ |
92 | 93 | : ~ (time_t) 0 << (sizeof (time_t) * CHAR_BIT - 1)) |
95 | 96 | #define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN) |
96 | 97 | #endif |
97 | 98 | |
98 | #define IVAL_NC(buf,pos) (*(unsigned int *)((char *)(buf) + (pos))) /* Non const version of above. */ | |
99 | #define IVAL_NC(buf,pos) (*(unsigned int *)((char *)(buf) + (pos))) /* Non const version of above. */ | |
99 | 100 | #define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((unsigned int)(val)) |
100 | 101 | |
101 | 102 | #define TIME_FIXUP_CONSTANT_INT 11644473600LL |
108 | 109 | static unsigned char machine_name[16]; |
109 | 110 | int hashFlag, accntFlag, protoFlag; |
110 | 111 | |
111 | int smb_auth_mechanism=AUTH_NTLM; | |
112 | int security_mode=ENCRYPTED; | |
113 | ||
114 | ||
115 | static unsigned char | |
116 | Get7Bits(unsigned char *input, int startBit) | |
112 | int smb_auth_mechanism = AUTH_NTLM; | |
113 | int security_mode = ENCRYPTED; | |
114 | ||
115 | static size_t UTF8_UTF16LE(unsigned char *in, int insize, unsigned char *out, int outsize) | |
117 | 116 | { |
117 | int i=0,j=0; | |
118 | unsigned long int ch; | |
119 | if (debug) { | |
120 | hydra_report(stderr, "[DEBUG] UTF8_UTF16LE in:\n"); | |
121 | hydra_dump_asciihex(in, insize); | |
122 | } | |
123 | for (i = 0; i < insize; i++) { | |
124 | if (in[i] < 128) { // one byte | |
125 | out[j] = in[i]; | |
126 | out[j+1] = 0; | |
127 | j=j+2; | |
128 | } else if ((in[i] >= 0xc0) && (in[i] <= 0xdf)) { // Two bytes | |
129 | out[j+1] = 0x07 & (in[i] >> 2); | |
130 | out[j] = (0xc0 & (in[i] << 6)) | (0x3f & in[i+1]); | |
131 | j=j+2; | |
132 | i=i+1; | |
133 | } else if ((in[i] >= 0xe0) && (in[i] <= 0xef)) { // Three bytes | |
134 | out[j] = (0xc0 & (in[i+1] << 6)) | (0x3f & in[i+2]); | |
135 | out[j+1] = (0xf0 & (in[i] << 4)) | (0x0f & (in[i+1] >> 2)); | |
136 | j=j+2; | |
137 | i=i+2; | |
138 | } else if ((in[i] >= 0xf0) && (in[i] <= 0xf7)) { // Four bytes | |
139 | ch = ((in[i] & 0x07) << 18) + ((0x3f & in[i+1]) << 12) + ((0x3f & in[i+2]) << 6) + (0x3f & in[i+3])- 0x10000; | |
140 | out[j] = (ch >> 10) & 0xff; | |
141 | out[j+1] = 0xd8 | ((ch >> 18) & 0xff); | |
142 | out[j+2] = ch & 0xff; | |
143 | out[j+3] = 0xdc | ((ch >> 8) & 0x3 ); | |
144 | j=j+4; | |
145 | i=i+3; | |
146 | } | |
147 | if ( j-2 > outsize) break; | |
148 | } | |
149 | if (debug) { | |
150 | hydra_report(stderr, "[DEBUG] UTF8_UTF16LE out:\n"); | |
151 | hydra_dump_asciihex(out,j); | |
152 | } | |
153 | return j; | |
154 | } | |
155 | ||
156 | static unsigned char Get7Bits(unsigned char *input, int startBit) { | |
118 | 157 | register unsigned int word; |
119 | 158 | |
120 | 159 | word = (unsigned) input[startBit / 8] << 8; |
126 | 165 | } |
127 | 166 | |
128 | 167 | /* Make the key */ |
129 | static void | |
130 | MakeKey(unsigned char *key, unsigned char *des_key) | |
131 | { | |
168 | static void MakeKey(unsigned char *key, unsigned char *des_key) { | |
132 | 169 | des_key[0] = Get7Bits(key, 0); |
133 | 170 | des_key[1] = Get7Bits(key, 7); |
134 | 171 | des_key[2] = Get7Bits(key, 14); |
142 | 179 | } |
143 | 180 | |
144 | 181 | /* Do the DesEncryption */ |
145 | void | |
146 | DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) | |
147 | { | |
182 | void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) { | |
148 | 183 | des_cblock des_key; |
149 | 184 | des_key_schedule key_schedule; |
150 | 185 | |
161 | 196 | pass = users password |
162 | 197 | challenge = the challenge recieved from the server |
163 | 198 | */ |
164 | int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) | |
165 | { | |
166 | static unsigned char magic[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; | |
199 | int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) { | |
200 | static unsigned char magic[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; | |
167 | 201 | unsigned char password[14 + 1]; |
168 | 202 | unsigned char lm_hash[21]; |
169 | 203 | unsigned char lm_response[24]; |
189 | 223 | if (*p == '\0') { |
190 | 224 | hydra_report(stderr, "[ERROR] Reading PwDump file.\n"); |
191 | 225 | return -1; |
192 | } | |
193 | else if (*p == 'N') { | |
226 | } else if (*p == 'N') { | |
194 | 227 | if (verbose) |
195 | 228 | hydra_report(stderr, "[VERBOSE] Found \"NO PASSWORD\" for LM Hash.\n"); |
196 | ||
229 | ||
197 | 230 | /* Generate 16-byte LM hash */ |
198 | 231 | DesEncrypt(magic, &password[0], &lm_hash[0]); |
199 | 232 | DesEncrypt(magic, &password[7], &lm_hash[8]); |
200 | } | |
201 | else { | |
233 | } else { | |
202 | 234 | if (verbose) |
203 | 235 | hydra_report(stderr, "[VERBOSE] Convert ASCII PwDump LM Hash (%s).\n", p); |
204 | 236 | for (i = 0; i < 16; i++) { |
207 | 239 | HexChar = (char) p[2 * i + j]; |
208 | 240 | |
209 | 241 | if (HexChar > 0x39) |
210 | HexChar = HexChar | 0x20; /* convert upper case to lower */ | |
211 | ||
212 | if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ | |
213 | ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ | |
214 | ||
242 | HexChar = HexChar | 0x20; /* convert upper case to lower */ | |
243 | ||
244 | if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ | |
245 | ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ | |
246 | ||
215 | 247 | hydra_report(stderr, "[ERROR] Invalid char (%c) for hash.\n", HexChar); |
216 | 248 | HexChar = 0x30; |
217 | 249 | } |
218 | ||
250 | ||
219 | 251 | HexChar -= 0x30; |
220 | if (HexChar > 0x09) /* HexChar is "a" - "f" */ | |
252 | if (HexChar > 0x09) /* HexChar is "a" - "f" */ | |
221 | 253 | HexChar -= 0x27; |
222 | 254 | |
223 | 255 | HexValue = (HexValue << 4) | (char) HexChar; |
234 | 266 | pass = machine_name; |
235 | 267 | } |
236 | 268 | } |
237 | ||
269 | ||
238 | 270 | /* convert lower case characters to upper case */ |
239 | strncpy((char *)password,(char *) pass, 14); | |
271 | strncpy((char *) password, (char *) pass, 14); | |
240 | 272 | for (i = 0; i < 14; i++) { |
241 | if ((password[i] >= 0x61) && (password[i] <= 0x7a)) /* a - z */ | |
273 | if ((password[i] >= 0x61) && (password[i] <= 0x7a)) /* a - z */ | |
242 | 274 | password[i] -= 0x20; |
243 | 275 | } |
244 | 276 | |
248 | 280 | } |
249 | 281 | |
250 | 282 | /* |
251 | NULL-pad 16-byte LM hash to 21-bytes | |
252 | Split resultant value into three 7-byte thirds | |
253 | DES-encrypt challenge using each third as a key | |
254 | Concatenate three 8-byte resulting values to form 24-byte LM response | |
255 | */ | |
283 | NULL-pad 16-byte LM hash to 21-bytes | |
284 | Split resultant value into three 7-byte thirds | |
285 | DES-encrypt challenge using each third as a key | |
286 | Concatenate three 8-byte resulting values to form 24-byte LM response | |
287 | */ | |
256 | 288 | DesEncrypt(challenge, &lm_hash[0], &lm_response[0]); |
257 | 289 | DesEncrypt(challenge, &lm_hash[7], &lm_response[8]); |
258 | 290 | DesEncrypt(challenge, &lm_hash[14], &lm_response[16]); |
267 | 299 | MakeNTLM |
268 | 300 | Function: Create a NTLM hash from the password |
269 | 301 | */ |
270 | int MakeNTLM (unsigned char *ntlmhash, unsigned char *pass) | |
271 | { | |
302 | int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { | |
272 | 303 | MD4_CTX md4Context; |
273 | 304 | unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ |
274 | 305 | unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */ |
327 | 358 | pass = machine_name; |
328 | 359 | } |
329 | 360 | } |
330 | ||
361 | ||
331 | 362 | /* Initialize the Unicode version of the secret (== password). */ |
332 | /* This implicitly supports 8-bit ISO8859/1 characters. */ | |
333 | bzero(unicodePassword, sizeof(unicodePassword)); | |
334 | for (i = 0; i < strlen((char *) pass); i++) | |
335 | unicodePassword[i * 2] = (unsigned char) pass[i]; | |
336 | ||
337 | mdlen = strlen((char *) pass) * 2; /* length in bytes */ | |
363 | /* This implicitly supports most UTF8 characters. */ | |
364 | ||
365 | j = UTF8_UTF16LE(pass, strlen((char *) pass), unicodePassword, sizeof(unicodePassword)); | |
366 | ||
367 | mdlen = j; /* length in bytes */ | |
368 | ||
338 | 369 | MD4_Init(&md4Context); |
339 | 370 | MD4_Update(&md4Context, unicodePassword, mdlen); |
340 | MD4_Final(hash, &md4Context); /* Tell MD4 we're done */ | |
371 | MD4_Final(hash, &md4Context); /* Tell MD4 we're done */ | |
341 | 372 | } |
342 | 373 | |
343 | 374 | memcpy(ntlmhash, hash, 16); |
357 | 388 | samba-3.0.28a - libsmb/smbencrypt.c |
358 | 389 | jcifs - packet capture of LMv2-only connection |
359 | 390 | */ |
360 | int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *szPassword) | |
361 | { | |
391 | int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *szPassword) { | |
362 | 392 | unsigned char ntlm_hash[16]; |
363 | 393 | unsigned char lmv2_response[24]; |
364 | 394 | unsigned char unicodeUsername[20 * 2]; |
375 | 405 | /* --- HMAC #1 Caculations --- */ |
376 | 406 | |
377 | 407 | /* Calculate and set NTLM password hash */ |
378 | ret = MakeNTLM((unsigned char *)&ntlm_hash, (unsigned char *) szPassword); | |
408 | ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword); | |
379 | 409 | if (ret == -1) |
380 | 410 | return -1; |
381 | 411 | |
382 | 412 | /* |
383 | The Unicode uppercase username is concatenated with the Unicode authentication target | |
384 | (the domain or server name specified in the Target Name field of the Type 3 message). | |
385 | Note that this calculation always uses the Unicode representation, even if OEM encoding | |
386 | has been negotiated; also note that the username is converted to uppercase, while the | |
387 | authentication target is case-sensitive and must match the case presented in the Target | |
388 | Name field. | |
389 | ||
390 | The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to | |
391 | this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the | |
392 | NTLMv2 hash. | |
393 | */ | |
413 | The Unicode uppercase username is concatenated with the Unicode authentication target | |
414 | (the domain or server name specified in the Target Name field of the Type 3 message). | |
415 | Note that this calculation always uses the Unicode representation, even if OEM encoding | |
416 | has been negotiated; also note that the username is converted to uppercase, while the | |
417 | authentication target is case-sensitive and must match the case presented in the Target | |
418 | Name field. | |
419 | ||
420 | The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to | |
421 | this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the | |
422 | NTLMv2 hash. | |
423 | */ | |
394 | 424 | |
395 | 425 | /* Initialize the Unicode version of the username and target. */ |
396 | 426 | /* This implicitly supports 8-bit ISO8859/1 characters. */ |
397 | 427 | /* convert lower case characters to upper case */ |
398 | 428 | bzero(unicodeUsername, sizeof(unicodeUsername)); |
399 | for (i = 0; i < strlen((char *)szLogin); i++) | |
400 | { | |
401 | if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ | |
429 | for (i = 0; i < strlen((char *) szLogin); i++) { | |
430 | if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ | |
402 | 431 | unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20; |
403 | 432 | else |
404 | 433 | unicodeUsername[i * 2] = (unsigned char) szLogin[i]; |
405 | } | |
434 | } | |
406 | 435 | |
407 | 436 | bzero(unicodeTarget, sizeof(unicodeTarget)); |
408 | for (i = 0; i < strlen((char *)workgroup); i++) | |
409 | unicodeTarget[i * 2] = (unsigned char)workgroup[i]; | |
410 | ||
437 | for (i = 0; i < strlen((char *) workgroup); i++) | |
438 | unicodeTarget[i * 2] = (unsigned char) workgroup[i]; | |
439 | ||
411 | 440 | hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx); |
412 | hmac_md5_update((const unsigned char *)unicodeUsername, 2 * strlen((char *)szLogin), &ctx); | |
413 | hmac_md5_update((const unsigned char *)unicodeTarget, 2 * strlen((char *)workgroup), &ctx); | |
441 | hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx); | |
442 | hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx); | |
414 | 443 | hmac_md5_final(kr_buf, &ctx); |
415 | ||
444 | ||
416 | 445 | /* --- HMAC #2 Calculations --- */ |
417 | 446 | /* |
418 | The challenge from the Type 2 message is concatenated with our fixed client nonce. The HMAC-MD5 | |
419 | message authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash | |
420 | (calculated above) as the key. This results in a 16-byte output value. | |
421 | */ | |
447 | The challenge from the Type 2 message is concatenated with our fixed client nonce. The HMAC-MD5 | |
448 | message authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash | |
449 | (calculated above) as the key. This results in a 16-byte output value. | |
450 | */ | |
422 | 451 | |
423 | 452 | hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); |
424 | 453 | hmac_md5_update((const unsigned char *) challenge, 8, &ctx); |
426 | 455 | hmac_md5_final(lmv2_response, &ctx); |
427 | 456 | |
428 | 457 | /* --- 24-byte LMv2 Response Complete --- */ |
429 | *LMv2hash = malloc(24); | |
430 | memset(*LMv2hash, 0, 24); | |
458 | if ((*LMv2hash = malloc(24)) == NULL) | |
459 | return -1; | |
460 | memset(*LMv2hash, 0, 24); | |
431 | 461 | memcpy(*LMv2hash, lmv2_response, 16); |
432 | 462 | memcpy(*LMv2hash + 16, client_challenge, 8); |
433 | 463 | |
455 | 485 | GPO: "Network Security: LAN Manager authentication level" |
456 | 486 | Setting: "Send NTLMv2 response only\refuse LM & NTLM" |
457 | 487 | */ |
458 | int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLogin, unsigned char *szPassword) | |
459 | { | |
488 | int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLogin, unsigned char *szPassword) { | |
460 | 489 | unsigned char ntlm_hash[16]; |
461 | 490 | unsigned char ntlmv2_response[56 + 20 * 2 + 256 * 2]; |
462 | 491 | unsigned char unicodeUsername[20 * 2]; |
467 | 496 | unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }; |
468 | 497 | |
469 | 498 | /* |
470 | -- Example NTLMv2 Response Data -- | |
471 | ||
472 | [0] HMAC: (16 bytes) | |
473 | ||
474 | [16] Header: Blob Signature [01 01 00 00] (4 bytes) | |
475 | [20] Reserved: [00 00 00 00] (4 bytes) | |
476 | [24] Time: Little-endian, 64-bit signed value representing the number of | |
477 | tenths of a microsecond since January 1, 1601. (8 bytes) | |
478 | [32] Client Nonce: (8 bytes) | |
479 | [40] Unknown: 00 00 00 00 (4 bytes) | |
480 | [44] Target Information (from the Type 2 message) | |
481 | NetBIOS domain/workgroup: | |
482 | Type: domain 02 00 (2 bytes) | |
483 | Length: 12 00 (2 bytes) | |
484 | Name: WORKGROUP [NULL spacing -> 57 00 4f 00 ...] (18 bytes) | |
485 | End-of-list: 00 00 00 00 (4 bytes) | |
486 | Termination: 00 00 00 00 (4 bytes) | |
487 | */ | |
488 | ||
489 | ||
490 | iTargetLen = 2 * strlen((char *)workgroup); | |
499 | -- Example NTLMv2 Response Data -- | |
500 | ||
501 | [0] HMAC: (16 bytes) | |
502 | ||
503 | [16] Header: Blob Signature [01 01 00 00] (4 bytes) | |
504 | [20] Reserved: [00 00 00 00] (4 bytes) | |
505 | [24] Time: Little-endian, 64-bit signed value representing the number of | |
506 | tenths of a microsecond since January 1, 1601. (8 bytes) | |
507 | [32] Client Nonce: (8 bytes) | |
508 | [40] Unknown: 00 00 00 00 (4 bytes) | |
509 | [44] Target Information (from the Type 2 message) | |
510 | NetBIOS domain/workgroup: | |
511 | Type: domain 02 00 (2 bytes) | |
512 | Length: 12 00 (2 bytes) | |
513 | Name: WORKGROUP [NULL spacing -> 57 00 4f 00 ...] (18 bytes) | |
514 | End-of-list: 00 00 00 00 (4 bytes) | |
515 | Termination: 00 00 00 00 (4 bytes) | |
516 | */ | |
517 | ||
518 | ||
519 | iTargetLen = 2 * strlen((char *) workgroup); | |
491 | 520 | |
492 | 521 | memset(ntlm_hash, 0, 16); |
493 | 522 | memset(ntlmv2_response, 0, 56 + 20 * 2 + 256 * 2); |
496 | 525 | /* --- HMAC #1 Caculations --- */ |
497 | 526 | |
498 | 527 | /* Calculate and set NTLM password hash */ |
499 | ret = MakeNTLM((unsigned char *)&ntlm_hash, (unsigned char *) szPassword); | |
528 | ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword); | |
500 | 529 | if (ret == -1) |
501 | 530 | return -1; |
502 | 531 | |
503 | 532 | /* |
504 | The Unicode uppercase username is concatenated with the Unicode authentication target | |
505 | (the domain or server name specified in the Target Name field of the Type 3 message). | |
506 | Note that this calculation always uses the Unicode representation, even if OEM encoding | |
507 | has been negotiated; also note that the username is converted to uppercase, while the | |
508 | authentication target is case-sensitive and must match the case presented in the Target | |
509 | Name field. | |
510 | ||
511 | The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to | |
512 | this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the | |
513 | NTLMv2 hash. | |
514 | */ | |
533 | The Unicode uppercase username is concatenated with the Unicode authentication target | |
534 | (the domain or server name specified in the Target Name field of the Type 3 message). | |
535 | Note that this calculation always uses the Unicode representation, even if OEM encoding | |
536 | has been negotiated; also note that the username is converted to uppercase, while the | |
537 | authentication target is case-sensitive and must match the case presented in the Target | |
538 | Name field. | |
539 | ||
540 | The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to | |
541 | this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the | |
542 | NTLMv2 hash. | |
543 | */ | |
515 | 544 | |
516 | 545 | /* Initialize the Unicode version of the username and target. */ |
517 | 546 | /* This implicitly supports 8-bit ISO8859/1 characters. */ |
518 | 547 | /* convert lower case characters to upper case */ |
519 | 548 | bzero(unicodeUsername, sizeof(unicodeUsername)); |
520 | for (i = 0; i < strlen((char *)szLogin); i++) | |
521 | { | |
522 | if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ | |
549 | for (i = 0; i < strlen((char *) szLogin); i++) { | |
550 | if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ | |
523 | 551 | unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20; |
524 | 552 | else |
525 | 553 | unicodeUsername[i * 2] = (unsigned char) szLogin[i]; |
526 | } | |
554 | } | |
527 | 555 | |
528 | 556 | bzero(unicodeTarget, sizeof(unicodeTarget)); |
529 | for (i = 0; i < strlen((char *)workgroup); i++) | |
530 | unicodeTarget[i * 2] = (unsigned char)workgroup[i]; | |
531 | ||
557 | for (i = 0; i < strlen((char *) workgroup); i++) | |
558 | unicodeTarget[i * 2] = (unsigned char) workgroup[i]; | |
559 | ||
532 | 560 | hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx); |
533 | hmac_md5_update((const unsigned char *)unicodeUsername, 2 * strlen((char *)szLogin), &ctx); | |
534 | hmac_md5_update((const unsigned char *)unicodeTarget, 2 * strlen((char *)workgroup), &ctx); | |
561 | hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx); | |
562 | hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx); | |
535 | 563 | hmac_md5_final(kr_buf, &ctx); |
536 | 564 | |
537 | 565 | /* --- Blob Construction --- */ |
538 | ||
539 | memset(ntlmv2_response + 16, 1, 2); /* Blob Signature 0x01010000 */ | |
566 | ||
567 | memset(ntlmv2_response + 16, 1, 2); /* Blob Signature 0x01010000 */ | |
540 | 568 | memset(ntlmv2_response + 18, 0, 2); |
541 | memset(ntlmv2_response + 20, 0, 4); /* Reserved */ | |
542 | ||
569 | memset(ntlmv2_response + 20, 0, 4); /* Reserved */ | |
570 | ||
543 | 571 | /* Time -- Take a Unix time and convert to an NT TIME structure: |
544 | 572 | Little-endian, 64-bit signed value representing the number of tenths of a |
545 | 573 | microsecond since January 1, 1601. |
546 | */ | |
574 | */ | |
547 | 575 | struct timespec ts; |
548 | 576 | unsigned long long nt; |
549 | 577 | |
550 | ts.tv_sec = (time_t)time(NULL); | |
578 | ts.tv_sec = (time_t) time(NULL); | |
551 | 579 | ts.tv_nsec = 0; |
552 | 580 | |
553 | if (ts.tv_sec ==0) | |
581 | if (ts.tv_sec == 0) | |
554 | 582 | nt = 0; |
555 | 583 | else if (ts.tv_sec == TIME_T_MAX) |
556 | 584 | nt = 0x7fffffffffffffffLL; |
557 | else if (ts.tv_sec == (time_t)-1) | |
558 | nt = (unsigned long)-1; | |
559 | else | |
560 | { | |
585 | else if (ts.tv_sec == (time_t) - 1) | |
586 | nt = (unsigned long) -1; | |
587 | else { | |
561 | 588 | nt = ts.tv_sec; |
562 | 589 | nt += TIME_FIXUP_CONSTANT_INT; |
563 | nt *= 1000*1000*10; /* nt is now in the 100ns units */ | |
590 | nt *= 1000 * 1000 * 10; /* nt is now in the 100ns units */ | |
564 | 591 | } |
565 | 592 | |
566 | 593 | SIVAL(ntlmv2_response + 24, 0, nt & 0xFFFFFFFF); |
568 | 595 | /* End time calculation */ |
569 | 596 | |
570 | 597 | /* Set client challenge - using a non-random value in this case. */ |
571 | memcpy(ntlmv2_response + 32, client_challenge, 8); /* Client Nonce */ | |
572 | memset(ntlmv2_response + 40, 0, 4); /* Unknown */ | |
598 | memcpy(ntlmv2_response + 32, client_challenge, 8); /* Client Nonce */ | |
599 | memset(ntlmv2_response + 40, 0, 4); /* Unknown */ | |
573 | 600 | |
574 | 601 | /* Target Information Block */ |
575 | 602 | /* |
576 | 0x0100 Server name | |
577 | 0x0200 Domain name | |
578 | 0x0300 Fully-qualified DNS host name | |
579 | 0x0400 DNS domain name | |
580 | ||
581 | TODO: Need to rework negotiation code to correctly extract target information | |
582 | */ | |
583 | ||
584 | memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */ | |
603 | 0x0100 Server name | |
604 | 0x0200 Domain name | |
605 | 0x0300 Fully-qualified DNS host name | |
606 | 0x0400 DNS domain name | |
607 | ||
608 | TODO: Need to rework negotiation code to correctly extract target information | |
609 | */ | |
610 | ||
611 | memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */ | |
585 | 612 | memset(ntlmv2_response + 45, 0x00, 1); |
586 | memset(ntlmv2_response + 46, iTargetLen, 1); /* Length */ | |
613 | memset(ntlmv2_response + 46, iTargetLen, 1); /* Length */ | |
587 | 614 | memset(ntlmv2_response + 47, 0x00, 1); |
588 | ||
589 | /* Name of domain or workgroup */ | |
590 | for (i = 0; i < strlen((char *)workgroup); i++) | |
591 | ntlmv2_response[48 + i * 2] = (unsigned char)workgroup[i]; | |
592 | ||
593 | memset(ntlmv2_response + 48 + iTargetLen, 0, 4); /* End-of-list */ | |
615 | ||
616 | /* Name of domain or workgroup */ | |
617 | for (i = 0; i < strlen((char *) workgroup); i++) | |
618 | ntlmv2_response[48 + i * 2] = (unsigned char) workgroup[i]; | |
619 | ||
620 | memset(ntlmv2_response + 48 + iTargetLen, 0, 4); /* End-of-list */ | |
594 | 621 | |
595 | 622 | /* --- HMAC #2 Caculations --- */ |
596 | 623 | |
597 | 624 | /* |
598 | The challenge from the Type 2 message is concatenated with the blob. The HMAC-MD5 message | |
599 | authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash | |
600 | (calculated above) as the key. This results in a 16-byte output value. | |
601 | */ | |
625 | The challenge from the Type 2 message is concatenated with the blob. The HMAC-MD5 message | |
626 | authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash | |
627 | (calculated above) as the key. This results in a 16-byte output value. | |
628 | */ | |
602 | 629 | |
603 | 630 | hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); |
604 | 631 | hmac_md5_update(challenge, 8, &ctx); |
606 | 633 | hmac_md5_final(ntlmv2_response, &ctx); |
607 | 634 | |
608 | 635 | *iByteCount = 48 + iTargetLen + 4; |
609 | *NTLMv2hash = malloc(*iByteCount); | |
610 | memset(*NTLMv2hash, 0, *iByteCount); | |
636 | if ((*NTLMv2hash = malloc(*iByteCount)) == NULL) | |
637 | return -1; | |
638 | memset(*NTLMv2hash, 0, *iByteCount); | |
611 | 639 | memcpy(*NTLMv2hash, ntlmv2_response, *iByteCount); |
612 | 640 | |
613 | 641 | return 0; |
621 | 649 | pass = users password |
622 | 650 | challenge = the challenge recieved from the server |
623 | 651 | */ |
624 | int HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) | |
625 | { | |
652 | int HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) { | |
626 | 653 | int ret; |
627 | unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ | |
654 | unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ | |
628 | 655 | unsigned char p21[21]; |
629 | 656 | unsigned char ntlm_response[24]; |
630 | 657 | |
631 | ret = MakeNTLM((unsigned char *)&hash, (unsigned char *)pass); | |
658 | ret = MakeNTLM((unsigned char *) &hash, (unsigned char *) pass); | |
632 | 659 | if (ret == -1) |
633 | 660 | hydra_child_exit(0); |
634 | 661 | |
649 | 676 | Function: Request a new session from the server |
650 | 677 | Returns: TRUE on success else FALSE. |
651 | 678 | */ |
652 | int | |
653 | NBSSessionRequest(int s) | |
654 | { | |
679 | int NBSSessionRequest(int s) { | |
655 | 680 | char nb_name[32]; /* netbiosname */ |
656 | 681 | char nb_local[32]; /* netbios localredirector */ |
657 | 682 | unsigned char rqbuf[7] = { 0x81, 0x00, 0x00, 0x44, 0x20, 0x00, 0x20 }; |
658 | 683 | char *buf; |
659 | 684 | unsigned char rbuf[400]; |
685 | int k; | |
660 | 686 | |
661 | 687 | /* if we are running in native mode (aka port 445) don't do netbios */ |
662 | 688 | if (protoFlag == WIN2000_NATIVEMODE) |
663 | 689 | return 0; |
664 | ||
690 | ||
665 | 691 | /* convert computer name to netbios name */ |
666 | 692 | memset(nb_name, 0, 32); |
667 | 693 | memset(nb_local, 0, 32); |
668 | 694 | memcpy(nb_name, "CKFDENECFDEFFCFGEFFCCACACACACACA", 32); /* *SMBSERVER */ |
669 | 695 | memcpy(nb_local, "EIFJEEFCEBCACACACACACACACACACACA", 32); /* HYDRA */ |
670 | 696 | |
671 | buf = (char *) malloc(100); | |
697 | if ((buf = (char *) malloc(100)) == NULL) | |
698 | return -1; | |
672 | 699 | memset(buf, 0, 100); |
673 | 700 | memcpy(buf, (char *) rqbuf, 5); |
674 | 701 | memcpy(buf + 5, nb_name, 32); |
680 | 707 | free(buf); |
681 | 708 | |
682 | 709 | memset(rbuf, 0, 400); |
683 | hydra_recv(s, (char *) rbuf, sizeof(rbuf)); | |
684 | ||
685 | ||
686 | if ((rbuf != NULL) && (rbuf[0] == 0x82)) | |
710 | k = hydra_recv(s, (char *) rbuf, sizeof(rbuf)); | |
711 | ||
712 | if (k > 0 && (rbuf[0] == 0x82)) | |
687 | 713 | return 0; /* success */ |
688 | 714 | else |
689 | 715 | return -1; /* failed */ |
699 | 725 | The challenge is retrieved from the answer |
700 | 726 | No error checking is performed i.e cross your fingers.... |
701 | 727 | */ |
702 | int | |
703 | SMBNegProt(int s) | |
704 | { | |
728 | int SMBNegProt(int s) { | |
705 | 729 | unsigned char buf[] = { |
706 | 730 | 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, |
707 | 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0x40, | |
731 | 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0, | |
708 | 732 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
709 | 733 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x7d, |
710 | 734 | 0x00, 0x00, 0x01, 0x00, 0x00, 0x9b, 0x00, 0x02, |
729 | 753 | 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, |
730 | 754 | 0x32, 0x00 |
731 | 755 | |
732 | ||
733 | ||
734 | 756 | /* |
735 | 757 | 0x02, |
736 | 758 | 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, |
749 | 771 | 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, |
750 | 772 | 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, |
751 | 773 | 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00 |
752 | */ | |
753 | }; | |
774 | */ | |
775 | }; | |
754 | 776 | |
755 | 777 | unsigned char rbuf[400]; |
756 | 778 | unsigned char sess_key[2]; |
757 | unsigned char userid[2] = {0xCD, 0xEF}; | |
758 | int i = 0, j = 0; | |
779 | unsigned char userid[2] = { 0xCD, 0xEF }; | |
780 | int i = 0, j = 0, k; | |
759 | 781 | int iLength = 194; |
760 | 782 | int iResponseOffset = 73; |
761 | 783 | |
767 | 789 | memcpy(buf + 30, sess_key, 2); |
768 | 790 | memcpy(buf + 32, userid, 2); |
769 | 791 | |
770 | ||
771 | ||
772 | if (smb_auth_mechanism == AUTH_LM) | |
773 | { | |
792 | if (smb_auth_mechanism == AUTH_LM) { | |
774 | 793 | if (verbose) |
775 | 794 | hydra_report(stderr, "[VERBOSE] Setting Negotiate Protocol Response for LM.\n"); |
776 | buf[3] = 0xA3; // Set message length | |
777 | buf[37] = 0x80; // Set byte count for dialects | |
795 | buf[3] = 0xA3; // Set message length | |
796 | buf[37] = 0x80; // Set byte count for dialects | |
778 | 797 | iLength = 167; |
779 | 798 | iResponseOffset = 65; |
780 | 799 | } |
781 | 800 | |
782 | ||
801 | ||
783 | 802 | hydra_send(s, (char *) buf, iLength, 0); |
784 | hydra_recv(s, (char *) rbuf, sizeof(rbuf)); | |
785 | if (rbuf == NULL) | |
803 | k = hydra_recv(s, (char *) rbuf, sizeof(rbuf)); | |
804 | if (k == 0) | |
786 | 805 | return 3; |
787 | 806 | |
788 | 807 | /* retrieve the security mode */ |
789 | 808 | /* |
790 | [0] Mode: (0) ? (1) USER security mode | |
791 | [1] Password: (0) PLAINTEXT password (1) ENCRYPTED password. Use challenge/response | |
792 | [2] Signatures: (0) Security signatures NOT enabled (1) ENABLED | |
793 | [3] Sig Req: (0) Security signatures NOT required (1) REQUIRED | |
794 | ||
795 | SAMBA: 0x01 (default) | |
796 | WinXP: 0x0F (default) | |
797 | WinXP: 0x07 (Windows 2003 / DC) | |
798 | */ | |
799 | switch (rbuf[39]) | |
800 | { | |
801 | case 0x01: | |
802 | //real plaintext should be used with LM auth | |
809 | [0] Mode: (0) ? (1) USER security mode | |
810 | [1] Password: (0) PLAINTEXT password (1) ENCRYPTED password. Use challenge/response | |
811 | [2] Signatures: (0) Security signatures NOT enabled (1) ENABLED | |
812 | [3] Sig Req: (0) Security signatures NOT required (1) REQUIRED | |
813 | ||
814 | SAMBA: 0x01 (default) | |
815 | WinXP: 0x0F (default) | |
816 | WinXP: 0x07 (Windows 2003 / DC) | |
817 | */ | |
818 | switch (rbuf[39]) { | |
819 | case 0x01: | |
820 | //real plaintext should be used with LM auth | |
821 | if (verbose) | |
822 | hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password.\n"); | |
823 | security_mode = PLAINTEXT; | |
824 | ||
825 | if (hashFlag == 1) { | |
803 | 826 | if (verbose) |
804 | hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password.\n"); | |
805 | security_mode = PLAINTEXT; | |
806 | ||
807 | if (hashFlag == 1) | |
808 | { | |
809 | if (verbose) | |
810 | hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH password mode not supported for this configuration.\n"); | |
811 | return 3; | |
812 | } | |
813 | if (hashFlag == 2) | |
814 | { | |
815 | if (verbose) | |
816 | hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE password mode not supported for this configuration.\n"); | |
817 | return 3; | |
818 | } | |
819 | break; | |
820 | case 0x03: | |
827 | hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH password mode not supported for this configuration.\n"); | |
828 | return 3; | |
829 | } | |
830 | if (hashFlag == 2) { | |
821 | 831 | if (verbose) |
822 | hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password without security signatures.\n"); | |
823 | security_mode = ENCRYPTED; | |
824 | break; | |
825 | case 0x07: | |
826 | case 0x0F: | |
827 | if (verbose) | |
828 | hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password.\n"); | |
829 | security_mode = ENCRYPTED; | |
830 | break; | |
831 | default: | |
832 | if (verbose) | |
833 | hydra_report(stderr, "[VERBOSE] Unknown security mode request: %2.2X. Proceeding using ENCRYPTED password mode.\n", rbuf[39]); | |
834 | security_mode = ENCRYPTED; | |
835 | break; | |
832 | hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE password mode not supported for this configuration.\n"); | |
833 | return 3; | |
834 | } | |
835 | break; | |
836 | case 0x03: | |
837 | if (verbose) | |
838 | hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password without security signatures.\n"); | |
839 | security_mode = ENCRYPTED; | |
840 | break; | |
841 | case 0x07: | |
842 | case 0x0F: | |
843 | if (verbose) | |
844 | hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password.\n"); | |
845 | security_mode = ENCRYPTED; | |
846 | break; | |
847 | default: | |
848 | if (verbose) | |
849 | hydra_report(stderr, "[VERBOSE] Unknown security mode request: %2.2X. Proceeding using ENCRYPTED password mode.\n", rbuf[39]); | |
850 | security_mode = ENCRYPTED; | |
851 | break; | |
836 | 852 | } |
837 | 853 | |
838 | 854 | /* Retrieve the challenge */ |
846 | 862 | //and the domain is not padded with null chars |
847 | 863 | if (smb_auth_mechanism == AUTH_LM) { |
848 | 864 | while ((rbuf[iResponseOffset + 8 + i] != 0) && (i < 16)) { |
849 | workgroup[i] = rbuf[iResponseOffset + 8 + i]; | |
865 | workgroup[i] = rbuf[iResponseOffset + 8 + i]; | |
850 | 866 | i++; |
851 | 867 | } |
852 | 868 | } else { |
853 | 869 | while ((rbuf[iResponseOffset + 8 + i * 2] != 0) && (i < 16)) { |
854 | workgroup[i] = rbuf[iResponseOffset + 8 + i * 2]; | |
870 | workgroup[i] = rbuf[iResponseOffset + 8 + i * 2]; | |
855 | 871 | i++; |
856 | 872 | } |
857 | 873 | |
865 | 881 | hydra_report(stderr, "[VERBOSE] Server machine name: %s\n", machine_name); |
866 | 882 | hydra_report(stderr, "[VERBOSE] Server primary domain: %s\n", workgroup); |
867 | 883 | } |
868 | ||
869 | 884 | //success |
870 | 885 | return 2; |
871 | 886 | } |
878 | 893 | the server. |
879 | 894 | Returns: TRUE on success else FALSE. |
880 | 895 | */ |
881 | unsigned long SMBSessionSetup(int s, char* szLogin, char* szPassword, char *miscptr) | |
882 | { | |
896 | unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *miscptr) { | |
883 | 897 | unsigned char buf[512]; |
884 | 898 | unsigned char *LMv2hash = NULL; |
885 | 899 | unsigned char *NTLMv2hash = NULL; |
886 | 900 | unsigned char *NTLMhash = NULL; |
887 | 901 | unsigned char *LMhash = NULL; |
902 | unsigned char unicodeLogin[32 * 2]; | |
903 | int j; | |
888 | 904 | char bufReceive[512]; |
889 | 905 | int nReceiveBufferSize = 0; |
890 | 906 | int ret; |
891 | int iByteCount, iOffset=0; | |
892 | ||
907 | int iByteCount = 0, iOffset = 0; | |
908 | ||
893 | 909 | if (accntFlag == 0) { |
894 | strcpy((char *)workgroup, "localhost"); | |
910 | strcpy((char *) workgroup, "localhost"); | |
895 | 911 | |
896 | 912 | } else if (accntFlag == 2) { |
897 | 913 | memset(workgroup, 0, 16); |
899 | 915 | //domain flag is not needed here, it will be auto set, |
900 | 916 | //below it's domain specified on cmd line |
901 | 917 | else if (accntFlag == 4) { |
902 | strncpy((char *)workgroup, (char *)domain, 16); | |
918 | strncpy((char *) workgroup, (char *) domain, 16); | |
903 | 919 | } |
904 | 920 | |
905 | 921 | /* NetBIOS Session Service */ |
906 | 922 | unsigned char szNBSS[4] = { |
907 | 0x00, /* Message Type: Session Message */ | |
908 | 0x00, 0x00, 0x85 /* Length -- MUST SET */ | |
923 | 0x00, /* Message Type: Session Message */ | |
924 | 0x00, 0x00, 0x85 /* Length -- MUST SET */ | |
909 | 925 | }; |
910 | 926 | |
911 | 927 | /* SMB Header */ |
912 | 928 | unsigned char szSMB[32] = { |
913 | 0xff, 0x53, 0x4d, 0x42, /* Server Component */ | |
914 | 0x73, /* SMB Command: Session Setup AndX */ | |
915 | 0x00, 0x00, 0x00, 0x00, /* NT Status: STATUS_SUCCESS */ | |
916 | 0x08, /* Flags */ | |
917 | 0x01, 0x40, /* Flags2 */ | |
918 | 0x00, 0x00, /* Process ID High */ | |
919 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Signature */ | |
920 | 0x00, 0x00, /* Reserved */ | |
921 | 0x00, 0x00, /* Tree ID */ | |
922 | 0x13, 0x37, /* Process ID */ | |
923 | 0x00, 0x00, /* User ID */ | |
924 | 0x01, 0x00 /* Multiplx ID */ | |
929 | 0xff, 0x53, 0x4d, 0x42, /* Server Component */ | |
930 | 0x73, /* SMB Command: Session Setup AndX */ | |
931 | 0x00, 0x00, 0x00, 0x00, /* NT Status: STATUS_SUCCESS */ | |
932 | 0x08, /* Flags */ | |
933 | 0x01, 0xc0, /* Flags2 */ /* add Unicode */ | |
934 | 0x00, 0x00, /* Process ID High */ | |
935 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Signature */ | |
936 | 0x00, 0x00, /* Reserved */ | |
937 | 0x00, 0x00, /* Tree ID */ | |
938 | 0x13, 0x37, /* Process ID */ | |
939 | 0x00, 0x00, /* User ID */ | |
940 | 0x01, 0x00 /* Multiplx ID */ | |
925 | 941 | }; |
926 | 942 | |
927 | 943 | memset(buf, 0, 512); |
928 | 944 | memcpy(buf, szNBSS, 4); |
929 | memcpy(buf +4, szSMB, 32); | |
930 | ||
931 | if (security_mode == ENCRYPTED) | |
932 | { | |
945 | memcpy(buf + 4, szSMB, 32); | |
946 | ||
947 | if (security_mode == ENCRYPTED) { | |
933 | 948 | /* Session Setup AndX Request */ |
934 | if (smb_auth_mechanism == AUTH_LM) | |
935 | { | |
949 | if (smb_auth_mechanism == AUTH_LM) { | |
936 | 950 | if (verbose) |
937 | 951 | hydra_report(stderr, "[VERBOSE] Attempting LM password authentication.\n"); |
938 | 952 | |
939 | 953 | unsigned char szSessionRequest[23] = { |
940 | 0x0a, /* Word Count */ | |
941 | 0xff, /* AndXCommand: No further commands */ | |
942 | 0x00, /* Reserved */ | |
943 | 0x00, 0x00, /* AndXOffset */ | |
944 | 0xff, 0xff, /* Max Buffer */ | |
945 | 0x02, 0x00, /* Max Mpx Count */ | |
946 | 0x3c, 0x7d, /* VC Number */ | |
947 | 0x00, 0x00, 0x00, 0x00, /* Session Key */ | |
948 | 0x18, 0x00, /* LAN Manager Password Hash Length */ | |
949 | 0x00, 0x00, 0x00, 0x00, /* Reserved */ | |
950 | 0x49, 0x00 /* Byte Count -- MUST SET */ | |
954 | 0x0a, /* Word Count */ | |
955 | 0xff, /* AndXCommand: No further commands */ | |
956 | 0x00, /* Reserved */ | |
957 | 0x00, 0x00, /* AndXOffset */ | |
958 | 0xff, 0xff, /* Max Buffer */ | |
959 | 0x02, 0x00, /* Max Mpx Count */ | |
960 | 0x3c, 0x7d, /* VC Number */ | |
961 | 0x00, 0x00, 0x00, 0x00, /* Session Key */ | |
962 | 0x18, 0x00, /* LAN Manager Password Hash Length */ | |
963 | 0x00, 0x00, 0x00, 0x00, /* Reserved */ | |
964 | 0x49, 0x00 /* Byte Count -- MUST SET */ | |
951 | 965 | }; |
952 | 966 | |
953 | iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ | |
954 | iByteCount = 24; /* Start with length of LM hash */ | |
967 | iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ | |
968 | iByteCount = 24; /* Start with length of LM hash */ | |
955 | 969 | |
956 | 970 | /* Set Session Setup AndX Request header information */ |
957 | 971 | memcpy(buf + 36, szSessionRequest, 23); |
958 | 972 | |
959 | 973 | /* Calculate and set LAN Manager password hash */ |
960 | LMhash = (unsigned char *) malloc(24); | |
974 | if ((LMhash = (unsigned char *) malloc(24)) == NULL) | |
975 | return -1; | |
961 | 976 | memset(LMhash, 0, 24); |
962 | 977 | |
963 | ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *)challenge); | |
964 | if (ret == -1) | |
978 | ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *) challenge); | |
979 | if (ret == -1) { | |
980 | free(LMhash); | |
965 | 981 | return -1; |
982 | } | |
966 | 983 | |
967 | 984 | memcpy(buf + iOffset, LMhash, 24); |
968 | free(LMhash); | |
969 | ||
970 | } | |
971 | else if (smb_auth_mechanism == AUTH_NTLM) | |
972 | { | |
973 | if(verbose) | |
985 | free(LMhash); | |
986 | ||
987 | } else if (smb_auth_mechanism == AUTH_NTLM) { | |
988 | if (verbose) | |
974 | 989 | hydra_report(stderr, "[VERBOSE] Attempting NTLM password authentication.\n"); |
975 | ||
990 | ||
976 | 991 | unsigned char szSessionRequest[29] = { |
977 | 0x0d, /* Word Count */ | |
978 | 0xff, /* AndXCommand: No further commands */ | |
979 | 0x00, /* Reserved */ | |
980 | 0x00, 0x00, /* AndXOffset */ | |
981 | 0xff, 0xff, /* Max Buffer */ | |
982 | 0x02, 0x00, /* Max Mpx Count */ | |
983 | 0x3c, 0x7d, /* VC Number */ | |
984 | 0x00, 0x00, 0x00, 0x00, /* Session Key */ | |
985 | 0x18, 0x00, /* LAN Manager Password Hash Length */ | |
986 | 0x18, 0x00, /* NT LAN Manager Password Hash Length */ | |
987 | 0x00, 0x00, 0x00, 0x00, /* Reserved */ | |
988 | 0x50, 0x00, 0x00, 0x00, /* Capabilities */ | |
989 | 0x49, 0x00 /* Byte Count -- MUST SET */ | |
992 | 0x0d, /* Word Count */ | |
993 | 0xff, /* AndXCommand: No further commands */ | |
994 | 0x00, /* Reserved */ | |
995 | 0x00, 0x00, /* AndXOffset */ | |
996 | 0xff, 0xff, /* Max Buffer */ | |
997 | 0x02, 0x00, /* Max Mpx Count */ | |
998 | 0x3c, 0x7d, /* VC Number */ | |
999 | 0x00, 0x00, 0x00, 0x00, /* Session Key */ | |
1000 | 0x18, 0x00, /* LAN Manager Password Hash Length */ | |
1001 | 0x18, 0x00, /* NT LAN Manager Password Hash Length */ | |
1002 | 0x00, 0x00, 0x00, 0x00, /* Reserved */ | |
1003 | 0x5c, 0x00, 0x00, 0x00, /* Capabilities */ /* Add Unicode */ | |
1004 | 0x49, 0x00 /* Byte Count -- MUST SET */ | |
990 | 1005 | }; |
991 | 1006 | |
992 | iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ | |
993 | iByteCount = 48; /* Start with length of NTLM and LM hashes */ | |
1007 | iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ | |
1008 | iByteCount = 48; /* Start with length of NTLM and LM hashes */ | |
994 | 1009 | |
995 | 1010 | /* Set Session Setup AndX Request header information */ |
996 | 1011 | memcpy(buf + 36, szSessionRequest, 29); |
997 | 1012 | |
998 | 1013 | /* Calculate and set NTLM password hash */ |
999 | NTLMhash = (unsigned char *) malloc(24); | |
1014 | if ((NTLMhash = (unsigned char *) malloc(24)) == NULL) | |
1015 | return -1; | |
1000 | 1016 | memset(NTLMhash, 0, 24); |
1001 | 1017 | |
1002 | 1018 | /* We don't need to actually calculated a LM hash for this mode, only NTLM */ |
1006 | 1022 | |
1007 | 1023 | memcpy(buf + iOffset + 24, NTLMhash, 24); /* Skip space for LM hash */ |
1008 | 1024 | free(NTLMhash); |
1009 | } | |
1010 | else if (smb_auth_mechanism == AUTH_LMv2) | |
1011 | { | |
1025 | } else if (smb_auth_mechanism == AUTH_LMv2) { | |
1012 | 1026 | if (verbose) |
1013 | 1027 | hydra_report(stderr, "[VERBOSE] Attempting LMv2 password authentication.\n"); |
1014 | ||
1028 | ||
1015 | 1029 | unsigned char szSessionRequest[29] = { |
1016 | 0x0d, /* Word Count */ | |
1017 | 0xff, /* AndXCommand: No further commands */ | |
1018 | 0x00, /* Reserved */ | |
1019 | 0x00, 0x00, /* AndXOffset */ | |
1020 | 0xff, 0xff, /* Max Buffer */ | |
1021 | 0x02, 0x00, /* Max Mpx Count */ | |
1022 | 0x3c, 0x7d, /* VC Number */ | |
1023 | 0x00, 0x00, 0x00, 0x00, /* Session Key */ | |
1024 | 0x18, 0x00, /* LAN Manager Password Hash Length */ | |
1025 | 0x00, 0x00, /* NT LAN Manager Password Hash Length */ | |
1026 | 0x00, 0x00, 0x00, 0x00, /* Reserved */ | |
1027 | 0x50, 0x00, 0x00, 0x00, /* Capabilities */ | |
1028 | 0x49, 0x00 /* Byte Count -- MUST SET */ | |
1030 | 0x0d, /* Word Count */ | |
1031 | 0xff, /* AndXCommand: No further commands */ | |
1032 | 0x00, /* Reserved */ | |
1033 | 0x00, 0x00, /* AndXOffset */ | |
1034 | 0xff, 0xff, /* Max Buffer */ | |
1035 | 0x02, 0x00, /* Max Mpx Count */ | |
1036 | 0x3c, 0x7d, /* VC Number */ | |
1037 | 0x00, 0x00, 0x00, 0x00, /* Session Key */ | |
1038 | 0x18, 0x00, /* LAN Manager Password Hash Length */ | |
1039 | 0x00, 0x00, /* NT LAN Manager Password Hash Length */ | |
1040 | 0x00, 0x00, 0x00, 0x00, /* Reserved */ | |
1041 | 0x50, 0x00, 0x00, 0x00, /* Capabilities */ | |
1042 | 0x49, 0x00 /* Byte Count -- MUST SET */ | |
1029 | 1043 | }; |
1030 | 1044 | |
1031 | iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ | |
1032 | iByteCount = 24; /* Start with length of LMv2 response */ | |
1045 | iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ | |
1046 | iByteCount = 24; /* Start with length of LMv2 response */ | |
1033 | 1047 | |
1034 | 1048 | /* Set Session Setup AndX Request header information */ |
1035 | 1049 | memcpy(buf + 36, szSessionRequest, 29); |
1036 | 1050 | |
1037 | 1051 | /* Calculate and set LMv2 response hash */ |
1038 | LMv2hash = (unsigned char *) malloc(24); | |
1052 | if ((LMv2hash = (unsigned char *) malloc(24)) == NULL) | |
1053 | return -1; | |
1039 | 1054 | memset(LMv2hash, 0, 24); |
1040 | 1055 | |
1041 | 1056 | ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword); |
1042 | if (ret == -1) | |
1057 | if (ret == -1) { | |
1058 | free(LMv2hash); | |
1043 | 1059 | return -1; |
1060 | } | |
1044 | 1061 | |
1045 | 1062 | memcpy(buf + iOffset, LMv2hash, 24); |
1046 | 1063 | free(LMv2hash); |
1047 | } | |
1048 | else if (smb_auth_mechanism == AUTH_NTLMv2) | |
1049 | { | |
1064 | } else if (smb_auth_mechanism == AUTH_NTLMv2) { | |
1050 | 1065 | if (verbose) |
1051 | hydra_report(stderr,"[VERBOSE] Attempting LMv2/NTLMv2 password authentication.\n"); | |
1052 | ||
1066 | hydra_report(stderr, "[VERBOSE] Attempting LMv2/NTLMv2 password authentication.\n"); | |
1067 | ||
1053 | 1068 | unsigned char szSessionRequest[29] = { |
1054 | 0x0d, /* Word Count */ | |
1055 | 0xff, /* AndXCommand: No further commands */ | |
1056 | 0x00, /* Reserved */ | |
1057 | 0x00, 0x00, /* AndXOffset */ | |
1058 | 0xff, 0xff, /* Max Buffer */ | |
1059 | 0x02, 0x00, /* Max Mpx Count */ | |
1060 | 0x3c, 0x7d, /* VC Number */ | |
1061 | 0x00, 0x00, 0x00, 0x00, /* Session Key */ | |
1062 | 0x18, 0x00, /* LMv2 Response Hash Length */ | |
1063 | 0x4b, 0x00, /* NTLMv2 Response Hash Length -- MUST SET */ | |
1064 | 0x00, 0x00, 0x00, 0x00, /* Reserved */ | |
1065 | 0x50, 0x00, 0x00, 0x00, /* Capabilities */ | |
1066 | 0x49, 0x00 /* Byte Count -- MUST SET */ | |
1069 | 0x0d, /* Word Count */ | |
1070 | 0xff, /* AndXCommand: No further commands */ | |
1071 | 0x00, /* Reserved */ | |
1072 | 0x00, 0x00, /* AndXOffset */ | |
1073 | 0xff, 0xff, /* Max Buffer */ | |
1074 | 0x02, 0x00, /* Max Mpx Count */ | |
1075 | 0x3c, 0x7d, /* VC Number */ | |
1076 | 0x00, 0x00, 0x00, 0x00, /* Session Key */ | |
1077 | 0x18, 0x00, /* LMv2 Response Hash Length */ | |
1078 | 0x4b, 0x00, /* NTLMv2 Response Hash Length -- MUST SET */ | |
1079 | 0x00, 0x00, 0x00, 0x00, /* Reserved */ | |
1080 | 0x50, 0x00, 0x00, 0x00, /* Capabilities */ | |
1081 | 0x49, 0x00 /* Byte Count -- MUST SET */ | |
1067 | 1082 | }; |
1068 | 1083 | |
1069 | iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ | |
1084 | iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ | |
1070 | 1085 | |
1071 | 1086 | /* Set Session Setup AndX Request header information */ |
1072 | 1087 | memcpy(buf + 36, szSessionRequest, 29); |
1075 | 1090 | ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword); |
1076 | 1091 | if (ret == -1) |
1077 | 1092 | return -1; |
1078 | ||
1093 | ||
1079 | 1094 | memcpy(buf + iOffset, LMv2hash, 24); |
1080 | 1095 | free(LMv2hash); |
1081 | 1096 | |
1092 | 1107 | memcpy(buf + iOffset + 24, NTLMv2hash, iByteCount); |
1093 | 1108 | free(NTLMv2hash); |
1094 | 1109 | |
1095 | iByteCount += 24; /* Reflects length of both LMv2 and NTLMv2 responses */ | |
1096 | } | |
1097 | } | |
1098 | else if (security_mode == PLAINTEXT) | |
1099 | { | |
1100 | if (verbose) | |
1101 | hydra_report(stderr, "[VERBOSE] Attempting PLAINTEXT password authentication.\n"); | |
1110 | iByteCount += 24; /* Reflects length of both LMv2 and NTLMv2 responses */ | |
1111 | } | |
1112 | } else if (security_mode == PLAINTEXT) { | |
1113 | if (verbose) | |
1114 | hydra_report(stderr, "[VERBOSE] Attempting PLAINTEXT password authentication.\n"); | |
1102 | 1115 | |
1103 | 1116 | unsigned char szSessionRequest[23] = { |
1104 | 0x0a, /* Word Count */ | |
1105 | 0xff, /* AndXCommand: No further commands */ | |
1106 | 0x00, /* Reserved */ | |
1107 | 0x00, 0x00, /* AndXOffset */ | |
1108 | 0xff, 0xff, /* Max Buffer */ | |
1109 | 0x02, 0x00, /* Max Mpx Count */ | |
1110 | 0x3c, 0x7d, /* VC Number */ | |
1111 | 0x00, 0x00, 0x00, 0x00, /* Session Key */ | |
1112 | 0x00, 0x00, /* Password Length -- MUST SET */ | |
1113 | 0x00, 0x00, 0x00, 0x00, /* Reserved */ | |
1114 | 0x49, 0x00 /* Byte Count -- MUST SET */ | |
1117 | 0x0a, /* Word Count */ | |
1118 | 0xff, /* AndXCommand: No further commands */ | |
1119 | 0x00, /* Reserved */ | |
1120 | 0x00, 0x00, /* AndXOffset */ | |
1121 | 0xff, 0xff, /* Max Buffer */ | |
1122 | 0x02, 0x00, /* Max Mpx Count */ | |
1123 | 0x3c, 0x7d, /* VC Number */ | |
1124 | 0x00, 0x00, 0x00, 0x00, /* Session Key */ | |
1125 | 0x00, 0x00, /* Password Length -- MUST SET */ | |
1126 | 0x00, 0x00, 0x00, 0x00, /* Reserved */ | |
1127 | 0x49, 0x00 /* Byte Count -- MUST SET */ | |
1115 | 1128 | }; |
1116 | 1129 | |
1117 | iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ | |
1130 | iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ | |
1118 | 1131 | |
1119 | 1132 | /* Set Session Setup AndX Request header information */ |
1120 | 1133 | memcpy(buf + 36, szSessionRequest, 23); |
1122 | 1135 | /* Calculate and set password length */ |
1123 | 1136 | /* Samba appears to append NULL characters equal to the password length plus 2 */ |
1124 | 1137 | //iByteCount = 2 * strlen(szPassword) + 2; |
1125 | iByteCount = strlen(szPassword) + 1; | |
1138 | iByteCount = strlen(szPassword) + 1; | |
1126 | 1139 | buf[iOffset - 8] = (iByteCount) % 256; |
1127 | 1140 | buf[iOffset - 7] = (iByteCount) / 256; |
1128 | ||
1141 | ||
1129 | 1142 | /* set ANSI password */ |
1130 | 1143 | /* |
1131 | Depending on the SAMBA server configuration, multiple passwords may be successful | |
1132 | when dealing with mixed-case values. The SAMBA parameter "password level" appears | |
1133 | to determine how many characters within a password are tested by the server both | |
1134 | upper and lower case. For example, assume a SAMBA account has a password of "Fred" | |
1135 | and the server is configured with "password level = 2". Medusa sends the password | |
1136 | "FRED". The SAMBA server will brute-force test this value for us with values | |
1137 | like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default setting | |
1138 | is "password level = 0". This results in only two attempts to being made by the | |
1139 | remote server; the password as is and the password in all-lower case. | |
1140 | */ | |
1141 | strncpy((char *)(buf + iOffset), szPassword, 256); | |
1142 | } | |
1143 | else | |
1144 | { | |
1144 | Depending on the SAMBA server configuration, multiple passwords may be successful | |
1145 | when dealing with mixed-case values. The SAMBA parameter "password level" appears | |
1146 | to determine how many characters within a password are tested by the server both | |
1147 | upper and lower case. For example, assume a SAMBA account has a password of "Fred" | |
1148 | and the server is configured with "password level = 2". Medusa sends the password | |
1149 | "FRED". The SAMBA server will brute-force test this value for us with values | |
1150 | like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default setting | |
1151 | is "password level = 0". This results in only two attempts to being made by the | |
1152 | remote server; the password as is and the password in all-lower case. | |
1153 | */ | |
1154 | strncpy((char *) (buf + iOffset), szPassword, 256); | |
1155 | } else { | |
1145 | 1156 | hydra_report(stderr, "[ERROR] Security_mode was not properly set. This should not happen.\n"); |
1146 | 1157 | return -1; |
1147 | 1158 | } |
1148 | 1159 | |
1149 | /* Set account and workgroup values */ | |
1150 | memcpy(buf + iOffset + iByteCount, szLogin, strlen(szLogin)); | |
1151 | iByteCount += strlen(szLogin) + 1; /* NULL pad account name */ | |
1152 | memcpy(buf + iOffset + iByteCount, workgroup, strlen((char *) workgroup)); | |
1153 | iByteCount += strlen((char *) workgroup) + 1; // NULL pad workgroup name | |
1160 | /* Set account and workgroup values */ | |
1161 | ||
1162 | j = UTF8_UTF16LE((unsigned char *) szLogin, strlen(szLogin), buf + iOffset + iByteCount+1, 2*strlen(szLogin)); | |
1163 | iByteCount += j +3; /* NULL pad account name */ | |
1164 | j = UTF8_UTF16LE(workgroup, strlen((char *) workgroup), buf+iOffset+iByteCount, 2*strlen((char *) workgroup)); | |
1165 | iByteCount += j+2; // NULL pad workgroup name | |
1154 | 1166 | |
1155 | 1167 | /* Set native OS and LAN Manager values */ |
1156 | 1168 | |
1157 | sprintf((char *)(buf + iOffset + iByteCount), "Unix"); | |
1158 | iByteCount += strlen("Unix") + 1; // NULL pad OS name | |
1159 | sprintf((char *)(buf + iOffset + iByteCount), "Samba"); | |
1160 | iByteCount += strlen("Samba") + 1; // NULL pad LAN Manager name | |
1169 | char *szOSName = "Unix"; | |
1170 | j = UTF8_UTF16LE((unsigned char *) szOSName, strlen(szOSName), buf+iOffset+iByteCount, 2*sizeof(szOSName)); | |
1171 | iByteCount += j+2; // NULL terminated | |
1172 | char *szLANMANName = "Samba"; | |
1173 | j = UTF8_UTF16LE((unsigned char *) szLANMANName, strlen(szLANMANName), buf+iOffset+iByteCount, 2*sizeof(szLANMANName)); | |
1174 | iByteCount += j+2; // NULL terminated | |
1161 | 1175 | |
1162 | 1176 | /* Set the header length */ |
1163 | 1177 | buf[2] = (iOffset - 4 + iByteCount) / 256; |
1173 | 1187 | |
1174 | 1188 | hydra_send(s, (char *) buf, iOffset + iByteCount, 0); |
1175 | 1189 | |
1176 | nReceiveBufferSize = 0; | |
1177 | 1190 | nReceiveBufferSize = hydra_recv(s, bufReceive, sizeof(bufReceive)); |
1178 | if ((bufReceive == NULL) || (nReceiveBufferSize == 0)) | |
1191 | if (/*(bufReceive == NULL) ||*/ (nReceiveBufferSize == 0)) | |
1179 | 1192 | return -1; |
1180 | ||
1193 | ||
1181 | 1194 | /* 41 - Action (Guest/Non-Guest Account) */ |
1182 | 1195 | /* 9 - NT Status (Error code) */ |
1183 | 1196 | return (((bufReceive[41] & 0x01) << 24) | ((bufReceive[11] & 0xFF) << 16) | ((bufReceive[10] & 0xFF) << 8) | (bufReceive[9] & 0xFF)); |
1184 | } | |
1185 | ||
1186 | int | |
1187 | start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) | |
1188 | { | |
1197 | } | |
1198 | ||
1199 | int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { | |
1189 | 1200 | char *empty = ""; |
1190 | 1201 | char *login, *pass; |
1191 | 1202 | int SMBerr, SMBaction; |
1203 | 1214 | strcpy(ipaddr_str, hydra_address2string(ip)); |
1204 | 1215 | |
1205 | 1216 | SMBSessionRet = SMBSessionSetup(s, login, pass, miscptr); |
1206 | if (SMBSessionRet == -1) | |
1217 | if (SMBSessionRet == -1) | |
1207 | 1218 | return 3; |
1208 | 1219 | SMBerr = (unsigned long) SMBSessionRet & 0x00FFFFFF; |
1209 | 1220 | SMBaction = ((unsigned long) SMBSessionRet & 0xFF000000) >> 24; |
1210 | 1221 | |
1211 | 1222 | if (verbose) |
1212 | hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (unsigned int)SMBSessionRet, SMBerr, SMBaction); | |
1223 | hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (unsigned int) SMBSessionRet, SMBerr, SMBaction); | |
1213 | 1224 | |
1214 | 1225 | /* |
1215 | some error code are available here: | |
1216 | http://msdn.microsoft.com/en-us/library/ee441884(v=prot.13).aspx | |
1217 | */ | |
1218 | ||
1219 | if (SMBerr == 0x000000) { /* success */ | |
1220 | if (SMBaction == 0x01) { /* invalid account - anonymous connection */ | |
1226 | some error code are available here: | |
1227 | http://msdn.microsoft.com/en-us/library/ee441884(v=prot.13).aspx | |
1228 | */ | |
1229 | ||
1230 | if (SMBerr == 0x000000) { /* success */ | |
1231 | if (SMBaction == 0x01) { /* invalid account - anonymous connection */ | |
1221 | 1232 | fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Invalid account (Anonymous success)\n", port, ipaddr_str, login); |
1222 | 1233 | hydra_completed_pair_skip(); |
1223 | } else { /* valid account */ | |
1234 | } else { /* valid account */ | |
1224 | 1235 | hydra_report_found_host(port, ip, "smb", fp); |
1225 | 1236 | hydra_completed_pair_found(); |
1226 | 1237 | } |
1227 | } else if ((SMBerr == 0x00000D) && (SMBaction == 0x00)){ | |
1238 | } else if ((SMBerr == 0x00000D) && (SMBaction == 0x00)) { | |
1228 | 1239 | hydra_report(stderr, "[ERROR] Invalid parameter status received, either the account or the method used are not valid\n"); |
1229 | 1240 | hydra_completed_pair_skip(); |
1230 | } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote Connections Using NULL Passwords */ | |
1241 | } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote Connections Using NULL Passwords */ | |
1231 | 1242 | if (verbose) |
1232 | 1243 | hydra_report(stderr, "[VERBOSE] Valid password, GPO Disabling Remote Connections Using NULL Passwords\n"); |
1233 | 1244 | hydra_report_found_host(port, ip, "smb", fp); |
1234 | 1245 | hydra_completed_pair_found(); |
1235 | } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this computer from the network" */ | |
1246 | } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this computer from the network" */ | |
1236 | 1247 | if (verbose) |
1237 | 1248 | hydra_report(stderr, "[VERBOSE] Valid password, GPO Deny access to this computer from the network\n"); |
1238 | 1249 | hydra_report_found_host(port, ip, "smb", fp); |
1239 | 1250 | hydra_completed_pair_found(); |
1240 | } else if (SMBerr == 0x000193) { /* Valid password, account expired */ | |
1251 | } else if (SMBerr == 0x000193) { /* Valid password, account expired */ | |
1241 | 1252 | if (verbose) |
1242 | 1253 | hydra_report(stderr, "[VERBOSE] Valid password, account expired\n"); |
1243 | 1254 | hydra_report_found_host(port, ip, "smb", fp); |
1244 | 1255 | hydra_completed_pair_found(); |
1245 | } else if ((SMBerr == 0x000224)||(SMBerr == 0xC20002)) { /* Valid password, account expired */ | |
1256 | } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */ | |
1246 | 1257 | if (verbose) |
1247 | 1258 | hydra_report(stderr, "[VERBOSE] Valid password, password expired and must be changed on next logon\n"); |
1248 | 1259 | hydra_report_found_host(port, ip, "smb", fp); |
1249 | 1260 | hydra_completed_pair_found(); |
1250 | } else if ((SMBerr == 0x00006F)||(SMBerr == 0xC10002)) { /* Invalid logon hours */ | |
1261 | } else if ((SMBerr == 0x00006F) || (SMBerr == 0xC10002)) { /* Invalid logon hours */ | |
1251 | 1262 | if (verbose) |
1252 | 1263 | hydra_report(stderr, "[VERBOSE] Valid password, but logon hours invalid\n"); |
1253 | 1264 | hydra_report_found_host(port, ip, "smb", fp); |
1254 | 1265 | hydra_completed_pair_found(); |
1255 | } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */ | |
1266 | } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */ | |
1256 | 1267 | if (verbose) |
1257 | 1268 | fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Incorrect password or account disabled\n", port, ipaddr_str, login); |
1258 | 1269 | if ((miscptr) && (strstr(miscptr, "LM"))) |
1259 | 1270 | hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n"); |
1260 | 1271 | hydra_completed_pair_skip(); |
1261 | } else if (SMBerr == 0x000024) { /* change password on next login [success] */ | |
1272 | } else if (SMBerr == 0x000024) { /* change password on next login [success] */ | |
1262 | 1273 | fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login); |
1263 | 1274 | hydra_completed_pair_found(); |
1264 | } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */ | |
1275 | } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */ | |
1265 | 1276 | hydra_completed_pair(); |
1266 | } else if (SMBerr == 0x000071) { /* password expired */ | |
1277 | } else if (SMBerr == 0x000071) { /* password expired */ | |
1267 | 1278 | if (verbose) |
1268 | 1279 | fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login); |
1269 | 1280 | hydra_completed_pair_skip(); |
1270 | } else if ((SMBerr == 0x000072)||(SMBerr == 0xBF0002)) { /* account disabled */ /* BF0002 on w2k*/ | |
1281 | } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled *//* BF0002 on w2k */ | |
1271 | 1282 | if (verbose) |
1272 | 1283 | fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_DISABLED\n", port, ipaddr_str, login); |
1273 | 1284 | hydra_completed_pair_skip(); |
1274 | } else if (SMBerr == 0x000034 || SMBerr == 0x000234) { /* account locked out */ | |
1275 | if (verbose) | |
1285 | } else if (SMBerr == 0x000034 || SMBerr == 0x000234) { /* account locked out */ | |
1286 | if (verbose) | |
1276 | 1287 | fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_LOCKED\n", port, ipaddr_str, login); |
1277 | 1288 | hydra_completed_pair_skip(); |
1278 | } else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership */ | |
1289 | } else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership */ | |
1279 | 1290 | if (verbose) |
1280 | 1291 | fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE\n", port, ipaddr_str, login); |
1281 | 1292 | hydra_completed_pair(); |
1291 | 1302 | return 1; |
1292 | 1303 | } |
1293 | 1304 | |
1294 | void | |
1295 | service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) | |
1296 | { | |
1305 | void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
1297 | 1306 | int run = 1, next_run = 1, sock = -1; |
1298 | 1307 | |
1299 | 1308 | //default is both (local and domain) checks and normal passwd |
1300 | accntFlag = 2; //BOTH | |
1301 | hashFlag = 0; //PASS | |
1302 | smb_auth_mechanism=AUTH_NTLM; | |
1309 | accntFlag = 2; //BOTH | |
1310 | hashFlag = 0; //PASS | |
1311 | smb_auth_mechanism = AUTH_NTLM; | |
1303 | 1312 | |
1304 | 1313 | if (miscptr) { |
1305 | 1314 | //check group |
1308 | 1317 | char *tmpdom; |
1309 | 1318 | int err = 0; |
1310 | 1319 | |
1311 | accntFlag = 4; //OTHER DOMAIN | |
1320 | accntFlag = 4; //OTHER DOMAIN | |
1312 | 1321 | tmpdom = strstr(miscptr, "OTHER_DOMAIN:"); |
1313 | 1322 | tmpdom = tmpdom + strlen("OTHER_DOMAIN:"); |
1314 | ||
1323 | ||
1315 | 1324 | if (tmpdom) { |
1316 | 1325 | //split the string after the domain if there are other values |
1317 | 1326 | strtok(tmpdom, " "); |
1318 | 1327 | if (tmpdom) { |
1319 | strncpy((char *)domain, (char *)tmpdom, 16); | |
1328 | strncpy((char *) domain, (char *) tmpdom, sizeof(domain) - 1); | |
1329 | domain[sizeof(domain) - 1] = 0; | |
1320 | 1330 | } else { |
1321 | 1331 | err = 1; |
1322 | 1332 | } |
1330 | 1340 | accntFlag = 2; |
1331 | 1341 | } |
1332 | 1342 | } else if (strstr(miscptr, "LOCAL") != NULL) { |
1333 | accntFlag = 0; //LOCAL | |
1343 | accntFlag = 0; //LOCAL | |
1334 | 1344 | } else if (strstr(miscptr, "DOMAIN") != NULL) { |
1335 | accntFlag = 1; //DOMAIN | |
1336 | } | |
1337 | ||
1345 | accntFlag = 1; //DOMAIN | |
1346 | } | |
1338 | 1347 | //check pass |
1339 | 1348 | if (strstr(miscptr, "HASH") != NULL) { |
1340 | hashFlag = 1; | |
1349 | hashFlag = 1; | |
1341 | 1350 | } else if (strstr(miscptr, "MACHINE") != NULL) { |
1342 | hashFlag = 2; | |
1351 | hashFlag = 2; | |
1343 | 1352 | } |
1344 | 1353 | //check auth |
1345 | 1354 | if (strstr(miscptr, "NTLMV2") != NULL) { |
1346 | smb_auth_mechanism=AUTH_NTLMv2; | |
1355 | smb_auth_mechanism = AUTH_NTLMv2; | |
1347 | 1356 | } else if (strstr(miscptr, "NTLM") != NULL) { |
1348 | smb_auth_mechanism=AUTH_NTLM; | |
1357 | smb_auth_mechanism = AUTH_NTLM; | |
1349 | 1358 | } else if (strstr(miscptr, "LMV2") != NULL) { |
1350 | smb_auth_mechanism=AUTH_LMv2; | |
1359 | smb_auth_mechanism = AUTH_LMv2; | |
1351 | 1360 | } else if (strstr(miscptr, "LM") != NULL) { |
1352 | smb_auth_mechanism=AUTH_LM; | |
1361 | smb_auth_mechanism = AUTH_LM; | |
1353 | 1362 | } |
1354 | 1363 | } |
1355 | 1364 | if (verbose) { |
1373 | 1382 | protoFlag = WIN_NETBIOSMODE; |
1374 | 1383 | if (verbose) |
1375 | 1384 | hydra_report(stderr, "[VERBOSE] Attempting NETBIOS mode.\n"); |
1376 | } | |
1377 | else { | |
1385 | } else { | |
1378 | 1386 | protoFlag = WIN2000_NATIVEMODE; |
1379 | 1387 | if (verbose) |
1380 | 1388 | hydra_report(stderr, "[VERBOSE] Attempting WIN2K Native mode.\n"); |
1381 | 1389 | } |
1382 | } | |
1383 | else { | |
1390 | } else { | |
1384 | 1391 | sock = hydra_connect_tcp(ip, PORT_SMBNT); |
1385 | 1392 | if (sock > 0) { |
1386 | 1393 | port = PORT_SMBNT; |
1387 | 1394 | protoFlag = WIN2000_NATIVEMODE; |
1388 | } | |
1389 | else { | |
1395 | } else { | |
1390 | 1396 | hydra_report(stderr, "Failed to establish WIN2000_NATIVE mode. Attempting WIN_NETBIOS mode.\n"); |
1391 | 1397 | port = PORT_SMB; |
1392 | 1398 | protoFlag = WIN_NETBIOSMODE; |
1394 | 1400 | } |
1395 | 1401 | } |
1396 | 1402 | if (sock < 0) { |
1397 | fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
1403 | if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); | |
1398 | 1404 | hydra_child_exit(1); |
1399 | 1405 | } |
1400 | 1406 | if (NBSSessionRequest(sock) < 0) { |
1420 | 1426 | } |
1421 | 1427 | #endif |
1422 | 1428 | |
1423 | int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
1429 | int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
1424 | 1430 | // called before the childrens are forked off, so this is the function |
1425 | 1431 | // which should be filled if initial connections and service setup has to be |
1426 | 1432 | // performed once only. |
45 | 45 | } else { |
46 | 46 | snprintf(buffer, sizeof(buffer), "MAIL FROM: root\r\n"); |
47 | 47 | } |
48 | if (verbose) | |
48 | if (debug) | |
49 | 49 | hydra_report(stderr, "DEBUG C: %s", buffer); |
50 | 50 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { |
51 | 51 | return 1; |
52 | 52 | } |
53 | 53 | if ((buf = hydra_receive_line(s)) == NULL) |
54 | 54 | return (1); |
55 | if (verbose) | |
55 | if (debug) | |
56 | 56 | hydra_report(stderr, "DEBUG S: %s", buf); |
57 | 57 | /* good return values are something like 25x */ |
58 | 58 | #ifdef HAVE_PCRE |
69 | 69 | } else { |
70 | 70 | err = strstr(buf, "Error"); |
71 | 71 | if (err) { |
72 | if (verbose) { | |
72 | if (debug) { | |
73 | 73 | hydra_report(stderr, "Server %s", err); |
74 | 74 | } |
75 | 75 | free(buf); |
93 | 93 | snprintf(buffer, sizeof(buffer), "%s %s\r\n", cmd, login); |
94 | 94 | } |
95 | 95 | } |
96 | if (verbose) | |
96 | if (debug) | |
97 | 97 | hydra_report(stderr, "DEBUG C: %s", buffer); |
98 | 98 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { |
99 | 99 | return 1; |
100 | 100 | } |
101 | 101 | if ((buf = hydra_receive_line(s)) == NULL) |
102 | 102 | return (1); |
103 | if (verbose) | |
103 | if (debug) | |
104 | 104 | hydra_report(stderr, "DEBUG S: %s", buf); |
105 | 105 | /* good return values are something like 25x */ |
106 | 106 | #ifdef HAVE_PCRE |
116 | 116 | return 1; |
117 | 117 | } |
118 | 118 | err = strstr(buf, "Error"); |
119 | if (err || tosent) { | |
119 | if (err || tosent || strncmp(buf, "50", 2) == 0) { | |
120 | 120 | // we should report command not identified by the server |
121 | 121 | //502 5.5.2 Error: command not recognized |
122 | #ifdef HAVE_PCRE | |
123 | if ((verbose || hydra_string_match(buf, "\\scommand\\snot\\srecognized")) && err) { | |
124 | #else | |
125 | if ((verbose || strstr(buf, "command") != NULL) && err) { | |
126 | #endif | |
127 | hydra_report(stderr, "Server %s", err); | |
122 | //#ifdef HAVE_PCRE | |
123 | // if ((debug || hydra_string_match(buf, "\\scommand\\snot\\srecognized")) && err) { | |
124 | //#else | |
125 | // if ((debug || strstr(buf, "command") != NULL) && err) { | |
126 | //#endif | |
127 | // hydra_report(stderr, "Server %s", err); | |
128 | // } | |
129 | if (strncmp(buf, "500 ", 4) == 0) { | |
130 | hydra_report(stderr, "[ERROR] command is disabled on the server (choose different method): %s", buf); | |
131 | free(buf); | |
132 | return 3; | |
128 | 133 | } |
129 | 134 | memset(buffer, 0, sizeof(buffer)); |
130 | 135 | //503 5.5.1 Error: nested MAIL command |
131 | 136 | strncpy(buffer, "RSET\r\n", sizeof(buffer)); |
132 | 137 | free(buf); |
133 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { | |
138 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) | |
134 | 139 | return 1; |
135 | } | |
136 | 140 | if ((buf = hydra_receive_line(s)) == NULL) |
137 | 141 | return 1; |
138 | 142 | } |
167 | 171 | if (port != 0) |
168 | 172 | mysslport = port; |
169 | 173 | sock = hydra_connect_ssl(ip, mysslport); |
170 | port = myport; | |
174 | port = mysslport; | |
171 | 175 | } |
172 | 176 | if (sock < 0) { |
173 | 177 | hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); |
180 | 184 | hydra_report(stderr, "Warning: SMTP does not allow to connect: %s\n", buf); |
181 | 185 | hydra_child_exit(2); |
182 | 186 | } |
183 | while (strstr(buf, "220 ") == NULL) { | |
187 | // while (strstr(buf, "220 ") == NULL) { | |
188 | // free(buf); | |
189 | // buf = hydra_receive_line(sock); | |
190 | // } | |
191 | ||
192 | // if (buf[0] != '2') { | |
193 | if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { | |
184 | 194 | free(buf); |
185 | buf = hydra_receive_line(sock); | |
186 | } | |
187 | ||
195 | hydra_child_exit(2); | |
196 | } | |
197 | // } | |
198 | ||
199 | free(buf); | |
200 | if ((buf = hydra_receive_line(sock)) == NULL) | |
201 | hydra_child_exit(2); | |
188 | 202 | if (buf[0] != '2') { |
189 | if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { | |
190 | free(buf); | |
191 | hydra_child_exit(2); | |
192 | } | |
203 | hydra_report(stderr, "Warning: SMTP does not respond correctly to HELO: %s\n", buf); | |
204 | hydra_child_exit(2); | |
193 | 205 | } |
194 | 206 | |
195 | 207 | if ((miscptr != NULL) && (strlen(miscptr) > 0)) { |
202 | 214 | if (strncmp(miscptr, "RCPT", 4) == 0) |
203 | 215 | smtp_enum_cmd = RCPT; |
204 | 216 | } |
205 | if (verbose) { | |
217 | if (debug) { | |
206 | 218 | switch (smtp_enum_cmd) { |
219 | hydra_report(stdout, "[VERBOSE] "); | |
207 | 220 | case VRFY: |
208 | hydra_report(stderr, "using SMTP VRFY command\n"); | |
221 | hydra_report(stdout, "using SMTP VRFY command\n"); | |
209 | 222 | break; |
210 | 223 | case EXPN: |
211 | hydra_report(stderr, "using SMTP EXPN command\n"); | |
224 | hydra_report(stdout, "using SMTP EXPN command\n"); | |
212 | 225 | break; |
213 | 226 | case RCPT: |
214 | hydra_report(stderr, "using SMTP RCPT TO command\n"); | |
227 | hydra_report(stdout, "using SMTP RCPT TO command\n"); | |
215 | 228 | break; |
216 | 229 | } |
217 | 230 | } |
235 | 248 | } |
236 | 249 | } |
237 | 250 | |
238 | int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
251 | int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
239 | 252 | // called before the childrens are forked off, so this is the function |
240 | 253 | // which should be filled if initial connections and service setup has to be |
241 | 254 | // performed once only. |
1 | 1 | #include "sasl.h" |
2 | 2 | |
3 | 3 | extern char *HYDRA_EXIT; |
4 | char *buf; | |
5 | ||
6 | 4 | int smtp_auth_mechanism = AUTH_LOGIN; |
7 | 5 | |
8 | 6 | char *smtp_read_server_capacity(int sock) { |
39 | 37 | |
40 | 38 | int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { |
41 | 39 | char *empty = ""; |
42 | char *login, *pass, buffer[500], buffer2[500]; | |
40 | char *login, *pass, buffer[500], buffer2[500], *fooptr, *buf; | |
43 | 41 | |
44 | 42 | if (strlen(login = hydra_get_next_login()) == 0) |
45 | 43 | login = empty; |
90 | 88 | //get the one-time BASE64 encoded challenge |
91 | 89 | if ((buf = hydra_receive_line(s)) == NULL) |
92 | 90 | return 1; |
93 | if (strstr(buf, "334") == NULL) { | |
91 | if (strstr(buf, "334") == NULL || strlen(buf) < 8) { | |
94 | 92 | hydra_report(stderr, "[ERROR] SMTP CRAM-MD5 AUTH : %s\n", buf); |
95 | 93 | free(buf); |
96 | 94 | return 3; |
126 | 124 | from64tobits((char *) buffer, buf + 4); |
127 | 125 | free(buf); |
128 | 126 | |
129 | if (verbose) | |
127 | if (debug) | |
130 | 128 | hydra_report(stderr, "DEBUG S: %s\n", buffer); |
131 | 129 | |
132 | sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL); | |
133 | if (buffer2 == NULL) | |
134 | return 3; | |
135 | ||
136 | if (verbose) | |
130 | fooptr = buffer2; | |
131 | sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL); | |
132 | if (fooptr == NULL) | |
133 | return 3; | |
134 | ||
135 | if (debug) | |
137 | 136 | hydra_report(stderr, "DEBUG C: %s\n", buffer2); |
138 | 137 | hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); |
139 | 138 | sprintf(buffer, "%s\r\n", buffer2); |
154 | 153 | } |
155 | 154 | if ((buf = hydra_receive_line(s)) == NULL) |
156 | 155 | return 1; |
157 | if (strstr(buf, "334") == NULL) { | |
156 | if (strstr(buf, "334") == NULL || strlen(buf) < 8) { | |
158 | 157 | hydra_report(stderr, "[ERROR] SMTP NTLM AUTH : %s\n", buf); |
159 | 158 | free(buf); |
160 | 159 | return 3; |
214 | 213 | |
215 | 214 | #ifdef LIBOPENSSL |
216 | 215 | if (smtp_auth_mechanism == AUTH_DIGESTMD5) { |
217 | if (strstr(buf, "334") != NULL) { | |
216 | if (strstr(buf, "334") != NULL && strlen(buf) >= 8) { | |
218 | 217 | memset(buffer2, 0, sizeof(buffer2)); |
219 | 218 | from64tobits((char *) buffer2, buf + 4); |
220 | 219 | if (strstr(buffer2, "rspauth=") != NULL) { |
249 | 248 | void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { |
250 | 249 | int run = 1, next_run = 1, sock = -1, i = 0; |
251 | 250 | int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 1; |
252 | ||
251 | char *buf; | |
253 | 252 | char *buffer1 = "EHLO hydra\r\n"; |
254 | 253 | char *buffer2 = "HELO hydra\r\n"; |
255 | 254 | |
270 | 269 | if (port != 0) |
271 | 270 | mysslport = port; |
272 | 271 | sock = hydra_connect_ssl(ip, mysslport); |
273 | port = myport; | |
272 | port = mysslport; | |
274 | 273 | } |
275 | 274 | if (sock < 0) { |
276 | 275 | if (verbose || debug) |
308 | 307 | disable_tls = 0; |
309 | 308 | } |
310 | 309 | } |
311 | ||
312 | #ifdef LIBOPENSSL | |
310 | #ifdef LIBOPENSSL | |
313 | 311 | if (!disable_tls) { |
314 | /* if we got a positive answer */ | |
315 | if (buf[0] == '2') { | |
312 | /* if we got a positive answer */ | |
313 | if (buf[0] == '2') { | |
316 | 314 | if (strstr(buf, "STARTTLS") != NULL) { |
317 | 315 | hydra_send(sock, "STARTTLS\r\n", strlen("STARTTLS\r\n"), 0); |
318 | 316 | free(buf); |
322 | 320 | } else { |
323 | 321 | free(buf); |
324 | 322 | if ((hydra_connect_to_ssl(sock) == -1)) { |
325 | if (verbose) | |
323 | if (verbose) | |
326 | 324 | hydra_report(stderr, "[ERROR] Can't use TLS\n"); |
327 | 325 | disable_tls = 1; |
328 | 326 | run = 1; |
329 | 327 | break; |
330 | 328 | } else { |
331 | if (verbose) | |
329 | if (verbose) | |
332 | 330 | hydra_report(stderr, "[VERBOSE] TLS connection done\n"); |
333 | 331 | } |
334 | 332 | /* ask again capability request but in TLS mode */ |
335 | 333 | if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) |
336 | hydra_child_exit(2); | |
334 | hydra_child_exit(2); | |
337 | 335 | buf = smtp_read_server_capacity(sock); |
338 | 336 | if (buf == NULL) |
339 | hydra_child_exit(2); | |
337 | hydra_child_exit(2); | |
340 | 338 | } |
341 | 339 | } else |
342 | 340 | hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); |
343 | } else | |
341 | } else | |
344 | 342 | hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); |
345 | 343 | } |
346 | 344 | #endif |
436 | 434 | } |
437 | 435 | } |
438 | 436 | |
439 | int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
437 | int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
440 | 438 | // called before the childrens are forked off, so this is the function |
441 | 439 | // which should be filled if initial connections and service setup has to be |
442 | 440 | // performed once only. |
0 | 0 | #include "hydra-mod.h" |
1 | 1 | #ifdef LIBOPENSSL |
2 | #include <openssl/hmac.h> | |
3 | #include <openssl/md5.h> | |
4 | #include <openssl/sha.h> | |
5 | #include <openssl/des.h> | |
6 | #include <openssl/aes.h> | |
2 | #include <openssl/hmac.h> | |
3 | #include <openssl/md5.h> | |
4 | #include <openssl/sha.h> | |
5 | #include <openssl/des.h> | |
6 | #include <openssl/aes.h> | |
7 | 7 | #endif |
8 | 8 | |
9 | 9 | extern int hydra_data_ready_timed(int socket, long sec, long usec); |
15 | 15 | int snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0; |
16 | 16 | |
17 | 17 | char snmpv3_init[] = { 0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, |
18 | 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00, | |
19 | 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03, | |
20 | 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01, | |
21 | 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00, | |
22 | 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00, | |
23 | 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc, | |
24 | 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00 }; | |
18 | 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00, | |
19 | 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03, | |
20 | 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01, | |
21 | 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00, | |
22 | 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00, | |
23 | 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc, | |
24 | 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00 | |
25 | }; | |
25 | 26 | |
26 | 27 | char snmpv3_get1[] = { 0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, |
27 | 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00, | |
28 | 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03 }; | |
28 | 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00, | |
29 | 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03 | |
30 | }; | |
29 | 31 | |
30 | 32 | char snmpv3_get2[] = { 0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00, |
31 | 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82, | |
32 | 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f, | |
33 | 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01, | |
34 | 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b, | |
35 | 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05, | |
36 | 0x00 }; | |
33 | 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82, | |
34 | 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f, | |
35 | 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01, | |
36 | 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b, | |
37 | 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05, | |
38 | 0x00 | |
39 | }; | |
37 | 40 | |
38 | 41 | char snmpv3_nouser[] = { 0x04, 0x00, 0x04, 0x00, 0x04, 0x00 }; |
39 | 42 | |
48 | 51 | struct SNMPV1_A snmpv1_a = { |
49 | 52 | .ID = '\x30', |
50 | 53 | .len = '\x00', |
51 | .ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */ | |
54 | .ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */ | |
52 | 55 | .comid = '\x04', |
53 | 56 | .comlen = '\x00' |
54 | 57 | }; |
62 | 65 | char objectid[2]; |
63 | 66 | char object[11]; |
64 | 67 | char value[3]; |
65 | } | |
66 | snmpv1_r = { | |
67 | .type = "\xa0\x1b", /* GET */ | |
68 | .identid = "\x02\x04", | |
69 | .ident = "\x1a\x5e\x97\x00", /* random crap :) */ | |
70 | .errstat = "\x02\x01\x00", /* no error */ | |
71 | .errind = "\x02\x01\x00", /* error index 0 */ | |
72 | .objectid = "\x30\x0d", | |
73 | .object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */ | |
74 | .value = "\x05\x00" /* we just read, so value = 0 */ | |
68 | } snmpv1_r = { | |
69 | .type = "\xa0\x1b", /* GET */ | |
70 | .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x00", /* random crap :) */ | |
71 | .errstat = "\x02\x01\x00", /* no error */ | |
72 | .errind = "\x02\x01\x00", /* error index 0 */ | |
73 | .objectid = "\x30\x0d",.object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */ | |
74 | .value = "\x05\x00" /* we just read, so value = 0 */ | |
75 | 75 | }; |
76 | 76 | |
77 | 77 | struct SNMPV1_W { |
83 | 83 | char objectid[2]; |
84 | 84 | char object[12]; |
85 | 85 | char value[8]; |
86 | } snmpv1_w = { | |
87 | .type = "\xa3\x21", /* SET */ | |
88 | .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x22", /* random crap :) */ | |
89 | .errstat = "\x02\x01\x00", /* no error */ | |
90 | .errind = "\x02\x01\x00", /* error index 0 */ | |
91 | .objectid = "\x30\x13", /* string */ | |
92 | .object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",.value = "\x04\x05Hydra" /* writing hydra :-) */ | |
93 | }; | |
94 | ||
95 | #ifdef LIBOPENSSL | |
96 | void password_to_key_md5(u_char * password, /* IN */ | |
97 | u_int passwordlen, /* IN */ | |
98 | u_char * engineID, /* IN - pointer to snmpEngineID */ | |
99 | u_int engineLength, /* IN - length of snmpEngineID */ | |
100 | u_char * key) { /* OUT - pointer to caller 16-octet buffer */ | |
101 | MD5_CTX MD; | |
102 | u_char *cp, password_buf[80], *mypass = password, bpass[17]; | |
103 | u_long password_index = 0, count = 0, i, mylen, myelen = engineLength; | |
104 | ||
105 | if (strlen(password) > passwordlen) | |
106 | passwordlen = strlen(password); | |
107 | if (passwordlen > sizeof(bpass) - 1) | |
108 | passwordlen = sizeof(bpass) - 1; | |
109 | mylen = passwordlen; | |
110 | ||
111 | if (mylen < 8) { | |
112 | memset(bpass, 0, sizeof(bpass)); | |
113 | strcpy(bpass, password); | |
114 | while (mylen < 8) { | |
115 | strcat(bpass, password); | |
116 | mylen += passwordlen; | |
117 | } | |
118 | mypass = bpass; | |
119 | } | |
120 | if (myelen > 32) | |
121 | myelen = 32; | |
122 | ||
123 | MD5_Init(&MD); /* initialize MD5 */ | |
124 | /* Use while loop until we've done 1 Megabyte */ | |
125 | while (count < 1048576) { | |
126 | cp = password_buf; | |
127 | for (i = 0; i < 64; i++) { | |
128 | /* Take the next octet of the password, wrapping */ | |
129 | /* to the beginning of the password as necessary. */ | |
130 | *cp++ = mypass[password_index++ % mylen]; | |
131 | } | |
132 | MD5_Update(&MD, password_buf, 64); | |
133 | count += 64; | |
134 | } | |
135 | MD5_Final(key, &MD); /* tell MD5 we're done */ | |
136 | /* Now localize the key with the engineID and pass */ | |
137 | /* through MD5 to produce final key */ | |
138 | /* May want to ensure that engineLength <= 32, */ | |
139 | /* otherwise need to use a buffer larger than 64 */ | |
140 | memcpy(password_buf, key, 16); | |
141 | memcpy(password_buf + 16, engineID, myelen); | |
142 | memcpy(password_buf + 16 + myelen, key, 16); | |
143 | MD5_Init(&MD); | |
144 | MD5_Update(&MD, password_buf, 32 + myelen); | |
145 | MD5_Final(key, &MD); | |
146 | return; | |
86 | 147 | } |
87 | snmpv1_w = { | |
88 | .type = "\xa3\x21", /* SET */ | |
89 | .identid = "\x02\x04", | |
90 | .ident = "\x1a\x5e\x97\x22", /* random crap :) */ | |
91 | .errstat = "\x02\x01\x00", /* no error */ | |
92 | .errind = "\x02\x01\x00", /* error index 0 */ | |
93 | .objectid = "\x30\x13", /* string */ | |
94 | .object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00", | |
95 | .value = "\x04\x05Hydra" /* writing hydra :-) */ | |
96 | }; | |
97 | ||
98 | #ifdef LIBOPENSSL | |
99 | void password_to_key_md5( | |
100 | u_char *password, /* IN */ | |
101 | u_int passwordlen, /* IN */ | |
102 | u_char *engineID, /* IN - pointer to snmpEngineID */ | |
103 | u_int engineLength,/* IN - length of snmpEngineID */ | |
104 | u_char *key) /* OUT - pointer to caller 16-octet buffer */ | |
105 | { | |
106 | MD5_CTX MD; | |
107 | u_char *cp, password_buf[80], *mypass = password, bpass[17]; | |
108 | u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength; | |
109 | ||
110 | if (mylen < 8) { | |
111 | memset(bpass, 0, sizeof(bpass)); | |
112 | strcpy(bpass, password); | |
113 | while (mylen < 8) { | |
114 | strcat(bpass, password); | |
115 | mylen += passwordlen; | |
116 | } | |
117 | mypass = bpass; | |
118 | } | |
119 | if (myelen > 32) | |
120 | myelen = 32; | |
121 | ||
122 | MD5_Init(&MD); /* initialize MD5 */ | |
123 | /* Use while loop until we've done 1 Megabyte */ | |
124 | while (count < 1048576) { | |
125 | cp = password_buf; | |
126 | for (i = 0; i < 64; i++) { | |
127 | /* Take the next octet of the password, wrapping */ | |
128 | /* to the beginning of the password as necessary.*/ | |
129 | *cp++ = mypass[password_index++ % mylen]; | |
130 | } | |
131 | MD5_Update(&MD, password_buf, 64); | |
132 | count += 64; | |
133 | } | |
134 | MD5_Final(key, &MD); /* tell MD5 we're done */ | |
135 | /* Now localize the key with the engineID and pass */ | |
136 | /* through MD5 to produce final key */ | |
137 | /* May want to ensure that engineLength <= 32, */ | |
138 | /* otherwise need to use a buffer larger than 64 */ | |
139 | memcpy(password_buf, key, 16); | |
140 | memcpy(password_buf + 16, engineID, myelen); | |
141 | memcpy(password_buf + 16 + myelen, key, 16); | |
142 | MD5_Init(&MD); | |
143 | MD5_Update(&MD, password_buf, 32 + myelen); | |
144 | MD5_Final(key, &MD); | |
145 | return; | |
146 | } | |
147 | ||
148 | void password_to_key_sha( | |
149 | u_char *password, /* IN */ | |
150 | u_int passwordlen, /* IN */ | |
151 | u_char *engineID, /* IN - pointer to snmpEngineID */ | |
152 | u_int engineLength,/* IN - length of snmpEngineID */ | |
153 | u_char *key) /* OUT - pointer to caller 20-octet buffer */ | |
154 | { | |
155 | SHA_CTX SH; | |
156 | u_char *cp, password_buf[80], *mypass = password, bpass[17]; | |
157 | u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength; | |
158 | ||
159 | if (mylen < 8) { | |
160 | memset(bpass, 0, sizeof(bpass)); | |
161 | strcpy(bpass, password); | |
162 | while (mylen < 8) { | |
163 | strcat(bpass, password); | |
164 | mylen += passwordlen; | |
165 | } | |
166 | mypass = bpass; | |
167 | } | |
168 | ||
169 | if (myelen > 32) | |
170 | myelen = 32; | |
171 | ||
172 | SHA1_Init(&SH); /* initialize SHA */ | |
173 | /* Use while loop until we've done 1 Megabyte */ | |
174 | while (count < 1048576) { | |
175 | cp = password_buf; | |
176 | for (i = 0; i < 64; i++) { | |
177 | /* Take the next octet of the password, wrapping */ | |
178 | /* to the beginning of the password as necessary.*/ | |
179 | *cp++ = mypass[password_index++ % mylen]; | |
180 | } | |
181 | SHA1_Update(&SH, password_buf, 64); | |
182 | count += 64; | |
183 | } | |
184 | SHA1_Final(key, &SH); /* tell SHA we're done */ | |
185 | /* Now localize the key with the engineID and pass */ | |
186 | /* through SHA to produce final key */ | |
187 | /* May want to ensure that engineLength <= 32, */ | |
188 | /* otherwise need to use a buffer larger than 72 */ | |
189 | memcpy(password_buf, key, 20); | |
190 | memcpy(password_buf + 20, engineID, myelen); | |
191 | memcpy(password_buf + 20 + myelen, key, 20); | |
192 | SHA1_Init(&SH); | |
193 | SHA1_Update(&SH, password_buf, 40 + myelen); | |
194 | SHA1_Final(key, &SH); | |
195 | return; | |
148 | ||
149 | void password_to_key_sha(u_char * password, /* IN */ | |
150 | u_int passwordlen, /* IN */ | |
151 | u_char * engineID, /* IN - pointer to snmpEngineID */ | |
152 | u_int engineLength, /* IN - length of snmpEngineID */ | |
153 | u_char * key) { /* OUT - pointer to caller 20-octet buffer */ | |
154 | SHA_CTX SH; | |
155 | u_char *cp, password_buf[80], *mypass = password, bpass[17]; | |
156 | u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength; | |
157 | ||
158 | if (mylen < 8) { | |
159 | memset(bpass, 0, sizeof(bpass)); | |
160 | strcpy(bpass, password); | |
161 | while (mylen < 8) { | |
162 | strcat(bpass, password); | |
163 | mylen += passwordlen; | |
164 | } | |
165 | mypass = bpass; | |
166 | } | |
167 | ||
168 | if (myelen > 32) | |
169 | myelen = 32; | |
170 | ||
171 | SHA1_Init(&SH); /* initialize SHA */ | |
172 | /* Use while loop until we've done 1 Megabyte */ | |
173 | while (count < 1048576) { | |
174 | cp = password_buf; | |
175 | for (i = 0; i < 64; i++) { | |
176 | /* Take the next octet of the password, wrapping */ | |
177 | /* to the beginning of the password as necessary. */ | |
178 | *cp++ = mypass[password_index++ % mylen]; | |
179 | } | |
180 | SHA1_Update(&SH, password_buf, 64); | |
181 | count += 64; | |
182 | } | |
183 | SHA1_Final(key, &SH); /* tell SHA we're done */ | |
184 | /* Now localize the key with the engineID and pass */ | |
185 | /* through SHA to produce final key */ | |
186 | /* May want to ensure that engineLength <= 32, */ | |
187 | /* otherwise need to use a buffer larger than 72 */ | |
188 | memcpy(password_buf, key, 20); | |
189 | memcpy(password_buf + 20, engineID, myelen); | |
190 | memcpy(password_buf + 20 + myelen, key, 20); | |
191 | SHA1_Init(&SH); | |
192 | SHA1_Update(&SH, password_buf, 40 + myelen); | |
193 | SHA1_Final(key, &SH); | |
194 | return; | |
196 | 195 | } |
197 | 196 | #endif |
198 | 197 | |
199 | 198 | int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { |
200 | char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256], salt[8]; | |
199 | char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256] = "", salt[8] = ""; | |
201 | 200 | int i, j, k, size, off = 0, off2 = 0, done = 0; |
202 | 201 | unsigned char initVect[8], privacy_params[8]; |
203 | 202 | int engine_boots = 0; |
203 | ||
204 | 204 | #ifdef LIBOPENSSL |
205 | DES_key_schedule symcbc; | |
205 | DES_key_schedule symcbc; | |
206 | 206 | #endif |
207 | 207 | |
208 | 208 | if (strlen(login = hydra_get_next_login()) == 0) |
237 | 237 | memcpy(buffer + i, &snmpv1_w, size); |
238 | 238 | i += sizeof(snmpv1_w); |
239 | 239 | } |
240 | } else { // snmpv3 | |
240 | } else { // snmpv3 | |
241 | 241 | if (enctype == 0) { |
242 | 242 | memcpy(buffer, snmpv3_get1, sizeof(snmpv3_get1)); |
243 | 243 | i = sizeof(snmpv3_get1); |
281 | 281 | buffer[i] = 0x04; |
282 | 282 | buffer[i + 1] = strlen(login); |
283 | 283 | memcpy(buffer + i + 2, login, strlen(login)); |
284 | i += 2 + strlen(login); | |
284 | i += 2 + strlen(login); | |
285 | 285 | |
286 | 286 | buffer[i] = 0x04; |
287 | 287 | if (hashtype > 0) { |
300 | 300 | i += 2; |
301 | 301 | } else { |
302 | 302 | buffer[i + 1] = 8; |
303 | memcpy(buffer + i + 2, salt, 8); // uninitialized and we dont care | |
303 | memcpy(buffer + i + 2, salt, 8); // uninitialized and we dont care | |
304 | 304 | i += 10; |
305 | 305 | } |
306 | 306 | |
315 | 315 | |
316 | 316 | /* |
317 | 317 | //PrivDES::encrypt(const unsigned char *key, |
318 | // const unsigned int /*key_len*///, | |
318 | // const unsigned int /*key_len*///, | |
319 | 319 | // const unsigned char *buffer, |
320 | 320 | // const unsigned int buffer_len, |
321 | 321 | // unsigned char *out_buffer, |
325 | 325 | // const unsigned long engine_boots, |
326 | 326 | // const unsigned long /*engine_time*/) |
327 | 327 | // last 8 bytes of key are used as base for initialization vector */ |
328 | k = 0; | |
329 | memcpy((char*)initVect, key + 8, 8); | |
330 | // put salt in privacy_params | |
331 | j = htonl(engine_boots); | |
332 | memcpy(privacy_params, (char*) &j, 4); | |
333 | memcpy(privacy_params + 4, salt, 4); // ??? correct? | |
334 | // xor initVect with salt | |
335 | for (i = 0; i < 8; i++) | |
336 | initVect[i] ^= privacy_params[i]; | |
337 | des_key_sched((C_Block*)key, symcbc); | |
338 | des_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, symcbc, (C_Block*)(initVect), DES_ENCRYPT); | |
328 | k = 0; | |
329 | memcpy((char *) initVect, key + 8, 8); | |
330 | // put salt in privacy_params | |
331 | j = htonl(engine_boots); | |
332 | memcpy(privacy_params, (char *) &j, 4); | |
333 | memcpy(privacy_params + 4, salt, 4); // ??? correct? | |
334 | // xor initVect with salt | |
335 | for (i = 0; i < 8; i++) | |
336 | initVect[i] ^= privacy_params[i]; | |
337 | des_key_sched((C_Block *) key, symcbc); | |
338 | des_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, symcbc, (C_Block *) (initVect), DES_ENCRYPT); | |
339 | 339 | |
340 | 340 | #endif |
341 | 341 | |
359 | 359 | k = ((sizeof(snmpv3_get2) - 2) / 8); |
360 | 360 | if ((sizeof(snmpv3_get2) - 2) % 8 != 0) |
361 | 361 | k++; |
362 | memcpy(buffer + i + 2, buf, k*8); | |
362 | memcpy(buffer + i + 2, buf, k * 8); | |
363 | 363 | i += k * 8 + 2; |
364 | 364 | } |
365 | 365 | |
366 | i++; // just to conform with the snmpv1/2 code | |
366 | i++; // just to conform with the snmpv1/2 code | |
367 | 367 | #ifdef LIBOPENSSL |
368 | 368 | if (hashtype == 1) { |
369 | HMAC((EVP_MD *)EVP_md5(), key, 16, buffer, i - 1, hash, NULL); | |
369 | HMAC((EVP_MD *) EVP_md5(), key, 16, buffer, i - 1, hash, NULL); | |
370 | 370 | memcpy(buffer + off, hash, 12); |
371 | 371 | } else if (hashtype == 2) { |
372 | HMAC((EVP_MD *)EVP_sha1(), key, 20, buffer, i - 1, hash, NULL); | |
372 | HMAC((EVP_MD *) EVP_sha1(), key, 20, buffer, i - 1, hash, NULL); | |
373 | 373 | memcpy(buffer + off, hash, 12); |
374 | 374 | } |
375 | 375 | #endif |
388 | 388 | if (snmpversion < 3) { |
389 | 389 | /* stolen from ADMsnmp... :P */ |
390 | 390 | for (j = 0; j < i; j++) { |
391 | if (buf[j] == '\x04') { /* community name */ | |
391 | if (buf[j] == '\x04') { /* community name */ | |
392 | 392 | for (j = j + buf[j + 1]; j + 2 < i; j++) { |
393 | if (buf[j] == '\xa2') { /* PDU Response */ | |
393 | if (buf[j] == '\xa2') { /* PDU Response */ | |
394 | 394 | for (; j + 2 < i; j++) { |
395 | if (buf[j] == '\x02') { /* ID */ | |
395 | if (buf[j] == '\x02') { /* ID */ | |
396 | 396 | for (j = j + (buf[j + 1]); j + 2 < i; j++) { |
397 | 397 | if (buf[j] == '\x02') { |
398 | if (buf[j + 1] == '\x01') { /* good ! */ | |
398 | if (buf[j + 1] == '\x01') { /* good ! */ | |
399 | 399 | hydra_report_found_host(port, ip, "snmp", fp); |
400 | 400 | hydra_completed_pair_found(); |
401 | 401 | if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) |
410 | 410 | } |
411 | 411 | } |
412 | 412 | } |
413 | } else { // snmpv3 reply | |
413 | } else { // snmpv3 reply | |
414 | 414 | off = 0; |
415 | 415 | if (buf[0] == 0x30) { |
416 | 416 | if (buf[4] == 0x03 && buf[5] == 0x30) |
423 | 423 | if (off == 0) |
424 | 424 | return 3; |
425 | 425 | |
426 | if (debug) printf("[DEBUG] buf[%d + 15] %d\n", off, buf[off + 15]); | |
426 | if (debug) | |
427 | printf("[DEBUG] buf[%d + 15] %d\n", off, buf[off + 15]); | |
427 | 428 | k = 3 + off + buf[2 + off]; |
428 | 429 | if ((j = hydra_memsearch(buf + k, buf[k + 3], snmpv3_nouser, sizeof(snmpv3_nouser))) < 0) |
429 | 430 | if ((j = hydra_memsearch(buf + k, buf[k + 3], login, strlen(login))) >= 0) { |
438 | 439 | i = sizeof(snmpv3info); |
439 | 440 | memcpy(snmpv3info, buf + k, i); |
440 | 441 | snmpv3infolen = j; |
441 | if (debug) hydra_dump_asciihex(snmpv3info, snmpv3infolen); | |
442 | } | |
442 | if (debug) | |
443 | hydra_dump_asciihex(snmpv3info, snmpv3infolen); | |
444 | } | |
443 | 445 | |
444 | 446 | if ((buf[off + 15] & 1) == 1) { |
445 | 447 | if (hashtype == 0) |
450 | 452 | if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) |
451 | 453 | return 3; |
452 | 454 | return 1; |
453 | } else | |
454 | if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, sizeof(snmpv3_nouser)) >= 0) { // user does not exist | |
455 | if (debug) printf("[DEBUG] server reply indicates login %s does not\n", login); | |
456 | hydra_completed_pair_skip(); | |
457 | if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) | |
458 | return 3; | |
459 | return 1; | |
460 | } | |
455 | } else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, sizeof(snmpv3_nouser)) >= 0) { // user does not exist | |
456 | if (debug) | |
457 | printf("[DEBUG] server reply indicates login %s does not\n", login); | |
458 | hydra_completed_pair_skip(); | |
459 | if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) | |
460 | return 3; | |
461 | return 1; | |
462 | } | |
461 | 463 | } |
462 | 464 | } |
463 | 465 | |
510 | 512 | sock = hydra_connect_udp(ip, myport); |
511 | 513 | port = myport; |
512 | 514 | |
513 | if (debug) printf("[DEBUG] snmpv%d, isread %d, hashtype %d, enctype %d\n", snmpversion, snmpread, hashtype, enctype); | |
515 | if (debug) | |
516 | printf("[DEBUG] snmpv%d, isread %d, hashtype %d, enctype %d\n", snmpversion, snmpread, hashtype, enctype); | |
514 | 517 | |
515 | 518 | hydra_register_socket(sp); |
516 | 519 | |
525 | 528 | hydra_send(sock, snmpv3_init, sizeof(snmpv3_init), 0); |
526 | 529 | if (hydra_data_ready_timed(sock, 5, 0) > 0) { |
527 | 530 | if ((i = hydra_recv(sock, (char *) snmpv3buf, sizeof(snmpv3buf))) > 30) { |
528 | if (snmpv3buf[4] == 3 && snmpv3buf[5] == 0x30); { | |
531 | if (snmpv3buf[4] == 3 && snmpv3buf[5] == 0x30) { | |
529 | 532 | snmpv3info = snmpv3buf + 7 + snmpv3buf[6]; |
530 | 533 | snmpv3infolen = snmpv3info[3] + 4; |
531 | while (snmpv3info[snmpv3infolen - 2] == 4 && snmpv3info[snmpv3infolen - 1] == 0) | |
532 | snmpv3infolen -= 2; | |
533 | if (debug) hydra_dump_asciihex(snmpv3info, snmpv3infolen); | |
534 | if (snmpv3info[10] == 3 && child_head_no == 0) | |
535 | printf("[INFO] Remote device MAC address is %02x:%02x:%02x:%02x:%02x:%02x\n", (unsigned char)snmpv3info[12], (unsigned char)snmpv3info[13], (unsigned char)snmpv3info[14], (unsigned char)snmpv3info[15], (unsigned char)snmpv3info[16], (unsigned char)snmpv3info[12]); | |
534 | if (snmpv3info + snmpv3infolen <= snmpv3buf + sizeof(snmpv3buf)) { | |
535 | while (snmpv3info[snmpv3infolen - 2] == 4 && snmpv3info[snmpv3infolen - 1] == 0 && snmpv3infolen > 1) | |
536 | snmpv3infolen -= 2; | |
537 | if (debug) | |
538 | hydra_dump_asciihex(snmpv3info, snmpv3infolen); | |
539 | if (snmpv3info[10] == 3 && child_head_no == 0) | |
540 | printf("[INFO] Remote device MAC address is %02x:%02x:%02x:%02x:%02x:%02x\n", (unsigned char) snmpv3info[12], (unsigned char) snmpv3info[13], | |
541 | (unsigned char) snmpv3info[14], (unsigned char) snmpv3info[15], (unsigned char) snmpv3info[16], (unsigned char) snmpv3info[12]); | |
542 | } | |
536 | 543 | } |
537 | 544 | } |
538 | 545 | } |
542 | 549 | hydra_report(stderr, "No valid reply from snmp server, exiting!\n"); |
543 | 550 | hydra_child_exit(2); |
544 | 551 | } |
545 | } | |
552 | } | |
546 | 553 | |
547 | 554 | if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) |
548 | 555 | run = 3; |
565 | 572 | } |
566 | 573 | } |
567 | 574 | |
568 | int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
575 | int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
569 | 576 | // called before the childrens are forked off, so this is the function |
570 | 577 | // which should be filled if initial connections and service setup has to be |
571 | 578 | // performed once only. |
164 | 164 | } |
165 | 165 | } |
166 | 166 | |
167 | int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
167 | int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
168 | 168 | // called before the childrens are forked off, so this is the function |
169 | 169 | // which should be filled if initial connections and service setup has to be |
170 | 170 | // performed once only. |
0 | ||
1 | 0 | /* |
2 | 1 | |
3 | 2 | libssh is available at http://www.libssh.org |
4 | current version is 0.4.8 | |
5 | 3 | If you want support for ssh v1 protocol, you |
6 | 4 | have to add option -DWITH_SSH1=On in the cmake |
7 | 5 | |
128 | 126 | ssh_disconnect(session); |
129 | 127 | ssh_finalize(); |
130 | 128 | ssh_free(session); |
131 | fprintf(stderr, "[ERROR] ssh protocol error\n"); | |
129 | if (verbose) | |
130 | fprintf(stderr, "[ERROR] ssh protocol error\n"); | |
132 | 131 | hydra_child_exit(2); |
133 | 132 | case 4: |
134 | 133 | ssh_disconnect(session); |
151 | 150 | #endif |
152 | 151 | #endif |
153 | 152 | |
154 | int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
153 | int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
155 | 154 | // called before the childrens are forked off, so this is the function |
156 | 155 | // which should be filled if initial connections and service setup has to be |
157 | 156 | // performed once only. |
160 | 159 | // |
161 | 160 | // return codes: |
162 | 161 | // 0 all OK |
163 | // -1 error, hydra will exit, so print a good error message here | |
162 | // 1 skip target without generating an error | |
163 | // 2 skip target because of protocol problems | |
164 | // 3 skip target because its unreachable | |
165 | #ifdef LIBSSH | |
166 | int rc, method; | |
167 | ssh_session session = ssh_new(); | |
168 | ||
169 | if (verbose || debug) | |
170 | printf("[INFO] Testing if password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port); | |
171 | ssh_options_set(session, SSH_OPTIONS_PORT, &port); | |
172 | ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); | |
173 | ssh_options_set(session, SSH_OPTIONS_USER, "root"); | |
174 | ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); | |
175 | ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); | |
176 | if (ssh_connect(session) != 0) { | |
177 | fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d\n", hydra_address2string(ip), port); | |
178 | return 2; | |
179 | } | |
180 | rc = ssh_userauth_none(session, NULL); | |
181 | method = ssh_userauth_list(session, NULL); | |
182 | ssh_disconnect(session); | |
183 | ssh_finalize(); | |
184 | ssh_free(session); | |
164 | 185 | |
186 | if ((method & SSH_AUTH_METHOD_INTERACTIVE) || (method & SSH_AUTH_METHOD_PASSWORD)) { | |
187 | if (verbose || debug) | |
188 | printf("[INFO] Successful, password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port); | |
189 | return 0; | |
190 | } | |
191 | ||
192 | fprintf(stderr, "[ERROR] target ssh://%s:%d/ does not support password authentication.\n", hydra_address2string(ip), port); | |
193 | return 1; | |
194 | #else | |
165 | 195 | return 0; |
196 | #endif | |
166 | 197 | } |
0 | ||
0 | 1 | /* |
1 | 2 | libssh is available at http://www.libssh.org |
2 | 3 | current version is 0.4.8 |
149 | 150 | #endif |
150 | 151 | #endif |
151 | 152 | |
152 | int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
153 | int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
153 | 154 | // called before the childrens are forked off, so this is the function |
154 | 155 | // which should be filled if initial connections and service setup has to be |
155 | 156 | // performed once only. |
26 | 26 | |
27 | 27 | #define DEFAULT_BRANCH "trunk" |
28 | 28 | |
29 | static svn_error_t * print_dirdummy(void *baton, const char *path, const svn_dirent_t *dirent, const svn_lock_t *lock, const char *abs_path, apr_pool_t *pool) { | |
29 | static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t * dirent, const svn_lock_t * lock, const char *abs_path, apr_pool_t * pool) { | |
30 | 30 | return SVN_NO_ERROR; |
31 | 31 | } |
32 | 32 | |
90 | 90 | |
91 | 91 | providers = apr_array_make(pool, 1, sizeof(svn_auth_provider_object_t *)); |
92 | 92 | |
93 | svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */ | |
94 | 0, pool); | |
93 | svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */ | |
94 | 0, pool); | |
95 | 95 | APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; |
96 | 96 | |
97 | 97 | /* Register the auth-providers into the context's auth_baton. */ |
103 | 103 | else |
104 | 104 | snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string(ip), port, URLBRANCH); |
105 | 105 | dirents = SVN_DIRENT_KIND; |
106 | err = svn_client_list2 (URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool); | |
106 | err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool); | |
107 | 107 | |
108 | 108 | svn_pool_clear(pool); |
109 | 109 | svn_pool_destroy(pool); |
190 | 190 | |
191 | 191 | #endif |
192 | 192 | |
193 | int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
193 | int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
194 | 194 | // called before the childrens are forked off, so this is the function |
195 | 195 | // which should be filled if initial connections and service setup has to be |
196 | 196 | // performed once only. |
125 | 125 | } |
126 | 126 | } |
127 | 127 | |
128 | int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
128 | int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
129 | 129 | // called before the childrens are forked off, so this is the function |
130 | 130 | // which should be filled if initial connections and service setup has to be |
131 | 131 | // performed once only. |
131 | 131 | hydra_child_exit(1); |
132 | 132 | } |
133 | 133 | if ((buf = hydra_receive_line(sock)) == NULL) { /* check the first line */ |
134 | hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown: %s\n", buf); | |
134 | hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown\n"); | |
135 | 135 | hydra_child_exit(2); |
136 | 136 | // hydra_child_exit(2); |
137 | 137 | } |
139 | 139 | hydra_send(sock, "\r\n", 2, 0); |
140 | 140 | free(buf); |
141 | 141 | if ((buf = hydra_receive_line(sock)) == NULL) { |
142 | hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown: %s\n", buf); | |
142 | hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown\n"); | |
143 | 143 | hydra_child_exit(2); |
144 | 144 | } |
145 | 145 | } |
203 | 203 | } |
204 | 204 | } |
205 | 205 | |
206 | int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
206 | int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
207 | 207 | // called before the childrens are forked off, so this is the function |
208 | 208 | // which should be filled if initial connections and service setup has to be |
209 | 209 | // performed once only. |
86 | 86 | if (port != 0) |
87 | 87 | mysslport = port; |
88 | 88 | sock = hydra_connect_ssl(ip, mysslport); |
89 | port = myport; | |
89 | port = mysslport; | |
90 | 90 | } |
91 | 91 | |
92 | 92 | if (sock < 0) { |
102 | 102 | |
103 | 103 | if (buf == NULL || strstr(buf, "220 VMware Authentication Daemon Version ") == NULL) { |
104 | 104 | /* check the first line */ |
105 | if (verbose || debug) hydra_report(stderr, "[ERROR] Not an vmware authd protocol or service shutdown: %s\n", buf); | |
105 | if (verbose || debug) | |
106 | hydra_report(stderr, "[ERROR] Not an vmware authd protocol or service shutdown: %s\n", buf); | |
106 | 107 | hydra_child_exit(2); |
107 | 108 | } |
108 | 109 | if ((strstr(buf, "Version 1.00") == NULL) && (strstr(buf, "Version 1.10") == NULL)) { |
140 | 141 | } |
141 | 142 | } |
142 | 143 | |
143 | int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
144 | int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
144 | 145 | // called before the childrens are forked off, so this is the function |
145 | 146 | // which should be filled if initial connections and service setup has to be |
146 | 147 | // performed once only. |
57 | 57 | int i; |
58 | 58 | |
59 | 59 | //fprintf(stderr,"number of security types supported: %d\n", buf2[0]); |
60 | if (buf2[0] == 0) { | |
60 | if (buf2[0] == 0 || buf2[0] > CHALLENGESIZE + 4) { | |
61 | 61 | hydra_report(stderr, "[ERROR] VNC server connection failed\n"); |
62 | 62 | hydra_child_exit(0); |
63 | 63 | } |
228 | 228 | } |
229 | 229 | } |
230 | 230 | |
231 | int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
231 | int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
232 | 232 | // called before the childrens are forked off, so this is the function |
233 | 233 | // which should be filled if initial connections and service setup has to be |
234 | 234 | // performed once only. |
0 | #!/bin/sh | |
1 | # | |
2 | # based on a script by Shivang Desai <shivang.ice.2010@gmail.com> | |
3 | # | |
4 | echo | |
5 | echo "Welcome to the Hydra Wizard" | |
6 | echo | |
7 | read -p "Enter the service to attack (eg: ftp, ssh, http-post-form): " service | |
8 | test -z "$service" && { echo Error: service may not be empty ; exit 1 ; } | |
9 | read -p "Enter the the target to attack (or filename with targets): " target | |
10 | test -z "$target" && { echo Error: target may not be empty ; exit 1 ; } | |
11 | read -p "Enter a username to test or a filename: " user | |
12 | test -z "$user" && { echo Error: user may not be empty ; exit 1 ; } | |
13 | read -p "Enter a password to test or a filename: " pass | |
14 | test -z "$pass" && { echo Error: pass may not be empty ; exit 1 ; } | |
15 | read -p "If you want to test for passwords (s)ame as login, (n)ull or (r)everse login, enter these letters without spaces (e.g. \"sr\") or leave empty otherwise: " pw | |
16 | read -p "Port number (press enter for default): " port | |
17 | echo | |
18 | echo The following options are supported by the service module: | |
19 | hydra -U $service | |
20 | echo | |
21 | read -p "If you want to add module options, enter them here (or leave empty): " opt | |
22 | echo | |
23 | ||
24 | ports="" | |
25 | pws="" | |
26 | opts="" | |
27 | test -e "$target" && targets="-M $target" | |
28 | test -e "$target" || targets="$target" | |
29 | test -e "$user" && users="-L $user" | |
30 | test -e "$user" || users="-l $user" | |
31 | test -e "$pass" && passs="-P $pass" | |
32 | test -e "$pass" || passs="-p $pass" | |
33 | test -n "$port" && ports="-s $port" | |
34 | test -n "$pw" && pws="-e $pw" | |
35 | test -n "$opt" && opts="-m '$opt'" | |
36 | ||
37 | echo The following command will be executed now: | |
38 | echo " hydra $users $passs -u $pws $ports $opts $targets $service" | |
39 | echo | |
40 | read -p "Do you want to run the command now? [Y/n] " yn | |
41 | test "$yn" = "n" -o "$yn" = "N" && { echo Exiting. ; exit 0 ; } | |
42 | echo | |
43 | hydra $users $passs -u $pws $ports $opts $targets $service |
3 | 3 | /* david: ref http://xmpp.org/rfcs/rfc3920.html */ |
4 | 4 | |
5 | 5 | extern char *HYDRA_EXIT; |
6 | char *buf; | |
7 | 6 | static char *domain = NULL; |
8 | 7 | |
9 | 8 | int xmpp_auth_mechanism = AUTH_ERROR; |
21 | 20 | char *CHALLENGE_END_STR = "</challenge>"; |
22 | 21 | char *RESPONSE_STR = "<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>"; |
23 | 22 | char *RESPONSE_END_STR = "</response>"; |
23 | char *fooptr, *buf; | |
24 | 24 | |
25 | 25 | if (strlen(login = hydra_get_next_login()) == 0) |
26 | 26 | login = empty; |
47 | 47 | |
48 | 48 | hydra_send(s, buffer, strlen(buffer), 0); |
49 | 49 | usleep(300000); |
50 | buf = hydra_receive_line(s); | |
51 | ||
52 | if (verbose) | |
50 | if ((buf = hydra_receive_line(s)) == NULL) | |
51 | return 3; | |
52 | ||
53 | if (debug) | |
53 | 54 | hydra_report(stderr, "DEBUG S: %s\n", buf); |
54 | 55 | |
55 | if ((strstr(buf, CHALLENGE_STR) != NULL)||(strstr(buf, CHALLENGE_STR2) != NULL)) { | |
56 | if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { | |
56 | 57 | /* |
57 | 58 | the challenge string is sent depending of the |
58 | 59 | auth chosen it's the case for login auth |
59 | 60 | */ |
60 | 61 | |
61 | 62 | char *ptr = strstr(buf, CHALLENGE_STR); |
63 | ||
62 | 64 | if (!ptr) |
63 | 65 | ptr = strstr(buf, CHALLENGE_STR2); |
64 | 66 | char *ptr_end = strstr(ptr, CHALLENGE_END_STR); |
69 | 71 | buffer2[chglen] = '\0'; |
70 | 72 | memset(buffer, 0, sizeof(buffer)); |
71 | 73 | from64tobits((char *) buffer, buffer2); |
72 | if (verbose) | |
74 | if (debug) | |
73 | 75 | hydra_report(stderr, "DEBUG S: %s\n", buffer); |
74 | 76 | } |
75 | 77 | |
81 | 83 | |
82 | 84 | hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); |
83 | 85 | sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); |
84 | if (verbose) | |
86 | if (debug) | |
85 | 87 | hydra_report(stderr, "DEBUG C: %s\n", buffer); |
86 | 88 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { |
87 | 89 | free(buf); |
91 | 93 | if (buf == NULL) |
92 | 94 | return 1; |
93 | 95 | /* server now would ask for the password */ |
94 | if ((strstr(buf, CHALLENGE_STR) != NULL)||(strstr(buf, CHALLENGE_STR2) != NULL)) { | |
96 | if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { | |
95 | 97 | char *ptr = strstr(buf, CHALLENGE_STR); |
96 | 98 | if (!ptr) |
97 | 99 | ptr = strstr(buf, CHALLENGE_STR2); |
114 | 116 | free(buf); |
115 | 117 | return 1; |
116 | 118 | } |
117 | free(buf); | |
118 | 119 | } |
119 | 120 | } |
120 | 121 | } |
124 | 125 | memset(buffer2, 0, sizeof(buffer)); |
125 | 126 | sasl_plain(buffer2, login, pass); |
126 | 127 | sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); |
127 | if (verbose) | |
128 | if (debug) | |
128 | 129 | hydra_report(stderr, "DEBUG C: %s\n", buffer); |
129 | 130 | |
130 | 131 | } |
138 | 139 | |
139 | 140 | rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); |
140 | 141 | if (rc) { |
142 | free(buf); | |
141 | 143 | return 3; |
142 | 144 | } |
143 | 145 | |
144 | 146 | sprintf(buffer, "%.200s %.250s", preplogin, buffer2); |
145 | if (verbose) | |
147 | if (debug) | |
146 | 148 | hydra_report(stderr, "DEBUG C: %s\n", buffer); |
147 | 149 | hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); |
148 | 150 | sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR); |
153 | 155 | break; |
154 | 156 | case AUTH_DIGESTMD5:{ |
155 | 157 | memset(buffer2, 0, sizeof(buffer2)); |
156 | sasl_digest_md5(buffer2, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); | |
157 | if (buffer2 == NULL) | |
158 | fooptr = buffer2; | |
159 | sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); | |
160 | if (fooptr == NULL) { | |
161 | free(buf); | |
158 | 162 | return 3; |
159 | if (verbose) | |
163 | } | |
164 | if (debug) | |
160 | 165 | hydra_report(stderr, "DEBUG C: %s\n", buffer2); |
161 | 166 | hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); |
162 | 167 | snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); |
169 | 174 | int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); |
170 | 175 | |
171 | 176 | if (rc) { |
177 | free(buf); | |
172 | 178 | return 3; |
173 | 179 | } |
174 | 180 | |
178 | 184 | hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); |
179 | 185 | snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); |
180 | 186 | |
187 | free(buf); | |
181 | 188 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { |
182 | 189 | return 1; |
183 | 190 | } |
185 | 192 | if (buf == NULL) |
186 | 193 | return 1; |
187 | 194 | |
188 | if ((strstr(buf, CHALLENGE_STR) != NULL)||(strstr(buf, CHALLENGE_STR2) != NULL)) { | |
195 | if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { | |
189 | 196 | char serverfirstmessage[200]; |
190 | 197 | char *ptr = strstr(buf, CHALLENGE_STR); |
198 | ||
191 | 199 | if (!ptr) |
192 | 200 | ptr = strstr(buf, CHALLENGE_STR2); |
193 | 201 | char *ptr_end = strstr(ptr, CHALLENGE_END_STR); |
209 | 217 | serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; |
210 | 218 | |
211 | 219 | memset(buffer2, 0, sizeof(buffer2)); |
212 | sasl_scram_sha1(buffer2, pass, clientfirstmessagebare, serverfirstmessage); | |
213 | if (buffer2 == NULL) { | |
220 | fooptr = buffer2; | |
221 | sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); | |
222 | if (fooptr == NULL) { | |
214 | 223 | hydra_report(stderr, "[ERROR] Can't compute client response\n"); |
215 | 224 | free(buf); |
216 | 225 | return 1; |
218 | 227 | hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); |
219 | 228 | snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); |
220 | 229 | } else { |
221 | if (verbose || debug) hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); | |
230 | if (verbose || debug) | |
231 | hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); | |
222 | 232 | free(buf); |
223 | 233 | return 1; |
224 | 234 | } |
225 | free(buf); | |
226 | 235 | } |
227 | 236 | break; |
228 | 237 | #endif |
238 | ptr = 0; | |
229 | 239 | } |
230 | 240 | |
241 | free(buf); | |
231 | 242 | if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { |
232 | 243 | return 1; |
233 | 244 | } |
261 | 272 | if (strstr(buf, "<failure")) { |
262 | 273 | hydra_report(stderr, "[ERROR] Protocol failure, try using another auth method. %s\n", strstr(buf, "<failure")); |
263 | 274 | } |
275 | free(buf); | |
264 | 276 | return 3; |
265 | 277 | } |
266 | 278 | |
267 | 279 | void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { |
268 | 280 | int run = 1, next_run = 1, sock = -1, tls = 0; |
269 | char buffer[500]; | |
281 | char buffer[500], *buf = NULL; | |
270 | 282 | int myport = PORT_XMPP, mysslport = PORT_XMPP_SSL, disable_tls = 0; |
271 | 283 | char *enddomain = NULL; |
272 | 284 | |
275 | 287 | //so for o.nimbuzz.com will get nimbuzz.com |
276 | 288 | //and hermes.jabber.org will get jabber.org |
277 | 289 | |
278 | domain=strchr(target, '.'); | |
290 | domain = strchr(target, '.'); | |
279 | 291 | if (!domain) { |
280 | 292 | hydra_report(stderr, "[ERROR] can't extract the domain name, you have to specify a fqdn xmpp server, the domain name will be used in the jabber init request\n"); |
281 | 293 | hydra_child_exit(1); |
284 | 296 | enddomain = strrchr(target, '.'); |
285 | 297 | //check if target is not already a domain name aka only . char in the string |
286 | 298 | if (enddomain && (enddomain == domain)) { |
287 | domain=target; | |
299 | domain = target; | |
288 | 300 | } else { |
289 | 301 | //moving to pass the . char |
290 | 302 | domain = domain + 1; |
327 | 339 | hydra_child_exit(1); |
328 | 340 | |
329 | 341 | if (strstr(buf, "<stream:stream") == NULL) { |
330 | if (verbose || debug) hydra_report(stderr, "[ERROR] Not an xmpp protocol or service shutdown: %s\n", buf); | |
342 | if (verbose || debug) | |
343 | hydra_report(stderr, "[ERROR] Not an xmpp protocol or service shutdown: %s\n", buf); | |
331 | 344 | free(buf); |
332 | 345 | hydra_child_exit(1); |
333 | 346 | } |
414 | 427 | hydra_report(stderr, "[VERBOSE] using XMPP DIGEST-MD5 AUTH mechanism\n"); |
415 | 428 | break; |
416 | 429 | #endif |
417 | } | |
430 | } | |
418 | 431 | } |
419 | 432 | #ifdef LIBOPENSSL |
420 | 433 | //check if tls is not wanted and if tls is available |
473 | 486 | } |
474 | 487 | } |
475 | 488 | |
476 | int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { | |
489 | int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { | |
477 | 490 | // called before the childrens are forked off, so this is the function |
478 | 491 | // which should be filled if initial connections and service setup has to be |
479 | 492 | // performed once only. |
0 | 0 | /* |
1 | * hydra (c) 2001-2013 by van Hauser / THC <vh@thc.org> | |
1 | * hydra (c) 2001-2014 by van Hauser / THC <vh@thc.org> | |
2 | 2 | * http://www.thc.org |
3 | 3 | * |
4 | * Parallized network login hacker. Usage only allowed for legal purposes. | |
4 | * Parallized network login hacker. | |
5 | * Don't use in military or secret service organizations, or for illegal purposes. | |
5 | 6 | * |
6 | 7 | * License: GNU AFFERO GENERAL PUBLIC LICENSE v3.0, see LICENSE file |
7 | 8 | */ |
9 | 10 | #include "hydra.h" |
10 | 11 | #include "bfg.h" |
11 | 12 | |
12 | extern void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
13 | extern void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
14 | extern void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
15 | extern void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
16 | extern void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
17 | extern void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
18 | extern void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
19 | extern void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
20 | extern void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
21 | extern void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
22 | extern void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
23 | extern void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
24 | extern void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
25 | extern void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
26 | extern void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
27 | extern void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
28 | extern void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
29 | extern void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
30 | extern void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
31 | extern void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
32 | extern void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
33 | extern void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
34 | extern void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
35 | extern void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
36 | extern void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
37 | extern void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
38 | extern void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
39 | extern void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
40 | extern void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
41 | extern void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
42 | extern void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
43 | extern void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
44 | extern void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
45 | extern void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
46 | extern void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
13 | extern void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
14 | extern void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
15 | extern void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
16 | extern void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
17 | extern void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
18 | extern void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
19 | extern void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
20 | extern void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
21 | extern void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
22 | extern void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
23 | extern void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
24 | extern void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
25 | extern void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
26 | extern void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
27 | extern void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
28 | extern void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
29 | extern void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
30 | extern void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
31 | extern void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
32 | extern void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
33 | extern void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
34 | extern void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
35 | extern void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
36 | extern void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
37 | extern void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
38 | extern void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
39 | extern void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
40 | extern void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
41 | extern void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
42 | extern void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
43 | extern void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
44 | extern void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
45 | extern void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
46 | extern void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
47 | extern void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
48 | extern void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
49 | extern void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
47 | 50 | // ADD NEW SERVICES HERE |
48 | 51 | |
49 | 52 | #ifdef HAVE_MATH_H |
50 | extern void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
51 | extern int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
53 | extern void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
54 | extern int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
52 | 55 | #endif |
53 | 56 | #ifdef LIBPOSTGRES |
54 | extern void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
55 | extern int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
57 | extern void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
58 | extern int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
56 | 59 | #endif |
57 | 60 | #ifdef LIBOPENSSL |
58 | extern void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
59 | extern int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
60 | extern void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
61 | extern int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
62 | extern void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
63 | extern int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
64 | extern void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
65 | extern int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
66 | extern void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
67 | extern int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
61 | extern void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
62 | extern int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
63 | extern void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
64 | extern int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
65 | extern void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
66 | extern int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
67 | extern void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
68 | extern int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
69 | extern void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
70 | extern int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
68 | 71 | #endif |
69 | 72 | #ifdef LIBSAPR3 |
70 | extern void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
71 | extern int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
73 | extern void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
74 | extern int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
72 | 75 | #endif |
73 | 76 | #ifdef LIBFIREBIRD |
74 | extern void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
75 | extern int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
77 | extern void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
78 | extern int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
76 | 79 | #endif |
77 | 80 | #ifdef LIBAFP |
78 | extern void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
79 | extern int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
81 | extern void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
82 | extern int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
80 | 83 | #endif |
81 | 84 | #ifdef LIBNCP |
82 | extern void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
83 | extern int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
85 | extern void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
86 | extern int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
84 | 87 | #endif |
85 | 88 | #ifdef LIBSSH |
86 | extern void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
87 | extern int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
88 | extern void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
89 | extern int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
89 | extern void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
90 | extern int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
91 | extern void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
92 | extern int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
90 | 93 | #endif |
91 | 94 | #ifdef LIBSVN |
92 | extern void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
93 | extern int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
95 | extern void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
96 | extern int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
94 | 97 | #endif |
95 | 98 | #ifdef LIBORACLE |
96 | extern void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
97 | extern int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
98 | #endif | |
99 | ||
100 | extern int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
101 | extern int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
102 | extern int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
103 | extern int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
104 | extern int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
105 | extern int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
106 | extern int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
107 | extern int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
108 | extern int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
109 | extern int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
110 | extern int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
111 | extern int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
112 | extern int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
113 | extern int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
114 | extern int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
115 | extern int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
116 | extern int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
117 | extern int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
118 | extern int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
119 | extern int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
120 | extern int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
121 | extern int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
122 | extern int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
123 | extern int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
124 | extern int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
125 | extern int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
126 | extern int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
127 | extern int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
128 | extern int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
129 | extern int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
99 | extern void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
100 | extern int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
101 | #endif | |
102 | ||
103 | extern int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
104 | extern int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
105 | extern int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
106 | extern int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
107 | extern int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
108 | extern int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
109 | extern int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
110 | extern int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
111 | extern int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
112 | extern int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
113 | extern int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
114 | extern int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
115 | extern int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
116 | extern int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
117 | extern int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
118 | extern int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
119 | extern int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
120 | extern int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
121 | extern int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
122 | extern int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
123 | extern int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
124 | extern int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
125 | extern int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
126 | extern int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
127 | extern int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
128 | extern int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
129 | extern int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
130 | extern int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
131 | extern int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
132 | extern int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
133 | extern int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); | |
134 | extern int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); | |
130 | 135 | // ADD NEW SERVICES HERE |
131 | 136 | |
132 | 137 | |
133 | 138 | // ADD NEW SERVICES HERE |
134 | char *SERVICES = "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp rexec rlogin rsh sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; | |
139 | char *SERVICES = "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; | |
135 | 140 | |
136 | 141 | #define MAXBUF 520 |
137 | 142 | #define MAXLINESIZE ( ( MAXBUF / 2 ) - 4 ) |
138 | #define MAXTASKS 128 | |
143 | #define MAXTASKS 64 | |
139 | 144 | #define MAXSERVERS 16 |
140 | 145 | #define MAXFAIL 3 |
141 | 146 | #define MAXENDWAIT 20 |
143 | 148 | #define TASKS 16 |
144 | 149 | #define SKIPLOGIN 256 |
145 | 150 | #define USLEEP_LOOP 10 |
146 | #define MAX_LINES 50000000 // 50 millions, do not put more than 65millions | |
147 | #define MAX_BYTES 500000000 // 500 millions, do not put more than 650millions | |
151 | #define MAX_LINES 50000000 // 50 millions, do not put more than 65millions | |
152 | #define MAX_BYTES 500000000 // 500 millions, do not put more than 650millions | |
148 | 153 | |
149 | 154 | #define RESTOREFILE "./hydra.restore" |
150 | 155 | |
151 | 156 | #define PROGRAM "Hydra" |
152 | #define VERSION "v7.5" | |
157 | #define VERSION "v8.0" | |
153 | 158 | #define AUTHOR "van Hauser/THC" |
154 | 159 | #define EMAIL "<vh@thc.org>" |
155 | 160 | #define AUTHOR2 "David Maciejak" |
161 | 166 | extern char *hydra_string_replace(const char *string, const char *substr, const char *replacement); |
162 | 167 | extern char *hydra_address2string(char *address); |
163 | 168 | extern int colored_output; |
169 | extern char quiet; | |
170 | extern int do_retry; | |
164 | 171 | |
165 | 172 | void hydra_kill_head(int head_no, int killit, int fail); |
166 | 173 | |
194 | 201 | int ok; |
195 | 202 | int failed; |
196 | 203 | int skipcnt; |
204 | int port; | |
197 | 205 | char *redo_login[MAXTASKS * 2 + 2]; |
198 | 206 | char *redo_pass[MAXTASKS * 2 + 2]; |
199 | 207 | char *skiplogin[SKIPLOGIN]; |
211 | 219 | unsigned long int found; |
212 | 220 | unsigned long int countlogin; |
213 | 221 | unsigned long int countpass; |
214 | size_t sizelogin; | |
222 | size_t sizelogin; | |
215 | 223 | size_t sizepass; |
216 | 224 | FILE *ofp; |
217 | 225 | } hydra_brain; |
230 | 238 | int try_password_reverse_login; |
231 | 239 | int exit_found; |
232 | 240 | int max_use; |
241 | int cidr; | |
233 | 242 | char *login; |
234 | 243 | char *loginfile; |
235 | 244 | char *pass; |
292 | 301 | #include "performance.h" |
293 | 302 | |
294 | 303 | void help(int ext) { |
295 | printf("Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" | |
296 | " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" | |
304 | printf("Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" | |
297 | 305 | #ifdef HAVE_MATH_H |
298 | 306 | " [-x MIN:MAX:CHARSET]" |
299 | 307 | #endif |
300 | " [-SuvV46] " | |
308 | " [-SuvVd46] " | |
301 | 309 | //"[server service [OPT]]|" |
302 | 310 | "[service://server[:PORT][/OPT]]\n"); |
303 | 311 | printf("\nOptions:\n"); |
304 | if (ext) printf(" -R restore a previous aborted/crashed session\n"); | |
312 | if (ext) | |
313 | printf(" -R restore a previous aborted/crashed session\n"); | |
305 | 314 | #ifdef LIBOPENSSL |
306 | if (ext) printf(" -S perform an SSL connect\n"); | |
307 | #endif | |
308 | if (ext) printf(" -s PORT if the service is on a different default port, define it here\n"); | |
315 | if (ext) | |
316 | printf(" -S perform an SSL connect\n"); | |
317 | #endif | |
318 | if (ext) | |
319 | printf(" -s PORT if the service is on a different default port, define it here\n"); | |
309 | 320 | printf(" -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n"); |
310 | 321 | printf(" -p PASS or -P FILE try password PASS, or load several passwords from FILE\n"); |
311 | 322 | #ifdef HAVE_MATH_H |
312 | if (ext) printf(" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n"); | |
313 | #endif | |
314 | if (ext) printf(" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n"); | |
315 | if (ext) printf(" -u loop around users, not passwords (effective! implied with -x)\n"); | |
323 | if (ext) | |
324 | printf(" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n"); | |
325 | #endif | |
326 | if (ext) | |
327 | printf(" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n"); | |
328 | if (ext) | |
329 | printf(" -u loop around users, not passwords (effective! implied with -x)\n"); | |
316 | 330 | printf(" -C FILE colon separated \"login:pass\" format, instead of -L/-P options\n"); |
317 | printf(" -M FILE list of servers to be attacked in parallel, one entry per line\n"); | |
318 | if (ext) printf(" -o FILE write found login/password pairs to FILE instead of stdout\n"); | |
319 | if (ext) printf(" -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); | |
331 | printf(" -M FILE list of servers to attack, one entry per line, ':' to specify port\n"); | |
332 | if (ext) | |
333 | printf(" -o FILE write found login/password pairs to FILE instead of stdout\n"); | |
334 | if (ext) | |
335 | printf(" -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); | |
320 | 336 | printf(" -t TASKS run TASKS number of connects in parallel (per host, default: %d)\n", TASKS); |
321 | if (ext) printf(" -w / -W TIME waittime for responses (%ds) / between connects per thread\n", WAITTIME); | |
322 | if (ext) printf(" -4 / -6 prefer IPv4 (default) or IPv6 addresses\n"); | |
323 | if (ext) printf(" -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n"); | |
337 | if (ext) | |
338 | printf(" -w / -W TIME waittime for responses (%ds) / between connects per thread\n", WAITTIME); | |
339 | if (ext) | |
340 | printf(" -4 / -6 prefer IPv4 (default) or IPv6 addresses\n"); | |
341 | if (ext) | |
342 | printf(" -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n"); | |
343 | if (ext) | |
344 | printf(" -q do not print messages about connection erros\n"); | |
324 | 345 | printf(" -U service module usage details\n"); |
325 | if (ext == 0) printf(" -h more command line options (complete help)\n"); | |
326 | printf(" server the target server (use either this OR the -M option)\n"); | |
346 | if (ext == 0) | |
347 | printf(" -h more command line options (COMPLETE HELP)\n"); | |
348 | printf(" server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)\n"); | |
327 | 349 | printf(" service the service to crack (see below for supported protocols)\n"); |
328 | 350 | printf(" OPT some service modules support additional input (-U for module help)\n"); |
329 | 351 | |
330 | 352 | printf("\nSupported services: %s\n", SERVICES); |
331 | printf("\n%s is a tool to guess/crack valid login/password pairs - usage only allowed\nfor legal purposes. This tool is licensed under AGPL v3.0.\nThe newest version is always available at %s\n", PROGRAM, RESOURCE); | |
353 | printf | |
354 | ("\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\nv3.0. The newest version is always available at %s\n", | |
355 | PROGRAM, RESOURCE); | |
356 | printf("Don't use in military or secret service organizations, or for illegal purposes.\n"); | |
332 | 357 | if (ext && strlen(unsupported) > 0) { |
333 | 358 | if (unsupported[strlen(unsupported) - 1] == ' ') |
334 | 359 | unsupported[strlen(unsupported) - 1] = 0; |
335 | 360 | printf("These services were not compiled in: %s.\n", unsupported); |
336 | 361 | } |
337 | 362 | if (ext) { |
338 | printf("\nUse HYDRA_PROXY_HTTP/HYDRA_PROXY and HYDRA_PROXY_AUTH environment for a proxy.\n"); | |
339 | printf("E.g.: %% export HTTP_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)\n"); | |
340 | printf(" %% export HTTP_PROXY_HTTP=http://proxy:8080\n"); | |
341 | printf(" %% export HTTP_PROXY_AUTH=user:pass\n"); | |
342 | } | |
343 | ||
363 | printf("\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.\n"); | |
364 | printf("E.g.: %% export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)\n"); | |
365 | printf(" %% export HYDRA_PROXY_HTTP=http://proxy:8080\n"); | |
366 | printf(" %% export HYDRA_PROXY_AUTH=user:pass\n"); | |
367 | } | |
368 | ||
344 | 369 | printf("\nExample%s:%s hydra -l user -P passlist.txt ftp://192.168.0.1\n", ext == 0 ? "" : "s", ext == 0 ? "" : "\n"); |
345 | 370 | if (ext) { |
346 | 371 | printf(" hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN\n"); |
347 | printf(" hydra -C defaults.txt -6 pop3s://[fe80::2c:31ff:fe12:ac11]:143/TLS:DIGEST-MD5\n"); | |
372 | printf(" hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5\n"); | |
373 | printf(" hydra -l admin -p password ftp://[192.168.0.0/24]/\n"); | |
374 | printf(" hydra -L logins.txt -P pws.txt -M targets.txt ssh\n"); | |
348 | 375 | } |
349 | 376 | exit(-1); |
350 | 377 | } |
361 | 388 | "Examples:\n" |
362 | 389 | " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" |
363 | 390 | " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" |
364 | " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" | |
365 | " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n"); | |
391 | " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n"); | |
366 | 392 | printf("\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n"); |
367 | 393 | exit(-1); |
368 | 394 | } |
393 | 419 | if (!find && (strcmp(hydra_options.service, "pop3") == 0)) { |
394 | 420 | printf("Module pop3 is optionally taking one authentication type of:\n" |
395 | 421 | " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" |
396 | " CRAM-SHA256, DIGEST-MD5, NTLM.\n" | |
397 | "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" | |
398 | "Example: pop3://target/TLS:PLAIN\n"); | |
422 | " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); | |
399 | 423 | find = 1; |
400 | 424 | } |
401 | 425 | if (!find && (strcmp(hydra_options.service, "rdp") == 0)) { |
402 | printf("Module rdp is optionally taking the windows domain name.\n" | |
403 | "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); | |
426 | printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); | |
404 | 427 | find = 1; |
405 | 428 | } |
429 | if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) { | |
430 | printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); | |
431 | find = 1; | |
432 | } | |
406 | 433 | if (!find && (strcmp(hydra_options.service, "nntp") == 0)) { |
407 | printf("Module nntp is optionally taking one authentication type of:\n" | |
408 | " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); | |
434 | printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); | |
409 | 435 | find = 1; |
410 | 436 | } |
411 | 437 | if (!find && (strcmp(hydra_options.service, "imap") == 0)) { |
412 | 438 | printf("Module imap is optionally taking one authentication type of:\n" |
413 | 439 | " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" |
414 | " CRAM-SHA256, DIGEST-MD5, NTLM\n" | |
415 | "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" | |
416 | "Example: imap://target/TLS:PLAIN\n"); | |
440 | " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); | |
417 | 441 | find = 1; |
418 | 442 | } |
419 | 443 | if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) { |
420 | 444 | printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" |
421 | 445 | "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" |
422 | 446 | "login parameter is used as username and password parameter as the domain name\n" |
423 | "For example to test if john@localhost exists on 192.168.0.1:\n" | |
424 | "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); | |
447 | "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); | |
425 | 448 | find = 1; |
426 | 449 | } |
427 | 450 | if (!find && (strcmp(hydra_options.service, "smtp")) == 0) { |
428 | 451 | printf("Module smtp is optionally taking one authentication type of:\n" |
429 | 452 | " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" |
430 | "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" | |
431 | "Example: smtp://target/TLS:PLAIN\n"); | |
453 | "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); | |
432 | 454 | find = 1; |
433 | 455 | } |
434 | 456 | if (!find && (strcmp(hydra_options.service, "svn") == 0)) { |
440 | 462 | find = 1; |
441 | 463 | } |
442 | 464 | if (!find && (strcmp(hydra_options.service, "firebird") == 0)) { |
443 | printf("Module firebird is optionally taking the database path to attack,\n" | |
444 | "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); | |
465 | printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); | |
445 | 466 | find = 1; |
446 | 467 | } |
447 | 468 | if (!find && (strcmp(hydra_options.service, "mysql") == 0)) { |
449 | 470 | find = 1; |
450 | 471 | } |
451 | 472 | if (!find && (strcmp(hydra_options.service, "irc") == 0)) { |
452 | printf("Module irc is optionally taking the general server password, if the server is requiring one\n" | |
453 | "and none is passed the password from -p/-P will be used\n\n"); | |
473 | printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); | |
454 | 474 | find = 1; |
455 | 475 | } |
456 | 476 | if (!find && (strcmp(hydra_options.service, "postgres") == 0)) { |
459 | 479 | } |
460 | 480 | if (!find && (strcmp(hydra_options.service, "telnet") == 0)) { |
461 | 481 | printf("Module telnet is optionally taking the string which is displayed after\n" |
462 | "a successful login (case insensitive), use if the default in the telnet\n" | |
463 | "module produces too many false positives\n\n"); | |
482 | "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); | |
464 | 483 | find = 1; |
465 | 484 | } |
466 | 485 | if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) { |
471 | 490 | printf("Module sshkey does not provide additional options, although the semantic for\n" |
472 | 491 | "options -p and -P is changed:\n" |
473 | 492 | " -p expects a path to an unencrypted private key in PEM format.\n" |
474 | " -P expects a filename containing a list of path to some unencrypted\n" | |
475 | " private keys in PEM format.\n\n"); | |
493 | " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); | |
476 | 494 | find = 1; |
477 | 495 | } |
478 | 496 | if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) { |
486 | 504 | find = 1; |
487 | 505 | } |
488 | 506 | if (!find && (strcmp(hydra_options.service, "cisco") == 0)) { |
489 | printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" | |
490 | "ENTER when connecting to the service.\n"); | |
507 | printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); | |
491 | 508 | find = 1; |
492 | 509 | } |
493 | 510 | if (!find && ((strcmp(hydra_options.service, "ldap2") == 0) |
524 | 541 | || (strcmp(hydra_options.service, "https-post-form") == 0) |
525 | 542 | || (strncmp(hydra_options.service, "http-form", 9) == 0) |
526 | 543 | || (strncmp(hydra_options.service, "https-form", 10) == 0) |
527 | ) | |
544 | ) | |
528 | 545 | ) { |
529 | 546 | printf("Module %s requires the page and the parameters for the web form.\n\n" |
530 | 547 | "By default this module is configured to follow a maximum of 5 redirections in\n" |
531 | 548 | "a row. It always gathers a new cookie from the same URL without variables\n" |
532 | 549 | "The parameters take three \":\" separated values, plus optional values.\n" |
533 | "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" | |
550 | "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" | |
534 | 551 | "\nSyntax: <url>:<form parameters>:<condition string>[:<optional>[:<optional>]\n" |
535 | 552 | "First is the page on the server to GET or POST to (URL).\n" |
536 | 553 | "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" |
556 | 573 | } |
557 | 574 | if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) { |
558 | 575 | printf("Module http-proxy is optionally taking the page to authenticate at.\n" |
559 | "Default is http://www.microsoft.com/)\n" | |
560 | "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); | |
576 | "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); | |
561 | 577 | find = 1; |
562 | 578 | } |
563 | 579 | if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) { |
564 | 580 | printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" |
565 | 581 | "The -L loginfile must contain the URL list to try through the proxy.\n" |
566 | 582 | "The proxy credentials cann be put as the optional parameter, e.g.\n" |
567 | " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" | |
568 | " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); | |
583 | " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); | |
569 | 584 | find = 1; |
570 | 585 | } |
571 | 586 | if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) { |
594 | 609 | || (strcmp(hydra_options.service, "https-post") == 0)) |
595 | 610 | ) { |
596 | 611 | printf("Module %s requires the page to authenticate.\n" |
597 | "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", | |
598 | hydra_options.service); | |
612 | "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service); | |
599 | 613 | find = 1; |
600 | 614 | } |
601 | 615 | } |
639 | 653 | exit(-1); |
640 | 654 | } |
641 | 655 | |
642 | /* | |
643 | void hydra_bfg_remove(int head_no) { | |
644 | int i = 0, j = 0; | |
645 | char *ptr; | |
646 | ||
647 | if (hydra_heads[head_no]->current_pass_ptr == NULL || | |
648 | hydra_heads[head_no]->current_pass_ptr == hydra_targets[hydra_heads[head_no]->target_no]->pass_ptr || | |
649 | hydra_heads[head_no]->current_pass_ptr[0] == 0) | |
650 | return; | |
651 | if (hydra_brains.countlogin > 1) { | |
652 | for (i = 0; i < hydra_options.max_use && j < 2; i++) | |
653 | if (hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[i] == hydra_heads[head_no]->current_pass_ptr) | |
654 | j++; | |
655 | if (j != 1) | |
656 | return; | |
657 | } | |
658 | if (debug) | |
659 | printf("[DEBUG] bfg free of child %d ptr %p (%s)\n", head_no, hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_pass_ptr); | |
660 | // to prevent a race condition | |
661 | ptr = hydra_heads[head_no]->current_pass_ptr; | |
662 | hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[i] = NULL; | |
663 | hydra_heads[head_no]->current_pass_ptr = NULL; | |
664 | free(ptr); | |
665 | } | |
666 | */ | |
667 | ||
668 | 656 | void hydra_restore_write(int print_msg) { |
669 | 657 | FILE *f; |
670 | 658 | hydra_brain brain; |
688 | 676 | perror(""); |
689 | 677 | process_restore = 0; |
690 | 678 | return; |
691 | } else | |
692 | if (debug) | |
693 | printf("[DEBUG] Writing restore file... "); | |
679 | } else if (debug) | |
680 | printf("[DEBUG] Writing restore file... "); | |
694 | 681 | |
695 | 682 | fprintf(f, "%s\n", PROGRAM); |
696 | 683 | memcpy(&brain, &hydra_brains, sizeof(hydra_brain)); |
716 | 703 | for (j = 0; j < hydra_brains.targets; j++) |
717 | 704 | if (hydra_targets[j]->done != 1) { |
718 | 705 | fck = fwrite(hydra_targets[j], sizeof(hydra_target), 1, f); |
719 | fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int)(hydra_targets[j]->login_ptr - login_ptr), (int)(hydra_targets[j]->pass_ptr - pass_ptr)); | |
706 | fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int) (hydra_targets[j]->login_ptr - login_ptr), | |
707 | (int) (hydra_targets[j]->pass_ptr - pass_ptr)); | |
720 | 708 | fprintf(f, "%s\n%s\n", hydra_targets[j]->login_ptr, hydra_targets[j]->pass_ptr); |
721 | 709 | if (hydra_targets[j]->redo) |
722 | 710 | for (i = 0; i < hydra_targets[j]->redo; i++) |
726 | 714 | fprintf(f, "%s\n", hydra_targets[j]->skiplogin[i]); |
727 | 715 | } |
728 | 716 | for (j = 0; j < hydra_options.max_use; j++) { |
729 | memcpy((char*)&hh, hydra_heads[j], sizeof(hydra_head)); | |
730 | hh.active = 0; // re-enable disabled heads | |
717 | memcpy((char *) &hh, hydra_heads[j], sizeof(hydra_head)); | |
718 | hh.active = 0; // re-enable disabled heads | |
731 | 719 | if ((hh.current_login_ptr != NULL && hh.current_login_ptr != empty_login) |
732 | 720 | || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) { |
733 | 721 | hh.redo = 1; |
735 | 723 | printf("[DEBUG] we will redo the following combination: target %s login \"%s\" pass \"%s\"\n", hydra_targets[hh.target_no]->target, |
736 | 724 | hh.current_login_ptr, hh.current_pass_ptr); |
737 | 725 | } |
738 | fck = fwrite((char*)&hh, sizeof(hydra_head), 1, f); | |
739 | if (hh.redo/* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0])))*/) | |
726 | fck = fwrite((char *) &hh, sizeof(hydra_head), 1, f); | |
727 | if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */ ) | |
740 | 728 | fprintf(f, "%s\n%s\n", hh.current_login_ptr == NULL ? "" : hh.current_login_ptr, hh.current_pass_ptr == NULL ? "" : hh.current_pass_ptr); |
741 | 729 | else |
742 | 730 | fprintf(f, "\n\n"); |
755 | 743 | FILE *f; |
756 | 744 | char mynull[4]; |
757 | 745 | int i, j; |
758 | char out[1024], *ptr; | |
759 | ||
760 | ptr = out; | |
746 | char out[1024]; | |
747 | ||
761 | 748 | if ((f = fopen(RESTOREFILE, "r")) == NULL) { |
762 | 749 | fprintf(stderr, "[ERROR] restore file (%s) not found - ", RESTOREFILE); |
763 | 750 | perror(""); |
816 | 803 | out[strlen(out) - 1] = 0; |
817 | 804 | hydra_options.service = malloc(strlen(out) + 1); |
818 | 805 | strcpy(hydra_options.service, out); |
819 | ||
806 | ||
820 | 807 | login_ptr = malloc(hydra_brains.sizelogin); |
821 | 808 | fck = (int) fread(login_ptr, hydra_brains.sizelogin, 1, f); |
822 | if ((hydra_options.mode & 64) != 64) { // NOT colonfile mode | |
809 | if ((hydra_options.mode & 64) != 64) { // NOT colonfile mode | |
823 | 810 | pass_ptr = malloc(hydra_brains.sizepass); |
824 | 811 | fck = (int) fread(pass_ptr, hydra_brains.sizepass, 1, f); |
825 | 812 | } else { // colonfile mode |
827 | 814 | pass_ptr = csv_ptr = login_ptr; |
828 | 815 | } |
829 | 816 | |
830 | hydra_targets = malloc(hydra_brains.targets * sizeof(hydra_targets)); | |
817 | hydra_targets = malloc((hydra_brains.targets + 3 )* sizeof(hydra_targets)); | |
831 | 818 | for (j = 0; j < hydra_brains.targets; j++) { |
832 | 819 | hydra_targets[j] = malloc(sizeof(hydra_target)); |
833 | 820 | fck = (int) fread(hydra_targets[j], sizeof(hydra_target), 1, f); |
840 | 827 | hydra_targets[j]->login_ptr = login_ptr + atoi(out); |
841 | 828 | sck = fgets(out, sizeof(out), f); |
842 | 829 | hydra_targets[j]->pass_ptr = pass_ptr + atoi(out); |
843 | sck = fgets(out, sizeof(out), f); // target login_ptr, ignord | |
830 | sck = fgets(out, sizeof(out), f); // target login_ptr, ignord | |
844 | 831 | sck = fgets(out, sizeof(out), f); |
845 | 832 | if (hydra_options.bfg) { |
846 | 833 | if (out[0] != 0 && out[strlen(out) - 1] == '\n') |
861 | 848 | hydra_targets[j]->redo_pass[i] = malloc(strlen(out) + 1); |
862 | 849 | strcpy(hydra_targets[j]->redo_pass[i], out); |
863 | 850 | } |
851 | if (hydra_targets[j]->skipcnt >= hydra_brains.countlogin) | |
852 | hydra_targets[j]->skipcnt = 0; | |
864 | 853 | if (hydra_targets[j]->skipcnt > 0) |
865 | 854 | for (i = 0; i < hydra_targets[j]->skipcnt; i++) { |
866 | 855 | sck = fgets(out, sizeof(out), f); |
873 | 862 | hydra_targets[j]->use_count = 0; |
874 | 863 | hydra_targets[j]->failed = 0; |
875 | 864 | } |
876 | hydra_heads = malloc(hydra_options.max_use * sizeof(hydra_heads)); | |
865 | hydra_heads = malloc((hydra_options.max_use + 2 ) * sizeof(int) + 8); | |
877 | 866 | for (j = 0; j < hydra_options.max_use; j++) { |
878 | 867 | hydra_heads[j] = malloc(sizeof(hydra_head)); |
879 | 868 | fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f); |
954 | 943 | exit(0); |
955 | 944 | } |
956 | 945 | |
957 | unsigned long int countlines(FILE *fp, int colonmode) { | |
946 | unsigned long int countlines(FILE * fp, int colonmode) { | |
958 | 947 | size_t lines = 0; |
959 | 948 | char *buf = malloc(MAXLINESIZE); |
960 | 949 | int only_one_empty_line = 0; |
976 | 965 | } |
977 | 966 | rewind(fp); |
978 | 967 | free(buf); |
979 | fstat(fileno(fp), &st); | |
968 | (void)fstat(fileno(fp), &st); | |
980 | 969 | size_of_data = st.st_size + 1; |
981 | 970 | return lines; |
982 | 971 | } |
983 | 972 | |
984 | void fill_mem(char *ptr, FILE *fp, int colonmode) { | |
973 | void fill_mem(char *ptr, FILE * fp, int colonmode) { | |
985 | 974 | char tmp[MAXBUF + 4] = "", *ptr2; |
986 | 975 | unsigned int len; |
987 | 976 | int only_one_empty_line = 0; |
1038 | 1027 | } |
1039 | 1028 | |
1040 | 1029 | void hydra_service_init(int target_no) { |
1041 | int x = 2; | |
1030 | int x = 99; | |
1042 | 1031 | |
1043 | 1032 | #ifdef LIBAFP |
1044 | 1033 | if (strcmp(hydra_options.service, "afp") == 0) |
1045 | x = service_afp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1034 | x = service_afp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1046 | 1035 | #endif |
1047 | 1036 | if (strcmp(hydra_options.service, "asterisk") == 0) |
1048 | x = service_asterisk_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1037 | x = service_asterisk_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1049 | 1038 | if (strcmp(hydra_options.service, "cisco-enable") == 0) |
1050 | x = service_cisco_enable_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1039 | x = service_cisco_enable_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1051 | 1040 | if (strcmp(hydra_options.service, "cvs") == 0) |
1052 | x = service_cvs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1041 | x = service_cvs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1053 | 1042 | if (strcmp(hydra_options.service, "cisco") == 0) |
1054 | x = service_cisco_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1043 | x = service_cisco_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1055 | 1044 | #ifdef LIBFIREBIRD |
1056 | 1045 | if (strcmp(hydra_options.service, "firebird") == 0) |
1057 | x = service_firebird_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1046 | x = service_firebird_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1058 | 1047 | #endif |
1059 | 1048 | if (strcmp(hydra_options.service, "ftp") == 0 || strcmp(hydra_options.service, "ftps") == 0) |
1060 | x = service_ftp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1049 | x = service_ftp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1050 | if (strcmp(hydra_options.service, "redis") == 0 || strcmp(hydra_options.service, "redis") == 0) | |
1051 | x = service_redis_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1061 | 1052 | if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) |
1062 | x = service_http_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1053 | x = service_http_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1063 | 1054 | if (strcmp(hydra_options.service, "http-form") == 0 || strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0) |
1064 | x = service_http_form_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1055 | x = service_http_form_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1065 | 1056 | if (strcmp(hydra_options.service, "http-proxy") == 0) |
1066 | x = service_http_proxy_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1057 | x = service_http_proxy_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1067 | 1058 | if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) |
1068 | x = service_http_proxy_urlenum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1059 | x = service_http_proxy_urlenum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1069 | 1060 | if (strcmp(hydra_options.service, "icq") == 0) |
1070 | x = service_icq_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1061 | x = service_icq_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1071 | 1062 | if (strcmp(hydra_options.service, "imap") == 0) |
1072 | x = service_imap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1063 | x = service_imap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1073 | 1064 | if (strcmp(hydra_options.service, "irc") == 0) |
1074 | x = service_irc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1065 | x = service_irc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1075 | 1066 | if (strncmp(hydra_options.service, "ldap", 4) == 0) |
1076 | x = service_ldap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1067 | x = service_ldap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1077 | 1068 | #ifdef LIBOPENSSL |
1078 | 1069 | if (strcmp(hydra_options.service, "sip") == 0) |
1079 | x = service_sip_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1070 | x = service_sip_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1080 | 1071 | if (strcmp(hydra_options.service, "smb") == 0 || strcmp(hydra_options.service, "smbnt") == 0) |
1081 | x = service_smb_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1072 | x = service_smb_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1082 | 1073 | if (strcmp(hydra_options.service, "oracle-listener") == 0) |
1083 | x = service_oracle_listener_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1074 | x = service_oracle_listener_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1084 | 1075 | if (strcmp(hydra_options.service, "oracle-sid") == 0) |
1085 | x = service_oracle_sid_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1076 | x = service_oracle_sid_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1086 | 1077 | if (strcmp(hydra_options.service, "rdp") == 0) |
1087 | x = service_rdp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1078 | x = service_rdp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1088 | 1079 | #endif |
1089 | 1080 | if (strcmp(hydra_options.service, "mssql") == 0) |
1090 | x = service_mssql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1081 | x = service_mssql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1091 | 1082 | #ifdef HAVE_MATH_H |
1092 | 1083 | if (strcmp(hydra_options.service, "mysql") == 0) |
1093 | x = service_mysql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1084 | x = service_mysql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1094 | 1085 | #endif |
1095 | 1086 | #ifdef LIBNCP |
1096 | 1087 | if (strcmp(hydra_options.service, "ncp") == 0) |
1097 | x = service_ncp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1088 | x = service_ncp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1098 | 1089 | #endif |
1099 | 1090 | if (strcmp(hydra_options.service, "nntp") == 0) |
1100 | x = service_nntp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1091 | x = service_nntp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1101 | 1092 | #ifdef LIBORACLE |
1102 | 1093 | if (strcmp(hydra_options.service, "oracle") == 0) |
1103 | x = service_oracle_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1094 | x = service_oracle_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1104 | 1095 | #endif |
1105 | 1096 | if (strcmp(hydra_options.service, "pcanywhere") == 0) |
1106 | x = service_pcanywhere_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1097 | x = service_pcanywhere_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1107 | 1098 | if (strcmp(hydra_options.service, "pcnfs") == 0) |
1108 | x = service_pcnfs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1099 | x = service_pcnfs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1109 | 1100 | if (strcmp(hydra_options.service, "pop3") == 0) |
1110 | x = service_pop3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1101 | x = service_pop3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1111 | 1102 | #ifdef LIBPOSTGRES |
1112 | 1103 | if (strcmp(hydra_options.service, "postgres") == 0) |
1113 | x = service_postgres_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1104 | x = service_postgres_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1114 | 1105 | #endif |
1115 | 1106 | if (strcmp(hydra_options.service, "rexec") == 0) |
1116 | x = service_rexec_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1107 | x = service_rexec_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1117 | 1108 | if (strcmp(hydra_options.service, "rlogin") == 0) |
1118 | x = service_rlogin_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1109 | x = service_rlogin_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1119 | 1110 | if (strcmp(hydra_options.service, "rsh") == 0) |
1120 | x = service_rsh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1111 | x = service_rsh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1121 | 1112 | #ifdef LIBSAPR3 |
1122 | 1113 | if (strcmp(hydra_options.service, "sapr3") == 0) |
1123 | x = service_sapr3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1114 | x = service_sapr3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1124 | 1115 | #endif |
1125 | 1116 | if (strcmp(hydra_options.service, "smtp") == 0) |
1126 | x = service_smtp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1117 | x = service_smtp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1127 | 1118 | if (strcmp(hydra_options.service, "smtp-enum") == 0) |
1128 | x = service_smtp_enum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1119 | x = service_smtp_enum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1129 | 1120 | if (strcmp(hydra_options.service, "snmp") == 0) |
1130 | x = service_snmp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1121 | x = service_snmp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1131 | 1122 | if (strcmp(hydra_options.service, "socks5") == 0) |
1132 | x = service_socks5_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1123 | x = service_socks5_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1133 | 1124 | #ifdef LIBSSH |
1134 | 1125 | if (strcmp(hydra_options.service, "ssh") == 0) |
1135 | x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1126 | x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1136 | 1127 | if (strcmp(hydra_options.service, "sshkey") == 0) |
1137 | x = service_sshkey_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1128 | x = service_sshkey_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1138 | 1129 | #endif |
1139 | 1130 | #ifdef LIBSVN |
1140 | 1131 | if (strcmp(hydra_options.service, "svn") == 0) |
1141 | x = service_svn_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1132 | x = service_svn_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1142 | 1133 | #endif |
1143 | 1134 | if (strcmp(hydra_options.service, "teamspeak") == 0) |
1144 | x = service_teamspeak_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1135 | x = service_teamspeak_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1145 | 1136 | if (strcmp(hydra_options.service, "telnet") == 0) |
1146 | x = service_telnet_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1137 | x = service_telnet_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1147 | 1138 | if (strcmp(hydra_options.service, "vmauthd") == 0) |
1148 | x = service_vmauthd_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1139 | x = service_vmauthd_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1149 | 1140 | if (strcmp(hydra_options.service, "vnc") == 0) |
1150 | x = service_vnc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1141 | x = service_vnc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1151 | 1142 | if (strcmp(hydra_options.service, "xmpp") == 0) |
1152 | x = service_xmpp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1143 | x = service_xmpp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1144 | if (strcmp(hydra_options.service, "s7-300") == 0) | |
1145 | x = service_s7_300_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1153 | 1146 | // ADD NEW SERVICES HERE |
1154 | 1147 | |
1155 | ||
1156 | if (x != 0 && x != 2) | |
1157 | exit(-1); | |
1148 | if (x != 0 && x != 99) { | |
1149 | if (x > 0 && x < 4) | |
1150 | hydra_targets[target_no]->done = x; | |
1151 | else | |
1152 | hydra_targets[target_no]->done = 2; | |
1153 | hydra_brains.finished++; | |
1154 | if (hydra_brains.targets == 1) | |
1155 | exit(-1); | |
1156 | } | |
1158 | 1157 | } |
1159 | 1158 | |
1160 | 1159 | |
1161 | 1160 | int hydra_spawn_head(int head_no, int target_no) { |
1162 | 1161 | int i; |
1163 | 1162 | |
1163 | if (head_no < 0 || head_no >= hydra_options.max_use || target_no < 0 || target_no >= hydra_brains.targets) { | |
1164 | if (verbose > 1 || debug) | |
1165 | printf("[DEBUG-ERROR] spawn_head: head_no %d, target_no %d\n", head_no, target_no); | |
1166 | return -1; | |
1167 | } | |
1168 | ||
1164 | 1169 | if (hydra_heads[head_no]->active < 0) { |
1165 | printf("DEBUG-ERROR - child %d should not be respawned!\n", head_no); | |
1170 | printf("[DEBUG-ERROR] child %d should not be respawned!\n", head_no); | |
1166 | 1171 | return -1; |
1167 | 1172 | } |
1168 | 1173 | |
1186 | 1191 | for (i = 0; i < hydra_options.max_use; i++) |
1187 | 1192 | if (i != head_no) |
1188 | 1193 | free(hydra_heads[i]); |
1189 | for (i = 0; i < countservers; i++) | |
1194 | for (i = 0; i < hydra_brains.targets; i++) | |
1190 | 1195 | if (i != target_no) |
1191 | 1196 | free(hydra_targets[i]); |
1192 | 1197 | if (hydra_options.loginfile != NULL) |
1201 | 1206 | |
1202 | 1207 | // now call crack module |
1203 | 1208 | if (strcmp(hydra_options.service, "asterisk") == 0) |
1204 | service_asterisk(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1209 | service_asterisk(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1205 | 1210 | if (strcmp(hydra_options.service, "telnet") == 0) |
1206 | service_telnet(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1211 | service_telnet(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1207 | 1212 | if (strcmp(hydra_options.service, "ftp") == 0) |
1208 | service_ftp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1213 | service_ftp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1209 | 1214 | if (strcmp(hydra_options.service, "ftps") == 0) |
1210 | service_ftps(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1215 | service_ftps(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1216 | if (strcmp(hydra_options.service, "redis") == 0) | |
1217 | service_redis(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1211 | 1218 | if (strcmp(hydra_options.service, "pop3") == 0) |
1212 | service_pop3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1219 | service_pop3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1213 | 1220 | if (strcmp(hydra_options.service, "imap") == 0) |
1214 | service_imap(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1221 | service_imap(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1215 | 1222 | if (strcmp(hydra_options.service, "vmauthd") == 0) |
1216 | service_vmauthd(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1223 | service_vmauthd(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1217 | 1224 | if (strcmp(hydra_options.service, "ldap2") == 0) |
1218 | service_ldap2(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1225 | service_ldap2(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1219 | 1226 | if (strcmp(hydra_options.service, "ldap3") == 0) |
1220 | service_ldap3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1227 | service_ldap3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1221 | 1228 | if (strcmp(hydra_options.service, "http-head") == 0) |
1222 | service_http_head(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1229 | service_http_head(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1223 | 1230 | if (strcmp(hydra_options.service, "ldap3-crammd5") == 0) |
1224 | service_ldap3_cram_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1231 | service_ldap3_cram_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1225 | 1232 | if (strcmp(hydra_options.service, "ldap3-digestmd5") == 0) |
1226 | service_ldap3_digest_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1233 | service_ldap3_digest_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1227 | 1234 | if (strcmp(hydra_options.service, "http-get") == 0) |
1228 | service_http_get(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1235 | service_http_get(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1229 | 1236 | if (strcmp(hydra_options.service, "http-get-form") == 0) |
1230 | service_http_get_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1237 | service_http_get_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1231 | 1238 | if (strcmp(hydra_options.service, "http-post-form") == 0) |
1232 | service_http_post_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1239 | service_http_post_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1233 | 1240 | if (strcmp(hydra_options.service, "http-proxy") == 0) |
1234 | service_http_proxy(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1241 | service_http_proxy(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1235 | 1242 | if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) |
1236 | service_http_proxy_urlenum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1243 | service_http_proxy_urlenum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1237 | 1244 | if (strcmp(hydra_options.service, "cisco") == 0) |
1238 | service_cisco(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1245 | service_cisco(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1239 | 1246 | if (strcmp(hydra_options.service, "cisco-enable") == 0) |
1240 | service_cisco_enable(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1247 | service_cisco_enable(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1241 | 1248 | if (strcmp(hydra_options.service, "socks5") == 0) |
1242 | service_socks5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1249 | service_socks5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1243 | 1250 | if (strcmp(hydra_options.service, "vnc") == 0) |
1244 | service_vnc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1251 | service_vnc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1245 | 1252 | if (strcmp(hydra_options.service, "rexec") == 0) |
1246 | service_rexec(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1253 | service_rexec(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1247 | 1254 | if (strcmp(hydra_options.service, "rlogin") == 0) |
1248 | service_rlogin(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1255 | service_rlogin(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1249 | 1256 | if (strcmp(hydra_options.service, "rsh") == 0) |
1250 | service_rsh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1257 | service_rsh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1251 | 1258 | if (strcmp(hydra_options.service, "nntp") == 0) |
1252 | service_nntp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1259 | service_nntp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1253 | 1260 | if (strcmp(hydra_options.service, "icq") == 0) |
1254 | service_icq(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1261 | service_icq(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1255 | 1262 | if (strcmp(hydra_options.service, "pcnfs") == 0) |
1256 | service_pcnfs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1263 | service_pcnfs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1257 | 1264 | #ifdef HAVE_MATH_H |
1258 | 1265 | if (strcmp(hydra_options.service, "mysql") == 0) |
1259 | service_mysql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1266 | service_mysql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1260 | 1267 | #endif |
1261 | 1268 | if (strcmp(hydra_options.service, "mssql") == 0) |
1262 | service_mssql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1269 | service_mssql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1263 | 1270 | #ifdef LIBOPENSSL |
1264 | 1271 | if (strcmp(hydra_options.service, "oracle-listener") == 0) |
1265 | service_oracle_listener(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1272 | service_oracle_listener(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1266 | 1273 | if (strcmp(hydra_options.service, "oracle-sid") == 0) |
1267 | service_oracle_sid(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1274 | service_oracle_sid(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1268 | 1275 | #endif |
1269 | 1276 | #ifdef LIBORACLE |
1270 | 1277 | if (strcmp(hydra_options.service, "oracle") == 0) |
1271 | service_oracle(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1278 | service_oracle(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1272 | 1279 | #endif |
1273 | 1280 | #ifdef LIBPOSTGRES |
1274 | 1281 | if (strcmp(hydra_options.service, "postgres") == 0) |
1275 | service_postgres(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1282 | service_postgres(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1276 | 1283 | #endif |
1277 | 1284 | #ifdef LIBFIREBIRD |
1278 | 1285 | if (strcmp(hydra_options.service, "firebird") == 0) |
1279 | service_firebird(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1286 | service_firebird(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1280 | 1287 | #endif |
1281 | 1288 | #ifdef LIBAFP |
1282 | 1289 | if (strcmp(hydra_options.service, "afp") == 0) |
1283 | service_afp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1290 | service_afp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1284 | 1291 | #endif |
1285 | 1292 | #ifdef LIBNCP |
1286 | 1293 | if (strcmp(hydra_options.service, "ncp") == 0) |
1287 | service_ncp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1294 | service_ncp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1288 | 1295 | #endif |
1289 | 1296 | if (strcmp(hydra_options.service, "pcanywhere") == 0) |
1290 | service_pcanywhere(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1297 | service_pcanywhere(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1291 | 1298 | if (strcmp(hydra_options.service, "cvs") == 0) |
1292 | service_cvs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1299 | service_cvs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1293 | 1300 | #ifdef LIBSVN |
1294 | 1301 | if (strcmp(hydra_options.service, "svn") == 0) |
1295 | service_svn(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1302 | service_svn(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1296 | 1303 | #endif |
1297 | 1304 | if (strcmp(hydra_options.service, "snmp") == 0) |
1298 | service_snmp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1305 | service_snmp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1299 | 1306 | #ifdef LIBOPENSSL |
1300 | 1307 | if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) |
1301 | service_smb(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1308 | service_smb(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1302 | 1309 | #endif |
1303 | 1310 | #ifdef LIBSAPR3 |
1304 | 1311 | if (strcmp(hydra_options.service, "sapr3") == 0) |
1305 | service_sapr3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1312 | service_sapr3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1306 | 1313 | #endif |
1307 | 1314 | #ifdef LIBSSH |
1308 | 1315 | if (strcmp(hydra_options.service, "ssh") == 0) |
1309 | service_ssh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1316 | service_ssh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1310 | 1317 | if (strcmp(hydra_options.service, "sshkey") == 0) |
1311 | service_sshkey(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1318 | service_sshkey(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1312 | 1319 | #endif |
1313 | 1320 | if (strcmp(hydra_options.service, "smtp") == 0) |
1314 | service_smtp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1321 | service_smtp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1315 | 1322 | if (strcmp(hydra_options.service, "smtp-enum") == 0) |
1316 | service_smtp_enum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1323 | service_smtp_enum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1317 | 1324 | if (strcmp(hydra_options.service, "teamspeak") == 0) |
1318 | service_teamspeak(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1325 | service_teamspeak(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1319 | 1326 | #ifdef LIBOPENSSL |
1320 | 1327 | if (strcmp(hydra_options.service, "sip") == 0) |
1321 | service_sip(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1328 | service_sip(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1322 | 1329 | #endif |
1323 | 1330 | if (strcmp(hydra_options.service, "xmpp") == 0) |
1324 | service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1331 | service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1325 | 1332 | if (strcmp(hydra_options.service, "irc") == 0) |
1326 | service_irc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1333 | service_irc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1327 | 1334 | #ifdef LIBOPENSSL |
1328 | 1335 | if (strcmp(hydra_options.service, "rdp") == 0) |
1329 | service_rdp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); | |
1330 | #endif | |
1336 | service_rdp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1337 | #endif | |
1338 | if (strcmp(hydra_options.service, "s7-300") == 0) | |
1339 | service_s7_300(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); | |
1331 | 1340 | // ADD NEW SERVICES HERE |
1332 | 1341 | |
1333 | 1342 | // just in case a module returns (which it shouldnt) we let it exit here |
1336 | 1345 | child_head_no = -1; |
1337 | 1346 | if (hydra_heads[head_no]->pid > 0) { |
1338 | 1347 | fck = write(hydra_heads[head_no]->sp[1], "n", 1); // yes, a small "n" - this way we can distinguish later if the client successfully tested a pair and is requesting a new one or the mother did that |
1339 | fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); | |
1348 | (void)fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); | |
1340 | 1349 | if (hydra_heads[head_no]->redo != 1) |
1341 | 1350 | hydra_heads[head_no]->target_no = target_no; |
1342 | 1351 | hydra_heads[head_no]->active = 1; |
1393 | 1402 | {"nntp", PORT_NNTP, PORT_NNTP_SSL}, |
1394 | 1403 | {"pcnfs", PORT_PCNFS, PORT_PCNFS_SSL}, |
1395 | 1404 | {"pop3", PORT_POP3, PORT_POP3_SSL}, |
1405 | {"redis", PORT_REDIS, PORT_REDIS_SSL}, | |
1396 | 1406 | {"rexec", PORT_REXEC, PORT_REXEC_SSL}, |
1397 | 1407 | {"rlogin", PORT_RLOGIN, PORT_RLOGIN_SSL}, |
1398 | 1408 | {"rsh", PORT_RSH, PORT_RSH_SSL}, |
1421 | 1431 | {"irc", PORT_IRC, PORT_IRC_SSL}, |
1422 | 1432 | {"rdp", PORT_RDP, PORT_RDP_SSL}, |
1423 | 1433 | {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL}, |
1434 | {"s7-300", PORT_S7_300, PORT_S7_300_SSL}, | |
1435 | // ADD NEW SERVICES HERE - add new port numbers to hydra.h | |
1424 | 1436 | {"", PORT_NOPORT, PORT_NOPORT} |
1425 | // ADD NEW SERVICES HERE - add new port numbers to hydra.h | |
1426 | 1437 | }; |
1427 | 1438 | |
1428 | 1439 | while (strlen(hydra_portlists[i].name) > 0 && port == -2) { |
1442 | 1453 | |
1443 | 1454 | // killit = 1 : kill(pid); fail = 1 : redo, fail = 2 : disable |
1444 | 1455 | void hydra_kill_head(int head_no, int killit, int fail) { |
1456 | if (head_no < 0) | |
1457 | return; | |
1445 | 1458 | if (hydra_heads[head_no]->active > 0) { |
1446 | 1459 | close(hydra_heads[head_no]->sp[0]); |
1447 | 1460 | close(hydra_heads[head_no]->sp[1]); |
1455 | 1468 | hydra_heads[head_no]->active = 0; |
1456 | 1469 | hydra_targets[hydra_heads[head_no]->target_no]->use_count--; |
1457 | 1470 | } |
1458 | if (fail == 1) | |
1459 | hydra_heads[head_no]->redo = 1; | |
1460 | else if (fail == 2) { | |
1471 | if (fail == 1) { | |
1472 | if (hydra_options.cidr != 1) | |
1473 | hydra_heads[head_no]->redo = 1; | |
1474 | } else if (fail == 2) { | |
1475 | if (hydra_options.cidr != 1) | |
1476 | hydra_heads[head_no]->active = -1; | |
1477 | if (hydra_heads[head_no]->target_no >= 0) | |
1478 | hydra_targets[hydra_heads[head_no]->target_no]->failed++; | |
1479 | } else if (fail == 3) { | |
1461 | 1480 | hydra_heads[head_no]->active = -1; |
1462 | hydra_targets[hydra_heads[head_no]->target_no]->failed++; | |
1481 | if (hydra_heads[head_no]->target_no >= 0) | |
1482 | hydra_targets[hydra_heads[head_no]->target_no]->failed++; | |
1463 | 1483 | } |
1464 | 1484 | if (hydra_heads[head_no]->pid > 0 && killit) |
1465 | 1485 | kill(hydra_heads[head_no]->pid, SIGKILL); |
1466 | 1486 | hydra_heads[head_no]->pid = -1; |
1467 | if (hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3 | |
1468 | && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && | |
1469 | hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) { | |
1487 | if (fail < 1 && hydra_heads[head_no]->target_no >= 0 && hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3 | |
1488 | && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) { | |
1470 | 1489 | free(hydra_heads[head_no]->current_pass_ptr); |
1471 | 1490 | hydra_heads[head_no]->current_pass_ptr = empty_login; |
1472 | 1491 | // hydra_bfg_remove(head_no); |
1478 | 1497 | void hydra_increase_fail_count(int target_no, int head_no) { |
1479 | 1498 | int i, k; |
1480 | 1499 | |
1500 | if (target_no < 0) | |
1501 | return; | |
1502 | ||
1481 | 1503 | hydra_targets[target_no]->fail_count++; |
1482 | 1504 | if (debug) |
1483 | printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count, MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - hydra_targets[target_no]->failed) : 1) + (hydra_targets[target_no]->ok ? 2 : -2)); | |
1484 | if (hydra_targets[target_no]->fail_count >= MAXFAIL + | |
1485 | (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - hydra_targets[target_no]->failed) : 1) + (hydra_targets[target_no]->ok ? 2 : -2) | |
1486 | ) { | |
1505 | printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count, | |
1506 | MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 | |
1507 | && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - | |
1508 | hydra_targets[target_no]-> | |
1509 | failed) : 1) + | |
1510 | (hydra_targets[target_no]->ok ? 2 : -2)); | |
1511 | if (hydra_targets[target_no]->fail_count >= | |
1512 | MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 | |
1513 | && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - | |
1514 | hydra_targets[target_no]-> | |
1515 | failed) : 1) + | |
1516 | (hydra_targets[target_no]->ok ? 2 : -2) | |
1517 | ) { | |
1487 | 1518 | k = 0; |
1488 | 1519 | for (i = 0; i < hydra_options.max_use; i++) |
1489 | 1520 | if (hydra_heads[i]->active >= 0 && hydra_heads[i]->target_no == target_no) |
1490 | 1521 | k++; |
1491 | 1522 | if (k <= 1) { |
1523 | // we need to put this in a list, otherwise we fail one login+pw test | |
1524 | if (hydra_targets[target_no]->done == 0 | |
1525 | && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 | |
1526 | && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) | |
1527 | || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { | |
1528 | hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; | |
1529 | hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; | |
1530 | hydra_targets[target_no]->redo++; | |
1531 | if (debug) | |
1532 | printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, | |
1533 | hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); | |
1534 | hydra_heads[head_no]->current_login_ptr = empty_login; | |
1535 | hydra_heads[head_no]->current_pass_ptr = empty_login; | |
1536 | } | |
1492 | 1537 | if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) { |
1493 | 1538 | hydra_kill_head(head_no, 1, 2); |
1494 | 1539 | if (hydra_targets[target_no]->done == 0 && hydra_options.max_use == hydra_targets[target_no]->failed) { |
1495 | 1540 | if (hydra_targets[target_no]->ok == 1) |
1496 | hydra_targets[target_no]->done = 2; // mark target as done by errors | |
1541 | hydra_targets[target_no]->done = 2; // mark target as done by errors | |
1497 | 1542 | else |
1498 | hydra_targets[target_no]->done = 3; // mark target as done by unable to connect | |
1543 | hydra_targets[target_no]->done = 3; // mark target as done by unable to connect | |
1499 | 1544 | hydra_brains.finished++; |
1500 | fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", port); | |
1545 | fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 | |
1546 | && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 | |
1547 | && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); | |
1501 | 1548 | } |
1502 | 1549 | } // we keep the last one alive as long as it make sense |
1503 | 1550 | } else { |
1551 | // we need to put this in a list, otherwise we fail one login+pw test | |
1552 | if (hydra_targets[target_no]->done == 0 | |
1553 | && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 | |
1554 | && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) | |
1555 | || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { | |
1556 | hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; | |
1557 | hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; | |
1558 | hydra_targets[target_no]->redo++; | |
1559 | if (debug) | |
1560 | printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, | |
1561 | hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); | |
1562 | hydra_heads[head_no]->current_login_ptr = empty_login; | |
1563 | hydra_heads[head_no]->current_pass_ptr = empty_login; | |
1564 | } | |
1504 | 1565 | hydra_kill_head(head_no, 1, 2); |
1505 | 1566 | hydra_targets[target_no]->fail_count--; |
1506 | 1567 | if (k < 5 && hydra_targets[target_no]->ok) |
1510 | 1571 | if (verbose) |
1511 | 1572 | printf("[VERBOSE] Disabled child %d because of too many errors\n", head_no); |
1512 | 1573 | } |
1513 | // we need to put this in a list, otherwise we fail one login+pw test | |
1514 | if (hydra_targets[target_no]->done == 0 | |
1515 | && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 | |
1516 | && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) | |
1517 | || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { | |
1518 | hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; | |
1519 | hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; | |
1520 | hydra_targets[target_no]->redo++; | |
1521 | if (debug) | |
1522 | printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, | |
1523 | hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); | |
1524 | hydra_heads[head_no]->current_login_ptr = empty_login; | |
1525 | hydra_heads[head_no]->current_pass_ptr = empty_login; | |
1526 | } | |
1527 | 1574 | } else { |
1528 | 1575 | hydra_kill_head(head_no, 1, 1); |
1529 | 1576 | if (verbose) |
1533 | 1580 | |
1534 | 1581 | char *hydra_reverse_login(int head_no, char *login) { |
1535 | 1582 | int i, j = strlen(login); |
1536 | ||
1583 | ||
1537 | 1584 | if (j > 248) |
1538 | 1585 | j = 248; |
1539 | 1586 | else if (j == 0) |
1541 | 1588 | for (i = 0; i < j; i++) |
1542 | 1589 | hydra_heads[head_no]->reverse[i] = login[j - (i + 1)]; |
1543 | 1590 | hydra_heads[head_no]->reverse[j] = 0; |
1544 | ||
1591 | ||
1545 | 1592 | return hydra_heads[head_no]->reverse; |
1546 | 1593 | } |
1547 | 1594 | |
1551 | 1598 | snp_is_redo = 0; |
1552 | 1599 | snpdont = 0; |
1553 | 1600 | loop_cnt++; |
1554 | if (hydra_targets[target_no]->sent >= hydra_brains.todo) { | |
1555 | if (hydra_targets[target_no]->done == 0) { | |
1556 | hydra_targets[target_no]->done = 1; | |
1557 | hydra_brains.finished++; | |
1558 | if (verbose) printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); | |
1559 | } | |
1560 | return -1; | |
1561 | } | |
1601 | if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { | |
1602 | hydra_heads[head_no]->redo = 0; | |
1603 | snp_is_redo = 1; | |
1604 | snpdone = 1; | |
1605 | } else { | |
1606 | if (hydra_targets[target_no]->sent >= hydra_brains.todo + hydra_targets[target_no]->redo) { | |
1607 | if (hydra_targets[target_no]->done == 0) { | |
1608 | hydra_targets[target_no]->done = 1; | |
1609 | hydra_brains.finished++; | |
1610 | if (verbose) | |
1611 | printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); | |
1612 | } | |
1613 | return -1; | |
1614 | } | |
1615 | } | |
1616 | ||
1617 | if (debug) | |
1618 | printf | |
1619 | ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %lu/%lu, passcnt %lu/%lu, loop_cnt %d\n", | |
1620 | target_no, head_no, hydra_heads[head_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, | |
1621 | hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, | |
1622 | hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); | |
1623 | ||
1562 | 1624 | if (loop_cnt > (hydra_brains.countlogin * 2) + 1 && loop_cnt > (hydra_brains.countpass * 2) + 1) { |
1563 | 1625 | if (debug) |
1564 | 1626 | printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %ld, todo %ld)\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); |
1565 | 1627 | return -1; |
1566 | 1628 | } |
1567 | 1629 | |
1568 | if (debug) | |
1569 | printf("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %lu/%lu, passcnt %lu/%lu, loop_cnt %d\n", | |
1570 | target_no, head_no, hydra_heads[head_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); | |
1571 | 1630 | if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { |
1572 | 1631 | hydra_heads[head_no]->redo = 0; |
1573 | 1632 | snp_is_redo = 1; |
1590 | 1649 | loop_cnt = 0; |
1591 | 1650 | return -1; // head will be disabled by main while() |
1592 | 1651 | } |
1593 | if (hydra_options.loop_mode == 0) { // one user after another | |
1652 | if (hydra_options.loop_mode == 0) { // one user after another | |
1594 | 1653 | if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { |
1595 | 1654 | // as we loop password in mode == 0 we set the current login first |
1596 | 1655 | hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; |
1620 | 1679 | if (hydra_targets[target_no]->pass_state == 2 && snpdone == 0) { |
1621 | 1680 | // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double |
1622 | 1681 | if (hydra_options.try_password_reverse_login) { |
1623 | if ((hydra_options.try_password_same_as_login == 0 || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0) | |
1624 | && | |
1625 | (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) { | |
1682 | if ((hydra_options.try_password_same_as_login == 0 | |
1683 | || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0) | |
1684 | && (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) { | |
1626 | 1685 | hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); |
1627 | 1686 | snpdone = 1; |
1628 | 1687 | } else { |
1633 | 1692 | } |
1634 | 1693 | hydra_targets[target_no]->pass_state++; |
1635 | 1694 | } |
1636 | ||
1637 | 1695 | // now we handle the -C -l/-L -p/-P data |
1638 | 1696 | if (hydra_targets[target_no]->pass_state == 3 && snpdone == 0) { |
1639 | if ((hydra_options.mode & 64) == 64) { // colon mode | |
1697 | if ((hydra_options.mode & 64) == 64) { // colon mode | |
1640 | 1698 | hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; |
1641 | 1699 | hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; |
1642 | 1700 | hydra_targets[target_no]->login_no++; |
1654 | 1712 | if (strcmp(hydra_targets[target_no]->login_ptr, hydra_heads[head_no]->current_login_ptr) != 0) |
1655 | 1713 | hydra_targets[target_no]->pass_state = 0; |
1656 | 1714 | if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) |
1657 | || | |
1658 | (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) | |
1659 | || | |
1660 | (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { | |
1715 | || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) | |
1716 | || | |
1717 | (hydra_options.try_password_reverse_login | |
1718 | && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { | |
1661 | 1719 | hydra_brains.sent++; |
1662 | 1720 | hydra_targets[target_no]->sent++; |
1663 | 1721 | if (debug) |
1664 | 1722 | printf("[DEBUG] double detected (-C)\n"); |
1665 | return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small | |
1723 | return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small | |
1666 | 1724 | } |
1667 | } else { // standard -l -L -p -P mode | |
1725 | } else { // standard -l -L -p -P mode | |
1668 | 1726 | hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; |
1669 | 1727 | hydra_targets[target_no]->pass_no++; |
1670 | 1728 | // double check |
1687 | 1745 | hydra_targets[target_no]->pass_ptr++; |
1688 | 1746 | } |
1689 | 1747 | if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) |
1690 | || | |
1691 | (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) | |
1692 | || | |
1693 | (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { | |
1748 | || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) | |
1749 | || | |
1750 | (hydra_options.try_password_reverse_login | |
1751 | && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { | |
1694 | 1752 | hydra_brains.sent++; |
1695 | 1753 | hydra_targets[target_no]->sent++; |
1696 | 1754 | if (debug) |
1697 | 1755 | printf("[DEBUG] double detected (-Pp)\n"); |
1698 | return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small | |
1756 | return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small | |
1699 | 1757 | } |
1700 | 1758 | snpdone = 1; |
1701 | 1759 | } |
1702 | 1760 | } |
1703 | 1761 | } |
1704 | } else { // loop_mode == 1 | |
1762 | } else { // loop_mode == 1 | |
1705 | 1763 | if (hydra_targets[target_no]->pass_no < hydra_brains.countpass) { |
1706 | 1764 | hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; |
1707 | if (hydra_targets[target_no]->pass_state == 0) | |
1708 | hydra_heads[head_no]->current_pass_ptr = hydra_heads[head_no]->current_login_ptr; | |
1709 | else if (hydra_targets[target_no]->pass_state == 1) | |
1710 | hydra_heads[head_no]->current_pass_ptr = empty_login; | |
1711 | else if (hydra_targets[target_no]->pass_state == 2) | |
1712 | hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); | |
1713 | else { | |
1765 | if (hydra_targets[target_no]->pass_state == 0) { | |
1766 | if ((hydra_options.mode & 4) == 4) | |
1767 | hydra_heads[head_no]->current_pass_ptr = strdup(hydra_heads[head_no]->current_login_ptr); | |
1768 | else | |
1769 | hydra_heads[head_no]->current_pass_ptr = hydra_heads[head_no]->current_login_ptr; | |
1770 | } else if (hydra_targets[target_no]->pass_state == 1) { | |
1771 | if ((hydra_options.mode & 4) == 4) | |
1772 | hydra_heads[head_no]->current_pass_ptr = strdup(empty_login); | |
1773 | else | |
1774 | hydra_heads[head_no]->current_pass_ptr = empty_login; | |
1775 | } else if (hydra_targets[target_no]->pass_state == 2) { | |
1776 | if ((hydra_options.mode & 4) == 4) | |
1777 | hydra_heads[head_no]->current_pass_ptr = strdup(hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)); | |
1778 | else | |
1779 | hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); | |
1780 | } else { | |
1714 | 1781 | if (hydra_options.bfg && hydra_targets[target_no]->pass_state == 3 |
1715 | 1782 | && hydra_heads[head_no]->current_pass_ptr != NULL && |
1716 | strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && | |
1717 | hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) | |
1783 | strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) | |
1718 | 1784 | free(hydra_heads[head_no]->current_pass_ptr); |
1719 | 1785 | hydra_heads[head_no]->current_pass_ptr = strdup(hydra_targets[target_no]->pass_ptr); |
1720 | 1786 | } |
1732 | 1798 | snpdont = 1; |
1733 | 1799 | hydra_targets[target_no]->pass_no++; |
1734 | 1800 | } |
1735 | ||
1801 | ||
1736 | 1802 | if (hydra_targets[target_no]->pass_state == 3) { |
1737 | 1803 | if (snpdont) { |
1738 | 1804 | hydra_targets[target_no]->pass_ptr = pass_ptr; |
1739 | 1805 | } else { |
1740 | if ((hydra_options.mode & 4) == 4) { // bfg mode | |
1806 | if ((hydra_options.mode & 4) == 4) { // bfg mode | |
1741 | 1807 | #ifndef HAVE_MATH_H |
1742 | 1808 | sleep(1); |
1743 | 1809 | #else |
1745 | 1811 | if (debug) |
1746 | 1812 | printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); |
1747 | 1813 | #endif |
1748 | } else { // -p -P mode | |
1814 | } else { // -p -P mode | |
1749 | 1815 | hydra_targets[target_no]->pass_ptr++; |
1750 | 1816 | while (*hydra_targets[target_no]->pass_ptr != 0) |
1751 | 1817 | hydra_targets[target_no]->pass_ptr++; |
1754 | 1820 | hydra_targets[target_no]->pass_no++; |
1755 | 1821 | } |
1756 | 1822 | } |
1757 | ||
1823 | ||
1758 | 1824 | hydra_targets[target_no]->login_no = 0; |
1759 | 1825 | hydra_targets[target_no]->login_ptr = login_ptr; |
1760 | 1826 | } else if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { |
1765 | 1831 | } |
1766 | 1832 | if (hydra_targets[target_no]->pass_state == 3 && snpdont == 0) { |
1767 | 1833 | if ((hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) < 1) |
1768 | || | |
1769 | (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) | |
1770 | || | |
1771 | (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) { | |
1834 | || (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) | |
1835 | || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) { | |
1772 | 1836 | hydra_brains.sent++; |
1773 | 1837 | hydra_targets[target_no]->sent++; |
1774 | 1838 | if (debug) |
1781 | 1845 | } |
1782 | 1846 | |
1783 | 1847 | if (debug) |
1784 | printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s\n", | |
1785 | snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr); | |
1786 | ||
1848 | printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, redo %d\n", | |
1849 | snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, | |
1850 | hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->redo); | |
1851 | ||
1787 | 1852 | // no pair? then we go for redo state |
1788 | 1853 | if (!snpdone && hydra_targets[target_no]->redo_state == 0 && hydra_targets[target_no]->redo > 0) { |
1789 | 1854 | if (debug) |
1817 | 1882 | if (debug) |
1818 | 1883 | printf("[DEBUG] double found for %s == %s, skipping\n", hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi - 1]); |
1819 | 1884 | // only if -l/L -p/P with -u and if loginptr was not justed increased |
1820 | if ((hydra_options.mode & 64) != 64 && hydra_options.loop_mode == 0 && hydra_targets[target_no]->pass_no > 0) { // -l -P (not! -u) | |
1885 | if ((hydra_options.mode & 64) != 64 && hydra_options.loop_mode == 0 && hydra_targets[target_no]->pass_no > 0) { // -l -P (not! -u) | |
1821 | 1886 | // increase login_ptr to next |
1822 | 1887 | hydra_targets[target_no]->login_no++; |
1823 | 1888 | if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { |
1834 | 1899 | hydra_targets[target_no]->pass_no = 0; |
1835 | 1900 | hydra_targets[target_no]->pass_state = 0; |
1836 | 1901 | } |
1837 | return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small | |
1838 | } | |
1839 | } | |
1840 | ||
1902 | return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small | |
1903 | } | |
1904 | } | |
1905 | ||
1841 | 1906 | memset(&snpbuf, 0, sizeof(snpbuf)); |
1842 | 1907 | strncpy(snpbuf, hydra_heads[head_no]->current_login_ptr, MAXLINESIZE - 3); |
1843 | 1908 | if (strlen(hydra_heads[head_no]->current_login_ptr) > MAXLINESIZE - 3) |
1852 | 1917 | if (snp_is_redo == 0) { |
1853 | 1918 | hydra_brains.sent++; |
1854 | 1919 | hydra_targets[target_no]->sent++; |
1855 | } else | |
1856 | if (debug) | |
1857 | printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, is_redo %d\n", | |
1858 | snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, snp_is_redo); | |
1920 | } else if (debug) | |
1921 | printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, is_redo %d\n", | |
1922 | snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, | |
1923 | hydra_targets[target_no]->pass_ptr, snp_is_redo); | |
1859 | 1924 | //hydra_dump_data(snpbuf, snpbuflen, "SENT"); |
1860 | 1925 | fck = write(hydra_heads[head_no]->sp[0], snpbuf, snpbuflen); |
1861 | 1926 | if (fck < snpbuflen) { |
1867 | 1932 | } |
1868 | 1933 | if (debug || hydra_options.showAttempt) { |
1869 | 1934 | printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %lu of %lu [child %d]\n", |
1870 | snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, | |
1935 | hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, | |
1871 | 1936 | hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no); |
1872 | 1937 | } |
1873 | 1938 | loop_cnt = 0; |
1942 | 2007 | } |
1943 | 2008 | |
1944 | 2009 | int hydra_select_target() { |
1945 | int target_no = -1, i, j = 0; | |
1946 | ||
2010 | int target_no = -1, i, j = -1000; | |
2011 | ||
1947 | 2012 | for (i = 0; i < hydra_brains.targets; i++) |
1948 | 2013 | if (hydra_targets[i]->use_count < hydra_options.tasks) |
1949 | 2014 | if (j < hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count) { |
1955 | 2020 | |
1956 | 2021 | int main(int argc, char *argv[]) { |
1957 | 2022 | char *proxy_string = NULL, *device = NULL, *memcheck; |
1958 | FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL; | |
2023 | FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL; | |
1959 | 2024 | size_t countinfile = 1, sizeinfile = 0; |
1960 | 2025 | unsigned long int math2; |
1961 | 2026 | int i = 0, j = 0, k, error = 0, modusage = 0; |
1962 | 2027 | int head_no = 0, target_no = 0, exit_condition = 0, readres; |
1963 | 2028 | time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time; |
1964 | char *tmpptr; | |
2029 | char *tmpptr, *tmpptr2; | |
1965 | 2030 | char rc, buf[MAXBUF]; |
1966 | 2031 | fd_set fdreadheads; |
1967 | 2032 | int max_fd; |
1969 | 2034 | struct sockaddr_in6 *ipv6 = NULL; |
1970 | 2035 | struct sockaddr_in *ipv4 = NULL; |
1971 | 2036 | |
1972 | printf("%s %s (c)2013 by %s & %s - for legal purposes only\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); | |
2037 | printf("%s %s (c) 2014 by %s & %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); | |
1973 | 2038 | #ifndef LIBPOSTGRES |
1974 | 2039 | SERVICES = hydra_string_replace(SERVICES, "postgres ", ""); |
1975 | 2040 | strcat(unsupported, "postgres "); |
2077 | 2142 | help(1); |
2078 | 2143 | if (argc < 3 && (argc < 2 || strcmp(argv[1], "-R") != 0)) |
2079 | 2144 | help(0); |
2080 | while ((i = getopt(argc, argv, "h64Rde:vVl:fFg:L:p:P:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) { | |
2145 | while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:P:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) { | |
2081 | 2146 | switch (i) { |
2082 | 2147 | case 'h': |
2083 | 2148 | help(1); |
2149 | break; | |
2150 | case 'q': | |
2151 | quiet = 1; | |
2152 | break; | |
2084 | 2153 | case 'u': |
2085 | 2154 | hydra_options.loop_mode = 1; |
2086 | 2155 | break; |
2167 | 2236 | if (waittime < 1) { |
2168 | 2237 | fprintf(stderr, "[ERROR] waittime must be larger than 0\n"); |
2169 | 2238 | exit(-1); |
2170 | } else | |
2171 | if (waittime < 5) | |
2172 | fprintf(stderr, "[WARNING] the waittime you set is low, this can result in errornous results\n"); | |
2239 | } else if (waittime < 5) | |
2240 | fprintf(stderr, "[WARNING] the waittime you set is low, this can result in errornous results\n"); | |
2173 | 2241 | break; |
2174 | 2242 | case 'W': |
2175 | 2243 | hydra_options.conwait = conwait = atoi(optarg); |
2220 | 2288 | #ifdef LIBNCURSES |
2221 | 2289 | //then check if the term is color enabled using ncurses lib |
2222 | 2290 | if (colored_output) { |
2223 | if (!setupterm(NULL,1,NULL) && (tigetnum("colors") <= 0)) { | |
2224 | colored_output = 0; | |
2291 | if (!setupterm(NULL, 1, NULL) && (tigetnum("colors") <= 0)) { | |
2292 | colored_output = 0; | |
2225 | 2293 | } |
2226 | 2294 | } |
2227 | 2295 | #else |
2257 | 2325 | } |
2258 | 2326 | } else { // normal mode, aka non-restore mode |
2259 | 2327 | if (hydra_options.colonfile) |
2260 | hydra_options.loop_mode = 0; // just to be sure | |
2328 | hydra_options.loop_mode = 0; // just to be sure | |
2261 | 2329 | if (hydra_options.infile_ptr != NULL) { |
2262 | 2330 | if (optind + 2 < argc) |
2263 | 2331 | bail("The -M FILE option can not be used together with a host on the commandline"); |
2271 | 2339 | hydra_options.miscptr = argv[optind + 1]; |
2272 | 2340 | } else if (optind + 2 != argc && optind + 3 != argc) { |
2273 | 2341 | // check if targetdef follow syntax <service-name>://<target>[:<port-number>][/<parameters>] or it's a syntax error |
2274 | char *targetdef = argv[optind]; | |
2275 | char *service_pos; | |
2342 | char *targetdef = strdup(argv[optind]); | |
2343 | char *service_pos, *target_pos, *port_pos = NULL, *param_pos = NULL; | |
2276 | 2344 | |
2277 | 2345 | if ((targetdef != NULL) && (strstr(targetdef, "://") != NULL)) { |
2278 | char *targetport_sep; | |
2279 | char *port_pos = NULL, *param_pos = NULL; | |
2280 | ||
2281 | 2346 | service_pos = strstr(targetdef, "://"); |
2282 | 2347 | if ((service_pos - targetdef) == 0) |
2283 | 2348 | bail("could not identify service"); |
2284 | 2349 | if ((hydra_options.service = malloc(1 + service_pos - targetdef)) == NULL) |
2285 | 2350 | bail("could not alloc memory"); |
2286 | 2351 | strncpy(hydra_options.service, targetdef, service_pos - targetdef); |
2287 | hydra_options.service[service_pos - targetdef] = '\0'; | |
2288 | ||
2289 | // check if we specify a port | |
2290 | if (prefer_ipv6) | |
2291 | targetport_sep = "]:"; | |
2292 | else | |
2293 | targetport_sep = ":"; | |
2294 | port_pos = strstr(service_pos + strlen("://"), targetport_sep); | |
2295 | param_pos = strstr(service_pos + strlen("://"), "/"); | |
2296 | if (param_pos != NULL && param_pos < port_pos) | |
2297 | port_pos = NULL; | |
2298 | ||
2299 | if (port_pos != NULL) { | |
2300 | *port_pos = 0; | |
2301 | // removing ://[ | |
2302 | if (port_pos - service_pos - 2 - strlen(targetport_sep) == 0) | |
2303 | bail("identifying server address"); | |
2304 | if (prefer_ipv6 && ((service_pos + 3)[0] != '[')) | |
2305 | bail("identifying ipv6 server address"); | |
2306 | if ((hydra_options.server = malloc(1 + port_pos - service_pos - 2 - strlen(targetport_sep))) == NULL) | |
2307 | bail("could not allocate memory"); | |
2308 | strncpy(hydra_options.server, service_pos + 3, port_pos - service_pos - 3); | |
2309 | hydra_options.server[port_pos - service_pos - 3] = '\0'; | |
2310 | } | |
2311 | // check if we specify a parameter | |
2312 | if ((param_pos != NULL) && (port_pos == NULL)) { | |
2313 | if (param_pos - service_pos - 3 == 0) | |
2314 | bail("could not identify server address"); | |
2315 | if ((hydra_options.server = malloc(1 + param_pos - service_pos - 3)) == NULL) | |
2316 | bail("could not allocate memory"); | |
2317 | if (service_pos[3] == '[') { | |
2318 | strncpy(hydra_options.server, service_pos + 4, param_pos - service_pos - 3); | |
2319 | hydra_options.server[param_pos - 4 - service_pos] = '\0'; | |
2320 | } else { | |
2321 | strncpy(hydra_options.server, service_pos + 3, param_pos - service_pos - 3); | |
2322 | hydra_options.server[param_pos - 3 - service_pos] = '\0'; | |
2323 | } | |
2324 | if (hydra_options.server[strlen(hydra_options.server) - 1] == ']') | |
2325 | hydra_options.server[strlen(hydra_options.server) - 1] = 0; | |
2326 | } | |
2327 | if ((port_pos == NULL) && (param_pos == NULL)) { | |
2328 | if (strlen(targetdef) - strlen(hydra_options.service) - 3 == 0) | |
2329 | bail("could not identify server address"); | |
2330 | if ((hydra_options.server = malloc(1 + strlen(targetdef) - strlen(hydra_options.service) - 3)) == NULL) | |
2331 | bail("could not allocate memory"); | |
2332 | if (service_pos[3] == '[') | |
2333 | strcpy(hydra_options.server, service_pos + 4); | |
2334 | else | |
2335 | strcpy(hydra_options.server, service_pos + 3); | |
2336 | if (hydra_options.server[strlen(hydra_options.server) - 1] == ']') | |
2337 | hydra_options.server[strlen(hydra_options.server) - 1] = 0; | |
2352 | hydra_options.service[service_pos - targetdef] = 0; | |
2353 | target_pos = targetdef + (service_pos - targetdef + 3); | |
2354 | ||
2355 | if (*target_pos == '[') { | |
2356 | target_pos++; | |
2357 | if ((param_pos = index(target_pos, ']')) == NULL) | |
2358 | bail("no closing ']' found in target definition"); | |
2359 | *param_pos++ = 0; | |
2360 | if (*param_pos == ':') | |
2361 | port_pos = ++param_pos; | |
2362 | if ((param_pos = index(param_pos, '/')) != NULL) | |
2363 | *param_pos++ = 0; | |
2338 | 2364 | } else { |
2339 | char port_temp[6] = ""; | |
2340 | ||
2341 | if (port_pos) { | |
2342 | // set the port | |
2343 | if (param_pos == NULL) { | |
2344 | hydra_options.port = port = atoi(port_pos + strlen(targetport_sep)); | |
2345 | } else { | |
2346 | if (param_pos - port_pos - strlen(targetport_sep) > 0) { | |
2347 | if (param_pos - port_pos - strlen(targetport_sep) > sizeof(port_temp) - 1) | |
2348 | bail("invalid port number"); | |
2349 | strncpy(port_temp, port_pos + strlen(targetport_sep), param_pos - port_pos - strlen(targetport_sep)); | |
2350 | port_temp[strlen(port_temp)] = '\0'; | |
2351 | hydra_options.port = port = atoi(port_temp); | |
2352 | } | |
2353 | } | |
2354 | } | |
2355 | if (param_pos) { | |
2356 | int size_of_miscptr = 0; | |
2357 | ||
2358 | if (strstr(hydra_options.service, "http") != NULL && strstr(hydra_options.service, "http-proxy") == NULL && param_pos[1] != '/') { | |
2359 | param_pos--; | |
2360 | } | |
2361 | ||
2362 | size_of_miscptr = strlen(param_pos); | |
2363 | ||
2364 | if (size_of_miscptr > 0) { | |
2365 | if ((hydra_options.miscptr = malloc(1 + size_of_miscptr)) == NULL) | |
2366 | bail("could not allocate memory"); | |
2367 | strcpy(hydra_options.miscptr, param_pos + 1); | |
2368 | } | |
2365 | port_pos = index(target_pos, ':'); | |
2366 | param_pos = index(target_pos, '/'); | |
2367 | if (port_pos != NULL && param_pos != NULL && port_pos > param_pos) | |
2368 | port_pos = NULL; | |
2369 | if (port_pos != NULL) | |
2370 | *port_pos++ = 0; | |
2371 | if (param_pos != NULL) | |
2372 | *param_pos++ = 0; | |
2373 | if (port_pos != NULL && index(port_pos, ':') != NULL) { | |
2374 | if (prefer_ipv6) | |
2375 | bail("Illegal IPv6 target definition must be written within '[' ']'"); | |
2376 | else | |
2377 | bail("Illegal port definition"); | |
2369 | 2378 | } |
2370 | 2379 | } |
2380 | if (*target_pos == 0) | |
2381 | hydra_options.server = NULL; | |
2382 | else | |
2383 | hydra_options.server = target_pos; | |
2384 | if (port_pos != NULL) | |
2385 | hydra_options.port = port = atoi(port_pos); | |
2386 | if (param_pos != NULL) { | |
2387 | if (strstr(hydra_options.service, "http") != NULL && strstr(hydra_options.service, "http-proxy") == NULL && param_pos[1] != '/') | |
2388 | *--param_pos = '/'; | |
2389 | hydra_options.miscptr = param_pos; | |
2390 | } | |
2391 | //printf("target: %s service: %s port: %s opt: %s\n", target_pos, hydra_options.service, port_pos, param_pos); | |
2371 | 2392 | if (debug) |
2372 | 2393 | printf("[DEBUG] opt:%d argc:%d mod:%s tgt:%s port:%d misc:%s\n", optind, argc, hydra_options.service, hydra_options.server, hydra_options.port, hydra_options.miscptr); |
2373 | 2394 | } else { |
2387 | 2408 | hydra_options.miscptr = argv[optind + 2]; |
2388 | 2409 | } |
2389 | 2410 | |
2390 | if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { | |
2411 | if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 | |
2412 | || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { | |
2391 | 2413 | hydra_options.ssl = 1; |
2392 | 2414 | hydra_options.service[strlen(hydra_options.service) - 1] = 0; |
2393 | 2415 | } |
2394 | 2416 | |
2395 | 2417 | if (getenv("HYDRA_PROXY_HTTP") || getenv("HYDRA_PROXY")) { |
2396 | if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 || | |
2397 | strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 || | |
2418 | if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 || | |
2419 | strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 || | |
2398 | 2420 | strncmp(hydra_options.service, "ssh", 3) == 0 || strcmp(hydra_options.service, "sshkey") == 0 || strcmp(hydra_options.service, "svn") == 0 || |
2399 | 2421 | strcmp(hydra_options.service, "sapr3") == 0) { |
2400 | 2422 | fprintf(stderr, "[WARNING] module %s does not support HYDRA_PROXY* !\n", hydra_options.service); |
2403 | 2425 | } |
2404 | 2426 | |
2405 | 2427 | /* here start the services */ |
2406 | ||
2428 | ||
2407 | 2429 | if (strcmp(hydra_options.service, "ssl") == 0 || strcmp(hydra_options.service, "www") == 0 || strcmp(hydra_options.service, "http") == 0 |
2408 | 2430 | || strcmp(hydra_options.service, "https") == 0) { |
2409 | 2431 | fprintf(stderr, "[WARNING] The service http has been replaced with http-head and http-get, using by default GET method. Same for https.\n"); |
2410 | 2432 | if (strcmp(hydra_options.service, "http") == 0) { |
2411 | hydra_options.service=malloc(strlen("http-get")+1); | |
2433 | hydra_options.service = malloc(strlen("http-get") + 1); | |
2412 | 2434 | strcpy(hydra_options.service, "http-get"); |
2413 | 2435 | } |
2414 | 2436 | if (strcmp(hydra_options.service, "https") == 0) { |
2415 | hydra_options.service=malloc(strlen("https-get")+1); | |
2437 | hydra_options.service = malloc(strlen("https-get") + 1); | |
2416 | 2438 | strcpy(hydra_options.service, "https-get"); |
2417 | 2439 | } |
2418 | 2440 | } |
2431 | 2453 | |
2432 | 2454 | i = 0; |
2433 | 2455 | if (strcmp(hydra_options.service, "telnet") == 0) { |
2434 | fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze reliable, if possible better choose FTP or SSH if available\n"); | |
2456 | fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available\n"); | |
2435 | 2457 | i = 1; |
2436 | 2458 | } |
2437 | 2459 | if (strcmp(hydra_options.service, "ftp") == 0) |
2440 | 2462 | fprintf(stderr, "[WARNING] you enabled ftp-SSL (auth tls) mode. If you want to use direct SSL ftp, use -S and the ftp module instead.\n"); |
2441 | 2463 | i = 1; |
2442 | 2464 | } |
2443 | if (strcmp(hydra_options.service, "pop3") == 0) | |
2444 | i = 1; | |
2445 | if (strcmp(hydra_options.service, "imap") == 0) | |
2446 | i = 1; | |
2465 | if (strcmp(hydra_options.service, "pop3") == 0) { | |
2466 | fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); | |
2467 | i = 1; | |
2468 | } | |
2469 | if (strcmp(hydra_options.service, "imap") == 0) { | |
2470 | fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); | |
2471 | i = 1; | |
2472 | } | |
2473 | if (strcmp(hydra_options.service, "redis") == 0) | |
2474 | i = 2; | |
2447 | 2475 | if (strcmp(hydra_options.service, "asterisk") == 0) |
2448 | 2476 | i = 1; |
2449 | if (strcmp(hydra_options.service, "vmauthd") == 0) | |
2477 | if (strcmp(hydra_options.service, "vmauthd") == 0) | |
2450 | 2478 | i = 1; |
2451 | 2479 | if (strcmp(hydra_options.service, "rexec") == 0) |
2452 | 2480 | i = 1; |
2473 | 2501 | i = 1; |
2474 | 2502 | if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { |
2475 | 2503 | i = 2; |
2476 | hydra_options.service=malloc(strlen("oracle-listener")+1); | |
2504 | hydra_options.service = malloc(strlen("oracle-listener") + 1); | |
2477 | 2505 | strcpy(hydra_options.service, "oracle-listener"); |
2478 | 2506 | } |
2479 | 2507 | if ((strcmp(hydra_options.service, "oracle-sid") == 0) || (strcmp(hydra_options.service, "sid") == 0)) { |
2480 | 2508 | i = 3; |
2481 | hydra_options.service=malloc(strlen("oracle-sid")+1); | |
2509 | hydra_options.service = malloc(strlen("oracle-sid") + 1); | |
2482 | 2510 | strcpy(hydra_options.service, "oracle-sid"); |
2483 | 2511 | } |
2484 | 2512 | #ifdef LIBORACLE |
2485 | 2513 | if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { |
2486 | 2514 | i = 1; |
2487 | hydra_options.service=malloc(strlen("oracle")+1); | |
2515 | hydra_options.service = malloc(strlen("oracle") + 1); | |
2488 | 2516 | strcpy(hydra_options.service, "oracle"); |
2489 | 2517 | } |
2490 | 2518 | #endif |
2538 | 2566 | fprintf(stderr, "[INFO] The SVN repository path wasn't passed so using /trunk by default\n"); |
2539 | 2567 | } |
2540 | 2568 | } |
2541 | if (strcmp(hydra_options.service, "ssh") == 0 || strcmp(hydra_options.service, "sshkey") == 0) | |
2569 | if (strcmp(hydra_options.service, "ssh") == 0 || strcmp(hydra_options.service, "sshkey") == 0) { | |
2570 | if (hydra_options.tasks > 8) | |
2571 | fprintf(stderr, "[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\n"); | |
2542 | 2572 | #ifdef LIBSSH |
2543 | 2573 | i = 1; |
2544 | 2574 | #else |
2545 | 2575 | bail("Compiled without LIBSSH v0.4.x support, module is not available!"); |
2546 | 2576 | #endif |
2547 | if (strcmp(hydra_options.service, "smtp") == 0) | |
2548 | i = 1; | |
2577 | } | |
2578 | if (strcmp(hydra_options.service, "smtp") == 0) { | |
2579 | fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); | |
2580 | i = 1; | |
2581 | } | |
2549 | 2582 | if (strcmp(hydra_options.service, "smtp-enum") == 0) |
2550 | 2583 | i = 1; |
2551 | 2584 | if (strcmp(hydra_options.service, "teamspeak") == 0) |
2552 | 2585 | i = 1; |
2553 | ||
2554 | // ADD NEW SERVICES HERE | |
2555 | 2586 | if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { |
2556 | 2587 | if (hydra_options.tasks > 1) { |
2557 | 2588 | fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); |
2621 | 2652 | } |
2622 | 2653 | if (strcmp(hydra_options.service, "snmp") == 0 && hydra_options.miscptr != NULL) { |
2623 | 2654 | char *lptr; |
2655 | ||
2624 | 2656 | j = 1; |
2625 | 2657 | tmpptr = strdup(hydra_options.miscptr); |
2626 | 2658 | lptr = strtok(tmpptr, ":"); |
2627 | while(lptr != NULL) { | |
2659 | while (lptr != NULL) { | |
2628 | 2660 | i = 0; |
2629 | 2661 | if (strcasecmp(lptr, "1") == 0 || strcasecmp(lptr, "2") == 0 || strcasecmp(lptr, "3") == 0) { |
2630 | 2662 | i = 1; |
2631 | 2663 | j = lptr[0] - '0' + (j & 252); |
2632 | } | |
2633 | else if (strcasecmp(lptr, "READ") == 0 || strcasecmp(lptr, "WRITE") == 0 || strcasecmp(lptr, "PLAIN") == 0) | |
2664 | } else if (strcasecmp(lptr, "READ") == 0 || strcasecmp(lptr, "WRITE") == 0 || strcasecmp(lptr, "PLAIN") == 0) | |
2634 | 2665 | i = 1; |
2635 | 2666 | else if (strcasecmp(lptr, "MD5") == 0) { |
2636 | 2667 | i = 1; |
2658 | 2689 | fprintf(stderr, "[WARNING] SNMPv3 is still in beta state, use at own risk and report problems\n"); |
2659 | 2690 | if (j >= 16) |
2660 | 2691 | bail("The SNMPv3 module so far only support authentication (md5/sha), not yet encryption\n"); |
2661 | if (hydra_options.colonfile == NULL && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { | |
2692 | if (hydra_options.colonfile == NULL | |
2693 | && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { | |
2662 | 2694 | if (j > 3) { |
2663 | fprintf(stderr, "[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n"); | |
2695 | fprintf(stderr, | |
2696 | "[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n"); | |
2664 | 2697 | exit(-1); |
2665 | 2698 | } |
2666 | 2699 | fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, NoAuthNoPriv is assumed. This is an unusual case, you should know what you are doing\n"); |
2670 | 2703 | strcat(tmpptr, "PLAIN"); |
2671 | 2704 | hydra_options.miscptr = tmpptr; |
2672 | 2705 | } else { |
2673 | i = 1; // snmpv3 with login+pass mode | |
2706 | i = 1; // snmpv3 with login+pass mode | |
2674 | 2707 | #ifndef LIBOPENSSL |
2675 | 2708 | bail("hydra was not compiled with OPENSSL support, snmpv3 can only be used on NoAuthNoPriv mode (only logins, no passwords)!"); |
2676 | 2709 | #endif |
2677 | printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no"); | |
2710 | printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", | |
2711 | (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no"); | |
2678 | 2712 | } |
2679 | 2713 | } |
2680 | 2714 | } |
2711 | 2745 | if (hydra_options.miscptr == NULL) |
2712 | 2746 | bail("-m option is required to specify the DN\n"); |
2713 | 2747 | } |
2714 | ||
2748 | // ADD NEW SERVICES HERE | |
2749 | if (strcmp(hydra_options.service, "s7-300") == 0) { | |
2750 | if (hydra_options.tasks > 8) { | |
2751 | fprintf(stderr, "[INFO] Reduced number of tasks to 8 (the PLC does not like more connections)\n"); | |
2752 | hydra_options.tasks = 8; | |
2753 | } | |
2754 | i = 2; | |
2755 | } | |
2715 | 2756 | if (strcmp(hydra_options.service, "cisco-enable") == 0) { |
2716 | i = 4; | |
2757 | i = 2; | |
2717 | 2758 | if (hydra_options.login == NULL) |
2718 | 2759 | hydra_options.login = empty_login; |
2719 | 2760 | if (hydra_options.miscptr == NULL) { |
2767 | 2808 | fprintf(stderr, "[WARNING] http-head auth does not work with every server, better use http-get\n"); |
2768 | 2809 | } |
2769 | 2810 | |
2770 | if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 || strcmp(hydra_options.service, "https-post-form") == 0 ) { | |
2811 | if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 | |
2812 | || strcmp(hydra_options.service, "https-post-form") == 0) { | |
2771 | 2813 | char bufferurl[1024], *url, *variables, *cond, *optional1; |
2772 | 2814 | |
2773 | 2815 | if (strncmp(hydra_options.service, "http-", 5) == 0) { |
2774 | 2816 | i = 1; |
2775 | } else { // https | |
2817 | } else { // https | |
2776 | 2818 | #ifdef LIBOPENSSL |
2777 | 2819 | i = 1; |
2778 | 2820 | hydra_options.ssl = 1; |
2799 | 2841 | printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); |
2800 | 2842 | use_proxy = 1; |
2801 | 2843 | } |
2802 | ||
2844 | ||
2803 | 2845 | if (strstr(hydra_options.miscptr, "\\:") != NULL) { |
2804 | 2846 | fprintf(stderr, "[WARNING] escape sequence \\: detected in module option, no parameter verification is performed.\n"); |
2805 | 2847 | } else { |
2808 | 2850 | variables = strtok(NULL, ":"); |
2809 | 2851 | cond = strtok(NULL, ":"); |
2810 | 2852 | optional1 = strtok(NULL, "\n"); |
2811 | if ((variables == NULL ) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL)) { | |
2853 | if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL)) { | |
2812 | 2854 | fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^ or ^PASS^: %s\n", variables); |
2813 | 2855 | exit(-1); |
2814 | 2856 | } |
2822 | 2864 | exit(-1); |
2823 | 2865 | } |
2824 | 2866 | switch (optional1[0]) { |
2825 | case 'C': // fall through | |
2867 | case 'C': // fall through | |
2826 | 2868 | case 'c': |
2827 | 2869 | if (optional1[1] != '=' || optional1[2] != '/') { |
2828 | 2870 | fprintf(stderr, "[ERROR] Wrong syntax of parameter C, must look like 'C=/url/of/page', not http:// etc.: %s\n", optional1); |
2829 | 2871 | exit(-1); |
2830 | 2872 | } |
2831 | 2873 | break; |
2832 | case 'H': // fall through | |
2874 | case 'H': // fall through | |
2833 | 2875 | case 'h': |
2834 | 2876 | if (optional1[1] != '=' || strtok(NULL, ":") == NULL) { |
2835 | 2877 | fprintf(stderr, "[ERROR] Wrong syntax of parameter H, must look like 'H=X-My-Header: MyValue', no http:// : %s\n", optional1); |
2849 | 2891 | i = 1; |
2850 | 2892 | if (strcmp(hydra_options.service, "rdp") == 0) { |
2851 | 2893 | if (hydra_options.tasks > 4) |
2852 | fprintf(stderr, "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n"); | |
2894 | fprintf(stderr, | |
2895 | "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n"); | |
2853 | 2896 | //if (hydra_options.tasks > 4) { |
2854 | 2897 | // fprintf(stderr, "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\n"); |
2855 | 2898 | // hydra_options.tasks = 4; |
2864 | 2907 | fprintf(stderr, "[ERROR] Unknown service: %s\n", hydra_options.service); |
2865 | 2908 | exit(-1); |
2866 | 2909 | } |
2910 | if (port < 1 || port > 65535) { | |
2911 | if ((port = hydra_lookup_port(hydra_options.service)) < 1) { | |
2912 | fprintf(stderr, "[ERROR] No valid port set or no default port available. Use the -s Option.\n"); | |
2913 | exit(-1); | |
2914 | } | |
2915 | hydra_options.port = port; | |
2916 | } | |
2917 | ||
2918 | if (hydra_options.ssl == 1 && strncmp(hydra_options.service, "http-", 5 == 0) && hydra_options.port == 443) | |
2919 | fprintf(stderr, "[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n"); | |
2867 | 2920 | |
2868 | 2921 | if (hydra_options.loop_mode && hydra_options.colonfile != NULL) |
2869 | 2922 | bail("The loop mode option (-u) works with all modes - except colon files (-C)\n"); |
2870 | 2923 | if (strncmp(hydra_options.service, "http-", strlen("http-")) != 0 && strcmp(hydra_options.service, "http-head") != 0 && getenv("HYDRA_PROXY_HTTP") != NULL) |
2871 | 2924 | fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only with the http-head/http-get module, ignored...\n"); |
2872 | 2925 | if (i == 2) { |
2873 | if (hydra_options.colonfile != NULL || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0))) | |
2874 | bail("The cisco, oracle-listener, snmp and vnc modules are only using the -p or -P option, not login (-l, -L) or colon file (-C).\nUse the telnet module for cisco using \"Username:\" authentication.\n"); | |
2926 | if (hydra_options.colonfile != NULL | |
2927 | || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0))) | |
2928 | bail | |
2929 | ("The redis, cisco, oracle-listener, s7-300, snmp and vnc modules are only using the -p or -P option, not login (-l, -L) or colon file (-C).\nUse the telnet module for cisco using \"Username:\" authentication.\n"); | |
2875 | 2930 | if ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass == NULL || hydra_options.passfile == NULL)) { |
2876 | 2931 | hydra_options.pass = hydra_options.login; |
2877 | 2932 | hydra_options.passfile = hydra_options.loginfile; |
2880 | 2935 | hydra_options.loginfile = NULL; |
2881 | 2936 | } |
2882 | 2937 | if (i == 3) { |
2883 | if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL))) | |
2938 | if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 | |
2939 | || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL))) | |
2884 | 2940 | bail("The rsh, oracle-sid login is neither using the -p, -P or -x options nor colon file (-C)\n"); |
2885 | 2941 | if ((hydra_options.login == NULL || hydra_options.loginfile == NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL)) { |
2886 | 2942 | hydra_options.login = hydra_options.pass; |
2899 | 2955 | || (hydra_options.pass != NULL && hydra_options.passfile != NULL))) |
2900 | 2956 | bail("The -C option is standalone, don't use it with -l/L, -p/P or -x!"); |
2901 | 2957 | if ((hydra_options.bfg) |
2902 | && ( (hydra_options.pass != NULL) || (hydra_options.passfile != NULL) | |
2903 | || (hydra_options.colonfile != NULL) ) ) | |
2958 | && ((hydra_options.pass != NULL) || (hydra_options.passfile != NULL) | |
2959 | || (hydra_options.colonfile != NULL))) | |
2904 | 2960 | bail("The -x (password bruteforce generation option) doesn't work with -p/P, -C or -e!\n"); |
2905 | if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL | |
2906 | && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) { | |
2961 | if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 | |
2962 | && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) { | |
2907 | 2963 | // test if the service is smtp-enum as it could be used either with a login+pass or only a login |
2908 | 2964 | if (strstr(hydra_options.service, "smtp-enum") != NULL) |
2909 | 2965 | hydra_options.pass = empty_login; |
2932 | 2988 | exit(-1); |
2933 | 2989 | } |
2934 | 2990 | if (hydra_brains.sizelogin > MAX_BYTES) { |
2935 | fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int)hydra_brains.sizelogin); | |
2991 | fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizelogin); | |
2936 | 2992 | exit(-1); |
2937 | 2993 | } |
2938 | 2994 | login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); |
2957 | 3013 | exit(-1); |
2958 | 3014 | } |
2959 | 3015 | if (hydra_brains.sizepass > MAX_BYTES) { |
2960 | fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int)hydra_brains.sizepass); | |
3016 | fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizepass); | |
2961 | 3017 | exit(-1); |
2962 | 3018 | } |
2963 | 3019 | pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); |
2995 | 3051 | hydra_brains.sizelogin = size_of_data; |
2996 | 3052 | if (hydra_brains.countlogin == 0) |
2997 | 3053 | bail("File for login:password information is empty!"); |
2998 | if (hydra_brains.countlogin > MAX_LINES / 2) { | |
2999 | fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %lu entries.\n", MAX_LINES / 2, hydra_brains.countlogin); | |
3000 | exit(-1); | |
3001 | } | |
3002 | if (hydra_brains.sizelogin > MAX_BYTES / 2) { | |
3003 | fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (unsigned long int)hydra_brains.sizelogin); | |
3004 | exit(-1); | |
3005 | } | |
3054 | if (hydra_brains.countlogin > MAX_LINES / 2) { | |
3055 | fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %lu entries.\n", MAX_LINES / 2, hydra_brains.countlogin); | |
3056 | exit(-1); | |
3057 | } | |
3058 | if (hydra_brains.sizelogin > MAX_BYTES / 2) { | |
3059 | fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (unsigned long int) hydra_brains.sizelogin); | |
3060 | exit(-1); | |
3061 | } | |
3006 | 3062 | csv_ptr = malloc(hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); |
3007 | 3063 | if (csv_ptr == NULL) |
3008 | 3064 | bail("Could not allocate enough memory for colon file data"); |
3023 | 3079 | exit(-1); |
3024 | 3080 | } |
3025 | 3081 | free(memcheck); |
3026 | if (fopen(RESTOREFILE, "r") != NULL) { | |
3082 | if ((rfp = fopen(RESTOREFILE, "r")) != NULL) { | |
3027 | 3083 | fprintf(stderr, "[WARNING] Restorefile (%s) from a previous session found, to prevent overwriting, you have 10 seconds to abort...\n", RESTOREFILE); |
3028 | 3084 | sleep(10); |
3085 | fclose(rfp); | |
3029 | 3086 | } |
3030 | 3087 | |
3031 | 3088 | if (hydra_options.infile_ptr != NULL) { |
3034 | 3091 | hydra_brains.targets = countservers = countinfile = countlines(ifp, 0); |
3035 | 3092 | if (countinfile == 0) |
3036 | 3093 | bail("File for IP addresses is empty!"); |
3037 | hydra_targets = malloc(sizeof(hydra_targets) * (countservers + 1) + 8); | |
3094 | hydra_targets = malloc(sizeof(hydra_targets) * (countservers + 2) + 8); | |
3038 | 3095 | if (hydra_targets == NULL) |
3039 | 3096 | bail("Could not allocate enough memory for target data"); |
3040 | 3097 | sizeinfile = size_of_data; |
3041 | 3098 | if (countinfile > MAX_LINES / 1000) { |
3042 | fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, countinfile); | |
3099 | fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int)countinfile); | |
3043 | 3100 | exit(-1); |
3044 | 3101 | } |
3045 | 3102 | if (sizeinfile > MAX_BYTES / 1000) { |
3046 | fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, sizeinfile); | |
3103 | fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int)sizeinfile); | |
3047 | 3104 | exit(-1); |
3048 | 3105 | } |
3049 | servers_ptr = malloc(sizeinfile + countservers + 8); | |
3106 | if ((servers_ptr = malloc(sizeinfile + countservers + 8)) == NULL) | |
3107 | bail("Could not allocate enough memory for target file data"); | |
3050 | 3108 | memset(servers_ptr, 0, sizeinfile + countservers + 8); |
3051 | if (servers_ptr == NULL) | |
3052 | bail("Could not allocate enough memory for target file data"); | |
3053 | 3109 | fill_mem(servers_ptr, ifp, 0); |
3054 | 3110 | sizeservers = sizeinfile; |
3055 | 3111 | tmpptr = servers_ptr; |
3057 | 3113 | hydra_targets[i] = malloc(sizeof(hydra_target)); |
3058 | 3114 | memset(hydra_targets[i], 0, sizeof(hydra_target)); |
3059 | 3115 | hydra_targets[i]->target = tmpptr; |
3116 | if ((tmpptr2 = index(hydra_targets[i]->target, ':')) != NULL) { | |
3117 | *tmpptr2++ = 0; | |
3118 | hydra_targets[i]->port = atoi(tmpptr2); | |
3119 | if (hydra_targets[i]->port < 1 || hydra_targets[i]->port > 65535) | |
3120 | hydra_targets[i]->port = 0; | |
3121 | } | |
3122 | if (hydra_targets[i]->port == 0) | |
3123 | hydra_targets[i]->port = hydra_options.port; | |
3060 | 3124 | while (*tmpptr != 0) |
3061 | 3125 | tmpptr++; |
3062 | 3126 | tmpptr++; |
3063 | 3127 | } |
3064 | } else { | |
3128 | } else if (index(hydra_options.server, '/') != NULL) { | |
3129 | /* CIDR notation on command line, e.g. 192.168.0.0/24 */ | |
3130 | unsigned int four_from, four_to, addr_cur, addr_cur2, k, l; | |
3131 | in_addr_t addr4; | |
3132 | struct sockaddr_in target; | |
3133 | hydra_options.cidr = 1; | |
3134 | do_retry = 0; | |
3135 | if ((tmpptr = malloc(strlen(hydra_options.server) + 1)) == NULL) { | |
3136 | fprintf(stderr, "Error: can not allocate memory\n"); | |
3137 | exit(-1); | |
3138 | } | |
3139 | strcpy(tmpptr, hydra_options.server); | |
3140 | tmpptr2 = index(tmpptr, '/'); | |
3141 | *tmpptr2++ = 0; | |
3142 | if ((k = atoi(tmpptr2)) < 16 || k > 31) { | |
3143 | fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server); | |
3144 | exit(-1); | |
3145 | } | |
3146 | if ((addr4 = htonl(inet_addr(tmpptr))) == 0xffffffff) { | |
3147 | fprintf(stderr, "Error: option is not a valid IPv4 address: %s\n", tmpptr); | |
3148 | exit(-1); | |
3149 | } | |
3150 | free(tmpptr); | |
3151 | l = 1 << (32 - k); | |
3152 | l--; | |
3153 | four_to = (addr4 | l); | |
3154 | l = 0xffffffff - l; | |
3155 | four_from = (addr4 & l); | |
3156 | l = 1 << (32 - k); | |
3157 | hydra_brains.targets = countservers = l; | |
3158 | hydra_targets = malloc(sizeof(hydra_targets) * (l + 2) + 8); | |
3159 | if (hydra_targets == NULL) | |
3160 | bail("Could not allocate enough memory for target data"); | |
3161 | i = 0; | |
3162 | addr_cur = four_from; | |
3163 | while (addr_cur <= four_to && i < l) { | |
3164 | hydra_targets[i] = malloc(sizeof(hydra_target)); | |
3165 | memset(hydra_targets[i], 0, sizeof(hydra_target)); | |
3166 | addr_cur2 = htonl(addr_cur); | |
3167 | memcpy(&target.sin_addr.s_addr, (char*) &addr_cur2, 4); | |
3168 | hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr) target.sin_addr)); | |
3169 | hydra_targets[i]->port = hydra_options.port; | |
3170 | addr_cur++; | |
3171 | i++; | |
3172 | } | |
3173 | if (verbose) | |
3174 | printf("[VERBOSE] CIDR attack from %s to %s\n", hydra_targets[0]->target, hydra_targets[l - 1]->target); | |
3175 | printf("[WARNING] The CIDR attack mode is still beta. Please report issues.\n"); | |
3176 | } else { // standard: single target on command line | |
3065 | 3177 | countservers = hydra_brains.targets = 1; |
3066 | hydra_targets = malloc(sizeof(hydra_targets)); | |
3178 | hydra_targets = malloc(sizeof(int) * 4); | |
3067 | 3179 | hydra_targets[0] = malloc(sizeof(hydra_target)); |
3068 | 3180 | memset(hydra_targets[0], 0, sizeof(hydra_target)); |
3069 | 3181 | hydra_targets[0]->target = servers_ptr = hydra_options.server; |
3182 | hydra_targets[0]->port = hydra_options.port; | |
3070 | 3183 | sizeservers = strlen(hydra_options.server) + 1; |
3071 | 3184 | } |
3072 | 3185 | for (i = 0; i < hydra_brains.targets; i++) { |
3075 | 3188 | if (hydra_options.loop_mode) { |
3076 | 3189 | if (hydra_options.try_password_same_as_login) |
3077 | 3190 | hydra_targets[i]->pass_state = 0; |
3191 | else if (hydra_options.try_null_password) { | |
3192 | hydra_targets[i]->pass_ptr = empty_login; | |
3193 | hydra_targets[i]->pass_state = 1; | |
3194 | } else if (hydra_options.try_password_reverse_login) | |
3195 | hydra_targets[i]->pass_state = 2; | |
3078 | 3196 | else |
3079 | if (hydra_options.try_null_password) { | |
3080 | hydra_targets[i]->pass_ptr = empty_login; | |
3081 | hydra_targets[i]->pass_state = 1; | |
3082 | } else | |
3083 | if (hydra_options.try_password_reverse_login) | |
3084 | hydra_targets[i]->pass_state = 2; | |
3085 | else | |
3086 | hydra_targets[i]->pass_state = 3; | |
3197 | hydra_targets[i]->pass_state = 3; | |
3087 | 3198 | } |
3088 | 3199 | } |
3089 | 3200 | } // END OF restore == 0 |
3099 | 3210 | if (proxy_string != NULL && proxy_string[0] != 0) { |
3100 | 3211 | if (strstr(proxy_string, "//") != NULL) { |
3101 | 3212 | char *dslash = strstr(proxy_string, "://"); |
3213 | ||
3102 | 3214 | if (dslash) { |
3103 | proxy_string[dslash-proxy_string] = 0; | |
3104 | strncpy(proxy_string_type, proxy_string, sizeof(proxy_string_type)); | |
3105 | } | |
3106 | ||
3107 | proxy_string=dslash; | |
3215 | proxy_string[dslash - proxy_string] = 0; | |
3216 | strncpy(proxy_string_type, proxy_string, sizeof(proxy_string_type) - 1); | |
3217 | proxy_string_type[sizeof(proxy_string_type) - 1] = 0; | |
3218 | } | |
3219 | ||
3220 | proxy_string = dslash; | |
3108 | 3221 | proxy_string += 3; |
3109 | 3222 | } |
3110 | 3223 | if (proxy_string[strlen(proxy_string) - 1] == '/') |
3203 | 3316 | if (hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) { |
3204 | 3317 | if ((hydra_options.tasks = hydra_options.max_use / hydra_brains.targets) == 0) |
3205 | 3318 | hydra_options.tasks = 1; |
3206 | fprintf(stderr, "[WARNING] More tasks defined per server than allowed for maximal connections. Tasks reduced to %d.\n", hydra_options.tasks); | |
3319 | fprintf(stderr, "[WARNING] More tasks defined per server than allowed for maximal connections. Tasks per server reduced to %d.\n", hydra_options.tasks); | |
3207 | 3320 | } else { |
3208 | 3321 | if (hydra_options.tasks > MAXTASKS) { |
3209 | 3322 | fprintf(stderr, "[WARNING] reducing tasks to MAXTASKS (%d)\n", MAXTASKS); |
3213 | 3326 | hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; |
3214 | 3327 | if (hydra_options.max_use > MAXTASKS) |
3215 | 3328 | hydra_options.max_use = MAXTASKS; |
3216 | math2 = hydra_brains.todo_all / hydra_options.tasks; | |
3329 | math2 = (hydra_brains.todo / hydra_options.tasks); | |
3330 | if (hydra_brains.todo % hydra_options.tasks) | |
3331 | math2++; | |
3332 | math2 = (math2 * hydra_brains.targets) / hydra_options.max_use; | |
3217 | 3333 | // set options (bits!) |
3218 | 3334 | options = 0; |
3219 | 3335 | if (hydra_options.ssl) |
3220 | 3336 | options = options | OPTION_SSL; |
3221 | 3337 | if (hydra_options.colonfile != NULL) |
3222 | printf("[DATA] %d task%s, %d server%s, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, math2 == 1 ? "y" : "ies"); | |
3338 | printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, | |
3339 | hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, math2 == 1 ? "y" : "ies"); | |
3223 | 3340 | else |
3224 | printf("[DATA] %d task%s, %d server%s, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_brains.todo, | |
3225 | hydra_brains.todo == 1 ? "y" : "ies", (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); | |
3226 | if (port < 1) | |
3227 | if ((port = hydra_lookup_port(hydra_options.service)) < 1) { | |
3228 | fprintf(stderr, "[ERROR] No valid port set or no default port available. Use the -s Option\n"); | |
3229 | exit(-1); | |
3230 | } | |
3341 | printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, | |
3342 | hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", (unsigned long int) hydra_brains.countlogin, | |
3343 | (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); | |
3231 | 3344 | |
3232 | 3345 | printf("[DATA] attacking service %s on port %d\n", hydra_options.service, port); |
3233 | 3346 | |
3240 | 3353 | hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); |
3241 | 3354 | for (i = 1; i < argc; i++) |
3242 | 3355 | fprintf(hydra_brains.ofp, " %s", argv[i]); |
3243 | fprintf(hydra_brains.ofp, ")\n"); | |
3244 | } | |
3245 | ||
3356 | fprintf(hydra_brains.ofp, ")\n"); | |
3357 | } | |
3246 | 3358 | // we have to flush all writeable buffered file pointers before forking |
3247 | 3359 | // set appropriate signals for mother |
3248 | 3360 | signal(SIGCHLD, killed_childs); |
3249 | signal(SIGTERM, kill_children); | |
3361 | if (debug == 0) | |
3362 | signal(SIGTERM, kill_children); | |
3363 | if (debug == 0) { | |
3250 | 3364 | #ifdef SIGBUS |
3251 | signal(SIGBUS, kill_children); | |
3252 | #endif | |
3253 | if (debug == 0) | |
3365 | signal(SIGBUS, kill_children); | |
3366 | #endif | |
3254 | 3367 | signal(SIGSEGV, kill_children); |
3368 | } | |
3255 | 3369 | signal(SIGHUP, kill_children); |
3256 | 3370 | signal(SIGINT, kill_children); |
3257 | 3371 | signal(SIGPIPE, SIG_IGN); |
3259 | 3373 | printf("[VERBOSE] Resolving addresses ... "); |
3260 | 3374 | if (debug) |
3261 | 3375 | printf("\n"); |
3262 | for (i = 0; i < countservers; i++) { | |
3376 | for (i = 0; i < hydra_brains.targets; i++) { | |
3263 | 3377 | if (debug) |
3264 | 3378 | printf("[DEBUG] resolving %s\n", hydra_targets[i]->target); |
3265 | 3379 | memset(&hints, 0, sizeof(hints)); |
3347 | 3461 | memset(hydra_heads[i], 0, sizeof(hydra_head)); |
3348 | 3462 | } |
3349 | 3463 | } |
3350 | ||
3351 | 3464 | // here we call the init function of the relevant service module |
3352 | 3465 | // should we do the init centrally or should each child do that? |
3353 | 3466 | // that depends largely on the number of targets and maximum tasks |
3354 | if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) | |
3467 | // if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) | |
3355 | 3468 | for (i = 0; i < hydra_brains.targets; i++) |
3356 | 3469 | hydra_service_init(i); |
3357 | 3470 | |
3390 | 3503 | hydra_heads[head_no]->target_no = hydra_select_target(); |
3391 | 3504 | if (debug) |
3392 | 3505 | printf("[DEBUG] child %d got target %d selected\n", head_no, hydra_heads[head_no]->target_no); |
3393 | if (target_no < 0) | |
3394 | hydra_kill_head(head_no, 0, 2); | |
3506 | if (hydra_heads[head_no]->target_no < 0) | |
3507 | hydra_kill_head(head_no, 0, 3); | |
3395 | 3508 | else |
3396 | 3509 | hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1 |
3397 | 3510 | } |
3420 | 3533 | hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; |
3421 | 3534 | // no break here |
3422 | 3535 | case 'n': // mother sends this to itself initially |
3536 | loop_cnt = 0; | |
3423 | 3537 | if (hydra_send_next_pair(hydra_heads[head_no]->target_no, head_no) == -1) { |
3424 | 3538 | hydra_kill_head(head_no, 1, 2); |
3425 | 3539 | } |
3432 | 3546 | if (hydra_heads[j]->active >= 0 && (hydra_heads[j]->target_no == target_no || hydra_options.exit_found == 2)) |
3433 | 3547 | hydra_kill_head(j, 1, 2); // kill all heads working on the target |
3434 | 3548 | if (hydra_targets[hydra_heads[head_no]->target_no]->done == 0) { |
3435 | hydra_targets[hydra_heads[head_no]->target_no]->done = 1; // mark target as done | |
3549 | hydra_targets[hydra_heads[head_no]->target_no]->done = 1; // mark target as done | |
3436 | 3550 | hydra_brains.finished++; |
3437 | 3551 | printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); |
3438 | 3552 | } |
3536 | 3650 | for (j = 0; j < hydra_options.max_use; j++) |
3537 | 3651 | if (hydra_heads[j]->active >= 0) |
3538 | 3652 | k++; |
3539 | printf("[STATUS] %.2f tries/min, %lu tries in %02lu:%02luh, %lu todo in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min | |
3653 | printf("[STATUS] %.2f tries/min, %lu tries in %02lu:%02luh, %lu todo in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min | |
3540 | 3654 | hydra_brains.sent, // tries |
3541 | 3655 | (long unsigned int) ((elapsed_status - starttime) / 3600), // hours |
3542 | 3656 | (long unsigned int) (((elapsed_status - starttime) % 3600) / 60), // minutes |
3543 | hydra_brains.todo_all - hydra_brains.sent < 0 ? 1 : hydra_brains.todo_all - hydra_brains.sent, // left todo | |
3657 | hydra_brains.todo_all - hydra_brains.sent <= 0 ? 1 : hydra_brains.todo_all - hydra_brains.sent, // left todo | |
3544 | 3658 | (long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) |
3545 | 3659 | ) / 3600, // hours |
3546 | 3660 | (((long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) |
3547 | ) % 3600) / 60) + 1, // min | |
3548 | k | |
3549 | ); | |
3661 | ) % 3600) / 60) + 1, // min | |
3662 | k); | |
3663 | hydra_debug(0, "STATUS"); | |
3550 | 3664 | } |
3551 | 3665 | |
3552 | 3666 | exit_condition = hydra_check_for_exit_condition(); |
3570 | 3684 | case 1: |
3571 | 3685 | break; |
3572 | 3686 | case 0: |
3573 | if (hydra_targets[i]->ok == 0) | |
3574 | k++; | |
3575 | else | |
3576 | j++; | |
3687 | if (hydra_targets[i]->ok == 0) | |
3688 | k++; | |
3689 | else | |
3690 | j++; | |
3577 | 3691 | break; |
3578 | 3692 | default: |
3579 | 3693 | error++; |
3582 | 3696 | |
3583 | 3697 | for (i = 0; i < hydra_options.max_use; i++) |
3584 | 3698 | if (hydra_heads[i]->active > 0 && hydra_heads[i]->pid > 0) |
3585 | hydra_kill_head(i, 1, 2); | |
3699 | hydra_kill_head(i, 1, 3); | |
3586 | 3700 | (void) wait3(NULL, WNOHANG, NULL); |
3587 | 3701 | |
3588 | printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s"); | |
3702 | printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", | |
3703 | hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s"); | |
3589 | 3704 | if (error == 0 && j == 0) { |
3590 | 3705 | process_restore = 0; |
3591 | 3706 | unlink(RESTOREFILE); |
3592 | 3707 | } else { |
3593 | printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); | |
3594 | hydra_restore_write(1); | |
3708 | if (hydra_options.cidr == 0) { | |
3709 | printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); | |
3710 | hydra_restore_write(1); | |
3711 | } | |
3595 | 3712 | } |
3596 | 3713 | if (error) { |
3597 | 3714 | fprintf(stderr, "[ERROR] %d target%s disabled because of too many errors\n", error, error == 1 ? " was" : "s were"); |
3605 | 3722 | fprintf(stderr, "[ERROR] %d target%s did not complete\n", j, j == 1 ? "" : "s"); |
3606 | 3723 | error = 1; |
3607 | 3724 | } |
3608 | ||
3609 | 3725 | // yeah we did it |
3610 | 3726 | printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); |
3611 | 3727 | if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) |
113 | 113 | #define PORT_RDP_SSL 3389 |
114 | 114 | #define PORT_ASTERISK 5038 |
115 | 115 | #define PORT_ASTERISK_SSL 5038 |
116 | #define PORT_S7_300 102 | |
117 | #define PORT_S7_300_SSL 102 | |
118 | #define PORT_REDIS 6379 | |
119 | #define PORT_REDIS_SSL 6379 | |
116 | 120 | |
117 | 121 | #define False 0 |
118 | 122 | #define True 1 |
0 | ||
1 | 0 | /* $Id$ |
2 | 1 | Single file NTLM system to create and parse authentication messages. |
3 | 2 | |
1243 | 1242 | free(h); |
1244 | 1243 | } |
1245 | 1244 | |
1246 | void buildAuthResponse(tSmbNtlmAuthChallenge * challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domainname, char *host) { | |
1245 | void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domainname, char *host) { | |
1247 | 1246 | uint8 lmRespData[24]; |
1248 | 1247 | uint8 ntRespData[24]; |
1249 | 1248 | char *u = strdup(user); |
1287 | 1286 | challenge->flags = flags; /* Overide flags! */ |
1288 | 1287 | response->flags = challenge->flags; |
1289 | 1288 | |
1289 | if (w) | |
1290 | free(w); | |
1290 | 1291 | if (d) |
1291 | 1292 | free(d); |
1292 | 1293 | if (u) |
33 | 33 | struct timeval tv; |
34 | 34 | int ret = 0; |
35 | 35 | |
36 | fcntl(fd, F_SETFL, O_NONBLOCK); | |
36 | (void)fcntl(fd, F_SETFL, O_NONBLOCK); | |
37 | 37 | do { |
38 | 38 | FD_ZERO(&fr); |
39 | 39 | FD_SET(fd, &fr); |
156 | 156 | } |
157 | 157 | /* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i, minlen, maxlen, strlen(buf)); */ |
158 | 158 | } |
159 | fclose(in); | |
160 | fclose(out); | |
159 | 161 | |
160 | 162 | return count; |
161 | 163 | } |
362 | 362 | } while ((pbuffer[0] != '\0') && (pbuffer[0] > 31) && (ind < array_size)); |
363 | 363 | |
364 | 364 | //save the latest one |
365 | array[ind] = malloc(currentpos + 1); | |
366 | strncpy(array[ind], buffer + lastpos, currentpos); | |
367 | array[ind][currentpos] = '\0'; | |
368 | ind++; | |
365 | if (ind < array_size) { | |
366 | array[ind] = malloc(currentpos + 1); | |
367 | strncpy(array[ind], buffer + lastpos, currentpos); | |
368 | array[ind][currentpos] = '\0'; | |
369 | ind++; | |
370 | } | |
369 | 371 | |
370 | 372 | for (i = 0; i < ind; i++) { |
371 | 373 | //removing space chars between comma separated value if any |
372 | 374 | while ((array[i] != NULL) && (array[i][0] == ' ')) { |
373 | char *tmp=strdup(array[i]); | |
375 | char *tmp = strdup(array[i]); | |
376 | ||
374 | 377 | memset(array[i], 0, sizeof(array[i])); |
375 | 378 | strcpy(array[i], tmp + 1); |
376 | 379 | free(tmp); |
482 | 485 | memset(algo, 0, sizeof(algo)); |
483 | 486 | strcpy(algo, "MD5"); |
484 | 487 | } |
485 | ||
486 | 488 | //xmpp case, some xmpp server is not sending the realm so we have to set it up |
487 | if ((strlen(realm)==0) && (strstr(type, "xmpp") != NULL)) | |
489 | if ((strlen(realm) == 0) && (strstr(type, "xmpp") != NULL)) | |
488 | 490 | snprintf(realm, sizeof(realm), "%s", miscptr); |
489 | 491 | |
490 | 492 | //compute ha1 |
497 | 499 | |
498 | 500 | //for MD5-sess |
499 | 501 | if (strstr(algo, "5-sess") != NULL) { |
500 | memset(buffer, 0, sizeof(buffer)); | |
502 | buffer[0] = 0; //memset(buffer, 0, sizeof(buffer)); => buffer is char*! | |
501 | 503 | |
502 | 504 | /* per RFC 2617 Errata ID 1649 */ |
503 | 505 | if ((strstr(type, "proxy") != NULL) || (strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) { |
504 | 506 | memset(buffer3, 0, sizeof(buffer3)); |
505 | 507 | pbuffer = buffer3; |
506 | 508 | for (i = 0; i < MD5_DIGEST_LENGTH; i++) { |
507 | sprintf(pbuffer, "%02x", response[i]); | |
508 | pbuffer += 2; | |
509 | sprintf(pbuffer, "%02x", response[i]); | |
510 | pbuffer += 2; | |
509 | 511 | } |
510 | 512 | sprintf(buffer, "%s:%s:%s", buffer3, nonce, "hydra"); |
511 | 513 | } else { |
578 | 580 | snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", preplogin, realm, |
579 | 581 | nonce, algo, type, realm, buffer); |
580 | 582 | } else { |
581 | if (strstr(type, "sip") != NULL) { | |
582 | snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer); | |
583 | } else { | |
584 | if (use_proxy == 1 && proxy_authentication != NULL) | |
585 | snprintf(result, 500, | |
586 | "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", | |
587 | type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication, header); | |
588 | else { | |
589 | if (use_proxy == 1) | |
583 | if (strstr(type, "sip") != NULL) { | |
584 | snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer); | |
585 | } else { | |
586 | if (use_proxy == 1 && proxy_authentication != NULL) | |
590 | 587 | snprintf(result, 500, |
591 | "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", | |
592 | type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); | |
593 | else | |
594 | snprintf(result, 500, | |
595 | "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", | |
596 | type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); | |
588 | "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", | |
589 | type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication, header); | |
590 | else { | |
591 | if (use_proxy == 1) | |
592 | snprintf(result, 500, | |
593 | "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", | |
594 | type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); | |
595 | else | |
596 | snprintf(result, 500, | |
597 | "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", | |
598 | type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); | |
597 | 599 | } |
598 | 600 | } |
599 | 601 | } |
638 | 640 | } |
639 | 641 | |
640 | 642 | /*client-final-message */ |
641 | if (verbose) | |
643 | if (debug) | |
642 | 644 | hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage); |
643 | 645 | |
644 | 646 | //r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096 |
672 | 674 | return; |
673 | 675 | } |
674 | 676 | |
675 | if ((salt != NULL) && (strlen(salt) > 2)) | |
677 | if ((salt != NULL) && (strlen(salt) > 2) && (strlen(salt) <= sizeof(buffer))) | |
676 | 678 | //s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s= |
677 | 679 | strcpy(buffer, salt + 2); |
678 | 680 | else { |
708 | 710 | to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20); |
709 | 711 | |
710 | 712 | snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64); |
711 | if (verbose) | |
713 | if (debug) | |
712 | 714 | hydra_report(stderr, "DEBUG C: %s\n", result); |
713 | 715 | free(preppasswd); |
714 | 716 | } |
Binary diff not shown