Codebase list hydra / 7403d1e
Imported Upstream version 8.0 Julián Moreno Patiño 9 years ago
96 changed file(s) with 7354 addition(s) and 2331 deletion(s). Raw diff Collapse all Expand all
+42
-5
CHANGES less more
00 Changelog for hydra
11 -------------------
2
3 Release 8.0
4 ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
5 * Added module for redis (submitted by Alejandro Ramos, thanks!)
6 * Added patch which adds Unicode support for the SMB module (thanks to Max Kosmach)
7 * Added initial interactive password authentication test for ssh (thanks to Joshua Houghton)
8 * Added patch for xhydra that adds bruteforce generator to the GUI (thanks to Petar Kaleychev)
9 * Target on the command line can now be a CIDR definition, e.g. 192.168.0.0/24
10 * with -M <targetfile>, you can now specify a port for each entry (use "target:port" per line)
11 * Verified that hydra compiles cleanly on QNX / Blackberry 10 :-)
12 * Bugfixes for -x option:
13 - password tries were lost when connection errors happened (thanks to Vineet Kumar for reporting)
14 - fixed crash when used together with -e option
15 * Fixed a bug that hydra would not compile without libssh (introduced in v7.6)
16 * Various bugfixes if many targets where attacked in parallel
17 * Cygwin's Postgresql is working again, hence configure detection re-enabled
18 * Added gcc compilation security options (if detected to be supported by configure script)
19 * Enhancements to the secure compilation options
20 * Checked code with cppcheck and fixed some minor issues.
21 * Checked code with Coverity. Fixed a lot of small and medium issues.
22
23
24 Release 7.6
25 * Added a wizard script for hydra based on a script by Shivang Desai <shivang.ice.2010@gmail.com>
26 * Added module for Siemens S7-300 (submitted by Alexander Timorin and Sergey Gordeychik, thanks!)
27 * HTTP HEAD/GET: MD5 digest auth was not working, fixed (thanks to Paul Kenyon)
28 * SMTP Enum: HELO is now always sent, better 500 error detection
29 * hydra main:
30 - fixed a bug in the IPv6 address parsing when a port was supplied
31 - added info message for pop3, imap and smtp protocol usage
32 * hydra GTK: missed some services, added
33 * dpl4hydra.sh:
34 - added Siemens S7-300 common passwords to default password list
35 - more broad searching in the list
36 * Performed code indention on all C files :-)
37 * Makefile patch to ensure .../etc directory is there (thanks to vonnyfly)
38
239
340 Release 7.5
441 * Moved the license from GPLv3 to AGPLv3 (see LICENSE file)
643 * Added support for Android where some functions are not available
744 * hydra main:
845 - reduced the screen output if run without -h, full screen with -h
9 - fix for ipv6 and port parsing with service://[ipv6address]:port/OPTIONS
46 - fix for IPv6 and port parsing with service://[ipv6address]:port/OPTIONS
1047 - fixed -o output (thanks to www417)
1148 - warning if HYDRA_PROXY is defined but the module does not use it
1249 - fixed an issue with large input files and long entries
2562 disabled on Cygwin
2663
2764
28 Release 7.4.x FIX RELEASES for bugs introduced in 7.4
65 Release 7.4.3 FIX RELEASES for bugs introduced in 7.4
2966 * Quickfix for people who do not have libssh installed (won't compile otherwise)
3067 * Quickfix for http-get/http-head and irc module which would not run due a new feature.
3168 * Fix for the ssh module that breaks an endless loop if a service becomes unavailable (thanks to shark0der(at)gmail(dot)com for reporting)
192229 * Add support for CRAM-MD5 and DIGEST-MD5 auth to ldap module
193230 * Fix SASL PLAIN auth method issue
194231 * Add TLS negotiation support for smtp-auth, pop3, imap, ftp and ldap
195 * Added man pages from debian maintainers
232 * Added man pages from Debian maintainers
196233 * Checked Teamspeak module, works on TS2 protocol
197234 * Add support for SCRAM-SHA1 (RFC 5802), first auth cracker to support it, yeah !
198235 * New module: XMPP with TLS negotiation and LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1 support
214251
215252
216253 Release 6.1
217 * More license updates for the files for the debian guys
254 * More license updates for the files for the Debian guys
218255 * Fix for the configure script to correctly detect postgresql
219256 * Add checks for libssh v0.4 and support for ssh v1
220257 * Merge all latest crypto code in sasl files
222259
223260
224261 Release 6.0
225 * Added GPL exception clause to license to allow linking to OpenSSL - debian people need this
262 * Added GPL exception clause to license to allow linking to OpenSSL - Debian people need this
226263 * IPv6 support finally added. Note: sip and socks5 modules do not support IPv6 yet
227264 * Changes to code and configure script to ensure clean compile on Solaris 11,
228265 OSX, FreeBSD 8.1, Cygwin and Linux
+11
-1
INSTALL less more
0 type "./configure", then "make" and finally "make install"
0 type "./configure", then "make" and finally "sudo make install"
1
2 For special modules you need to install software packages before
3 you run "./configure":
4 Ubuntu/Debian: apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev libncurses5-dev
5 Redhat/Fedora: yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel
6 OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel
7
8 For the Oracle login module, install the basic and SDK packages:
9 http://www.oracle.com/technetwork/database/features/instant-client/index.html
10
+12
-15
Makefile.am less more
00 #
1 # Makefile for Hydra - (c) 2001-2013 by van Hauser / THC <vh@thc.org>
1 # Makefile for Hydra - (c) 2001-2014 by van Hauser / THC <vh@thc.org>
22 #
33 OPTS=-I. -O3
44 # -Wall -g -pedantic
1414 hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \
1515 hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \
1616 hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \
17 hydra-rdp.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c
17 hydra-rdp.c hydra-s7-300.c hydra-redis.c \
18 crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c
1819 OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \
1920 hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \
2021 hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \
2324 hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \
2425 hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \
2526 hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \
26 hydra-http-proxy.o hydra-http-form.o hydra-irc.o \
27 hydra-rdp.o crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o
27 hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \
28 hydra-rdp.o hydra-s7-300.c \
29 crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o
2830 BINS = hydra pw-inspector
2931
3032 EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \
3537 @echo Now type "make install"
3638
3739 hydra: hydra.c $(OBJ)
38 $(CC) $(OPTS) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES)
40 $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES)
3941 @echo
4042 @echo If men could get pregnant, abortion would be a sacrament
4143 @echo
4446 -cd hydra-gtk && sh ./make_xhydra.sh
4547
4648 pw-inspector: pw-inspector.c
47 -$(CC) $(OPTS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c
49 -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c
4850
4951 .c.o:
50 $(CC) $(OPTS) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS)
52 $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS)
5153
5254 strip: all
5355 strip $(BINS)
5456 -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null
5557
5658 install: strip
57 -mkdir -p $(PREFIX)$(DIR)
58 cp -f $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 $(BINS)
59 -mkdir -p $(PREFIX)$(DIR)
60 cp -f hydra-wizard.sh $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 hydra-wizard.sh $(BINS)
5961 -echo OK > /dev/null && test -x xhydra && cp xhydra $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 xhydra || echo OK > /dev/null
60 # -cp -f dpl4hydra.sh ($PREFIX)/dpl4hydra.sh
6162 -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh > $(PREFIX)/bin/dpl4hydra.sh
6263 -chmod 755 $(PREFIX)/bin/dpl4hydra.sh
64 -mkdir -p $(PREFIX)/etc/
6365 -cp -f *.csv $(PREFIX)/etc/
6466 -mkdir -p $(PREFIX)/man/man1
6567 -cp -f hydra.1 xhydra.1 pw-inspector.1 $(PREFIX)/man/man1
6870 rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile
6971 cp -f Makefile.orig Makefile
7072
71 backup:
72 tar czvf ../hydra-dev.tgz *.c *.h README Makefile.am configure TODO CHANGES INSTALL LICENCE
73
74 revise:
75 mv ../hydra-dev.tgz ../hydra-dev-old.tgz
+205
-41
README less more
00
11 H Y D R A
22
3 (c) 2001-2013 by van Hauser / THC
3 (c) 2001-2014 by van Hauser / THC
44 <vh@thc.org> http://www.thc.org
55 co-maintained by David (dot) Maciejak @ gmail (dot) com
66 BFG code by Jan Dlabal <dlabaljan@gmail.com>
77
88 Licensed under AGPLv3 (see LICENSE file)
9
10 Please do not use in military or secret service organizations,
11 or for illegal purposes.
912
1013
1114
2326 either support more than one protocol to attack or support parallized
2427 connects.
2528
26 It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD
27 and OSX.
28
29 Currently this tool supports:
30
29 It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris,
30 FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX.
31
32 Currently this tool supports the following protocols:
3133 Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
3234 HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET,
3335 HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP,
4244
4345
4446
47 WHERE TO GET
48 ------------
49 You can always find the newest release/production version of hydra at its
50 project page at https://www.thc.org/thc-hydra
51 If you are interested in the current development state, the public development
52 repository is at Github:
53 svn co https://github.com/vanhauser-thc/thc-hydra
54 or
55 git clone https://github.com/vanhauser-thc/thc-hydra.git
56 Use the development version at your own risk. It contains new features and
57 new bugs. Things might not work!
58
59
60
4561 HOW TO COMPILE
4662 --------------
47 For hydra, just type:
63 To configure, compile and install hydra, just type:
4864
4965 ./configure
5066 make
5167 make install
5268
53 If you need ssh module support, you have to setup libssh on your system,
54 get it from http://www.libssh.org, for ssh v1 support you also need to add
55 "-DWITH_SSH1=On" option in the cmake command line.
56
57 If you use Ubuntu, this will install supplementary libraries needed for a
58 few optional modules:
69 If you want the ssh module, you have to setup libssh (not libssh2!) on your
70 system, get it from http://www.libssh.org, for ssh v1 support you also need
71 to add "-DWITH_SSH1=On" option in the cmake command line.
72
73 If you use Ubuntu/Debian, this will install supplementary libraries needed
74 for a few optional modules:
5975 apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
6076 libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
6177 firebird2.1-dev libncp-dev
7490 -------------------
7591 All UNIX platforms (linux, *bsd, solaris, etc.)
7692 Mac OS/X
77 Windows with Cygwin (both ipv4 and ipv6)
78 Mobile systems based on Linux or Mac OS/X (e.g. Android, iPhone, Zaurus, iPaq)
93 Windows with Cygwin (both IPv4 and IPv6)
94 Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
7995
8096
8197
8298 HOW TO USE
8399 ----------
84 Type "./configure", followed by "make" to compile hydra and then
85 "./hydra -h" to see the command line options.
86 You make also type "make install" to install hydra to /usr/local/bin.
100 If you just enter "hydra", you will see a short summary of the important
101 options available.
102 Type "./hydra -h" to see all available command line options.
103
87104 Note that NO login/password file is included. Generate them yourself.
105 A default password list is hoever present, use "dpl4hydra.sh" to generate
106 a list.
107
88108 For Linux users, a GTK gui is available, try "./xhydra"
109
110 For the command line usage, the syntax is as follows:
111 For attacking one target or a network, you can use the new "://" style:
112 hydra [some command line options] PROTOCOL://TARGET:PORT/OPTIONS
113 The old mode can be used for these too, and additionally if you want to
114 specify your targets from a text file, you *must* use this one:
115 hydra [some command line options] [-s port] TARGET PROTOCOL OPTIONS
116
117 Via the command line options you specify which logins to try, which passwords,
118 if SSL should be used, how many parallel tasks to use for attacking, etc.
119
120 PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp,
121 http-get or many others are vailable
122 TARGET is the target you want to attack
123 OPTIONS are optional values which are special per PROTOCOL module
124
125 FIRST - select your target
126 you have three options on how to specify the target you want to attack:
127 1. a single target on the command line: just put the IP or DNS address in
128 2. a network range on the command line: CIDR specification like "192.168.0.0/24"
129 3. a list of hosts in a text file: one line per entry (see below)
130
131 SECOND - select your protocol
132 Try to avoid telnet, as it is unreliable to detect a correct or false login attempt.
133 Use a port scanner to see which protocols are enabled on the target.
134
135 THIRD - check if the module has optional parameters
136 hydra -U PROTOCOL
137 e.g. hydra -U smtp
138
139 FOURTH - the destination port
140 this is optional! if no port is supplied the default common port for the
141 PROTOCOL is used.
142 If you specify SSL to use ("-S" option), the SSL common port is used by default.
143
144
145 If you use "://" notation, you must use "[" "]" brackets if you want to supply
146 IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack:
147 hydra [some command line options] ftp://[192.168.0.0/24]/
148 hydra [some command line options] -6 smtp://[2001:db8::1]/NTLM
149
150 Note that everything hydra does is IPv4 only!
151 If you want to attack IPv6 addresses, you must add the "-6" command line option.
152 All attacks are then IPv6 only!
153
154 If you want to supply your targets via a text file, you can not use the ://
155 notation but use the old style and just supply the protocol (and module options):
156 hydra [some command line options] -M targets.txt ftp
157 You can supply also port for each target entry by adding ":<port>" after a
158 target entry in the file, e.g.:
159 foo.bar.com
160 target.com:21
161 unusual.port.com:2121
162 default.used.here.com
163 127.0.0.1
164 127.0.0.1:2121
165
166
167
168 LOGINS AND PASSWORDS
169 --------------------
170 You have many options on how to attack with logins and passwords
171 With -l for login and -p for password you tell hydra that this is the only
172 login and/or password to try.
173 With -L for logins and -P for passwords you supply text files with entries.
174 e.g.:
175 hydra -l admin -p password ftp://localhost/
176 hydra -L default_logins.txt -p test ftp://localhost/
177 hydra -l admin -P common_passwords.txt ftp://localhost/
178 hydra -L logins.txt -P passwords.txt ftp://localhost/
179 Additionally, you can try passwords based on the login via the "-e" option.
180 The "-e" option has three parameters:
181 s - try the login as password
182 n - try an empty password
183 r - reverse the login and try it as password
184 If you want to, e.g. try "try login as password and "empty password", you
185 specify "-e sn" on the command line.
186
187
188 But there are two more modes for trying passwords than -p/-P:
189 You can use text file which where a login and password pair is seperated by a colon,
190 e.g.:
191 admin:password
192 test:test
193 foo:bar
194 This is a common default account style listing, that is also generated by the
195 dpl4hydra.sh default account file generator supplied with hydra.
196 You use such a text file with the -C option - note that in this mode you
197 can not use -l/-L/-p/-P options (-e nsr however you can).
198 Example:
199 hydra -C default_accounts.txt ftp://localhost/
200
201 And finally, there is a bruteforce mode with the -x option (which you can not
202 use with -p/-P/-C):
203 -x minimum_length:maximum_length:charset
204 the charset definition is 'a' for lowercase letters, 'A' for uppercase letters,
205 '1' for numbers and for anything else you supply it is their real representation.
206 Examples:
207 -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
208 -x 2:5:/ generate passwords from length 2 to 5 containing only slashes
209 -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
210 Example:
211 hydra -l ftp -x 3:3:a ftp://localhost/
89212
90213
91214
115238 When hydra is aborted with Control-C, killed or crashs, it leavs a
116239 "hydra.restore" file behind which contains all necessary information to
117240 restore the session. This session file is written every 5 minutes.
118 NOTE: if you are cracking parallel hosts (-M option), this feature doesnt
119 work, and is therefore disabled!
120241 NOTE: the hydra.restore file can NOT be copied to a different platform (e.g.
121242 from little indian to big indian, or from solaris to aix)
122243
202323 David (dot) Maciejak @ gmail (dot) com
203324
204325
205 Type Bits/KeyID Date User ID
206 pub 2048/CDD6A571 1998/04/27 van Hauser / THC <vh@reptile.rug.ac.be>
326 You should use PGP to encrypt emails to vh@thc.org :
207327
208328 -----BEGIN PGP PUBLIC KEY BLOCK-----
209 Version: 2.6.3i
210
211 mQENAzVE0A4AAAEIAOzKPhKBDFDyeTvMKQ1xx6781tEdIYgrkrsUEL6VoJ8H8CIU
212 SeXDuCVu3JlMKITD6nPMFJ/DT0iKHgnHUZGdCQEk/b1YHUYOcig1DPGsg3WeTX7L
213 XL1M4DwqDvPz5QUQ+U+VHuNOUzgxfcjhHsjJj2qorVZ/T5x4k3U960CMJ11eOVNC
214 meD/+c6a2FfLZJG0sJ/kIZ9HUkY/dvXDInOJaalQc1mYjkvfcPsSzas4ddiXiDyc
215 QcKX+HAXIdmT7bjq5+JS6yspnBvIZC55tB7ci2axTjwpkdzJBZIkCoBlWsDXNwyq
216 s70Lo3H9dcaNt4ubz5OMVIvJHFMCEtIGS83WpXEABRG0J3ZhbiBIYXVzZXIgLyBU
217 SEMgPHZoQHJlcHRpbGUucnVnLmFjLmJlPokAlQMFEDVE0D7Kb9wCOxiMfQEBvpAD
218 /3UCDgJs1CNg/zpLhRuUBlYsZ1kimb9cbB/ufL1I4lYM5WMyw+YfGN0p02oY4pVn
219 CQN6ca5OsqeXHWfn7LxBT3lXEPCckd+vb9LPPCzuDPS/zYnOkUXgUQdPo69B04dl
220 C9C1YXcZjplYso2q3NYnuc0lu7WVD0qT52snNUDkd19ciQEVAwUQNUTQDhLSBkvN
221 1qVxAQGRTwgA05OmurXHVByFcvDaBRMhX6pKbTiVKh8HdJa8IdvuqHOcYFZ2L+xZ
222 PAQy2WCqeakvss9Xn9I28/PQZ+6TmqWUmG0qgxe5MwkaXWxszKwRsQ8hH+bcppsZ
223 2/Q3BxSfPege4PPwFWsajnymsnmhdVvvrt69grzJDm+iMK0WR33+RvtgjUj+i22X
224 lpt5hLHufDatQzukMu4R84M1tbGnUCNF0wICrU4U503yCA4DT/1eMoDXI0BQXmM/
225 Ygk9bO2Icy+lw1WPodrWmg4TJhdIgxuYlNLIu6TyqDYxjA/c525cBbdqwoE+YvUI
226 o7CN/bJN0bKg1Y/BMTHEK3mpRLLWxVMRYw==
227 =MdzX
329 Version: GnuPG v3.3.3 (vh@thc.org)
330
331 mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT
332 KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ
333 FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c
334 vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k
335 Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p
336 lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI
337 zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI
338 DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf
339 lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN
340 DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5
341 n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB
342 tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC
343 F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ
344 xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH
345 Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4
346 qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz
347 dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp
348 QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga
349 V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5
350 slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl
351 Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM
352 0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP
353 JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs
354 IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL
355 CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS
356 AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ
357 HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR
358 2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C
359 nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc
360 XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6
361 Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL
362 ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V
363 l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F
364 n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl
365 7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb
366 /hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii
367 tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5
368 Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR
369 gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt
370 x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62
371 0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS
372 +C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw
373 G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA
374 oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr
375 rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC
376 v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5
377 02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv
378 s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ
379 Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK
380 d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP
381 gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y
382 ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP
383 8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd
384 X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD
385 aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN
386 cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC
387 Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR
388 zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni
389 1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT
390 zB3yrr+vYBT0uDWmxwPjiJs=
391 =ytEf
228392 -----END PGP PUBLIC KEY BLOCK-----
+31
-0
TODO less more
0
1 Prio 1:
2 * hydra-smb more than 1 connection?
3 * add help hints?
4 * test teamspeak, icq
5 * check all modules to ensure no check is lost because of a timeout, buf == NULL etc.
6 * optimize smtp module
7 * optimize ssl performance
8 * add snmpv3 privacy support
9 * http: option to specify an url for testing if the login was right or wrong
10 * does hydra-oracle work with service names? (often SIDs do not work anymore)
11
12
13 Prio 2:
14 * add support for IPv6 Link Local Addresses like fe80::1%eth0 for Solaris and *BSD
15 * add crack info when key is pressed
16 * hydra-smb support NTLMv2 (when its fixed)
17 * support for 802.1x EAP via libpcap
18 * TN3270, and TN3270 user enumeration
19 * Support nmap -o and -oM output files
20
21
22 Prio 3:
23 * Specify user-agent for http-form module as extra optional option
24 * ipv6 support for sip
25 * add RIP, OSPF, BGP, PIM
26 * add diameter support
27 * round robin proxy support ?
28 * add tn5250 support
29 * Add Sybase support, using freetds lib (can be used for ms-sql)
30 * Add Informix ?
+14
-13
bfg.c less more
0
01 /* code original by Jan Dlabal <dlabaljan@gmail.com>, partially rewritten by vh */
12
23 #include <stdio.h>
6869
6970 for (; tmp[i]; i++) {
7071 switch (tmp[i]) {
71 case 'a':
72 case 'a':
7273 crs_len += 26;
7374 if (BF_CHARSMAX - crs_len < 1) {
7475 free(bf_options.crs);
8485 }
8586 break;
8687
87 case 'A':
88 case 'A':
8889 crs_len += 26;
8990 if (BF_CHARSMAX - crs_len < 1) {
9091 free(bf_options.crs);
100101 }
101102 break;
102103
103 case '1':
104 case '1':
104105 crs_len += 10;
105106 if (BF_CHARSMAX - crs_len < 1) {
106107 free(bf_options.crs);
116117 }
117118 break;
118119
119 default:
120 default:
120121 if ((tmp[i] >= '2' && tmp[i] <= '9') || tmp[i] == '0') {
121122 if ((flags & BF_NUMS) > 0) {
122123 printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", tmp[i]);
124125 }
125126 printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", tmp[i]);
126127 }
127 if (tolower((int)tmp[i]) >= 'b' && tolower((int)tmp[i]) <= 'z') {
128 if (tolower((int) tmp[i]) >= 'b' && tolower((int) tmp[i]) <= 'z') {
128129 if ((tmp[i] <= 'Z' && (flags & BF_UPPER) > 0) || (tmp[i] > 'Z' && (flags & BF_UPPER) > 0)) {
129130 printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a');
130131 continue;
146147
147148 bf_options.crs_len = crs_len;
148149 bf_options.current = bf_options.from;
149 memset((char*)bf_options.state, 0, sizeof(bf_options.state));
150 memset((char *) bf_options.state, 0, sizeof(bf_options.state));
150151 if (debug)
151152 printf("[DEBUG] bfg INIT: from %d, to %d, len: %d, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs);
152153
166167
167168 char *bf_next() {
168169 int i, pos = bf_options.current - 1;
169
170
170171 if (bf_options.current > bf_options.to)
171 return NULL; // we are done
172
172 return NULL; // we are done
173
173174 if ((bf_options.ptr = malloc(BF_CHARSMAX)) == NULL) {
174175 fprintf(stderr, "Error: Can not allocate memory for -x data!\n");
175176 return NULL;
190191 bf_options.state[pos] = 0;
191192 pos--;
192193 }
193
194
194195 if (pos < 0) {
195196 bf_options.current++;
196 memset((char*)bf_options.state, 0, sizeof(bf_options.state));
197 }
198
197 memset((char *) bf_options.state, 0, sizeof(bf_options.state));
198 }
199
199200 return bf_options.ptr;
200201 }
201202
+36
-10
configure less more
263263 fi
264264
265265 echo "Checking for Postgres (libpq.so, libpq-fe.h) ..."
266 if [ "$SYSO" = "Cygwin" ]; then
267 echo " ... DISABLED - postgres is buggy in Cygwin at the moment"
268 POSTGRES_PATH=""
269 POSTGRES_IPATH=""
270 else
266 #if [ "$SYSO" = "Cygwin" ]; then
267 # echo " ... DISABLED - postgres is buggy in Cygwin at the moment"
268 # POSTGRES_PATH=""
269 # POSTGRES_IPATH=""
270 #else
271271 for i in $LIBDIRS ; do
272272 if [ "X" = "X$POSTGRES_PATH" ]; then
273273 if [ -f "$i/libpq.so" -o -f "$i/libpq.dylib" -o -f "$i/libpq.a" ]; then
312312 POSTGRES_PATH=""
313313 POSTGRES_IPATH=""
314314 fi
315 fi
315 #fi
316316
317317 echo "Checking for SVN (libsvn_client-1 libapr-1.so libaprutil-1.so) ..."
318318 for i in $LIBDIRS ; do
335335 fi
336336 fi
337337 if [ "X" = "X$SVN_PATH" ]; then
338 TMP_LIB=`/bin/ls $i/libsvn_client*.so* 2> /dev/null | grep libsvn_client.`
339 if [ -n "$TMP_LIB" ]; then
338 TMP_LIB1=`/bin/ls $i/libsvn_client*.so* 2> /dev/null | grep libsvn_client.`
339 TMP_LIB2=`/bin/ls $i/libapr-1*.so* 2> /dev/null | grep libsvn_client.`
340 TMP_LIB3=`/bin/ls $i/libaprutil-1*.so* 2> /dev/null | grep libsvn_client.`
341 if [ -n "$TMP_LIB1" -a -n "$TMP_LIB2" -a -n "$TMP_LIB3" ]; then
340342 SVN_PATH="$i"
341343 APR_PATH="$i"
342344 fi
343345 fi
344346 if [ "X" = "X$SVN_PATH" ]; then
345 TMP_LIB=`/bin/ls $i/libsvn_client*.dll* 2> /dev/null | grep libsvn_client.`
346 if [ -n "$TMP_LIB" ]; then
347 TMP_LIB1=`/bin/ls $i/libsvn_client*.dll* 2> /dev/null | grep libsvn_client.`
348 TMP_LIB2=`/bin/ls $i/libapr-1*.dll* 2> /dev/null | grep libsvn_client.`
349 TMP_LIB3=`/bin/ls $i/libaprutil-1*.dll* 2> /dev/null | grep libsvn_client.`
350 if [ -n "$TMP_LIB1" -a -n "$TMP_LIB2" -a -n "$TMP_LIB3" ]; then
347351 SVN_PATH="$i"
348352 APR_PATH="$i"
349353 fi
821825 rm -f $TMPC $TMPC.c
822826 echo " ... RSA_generate_key()$RSA found"
823827 fi
828
829 echo "Checking for secure compile option support in gcc ..."
830 GCCSEC="no"
831 LDSEC="no"
832 GCCSECOPT="-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
833 echo '#include <stdio.h>' > $TMPC.c
834 echo 'int main() { printf(""); return 0; }' >> $TMPC.c
835 gcc -pie -fPIE $GCCSEPOPT -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err
836 test -x $TMPC && GCCSEC="yes"
837 grep -q fPI $TMPC.c.err || GCCSECOPT="-pie -fPIE $GCCSECOPT"
838 rm -f "$TMPC"
839 gcc $GCCSECOPT -Wl,-z,now -Wl,-z,relro -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err
840 test -x $TMPC && { LDSEC="yes" ; GCCSECOPT="$GCCSECOPT -Wl,-z,now -Wl,-z,relro" ; }
841 rm -f $TMPC $TMPC.c $TMPC.c.err
842 echo " Compiling... $GCCSEC"
843 echo " Linking... $LDSEC"
824844
825845 echo
826846 XDEFINES=""
10291049 echo HYDRA_LOGO= >> Makefile
10301050 echo PWI_LOGO= >> Makefile
10311051 fi
1052 if [ "$GCCSEC" = "yes" ]; then
1053 echo "SEC=$GCCSECOPT" >> Makefile
1054 else
1055 echo "SEC=" >> Makefile
1056 fi
1057 echo >> Makefile
10321058 if [ "x$NOSTRIP" = "x" ]; then
10331059 cat Makefile.am >> Makefile
10341060 else
+1
-3
d3des.c less more
171171 return;
172172 }
173173
174 void des(inblock, outblock)
175 unsigned char *inblock, *outblock;
176 {
174 void des(unsigned char *inblock, unsigned char *outblock) {
177175 unsigned long work[2];
178176
179177 scrunch(inblock, work);
+5
-5
dpl4hydra.sh less more
110110
111111 generate ()
112112 {
113 HYDRAFILE=`echo dpl4hydra_${BRAND}.lst | sed 's/ /_/g'`
113 HYDRAFILE=`echo "dpl4hydra_${BRAND}.lst" | tr '/ =:@\\|;<>"'"'" '_____________'`
114114
115115 if [ ! -r $FULLFILE ]; then
116116 echo
132132 cat $FULLFILE 2>/dev/null | grep -i "$PATTERN" | awk -F"," '{ print $5":"$6 }' | sed 's/^[ \t]*//' | sed 's/[ \t]*$//' | sort | uniq > $HYDRAFILE
133133
134134 ENTRIES=`wc -l $HYDRAFILE | awk '{ print $1 }'`
135 if [ $ENTRIES -eq 0 ]; then
135 if [ "$ENTRIES" -eq 0 ]; then
136136 rm -f $HYDRAFILE
137137 echo
138138 echo "ERROR: No matching entries found for $BRAND systems." >&2
140140 echo
141141 exit 1
142142 else
143 if [ $ENTRIES -eq 1 ]; then
143 if [ "$ENTRIES" -eq 1 ]; then
144144 echo
145145 echo "File $HYDRAFILE was created with one entry."
146146 echo
180180 "-a" | "all" | "-all" | "--all") PATTERN=","
181181 BRAND="all"
182182 generate;;
183 *) PATTERN="^${OPT},"
184 BRAND=$OPT
183 *) PATTERN="${OPT}"
184 BRAND="$OPT"
185185 generate;;
186186 esac
+1890
-0
dpl4hydra_full.csv less more
69146914 zyxel,linux,4,http://192.168.1.1:8080,user,mr37net,root,-,
69156915 zyxel,p-660hw,t1,http://192.168.1.1,,,admin,,
69166916 zyxel,zyxer,cable moden,http:192.168.1.1:8080,webadmin,1234,user,desprogamado,
6917 siemens s7-300,,,,,',,,
6918 siemens s7-300,,,,,'',,,
6919 siemens s7-300,,,,,''',,,
6920 siemens s7-300,,,,,'''',,,
6921 siemens s7-300,,,,,''''',,,
6922 siemens s7-300,,,,,'''''',,,
6923 siemens s7-300,,,,,''''''',,,
6924 siemens s7-300,,,,,'''''''',,,
6925 siemens s7-300,,,,,-,,,
6926 siemens s7-300,,,,,--,,,
6927 siemens s7-300,,,,,---,,,
6928 siemens s7-300,,,,,----,,,
6929 siemens s7-300,,,,,-----,,,
6930 siemens s7-300,,,,,------,,,
6931 siemens s7-300,,,,,-------,,,
6932 siemens s7-300,,,,,--------,,,
6933 siemens s7-300,,,,,!manage,,,
6934 siemens s7-300,,,,,!MANAGE,,,
6935 siemens s7-300,,,,,$secure$,,,
6936 siemens s7-300,,,,,*,,,
6937 siemens s7-300,,,,,**,,,
6938 siemens s7-300,,,,,***,,,
6939 siemens s7-300,,,,,****,,,
6940 siemens s7-300,,,,,*****,,,
6941 siemens s7-300,,,,,******,,,
6942 siemens s7-300,,,,,*******,,,
6943 siemens s7-300,,,,,********,,,
6944 siemens s7-300,,,,,,,,,
6945 siemens s7-300,,,,,,,,,,
6946 siemens s7-300,,,,,,,,,,,
6947 siemens s7-300,,,,,,,,,,,,
6948 siemens s7-300,,,,,,,,,,,,,
6949 siemens s7-300,,,,,,,,,,,,,,
6950 siemens s7-300,,,,,,,,,,,,,,,
6951 siemens s7-300,,,,,,,,,,,,,,,,
6952 siemens s7-300,,,,,.,,,
6953 siemens s7-300,,,,,..,,,
6954 siemens s7-300,,,,,...,,,
6955 siemens s7-300,,,,,....,,,
6956 siemens s7-300,,,,,.....,,,
6957 siemens s7-300,,,,,......,,,
6958 siemens s7-300,,,,,.......,,,
6959 siemens s7-300,,,,,........,,,
6960 siemens s7-300,,,,,/,,,
6961 siemens s7-300,,,,,//,,,
6962 siemens s7-300,,,,,///,,,
6963 siemens s7-300,,,,,////,,,
6964 siemens s7-300,,,,,/////,,,
6965 siemens s7-300,,,,,//////,,,
6966 siemens s7-300,,,,,///////,,,
6967 siemens s7-300,,,,,////////,,,
6968 siemens s7-300,,,,,;,,,
6969 siemens s7-300,,,,,;;,,,
6970 siemens s7-300,,,,,;;;,,,
6971 siemens s7-300,,,,,;;;;,,,
6972 siemens s7-300,,,,,;;;;;,,,
6973 siemens s7-300,,,,,;;;;;;,,,
6974 siemens s7-300,,,,,;;;;;;;,,,
6975 siemens s7-300,,,,,;;;;;;;;,,,
6976 siemens s7-300,,,,,@#$123,,,
6977 siemens s7-300,,,,,[,,,
6978 siemens s7-300,,,,,[[,,,
6979 siemens s7-300,,,,,[[[,,,
6980 siemens s7-300,,,,,[[[[,,,
6981 siemens s7-300,,,,,[[[[[,,,
6982 siemens s7-300,,,,,[[[[[[,,,
6983 siemens s7-300,,,,,[[[[[[[,,,
6984 siemens s7-300,,,,,[[[[[[[[,,,
6985 siemens s7-300,,,,,],,,
6986 siemens s7-300,,,,,]],,,
6987 siemens s7-300,,,,,]]],,,
6988 siemens s7-300,,,,,]]]],,,
6989 siemens s7-300,,,,,]]]]],,,
6990 siemens s7-300,,,,,]]]]]],,,
6991 siemens s7-300,,,,,]]]]]]],,,
6992 siemens s7-300,,,,,]]]]]]]],,,
6993 siemens s7-300,,,,,_Cisco,,,
6994 siemens s7-300,,,,,`,,,
6995 siemens s7-300,,,,,``,,,
6996 siemens s7-300,,,,,```,,,
6997 siemens s7-300,,,,,````,,,
6998 siemens s7-300,,,,,`````,,,
6999 siemens s7-300,,,,,``````,,,
7000 siemens s7-300,,,,,```````,,,
7001 siemens s7-300,,,,,````````,,,
7002 siemens s7-300,,,,,+,,,
7003 siemens s7-300,,,,,++,,,
7004 siemens s7-300,,,,,+++,,,
7005 siemens s7-300,,,,,++++,,,
7006 siemens s7-300,,,,,+++++,,,
7007 siemens s7-300,,,,,++++++,,,
7008 siemens s7-300,,,,,+++++++,,,
7009 siemens s7-300,,,,,++++++++,,,
7010 siemens s7-300,,,,,=,,,
7011 siemens s7-300,,,,,==,,,
7012 siemens s7-300,,,,,===,,,
7013 siemens s7-300,,,,,====,,,
7014 siemens s7-300,,,,,=====,,,
7015 siemens s7-300,,,,,======,,,
7016 siemens s7-300,,,,,=======,,,
7017 siemens s7-300,,,,,========,,,
7018 siemens s7-300,,,,,0,,,
7019 siemens s7-300,,,,,00,,,
7020 siemens s7-300,,,,,000,,,
7021 siemens s7-300,,,,,0000,,,
7022 siemens s7-300,,,,,00000,,,
7023 siemens s7-300,,,,,000000,,,
7024 siemens s7-300,,,,,0000000,,,
7025 siemens s7-300,,,,,00000000,,,
7026 siemens s7-300,,,,,00000001,,,
7027 siemens s7-300,,,,,0000001,,,
7028 siemens s7-300,,,,,000001,,,
7029 siemens s7-300,,,,,00001,,,
7030 siemens s7-300,,,,,0001,,,
7031 siemens s7-300,,,,,001,,,
7032 siemens s7-300,,,,,050952,,,
7033 siemens s7-300,,,,,0P3N,,,
7034 siemens s7-300,,,,,1,,,
7035 siemens s7-300,,,,,100,,,
7036 siemens s7-300,,,,,1000,,,
7037 siemens s7-300,,,,,10000,,,
7038 siemens s7-300,,,,,100000,,,
7039 siemens s7-300,,,,,1000000,,,
7040 siemens s7-300,,,,,10000000,,,
7041 siemens s7-300,,,,,10041979,,,
7042 siemens s7-300,,,,,1064,,,
7043 siemens s7-300,,,,,11,,,
7044 siemens s7-300,,,,,111,,,
7045 siemens s7-300,,,,,1111,,,
7046 siemens s7-300,,,,,11111,,,
7047 siemens s7-300,,,,,111111,,,
7048 siemens s7-300,,,,,1111111,,,
7049 siemens s7-300,,,,,11111111,,,
7050 siemens s7-300,,,,,11112222,,,
7051 siemens s7-300,,,,,112233,,,
7052 siemens s7-300,,,,,11223344,,,
7053 siemens s7-300,,,,,123,,,
7054 siemens s7-300,,,,,123123,,,
7055 siemens s7-300,,,,,12314500,,,
7056 siemens s7-300,,,,,123321,,,
7057 siemens s7-300,,,,,1234,,,
7058 siemens s7-300,,,,,12344321,,,
7059 siemens s7-300,,,,,12345,,,
7060 siemens s7-300,,,,,123456,,,
7061 siemens s7-300,,,,,1234567,,,
7062 siemens s7-300,,,,,12345678,,,
7063 siemens s7-300,,,,,12348765,,,
7064 siemens s7-300,,,,,123654,,,
7065 siemens s7-300,,,,,123asd,,,
7066 siemens s7-300,,,,,123ASD,,,
7067 siemens s7-300,,,,,123qwe,,,
7068 siemens s7-300,,,,,123QWE,,,
7069 siemens s7-300,,,,,1246,,,
7070 siemens s7-300,,,,,128bit,,,
7071 siemens s7-300,,,,,128BIT,,,
7072 siemens s7-300,,,,,1313,,,
7073 siemens s7-300,,,,,1502,,,
7074 siemens s7-300,,,,,151298,,,
7075 siemens s7-300,,,,,166816,,,
7076 siemens s7-300,,,,,180497,,,
7077 siemens s7-300,,,,,1890agb,,,
7078 siemens s7-300,,,,,1890AGB,,,
7079 siemens s7-300,,,,,1954,,,
7080 siemens s7-300,,,,,1G2W3E,,,
7081 siemens s7-300,,,,,1q2w3e,,,
7082 siemens s7-300,,,,,2,,,
7083 siemens s7-300,,,,,21,,,
7084 siemens s7-300,,,,,21241036,,,
7085 siemens s7-300,,,,,2128506,,,
7086 siemens s7-300,,,,,22,,,
7087 siemens s7-300,,,,,222,,,
7088 siemens s7-300,,,,,2222,,,
7089 siemens s7-300,,,,,22222,,,
7090 siemens s7-300,,,,,222222,,,
7091 siemens s7-300,,,,,2222222,,,
7092 siemens s7-300,,,,,22222222,,,
7093 siemens s7-300,,,,,266344,,,
7094 siemens s7-300,,,,,281067,,,
7095 siemens s7-300,,,,,281068,,,
7096 siemens s7-300,,,,,2BW9,,,
7097 siemens s7-300,,,,,2WSXcder,,,
7098 siemens s7-300,,,,,3,,,
7099 siemens s7-300,,,,,31994,,,
7100 siemens s7-300,,,,,321,,,
7101 siemens s7-300,,,,,33,,,
7102 siemens s7-300,,,,,333,,,
7103 siemens s7-300,,,,,3333,,,
7104 siemens s7-300,,,,,33333,,,
7105 siemens s7-300,,,,,333333,,,
7106 siemens s7-300,,,,,3333333,,,
7107 siemens s7-300,,,,,33333333,,,
7108 siemens s7-300,,,,,3477,,,
7109 siemens s7-300,,,,,355025,,,
7110 siemens s7-300,,,,,3597,,,
7111 siemens s7-300,,,,,3ascotel,,,
7112 siemens s7-300,,,,,3ASCOTEL,,,
7113 siemens s7-300,,,,,3ep5w2u,,,
7114 siemens s7-300,,,,,3orro,,,
7115 siemens s7-300,,,,,3ORRO,,,
7116 siemens s7-300,,,,,3ware,,,
7117 siemens s7-300,,,,,3WARE,,,
7118 siemens s7-300,,,,,4,,,
7119 siemens s7-300,,,,,42296795,,,
7120 siemens s7-300,,,,,4321,,,
7121 siemens s7-300,,,,,44,,,
7122 siemens s7-300,,,,,444,,,
7123 siemens s7-300,,,,,4444,,,
7124 siemens s7-300,,,,,44444,,,
7125 siemens s7-300,,,,,444444,,,
7126 siemens s7-300,,,,,4444444,,,
7127 siemens s7-300,,,,,44444444,,,
7128 siemens s7-300,,,,,4ert,,,
7129 siemens s7-300,,,,,4ERT,,,
7130 siemens s7-300,,,,,4G5K,,,
7131 siemens s7-300,,,,,4G7S,,,
7132 siemens s7-300,,,,,4getme2,,,
7133 siemens s7-300,,,,,4tas,,,
7134 siemens s7-300,,,,,4TAS,,,
7135 siemens s7-300,,,,,5,,,
7136 siemens s7-300,,,,,5001,,,
7137 siemens s7-300,,,,,5150,,,
7138 siemens s7-300,,,,,5201314,,,
7139 siemens s7-300,,,,,54321,,,
7140 siemens s7-300,,,,,55,,,
7141 siemens s7-300,,,,,55055,,,
7142 siemens s7-300,,,,,555,,,
7143 siemens s7-300,,,,,5555,,,
7144 siemens s7-300,,,,,55555,,,
7145 siemens s7-300,,,,,555555,,,
7146 siemens s7-300,,,,,5555555,,,
7147 siemens s7-300,,,,,55555555,,,
7148 siemens s7-300,,,,,56789,,,
7149 siemens s7-300,,,,,5693,,,
7150 siemens s7-300,,,,,5777364,,,
7151 siemens s7-300,,,,,5860,,,
7152 siemens s7-300,,,,,589589,,,
7153 siemens s7-300,,,,,6,,,
7154 siemens s7-300,,,,,60587,,,
7155 siemens s7-300,,,,,654321,,,
7156 siemens s7-300,,,,,66,,,
7157 siemens s7-300,,,,,666,,,
7158 siemens s7-300,,,,,6666,,,
7159 siemens s7-300,,,,,66666,,,
7160 siemens s7-300,,,,,666666,,,
7161 siemens s7-300,,,,,6666666,,,
7162 siemens s7-300,,,,,66666666,,,
7163 siemens s7-300,,,,,66808920,,,
7164 siemens s7-300,,,,,6969,,,
7165 siemens s7-300,,,,,7,,,
7166 siemens s7-300,,,,,7654321,,,
7167 siemens s7-300,,,,,77,,,
7168 siemens s7-300,,,,,777,,,
7169 siemens s7-300,,,,,7777,,,
7170 siemens s7-300,,,,,77777,,,
7171 siemens s7-300,,,,,777777,,,
7172 siemens s7-300,,,,,7777777,,,
7173 siemens s7-300,,,,,77777777,,,
7174 siemens s7-300,,,,,7SH4,,,
7175 siemens s7-300,,,,,8,,,
7176 siemens s7-300,,,,,8111,,,
7177 siemens s7-300,,,,,8429,,,
7178 siemens s7-300,,,,,851141,,,
7179 siemens s7-300,,,,,86844,,,
7180 siemens s7-300,,,,,8746550,,,
7181 siemens s7-300,,,,,87654321,,,
7182 siemens s7-300,,,,,88,,,
7183 siemens s7-300,,,,,888,,,
7184 siemens s7-300,,,,,8888,,,
7185 siemens s7-300,,,,,88888,,,
7186 siemens s7-300,,,,,888888,,,
7187 siemens s7-300,,,,,8888888,,,
7188 siemens s7-300,,,,,88888888,,,
7189 siemens s7-300,,,,,88981684,,,
7190 siemens s7-300,,,,,9,,,
7191 siemens s7-300,,,,,901100,,,
7192 siemens s7-300,,,,,99,,,
7193 siemens s7-300,,,,,999,,,
7194 siemens s7-300,,,,,9999,,,
7195 siemens s7-300,,,,,99999,,,
7196 siemens s7-300,,,,,999999,,,
7197 siemens s7-300,,,,,9999999,,,
7198 siemens s7-300,,,,,99999999,,,
7199 siemens s7-300,,,,,9W5K,,,
7200 siemens s7-300,,,,,a,,,
7201 siemens s7-300,,,,,A,,,
7202 siemens s7-300,,,,,a/d,,,
7203 siemens s7-300,,,,,A/D,,,
7204 siemens s7-300,,,,,aa,,,
7205 siemens s7-300,,,,,AA,,,
7206 siemens s7-300,,,,,aaa,,,
7207 siemens s7-300,,,,,AAA,,,
7208 siemens s7-300,,,,,aaaa,,,
7209 siemens s7-300,,,,,AAAA,,,
7210 siemens s7-300,,,,,aaaaa,,,
7211 siemens s7-300,,,,,AAAAA,,,
7212 siemens s7-300,,,,,aaaaaa,,,
7213 siemens s7-300,,,,,AAAAAA,,,
7214 siemens s7-300,,,,,aaaaaaa,,,
7215 siemens s7-300,,,,,AAAAAAA,,,
7216 siemens s7-300,,,,,aaaaaaaa,,,
7217 siemens s7-300,,,,,AAAAAAAA,,,
7218 siemens s7-300,,,,,aabbcc,,,
7219 siemens s7-300,,,,,AABBCC,,,
7220 siemens s7-300,,,,,aaeon,,,
7221 siemens s7-300,,,,,AAEON,,,
7222 siemens s7-300,,,,,aavid,,,
7223 siemens s7-300,,,,,AAVID,,,
7224 siemens s7-300,,,,,ab,,,
7225 siemens s7-300,,,,,AB,,,
7226 siemens s7-300,,,,,abb,,,
7227 siemens s7-300,,,,,ABB,,,
7228 siemens s7-300,,,,,abc,,,
7229 siemens s7-300,,,,,ABC,,,
7230 siemens s7-300,,,,,abc123,,,
7231 siemens s7-300,,,,,ABC123,,,
7232 siemens s7-300,,,,,abcd,,,
7233 siemens s7-300,,,,,ABCD,,,
7234 siemens s7-300,,,,,abcde,,,
7235 siemens s7-300,,,,,ABCDE,,,
7236 siemens s7-300,,,,,ABCDEF,,,
7237 siemens s7-300,,,,,abcdefg,,,
7238 siemens s7-300,,,,,ABCDEFG,,,
7239 siemens s7-300,,,,,abcdefgh,,,
7240 siemens s7-300,,,,,ABCDEFGH,,,
7241 siemens s7-300,,,,,abelconn,,,
7242 siemens s7-300,,,,,ABELCONN,,,
7243 siemens s7-300,,,,,abov,,,
7244 siemens s7-300,,,,,ABOV,,,
7245 siemens s7-300,,,,,abracon,,,
7246 siemens s7-300,,,,,ABRACON,,,
7247 siemens s7-300,,,,,absopuls,,,
7248 siemens s7-300,,,,,ABSOPULS,,,
7249 siemens s7-300,,,,,abtech,,,
7250 siemens s7-300,,,,,ABTECH,,,
7251 siemens s7-300,,,,,abunlock,,,
7252 siemens s7-300,,,,,ABUNLOCK,,,
7253 siemens s7-300,,,,,acam,,,
7254 siemens s7-300,,,,,ACAM,,,
7255 siemens s7-300,,,,,acc,,,
7256 siemens s7-300,,,,,ACC,,,
7257 siemens s7-300,,,,,access,,,
7258 siemens s7-300,,,,,ACCESS,,,
7259 siemens s7-300,,,,,accord,,,
7260 siemens s7-300,,,,,ACCORD,,,
7261 siemens s7-300,,,,,acon,,,
7262 siemens s7-300,,,,,ACON,,,
7263 siemens s7-300,,,,,acopian,,,
7264 siemens s7-300,,,,,ACOPIAN,,,
7265 siemens s7-300,,,,,acp,,,
7266 siemens s7-300,,,,,ACP,,,
7267 siemens s7-300,,,,,actel,,,
7268 siemens s7-300,,,,,ACTEL,,,
7269 siemens s7-300,,,,,activex,,,
7270 siemens s7-300,,,,,ACTIVEX,,,
7271 siemens s7-300,,,,,adactus,,,
7272 siemens s7-300,,,,,ADACTUS,,,
7273 siemens s7-300,,,,,adam,,,
7274 siemens s7-300,,,,,ADAM,,,
7275 siemens s7-300,,,,,adc,,,
7276 siemens s7-300,,,,,ADC,,,
7277 siemens s7-300,,,,,adcdef,,,
7278 siemens s7-300,,,,,adda,,,
7279 siemens s7-300,,,,,ADDA,,,
7280 siemens s7-300,,,,,adels,,,
7281 siemens s7-300,,,,,ADELS,,,
7282 siemens s7-300,,,,,adfexc,,,
7283 siemens s7-300,,,,,ADFEXC,,,
7284 siemens s7-300,,,,,adi,,,
7285 siemens s7-300,,,,,ADI,,,
7286 siemens s7-300,,,,,admin,,,
7287 siemens s7-300,,,,,ADMIN,,,
7288 siemens s7-300,,,,,admin123,,,
7289 siemens s7-300,,,,,ADMIN123,,,
7290 siemens s7-300,,,,,adminttd,,,
7291 siemens s7-300,,,,,ADMINTTD,,,
7292 siemens s7-300,,,,,adslroot,,,
7293 siemens s7-300,,,,,ADSLROOT,,,
7294 siemens s7-300,,,,,adtran,,,
7295 siemens s7-300,,,,,ADTRAN,,,
7296 siemens s7-300,,,,,advanced,,,
7297 siemens s7-300,,,,,ADVANCED,,,
7298 siemens s7-300,,,,,advantec,,,
7299 siemens s7-300,,,,,ADVANTEC,,,
7300 siemens s7-300,,,,,aeg mis,,,
7301 siemens s7-300,,,,,AEG MIS,,,
7302 siemens s7-300,,,,,aeg,,,
7303 siemens s7-300,,,,,AEG,,,
7304 siemens s7-300,,,,,AEM,,,
7305 siemens s7-300,,,,,aem,,,
7306 siemens s7-300,,,,,aeroflex,,,
7307 siemens s7-300,,,,,Aeroflex,,,
7308 siemens s7-300,,,,,AEROFLEX,,,
7309 siemens s7-300,,,,,aft,,,
7310 siemens s7-300,,,,,AFT,,,
7311 siemens s7-300,,,,,aitech,,,
7312 siemens s7-300,,,,,AITECH,,,
7313 siemens s7-300,,,,,akiwa,,,
7314 siemens s7-300,,,,,AKIWA,,,
7315 siemens s7-300,,,,,albright,,,
7316 siemens s7-300,,,,,ALBRIGHT,,,
7317 siemens s7-300,,,,,alcor,,,
7318 siemens s7-300,,,,,ALCOR,,,
7319 siemens s7-300,,,,,aleph,,,
7320 siemens s7-300,,,,,ALEPH,,,
7321 siemens s7-300,,,,,ALFA,,,
7322 siemens s7-300,,,,,alfaMag,,,
7323 siemens s7-300,,,,,ALFAMAG,,,
7324 siemens s7-300,,,,,alfa'r,,,
7325 siemens s7-300,,,,,ALFA'R,,,
7326 siemens s7-300,,,,,alfatron,,,
7327 siemens s7-300,,,,,ALFATRON,,,
7328 siemens s7-300,,,,,ali,,,
7329 siemens s7-300,,,,,ALI,,,
7330 siemens s7-300,,,,,all,,,
7331 siemens s7-300,,,,,ALL,,,
7332 siemens s7-300,,,,,allegro,,,
7333 siemens s7-300,,,,,ALLEGRO,,,
7334 siemens s7-300,,,,,allen,,,
7335 siemens s7-300,,,,,ALLEN,,,
7336 siemens s7-300,,,,,alliance,,,
7337 siemens s7-300,,,,,ALLIANCE,,,
7338 siemens s7-300,,,,,allied,,,
7339 siemens s7-300,,,,,ALLIED,,,
7340 siemens s7-300,,,,,alpha,,,
7341 siemens s7-300,,,,,alpha,,,
7342 siemens s7-300,,,,,alpine,,,
7343 siemens s7-300,,,,,ALPINE,,,
7344 siemens s7-300,,,,,alps,,,
7345 siemens s7-300,,,,,ALPS,,,
7346 siemens s7-300,,,,,altera,,,
7347 siemens s7-300,,,,,ALTERA,,,
7348 siemens s7-300,,,,,amber,,,
7349 siemens s7-300,,,,,AMBER,,,
7350 siemens s7-300,,,,,amd,,,
7351 siemens s7-300,,,,,AMD,,,
7352 siemens s7-300,,,,,american,,,
7353 siemens s7-300,,,,,AMERICAN,,,
7354 siemens s7-300,,,,,ametherm,,,
7355 siemens s7-300,,,,,AMETHERM,,,
7356 siemens s7-300,,,,,ami,,,
7357 siemens s7-300,,,,,AMI,,,
7358 siemens s7-300,,,,,amic,,,
7359 siemens s7-300,,,,,AMIC,,,
7360 siemens s7-300,,,,,amis,,,
7361 siemens s7-300,,,,,AMIS,,,
7362 siemens s7-300,,,,,ammc,,,
7363 siemens s7-300,,,,,AMMC,,,
7364 siemens s7-300,,,,,amp,,,
7365 siemens s7-300,,,,,AMP,,,
7366 siemens s7-300,,,,,amperite,,,
7367 siemens s7-300,,,,,AMPERITE,,,
7368 siemens s7-300,,,,,amphenol,,,
7369 siemens s7-300,,,,,AMPHENOL,,,
7370 siemens s7-300,,,,,ampire,,,
7371 siemens s7-300,,,,,AMPIRE,,,
7372 siemens s7-300,,,,,amt,,,
7373 siemens s7-300,,,,,AMT,,,
7374 siemens s7-300,,,,,anachip,,,
7375 siemens s7-300,,,,,ANACHIP,,,
7376 siemens s7-300,,,,,anadigic,,,
7377 siemens s7-300,,,,,ANADIGIC,,,
7378 siemens s7-300,,,,,anadigm,,,
7379 siemens s7-300,,,,,ANADIGM,,,
7380 siemens s7-300,,,,,analog,,,
7381 siemens s7-300,,,,,ANALOG,,,
7382 siemens s7-300,,,,,analogic,,,
7383 siemens s7-300,,,,,ANALOGIC,,,
7384 siemens s7-300,,,,,anaren,,,
7385 siemens s7-300,,,,,ANAREN,,,
7386 siemens s7-300,,,,,angel,,,
7387 siemens s7-300,,,,,ANGEL,,,
7388 siemens s7-300,,,,,angle,,,
7389 siemens s7-300,,,,,ANGLE,,,
7390 siemens s7-300,,,,,anicust,,,
7391 siemens s7-300,,,,,ANICUST,,,
7392 siemens s7-300,,,,,anla,,,
7393 siemens s7-300,,,,,ANLA,,,
7394 siemens s7-300,,,,,anleim,,,
7395 siemens s7-300,,,,,Anleim,,,
7396 siemens s7-300,,,,,ANLEIM,,,
7397 siemens s7-300,,,,,anritsu,,,
7398 siemens s7-300,,,,,ANRITSU,,,
7399 siemens s7-300,,,,,ANS#150,,,
7400 siemens s7-300,,,,,anshan,,,
7401 siemens s7-300,,,,,ANSHAN,,,
7402 siemens s7-300,,,,,ansmann,,,
7403 siemens s7-300,,,,,ANSMANN,,,
7404 siemens s7-300,,,,,any@,,,
7405 siemens s7-300,,,,,anycom,,,
7406 siemens s7-300,,,,,ANYCOM,,,
7407 siemens s7-300,,,,,anydata,,,
7408 siemens s7-300,,,,,ANYDATA,,,
7409 siemens s7-300,,,,,anyone,,,
7410 siemens s7-300,,,,,ANYONE,,,
7411 siemens s7-300,,,,,anyway,,,
7412 siemens s7-300,,,,,ANYWAY,,,
7413 siemens s7-300,,,,,apbodiur,,,
7414 siemens s7-300,,,,,APBODIUR,,,
7415 siemens s7-300,,,,,apc,,,
7416 siemens s7-300,,,,,APC,,,
7417 siemens s7-300,,,,,apem,,,
7418 siemens s7-300,,,,,APEM,,,
7419 siemens s7-300,,,,,apex,,,
7420 siemens s7-300,,,,,APEX,,,
7421 siemens s7-300,,,,,api,,,
7422 siemens s7-300,,,,,API,,,
7423 siemens s7-300,,,,,aplus,,,
7424 siemens s7-300,,,,,APLUS,,,
7425 siemens s7-300,,,,,apm,,,
7426 siemens s7-300,,,,,APM,,,
7427 siemens s7-300,,,,,a-power,,,
7428 siemens s7-300,,,,,A-POWER,,,
7429 siemens s7-300,,,,,app,,,
7430 siemens s7-300,,,,,APP,,,
7431 siemens s7-300,,,,,applied,,,
7432 siemens s7-300,,,,,APPLIED,,,
7433 siemens s7-300,,,,,apra,,,
7434 siemens s7-300,,,,,APRA,,,
7435 siemens s7-300,,,,,arsenal,,,
7436 siemens s7-300,,,,,ARSENAL,,,
7437 siemens s7-300,,,,,articon,,,
7438 siemens s7-300,,,,,ARTICON,,,
7439 siemens s7-300,,,,,asante,,,
7440 siemens s7-300,,,,,Asante,,,
7441 siemens s7-300,,,,,ASANTE,,,
7442 siemens s7-300,,,,,ascend,,,
7443 siemens s7-300,,,,,Ascend,,,
7444 siemens s7-300,,,,,ASCEND,,,
7445 siemens s7-300,,,,,asd,,,
7446 siemens s7-300,,,,,ASD,,,
7447 siemens s7-300,,,,,asdf,,,
7448 siemens s7-300,,,,,ASDF,,,
7449 siemens s7-300,,,,,asdfg,,,
7450 siemens s7-300,,,,,ASDFG,,,
7451 siemens s7-300,,,,,asdfgh,,,
7452 siemens s7-300,,,,,asdfgh,,,
7453 siemens s7-300,,,,,ASDFGH,,,
7454 siemens s7-300,,,,,asdfghj,,,
7455 siemens s7-300,,,,,ASDFGHJ,,,
7456 siemens s7-300,,,,,asdfghjk,,,
7457 siemens s7-300,,,,,ASDFGHJK,,,
7458 siemens s7-300,,,,,asi,,,
7459 siemens s7-300,,,,,ASI,,,
7460 siemens s7-300,,,,,asutp,,,
7461 siemens s7-300,,,,,ASUTP,,,
7462 siemens s7-300,,,,,at4400,,,
7463 siemens s7-300,,,,,AT4400,,,
7464 siemens s7-300,,,,,atc,,,
7465 siemens s7-300,,,,,atc,,,
7466 siemens s7-300,,,,,ATC,,,
7467 siemens s7-300,,,,,atc123,,,
7468 siemens s7-300,,,,,ATC123,,,
7469 siemens s7-300,,,,,atlantis,,,
7470 siemens s7-300,,,,,ATLANTIS,,,
7471 siemens s7-300,,,,,attack,,,
7472 siemens s7-300,,,,,ATTACK,,,
7473 siemens s7-300,,,,,autohors,,,
7474 siemens s7-300,,,,,AUTOHORS,,,
7475 siemens s7-300,,,,,azsxdc,,,
7476 siemens s7-300,,,,,AZSXDC,,,
7477 siemens s7-300,,,,,b,,,
7478 siemens s7-300,,,,,B,,,
7479 siemens s7-300,,,,,b&r,,,
7480 siemens s7-300,,,,,B&R,,,
7481 siemens s7-300,,,,,B2H4,,,
7482 siemens s7-300,,,,,B9W3,,,
7483 siemens s7-300,,,,,back,,,
7484 siemens s7-300,,,,,BACK,,,
7485 siemens s7-300,,,,,backdoor,,,
7486 siemens s7-300,,,,,BACKDOOR,,,
7487 siemens s7-300,,,,,badboy,,,
7488 siemens s7-300,,,,,BADBOY,,,
7489 siemens s7-300,,,,,barricade,,,
7490 siemens s7-300,,,,,BARRICADE,,,
7491 siemens s7-300,,,,,baseball,,,
7492 siemens s7-300,,,,,BASEBALL,,,
7493 siemens s7-300,,,,,bb,,,
7494 siemens s7-300,,,,,BB,,,
7495 siemens s7-300,,,,,bbb,,,
7496 siemens s7-300,,,,,BBB,,,
7497 siemens s7-300,,,,,bbbb,,,
7498 siemens s7-300,,,,,BBBB,,,
7499 siemens s7-300,,,,,bbbbb,,,
7500 siemens s7-300,,,,,BBBBB,,,
7501 siemens s7-300,,,,,bbbbbb,,,
7502 siemens s7-300,,,,,BBBBBB,,,
7503 siemens s7-300,,,,,bbbbbbb,,,
7504 siemens s7-300,,,,,BBBBBBB,,,
7505 siemens s7-300,,,,,bbbbbbbb,,,
7506 siemens s7-300,,,,,BBBBBBBB,,,
7507 siemens s7-300,,,,,bciimpw,,,
7508 siemens s7-300,,,,,BCIIMPW,,,
7509 siemens s7-300,,,,,bcimpw,,,
7510 siemens s7-300,,,,,BCIMPW,,,
7511 siemens s7-300,,,,,bcnaspw,,,
7512 siemens s7-300,,,,,BCNASPW,,,
7513 siemens s7-300,,,,,beatch,,,
7514 siemens s7-300,,,,,BEATCH,,,
7515 siemens s7-300,,,,,beerbeer,,,
7516 siemens s7-300,,,,,BEERBEER,,,
7517 siemens s7-300,,,,,betera,,,
7518 siemens s7-300,,,,,BETERA,,,
7519 siemens s7-300,,,,,bible,,,
7520 siemens s7-300,,,,,BIBLE,,,
7521 siemens s7-300,,,,,bintec,,,
7522 siemens s7-300,,,,,BINTEC,,,
7523 siemens s7-300,,,,,birdie,,,
7524 siemens s7-300,,,,,BIRDIE,,,
7525 siemens s7-300,,,,,black,,,
7526 siemens s7-300,,,,,BLACK,,,
7527 siemens s7-300,,,,,blaster,,,
7528 siemens s7-300,,,,,BLASTER,,,
7529 siemens s7-300,,,,,blender,,,
7530 siemens s7-300,,,,,BLENDER,,,
7531 siemens s7-300,,,,,blink,,,
7532 siemens s7-300,,,,,BLINK,,,
7533 siemens s7-300,,,,,blink182,,,
7534 siemens s7-300,,,,,BLINK182,,,
7535 siemens s7-300,,,,,bluepw,,,
7536 siemens s7-300,,,,,BLUEPW,,,
7537 siemens s7-300,,,,,bowling,,,
7538 siemens s7-300,,,,,BOWLING,,,
7539 siemens s7-300,,,,,bradley,,,
7540 siemens s7-300,,,,,BRADLEY,,,
7541 siemens s7-300,,,,,bridge,,,
7542 siemens s7-300,,,,,BRIDGE,,,
7543 siemens s7-300,,,,,bright,,,
7544 siemens s7-300,,,,,BRIGHT,,,
7545 siemens s7-300,,,,,c,,,
7546 siemens s7-300,,,,,C,,,
7547 siemens s7-300,,,,,ca01,,,
7548 siemens s7-300,,,,,CA01,,,
7549 siemens s7-300,,,,,cacadmin,,,
7550 siemens s7-300,,,,,CACADMIN,,,
7551 siemens s7-300,,,,,cactus,,,
7552 siemens s7-300,,,,,CACTUS,,,
7553 siemens s7-300,,,,,calvin,,,
7554 siemens s7-300,,,,,CALVIN,,,
7555 siemens s7-300,,,,,can,,,
7556 siemens s7-300,,,,,CAN,,,
7557 siemens s7-300,,,,,canbus,,,
7558 siemens s7-300,,,,,CANBUS,,,
7559 siemens s7-300,,,,,carolian,,,
7560 siemens s7-300,,,,,CAROLIAN,,,
7561 siemens s7-300,,,,,cascade,,,
7562 siemens s7-300,,,,,CASCADE,,,
7563 siemens s7-300,,,,,cc,,,
7564 siemens s7-300,,,,,CC,,,
7565 siemens s7-300,,,,,ccc,,,
7566 siemens s7-300,,,,,CCC,,,
7567 siemens s7-300,,,,,cccc,,,
7568 siemens s7-300,,,,,CCCC,,,
7569 siemens s7-300,,,,,ccccc,,,
7570 siemens s7-300,,,,,CCCCC,,,
7571 siemens s7-300,,,,,cccccc,,,
7572 siemens s7-300,,,,,CCCCCC,,,
7573 siemens s7-300,,,,,ccccccc,,,
7574 siemens s7-300,,,,,CCCCCCC,,,
7575 siemens s7-300,,,,,cccccccc,,,
7576 siemens s7-300,,,,,CCCCCCCC,,,
7577 siemens s7-300,,,,,ccrusr,,,
7578 siemens s7-300,,,,,CCRUSR,,,
7579 siemens s7-300,,,,,cellit,,,
7580 siemens s7-300,,,,,CELLIT,,,
7581 siemens s7-300,,,,,cfc,,,
7582 siemens s7-300,,,,,CFC,,,
7583 siemens s7-300,,,,,CHABGEME,,,
7584 siemens s7-300,,,,,changeme,,,
7585 siemens s7-300,,,,,CHANGEME,,,
7586 siemens s7-300,,,,,changit,,,
7587 siemens s7-300,,,,,CHANGIT,,,
7588 siemens s7-300,,,,,charlie,,,
7589 siemens s7-300,,,,,CHARLIE,,,
7590 siemens s7-300,,,,,cisco,,,
7591 siemens s7-300,,,,,Cisco,,,
7592 siemens s7-300,,,,,CISCO,,,
7593 siemens s7-300,,,,,citel,,,
7594 siemens s7-300,,,,,CITEL,,,
7595 siemens s7-300,,,,,client,,,
7596 siemens s7-300,,,,,CLIENT,,,
7597 siemens s7-300,,,,,cmaker,,,
7598 siemens s7-300,,,,,CMAKER,,,
7599 siemens s7-300,,,,,cms500,,,
7600 siemens s7-300,,,,,CMS500,,,
7601 siemens s7-300,,,,,cnas,,,
7602 siemens s7-300,,,,,CNAS,,,
7603 siemens s7-300,,,,,cody,,,
7604 siemens s7-300,,,,,CODY,,,
7605 siemens s7-300,,,,,cognos,,,
7606 siemens s7-300,,,,,COGNOS,,,
7607 siemens s7-300,,,,,Col2ogro2,,,
7608 siemens s7-300,,,,,computer,,,
7609 siemens s7-300,,,,,COMPUTER,,,
7610 siemens s7-300,,,,,connect,,,
7611 siemens s7-300,,,,,CONNECT,,,
7612 siemens s7-300,,,,,conv,,,
7613 siemens s7-300,,,,,CONV,,,
7614 siemens s7-300,,,,,cool,,,
7615 siemens s7-300,,,,,COOL,,,
7616 siemens s7-300,,,,,corecess,,,
7617 siemens s7-300,,,,,CORECESS,,,
7618 siemens s7-300,,,,,cosmos,,,
7619 siemens s7-300,,,,,COSMOS,,,
7620 siemens s7-300,,,,,craft,,,
7621 siemens s7-300,,,,,CRAFT,,,
7622 siemens s7-300,,,,,craftpw,,,
7623 siemens s7-300,,,,,CRAFTPW,,,
7624 siemens s7-300,,,,,crftpw,,,
7625 siemens s7-300,,,,,CRFTPW,,,
7626 siemens s7-300,,,,,crystal,,,
7627 siemens s7-300,,,,,CRYSTAL,,,
7628 siemens s7-300,,,,,ct/1,,,
7629 siemens s7-300,,,,,customer,,,
7630 siemens s7-300,,,,,CUSTOMER,,,
7631 siemens s7-300,,,,,custpw,,,
7632 siemens s7-300,,,,,CUSTPW,,,
7633 siemens s7-300,,,,,d,,,
7634 siemens s7-300,,,,,D,,,
7635 siemens s7-300,,,,,d.e.b.u.g,,,
7636 siemens s7-300,,,,,d00m,,,
7637 siemens s7-300,,,,,D00M,,,
7638 siemens s7-300,,,,,dadmin01,,,
7639 siemens s7-300,,,,,DADMIN01,,,
7640 siemens s7-300,,,,,danger,,,
7641 siemens s7-300,,,,,DANGER,,,
7642 siemens s7-300,,,,,database,,,
7643 siemens s7-300,,,,,DATABASE,,,
7644 siemens s7-300,,,,,davox,,,
7645 siemens s7-300,,,,,dbps,,,
7646 siemens s7-300,,,,,DBPS,,,
7647 siemens s7-300,,,,,dd,,,
7648 siemens s7-300,,,,,DD,,,
7649 siemens s7-300,,,,,ddd,,,
7650 siemens s7-300,,,,,DDD,,,
7651 siemens s7-300,,,,,dddd,,,
7652 siemens s7-300,,,,,DDDD,,,
7653 siemens s7-300,,,,,ddddd,,,
7654 siemens s7-300,,,,,DDDDD,,,
7655 siemens s7-300,,,,,dddddd,,,
7656 siemens s7-300,,,,,DDDDDD,,,
7657 siemens s7-300,,,,,ddddddd,,,
7658 siemens s7-300,,,,,DDDDDDD,,,
7659 siemens s7-300,,,,,dddddddd,,,
7660 siemens s7-300,,,,,DDDDDDDD,,,
7661 siemens s7-300,,,,,dean,,,
7662 siemens s7-300,,,,,DEAN,,,
7663 siemens s7-300,,,,,default,,,
7664 siemens s7-300,,,,,DEFAULT,,,
7665 siemens s7-300,,,,,delevan,,,
7666 siemens s7-300,,,,,demo,,,
7667 siemens s7-300,,,,,DEMO,,,
7668 siemens s7-300,,,,,denise,,,
7669 siemens s7-300,,,,,DENISE,,,
7670 siemens s7-300,,,,,derparol,,,
7671 siemens s7-300,,,,,DERPAROL,,,
7672 siemens s7-300,,,,,DEVEVAN,,,
7673 siemens s7-300,,,,,device,,,
7674 siemens s7-300,,,,,DEVICE,,,
7675 siemens s7-300,,,,,devices,,,
7676 siemens s7-300,,,,,DEVICES,,,
7677 siemens s7-300,,,,,dhs3mt,,,
7678 siemens s7-300,,,,,DHS3MT,,,
7679 siemens s7-300,,,,,dhs3pms,,,
7680 siemens s7-300,,,,,DHS3PMS,,,
7681 siemens s7-300,,,,,diabl0,,,
7682 siemens s7-300,,,,,DIABL0,,,
7683 siemens s7-300,,,,,diablo,,,
7684 siemens s7-300,,,,,DIABLO,,,
7685 siemens s7-300,,,,,diamond,,,
7686 siemens s7-300,,,,,DIAMOND,,,
7687 siemens s7-300,,,,,digital,,,
7688 siemens s7-300,,,,,DIGITAL,,,
7689 siemens s7-300,,,,,DL20,,,
7690 siemens s7-300,,,,,dlink,,,
7691 siemens s7-300,,,,,D-Link,,,
7692 siemens s7-300,,,,,DLINK,,,
7693 siemens s7-300,,,,,dollar,,,
7694 siemens s7-300,,,,,DOLLAR,,,
7695 siemens s7-300,,,,,doom,,,
7696 siemens s7-300,,,,,DOOM,,,
7697 siemens s7-300,,,,,draadloos,,,
7698 siemens s7-300,,,,,DRAADLOOS,,,
7699 siemens s7-300,,,,,drivees,,,
7700 siemens s7-300,,,,,DRIVEES,,,
7701 siemens s7-300,,,,,e,,,
7702 siemens s7-300,,,,,E,,,
7703 siemens s7-300,,,,,echo,,,
7704 siemens s7-300,,,,,ECHO,,,
7705 siemens s7-300,,,,,ee,,,
7706 siemens s7-300,,,,,EE,,,
7707 siemens s7-300,,,,,eee,,,
7708 siemens s7-300,,,,,EEE,,,
7709 siemens s7-300,,,,,eeee,,,
7710 siemens s7-300,,,,,EEEE,,,
7711 siemens s7-300,,,,,eeeee,,,
7712 siemens s7-300,,,,,EEEEE,,,
7713 siemens s7-300,,,,,eeeeee,,,
7714 siemens s7-300,,,,,EEEEEE,,,
7715 siemens s7-300,,,,,eeeeeee,,,
7716 siemens s7-300,,,,,EEEEEEE,,,
7717 siemens s7-300,,,,,eeeeeeee,,,
7718 siemens s7-300,,,,,EEEEEEEE,,,
7719 siemens s7-300,,,,,EGDFV,,,
7720 siemens s7-300,,,,,electrin,,,
7721 siemens s7-300,,,,,ELECTRIN,,,
7722 siemens s7-300,,,,,elvis,,,
7723 siemens s7-300,,,,,ELVIS,,,
7724 siemens s7-300,,,,,enable,,,
7725 siemens s7-300,,,,,ENABLE,,,
7726 siemens s7-300,,,,,energy,,,
7727 siemens s7-300,,,,,ENERGY,,,
7728 siemens s7-300,,,,,engineer,,,
7729 siemens s7-300,,,,,ENGINEER,,,
7730 siemens s7-300,,,,,eqdfv,,,
7731 siemens s7-300,,,,,err0r,,,
7732 siemens s7-300,,,,,ERR0R,,,
7733 siemens s7-300,,,,,error,,,
7734 siemens s7-300,,,,,evening,,,
7735 siemens s7-300,,,,,EVENING,,,
7736 siemens s7-300,,,,,Exabyte,,,
7737 siemens s7-300,,,,,EXABYTE,,,
7738 siemens s7-300,,,,,expert03,,,
7739 siemens s7-300,,,,,EXPERT03,,,
7740 siemens s7-300,,,,,f,,,
7741 siemens s7-300,,,,,F,,,
7742 siemens s7-300,,,,,father,,,
7743 siemens s7-300,,,,,FATHER,,,
7744 siemens s7-300,,,,,fbd,,,
7745 siemens s7-300,,,,,FBD,,,
7746 siemens s7-300,,,,,ff,,,
7747 siemens s7-300,,,,,FF,,,
7748 siemens s7-300,,,,,fff,,,
7749 siemens s7-300,,,,,FFF,,,
7750 siemens s7-300,,,,,ffff,,,
7751 siemens s7-300,,,,,FFFF,,,
7752 siemens s7-300,,,,,fffff,,,
7753 siemens s7-300,,,,,FFFFF,,,
7754 siemens s7-300,,,,,ffffff,,,
7755 siemens s7-300,,,,,FFFFFF,,,
7756 siemens s7-300,,,,,fffffff,,,
7757 siemens s7-300,,,,,FFFFFFF,,,
7758 siemens s7-300,,,,,ffffffff,,,
7759 siemens s7-300,,,,,FFFFFFFF,,,
7760 siemens s7-300,,,,,field,,,
7761 siemens s7-300,,,,,FIELD,,,
7762 siemens s7-300,,,,,fire,,,
7763 siemens s7-300,,,,,FIRE,,,
7764 siemens s7-300,,,,,Fireport,,,
7765 siemens s7-300,,,,,FIREPORT,,,
7766 siemens s7-300,,,,,fish,,,
7767 siemens s7-300,,,,,FISH,,,
7768 siemens s7-300,,,,,fivranne,,,
7769 siemens s7-300,,,,,FIVRANNE,,,
7770 siemens s7-300,,,,,flash,,,
7771 siemens s7-300,,,,,FLASH,,,
7772 siemens s7-300,,,,,flex,,,
7773 siemens s7-300,,,,,FLEX,,,
7774 siemens s7-300,,,,,flexible,,,
7775 siemens s7-300,,,,,FLEXIBLE,,,
7776 siemens s7-300,,,,,football,,,
7777 siemens s7-300,,,,,FOOTBALL,,,
7778 siemens s7-300,,,,,friend,,,
7779 siemens s7-300,,,,,FRIEND,,,
7780 siemens s7-300,,,,,fuck,,,
7781 siemens s7-300,,,,,FUCK,,,
7782 siemens s7-300,,,,,fuckoff,,,
7783 siemens s7-300,,,,,FUCKOFF,,,
7784 siemens s7-300,,,,,fuckyou,,,
7785 siemens s7-300,,,,,FUCKYOU,,,
7786 siemens s7-300,,,,,g,,,
7787 siemens s7-300,,,,,G,,,
7788 siemens s7-300,,,,,g00gle,,,
7789 siemens s7-300,,,,,G00GLE,,,
7790 siemens s7-300,,,,,G0F9,,,
7791 siemens s7-300,,,,,G0K1,,,
7792 siemens s7-300,,,,,G6K6,,,
7793 siemens s7-300,,,,,gama,,,
7794 siemens s7-300,,,,,GAMA,,,
7795 siemens s7-300,,,,,ganteng,,,
7796 siemens s7-300,,,,,GAWSED,,,
7797 siemens s7-300,,,,,Geardog,,,
7798 siemens s7-300,,,,,GEARDOG,,,
7799 siemens s7-300,,,,,gen1,,,
7800 siemens s7-300,,,,,gen2,,,
7801 siemens s7-300,,,,,gfcc,,,
7802 siemens s7-300,,,,,GFCC,,,
7803 siemens s7-300,,,,,gfccdjhl,,,
7804 siemens s7-300,,,,,GFCCDJHL,,,
7805 siemens s7-300,,,,,gfhjkm,,,
7806 siemens s7-300,,,,,gfhjkm,,,
7807 siemens s7-300,,,,,GFHJKM,,,
7808 siemens s7-300,,,,,gg,,,
7809 siemens s7-300,,,,,GG,,,
7810 siemens s7-300,,,,,ggg,,,
7811 siemens s7-300,,,,,GGG,,,
7812 siemens s7-300,,,,,gggg,,,
7813 siemens s7-300,,,,,GGGG,,,
7814 siemens s7-300,,,,,ggggg,,,
7815 siemens s7-300,,,,,GGGGG,,,
7816 siemens s7-300,,,,,gggggg,,,
7817 siemens s7-300,,,,,GGGGGG,,,
7818 siemens s7-300,,,,,ggggggg,,,
7819 siemens s7-300,,,,,GGGGGGG,,,
7820 siemens s7-300,,,,,gggggggg,,,
7821 siemens s7-300,,,,,GGGGGGGG,,,
7822 siemens s7-300,,,,,ghbdtn,,,
7823 siemens s7-300,,,,,GHBDTN,,,
7824 siemens s7-300,,,,,GHOST,,,
7825 siemens s7-300,,,,,ghost,,,
7826 siemens s7-300,,,,,goal,,,
7827 siemens s7-300,,,,,GOAL,,,
7828 siemens s7-300,,,,,golf,,,
7829 siemens s7-300,,,,,GOLF,,,
7830 siemens s7-300,,,,,google,,,
7831 siemens s7-300,,,,,GOOGLE,,,
7832 siemens s7-300,,,,,got,,,
7833 siemens s7-300,,,,,GOT,,,
7834 siemens s7-300,,,,,guest,,,
7835 siemens s7-300,,,,,GUEST,,,
7836 siemens s7-300,,,,,h,,,
7837 siemens s7-300,,,,,H,,,
7838 siemens s7-300,,,,,hardware,,,
7839 siemens s7-300,,,,,HARDWARE,,,
7840 siemens s7-300,,,,,harley,,,
7841 siemens s7-300,,,,,helen,,,
7842 siemens s7-300,,,,,HELEN,,,
7843 siemens s7-300,,,,,hello,,,
7844 siemens s7-300,,,,,HELLO,,,
7845 siemens s7-300,,,,,help,,,
7846 siemens s7-300,,,,,HELP,,,
7847 siemens s7-300,,,,,help1954,,,
7848 siemens s7-300,,,,,HELP1954,,,
7849 siemens s7-300,,,,,Helpdesk,,,
7850 siemens s7-300,,,,,HELPDESK,,,
7851 siemens s7-300,,,,,hexseal,,,
7852 siemens s7-300,,,,,HEXSEAL,,,
7853 siemens s7-300,,,,,hh,,,
7854 siemens s7-300,,,,,HH,,,
7855 siemens s7-300,,,,,hhh,,,
7856 siemens s7-300,,,,,HHH,,,
7857 siemens s7-300,,,,,hhhh,,,
7858 siemens s7-300,,,,,HHHH,,,
7859 siemens s7-300,,,,,hhhhh,,,
7860 siemens s7-300,,,,,HHHHH,,,
7861 siemens s7-300,,,,,hhhhhh,,,
7862 siemens s7-300,,,,,HHHHHH,,,
7863 siemens s7-300,,,,,hhhhhhh,,,
7864 siemens s7-300,,,,,HHHHHHH,,,
7865 siemens s7-300,,,,,hhhhhhhh,,,
7866 siemens s7-300,,,,,HHHHHHHH,,,
7867 siemens s7-300,,,,,highspeed,,,
7868 siemens s7-300,,,,,HIGHSPEED,,,
7869 siemens s7-300,,,,,hinear,,,
7870 siemens s7-300,,,,,HINEAR,,,
7871 siemens s7-300,,,,,home,,,
7872 siemens s7-300,,,,,HOME,,,
7873 siemens s7-300,,,,,homeplug,,,
7874 siemens s7-300,,,,,HomePlug,,,
7875 siemens s7-300,,,,,HOMEPLUG,,,
7876 siemens s7-300,,,,,honda,,,
7877 siemens s7-300,,,,,HONDA,,,
7878 siemens s7-300,,,,,HP,,,
7879 siemens s7-300,,,,,hp.com,,,
7880 siemens s7-300,,,,,hpoffice,,,
7881 siemens s7-300,,,,,HPOFFICE,,,
7882 siemens s7-300,,,,,hponly,,,
7883 siemens s7-300,,,,,HPONLY,,,
7884 siemens s7-300,,,,,HPP187,,,
7885 siemens s7-300,,,,,HPP189,,,
7886 siemens s7-300,,,,,HPP196,,,
7887 siemens s7-300,,,,,hrloo,,,
7888 siemens s7-300,,,,,HRLOO,,,
7889 siemens s7-300,,,,,hsadb,,,
7890 siemens s7-300,,,,,http,,,
7891 siemens s7-300,,,,,HTTP,,,
7892 siemens s7-300,,,,,i,,,
7893 siemens s7-300,,,,,I,,,
7894 siemens s7-300,,,,,iDirect,,,
7895 siemens s7-300,,,,,IDIRECT,,,
7896 siemens s7-300,,,,,ii,,,
7897 siemens s7-300,,,,,II,,,
7898 siemens s7-300,,,,,iii,,,
7899 siemens s7-300,,,,,III,,,
7900 siemens s7-300,,,,,iiii,,,
7901 siemens s7-300,,,,,IIII,,,
7902 siemens s7-300,,,,,iiiii,,,
7903 siemens s7-300,,,,,IIIII,,,
7904 siemens s7-300,,,,,iiiiii,,,
7905 siemens s7-300,,,,,IIIIII,,,
7906 siemens s7-300,,,,,iiiiiii,,,
7907 siemens s7-300,,,,,IIIIIII,,,
7908 siemens s7-300,,,,,iiiiiiii,,,
7909 siemens s7-300,,,,,IIIIIIII,,,
7910 siemens s7-300,,,,,ILMI,,,
7911 siemens s7-300,,,,,iloveyou,,,
7912 siemens s7-300,,,,,ILOVEYOU,,,
7913 siemens s7-300,,,,,images,,,
7914 siemens s7-300,,,,,IMAGES,,,
7915 siemens s7-300,,,,,inads,,,
7916 siemens s7-300,,,,,INADS,,,
7917 siemens s7-300,,,,,inc,,,
7918 siemens s7-300,,,,,INC,,,
7919 siemens s7-300,,,,,indspw,,,
7920 siemens s7-300,,,,,INDSPW,,,
7921 siemens s7-300,,,,,inferno,,,
7922 siemens s7-300,,,,,INFERNO,,,
7923 siemens s7-300,,,,,initpw,,,
7924 siemens s7-300,,,,,INITPW,,,
7925 siemens s7-300,,,,,Inmet,,,
7926 siemens s7-300,,,,,inmet,,,
7927 siemens s7-300,,,,,INMET,,,
7928 siemens s7-300,,,,,Intel,,,
7929 siemens s7-300,,,,,INTEL,,,
7930 siemens s7-300,,,,,internet,,,
7931 siemens s7-300,,,,,Internet,,,
7932 siemens s7-300,,,,,INTERNET,,,
7933 siemens s7-300,,,,,INTX3,,,
7934 siemens s7-300,,,,,ironport,,,
7935 siemens s7-300,,,,,IRONPORT,,,
7936 siemens s7-300,,,,,isee,,,
7937 siemens s7-300,,,,,ISEE,,,
7938 siemens s7-300,,,,,isp,,,
7939 siemens s7-300,,,,,ISP,,,
7940 siemens s7-300,,,,,ITF3000,,,
7941 siemens s7-300,,,,,j,,,
7942 siemens s7-300,,,,,J,,,
7943 siemens s7-300,,,,,J6R6,,,
7944 siemens s7-300,,,,,J6W8,,,
7945 siemens s7-300,,,,,jack,,,
7946 siemens s7-300,,,,,JACK,,,
7947 siemens s7-300,,,,,janet,,,
7948 siemens s7-300,,,,,JANET,,,
7949 siemens s7-300,,,,,jannie,,,
7950 siemens s7-300,,,,,JANNIE,,,
7951 siemens s7-300,,,,,jasmine,,,
7952 siemens s7-300,,,,,JASMINE,,,
7953 siemens s7-300,,,,,JDE,,,
7954 siemens s7-300,,,,,jj,,,
7955 siemens s7-300,,,,,JJ,,,
7956 siemens s7-300,,,,,jjj,,,
7957 siemens s7-300,,,,,JJJ,,,
7958 siemens s7-300,,,,,jjjj,,,
7959 siemens s7-300,,,,,JJJJ,,,
7960 siemens s7-300,,,,,jjjjj,,,
7961 siemens s7-300,,,,,JJJJJ,,,
7962 siemens s7-300,,,,,jjjjjj,,,
7963 siemens s7-300,,,,,JJJJJJ,,,
7964 siemens s7-300,,,,,jjjjjjj,,,
7965 siemens s7-300,,,,,JJJJJJJ,,,
7966 siemens s7-300,,,,,jjjjjjjj,,,
7967 siemens s7-300,,,,,JJJJJJJJ,,,
7968 siemens s7-300,,,,,JOCKER,,,
7969 siemens s7-300,,,,,john,,,
7970 siemens s7-300,,,,,JOHN,,,
7971 siemens s7-300,,,,,joker,,,
7972 siemens s7-300,,,,,jordan,,,
7973 siemens s7-300,,,,,JORDAN,,,
7974 siemens s7-300,,,,,jordan23,,,
7975 siemens s7-300,,,,,JORDAN23,,,
7976 siemens s7-300,,,,,JR58,,,
7977 siemens s7-300,,,,,JR59,,,
7978 siemens s7-300,,,,,k,,,
7979 siemens s7-300,,,,,K,,,
7980 siemens s7-300,,,,,kermit,,,
7981 siemens s7-300,,,,,KERMIT,,,
7982 siemens s7-300,,,,,killer,,,
7983 siemens s7-300,,,,,KILLER,,,
7984 siemens s7-300,,,,,killme,,,
7985 siemens s7-300,,,,,kilo1987,,,
7986 siemens s7-300,,,,,KILO1987,,,
7987 siemens s7-300,,,,,kk,,,
7988 siemens s7-300,,,,,KK,,,
7989 siemens s7-300,,,,,kkk,,,
7990 siemens s7-300,,,,,KKK,,,
7991 siemens s7-300,,,,,kkkk,,,
7992 siemens s7-300,,,,,KKKK,,,
7993 siemens s7-300,,,,,kkkkk,,,
7994 siemens s7-300,,,,,KKKKK,,,
7995 siemens s7-300,,,,,kkkkkk,,,
7996 siemens s7-300,,,,,KKKKKK,,,
7997 siemens s7-300,,,,,kkkkkkk,,,
7998 siemens s7-300,,,,,KKKKKKK,,,
7999 siemens s7-300,,,,,kkkkkkkk,,,
8000 siemens s7-300,,,,,KKKKKKKK,,,
8001 siemens s7-300,,,,,korn,,,
8002 siemens s7-300,,,,,KORN,,,
8003 siemens s7-300,,,,,l,,,
8004 siemens s7-300,,,,,L,,,
8005 siemens s7-300,,,,,lad,,,
8006 siemens s7-300,,,,,LAD,,,
8007 siemens s7-300,,,,,laflaf,,,
8008 siemens s7-300,,,,,LAFLAF,,,
8009 siemens s7-300,,,,,letacla,,,
8010 siemens s7-300,,,,,LETACLA,,,
8011 siemens s7-300,,,,,letmein,,,
8012 siemens s7-300,,,,,letmein,,,
8013 siemens s7-300,,,,,LETMEIN,,,
8014 siemens s7-300,,,,,level1,,,
8015 siemens s7-300,,,,,LEVEL1,,,
8016 siemens s7-300,,,,,leviton,,,
8017 siemens s7-300,,,,,LEVITON,,,
8018 siemens s7-300,,,,,LILLME,,,
8019 siemens s7-300,,,,,linga,,,
8020 siemens s7-300,,,,,LINGA,,,
8021 siemens s7-300,,,,,linux,,,
8022 siemens s7-300,,,,,LINUX,,,
8023 siemens s7-300,,,,,lisa,,,
8024 siemens s7-300,,,,,LISA,,,
8025 siemens s7-300,,,,,ll,,,
8026 siemens s7-300,,,,,LL,,,
8027 siemens s7-300,,,,,llatsni,,,
8028 siemens s7-300,,,,,LLATSNI,,,
8029 siemens s7-300,,,,,lll,,,
8030 siemens s7-300,,,,,LLL,,,
8031 siemens s7-300,,,,,llll,,,
8032 siemens s7-300,,,,,LLLL,,,
8033 siemens s7-300,,,,,lllll,,,
8034 siemens s7-300,,,,,LLLLL,,,
8035 siemens s7-300,,,,,llllll,,,
8036 siemens s7-300,,,,,LLLLLL,,,
8037 siemens s7-300,,,,,lllllll,,,
8038 siemens s7-300,,,,,LLLLLLL,,,
8039 siemens s7-300,,,,,llllllll,,,
8040 siemens s7-300,,,,,LLLLLLLL,,,
8041 siemens s7-300,,,,,locatepw,,,
8042 siemens s7-300,,,,,LOCATEPW,,,
8043 siemens s7-300,,,,,lock,,,
8044 siemens s7-300,,,,,LOCK,,,
8045 siemens s7-300,,,,,login,,,
8046 siemens s7-300,,,,,LOGIN,,,
8047 siemens s7-300,,,,,looker,,,
8048 siemens s7-300,,,,,LOOKER,,,
8049 siemens s7-300,,,,,lotus,,,
8050 siemens s7-300,,,,,LOTUS,,,
8051 siemens s7-300,,,,,love,,,
8052 siemens s7-300,,,,,LOVE,,,
8053 siemens s7-300,,,,,ltd,,,
8054 siemens s7-300,,,,,LTD,,,
8055 siemens s7-300,,,,,lucky,,,
8056 siemens s7-300,,,,,LUCKY,,,
8057 siemens s7-300,,,,,m,,,
8058 siemens s7-300,,,,,M,,,
8059 siemens s7-300,,,,,m1122,,,
8060 siemens s7-300,,,,,M1122,,,
8061 siemens s7-300,,,,,mail,,,
8062 siemens s7-300,,,,,MAIL,,,
8063 siemens s7-300,,,,,maint,,,
8064 siemens s7-300,,,,,MAINT,,,
8065 siemens s7-300,,,,,maintpw,,,
8066 siemens s7-300,,,,,MAINTPW,,,
8067 siemens s7-300,,,,,manager,,,
8068 siemens s7-300,,,,,Manager,,,
8069 siemens s7-300,,,,,MANAGER,,,
8070 siemens s7-300,,,,,maniac,,,
8071 siemens s7-300,,,,,MANIAC,,,
8072 siemens s7-300,,,,,master,,,
8073 siemens s7-300,,,,,Master,,,
8074 siemens s7-300,,,,,MASTER,,,
8075 siemens s7-300,,,,,masterkey,,,
8076 siemens s7-300,,,,,MASTERKEY,,,
8077 siemens s7-300,,,,,Mau'dib,,,
8078 siemens s7-300,,,,,mediator,,,
8079 siemens s7-300,,,,,MEDIATOR,,,
8080 siemens s7-300,,,,,medion,,,
8081 siemens s7-300,,,,,MEDION,,,
8082 siemens s7-300,,,,,MGR,,,
8083 siemens s7-300,,,,,micro,,,
8084 siemens s7-300,,,,,MICRO,,,
8085 siemens s7-300,,,,,microwav,,,
8086 siemens s7-300,,,,,MICROWAV,,,
8087 siemens s7-300,,,,,miller,,,
8088 siemens s7-300,,,,,MILLLER,,,
8089 siemens s7-300,,,,,MiniAP,,,
8090 siemens s7-300,,,,,mis,,,
8091 siemens s7-300,,,,,MIS,,,
8092 siemens s7-300,,,,,MJSSSJJ,,,
8093 siemens s7-300,,,,,MJSSSJJ,,,
8094 siemens s7-300,,,,,MJSSSJJ_,,,
8095 siemens s7-300,,,,,mlusr,,,
8096 siemens s7-300,,,,,MLUSR,,,
8097 siemens s7-300,,,,,mm,,,
8098 siemens s7-300,,,,,MM,,,
8099 siemens s7-300,,,,,mmm,,,
8100 siemens s7-300,,,,,MMM,,,
8101 siemens s7-300,,,,,mmmm,,,
8102 siemens s7-300,,,,,MMMM,,,
8103 siemens s7-300,,,,,mmmmm,,,
8104 siemens s7-300,,,,,MMMMM,,,
8105 siemens s7-300,,,,,mmmmmm,,,
8106 siemens s7-300,,,,,MMMMMM,,,
8107 siemens s7-300,,,,,mmmmmmm,,,
8108 siemens s7-300,,,,,MMMMMMM,,,
8109 siemens s7-300,,,,,mmmmmmmm,,,
8110 siemens s7-300,,,,,MMMMMMMM,,,
8111 siemens s7-300,,,,,modul,,,
8112 siemens s7-300,,,,,MODUL,,,
8113 siemens s7-300,,,,,module,,,
8114 siemens s7-300,,,,,MODULE,,,
8115 siemens s7-300,,,,,money,,,
8116 siemens s7-300,,,,,MONEY,,,
8117 siemens s7-300,,,,,monitor,,,
8118 siemens s7-300,,,,,MONITOR,,,
8119 siemens s7-300,,,,,monkey,,,
8120 siemens s7-300,,,,,MONKEY,,,
8121 siemens s7-300,,,,,mosmatic,,,
8122 siemens s7-300,,,,,MOSMATIC,,,
8123 siemens s7-300,,,,,mother,,,
8124 siemens s7-300,,,,,MOTHER,,,
8125 siemens s7-300,,,,,motorola,,,
8126 siemens s7-300,,,,,MOTOROLA,,,
8127 siemens s7-300,,,,,mouse,,,
8128 siemens s7-300,,,,,MOUSE,,,
8129 siemens s7-300,,,,,MPE,,,
8130 siemens s7-300,,,,,MServer,,,
8131 siemens s7-300,,,,,mtch,,,
8132 siemens s7-300,,,,,MTCH,,,
8133 siemens s7-300,,,,,Multi,,,
8134 siemens s7-300,,,,,mustang,,,
8135 siemens s7-300,,,,,MUSTANG,,,
8136 siemens s7-300,,,,,mypass,,,
8137 siemens s7-300,,,,,MYPASS,,,
8138 siemens s7-300,,,,,mypass123,,,
8139 siemens s7-300,,,,,MYPASS123,,,
8140 siemens s7-300,,,,,mypc,,,
8141 siemens s7-300,,,,,MYPC,,,
8142 siemens s7-300,,,,,mypc123,,,
8143 siemens s7-300,,,,,MYPC123,,,
8144 siemens s7-300,,,,,myspace,,,
8145 siemens s7-300,,,,,MYSPACE,,,
8146 siemens s7-300,,,,,myspace1,,,
8147 siemens s7-300,,,,,MYSPACE1,,,
8148 siemens s7-300,,,,,n,,,
8149 siemens s7-300,,,,,N,,,
8150 siemens s7-300,,,,,n/a,,,
8151 siemens s7-300,,,,,N/A,,,
8152 siemens s7-300,,,,,naadmin,,,
8153 siemens s7-300,,,,,NAADMIN,,,
8154 siemens s7-300,,,,,naranja,,,
8155 siemens s7-300,,,,,NARANJA,,,
8156 siemens s7-300,,,,,NAU,,,
8157 siemens s7-300,,,,,Net,,,
8158 siemens s7-300,,,,,NET,,,
8159 siemens s7-300,,,,,netadmin,,,
8160 siemens s7-300,,,,,NETADMIN,,,
8161 siemens s7-300,,,,,netbase,,,
8162 siemens s7-300,,,,,NETBASE,,,
8163 siemens s7-300,,,,,NetCache,,,
8164 siemens s7-300,,,,,NETCACHE,,,
8165 siemens s7-300,,,,,NetICs,,,
8166 siemens s7-300,,,,,netman,,,
8167 siemens s7-300,,,,,NETMAN,,,
8168 siemens s7-300,,,,,netopia,,,
8169 siemens s7-300,,,,,NETOPIA,,,
8170 siemens s7-300,,,,,netscreen,,,
8171 siemens s7-300,,,,,NETSCREEN,,,
8172 siemens s7-300,,,,,netutil,,,
8173 siemens s7-300,,,,,NETUTIL,,,
8174 siemens s7-300,,,,,NetVCR,,,
8175 siemens s7-300,,,,,NETVCR,,,
8176 siemens s7-300,,,,,network,,,
8177 siemens s7-300,,,,,NETWORK,,,
8178 siemens s7-300,,,,,newpass,,,
8179 siemens s7-300,,,,,NEWPASS,,,
8180 siemens s7-300,,,,,niconex,,,
8181 siemens s7-300,,,,,NICONEX,,,
8182 siemens s7-300,,,,,nimdaten,,,
8183 siemens s7-300,,,,,NIMDATEN,,,
8184 siemens s7-300,,,,,nmspw,,,
8185 siemens s7-300,,,,,NMSPW,,,
8186 siemens s7-300,,,,,nn,,,
8187 siemens s7-300,,,,,NN,,,
8188 siemens s7-300,,,,,nnn,,,
8189 siemens s7-300,,,,,NNN,,,
8190 siemens s7-300,,,,,nnnn,,,
8191 siemens s7-300,,,,,NNNN,,,
8192 siemens s7-300,,,,,nnnnn,,,
8193 siemens s7-300,,,,,NNNNN,,,
8194 siemens s7-300,,,,,nnnnnn,,,
8195 siemens s7-300,,,,,NNNNNN,,,
8196 siemens s7-300,,,,,nnnnnnn,,,
8197 siemens s7-300,,,,,NNNNNNN,,,
8198 siemens s7-300,,,,,nnnnnnnn,,,
8199 siemens s7-300,,,,,NNNNNNNN,,,
8200 siemens s7-300,,,,,nokai,,,
8201 siemens s7-300,,,,,NOKAI,,,
8202 siemens s7-300,,,,,notused,,,
8203 siemens s7-300,,,,,NOTUSED,,,
8204 siemens s7-300,,,,,noway,,,
8205 siemens s7-300,,,,,NOWAY,,,
8206 siemens s7-300,,,,,NSADB,,,
8207 siemens s7-300,,,,,ntacdmax,,,
8208 siemens s7-300,,,,,NTACDMAX,,,
8209 siemens s7-300,,,,,null,,,
8210 siemens s7-300,,,,,NULL,,,
8211 siemens s7-300,,,,,o,,,
8212 siemens s7-300,,,,,O,,,
8213 siemens s7-300,,,,,OCS,,,
8214 siemens s7-300,,,,,oem,,,
8215 siemens s7-300,,,,,OEM,,,
8216 siemens s7-300,,,,,OkiLAN,,,
8217 siemens s7-300,,,,,OKILAN,,,
8218 siemens s7-300,,,,,omron,,,
8219 siemens s7-300,,,,,OMRON,,,
8220 siemens s7-300,,,,,oo,,,
8221 siemens s7-300,,,,,OO,,,
8222 siemens s7-300,,,,,ooo,,,
8223 siemens s7-300,,,,,OOO,,,
8224 siemens s7-300,,,,,oooo,,,
8225 siemens s7-300,,,,,OOOO,,,
8226 siemens s7-300,,,,,ooooo,,,
8227 siemens s7-300,,,,,OOOOO,,,
8228 siemens s7-300,,,,,oooooo,,,
8229 siemens s7-300,,,,,OOOOOO,,,
8230 siemens s7-300,,,,,ooooooo,,,
8231 siemens s7-300,,,,,OOOOOOO,,,
8232 siemens s7-300,,,,,oooooooo,,,
8233 siemens s7-300,,,,,OOOOOOOO,,,
8234 siemens s7-300,,,,,op3n,,,
8235 siemens s7-300,,,,,operator,,,
8236 siemens s7-300,,,,,OPERATOR,,,
8237 siemens s7-300,,,,,Opto,,,
8238 siemens s7-300,,,,,OPTO,,,
8239 siemens s7-300,,,,,owner,,,
8240 siemens s7-300,,,,,OWNER,,,
8241 siemens s7-300,,,,,p,,,
8242 siemens s7-300,,,,,P,,,
8243 siemens s7-300,,,,,P@55w0rd!,,,
8244 siemens s7-300,,,,,pas,,,
8245 siemens s7-300,,,,,PAS,,,
8246 siemens s7-300,,,,,pass,,,
8247 siemens s7-300,,,,,PASS,,,
8248 siemens s7-300,,,,,PASSAGE,,,
8249 siemens s7-300,,,,,passage,,,
8250 siemens s7-300,,,,,passw,,,
8251 siemens s7-300,,,,,PASSW,,,
8252 siemens s7-300,,,,,passwd,,,
8253 siemens s7-300,,,,,PASSWD,,,
8254 siemens s7-300,,,,,passwo,,,
8255 siemens s7-300,,,,,PASSWO,,,
8256 siemens s7-300,,,,,passwor,,,
8257 siemens s7-300,,,,,PASSWOR,,,
8258 siemens s7-300,,,,,password,,,
8259 siemens s7-300,,,,,PASSWORD,,,
8260 siemens s7-300,,,,,pat,,,
8261 siemens s7-300,,,,,PAT,,,
8262 siemens s7-300,,,,,paterna,,,
8263 siemens s7-300,,,,,PATERNA,,,
8264 siemens s7-300,,,,,patrick,,,
8265 siemens s7-300,,,,,PATRICK,,,
8266 siemens s7-300,,,,,patrol,,,
8267 siemens s7-300,,,,,PATROL,,,
8268 siemens s7-300,,,,,PBX,,,
8269 siemens s7-300,,,,,pbxk1064,,,
8270 siemens s7-300,,,,,PBXK1064,,,
8271 siemens s7-300,,,,,pcs7,,,
8272 siemens s7-300,,,,,PCS7,,,
8273 siemens s7-300,,,,,pentium,,,
8274 siemens s7-300,,,,,PENTIUM,,,
8275 siemens s7-300,,,,,pento,,,
8276 siemens s7-300,,,,,PENTO,,,
8277 siemens s7-300,,,,,pepper,,,
8278 siemens s7-300,,,,,PEPPER,,,
8279 siemens s7-300,,,,,pepsi,,,
8280 siemens s7-300,,,,,PEPSI,,,
8281 siemens s7-300,,,,,permit,,,
8282 siemens s7-300,,,,,PERMIT,,,
8283 siemens s7-300,,,,,personal,,,
8284 siemens s7-300,,,,,PERSONAL,,,
8285 siemens s7-300,,,,,pfsense,,,
8286 siemens s7-300,,,,,PFSENSE,,,
8287 siemens s7-300,,,,,photonix,,,
8288 siemens s7-300,,,,,PHOTONIX,,,
8289 siemens s7-300,,,,,pilou,,,
8290 siemens s7-300,,,,,PILOU,,,
8291 siemens s7-300,,,,,piranha,,,
8292 siemens s7-300,,,,,PIRANHA,,,
8293 siemens s7-300,,,,,plc,,,
8294 siemens s7-300,,,,,PLC,,,
8295 siemens s7-300,,,,,plcsim,,,
8296 siemens s7-300,,,,,PLCSIM,,,
8297 siemens s7-300,,,,,PlsChgMe,,,
8298 siemens s7-300,,,,,poerty,,,
8299 siemens s7-300,,,,,POERTY,,,
8300 siemens s7-300,,,,,policy,,,
8301 siemens s7-300,,,,,POLICY,,,
8302 siemens s7-300,,,,,Posterie,,,
8303 siemens s7-300,,,,,POSTERIE,,,
8304 siemens s7-300,,,,,power,,,
8305 siemens s7-300,,,,,POWER,,,
8306 siemens s7-300,,,,,pp,,,
8307 siemens s7-300,,,,,PP,,,
8308 siemens s7-300,,,,,ppp,,,
8309 siemens s7-300,,,,,PPP,,,
8310 siemens s7-300,,,,,pppp,,,
8311 siemens s7-300,,,,,PPPP,,,
8312 siemens s7-300,,,,,ppppp,,,
8313 siemens s7-300,,,,,PPPPP,,,
8314 siemens s7-300,,,,,pppppp,,,
8315 siemens s7-300,,,,,PPPPPP,,,
8316 siemens s7-300,,,,,ppppppp,,,
8317 siemens s7-300,,,,,PPPPPPP,,,
8318 siemens s7-300,,,,,pppppppp,,,
8319 siemens s7-300,,,,,PPPPPPPP,,,
8320 siemens s7-300,,,,,princess,,,
8321 siemens s7-300,,,,,PRINCESS,,,
8322 siemens s7-300,,,,,private,,,
8323 siemens s7-300,,,,,PRIVATE,,,
8324 siemens s7-300,,,,,proddta,,,
8325 siemens s7-300,,,,,PRODDTA,,,
8326 siemens s7-300,,,,,profibus,,,
8327 siemens s7-300,,,,,PROFIBUS,,,
8328 siemens s7-300,,,,,Protector,,,
8329 siemens s7-300,,,,,PROTECTOR,,,
8330 siemens s7-300,,,,,protool,,,
8331 siemens s7-300,,,,,PROTOOL,,,
8332 siemens s7-300,,,,,public,,,
8333 siemens s7-300,,,,,PUBLIC,,,
8334 siemens s7-300,,,,,pusy,,,
8335 siemens s7-300,,,,,PUSY,,,
8336 siemens s7-300,,,,,pw123,,,
8337 siemens s7-300,,,,,PW123,,,
8338 siemens s7-300,,,,,pwd,,,
8339 siemens s7-300,,,,,PWD,,,
8340 siemens s7-300,,,,,q,,,
8341 siemens s7-300,,,,,Q,,,
8342 siemens s7-300,,,,,qawsed,,,
8343 siemens s7-300,,,,,qq,,,
8344 siemens s7-300,,,,,QQ,,,
8345 siemens s7-300,,,,,qq520,,,
8346 siemens s7-300,,,,,QQ520,,,
8347 siemens s7-300,,,,,qqq,,,
8348 siemens s7-300,,,,,QQQ,,,
8349 siemens s7-300,,,,,qqqq,,,
8350 siemens s7-300,,,,,QQQQ,,,
8351 siemens s7-300,,,,,qqqqq,,,
8352 siemens s7-300,,,,,QQQQQ,,,
8353 siemens s7-300,,,,,qqqqqq,,,
8354 siemens s7-300,,,,,QQQQQQ,,,
8355 siemens s7-300,,,,,qqqqqqq,,,
8356 siemens s7-300,,,,,QQQQQQQ,,,
8357 siemens s7-300,,,,,qqqqqqqq,,,
8358 siemens s7-300,,,,,QQQQQQQQ,,,
8359 siemens s7-300,,,,,qwe,,,
8360 siemens s7-300,,,,,qwer,,,
8361 siemens s7-300,,,,,QWER,,,
8362 siemens s7-300,,,,,QWERT,,,
8363 siemens s7-300,,,,,qwerty,,,
8364 siemens s7-300,,,,,QWERTY,,,
8365 siemens s7-300,,,,,qwerty1,,,
8366 siemens s7-300,,,,,qwertyu,,,
8367 siemens s7-300,,,,,QWERTYU,,,
8368 siemens s7-300,,,,,qwertyui,,,
8369 siemens s7-300,,,,,QWERTYUI,,,
8370 siemens s7-300,,,,,r,,,
8371 siemens s7-300,,,,,R,,,
8372 siemens s7-300,,,,,r@p8p0r+,,,
8373 siemens s7-300,,,,,R1QTPS,,,
8374 siemens s7-300,,,,,rade0n,,,
8375 siemens s7-300,,,,,RADE0N,,,
8376 siemens s7-300,,,,,RADEON,,,
8377 siemens s7-300,,,,,radius,,,
8378 siemens s7-300,,,,,RADIUS,,,
8379 siemens s7-300,,,,,radware,,,
8380 siemens s7-300,,,,,RADWARE,,,
8381 siemens s7-300,,,,,rdfhnbhf,,,
8382 siemens s7-300,,,,,RDFHNBHF,,,
8383 siemens s7-300,,,,,recovery,,,
8384 siemens s7-300,,,,,RECOVERY,,,
8385 siemens s7-300,,,,,rego,,,
8386 siemens s7-300,,,,,REGO,,,
8387 siemens s7-300,,,,,remote,,,
8388 siemens s7-300,,,,,REMOTE,,,
8389 siemens s7-300,,,,,rip000,,,
8390 siemens s7-300,,,,,RIP000,,,
8391 siemens s7-300,,,,,rittal,,,
8392 siemens s7-300,,,,,RITTAL,,,
8393 siemens s7-300,,,,,robele,,,
8394 siemens s7-300,,,,,ROBELLE,,,
8395 siemens s7-300,,,,,root,,,
8396 siemens s7-300,,,,,ROOT,,,
8397 siemens s7-300,,,,,ROOT500,,,
8398 siemens s7-300,,,,,router,,,
8399 siemens s7-300,,,,,ROUTER,,,
8400 siemens s7-300,,,,,rr,,,
8401 siemens s7-300,,,,,RR,,,
8402 siemens s7-300,,,,,rrr,,,
8403 siemens s7-300,,,,,RRR,,,
8404 siemens s7-300,,,,,rrrr,,,
8405 siemens s7-300,,,,,RRRR,,,
8406 siemens s7-300,,,,,rrrrr,,,
8407 siemens s7-300,,,,,RRRRR,,,
8408 siemens s7-300,,,,,rrrrrr,,,
8409 siemens s7-300,,,,,RRRRRR,,,
8410 siemens s7-300,,,,,rrrrrrr,,,
8411 siemens s7-300,,,,,RRRRRRR,,,
8412 siemens s7-300,,,,,rrrrrrrr,,,
8413 siemens s7-300,,,,,RRRRRRRR,,,
8414 siemens s7-300,,,,,rs4igoy,,,
8415 siemens s7-300,,,,,RS4IGOY,,,
8416 siemens s7-300,,,,,RSX,,,
8417 siemens s7-300,,,,,rtyhn,,,
8418 siemens s7-300,,,,,RTYHN,,,
8419 siemens s7-300,,,,,run-p,,,
8420 siemens s7-300,,,,,RUN-P,,,
8421 siemens s7-300,,,,,russia,,,
8422 siemens s7-300,,,,,RUSSIA,,,
8423 siemens s7-300,,,,,rwmaint,,,
8424 siemens s7-300,,,,,RWMAINT,,,
8425 siemens s7-300,,,,,s,,,
8426 siemens s7-300,,,,,S,,,
8427 siemens s7-300,,,,,s7,,,
8428 siemens s7-300,,,,,S7,,,
8429 siemens s7-300,,,,,s7-300,,,
8430 siemens s7-300,,,,,S7-300,,,
8431 siemens s7-300,,,,,s7-400,,,
8432 siemens s7-300,,,,,S7-400,,,
8433 siemens s7-300,,,,,scout,,,
8434 siemens s7-300,,,,,SCOUT,,,
8435 siemens s7-300,,,,,search,,,
8436 siemens s7-300,,,,,SEARCH,,,
8437 siemens s7-300,,,,,secret,,,
8438 siemens s7-300,,,,,SECRET,,,
8439 siemens s7-300,,,,,secure,,,
8440 siemens s7-300,,,,,SECURE,,,
8441 siemens s7-300,,,,,security,,,
8442 siemens s7-300,,,,,SECURITY,,,
8443 siemens s7-300,,,,,sekret,,,
8444 siemens s7-300,,,,,SEKRET,,,
8445 siemens s7-300,,,,,Sensor,,,
8446 siemens s7-300,,,,,serco,,,
8447 siemens s7-300,,,,,SERCO,,,
8448 siemens s7-300,,,,,serial#,,,
8449 siemens s7-300,,,,,serovox,,,
8450 siemens s7-300,,,,,SEROVOX,,,
8451 siemens s7-300,,,,,server,,,
8452 siemens s7-300,,,,,SERVER,,,
8453 siemens s7-300,,,,,SESAME,,,
8454 siemens s7-300,,,,,setherco,,,
8455 siemens s7-300,,,,,SETHERCO,,,
8456 siemens s7-300,,,,,setup,,,
8457 siemens s7-300,,,,,SETUP,,,
8458 siemens s7-300,,,,,sex,,,
8459 siemens s7-300,,,,,SEX,,,
8460 siemens s7-300,,,,,sgena,,,
8461 siemens s7-300,,,,,SGENA,,,
8462 siemens s7-300,,,,,sgilent,,,
8463 siemens s7-300,,,,,SGILENT,,,
8464 siemens s7-300,,,,,shadow,,,
8465 siemens s7-300,,,,,SHADOW,,,
8466 siemens s7-300,,,,,Sharp,,,
8467 siemens s7-300,,,,,sicostart,,,
8468 siemens s7-300,,,,,SICOSTART,,,
8469 siemens s7-300,,,,,siemens,,,
8470 siemens s7-300,,,,,SIEMENS,,,
8471 siemens s7-300,,,,,simatic,,,
8472 siemens s7-300,,,,,SIMATIC,,,
8473 siemens s7-300,,,,,simens,,,
8474 siemens s7-300,,,,,SIMENS,,,
8475 siemens s7-300,,,,,simo,,,
8476 siemens s7-300,,,,,SIMO,,,
8477 siemens s7-300,,,,,simocode,,,
8478 siemens s7-300,,,,,SIMOCODE,,,
8479 siemens s7-300,,,,,simoreg,,,
8480 siemens s7-300,,,,,SIMOREG,,,
8481 siemens s7-300,,,,,simovert,,,
8482 siemens s7-300,,,,,SIMOVERT,,,
8483 siemens s7-300,,,,,simtec,,,
8484 siemens s7-300,,,,,SIMTEC,,,
8485 siemens s7-300,,,,,sirborn,,,
8486 siemens s7-300,,,,,SIRBORN,,,
8487 siemens s7-300,,,,,sitop,,,
8488 siemens s7-300,,,,,SITOP,,,
8489 siemens s7-300,,,,,SKY_FOX,,,
8490 siemens s7-300,,,,,slave,,,
8491 siemens s7-300,,,,,SLAVE,,,
8492 siemens s7-300,,,,,slipknot,,,
8493 siemens s7-300,,,,,SLIPKNOT,,,
8494 siemens s7-300,,,,,SMDR,,,
8495 siemens s7-300,,,,,smile,,,
8496 siemens s7-300,,,,,SMILE,,,
8497 siemens s7-300,,,,,smuser,,,
8498 siemens s7-300,,,,,SMUSER,,,
8499 siemens s7-300,,,,,snoopy,,,
8500 siemens s7-300,,,,,SNOOPY,,,
8501 siemens s7-300,,,,,soccer,,,
8502 siemens s7-300,,,,,SOCCER,,,
8503 siemens s7-300,,,,,solution,,,
8504 siemens s7-300,,,,,SOLUTION,,,
8505 siemens s7-300,,,,,SpIp,,,
8506 siemens s7-300,,,,,ss,,,
8507 siemens s7-300,,,,,SS,,,
8508 siemens s7-300,,,,,SSA,,,
8509 siemens s7-300,,,,,sss,,,
8510 siemens s7-300,,,,,SSS,,,
8511 siemens s7-300,,,,,ssss,,,
8512 siemens s7-300,,,,,SSSS,,,
8513 siemens s7-300,,,,,sssss,,,
8514 siemens s7-300,,,,,SSSSS,,,
8515 siemens s7-300,,,,,ssssss,,,
8516 siemens s7-300,,,,,SSSSSS,,,
8517 siemens s7-300,,,,,sssssss,,,
8518 siemens s7-300,,,,,SSSSSSS,,,
8519 siemens s7-300,,,,,ssssssss,,,
8520 siemens s7-300,,,,,SSSSSSSS,,,
8521 siemens s7-300,,,,,stan,,,
8522 siemens s7-300,,,,,STAN,,,
8523 siemens s7-300,,,,,star,,,
8524 siemens s7-300,,,,,STAR,,,
8525 siemens s7-300,,,,,starwar,,,
8526 siemens s7-300,,,,,STARWAR,,,
8527 siemens s7-300,,,,,step5,,,
8528 siemens s7-300,,,,,STEP5,,,
8529 siemens s7-300,,,,,step7,,,
8530 siemens s7-300,,,,,STEP7,,,
8531 siemens s7-300,,,,,stimpy,,,
8532 siemens s7-300,,,,,STIMPY,,,
8533 siemens s7-300,,,,,stl,,,
8534 siemens s7-300,,,,,STL,,,
8535 siemens s7-300,,,,,stop,,,
8536 siemens s7-300,,,,,STOP,,,
8537 siemens s7-300,,,,,ststic,,,
8538 siemens s7-300,,,,,STSTIC,,,
8539 siemens s7-300,,,,,summer,,,
8540 siemens s7-300,,,,,SUMMER,,,
8541 siemens s7-300,,,,,sunrise,,,
8542 siemens s7-300,,,,,SUNRISE,,,
8543 siemens s7-300,,,,,Super,,,
8544 siemens s7-300,,,,,superid,,,
8545 siemens s7-300,,,,,SUPERID,,,
8546 siemens s7-300,,,,,superman,,,
8547 siemens s7-300,,,,,SUPERMAN,,,
8548 siemens s7-300,,,,,support,,,
8549 siemens s7-300,,,,,SUPPORT,,,
8550 siemens s7-300,,,,,surt,,,
8551 siemens s7-300,,,,,SURT,,,
8552 siemens s7-300,,,,,switch,,,
8553 siemens s7-300,,,,,SWITCH,,,
8554 siemens s7-300,,,,,sybase,,,
8555 siemens s7-300,,,,,SYBASE,,,
8556 siemens s7-300,,,,,Symbol,,,
8557 siemens s7-300,,,,,SYMBOL,,,
8558 siemens s7-300,,,,,synnet,,,
8559 siemens s7-300,,,,,SYNNET,,,
8560 siemens s7-300,,,,,sysadm,,,
8561 siemens s7-300,,,,,SYSADM,,,
8562 siemens s7-300,,,,,SYSDISC,,,
8563 siemens s7-300,,,,,sysdisk,,,
8564 siemens s7-300,,,,,system,,,
8565 siemens s7-300,,,,,SYSTEM,,,
8566 siemens s7-300,,,,,t,,,
8567 siemens s7-300,,,,,T,,,
8568 siemens s7-300,,,,,talent,,,
8569 siemens s7-300,,,,,TALENT,,,
8570 siemens s7-300,,,,,TALINUZ,,,
8571 siemens s7-300,,,,,talisman,,,
8572 siemens s7-300,,,,,TALISMAN,,,
8573 siemens s7-300,,,,,TANDBERG,,,
8574 siemens s7-300,,,,,TCH,,,
8575 siemens s7-300,,,,,tech,,,
8576 siemens s7-300,,,,,TECH,,,
8577 siemens s7-300,,,,,telco,,,
8578 siemens s7-300,,,,,TELCO,,,
8579 siemens s7-300,,,,,telecom,,,
8580 siemens s7-300,,,,,Telecom,,,
8581 siemens s7-300,,,,,TELECOM,,,
8582 siemens s7-300,,,,,telesup,,,
8583 siemens s7-300,,,,,TELESUP,,,
8584 siemens s7-300,,,,,tellabs#1,,,
8585 siemens s7-300,,,,,telus,,,
8586 siemens s7-300,,,,,TELUS,,,
8587 siemens s7-300,,,,,temp,,,
8588 siemens s7-300,,,,,TEMP,,,
8589 siemens s7-300,,,,,temp123,,,
8590 siemens s7-300,,,,,TEMP123,,,
8591 siemens s7-300,,,,,test,,,
8592 siemens s7-300,,,,,TEST,,,
8593 siemens s7-300,,,,,test123,,,
8594 siemens s7-300,,,,,TEST123,,,
8595 siemens s7-300,,,,,thomas,,,
8596 siemens s7-300,,,,,Thomas,,,
8597 siemens s7-300,,,,,THOMAS,,,
8598 siemens s7-300,,,,,tiaranet,,,
8599 siemens s7-300,,,,,TIARANET,,,
8600 siemens s7-300,,,,,tiger123,,,
8601 siemens s7-300,,,,,TIGER123,,,
8602 siemens s7-300,,,,,timely,,,
8603 siemens s7-300,,,,,TIMELY,,,
8604 siemens s7-300,,,,,tini,,,
8605 siemens s7-300,,,,,TINI,,,
8606 siemens s7-300,,,,,tivonpw,,,
8607 siemens s7-300,,,,,TIVONPW,,,
8608 siemens s7-300,,,,,tjm,,,
8609 siemens s7-300,,,,,TJM,,,
8610 siemens s7-300,,,,,tlah,,,
8611 siemens s7-300,,,,,TLAH,,,
8612 siemens s7-300,,,,,toolset,,,
8613 siemens s7-300,,,,,TOOLSET,,,
8614 siemens s7-300,,,,,trancell,,,
8615 siemens s7-300,,,,,TRANCELL,,,
8616 siemens s7-300,,,,,tratata,,,
8617 siemens s7-300,,,,,TRATATA,,,
8618 siemens s7-300,,,,,tslinux,,,
8619 siemens s7-300,,,,,TSLINUX,,,
8620 siemens s7-300,,,,,tt,,,
8621 siemens s7-300,,,,,TT,,,
8622 siemens s7-300,,,,,ttt,,,
8623 siemens s7-300,,,,,TTT,,,
8624 siemens s7-300,,,,,tttt,,,
8625 siemens s7-300,,,,,TTTT,,,
8626 siemens s7-300,,,,,ttttt,,,
8627 siemens s7-300,,,,,TTTTT,,,
8628 siemens s7-300,,,,,tttttt,,,
8629 siemens s7-300,,,,,TTTTTT,,,
8630 siemens s7-300,,,,,ttttttt,,,
8631 siemens s7-300,,,,,TTTTTTT,,,
8632 siemens s7-300,,,,,tttttttt,,,
8633 siemens s7-300,,,,,TTTTTTTT,,,
8634 siemens s7-300,,,,,tuborg,,,
8635 siemens s7-300,,,,,TUBORG,,,
8636 siemens s7-300,,,,,tuxalize,,,
8637 siemens s7-300,,,,,TUXALIZE,,,
8638 siemens s7-300,,,,,tx100,,,
8639 siemens s7-300,,,,,TX100,,,
8640 siemens s7-300,,,,,u,,,
8641 siemens s7-300,,,,,U,,,
8642 siemens s7-300,,,,,uplink,,,
8643 siemens s7-300,,,,,UPLINK,,,
8644 siemens s7-300,,,,,user,,,
8645 siemens s7-300,,,,,USER,,,
8646 siemens s7-300,,,,,uu,,,
8647 siemens s7-300,,,,,UU,,,
8648 siemens s7-300,,,,,uuu,,,
8649 siemens s7-300,,,,,UUU,,,
8650 siemens s7-300,,,,,uuuu,,,
8651 siemens s7-300,,,,,UUUU,,,
8652 siemens s7-300,,,,,uuuuu,,,
8653 siemens s7-300,,,,,UUUUU,,,
8654 siemens s7-300,,,,,uuuuuu,,,
8655 siemens s7-300,,,,,UUUUUU,,,
8656 siemens s7-300,,,,,uuuuuuu,,,
8657 siemens s7-300,,,,,UUUUUUU,,,
8658 siemens s7-300,,,,,uuuuuuuu,,,
8659 siemens s7-300,,,,,UUUUUUUU,,,
8660 siemens s7-300,,,,,v,,,
8661 siemens s7-300,,,,,V,,,
8662 siemens s7-300,,,,,vesoft,,,
8663 siemens s7-300,,,,,VESOFT,,,
8664 siemens s7-300,,,,,visual,,,
8665 siemens s7-300,,,,,VISUAL,,,
8666 siemens s7-300,,,,,vjqgfhjkm,,,
8667 siemens s7-300,,,,,VJQGFHJKM,,,
8668 siemens s7-300,,,,,vodka,,,
8669 siemens s7-300,,,,,VODKA,,,
8670 siemens s7-300,,,,,volition,,,
8671 siemens s7-300,,,,,VOLITION,,,
8672 siemens s7-300,,,,,vv,,,
8673 siemens s7-300,,,,,VV,,,
8674 siemens s7-300,,,,,vvv,,,
8675 siemens s7-300,,,,,VVV,,,
8676 siemens s7-300,,,,,vvvv,,,
8677 siemens s7-300,,,,,VVVV,,,
8678 siemens s7-300,,,,,vvvvv,,,
8679 siemens s7-300,,,,,VVVVV,,,
8680 siemens s7-300,,,,,vvvvvv,,,
8681 siemens s7-300,,,,,VVVVVV,,,
8682 siemens s7-300,,,,,vvvvvvv,,,
8683 siemens s7-300,,,,,VVVVVVV,,,
8684 siemens s7-300,,,,,vvvvvvvv,,,
8685 siemens s7-300,,,,,VVVVVVVV,,,
8686 siemens s7-300,,,,,w,,,
8687 siemens s7-300,,,,,W,,,
8688 siemens s7-300,,,,,W9F3,,,
8689 siemens s7-300,,,,,webadmin,,,
8690 siemens s7-300,,,,,WEBADMIN,,,
8691 siemens s7-300,,,,,win,,,
8692 siemens s7-300,,,,,WIN,,,
8693 siemens s7-300,,,,,wincc,,,
8694 siemens s7-300,,,,,WINCC,,,
8695 siemens s7-300,,,,,winterm,,,
8696 siemens s7-300,,,,,WINTERM,,,
8697 siemens s7-300,,,,,Wireless,,,
8698 siemens s7-300,,,,,WIRELESS,,,
8699 siemens s7-300,,,,,wizard,,,
8700 siemens s7-300,,,,,WIZARD,,,
8701 siemens s7-300,,,,,wlsedb,,,
8702 siemens s7-300,,,,,WLSEDB,,,
8703 siemens s7-300,,,,,wolf,,,
8704 siemens s7-300,,,,,WONF,,,
8705 siemens s7-300,,,,,ww,,,
8706 siemens s7-300,,,,,WW,,,
8707 siemens s7-300,,,,,www,,,
8708 siemens s7-300,,,,,WWW,,,
8709 siemens s7-300,,,,,wwww,,,
8710 siemens s7-300,,,,,WWWW,,,
8711 siemens s7-300,,,,,wwwww,,,
8712 siemens s7-300,,,,,WWWWW,,,
8713 siemens s7-300,,,,,wwwwww,,,
8714 siemens s7-300,,,,,WWWWWW,,,
8715 siemens s7-300,,,,,wwwwwww,,,
8716 siemens s7-300,,,,,WWWWWWW,,,
8717 siemens s7-300,,,,,wwwwwwww,,,
8718 siemens s7-300,,,,,WWWWWWWW,,,
8719 siemens s7-300,,,,,wyse,,,
8720 siemens s7-300,,,,,WYSE,,,
8721 siemens s7-300,,,,,x,,,
8722 siemens s7-300,,,,,X,,,
8723 siemens s7-300,,,,,x40rocks,,,
8724 siemens s7-300,,,,,X40ROCKS,,,
8725 siemens s7-300,,,,,x-admin,,,
8726 siemens s7-300,,,,,X-ADMIN,,,
8727 siemens s7-300,,,,,xbox,,,
8728 siemens s7-300,,,,,XBOX,,,
8729 siemens s7-300,,,,,xlserver,,,
8730 siemens s7-300,,,,,XLSERVER,,,
8731 siemens s7-300,,,,,xx,,,
8732 siemens s7-300,,,,,XX,,,
8733 siemens s7-300,,,,,xxx,,,
8734 siemens s7-300,,,,,XXX,,,
8735 siemens s7-300,,,,,xxxx,,,
8736 siemens s7-300,,,,,XXXX,,,
8737 siemens s7-300,,,,,xxxxx,,,
8738 siemens s7-300,,,,,XXXXX,,,
8739 siemens s7-300,,,,,xxxxxx,,,
8740 siemens s7-300,,,,,XXXXXX,,,
8741 siemens s7-300,,,,,xxxxxxx,,,
8742 siemens s7-300,,,,,XXXXXXX,,,
8743 siemens s7-300,,,,,xxxxxxxx,,,
8744 siemens s7-300,,,,,XXXXXXXX,,,
8745 siemens s7-300,,,,,xxyyzz,,,
8746 siemens s7-300,,,,,XXYYZZ,,,
8747 siemens s7-300,,,,,y,,,
8748 siemens s7-300,,,,,Y,,,
8749 siemens s7-300,,,,,yxcv,,,
8750 siemens s7-300,,,,,YXCV,,,
8751 siemens s7-300,,,,,yy,,,
8752 siemens s7-300,,,,,YY,,,
8753 siemens s7-300,,,,,yyy,,,
8754 siemens s7-300,,,,,YYY,,,
8755 siemens s7-300,,,,,yyyy,,,
8756 siemens s7-300,,,,,YYYY,,,
8757 siemens s7-300,,,,,yyyyy,,,
8758 siemens s7-300,,,,,YYYYY,,,
8759 siemens s7-300,,,,,yyyyyy,,,
8760 siemens s7-300,,,,,YYYYYY,,,
8761 siemens s7-300,,,,,yyyyyyy,,,
8762 siemens s7-300,,,,,YYYYYYY,,,
8763 siemens s7-300,,,,,yyyyyyyy,,,
8764 siemens s7-300,,,,,YYYYYYYY,,,
8765 siemens s7-300,,,,,z,,,
8766 siemens s7-300,,,,,Z,,,
8767 siemens s7-300,,,,,z0ne,,,
8768 siemens s7-300,,,,,Z0NE,,,
8769 siemens s7-300,,,,,zettler,,,
8770 siemens s7-300,,,,,ZETTLER,,,
8771 siemens s7-300,,,,,zippo,,,
8772 siemens s7-300,,,,,ZIPPO,,,
8773 siemens s7-300,,,,,zone,,,
8774 siemens s7-300,,,,,ZONE,,,
8775 siemens s7-300,,,,,zoomadsl,,,
8776 siemens s7-300,,,,,ZOOMADSL,,,
8777 siemens s7-300,,,,,zorro,,,
8778 siemens s7-300,,,,,ZORRO,,,
8779 siemens s7-300,,,,,zorromen,,,
8780 siemens s7-300,,,,,ZORROMEN,,,
8781 siemens s7-300,,,,,zxc,,,
8782 siemens s7-300,,,,,ZXC,,,
8783 siemens s7-300,,,,,zxcv,,,
8784 siemens s7-300,,,,,ZXCV,,,
8785 siemens s7-300,,,,,zxcvb,,,
8786 siemens s7-300,,,,,ZXCVB,,,
8787 siemens s7-300,,,,,zxcvbn,,,
8788 siemens s7-300,,,,,ZXCVBN,,,
8789 siemens s7-300,,,,,zxcvbnm,,,
8790 siemens s7-300,,,,,ZXCVBNM,,,
8791 siemens s7-300,,,,,zxcvbnm,,,,
8792 siemens s7-300,,,,,ZXCVBNM,,,,
8793 siemens s7-300,,,,,zz,,,
8794 siemens s7-300,,,,,ZZ,,,
8795 siemens s7-300,,,,,zzz,,,
8796 siemens s7-300,,,,,ZZZ,,,
8797 siemens s7-300,,,,,zzzz,,,
8798 siemens s7-300,,,,,ZZZZ,,,
8799 siemens s7-300,,,,,zzzzz,,,
8800 siemens s7-300,,,,,ZZZZZ,,,
8801 siemens s7-300,,,,,zzzzzz,,,
8802 siemens s7-300,,,,,ZZZZZZ,,,
8803 siemens s7-300,,,,,zzzzzzz,,,
8804 siemens s7-300,,,,,ZZZZZZZ,,,
8805 siemens s7-300,,,,,zzzzzzzz,,,
8806 siemens s7-300,,,,,ZZZZZZZZ,,,
+1890
-0
dpl4hydra_local.csv less more
69146914 zyxel,linux,4,http://192.168.1.1:8080,user,mr37net,root,-,
69156915 zyxel,p-660hw,t1,http://192.168.1.1,,,admin,,
69166916 zyxel,zyxer,cable moden,http:192.168.1.1:8080,webadmin,1234,user,desprogamado,
6917 siemens s7-300,,,,,',,,
6918 siemens s7-300,,,,,'',,,
6919 siemens s7-300,,,,,''',,,
6920 siemens s7-300,,,,,'''',,,
6921 siemens s7-300,,,,,''''',,,
6922 siemens s7-300,,,,,'''''',,,
6923 siemens s7-300,,,,,''''''',,,
6924 siemens s7-300,,,,,'''''''',,,
6925 siemens s7-300,,,,,-,,,
6926 siemens s7-300,,,,,--,,,
6927 siemens s7-300,,,,,---,,,
6928 siemens s7-300,,,,,----,,,
6929 siemens s7-300,,,,,-----,,,
6930 siemens s7-300,,,,,------,,,
6931 siemens s7-300,,,,,-------,,,
6932 siemens s7-300,,,,,--------,,,
6933 siemens s7-300,,,,,!manage,,,
6934 siemens s7-300,,,,,!MANAGE,,,
6935 siemens s7-300,,,,,$secure$,,,
6936 siemens s7-300,,,,,*,,,
6937 siemens s7-300,,,,,**,,,
6938 siemens s7-300,,,,,***,,,
6939 siemens s7-300,,,,,****,,,
6940 siemens s7-300,,,,,*****,,,
6941 siemens s7-300,,,,,******,,,
6942 siemens s7-300,,,,,*******,,,
6943 siemens s7-300,,,,,********,,,
6944 siemens s7-300,,,,,,,,,
6945 siemens s7-300,,,,,,,,,,
6946 siemens s7-300,,,,,,,,,,,
6947 siemens s7-300,,,,,,,,,,,,
6948 siemens s7-300,,,,,,,,,,,,,
6949 siemens s7-300,,,,,,,,,,,,,,
6950 siemens s7-300,,,,,,,,,,,,,,,
6951 siemens s7-300,,,,,,,,,,,,,,,,
6952 siemens s7-300,,,,,.,,,
6953 siemens s7-300,,,,,..,,,
6954 siemens s7-300,,,,,...,,,
6955 siemens s7-300,,,,,....,,,
6956 siemens s7-300,,,,,.....,,,
6957 siemens s7-300,,,,,......,,,
6958 siemens s7-300,,,,,.......,,,
6959 siemens s7-300,,,,,........,,,
6960 siemens s7-300,,,,,/,,,
6961 siemens s7-300,,,,,//,,,
6962 siemens s7-300,,,,,///,,,
6963 siemens s7-300,,,,,////,,,
6964 siemens s7-300,,,,,/////,,,
6965 siemens s7-300,,,,,//////,,,
6966 siemens s7-300,,,,,///////,,,
6967 siemens s7-300,,,,,////////,,,
6968 siemens s7-300,,,,,;,,,
6969 siemens s7-300,,,,,;;,,,
6970 siemens s7-300,,,,,;;;,,,
6971 siemens s7-300,,,,,;;;;,,,
6972 siemens s7-300,,,,,;;;;;,,,
6973 siemens s7-300,,,,,;;;;;;,,,
6974 siemens s7-300,,,,,;;;;;;;,,,
6975 siemens s7-300,,,,,;;;;;;;;,,,
6976 siemens s7-300,,,,,@#$123,,,
6977 siemens s7-300,,,,,[,,,
6978 siemens s7-300,,,,,[[,,,
6979 siemens s7-300,,,,,[[[,,,
6980 siemens s7-300,,,,,[[[[,,,
6981 siemens s7-300,,,,,[[[[[,,,
6982 siemens s7-300,,,,,[[[[[[,,,
6983 siemens s7-300,,,,,[[[[[[[,,,
6984 siemens s7-300,,,,,[[[[[[[[,,,
6985 siemens s7-300,,,,,],,,
6986 siemens s7-300,,,,,]],,,
6987 siemens s7-300,,,,,]]],,,
6988 siemens s7-300,,,,,]]]],,,
6989 siemens s7-300,,,,,]]]]],,,
6990 siemens s7-300,,,,,]]]]]],,,
6991 siemens s7-300,,,,,]]]]]]],,,
6992 siemens s7-300,,,,,]]]]]]]],,,
6993 siemens s7-300,,,,,_Cisco,,,
6994 siemens s7-300,,,,,`,,,
6995 siemens s7-300,,,,,``,,,
6996 siemens s7-300,,,,,```,,,
6997 siemens s7-300,,,,,````,,,
6998 siemens s7-300,,,,,`````,,,
6999 siemens s7-300,,,,,``````,,,
7000 siemens s7-300,,,,,```````,,,
7001 siemens s7-300,,,,,````````,,,
7002 siemens s7-300,,,,,+,,,
7003 siemens s7-300,,,,,++,,,
7004 siemens s7-300,,,,,+++,,,
7005 siemens s7-300,,,,,++++,,,
7006 siemens s7-300,,,,,+++++,,,
7007 siemens s7-300,,,,,++++++,,,
7008 siemens s7-300,,,,,+++++++,,,
7009 siemens s7-300,,,,,++++++++,,,
7010 siemens s7-300,,,,,=,,,
7011 siemens s7-300,,,,,==,,,
7012 siemens s7-300,,,,,===,,,
7013 siemens s7-300,,,,,====,,,
7014 siemens s7-300,,,,,=====,,,
7015 siemens s7-300,,,,,======,,,
7016 siemens s7-300,,,,,=======,,,
7017 siemens s7-300,,,,,========,,,
7018 siemens s7-300,,,,,0,,,
7019 siemens s7-300,,,,,00,,,
7020 siemens s7-300,,,,,000,,,
7021 siemens s7-300,,,,,0000,,,
7022 siemens s7-300,,,,,00000,,,
7023 siemens s7-300,,,,,000000,,,
7024 siemens s7-300,,,,,0000000,,,
7025 siemens s7-300,,,,,00000000,,,
7026 siemens s7-300,,,,,00000001,,,
7027 siemens s7-300,,,,,0000001,,,
7028 siemens s7-300,,,,,000001,,,
7029 siemens s7-300,,,,,00001,,,
7030 siemens s7-300,,,,,0001,,,
7031 siemens s7-300,,,,,001,,,
7032 siemens s7-300,,,,,050952,,,
7033 siemens s7-300,,,,,0P3N,,,
7034 siemens s7-300,,,,,1,,,
7035 siemens s7-300,,,,,100,,,
7036 siemens s7-300,,,,,1000,,,
7037 siemens s7-300,,,,,10000,,,
7038 siemens s7-300,,,,,100000,,,
7039 siemens s7-300,,,,,1000000,,,
7040 siemens s7-300,,,,,10000000,,,
7041 siemens s7-300,,,,,10041979,,,
7042 siemens s7-300,,,,,1064,,,
7043 siemens s7-300,,,,,11,,,
7044 siemens s7-300,,,,,111,,,
7045 siemens s7-300,,,,,1111,,,
7046 siemens s7-300,,,,,11111,,,
7047 siemens s7-300,,,,,111111,,,
7048 siemens s7-300,,,,,1111111,,,
7049 siemens s7-300,,,,,11111111,,,
7050 siemens s7-300,,,,,11112222,,,
7051 siemens s7-300,,,,,112233,,,
7052 siemens s7-300,,,,,11223344,,,
7053 siemens s7-300,,,,,123,,,
7054 siemens s7-300,,,,,123123,,,
7055 siemens s7-300,,,,,12314500,,,
7056 siemens s7-300,,,,,123321,,,
7057 siemens s7-300,,,,,1234,,,
7058 siemens s7-300,,,,,12344321,,,
7059 siemens s7-300,,,,,12345,,,
7060 siemens s7-300,,,,,123456,,,
7061 siemens s7-300,,,,,1234567,,,
7062 siemens s7-300,,,,,12345678,,,
7063 siemens s7-300,,,,,12348765,,,
7064 siemens s7-300,,,,,123654,,,
7065 siemens s7-300,,,,,123asd,,,
7066 siemens s7-300,,,,,123ASD,,,
7067 siemens s7-300,,,,,123qwe,,,
7068 siemens s7-300,,,,,123QWE,,,
7069 siemens s7-300,,,,,1246,,,
7070 siemens s7-300,,,,,128bit,,,
7071 siemens s7-300,,,,,128BIT,,,
7072 siemens s7-300,,,,,1313,,,
7073 siemens s7-300,,,,,1502,,,
7074 siemens s7-300,,,,,151298,,,
7075 siemens s7-300,,,,,166816,,,
7076 siemens s7-300,,,,,180497,,,
7077 siemens s7-300,,,,,1890agb,,,
7078 siemens s7-300,,,,,1890AGB,,,
7079 siemens s7-300,,,,,1954,,,
7080 siemens s7-300,,,,,1G2W3E,,,
7081 siemens s7-300,,,,,1q2w3e,,,
7082 siemens s7-300,,,,,2,,,
7083 siemens s7-300,,,,,21,,,
7084 siemens s7-300,,,,,21241036,,,
7085 siemens s7-300,,,,,2128506,,,
7086 siemens s7-300,,,,,22,,,
7087 siemens s7-300,,,,,222,,,
7088 siemens s7-300,,,,,2222,,,
7089 siemens s7-300,,,,,22222,,,
7090 siemens s7-300,,,,,222222,,,
7091 siemens s7-300,,,,,2222222,,,
7092 siemens s7-300,,,,,22222222,,,
7093 siemens s7-300,,,,,266344,,,
7094 siemens s7-300,,,,,281067,,,
7095 siemens s7-300,,,,,281068,,,
7096 siemens s7-300,,,,,2BW9,,,
7097 siemens s7-300,,,,,2WSXcder,,,
7098 siemens s7-300,,,,,3,,,
7099 siemens s7-300,,,,,31994,,,
7100 siemens s7-300,,,,,321,,,
7101 siemens s7-300,,,,,33,,,
7102 siemens s7-300,,,,,333,,,
7103 siemens s7-300,,,,,3333,,,
7104 siemens s7-300,,,,,33333,,,
7105 siemens s7-300,,,,,333333,,,
7106 siemens s7-300,,,,,3333333,,,
7107 siemens s7-300,,,,,33333333,,,
7108 siemens s7-300,,,,,3477,,,
7109 siemens s7-300,,,,,355025,,,
7110 siemens s7-300,,,,,3597,,,
7111 siemens s7-300,,,,,3ascotel,,,
7112 siemens s7-300,,,,,3ASCOTEL,,,
7113 siemens s7-300,,,,,3ep5w2u,,,
7114 siemens s7-300,,,,,3orro,,,
7115 siemens s7-300,,,,,3ORRO,,,
7116 siemens s7-300,,,,,3ware,,,
7117 siemens s7-300,,,,,3WARE,,,
7118 siemens s7-300,,,,,4,,,
7119 siemens s7-300,,,,,42296795,,,
7120 siemens s7-300,,,,,4321,,,
7121 siemens s7-300,,,,,44,,,
7122 siemens s7-300,,,,,444,,,
7123 siemens s7-300,,,,,4444,,,
7124 siemens s7-300,,,,,44444,,,
7125 siemens s7-300,,,,,444444,,,
7126 siemens s7-300,,,,,4444444,,,
7127 siemens s7-300,,,,,44444444,,,
7128 siemens s7-300,,,,,4ert,,,
7129 siemens s7-300,,,,,4ERT,,,
7130 siemens s7-300,,,,,4G5K,,,
7131 siemens s7-300,,,,,4G7S,,,
7132 siemens s7-300,,,,,4getme2,,,
7133 siemens s7-300,,,,,4tas,,,
7134 siemens s7-300,,,,,4TAS,,,
7135 siemens s7-300,,,,,5,,,
7136 siemens s7-300,,,,,5001,,,
7137 siemens s7-300,,,,,5150,,,
7138 siemens s7-300,,,,,5201314,,,
7139 siemens s7-300,,,,,54321,,,
7140 siemens s7-300,,,,,55,,,
7141 siemens s7-300,,,,,55055,,,
7142 siemens s7-300,,,,,555,,,
7143 siemens s7-300,,,,,5555,,,
7144 siemens s7-300,,,,,55555,,,
7145 siemens s7-300,,,,,555555,,,
7146 siemens s7-300,,,,,5555555,,,
7147 siemens s7-300,,,,,55555555,,,
7148 siemens s7-300,,,,,56789,,,
7149 siemens s7-300,,,,,5693,,,
7150 siemens s7-300,,,,,5777364,,,
7151 siemens s7-300,,,,,5860,,,
7152 siemens s7-300,,,,,589589,,,
7153 siemens s7-300,,,,,6,,,
7154 siemens s7-300,,,,,60587,,,
7155 siemens s7-300,,,,,654321,,,
7156 siemens s7-300,,,,,66,,,
7157 siemens s7-300,,,,,666,,,
7158 siemens s7-300,,,,,6666,,,
7159 siemens s7-300,,,,,66666,,,
7160 siemens s7-300,,,,,666666,,,
7161 siemens s7-300,,,,,6666666,,,
7162 siemens s7-300,,,,,66666666,,,
7163 siemens s7-300,,,,,66808920,,,
7164 siemens s7-300,,,,,6969,,,
7165 siemens s7-300,,,,,7,,,
7166 siemens s7-300,,,,,7654321,,,
7167 siemens s7-300,,,,,77,,,
7168 siemens s7-300,,,,,777,,,
7169 siemens s7-300,,,,,7777,,,
7170 siemens s7-300,,,,,77777,,,
7171 siemens s7-300,,,,,777777,,,
7172 siemens s7-300,,,,,7777777,,,
7173 siemens s7-300,,,,,77777777,,,
7174 siemens s7-300,,,,,7SH4,,,
7175 siemens s7-300,,,,,8,,,
7176 siemens s7-300,,,,,8111,,,
7177 siemens s7-300,,,,,8429,,,
7178 siemens s7-300,,,,,851141,,,
7179 siemens s7-300,,,,,86844,,,
7180 siemens s7-300,,,,,8746550,,,
7181 siemens s7-300,,,,,87654321,,,
7182 siemens s7-300,,,,,88,,,
7183 siemens s7-300,,,,,888,,,
7184 siemens s7-300,,,,,8888,,,
7185 siemens s7-300,,,,,88888,,,
7186 siemens s7-300,,,,,888888,,,
7187 siemens s7-300,,,,,8888888,,,
7188 siemens s7-300,,,,,88888888,,,
7189 siemens s7-300,,,,,88981684,,,
7190 siemens s7-300,,,,,9,,,
7191 siemens s7-300,,,,,901100,,,
7192 siemens s7-300,,,,,99,,,
7193 siemens s7-300,,,,,999,,,
7194 siemens s7-300,,,,,9999,,,
7195 siemens s7-300,,,,,99999,,,
7196 siemens s7-300,,,,,999999,,,
7197 siemens s7-300,,,,,9999999,,,
7198 siemens s7-300,,,,,99999999,,,
7199 siemens s7-300,,,,,9W5K,,,
7200 siemens s7-300,,,,,a,,,
7201 siemens s7-300,,,,,A,,,
7202 siemens s7-300,,,,,a/d,,,
7203 siemens s7-300,,,,,A/D,,,
7204 siemens s7-300,,,,,aa,,,
7205 siemens s7-300,,,,,AA,,,
7206 siemens s7-300,,,,,aaa,,,
7207 siemens s7-300,,,,,AAA,,,
7208 siemens s7-300,,,,,aaaa,,,
7209 siemens s7-300,,,,,AAAA,,,
7210 siemens s7-300,,,,,aaaaa,,,
7211 siemens s7-300,,,,,AAAAA,,,
7212 siemens s7-300,,,,,aaaaaa,,,
7213 siemens s7-300,,,,,AAAAAA,,,
7214 siemens s7-300,,,,,aaaaaaa,,,
7215 siemens s7-300,,,,,AAAAAAA,,,
7216 siemens s7-300,,,,,aaaaaaaa,,,
7217 siemens s7-300,,,,,AAAAAAAA,,,
7218 siemens s7-300,,,,,aabbcc,,,
7219 siemens s7-300,,,,,AABBCC,,,
7220 siemens s7-300,,,,,aaeon,,,
7221 siemens s7-300,,,,,AAEON,,,
7222 siemens s7-300,,,,,aavid,,,
7223 siemens s7-300,,,,,AAVID,,,
7224 siemens s7-300,,,,,ab,,,
7225 siemens s7-300,,,,,AB,,,
7226 siemens s7-300,,,,,abb,,,
7227 siemens s7-300,,,,,ABB,,,
7228 siemens s7-300,,,,,abc,,,
7229 siemens s7-300,,,,,ABC,,,
7230 siemens s7-300,,,,,abc123,,,
7231 siemens s7-300,,,,,ABC123,,,
7232 siemens s7-300,,,,,abcd,,,
7233 siemens s7-300,,,,,ABCD,,,
7234 siemens s7-300,,,,,abcde,,,
7235 siemens s7-300,,,,,ABCDE,,,
7236 siemens s7-300,,,,,ABCDEF,,,
7237 siemens s7-300,,,,,abcdefg,,,
7238 siemens s7-300,,,,,ABCDEFG,,,
7239 siemens s7-300,,,,,abcdefgh,,,
7240 siemens s7-300,,,,,ABCDEFGH,,,
7241 siemens s7-300,,,,,abelconn,,,
7242 siemens s7-300,,,,,ABELCONN,,,
7243 siemens s7-300,,,,,abov,,,
7244 siemens s7-300,,,,,ABOV,,,
7245 siemens s7-300,,,,,abracon,,,
7246 siemens s7-300,,,,,ABRACON,,,
7247 siemens s7-300,,,,,absopuls,,,
7248 siemens s7-300,,,,,ABSOPULS,,,
7249 siemens s7-300,,,,,abtech,,,
7250 siemens s7-300,,,,,ABTECH,,,
7251 siemens s7-300,,,,,abunlock,,,
7252 siemens s7-300,,,,,ABUNLOCK,,,
7253 siemens s7-300,,,,,acam,,,
7254 siemens s7-300,,,,,ACAM,,,
7255 siemens s7-300,,,,,acc,,,
7256 siemens s7-300,,,,,ACC,,,
7257 siemens s7-300,,,,,access,,,
7258 siemens s7-300,,,,,ACCESS,,,
7259 siemens s7-300,,,,,accord,,,
7260 siemens s7-300,,,,,ACCORD,,,
7261 siemens s7-300,,,,,acon,,,
7262 siemens s7-300,,,,,ACON,,,
7263 siemens s7-300,,,,,acopian,,,
7264 siemens s7-300,,,,,ACOPIAN,,,
7265 siemens s7-300,,,,,acp,,,
7266 siemens s7-300,,,,,ACP,,,
7267 siemens s7-300,,,,,actel,,,
7268 siemens s7-300,,,,,ACTEL,,,
7269 siemens s7-300,,,,,activex,,,
7270 siemens s7-300,,,,,ACTIVEX,,,
7271 siemens s7-300,,,,,adactus,,,
7272 siemens s7-300,,,,,ADACTUS,,,
7273 siemens s7-300,,,,,adam,,,
7274 siemens s7-300,,,,,ADAM,,,
7275 siemens s7-300,,,,,adc,,,
7276 siemens s7-300,,,,,ADC,,,
7277 siemens s7-300,,,,,adcdef,,,
7278 siemens s7-300,,,,,adda,,,
7279 siemens s7-300,,,,,ADDA,,,
7280 siemens s7-300,,,,,adels,,,
7281 siemens s7-300,,,,,ADELS,,,
7282 siemens s7-300,,,,,adfexc,,,
7283 siemens s7-300,,,,,ADFEXC,,,
7284 siemens s7-300,,,,,adi,,,
7285 siemens s7-300,,,,,ADI,,,
7286 siemens s7-300,,,,,admin,,,
7287 siemens s7-300,,,,,ADMIN,,,
7288 siemens s7-300,,,,,admin123,,,
7289 siemens s7-300,,,,,ADMIN123,,,
7290 siemens s7-300,,,,,adminttd,,,
7291 siemens s7-300,,,,,ADMINTTD,,,
7292 siemens s7-300,,,,,adslroot,,,
7293 siemens s7-300,,,,,ADSLROOT,,,
7294 siemens s7-300,,,,,adtran,,,
7295 siemens s7-300,,,,,ADTRAN,,,
7296 siemens s7-300,,,,,advanced,,,
7297 siemens s7-300,,,,,ADVANCED,,,
7298 siemens s7-300,,,,,advantec,,,
7299 siemens s7-300,,,,,ADVANTEC,,,
7300 siemens s7-300,,,,,aeg mis,,,
7301 siemens s7-300,,,,,AEG MIS,,,
7302 siemens s7-300,,,,,aeg,,,
7303 siemens s7-300,,,,,AEG,,,
7304 siemens s7-300,,,,,AEM,,,
7305 siemens s7-300,,,,,aem,,,
7306 siemens s7-300,,,,,aeroflex,,,
7307 siemens s7-300,,,,,Aeroflex,,,
7308 siemens s7-300,,,,,AEROFLEX,,,
7309 siemens s7-300,,,,,aft,,,
7310 siemens s7-300,,,,,AFT,,,
7311 siemens s7-300,,,,,aitech,,,
7312 siemens s7-300,,,,,AITECH,,,
7313 siemens s7-300,,,,,akiwa,,,
7314 siemens s7-300,,,,,AKIWA,,,
7315 siemens s7-300,,,,,albright,,,
7316 siemens s7-300,,,,,ALBRIGHT,,,
7317 siemens s7-300,,,,,alcor,,,
7318 siemens s7-300,,,,,ALCOR,,,
7319 siemens s7-300,,,,,aleph,,,
7320 siemens s7-300,,,,,ALEPH,,,
7321 siemens s7-300,,,,,ALFA,,,
7322 siemens s7-300,,,,,alfaMag,,,
7323 siemens s7-300,,,,,ALFAMAG,,,
7324 siemens s7-300,,,,,alfa'r,,,
7325 siemens s7-300,,,,,ALFA'R,,,
7326 siemens s7-300,,,,,alfatron,,,
7327 siemens s7-300,,,,,ALFATRON,,,
7328 siemens s7-300,,,,,ali,,,
7329 siemens s7-300,,,,,ALI,,,
7330 siemens s7-300,,,,,all,,,
7331 siemens s7-300,,,,,ALL,,,
7332 siemens s7-300,,,,,allegro,,,
7333 siemens s7-300,,,,,ALLEGRO,,,
7334 siemens s7-300,,,,,allen,,,
7335 siemens s7-300,,,,,ALLEN,,,
7336 siemens s7-300,,,,,alliance,,,
7337 siemens s7-300,,,,,ALLIANCE,,,
7338 siemens s7-300,,,,,allied,,,
7339 siemens s7-300,,,,,ALLIED,,,
7340 siemens s7-300,,,,,alpha,,,
7341 siemens s7-300,,,,,alpha,,,
7342 siemens s7-300,,,,,alpine,,,
7343 siemens s7-300,,,,,ALPINE,,,
7344 siemens s7-300,,,,,alps,,,
7345 siemens s7-300,,,,,ALPS,,,
7346 siemens s7-300,,,,,altera,,,
7347 siemens s7-300,,,,,ALTERA,,,
7348 siemens s7-300,,,,,amber,,,
7349 siemens s7-300,,,,,AMBER,,,
7350 siemens s7-300,,,,,amd,,,
7351 siemens s7-300,,,,,AMD,,,
7352 siemens s7-300,,,,,american,,,
7353 siemens s7-300,,,,,AMERICAN,,,
7354 siemens s7-300,,,,,ametherm,,,
7355 siemens s7-300,,,,,AMETHERM,,,
7356 siemens s7-300,,,,,ami,,,
7357 siemens s7-300,,,,,AMI,,,
7358 siemens s7-300,,,,,amic,,,
7359 siemens s7-300,,,,,AMIC,,,
7360 siemens s7-300,,,,,amis,,,
7361 siemens s7-300,,,,,AMIS,,,
7362 siemens s7-300,,,,,ammc,,,
7363 siemens s7-300,,,,,AMMC,,,
7364 siemens s7-300,,,,,amp,,,
7365 siemens s7-300,,,,,AMP,,,
7366 siemens s7-300,,,,,amperite,,,
7367 siemens s7-300,,,,,AMPERITE,,,
7368 siemens s7-300,,,,,amphenol,,,
7369 siemens s7-300,,,,,AMPHENOL,,,
7370 siemens s7-300,,,,,ampire,,,
7371 siemens s7-300,,,,,AMPIRE,,,
7372 siemens s7-300,,,,,amt,,,
7373 siemens s7-300,,,,,AMT,,,
7374 siemens s7-300,,,,,anachip,,,
7375 siemens s7-300,,,,,ANACHIP,,,
7376 siemens s7-300,,,,,anadigic,,,
7377 siemens s7-300,,,,,ANADIGIC,,,
7378 siemens s7-300,,,,,anadigm,,,
7379 siemens s7-300,,,,,ANADIGM,,,
7380 siemens s7-300,,,,,analog,,,
7381 siemens s7-300,,,,,ANALOG,,,
7382 siemens s7-300,,,,,analogic,,,
7383 siemens s7-300,,,,,ANALOGIC,,,
7384 siemens s7-300,,,,,anaren,,,
7385 siemens s7-300,,,,,ANAREN,,,
7386 siemens s7-300,,,,,angel,,,
7387 siemens s7-300,,,,,ANGEL,,,
7388 siemens s7-300,,,,,angle,,,
7389 siemens s7-300,,,,,ANGLE,,,
7390 siemens s7-300,,,,,anicust,,,
7391 siemens s7-300,,,,,ANICUST,,,
7392 siemens s7-300,,,,,anla,,,
7393 siemens s7-300,,,,,ANLA,,,
7394 siemens s7-300,,,,,anleim,,,
7395 siemens s7-300,,,,,Anleim,,,
7396 siemens s7-300,,,,,ANLEIM,,,
7397 siemens s7-300,,,,,anritsu,,,
7398 siemens s7-300,,,,,ANRITSU,,,
7399 siemens s7-300,,,,,ANS#150,,,
7400 siemens s7-300,,,,,anshan,,,
7401 siemens s7-300,,,,,ANSHAN,,,
7402 siemens s7-300,,,,,ansmann,,,
7403 siemens s7-300,,,,,ANSMANN,,,
7404 siemens s7-300,,,,,any@,,,
7405 siemens s7-300,,,,,anycom,,,
7406 siemens s7-300,,,,,ANYCOM,,,
7407 siemens s7-300,,,,,anydata,,,
7408 siemens s7-300,,,,,ANYDATA,,,
7409 siemens s7-300,,,,,anyone,,,
7410 siemens s7-300,,,,,ANYONE,,,
7411 siemens s7-300,,,,,anyway,,,
7412 siemens s7-300,,,,,ANYWAY,,,
7413 siemens s7-300,,,,,apbodiur,,,
7414 siemens s7-300,,,,,APBODIUR,,,
7415 siemens s7-300,,,,,apc,,,
7416 siemens s7-300,,,,,APC,,,
7417 siemens s7-300,,,,,apem,,,
7418 siemens s7-300,,,,,APEM,,,
7419 siemens s7-300,,,,,apex,,,
7420 siemens s7-300,,,,,APEX,,,
7421 siemens s7-300,,,,,api,,,
7422 siemens s7-300,,,,,API,,,
7423 siemens s7-300,,,,,aplus,,,
7424 siemens s7-300,,,,,APLUS,,,
7425 siemens s7-300,,,,,apm,,,
7426 siemens s7-300,,,,,APM,,,
7427 siemens s7-300,,,,,a-power,,,
7428 siemens s7-300,,,,,A-POWER,,,
7429 siemens s7-300,,,,,app,,,
7430 siemens s7-300,,,,,APP,,,
7431 siemens s7-300,,,,,applied,,,
7432 siemens s7-300,,,,,APPLIED,,,
7433 siemens s7-300,,,,,apra,,,
7434 siemens s7-300,,,,,APRA,,,
7435 siemens s7-300,,,,,arsenal,,,
7436 siemens s7-300,,,,,ARSENAL,,,
7437 siemens s7-300,,,,,articon,,,
7438 siemens s7-300,,,,,ARTICON,,,
7439 siemens s7-300,,,,,asante,,,
7440 siemens s7-300,,,,,Asante,,,
7441 siemens s7-300,,,,,ASANTE,,,
7442 siemens s7-300,,,,,ascend,,,
7443 siemens s7-300,,,,,Ascend,,,
7444 siemens s7-300,,,,,ASCEND,,,
7445 siemens s7-300,,,,,asd,,,
7446 siemens s7-300,,,,,ASD,,,
7447 siemens s7-300,,,,,asdf,,,
7448 siemens s7-300,,,,,ASDF,,,
7449 siemens s7-300,,,,,asdfg,,,
7450 siemens s7-300,,,,,ASDFG,,,
7451 siemens s7-300,,,,,asdfgh,,,
7452 siemens s7-300,,,,,asdfgh,,,
7453 siemens s7-300,,,,,ASDFGH,,,
7454 siemens s7-300,,,,,asdfghj,,,
7455 siemens s7-300,,,,,ASDFGHJ,,,
7456 siemens s7-300,,,,,asdfghjk,,,
7457 siemens s7-300,,,,,ASDFGHJK,,,
7458 siemens s7-300,,,,,asi,,,
7459 siemens s7-300,,,,,ASI,,,
7460 siemens s7-300,,,,,asutp,,,
7461 siemens s7-300,,,,,ASUTP,,,
7462 siemens s7-300,,,,,at4400,,,
7463 siemens s7-300,,,,,AT4400,,,
7464 siemens s7-300,,,,,atc,,,
7465 siemens s7-300,,,,,atc,,,
7466 siemens s7-300,,,,,ATC,,,
7467 siemens s7-300,,,,,atc123,,,
7468 siemens s7-300,,,,,ATC123,,,
7469 siemens s7-300,,,,,atlantis,,,
7470 siemens s7-300,,,,,ATLANTIS,,,
7471 siemens s7-300,,,,,attack,,,
7472 siemens s7-300,,,,,ATTACK,,,
7473 siemens s7-300,,,,,autohors,,,
7474 siemens s7-300,,,,,AUTOHORS,,,
7475 siemens s7-300,,,,,azsxdc,,,
7476 siemens s7-300,,,,,AZSXDC,,,
7477 siemens s7-300,,,,,b,,,
7478 siemens s7-300,,,,,B,,,
7479 siemens s7-300,,,,,b&r,,,
7480 siemens s7-300,,,,,B&R,,,
7481 siemens s7-300,,,,,B2H4,,,
7482 siemens s7-300,,,,,B9W3,,,
7483 siemens s7-300,,,,,back,,,
7484 siemens s7-300,,,,,BACK,,,
7485 siemens s7-300,,,,,backdoor,,,
7486 siemens s7-300,,,,,BACKDOOR,,,
7487 siemens s7-300,,,,,badboy,,,
7488 siemens s7-300,,,,,BADBOY,,,
7489 siemens s7-300,,,,,barricade,,,
7490 siemens s7-300,,,,,BARRICADE,,,
7491 siemens s7-300,,,,,baseball,,,
7492 siemens s7-300,,,,,BASEBALL,,,
7493 siemens s7-300,,,,,bb,,,
7494 siemens s7-300,,,,,BB,,,
7495 siemens s7-300,,,,,bbb,,,
7496 siemens s7-300,,,,,BBB,,,
7497 siemens s7-300,,,,,bbbb,,,
7498 siemens s7-300,,,,,BBBB,,,
7499 siemens s7-300,,,,,bbbbb,,,
7500 siemens s7-300,,,,,BBBBB,,,
7501 siemens s7-300,,,,,bbbbbb,,,
7502 siemens s7-300,,,,,BBBBBB,,,
7503 siemens s7-300,,,,,bbbbbbb,,,
7504 siemens s7-300,,,,,BBBBBBB,,,
7505 siemens s7-300,,,,,bbbbbbbb,,,
7506 siemens s7-300,,,,,BBBBBBBB,,,
7507 siemens s7-300,,,,,bciimpw,,,
7508 siemens s7-300,,,,,BCIIMPW,,,
7509 siemens s7-300,,,,,bcimpw,,,
7510 siemens s7-300,,,,,BCIMPW,,,
7511 siemens s7-300,,,,,bcnaspw,,,
7512 siemens s7-300,,,,,BCNASPW,,,
7513 siemens s7-300,,,,,beatch,,,
7514 siemens s7-300,,,,,BEATCH,,,
7515 siemens s7-300,,,,,beerbeer,,,
7516 siemens s7-300,,,,,BEERBEER,,,
7517 siemens s7-300,,,,,betera,,,
7518 siemens s7-300,,,,,BETERA,,,
7519 siemens s7-300,,,,,bible,,,
7520 siemens s7-300,,,,,BIBLE,,,
7521 siemens s7-300,,,,,bintec,,,
7522 siemens s7-300,,,,,BINTEC,,,
7523 siemens s7-300,,,,,birdie,,,
7524 siemens s7-300,,,,,BIRDIE,,,
7525 siemens s7-300,,,,,black,,,
7526 siemens s7-300,,,,,BLACK,,,
7527 siemens s7-300,,,,,blaster,,,
7528 siemens s7-300,,,,,BLASTER,,,
7529 siemens s7-300,,,,,blender,,,
7530 siemens s7-300,,,,,BLENDER,,,
7531 siemens s7-300,,,,,blink,,,
7532 siemens s7-300,,,,,BLINK,,,
7533 siemens s7-300,,,,,blink182,,,
7534 siemens s7-300,,,,,BLINK182,,,
7535 siemens s7-300,,,,,bluepw,,,
7536 siemens s7-300,,,,,BLUEPW,,,
7537 siemens s7-300,,,,,bowling,,,
7538 siemens s7-300,,,,,BOWLING,,,
7539 siemens s7-300,,,,,bradley,,,
7540 siemens s7-300,,,,,BRADLEY,,,
7541 siemens s7-300,,,,,bridge,,,
7542 siemens s7-300,,,,,BRIDGE,,,
7543 siemens s7-300,,,,,bright,,,
7544 siemens s7-300,,,,,BRIGHT,,,
7545 siemens s7-300,,,,,c,,,
7546 siemens s7-300,,,,,C,,,
7547 siemens s7-300,,,,,ca01,,,
7548 siemens s7-300,,,,,CA01,,,
7549 siemens s7-300,,,,,cacadmin,,,
7550 siemens s7-300,,,,,CACADMIN,,,
7551 siemens s7-300,,,,,cactus,,,
7552 siemens s7-300,,,,,CACTUS,,,
7553 siemens s7-300,,,,,calvin,,,
7554 siemens s7-300,,,,,CALVIN,,,
7555 siemens s7-300,,,,,can,,,
7556 siemens s7-300,,,,,CAN,,,
7557 siemens s7-300,,,,,canbus,,,
7558 siemens s7-300,,,,,CANBUS,,,
7559 siemens s7-300,,,,,carolian,,,
7560 siemens s7-300,,,,,CAROLIAN,,,
7561 siemens s7-300,,,,,cascade,,,
7562 siemens s7-300,,,,,CASCADE,,,
7563 siemens s7-300,,,,,cc,,,
7564 siemens s7-300,,,,,CC,,,
7565 siemens s7-300,,,,,ccc,,,
7566 siemens s7-300,,,,,CCC,,,
7567 siemens s7-300,,,,,cccc,,,
7568 siemens s7-300,,,,,CCCC,,,
7569 siemens s7-300,,,,,ccccc,,,
7570 siemens s7-300,,,,,CCCCC,,,
7571 siemens s7-300,,,,,cccccc,,,
7572 siemens s7-300,,,,,CCCCCC,,,
7573 siemens s7-300,,,,,ccccccc,,,
7574 siemens s7-300,,,,,CCCCCCC,,,
7575 siemens s7-300,,,,,cccccccc,,,
7576 siemens s7-300,,,,,CCCCCCCC,,,
7577 siemens s7-300,,,,,ccrusr,,,
7578 siemens s7-300,,,,,CCRUSR,,,
7579 siemens s7-300,,,,,cellit,,,
7580 siemens s7-300,,,,,CELLIT,,,
7581 siemens s7-300,,,,,cfc,,,
7582 siemens s7-300,,,,,CFC,,,
7583 siemens s7-300,,,,,CHABGEME,,,
7584 siemens s7-300,,,,,changeme,,,
7585 siemens s7-300,,,,,CHANGEME,,,
7586 siemens s7-300,,,,,changit,,,
7587 siemens s7-300,,,,,CHANGIT,,,
7588 siemens s7-300,,,,,charlie,,,
7589 siemens s7-300,,,,,CHARLIE,,,
7590 siemens s7-300,,,,,cisco,,,
7591 siemens s7-300,,,,,Cisco,,,
7592 siemens s7-300,,,,,CISCO,,,
7593 siemens s7-300,,,,,citel,,,
7594 siemens s7-300,,,,,CITEL,,,
7595 siemens s7-300,,,,,client,,,
7596 siemens s7-300,,,,,CLIENT,,,
7597 siemens s7-300,,,,,cmaker,,,
7598 siemens s7-300,,,,,CMAKER,,,
7599 siemens s7-300,,,,,cms500,,,
7600 siemens s7-300,,,,,CMS500,,,
7601 siemens s7-300,,,,,cnas,,,
7602 siemens s7-300,,,,,CNAS,,,
7603 siemens s7-300,,,,,cody,,,
7604 siemens s7-300,,,,,CODY,,,
7605 siemens s7-300,,,,,cognos,,,
7606 siemens s7-300,,,,,COGNOS,,,
7607 siemens s7-300,,,,,Col2ogro2,,,
7608 siemens s7-300,,,,,computer,,,
7609 siemens s7-300,,,,,COMPUTER,,,
7610 siemens s7-300,,,,,connect,,,
7611 siemens s7-300,,,,,CONNECT,,,
7612 siemens s7-300,,,,,conv,,,
7613 siemens s7-300,,,,,CONV,,,
7614 siemens s7-300,,,,,cool,,,
7615 siemens s7-300,,,,,COOL,,,
7616 siemens s7-300,,,,,corecess,,,
7617 siemens s7-300,,,,,CORECESS,,,
7618 siemens s7-300,,,,,cosmos,,,
7619 siemens s7-300,,,,,COSMOS,,,
7620 siemens s7-300,,,,,craft,,,
7621 siemens s7-300,,,,,CRAFT,,,
7622 siemens s7-300,,,,,craftpw,,,
7623 siemens s7-300,,,,,CRAFTPW,,,
7624 siemens s7-300,,,,,crftpw,,,
7625 siemens s7-300,,,,,CRFTPW,,,
7626 siemens s7-300,,,,,crystal,,,
7627 siemens s7-300,,,,,CRYSTAL,,,
7628 siemens s7-300,,,,,ct/1,,,
7629 siemens s7-300,,,,,customer,,,
7630 siemens s7-300,,,,,CUSTOMER,,,
7631 siemens s7-300,,,,,custpw,,,
7632 siemens s7-300,,,,,CUSTPW,,,
7633 siemens s7-300,,,,,d,,,
7634 siemens s7-300,,,,,D,,,
7635 siemens s7-300,,,,,d.e.b.u.g,,,
7636 siemens s7-300,,,,,d00m,,,
7637 siemens s7-300,,,,,D00M,,,
7638 siemens s7-300,,,,,dadmin01,,,
7639 siemens s7-300,,,,,DADMIN01,,,
7640 siemens s7-300,,,,,danger,,,
7641 siemens s7-300,,,,,DANGER,,,
7642 siemens s7-300,,,,,database,,,
7643 siemens s7-300,,,,,DATABASE,,,
7644 siemens s7-300,,,,,davox,,,
7645 siemens s7-300,,,,,dbps,,,
7646 siemens s7-300,,,,,DBPS,,,
7647 siemens s7-300,,,,,dd,,,
7648 siemens s7-300,,,,,DD,,,
7649 siemens s7-300,,,,,ddd,,,
7650 siemens s7-300,,,,,DDD,,,
7651 siemens s7-300,,,,,dddd,,,
7652 siemens s7-300,,,,,DDDD,,,
7653 siemens s7-300,,,,,ddddd,,,
7654 siemens s7-300,,,,,DDDDD,,,
7655 siemens s7-300,,,,,dddddd,,,
7656 siemens s7-300,,,,,DDDDDD,,,
7657 siemens s7-300,,,,,ddddddd,,,
7658 siemens s7-300,,,,,DDDDDDD,,,
7659 siemens s7-300,,,,,dddddddd,,,
7660 siemens s7-300,,,,,DDDDDDDD,,,
7661 siemens s7-300,,,,,dean,,,
7662 siemens s7-300,,,,,DEAN,,,
7663 siemens s7-300,,,,,default,,,
7664 siemens s7-300,,,,,DEFAULT,,,
7665 siemens s7-300,,,,,delevan,,,
7666 siemens s7-300,,,,,demo,,,
7667 siemens s7-300,,,,,DEMO,,,
7668 siemens s7-300,,,,,denise,,,
7669 siemens s7-300,,,,,DENISE,,,
7670 siemens s7-300,,,,,derparol,,,
7671 siemens s7-300,,,,,DERPAROL,,,
7672 siemens s7-300,,,,,DEVEVAN,,,
7673 siemens s7-300,,,,,device,,,
7674 siemens s7-300,,,,,DEVICE,,,
7675 siemens s7-300,,,,,devices,,,
7676 siemens s7-300,,,,,DEVICES,,,
7677 siemens s7-300,,,,,dhs3mt,,,
7678 siemens s7-300,,,,,DHS3MT,,,
7679 siemens s7-300,,,,,dhs3pms,,,
7680 siemens s7-300,,,,,DHS3PMS,,,
7681 siemens s7-300,,,,,diabl0,,,
7682 siemens s7-300,,,,,DIABL0,,,
7683 siemens s7-300,,,,,diablo,,,
7684 siemens s7-300,,,,,DIABLO,,,
7685 siemens s7-300,,,,,diamond,,,
7686 siemens s7-300,,,,,DIAMOND,,,
7687 siemens s7-300,,,,,digital,,,
7688 siemens s7-300,,,,,DIGITAL,,,
7689 siemens s7-300,,,,,DL20,,,
7690 siemens s7-300,,,,,dlink,,,
7691 siemens s7-300,,,,,D-Link,,,
7692 siemens s7-300,,,,,DLINK,,,
7693 siemens s7-300,,,,,dollar,,,
7694 siemens s7-300,,,,,DOLLAR,,,
7695 siemens s7-300,,,,,doom,,,
7696 siemens s7-300,,,,,DOOM,,,
7697 siemens s7-300,,,,,draadloos,,,
7698 siemens s7-300,,,,,DRAADLOOS,,,
7699 siemens s7-300,,,,,drivees,,,
7700 siemens s7-300,,,,,DRIVEES,,,
7701 siemens s7-300,,,,,e,,,
7702 siemens s7-300,,,,,E,,,
7703 siemens s7-300,,,,,echo,,,
7704 siemens s7-300,,,,,ECHO,,,
7705 siemens s7-300,,,,,ee,,,
7706 siemens s7-300,,,,,EE,,,
7707 siemens s7-300,,,,,eee,,,
7708 siemens s7-300,,,,,EEE,,,
7709 siemens s7-300,,,,,eeee,,,
7710 siemens s7-300,,,,,EEEE,,,
7711 siemens s7-300,,,,,eeeee,,,
7712 siemens s7-300,,,,,EEEEE,,,
7713 siemens s7-300,,,,,eeeeee,,,
7714 siemens s7-300,,,,,EEEEEE,,,
7715 siemens s7-300,,,,,eeeeeee,,,
7716 siemens s7-300,,,,,EEEEEEE,,,
7717 siemens s7-300,,,,,eeeeeeee,,,
7718 siemens s7-300,,,,,EEEEEEEE,,,
7719 siemens s7-300,,,,,EGDFV,,,
7720 siemens s7-300,,,,,electrin,,,
7721 siemens s7-300,,,,,ELECTRIN,,,
7722 siemens s7-300,,,,,elvis,,,
7723 siemens s7-300,,,,,ELVIS,,,
7724 siemens s7-300,,,,,enable,,,
7725 siemens s7-300,,,,,ENABLE,,,
7726 siemens s7-300,,,,,energy,,,
7727 siemens s7-300,,,,,ENERGY,,,
7728 siemens s7-300,,,,,engineer,,,
7729 siemens s7-300,,,,,ENGINEER,,,
7730 siemens s7-300,,,,,eqdfv,,,
7731 siemens s7-300,,,,,err0r,,,
7732 siemens s7-300,,,,,ERR0R,,,
7733 siemens s7-300,,,,,error,,,
7734 siemens s7-300,,,,,evening,,,
7735 siemens s7-300,,,,,EVENING,,,
7736 siemens s7-300,,,,,Exabyte,,,
7737 siemens s7-300,,,,,EXABYTE,,,
7738 siemens s7-300,,,,,expert03,,,
7739 siemens s7-300,,,,,EXPERT03,,,
7740 siemens s7-300,,,,,f,,,
7741 siemens s7-300,,,,,F,,,
7742 siemens s7-300,,,,,father,,,
7743 siemens s7-300,,,,,FATHER,,,
7744 siemens s7-300,,,,,fbd,,,
7745 siemens s7-300,,,,,FBD,,,
7746 siemens s7-300,,,,,ff,,,
7747 siemens s7-300,,,,,FF,,,
7748 siemens s7-300,,,,,fff,,,
7749 siemens s7-300,,,,,FFF,,,
7750 siemens s7-300,,,,,ffff,,,
7751 siemens s7-300,,,,,FFFF,,,
7752 siemens s7-300,,,,,fffff,,,
7753 siemens s7-300,,,,,FFFFF,,,
7754 siemens s7-300,,,,,ffffff,,,
7755 siemens s7-300,,,,,FFFFFF,,,
7756 siemens s7-300,,,,,fffffff,,,
7757 siemens s7-300,,,,,FFFFFFF,,,
7758 siemens s7-300,,,,,ffffffff,,,
7759 siemens s7-300,,,,,FFFFFFFF,,,
7760 siemens s7-300,,,,,field,,,
7761 siemens s7-300,,,,,FIELD,,,
7762 siemens s7-300,,,,,fire,,,
7763 siemens s7-300,,,,,FIRE,,,
7764 siemens s7-300,,,,,Fireport,,,
7765 siemens s7-300,,,,,FIREPORT,,,
7766 siemens s7-300,,,,,fish,,,
7767 siemens s7-300,,,,,FISH,,,
7768 siemens s7-300,,,,,fivranne,,,
7769 siemens s7-300,,,,,FIVRANNE,,,
7770 siemens s7-300,,,,,flash,,,
7771 siemens s7-300,,,,,FLASH,,,
7772 siemens s7-300,,,,,flex,,,
7773 siemens s7-300,,,,,FLEX,,,
7774 siemens s7-300,,,,,flexible,,,
7775 siemens s7-300,,,,,FLEXIBLE,,,
7776 siemens s7-300,,,,,football,,,
7777 siemens s7-300,,,,,FOOTBALL,,,
7778 siemens s7-300,,,,,friend,,,
7779 siemens s7-300,,,,,FRIEND,,,
7780 siemens s7-300,,,,,fuck,,,
7781 siemens s7-300,,,,,FUCK,,,
7782 siemens s7-300,,,,,fuckoff,,,
7783 siemens s7-300,,,,,FUCKOFF,,,
7784 siemens s7-300,,,,,fuckyou,,,
7785 siemens s7-300,,,,,FUCKYOU,,,
7786 siemens s7-300,,,,,g,,,
7787 siemens s7-300,,,,,G,,,
7788 siemens s7-300,,,,,g00gle,,,
7789 siemens s7-300,,,,,G00GLE,,,
7790 siemens s7-300,,,,,G0F9,,,
7791 siemens s7-300,,,,,G0K1,,,
7792 siemens s7-300,,,,,G6K6,,,
7793 siemens s7-300,,,,,gama,,,
7794 siemens s7-300,,,,,GAMA,,,
7795 siemens s7-300,,,,,ganteng,,,
7796 siemens s7-300,,,,,GAWSED,,,
7797 siemens s7-300,,,,,Geardog,,,
7798 siemens s7-300,,,,,GEARDOG,,,
7799 siemens s7-300,,,,,gen1,,,
7800 siemens s7-300,,,,,gen2,,,
7801 siemens s7-300,,,,,gfcc,,,
7802 siemens s7-300,,,,,GFCC,,,
7803 siemens s7-300,,,,,gfccdjhl,,,
7804 siemens s7-300,,,,,GFCCDJHL,,,
7805 siemens s7-300,,,,,gfhjkm,,,
7806 siemens s7-300,,,,,gfhjkm,,,
7807 siemens s7-300,,,,,GFHJKM,,,
7808 siemens s7-300,,,,,gg,,,
7809 siemens s7-300,,,,,GG,,,
7810 siemens s7-300,,,,,ggg,,,
7811 siemens s7-300,,,,,GGG,,,
7812 siemens s7-300,,,,,gggg,,,
7813 siemens s7-300,,,,,GGGG,,,
7814 siemens s7-300,,,,,ggggg,,,
7815 siemens s7-300,,,,,GGGGG,,,
7816 siemens s7-300,,,,,gggggg,,,
7817 siemens s7-300,,,,,GGGGGG,,,
7818 siemens s7-300,,,,,ggggggg,,,
7819 siemens s7-300,,,,,GGGGGGG,,,
7820 siemens s7-300,,,,,gggggggg,,,
7821 siemens s7-300,,,,,GGGGGGGG,,,
7822 siemens s7-300,,,,,ghbdtn,,,
7823 siemens s7-300,,,,,GHBDTN,,,
7824 siemens s7-300,,,,,GHOST,,,
7825 siemens s7-300,,,,,ghost,,,
7826 siemens s7-300,,,,,goal,,,
7827 siemens s7-300,,,,,GOAL,,,
7828 siemens s7-300,,,,,golf,,,
7829 siemens s7-300,,,,,GOLF,,,
7830 siemens s7-300,,,,,google,,,
7831 siemens s7-300,,,,,GOOGLE,,,
7832 siemens s7-300,,,,,got,,,
7833 siemens s7-300,,,,,GOT,,,
7834 siemens s7-300,,,,,guest,,,
7835 siemens s7-300,,,,,GUEST,,,
7836 siemens s7-300,,,,,h,,,
7837 siemens s7-300,,,,,H,,,
7838 siemens s7-300,,,,,hardware,,,
7839 siemens s7-300,,,,,HARDWARE,,,
7840 siemens s7-300,,,,,harley,,,
7841 siemens s7-300,,,,,helen,,,
7842 siemens s7-300,,,,,HELEN,,,
7843 siemens s7-300,,,,,hello,,,
7844 siemens s7-300,,,,,HELLO,,,
7845 siemens s7-300,,,,,help,,,
7846 siemens s7-300,,,,,HELP,,,
7847 siemens s7-300,,,,,help1954,,,
7848 siemens s7-300,,,,,HELP1954,,,
7849 siemens s7-300,,,,,Helpdesk,,,
7850 siemens s7-300,,,,,HELPDESK,,,
7851 siemens s7-300,,,,,hexseal,,,
7852 siemens s7-300,,,,,HEXSEAL,,,
7853 siemens s7-300,,,,,hh,,,
7854 siemens s7-300,,,,,HH,,,
7855 siemens s7-300,,,,,hhh,,,
7856 siemens s7-300,,,,,HHH,,,
7857 siemens s7-300,,,,,hhhh,,,
7858 siemens s7-300,,,,,HHHH,,,
7859 siemens s7-300,,,,,hhhhh,,,
7860 siemens s7-300,,,,,HHHHH,,,
7861 siemens s7-300,,,,,hhhhhh,,,
7862 siemens s7-300,,,,,HHHHHH,,,
7863 siemens s7-300,,,,,hhhhhhh,,,
7864 siemens s7-300,,,,,HHHHHHH,,,
7865 siemens s7-300,,,,,hhhhhhhh,,,
7866 siemens s7-300,,,,,HHHHHHHH,,,
7867 siemens s7-300,,,,,highspeed,,,
7868 siemens s7-300,,,,,HIGHSPEED,,,
7869 siemens s7-300,,,,,hinear,,,
7870 siemens s7-300,,,,,HINEAR,,,
7871 siemens s7-300,,,,,home,,,
7872 siemens s7-300,,,,,HOME,,,
7873 siemens s7-300,,,,,homeplug,,,
7874 siemens s7-300,,,,,HomePlug,,,
7875 siemens s7-300,,,,,HOMEPLUG,,,
7876 siemens s7-300,,,,,honda,,,
7877 siemens s7-300,,,,,HONDA,,,
7878 siemens s7-300,,,,,HP,,,
7879 siemens s7-300,,,,,hp.com,,,
7880 siemens s7-300,,,,,hpoffice,,,
7881 siemens s7-300,,,,,HPOFFICE,,,
7882 siemens s7-300,,,,,hponly,,,
7883 siemens s7-300,,,,,HPONLY,,,
7884 siemens s7-300,,,,,HPP187,,,
7885 siemens s7-300,,,,,HPP189,,,
7886 siemens s7-300,,,,,HPP196,,,
7887 siemens s7-300,,,,,hrloo,,,
7888 siemens s7-300,,,,,HRLOO,,,
7889 siemens s7-300,,,,,hsadb,,,
7890 siemens s7-300,,,,,http,,,
7891 siemens s7-300,,,,,HTTP,,,
7892 siemens s7-300,,,,,i,,,
7893 siemens s7-300,,,,,I,,,
7894 siemens s7-300,,,,,iDirect,,,
7895 siemens s7-300,,,,,IDIRECT,,,
7896 siemens s7-300,,,,,ii,,,
7897 siemens s7-300,,,,,II,,,
7898 siemens s7-300,,,,,iii,,,
7899 siemens s7-300,,,,,III,,,
7900 siemens s7-300,,,,,iiii,,,
7901 siemens s7-300,,,,,IIII,,,
7902 siemens s7-300,,,,,iiiii,,,
7903 siemens s7-300,,,,,IIIII,,,
7904 siemens s7-300,,,,,iiiiii,,,
7905 siemens s7-300,,,,,IIIIII,,,
7906 siemens s7-300,,,,,iiiiiii,,,
7907 siemens s7-300,,,,,IIIIIII,,,
7908 siemens s7-300,,,,,iiiiiiii,,,
7909 siemens s7-300,,,,,IIIIIIII,,,
7910 siemens s7-300,,,,,ILMI,,,
7911 siemens s7-300,,,,,iloveyou,,,
7912 siemens s7-300,,,,,ILOVEYOU,,,
7913 siemens s7-300,,,,,images,,,
7914 siemens s7-300,,,,,IMAGES,,,
7915 siemens s7-300,,,,,inads,,,
7916 siemens s7-300,,,,,INADS,,,
7917 siemens s7-300,,,,,inc,,,
7918 siemens s7-300,,,,,INC,,,
7919 siemens s7-300,,,,,indspw,,,
7920 siemens s7-300,,,,,INDSPW,,,
7921 siemens s7-300,,,,,inferno,,,
7922 siemens s7-300,,,,,INFERNO,,,
7923 siemens s7-300,,,,,initpw,,,
7924 siemens s7-300,,,,,INITPW,,,
7925 siemens s7-300,,,,,Inmet,,,
7926 siemens s7-300,,,,,inmet,,,
7927 siemens s7-300,,,,,INMET,,,
7928 siemens s7-300,,,,,Intel,,,
7929 siemens s7-300,,,,,INTEL,,,
7930 siemens s7-300,,,,,internet,,,
7931 siemens s7-300,,,,,Internet,,,
7932 siemens s7-300,,,,,INTERNET,,,
7933 siemens s7-300,,,,,INTX3,,,
7934 siemens s7-300,,,,,ironport,,,
7935 siemens s7-300,,,,,IRONPORT,,,
7936 siemens s7-300,,,,,isee,,,
7937 siemens s7-300,,,,,ISEE,,,
7938 siemens s7-300,,,,,isp,,,
7939 siemens s7-300,,,,,ISP,,,
7940 siemens s7-300,,,,,ITF3000,,,
7941 siemens s7-300,,,,,j,,,
7942 siemens s7-300,,,,,J,,,
7943 siemens s7-300,,,,,J6R6,,,
7944 siemens s7-300,,,,,J6W8,,,
7945 siemens s7-300,,,,,jack,,,
7946 siemens s7-300,,,,,JACK,,,
7947 siemens s7-300,,,,,janet,,,
7948 siemens s7-300,,,,,JANET,,,
7949 siemens s7-300,,,,,jannie,,,
7950 siemens s7-300,,,,,JANNIE,,,
7951 siemens s7-300,,,,,jasmine,,,
7952 siemens s7-300,,,,,JASMINE,,,
7953 siemens s7-300,,,,,JDE,,,
7954 siemens s7-300,,,,,jj,,,
7955 siemens s7-300,,,,,JJ,,,
7956 siemens s7-300,,,,,jjj,,,
7957 siemens s7-300,,,,,JJJ,,,
7958 siemens s7-300,,,,,jjjj,,,
7959 siemens s7-300,,,,,JJJJ,,,
7960 siemens s7-300,,,,,jjjjj,,,
7961 siemens s7-300,,,,,JJJJJ,,,
7962 siemens s7-300,,,,,jjjjjj,,,
7963 siemens s7-300,,,,,JJJJJJ,,,
7964 siemens s7-300,,,,,jjjjjjj,,,
7965 siemens s7-300,,,,,JJJJJJJ,,,
7966 siemens s7-300,,,,,jjjjjjjj,,,
7967 siemens s7-300,,,,,JJJJJJJJ,,,
7968 siemens s7-300,,,,,JOCKER,,,
7969 siemens s7-300,,,,,john,,,
7970 siemens s7-300,,,,,JOHN,,,
7971 siemens s7-300,,,,,joker,,,
7972 siemens s7-300,,,,,jordan,,,
7973 siemens s7-300,,,,,JORDAN,,,
7974 siemens s7-300,,,,,jordan23,,,
7975 siemens s7-300,,,,,JORDAN23,,,
7976 siemens s7-300,,,,,JR58,,,
7977 siemens s7-300,,,,,JR59,,,
7978 siemens s7-300,,,,,k,,,
7979 siemens s7-300,,,,,K,,,
7980 siemens s7-300,,,,,kermit,,,
7981 siemens s7-300,,,,,KERMIT,,,
7982 siemens s7-300,,,,,killer,,,
7983 siemens s7-300,,,,,KILLER,,,
7984 siemens s7-300,,,,,killme,,,
7985 siemens s7-300,,,,,kilo1987,,,
7986 siemens s7-300,,,,,KILO1987,,,
7987 siemens s7-300,,,,,kk,,,
7988 siemens s7-300,,,,,KK,,,
7989 siemens s7-300,,,,,kkk,,,
7990 siemens s7-300,,,,,KKK,,,
7991 siemens s7-300,,,,,kkkk,,,
7992 siemens s7-300,,,,,KKKK,,,
7993 siemens s7-300,,,,,kkkkk,,,
7994 siemens s7-300,,,,,KKKKK,,,
7995 siemens s7-300,,,,,kkkkkk,,,
7996 siemens s7-300,,,,,KKKKKK,,,
7997 siemens s7-300,,,,,kkkkkkk,,,
7998 siemens s7-300,,,,,KKKKKKK,,,
7999 siemens s7-300,,,,,kkkkkkkk,,,
8000 siemens s7-300,,,,,KKKKKKKK,,,
8001 siemens s7-300,,,,,korn,,,
8002 siemens s7-300,,,,,KORN,,,
8003 siemens s7-300,,,,,l,,,
8004 siemens s7-300,,,,,L,,,
8005 siemens s7-300,,,,,lad,,,
8006 siemens s7-300,,,,,LAD,,,
8007 siemens s7-300,,,,,laflaf,,,
8008 siemens s7-300,,,,,LAFLAF,,,
8009 siemens s7-300,,,,,letacla,,,
8010 siemens s7-300,,,,,LETACLA,,,
8011 siemens s7-300,,,,,letmein,,,
8012 siemens s7-300,,,,,letmein,,,
8013 siemens s7-300,,,,,LETMEIN,,,
8014 siemens s7-300,,,,,level1,,,
8015 siemens s7-300,,,,,LEVEL1,,,
8016 siemens s7-300,,,,,leviton,,,
8017 siemens s7-300,,,,,LEVITON,,,
8018 siemens s7-300,,,,,LILLME,,,
8019 siemens s7-300,,,,,linga,,,
8020 siemens s7-300,,,,,LINGA,,,
8021 siemens s7-300,,,,,linux,,,
8022 siemens s7-300,,,,,LINUX,,,
8023 siemens s7-300,,,,,lisa,,,
8024 siemens s7-300,,,,,LISA,,,
8025 siemens s7-300,,,,,ll,,,
8026 siemens s7-300,,,,,LL,,,
8027 siemens s7-300,,,,,llatsni,,,
8028 siemens s7-300,,,,,LLATSNI,,,
8029 siemens s7-300,,,,,lll,,,
8030 siemens s7-300,,,,,LLL,,,
8031 siemens s7-300,,,,,llll,,,
8032 siemens s7-300,,,,,LLLL,,,
8033 siemens s7-300,,,,,lllll,,,
8034 siemens s7-300,,,,,LLLLL,,,
8035 siemens s7-300,,,,,llllll,,,
8036 siemens s7-300,,,,,LLLLLL,,,
8037 siemens s7-300,,,,,lllllll,,,
8038 siemens s7-300,,,,,LLLLLLL,,,
8039 siemens s7-300,,,,,llllllll,,,
8040 siemens s7-300,,,,,LLLLLLLL,,,
8041 siemens s7-300,,,,,locatepw,,,
8042 siemens s7-300,,,,,LOCATEPW,,,
8043 siemens s7-300,,,,,lock,,,
8044 siemens s7-300,,,,,LOCK,,,
8045 siemens s7-300,,,,,login,,,
8046 siemens s7-300,,,,,LOGIN,,,
8047 siemens s7-300,,,,,looker,,,
8048 siemens s7-300,,,,,LOOKER,,,
8049 siemens s7-300,,,,,lotus,,,
8050 siemens s7-300,,,,,LOTUS,,,
8051 siemens s7-300,,,,,love,,,
8052 siemens s7-300,,,,,LOVE,,,
8053 siemens s7-300,,,,,ltd,,,
8054 siemens s7-300,,,,,LTD,,,
8055 siemens s7-300,,,,,lucky,,,
8056 siemens s7-300,,,,,LUCKY,,,
8057 siemens s7-300,,,,,m,,,
8058 siemens s7-300,,,,,M,,,
8059 siemens s7-300,,,,,m1122,,,
8060 siemens s7-300,,,,,M1122,,,
8061 siemens s7-300,,,,,mail,,,
8062 siemens s7-300,,,,,MAIL,,,
8063 siemens s7-300,,,,,maint,,,
8064 siemens s7-300,,,,,MAINT,,,
8065 siemens s7-300,,,,,maintpw,,,
8066 siemens s7-300,,,,,MAINTPW,,,
8067 siemens s7-300,,,,,manager,,,
8068 siemens s7-300,,,,,Manager,,,
8069 siemens s7-300,,,,,MANAGER,,,
8070 siemens s7-300,,,,,maniac,,,
8071 siemens s7-300,,,,,MANIAC,,,
8072 siemens s7-300,,,,,master,,,
8073 siemens s7-300,,,,,Master,,,
8074 siemens s7-300,,,,,MASTER,,,
8075 siemens s7-300,,,,,masterkey,,,
8076 siemens s7-300,,,,,MASTERKEY,,,
8077 siemens s7-300,,,,,Mau'dib,,,
8078 siemens s7-300,,,,,mediator,,,
8079 siemens s7-300,,,,,MEDIATOR,,,
8080 siemens s7-300,,,,,medion,,,
8081 siemens s7-300,,,,,MEDION,,,
8082 siemens s7-300,,,,,MGR,,,
8083 siemens s7-300,,,,,micro,,,
8084 siemens s7-300,,,,,MICRO,,,
8085 siemens s7-300,,,,,microwav,,,
8086 siemens s7-300,,,,,MICROWAV,,,
8087 siemens s7-300,,,,,miller,,,
8088 siemens s7-300,,,,,MILLLER,,,
8089 siemens s7-300,,,,,MiniAP,,,
8090 siemens s7-300,,,,,mis,,,
8091 siemens s7-300,,,,,MIS,,,
8092 siemens s7-300,,,,,MJSSSJJ,,,
8093 siemens s7-300,,,,,MJSSSJJ,,,
8094 siemens s7-300,,,,,MJSSSJJ_,,,
8095 siemens s7-300,,,,,mlusr,,,
8096 siemens s7-300,,,,,MLUSR,,,
8097 siemens s7-300,,,,,mm,,,
8098 siemens s7-300,,,,,MM,,,
8099 siemens s7-300,,,,,mmm,,,
8100 siemens s7-300,,,,,MMM,,,
8101 siemens s7-300,,,,,mmmm,,,
8102 siemens s7-300,,,,,MMMM,,,
8103 siemens s7-300,,,,,mmmmm,,,
8104 siemens s7-300,,,,,MMMMM,,,
8105 siemens s7-300,,,,,mmmmmm,,,
8106 siemens s7-300,,,,,MMMMMM,,,
8107 siemens s7-300,,,,,mmmmmmm,,,
8108 siemens s7-300,,,,,MMMMMMM,,,
8109 siemens s7-300,,,,,mmmmmmmm,,,
8110 siemens s7-300,,,,,MMMMMMMM,,,
8111 siemens s7-300,,,,,modul,,,
8112 siemens s7-300,,,,,MODUL,,,
8113 siemens s7-300,,,,,module,,,
8114 siemens s7-300,,,,,MODULE,,,
8115 siemens s7-300,,,,,money,,,
8116 siemens s7-300,,,,,MONEY,,,
8117 siemens s7-300,,,,,monitor,,,
8118 siemens s7-300,,,,,MONITOR,,,
8119 siemens s7-300,,,,,monkey,,,
8120 siemens s7-300,,,,,MONKEY,,,
8121 siemens s7-300,,,,,mosmatic,,,
8122 siemens s7-300,,,,,MOSMATIC,,,
8123 siemens s7-300,,,,,mother,,,
8124 siemens s7-300,,,,,MOTHER,,,
8125 siemens s7-300,,,,,motorola,,,
8126 siemens s7-300,,,,,MOTOROLA,,,
8127 siemens s7-300,,,,,mouse,,,
8128 siemens s7-300,,,,,MOUSE,,,
8129 siemens s7-300,,,,,MPE,,,
8130 siemens s7-300,,,,,MServer,,,
8131 siemens s7-300,,,,,mtch,,,
8132 siemens s7-300,,,,,MTCH,,,
8133 siemens s7-300,,,,,Multi,,,
8134 siemens s7-300,,,,,mustang,,,
8135 siemens s7-300,,,,,MUSTANG,,,
8136 siemens s7-300,,,,,mypass,,,
8137 siemens s7-300,,,,,MYPASS,,,
8138 siemens s7-300,,,,,mypass123,,,
8139 siemens s7-300,,,,,MYPASS123,,,
8140 siemens s7-300,,,,,mypc,,,
8141 siemens s7-300,,,,,MYPC,,,
8142 siemens s7-300,,,,,mypc123,,,
8143 siemens s7-300,,,,,MYPC123,,,
8144 siemens s7-300,,,,,myspace,,,
8145 siemens s7-300,,,,,MYSPACE,,,
8146 siemens s7-300,,,,,myspace1,,,
8147 siemens s7-300,,,,,MYSPACE1,,,
8148 siemens s7-300,,,,,n,,,
8149 siemens s7-300,,,,,N,,,
8150 siemens s7-300,,,,,n/a,,,
8151 siemens s7-300,,,,,N/A,,,
8152 siemens s7-300,,,,,naadmin,,,
8153 siemens s7-300,,,,,NAADMIN,,,
8154 siemens s7-300,,,,,naranja,,,
8155 siemens s7-300,,,,,NARANJA,,,
8156 siemens s7-300,,,,,NAU,,,
8157 siemens s7-300,,,,,Net,,,
8158 siemens s7-300,,,,,NET,,,
8159 siemens s7-300,,,,,netadmin,,,
8160 siemens s7-300,,,,,NETADMIN,,,
8161 siemens s7-300,,,,,netbase,,,
8162 siemens s7-300,,,,,NETBASE,,,
8163 siemens s7-300,,,,,NetCache,,,
8164 siemens s7-300,,,,,NETCACHE,,,
8165 siemens s7-300,,,,,NetICs,,,
8166 siemens s7-300,,,,,netman,,,
8167 siemens s7-300,,,,,NETMAN,,,
8168 siemens s7-300,,,,,netopia,,,
8169 siemens s7-300,,,,,NETOPIA,,,
8170 siemens s7-300,,,,,netscreen,,,
8171 siemens s7-300,,,,,NETSCREEN,,,
8172 siemens s7-300,,,,,netutil,,,
8173 siemens s7-300,,,,,NETUTIL,,,
8174 siemens s7-300,,,,,NetVCR,,,
8175 siemens s7-300,,,,,NETVCR,,,
8176 siemens s7-300,,,,,network,,,
8177 siemens s7-300,,,,,NETWORK,,,
8178 siemens s7-300,,,,,newpass,,,
8179 siemens s7-300,,,,,NEWPASS,,,
8180 siemens s7-300,,,,,niconex,,,
8181 siemens s7-300,,,,,NICONEX,,,
8182 siemens s7-300,,,,,nimdaten,,,
8183 siemens s7-300,,,,,NIMDATEN,,,
8184 siemens s7-300,,,,,nmspw,,,
8185 siemens s7-300,,,,,NMSPW,,,
8186 siemens s7-300,,,,,nn,,,
8187 siemens s7-300,,,,,NN,,,
8188 siemens s7-300,,,,,nnn,,,
8189 siemens s7-300,,,,,NNN,,,
8190 siemens s7-300,,,,,nnnn,,,
8191 siemens s7-300,,,,,NNNN,,,
8192 siemens s7-300,,,,,nnnnn,,,
8193 siemens s7-300,,,,,NNNNN,,,
8194 siemens s7-300,,,,,nnnnnn,,,
8195 siemens s7-300,,,,,NNNNNN,,,
8196 siemens s7-300,,,,,nnnnnnn,,,
8197 siemens s7-300,,,,,NNNNNNN,,,
8198 siemens s7-300,,,,,nnnnnnnn,,,
8199 siemens s7-300,,,,,NNNNNNNN,,,
8200 siemens s7-300,,,,,nokai,,,
8201 siemens s7-300,,,,,NOKAI,,,
8202 siemens s7-300,,,,,notused,,,
8203 siemens s7-300,,,,,NOTUSED,,,
8204 siemens s7-300,,,,,noway,,,
8205 siemens s7-300,,,,,NOWAY,,,
8206 siemens s7-300,,,,,NSADB,,,
8207 siemens s7-300,,,,,ntacdmax,,,
8208 siemens s7-300,,,,,NTACDMAX,,,
8209 siemens s7-300,,,,,null,,,
8210 siemens s7-300,,,,,NULL,,,
8211 siemens s7-300,,,,,o,,,
8212 siemens s7-300,,,,,O,,,
8213 siemens s7-300,,,,,OCS,,,
8214 siemens s7-300,,,,,oem,,,
8215 siemens s7-300,,,,,OEM,,,
8216 siemens s7-300,,,,,OkiLAN,,,
8217 siemens s7-300,,,,,OKILAN,,,
8218 siemens s7-300,,,,,omron,,,
8219 siemens s7-300,,,,,OMRON,,,
8220 siemens s7-300,,,,,oo,,,
8221 siemens s7-300,,,,,OO,,,
8222 siemens s7-300,,,,,ooo,,,
8223 siemens s7-300,,,,,OOO,,,
8224 siemens s7-300,,,,,oooo,,,
8225 siemens s7-300,,,,,OOOO,,,
8226 siemens s7-300,,,,,ooooo,,,
8227 siemens s7-300,,,,,OOOOO,,,
8228 siemens s7-300,,,,,oooooo,,,
8229 siemens s7-300,,,,,OOOOOO,,,
8230 siemens s7-300,,,,,ooooooo,,,
8231 siemens s7-300,,,,,OOOOOOO,,,
8232 siemens s7-300,,,,,oooooooo,,,
8233 siemens s7-300,,,,,OOOOOOOO,,,
8234 siemens s7-300,,,,,op3n,,,
8235 siemens s7-300,,,,,operator,,,
8236 siemens s7-300,,,,,OPERATOR,,,
8237 siemens s7-300,,,,,Opto,,,
8238 siemens s7-300,,,,,OPTO,,,
8239 siemens s7-300,,,,,owner,,,
8240 siemens s7-300,,,,,OWNER,,,
8241 siemens s7-300,,,,,p,,,
8242 siemens s7-300,,,,,P,,,
8243 siemens s7-300,,,,,P@55w0rd!,,,
8244 siemens s7-300,,,,,pas,,,
8245 siemens s7-300,,,,,PAS,,,
8246 siemens s7-300,,,,,pass,,,
8247 siemens s7-300,,,,,PASS,,,
8248 siemens s7-300,,,,,PASSAGE,,,
8249 siemens s7-300,,,,,passage,,,
8250 siemens s7-300,,,,,passw,,,
8251 siemens s7-300,,,,,PASSW,,,
8252 siemens s7-300,,,,,passwd,,,
8253 siemens s7-300,,,,,PASSWD,,,
8254 siemens s7-300,,,,,passwo,,,
8255 siemens s7-300,,,,,PASSWO,,,
8256 siemens s7-300,,,,,passwor,,,
8257 siemens s7-300,,,,,PASSWOR,,,
8258 siemens s7-300,,,,,password,,,
8259 siemens s7-300,,,,,PASSWORD,,,
8260 siemens s7-300,,,,,pat,,,
8261 siemens s7-300,,,,,PAT,,,
8262 siemens s7-300,,,,,paterna,,,
8263 siemens s7-300,,,,,PATERNA,,,
8264 siemens s7-300,,,,,patrick,,,
8265 siemens s7-300,,,,,PATRICK,,,
8266 siemens s7-300,,,,,patrol,,,
8267 siemens s7-300,,,,,PATROL,,,
8268 siemens s7-300,,,,,PBX,,,
8269 siemens s7-300,,,,,pbxk1064,,,
8270 siemens s7-300,,,,,PBXK1064,,,
8271 siemens s7-300,,,,,pcs7,,,
8272 siemens s7-300,,,,,PCS7,,,
8273 siemens s7-300,,,,,pentium,,,
8274 siemens s7-300,,,,,PENTIUM,,,
8275 siemens s7-300,,,,,pento,,,
8276 siemens s7-300,,,,,PENTO,,,
8277 siemens s7-300,,,,,pepper,,,
8278 siemens s7-300,,,,,PEPPER,,,
8279 siemens s7-300,,,,,pepsi,,,
8280 siemens s7-300,,,,,PEPSI,,,
8281 siemens s7-300,,,,,permit,,,
8282 siemens s7-300,,,,,PERMIT,,,
8283 siemens s7-300,,,,,personal,,,
8284 siemens s7-300,,,,,PERSONAL,,,
8285 siemens s7-300,,,,,pfsense,,,
8286 siemens s7-300,,,,,PFSENSE,,,
8287 siemens s7-300,,,,,photonix,,,
8288 siemens s7-300,,,,,PHOTONIX,,,
8289 siemens s7-300,,,,,pilou,,,
8290 siemens s7-300,,,,,PILOU,,,
8291 siemens s7-300,,,,,piranha,,,
8292 siemens s7-300,,,,,PIRANHA,,,
8293 siemens s7-300,,,,,plc,,,
8294 siemens s7-300,,,,,PLC,,,
8295 siemens s7-300,,,,,plcsim,,,
8296 siemens s7-300,,,,,PLCSIM,,,
8297 siemens s7-300,,,,,PlsChgMe,,,
8298 siemens s7-300,,,,,poerty,,,
8299 siemens s7-300,,,,,POERTY,,,
8300 siemens s7-300,,,,,policy,,,
8301 siemens s7-300,,,,,POLICY,,,
8302 siemens s7-300,,,,,Posterie,,,
8303 siemens s7-300,,,,,POSTERIE,,,
8304 siemens s7-300,,,,,power,,,
8305 siemens s7-300,,,,,POWER,,,
8306 siemens s7-300,,,,,pp,,,
8307 siemens s7-300,,,,,PP,,,
8308 siemens s7-300,,,,,ppp,,,
8309 siemens s7-300,,,,,PPP,,,
8310 siemens s7-300,,,,,pppp,,,
8311 siemens s7-300,,,,,PPPP,,,
8312 siemens s7-300,,,,,ppppp,,,
8313 siemens s7-300,,,,,PPPPP,,,
8314 siemens s7-300,,,,,pppppp,,,
8315 siemens s7-300,,,,,PPPPPP,,,
8316 siemens s7-300,,,,,ppppppp,,,
8317 siemens s7-300,,,,,PPPPPPP,,,
8318 siemens s7-300,,,,,pppppppp,,,
8319 siemens s7-300,,,,,PPPPPPPP,,,
8320 siemens s7-300,,,,,princess,,,
8321 siemens s7-300,,,,,PRINCESS,,,
8322 siemens s7-300,,,,,private,,,
8323 siemens s7-300,,,,,PRIVATE,,,
8324 siemens s7-300,,,,,proddta,,,
8325 siemens s7-300,,,,,PRODDTA,,,
8326 siemens s7-300,,,,,profibus,,,
8327 siemens s7-300,,,,,PROFIBUS,,,
8328 siemens s7-300,,,,,Protector,,,
8329 siemens s7-300,,,,,PROTECTOR,,,
8330 siemens s7-300,,,,,protool,,,
8331 siemens s7-300,,,,,PROTOOL,,,
8332 siemens s7-300,,,,,public,,,
8333 siemens s7-300,,,,,PUBLIC,,,
8334 siemens s7-300,,,,,pusy,,,
8335 siemens s7-300,,,,,PUSY,,,
8336 siemens s7-300,,,,,pw123,,,
8337 siemens s7-300,,,,,PW123,,,
8338 siemens s7-300,,,,,pwd,,,
8339 siemens s7-300,,,,,PWD,,,
8340 siemens s7-300,,,,,q,,,
8341 siemens s7-300,,,,,Q,,,
8342 siemens s7-300,,,,,qawsed,,,
8343 siemens s7-300,,,,,qq,,,
8344 siemens s7-300,,,,,QQ,,,
8345 siemens s7-300,,,,,qq520,,,
8346 siemens s7-300,,,,,QQ520,,,
8347 siemens s7-300,,,,,qqq,,,
8348 siemens s7-300,,,,,QQQ,,,
8349 siemens s7-300,,,,,qqqq,,,
8350 siemens s7-300,,,,,QQQQ,,,
8351 siemens s7-300,,,,,qqqqq,,,
8352 siemens s7-300,,,,,QQQQQ,,,
8353 siemens s7-300,,,,,qqqqqq,,,
8354 siemens s7-300,,,,,QQQQQQ,,,
8355 siemens s7-300,,,,,qqqqqqq,,,
8356 siemens s7-300,,,,,QQQQQQQ,,,
8357 siemens s7-300,,,,,qqqqqqqq,,,
8358 siemens s7-300,,,,,QQQQQQQQ,,,
8359 siemens s7-300,,,,,qwe,,,
8360 siemens s7-300,,,,,qwer,,,
8361 siemens s7-300,,,,,QWER,,,
8362 siemens s7-300,,,,,QWERT,,,
8363 siemens s7-300,,,,,qwerty,,,
8364 siemens s7-300,,,,,QWERTY,,,
8365 siemens s7-300,,,,,qwerty1,,,
8366 siemens s7-300,,,,,qwertyu,,,
8367 siemens s7-300,,,,,QWERTYU,,,
8368 siemens s7-300,,,,,qwertyui,,,
8369 siemens s7-300,,,,,QWERTYUI,,,
8370 siemens s7-300,,,,,r,,,
8371 siemens s7-300,,,,,R,,,
8372 siemens s7-300,,,,,r@p8p0r+,,,
8373 siemens s7-300,,,,,R1QTPS,,,
8374 siemens s7-300,,,,,rade0n,,,
8375 siemens s7-300,,,,,RADE0N,,,
8376 siemens s7-300,,,,,RADEON,,,
8377 siemens s7-300,,,,,radius,,,
8378 siemens s7-300,,,,,RADIUS,,,
8379 siemens s7-300,,,,,radware,,,
8380 siemens s7-300,,,,,RADWARE,,,
8381 siemens s7-300,,,,,rdfhnbhf,,,
8382 siemens s7-300,,,,,RDFHNBHF,,,
8383 siemens s7-300,,,,,recovery,,,
8384 siemens s7-300,,,,,RECOVERY,,,
8385 siemens s7-300,,,,,rego,,,
8386 siemens s7-300,,,,,REGO,,,
8387 siemens s7-300,,,,,remote,,,
8388 siemens s7-300,,,,,REMOTE,,,
8389 siemens s7-300,,,,,rip000,,,
8390 siemens s7-300,,,,,RIP000,,,
8391 siemens s7-300,,,,,rittal,,,
8392 siemens s7-300,,,,,RITTAL,,,
8393 siemens s7-300,,,,,robele,,,
8394 siemens s7-300,,,,,ROBELLE,,,
8395 siemens s7-300,,,,,root,,,
8396 siemens s7-300,,,,,ROOT,,,
8397 siemens s7-300,,,,,ROOT500,,,
8398 siemens s7-300,,,,,router,,,
8399 siemens s7-300,,,,,ROUTER,,,
8400 siemens s7-300,,,,,rr,,,
8401 siemens s7-300,,,,,RR,,,
8402 siemens s7-300,,,,,rrr,,,
8403 siemens s7-300,,,,,RRR,,,
8404 siemens s7-300,,,,,rrrr,,,
8405 siemens s7-300,,,,,RRRR,,,
8406 siemens s7-300,,,,,rrrrr,,,
8407 siemens s7-300,,,,,RRRRR,,,
8408 siemens s7-300,,,,,rrrrrr,,,
8409 siemens s7-300,,,,,RRRRRR,,,
8410 siemens s7-300,,,,,rrrrrrr,,,
8411 siemens s7-300,,,,,RRRRRRR,,,
8412 siemens s7-300,,,,,rrrrrrrr,,,
8413 siemens s7-300,,,,,RRRRRRRR,,,
8414 siemens s7-300,,,,,rs4igoy,,,
8415 siemens s7-300,,,,,RS4IGOY,,,
8416 siemens s7-300,,,,,RSX,,,
8417 siemens s7-300,,,,,rtyhn,,,
8418 siemens s7-300,,,,,RTYHN,,,
8419 siemens s7-300,,,,,run-p,,,
8420 siemens s7-300,,,,,RUN-P,,,
8421 siemens s7-300,,,,,russia,,,
8422 siemens s7-300,,,,,RUSSIA,,,
8423 siemens s7-300,,,,,rwmaint,,,
8424 siemens s7-300,,,,,RWMAINT,,,
8425 siemens s7-300,,,,,s,,,
8426 siemens s7-300,,,,,S,,,
8427 siemens s7-300,,,,,s7,,,
8428 siemens s7-300,,,,,S7,,,
8429 siemens s7-300,,,,,s7-300,,,
8430 siemens s7-300,,,,,S7-300,,,
8431 siemens s7-300,,,,,s7-400,,,
8432 siemens s7-300,,,,,S7-400,,,
8433 siemens s7-300,,,,,scout,,,
8434 siemens s7-300,,,,,SCOUT,,,
8435 siemens s7-300,,,,,search,,,
8436 siemens s7-300,,,,,SEARCH,,,
8437 siemens s7-300,,,,,secret,,,
8438 siemens s7-300,,,,,SECRET,,,
8439 siemens s7-300,,,,,secure,,,
8440 siemens s7-300,,,,,SECURE,,,
8441 siemens s7-300,,,,,security,,,
8442 siemens s7-300,,,,,SECURITY,,,
8443 siemens s7-300,,,,,sekret,,,
8444 siemens s7-300,,,,,SEKRET,,,
8445 siemens s7-300,,,,,Sensor,,,
8446 siemens s7-300,,,,,serco,,,
8447 siemens s7-300,,,,,SERCO,,,
8448 siemens s7-300,,,,,serial#,,,
8449 siemens s7-300,,,,,serovox,,,
8450 siemens s7-300,,,,,SEROVOX,,,
8451 siemens s7-300,,,,,server,,,
8452 siemens s7-300,,,,,SERVER,,,
8453 siemens s7-300,,,,,SESAME,,,
8454 siemens s7-300,,,,,setherco,,,
8455 siemens s7-300,,,,,SETHERCO,,,
8456 siemens s7-300,,,,,setup,,,
8457 siemens s7-300,,,,,SETUP,,,
8458 siemens s7-300,,,,,sex,,,
8459 siemens s7-300,,,,,SEX,,,
8460 siemens s7-300,,,,,sgena,,,
8461 siemens s7-300,,,,,SGENA,,,
8462 siemens s7-300,,,,,sgilent,,,
8463 siemens s7-300,,,,,SGILENT,,,
8464 siemens s7-300,,,,,shadow,,,
8465 siemens s7-300,,,,,SHADOW,,,
8466 siemens s7-300,,,,,Sharp,,,
8467 siemens s7-300,,,,,sicostart,,,
8468 siemens s7-300,,,,,SICOSTART,,,
8469 siemens s7-300,,,,,siemens,,,
8470 siemens s7-300,,,,,SIEMENS,,,
8471 siemens s7-300,,,,,simatic,,,
8472 siemens s7-300,,,,,SIMATIC,,,
8473 siemens s7-300,,,,,simens,,,
8474 siemens s7-300,,,,,SIMENS,,,
8475 siemens s7-300,,,,,simo,,,
8476 siemens s7-300,,,,,SIMO,,,
8477 siemens s7-300,,,,,simocode,,,
8478 siemens s7-300,,,,,SIMOCODE,,,
8479 siemens s7-300,,,,,simoreg,,,
8480 siemens s7-300,,,,,SIMOREG,,,
8481 siemens s7-300,,,,,simovert,,,
8482 siemens s7-300,,,,,SIMOVERT,,,
8483 siemens s7-300,,,,,simtec,,,
8484 siemens s7-300,,,,,SIMTEC,,,
8485 siemens s7-300,,,,,sirborn,,,
8486 siemens s7-300,,,,,SIRBORN,,,
8487 siemens s7-300,,,,,sitop,,,
8488 siemens s7-300,,,,,SITOP,,,
8489 siemens s7-300,,,,,SKY_FOX,,,
8490 siemens s7-300,,,,,slave,,,
8491 siemens s7-300,,,,,SLAVE,,,
8492 siemens s7-300,,,,,slipknot,,,
8493 siemens s7-300,,,,,SLIPKNOT,,,
8494 siemens s7-300,,,,,SMDR,,,
8495 siemens s7-300,,,,,smile,,,
8496 siemens s7-300,,,,,SMILE,,,
8497 siemens s7-300,,,,,smuser,,,
8498 siemens s7-300,,,,,SMUSER,,,
8499 siemens s7-300,,,,,snoopy,,,
8500 siemens s7-300,,,,,SNOOPY,,,
8501 siemens s7-300,,,,,soccer,,,
8502 siemens s7-300,,,,,SOCCER,,,
8503 siemens s7-300,,,,,solution,,,
8504 siemens s7-300,,,,,SOLUTION,,,
8505 siemens s7-300,,,,,SpIp,,,
8506 siemens s7-300,,,,,ss,,,
8507 siemens s7-300,,,,,SS,,,
8508 siemens s7-300,,,,,SSA,,,
8509 siemens s7-300,,,,,sss,,,
8510 siemens s7-300,,,,,SSS,,,
8511 siemens s7-300,,,,,ssss,,,
8512 siemens s7-300,,,,,SSSS,,,
8513 siemens s7-300,,,,,sssss,,,
8514 siemens s7-300,,,,,SSSSS,,,
8515 siemens s7-300,,,,,ssssss,,,
8516 siemens s7-300,,,,,SSSSSS,,,
8517 siemens s7-300,,,,,sssssss,,,
8518 siemens s7-300,,,,,SSSSSSS,,,
8519 siemens s7-300,,,,,ssssssss,,,
8520 siemens s7-300,,,,,SSSSSSSS,,,
8521 siemens s7-300,,,,,stan,,,
8522 siemens s7-300,,,,,STAN,,,
8523 siemens s7-300,,,,,star,,,
8524 siemens s7-300,,,,,STAR,,,
8525 siemens s7-300,,,,,starwar,,,
8526 siemens s7-300,,,,,STARWAR,,,
8527 siemens s7-300,,,,,step5,,,
8528 siemens s7-300,,,,,STEP5,,,
8529 siemens s7-300,,,,,step7,,,
8530 siemens s7-300,,,,,STEP7,,,
8531 siemens s7-300,,,,,stimpy,,,
8532 siemens s7-300,,,,,STIMPY,,,
8533 siemens s7-300,,,,,stl,,,
8534 siemens s7-300,,,,,STL,,,
8535 siemens s7-300,,,,,stop,,,
8536 siemens s7-300,,,,,STOP,,,
8537 siemens s7-300,,,,,ststic,,,
8538 siemens s7-300,,,,,STSTIC,,,
8539 siemens s7-300,,,,,summer,,,
8540 siemens s7-300,,,,,SUMMER,,,
8541 siemens s7-300,,,,,sunrise,,,
8542 siemens s7-300,,,,,SUNRISE,,,
8543 siemens s7-300,,,,,Super,,,
8544 siemens s7-300,,,,,superid,,,
8545 siemens s7-300,,,,,SUPERID,,,
8546 siemens s7-300,,,,,superman,,,
8547 siemens s7-300,,,,,SUPERMAN,,,
8548 siemens s7-300,,,,,support,,,
8549 siemens s7-300,,,,,SUPPORT,,,
8550 siemens s7-300,,,,,surt,,,
8551 siemens s7-300,,,,,SURT,,,
8552 siemens s7-300,,,,,switch,,,
8553 siemens s7-300,,,,,SWITCH,,,
8554 siemens s7-300,,,,,sybase,,,
8555 siemens s7-300,,,,,SYBASE,,,
8556 siemens s7-300,,,,,Symbol,,,
8557 siemens s7-300,,,,,SYMBOL,,,
8558 siemens s7-300,,,,,synnet,,,
8559 siemens s7-300,,,,,SYNNET,,,
8560 siemens s7-300,,,,,sysadm,,,
8561 siemens s7-300,,,,,SYSADM,,,
8562 siemens s7-300,,,,,SYSDISC,,,
8563 siemens s7-300,,,,,sysdisk,,,
8564 siemens s7-300,,,,,system,,,
8565 siemens s7-300,,,,,SYSTEM,,,
8566 siemens s7-300,,,,,t,,,
8567 siemens s7-300,,,,,T,,,
8568 siemens s7-300,,,,,talent,,,
8569 siemens s7-300,,,,,TALENT,,,
8570 siemens s7-300,,,,,TALINUZ,,,
8571 siemens s7-300,,,,,talisman,,,
8572 siemens s7-300,,,,,TALISMAN,,,
8573 siemens s7-300,,,,,TANDBERG,,,
8574 siemens s7-300,,,,,TCH,,,
8575 siemens s7-300,,,,,tech,,,
8576 siemens s7-300,,,,,TECH,,,
8577 siemens s7-300,,,,,telco,,,
8578 siemens s7-300,,,,,TELCO,,,
8579 siemens s7-300,,,,,telecom,,,
8580 siemens s7-300,,,,,Telecom,,,
8581 siemens s7-300,,,,,TELECOM,,,
8582 siemens s7-300,,,,,telesup,,,
8583 siemens s7-300,,,,,TELESUP,,,
8584 siemens s7-300,,,,,tellabs#1,,,
8585 siemens s7-300,,,,,telus,,,
8586 siemens s7-300,,,,,TELUS,,,
8587 siemens s7-300,,,,,temp,,,
8588 siemens s7-300,,,,,TEMP,,,
8589 siemens s7-300,,,,,temp123,,,
8590 siemens s7-300,,,,,TEMP123,,,
8591 siemens s7-300,,,,,test,,,
8592 siemens s7-300,,,,,TEST,,,
8593 siemens s7-300,,,,,test123,,,
8594 siemens s7-300,,,,,TEST123,,,
8595 siemens s7-300,,,,,thomas,,,
8596 siemens s7-300,,,,,Thomas,,,
8597 siemens s7-300,,,,,THOMAS,,,
8598 siemens s7-300,,,,,tiaranet,,,
8599 siemens s7-300,,,,,TIARANET,,,
8600 siemens s7-300,,,,,tiger123,,,
8601 siemens s7-300,,,,,TIGER123,,,
8602 siemens s7-300,,,,,timely,,,
8603 siemens s7-300,,,,,TIMELY,,,
8604 siemens s7-300,,,,,tini,,,
8605 siemens s7-300,,,,,TINI,,,
8606 siemens s7-300,,,,,tivonpw,,,
8607 siemens s7-300,,,,,TIVONPW,,,
8608 siemens s7-300,,,,,tjm,,,
8609 siemens s7-300,,,,,TJM,,,
8610 siemens s7-300,,,,,tlah,,,
8611 siemens s7-300,,,,,TLAH,,,
8612 siemens s7-300,,,,,toolset,,,
8613 siemens s7-300,,,,,TOOLSET,,,
8614 siemens s7-300,,,,,trancell,,,
8615 siemens s7-300,,,,,TRANCELL,,,
8616 siemens s7-300,,,,,tratata,,,
8617 siemens s7-300,,,,,TRATATA,,,
8618 siemens s7-300,,,,,tslinux,,,
8619 siemens s7-300,,,,,TSLINUX,,,
8620 siemens s7-300,,,,,tt,,,
8621 siemens s7-300,,,,,TT,,,
8622 siemens s7-300,,,,,ttt,,,
8623 siemens s7-300,,,,,TTT,,,
8624 siemens s7-300,,,,,tttt,,,
8625 siemens s7-300,,,,,TTTT,,,
8626 siemens s7-300,,,,,ttttt,,,
8627 siemens s7-300,,,,,TTTTT,,,
8628 siemens s7-300,,,,,tttttt,,,
8629 siemens s7-300,,,,,TTTTTT,,,
8630 siemens s7-300,,,,,ttttttt,,,
8631 siemens s7-300,,,,,TTTTTTT,,,
8632 siemens s7-300,,,,,tttttttt,,,
8633 siemens s7-300,,,,,TTTTTTTT,,,
8634 siemens s7-300,,,,,tuborg,,,
8635 siemens s7-300,,,,,TUBORG,,,
8636 siemens s7-300,,,,,tuxalize,,,
8637 siemens s7-300,,,,,TUXALIZE,,,
8638 siemens s7-300,,,,,tx100,,,
8639 siemens s7-300,,,,,TX100,,,
8640 siemens s7-300,,,,,u,,,
8641 siemens s7-300,,,,,U,,,
8642 siemens s7-300,,,,,uplink,,,
8643 siemens s7-300,,,,,UPLINK,,,
8644 siemens s7-300,,,,,user,,,
8645 siemens s7-300,,,,,USER,,,
8646 siemens s7-300,,,,,uu,,,
8647 siemens s7-300,,,,,UU,,,
8648 siemens s7-300,,,,,uuu,,,
8649 siemens s7-300,,,,,UUU,,,
8650 siemens s7-300,,,,,uuuu,,,
8651 siemens s7-300,,,,,UUUU,,,
8652 siemens s7-300,,,,,uuuuu,,,
8653 siemens s7-300,,,,,UUUUU,,,
8654 siemens s7-300,,,,,uuuuuu,,,
8655 siemens s7-300,,,,,UUUUUU,,,
8656 siemens s7-300,,,,,uuuuuuu,,,
8657 siemens s7-300,,,,,UUUUUUU,,,
8658 siemens s7-300,,,,,uuuuuuuu,,,
8659 siemens s7-300,,,,,UUUUUUUU,,,
8660 siemens s7-300,,,,,v,,,
8661 siemens s7-300,,,,,V,,,
8662 siemens s7-300,,,,,vesoft,,,
8663 siemens s7-300,,,,,VESOFT,,,
8664 siemens s7-300,,,,,visual,,,
8665 siemens s7-300,,,,,VISUAL,,,
8666 siemens s7-300,,,,,vjqgfhjkm,,,
8667 siemens s7-300,,,,,VJQGFHJKM,,,
8668 siemens s7-300,,,,,vodka,,,
8669 siemens s7-300,,,,,VODKA,,,
8670 siemens s7-300,,,,,volition,,,
8671 siemens s7-300,,,,,VOLITION,,,
8672 siemens s7-300,,,,,vv,,,
8673 siemens s7-300,,,,,VV,,,
8674 siemens s7-300,,,,,vvv,,,
8675 siemens s7-300,,,,,VVV,,,
8676 siemens s7-300,,,,,vvvv,,,
8677 siemens s7-300,,,,,VVVV,,,
8678 siemens s7-300,,,,,vvvvv,,,
8679 siemens s7-300,,,,,VVVVV,,,
8680 siemens s7-300,,,,,vvvvvv,,,
8681 siemens s7-300,,,,,VVVVVV,,,
8682 siemens s7-300,,,,,vvvvvvv,,,
8683 siemens s7-300,,,,,VVVVVVV,,,
8684 siemens s7-300,,,,,vvvvvvvv,,,
8685 siemens s7-300,,,,,VVVVVVVV,,,
8686 siemens s7-300,,,,,w,,,
8687 siemens s7-300,,,,,W,,,
8688 siemens s7-300,,,,,W9F3,,,
8689 siemens s7-300,,,,,webadmin,,,
8690 siemens s7-300,,,,,WEBADMIN,,,
8691 siemens s7-300,,,,,win,,,
8692 siemens s7-300,,,,,WIN,,,
8693 siemens s7-300,,,,,wincc,,,
8694 siemens s7-300,,,,,WINCC,,,
8695 siemens s7-300,,,,,winterm,,,
8696 siemens s7-300,,,,,WINTERM,,,
8697 siemens s7-300,,,,,Wireless,,,
8698 siemens s7-300,,,,,WIRELESS,,,
8699 siemens s7-300,,,,,wizard,,,
8700 siemens s7-300,,,,,WIZARD,,,
8701 siemens s7-300,,,,,wlsedb,,,
8702 siemens s7-300,,,,,WLSEDB,,,
8703 siemens s7-300,,,,,wolf,,,
8704 siemens s7-300,,,,,WONF,,,
8705 siemens s7-300,,,,,ww,,,
8706 siemens s7-300,,,,,WW,,,
8707 siemens s7-300,,,,,www,,,
8708 siemens s7-300,,,,,WWW,,,
8709 siemens s7-300,,,,,wwww,,,
8710 siemens s7-300,,,,,WWWW,,,
8711 siemens s7-300,,,,,wwwww,,,
8712 siemens s7-300,,,,,WWWWW,,,
8713 siemens s7-300,,,,,wwwwww,,,
8714 siemens s7-300,,,,,WWWWWW,,,
8715 siemens s7-300,,,,,wwwwwww,,,
8716 siemens s7-300,,,,,WWWWWWW,,,
8717 siemens s7-300,,,,,wwwwwwww,,,
8718 siemens s7-300,,,,,WWWWWWWW,,,
8719 siemens s7-300,,,,,wyse,,,
8720 siemens s7-300,,,,,WYSE,,,
8721 siemens s7-300,,,,,x,,,
8722 siemens s7-300,,,,,X,,,
8723 siemens s7-300,,,,,x40rocks,,,
8724 siemens s7-300,,,,,X40ROCKS,,,
8725 siemens s7-300,,,,,x-admin,,,
8726 siemens s7-300,,,,,X-ADMIN,,,
8727 siemens s7-300,,,,,xbox,,,
8728 siemens s7-300,,,,,XBOX,,,
8729 siemens s7-300,,,,,xlserver,,,
8730 siemens s7-300,,,,,XLSERVER,,,
8731 siemens s7-300,,,,,xx,,,
8732 siemens s7-300,,,,,XX,,,
8733 siemens s7-300,,,,,xxx,,,
8734 siemens s7-300,,,,,XXX,,,
8735 siemens s7-300,,,,,xxxx,,,
8736 siemens s7-300,,,,,XXXX,,,
8737 siemens s7-300,,,,,xxxxx,,,
8738 siemens s7-300,,,,,XXXXX,,,
8739 siemens s7-300,,,,,xxxxxx,,,
8740 siemens s7-300,,,,,XXXXXX,,,
8741 siemens s7-300,,,,,xxxxxxx,,,
8742 siemens s7-300,,,,,XXXXXXX,,,
8743 siemens s7-300,,,,,xxxxxxxx,,,
8744 siemens s7-300,,,,,XXXXXXXX,,,
8745 siemens s7-300,,,,,xxyyzz,,,
8746 siemens s7-300,,,,,XXYYZZ,,,
8747 siemens s7-300,,,,,y,,,
8748 siemens s7-300,,,,,Y,,,
8749 siemens s7-300,,,,,yxcv,,,
8750 siemens s7-300,,,,,YXCV,,,
8751 siemens s7-300,,,,,yy,,,
8752 siemens s7-300,,,,,YY,,,
8753 siemens s7-300,,,,,yyy,,,
8754 siemens s7-300,,,,,YYY,,,
8755 siemens s7-300,,,,,yyyy,,,
8756 siemens s7-300,,,,,YYYY,,,
8757 siemens s7-300,,,,,yyyyy,,,
8758 siemens s7-300,,,,,YYYYY,,,
8759 siemens s7-300,,,,,yyyyyy,,,
8760 siemens s7-300,,,,,YYYYYY,,,
8761 siemens s7-300,,,,,yyyyyyy,,,
8762 siemens s7-300,,,,,YYYYYYY,,,
8763 siemens s7-300,,,,,yyyyyyyy,,,
8764 siemens s7-300,,,,,YYYYYYYY,,,
8765 siemens s7-300,,,,,z,,,
8766 siemens s7-300,,,,,Z,,,
8767 siemens s7-300,,,,,z0ne,,,
8768 siemens s7-300,,,,,Z0NE,,,
8769 siemens s7-300,,,,,zettler,,,
8770 siemens s7-300,,,,,ZETTLER,,,
8771 siemens s7-300,,,,,zippo,,,
8772 siemens s7-300,,,,,ZIPPO,,,
8773 siemens s7-300,,,,,zone,,,
8774 siemens s7-300,,,,,ZONE,,,
8775 siemens s7-300,,,,,zoomadsl,,,
8776 siemens s7-300,,,,,ZOOMADSL,,,
8777 siemens s7-300,,,,,zorro,,,
8778 siemens s7-300,,,,,ZORRO,,,
8779 siemens s7-300,,,,,zorromen,,,
8780 siemens s7-300,,,,,ZORROMEN,,,
8781 siemens s7-300,,,,,zxc,,,
8782 siemens s7-300,,,,,ZXC,,,
8783 siemens s7-300,,,,,zxcv,,,
8784 siemens s7-300,,,,,ZXCV,,,
8785 siemens s7-300,,,,,zxcvb,,,
8786 siemens s7-300,,,,,ZXCVB,,,
8787 siemens s7-300,,,,,zxcvbn,,,
8788 siemens s7-300,,,,,ZXCVBN,,,
8789 siemens s7-300,,,,,zxcvbnm,,,
8790 siemens s7-300,,,,,ZXCVBNM,,,
8791 siemens s7-300,,,,,zxcvbnm,,,,
8792 siemens s7-300,,,,,ZXCVBNM,,,,
8793 siemens s7-300,,,,,zz,,,
8794 siemens s7-300,,,,,ZZ,,,
8795 siemens s7-300,,,,,zzz,,,
8796 siemens s7-300,,,,,ZZZ,,,
8797 siemens s7-300,,,,,zzzz,,,
8798 siemens s7-300,,,,,ZZZZ,,,
8799 siemens s7-300,,,,,zzzzz,,,
8800 siemens s7-300,,,,,ZZZZZ,,,
8801 siemens s7-300,,,,,zzzzzz,,,
8802 siemens s7-300,,,,,ZZZZZZ,,,
8803 siemens s7-300,,,,,zzzzzzz,,,
8804 siemens s7-300,,,,,ZZZZZZZ,,,
8805 siemens s7-300,,,,,zzzzzzzz,,,
8806 siemens s7-300,,,,,ZZZZZZZZ,,,
+61
-66
hmacmd5.c less more
0
01 /*
12 Unix SMB/CIFS implementation.
23 HMAC MD5 code for use in NTLMv2
3233 the rfc 2104 version of hmac_md5 initialisation.
3334 ***********************************************************************/
3435
35 void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context *ctx)
36 {
37 int i;
38 unsigned char tk[16];
36 void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context * ctx) {
37 int i;
38 unsigned char tk[16];
3939
40 /* if key is longer than 64 bytes reset it to key=MD5(key) */
41 if (key_len > 64) {
42 MD5_CTX tctx;
40 /* if key is longer than 64 bytes reset it to key=MD5(key) */
41 if (key_len > 64) {
42 MD5_CTX tctx;
4343
44 MD5_Init(&tctx);
45 MD5_Update(&tctx, (void *)key, key_len);
46 MD5_Final(tk, &tctx);
44 MD5_Init(&tctx);
45 MD5_Update(&tctx, (void *) key, key_len);
46 MD5_Final(tk, &tctx);
4747
48 key = tk;
49 key_len = 16;
50 }
48 key = tk;
49 key_len = 16;
50 }
5151
52 /* start out by storing key in pads */
53 ZERO_STRUCT(ctx->k_ipad);
54 ZERO_STRUCT(ctx->k_opad);
55 memcpy( ctx->k_ipad, key, key_len);
56 memcpy( ctx->k_opad, key, key_len);
52 /* start out by storing key in pads */
53 ZERO_STRUCT(ctx->k_ipad);
54 ZERO_STRUCT(ctx->k_opad);
55 memcpy(ctx->k_ipad, key, key_len);
56 memcpy(ctx->k_opad, key, key_len);
5757
58 /* XOR key with ipad and opad values */
59 for (i=0; i<64; i++) {
60 ctx->k_ipad[i] ^= 0x36;
61 ctx->k_opad[i] ^= 0x5c;
62 }
58 /* XOR key with ipad and opad values */
59 for (i = 0; i < 64; i++) {
60 ctx->k_ipad[i] ^= 0x36;
61 ctx->k_opad[i] ^= 0x5c;
62 }
6363
64 MD5_Init(&ctx->ctx);
65 MD5_Update(&ctx->ctx, ctx->k_ipad, 64);
64 MD5_Init(&ctx->ctx);
65 MD5_Update(&ctx->ctx, ctx->k_ipad, 64);
6666 }
6767
6868 /***********************************************************************
6969 the microsoft version of hmac_md5 initialisation.
7070 ***********************************************************************/
7171
72 void hmac_md5_init_limK_to_64(const unsigned char* key, int key_len,
73 HMACMD5Context *ctx)
74 {
75 int i;
72 void hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, HMACMD5Context * ctx) {
73 int i;
7674
77 /* if key is longer than 64 bytes truncate it */
78 if (key_len > 64) {
79 key_len = 64;
80 }
75 /* if key is longer than 64 bytes truncate it */
76 if (key_len > 64) {
77 key_len = 64;
78 }
8179
82 /* start out by storing key in pads */
83 ZERO_STRUCT(ctx->k_ipad);
84 ZERO_STRUCT(ctx->k_opad);
85 memcpy( ctx->k_ipad, key, key_len);
86 memcpy( ctx->k_opad, key, key_len);
80 /* start out by storing key in pads */
81 ZERO_STRUCT(ctx->k_ipad);
82 ZERO_STRUCT(ctx->k_opad);
83 memcpy(ctx->k_ipad, key, key_len);
84 memcpy(ctx->k_opad, key, key_len);
8785
88 /* XOR key with ipad and opad values */
89 for (i=0; i<64; i++) {
90 ctx->k_ipad[i] ^= 0x36;
91 ctx->k_opad[i] ^= 0x5c;
92 }
86 /* XOR key with ipad and opad values */
87 for (i = 0; i < 64; i++) {
88 ctx->k_ipad[i] ^= 0x36;
89 ctx->k_opad[i] ^= 0x5c;
90 }
9391
94 MD5_Init(&ctx->ctx);
95 MD5_Update(&ctx->ctx, ctx->k_ipad, 64);
92 MD5_Init(&ctx->ctx);
93 MD5_Update(&ctx->ctx, ctx->k_ipad, 64);
9694 }
9795
9896 /***********************************************************************
9997 update hmac_md5 "inner" buffer
10098 ***********************************************************************/
10199
102 void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context *ctx)
103 {
104 MD5_Update(&ctx->ctx, (void *)text, text_len); /* then text of datagram */
100 void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context * ctx) {
101 MD5_Update(&ctx->ctx, (void *) text, text_len); /* then text of datagram */
105102 }
106103
107104 /***********************************************************************
108105 finish off hmac_md5 "inner" buffer and generate outer one.
109106 ***********************************************************************/
110 void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx)
107 void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx)
108 {
109 MD5_CTX ctx_o;
111110
112 {
113 MD5_CTX ctx_o;
111 MD5_Final(digest, &ctx->ctx);
114112
115 MD5_Final(digest, &ctx->ctx);
116
117 MD5_Init(&ctx_o);
118 MD5_Update(&ctx_o, ctx->k_opad, 64);
119 MD5_Update(&ctx_o, digest, 16);
120 MD5_Final(digest, &ctx_o);
113 MD5_Init(&ctx_o);
114 MD5_Update(&ctx_o, ctx->k_opad, 64);
115 MD5_Update(&ctx_o, digest, 16);
116 MD5_Final(digest, &ctx_o);
121117 }
122118
123119 /***********************************************************
125121 use the microsoft hmacmd5 init method because the key is 16 bytes.
126122 ************************************************************/
127123
128 void hmac_md5( unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest)
129 {
130 HMACMD5Context ctx;
131 hmac_md5_init_limK_to_64(key, 16, &ctx);
132 if (data_len != 0)
133 {
134 hmac_md5_update(data, data_len, &ctx);
135 }
136 hmac_md5_final(digest, &ctx);
124 void hmac_md5(unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest) {
125 HMACMD5Context ctx;
126
127 hmac_md5_init_limK_to_64(key, 16, &ctx);
128 if (data_len != 0) {
129 hmac_md5_update(data, data_len, &ctx);
130 }
131 hmac_md5_final(digest, &ctx);
137132 }
138133
139134 #endif
+11
-7
hydra-afp.c less more
4343 struct afp_server *server = NULL;
4444
4545 conn_req = malloc(sizeof(struct afp_connection_request));
46 server = malloc(sizeof(struct afp_server));
46 // server = malloc(sizeof(struct afp_server));
4747
4848 memset(conn_req, 0, sizeof(struct afp_connection_request));
4949
6666 //fprintf(stderr, "Initiating connection attempt.\n");
6767 if ((server = afp_server_full_connect(NULL, conn_req)) == NULL) {
6868 FREE(conn_req);
69 FREE(server);
69 // FREE(server);
7070 return -1;
7171 }
7272 //fprintf(stderr, "Connected to server: %s via UAM: %s\n", server->server_name_printable, uam_bitmap_to_string(server->using_uam));
7979
8080 int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
8181 char *empty = "";
82 char *login, *pass;
82 char *login, *pass, mlogin[AFP_MAX_USERNAME_LEN], mpass[AFP_MAX_PASSWORD_LEN];
8383 struct afp_url tmpurl;
8484
8585 /* Build AFP authentication request */
9696
9797 strncpy(tmpurl.servername, hydra_address2string(ip), AFP_SERVER_NAME_LEN - 1);
9898 tmpurl.servername[AFP_SERVER_NAME_LEN] = 0;
99 memcpy(&tmpurl.username, login, AFP_MAX_USERNAME_LEN);
100 memcpy(&tmpurl.password, pass, AFP_MAX_PASSWORD_LEN);
99 strncpy(mlogin, login, AFP_MAX_USERNAME_LEN - 1);
100 mlogin[AFP_MAX_USERNAME_LEN - 1] = 0;
101 strncpy(mpass, pass, AFP_MAX_PASSWORD_LEN - 1);
102 mpass[AFP_MAX_PASSWORD_LEN - 1] = 0;
103 memcpy(&tmpurl.username, mlogin, AFP_MAX_USERNAME_LEN);
104 memcpy(&tmpurl.password, mpass, AFP_MAX_PASSWORD_LEN);
101105
102106 if (server_subconnect(tmpurl) == 0) {
103107 hydra_report_found_host(port, ip, "afp", fp);
135139 port = myport;
136140 }
137141 if (sock < 0) {
138 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
142 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
139143 hydra_child_exit(1);
140144 }
141145
168172
169173 #endif
170174
171 int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
175 int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
172176 // called before the childrens are forked off, so this is the function
173177 // which should be filled if initial connections and service setup has to be
174178 // performed once only.
+8
-7
hydra-asterisk.c less more
2727 memset(buffer, 0, sizeof(buffer));
2828 sprintf(buffer, "Action: Login\r\nUsername: %.250s\r\nSecret: %.250s\r\n\r\n", login, pass);
2929
30 if (verbose || debug)
31 hydra_report(stderr, "[VERBOSE] C: %s\n", buffer);
30 if (debug)
31 hydra_report(stderr, "[DEBUG] C: %s\n", buffer);
3232
3333 if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
3434 return 1;
3636 if ((buf = hydra_receive_line(s)) == NULL)
3737 return 1;
3838
39 if (verbose || debug)
40 hydra_report(stderr, "[VERBOSE] S: %s\n", buf);
39 if (debug)
40 hydra_report(stderr, "[DEBUG] S: %s\n", buf);
4141
4242 if (buf == NULL || (strstr(buf, "Response: ") == NULL)) {
4343 hydra_report(stderr, "[ERROR] Asterisk Call Manager protocol error or service shutdown: %s\n", buf);
8383 if (port != 0)
8484 mysslport = port;
8585 sock = hydra_connect_ssl(ip, mysslport);
86 port = myport;
86 port = mysslport;
8787 }
8888
8989 if (sock < 0) {
9898
9999 if (buf == NULL || strstr(buf, "Asterisk Call Manager/") == NULL) {
100100 /* check the first line */
101 if (verbose || debug) hydra_report(stderr, "[ERROR] Not an Asterisk Call Manager protocol or service shutdown: %s\n", buf);
101 if (verbose || debug)
102 hydra_report(stderr, "[ERROR] Not an Asterisk Call Manager protocol or service shutdown: %s\n", buf);
102103 hydra_child_exit(2);
103104 }
104105 free(buf);
120121 }
121122 }
122123
123 int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
124 int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
124125 // called before the childrens are forked off, so this is the function
125126 // which should be filled if initial connections and service setup has to be
126127 // performed once only.
+12
-8
hydra-cisco-enable.c less more
8686 port = mysslport;
8787 }
8888 if (sock < 0) {
89 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
89 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
9090 hydra_child_exit(1);
9191 }
9292
100100
101101 sprintf(buffer, "%.250s\r\n", login);
102102 if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
103 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid());
103 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid());
104104 hydra_child_exit(2);
105105 }
106106 }
107107
108108 if (miscptr != NULL) {
109 if (buf != NULL)
110 free(buf);
109111 while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) {
110112 if (hydra_strcasestr(buf, "ress ENTER") != NULL)
111113 hydra_send(sock, "\r\n", 2, 0);
114116
115117 sprintf(buffer, "%.250s\r\n", miscptr);
116118 if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
117 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid());
119 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid());
118120 hydra_child_exit(2);
119121 }
120122 }
121123
124 if (buf != NULL)
125 free(buf);
122126 buf = hydra_receive_line(sock);
123127 if (hydra_strcasestr(buf, "ress ENTER") != NULL) {
124128 hydra_send(sock, "\r\n", 2, 0);
127131 }
128132
129133 if (strstr(buf, "assw") != NULL) {
130 fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int) getpid());
134 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int) getpid());
131135 hydra_child_exit(2);
132136 }
133137 free(buf);
142146
143147 sprintf(buffer, "%.250s\r\n", "ena");
144148 if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
145 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int) getpid());
149 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int) getpid());
146150 hydra_child_exit(2);
147151 }
148152
155159 if (failc < retry) {
156160 next_run = 1;
157161 failc++;
158 fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry);
162 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry);
159163 sleep(3);
160164 break;
161165 } else {
175179 case 3: /* clean exit */
176180 sprintf(buffer, "%.250s\r\n", "exit");
177181 if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
178 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int) getpid());
182 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int) getpid());
179183 hydra_child_exit(0);
180184 }
181185 if (sock >= 0)
191195 }
192196 }
193197
194 int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
198 int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
195199 // called before the childrens are forked off, so this is the function
196200 // which should be filled if initial connections and service setup has to be
197201 // performed once only.
+21
-11
hydra-cisco.c less more
44 #endif
55
66 extern char *HYDRA_EXIT;
7 char *buf;
7 char *buf = NULL;
88
99 int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
1010 char *empty = "";
2424 }
2525 sleep(1);
2626 do {
27 buf = hydra_receive_line(s);
27 if (buf != NULL)
28 free(buf);
29 if ((buf = hydra_receive_line(s)) == NULL)
30 return 3;
2831 if (buf[strlen(buf) - 1] == '\n')
2932 buf[strlen(buf) - 1] = 0;
3033 if (buf[strlen(buf) - 1] == '\r')
4851 return 1;
4952 }
5053 do {
51 buf = hydra_receive_line(s);
54 free(buf);
55 if ((buf = hydra_receive_line(s)) == NULL)
56 return 3;
5257 if (buf[strlen(buf) - 1] == '\n')
5358 buf[strlen(buf) - 1] = 0;
5459 if (buf[strlen(buf) - 1] == '\r')
5762 if (buf != NULL && strstr(buf, "assw") != NULL) {
5863 hydra_completed_pair();
5964 free(buf);
65 buf = NULL;
6066 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
6167 return 3;
6268 if (strlen(pass = hydra_get_next_password()) == 0)
7278 return 1;
7379 }
7480 do {
81 if (buf != NULL)
82 free(buf);
7583 buf = hydra_receive_line(s);
76 if (buf[strlen(buf) - 1] == '\n')
77 buf[strlen(buf) - 1] = 0;
78 if (buf[strlen(buf) - 1] == '\r')
79 buf[strlen(buf) - 1] = 0;
80 } while (strlen(buf) <= 1);
84 if (buf != NULL) {
85 if (buf[strlen(buf) - 1] == '\n')
86 buf[strlen(buf) - 1] = 0;
87 if (buf[strlen(buf) - 1] == '\r')
88 buf[strlen(buf) - 1] = 0;
89 }
90 } while (buf != NULL && strlen(buf) <= 1);
8191 }
8292
8393 }
143153 if (failc < retry) {
144154 next_run = 1;
145155 failc++;
146 hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry);
156 if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry);
147157 sleep(3);
148158 break;
149159 } else {
150 hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid());
160 if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid());
151161 hydra_child_exit(0);
152162 }
153163 }
182192 }
183193 }
184194
185 int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
195 int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
186196 // called before the childrens are forked off, so this is the function
187197 // which should be filled if initial connections and service setup has to be
188198 // performed once only.
+1
-1
hydra-cvs.c less more
135135 }
136136 }
137137
138 int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
138 int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
139139 // called before the childrens are forked off, so this is the function
140140 // which should be filled if initial connections and service setup has to be
141141 // performed once only.
+9
-7
hydra-firebird.c less more
0
01 /*
12
23 Firebird Support - by David Maciejak @ GMAIL dot com
3132 char database[256];
3233 char connection_string[1024];
3334
34 isc_db_handle db; /* database handle */
35 isc_db_handle db; /* database handle */
3536 ISC_STATUS_ARRAY status; /* status vector */
3637
3738 char *dpb = NULL; /* DB parameter buffer */
4142 strncpy(database, miscptr, sizeof(database));
4243 else
4344 strncpy(database, DEFAULT_DB, sizeof(database));
45 database[sizeof(database) - 1] = 0;
4446
4547 if (strlen(login = hydra_get_next_login()) == 0)
4648 login = empty;
4749 if (strlen(pass = hydra_get_next_password()) == 0)
4850 pass = empty;
4951
50 dpb_length = (short)(1 + strlen(login) + 2 + strlen(pass) + 2);
51 if ((dpb = (char*)malloc(dpb_length)) == NULL) {
52 hydra_report(stderr, "[ERROR] Can't allocate memory\n");
53 return 1;
52 dpb_length = (short) (1 + strlen(login) + 2 + strlen(pass) + 2);
53 if ((dpb = (char *) malloc(dpb_length)) == NULL) {
54 hydra_report(stderr, "[ERROR] Can't allocate memory\n");
55 return 1;
5456 }
5557
5658 /* Add user and password to dpb */
110112 port = mysslport;
111113 }
112114 if (sock < 0) {
113 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
115 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
114116 hydra_child_exit(1);
115117 }
116118
143145
144146 #endif
145147
146 int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
148 int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
147149 // called before the childrens are forked off, so this is the function
148150 // which should be filled if initial connections and service setup has to be
149151 // performed once only.
+7
-4
hydra-ftp.c less more
3838 }
3939 if (buf[0] != '3') {
4040 if (buf) {
41 if (verbose || debug) hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf);
41 if (verbose || debug)
42 hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf);
4243 free(buf);
4344 }
4445 return 3;
102103 usleep(250);
103104 buf = hydra_receive_line(sock);
104105 if (buf == NULL || buf[0] != '2') { /* check the first line */
105 if (verbose || debug) hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf);
106 if (verbose || debug)
107 hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf);
106108 hydra_child_exit(2);
107109 if (buf != NULL)
108110 free(buf);
122124 }
123125 buf = hydra_receive_line(sock);
124126 if (buf == NULL) {
125 if (verbose || debug) hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf);
127 if (verbose || debug)
128 hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf);
126129 hydra_child_exit(2);
127130 }
128131 if (buf[0] == '2') {
169172 service_ftp_core(ip, sp, options, miscptr, fp, port, 1);
170173 }
171174
172 int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
175 int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
173176 // called before the childrens are forked off, so this is the function
174177 // which should be filled if initial connections and service setup has to be
175178 // performed once only.
+0
-0
hydra-gtk/AUTHORS less more
(No changes)
+0
-0
hydra-gtk/COPYING less more
(No changes)
+0
-0
hydra-gtk/ChangeLog less more
(No changes)
+0
-0
hydra-gtk/INSTALL less more
(No changes)
+0
-0
hydra-gtk/Makefile.am less more
(No changes)
+0
-0
hydra-gtk/Makefile.in less more
(No changes)
+0
-0
hydra-gtk/NEWS less more
(No changes)
+0
-0
hydra-gtk/README less more
(No changes)
+0
-0
hydra-gtk/acconfig.h less more
(No changes)
+0
-0
hydra-gtk/aclocal.m4 less more
(No changes)
+0
-0
hydra-gtk/config.h less more
(No changes)
+0
-0
hydra-gtk/config.h.in less more
(No changes)
+0
-0
hydra-gtk/configure.in less more
(No changes)
+0
-0
hydra-gtk/mkinstalldirs less more
(No changes)
+0
-0
hydra-gtk/src/Makefile.am less more
(No changes)
+0
-0
hydra-gtk/src/Makefile.in less more
(No changes)
+11
-2
hydra-gtk/src/callbacks.c less more
127127 options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
128128 }
129129
130 /* get the pass, or pass list */
130 /* get the pass, pass list, or generate */
131 /* The "generate" button was implemented by Petar Kaleychev <petar.kaleychev@gmail.com> */
131132 widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass1");
132133 if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
133134 options[i++] = "-p";
134135 widget = lookup_widget(GTK_WIDGET(wndMain), "entPass");
135136 options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
136 } else {
137 }
138 widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass2");
139 if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
137140 options[i++] = "-P";
138141 widget = lookup_widget(GTK_WIDGET(wndMain), "entPassFile");
139142 options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
143 }
144 widget = lookup_widget(GTK_WIDGET(wndMain), "radioGenerate");
145 if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) {
146 options[i++] = "-x";
147 widget = lookup_widget(GTK_WIDGET(wndMain), "entGeneration");
148 options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget);
140149 }
141150 }
142151
+0
-0
hydra-gtk/src/callbacks.h less more
(No changes)
+26
-1
hydra-gtk/src/interface.c less more
88
99 #include <sys/types.h>
1010 #include <sys/stat.h>
11 #ifdef HAVE_UNISTD_H
1112 #include <unistd.h>
13 #endif
1214 #include <string.h>
1315 #include <stdio.h>
1416
7476 GtkWidget *radioPass1;
7577 GSList *radioPass1_group = NULL;
7678 GtkWidget *radioPass2;
79 GtkWidget *radioGenerate;
80 GtkWidget *entGeneration;
7781 GtkWidget *labelpass;
7882 GtkWidget *frame8;
7983 GtkWidget *table5;
256260 cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rexec");
257261 cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rlogin");
258262 cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rsh");
263 cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "s7-300");
259264 cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sapr3");
260265 cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sip");
261266 cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smb");
263268 cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "snmp");
264269 cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "socks5");
265270 cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ssh");
271 cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sshkey");
266272 cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "svn");
267273 cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "teamspeak");
268274 cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "telnet");
439445 gtk_widget_show(frmPass);
440446 gtk_box_pack_start(GTK_BOX(vbox2), frmPass, TRUE, TRUE, 0);
441447
442 table3 = gtk_table_new(2, 2, FALSE);
448 table3 = gtk_table_new (3, 2, FALSE);
443449 gtk_widget_set_name(table3, "table3");
444450 gtk_widget_show(table3);
445451 gtk_container_add(GTK_CONTAINER(frmPass), table3);
471477 gtk_table_attach(GTK_TABLE(table3), radioPass2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
472478 gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass2), radioPass1_group);
473479 radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass2));
480 radioGenerate = gtk_radio_button_new_with_mnemonic (NULL, "Generate");
481 gtk_widget_set_name (radioGenerate, "radioGenerate");
482 gtk_widget_show (radioGenerate);
483 gtk_table_attach (GTK_TABLE (table3), radioGenerate, 0, 1, 2, 3,
484 (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
485 (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
486 gtk_radio_button_set_group (GTK_RADIO_BUTTON (radioGenerate), radioPass1_group);
487 radioPass1_group = gtk_radio_button_get_group (GTK_RADIO_BUTTON (radioGenerate));
488
489 entGeneration = gtk_entry_new ();
490 gtk_widget_set_name (entGeneration, "entGeneration");
491 gtk_widget_show (entGeneration);
492 gtk_table_attach (GTK_TABLE (table3), entGeneration, 1, 2, 2, 3,
493 (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
494 (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
495 gtk_tooltips_set_tip (tooltips, entGeneration, "Generate passwords", NULL);
496 gtk_entry_set_text (GTK_ENTRY (entGeneration), "1:1:a");
474497
475498 labelpass = gtk_label_new("Password");
476499 gtk_widget_set_name(labelpass, "labelpass");
10141037 GLADE_HOOKUP_OBJECT(wndMain, entPass, "entPass");
10151038 GLADE_HOOKUP_OBJECT(wndMain, radioPass1, "radioPass1");
10161039 GLADE_HOOKUP_OBJECT(wndMain, radioPass2, "radioPass2");
1040 GLADE_HOOKUP_OBJECT(wndMain, radioGenerate, "radioGenerate");
1041 GLADE_HOOKUP_OBJECT(wndMain, entGeneration, "entGeneration");
10171042 GLADE_HOOKUP_OBJECT(wndMain, labelpass, "labelpass");
10181043 GLADE_HOOKUP_OBJECT(wndMain, frame8, "frame8");
10191044 GLADE_HOOKUP_OBJECT(wndMain, table5, "table5");
+0
-0
hydra-gtk/src/interface.h less more
(No changes)
+0
-0
hydra-gtk/src/main.c less more
(No changes)
+0
-0
hydra-gtk/src/support.c less more
(No changes)
+0
-0
hydra-gtk/src/support.h less more
(No changes)
+0
-0
hydra-gtk/stamp-h.in less more
(No changes)
+141
-0
hydra-gtk/xhydra.glade less more
405405 <property name="visible">True</property>
406406 <property name="can_focus">True</property>
407407 <property name="label" translatable="yes">vnc</property>
408 </widget>
409 </child>
410
411 <child>
412 <widget class="GtkListItem" id="listitem2100">
413 <property name="visible">True</property>
414 <property name="can_focus">True</property>
415 <property name="label" translatable="yes">sshkey</property>
416 </widget>
417 </child>
418 <child>
419 <widget class="GtkListItem" id="listitem2101">
420 <property name="visible">True</property>
421 <property name="can_focus">True</property>
422 <property name="label" translatable="yes">s7-300</property>
423 </widget>
424 </child>
425 <child>
426 <widget class="GtkListItem" id="listitem2102">
427 <property name="visible">True</property>
428 <property name="can_focus">True</property>
429 <property name="label" translatable="yes"></property>
430 </widget>
431 </child>
432 <child>
433 <widget class="GtkListItem" id="listitem2103">
434 <property name="visible">True</property>
435 <property name="can_focus">True</property>
436 <property name="label" translatable="yes">afp</property>
437 </widget>
438 </child>
439 <child>
440 <widget class="GtkListItem" id="listitem2104">
441 <property name="visible">True</property>
442 <property name="can_focus">True</property>
443 <property name="label" translatable="yes">ftps</property>
444 </widget>
445 </child>
446 <child>
447 <widget class="GtkListItem" id="listitem2105">
448 <property name="visible">True</property>
449 <property name="can_focus">True</property>
450 <property name="label" translatable="yes">http-get-form</property>
451 </widget>
452 </child>
453 <child>
454 <widget class="GtkListItem" id="listitem2106">
455 <property name="visible">True</property>
456 <property name="can_focus">True</property>
457 <property name="label" translatable="yes">http-post-form</property>
458 </widget>
459 </child>
460 <child>
461 <widget class="GtkListItem" id="listitem2107">
462 <property name="visible">True</property>
463 <property name="can_focus">True</property>
464 <property name="label" translatable="yes">http-proxy-url</property>
465 </widget>
466 </child>
467 <child>
468 <widget class="GtkListItem" id="listitem2108">
469 <property name="visible">True</property>
470 <property name="can_focus">True</property>
471 <property name="label" translatable="yes">https-get-form</property>
472 </widget>
473 </child>
474 <child>
475 <widget class="GtkListItem" id="listitem2109">
476 <property name="visible">True</property>
477 <property name="can_focus">True</property>
478 <property name="label" translatable="yes">https-post-form</property>
479 </widget>
480 </child>
481 <child>
482 <widget class="GtkListItem" id="listitem2110">
483 <property name="visible">True</property>
484 <property name="can_focus">True</property>
485 <property name="label" translatable="yes">irc</property>
486 </widget>
487 </child>
488 <child>
489 <widget class="GtkListItem" id="listitem2111">
490 <property name="visible">True</property>
491 <property name="can_focus">True</property>
492 <property name="label" translatable="yes">ldap3-crammd5</property>
493 </widget>
494 </child>
495 <child>
496 <widget class="GtkListItem" id="listitem2112">
497 <property name="visible">True</property>
498 <property name="can_focus">True</property>
499 <property name="label" translatable="yes">ldap3-digestmd5</property>
500 </widget>
501 </child>
502 <child>
503 <widget class="GtkListItem" id="listitem2113">
504 <property name="visible">True</property>
505 <property name="can_focus">True</property>
506 <property name="label" translatable="yes">mssql</property>
507 </widget>
508 </child>
509 <child>
510 <widget class="GtkListItem" id="listitem2114">
511 <property name="visible">True</property>
512 <property name="can_focus">True</property>
513 <property name="label" translatable="yes">oracle</property>
514 </widget>
515 </child>
516 <child>
517 <widget class="GtkListItem" id="listitem2115">
518 <property name="visible">True</property>
519 <property name="can_focus">True</property>
520 <property name="label" translatable="yes">oracle-sid</property>
521 </widget>
522 </child>
523 <child>
524 <widget class="GtkListItem" id="listitem2116">
525 <property name="visible">True</property>
526 <property name="can_focus">True</property>
527 <property name="label" translatable="yes">oracle-listener</property>
528 </widget>
529 </child>
530 <child>
531 <widget class="GtkListItem" id="listitem2117">
532 <property name="visible">True</property>
533 <property name="can_focus">True</property>
534 <property name="label" translatable="yes">rdp</property>
535 </widget>
536 </child>
537 <child>
538 <widget class="GtkListItem" id="listitem2118">
539 <property name="visible">True</property>
540 <property name="can_focus">True</property>
541 <property name="label" translatable="yes">ssh</property>
542 </widget>
543 </child>
544 <child>
545 <widget class="GtkListItem" id="listitem2119">
546 <property name="visible">True</property>
547 <property name="can_focus">True</property>
548 <property name="label" translatable="yes">xmpp</property>
408549 </widget>
409550 </child>
410551
+0
-0
hydra-gtk/xhydra.gladep less more
(No changes)
+78
-70
hydra-http-form.c less more
0
01 /*
12
23 Hydra Form Module
6061
6162 char redirected_url_buff[2048] = "";
6263 int redirected_flag = 0;
64
6365 #define MAX_REDIRECT 8
6466 int redirected_cpt = MAX_REDIRECT;
6567 char cookie[4096] = "", cmiscptr[1024];
8082
8183 char *html_encode(char *string) {
8284 char *ret = string;
83
85
8486 if (ret == NULL)
8587 return NULL;
86
88
8789 if (index(ret, '%') != NULL)
8890 ret = hydra_strrep(ret, "%", "%25");
8991 if (index(ret, ' ') != NULL)
131133 *endloc = 0;
132134 strcpy(redirected_url_buff, str);
133135 }
134
135136 //there can be multiple cookies
136137 if (hydra_strcasestr(buf, "Set-Cookie: ") != NULL) {
137138 char *cookiebuf = buf;
149150 //terminate string after cookie data
150151 if (endcookie1 != NULL && endcookie1 < endcookie2)
151152 *endcookie1 = 0;
152 else
153 if (endcookie2 != NULL)
154 *endcookie2 = 0;
153 else if (endcookie2 != NULL)
154 *endcookie2 = 0;
155155 // is the cookie already there? if yes, remove it!
156156 if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) {
157157 strncpy(tmpname, startcookie, sizeof(tmpname) - 2);
172172 ptr2 += 2;
173173 strncat(tmpcookie, ptr2, sizeof(tmpcookie) - strlen(tmpcookie) - 1);
174174 }
175 if (debug) printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: %s\n", tmpname, cookie, tmpcookie);
175 if (debug)
176 printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: %s\n", tmpname, cookie, tmpcookie);
176177 strcpy(cookie, tmpcookie);
177178 }
178179 }
199200 free(buf);
200201 }
201202 if (runs == 0) {
202 if (debug) hydra_report(stderr, "DEBUG: no response from server\n");
203 if (debug)
204 hydra_report(stderr, "DEBUG: no response from server\n");
203205 return -1;
204206 }
205207 return 0;
236238 upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass);
237239 if (strstr(userheader, "^USER^") == NULL && strstr(userheader, "^PASS^") == NULL) {
238240 strcpy(cuserheader, userheader);
239 } else { // we use the encoded version
241 } else { // we use the encoded version
240242 strncpy(cuserheader, hydra_strrep(userheader, "^USER^", clogin), sizeof(cuserheader) - 1);
241 cuserheader[ sizeof(cuserheader) - 1] = 0;
243 cuserheader[sizeof(cuserheader) - 1] = 0;
242244 strncpy(cuserheader, hydra_strrep(cuserheader, "^PASS^", cpass), sizeof(cuserheader) - 1);
243 cuserheader[ sizeof(cuserheader) - 1] = 0;
245 cuserheader[sizeof(cuserheader) - 1] = 0;
244246 }
245247
246248 /* again: no snprintf to be portable. dont worry, buffer cant overflow */
253255 if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
254256 return 1;
255257 }
256 i = analyze_server_response(s); // return value ignored
258 i = analyze_server_response(s); // return value ignored
257259 if (strlen(cookie) > 0) {
258260 sprintf(header, "Cookie: %s\r\n", cookie);
259261 }
280282 // proxy without authentication
281283 if (getcookie) {
282284 //doing a GET to get cookies
283 sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy)\r\n%s%s\r\n", webtarget, webport, cookieurl, webtarget, header, cuserheader);
285 sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy)\r\n%s%s\r\n", webtarget, webport, cookieurl, webtarget, header,
286 cuserheader);
284287 if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
285288 return 1;
286289 }
299302 return 1;
300303 }
301304 } else {
302 sprintf(buffer, "GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s%s\r\n", webtarget, webport, url, upd3variables, webtarget, header, cuserheader);
305 sprintf(buffer, "GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s%s\r\n", webtarget, webport, url, upd3variables, webtarget,
306 header, cuserheader);
303307 if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
304308 return 1;
305309 }
346350 }
347351 //if page was redirected, follow the location header
348352 redirected_cpt = MAX_REDIRECT;
349 if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff);
353 if (debug)
354 printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff);
350355 while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) {
351356 //we have to split the location
352357 char *startloc, *endloc;
370375 if (startloc != NULL) {
371376 startloc += strlen("://");
372377
373 if ((endloc=strchr(startloc, '\r')) != NULL) {
378 if ((endloc = strchr(startloc, '\r')) != NULL) {
374379 startloc[endloc - startloc] = 0;
375380 }
376 if ((endloc=strchr(startloc, '\n')) != NULL) {
381 if ((endloc = strchr(startloc, '\n')) != NULL) {
377382 startloc[endloc - startloc] = 0;
378383 }
379 strcpy(str, startloc);
384 strncpy(str, startloc, sizeof(str));
385 str[sizeof(str) - 1] = 0;
380386
381387 endloc = strchr(str, '/');
382388 if (endloc != NULL) {
383389 strncpy(str2, str, endloc - str);
384390 str2[endloc - str] = 0;
385 }
386 else
387 strncpy(str2, str, sizeof(str));
391 } else
392 strncpy(str2, str, sizeof(str));
388393
389394 if (strlen(str) - strlen(str2) == 0) {
390395 strcpy(str3, "/");
391396 } else {
392 strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2) - 1);
393 str3[strlen(str) - strlen(str2) - 1] = 0;
397 strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2));
398 str3[strlen(str) - strlen(str2)] = 0;
394399 }
395400 } else {
396 strncpy(str2, webtarget, sizeof(str2));
401 strncpy(str2, webtarget, sizeof(str2) - 1);
402 str2[sizeof(str2) - 1] = 0;
397403 if (redirected_url_buff[0] != '/') {
398404 //it's a relative path, so we have to concatenate it
399405 //with the path from the first url given
400406 char *urlpath;
401407 char urlpath_extracted[2048];
408
402409 memset(urlpath_extracted, 0, sizeof(urlpath_extracted));
403410
404 urlpath=strrchr(url, '/');
411 urlpath = strrchr(url, '/');
405412 if (urlpath != NULL) {
406 strncpy(urlpath_extracted, url, urlpath-url);
413 strncpy(urlpath_extracted, url, urlpath - url);
407414 sprintf(str3, "%.1000s/%.1000s", urlpath_extracted, redirected_url_buff);
408415 } else {
409416 sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff);
410417 }
411418 } else
412419 strncpy(str3, redirected_url_buff, sizeof(str3));
413 if (debug) hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3,url);
420 if (debug)
421 hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url);
414422 }
415423 if (str3[0] != '/') {
416424 j = strlen(str3);
501509 sprintf(bufferurl, "%.1000s", miscptr);
502510 url = bufferurl;
503511 ptr = url;
504 while (*ptr != 0 && ( *ptr != ':' || *(ptr - 1) == '\\' ))
512 while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
505513 ptr++;
506514 if (*ptr != 0)
507515 *ptr++ = 0;
508516 variables = ptr;
509 while (*ptr != 0 && ( *ptr != ':' || *(ptr - 1) == '\\' ))
517 while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
510518 ptr++;
511519 if (*ptr != 0)
512520 *ptr++ = 0;
513521 cond = ptr;
514 while (*ptr != 0 && ( *ptr != ':' || *(ptr - 1) == '\\' ))
522 while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
515523 ptr++;
516524 if (*ptr != 0)
517525 *ptr++ = 0;
518526 optional1 = ptr;
519527 if (strstr(url, "\\:") != NULL) {
520 if ((ptr = malloc(strlen(url))) != NULL) {
528 if ((ptr = malloc(strlen(url))) != NULL) { // no need for +1
521529 strcpy(ptr, hydra_strrep(url, "\\:", ":"));
522530 url = ptr;
523531 }
524532 }
525533 if (strstr(variables, "\\:") != NULL) {
526 if ((ptr = malloc(strlen(variables))) != NULL) {
534 if ((ptr = malloc(strlen(variables))) != NULL) { // no need for +1
527535 strcpy(ptr, hydra_strrep(variables, "\\:", ":"));
528536 variables = ptr;
529537 }
530538 }
531539 if (strstr(cond, "\\:") != NULL) {
532 if ((ptr = malloc(strlen(cond))) != NULL) {
533 strcpy(ptr, hydra_strrep(cond, "\\:", ":"));
540 if ((ptr = malloc(strlen(cond))) != NULL) { // no need for +1
541 strcpy(ptr, hydra_strrep(cond, "\\:", ":"));
534542 cond = ptr;
535543 }
536544 }
537 if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL*/)
545 if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ )
538546 hydra_child_exit(2);
539547
540548 //printf("url: %s, var: %s, cond: %s, opt: %s\n", url, variables, cond, optional1);
541549
542550 if (*cond == 0) {
543551 fprintf(stderr, "[ERROR] invalid number of parameters in module option\n");
544 hydra_child_exit(2);
552 hydra_child_exit(2);
545553 }
546554
547555 sprintf(cookieurl, "%.1000s", url);
557565 //by default condition is a fail
558566 success_cond = 0;
559567 }
560
561 while (/*(optional1 = strtok(NULL, ":")) != NULL*/ *optional1 != 0 ) {
562 switch(optional1[0]) {
563 case 'c': // fall through
564 case 'C':
565 ptr = optional1 + 2;
566 while (*ptr != 0 && ( *ptr != ':' || *(ptr - 1) == '\\' ))
567 ptr++;
568 if (*ptr != 0)
569 *ptr++ = 0;
570 sprintf(cookieurl, "%.1000s", hydra_strrep(optional1 + 2, "\\:", ":"));
571 optional1 = ptr;
572 break;
573 case 'h': // fall through
574 case 'H':
575 ptr = optional1 + 2;
576 while (*ptr != 0 && ( *ptr != ':' || *(ptr - 1) == '\\' ))
577 ptr++;
578 if (*ptr != 0)
579 *ptr++ = 0;
580 ptr2 = ptr;
581 while (*ptr2 != 0 && ( *ptr2 != ':' || *(ptr2 - 1) == '\\' ))
582 ptr2++;
583 if (*ptr2 != 0)
584 *ptr2++ = 0;
585 if (sizeof(userheader) - strlen(userheader) > 4) {
586 strncat(userheader, optional1 + 2, sizeof(userheader) - strlen(userheader) - 4);
587 strcat(userheader, ":");
588 strncat(userheader, hydra_strrep(ptr, "\\:", ":"), sizeof(userheader) - strlen(userheader) - 3);
589 strcat(userheader, "\r\n");
590 }
591 optional1 = ptr2;
592 break;
568
569 while ( /*(optional1 = strtok(NULL, ":")) != NULL */ *optional1 != 0) {
570 switch (optional1[0]) {
571 case 'c': // fall through
572 case 'C':
573 ptr = optional1 + 2;
574 while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
575 ptr++;
576 if (*ptr != 0)
577 *ptr++ = 0;
578 sprintf(cookieurl, "%.1000s", hydra_strrep(optional1 + 2, "\\:", ":"));
579 optional1 = ptr;
580 break;
581 case 'h': // fall through
582 case 'H':
583 ptr = optional1 + 2;
584 while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
585 ptr++;
586 if (*ptr != 0)
587 *ptr++ = 0;
588 ptr2 = ptr;
589 while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\'))
590 ptr2++;
591 if (*ptr2 != 0)
592 *ptr2++ = 0;
593 if (sizeof(userheader) - strlen(userheader) > 4) {
594 strncat(userheader, optional1 + 2, sizeof(userheader) - strlen(userheader) - 4);
595 strcat(userheader, ":");
596 strncat(userheader, hydra_strrep(ptr, "\\:", ":"), sizeof(userheader) - strlen(userheader) - 3);
597 strcat(userheader, "\r\n");
598 }
599 optional1 = ptr2;
600 break;
593601 // no default
594602 }
595603 }
669677 service_http_form(ip, sp, options, miscptr, fp, port, "POST");
670678 }
671679
672 int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
680 int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
673681 // called before the childrens are forked off, so this is the function
674682 // which should be filled if initial connections and service setup has to be
675683 // performed once only.
+32
-29
hydra-http-proxy-urlenum.c less more
1818 return 1;
1919 }
2020 pass = hydra_get_next_password();
21 pass = empty; // ignored
21 pass = empty; // ignored
2222
2323 strncpy(url, login, sizeof(url) - 1);
2424 url[sizeof(url) - 1] = 0;
3131 *ptr = 0;
3232 if ((ptr = index(mhost, ']')) != NULL)
3333 *ptr = 0;
34 else
35 if ((ptr = index(mhost, ':')) != NULL)
36 *ptr = 0;
34 else if ((ptr = index(mhost, ':')) != NULL)
35 *ptr = 0;
3736
3837 if (miscptr != NULL && index(miscptr, ':') != NULL) {
3938 strncpy(mlogin, miscptr, sizeof(mlogin) - 1);
4039 mlogin[sizeof(mlogin) - 1] = 0;
4140 ptr = index(mlogin, ':');
4241 *ptr++ = 0;
43 strncpy(mpass, ptr, sizeof(mpass) -1);
42 strncpy(mpass, ptr, sizeof(mpass) - 1);
4443 mpass[sizeof(mpass) - 1] = 0;
4544 auth = 1;
4645 }
4746
4847 if (http_proxy_auth_mechanism == AUTH_ERROR) {
4948 //send dummy request
50 sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
51 url, mhost, header);
49 sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, mhost, header);
5250 if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
5351 return 1;
5452
8179 hydra_report(stderr, "C:%s\n", buffer);
8280 if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
8381 return 1;
82 free(buf);
8483 buf = hydra_receive_line(s);
8584 while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
8685 free(buf);
9089 //if server cut the connection, just exit cleanly or
9190 //this will be an infinite loop
9291 if (buf == NULL) {
93 if (verbose)
94 hydra_report(stderr, "[ERROR] Server did not answer\n");
95 return 3;
92 if (verbose)
93 hydra_report(stderr, "[ERROR] Server did not answer\n");
94 return 3;
9695 }
9796
9897 if (debug)
111110
112111 /* to be portable, no snprintf, buffer is big enough so it cant overflow */
113112 //send the first..
114 sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header);
113 sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1,
114 header);
115115 if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
116116 return 1;
117117
118118 //receive challenge
119 free(buf);
119120 buf = hydra_receive_line(s);
120121 while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) {
121122 free(buf);
122123 buf = hydra_receive_line(s);
123124 }
124 if (pos != NULL) {
125 if (pos != NULL) {
125126 char *str;
126127
127 pos+=25;
128 if ((str=strchr(pos, '\r')) != NULL) {
128 pos += 25;
129 if ((str = strchr(pos, '\r')) != NULL) {
129130 pos[str - pos] = 0;
130131 }
131 if ((str=strchr(pos, '\n')) != NULL) {
132 pos[str - pos] = 0; }
133 }
134
132 if ((str = strchr(pos, '\n')) != NULL) {
133 pos[str - pos] = 0;
134 }
135 }
135136 //recover challenge
136137 if (buf != NULL) {
137 from64tobits((char *) buf1, pos);
138 if (strlen(buf) >= 4)
139 from64tobits((char *) buf1, pos);
138140 free(buf);
139141 }
140142 //Send response
141143 buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
142144 to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
143 sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header);
145 sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1,
146 header);
144147 if (debug)
145148 hydra_report(stderr, "C:%s\n", buffer);
146149 if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
164167 strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer));
165168 buffer[sizeof(buffer) - 1] = '\0';
166169
167 sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "proxy", host, 0, header);
168 if (buffer2 == NULL)
170 pbuffer = buffer2;
171 sasl_digest_md5(pbuffer, login, pass, buffer, miscptr, "proxy", host, 0, header);
172 if (pbuffer == NULL)
169173 return 3;
170174
171175 if (debug)
173177 if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0)
174178 return 1;
175179
180 free(buf);
176181 buf = hydra_receive_line(s);
177182 while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
178183 free(buf);
199204 }
200205 }
201206 }
202
203207 // result analysis
204208 ptr = ((char *) index(buf, ' ')) + 1;
205 if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) ||
206 strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) {
209 if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) {
207210 hydra_report_found_host(port, ip, "http-proxy", fp);
208211 if (fp != stdout)
209212 fprintf(fp, "[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url);
210213 printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url);
211214 hydra_completed_pair_found();
212215 } else {
213 if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0*/) {
216 if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */ ) {
214217 hydra_report(stderr, "[ERROR] Proxy reports bad credentials!\n");
215218 return 3;
216 }
219 }
217220 hydra_completed_pair();
218221 }
219222
252255 port = mysslport;
253256 }
254257 if (sock < 0) {
255 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
258 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
256259 hydra_child_exit(1);
257260 }
258261 next_run = 2;
274277 }
275278 }
276279
277 int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
280 int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
278281 // called before the childrens are forked off, so this is the function
279282 // which should be filled if initial connections and service setup has to be
280283 // performed once only.
+118
-75
hydra-http-proxy.c less more
11 #include "sasl.h"
22
33 extern char *HYDRA_EXIT;
4 char *buf;
54 static int http_proxy_auth_mechanism = AUTH_ERROR;
5 char *http_proxy_buf = NULL;
66
77 int start_http_proxy(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
88 char *empty = "";
99 char *login, *pass, buffer[500], buffer2[500];
1010 char url[210], host[30];
1111 char *header = ""; /* XXX TODO */
12 char *ptr;
12 char *ptr, *fooptr;
1313
1414 if (strlen(login = hydra_get_next_login()) == 0)
1515 login = empty;
2121 strcpy(host, "Host: www.microsoft.com\r\n");
2222 } else {
2323 sprintf(url, "%.200s", miscptr);
24 ptr = strstr(miscptr, "://"); // :// check is in hydra.c
24 ptr = strstr(miscptr, "://"); // :// check is in hydra.c
2525 sprintf(host, "Host: %.200s", ptr + 3);
2626 if ((ptr = index(host, '/')) != NULL)
2727 *ptr = 0;
3030 strcat(host, "\r\n");
3131 }
3232
33 if (http_proxy_auth_mechanism == AUTH_ERROR) {
33 if (http_proxy_auth_mechanism != AUTH_BASIC && (http_proxy_auth_mechanism == AUTH_ERROR || http_proxy_buf == NULL)) {
3434 //send dummy request
3535 sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, header);
3636 if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
37 return 1;
37 return 3;
3838
3939 //receive first 40x
40 buf = hydra_receive_line(s);
41 while (buf != NULL && strstr(buf, "HTTP/") == NULL) {
42 free(buf);
43 buf = hydra_receive_line(s);
40 http_proxy_buf = hydra_receive_line(s);
41 while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/") == NULL) {
42 free(http_proxy_buf);
43 http_proxy_buf = hydra_receive_line(s);
44 }
45
46 if (http_proxy_buf == NULL) {
47 if (verbose)
48 hydra_report(stderr, "[ERROR] Server did not answer\n");
49 return 3;
4450 }
4551
4652 if (debug)
47 hydra_report(stderr, "S:%s\n", buf);
53 hydra_report(stderr, "S:%s\n", http_proxy_buf);
54
55 free(http_proxy_buf);
56 http_proxy_buf = hydra_receive_line(s);
57 while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) {
58 free(http_proxy_buf);
59 http_proxy_buf = hydra_receive_line(s);
60 }
61
62 if (http_proxy_buf == NULL) {
63 if (verbose)
64 hydra_report(stderr, "[ERROR] Proxy seems not to require authentication\n");
65 return 3;
66 }
67
68 if (debug)
69 hydra_report(stderr, "S:%s\n", http_proxy_buf);
4870
4971 //after the first query we should have been disconnected from web server
5072 s = hydra_disconnect(s);
5577 }
5678 }
5779
58 if (hydra_strcasestr(buf, "Proxy-Authenticate: Basic") != NULL) {
80 if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Basic") != NULL) {
5981 http_proxy_auth_mechanism = AUTH_BASIC;
6082 sprintf(buffer2, "%.50s:%.50s", login, pass);
6183 hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
6385 if (debug)
6486 hydra_report(stderr, "C:%s\n", buffer);
6587 if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
66 return 1;
67 buf = hydra_receive_line(s);
68 while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
69 free(buf);
70 buf = hydra_receive_line(s);
88 return 3;
89 free(http_proxy_buf);
90 http_proxy_buf = hydra_receive_line(s);
91 while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) {
92 free(http_proxy_buf);
93 http_proxy_buf = hydra_receive_line(s);
7194 }
7295
7396 //if server cut the connection, just exit cleanly or
7497 //this will be an infinite loop
75 if (buf == NULL) {
98 if (http_proxy_buf == NULL) {
7699 if (verbose)
77 hydra_report(stderr, "[ERROR] Server did not answer\n");
100 hydra_report(stderr, "[ERROR] Server did not answer\n");
78101 return 3;
79102 }
80103
81104 if (debug)
82 hydra_report(stderr, "S:%s\n", buf);
105 hydra_report(stderr, "S:%s\n", http_proxy_buf);
83106 } else {
84 if (hydra_strcasestr(buf, "Proxy-Authenticate: NTLM") != NULL) {
107 if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM") != NULL) {
85108
86109 unsigned char buf1[4096];
87110 unsigned char buf2[4096];
97120 //send the first..
98121 sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header);
99122 if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
100 return 1;
123 return 3;
101124
102125 //receive challenge
103 buf = hydra_receive_line(s);
104 while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) {
105 free(buf);
106 buf = hydra_receive_line(s);
126 free(http_proxy_buf);
127 http_proxy_buf = hydra_receive_line(s);
128 while (http_proxy_buf != NULL && (pos = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM ")) == NULL) {
129 free(http_proxy_buf);
130 http_proxy_buf = hydra_receive_line(s);
107131 }
108132 if (pos != NULL) {
109133 char *str;
110134
111 pos+=25;
112 if ((str=strchr(pos, '\r')) != NULL) {
135 pos += 25;
136 if ((str = strchr(pos, '\r')) != NULL) {
113137 pos[str - pos] = 0;
114138 }
115 if ((str=strchr(pos, '\n')) != NULL) {
116 pos[str - pos] = 0; }
139 if ((str = strchr(pos, '\n')) != NULL) {
140 pos[str - pos] = 0;
141 }
117142 }
118143 //recover challenge
119 if (buf != NULL) {
144 if (http_proxy_buf != NULL && strlen(http_proxy_buf) >= 4) {
120145 from64tobits((char *) buf1, pos);
121 free(buf);
122 }
123
146 free(http_proxy_buf);
147 http_proxy_buf = NULL;
148 return 3;
149 }
124150 //Send response
125151 buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
126152 to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
128154 if (debug)
129155 hydra_report(stderr, "C:%s\n", buffer);
130156 if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
131 return 1;
132
133 buf = hydra_receive_line(s);
134 while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
135 free(buf);
136 buf = hydra_receive_line(s);
137 }
138
139 if (buf == NULL)
140 return 1;
157 return 3;
158
159 if (http_proxy_buf != NULL)
160 free(http_proxy_buf);
161 http_proxy_buf = hydra_receive_line(s);
162 while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) {
163 free(http_proxy_buf);
164 http_proxy_buf = hydra_receive_line(s);
165 }
166
167 if (http_proxy_buf == NULL)
168 return 3;
141169 } else {
142170 #ifdef LIBOPENSSL
143 if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) {
171 if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) {
144172
145173 char *pbuffer;
146174
147175 http_proxy_auth_mechanism = AUTH_DIGESTMD5;
148 pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest ");
176 pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest ");
149177 strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer));
150178 buffer[sizeof(buffer) - 1] = '\0';
151
152 sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "proxy", host, 0, header);
153 if (buffer2 == NULL)
179 pbuffer = NULL;
180
181 fooptr = buffer2;
182 sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "proxy", host, 0, header);
183 if (fooptr == NULL)
154184 return 3;
155185
156186 if (debug)
157187 hydra_report(stderr, "C:%s\n", buffer2);
158188 if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0)
159 return 1;
160
161 buf = hydra_receive_line(s);
162 while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
163 free(buf);
164 buf = hydra_receive_line(s);
165 }
166
167 if (debug && buf != NULL)
168 hydra_report(stderr, "S:%s\n", buf);
169
170 if (buf == NULL)
171 return 1;
189 return 3;
190
191 free(http_proxy_buf);
192 http_proxy_buf = hydra_receive_line(s);
193 while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) {
194 free(http_proxy_buf);
195 http_proxy_buf = hydra_receive_line(s);
196 }
197
198 if (debug && http_proxy_buf != NULL)
199 hydra_report(stderr, "S:%s\n", http_proxy_buf);
200
201 if (http_proxy_buf == NULL)
202 return 3;
172203
173204 } else
174205 #endif
175206 {
176 if (buf != NULL) {
177 buf[strlen(buf) - 1] = '\0';
178 hydra_report(stderr, "Unsupported Auth type:\n%s\n", buf);
207 if (http_proxy_buf != NULL) {
208 // buf[strlen(http_proxy_buf) - 1] = '\0';
209 hydra_report(stderr, "Unsupported Auth type:\n%s\n", http_proxy_buf);
210 free(http_proxy_buf);
211 http_proxy_buf = NULL;
179212 } else {
180213 hydra_report(stderr, "Unsupported Auth type\n");
181214 }
184217 }
185218 }
186219
187 ptr = ((char *) index(buf, ' ')) + 1;
220 ptr = ((char *) index(http_proxy_buf, ' ')) + 1;
188221 if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) {
189222 hydra_report_found_host(port, ip, "http-proxy", fp);
190223 hydra_completed_pair_found();
224 free(http_proxy_buf);
225 http_proxy_buf = NULL;
191226 } else {
192227 if (*ptr != '4')
193 hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(buf, ' ') + 1), login, pass);
194 else
195 if (verbose && *(ptr + 2) == '3')
196 hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass);
228 hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(http_proxy_buf, ' ') + 1), login, pass);
229 else if (verbose && *(ptr + 2) == '3')
230 hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass);
197231 hydra_completed_pair();
198 }
199
200 free(buf);
232 free(http_proxy_buf);
233 http_proxy_buf = hydra_receive_line(s);
234 while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) {
235 free(http_proxy_buf);
236 http_proxy_buf = hydra_receive_line(s);
237 }
238 }
201239
202240 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
203241 return 3;
204 return 1;
242 if (http_proxy_buf != NULL)
243 return 2;
244 else
245 return 1;
205246 }
206247
207248 void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
217258 switch (run) {
218259 case 1: /* connect and service init function */
219260 {
261 if (http_proxy_buf != NULL)
262 free(http_proxy_buf);
220263 if (sock >= 0)
221264 sock = hydra_disconnect(sock);
222265 // usleep(275000);
233276 }
234277
235278 if (sock < 0) {
236 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
279 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
237280 hydra_child_exit(1);
238281 }
239282 next_run = 2;
255298 }
256299 }
257300
258 int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
301 int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
259302 // called before the childrens are forked off, so this is the function
260303 // which should be filled if initial connections and service setup has to be
261304 // performed once only.
+59
-40
hydra-http.c less more
11 #include "sasl.h"
22
33 extern char *HYDRA_EXIT;
4 char *buf;
54 char *webtarget = NULL;
65 char *slash = "/";
6 char *http_buf = NULL;
77 int webport, freemischttp = 0;
88
99 int http_auth_mechanism = AUTH_BASIC;
1212 char *empty = "";
1313 char *login, *pass, buffer[500], buffer2[500];
1414 char *header = ""; /* XXX TODO */
15 char *ptr;
15 char *ptr, *fooptr;
1616
1717 if (strlen(login = hydra_get_next_login()) == 0)
1818 login = empty;
1919 if (strlen(pass = hydra_get_next_password()) == 0)
2020 pass = empty;
21
22 // we must reset this if buf is NULL and we do MD5 digest
23 if (http_buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5)
24 http_auth_mechanism = AUTH_BASIC;
2125
2226 switch (http_auth_mechanism) {
2327 case AUTH_BASIC:
4347 case AUTH_DIGESTMD5:{
4448 char *pbuffer;
4549
46 pbuffer = hydra_strcasestr(buf, "WWW-Authenticate: Digest ");
50 pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest ");
4751 strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer));
4852 buffer[sizeof(buffer) - 1] = '\0';
4953
50 sasl_digest_md5(buffer2, login, pass, buffer, miscptr, type, webtarget, webport, header);
51 if (buffer2 == NULL) {
54 fooptr = buffer2;
55 sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header);
56 if (fooptr == NULL) {
5257 return 3;
5358 }
5459
7277 /* to be portable, no snprintf, buffer is big enough so it cant overflow */
7378 //send the first..
7479 if (use_proxy == 1 && proxy_authentication != NULL)
75 sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
80 sprintf(buffer,
81 "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
7682 type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header);
7783 else {
7884 if (use_proxy == 1)
7985 sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
8086 type, webtarget, webport, miscptr, webtarget, buf1, header);
8187 else
82 sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, buf1, header);
88 sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget,
89 buf1, header);
8390 }
8491
8592 if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
8693 return 1;
8794
8895 //receive challenge
89 buf = hydra_receive_line(s);
90 while (buf != NULL && (pos = hydra_strcasestr(buf, "WWW-Authenticate: NTLM ")) == NULL) {
91 free(buf);
92 buf = hydra_receive_line(s);
93 }
94
95 if (buf == NULL)
96 if (http_buf != NULL)
97 free(http_buf);
98 http_buf = hydra_receive_line(s);
99 while (http_buf != NULL && (pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM ")) == NULL) {
100 free(http_buf);
101 http_buf = hydra_receive_line(s);
102 }
103
104 if (http_buf == NULL)
96105 return 1;
97106
98107 if (pos != NULL) {
99108 char *str;
100109
101 pos+=23;
102 if ((str=strchr(pos, '\r')) != NULL) {
110 pos += 23;
111 if ((str = strchr(pos, '\r')) != NULL) {
103112 pos[str - pos] = 0;
104113 }
105 if ((str=strchr(pos, '\n')) != NULL) {
106 pos[str - pos] = 0; }
107 }
108
114 if ((str = strchr(pos, '\n')) != NULL) {
115 pos[str - pos] = 0;
116 }
117 }
109118 //recover challenge
110119 from64tobits((char *) buf1, pos);
111 free(buf);
120 free(http_buf);
121 http_buf = NULL;
112122
113123 //Send response
114124 buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
116126
117127 //create the auth response
118128 if (use_proxy == 1 && proxy_authentication != NULL)
119 sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
129 sprintf(buffer,
130 "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
120131 type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header);
121132 else {
122133 if (use_proxy == 1)
123134 sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
124135 type, webtarget, webport, miscptr, webtarget, buf1, header);
125136 else
126 sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, buf1, header);
137 sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget,
138 buf1, header);
127139 }
128140
129141 if (debug)
136148 return 1;
137149 }
138150
139 buf = hydra_receive_line(s);
140 while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) {
141 free(buf);
142 buf = hydra_receive_line(s);
151 if (http_buf != NULL)
152 free(http_buf);
153 http_buf = hydra_receive_line(s);
154 while (http_buf != NULL && strstr(http_buf, "HTTP/1.") == NULL) {
155 free(http_buf);
156 http_buf = hydra_receive_line(s);
143157 }
144158
145159 //if server cut the connection, just exit cleanly or
146160 //this will be an infinite loop
147 if (buf == NULL) {
161 if (http_buf == NULL) {
148162 if (verbose)
149163 hydra_report(stderr, "[ERROR] Server did not answer\n");
150164 return 3;
151165 }
152166
153167 if (debug)
154 hydra_report(stderr, "S:%s\n", buf);
155
156 ptr = ((char *) index(buf, ' ')) + 1;
168 hydra_report(stderr, "S:%s\n", http_buf);
169
170 ptr = ((char *) index(http_buf, ' ')) + 1;
157171 if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) {
158172 hydra_report_found_host(port, ip, "www", fp);
159173 hydra_completed_pair_found();
174 if (http_buf != NULL) {
175 free(http_buf);
176 http_buf = NULL;
177 }
160178 } else {
161179 if (ptr != NULL && *ptr != '4')
162 fprintf(stderr, "[WARNING] Unusual return code: %c for %s:%s\n", (char) *(index(buf, ' ') + 1), login, pass);
180 fprintf(stderr, "[WARNING] Unusual return code: %c for %s:%s\n", (char) *(index(http_buf, ' ') + 1), login, pass);
163181
164182 //the first authentication type failed, check the type from server header
165 if ((hydra_strcasestr(buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) {
183 if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) {
166184 //seems the auth supported is not Basic shceme so testing further
167185 int find_auth = 0;
168186
169 if (hydra_strcasestr(buf, "WWW-Authenticate: NTLM") != NULL) {
187 if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) {
170188 http_auth_mechanism = AUTH_NTLM;
171189 find_auth = 1;
172190 }
173191 #ifdef LIBOPENSSL
174 if (hydra_strcasestr(buf, "WWW-Authenticate: Digest") != NULL) {
192 if (hydra_strcasestr(http_buf, "WWW-Authenticate: Digest") != NULL) {
175193 http_auth_mechanism = AUTH_DIGESTMD5;
176194 find_auth = 1;
177195 }
178196 #endif
179197
180198 if (find_auth) {
181 free(buf);
199 // free(http_buf);
200 // http_buf = NULL;
182201 return 1;
183202 }
184203 }
185204 hydra_completed_pair();
186205 }
187 free(buf);
206 // free(http_buf);
207 // http_buf = NULL;
188208 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
189209 return 3;
190210 return 1;
191
192211 }
193212
194213 void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) {
250269 if (sock < 0) {
251270 if (freemischttp)
252271 free(miscptr);
253 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
272 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
254273 hydra_child_exit(1);
255274 }
256275 next_run = 2;
284303 service_http(ip, sp, options, miscptr, fp, port, "HEAD");
285304 }
286305
287 int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
306 int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
288307 // called before the childrens are forked off, so this is the function
289308 // which should be filled if initial connections and service setup has to be
290309 // performed once only.
+2
-2
hydra-icq.c less more
220220 sock = hydra_disconnect(sock);
221221 sock = hydra_connect_udp(ip, myport);
222222 if (sock < 0) {
223 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
223 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
224224 hydra_child_exit(1);
225225 }
226226 next_run = 2;
240240 }
241241 }
242242
243 int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
243 int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
244244 // called before the childrens are forked off, so this is the function
245245 // which should be filled if initial connections and service setup has to be
246246 // performed once only.
+27
-20
hydra-imap.c less more
4040
4141 int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
4242 char *empty = "";
43 char *login, *pass, buffer[500], buffer2[500];
43 char *login, *pass, buffer[500], buffer2[500], *fooptr;
4444
4545 if (strlen(login = hydra_get_next_login()) == 0)
4646 login = empty;
197197 from64tobits((char *) buffer, buf);
198198 free(buf);
199199
200 if (verbose)
200 if (debug)
201201 hydra_report(stderr, "DEBUG S: %s\n", buffer);
202202
203 sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "imap", NULL, 0, NULL);
204 if (buffer2 == NULL)
205 return 3;
206 if (verbose)
203 fooptr = buffer2;
204 sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL);
205 if (fooptr == NULL)
206 return 3;
207 if (debug)
207208 hydra_report(stderr, "DEBUG C: %s\n", buffer2);
208209 hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
209210 sprintf(buffer, "%s\r\n", buffer2);
246247 if (buf == NULL)
247248 return 1;
248249 if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) {
249 if (verbose || debug) hydra_report(stderr, "[ERROR] Not a valid server challenge\n");
250 if (verbose || debug)
251 hydra_report(stderr, "[ERROR] Not a valid server challenge\n");
250252 free(buf);
251253 return 1;
252254 } else {
259261 serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0';
260262
261263 memset(buffer2, 0, sizeof(buffer2));
262 sasl_scram_sha1(buffer2, pass, clientfirstmessagebare, serverfirstmessage);
263 if (buffer2 == NULL) {
264 fooptr = buffer2;
265 sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage);
266 if (fooptr == NULL) {
264267 hydra_report(stderr, "[ERROR] Can't compute client response\n");
265268 return 1;
266269 }
297300 if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
298301 return 1;
299302 if ((buf = hydra_receive_line(s)) == NULL)
300 return (1);
303 return 1;
304 if (strlen(buf) < 6) {
305 free(buf);
306 return 1;
307 }
301308
302309 //recover challenge
303310 from64tobits((char *) buf1, buf + 2);
374381 buf = hydra_receive_line(sock);
375382
376383 if ((buf == NULL) || (strstr(buf, "OK") == NULL && buf[0] != '*')) { /* check the first line */
377 if (verbose || debug) hydra_report(stderr, "[ERROR] Not an IMAP protocol or service shutdown:\n");
384 if (verbose || debug)
385 hydra_report(stderr, "[ERROR] Not an IMAP protocol or service shutdown:\n");
378386 if (buf != NULL)
379387 free(buf);
380388 hydra_child_exit(2);
400408 disable_tls = 0;
401409 }
402410 }
403
404411 #ifdef LIBOPENSSL
405412 if (!disable_tls) {
406 /* check for STARTTLS, if available we may have access to more basic auth methods */
407 if (strstr(buf, "STARTTLS") != NULL) {
413 /* check for STARTTLS, if available we may have access to more basic auth methods */
414 if (strstr(buf, "STARTTLS") != NULL) {
408415 hydra_send(sock, "2 STARTTLS\r\n", strlen("2 STARTTLS\r\n"), 0);
409416 counter++;
410417 free(buf);
411418 buf = hydra_receive_line(sock);
412419 if (buf == NULL || (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL)) {
413 hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
420 hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
414421 } else {
415422 free(buf);
416423 if ((hydra_connect_to_ssl(sock) == -1)) {
417424 if (verbose)
418 hydra_report(stderr, "[ERROR] Can't use TLS\n");
425 hydra_report(stderr, "[ERROR] Can't use TLS\n");
419426 disable_tls = 1;
420427 run = 1;
421428 break;
422429 } else {
423430 if (verbose)
424 hydra_report(stderr, "[VERBOSE] TLS connection done\n");
431 hydra_report(stderr, "[VERBOSE] TLS connection done\n");
425432 }
426433 /* ask again capability request but in TLS mode */
427434 if (hydra_send(sock, "3 CAPABILITY\r\n", strlen("3 CAPABILITY\r\n"), 0) < 0)
431438 if (buf == NULL)
432439 hydra_child_exit(2);
433440 }
434 } else
441 } else
435442 hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
436443 }
437444 #endif
438445
439446 if (verbose)
440 hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf);
447 hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf);
441448
442449 //authentication should be listed AUTH= like in the extract below
443450 //STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5
559566 }
560567 }
561568
562 int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
569 int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
563570 // called before the childrens are forked off, so this is the function
564571 // which should be filled if initial connections and service setup has to be
565572 // performed once only.
+10
-4
hydra-irc.c less more
2424 if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
2525 return 3;
2626 }
27 ret = hydra_recv(s, buffer, sizeof(buffer));
27 ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
28 if (ret >= 0)
29 buffer[ret] = 0;
2830 /* :irc.debian.org 381 koma :You are now an IRC Operator */
2931 /* :irc.debian.org 464 koma :Invalid password */
3032 if ((ret > 0) && (strstr(buffer, " 381 ") != NULL)) {
9395 return 3;
9496 }
9597
96 ret = hydra_recv(s, buffer, sizeof(buffer));
98 ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
99 if (ret >= 0)
100 buffer[ret] = 0;
97101 #ifdef HAVE_PCRE
98102 if ((ret > 0) && (!hydra_string_match(buffer, "ERROR\\s.*password"))) {
99103 #else
139143 hydra_child_exit(1);
140144 }
141145
142 ret = hydra_recv(sock, buffer, sizeof(buffer));
146 buffer[0] = 0;
147 if ((ret = hydra_recv(sock, buffer, sizeof(buffer) - 1)) >= 0)
148 buffer[ret] = 0;
143149
144150 /* ERROR :Bad password */
145151 #ifdef HAVE_PCRE
202208 }
203209 }
204210
205 int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
211 int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
206212 // called before the childrens are forked off, so this is the function
207213 // which should be filled if initial connections and service setup has to be
208214 // performed once only.
+19
-16
hydra-ldap.c less more
88
99 int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char version, int auth_method) {
1010 char *empty = "";
11 char *login = "", *pass;
11 char *login = "", *pass, *fooptr = "";
1212 unsigned char buffer[512];
1313 int length = 0;
1414 int ldap_auth_mechanism = auth_method;
2626 if (strlen(login = hydra_get_next_login()) == 0)
2727 login = empty;
2828 }
29 if (miscptr == NULL)
30 miscptr = fooptr;
2931
3032 if (strlen(pass = hydra_get_next_password()) == 0)
3133 pass = empty;
8486 buffer[15 + strlen(miscptr)] = strlen(authm);
8587 memcpy(&buffer[16 + strlen(miscptr)], authm, strlen(authm));
8688 }
87 if (hydra_send(s, (char*)buffer, length, 0) < 0)
89 if (hydra_send(s, (char *) buffer, length, 0) < 0)
8890 return 1;
89 if ((buf = (unsigned char*) hydra_receive_line(s)) == NULL)
91 if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL)
9092 return 1;
9193
9294 if (buf[0] != 0 && buf[0] != 32 && buf[9] == 2) {
118120 char *ptr;
119121 char buf2[32];
120122
121 ptr = strstr((char*) buf, "<");
122 sasl_cram_md5(buf2, pass, ptr);
123 if (buf2 == NULL)
123 ptr = strstr((char *) buf, "<");
124 fooptr = buf2;
125 sasl_cram_md5(fooptr, pass, ptr);
126 if (fooptr == NULL)
124127 return 1;
125128 counter++;
126129 if (strstr(miscptr, "^USER^") != NULL) {
157160 buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login)] = ' ';
158161 memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login) + 1], buf2, strlen(buf2));
159162
160 if (hydra_send(s, (char*)buffer, length, 0) < 0)
163 if (hydra_send(s, (char *) buffer, length, 0) < 0)
161164 return 1;
162165 free(buf);
163 if ((buf = (unsigned char*) hydra_receive_line(s)) == NULL)
166 if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL)
164167 return 1;
165168 } else {
166169 if (ldap_auth_mechanism == AUTH_DIGESTMD5) {
168171 char buffer2[500];
169172 int ind = 0;
170173
171 ptr = strstr((char*)buf, "realm=");
174 ptr = strstr((char *) buf, "realm=");
172175
173176 counter++;
174177 if (strstr(miscptr, "^USER^") != NULL) {
175178 miscptr = hydra_strrep(miscptr, "^USER^", login);
176179 }
177180
178 sasl_digest_md5(buffer2, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL);
179 if (buffer2 == NULL) {
181 fooptr = buffer2;
182 sasl_digest_md5(fooptr, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL);
183 if (fooptr == NULL) {
180184 free(buf);
181185 return 3;
182186 }
274278 memcpy(&buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")], buffer2, strlen(buffer2));
275279 ind++;
276280
277 if (hydra_send(s, (char*)buffer, length, 0) < 0)
281 if (hydra_send(s, (char *) buffer, length, 0) < 0)
278282 return 1;
279283 free(buf);
280 if ((buf = (unsigned char*) hydra_receive_line(s)) == NULL)
284 if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL)
281285 return 1;
282286 }
283287 }
313317 sleep(1);
314318 hydra_child_exit(2);
315319 }
316
317320 //0 0x30, 0x84, 0x20, 0x20, 0x20, 0x10, 0x02, 0x01,
318321 //8 0x01, 0x61, 0x84, 0x20, 0x20, 0x20, 0x07, 0x0a,
319322 //16 0x01, 0x20, 0x04, 0x20, 0x04, 0x20, 0x00, 0x00,
384387 if (hydra_send(sock, confidentiality_required, strlen(confidentiality_required), 0) < 0)
385388 hydra_child_exit(1);
386389
387 if ((buf = (unsigned char*) hydra_receive_line(sock)) == NULL)
390 if ((buf = (unsigned char *) hydra_receive_line(sock)) == NULL)
388391 hydra_child_exit(1);
389392
390393 if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) {
437440 service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_DIGESTMD5);
438441 }
439442
440 int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
443 int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
441444 // called before the childrens are forked off, so this is the function
442445 // which should be filled if initial connections and service setup has to be
443446 // performed once only.
+192
-170
hydra-mod.c less more
1515 #define SOCKS_V5 5
1616 #define SOCKS_V4 4
1717 #define SOCKS_NOAUTH 0
18
1819 /* http://tools.ietf.org/html/rfc1929 */
1920 #define SOCKS_PASSAUTH 2
2021 #define SOCKS_NOMETHOD 0xff
2425 #define SOCKS_IPV6 4
2526
2627 extern int conwait;
27
28 char quiet;
29 int do_retry = 1;
2830 int module_auth_type = -1;
2931 int intern_socket, extern_socket;
3032 char pair[260];
4143 int __first_connect = 1;
4244 char ipstring[64];
4345 unsigned int colored_output = 1;
46 char quiet = 0;
4447
4548 #ifdef LIBOPENSSL
4649 SSL *ssl = NULL;
5558 void alarming() {
5659 fail++;
5760 alarm_went_off++;
61
5862 /* uh, I think it's not good for performance if we try to reconnect to a timeout system!
5963 * if (fail > MAX_CONNECT_RETRY) {
6064 */
6266 if (debug)
6367 printf("DEBUG_CONNECT_TIMEOUT\n");
6468 hydra_child_exit(1);
69
6570 /*
6671 * } else {
6772 * if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], retrying (%d of %d retries)\n", (int)getpid(), fail, MAX_CONNECT_RETRY);
7883
7984 int internal__hydra_connect(char *host, int port, int protocol, int type) {
8085 int s, ret = -1, ipv6 = 0;
86
8187 #ifdef AF_INET6
8288 struct sockaddr_in6 target6;
8389 struct sockaddr_in6 sin6;
139145 } else {
140146 if (errno == EACCES && (getuid() > 0)) {
141147 fprintf(stderr, "[ERROR] You need to be root to test this service\n");
148 close(s);
142149 return -1;
143150 }
144151 }
200207 alarm(0);
201208 if (ret < 0 && alarm_went_off == 0) {
202209 fail++;
203 if (verbose && fail <= MAX_CONNECT_RETRY)
204 fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int) getpid(), fail, MAX_CONNECT_RETRY);
205 }
206 } while (ret < 0 && fail <= MAX_CONNECT_RETRY);
210 if (verbose ) {
211 if (do_retry && fail <= MAX_CONNECT_RETRY)
212 fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int) getpid(), fail, MAX_CONNECT_RETRY);
213 else
214 fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int) getpid());
215 }
216 }
217 } while (ret < 0 && fail <= MAX_CONNECT_RETRY && do_retry);
207218 if (ret < 0 && fail > MAX_CONNECT_RETRY) {
208219 if (debug)
209220 printf("DEBUG_CONNECT_UNREACHABLE\n");
213224 * hydra_child_exit(1);
214225 */
215226 extern_socket = -1;
227 close(s);
216228 ret = -1;
217229 return ret;
218230 }
225237 if (use_proxy == 2) {
226238 if ((buf = malloc(4096)) == NULL) {
227239 fprintf(stderr, "[ERROR] could not malloc()\n");
240 close(s);
228241 return -1;
229242 }
230243 memset(&target, 0, sizeof(target));
243256 #endif
244257
245258 if (hydra_strcasestr(proxy_string_type, "connect") || hydra_strcasestr(proxy_string_type, "http")) {
246 if (proxy_authentication == NULL)
259 if (proxy_authentication == NULL)
247260 if (host[0] == 16)
248261 snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port);
249262 else
250263 snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port);
251 else
252 if (host[0] == 16)
253 snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication);
254 else
255 snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication);
256
257 send(s, buf, strlen(buf), 0);
258 recv(s, buf, 4096, 0);
259 if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = index(buf, ' ')) != NULL && *++tmpptr == '2') {
264 else if (host[0] == 16)
265 snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication);
266 else
267 snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication);
268
269 send(s, buf, strlen(buf), 0);
270 recv(s, buf, 4096, 0);
271 if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = index(buf, ' ')) != NULL && *++tmpptr == '2') {
260272 if (debug)
261273 printf("DEBUG_CONNECT_PROXY_OK\n");
262 } else {
274 } else {
263275 if (debug)
264276 printf("DEBUG_CONNECT_PROXY_FAILED (Code: %c%c%c)\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2));
265277 if (verbose)
266278 fprintf(stderr, "[ERROR] CONNECT call to proxy failed with code %c%c%c\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2));
267279 err = 1;
268 }
269 free(buf);
280 }
281 // free(buf);
270282 } else {
271283 if (hydra_strcasestr(proxy_string_type, "socks5")) {
272 char buf[1024];
273 size_t cnt, wlen;
284 // char buf[1024];
285 size_t cnt, wlen;
274286
275287 /* socks v5 support */
276 buf[0] = SOCKS_V5;
277 buf[1] = 1;
278 if (proxy_authentication == NULL)
279 buf[2] = SOCKS_NOAUTH;
288 buf[0] = SOCKS_V5;
289 buf[1] = 1;
290 if (proxy_authentication == NULL)
291 buf[2] = SOCKS_NOAUTH;
280292 else
281 buf[2] = SOCKS_PASSAUTH;
282 cnt = hydra_send(s, buf, 3, 0);
283 if (cnt != 3) {
284 hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/3)\n", cnt);
293 buf[2] = SOCKS_PASSAUTH;
294 cnt = hydra_send(s, buf, 3, 0);
295 if (cnt != 3) {
296 hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/3)\n", cnt);
285297 err = 1;
286298 } else {
287 cnt = hydra_recv(s, buf, 2);
288 if (cnt != 2) {
289 hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt);
299 cnt = hydra_recv(s, buf, 2);
300 if (cnt != 2) {
301 hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt);
290302 err = 1;
291303 }
292 if ((unsigned int) buf[1] == SOCKS_NOMETHOD) {
293 hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n");
304 if ((unsigned int) buf[1] == SOCKS_NOMETHOD) {
305 hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n");
294306 err = 1;
295307 }
296308 /* SOCKS_DOMAIN not supported here, do we need it ? */
298310 /* send user/pass */
299311 if (proxy_authentication != NULL) {
300312 //format was checked previously
301 char *login=strtok(proxy_authentication, ":");
302 char *pass=strtok(NULL, ":");
313 char *login = strtok(proxy_authentication, ":");
314 char *pass = strtok(NULL, ":");
315
303316 snprintf(buf, sizeof(buf), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass);
304317
305 cnt = hydra_send(s, buf, strlen(buf), 0);
306 if (cnt != strlen(buf)) {
307 hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/3)\n", cnt);
308 err = 1;
309 } else {
310 cnt = hydra_recv(s, buf, 2);
311 if (cnt != 2) {
312 hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt);
313 err = 1;
314 }
315 if (buf[1] != 0) {
316 hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication failure\n");
317 err = 1;
318 } else {
318 cnt = hydra_send(s, buf, strlen(buf), 0);
319 if (cnt != strlen(buf)) {
320 hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/3)\n", cnt);
321 err = 1;
322 } else {
323 cnt = hydra_recv(s, buf, 2);
324 if (cnt != 2) {
325 hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt);
326 err = 1;
327 }
328 if (buf[1] != 0) {
329 hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication failure\n");
330 err = 1;
331 } else {
319332 if (debug)
320 hydra_report(stderr, "[DEBUG] SOCKS5 proxy authentication success\n");
321 }
322 }
333 hydra_report(stderr, "[DEBUG] SOCKS5 proxy authentication success\n");
334 }
335 }
323336 }
324
325337 #ifdef AF_INET6
326338 if (ipv6) {
327 /* Version 5, connect: IPv6 address */
328 buf[0] = SOCKS_V5;
329 buf[1] = SOCKS_CONNECT;
330 buf[2] = 0;
331 buf[3] = SOCKS_IPV6;
332 memcpy(buf + 4, &target6.sin6_addr, sizeof target6.sin6_addr);
333 memcpy(buf + 20, &target6.sin6_port, sizeof target6.sin6_port);
334 wlen = 22;
339 /* Version 5, connect: IPv6 address */
340 buf[0] = SOCKS_V5;
341 buf[1] = SOCKS_CONNECT;
342 buf[2] = 0;
343 buf[3] = SOCKS_IPV6;
344 memcpy(buf + 4, &target6.sin6_addr, sizeof target6.sin6_addr);
345 memcpy(buf + 20, &target6.sin6_port, sizeof target6.sin6_port);
346 wlen = 22;
335347 } else {
336348 #endif
337 /* Version 5, connect: IPv4 address */
338 buf[0] = SOCKS_V5;
339 buf[1] = SOCKS_CONNECT;
340 buf[2] = 0;
341 buf[3] = SOCKS_IPV4;
342 memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr);
343 memcpy(buf + 8, &target.sin_port, sizeof target.sin_port);
344 wlen = 10;
349 /* Version 5, connect: IPv4 address */
350 buf[0] = SOCKS_V5;
351 buf[1] = SOCKS_CONNECT;
352 buf[2] = 0;
353 buf[3] = SOCKS_IPV4;
354 memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr);
355 memcpy(buf + 8, &target.sin_port, sizeof target.sin_port);
356 wlen = 10;
345357 #ifdef AF_INET6
346358 }
347359 #endif
348 cnt = hydra_send(s, buf, wlen, 0);
349 if (cnt != wlen) {
350 hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/%zu)\n", cnt, wlen);
351 err = 1;
360 cnt = hydra_send(s, buf, wlen, 0);
361 if (cnt != wlen) {
362 hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/%zu)\n", cnt, wlen);
363 err = 1;
352364 } else {
353 cnt=hydra_recv(s, buf, 10);
354 if (cnt != 10) {
355 hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/10)\n", cnt);
356 err = 1;
357 }
358 if (buf[1] != 0) {
365 cnt = hydra_recv(s, buf, 10);
366 if (cnt != 10) {
367 hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/10)\n", cnt);
368 err = 1;
369 }
370 if (buf[1] != 0) {
359371 /* 0x05 = connection refused by destination host */
360372 if (buf[1] == 5)
361 hydra_report(stderr, "[ERROR] SOCKS proxy request failed\n");
373 hydra_report(stderr, "[ERROR] SOCKS proxy request failed\n");
362374 else
363375 hydra_report(stderr, "[ERROR] SOCKS error %d\n", buf[1]);
364 err = 1;
365 }
376 err = 1;
377 }
366378 }
367379 }
368380 }
369381 } else {
370382 if (hydra_strcasestr(proxy_string_type, "socks4")) {
371 if (ipv6) {
383 if (ipv6) {
372384 hydra_report(stderr, "[ERROR] SOCKS4 proxy does not support IPv6\n");
373385 err = 1;
374 } else {
375 char buf[1024];
376 size_t cnt, wlen;
386 } else {
387 // char buf[1024];
388 size_t cnt, wlen;
377389
378390 /* socks v4 support */
379 buf[0] = SOCKS_V4;
380 buf[1] = SOCKS_CONNECT; /* connect */
381 memcpy(buf + 2, &target.sin_port, sizeof target.sin_port);
382 memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr);
383 buf[8] = 0; /* empty username */
384 wlen = 9;
385 cnt = hydra_send(s, buf, wlen, 0);
386 if (cnt != wlen) {
387 hydra_report(stderr, "[ERROR] SOCKS4 proxy write failed (%zu/%zu)\n", cnt, wlen);
388 err = 1;
391 buf[0] = SOCKS_V4;
392 buf[1] = SOCKS_CONNECT; /* connect */
393 memcpy(buf + 2, &target.sin_port, sizeof target.sin_port);
394 memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr);
395 buf[8] = 0; /* empty username */
396 wlen = 9;
397 cnt = hydra_send(s, buf, wlen, 0);
398 if (cnt != wlen) {
399 hydra_report(stderr, "[ERROR] SOCKS4 proxy write failed (%zu/%zu)\n", cnt, wlen);
400 err = 1;
389401 } else {
390 cnt=hydra_recv(s, buf, 8);
391 if (cnt != 8) {
392 hydra_report(stderr, "[ERROR] SOCKS4 proxy read failed (%zu/8)\n", cnt);
393 err = 1;
394 }
395 if (buf[1] != 90) {
402 cnt = hydra_recv(s, buf, 8);
403 if (cnt != 8) {
404 hydra_report(stderr, "[ERROR] SOCKS4 proxy read failed (%zu/8)\n", cnt);
405 err = 1;
406 }
407 if (buf[1] != 90) {
396408 /* 91 = 0x5b = request rejected or failed */
397409 if (buf[1] == 91)
398 hydra_report(stderr, "[ERROR] SOCKS proxy request failed\n");
410 hydra_report(stderr, "[ERROR] SOCKS proxy request failed\n");
399411 else
400 hydra_report(stderr, "[ERROR] SOCKS error %d\n", buf[1]);
401 err = 1;
402 }
403 }
412 hydra_report(stderr, "[ERROR] SOCKS error %d\n", buf[1]);
413 err = 1;
414 }
415 }
404416 }
405 } else {
406 hydra_report(stderr, "[ERROR] Unknown proxy type: %s, valid type are \"connect\", \"socks4\" or \"socks5\"\n", proxy_string_type);
407 err = 1;
408 }
417 } else {
418 hydra_report(stderr, "[ERROR] Unknown proxy type: %s, valid type are \"connect\", \"socks4\" or \"socks5\"\n", proxy_string_type);
419 err = 1;
420 }
409421 }
410422 }
423 free(buf);
411424 }
412425 if (err) {
413426 close(s);
414427 extern_socket = -1;
415428 ret = -1;
416 free(buf);
417429 return ret;
418430 }
419431 fail = 0;
428440 #ifdef NO_RSA_LEGACY
429441 RSA *private = RSA_new();
430442 BIGNUM *f4 = BN_new();
443
431444 BN_set_word(f4, RSA_F4);
432 RSA_generate_key_ex(rsa,1024, f4, NULL);
445 RSA_generate_key_ex(rsa, 1024, f4, NULL);
433446 #else
434447 rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL);
435448 #endif
444457 if (ssl_first) {
445458 SSL_load_error_strings();
446459 // SSL_add_ssl_algoritms();
447 SSL_library_init(); // ?
460 SSL_library_init(); // ?
448461 ssl_first = 0;
449462 }
450463
651664 fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login());
652665 else
653666 fprintf(fp, "[%d][%s] login: %s\n", port, svc, hydra_get_next_login());
667 else if (colored_output)
668 fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(), hydra_get_next_password());
654669 else
655 if (colored_output)
656 fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(), hydra_get_next_password());
657 else
658 fprintf(fp, "[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password());
670 fprintf(fp, "[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password());
659671
660672 if (stdout != fp) {
661673 if (!strcmp(svc, "rsh"))
671683 void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp) {
672684 strcpy(ipaddr_str, hydra_address2string(ip));
673685 if (colored_output)
674 fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password());
686 fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password());
675687 else
676 fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
688 fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
677689 if (stdout != fp)
678690 printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
679691 fflush(fp);
693705 else if (!strcmp(svc, "snmp3"))
694706 if (colored_output)
695707 fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password());
696 else
708 else
697709 fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
698710 else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco"))
699711 if (colored_output)
700712 fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password());
701 else
713 else
702714 fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
715 else if (colored_output)
716 fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw,
717 hydra_get_next_password());
703718 else
704 if (colored_output)
705 fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password());
706 else
707 fprintf(fp, "[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password());
719 fprintf(fp, "[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password());
708720 if (stdout != fp) {
709721 if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid"))
710722 printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login());
722734 void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg) {
723735 strcpy(ipaddr_str, hydra_address2string(ip));
724736 if (colored_output)
725 fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m password: \e[32m%s\e[0m [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg);
737 fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m password: \e[32m%s\e[0m [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(),
738 hydra_get_next_password(), msg);
726739 else
727740 fprintf(fp, "[%d][%s] host: %s login: %s password: %s [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg);
728741 if (stdout != fp)
821834 int hydra_recv_nb(int socket, char *buf, int length) {
822835 int ret = -1;
823836 char text[64];
824
837
825838 if (hydra_data_ready_timed(socket, (long) waittime, 0) > 0) {
826839 if ((ret = internal__hydra_recv(socket, buf, length)) <= 0) {
827840 buf[0] = 0;
828 sprintf(text, "[DEBUG] RECV [pid:%d]", getpid());
829 hydra_dump_data(buf, ret, text);
841 if (debug) {
842 sprintf(text, "[DEBUG] RECV [pid:%d]", getpid());
843 hydra_dump_data(buf, ret, text);
844 }
830845 return ret;
831846 }
832847 if (debug) {
839854 }
840855
841856 char *hydra_receive_line(int socket) {
842 char buf[1024], *buff, text[64];
857 char buf[1024], *buff, *buff2, text[64];
843858 int i, j = 1, k, got = 0;
844859
845860 if ((buff = malloc(sizeof(buf))) == NULL) {
871886 free(buff);
872887 return NULL;
873888 } else {
874 if (got > 0) {
875 for (k = 0; k < got; k++)
876 if (buff[k] == 0)
877 buff[k] = 32;
878 buff[got] = 0;
879 usleep(100);
880 }
889 if (got > 0) {
890 for (k = 0; k < got; k++)
891 if (buff[k] == 0)
892 buff[k] = 32;
893 buff[got] = 0;
894 usleep(100);
895 }
881896 }
882897
883898 while (hydra_data_ready(socket) > 0 && j > 0) {
887902 if (buf[k] == 0)
888903 buf[k] = 32;
889904 buf[j] = 0;
890 buff = realloc(buff, got + j + 1);
905 if ((buff2 = realloc(buff, got + j + 1)) == NULL) {
906 free(buff);
907 return NULL;
908 } else
909 buff = buff2;
891910 memcpy(buff + got, &buf, j + 1);
892911 got += j;
893912 buff[got] = 0;
909928
910929 int hydra_send(int socket, char *buf, int size, int options) {
911930 char text[64];
912
931
913932 if (debug) {
914933 sprintf(text, "[DEBUG] SEND [pid:%d]", getpid());
915934 hydra_dump_data(buf, size, text);
935
916936 /* int k;
917937 char *debugbuf = malloc(size + 1);
918938
927947 free(debugbuf);
928948 }*/
929949 }
950
930951 /* if (hydra_data_ready_writing(socket)) < 1) return -1; XXX maybe needed in the future */
931952 return (internal__hydra_send(socket, buf, size, options));
932953 }
946967 char *c, oldstring[1024];
947968 static char newstring[1024];
948969
949 if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece) ))
970 if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1
971 || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece)))
950972 return NULL;
951973
952974 strcpy(newstring, string);
953975 strcpy(oldstring, string);
954976
955 // while ((c = (char *) strstr(oldstring, oldpiece)) != NULL) {
956 c = (char *) strstr(oldstring, oldpiece);
957 new_len = strlen(newpiece);
958 old_len = strlen(oldpiece);
959 end = strlen(oldstring) - old_len;
960 oldpiece_index = c - oldstring;
961 newstr_index = 0;
962 str_index = 0;
963 while (c != NULL && str_index <= end) {
964 /* Copy characters from the left of matched pattern occurence */
965 cpy_len = oldpiece_index - str_index;
966 strncpy(newstring + newstr_index, oldstring + str_index, cpy_len);
967 newstr_index += cpy_len;
968 str_index += cpy_len;
969
970 /* Copy replacement characters instead of matched pattern */
971 strcpy(newstring + newstr_index, newpiece);
972 newstr_index += new_len;
973 str_index += old_len;
974 /* Check for another pattern match */
975 if ((c = (char *) strstr(oldstring + str_index, oldpiece)) != NULL)
976 oldpiece_index = c - oldstring;
977 }
978 /* Copy remaining characters from the right of last matched pattern */
979 strcpy(newstring + newstr_index, oldstring + str_index);
980 strcpy(oldstring, newstring);
977 // while ((c = (char *) strstr(oldstring, oldpiece)) != NULL) {
978 c = (char *) strstr(oldstring, oldpiece);
979 new_len = strlen(newpiece);
980 old_len = strlen(oldpiece);
981 end = strlen(oldstring) - old_len;
982 oldpiece_index = c - oldstring;
983 newstr_index = 0;
984 str_index = 0;
985 while (c != NULL && str_index <= end) {
986 /* Copy characters from the left of matched pattern occurence */
987 cpy_len = oldpiece_index - str_index;
988 strncpy(newstring + newstr_index, oldstring + str_index, cpy_len);
989 newstr_index += cpy_len;
990 str_index += cpy_len;
991
992 /* Copy replacement characters instead of matched pattern */
993 strcpy(newstring + newstr_index, newpiece);
994 newstr_index += new_len;
995 str_index += old_len;
996 /* Check for another pattern match */
997 if ((c = (char *) strstr(oldstring + str_index, oldpiece)) != NULL)
998 oldpiece_index = c - oldstring;
999 }
1000 /* Copy remaining characters from the right of last matched pattern */
1001 strcpy(newstring + newstr_index, oldstring + str_index);
1002 strcpy(oldstring, newstring);
9811003 // }
9821004 return newstring;
9831005 }
11791201 return NULL;
11801202
11811203 for (; *haystack; ++haystack) {
1182 if (toupper((int)*haystack) == toupper((int)*needle)) {
1204 if (toupper((int) *haystack) == toupper((int) *needle)) {
11831205 const char *h, *n;
11841206
11851207 for (h = haystack, n = needle; *h && *n; ++h, ++n) {
1186 if (toupper((int)*h) != toupper((int)*n)) {
1208 if (toupper((int) *h) != toupper((int) *n)) {
11871209 break;
11881210 }
11891211 }
12561278
12571279 int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen) {
12581280 int i;
1259
1281
12601282 for (i = 0; i <= hlen - nlen; i++)
12611283 if (memcmp(haystack + i, needle, nlen) == 0)
12621284 return i;
+2
-0
hydra-mod.h less more
11 #define _HYDRA_MOD_H
22
33 #include "hydra.h"
4
5 extern char quiet;
46
57 extern void hydra_child_exit(int code);
68 extern void hydra_register_socket(int s);
+3
-3
hydra-mssql.c less more
8282 return 1;
8383 if (hydra_send(s, (char *) p_lng, 71, 0) < 0)
8484 return 1;
85
85
8686 memset(buffer, 0, sizeof(buffer));
87 ret=hydra_recv_nb(s, buffer, sizeof(buffer));
87 ret = hydra_recv_nb(s, buffer, sizeof(buffer));
8888
8989 if (ret <= 0)
9090 return 3;
152152 }
153153 }
154154
155 int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
155 int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
156156 // called before the childrens are forked off, so this is the function
157157 // which should be filled if initial connections and service setup has to be
158158 // performed once only.
+40
-31
hydra-mysql.c less more
3737
3838 /* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */
3939 char *hydra_mysql_receive_line(int socket) {
40 char buf[300], *buff;
41 int i = 0, j = 0;
42
43 buff = malloc(sizeof(buf));
40 char buf[300], *buff, *buff2;
41 int i = 0, j = 0, buff_size = 300;
42
43 buff = malloc(buff_size);
4444 if (buff == NULL)
4545 return NULL;
4646 memset(buff, 0, sizeof(buf));
5454 }
5555 if (i <= 0) {
5656 if (debug)
57 hydra_report_debug(stderr,"DEBUG_RECV_BEGIN|%s|END\n", buff);
57 hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END\n");
5858 free(buff);
5959 return NULL;
6060 }
6262 j = 1;
6363 while (hydra_data_ready(socket) > 0 && j > 0) {
6464 j = internal__hydra_recv(socket, buf, sizeof(buf));
65 buff = realloc(buff, i + j);
66 if (buff == NULL)
67 return NULL;
68 memcpy(buff + i, &buf, j);
69 i = i + j;
65 if (j > 0) {
66 if (i + j > buff_size || (buff2 = realloc(buff, i + j)) == NULL) {
67 free(buff);
68 return NULL;
69 } else {
70 buff = buff2;
71 buff_size = i + j;
72 }
73 memcpy(buff + i, &buf, j);
74 i += j;
75 }
7076 }
7177
7278 if (debug)
73 hydra_report_debug(stderr,"DEBUG_RECV_BEGIN|%s|END\n", buff);
79 hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END\n", buff);
7480 return buff;
7581 }
7682
174180 pass = hydra_get_next_password();
175181
176182 if (miscptr)
177 strncpy(database, miscptr, sizeof(database));
183 strncpy(database, miscptr, sizeof(database) - 1);
178184 else {
179 strncpy(database, DEFAULT_DB, sizeof(database));
185 strncpy(database, DEFAULT_DB, sizeof(database) - 1);
180186 if (verbose)
181187 hydra_report(stderr, "[VERBOSE] using default db 'mysql'\n");
182188 }
189 database[sizeof(database) - 1] = 0;
183190
184191 /* read server greeting */
185192 res = hydra_mysql_init(sock);
194201 if (mysql == NULL) {
195202 mysql = mysql_init(NULL);
196203 if (mysql == NULL) {
197 hydra_report(stderr, "[ERROR] Insufficient memory to allocate new mysql object\n");
198 return 1;
204 hydra_report(stderr, "[ERROR] Insufficient memory to allocate new mysql object\n");
205 return 1;
199206 }
200207 }
201208 /*mysql_options(&mysql,MYSQL_OPT_COMPRESS,0); */
202209 if (!mysql_real_connect(mysql, hydra_address2string(ip), login, pass, database, 0, NULL, 0)) {
203210 int my_errno = mysql_errno(mysql);
211
204212 if (debug)
205213 hydra_report(stderr, "[ERROR] Failed to connect to database: %s\n", mysql_error(mysql));
206214
207215 /*
208 Error: 1049 SQLSTATE: 42000 (ER_BAD_DB_ERROR)
209 Message: Unknown database '%s'
210 */
216 Error: 1049 SQLSTATE: 42000 (ER_BAD_DB_ERROR)
217 Message: Unknown database '%s'
218 */
211219 if (my_errno == 1049) {
212220 hydra_report(stderr, "[ERROR] Unknown database: %s\n", database);
213221 }
217225 }
218226
219227 /*
220 http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html
221
222 Error: 1044 SQLSTATE: 42000 (ER_DBACCESS_DENIED_ERROR)
223 Message: Access denied for user '%s'@'%s' to database '%s'
224
225 Error: 1045 SQLSTATE: 28000 (ER_ACCESS_DENIED_ERROR)
226 Message: Access denied for user '%s'@'%s' (using password: %s)
227
228 */
228 http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html
229
230 Error: 1044 SQLSTATE: 42000 (ER_DBACCESS_DENIED_ERROR)
231 Message: Access denied for user '%s'@'%s' to database '%s'
232
233 Error: 1045 SQLSTATE: 28000 (ER_ACCESS_DENIED_ERROR)
234 Message: Access denied for user '%s'@'%s' (using password: %s)
235
236 */
229237
230238 //if the error is more critical, we just try to reconnect
231239 //to the db later with the mysql_init
232 if ((my_errno != 1044)&&(my_errno != 1045)) {
240 if ((my_errno != 1044) && (my_errno != 1045)) {
233241 mysql_close(mysql);
234242 mysql = NULL;
235243 }
316324 port = myport;
317325 }
318326 if (sock < 0) {
319 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
327 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
320328 hydra_child_exit(1);
321329 }
322330 next_run = 2;
344352
345353
346354 #endif
355
347356 /************************************************************************/
348357
349358 /* code belowe is copied from mysql 3.23.57 source code (www.mysql.com) */
358367 double max_value_dbl;
359368 };
360369
361 void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */
370 void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */
362371 rand_st->max_value = 0x3FFFFFFFL;
363372 rand_st->max_value_dbl = (double) rand_st->max_value;
364373 rand_st->seed1 = seed1 % rand_st->max_value;
409418 }
410419 #endif
411420
412 int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
421 int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
413422 // called before the childrens are forked off, so this is the function
414423 // which should be filled if initial connections and service setup has to be
415424 // performed once only.
+2
-2
hydra-ncp.c less more
150150 sock = hydra_connect_tcp(ip, myport);
151151 port = myport;
152152 if (sock < 0) {
153 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
153 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
154154 hydra_child_exit(1);
155155 }
156156 next_run = 2;
181181
182182 #endif
183183
184 int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
184 int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
185185 // called before the childrens are forked off, so this is the function
186186 // which should be filled if initial connections and service setup has to be
187187 // performed once only.
+24
-17
hydra-nntp.c less more
4848
4949 int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
5050 char *empty = "\"\"";
51 char *login, *pass, buffer[300], buffer2[500];
51 char *login, *pass, buffer[500], buffer2[500], *fooptr;
5252 int i = 1;
5353
5454 if (strlen(login = hydra_get_next_login()) == 0)
5959 while (i > 0 && hydra_data_ready(s) > 0)
6060 i = hydra_recv(s, buffer, 300);
6161
62 if (i < 0)
63 i = 0;
64 buffer[i] = 0;
65
6266 switch (nntp_auth_mechanism) {
6367 case AUTH_LOGIN:
6468 sprintf(buffer, "AUTHINFO SASL LOGIN\r\n");
155159 //receive
156160 if ((buf = hydra_receive_line(s)) == NULL)
157161 return 1;
158 if (buf == NULL || strstr(buf, "383") == NULL) {
162 if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) {
159163 hydra_report(stderr, "[ERROR] NNTP DIGEST-MD5 AUTH : %s\n", buf);
160164 free(buf);
161165 return 3;
164168 from64tobits((char *) buffer, buf + 4);
165169 free(buf);
166170
167 if (verbose)
171 if (debug)
168172 hydra_report(stderr, "DEBUG S: %s\n", buffer);
169 sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL);
170 if (buffer2 == NULL)
173 fooptr = buffer2;
174 sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL);
175 if (fooptr == NULL)
171176 return 3;
172177
173 if (verbose)
178 if (debug)
174179 hydra_report(stderr, "DEBUG C: %s\n", buffer2);
175180 hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
176181 sprintf(buffer, "%s\r\n", buffer2);
186191 //send auth and receive challenge
187192 buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL);
188193 to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2));
189 sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char*)buf1);
194 sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char *) buf1);
190195 if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
191196 return 1;
192197 }
193198 if ((buf = hydra_receive_line(s)) == NULL)
194199 return 1;
195 if (buf == NULL || strstr(buf, "383") == NULL) {
200 if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) {
196201 hydra_report(stderr, "[ERROR] NNTP NTLM AUTH : %s\n", buf);
197202 free(buf);
198203 return 3;
203208
204209 buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL);
205210 to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2));
206 sprintf(buffer, "%s\r\n", (char*)buf1);
211 sprintf(buffer, "%s\r\n", (char *) buf1);
207212 }
208213 break;
209214
217222 if (buf == NULL)
218223 return 1;
219224 if (buf[0] != '3') {
220 if (verbose || debug) hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf);
225 if (verbose || debug)
226 hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf);
221227 free(buf);
222228 return (3);
223229 }
285291 // usleep(300000);
286292 buf = hydra_receive_line(sock);
287293 if (buf == NULL || buf[0] != '2') { /* check the first line */
288 if (verbose || debug) hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf);
294 if (verbose || debug)
295 hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf);
289296 hydra_child_exit(2);
290297 }
291298 free(buf);
300307 }
301308 #ifdef LIBOPENSSL
302309 if (!disable_tls) {
303 /* if we got a positive answer */
304 if (strstr(buf, "STARTTLS") != NULL) {
310 /* if we got a positive answer */
311 if (strstr(buf, "STARTTLS") != NULL) {
305312 hydra_send(sock, "STARTTLS\r\n", strlen("STARTTLS\r\n"), 0);
306313 free(buf);
307314 buf = hydra_receive_line(sock);
314321 free(buf);
315322 if ((hydra_connect_to_ssl(sock) == -1)) {
316323 if (verbose)
317 hydra_report(stderr, "[ERROR] Can't use TLS\n");
324 hydra_report(stderr, "[ERROR] Can't use TLS\n");
318325 disable_tls = 1;
319326 run = 1;
320327 break;
321328 } else {
322329 if (verbose)
323 hydra_report(stderr, "[VERBOSE] TLS connection done\n");
330 hydra_report(stderr, "[VERBOSE] TLS connection done\n");
324331 }
325332 /* ask again capability request but in TLS mode */
326333 if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0)
333340 hydra_child_exit(2);
334341 }
335342 }
336 }
343 }
337344 }
338345 #endif
339346
457464 }
458465 }
459466
460 int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
467 int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
461468 // called before the childrens are forked off, so this is the function
462469 // which should be filled if initial connections and service setup has to be
463470 // performed once only.
+11
-7
hydra-oracle-listener.c less more
0
01 /*
12 david:
23
3637 }
3738 *sz = 2 * i;
3839
39 if ((buff = malloc(i)) == NULL) {
40 hydra_report(stderr, "[ERROR] Can't allocate memory\n");
41 return 1;
42 }
43 memset(buff, 0, i);
44 strncpy(buff, p_str, strlen(p_str));
40 if ((buff = malloc(i + 4)) == NULL) {
41 hydra_report(stderr, "[ERROR] Can't allocate memory\n");
42 return 1;
43 }
44 memset(buff, 0, i + 4);
45 strcpy(buff, p_str);
4546
4647 //swap the order of every byte pair
4748 for (k = 0; k < i; k += 2) {
156157
157158 if (convert_byteorder(&result, siz)) {
158159 hydra_report(stderr, "[ERROR] ora_hash_password: in convert_byteorder\n");
160 free(result);
159161 return 1;
160162 }
161163 if (ora_descrypt(&desresult, result, siz)) {
162164 hydra_report(stderr, "[ERROR] ora_hash_password: in DES crypt\n");
165 free(result);
163166 return 1;
164167 }
165168 free(result);
166169 if (ora_hash(&result, desresult, siz)) {
167170 hydra_report(stderr, "[ERROR] ora_hash_password: in extracting Oracle hash\n");
171 free(desresult);
168172 return 1;
169173 }
170174
320324 }
321325 }
322326
323 int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
327 int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
324328 // called before the childrens are forked off, so this is the function
325329 // which should be filled if initial connections and service setup has to be
326330 // performed once only.
+2
-1
hydra-oracle-sid.c less more
0
01 /*
12 david:
23
132133 }
133134 }
134135
135 int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
136 int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
136137 // called before the childrens are forked off, so this is the function
137138 // which should be filled if initial connections and service setup has to be
138139 // performed once only.
+3
-2
hydra-oracle.c less more
4949 if (strlen(pass = hydra_get_next_password()) == 0)
5050 pass = empty;
5151
52 strncpy(sid, miscptr, sizeof(sid));
52 strncpy(sid, miscptr, sizeof(sid) - 1);
53 sid[sizeof(sid) - 1] = 0;
5354 snprintf(buffer, sizeof(buffer), "//%s:%d/%s", hydra_address2string(ip), port, sid);
5455
5556 /*
174175
175176 #endif
176177
177 int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
178 int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
178179 // called before the childrens are forked off, so this is the function
179180 // which should be filled if initial connections and service setup has to be
180181 // performed once only.
+22
-15
hydra-pcanywhere.c less more
6161 char passwd[128];
6262 int i;
6363
64 strcpy(passwd, cleartxt);
64 strncpy(passwd, cleartxt, sizeof(passwd) - 1);
65 passwd[sizeof(passwd) - 1] = 0;
6566 if (strlen(cleartxt) > 0) {
6667 passwd[0] = (passwd[0] ^ 0xab);
6768 for (i = 1; i < strlen(passwd); i++)
138139 return 1;
139140 }
140141
141 ret = hydra_recv(s, buffer, sizeof(buffer));
142 ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
142143 if (ret == -1) {
143144 return 1;
144145 }
146147 if (i == 3) {
147148 if (ret == 3) {
148149 /*one more to get the login prompt */
149 ret = hydra_recv(s, buffer, sizeof(buffer));
150 }
151 }
150 ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
151 }
152 }
153
154 if (ret >= 0)
155 buffer[ret] = 0;
152156
153157 if (i == 0 || i == 3)
154158 clean_buffer(buffer, ret);
155159
156 /*show_buffer(buffer,ret); */
160 if (debug) show_buffer(buffer, ret);
157161
158162 if (i == 2) {
159163 clean_buffer(buffer, ret);
164 buffer[sizeof(buffer) - 1] = 0;
160165 if (strstr(buffer, server[i + 2]) != NULL) {
161166 fprintf(stderr, "[ERROR] PC Anywhere host denying connection because you have requested a lower encrypt level\n");
162167 return 3;
174179 if (send_cstring(s, clogin) < 0) {
175180 return 1;
176181 }
177 ret = hydra_recv(s, buffer, sizeof(buffer));
178 if (ret == -1) {
179 return 1;
180 }
182 ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
183 if (ret < 0) {
184 return 1;
185 }
186 buffer[ret] = 0;
181187 clean_buffer(buffer, ret);
182188 /*show_buffer(buffer,ret); */
183189 if (strstr(buffer, "Enter password:") == NULL) {
190196 }
191197
192198 ret = hydra_recv(s, buffer, sizeof(buffer));
193 if (ret == -1) {
194 return 1;
195 }
199 if (ret < 0)
200 return 1;
201 else
202 buffer[ret] = 0;
196203
197204 clean_buffer(buffer, ret);
198205 /*show_buffer(buffer,ret); */
243250 port = mysslport;
244251 }
245252 if (sock < 0) {
246 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
253 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
247254 hydra_child_exit(1);
248255 }
249256
270277 }
271278 }
272279
273 int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
280 int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
274281 // called before the childrens are forked off, so this is the function
275282 // which should be filled if initial connections and service setup has to be
276283 // performed once only.
+2
-2
hydra-pcnfs.c less more
160160 sock = hydra_disconnect(sock);
161161 // usleep(275000);
162162 if ((sock = hydra_connect_udp(ip, port)) < 0) {
163 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
163 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
164164 hydra_child_exit(1);
165165 }
166166 next_run = 2;
182182 }
183183 }
184184
185 int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
185 int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
186186 // called before the childrens are forked off, so this is the function
187187 // which should be filled if initial connections and service setup has to be
188188 // performed once only.
+102
-101
hydra-pop3.c less more
44
55 typedef struct pool_str {
66 char ip[36];
7 /* int port;*/ // not needed
7
8 /* int port;*/// not needed
89 int pop3_auth_mechanism;
910 int disable_tls;
1011 struct pool_str *next;
1617 pool *plist = NULL, *p = NULL;
1718
1819 /* functions */
19 int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
20 int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
2021
2122 pool *list_create(pool data) {
2223 pool *p;
23
24
2425 if (!(p = malloc(sizeof(pool))))
2526 return NULL;
2627
27 memcpy(p->ip, data.ip, 36);
28 memcpy(p->ip, data.ip, 36);
2829 //p->port = data.port;
2930 p->pop3_auth_mechanism = data.pop3_auth_mechanism;
3031 p->disable_tls = data.disable_tls;
31 p->next=NULL;
32 p->next = NULL;
3233
3334 return p;
3435 }
3637 pool *list_insert(pool data) {
3738 pool *newnode;
3839
39 newnode=list_create(data);
40 newnode = list_create(data);
4041 newnode->next = plist;
41 plist = newnode->next; // to be sure!
42 plist = newnode->next; // to be sure!
4243
4344 return newnode;
4445 }
4647 pool *list_find(char *ip) {
4748 pool *node = plist;
4849
49 while(node != NULL) {
50 while (node != NULL) {
5051 if (memcmp(node->ip, ip, 36) == 0)
5152 return node;
5253 node = node->next;
5758
5859 /* how to know when to release the mem ?
5960 -> well, after _start has determined which pool number it is */
60 int list_remove(pool *node) {
61 int list_remove(pool * node) {
6162 pool *save, *list = plist;
6263 int ok = -1;
63
64
6465 if (list == NULL || node == NULL)
6566 return -2;
66
67
6768 do {
6869 save = list->next;
6970 if (list != node)
7273 ok = 0;
7374 list = save;
7475 } while (list != NULL);
75
76
7677 return ok;
7778 }
7879
117118
118119 int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
119120 char *empty = "\"\"";
120 char *login, *pass, buffer[500], buffer2[500];
121 char *login, *pass, buffer[500], buffer2[500], *fooptr;
121122
122123 if (strlen(login = hydra_get_next_login()) == 0)
123124 login = empty;
299300 from64tobits((char *) buffer, buf);
300301 free(buf);
301302
302 if (verbose)
303 hydra_report(stderr, "[VERBOSE] S: %s\n", buffer);
304
305 sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "pop", NULL, 0, NULL);
306 if (buffer2 == NULL)
303 if (debug)
304 hydra_report(stderr, "[DEBUG] S: %s\n", buffer);
305
306 fooptr = buffer2;
307 sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL);
308 if (fooptr == NULL)
307309 return 3;
308310
309 if (verbose)
310 hydra_report(stderr, "[VERBOSE] C: %s\n", buffer2);
311 if (debug)
312 hydra_report(stderr, "[DEBUG] C: %s\n", buffer2);
311313 hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
312314 sprintf(buffer, "%s\r\n", buffer2);
313315 }
340342 sprintf(buffer, "%s\r\n", buf1);
341343 if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
342344 return 1;
343 if ((buf = hydra_receive_line(s)) == NULL)
345 if ((buf = hydra_receive_line(s)) == NULL || strlen(buf) < 6)
344346 return 4;
345347
346348 //recover challenge
376378
377379 if ((buf = hydra_receive_line(s)) == NULL) {
378380 return 4;
379 }
381 }
380382
381383 if (buf[0] == '+') {
382384 hydra_report_found_host(port, ip, "pop3", fp);
402404 return 2;
403405 }
404406
405 void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
407 void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
406408 int run = 1, next_run = 1, sock = -1, i;
407409 char *ptr = NULL;
408410
428430 case 1: /* connect and service init function */
429431
430432 if (sock >= 0)
431 sock = hydra_disconnect(sock);
432 // usleep(300000);
433 if ((options & OPTION_SSL) == 0) {
434 sock = hydra_connect_tcp(ip, port);
435 } else {
436 sock = hydra_connect_ssl(ip, port);
437 }
438 if (sock < 0) {
439 if (verbose || debug)
440 hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
441 hydra_child_exit(1);
442 }
443 buf = hydra_receive_line(sock);
444 if (buf == NULL || buf[0] != '+') { /* check the first line */
445 if (verbose || debug) hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf);
446 hydra_child_exit(2);
447 }
448
449 ptr = strstr(buf, "<");
450 if (ptr != NULL && buf[0] == '+') {
451 if (ptr[strlen(ptr) - 1] == '\n')
452 ptr[strlen(ptr) - 1] = 0;
453 if (ptr[strlen(ptr) - 1] == '\r')
454 ptr[strlen(ptr) - 1] = 0;
455 strcpy(apop_challenge, ptr);
456 }
457 free(buf);
458
459 #ifdef LIBOPENSSL
460 if (!p->disable_tls) {
461 /* check for STARTTLS, if available we may have access to more basic auth methods */
462 hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0);
463 buf = hydra_receive_line(sock);
464 if (buf[0] != '+') {
465 hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
466 } else {
467 free(buf);
468 if ((hydra_connect_to_ssl(sock) == -1)) {
469 if (verbose)
470 hydra_report(stderr, "[ERROR] Can't use TLS\n");
471 p->disable_tls = 1;
472 }
473 else {
474 if (verbose)
475 hydra_report(stderr, "[VERBOSE] TLS connection done\n");
476 }
477 }
478 }
433 sock = hydra_disconnect(sock);
434 // usleep(300000);
435 if ((options & OPTION_SSL) == 0) {
436 sock = hydra_connect_tcp(ip, port);
437 } else {
438 sock = hydra_connect_ssl(ip, port);
439 }
440 if (sock < 0) {
441 if (verbose || debug)
442 hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
443 hydra_child_exit(1);
444 }
445 buf = hydra_receive_line(sock);
446 if (buf == NULL || buf[0] != '+') { /* check the first line */
447 if (verbose || debug)
448 hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf);
449 hydra_child_exit(2);
450 }
451
452 ptr = strstr(buf, "<");
453 if (ptr != NULL && buf[0] == '+') {
454 if (ptr[strlen(ptr) - 1] == '\n')
455 ptr[strlen(ptr) - 1] = 0;
456 if (ptr[strlen(ptr) - 1] == '\r')
457 ptr[strlen(ptr) - 1] = 0;
458 strcpy(apop_challenge, ptr);
459 }
460 free(buf);
461
462 #ifdef LIBOPENSSL
463 if (!p->disable_tls) {
464 /* check for STARTTLS, if available we may have access to more basic auth methods */
465 hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0);
466 buf = hydra_receive_line(sock);
467 if (buf[0] != '+') {
468 hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
469 } else {
470 free(buf);
471 if ((hydra_connect_to_ssl(sock) == -1)) {
472 if (verbose)
473 hydra_report(stderr, "[ERROR] Can't use TLS\n");
474 p->disable_tls = 1;
475 } else {
476 if (verbose)
477 hydra_report(stderr, "[VERBOSE] TLS connection done\n");
478 }
479 }
480 }
479481 #endif
480482
481483 next_run = 2;
502504 }
503505
504506
505 int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
507 int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
506508 int myport = PORT_POP3, mysslport = PORT_POP3_SSL;
507509 char *ptr = NULL;
508510 int sock = -1;
510512 char *quit_str = "QUIT\r\n";
511513 pool p;
512514
513 p.pop3_auth_mechanism=AUTH_CLEAR;
515 p.pop3_auth_mechanism = AUTH_CLEAR;
514516 p.disable_tls = 1;
515517 memcpy(p.ip, ip, 36);
516518
532534 return -1;
533535 }
534536 buf = hydra_receive_line(sock);
535 if (buf == NULL || buf[0] != '+') { /* check the first line */
537 if (buf == NULL || buf[0] != '+') { /* check the first line */
536538 if (verbose || debug)
537539 hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf);
538540 return -1;
549551 free(buf);
550552
551553 /* send capability request */
552 if (hydra_send(sock, capa_str, strlen(capa_str), 0) < 0) {
554 if (hydra_send(sock, capa_str, strlen(capa_str), 0) < 0) {
553555 if (verbose || debug)
554556 hydra_report(stderr, "[ERROR] Can not send the CAPABILITY request\n");
555557 return -1;
572574 p.disable_tls = 0;
573575 }
574576 }
575
576577
577578 #ifdef LIBOPENSSL
578579 if (!p.disable_tls) {
582583 free(buf);
583584 buf = hydra_receive_line(sock);
584585 if (buf[0] != '+') {
585 hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
586 hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
586587 } else {
587588 free(buf);
588589 if ((hydra_connect_to_ssl(sock) == -1)) {
605606 hydra_report(stderr, "[ERROR] No answer from CAPABILITY request\n");
606607 return -1;
607608 }
608 }
609 }
609610 }
610611 } else
611612 hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
613614 #endif
614615
615616 if (hydra_send(sock, quit_str, strlen(quit_str), 0) < 0) {
616 //we dont care if the server is not receiving the quit msg
617 //we dont care if the server is not receiving the quit msg
617618 }
618619 hydra_disconnect(sock);
619620
621622 if (verbose)
622623 hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf);
623624
624 /* example:
625 +OK Capability list follows:
626 TOP
627 LOGIN-DELAY 180
628 UIDL
629 USER
630 SASL PLAIN LOGIN
631 */
632
633 /* according to rfc 2449:
634 The POP3 AUTH command [POP-AUTH] permits the use of [SASL]
635 authentication mechanisms with POP3. The SASL capability
636 indicates that the AUTH command is available and that it supports
637 an optional base64 encoded second argument for an initial client
638 response as described in the SASL specification. The argument to
639 the SASL capability is a space separated list of SASL mechanisms
640 which are supported.
641 */
625 /* example:
626 +OK Capability list follows:
627 TOP
628 LOGIN-DELAY 180
629 UIDL
630 USER
631 SASL PLAIN LOGIN
632 */
633
634 /* according to rfc 2449:
635 The POP3 AUTH command [POP-AUTH] permits the use of [SASL]
636 authentication mechanisms with POP3. The SASL capability
637 indicates that the AUTH command is available and that it supports
638 an optional base64 encoded second argument for an initial client
639 response as described in the SASL specification. The argument to
640 the SASL capability is a space separated list of SASL mechanisms
641 which are supported.
642 */
642643
643644 /* which mean threre will *always* have a space before the LOGIN auth keyword */
644645 if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) {
761762 }
762763 }
763764
764 if(!plist)
765 plist=list_create(p);
766 else
767 plist=list_insert(p);
765 if (!plist)
766 plist = list_create(p);
767 else
768 plist = list_insert(p);
768769
769770 return 0;
770771 }
+5
-4
hydra-postgres.c less more
2828 PGconn *pgconn;
2929
3030 if (miscptr)
31 strncpy(database, miscptr, sizeof(database));
31 strncpy(database, miscptr, sizeof(database) - 1);
3232 else
33 strncpy(database, DEFAULT_DB, sizeof(database));
33 strncpy(database, DEFAULT_DB, sizeof(database) - 1);
34 database[sizeof(database) - 1] = 0;
3435
3536 if (strlen(login = hydra_get_next_login()) == 0)
3637 login = empty;
9192 port = mysslport;
9293 }
9394 if (sock < 0) {
94 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
95 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
9596 hydra_child_exit(1);
9697 }
9798 next_run = 2;
117118
118119 #endif
119120
120 int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
121 int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
121122 // called before the childrens are forked off, so this is the function
122123 // which should be filled if initial connections and service setup has to be
123124 // performed once only.
+92
-91
hydra-rdp.c less more
0
01 /*
12 david: this module is heavily based on rdesktop v 1.7.0
23
5152 BOOL g_bitmap_compression = True;
5253 BOOL g_desktop_save = True;
5354 int g_server_depth = -1;
54 int os_version = 0; //2000
55 int os_version = 0; //2000
5556
5657 uint32 g_rdp5_performanceflags = RDP5_NO_WALLPAPER | RDP5_NO_FULLWINDOWDRAG | RDP5_NO_MENUANIMATIONS;
5758
643644
644645 /* Send a single input event fast JL, this is required for win8 */
645646 void rdp_send_fast_input_kbd(uint32 time, uint16 flags, uint16 param1) {
646 STREAM s;
647 uint8 fast_flags = 0;
648 uint8 len=4;
649
650 fast_flags |= (flags & RDP_KEYRELEASE) ? FASTPATH_INPUT_KBDFLAGS_RELEASE : 0;
651 s = tcp_init(len);
652 out_uint8(s, (1 << 2)); //one event
653 out_uint8(s, len);
654 out_uint8(s, fast_flags|(FASTPATH_INPUT_EVENT_SCANCODE<<5));
655 out_uint8(s, param1);
656 s_mark_end(s);
657 tcp_send(s);
647 STREAM s;
648 uint8 fast_flags = 0;
649 uint8 len = 4;
650
651 fast_flags |= (flags & RDP_KEYRELEASE) ? FASTPATH_INPUT_KBDFLAGS_RELEASE : 0;
652 s = tcp_init(len);
653 out_uint8(s, (1 << 2)); //one event
654 out_uint8(s, len);
655 out_uint8(s, fast_flags | (FASTPATH_INPUT_EVENT_SCANCODE << 5));
656 out_uint8(s, param1);
657 s_mark_end(s);
658 tcp_send(s);
658659 }
659660
660661 /* Send a single input event fast JL, this is required for win8 */
661 void rdp_send_fast_input_mouse(uint32 time, uint16 flags, uint16 param1,uint16 param2) {
662 STREAM s;
663 uint8 len=9;
664
665 s = tcp_init(len);
666 out_uint8(s, (1 << 2)); //one event
667 out_uint8(s, len);
668 out_uint8(s, (FASTPATH_INPUT_EVENT_MOUSE<<5));
669 out_uint16(s, flags);
670 out_uint16(s, param1);
671 out_uint16(s, param2);
672 s_mark_end(s);
673 tcp_send(s);
662 void rdp_send_fast_input_mouse(uint32 time, uint16 flags, uint16 param1, uint16 param2) {
663 STREAM s;
664 uint8 len = 9;
665
666 s = tcp_init(len);
667 out_uint8(s, (1 << 2)); //one event
668 out_uint8(s, len);
669 out_uint8(s, (FASTPATH_INPUT_EVENT_MOUSE << 5));
670 out_uint16(s, flags);
671 out_uint16(s, param1);
672 out_uint16(s, param2);
673 s_mark_end(s);
674 tcp_send(s);
674675 }
675676
676677
785786 /* Disconnect from the ISO layer */
786787 void iso_disconnect(void) {
787788 iso_send_msg(ISO_PDU_DR);
788 g_sock=hydra_disconnect(g_sock);
789 g_sock = hydra_disconnect(g_sock);
789790 }
790791
791792 /* reset the state to support reconnecting */
15761577 /* Receive secure transport packet */
15771578 STREAM sec_recv(uint8 * rdpver) {
15781579 uint32 sec_flags;
1579 uint16 channel = 0 ;
1580 uint16 channel = 0;
15801581 STREAM s;
15811582
15821583 while ((s = mcs_recv(&channel, rdpver)) != NULL) {
18551856 DEBUG(("MEMBLT(op=0x%x,x=%d,y=%d,cx=%d,cy=%d,id=%d,idx=%d)\n", os->opcode, os->x, os->y, os->cx, os->cy, os->cache_id, os->cache_idx));
18561857 //MEMBLT(op=0xcc,x=640,y=128,cx=64,cy=64,id=2,idx=117) => win8 failed
18571858
1858 if ((os->opcode == 0xcc && os->x == 740 && os->y == 448 && os->cx == 60 && os->cy == 56 && os->cache_id == 2)||
1859 (os->opcode == 0xcc && os->x == 640 && os->y == 128 && os->cx == 64 && os->cy == 64 && os->cache_id == 2 && os->cache_idx > 100))
1860 {
1859 if ((os->opcode == 0xcc && os->x == 740 && os->y == 448 && os->cx == 60 && os->cy == 56 && os->cache_id == 2) ||
1860 (os->opcode == 0xcc && os->x == 640 && os->y == 128 && os->cx == 64 && os->cy == 64 && os->cache_id == 2 && os->cache_idx > 100)) {
18611861 if (debug)
18621862 hydra_report(stderr, "[DEBUG] Login failed from process_memblt\n");
18631863 login_result = LOGIN_FAIL;
18651865 }
18661866
18671867 /* Process a text order */
1868 static void process_text2(STREAM s, TEXT2_ORDER *os, uint32 present, BOOL delta) {
1868 static void process_text2(STREAM s, TEXT2_ORDER * os, uint32 present, BOOL delta) {
18691869 int i;
18701870
18711871 if (present & 0x000001)
19441944 //on win2k, error can be fe 00 00 or fe 02 00
19451945 if (((os->text[0] == 254) && (os->text[2] == 0)) || (!memcmp(os->text, LOGON_MESSAGE_FAILED_XP, 18))) {
19461946 if (debug)
1947 hydra_report(stderr,"[DEBUG] login failed from process_text2\n");
1947 hydra_report(stderr, "[DEBUG] login failed from process_text2\n");
19481948 login_result = LOGIN_FAIL;
19491949 } else {
19501950 //if it's not an well known error and if it's not just traffic from win 2000 server
19511951
19521952 if ((os_version == 2000) && (os->length > 50)) {
19531953 if (debug)
1954 hydra_report(stderr,"[DEBUG] login success from process_text2\n");
1954 hydra_report(stderr, "[DEBUG] login success from process_text2\n");
19551955 login_result = LOGIN_SUCC;
19561956 }
19571957 }
19741974 next_order = s->p + (sint16) length + 7;
19751975
19761976 /*
1977 switch (type)
1978 {
1979 case RDP_ORDER_RAW_BMPCACHE:
1980 break;
1981
1982 case RDP_ORDER_COLCACHE:
1983 break;
1984
1985 case RDP_ORDER_BMPCACHE:
1986 break;
1987
1988 case RDP_ORDER_FONTCACHE:
1989 process_fontcache(s);
1990 break;
1991
1992 case RDP_ORDER_RAW_BMPCACHE2:
1993 break;
1994
1995 case RDP_ORDER_BMPCACHE2:
1996 break;
1997
1998 case RDP_ORDER_BRUSHCACHE:
1999 process_brushcache(s, flags);
2000 break;
2001
2002 default:
2003 unimpl("secondary order %d\n", type);
2004 }
2005 */
1977 switch (type)
1978 {
1979 case RDP_ORDER_RAW_BMPCACHE:
1980 break;
1981
1982 case RDP_ORDER_COLCACHE:
1983 break;
1984
1985 case RDP_ORDER_BMPCACHE:
1986 break;
1987
1988 case RDP_ORDER_FONTCACHE:
1989 process_fontcache(s);
1990 break;
1991
1992 case RDP_ORDER_RAW_BMPCACHE2:
1993 break;
1994
1995 case RDP_ORDER_BMPCACHE2:
1996 break;
1997
1998 case RDP_ORDER_BRUSHCACHE:
1999 process_brushcache(s, flags);
2000 break;
2001
2002 default:
2003 unimpl("secondary order %d\n", type);
2004 }
2005 */
20062006 s->p = next_order;
20072007 }
20082008
20862086 case RDP_ORDER_TEXT2:
20872087 process_text2(s, &os->text2, present, delta);
20882088 break;
2089
2089
20902090 default:
20912091 if (debug)
20922092 printf("[DEBUG] unknown order_type: %d\n", os->order_type);
24232423 strcpy(server, hydra_address2string(ip));
24242424
24252425 if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
2426 strncpy(domain, miscptr, sizeof(domain));
2426 strncpy(domain, miscptr, sizeof(domain) - 1);
2427 domain[sizeof(domain) - 1] = 0;
24272428 }
24282429
24292430 if (!rdp_connect(server, flags, domain, login, pass, shell, directory, g_redirect))
24342435 if (login_result == LOGIN_SUCC) {
24352436 hydra_report_found_host(port, ip, "rdp", fp);
24362437 hydra_completed_pair_found();
2437 } else {
2438 } else {
24382439 hydra_completed_pair();
24392440 }
24402441
24622463 rdesktop_reset_state();
24632464 g_sock = hydra_connect_tcp(ip, myport);
24642465 if (g_sock < 0) {
2465 hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
2466 hydra_child_exit(1);
2466 hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
2467 hydra_child_exit(1);
24672468 }
24682469 next_run = start_rdp(g_sock, ip, port, options, miscptr, fp);
24692470 break;
27072708 STREAM s;
27082709
27092710 switch (message_type) {
2710 case RDP_INPUT_MOUSE:
2711 rdp_send_fast_input_mouse(time,device_flags, param1,param2);
2712 break;
2713 case RDP_INPUT_SCANCODE:
2714 rdp_send_fast_input_kbd(time,device_flags, param1);
2715 break;
2716 default:
2717 s = rdp_init_data(16);
2718 out_uint16_le(s, 1); /* number of events */
2719 out_uint16(s, 0); /* pad */
2720 out_uint32_le(s, time);
2721 out_uint16_le(s, message_type);
2722 out_uint16_le(s, device_flags);
2723 out_uint16_le(s, param1);
2724 out_uint16_le(s, param2);
2725 s_mark_end(s);
2726 rdp_send_data(s, RDP_DATA_PDU_INPUT);
2711 case RDP_INPUT_MOUSE:
2712 rdp_send_fast_input_mouse(time, device_flags, param1, param2);
2713 break;
2714 case RDP_INPUT_SCANCODE:
2715 rdp_send_fast_input_kbd(time, device_flags, param1);
2716 break;
2717 default:
2718 s = rdp_init_data(16);
2719 out_uint16_le(s, 1); /* number of events */
2720 out_uint16(s, 0); /* pad */
2721 out_uint32_le(s, time);
2722 out_uint16_le(s, message_type);
2723 out_uint16_le(s, device_flags);
2724 out_uint16_le(s, param1);
2725 out_uint16_le(s, param2);
2726 s_mark_end(s);
2727 rdp_send_data(s, RDP_DATA_PDU_INPUT);
27272728 }
27282729 }
27292730
27992800 order_caps[11] = (g_desktop_save ? 1 : 0); /* desksave */
28002801 order_caps[13] = 1; /* memblt */
28012802 order_caps[14] = 1; /* triblt */
2802 order_caps[20] = 1; /* polygon */
2803 order_caps[21] = 1; /* polygon2 */
2803 order_caps[20] = 1; /* polygon */
2804 order_caps[21] = 1; /* polygon2 */
28042805 order_caps[22] = 1; /* polyline */
2805 order_caps[25] = 1; /* ellipse */
2806 order_caps[26] = 1; /* ellipse2 */
2806 order_caps[25] = 1; /* ellipse */
2807 order_caps[26] = 1; /* ellipse2 */
28072808 order_caps[27] = 1; /* text2 */
28082809 out_uint16_le(s, RDP_CAPSET_ORDER);
28092810 out_uint16_le(s, RDP_CAPLEN_ORDER);
30823083 rdp_recv(&type); /* RDP_PDU_SYNCHRONIZE */
30833084 rdp_recv(&type); /* RDP_CTL_COOPERATE */
30843085 rdp_recv(&type); /* RDP_CTL_GRANT_CONTROL */
3085 rdp_send_input(0, 0, 0, 0, 0); /* RDP_INPUT_SYNCHRONIZE */
3086 rdp_send_input(0, 0, 0, 0, 0); /* RDP_INPUT_SYNCHRONIZE */
30863087 // here? XXX TODO BUGFIX
30873088
30883089 if (g_use_rdp5) {
31943195 }
31953196 #endif
31963197
3197 int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
3198 int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
31983199 // called before the childrens are forked off, so this is the function
31993200 // which should be filled if initial connections and service setup has to be
32003201 // performed once only.
+103
-0
hydra-redis.c less more
0 #include "hydra-mod.h"
1
2 extern char *HYDRA_EXIT;
3 char *buf;
4
5 int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
6 char *pass, buffer[510];
7 char *empty = "";
8
9 if (strlen(pass = hydra_get_next_password()) == 0)
10 pass = empty;
11
12 sprintf(buffer, "AUTH %.250s\r\n", pass);
13
14 if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
15 return 1;
16 }
17 buf = hydra_receive_line(s);
18 if (buf[0] == '+') {
19 hydra_report_found_host(port, ip, "redis", fp);
20 hydra_completed_pair_found();
21 free(buf);
22 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
23 return 3;
24 return 1;
25 }
26 if (verbose > 1)
27 hydra_report(stderr, "[VERBOSE] Authentication failed for password %s\n", pass);
28 hydra_completed_pair();
29
30 free(buf);
31
32 return 1;
33 }
34
35 void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, int tls) {
36 int run = 1, next_run = 1, sock = -1;
37 int myport = PORT_REDIS, mysslport = PORT_REDIS_SSL;
38
39 hydra_register_socket(sp);
40 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
41 hydra_child_exit(0);
42
43 while (1) {
44 switch (run) {
45 case 1: /* connect and service init function */
46 if (sock >= 0)
47 sock = hydra_disconnect(sock);
48 if ((options & OPTION_SSL) == 0) {
49 if (port != 0)
50 myport = port;
51 sock = hydra_connect_tcp(ip, myport);
52 port = myport;
53 } else {
54 if (port != 0)
55 mysslport = port;
56 sock = hydra_connect_ssl(ip, mysslport);
57 port = mysslport;
58 }
59 if (sock < 0) {
60 if (verbose || debug)
61 hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
62 hydra_child_exit(1);
63 }
64 usleep(250);
65 next_run = 2;
66 break;
67 case 2: /* run the cracking function */
68 next_run = start_redis(sock, ip, port, options, miscptr, fp);
69 break;
70 case 3: /* error exit */
71 if (sock >= 0)
72 sock = hydra_disconnect(sock);
73 hydra_child_exit(2);
74 case 4: /* clean exit */
75 if (sock >= 0)
76 sock = hydra_disconnect(sock);
77 hydra_child_exit(0);
78 default:
79 hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
80 hydra_child_exit(2);
81 }
82 run = next_run;
83 }
84 }
85
86 void service_redis(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
87 service_redis_core(ip, sp, options, miscptr, fp, port, 0);
88 }
89
90 int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
91 // called before the childrens are forked off, so this is the function
92 // which should be filled if initial connections and service setup has to be
93 // performed once only.
94 //
95 // fill if needed.
96 //
97 // return codes:
98 // 0 all OK
99 // -1 error, hydra will exit, so print a good error message here
100
101 return 0;
102 }
+2
-2
hydra-rexec.c less more
3131 return 1;
3232 }
3333
34 ret = hydra_recv(s, buffer, sizeof(buffer));
34 ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
3535
3636 if (ret > 0 && buffer[0] == 0) {
3737 hydra_report_found_host(port, ip, "rexec", fp);
9494 }
9595 }
9696
97 int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
97 int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
9898 // called before the childrens are forked off, so this is the function
9999 // which should be filled if initial connections and service setup has to be
100100 // performed once only.
+13
-6
hydra-rlogin.c less more
3737 if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(login) + strlen(TERM), 0) < 0) {
3838 return 4;
3939 }
40 ret = hydra_recv(s, buffer, sizeof(buffer));
40 buffer[0] = 0;
41 if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) >= 0)
42 buffer[ret] = 0;
4143 /* 0x00 is sent but hydra_recv transformed it */
42 if (strlen(buffer) == 0)
43 ret = hydra_recv(s, buffer, sizeof(buffer));
44 if (strlen(buffer) == 0) {
45 ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
46 }
47 if (ret >= 0)
48 buffer[ret] = 0;
4449
4550 if (ret > 0 && (strstr(buffer, "rlogind:") != NULL))
4651 return 1;
4752
4853 if (ret > 0 && (strstr(buffer, "ssword") != NULL)) {
49 if (strlen(pass = hydra_get_next_password()) == 0)
54 if (strlen((pass = hydra_get_next_password())) == 0)
5055 pass = empty;
5156 sprintf(buffer2, "%s\r", pass);
5257 if (hydra_send(s, buffer2, 1 + strlen(pass), 0) < 0) {
5560 memset(buffer, 0, sizeof(buffer));
5661 ret = hydra_recv(s, buffer, sizeof(buffer));
5762 if (strcmp(buffer, "\r\n"))
58 ret = hydra_recv(s, buffer, sizeof(buffer));
63 ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
64 if (ret >= 0)
65 buffer[ret] = 0;
5966 }
6067 /* Authentication failure */
6168
133140 }
134141 }
135142
136 int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
143 int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
137144 // called before the childrens are forked off, so this is the function
138145 // which should be filled if initial connections and service setup has to be
139146 // performed once only.
+7
-3
hydra-rsh.c less more
3535 return 4;
3636 }
3737
38 ret = hydra_recv(s, buffer, sizeof(buffer));
38 buffer[0] = 0;
39 if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) >= 0)
40 buffer[ret] = 0;
3941 /* 0x00 is sent but hydra_recv transformed it */
4042 if (strlen(buffer) == 0)
41 ret = hydra_recv(s, buffer, sizeof(buffer));
43 ret = hydra_recv(s, buffer, sizeof(buffer) - 1);
44 if (ret >= 0)
45 buffer[ret] = 0;
4246 #ifdef HAVE_PCRE
4347 if (ret > 0 && (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)"))) {
4448 #else
106110 }
107111 }
108112
109 int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
113 int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
110114 // called before the childrens are forked off, so this is the function
111115 // which should be filled if initial connections and service setup has to be
112116 // performed once only.
+287
-0
hydra-s7-300.c less more
0 // submitted by Alexander Timorin <ATimorin@ptsecurity.com> and Sergey Gordeychik
1
2 #include "hydra-mod.h"
3
4 #define S7PASSLEN 8
5
6 extern char *HYDRA_EXIT;
7
8 unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" "\x01\x0a";
9
10 unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" "\x01\x00\x01\x01\xe0";
11
12 unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" "\x32\x00\x04";
13
14 unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" "\x04\x11\x45\x01\x00\xff\x09\x00\x08";
15
16
17 int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
18 char *empty = "";
19 char *pass, buffer[1024];
20 char context[S7PASSLEN + 1];
21 unsigned char encoded_password[S7PASSLEN];
22 char *spaces = " ";
23 int ret = -1;
24
25 if (strlen(pass = hydra_get_next_password()) == 0)
26 pass = empty;
27
28 // prepare password
29 memset(context, 0, sizeof(context));
30 if (strlen(pass) < S7PASSLEN) {
31 strncpy(context, pass, strlen(pass));
32 strncat(context, spaces, S7PASSLEN - strlen(pass));
33 } else {
34 strncpy(context, pass, S7PASSLEN);
35 }
36
37 // encode password
38 encoded_password[0] = context[0] ^ 0x55;
39 encoded_password[1] = context[1] ^ 0x55;
40 int i;
41
42 for (i = 2; i < S7PASSLEN; i++) {
43 encoded_password[i] = context[i] ^ encoded_password[i - 2] ^ 0x55;
44 }
45
46 // send p_cotp and check first 2 bytes of answer
47 if (hydra_send(s, (char *) p_cotp, 22, 0) < 0)
48 return 1;
49 memset(buffer, 0, sizeof(buffer));
50 ret = hydra_recv_nb(s, buffer, sizeof(buffer));
51
52 if (ret <= 0)
53 return 3;
54
55 if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00))
56 return 3;
57
58 // send p_s7_negotiate_pdu and check first 2 bytes of answer
59 if (hydra_send(s, (char *) p_s7_negotiate_pdu, 25, 0) < 0)
60 return 1;
61 memset(buffer, 0, sizeof(buffer));
62 ret = hydra_recv_nb(s, buffer, sizeof(buffer));
63
64 if (ret <= 0)
65 return 3;
66
67 if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00))
68 return 3;
69
70 // send p_s7_read_szl and check first 2 bytes of answer
71 if (hydra_send(s, (char *) p_s7_read_szl, 33, 0) < 0)
72 return 1;
73 memset(buffer, 0, sizeof(buffer));
74 ret = hydra_recv_nb(s, buffer, sizeof(buffer));
75
76 if (ret <= 0)
77 return 3;
78
79 if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00))
80 return 3;
81
82 // so now add encoded_password to p_s7_password_request and send
83 memset(buffer, 0, sizeof(buffer));
84 memcpy(buffer, p_s7_password_request, 29);
85 memcpy(buffer + 29, encoded_password, S7PASSLEN);
86
87 if (hydra_send(s, buffer, 29 + S7PASSLEN, 0) < 0)
88 return 1;
89
90 memset(buffer, 0, sizeof(buffer));
91 ret = hydra_recv_nb(s, buffer, sizeof(buffer));
92
93 if (ret <= 0)
94 return 3;
95
96 // now check answer
97 // 0x0000 - valid password
98 // 0xd605 - no password
99 // 0xd602 - wrong password
100 if (ret > 30) {
101 if (buffer[27] == '\x00' && buffer[28] == '\x00') {
102 hydra_report_found_host(port, ip, "s7-300", fp);
103 hydra_completed_pair_found();
104 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
105 return 2;
106 return 1;
107 }
108
109 if (buffer[27] == '\xd6' && buffer[28] == '\x05') {
110 //hydra_report_found_host(port, ip, "s7-300", fp);
111 hydra_completed_pair_found();
112 hydra_report(stderr, "[INFO] No password protection enabled\n");
113 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
114 return 2;
115 return 1;
116 }
117 }
118
119 hydra_completed_pair();
120 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
121 return 2;
122
123 return 1;
124 }
125
126 void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
127 int run = 1, next_run = 1, sock = -1;
128 int s7port = PORT_S7_300;
129
130 if (port != 0)
131 s7port = port;
132
133 hydra_register_socket(sp);
134 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
135 return;
136 while (1) {
137 switch (run) {
138 case 1: /* connect and service init function */
139 sock = hydra_connect_tcp(ip, s7port);
140 if (sock < 0) {
141 hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
142 hydra_child_exit(1);
143 }
144 next_run = start_s7_300(sock, ip, s7port, options, miscptr, fp);
145 sock = hydra_disconnect(sock);
146 break;
147 case 2: /* clean exit */
148 if (sock >= 0)
149 sock = hydra_disconnect(sock);
150 hydra_child_exit(0);
151 return;
152 case 3: /* clean exit */
153 if (sock >= 0)
154 sock = hydra_disconnect(sock);
155 hydra_child_exit(2);
156 return;
157 default:
158 hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
159 hydra_child_exit(2);
160 }
161 run = next_run;
162 }
163 }
164
165 int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
166 // called before the childrens are forked off, so this is the function
167 // which should be filled if initial connections and service setup has to be
168 // performed once only.
169 //
170 // fill if needed.
171 //
172 // return codes:
173 // 0 all OK
174 // 1 skip target without generating an error
175 // 2 skip target because of protocol problems
176 // 3 skip target because its unreachable
177 int sock = -1;
178 int s7port = PORT_S7_300;
179 char *empty = "";
180 char *pass, buffer[1024];
181 char context[S7PASSLEN + 1];
182 unsigned char encoded_password[S7PASSLEN];
183 char *spaces = " ";
184 int ret = -1;
185 int i;
186
187 if (port != 0)
188 s7port = port;
189
190 if (debug || verbose)
191 printf("[INFO] Checking authentication setup...\n");
192
193 sock = hydra_connect_tcp(ip, s7port);
194 if (sock < 0) {
195 hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", s7port);
196 return 2;
197 }
198
199 pass = empty;
200
201 // prepare password
202 memset(context, 0, sizeof(context));
203 strncat(context, spaces, S7PASSLEN - strlen(pass));
204
205 // encode password
206 encoded_password[0] = context[0] ^ 0x55;
207 encoded_password[1] = context[1] ^ 0x55;
208 for (i = 2; i < S7PASSLEN; i++) {
209 encoded_password[i] = context[i] ^ encoded_password[i - 2] ^ 0x55;
210 }
211
212 // send p_cotp and check first 2 bytes of answer
213 if (hydra_send(sock, (char *) p_cotp, 22, 0) < 0) {
214 fprintf(stderr, "[ERROR] can not send data to service\n");
215 return 3;
216 }
217 memset(buffer, 0, sizeof(buffer));
218 if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) {
219 fprintf(stderr, "[ERROR] did not received data from the service\n");
220 return 3;
221 }
222
223 if (ret < 2 || (buffer[0] != 0x03 && buffer[1] != 0x00)) {
224 fprintf(stderr, "[ERROR] invalid reply to init packet\n");
225 return 3;
226 }
227 // send p_s7_negotiate_pdu and check first 2 bytes of answer
228 if (hydra_send(sock, (char *) p_s7_negotiate_pdu, 25, 0) < 0) {
229 fprintf(stderr, "[ERROR] can not send data to service (2)\n");
230 return 3;
231 }
232 memset(buffer, 0, sizeof(buffer));
233 if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) {
234 fprintf(stderr, "[ERROR] did not received data from the service (2)\n");
235 return 3;
236 }
237
238 if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) {
239 fprintf(stderr, "[ERROR] invalid reply to init packet (2)\n");
240 return 3;
241 }
242 // send p_s7_read_szl and check first 2 bytes of answer
243 if (hydra_send(sock, (char *) p_s7_read_szl, 33, 0) < 0) {
244 fprintf(stderr, "[ERROR] can not send data to service (3)\n");
245 return 3;
246 }
247 memset(buffer, 0, sizeof(buffer));
248 if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) >= 0) {
249 fprintf(stderr, "[ERROR] did not received data from the service (3)\n");
250 return 3;
251 }
252
253 if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) {
254 fprintf(stderr, "[ERROR] invalid reply to init packet (3)\n");
255 return 3;
256 }
257 // so now add encoded_password to p_s7_password_request and send
258 memset(buffer, 0, sizeof(buffer));
259 memcpy(buffer, p_s7_password_request, 29);
260 memcpy(buffer + 29, encoded_password, S7PASSLEN);
261
262 if (hydra_send(sock, buffer, 29 + S7PASSLEN, 0) < 0) {
263 fprintf(stderr, "[ERROR] can not send data to service (4)\n");
264 return 3;
265 }
266
267 memset(buffer, 0, sizeof(buffer));
268 if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) {
269 fprintf(stderr, "[ERROR] did not received data from the service (4)\n");
270 return 3;
271 }
272 // now check answer
273 // 0x0000 - valid password
274 // 0xd605 - no password
275 // 0xd602 - wrong password
276 if (ret > 30) {
277 if ((buffer[27] == '\x00' && buffer[28] == '\x00') || (buffer[27] == '\xd6' && buffer[28] == '\x05')) {
278 hydra_report(stderr, "[INFO] No password protection enabled, no password tests are necessary!\n");
279 return 1;
280 }
281 }
282
283 sock = hydra_disconnect(sock);
284
285 return 0;
286 }
+1
-1
hydra-sapr3.c less more
116116
117117 #endif
118118
119 int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
119 int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
120120 // called before the childrens are forked off, so this is the function
121121 // which should be filled if initial connections and service setup has to be
122122 // performed once only.
+33
-33
hydra-sip.c less more
0
01 /* simple sip digest auth (md5) module 2009/02/19
12 * written by gh0st 2005
23 * modified by Jean-Baptiste Aviat <jba [at] hsc [dot] `french tld`> - should
7374 while (try < 2 && !has_sip_cred) {
7475 try++;
7576 if (hydra_data_ready_timed(s, 3, 0) > 0) {
76 i = hydra_recv(s, (char *) buf, sizeof(buf));
77 buf[sizeof(buf) - 1] = '\0';
77 i = hydra_recv(s, (char *) buf, sizeof(buf) - 1);
78 if (i > 0)
79 buf[i] = '\0';
7880 if (strncmp(buf, "SIP/2.0 404", 11) == 0) {
79 hydra_report(stdout, "[ERROR] Get error code 404 : user '%s' not found\n", login);
80 return 2;
81 hydra_report(stdout, "[ERROR] Get error code 404 : user '%s' not found\n", login);
82 return 2;
8183 }
8284 if (strncmp(buf, "SIP/2.0 606", 11) == 0) {
83 char *ptr=NULL;
85 char *ptr = NULL;
8486 int i = 0;
8587
8688 // if we already tried to connect, exit
8789 if (external_ip_addr[0]) {
88 hydra_report(stdout, "[ERROR] Get error code 606 : session is not acceptable by the server\n");
90 hydra_report(stdout, "[ERROR] Get error code 606 : session is not acceptable by the server\n");
8991 return 2;
9092 }
91
93
9294 if (verbose)
9395 hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not acceptable by the server,\n"
94 "maybe it's an addressing issue as you are using NAT, trying to reconnect\n"
95 "using addr from the server reply\n");
96 "maybe it's an addressing issue as you are using NAT, trying to reconnect\n" "using addr from the server reply\n");
9697 /*
97 SIP/2.0 606 Not Acceptable
98 Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137
99 */
98 SIP/2.0 606 Not Acceptable
99 Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137
100 */
100101 #ifdef HAVE_PCRE
101102 if (hydra_string_match(buf, "Via: SIP.*received=")) {
102 ptr=strstr(buf, "received=");
103 ptr = strstr(buf, "received=");
103104 #else
104 if ((ptr=strstr(buf, "received="))) {
105 if ((ptr = strstr(buf, "received="))) {
105106 #endif
106 strncpy(external_ip_addr, ptr+strlen("received="), sizeof(external_ip_addr));
107 external_ip_addr[sizeof(external_ip_addr) - 1] = '\0';
108 for (i = 0; i < strlen(external_ip_addr); i++) {
109 if (external_ip_addr[i] <= 32) {
110 external_ip_addr[i] = '\0';
107 strncpy(external_ip_addr, ptr + strlen("received="), sizeof(external_ip_addr));
108 external_ip_addr[sizeof(external_ip_addr) - 1] = '\0';
109 for (i = 0; i < strlen(external_ip_addr); i++) {
110 if (external_ip_addr[i] <= 32) {
111 external_ip_addr[i] = '\0';
112 }
111113 }
112 }
113 if (verbose)
114 hydra_report(stderr, "[VERBOSE] Will reconnect using external IP address %s\n", external_ip_addr);
115 return 1;
114 if (verbose)
115 hydra_report(stderr, "[VERBOSE] Will reconnect using external IP address %s\n", external_ip_addr);
116 return 1;
116117 }
117118 hydra_report(stderr, "[ERROR] Could not find external IP address in server answer\n");
118119 return 2;
123124 hydra_report(stderr, "[ERROR] no www-authenticate header found!\n");
124125 return -1;
125126 }
126 if (verbose)
127 if (debug)
127128 hydra_report(stderr, "[INFO] S: %s\n", buf);
128129 char buffer2[512];
130
129131 sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL);
130132
131133 memset(buffer, 0, SIP_MAX_BUF);
134136 "Via: SIP/2.0/UDP %s:%i\n"
135137 "From: <sip:%s@%s>\n"
136138 "To: <sip:%s@%s>\n"
137 "Call-ID: 1337@%s\n"
138 "CSeq: %i REGISTER\n"
139 "Authorization: Digest %s\n"
140 "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2);
139 "Call-ID: 1337@%s\n" "CSeq: %i REGISTER\n" "Authorization: Digest %s\n" "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2);
141140
142141 cseq++;
143 if (verbose)
142 if (debug)
144143 hydra_report(stderr, "[INFO] C: %s\n", buffer);
145144 if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
146145 return 3;
153152 try++;
154153 if (hydra_data_ready_timed(s, 5, 0) > 0) {
155154 memset(buf, 0, sizeof(buf));
156 i = hydra_recv(s, (char *) buf, sizeof(buf));
157 if (verbose)
155 if ((i = hydra_recv(s, (char *) buf, sizeof(buf) - 1)) >= 0)
156 buf[i] = 0;
157 if (debug)
158158 hydra_report(stderr, "[INFO] S: %s\n", buf);
159159 sip_code = get_sip_code(buf);
160160 if (sip_code >= 200 && sip_code < 300) {
180180 int myport = PORT_SIP, mysslport = PORT_SIP_SSL;
181181
182182 char *lip = get_iface_ip((int) *(&ip[1]));
183
183184 hydra_register_socket(sp);
184185
185186 // FIXME IPV6
245246 }
246247
247248 char *get_iface_ip(unsigned long int ip) {
248
249249 int sfd;
250250
251251 sfd = socket(AF_INET, SOCK_DGRAM, 0);
288288
289289 #endif
290290
291 int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
291 int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
292292 // called before the childrens are forked off, so this is the function
293293 // which should be filled if initial connections and service setup has to be
294294 // performed once only.
+453
-447
hydra-smb.c less more
00 #include "hydra-mod.h"
11 #ifndef LIBOPENSSL
2 void
3 dummy_smb()
4 {
2 void dummy_smb() {
53 printf("\n");
64 }
75 #else
97 #include <openssl/des.h>
108 #include "hmacmd5.h"
119 #include "sasl.h"
10
11 // FIXME XXX BUG: several malloc()s without return code checking
12
1213
1314 /*
1415
8687 #ifndef CHAR_BIT
8788 #define CHAR_BIT 8
8889 #endif
89
90
9091 #ifndef TIME_T_MIN
9192 #define TIME_T_MIN ((time_t)0 < (time_t) -1 ? (time_t) 0 \
9293 : ~ (time_t) 0 << (sizeof (time_t) * CHAR_BIT - 1))
9596 #define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN)
9697 #endif
9798
98 #define IVAL_NC(buf,pos) (*(unsigned int *)((char *)(buf) + (pos))) /* Non const version of above. */
99 #define IVAL_NC(buf,pos) (*(unsigned int *)((char *)(buf) + (pos))) /* Non const version of above. */
99100 #define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((unsigned int)(val))
100101
101102 #define TIME_FIXUP_CONSTANT_INT 11644473600LL
108109 static unsigned char machine_name[16];
109110 int hashFlag, accntFlag, protoFlag;
110111
111 int smb_auth_mechanism=AUTH_NTLM;
112 int security_mode=ENCRYPTED;
113
114
115 static unsigned char
116 Get7Bits(unsigned char *input, int startBit)
112 int smb_auth_mechanism = AUTH_NTLM;
113 int security_mode = ENCRYPTED;
114
115 static size_t UTF8_UTF16LE(unsigned char *in, int insize, unsigned char *out, int outsize)
117116 {
117 int i=0,j=0;
118 unsigned long int ch;
119 if (debug) {
120 hydra_report(stderr, "[DEBUG] UTF8_UTF16LE in:\n");
121 hydra_dump_asciihex(in, insize);
122 }
123 for (i = 0; i < insize; i++) {
124 if (in[i] < 128) { // one byte
125 out[j] = in[i];
126 out[j+1] = 0;
127 j=j+2;
128 } else if ((in[i] >= 0xc0) && (in[i] <= 0xdf)) { // Two bytes
129 out[j+1] = 0x07 & (in[i] >> 2);
130 out[j] = (0xc0 & (in[i] << 6)) | (0x3f & in[i+1]);
131 j=j+2;
132 i=i+1;
133 } else if ((in[i] >= 0xe0) && (in[i] <= 0xef)) { // Three bytes
134 out[j] = (0xc0 & (in[i+1] << 6)) | (0x3f & in[i+2]);
135 out[j+1] = (0xf0 & (in[i] << 4)) | (0x0f & (in[i+1] >> 2));
136 j=j+2;
137 i=i+2;
138 } else if ((in[i] >= 0xf0) && (in[i] <= 0xf7)) { // Four bytes
139 ch = ((in[i] & 0x07) << 18) + ((0x3f & in[i+1]) << 12) + ((0x3f & in[i+2]) << 6) + (0x3f & in[i+3])- 0x10000;
140 out[j] = (ch >> 10) & 0xff;
141 out[j+1] = 0xd8 | ((ch >> 18) & 0xff);
142 out[j+2] = ch & 0xff;
143 out[j+3] = 0xdc | ((ch >> 8) & 0x3 );
144 j=j+4;
145 i=i+3;
146 }
147 if ( j-2 > outsize) break;
148 }
149 if (debug) {
150 hydra_report(stderr, "[DEBUG] UTF8_UTF16LE out:\n");
151 hydra_dump_asciihex(out,j);
152 }
153 return j;
154 }
155
156 static unsigned char Get7Bits(unsigned char *input, int startBit) {
118157 register unsigned int word;
119158
120159 word = (unsigned) input[startBit / 8] << 8;
126165 }
127166
128167 /* Make the key */
129 static void
130 MakeKey(unsigned char *key, unsigned char *des_key)
131 {
168 static void MakeKey(unsigned char *key, unsigned char *des_key) {
132169 des_key[0] = Get7Bits(key, 0);
133170 des_key[1] = Get7Bits(key, 7);
134171 des_key[2] = Get7Bits(key, 14);
142179 }
143180
144181 /* Do the DesEncryption */
145 void
146 DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher)
147 {
182 void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) {
148183 des_cblock des_key;
149184 des_key_schedule key_schedule;
150185
161196 pass = users password
162197 challenge = the challenge recieved from the server
163198 */
164 int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge)
165 {
166 static unsigned char magic[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
199 int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) {
200 static unsigned char magic[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };
167201 unsigned char password[14 + 1];
168202 unsigned char lm_hash[21];
169203 unsigned char lm_response[24];
189223 if (*p == '\0') {
190224 hydra_report(stderr, "[ERROR] Reading PwDump file.\n");
191225 return -1;
192 }
193 else if (*p == 'N') {
226 } else if (*p == 'N') {
194227 if (verbose)
195228 hydra_report(stderr, "[VERBOSE] Found \"NO PASSWORD\" for LM Hash.\n");
196
229
197230 /* Generate 16-byte LM hash */
198231 DesEncrypt(magic, &password[0], &lm_hash[0]);
199232 DesEncrypt(magic, &password[7], &lm_hash[8]);
200 }
201 else {
233 } else {
202234 if (verbose)
203235 hydra_report(stderr, "[VERBOSE] Convert ASCII PwDump LM Hash (%s).\n", p);
204236 for (i = 0; i < 16; i++) {
207239 HexChar = (char) p[2 * i + j];
208240
209241 if (HexChar > 0x39)
210 HexChar = HexChar | 0x20; /* convert upper case to lower */
211
212 if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */
213 ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */
214
242 HexChar = HexChar | 0x20; /* convert upper case to lower */
243
244 if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */
245 ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */
246
215247 hydra_report(stderr, "[ERROR] Invalid char (%c) for hash.\n", HexChar);
216248 HexChar = 0x30;
217249 }
218
250
219251 HexChar -= 0x30;
220 if (HexChar > 0x09) /* HexChar is "a" - "f" */
252 if (HexChar > 0x09) /* HexChar is "a" - "f" */
221253 HexChar -= 0x27;
222254
223255 HexValue = (HexValue << 4) | (char) HexChar;
234266 pass = machine_name;
235267 }
236268 }
237
269
238270 /* convert lower case characters to upper case */
239 strncpy((char *)password,(char *) pass, 14);
271 strncpy((char *) password, (char *) pass, 14);
240272 for (i = 0; i < 14; i++) {
241 if ((password[i] >= 0x61) && (password[i] <= 0x7a)) /* a - z */
273 if ((password[i] >= 0x61) && (password[i] <= 0x7a)) /* a - z */
242274 password[i] -= 0x20;
243275 }
244276
248280 }
249281
250282 /*
251 NULL-pad 16-byte LM hash to 21-bytes
252 Split resultant value into three 7-byte thirds
253 DES-encrypt challenge using each third as a key
254 Concatenate three 8-byte resulting values to form 24-byte LM response
255 */
283 NULL-pad 16-byte LM hash to 21-bytes
284 Split resultant value into three 7-byte thirds
285 DES-encrypt challenge using each third as a key
286 Concatenate three 8-byte resulting values to form 24-byte LM response
287 */
256288 DesEncrypt(challenge, &lm_hash[0], &lm_response[0]);
257289 DesEncrypt(challenge, &lm_hash[7], &lm_response[8]);
258290 DesEncrypt(challenge, &lm_hash[14], &lm_response[16]);
267299 MakeNTLM
268300 Function: Create a NTLM hash from the password
269301 */
270 int MakeNTLM (unsigned char *ntlmhash, unsigned char *pass)
271 {
302 int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) {
272303 MD4_CTX md4Context;
273304 unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */
274305 unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */
327358 pass = machine_name;
328359 }
329360 }
330
361
331362 /* Initialize the Unicode version of the secret (== password). */
332 /* This implicitly supports 8-bit ISO8859/1 characters. */
333 bzero(unicodePassword, sizeof(unicodePassword));
334 for (i = 0; i < strlen((char *) pass); i++)
335 unicodePassword[i * 2] = (unsigned char) pass[i];
336
337 mdlen = strlen((char *) pass) * 2; /* length in bytes */
363 /* This implicitly supports most UTF8 characters. */
364
365 j = UTF8_UTF16LE(pass, strlen((char *) pass), unicodePassword, sizeof(unicodePassword));
366
367 mdlen = j; /* length in bytes */
368
338369 MD4_Init(&md4Context);
339370 MD4_Update(&md4Context, unicodePassword, mdlen);
340 MD4_Final(hash, &md4Context); /* Tell MD4 we're done */
371 MD4_Final(hash, &md4Context); /* Tell MD4 we're done */
341372 }
342373
343374 memcpy(ntlmhash, hash, 16);
357388 samba-3.0.28a - libsmb/smbencrypt.c
358389 jcifs - packet capture of LMv2-only connection
359390 */
360 int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *szPassword)
361 {
391 int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *szPassword) {
362392 unsigned char ntlm_hash[16];
363393 unsigned char lmv2_response[24];
364394 unsigned char unicodeUsername[20 * 2];
375405 /* --- HMAC #1 Caculations --- */
376406
377407 /* Calculate and set NTLM password hash */
378 ret = MakeNTLM((unsigned char *)&ntlm_hash, (unsigned char *) szPassword);
408 ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword);
379409 if (ret == -1)
380410 return -1;
381411
382412 /*
383 The Unicode uppercase username is concatenated with the Unicode authentication target
384 (the domain or server name specified in the Target Name field of the Type 3 message).
385 Note that this calculation always uses the Unicode representation, even if OEM encoding
386 has been negotiated; also note that the username is converted to uppercase, while the
387 authentication target is case-sensitive and must match the case presented in the Target
388 Name field.
389
390 The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to
391 this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the
392 NTLMv2 hash.
393 */
413 The Unicode uppercase username is concatenated with the Unicode authentication target
414 (the domain or server name specified in the Target Name field of the Type 3 message).
415 Note that this calculation always uses the Unicode representation, even if OEM encoding
416 has been negotiated; also note that the username is converted to uppercase, while the
417 authentication target is case-sensitive and must match the case presented in the Target
418 Name field.
419
420 The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to
421 this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the
422 NTLMv2 hash.
423 */
394424
395425 /* Initialize the Unicode version of the username and target. */
396426 /* This implicitly supports 8-bit ISO8859/1 characters. */
397427 /* convert lower case characters to upper case */
398428 bzero(unicodeUsername, sizeof(unicodeUsername));
399 for (i = 0; i < strlen((char *)szLogin); i++)
400 {
401 if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */
429 for (i = 0; i < strlen((char *) szLogin); i++) {
430 if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */
402431 unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20;
403432 else
404433 unicodeUsername[i * 2] = (unsigned char) szLogin[i];
405 }
434 }
406435
407436 bzero(unicodeTarget, sizeof(unicodeTarget));
408 for (i = 0; i < strlen((char *)workgroup); i++)
409 unicodeTarget[i * 2] = (unsigned char)workgroup[i];
410
437 for (i = 0; i < strlen((char *) workgroup); i++)
438 unicodeTarget[i * 2] = (unsigned char) workgroup[i];
439
411440 hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx);
412 hmac_md5_update((const unsigned char *)unicodeUsername, 2 * strlen((char *)szLogin), &ctx);
413 hmac_md5_update((const unsigned char *)unicodeTarget, 2 * strlen((char *)workgroup), &ctx);
441 hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx);
442 hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx);
414443 hmac_md5_final(kr_buf, &ctx);
415
444
416445 /* --- HMAC #2 Calculations --- */
417446 /*
418 The challenge from the Type 2 message is concatenated with our fixed client nonce. The HMAC-MD5
419 message authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash
420 (calculated above) as the key. This results in a 16-byte output value.
421 */
447 The challenge from the Type 2 message is concatenated with our fixed client nonce. The HMAC-MD5
448 message authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash
449 (calculated above) as the key. This results in a 16-byte output value.
450 */
422451
423452 hmac_md5_init_limK_to_64(kr_buf, 16, &ctx);
424453 hmac_md5_update((const unsigned char *) challenge, 8, &ctx);
426455 hmac_md5_final(lmv2_response, &ctx);
427456
428457 /* --- 24-byte LMv2 Response Complete --- */
429 *LMv2hash = malloc(24);
430 memset(*LMv2hash, 0, 24);
458 if ((*LMv2hash = malloc(24)) == NULL)
459 return -1;
460 memset(*LMv2hash, 0, 24);
431461 memcpy(*LMv2hash, lmv2_response, 16);
432462 memcpy(*LMv2hash + 16, client_challenge, 8);
433463
455485 GPO: "Network Security: LAN Manager authentication level"
456486 Setting: "Send NTLMv2 response only\refuse LM & NTLM"
457487 */
458 int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLogin, unsigned char *szPassword)
459 {
488 int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLogin, unsigned char *szPassword) {
460489 unsigned char ntlm_hash[16];
461490 unsigned char ntlmv2_response[56 + 20 * 2 + 256 * 2];
462491 unsigned char unicodeUsername[20 * 2];
467496 unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 };
468497
469498 /*
470 -- Example NTLMv2 Response Data --
471
472 [0] HMAC: (16 bytes)
473
474 [16] Header: Blob Signature [01 01 00 00] (4 bytes)
475 [20] Reserved: [00 00 00 00] (4 bytes)
476 [24] Time: Little-endian, 64-bit signed value representing the number of
477 tenths of a microsecond since January 1, 1601. (8 bytes)
478 [32] Client Nonce: (8 bytes)
479 [40] Unknown: 00 00 00 00 (4 bytes)
480 [44] Target Information (from the Type 2 message)
481 NetBIOS domain/workgroup:
482 Type: domain 02 00 (2 bytes)
483 Length: 12 00 (2 bytes)
484 Name: WORKGROUP [NULL spacing -> 57 00 4f 00 ...] (18 bytes)
485 End-of-list: 00 00 00 00 (4 bytes)
486 Termination: 00 00 00 00 (4 bytes)
487 */
488
489
490 iTargetLen = 2 * strlen((char *)workgroup);
499 -- Example NTLMv2 Response Data --
500
501 [0] HMAC: (16 bytes)
502
503 [16] Header: Blob Signature [01 01 00 00] (4 bytes)
504 [20] Reserved: [00 00 00 00] (4 bytes)
505 [24] Time: Little-endian, 64-bit signed value representing the number of
506 tenths of a microsecond since January 1, 1601. (8 bytes)
507 [32] Client Nonce: (8 bytes)
508 [40] Unknown: 00 00 00 00 (4 bytes)
509 [44] Target Information (from the Type 2 message)
510 NetBIOS domain/workgroup:
511 Type: domain 02 00 (2 bytes)
512 Length: 12 00 (2 bytes)
513 Name: WORKGROUP [NULL spacing -> 57 00 4f 00 ...] (18 bytes)
514 End-of-list: 00 00 00 00 (4 bytes)
515 Termination: 00 00 00 00 (4 bytes)
516 */
517
518
519 iTargetLen = 2 * strlen((char *) workgroup);
491520
492521 memset(ntlm_hash, 0, 16);
493522 memset(ntlmv2_response, 0, 56 + 20 * 2 + 256 * 2);
496525 /* --- HMAC #1 Caculations --- */
497526
498527 /* Calculate and set NTLM password hash */
499 ret = MakeNTLM((unsigned char *)&ntlm_hash, (unsigned char *) szPassword);
528 ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword);
500529 if (ret == -1)
501530 return -1;
502531
503532 /*
504 The Unicode uppercase username is concatenated with the Unicode authentication target
505 (the domain or server name specified in the Target Name field of the Type 3 message).
506 Note that this calculation always uses the Unicode representation, even if OEM encoding
507 has been negotiated; also note that the username is converted to uppercase, while the
508 authentication target is case-sensitive and must match the case presented in the Target
509 Name field.
510
511 The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to
512 this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the
513 NTLMv2 hash.
514 */
533 The Unicode uppercase username is concatenated with the Unicode authentication target
534 (the domain or server name specified in the Target Name field of the Type 3 message).
535 Note that this calculation always uses the Unicode representation, even if OEM encoding
536 has been negotiated; also note that the username is converted to uppercase, while the
537 authentication target is case-sensitive and must match the case presented in the Target
538 Name field.
539
540 The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to
541 this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the
542 NTLMv2 hash.
543 */
515544
516545 /* Initialize the Unicode version of the username and target. */
517546 /* This implicitly supports 8-bit ISO8859/1 characters. */
518547 /* convert lower case characters to upper case */
519548 bzero(unicodeUsername, sizeof(unicodeUsername));
520 for (i = 0; i < strlen((char *)szLogin); i++)
521 {
522 if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */
549 for (i = 0; i < strlen((char *) szLogin); i++) {
550 if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */
523551 unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20;
524552 else
525553 unicodeUsername[i * 2] = (unsigned char) szLogin[i];
526 }
554 }
527555
528556 bzero(unicodeTarget, sizeof(unicodeTarget));
529 for (i = 0; i < strlen((char *)workgroup); i++)
530 unicodeTarget[i * 2] = (unsigned char)workgroup[i];
531
557 for (i = 0; i < strlen((char *) workgroup); i++)
558 unicodeTarget[i * 2] = (unsigned char) workgroup[i];
559
532560 hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx);
533 hmac_md5_update((const unsigned char *)unicodeUsername, 2 * strlen((char *)szLogin), &ctx);
534 hmac_md5_update((const unsigned char *)unicodeTarget, 2 * strlen((char *)workgroup), &ctx);
561 hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx);
562 hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx);
535563 hmac_md5_final(kr_buf, &ctx);
536564
537565 /* --- Blob Construction --- */
538
539 memset(ntlmv2_response + 16, 1, 2); /* Blob Signature 0x01010000 */
566
567 memset(ntlmv2_response + 16, 1, 2); /* Blob Signature 0x01010000 */
540568 memset(ntlmv2_response + 18, 0, 2);
541 memset(ntlmv2_response + 20, 0, 4); /* Reserved */
542
569 memset(ntlmv2_response + 20, 0, 4); /* Reserved */
570
543571 /* Time -- Take a Unix time and convert to an NT TIME structure:
544572 Little-endian, 64-bit signed value representing the number of tenths of a
545573 microsecond since January 1, 1601.
546 */
574 */
547575 struct timespec ts;
548576 unsigned long long nt;
549577
550 ts.tv_sec = (time_t)time(NULL);
578 ts.tv_sec = (time_t) time(NULL);
551579 ts.tv_nsec = 0;
552580
553 if (ts.tv_sec ==0)
581 if (ts.tv_sec == 0)
554582 nt = 0;
555583 else if (ts.tv_sec == TIME_T_MAX)
556584 nt = 0x7fffffffffffffffLL;
557 else if (ts.tv_sec == (time_t)-1)
558 nt = (unsigned long)-1;
559 else
560 {
585 else if (ts.tv_sec == (time_t) - 1)
586 nt = (unsigned long) -1;
587 else {
561588 nt = ts.tv_sec;
562589 nt += TIME_FIXUP_CONSTANT_INT;
563 nt *= 1000*1000*10; /* nt is now in the 100ns units */
590 nt *= 1000 * 1000 * 10; /* nt is now in the 100ns units */
564591 }
565592
566593 SIVAL(ntlmv2_response + 24, 0, nt & 0xFFFFFFFF);
568595 /* End time calculation */
569596
570597 /* Set client challenge - using a non-random value in this case. */
571 memcpy(ntlmv2_response + 32, client_challenge, 8); /* Client Nonce */
572 memset(ntlmv2_response + 40, 0, 4); /* Unknown */
598 memcpy(ntlmv2_response + 32, client_challenge, 8); /* Client Nonce */
599 memset(ntlmv2_response + 40, 0, 4); /* Unknown */
573600
574601 /* Target Information Block */
575602 /*
576 0x0100 Server name
577 0x0200 Domain name
578 0x0300 Fully-qualified DNS host name
579 0x0400 DNS domain name
580
581 TODO: Need to rework negotiation code to correctly extract target information
582 */
583
584 memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */
603 0x0100 Server name
604 0x0200 Domain name
605 0x0300 Fully-qualified DNS host name
606 0x0400 DNS domain name
607
608 TODO: Need to rework negotiation code to correctly extract target information
609 */
610
611 memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */
585612 memset(ntlmv2_response + 45, 0x00, 1);
586 memset(ntlmv2_response + 46, iTargetLen, 1); /* Length */
613 memset(ntlmv2_response + 46, iTargetLen, 1); /* Length */
587614 memset(ntlmv2_response + 47, 0x00, 1);
588
589 /* Name of domain or workgroup */
590 for (i = 0; i < strlen((char *)workgroup); i++)
591 ntlmv2_response[48 + i * 2] = (unsigned char)workgroup[i];
592
593 memset(ntlmv2_response + 48 + iTargetLen, 0, 4); /* End-of-list */
615
616 /* Name of domain or workgroup */
617 for (i = 0; i < strlen((char *) workgroup); i++)
618 ntlmv2_response[48 + i * 2] = (unsigned char) workgroup[i];
619
620 memset(ntlmv2_response + 48 + iTargetLen, 0, 4); /* End-of-list */
594621
595622 /* --- HMAC #2 Caculations --- */
596623
597624 /*
598 The challenge from the Type 2 message is concatenated with the blob. The HMAC-MD5 message
599 authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash
600 (calculated above) as the key. This results in a 16-byte output value.
601 */
625 The challenge from the Type 2 message is concatenated with the blob. The HMAC-MD5 message
626 authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash
627 (calculated above) as the key. This results in a 16-byte output value.
628 */
602629
603630 hmac_md5_init_limK_to_64(kr_buf, 16, &ctx);
604631 hmac_md5_update(challenge, 8, &ctx);
606633 hmac_md5_final(ntlmv2_response, &ctx);
607634
608635 *iByteCount = 48 + iTargetLen + 4;
609 *NTLMv2hash = malloc(*iByteCount);
610 memset(*NTLMv2hash, 0, *iByteCount);
636 if ((*NTLMv2hash = malloc(*iByteCount)) == NULL)
637 return -1;
638 memset(*NTLMv2hash, 0, *iByteCount);
611639 memcpy(*NTLMv2hash, ntlmv2_response, *iByteCount);
612640
613641 return 0;
621649 pass = users password
622650 challenge = the challenge recieved from the server
623651 */
624 int HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr)
625 {
652 int HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) {
626653 int ret;
627 unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */
654 unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */
628655 unsigned char p21[21];
629656 unsigned char ntlm_response[24];
630657
631 ret = MakeNTLM((unsigned char *)&hash, (unsigned char *)pass);
658 ret = MakeNTLM((unsigned char *) &hash, (unsigned char *) pass);
632659 if (ret == -1)
633660 hydra_child_exit(0);
634661
649676 Function: Request a new session from the server
650677 Returns: TRUE on success else FALSE.
651678 */
652 int
653 NBSSessionRequest(int s)
654 {
679 int NBSSessionRequest(int s) {
655680 char nb_name[32]; /* netbiosname */
656681 char nb_local[32]; /* netbios localredirector */
657682 unsigned char rqbuf[7] = { 0x81, 0x00, 0x00, 0x44, 0x20, 0x00, 0x20 };
658683 char *buf;
659684 unsigned char rbuf[400];
685 int k;
660686
661687 /* if we are running in native mode (aka port 445) don't do netbios */
662688 if (protoFlag == WIN2000_NATIVEMODE)
663689 return 0;
664
690
665691 /* convert computer name to netbios name */
666692 memset(nb_name, 0, 32);
667693 memset(nb_local, 0, 32);
668694 memcpy(nb_name, "CKFDENECFDEFFCFGEFFCCACACACACACA", 32); /* *SMBSERVER */
669695 memcpy(nb_local, "EIFJEEFCEBCACACACACACACACACACACA", 32); /* HYDRA */
670696
671 buf = (char *) malloc(100);
697 if ((buf = (char *) malloc(100)) == NULL)
698 return -1;
672699 memset(buf, 0, 100);
673700 memcpy(buf, (char *) rqbuf, 5);
674701 memcpy(buf + 5, nb_name, 32);
680707 free(buf);
681708
682709 memset(rbuf, 0, 400);
683 hydra_recv(s, (char *) rbuf, sizeof(rbuf));
684
685
686 if ((rbuf != NULL) && (rbuf[0] == 0x82))
710 k = hydra_recv(s, (char *) rbuf, sizeof(rbuf));
711
712 if (k > 0 && (rbuf[0] == 0x82))
687713 return 0; /* success */
688714 else
689715 return -1; /* failed */
699725 The challenge is retrieved from the answer
700726 No error checking is performed i.e cross your fingers....
701727 */
702 int
703 SMBNegProt(int s)
704 {
728 int SMBNegProt(int s) {
705729 unsigned char buf[] = {
706730 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42,
707 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0x40,
731 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0,
708732 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
709733 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x7d,
710734 0x00, 0x00, 0x01, 0x00, 0x00, 0x9b, 0x00, 0x02,
729753 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31,
730754 0x32, 0x00
731755
732
733
734756 /*
735757 0x02,
736758 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f,
749771 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20,
750772 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20,
751773 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00
752 */
753 };
774 */
775 };
754776
755777 unsigned char rbuf[400];
756778 unsigned char sess_key[2];
757 unsigned char userid[2] = {0xCD, 0xEF};
758 int i = 0, j = 0;
779 unsigned char userid[2] = { 0xCD, 0xEF };
780 int i = 0, j = 0, k;
759781 int iLength = 194;
760782 int iResponseOffset = 73;
761783
767789 memcpy(buf + 30, sess_key, 2);
768790 memcpy(buf + 32, userid, 2);
769791
770
771
772 if (smb_auth_mechanism == AUTH_LM)
773 {
792 if (smb_auth_mechanism == AUTH_LM) {
774793 if (verbose)
775794 hydra_report(stderr, "[VERBOSE] Setting Negotiate Protocol Response for LM.\n");
776 buf[3] = 0xA3; // Set message length
777 buf[37] = 0x80; // Set byte count for dialects
795 buf[3] = 0xA3; // Set message length
796 buf[37] = 0x80; // Set byte count for dialects
778797 iLength = 167;
779798 iResponseOffset = 65;
780799 }
781800
782
801
783802 hydra_send(s, (char *) buf, iLength, 0);
784 hydra_recv(s, (char *) rbuf, sizeof(rbuf));
785 if (rbuf == NULL)
803 k = hydra_recv(s, (char *) rbuf, sizeof(rbuf));
804 if (k == 0)
786805 return 3;
787806
788807 /* retrieve the security mode */
789808 /*
790 [0] Mode: (0) ? (1) USER security mode
791 [1] Password: (0) PLAINTEXT password (1) ENCRYPTED password. Use challenge/response
792 [2] Signatures: (0) Security signatures NOT enabled (1) ENABLED
793 [3] Sig Req: (0) Security signatures NOT required (1) REQUIRED
794
795 SAMBA: 0x01 (default)
796 WinXP: 0x0F (default)
797 WinXP: 0x07 (Windows 2003 / DC)
798 */
799 switch (rbuf[39])
800 {
801 case 0x01:
802 //real plaintext should be used with LM auth
809 [0] Mode: (0) ? (1) USER security mode
810 [1] Password: (0) PLAINTEXT password (1) ENCRYPTED password. Use challenge/response
811 [2] Signatures: (0) Security signatures NOT enabled (1) ENABLED
812 [3] Sig Req: (0) Security signatures NOT required (1) REQUIRED
813
814 SAMBA: 0x01 (default)
815 WinXP: 0x0F (default)
816 WinXP: 0x07 (Windows 2003 / DC)
817 */
818 switch (rbuf[39]) {
819 case 0x01:
820 //real plaintext should be used with LM auth
821 if (verbose)
822 hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password.\n");
823 security_mode = PLAINTEXT;
824
825 if (hashFlag == 1) {
803826 if (verbose)
804 hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password.\n");
805 security_mode = PLAINTEXT;
806
807 if (hashFlag == 1)
808 {
809 if (verbose)
810 hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH password mode not supported for this configuration.\n");
811 return 3;
812 }
813 if (hashFlag == 2)
814 {
815 if (verbose)
816 hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE password mode not supported for this configuration.\n");
817 return 3;
818 }
819 break;
820 case 0x03:
827 hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH password mode not supported for this configuration.\n");
828 return 3;
829 }
830 if (hashFlag == 2) {
821831 if (verbose)
822 hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password without security signatures.\n");
823 security_mode = ENCRYPTED;
824 break;
825 case 0x07:
826 case 0x0F:
827 if (verbose)
828 hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password.\n");
829 security_mode = ENCRYPTED;
830 break;
831 default:
832 if (verbose)
833 hydra_report(stderr, "[VERBOSE] Unknown security mode request: %2.2X. Proceeding using ENCRYPTED password mode.\n", rbuf[39]);
834 security_mode = ENCRYPTED;
835 break;
832 hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE password mode not supported for this configuration.\n");
833 return 3;
834 }
835 break;
836 case 0x03:
837 if (verbose)
838 hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password without security signatures.\n");
839 security_mode = ENCRYPTED;
840 break;
841 case 0x07:
842 case 0x0F:
843 if (verbose)
844 hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password.\n");
845 security_mode = ENCRYPTED;
846 break;
847 default:
848 if (verbose)
849 hydra_report(stderr, "[VERBOSE] Unknown security mode request: %2.2X. Proceeding using ENCRYPTED password mode.\n", rbuf[39]);
850 security_mode = ENCRYPTED;
851 break;
836852 }
837853
838854 /* Retrieve the challenge */
846862 //and the domain is not padded with null chars
847863 if (smb_auth_mechanism == AUTH_LM) {
848864 while ((rbuf[iResponseOffset + 8 + i] != 0) && (i < 16)) {
849 workgroup[i] = rbuf[iResponseOffset + 8 + i];
865 workgroup[i] = rbuf[iResponseOffset + 8 + i];
850866 i++;
851867 }
852868 } else {
853869 while ((rbuf[iResponseOffset + 8 + i * 2] != 0) && (i < 16)) {
854 workgroup[i] = rbuf[iResponseOffset + 8 + i * 2];
870 workgroup[i] = rbuf[iResponseOffset + 8 + i * 2];
855871 i++;
856872 }
857873
865881 hydra_report(stderr, "[VERBOSE] Server machine name: %s\n", machine_name);
866882 hydra_report(stderr, "[VERBOSE] Server primary domain: %s\n", workgroup);
867883 }
868
869884 //success
870885 return 2;
871886 }
878893 the server.
879894 Returns: TRUE on success else FALSE.
880895 */
881 unsigned long SMBSessionSetup(int s, char* szLogin, char* szPassword, char *miscptr)
882 {
896 unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *miscptr) {
883897 unsigned char buf[512];
884898 unsigned char *LMv2hash = NULL;
885899 unsigned char *NTLMv2hash = NULL;
886900 unsigned char *NTLMhash = NULL;
887901 unsigned char *LMhash = NULL;
902 unsigned char unicodeLogin[32 * 2];
903 int j;
888904 char bufReceive[512];
889905 int nReceiveBufferSize = 0;
890906 int ret;
891 int iByteCount, iOffset=0;
892
907 int iByteCount = 0, iOffset = 0;
908
893909 if (accntFlag == 0) {
894 strcpy((char *)workgroup, "localhost");
910 strcpy((char *) workgroup, "localhost");
895911
896912 } else if (accntFlag == 2) {
897913 memset(workgroup, 0, 16);
899915 //domain flag is not needed here, it will be auto set,
900916 //below it's domain specified on cmd line
901917 else if (accntFlag == 4) {
902 strncpy((char *)workgroup, (char *)domain, 16);
918 strncpy((char *) workgroup, (char *) domain, 16);
903919 }
904920
905921 /* NetBIOS Session Service */
906922 unsigned char szNBSS[4] = {
907 0x00, /* Message Type: Session Message */
908 0x00, 0x00, 0x85 /* Length -- MUST SET */
923 0x00, /* Message Type: Session Message */
924 0x00, 0x00, 0x85 /* Length -- MUST SET */
909925 };
910926
911927 /* SMB Header */
912928 unsigned char szSMB[32] = {
913 0xff, 0x53, 0x4d, 0x42, /* Server Component */
914 0x73, /* SMB Command: Session Setup AndX */
915 0x00, 0x00, 0x00, 0x00, /* NT Status: STATUS_SUCCESS */
916 0x08, /* Flags */
917 0x01, 0x40, /* Flags2 */
918 0x00, 0x00, /* Process ID High */
919 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Signature */
920 0x00, 0x00, /* Reserved */
921 0x00, 0x00, /* Tree ID */
922 0x13, 0x37, /* Process ID */
923 0x00, 0x00, /* User ID */
924 0x01, 0x00 /* Multiplx ID */
929 0xff, 0x53, 0x4d, 0x42, /* Server Component */
930 0x73, /* SMB Command: Session Setup AndX */
931 0x00, 0x00, 0x00, 0x00, /* NT Status: STATUS_SUCCESS */
932 0x08, /* Flags */
933 0x01, 0xc0, /* Flags2 */ /* add Unicode */
934 0x00, 0x00, /* Process ID High */
935 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Signature */
936 0x00, 0x00, /* Reserved */
937 0x00, 0x00, /* Tree ID */
938 0x13, 0x37, /* Process ID */
939 0x00, 0x00, /* User ID */
940 0x01, 0x00 /* Multiplx ID */
925941 };
926942
927943 memset(buf, 0, 512);
928944 memcpy(buf, szNBSS, 4);
929 memcpy(buf +4, szSMB, 32);
930
931 if (security_mode == ENCRYPTED)
932 {
945 memcpy(buf + 4, szSMB, 32);
946
947 if (security_mode == ENCRYPTED) {
933948 /* Session Setup AndX Request */
934 if (smb_auth_mechanism == AUTH_LM)
935 {
949 if (smb_auth_mechanism == AUTH_LM) {
936950 if (verbose)
937951 hydra_report(stderr, "[VERBOSE] Attempting LM password authentication.\n");
938952
939953 unsigned char szSessionRequest[23] = {
940 0x0a, /* Word Count */
941 0xff, /* AndXCommand: No further commands */
942 0x00, /* Reserved */
943 0x00, 0x00, /* AndXOffset */
944 0xff, 0xff, /* Max Buffer */
945 0x02, 0x00, /* Max Mpx Count */
946 0x3c, 0x7d, /* VC Number */
947 0x00, 0x00, 0x00, 0x00, /* Session Key */
948 0x18, 0x00, /* LAN Manager Password Hash Length */
949 0x00, 0x00, 0x00, 0x00, /* Reserved */
950 0x49, 0x00 /* Byte Count -- MUST SET */
954 0x0a, /* Word Count */
955 0xff, /* AndXCommand: No further commands */
956 0x00, /* Reserved */
957 0x00, 0x00, /* AndXOffset */
958 0xff, 0xff, /* Max Buffer */
959 0x02, 0x00, /* Max Mpx Count */
960 0x3c, 0x7d, /* VC Number */
961 0x00, 0x00, 0x00, 0x00, /* Session Key */
962 0x18, 0x00, /* LAN Manager Password Hash Length */
963 0x00, 0x00, 0x00, 0x00, /* Reserved */
964 0x49, 0x00 /* Byte Count -- MUST SET */
951965 };
952966
953 iOffset = 59; /* szNBSS + szSMB + szSessionRequest */
954 iByteCount = 24; /* Start with length of LM hash */
967 iOffset = 59; /* szNBSS + szSMB + szSessionRequest */
968 iByteCount = 24; /* Start with length of LM hash */
955969
956970 /* Set Session Setup AndX Request header information */
957971 memcpy(buf + 36, szSessionRequest, 23);
958972
959973 /* Calculate and set LAN Manager password hash */
960 LMhash = (unsigned char *) malloc(24);
974 if ((LMhash = (unsigned char *) malloc(24)) == NULL)
975 return -1;
961976 memset(LMhash, 0, 24);
962977
963 ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *)challenge);
964 if (ret == -1)
978 ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *) challenge);
979 if (ret == -1) {
980 free(LMhash);
965981 return -1;
982 }
966983
967984 memcpy(buf + iOffset, LMhash, 24);
968 free(LMhash);
969
970 }
971 else if (smb_auth_mechanism == AUTH_NTLM)
972 {
973 if(verbose)
985 free(LMhash);
986
987 } else if (smb_auth_mechanism == AUTH_NTLM) {
988 if (verbose)
974989 hydra_report(stderr, "[VERBOSE] Attempting NTLM password authentication.\n");
975
990
976991 unsigned char szSessionRequest[29] = {
977 0x0d, /* Word Count */
978 0xff, /* AndXCommand: No further commands */
979 0x00, /* Reserved */
980 0x00, 0x00, /* AndXOffset */
981 0xff, 0xff, /* Max Buffer */
982 0x02, 0x00, /* Max Mpx Count */
983 0x3c, 0x7d, /* VC Number */
984 0x00, 0x00, 0x00, 0x00, /* Session Key */
985 0x18, 0x00, /* LAN Manager Password Hash Length */
986 0x18, 0x00, /* NT LAN Manager Password Hash Length */
987 0x00, 0x00, 0x00, 0x00, /* Reserved */
988 0x50, 0x00, 0x00, 0x00, /* Capabilities */
989 0x49, 0x00 /* Byte Count -- MUST SET */
992 0x0d, /* Word Count */
993 0xff, /* AndXCommand: No further commands */
994 0x00, /* Reserved */
995 0x00, 0x00, /* AndXOffset */
996 0xff, 0xff, /* Max Buffer */
997 0x02, 0x00, /* Max Mpx Count */
998 0x3c, 0x7d, /* VC Number */
999 0x00, 0x00, 0x00, 0x00, /* Session Key */
1000 0x18, 0x00, /* LAN Manager Password Hash Length */
1001 0x18, 0x00, /* NT LAN Manager Password Hash Length */
1002 0x00, 0x00, 0x00, 0x00, /* Reserved */
1003 0x5c, 0x00, 0x00, 0x00, /* Capabilities */ /* Add Unicode */
1004 0x49, 0x00 /* Byte Count -- MUST SET */
9901005 };
9911006
992 iOffset = 65; /* szNBSS + szSMB + szSessionRequest */
993 iByteCount = 48; /* Start with length of NTLM and LM hashes */
1007 iOffset = 65; /* szNBSS + szSMB + szSessionRequest */
1008 iByteCount = 48; /* Start with length of NTLM and LM hashes */
9941009
9951010 /* Set Session Setup AndX Request header information */
9961011 memcpy(buf + 36, szSessionRequest, 29);
9971012
9981013 /* Calculate and set NTLM password hash */
999 NTLMhash = (unsigned char *) malloc(24);
1014 if ((NTLMhash = (unsigned char *) malloc(24)) == NULL)
1015 return -1;
10001016 memset(NTLMhash, 0, 24);
10011017
10021018 /* We don't need to actually calculated a LM hash for this mode, only NTLM */
10061022
10071023 memcpy(buf + iOffset + 24, NTLMhash, 24); /* Skip space for LM hash */
10081024 free(NTLMhash);
1009 }
1010 else if (smb_auth_mechanism == AUTH_LMv2)
1011 {
1025 } else if (smb_auth_mechanism == AUTH_LMv2) {
10121026 if (verbose)
10131027 hydra_report(stderr, "[VERBOSE] Attempting LMv2 password authentication.\n");
1014
1028
10151029 unsigned char szSessionRequest[29] = {
1016 0x0d, /* Word Count */
1017 0xff, /* AndXCommand: No further commands */
1018 0x00, /* Reserved */
1019 0x00, 0x00, /* AndXOffset */
1020 0xff, 0xff, /* Max Buffer */
1021 0x02, 0x00, /* Max Mpx Count */
1022 0x3c, 0x7d, /* VC Number */
1023 0x00, 0x00, 0x00, 0x00, /* Session Key */
1024 0x18, 0x00, /* LAN Manager Password Hash Length */
1025 0x00, 0x00, /* NT LAN Manager Password Hash Length */
1026 0x00, 0x00, 0x00, 0x00, /* Reserved */
1027 0x50, 0x00, 0x00, 0x00, /* Capabilities */
1028 0x49, 0x00 /* Byte Count -- MUST SET */
1030 0x0d, /* Word Count */
1031 0xff, /* AndXCommand: No further commands */
1032 0x00, /* Reserved */
1033 0x00, 0x00, /* AndXOffset */
1034 0xff, 0xff, /* Max Buffer */
1035 0x02, 0x00, /* Max Mpx Count */
1036 0x3c, 0x7d, /* VC Number */
1037 0x00, 0x00, 0x00, 0x00, /* Session Key */
1038 0x18, 0x00, /* LAN Manager Password Hash Length */
1039 0x00, 0x00, /* NT LAN Manager Password Hash Length */
1040 0x00, 0x00, 0x00, 0x00, /* Reserved */
1041 0x50, 0x00, 0x00, 0x00, /* Capabilities */
1042 0x49, 0x00 /* Byte Count -- MUST SET */
10291043 };
10301044
1031 iOffset = 65; /* szNBSS + szSMB + szSessionRequest */
1032 iByteCount = 24; /* Start with length of LMv2 response */
1045 iOffset = 65; /* szNBSS + szSMB + szSessionRequest */
1046 iByteCount = 24; /* Start with length of LMv2 response */
10331047
10341048 /* Set Session Setup AndX Request header information */
10351049 memcpy(buf + 36, szSessionRequest, 29);
10361050
10371051 /* Calculate and set LMv2 response hash */
1038 LMv2hash = (unsigned char *) malloc(24);
1052 if ((LMv2hash = (unsigned char *) malloc(24)) == NULL)
1053 return -1;
10391054 memset(LMv2hash, 0, 24);
10401055
10411056 ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword);
1042 if (ret == -1)
1057 if (ret == -1) {
1058 free(LMv2hash);
10431059 return -1;
1060 }
10441061
10451062 memcpy(buf + iOffset, LMv2hash, 24);
10461063 free(LMv2hash);
1047 }
1048 else if (smb_auth_mechanism == AUTH_NTLMv2)
1049 {
1064 } else if (smb_auth_mechanism == AUTH_NTLMv2) {
10501065 if (verbose)
1051 hydra_report(stderr,"[VERBOSE] Attempting LMv2/NTLMv2 password authentication.\n");
1052
1066 hydra_report(stderr, "[VERBOSE] Attempting LMv2/NTLMv2 password authentication.\n");
1067
10531068 unsigned char szSessionRequest[29] = {
1054 0x0d, /* Word Count */
1055 0xff, /* AndXCommand: No further commands */
1056 0x00, /* Reserved */
1057 0x00, 0x00, /* AndXOffset */
1058 0xff, 0xff, /* Max Buffer */
1059 0x02, 0x00, /* Max Mpx Count */
1060 0x3c, 0x7d, /* VC Number */
1061 0x00, 0x00, 0x00, 0x00, /* Session Key */
1062 0x18, 0x00, /* LMv2 Response Hash Length */
1063 0x4b, 0x00, /* NTLMv2 Response Hash Length -- MUST SET */
1064 0x00, 0x00, 0x00, 0x00, /* Reserved */
1065 0x50, 0x00, 0x00, 0x00, /* Capabilities */
1066 0x49, 0x00 /* Byte Count -- MUST SET */
1069 0x0d, /* Word Count */
1070 0xff, /* AndXCommand: No further commands */
1071 0x00, /* Reserved */
1072 0x00, 0x00, /* AndXOffset */
1073 0xff, 0xff, /* Max Buffer */
1074 0x02, 0x00, /* Max Mpx Count */
1075 0x3c, 0x7d, /* VC Number */
1076 0x00, 0x00, 0x00, 0x00, /* Session Key */
1077 0x18, 0x00, /* LMv2 Response Hash Length */
1078 0x4b, 0x00, /* NTLMv2 Response Hash Length -- MUST SET */
1079 0x00, 0x00, 0x00, 0x00, /* Reserved */
1080 0x50, 0x00, 0x00, 0x00, /* Capabilities */
1081 0x49, 0x00 /* Byte Count -- MUST SET */
10671082 };
10681083
1069 iOffset = 65; /* szNBSS + szSMB + szSessionRequest */
1084 iOffset = 65; /* szNBSS + szSMB + szSessionRequest */
10701085
10711086 /* Set Session Setup AndX Request header information */
10721087 memcpy(buf + 36, szSessionRequest, 29);
10751090 ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword);
10761091 if (ret == -1)
10771092 return -1;
1078
1093
10791094 memcpy(buf + iOffset, LMv2hash, 24);
10801095 free(LMv2hash);
10811096
10921107 memcpy(buf + iOffset + 24, NTLMv2hash, iByteCount);
10931108 free(NTLMv2hash);
10941109
1095 iByteCount += 24; /* Reflects length of both LMv2 and NTLMv2 responses */
1096 }
1097 }
1098 else if (security_mode == PLAINTEXT)
1099 {
1100 if (verbose)
1101 hydra_report(stderr, "[VERBOSE] Attempting PLAINTEXT password authentication.\n");
1110 iByteCount += 24; /* Reflects length of both LMv2 and NTLMv2 responses */
1111 }
1112 } else if (security_mode == PLAINTEXT) {
1113 if (verbose)
1114 hydra_report(stderr, "[VERBOSE] Attempting PLAINTEXT password authentication.\n");
11021115
11031116 unsigned char szSessionRequest[23] = {
1104 0x0a, /* Word Count */
1105 0xff, /* AndXCommand: No further commands */
1106 0x00, /* Reserved */
1107 0x00, 0x00, /* AndXOffset */
1108 0xff, 0xff, /* Max Buffer */
1109 0x02, 0x00, /* Max Mpx Count */
1110 0x3c, 0x7d, /* VC Number */
1111 0x00, 0x00, 0x00, 0x00, /* Session Key */
1112 0x00, 0x00, /* Password Length -- MUST SET */
1113 0x00, 0x00, 0x00, 0x00, /* Reserved */
1114 0x49, 0x00 /* Byte Count -- MUST SET */
1117 0x0a, /* Word Count */
1118 0xff, /* AndXCommand: No further commands */
1119 0x00, /* Reserved */
1120 0x00, 0x00, /* AndXOffset */
1121 0xff, 0xff, /* Max Buffer */
1122 0x02, 0x00, /* Max Mpx Count */
1123 0x3c, 0x7d, /* VC Number */
1124 0x00, 0x00, 0x00, 0x00, /* Session Key */
1125 0x00, 0x00, /* Password Length -- MUST SET */
1126 0x00, 0x00, 0x00, 0x00, /* Reserved */
1127 0x49, 0x00 /* Byte Count -- MUST SET */
11151128 };
11161129
1117 iOffset = 59; /* szNBSS + szSMB + szSessionRequest */
1130 iOffset = 59; /* szNBSS + szSMB + szSessionRequest */
11181131
11191132 /* Set Session Setup AndX Request header information */
11201133 memcpy(buf + 36, szSessionRequest, 23);
11221135 /* Calculate and set password length */
11231136 /* Samba appears to append NULL characters equal to the password length plus 2 */
11241137 //iByteCount = 2 * strlen(szPassword) + 2;
1125 iByteCount = strlen(szPassword) + 1;
1138 iByteCount = strlen(szPassword) + 1;
11261139 buf[iOffset - 8] = (iByteCount) % 256;
11271140 buf[iOffset - 7] = (iByteCount) / 256;
1128
1141
11291142 /* set ANSI password */
11301143 /*
1131 Depending on the SAMBA server configuration, multiple passwords may be successful
1132 when dealing with mixed-case values. The SAMBA parameter "password level" appears
1133 to determine how many characters within a password are tested by the server both
1134 upper and lower case. For example, assume a SAMBA account has a password of "Fred"
1135 and the server is configured with "password level = 2". Medusa sends the password
1136 "FRED". The SAMBA server will brute-force test this value for us with values
1137 like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default setting
1138 is "password level = 0". This results in only two attempts to being made by the
1139 remote server; the password as is and the password in all-lower case.
1140 */
1141 strncpy((char *)(buf + iOffset), szPassword, 256);
1142 }
1143 else
1144 {
1144 Depending on the SAMBA server configuration, multiple passwords may be successful
1145 when dealing with mixed-case values. The SAMBA parameter "password level" appears
1146 to determine how many characters within a password are tested by the server both
1147 upper and lower case. For example, assume a SAMBA account has a password of "Fred"
1148 and the server is configured with "password level = 2". Medusa sends the password
1149 "FRED". The SAMBA server will brute-force test this value for us with values
1150 like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default setting
1151 is "password level = 0". This results in only two attempts to being made by the
1152 remote server; the password as is and the password in all-lower case.
1153 */
1154 strncpy((char *) (buf + iOffset), szPassword, 256);
1155 } else {
11451156 hydra_report(stderr, "[ERROR] Security_mode was not properly set. This should not happen.\n");
11461157 return -1;
11471158 }
11481159
1149 /* Set account and workgroup values */
1150 memcpy(buf + iOffset + iByteCount, szLogin, strlen(szLogin));
1151 iByteCount += strlen(szLogin) + 1; /* NULL pad account name */
1152 memcpy(buf + iOffset + iByteCount, workgroup, strlen((char *) workgroup));
1153 iByteCount += strlen((char *) workgroup) + 1; // NULL pad workgroup name
1160 /* Set account and workgroup values */
1161
1162 j = UTF8_UTF16LE((unsigned char *) szLogin, strlen(szLogin), buf + iOffset + iByteCount+1, 2*strlen(szLogin));
1163 iByteCount += j +3; /* NULL pad account name */
1164 j = UTF8_UTF16LE(workgroup, strlen((char *) workgroup), buf+iOffset+iByteCount, 2*strlen((char *) workgroup));
1165 iByteCount += j+2; // NULL pad workgroup name
11541166
11551167 /* Set native OS and LAN Manager values */
11561168
1157 sprintf((char *)(buf + iOffset + iByteCount), "Unix");
1158 iByteCount += strlen("Unix") + 1; // NULL pad OS name
1159 sprintf((char *)(buf + iOffset + iByteCount), "Samba");
1160 iByteCount += strlen("Samba") + 1; // NULL pad LAN Manager name
1169 char *szOSName = "Unix";
1170 j = UTF8_UTF16LE((unsigned char *) szOSName, strlen(szOSName), buf+iOffset+iByteCount, 2*sizeof(szOSName));
1171 iByteCount += j+2; // NULL terminated
1172 char *szLANMANName = "Samba";
1173 j = UTF8_UTF16LE((unsigned char *) szLANMANName, strlen(szLANMANName), buf+iOffset+iByteCount, 2*sizeof(szLANMANName));
1174 iByteCount += j+2; // NULL terminated
11611175
11621176 /* Set the header length */
11631177 buf[2] = (iOffset - 4 + iByteCount) / 256;
11731187
11741188 hydra_send(s, (char *) buf, iOffset + iByteCount, 0);
11751189
1176 nReceiveBufferSize = 0;
11771190 nReceiveBufferSize = hydra_recv(s, bufReceive, sizeof(bufReceive));
1178 if ((bufReceive == NULL) || (nReceiveBufferSize == 0))
1191 if (/*(bufReceive == NULL) ||*/ (nReceiveBufferSize == 0))
11791192 return -1;
1180
1193
11811194 /* 41 - Action (Guest/Non-Guest Account) */
11821195 /* 9 - NT Status (Error code) */
11831196 return (((bufReceive[41] & 0x01) << 24) | ((bufReceive[11] & 0xFF) << 16) | ((bufReceive[10] & 0xFF) << 8) | (bufReceive[9] & 0xFF));
1184 }
1185
1186 int
1187 start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp)
1188 {
1197 }
1198
1199 int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
11891200 char *empty = "";
11901201 char *login, *pass;
11911202 int SMBerr, SMBaction;
12031214 strcpy(ipaddr_str, hydra_address2string(ip));
12041215
12051216 SMBSessionRet = SMBSessionSetup(s, login, pass, miscptr);
1206 if (SMBSessionRet == -1)
1217 if (SMBSessionRet == -1)
12071218 return 3;
12081219 SMBerr = (unsigned long) SMBSessionRet & 0x00FFFFFF;
12091220 SMBaction = ((unsigned long) SMBSessionRet & 0xFF000000) >> 24;
12101221
12111222 if (verbose)
1212 hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (unsigned int)SMBSessionRet, SMBerr, SMBaction);
1223 hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (unsigned int) SMBSessionRet, SMBerr, SMBaction);
12131224
12141225 /*
1215 some error code are available here:
1216 http://msdn.microsoft.com/en-us/library/ee441884(v=prot.13).aspx
1217 */
1218
1219 if (SMBerr == 0x000000) { /* success */
1220 if (SMBaction == 0x01) { /* invalid account - anonymous connection */
1226 some error code are available here:
1227 http://msdn.microsoft.com/en-us/library/ee441884(v=prot.13).aspx
1228 */
1229
1230 if (SMBerr == 0x000000) { /* success */
1231 if (SMBaction == 0x01) { /* invalid account - anonymous connection */
12211232 fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Invalid account (Anonymous success)\n", port, ipaddr_str, login);
12221233 hydra_completed_pair_skip();
1223 } else { /* valid account */
1234 } else { /* valid account */
12241235 hydra_report_found_host(port, ip, "smb", fp);
12251236 hydra_completed_pair_found();
12261237 }
1227 } else if ((SMBerr == 0x00000D) && (SMBaction == 0x00)){
1238 } else if ((SMBerr == 0x00000D) && (SMBaction == 0x00)) {
12281239 hydra_report(stderr, "[ERROR] Invalid parameter status received, either the account or the method used are not valid\n");
12291240 hydra_completed_pair_skip();
1230 } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote Connections Using NULL Passwords */
1241 } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote Connections Using NULL Passwords */
12311242 if (verbose)
12321243 hydra_report(stderr, "[VERBOSE] Valid password, GPO Disabling Remote Connections Using NULL Passwords\n");
12331244 hydra_report_found_host(port, ip, "smb", fp);
12341245 hydra_completed_pair_found();
1235 } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this computer from the network" */
1246 } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this computer from the network" */
12361247 if (verbose)
12371248 hydra_report(stderr, "[VERBOSE] Valid password, GPO Deny access to this computer from the network\n");
12381249 hydra_report_found_host(port, ip, "smb", fp);
12391250 hydra_completed_pair_found();
1240 } else if (SMBerr == 0x000193) { /* Valid password, account expired */
1251 } else if (SMBerr == 0x000193) { /* Valid password, account expired */
12411252 if (verbose)
12421253 hydra_report(stderr, "[VERBOSE] Valid password, account expired\n");
12431254 hydra_report_found_host(port, ip, "smb", fp);
12441255 hydra_completed_pair_found();
1245 } else if ((SMBerr == 0x000224)||(SMBerr == 0xC20002)) { /* Valid password, account expired */
1256 } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */
12461257 if (verbose)
12471258 hydra_report(stderr, "[VERBOSE] Valid password, password expired and must be changed on next logon\n");
12481259 hydra_report_found_host(port, ip, "smb", fp);
12491260 hydra_completed_pair_found();
1250 } else if ((SMBerr == 0x00006F)||(SMBerr == 0xC10002)) { /* Invalid logon hours */
1261 } else if ((SMBerr == 0x00006F) || (SMBerr == 0xC10002)) { /* Invalid logon hours */
12511262 if (verbose)
12521263 hydra_report(stderr, "[VERBOSE] Valid password, but logon hours invalid\n");
12531264 hydra_report_found_host(port, ip, "smb", fp);
12541265 hydra_completed_pair_found();
1255 } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */
1266 } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */
12561267 if (verbose)
12571268 fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Incorrect password or account disabled\n", port, ipaddr_str, login);
12581269 if ((miscptr) && (strstr(miscptr, "LM")))
12591270 hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n");
12601271 hydra_completed_pair_skip();
1261 } else if (SMBerr == 0x000024) { /* change password on next login [success] */
1272 } else if (SMBerr == 0x000024) { /* change password on next login [success] */
12621273 fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login);
12631274 hydra_completed_pair_found();
1264 } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */
1275 } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */
12651276 hydra_completed_pair();
1266 } else if (SMBerr == 0x000071) { /* password expired */
1277 } else if (SMBerr == 0x000071) { /* password expired */
12671278 if (verbose)
12681279 fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login);
12691280 hydra_completed_pair_skip();
1270 } else if ((SMBerr == 0x000072)||(SMBerr == 0xBF0002)) { /* account disabled */ /* BF0002 on w2k*/
1281 } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled *//* BF0002 on w2k */
12711282 if (verbose)
12721283 fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_DISABLED\n", port, ipaddr_str, login);
12731284 hydra_completed_pair_skip();
1274 } else if (SMBerr == 0x000034 || SMBerr == 0x000234) { /* account locked out */
1275 if (verbose)
1285 } else if (SMBerr == 0x000034 || SMBerr == 0x000234) { /* account locked out */
1286 if (verbose)
12761287 fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_LOCKED\n", port, ipaddr_str, login);
12771288 hydra_completed_pair_skip();
1278 } else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership */
1289 } else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership */
12791290 if (verbose)
12801291 fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE\n", port, ipaddr_str, login);
12811292 hydra_completed_pair();
12911302 return 1;
12921303 }
12931304
1294 void
1295 service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port)
1296 {
1305 void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
12971306 int run = 1, next_run = 1, sock = -1;
12981307
12991308 //default is both (local and domain) checks and normal passwd
1300 accntFlag = 2; //BOTH
1301 hashFlag = 0; //PASS
1302 smb_auth_mechanism=AUTH_NTLM;
1309 accntFlag = 2; //BOTH
1310 hashFlag = 0; //PASS
1311 smb_auth_mechanism = AUTH_NTLM;
13031312
13041313 if (miscptr) {
13051314 //check group
13081317 char *tmpdom;
13091318 int err = 0;
13101319
1311 accntFlag = 4; //OTHER DOMAIN
1320 accntFlag = 4; //OTHER DOMAIN
13121321 tmpdom = strstr(miscptr, "OTHER_DOMAIN:");
13131322 tmpdom = tmpdom + strlen("OTHER_DOMAIN:");
1314
1323
13151324 if (tmpdom) {
13161325 //split the string after the domain if there are other values
13171326 strtok(tmpdom, " ");
13181327 if (tmpdom) {
1319 strncpy((char *)domain, (char *)tmpdom, 16);
1328 strncpy((char *) domain, (char *) tmpdom, sizeof(domain) - 1);
1329 domain[sizeof(domain) - 1] = 0;
13201330 } else {
13211331 err = 1;
13221332 }
13301340 accntFlag = 2;
13311341 }
13321342 } else if (strstr(miscptr, "LOCAL") != NULL) {
1333 accntFlag = 0; //LOCAL
1343 accntFlag = 0; //LOCAL
13341344 } else if (strstr(miscptr, "DOMAIN") != NULL) {
1335 accntFlag = 1; //DOMAIN
1336 }
1337
1345 accntFlag = 1; //DOMAIN
1346 }
13381347 //check pass
13391348 if (strstr(miscptr, "HASH") != NULL) {
1340 hashFlag = 1;
1349 hashFlag = 1;
13411350 } else if (strstr(miscptr, "MACHINE") != NULL) {
1342 hashFlag = 2;
1351 hashFlag = 2;
13431352 }
13441353 //check auth
13451354 if (strstr(miscptr, "NTLMV2") != NULL) {
1346 smb_auth_mechanism=AUTH_NTLMv2;
1355 smb_auth_mechanism = AUTH_NTLMv2;
13471356 } else if (strstr(miscptr, "NTLM") != NULL) {
1348 smb_auth_mechanism=AUTH_NTLM;
1357 smb_auth_mechanism = AUTH_NTLM;
13491358 } else if (strstr(miscptr, "LMV2") != NULL) {
1350 smb_auth_mechanism=AUTH_LMv2;
1359 smb_auth_mechanism = AUTH_LMv2;
13511360 } else if (strstr(miscptr, "LM") != NULL) {
1352 smb_auth_mechanism=AUTH_LM;
1361 smb_auth_mechanism = AUTH_LM;
13531362 }
13541363 }
13551364 if (verbose) {
13731382 protoFlag = WIN_NETBIOSMODE;
13741383 if (verbose)
13751384 hydra_report(stderr, "[VERBOSE] Attempting NETBIOS mode.\n");
1376 }
1377 else {
1385 } else {
13781386 protoFlag = WIN2000_NATIVEMODE;
13791387 if (verbose)
13801388 hydra_report(stderr, "[VERBOSE] Attempting WIN2K Native mode.\n");
13811389 }
1382 }
1383 else {
1390 } else {
13841391 sock = hydra_connect_tcp(ip, PORT_SMBNT);
13851392 if (sock > 0) {
13861393 port = PORT_SMBNT;
13871394 protoFlag = WIN2000_NATIVEMODE;
1388 }
1389 else {
1395 } else {
13901396 hydra_report(stderr, "Failed to establish WIN2000_NATIVE mode. Attempting WIN_NETBIOS mode.\n");
13911397 port = PORT_SMB;
13921398 protoFlag = WIN_NETBIOSMODE;
13941400 }
13951401 }
13961402 if (sock < 0) {
1397 fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
1403 if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
13981404 hydra_child_exit(1);
13991405 }
14001406 if (NBSSessionRequest(sock) < 0) {
14201426 }
14211427 #endif
14221428
1423 int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
1429 int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
14241430 // called before the childrens are forked off, so this is the function
14251431 // which should be filled if initial connections and service setup has to be
14261432 // performed once only.
+41
-28
hydra-smtp-enum.c less more
4545 } else {
4646 snprintf(buffer, sizeof(buffer), "MAIL FROM: root\r\n");
4747 }
48 if (verbose)
48 if (debug)
4949 hydra_report(stderr, "DEBUG C: %s", buffer);
5050 if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
5151 return 1;
5252 }
5353 if ((buf = hydra_receive_line(s)) == NULL)
5454 return (1);
55 if (verbose)
55 if (debug)
5656 hydra_report(stderr, "DEBUG S: %s", buf);
5757 /* good return values are something like 25x */
5858 #ifdef HAVE_PCRE
6969 } else {
7070 err = strstr(buf, "Error");
7171 if (err) {
72 if (verbose) {
72 if (debug) {
7373 hydra_report(stderr, "Server %s", err);
7474 }
7575 free(buf);
9393 snprintf(buffer, sizeof(buffer), "%s %s\r\n", cmd, login);
9494 }
9595 }
96 if (verbose)
96 if (debug)
9797 hydra_report(stderr, "DEBUG C: %s", buffer);
9898 if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
9999 return 1;
100100 }
101101 if ((buf = hydra_receive_line(s)) == NULL)
102102 return (1);
103 if (verbose)
103 if (debug)
104104 hydra_report(stderr, "DEBUG S: %s", buf);
105105 /* good return values are something like 25x */
106106 #ifdef HAVE_PCRE
116116 return 1;
117117 }
118118 err = strstr(buf, "Error");
119 if (err || tosent) {
119 if (err || tosent || strncmp(buf, "50", 2) == 0) {
120120 // we should report command not identified by the server
121121 //502 5.5.2 Error: command not recognized
122 #ifdef HAVE_PCRE
123 if ((verbose || hydra_string_match(buf, "\\scommand\\snot\\srecognized")) && err) {
124 #else
125 if ((verbose || strstr(buf, "command") != NULL) && err) {
126 #endif
127 hydra_report(stderr, "Server %s", err);
122 //#ifdef HAVE_PCRE
123 // if ((debug || hydra_string_match(buf, "\\scommand\\snot\\srecognized")) && err) {
124 //#else
125 // if ((debug || strstr(buf, "command") != NULL) && err) {
126 //#endif
127 // hydra_report(stderr, "Server %s", err);
128 // }
129 if (strncmp(buf, "500 ", 4) == 0) {
130 hydra_report(stderr, "[ERROR] command is disabled on the server (choose different method): %s", buf);
131 free(buf);
132 return 3;
128133 }
129134 memset(buffer, 0, sizeof(buffer));
130135 //503 5.5.1 Error: nested MAIL command
131136 strncpy(buffer, "RSET\r\n", sizeof(buffer));
132137 free(buf);
133 if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
138 if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
134139 return 1;
135 }
136140 if ((buf = hydra_receive_line(s)) == NULL)
137141 return 1;
138142 }
167171 if (port != 0)
168172 mysslport = port;
169173 sock = hydra_connect_ssl(ip, mysslport);
170 port = myport;
174 port = mysslport;
171175 }
172176 if (sock < 0) {
173177 hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
180184 hydra_report(stderr, "Warning: SMTP does not allow to connect: %s\n", buf);
181185 hydra_child_exit(2);
182186 }
183 while (strstr(buf, "220 ") == NULL) {
187 // while (strstr(buf, "220 ") == NULL) {
188 // free(buf);
189 // buf = hydra_receive_line(sock);
190 // }
191
192 // if (buf[0] != '2') {
193 if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
184194 free(buf);
185 buf = hydra_receive_line(sock);
186 }
187
195 hydra_child_exit(2);
196 }
197 // }
198
199 free(buf);
200 if ((buf = hydra_receive_line(sock)) == NULL)
201 hydra_child_exit(2);
188202 if (buf[0] != '2') {
189 if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
190 free(buf);
191 hydra_child_exit(2);
192 }
203 hydra_report(stderr, "Warning: SMTP does not respond correctly to HELO: %s\n", buf);
204 hydra_child_exit(2);
193205 }
194206
195207 if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
202214 if (strncmp(miscptr, "RCPT", 4) == 0)
203215 smtp_enum_cmd = RCPT;
204216 }
205 if (verbose) {
217 if (debug) {
206218 switch (smtp_enum_cmd) {
219 hydra_report(stdout, "[VERBOSE] ");
207220 case VRFY:
208 hydra_report(stderr, "using SMTP VRFY command\n");
221 hydra_report(stdout, "using SMTP VRFY command\n");
209222 break;
210223 case EXPN:
211 hydra_report(stderr, "using SMTP EXPN command\n");
224 hydra_report(stdout, "using SMTP EXPN command\n");
212225 break;
213226 case RCPT:
214 hydra_report(stderr, "using SMTP RCPT TO command\n");
227 hydra_report(stdout, "using SMTP RCPT TO command\n");
215228 break;
216229 }
217230 }
235248 }
236249 }
237250
238 int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
251 int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
239252 // called before the childrens are forked off, so this is the function
240253 // which should be filled if initial connections and service setup has to be
241254 // performed once only.
+22
-24
hydra-smtp.c less more
11 #include "sasl.h"
22
33 extern char *HYDRA_EXIT;
4 char *buf;
5
64 int smtp_auth_mechanism = AUTH_LOGIN;
75
86 char *smtp_read_server_capacity(int sock) {
3937
4038 int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
4139 char *empty = "";
42 char *login, *pass, buffer[500], buffer2[500];
40 char *login, *pass, buffer[500], buffer2[500], *fooptr, *buf;
4341
4442 if (strlen(login = hydra_get_next_login()) == 0)
4543 login = empty;
9088 //get the one-time BASE64 encoded challenge
9189 if ((buf = hydra_receive_line(s)) == NULL)
9290 return 1;
93 if (strstr(buf, "334") == NULL) {
91 if (strstr(buf, "334") == NULL || strlen(buf) < 8) {
9492 hydra_report(stderr, "[ERROR] SMTP CRAM-MD5 AUTH : %s\n", buf);
9593 free(buf);
9694 return 3;
126124 from64tobits((char *) buffer, buf + 4);
127125 free(buf);
128126
129 if (verbose)
127 if (debug)
130128 hydra_report(stderr, "DEBUG S: %s\n", buffer);
131129
132 sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL);
133 if (buffer2 == NULL)
134 return 3;
135
136 if (verbose)
130 fooptr = buffer2;
131 sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL);
132 if (fooptr == NULL)
133 return 3;
134
135 if (debug)
137136 hydra_report(stderr, "DEBUG C: %s\n", buffer2);
138137 hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
139138 sprintf(buffer, "%s\r\n", buffer2);
154153 }
155154 if ((buf = hydra_receive_line(s)) == NULL)
156155 return 1;
157 if (strstr(buf, "334") == NULL) {
156 if (strstr(buf, "334") == NULL || strlen(buf) < 8) {
158157 hydra_report(stderr, "[ERROR] SMTP NTLM AUTH : %s\n", buf);
159158 free(buf);
160159 return 3;
214213
215214 #ifdef LIBOPENSSL
216215 if (smtp_auth_mechanism == AUTH_DIGESTMD5) {
217 if (strstr(buf, "334") != NULL) {
216 if (strstr(buf, "334") != NULL && strlen(buf) >= 8) {
218217 memset(buffer2, 0, sizeof(buffer2));
219218 from64tobits((char *) buffer2, buf + 4);
220219 if (strstr(buffer2, "rspauth=") != NULL) {
249248 void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
250249 int run = 1, next_run = 1, sock = -1, i = 0;
251250 int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 1;
252
251 char *buf;
253252 char *buffer1 = "EHLO hydra\r\n";
254253 char *buffer2 = "HELO hydra\r\n";
255254
270269 if (port != 0)
271270 mysslport = port;
272271 sock = hydra_connect_ssl(ip, mysslport);
273 port = myport;
272 port = mysslport;
274273 }
275274 if (sock < 0) {
276275 if (verbose || debug)
308307 disable_tls = 0;
309308 }
310309 }
311
312 #ifdef LIBOPENSSL
310 #ifdef LIBOPENSSL
313311 if (!disable_tls) {
314 /* if we got a positive answer */
315 if (buf[0] == '2') {
312 /* if we got a positive answer */
313 if (buf[0] == '2') {
316314 if (strstr(buf, "STARTTLS") != NULL) {
317315 hydra_send(sock, "STARTTLS\r\n", strlen("STARTTLS\r\n"), 0);
318316 free(buf);
322320 } else {
323321 free(buf);
324322 if ((hydra_connect_to_ssl(sock) == -1)) {
325 if (verbose)
323 if (verbose)
326324 hydra_report(stderr, "[ERROR] Can't use TLS\n");
327325 disable_tls = 1;
328326 run = 1;
329327 break;
330328 } else {
331 if (verbose)
329 if (verbose)
332330 hydra_report(stderr, "[VERBOSE] TLS connection done\n");
333331 }
334332 /* ask again capability request but in TLS mode */
335333 if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0)
336 hydra_child_exit(2);
334 hydra_child_exit(2);
337335 buf = smtp_read_server_capacity(sock);
338336 if (buf == NULL)
339 hydra_child_exit(2);
337 hydra_child_exit(2);
340338 }
341339 } else
342340 hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
343 } else
341 } else
344342 hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
345343 }
346344 #endif
436434 }
437435 }
438436
439 int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
437 int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
440438 // called before the childrens are forked off, so this is the function
441439 // which should be filled if initial connections and service setup has to be
442440 // performed once only.
+193
-186
hydra-snmp.c less more
00 #include "hydra-mod.h"
11 #ifdef LIBOPENSSL
2 #include <openssl/hmac.h>
3 #include <openssl/md5.h>
4 #include <openssl/sha.h>
5 #include <openssl/des.h>
6 #include <openssl/aes.h>
2 #include <openssl/hmac.h>
3 #include <openssl/md5.h>
4 #include <openssl/sha.h>
5 #include <openssl/des.h>
6 #include <openssl/aes.h>
77 #endif
88
99 extern int hydra_data_ready_timed(int socket, long sec, long usec);
1515 int snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0;
1616
1717 char snmpv3_init[] = { 0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02,
18 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00,
19 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03,
20 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01,
21 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00,
22 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00,
23 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc,
24 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00 };
18 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00,
19 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03,
20 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01,
21 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00,
22 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00,
23 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc,
24 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00
25 };
2526
2627 char snmpv3_get1[] = { 0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02,
27 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00,
28 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03 };
28 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00,
29 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03
30 };
2931
3032 char snmpv3_get2[] = { 0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00,
31 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82,
32 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f,
33 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01,
34 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b,
35 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05,
36 0x00 };
33 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82,
34 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f,
35 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01,
36 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b,
37 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05,
38 0x00
39 };
3740
3841 char snmpv3_nouser[] = { 0x04, 0x00, 0x04, 0x00, 0x04, 0x00 };
3942
4851 struct SNMPV1_A snmpv1_a = {
4952 .ID = '\x30',
5053 .len = '\x00',
51 .ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */
54 .ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */
5255 .comid = '\x04',
5356 .comlen = '\x00'
5457 };
6265 char objectid[2];
6366 char object[11];
6467 char value[3];
65 }
66 snmpv1_r = {
67 .type = "\xa0\x1b", /* GET */
68 .identid = "\x02\x04",
69 .ident = "\x1a\x5e\x97\x00", /* random crap :) */
70 .errstat = "\x02\x01\x00", /* no error */
71 .errind = "\x02\x01\x00", /* error index 0 */
72 .objectid = "\x30\x0d",
73 .object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */
74 .value = "\x05\x00" /* we just read, so value = 0 */
68 } snmpv1_r = {
69 .type = "\xa0\x1b", /* GET */
70 .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x00", /* random crap :) */
71 .errstat = "\x02\x01\x00", /* no error */
72 .errind = "\x02\x01\x00", /* error index 0 */
73 .objectid = "\x30\x0d",.object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */
74 .value = "\x05\x00" /* we just read, so value = 0 */
7575 };
7676
7777 struct SNMPV1_W {
8383 char objectid[2];
8484 char object[12];
8585 char value[8];
86 } snmpv1_w = {
87 .type = "\xa3\x21", /* SET */
88 .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x22", /* random crap :) */
89 .errstat = "\x02\x01\x00", /* no error */
90 .errind = "\x02\x01\x00", /* error index 0 */
91 .objectid = "\x30\x13", /* string */
92 .object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",.value = "\x04\x05Hydra" /* writing hydra :-) */
93 };
94
95 #ifdef LIBOPENSSL
96 void password_to_key_md5(u_char * password, /* IN */
97 u_int passwordlen, /* IN */
98 u_char * engineID, /* IN - pointer to snmpEngineID */
99 u_int engineLength, /* IN - length of snmpEngineID */
100 u_char * key) { /* OUT - pointer to caller 16-octet buffer */
101 MD5_CTX MD;
102 u_char *cp, password_buf[80], *mypass = password, bpass[17];
103 u_long password_index = 0, count = 0, i, mylen, myelen = engineLength;
104
105 if (strlen(password) > passwordlen)
106 passwordlen = strlen(password);
107 if (passwordlen > sizeof(bpass) - 1)
108 passwordlen = sizeof(bpass) - 1;
109 mylen = passwordlen;
110
111 if (mylen < 8) {
112 memset(bpass, 0, sizeof(bpass));
113 strcpy(bpass, password);
114 while (mylen < 8) {
115 strcat(bpass, password);
116 mylen += passwordlen;
117 }
118 mypass = bpass;
119 }
120 if (myelen > 32)
121 myelen = 32;
122
123 MD5_Init(&MD); /* initialize MD5 */
124 /* Use while loop until we've done 1 Megabyte */
125 while (count < 1048576) {
126 cp = password_buf;
127 for (i = 0; i < 64; i++) {
128 /* Take the next octet of the password, wrapping */
129 /* to the beginning of the password as necessary. */
130 *cp++ = mypass[password_index++ % mylen];
131 }
132 MD5_Update(&MD, password_buf, 64);
133 count += 64;
134 }
135 MD5_Final(key, &MD); /* tell MD5 we're done */
136 /* Now localize the key with the engineID and pass */
137 /* through MD5 to produce final key */
138 /* May want to ensure that engineLength <= 32, */
139 /* otherwise need to use a buffer larger than 64 */
140 memcpy(password_buf, key, 16);
141 memcpy(password_buf + 16, engineID, myelen);
142 memcpy(password_buf + 16 + myelen, key, 16);
143 MD5_Init(&MD);
144 MD5_Update(&MD, password_buf, 32 + myelen);
145 MD5_Final(key, &MD);
146 return;
86147 }
87 snmpv1_w = {
88 .type = "\xa3\x21", /* SET */
89 .identid = "\x02\x04",
90 .ident = "\x1a\x5e\x97\x22", /* random crap :) */
91 .errstat = "\x02\x01\x00", /* no error */
92 .errind = "\x02\x01\x00", /* error index 0 */
93 .objectid = "\x30\x13", /* string */
94 .object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",
95 .value = "\x04\x05Hydra" /* writing hydra :-) */
96 };
97
98 #ifdef LIBOPENSSL
99 void password_to_key_md5(
100 u_char *password, /* IN */
101 u_int passwordlen, /* IN */
102 u_char *engineID, /* IN - pointer to snmpEngineID */
103 u_int engineLength,/* IN - length of snmpEngineID */
104 u_char *key) /* OUT - pointer to caller 16-octet buffer */
105 {
106 MD5_CTX MD;
107 u_char *cp, password_buf[80], *mypass = password, bpass[17];
108 u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength;
109
110 if (mylen < 8) {
111 memset(bpass, 0, sizeof(bpass));
112 strcpy(bpass, password);
113 while (mylen < 8) {
114 strcat(bpass, password);
115 mylen += passwordlen;
116 }
117 mypass = bpass;
118 }
119 if (myelen > 32)
120 myelen = 32;
121
122 MD5_Init(&MD); /* initialize MD5 */
123 /* Use while loop until we've done 1 Megabyte */
124 while (count < 1048576) {
125 cp = password_buf;
126 for (i = 0; i < 64; i++) {
127 /* Take the next octet of the password, wrapping */
128 /* to the beginning of the password as necessary.*/
129 *cp++ = mypass[password_index++ % mylen];
130 }
131 MD5_Update(&MD, password_buf, 64);
132 count += 64;
133 }
134 MD5_Final(key, &MD); /* tell MD5 we're done */
135 /* Now localize the key with the engineID and pass */
136 /* through MD5 to produce final key */
137 /* May want to ensure that engineLength <= 32, */
138 /* otherwise need to use a buffer larger than 64 */
139 memcpy(password_buf, key, 16);
140 memcpy(password_buf + 16, engineID, myelen);
141 memcpy(password_buf + 16 + myelen, key, 16);
142 MD5_Init(&MD);
143 MD5_Update(&MD, password_buf, 32 + myelen);
144 MD5_Final(key, &MD);
145 return;
146 }
147
148 void password_to_key_sha(
149 u_char *password, /* IN */
150 u_int passwordlen, /* IN */
151 u_char *engineID, /* IN - pointer to snmpEngineID */
152 u_int engineLength,/* IN - length of snmpEngineID */
153 u_char *key) /* OUT - pointer to caller 20-octet buffer */
154 {
155 SHA_CTX SH;
156 u_char *cp, password_buf[80], *mypass = password, bpass[17];
157 u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength;
158
159 if (mylen < 8) {
160 memset(bpass, 0, sizeof(bpass));
161 strcpy(bpass, password);
162 while (mylen < 8) {
163 strcat(bpass, password);
164 mylen += passwordlen;
165 }
166 mypass = bpass;
167 }
168
169 if (myelen > 32)
170 myelen = 32;
171
172 SHA1_Init(&SH); /* initialize SHA */
173 /* Use while loop until we've done 1 Megabyte */
174 while (count < 1048576) {
175 cp = password_buf;
176 for (i = 0; i < 64; i++) {
177 /* Take the next octet of the password, wrapping */
178 /* to the beginning of the password as necessary.*/
179 *cp++ = mypass[password_index++ % mylen];
180 }
181 SHA1_Update(&SH, password_buf, 64);
182 count += 64;
183 }
184 SHA1_Final(key, &SH); /* tell SHA we're done */
185 /* Now localize the key with the engineID and pass */
186 /* through SHA to produce final key */
187 /* May want to ensure that engineLength <= 32, */
188 /* otherwise need to use a buffer larger than 72 */
189 memcpy(password_buf, key, 20);
190 memcpy(password_buf + 20, engineID, myelen);
191 memcpy(password_buf + 20 + myelen, key, 20);
192 SHA1_Init(&SH);
193 SHA1_Update(&SH, password_buf, 40 + myelen);
194 SHA1_Final(key, &SH);
195 return;
148
149 void password_to_key_sha(u_char * password, /* IN */
150 u_int passwordlen, /* IN */
151 u_char * engineID, /* IN - pointer to snmpEngineID */
152 u_int engineLength, /* IN - length of snmpEngineID */
153 u_char * key) { /* OUT - pointer to caller 20-octet buffer */
154 SHA_CTX SH;
155 u_char *cp, password_buf[80], *mypass = password, bpass[17];
156 u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength;
157
158 if (mylen < 8) {
159 memset(bpass, 0, sizeof(bpass));
160 strcpy(bpass, password);
161 while (mylen < 8) {
162 strcat(bpass, password);
163 mylen += passwordlen;
164 }
165 mypass = bpass;
166 }
167
168 if (myelen > 32)
169 myelen = 32;
170
171 SHA1_Init(&SH); /* initialize SHA */
172 /* Use while loop until we've done 1 Megabyte */
173 while (count < 1048576) {
174 cp = password_buf;
175 for (i = 0; i < 64; i++) {
176 /* Take the next octet of the password, wrapping */
177 /* to the beginning of the password as necessary. */
178 *cp++ = mypass[password_index++ % mylen];
179 }
180 SHA1_Update(&SH, password_buf, 64);
181 count += 64;
182 }
183 SHA1_Final(key, &SH); /* tell SHA we're done */
184 /* Now localize the key with the engineID and pass */
185 /* through SHA to produce final key */
186 /* May want to ensure that engineLength <= 32, */
187 /* otherwise need to use a buffer larger than 72 */
188 memcpy(password_buf, key, 20);
189 memcpy(password_buf + 20, engineID, myelen);
190 memcpy(password_buf + 20 + myelen, key, 20);
191 SHA1_Init(&SH);
192 SHA1_Update(&SH, password_buf, 40 + myelen);
193 SHA1_Final(key, &SH);
194 return;
196195 }
197196 #endif
198197
199198 int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
200 char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256], salt[8];
199 char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256] = "", salt[8] = "";
201200 int i, j, k, size, off = 0, off2 = 0, done = 0;
202201 unsigned char initVect[8], privacy_params[8];
203202 int engine_boots = 0;
203
204204 #ifdef LIBOPENSSL
205 DES_key_schedule symcbc;
205 DES_key_schedule symcbc;
206206 #endif
207207
208208 if (strlen(login = hydra_get_next_login()) == 0)
237237 memcpy(buffer + i, &snmpv1_w, size);
238238 i += sizeof(snmpv1_w);
239239 }
240 } else { // snmpv3
240 } else { // snmpv3
241241 if (enctype == 0) {
242242 memcpy(buffer, snmpv3_get1, sizeof(snmpv3_get1));
243243 i = sizeof(snmpv3_get1);
281281 buffer[i] = 0x04;
282282 buffer[i + 1] = strlen(login);
283283 memcpy(buffer + i + 2, login, strlen(login));
284 i += 2 + strlen(login);
284 i += 2 + strlen(login);
285285
286286 buffer[i] = 0x04;
287287 if (hashtype > 0) {
300300 i += 2;
301301 } else {
302302 buffer[i + 1] = 8;
303 memcpy(buffer + i + 2, salt, 8); // uninitialized and we dont care
303 memcpy(buffer + i + 2, salt, 8); // uninitialized and we dont care
304304 i += 10;
305305 }
306306
315315
316316 /*
317317 //PrivDES::encrypt(const unsigned char *key,
318 // const unsigned int /*key_len*///,
318 // const unsigned int /*key_len*///,
319319 // const unsigned char *buffer,
320320 // const unsigned int buffer_len,
321321 // unsigned char *out_buffer,
325325 // const unsigned long engine_boots,
326326 // const unsigned long /*engine_time*/)
327327 // last 8 bytes of key are used as base for initialization vector */
328 k = 0;
329 memcpy((char*)initVect, key + 8, 8);
330 // put salt in privacy_params
331 j = htonl(engine_boots);
332 memcpy(privacy_params, (char*) &j, 4);
333 memcpy(privacy_params + 4, salt, 4); // ??? correct?
334 // xor initVect with salt
335 for (i = 0; i < 8; i++)
336 initVect[i] ^= privacy_params[i];
337 des_key_sched((C_Block*)key, symcbc);
338 des_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, symcbc, (C_Block*)(initVect), DES_ENCRYPT);
328 k = 0;
329 memcpy((char *) initVect, key + 8, 8);
330 // put salt in privacy_params
331 j = htonl(engine_boots);
332 memcpy(privacy_params, (char *) &j, 4);
333 memcpy(privacy_params + 4, salt, 4); // ??? correct?
334 // xor initVect with salt
335 for (i = 0; i < 8; i++)
336 initVect[i] ^= privacy_params[i];
337 des_key_sched((C_Block *) key, symcbc);
338 des_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, symcbc, (C_Block *) (initVect), DES_ENCRYPT);
339339
340340 #endif
341341
359359 k = ((sizeof(snmpv3_get2) - 2) / 8);
360360 if ((sizeof(snmpv3_get2) - 2) % 8 != 0)
361361 k++;
362 memcpy(buffer + i + 2, buf, k*8);
362 memcpy(buffer + i + 2, buf, k * 8);
363363 i += k * 8 + 2;
364364 }
365365
366 i++; // just to conform with the snmpv1/2 code
366 i++; // just to conform with the snmpv1/2 code
367367 #ifdef LIBOPENSSL
368368 if (hashtype == 1) {
369 HMAC((EVP_MD *)EVP_md5(), key, 16, buffer, i - 1, hash, NULL);
369 HMAC((EVP_MD *) EVP_md5(), key, 16, buffer, i - 1, hash, NULL);
370370 memcpy(buffer + off, hash, 12);
371371 } else if (hashtype == 2) {
372 HMAC((EVP_MD *)EVP_sha1(), key, 20, buffer, i - 1, hash, NULL);
372 HMAC((EVP_MD *) EVP_sha1(), key, 20, buffer, i - 1, hash, NULL);
373373 memcpy(buffer + off, hash, 12);
374374 }
375375 #endif
388388 if (snmpversion < 3) {
389389 /* stolen from ADMsnmp... :P */
390390 for (j = 0; j < i; j++) {
391 if (buf[j] == '\x04') { /* community name */
391 if (buf[j] == '\x04') { /* community name */
392392 for (j = j + buf[j + 1]; j + 2 < i; j++) {
393 if (buf[j] == '\xa2') { /* PDU Response */
393 if (buf[j] == '\xa2') { /* PDU Response */
394394 for (; j + 2 < i; j++) {
395 if (buf[j] == '\x02') { /* ID */
395 if (buf[j] == '\x02') { /* ID */
396396 for (j = j + (buf[j + 1]); j + 2 < i; j++) {
397397 if (buf[j] == '\x02') {
398 if (buf[j + 1] == '\x01') { /* good ! */
398 if (buf[j + 1] == '\x01') { /* good ! */
399399 hydra_report_found_host(port, ip, "snmp", fp);
400400 hydra_completed_pair_found();
401401 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
410410 }
411411 }
412412 }
413 } else { // snmpv3 reply
413 } else { // snmpv3 reply
414414 off = 0;
415415 if (buf[0] == 0x30) {
416416 if (buf[4] == 0x03 && buf[5] == 0x30)
423423 if (off == 0)
424424 return 3;
425425
426 if (debug) printf("[DEBUG] buf[%d + 15] %d\n", off, buf[off + 15]);
426 if (debug)
427 printf("[DEBUG] buf[%d + 15] %d\n", off, buf[off + 15]);
427428 k = 3 + off + buf[2 + off];
428429 if ((j = hydra_memsearch(buf + k, buf[k + 3], snmpv3_nouser, sizeof(snmpv3_nouser))) < 0)
429430 if ((j = hydra_memsearch(buf + k, buf[k + 3], login, strlen(login))) >= 0) {
438439 i = sizeof(snmpv3info);
439440 memcpy(snmpv3info, buf + k, i);
440441 snmpv3infolen = j;
441 if (debug) hydra_dump_asciihex(snmpv3info, snmpv3infolen);
442 }
442 if (debug)
443 hydra_dump_asciihex(snmpv3info, snmpv3infolen);
444 }
443445
444446 if ((buf[off + 15] & 1) == 1) {
445447 if (hashtype == 0)
450452 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
451453 return 3;
452454 return 1;
453 } else
454 if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, sizeof(snmpv3_nouser)) >= 0) { // user does not exist
455 if (debug) printf("[DEBUG] server reply indicates login %s does not\n", login);
456 hydra_completed_pair_skip();
457 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
458 return 3;
459 return 1;
460 }
455 } else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, sizeof(snmpv3_nouser)) >= 0) { // user does not exist
456 if (debug)
457 printf("[DEBUG] server reply indicates login %s does not\n", login);
458 hydra_completed_pair_skip();
459 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
460 return 3;
461 return 1;
462 }
461463 }
462464 }
463465
510512 sock = hydra_connect_udp(ip, myport);
511513 port = myport;
512514
513 if (debug) printf("[DEBUG] snmpv%d, isread %d, hashtype %d, enctype %d\n", snmpversion, snmpread, hashtype, enctype);
515 if (debug)
516 printf("[DEBUG] snmpv%d, isread %d, hashtype %d, enctype %d\n", snmpversion, snmpread, hashtype, enctype);
514517
515518 hydra_register_socket(sp);
516519
525528 hydra_send(sock, snmpv3_init, sizeof(snmpv3_init), 0);
526529 if (hydra_data_ready_timed(sock, 5, 0) > 0) {
527530 if ((i = hydra_recv(sock, (char *) snmpv3buf, sizeof(snmpv3buf))) > 30) {
528 if (snmpv3buf[4] == 3 && snmpv3buf[5] == 0x30); {
531 if (snmpv3buf[4] == 3 && snmpv3buf[5] == 0x30) {
529532 snmpv3info = snmpv3buf + 7 + snmpv3buf[6];
530533 snmpv3infolen = snmpv3info[3] + 4;
531 while (snmpv3info[snmpv3infolen - 2] == 4 && snmpv3info[snmpv3infolen - 1] == 0)
532 snmpv3infolen -= 2;
533 if (debug) hydra_dump_asciihex(snmpv3info, snmpv3infolen);
534 if (snmpv3info[10] == 3 && child_head_no == 0)
535 printf("[INFO] Remote device MAC address is %02x:%02x:%02x:%02x:%02x:%02x\n", (unsigned char)snmpv3info[12], (unsigned char)snmpv3info[13], (unsigned char)snmpv3info[14], (unsigned char)snmpv3info[15], (unsigned char)snmpv3info[16], (unsigned char)snmpv3info[12]);
534 if (snmpv3info + snmpv3infolen <= snmpv3buf + sizeof(snmpv3buf)) {
535 while (snmpv3info[snmpv3infolen - 2] == 4 && snmpv3info[snmpv3infolen - 1] == 0 && snmpv3infolen > 1)
536 snmpv3infolen -= 2;
537 if (debug)
538 hydra_dump_asciihex(snmpv3info, snmpv3infolen);
539 if (snmpv3info[10] == 3 && child_head_no == 0)
540 printf("[INFO] Remote device MAC address is %02x:%02x:%02x:%02x:%02x:%02x\n", (unsigned char) snmpv3info[12], (unsigned char) snmpv3info[13],
541 (unsigned char) snmpv3info[14], (unsigned char) snmpv3info[15], (unsigned char) snmpv3info[16], (unsigned char) snmpv3info[12]);
542 }
536543 }
537544 }
538545 }
542549 hydra_report(stderr, "No valid reply from snmp server, exiting!\n");
543550 hydra_child_exit(2);
544551 }
545 }
552 }
546553
547554 if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
548555 run = 3;
565572 }
566573 }
567574
568 int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
575 int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
569576 // called before the childrens are forked off, so this is the function
570577 // which should be filled if initial connections and service setup has to be
571578 // performed once only.
+1
-1
hydra-socks5.c less more
164164 }
165165 }
166166
167 int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
167 int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
168168 // called before the childrens are forked off, so this is the function
169169 // which should be filled if initial connections and service setup has to be
170170 // performed once only.
+36
-5
hydra-ssh.c less more
0
10 /*
21
32 libssh is available at http://www.libssh.org
4 current version is 0.4.8
53 If you want support for ssh v1 protocol, you
64 have to add option -DWITH_SSH1=On in the cmake
75
128126 ssh_disconnect(session);
129127 ssh_finalize();
130128 ssh_free(session);
131 fprintf(stderr, "[ERROR] ssh protocol error\n");
129 if (verbose)
130 fprintf(stderr, "[ERROR] ssh protocol error\n");
132131 hydra_child_exit(2);
133132 case 4:
134133 ssh_disconnect(session);
151150 #endif
152151 #endif
153152
154 int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
153 int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
155154 // called before the childrens are forked off, so this is the function
156155 // which should be filled if initial connections and service setup has to be
157156 // performed once only.
160159 //
161160 // return codes:
162161 // 0 all OK
163 // -1 error, hydra will exit, so print a good error message here
162 // 1 skip target without generating an error
163 // 2 skip target because of protocol problems
164 // 3 skip target because its unreachable
165 #ifdef LIBSSH
166 int rc, method;
167 ssh_session session = ssh_new();
168
169 if (verbose || debug)
170 printf("[INFO] Testing if password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port);
171 ssh_options_set(session, SSH_OPTIONS_PORT, &port);
172 ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip));
173 ssh_options_set(session, SSH_OPTIONS_USER, "root");
174 ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
175 ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
176 if (ssh_connect(session) != 0) {
177 fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d\n", hydra_address2string(ip), port);
178 return 2;
179 }
180 rc = ssh_userauth_none(session, NULL);
181 method = ssh_userauth_list(session, NULL);
182 ssh_disconnect(session);
183 ssh_finalize();
184 ssh_free(session);
164185
186 if ((method & SSH_AUTH_METHOD_INTERACTIVE) || (method & SSH_AUTH_METHOD_PASSWORD)) {
187 if (verbose || debug)
188 printf("[INFO] Successful, password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port);
189 return 0;
190 }
191
192 fprintf(stderr, "[ERROR] target ssh://%s:%d/ does not support password authentication.\n", hydra_address2string(ip), port);
193 return 1;
194 #else
165195 return 0;
196 #endif
166197 }
+2
-1
hydra-sshkey.c less more
0
01 /*
12 libssh is available at http://www.libssh.org
23 current version is 0.4.8
149150 #endif
150151 #endif
151152
152 int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
153 int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
153154 // called before the childrens are forked off, so this is the function
154155 // which should be filled if initial connections and service setup has to be
155156 // performed once only.
+5
-5
hydra-svn.c less more
2626
2727 #define DEFAULT_BRANCH "trunk"
2828
29 static svn_error_t * print_dirdummy(void *baton, const char *path, const svn_dirent_t *dirent, const svn_lock_t *lock, const char *abs_path, apr_pool_t *pool) {
29 static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t * dirent, const svn_lock_t * lock, const char *abs_path, apr_pool_t * pool) {
3030 return SVN_NO_ERROR;
3131 }
3232
9090
9191 providers = apr_array_make(pool, 1, sizeof(svn_auth_provider_object_t *));
9292
93 svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */
94 0, pool);
93 svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */
94 0, pool);
9595 APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
9696
9797 /* Register the auth-providers into the context's auth_baton. */
103103 else
104104 snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string(ip), port, URLBRANCH);
105105 dirents = SVN_DIRENT_KIND;
106 err = svn_client_list2 (URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool);
106 err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool);
107107
108108 svn_pool_clear(pool);
109109 svn_pool_destroy(pool);
190190
191191 #endif
192192
193 int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
193 int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
194194 // called before the childrens are forked off, so this is the function
195195 // which should be filled if initial connections and service setup has to be
196196 // performed once only.
+1
-1
hydra-teamspeak.c less more
125125 }
126126 }
127127
128 int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
128 int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
129129 // called before the childrens are forked off, so this is the function
130130 // which should be filled if initial connections and service setup has to be
131131 // performed once only.
+3
-3
hydra-telnet.c less more
131131 hydra_child_exit(1);
132132 }
133133 if ((buf = hydra_receive_line(sock)) == NULL) { /* check the first line */
134 hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown: %s\n", buf);
134 hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown\n");
135135 hydra_child_exit(2);
136136 // hydra_child_exit(2);
137137 }
139139 hydra_send(sock, "\r\n", 2, 0);
140140 free(buf);
141141 if ((buf = hydra_receive_line(sock)) == NULL) {
142 hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown: %s\n", buf);
142 hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown\n");
143143 hydra_child_exit(2);
144144 }
145145 }
203203 }
204204 }
205205
206 int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
206 int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
207207 // called before the childrens are forked off, so this is the function
208208 // which should be filled if initial connections and service setup has to be
209209 // performed once only.
+4
-3
hydra-vmauthd.c less more
8686 if (port != 0)
8787 mysslport = port;
8888 sock = hydra_connect_ssl(ip, mysslport);
89 port = myport;
89 port = mysslport;
9090 }
9191
9292 if (sock < 0) {
102102
103103 if (buf == NULL || strstr(buf, "220 VMware Authentication Daemon Version ") == NULL) {
104104 /* check the first line */
105 if (verbose || debug) hydra_report(stderr, "[ERROR] Not an vmware authd protocol or service shutdown: %s\n", buf);
105 if (verbose || debug)
106 hydra_report(stderr, "[ERROR] Not an vmware authd protocol or service shutdown: %s\n", buf);
106107 hydra_child_exit(2);
107108 }
108109 if ((strstr(buf, "Version 1.00") == NULL) && (strstr(buf, "Version 1.10") == NULL)) {
140141 }
141142 }
142143
143 int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
144 int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
144145 // called before the childrens are forked off, so this is the function
145146 // which should be filled if initial connections and service setup has to be
146147 // performed once only.
+2
-2
hydra-vnc.c less more
5757 int i;
5858
5959 //fprintf(stderr,"number of security types supported: %d\n", buf2[0]);
60 if (buf2[0] == 0) {
60 if (buf2[0] == 0 || buf2[0] > CHALLENGESIZE + 4) {
6161 hydra_report(stderr, "[ERROR] VNC server connection failed\n");
6262 hydra_child_exit(0);
6363 }
228228 }
229229 }
230230
231 int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
231 int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
232232 // called before the childrens are forked off, so this is the function
233233 // which should be filled if initial connections and service setup has to be
234234 // performed once only.
+44
-0
hydra-wizard.sh less more
0 #!/bin/sh
1 #
2 # based on a script by Shivang Desai <shivang.ice.2010@gmail.com>
3 #
4 echo
5 echo "Welcome to the Hydra Wizard"
6 echo
7 read -p "Enter the service to attack (eg: ftp, ssh, http-post-form): " service
8 test -z "$service" && { echo Error: service may not be empty ; exit 1 ; }
9 read -p "Enter the the target to attack (or filename with targets): " target
10 test -z "$target" && { echo Error: target may not be empty ; exit 1 ; }
11 read -p "Enter a username to test or a filename: " user
12 test -z "$user" && { echo Error: user may not be empty ; exit 1 ; }
13 read -p "Enter a password to test or a filename: " pass
14 test -z "$pass" && { echo Error: pass may not be empty ; exit 1 ; }
15 read -p "If you want to test for passwords (s)ame as login, (n)ull or (r)everse login, enter these letters without spaces (e.g. \"sr\") or leave empty otherwise: " pw
16 read -p "Port number (press enter for default): " port
17 echo
18 echo The following options are supported by the service module:
19 hydra -U $service
20 echo
21 read -p "If you want to add module options, enter them here (or leave empty): " opt
22 echo
23
24 ports=""
25 pws=""
26 opts=""
27 test -e "$target" && targets="-M $target"
28 test -e "$target" || targets="$target"
29 test -e "$user" && users="-L $user"
30 test -e "$user" || users="-l $user"
31 test -e "$pass" && passs="-P $pass"
32 test -e "$pass" || passs="-p $pass"
33 test -n "$port" && ports="-s $port"
34 test -n "$pw" && pws="-e $pw"
35 test -n "$opt" && opts="-m '$opt'"
36
37 echo The following command will be executed now:
38 echo " hydra $users $passs -u $pws $ports $opts $targets $service"
39 echo
40 read -p "Do you want to run the command now? [Y/n] " yn
41 test "$yn" = "n" -o "$yn" = "N" && { echo Exiting. ; exit 0 ; }
42 echo
43 hydra $users $passs -u $pws $ports $opts $targets $service
+38
-25
hydra-xmpp.c less more
33 /* david: ref http://xmpp.org/rfcs/rfc3920.html */
44
55 extern char *HYDRA_EXIT;
6 char *buf;
76 static char *domain = NULL;
87
98 int xmpp_auth_mechanism = AUTH_ERROR;
2120 char *CHALLENGE_END_STR = "</challenge>";
2221 char *RESPONSE_STR = "<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>";
2322 char *RESPONSE_END_STR = "</response>";
23 char *fooptr, *buf;
2424
2525 if (strlen(login = hydra_get_next_login()) == 0)
2626 login = empty;
4747
4848 hydra_send(s, buffer, strlen(buffer), 0);
4949 usleep(300000);
50 buf = hydra_receive_line(s);
51
52 if (verbose)
50 if ((buf = hydra_receive_line(s)) == NULL)
51 return 3;
52
53 if (debug)
5354 hydra_report(stderr, "DEBUG S: %s\n", buf);
5455
55 if ((strstr(buf, CHALLENGE_STR) != NULL)||(strstr(buf, CHALLENGE_STR2) != NULL)) {
56 if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) {
5657 /*
5758 the challenge string is sent depending of the
5859 auth chosen it's the case for login auth
5960 */
6061
6162 char *ptr = strstr(buf, CHALLENGE_STR);
63
6264 if (!ptr)
6365 ptr = strstr(buf, CHALLENGE_STR2);
6466 char *ptr_end = strstr(ptr, CHALLENGE_END_STR);
6971 buffer2[chglen] = '\0';
7072 memset(buffer, 0, sizeof(buffer));
7173 from64tobits((char *) buffer, buffer2);
72 if (verbose)
74 if (debug)
7375 hydra_report(stderr, "DEBUG S: %s\n", buffer);
7476 }
7577
8183
8284 hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
8385 sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
84 if (verbose)
86 if (debug)
8587 hydra_report(stderr, "DEBUG C: %s\n", buffer);
8688 if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
8789 free(buf);
9193 if (buf == NULL)
9294 return 1;
9395 /* server now would ask for the password */
94 if ((strstr(buf, CHALLENGE_STR) != NULL)||(strstr(buf, CHALLENGE_STR2) != NULL)) {
96 if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) {
9597 char *ptr = strstr(buf, CHALLENGE_STR);
9698 if (!ptr)
9799 ptr = strstr(buf, CHALLENGE_STR2);
114116 free(buf);
115117 return 1;
116118 }
117 free(buf);
118119 }
119120 }
120121 }
124125 memset(buffer2, 0, sizeof(buffer));
125126 sasl_plain(buffer2, login, pass);
126127 sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
127 if (verbose)
128 if (debug)
128129 hydra_report(stderr, "DEBUG C: %s\n", buffer);
129130
130131 }
138139
139140 rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
140141 if (rc) {
142 free(buf);
141143 return 3;
142144 }
143145
144146 sprintf(buffer, "%.200s %.250s", preplogin, buffer2);
145 if (verbose)
147 if (debug)
146148 hydra_report(stderr, "DEBUG C: %s\n", buffer);
147149 hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer));
148150 sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR);
153155 break;
154156 case AUTH_DIGESTMD5:{
155157 memset(buffer2, 0, sizeof(buffer2));
156 sasl_digest_md5(buffer2, login, pass, buffer, domain, "xmpp", NULL, 0, NULL);
157 if (buffer2 == NULL)
158 fooptr = buffer2;
159 sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL);
160 if (fooptr == NULL) {
161 free(buf);
158162 return 3;
159 if (verbose)
163 }
164 if (debug)
160165 hydra_report(stderr, "DEBUG C: %s\n", buffer2);
161166 hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
162167 snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
169174 int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
170175
171176 if (rc) {
177 free(buf);
172178 return 3;
173179 }
174180
178184 hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
179185 snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
180186
187 free(buf);
181188 if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
182189 return 1;
183190 }
185192 if (buf == NULL)
186193 return 1;
187194
188 if ((strstr(buf, CHALLENGE_STR) != NULL)||(strstr(buf, CHALLENGE_STR2) != NULL)) {
195 if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) {
189196 char serverfirstmessage[200];
190197 char *ptr = strstr(buf, CHALLENGE_STR);
198
191199 if (!ptr)
192200 ptr = strstr(buf, CHALLENGE_STR2);
193201 char *ptr_end = strstr(ptr, CHALLENGE_END_STR);
209217 serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0';
210218
211219 memset(buffer2, 0, sizeof(buffer2));
212 sasl_scram_sha1(buffer2, pass, clientfirstmessagebare, serverfirstmessage);
213 if (buffer2 == NULL) {
220 fooptr = buffer2;
221 sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage);
222 if (fooptr == NULL) {
214223 hydra_report(stderr, "[ERROR] Can't compute client response\n");
215224 free(buf);
216225 return 1;
218227 hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
219228 snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
220229 } else {
221 if (verbose || debug) hydra_report(stderr, "[ERROR] Not a valid server challenge\n");
230 if (verbose || debug)
231 hydra_report(stderr, "[ERROR] Not a valid server challenge\n");
222232 free(buf);
223233 return 1;
224234 }
225 free(buf);
226235 }
227236 break;
228237 #endif
238 ptr = 0;
229239 }
230240
241 free(buf);
231242 if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
232243 return 1;
233244 }
261272 if (strstr(buf, "<failure")) {
262273 hydra_report(stderr, "[ERROR] Protocol failure, try using another auth method. %s\n", strstr(buf, "<failure"));
263274 }
275 free(buf);
264276 return 3;
265277 }
266278
267279 void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
268280 int run = 1, next_run = 1, sock = -1, tls = 0;
269 char buffer[500];
281 char buffer[500], *buf = NULL;
270282 int myport = PORT_XMPP, mysslport = PORT_XMPP_SSL, disable_tls = 0;
271283 char *enddomain = NULL;
272284
275287 //so for o.nimbuzz.com will get nimbuzz.com
276288 //and hermes.jabber.org will get jabber.org
277289
278 domain=strchr(target, '.');
290 domain = strchr(target, '.');
279291 if (!domain) {
280292 hydra_report(stderr, "[ERROR] can't extract the domain name, you have to specify a fqdn xmpp server, the domain name will be used in the jabber init request\n");
281293 hydra_child_exit(1);
284296 enddomain = strrchr(target, '.');
285297 //check if target is not already a domain name aka only . char in the string
286298 if (enddomain && (enddomain == domain)) {
287 domain=target;
299 domain = target;
288300 } else {
289301 //moving to pass the . char
290302 domain = domain + 1;
327339 hydra_child_exit(1);
328340
329341 if (strstr(buf, "<stream:stream") == NULL) {
330 if (verbose || debug) hydra_report(stderr, "[ERROR] Not an xmpp protocol or service shutdown: %s\n", buf);
342 if (verbose || debug)
343 hydra_report(stderr, "[ERROR] Not an xmpp protocol or service shutdown: %s\n", buf);
331344 free(buf);
332345 hydra_child_exit(1);
333346 }
414427 hydra_report(stderr, "[VERBOSE] using XMPP DIGEST-MD5 AUTH mechanism\n");
415428 break;
416429 #endif
417 }
430 }
418431 }
419432 #ifdef LIBOPENSSL
420433 //check if tls is not wanted and if tls is available
473486 }
474487 }
475488
476 int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
489 int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
477490 // called before the childrens are forked off, so this is the function
478491 // which should be filled if initial connections and service setup has to be
479492 // performed once only.
+731
-615
hydra.c less more
00 /*
1 * hydra (c) 2001-2013 by van Hauser / THC <vh@thc.org>
1 * hydra (c) 2001-2014 by van Hauser / THC <vh@thc.org>
22 * http://www.thc.org
33 *
4 * Parallized network login hacker. Usage only allowed for legal purposes.
4 * Parallized network login hacker.
5 * Don't use in military or secret service organizations, or for illegal purposes.
56 *
67 * License: GNU AFFERO GENERAL PUBLIC LICENSE v3.0, see LICENSE file
78 */
910 #include "hydra.h"
1011 #include "bfg.h"
1112
12 extern void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
13 extern void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
14 extern void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
15 extern void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
16 extern void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
17 extern void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
18 extern void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
19 extern void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
20 extern void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
21 extern void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
22 extern void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
23 extern void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
24 extern void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
25 extern void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
26 extern void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
27 extern void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
28 extern void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
29 extern void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
30 extern void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
31 extern void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
32 extern void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
33 extern void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
34 extern void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
35 extern void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
36 extern void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
37 extern void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
38 extern void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
39 extern void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
40 extern void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
41 extern void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
42 extern void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
43 extern void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
44 extern void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
45 extern void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
46 extern void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
13 extern void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
14 extern void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
15 extern void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
16 extern void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
17 extern void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
18 extern void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
19 extern void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
20 extern void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
21 extern void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
22 extern void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
23 extern void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
24 extern void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
25 extern void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
26 extern void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
27 extern void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
28 extern void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
29 extern void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
30 extern void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
31 extern void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
32 extern void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
33 extern void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
34 extern void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
35 extern void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
36 extern void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
37 extern void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
38 extern void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
39 extern void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
40 extern void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
41 extern void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
42 extern void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
43 extern void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
44 extern void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
45 extern void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
46 extern void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
47 extern void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
48 extern void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
49 extern void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
4750 // ADD NEW SERVICES HERE
4851
4952 #ifdef HAVE_MATH_H
50 extern void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
51 extern int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
53 extern void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
54 extern int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
5255 #endif
5356 #ifdef LIBPOSTGRES
54 extern void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
55 extern int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
57 extern void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
58 extern int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
5659 #endif
5760 #ifdef LIBOPENSSL
58 extern void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
59 extern int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
60 extern void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
61 extern int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
62 extern void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
63 extern int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
64 extern void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
65 extern int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
66 extern void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
67 extern int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
61 extern void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
62 extern int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
63 extern void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
64 extern int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
65 extern void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
66 extern int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
67 extern void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
68 extern int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
69 extern void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
70 extern int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
6871 #endif
6972 #ifdef LIBSAPR3
70 extern void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
71 extern int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
73 extern void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
74 extern int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
7275 #endif
7376 #ifdef LIBFIREBIRD
74 extern void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
75 extern int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
77 extern void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
78 extern int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
7679 #endif
7780 #ifdef LIBAFP
78 extern void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
79 extern int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
81 extern void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
82 extern int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
8083 #endif
8184 #ifdef LIBNCP
82 extern void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
83 extern int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
85 extern void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
86 extern int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
8487 #endif
8588 #ifdef LIBSSH
86 extern void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
87 extern int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
88 extern void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
89 extern int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
89 extern void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
90 extern int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
91 extern void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
92 extern int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
9093 #endif
9194 #ifdef LIBSVN
92 extern void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
93 extern int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
95 extern void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
96 extern int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
9497 #endif
9598 #ifdef LIBORACLE
96 extern void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
97 extern int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
98 #endif
99
100 extern int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
101 extern int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
102 extern int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
103 extern int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
104 extern int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
105 extern int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
106 extern int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
107 extern int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
108 extern int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
109 extern int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
110 extern int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
111 extern int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
112 extern int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
113 extern int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
114 extern int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
115 extern int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
116 extern int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
117 extern int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
118 extern int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
119 extern int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
120 extern int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
121 extern int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
122 extern int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
123 extern int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
124 extern int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
125 extern int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
126 extern int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
127 extern int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
128 extern int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
129 extern int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
99 extern void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
100 extern int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
101 #endif
102
103 extern int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
104 extern int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
105 extern int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
106 extern int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
107 extern int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
108 extern int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
109 extern int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
110 extern int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
111 extern int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
112 extern int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
113 extern int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
114 extern int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
115 extern int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
116 extern int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
117 extern int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
118 extern int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
119 extern int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
120 extern int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
121 extern int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
122 extern int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
123 extern int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
124 extern int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
125 extern int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
126 extern int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
127 extern int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
128 extern int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
129 extern int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
130 extern int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
131 extern int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
132 extern int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
133 extern int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port);
134 extern int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port);
130135 // ADD NEW SERVICES HERE
131136
132137
133138 // ADD NEW SERVICES HERE
134 char *SERVICES = "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp rexec rlogin rsh sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp";
139 char *SERVICES = "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp";
135140
136141 #define MAXBUF 520
137142 #define MAXLINESIZE ( ( MAXBUF / 2 ) - 4 )
138 #define MAXTASKS 128
143 #define MAXTASKS 64
139144 #define MAXSERVERS 16
140145 #define MAXFAIL 3
141146 #define MAXENDWAIT 20
143148 #define TASKS 16
144149 #define SKIPLOGIN 256
145150 #define USLEEP_LOOP 10
146 #define MAX_LINES 50000000 // 50 millions, do not put more than 65millions
147 #define MAX_BYTES 500000000 // 500 millions, do not put more than 650millions
151 #define MAX_LINES 50000000 // 50 millions, do not put more than 65millions
152 #define MAX_BYTES 500000000 // 500 millions, do not put more than 650millions
148153
149154 #define RESTOREFILE "./hydra.restore"
150155
151156 #define PROGRAM "Hydra"
152 #define VERSION "v7.5"
157 #define VERSION "v8.0"
153158 #define AUTHOR "van Hauser/THC"
154159 #define EMAIL "<vh@thc.org>"
155160 #define AUTHOR2 "David Maciejak"
161166 extern char *hydra_string_replace(const char *string, const char *substr, const char *replacement);
162167 extern char *hydra_address2string(char *address);
163168 extern int colored_output;
169 extern char quiet;
170 extern int do_retry;
164171
165172 void hydra_kill_head(int head_no, int killit, int fail);
166173
194201 int ok;
195202 int failed;
196203 int skipcnt;
204 int port;
197205 char *redo_login[MAXTASKS * 2 + 2];
198206 char *redo_pass[MAXTASKS * 2 + 2];
199207 char *skiplogin[SKIPLOGIN];
211219 unsigned long int found;
212220 unsigned long int countlogin;
213221 unsigned long int countpass;
214 size_t sizelogin;
222 size_t sizelogin;
215223 size_t sizepass;
216224 FILE *ofp;
217225 } hydra_brain;
230238 int try_password_reverse_login;
231239 int exit_found;
232240 int max_use;
241 int cidr;
233242 char *login;
234243 char *loginfile;
235244 char *pass;
292301 #include "performance.h"
293302
294303 void help(int ext) {
295 printf("Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]"
296 " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]"
304 printf("Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]"
297305 #ifdef HAVE_MATH_H
298306 " [-x MIN:MAX:CHARSET]"
299307 #endif
300 " [-SuvV46] "
308 " [-SuvVd46] "
301309 //"[server service [OPT]]|"
302310 "[service://server[:PORT][/OPT]]\n");
303311 printf("\nOptions:\n");
304 if (ext) printf(" -R restore a previous aborted/crashed session\n");
312 if (ext)
313 printf(" -R restore a previous aborted/crashed session\n");
305314 #ifdef LIBOPENSSL
306 if (ext) printf(" -S perform an SSL connect\n");
307 #endif
308 if (ext) printf(" -s PORT if the service is on a different default port, define it here\n");
315 if (ext)
316 printf(" -S perform an SSL connect\n");
317 #endif
318 if (ext)
319 printf(" -s PORT if the service is on a different default port, define it here\n");
309320 printf(" -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n");
310321 printf(" -p PASS or -P FILE try password PASS, or load several passwords from FILE\n");
311322 #ifdef HAVE_MATH_H
312 if (ext) printf(" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n");
313 #endif
314 if (ext) printf(" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n");
315 if (ext) printf(" -u loop around users, not passwords (effective! implied with -x)\n");
323 if (ext)
324 printf(" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n");
325 #endif
326 if (ext)
327 printf(" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n");
328 if (ext)
329 printf(" -u loop around users, not passwords (effective! implied with -x)\n");
316330 printf(" -C FILE colon separated \"login:pass\" format, instead of -L/-P options\n");
317 printf(" -M FILE list of servers to be attacked in parallel, one entry per line\n");
318 if (ext) printf(" -o FILE write found login/password pairs to FILE instead of stdout\n");
319 if (ext) printf(" -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n");
331 printf(" -M FILE list of servers to attack, one entry per line, ':' to specify port\n");
332 if (ext)
333 printf(" -o FILE write found login/password pairs to FILE instead of stdout\n");
334 if (ext)
335 printf(" -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n");
320336 printf(" -t TASKS run TASKS number of connects in parallel (per host, default: %d)\n", TASKS);
321 if (ext) printf(" -w / -W TIME waittime for responses (%ds) / between connects per thread\n", WAITTIME);
322 if (ext) printf(" -4 / -6 prefer IPv4 (default) or IPv6 addresses\n");
323 if (ext) printf(" -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n");
337 if (ext)
338 printf(" -w / -W TIME waittime for responses (%ds) / between connects per thread\n", WAITTIME);
339 if (ext)
340 printf(" -4 / -6 prefer IPv4 (default) or IPv6 addresses\n");
341 if (ext)
342 printf(" -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n");
343 if (ext)
344 printf(" -q do not print messages about connection erros\n");
324345 printf(" -U service module usage details\n");
325 if (ext == 0) printf(" -h more command line options (complete help)\n");
326 printf(" server the target server (use either this OR the -M option)\n");
346 if (ext == 0)
347 printf(" -h more command line options (COMPLETE HELP)\n");
348 printf(" server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)\n");
327349 printf(" service the service to crack (see below for supported protocols)\n");
328350 printf(" OPT some service modules support additional input (-U for module help)\n");
329351
330352 printf("\nSupported services: %s\n", SERVICES);
331 printf("\n%s is a tool to guess/crack valid login/password pairs - usage only allowed\nfor legal purposes. This tool is licensed under AGPL v3.0.\nThe newest version is always available at %s\n", PROGRAM, RESOURCE);
353 printf
354 ("\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\nv3.0. The newest version is always available at %s\n",
355 PROGRAM, RESOURCE);
356 printf("Don't use in military or secret service organizations, or for illegal purposes.\n");
332357 if (ext && strlen(unsupported) > 0) {
333358 if (unsupported[strlen(unsupported) - 1] == ' ')
334359 unsupported[strlen(unsupported) - 1] = 0;
335360 printf("These services were not compiled in: %s.\n", unsupported);
336361 }
337362 if (ext) {
338 printf("\nUse HYDRA_PROXY_HTTP/HYDRA_PROXY and HYDRA_PROXY_AUTH environment for a proxy.\n");
339 printf("E.g.: %% export HTTP_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)\n");
340 printf(" %% export HTTP_PROXY_HTTP=http://proxy:8080\n");
341 printf(" %% export HTTP_PROXY_AUTH=user:pass\n");
342 }
343
363 printf("\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.\n");
364 printf("E.g.: %% export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)\n");
365 printf(" %% export HYDRA_PROXY_HTTP=http://proxy:8080\n");
366 printf(" %% export HYDRA_PROXY_AUTH=user:pass\n");
367 }
368
344369 printf("\nExample%s:%s hydra -l user -P passlist.txt ftp://192.168.0.1\n", ext == 0 ? "" : "s", ext == 0 ? "" : "\n");
345370 if (ext) {
346371 printf(" hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN\n");
347 printf(" hydra -C defaults.txt -6 pop3s://[fe80::2c:31ff:fe12:ac11]:143/TLS:DIGEST-MD5\n");
372 printf(" hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5\n");
373 printf(" hydra -l admin -p password ftp://[192.168.0.0/24]/\n");
374 printf(" hydra -L logins.txt -P pws.txt -M targets.txt ssh\n");
348375 }
349376 exit(-1);
350377 }
361388 "Examples:\n"
362389 " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n"
363390 " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n"
364 " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n"
365 " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n");
391 " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n");
366392 printf("\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n");
367393 exit(-1);
368394 }
393419 if (!find && (strcmp(hydra_options.service, "pop3") == 0)) {
394420 printf("Module pop3 is optionally taking one authentication type of:\n"
395421 " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
396 " CRAM-SHA256, DIGEST-MD5, NTLM.\n"
397 "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n"
398 "Example: pop3://target/TLS:PLAIN\n");
422 " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n");
399423 find = 1;
400424 }
401425 if (!find && (strcmp(hydra_options.service, "rdp") == 0)) {
402 printf("Module rdp is optionally taking the windows domain name.\n"
403 "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n");
426 printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n");
404427 find = 1;
405428 }
429 if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) {
430 printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n");
431 find = 1;
432 }
406433 if (!find && (strcmp(hydra_options.service, "nntp") == 0)) {
407 printf("Module nntp is optionally taking one authentication type of:\n"
408 " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n");
434 printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n");
409435 find = 1;
410436 }
411437 if (!find && (strcmp(hydra_options.service, "imap") == 0)) {
412438 printf("Module imap is optionally taking one authentication type of:\n"
413439 " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
414 " CRAM-SHA256, DIGEST-MD5, NTLM\n"
415 "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n"
416 "Example: imap://target/TLS:PLAIN\n");
440 " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n");
417441 find = 1;
418442 }
419443 if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) {
420444 printf("Module smtp-enum is optionally taking one SMTP command of:\n\n"
421445 "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n"
422446 "login parameter is used as username and password parameter as the domain name\n"
423 "For example to test if john@localhost exists on 192.168.0.1:\n"
424 "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n");
447 "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n");
425448 find = 1;
426449 }
427450 if (!find && (strcmp(hydra_options.service, "smtp")) == 0) {
428451 printf("Module smtp is optionally taking one authentication type of:\n"
429452 " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"
430 "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n"
431 "Example: smtp://target/TLS:PLAIN\n");
453 "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n");
432454 find = 1;
433455 }
434456 if (!find && (strcmp(hydra_options.service, "svn") == 0)) {
440462 find = 1;
441463 }
442464 if (!find && (strcmp(hydra_options.service, "firebird") == 0)) {
443 printf("Module firebird is optionally taking the database path to attack,\n"
444 "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n");
465 printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n");
445466 find = 1;
446467 }
447468 if (!find && (strcmp(hydra_options.service, "mysql") == 0)) {
449470 find = 1;
450471 }
451472 if (!find && (strcmp(hydra_options.service, "irc") == 0)) {
452 printf("Module irc is optionally taking the general server password, if the server is requiring one\n"
453 "and none is passed the password from -p/-P will be used\n\n");
473 printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n");
454474 find = 1;
455475 }
456476 if (!find && (strcmp(hydra_options.service, "postgres") == 0)) {
459479 }
460480 if (!find && (strcmp(hydra_options.service, "telnet") == 0)) {
461481 printf("Module telnet is optionally taking the string which is displayed after\n"
462 "a successful login (case insensitive), use if the default in the telnet\n"
463 "module produces too many false positives\n\n");
482 "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n");
464483 find = 1;
465484 }
466485 if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) {
471490 printf("Module sshkey does not provide additional options, although the semantic for\n"
472491 "options -p and -P is changed:\n"
473492 " -p expects a path to an unencrypted private key in PEM format.\n"
474 " -P expects a filename containing a list of path to some unencrypted\n"
475 " private keys in PEM format.\n\n");
493 " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n");
476494 find = 1;
477495 }
478496 if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) {
486504 find = 1;
487505 }
488506 if (!find && (strcmp(hydra_options.service, "cisco") == 0)) {
489 printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n"
490 "ENTER when connecting to the service.\n");
507 printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n");
491508 find = 1;
492509 }
493510 if (!find && ((strcmp(hydra_options.service, "ldap2") == 0)
524541 || (strcmp(hydra_options.service, "https-post-form") == 0)
525542 || (strncmp(hydra_options.service, "http-form", 9) == 0)
526543 || (strncmp(hydra_options.service, "https-form", 10) == 0)
527 )
544 )
528545 ) {
529546 printf("Module %s requires the page and the parameters for the web form.\n\n"
530547 "By default this module is configured to follow a maximum of 5 redirections in\n"
531548 "a row. It always gathers a new cookie from the same URL without variables\n"
532549 "The parameters take three \":\" separated values, plus optional values.\n"
533 "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n"
550 "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n"
534551 "\nSyntax: <url>:<form parameters>:<condition string>[:<optional>[:<optional>]\n"
535552 "First is the page on the server to GET or POST to (URL).\n"
536553 "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n"
556573 }
557574 if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) {
558575 printf("Module http-proxy is optionally taking the page to authenticate at.\n"
559 "Default is http://www.microsoft.com/)\n"
560 "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n");
576 "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n");
561577 find = 1;
562578 }
563579 if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) {
564580 printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n"
565581 "The -L loginfile must contain the URL list to try through the proxy.\n"
566582 "The proxy credentials cann be put as the optional parameter, e.g.\n"
567 " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n"
568 " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n");
583 " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n");
569584 find = 1;
570585 }
571586 if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) {
594609 || (strcmp(hydra_options.service, "https-post") == 0))
595610 ) {
596611 printf("Module %s requires the page to authenticate.\n"
597 "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n",
598 hydra_options.service);
612 "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service);
599613 find = 1;
600614 }
601615 }
639653 exit(-1);
640654 }
641655
642 /*
643 void hydra_bfg_remove(int head_no) {
644 int i = 0, j = 0;
645 char *ptr;
646
647 if (hydra_heads[head_no]->current_pass_ptr == NULL ||
648 hydra_heads[head_no]->current_pass_ptr == hydra_targets[hydra_heads[head_no]->target_no]->pass_ptr ||
649 hydra_heads[head_no]->current_pass_ptr[0] == 0)
650 return;
651 if (hydra_brains.countlogin > 1) {
652 for (i = 0; i < hydra_options.max_use && j < 2; i++)
653 if (hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[i] == hydra_heads[head_no]->current_pass_ptr)
654 j++;
655 if (j != 1)
656 return;
657 }
658 if (debug)
659 printf("[DEBUG] bfg free of child %d ptr %p (%s)\n", head_no, hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_pass_ptr);
660 // to prevent a race condition
661 ptr = hydra_heads[head_no]->current_pass_ptr;
662 hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[i] = NULL;
663 hydra_heads[head_no]->current_pass_ptr = NULL;
664 free(ptr);
665 }
666 */
667
668656 void hydra_restore_write(int print_msg) {
669657 FILE *f;
670658 hydra_brain brain;
688676 perror("");
689677 process_restore = 0;
690678 return;
691 } else
692 if (debug)
693 printf("[DEBUG] Writing restore file... ");
679 } else if (debug)
680 printf("[DEBUG] Writing restore file... ");
694681
695682 fprintf(f, "%s\n", PROGRAM);
696683 memcpy(&brain, &hydra_brains, sizeof(hydra_brain));
716703 for (j = 0; j < hydra_brains.targets; j++)
717704 if (hydra_targets[j]->done != 1) {
718705 fck = fwrite(hydra_targets[j], sizeof(hydra_target), 1, f);
719 fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int)(hydra_targets[j]->login_ptr - login_ptr), (int)(hydra_targets[j]->pass_ptr - pass_ptr));
706 fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int) (hydra_targets[j]->login_ptr - login_ptr),
707 (int) (hydra_targets[j]->pass_ptr - pass_ptr));
720708 fprintf(f, "%s\n%s\n", hydra_targets[j]->login_ptr, hydra_targets[j]->pass_ptr);
721709 if (hydra_targets[j]->redo)
722710 for (i = 0; i < hydra_targets[j]->redo; i++)
726714 fprintf(f, "%s\n", hydra_targets[j]->skiplogin[i]);
727715 }
728716 for (j = 0; j < hydra_options.max_use; j++) {
729 memcpy((char*)&hh, hydra_heads[j], sizeof(hydra_head));
730 hh.active = 0; // re-enable disabled heads
717 memcpy((char *) &hh, hydra_heads[j], sizeof(hydra_head));
718 hh.active = 0; // re-enable disabled heads
731719 if ((hh.current_login_ptr != NULL && hh.current_login_ptr != empty_login)
732720 || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) {
733721 hh.redo = 1;
735723 printf("[DEBUG] we will redo the following combination: target %s login \"%s\" pass \"%s\"\n", hydra_targets[hh.target_no]->target,
736724 hh.current_login_ptr, hh.current_pass_ptr);
737725 }
738 fck = fwrite((char*)&hh, sizeof(hydra_head), 1, f);
739 if (hh.redo/* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0])))*/)
726 fck = fwrite((char *) &hh, sizeof(hydra_head), 1, f);
727 if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */ )
740728 fprintf(f, "%s\n%s\n", hh.current_login_ptr == NULL ? "" : hh.current_login_ptr, hh.current_pass_ptr == NULL ? "" : hh.current_pass_ptr);
741729 else
742730 fprintf(f, "\n\n");
755743 FILE *f;
756744 char mynull[4];
757745 int i, j;
758 char out[1024], *ptr;
759
760 ptr = out;
746 char out[1024];
747
761748 if ((f = fopen(RESTOREFILE, "r")) == NULL) {
762749 fprintf(stderr, "[ERROR] restore file (%s) not found - ", RESTOREFILE);
763750 perror("");
816803 out[strlen(out) - 1] = 0;
817804 hydra_options.service = malloc(strlen(out) + 1);
818805 strcpy(hydra_options.service, out);
819
806
820807 login_ptr = malloc(hydra_brains.sizelogin);
821808 fck = (int) fread(login_ptr, hydra_brains.sizelogin, 1, f);
822 if ((hydra_options.mode & 64) != 64) { // NOT colonfile mode
809 if ((hydra_options.mode & 64) != 64) { // NOT colonfile mode
823810 pass_ptr = malloc(hydra_brains.sizepass);
824811 fck = (int) fread(pass_ptr, hydra_brains.sizepass, 1, f);
825812 } else { // colonfile mode
827814 pass_ptr = csv_ptr = login_ptr;
828815 }
829816
830 hydra_targets = malloc(hydra_brains.targets * sizeof(hydra_targets));
817 hydra_targets = malloc((hydra_brains.targets + 3 )* sizeof(hydra_targets));
831818 for (j = 0; j < hydra_brains.targets; j++) {
832819 hydra_targets[j] = malloc(sizeof(hydra_target));
833820 fck = (int) fread(hydra_targets[j], sizeof(hydra_target), 1, f);
840827 hydra_targets[j]->login_ptr = login_ptr + atoi(out);
841828 sck = fgets(out, sizeof(out), f);
842829 hydra_targets[j]->pass_ptr = pass_ptr + atoi(out);
843 sck = fgets(out, sizeof(out), f); // target login_ptr, ignord
830 sck = fgets(out, sizeof(out), f); // target login_ptr, ignord
844831 sck = fgets(out, sizeof(out), f);
845832 if (hydra_options.bfg) {
846833 if (out[0] != 0 && out[strlen(out) - 1] == '\n')
861848 hydra_targets[j]->redo_pass[i] = malloc(strlen(out) + 1);
862849 strcpy(hydra_targets[j]->redo_pass[i], out);
863850 }
851 if (hydra_targets[j]->skipcnt >= hydra_brains.countlogin)
852 hydra_targets[j]->skipcnt = 0;
864853 if (hydra_targets[j]->skipcnt > 0)
865854 for (i = 0; i < hydra_targets[j]->skipcnt; i++) {
866855 sck = fgets(out, sizeof(out), f);
873862 hydra_targets[j]->use_count = 0;
874863 hydra_targets[j]->failed = 0;
875864 }
876 hydra_heads = malloc(hydra_options.max_use * sizeof(hydra_heads));
865 hydra_heads = malloc((hydra_options.max_use + 2 ) * sizeof(int) + 8);
877866 for (j = 0; j < hydra_options.max_use; j++) {
878867 hydra_heads[j] = malloc(sizeof(hydra_head));
879868 fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f);
954943 exit(0);
955944 }
956945
957 unsigned long int countlines(FILE *fp, int colonmode) {
946 unsigned long int countlines(FILE * fp, int colonmode) {
958947 size_t lines = 0;
959948 char *buf = malloc(MAXLINESIZE);
960949 int only_one_empty_line = 0;
976965 }
977966 rewind(fp);
978967 free(buf);
979 fstat(fileno(fp), &st);
968 (void)fstat(fileno(fp), &st);
980969 size_of_data = st.st_size + 1;
981970 return lines;
982971 }
983972
984 void fill_mem(char *ptr, FILE *fp, int colonmode) {
973 void fill_mem(char *ptr, FILE * fp, int colonmode) {
985974 char tmp[MAXBUF + 4] = "", *ptr2;
986975 unsigned int len;
987976 int only_one_empty_line = 0;
10381027 }
10391028
10401029 void hydra_service_init(int target_no) {
1041 int x = 2;
1030 int x = 99;
10421031
10431032 #ifdef LIBAFP
10441033 if (strcmp(hydra_options.service, "afp") == 0)
1045 x = service_afp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1034 x = service_afp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10461035 #endif
10471036 if (strcmp(hydra_options.service, "asterisk") == 0)
1048 x = service_asterisk_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1037 x = service_asterisk_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10491038 if (strcmp(hydra_options.service, "cisco-enable") == 0)
1050 x = service_cisco_enable_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1039 x = service_cisco_enable_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10511040 if (strcmp(hydra_options.service, "cvs") == 0)
1052 x = service_cvs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1041 x = service_cvs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10531042 if (strcmp(hydra_options.service, "cisco") == 0)
1054 x = service_cisco_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1043 x = service_cisco_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10551044 #ifdef LIBFIREBIRD
10561045 if (strcmp(hydra_options.service, "firebird") == 0)
1057 x = service_firebird_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1046 x = service_firebird_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10581047 #endif
10591048 if (strcmp(hydra_options.service, "ftp") == 0 || strcmp(hydra_options.service, "ftps") == 0)
1060 x = service_ftp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1049 x = service_ftp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
1050 if (strcmp(hydra_options.service, "redis") == 0 || strcmp(hydra_options.service, "redis") == 0)
1051 x = service_redis_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10611052 if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0)
1062 x = service_http_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1053 x = service_http_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10631054 if (strcmp(hydra_options.service, "http-form") == 0 || strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0)
1064 x = service_http_form_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1055 x = service_http_form_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10651056 if (strcmp(hydra_options.service, "http-proxy") == 0)
1066 x = service_http_proxy_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1057 x = service_http_proxy_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10671058 if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)
1068 x = service_http_proxy_urlenum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1059 x = service_http_proxy_urlenum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10691060 if (strcmp(hydra_options.service, "icq") == 0)
1070 x = service_icq_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1061 x = service_icq_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10711062 if (strcmp(hydra_options.service, "imap") == 0)
1072 x = service_imap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1063 x = service_imap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10731064 if (strcmp(hydra_options.service, "irc") == 0)
1074 x = service_irc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1065 x = service_irc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10751066 if (strncmp(hydra_options.service, "ldap", 4) == 0)
1076 x = service_ldap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1067 x = service_ldap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10771068 #ifdef LIBOPENSSL
10781069 if (strcmp(hydra_options.service, "sip") == 0)
1079 x = service_sip_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1070 x = service_sip_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10801071 if (strcmp(hydra_options.service, "smb") == 0 || strcmp(hydra_options.service, "smbnt") == 0)
1081 x = service_smb_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1072 x = service_smb_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10821073 if (strcmp(hydra_options.service, "oracle-listener") == 0)
1083 x = service_oracle_listener_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1074 x = service_oracle_listener_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10841075 if (strcmp(hydra_options.service, "oracle-sid") == 0)
1085 x = service_oracle_sid_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1076 x = service_oracle_sid_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10861077 if (strcmp(hydra_options.service, "rdp") == 0)
1087 x = service_rdp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1078 x = service_rdp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10881079 #endif
10891080 if (strcmp(hydra_options.service, "mssql") == 0)
1090 x = service_mssql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1081 x = service_mssql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10911082 #ifdef HAVE_MATH_H
10921083 if (strcmp(hydra_options.service, "mysql") == 0)
1093 x = service_mysql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1084 x = service_mysql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10941085 #endif
10951086 #ifdef LIBNCP
10961087 if (strcmp(hydra_options.service, "ncp") == 0)
1097 x = service_ncp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1088 x = service_ncp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
10981089 #endif
10991090 if (strcmp(hydra_options.service, "nntp") == 0)
1100 x = service_nntp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1091 x = service_nntp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11011092 #ifdef LIBORACLE
11021093 if (strcmp(hydra_options.service, "oracle") == 0)
1103 x = service_oracle_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1094 x = service_oracle_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11041095 #endif
11051096 if (strcmp(hydra_options.service, "pcanywhere") == 0)
1106 x = service_pcanywhere_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1097 x = service_pcanywhere_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11071098 if (strcmp(hydra_options.service, "pcnfs") == 0)
1108 x = service_pcnfs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1099 x = service_pcnfs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11091100 if (strcmp(hydra_options.service, "pop3") == 0)
1110 x = service_pop3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1101 x = service_pop3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11111102 #ifdef LIBPOSTGRES
11121103 if (strcmp(hydra_options.service, "postgres") == 0)
1113 x = service_postgres_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1104 x = service_postgres_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11141105 #endif
11151106 if (strcmp(hydra_options.service, "rexec") == 0)
1116 x = service_rexec_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1107 x = service_rexec_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11171108 if (strcmp(hydra_options.service, "rlogin") == 0)
1118 x = service_rlogin_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1109 x = service_rlogin_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11191110 if (strcmp(hydra_options.service, "rsh") == 0)
1120 x = service_rsh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1111 x = service_rsh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11211112 #ifdef LIBSAPR3
11221113 if (strcmp(hydra_options.service, "sapr3") == 0)
1123 x = service_sapr3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1114 x = service_sapr3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11241115 #endif
11251116 if (strcmp(hydra_options.service, "smtp") == 0)
1126 x = service_smtp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1117 x = service_smtp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11271118 if (strcmp(hydra_options.service, "smtp-enum") == 0)
1128 x = service_smtp_enum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1119 x = service_smtp_enum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11291120 if (strcmp(hydra_options.service, "snmp") == 0)
1130 x = service_snmp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1121 x = service_snmp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11311122 if (strcmp(hydra_options.service, "socks5") == 0)
1132 x = service_socks5_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1123 x = service_socks5_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11331124 #ifdef LIBSSH
11341125 if (strcmp(hydra_options.service, "ssh") == 0)
1135 x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1126 x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11361127 if (strcmp(hydra_options.service, "sshkey") == 0)
1137 x = service_sshkey_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1128 x = service_sshkey_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11381129 #endif
11391130 #ifdef LIBSVN
11401131 if (strcmp(hydra_options.service, "svn") == 0)
1141 x = service_svn_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1132 x = service_svn_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11421133 #endif
11431134 if (strcmp(hydra_options.service, "teamspeak") == 0)
1144 x = service_teamspeak_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1135 x = service_teamspeak_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11451136 if (strcmp(hydra_options.service, "telnet") == 0)
1146 x = service_telnet_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1137 x = service_telnet_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11471138 if (strcmp(hydra_options.service, "vmauthd") == 0)
1148 x = service_vmauthd_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1139 x = service_vmauthd_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11491140 if (strcmp(hydra_options.service, "vnc") == 0)
1150 x = service_vnc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1141 x = service_vnc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11511142 if (strcmp(hydra_options.service, "xmpp") == 0)
1152 x = service_xmpp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port);
1143 x = service_xmpp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
1144 if (strcmp(hydra_options.service, "s7-300") == 0)
1145 x = service_s7_300_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
11531146 // ADD NEW SERVICES HERE
11541147
1155
1156 if (x != 0 && x != 2)
1157 exit(-1);
1148 if (x != 0 && x != 99) {
1149 if (x > 0 && x < 4)
1150 hydra_targets[target_no]->done = x;
1151 else
1152 hydra_targets[target_no]->done = 2;
1153 hydra_brains.finished++;
1154 if (hydra_brains.targets == 1)
1155 exit(-1);
1156 }
11581157 }
11591158
11601159
11611160 int hydra_spawn_head(int head_no, int target_no) {
11621161 int i;
11631162
1163 if (head_no < 0 || head_no >= hydra_options.max_use || target_no < 0 || target_no >= hydra_brains.targets) {
1164 if (verbose > 1 || debug)
1165 printf("[DEBUG-ERROR] spawn_head: head_no %d, target_no %d\n", head_no, target_no);
1166 return -1;
1167 }
1168
11641169 if (hydra_heads[head_no]->active < 0) {
1165 printf("DEBUG-ERROR - child %d should not be respawned!\n", head_no);
1170 printf("[DEBUG-ERROR] child %d should not be respawned!\n", head_no);
11661171 return -1;
11671172 }
11681173
11861191 for (i = 0; i < hydra_options.max_use; i++)
11871192 if (i != head_no)
11881193 free(hydra_heads[i]);
1189 for (i = 0; i < countservers; i++)
1194 for (i = 0; i < hydra_brains.targets; i++)
11901195 if (i != target_no)
11911196 free(hydra_targets[i]);
11921197 if (hydra_options.loginfile != NULL)
12011206
12021207 // now call crack module
12031208 if (strcmp(hydra_options.service, "asterisk") == 0)
1204 service_asterisk(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1209 service_asterisk(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12051210 if (strcmp(hydra_options.service, "telnet") == 0)
1206 service_telnet(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1211 service_telnet(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12071212 if (strcmp(hydra_options.service, "ftp") == 0)
1208 service_ftp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1213 service_ftp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12091214 if (strcmp(hydra_options.service, "ftps") == 0)
1210 service_ftps(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1215 service_ftps(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
1216 if (strcmp(hydra_options.service, "redis") == 0)
1217 service_redis(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12111218 if (strcmp(hydra_options.service, "pop3") == 0)
1212 service_pop3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1219 service_pop3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12131220 if (strcmp(hydra_options.service, "imap") == 0)
1214 service_imap(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1221 service_imap(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12151222 if (strcmp(hydra_options.service, "vmauthd") == 0)
1216 service_vmauthd(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1223 service_vmauthd(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12171224 if (strcmp(hydra_options.service, "ldap2") == 0)
1218 service_ldap2(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1225 service_ldap2(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12191226 if (strcmp(hydra_options.service, "ldap3") == 0)
1220 service_ldap3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1227 service_ldap3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12211228 if (strcmp(hydra_options.service, "http-head") == 0)
1222 service_http_head(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1229 service_http_head(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12231230 if (strcmp(hydra_options.service, "ldap3-crammd5") == 0)
1224 service_ldap3_cram_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1231 service_ldap3_cram_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12251232 if (strcmp(hydra_options.service, "ldap3-digestmd5") == 0)
1226 service_ldap3_digest_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1233 service_ldap3_digest_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12271234 if (strcmp(hydra_options.service, "http-get") == 0)
1228 service_http_get(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1235 service_http_get(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12291236 if (strcmp(hydra_options.service, "http-get-form") == 0)
1230 service_http_get_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1237 service_http_get_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12311238 if (strcmp(hydra_options.service, "http-post-form") == 0)
1232 service_http_post_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1239 service_http_post_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12331240 if (strcmp(hydra_options.service, "http-proxy") == 0)
1234 service_http_proxy(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1241 service_http_proxy(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12351242 if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)
1236 service_http_proxy_urlenum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1243 service_http_proxy_urlenum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12371244 if (strcmp(hydra_options.service, "cisco") == 0)
1238 service_cisco(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1245 service_cisco(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12391246 if (strcmp(hydra_options.service, "cisco-enable") == 0)
1240 service_cisco_enable(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1247 service_cisco_enable(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12411248 if (strcmp(hydra_options.service, "socks5") == 0)
1242 service_socks5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1249 service_socks5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12431250 if (strcmp(hydra_options.service, "vnc") == 0)
1244 service_vnc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1251 service_vnc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12451252 if (strcmp(hydra_options.service, "rexec") == 0)
1246 service_rexec(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1253 service_rexec(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12471254 if (strcmp(hydra_options.service, "rlogin") == 0)
1248 service_rlogin(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1255 service_rlogin(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12491256 if (strcmp(hydra_options.service, "rsh") == 0)
1250 service_rsh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1257 service_rsh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12511258 if (strcmp(hydra_options.service, "nntp") == 0)
1252 service_nntp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1259 service_nntp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12531260 if (strcmp(hydra_options.service, "icq") == 0)
1254 service_icq(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1261 service_icq(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12551262 if (strcmp(hydra_options.service, "pcnfs") == 0)
1256 service_pcnfs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1263 service_pcnfs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12571264 #ifdef HAVE_MATH_H
12581265 if (strcmp(hydra_options.service, "mysql") == 0)
1259 service_mysql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1266 service_mysql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12601267 #endif
12611268 if (strcmp(hydra_options.service, "mssql") == 0)
1262 service_mssql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1269 service_mssql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12631270 #ifdef LIBOPENSSL
12641271 if (strcmp(hydra_options.service, "oracle-listener") == 0)
1265 service_oracle_listener(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1272 service_oracle_listener(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12661273 if (strcmp(hydra_options.service, "oracle-sid") == 0)
1267 service_oracle_sid(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1274 service_oracle_sid(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12681275 #endif
12691276 #ifdef LIBORACLE
12701277 if (strcmp(hydra_options.service, "oracle") == 0)
1271 service_oracle(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1278 service_oracle(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12721279 #endif
12731280 #ifdef LIBPOSTGRES
12741281 if (strcmp(hydra_options.service, "postgres") == 0)
1275 service_postgres(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1282 service_postgres(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12761283 #endif
12771284 #ifdef LIBFIREBIRD
12781285 if (strcmp(hydra_options.service, "firebird") == 0)
1279 service_firebird(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1286 service_firebird(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12801287 #endif
12811288 #ifdef LIBAFP
12821289 if (strcmp(hydra_options.service, "afp") == 0)
1283 service_afp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1290 service_afp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12841291 #endif
12851292 #ifdef LIBNCP
12861293 if (strcmp(hydra_options.service, "ncp") == 0)
1287 service_ncp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1294 service_ncp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12881295 #endif
12891296 if (strcmp(hydra_options.service, "pcanywhere") == 0)
1290 service_pcanywhere(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1297 service_pcanywhere(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12911298 if (strcmp(hydra_options.service, "cvs") == 0)
1292 service_cvs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1299 service_cvs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12931300 #ifdef LIBSVN
12941301 if (strcmp(hydra_options.service, "svn") == 0)
1295 service_svn(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1302 service_svn(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12961303 #endif
12971304 if (strcmp(hydra_options.service, "snmp") == 0)
1298 service_snmp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1305 service_snmp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
12991306 #ifdef LIBOPENSSL
13001307 if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))
1301 service_smb(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1308 service_smb(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
13021309 #endif
13031310 #ifdef LIBSAPR3
13041311 if (strcmp(hydra_options.service, "sapr3") == 0)
1305 service_sapr3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1312 service_sapr3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
13061313 #endif
13071314 #ifdef LIBSSH
13081315 if (strcmp(hydra_options.service, "ssh") == 0)
1309 service_ssh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1316 service_ssh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
13101317 if (strcmp(hydra_options.service, "sshkey") == 0)
1311 service_sshkey(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1318 service_sshkey(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
13121319 #endif
13131320 if (strcmp(hydra_options.service, "smtp") == 0)
1314 service_smtp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1321 service_smtp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
13151322 if (strcmp(hydra_options.service, "smtp-enum") == 0)
1316 service_smtp_enum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1323 service_smtp_enum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
13171324 if (strcmp(hydra_options.service, "teamspeak") == 0)
1318 service_teamspeak(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1325 service_teamspeak(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
13191326 #ifdef LIBOPENSSL
13201327 if (strcmp(hydra_options.service, "sip") == 0)
1321 service_sip(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1328 service_sip(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
13221329 #endif
13231330 if (strcmp(hydra_options.service, "xmpp") == 0)
1324 service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1331 service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
13251332 if (strcmp(hydra_options.service, "irc") == 0)
1326 service_irc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1333 service_irc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
13271334 #ifdef LIBOPENSSL
13281335 if (strcmp(hydra_options.service, "rdp") == 0)
1329 service_rdp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port);
1330 #endif
1336 service_rdp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
1337 #endif
1338 if (strcmp(hydra_options.service, "s7-300") == 0)
1339 service_s7_300(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port);
13311340 // ADD NEW SERVICES HERE
13321341
13331342 // just in case a module returns (which it shouldnt) we let it exit here
13361345 child_head_no = -1;
13371346 if (hydra_heads[head_no]->pid > 0) {
13381347 fck = write(hydra_heads[head_no]->sp[1], "n", 1); // yes, a small "n" - this way we can distinguish later if the client successfully tested a pair and is requesting a new one or the mother did that
1339 fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK);
1348 (void)fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK);
13401349 if (hydra_heads[head_no]->redo != 1)
13411350 hydra_heads[head_no]->target_no = target_no;
13421351 hydra_heads[head_no]->active = 1;
13931402 {"nntp", PORT_NNTP, PORT_NNTP_SSL},
13941403 {"pcnfs", PORT_PCNFS, PORT_PCNFS_SSL},
13951404 {"pop3", PORT_POP3, PORT_POP3_SSL},
1405 {"redis", PORT_REDIS, PORT_REDIS_SSL},
13961406 {"rexec", PORT_REXEC, PORT_REXEC_SSL},
13971407 {"rlogin", PORT_RLOGIN, PORT_RLOGIN_SSL},
13981408 {"rsh", PORT_RSH, PORT_RSH_SSL},
14211431 {"irc", PORT_IRC, PORT_IRC_SSL},
14221432 {"rdp", PORT_RDP, PORT_RDP_SSL},
14231433 {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL},
1434 {"s7-300", PORT_S7_300, PORT_S7_300_SSL},
1435 // ADD NEW SERVICES HERE - add new port numbers to hydra.h
14241436 {"", PORT_NOPORT, PORT_NOPORT}
1425 // ADD NEW SERVICES HERE - add new port numbers to hydra.h
14261437 };
14271438
14281439 while (strlen(hydra_portlists[i].name) > 0 && port == -2) {
14421453
14431454 // killit = 1 : kill(pid); fail = 1 : redo, fail = 2 : disable
14441455 void hydra_kill_head(int head_no, int killit, int fail) {
1456 if (head_no < 0)
1457 return;
14451458 if (hydra_heads[head_no]->active > 0) {
14461459 close(hydra_heads[head_no]->sp[0]);
14471460 close(hydra_heads[head_no]->sp[1]);
14551468 hydra_heads[head_no]->active = 0;
14561469 hydra_targets[hydra_heads[head_no]->target_no]->use_count--;
14571470 }
1458 if (fail == 1)
1459 hydra_heads[head_no]->redo = 1;
1460 else if (fail == 2) {
1471 if (fail == 1) {
1472 if (hydra_options.cidr != 1)
1473 hydra_heads[head_no]->redo = 1;
1474 } else if (fail == 2) {
1475 if (hydra_options.cidr != 1)
1476 hydra_heads[head_no]->active = -1;
1477 if (hydra_heads[head_no]->target_no >= 0)
1478 hydra_targets[hydra_heads[head_no]->target_no]->failed++;
1479 } else if (fail == 3) {
14611480 hydra_heads[head_no]->active = -1;
1462 hydra_targets[hydra_heads[head_no]->target_no]->failed++;
1481 if (hydra_heads[head_no]->target_no >= 0)
1482 hydra_targets[hydra_heads[head_no]->target_no]->failed++;
14631483 }
14641484 if (hydra_heads[head_no]->pid > 0 && killit)
14651485 kill(hydra_heads[head_no]->pid, SIGKILL);
14661486 hydra_heads[head_no]->pid = -1;
1467 if (hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3
1468 && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 &&
1469 hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) {
1487 if (fail < 1 && hydra_heads[head_no]->target_no >= 0 && hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3
1488 && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) {
14701489 free(hydra_heads[head_no]->current_pass_ptr);
14711490 hydra_heads[head_no]->current_pass_ptr = empty_login;
14721491 // hydra_bfg_remove(head_no);
14781497 void hydra_increase_fail_count(int target_no, int head_no) {
14791498 int i, k;
14801499
1500 if (target_no < 0)
1501 return;
1502
14811503 hydra_targets[target_no]->fail_count++;
14821504 if (debug)
1483 printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count, MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - hydra_targets[target_no]->failed) : 1) + (hydra_targets[target_no]->ok ? 2 : -2));
1484 if (hydra_targets[target_no]->fail_count >= MAXFAIL +
1485 (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - hydra_targets[target_no]->failed) : 1) + (hydra_targets[target_no]->ok ? 2 : -2)
1486 ) {
1505 printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count,
1506 MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5
1507 && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks -
1508 hydra_targets[target_no]->
1509 failed) : 1) +
1510 (hydra_targets[target_no]->ok ? 2 : -2));
1511 if (hydra_targets[target_no]->fail_count >=
1512 MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5
1513 && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks -
1514 hydra_targets[target_no]->
1515 failed) : 1) +
1516 (hydra_targets[target_no]->ok ? 2 : -2)
1517 ) {
14871518 k = 0;
14881519 for (i = 0; i < hydra_options.max_use; i++)
14891520 if (hydra_heads[i]->active >= 0 && hydra_heads[i]->target_no == target_no)
14901521 k++;
14911522 if (k <= 1) {
1523 // we need to put this in a list, otherwise we fail one login+pw test
1524 if (hydra_targets[target_no]->done == 0
1525 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2
1526 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login)
1527 || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) {
1528 hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr;
1529 hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr;
1530 hydra_targets[target_no]->redo++;
1531 if (debug)
1532 printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target,
1533 hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no);
1534 hydra_heads[head_no]->current_login_ptr = empty_login;
1535 hydra_heads[head_no]->current_pass_ptr = empty_login;
1536 }
14921537 if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) {
14931538 hydra_kill_head(head_no, 1, 2);
14941539 if (hydra_targets[target_no]->done == 0 && hydra_options.max_use == hydra_targets[target_no]->failed) {
14951540 if (hydra_targets[target_no]->ok == 1)
1496 hydra_targets[target_no]->done = 2; // mark target as done by errors
1541 hydra_targets[target_no]->done = 2; // mark target as done by errors
14971542 else
1498 hydra_targets[target_no]->done = 3; // mark target as done by unable to connect
1543 hydra_targets[target_no]->done = 3; // mark target as done by unable to connect
14991544 hydra_brains.finished++;
1500 fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", port);
1545 fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16
1546 && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16
1547 && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port);
15011548 }
15021549 } // we keep the last one alive as long as it make sense
15031550 } else {
1551 // we need to put this in a list, otherwise we fail one login+pw test
1552 if (hydra_targets[target_no]->done == 0
1553 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2
1554 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login)
1555 || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) {
1556 hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr;
1557 hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr;
1558 hydra_targets[target_no]->redo++;
1559 if (debug)
1560 printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target,
1561 hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no);
1562 hydra_heads[head_no]->current_login_ptr = empty_login;
1563 hydra_heads[head_no]->current_pass_ptr = empty_login;
1564 }
15041565 hydra_kill_head(head_no, 1, 2);
15051566 hydra_targets[target_no]->fail_count--;
15061567 if (k < 5 && hydra_targets[target_no]->ok)
15101571 if (verbose)
15111572 printf("[VERBOSE] Disabled child %d because of too many errors\n", head_no);
15121573 }
1513 // we need to put this in a list, otherwise we fail one login+pw test
1514 if (hydra_targets[target_no]->done == 0
1515 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2
1516 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login)
1517 || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) {
1518 hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr;
1519 hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr;
1520 hydra_targets[target_no]->redo++;
1521 if (debug)
1522 printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target,
1523 hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no);
1524 hydra_heads[head_no]->current_login_ptr = empty_login;
1525 hydra_heads[head_no]->current_pass_ptr = empty_login;
1526 }
15271574 } else {
15281575 hydra_kill_head(head_no, 1, 1);
15291576 if (verbose)
15331580
15341581 char *hydra_reverse_login(int head_no, char *login) {
15351582 int i, j = strlen(login);
1536
1583
15371584 if (j > 248)
15381585 j = 248;
15391586 else if (j == 0)
15411588 for (i = 0; i < j; i++)
15421589 hydra_heads[head_no]->reverse[i] = login[j - (i + 1)];
15431590 hydra_heads[head_no]->reverse[j] = 0;
1544
1591
15451592 return hydra_heads[head_no]->reverse;
15461593 }
15471594
15511598 snp_is_redo = 0;
15521599 snpdont = 0;
15531600 loop_cnt++;
1554 if (hydra_targets[target_no]->sent >= hydra_brains.todo) {
1555 if (hydra_targets[target_no]->done == 0) {
1556 hydra_targets[target_no]->done = 1;
1557 hydra_brains.finished++;
1558 if (verbose) printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target);
1559 }
1560 return -1;
1561 }
1601 if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) {
1602 hydra_heads[head_no]->redo = 0;
1603 snp_is_redo = 1;
1604 snpdone = 1;
1605 } else {
1606 if (hydra_targets[target_no]->sent >= hydra_brains.todo + hydra_targets[target_no]->redo) {
1607 if (hydra_targets[target_no]->done == 0) {
1608 hydra_targets[target_no]->done = 1;
1609 hydra_brains.finished++;
1610 if (verbose)
1611 printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target);
1612 }
1613 return -1;
1614 }
1615 }
1616
1617 if (debug)
1618 printf
1619 ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %lu/%lu, passcnt %lu/%lu, loop_cnt %d\n",
1620 target_no, head_no, hydra_heads[head_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode,
1621 hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr,
1622 hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt);
1623
15621624 if (loop_cnt > (hydra_brains.countlogin * 2) + 1 && loop_cnt > (hydra_brains.countpass * 2) + 1) {
15631625 if (debug)
15641626 printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %ld, todo %ld)\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo);
15651627 return -1;
15661628 }
15671629
1568 if (debug)
1569 printf("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %lu/%lu, passcnt %lu/%lu, loop_cnt %d\n",
1570 target_no, head_no, hydra_heads[head_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt);
15711630 if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) {
15721631 hydra_heads[head_no]->redo = 0;
15731632 snp_is_redo = 1;
15901649 loop_cnt = 0;
15911650 return -1; // head will be disabled by main while()
15921651 }
1593 if (hydra_options.loop_mode == 0) { // one user after another
1652 if (hydra_options.loop_mode == 0) { // one user after another
15941653 if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) {
15951654 // as we loop password in mode == 0 we set the current login first
15961655 hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr;
16201679 if (hydra_targets[target_no]->pass_state == 2 && snpdone == 0) {
16211680 // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double
16221681 if (hydra_options.try_password_reverse_login) {
1623 if ((hydra_options.try_password_same_as_login == 0 || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0)
1624 &&
1625 (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) {
1682 if ((hydra_options.try_password_same_as_login == 0
1683 || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0)
1684 && (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) {
16261685 hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr);
16271686 snpdone = 1;
16281687 } else {
16331692 }
16341693 hydra_targets[target_no]->pass_state++;
16351694 }
1636
16371695 // now we handle the -C -l/-L -p/-P data
16381696 if (hydra_targets[target_no]->pass_state == 3 && snpdone == 0) {
1639 if ((hydra_options.mode & 64) == 64) { // colon mode
1697 if ((hydra_options.mode & 64) == 64) { // colon mode
16401698 hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr;
16411699 hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr;
16421700 hydra_targets[target_no]->login_no++;
16541712 if (strcmp(hydra_targets[target_no]->login_ptr, hydra_heads[head_no]->current_login_ptr) != 0)
16551713 hydra_targets[target_no]->pass_state = 0;
16561714 if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0)
1657 ||
1658 (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0)
1659 ||
1660 (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) {
1715 || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0)
1716 ||
1717 (hydra_options.try_password_reverse_login
1718 && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) {
16611719 hydra_brains.sent++;
16621720 hydra_targets[target_no]->sent++;
16631721 if (debug)
16641722 printf("[DEBUG] double detected (-C)\n");
1665 return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small
1723 return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small
16661724 }
1667 } else { // standard -l -L -p -P mode
1725 } else { // standard -l -L -p -P mode
16681726 hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr;
16691727 hydra_targets[target_no]->pass_no++;
16701728 // double check
16871745 hydra_targets[target_no]->pass_ptr++;
16881746 }
16891747 if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0)
1690 ||
1691 (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0)
1692 ||
1693 (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) {
1748 || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0)
1749 ||
1750 (hydra_options.try_password_reverse_login
1751 && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) {
16941752 hydra_brains.sent++;
16951753 hydra_targets[target_no]->sent++;
16961754 if (debug)
16971755 printf("[DEBUG] double detected (-Pp)\n");
1698 return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small
1756 return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small
16991757 }
17001758 snpdone = 1;
17011759 }
17021760 }
17031761 }
1704 } else { // loop_mode == 1
1762 } else { // loop_mode == 1
17051763 if (hydra_targets[target_no]->pass_no < hydra_brains.countpass) {
17061764 hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr;
1707 if (hydra_targets[target_no]->pass_state == 0)
1708 hydra_heads[head_no]->current_pass_ptr = hydra_heads[head_no]->current_login_ptr;
1709 else if (hydra_targets[target_no]->pass_state == 1)
1710 hydra_heads[head_no]->current_pass_ptr = empty_login;
1711 else if (hydra_targets[target_no]->pass_state == 2)
1712 hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr);
1713 else {
1765 if (hydra_targets[target_no]->pass_state == 0) {
1766 if ((hydra_options.mode & 4) == 4)
1767 hydra_heads[head_no]->current_pass_ptr = strdup(hydra_heads[head_no]->current_login_ptr);
1768 else
1769 hydra_heads[head_no]->current_pass_ptr = hydra_heads[head_no]->current_login_ptr;
1770 } else if (hydra_targets[target_no]->pass_state == 1) {
1771 if ((hydra_options.mode & 4) == 4)
1772 hydra_heads[head_no]->current_pass_ptr = strdup(empty_login);
1773 else
1774 hydra_heads[head_no]->current_pass_ptr = empty_login;
1775 } else if (hydra_targets[target_no]->pass_state == 2) {
1776 if ((hydra_options.mode & 4) == 4)
1777 hydra_heads[head_no]->current_pass_ptr = strdup(hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr));
1778 else
1779 hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr);
1780 } else {
17141781 if (hydra_options.bfg && hydra_targets[target_no]->pass_state == 3
17151782 && hydra_heads[head_no]->current_pass_ptr != NULL &&
1716 strlen(hydra_heads[head_no]->current_pass_ptr) > 0 &&
1717 hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr)
1783 strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr)
17181784 free(hydra_heads[head_no]->current_pass_ptr);
17191785 hydra_heads[head_no]->current_pass_ptr = strdup(hydra_targets[target_no]->pass_ptr);
17201786 }
17321798 snpdont = 1;
17331799 hydra_targets[target_no]->pass_no++;
17341800 }
1735
1801
17361802 if (hydra_targets[target_no]->pass_state == 3) {
17371803 if (snpdont) {
17381804 hydra_targets[target_no]->pass_ptr = pass_ptr;
17391805 } else {
1740 if ((hydra_options.mode & 4) == 4) { // bfg mode
1806 if ((hydra_options.mode & 4) == 4) { // bfg mode
17411807 #ifndef HAVE_MATH_H
17421808 sleep(1);
17431809 #else
17451811 if (debug)
17461812 printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr);
17471813 #endif
1748 } else { // -p -P mode
1814 } else { // -p -P mode
17491815 hydra_targets[target_no]->pass_ptr++;
17501816 while (*hydra_targets[target_no]->pass_ptr != 0)
17511817 hydra_targets[target_no]->pass_ptr++;
17541820 hydra_targets[target_no]->pass_no++;
17551821 }
17561822 }
1757
1823
17581824 hydra_targets[target_no]->login_no = 0;
17591825 hydra_targets[target_no]->login_ptr = login_ptr;
17601826 } else if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) {
17651831 }
17661832 if (hydra_targets[target_no]->pass_state == 3 && snpdont == 0) {
17671833 if ((hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) < 1)
1768 ||
1769 (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0)
1770 ||
1771 (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) {
1834 || (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0)
1835 || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) {
17721836 hydra_brains.sent++;
17731837 hydra_targets[target_no]->sent++;
17741838 if (debug)
17811845 }
17821846
17831847 if (debug)
1784 printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s\n",
1785 snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr);
1786
1848 printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, redo %d\n",
1849 snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr,
1850 hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->redo);
1851
17871852 // no pair? then we go for redo state
17881853 if (!snpdone && hydra_targets[target_no]->redo_state == 0 && hydra_targets[target_no]->redo > 0) {
17891854 if (debug)
18171882 if (debug)
18181883 printf("[DEBUG] double found for %s == %s, skipping\n", hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi - 1]);
18191884 // only if -l/L -p/P with -u and if loginptr was not justed increased
1820 if ((hydra_options.mode & 64) != 64 && hydra_options.loop_mode == 0 && hydra_targets[target_no]->pass_no > 0) { // -l -P (not! -u)
1885 if ((hydra_options.mode & 64) != 64 && hydra_options.loop_mode == 0 && hydra_targets[target_no]->pass_no > 0) { // -l -P (not! -u)
18211886 // increase login_ptr to next
18221887 hydra_targets[target_no]->login_no++;
18231888 if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) {
18341899 hydra_targets[target_no]->pass_no = 0;
18351900 hydra_targets[target_no]->pass_state = 0;
18361901 }
1837 return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small
1838 }
1839 }
1840
1902 return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small
1903 }
1904 }
1905
18411906 memset(&snpbuf, 0, sizeof(snpbuf));
18421907 strncpy(snpbuf, hydra_heads[head_no]->current_login_ptr, MAXLINESIZE - 3);
18431908 if (strlen(hydra_heads[head_no]->current_login_ptr) > MAXLINESIZE - 3)
18521917 if (snp_is_redo == 0) {
18531918 hydra_brains.sent++;
18541919 hydra_targets[target_no]->sent++;
1855 } else
1856 if (debug)
1857 printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, is_redo %d\n",
1858 snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, snp_is_redo);
1920 } else if (debug)
1921 printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, is_redo %d\n",
1922 snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr,
1923 hydra_targets[target_no]->pass_ptr, snp_is_redo);
18591924 //hydra_dump_data(snpbuf, snpbuflen, "SENT");
18601925 fck = write(hydra_heads[head_no]->sp[0], snpbuf, snpbuflen);
18611926 if (fck < snpbuflen) {
18671932 }
18681933 if (debug || hydra_options.showAttempt) {
18691934 printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %lu of %lu [child %d]\n",
1870 snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr,
1935 hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr,
18711936 hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no);
18721937 }
18731938 loop_cnt = 0;
19422007 }
19432008
19442009 int hydra_select_target() {
1945 int target_no = -1, i, j = 0;
1946
2010 int target_no = -1, i, j = -1000;
2011
19472012 for (i = 0; i < hydra_brains.targets; i++)
19482013 if (hydra_targets[i]->use_count < hydra_options.tasks)
19492014 if (j < hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count) {
19552020
19562021 int main(int argc, char *argv[]) {
19572022 char *proxy_string = NULL, *device = NULL, *memcheck;
1958 FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL;
2023 FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL;
19592024 size_t countinfile = 1, sizeinfile = 0;
19602025 unsigned long int math2;
19612026 int i = 0, j = 0, k, error = 0, modusage = 0;
19622027 int head_no = 0, target_no = 0, exit_condition = 0, readres;
19632028 time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time;
1964 char *tmpptr;
2029 char *tmpptr, *tmpptr2;
19652030 char rc, buf[MAXBUF];
19662031 fd_set fdreadheads;
19672032 int max_fd;
19692034 struct sockaddr_in6 *ipv6 = NULL;
19702035 struct sockaddr_in *ipv4 = NULL;
19712036
1972 printf("%s %s (c)2013 by %s & %s - for legal purposes only\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2);
2037 printf("%s %s (c) 2014 by %s & %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2);
19732038 #ifndef LIBPOSTGRES
19742039 SERVICES = hydra_string_replace(SERVICES, "postgres ", "");
19752040 strcat(unsupported, "postgres ");
20772142 help(1);
20782143 if (argc < 3 && (argc < 2 || strcmp(argv[1], "-R") != 0))
20792144 help(0);
2080 while ((i = getopt(argc, argv, "h64Rde:vVl:fFg:L:p:P:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) {
2145 while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:P:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) {
20812146 switch (i) {
20822147 case 'h':
20832148 help(1);
2149 break;
2150 case 'q':
2151 quiet = 1;
2152 break;
20842153 case 'u':
20852154 hydra_options.loop_mode = 1;
20862155 break;
21672236 if (waittime < 1) {
21682237 fprintf(stderr, "[ERROR] waittime must be larger than 0\n");
21692238 exit(-1);
2170 } else
2171 if (waittime < 5)
2172 fprintf(stderr, "[WARNING] the waittime you set is low, this can result in errornous results\n");
2239 } else if (waittime < 5)
2240 fprintf(stderr, "[WARNING] the waittime you set is low, this can result in errornous results\n");
21732241 break;
21742242 case 'W':
21752243 hydra_options.conwait = conwait = atoi(optarg);
22202288 #ifdef LIBNCURSES
22212289 //then check if the term is color enabled using ncurses lib
22222290 if (colored_output) {
2223 if (!setupterm(NULL,1,NULL) && (tigetnum("colors") <= 0)) {
2224 colored_output = 0;
2291 if (!setupterm(NULL, 1, NULL) && (tigetnum("colors") <= 0)) {
2292 colored_output = 0;
22252293 }
22262294 }
22272295 #else
22572325 }
22582326 } else { // normal mode, aka non-restore mode
22592327 if (hydra_options.colonfile)
2260 hydra_options.loop_mode = 0; // just to be sure
2328 hydra_options.loop_mode = 0; // just to be sure
22612329 if (hydra_options.infile_ptr != NULL) {
22622330 if (optind + 2 < argc)
22632331 bail("The -M FILE option can not be used together with a host on the commandline");
22712339 hydra_options.miscptr = argv[optind + 1];
22722340 } else if (optind + 2 != argc && optind + 3 != argc) {
22732341 // check if targetdef follow syntax <service-name>://<target>[:<port-number>][/<parameters>] or it's a syntax error
2274 char *targetdef = argv[optind];
2275 char *service_pos;
2342 char *targetdef = strdup(argv[optind]);
2343 char *service_pos, *target_pos, *port_pos = NULL, *param_pos = NULL;
22762344
22772345 if ((targetdef != NULL) && (strstr(targetdef, "://") != NULL)) {
2278 char *targetport_sep;
2279 char *port_pos = NULL, *param_pos = NULL;
2280
22812346 service_pos = strstr(targetdef, "://");
22822347 if ((service_pos - targetdef) == 0)
22832348 bail("could not identify service");
22842349 if ((hydra_options.service = malloc(1 + service_pos - targetdef)) == NULL)
22852350 bail("could not alloc memory");
22862351 strncpy(hydra_options.service, targetdef, service_pos - targetdef);
2287 hydra_options.service[service_pos - targetdef] = '\0';
2288
2289 // check if we specify a port
2290 if (prefer_ipv6)
2291 targetport_sep = "]:";
2292 else
2293 targetport_sep = ":";
2294 port_pos = strstr(service_pos + strlen("://"), targetport_sep);
2295 param_pos = strstr(service_pos + strlen("://"), "/");
2296 if (param_pos != NULL && param_pos < port_pos)
2297 port_pos = NULL;
2298
2299 if (port_pos != NULL) {
2300 *port_pos = 0;
2301 // removing ://[
2302 if (port_pos - service_pos - 2 - strlen(targetport_sep) == 0)
2303 bail("identifying server address");
2304 if (prefer_ipv6 && ((service_pos + 3)[0] != '['))
2305 bail("identifying ipv6 server address");
2306 if ((hydra_options.server = malloc(1 + port_pos - service_pos - 2 - strlen(targetport_sep))) == NULL)
2307 bail("could not allocate memory");
2308 strncpy(hydra_options.server, service_pos + 3, port_pos - service_pos - 3);
2309 hydra_options.server[port_pos - service_pos - 3] = '\0';
2310 }
2311 // check if we specify a parameter
2312 if ((param_pos != NULL) && (port_pos == NULL)) {
2313 if (param_pos - service_pos - 3 == 0)
2314 bail("could not identify server address");
2315 if ((hydra_options.server = malloc(1 + param_pos - service_pos - 3)) == NULL)
2316 bail("could not allocate memory");
2317 if (service_pos[3] == '[') {
2318 strncpy(hydra_options.server, service_pos + 4, param_pos - service_pos - 3);
2319 hydra_options.server[param_pos - 4 - service_pos] = '\0';
2320 } else {
2321 strncpy(hydra_options.server, service_pos + 3, param_pos - service_pos - 3);
2322 hydra_options.server[param_pos - 3 - service_pos] = '\0';
2323 }
2324 if (hydra_options.server[strlen(hydra_options.server) - 1] == ']')
2325 hydra_options.server[strlen(hydra_options.server) - 1] = 0;
2326 }
2327 if ((port_pos == NULL) && (param_pos == NULL)) {
2328 if (strlen(targetdef) - strlen(hydra_options.service) - 3 == 0)
2329 bail("could not identify server address");
2330 if ((hydra_options.server = malloc(1 + strlen(targetdef) - strlen(hydra_options.service) - 3)) == NULL)
2331 bail("could not allocate memory");
2332 if (service_pos[3] == '[')
2333 strcpy(hydra_options.server, service_pos + 4);
2334 else
2335 strcpy(hydra_options.server, service_pos + 3);
2336 if (hydra_options.server[strlen(hydra_options.server) - 1] == ']')
2337 hydra_options.server[strlen(hydra_options.server) - 1] = 0;
2352 hydra_options.service[service_pos - targetdef] = 0;
2353 target_pos = targetdef + (service_pos - targetdef + 3);
2354
2355 if (*target_pos == '[') {
2356 target_pos++;
2357 if ((param_pos = index(target_pos, ']')) == NULL)
2358 bail("no closing ']' found in target definition");
2359 *param_pos++ = 0;
2360 if (*param_pos == ':')
2361 port_pos = ++param_pos;
2362 if ((param_pos = index(param_pos, '/')) != NULL)
2363 *param_pos++ = 0;
23382364 } else {
2339 char port_temp[6] = "";
2340
2341 if (port_pos) {
2342 // set the port
2343 if (param_pos == NULL) {
2344 hydra_options.port = port = atoi(port_pos + strlen(targetport_sep));
2345 } else {
2346 if (param_pos - port_pos - strlen(targetport_sep) > 0) {
2347 if (param_pos - port_pos - strlen(targetport_sep) > sizeof(port_temp) - 1)
2348 bail("invalid port number");
2349 strncpy(port_temp, port_pos + strlen(targetport_sep), param_pos - port_pos - strlen(targetport_sep));
2350 port_temp[strlen(port_temp)] = '\0';
2351 hydra_options.port = port = atoi(port_temp);
2352 }
2353 }
2354 }
2355 if (param_pos) {
2356 int size_of_miscptr = 0;
2357
2358 if (strstr(hydra_options.service, "http") != NULL && strstr(hydra_options.service, "http-proxy") == NULL && param_pos[1] != '/') {
2359 param_pos--;
2360 }
2361
2362 size_of_miscptr = strlen(param_pos);
2363
2364 if (size_of_miscptr > 0) {
2365 if ((hydra_options.miscptr = malloc(1 + size_of_miscptr)) == NULL)
2366 bail("could not allocate memory");
2367 strcpy(hydra_options.miscptr, param_pos + 1);
2368 }
2365 port_pos = index(target_pos, ':');
2366 param_pos = index(target_pos, '/');
2367 if (port_pos != NULL && param_pos != NULL && port_pos > param_pos)
2368 port_pos = NULL;
2369 if (port_pos != NULL)
2370 *port_pos++ = 0;
2371 if (param_pos != NULL)
2372 *param_pos++ = 0;
2373 if (port_pos != NULL && index(port_pos, ':') != NULL) {
2374 if (prefer_ipv6)
2375 bail("Illegal IPv6 target definition must be written within '[' ']'");
2376 else
2377 bail("Illegal port definition");
23692378 }
23702379 }
2380 if (*target_pos == 0)
2381 hydra_options.server = NULL;
2382 else
2383 hydra_options.server = target_pos;
2384 if (port_pos != NULL)
2385 hydra_options.port = port = atoi(port_pos);
2386 if (param_pos != NULL) {
2387 if (strstr(hydra_options.service, "http") != NULL && strstr(hydra_options.service, "http-proxy") == NULL && param_pos[1] != '/')
2388 *--param_pos = '/';
2389 hydra_options.miscptr = param_pos;
2390 }
2391 //printf("target: %s service: %s port: %s opt: %s\n", target_pos, hydra_options.service, port_pos, param_pos);
23712392 if (debug)
23722393 printf("[DEBUG] opt:%d argc:%d mod:%s tgt:%s port:%d misc:%s\n", optind, argc, hydra_options.service, hydra_options.server, hydra_options.port, hydra_options.miscptr);
23732394 } else {
23872408 hydra_options.miscptr = argv[optind + 2];
23882409 }
23892410
2390 if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) {
2411 if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0
2412 || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) {
23912413 hydra_options.ssl = 1;
23922414 hydra_options.service[strlen(hydra_options.service) - 1] = 0;
23932415 }
23942416
23952417 if (getenv("HYDRA_PROXY_HTTP") || getenv("HYDRA_PROXY")) {
2396 if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 ||
2397 strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 ||
2418 if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 ||
2419 strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 ||
23982420 strncmp(hydra_options.service, "ssh", 3) == 0 || strcmp(hydra_options.service, "sshkey") == 0 || strcmp(hydra_options.service, "svn") == 0 ||
23992421 strcmp(hydra_options.service, "sapr3") == 0) {
24002422 fprintf(stderr, "[WARNING] module %s does not support HYDRA_PROXY* !\n", hydra_options.service);
24032425 }
24042426
24052427 /* here start the services */
2406
2428
24072429 if (strcmp(hydra_options.service, "ssl") == 0 || strcmp(hydra_options.service, "www") == 0 || strcmp(hydra_options.service, "http") == 0
24082430 || strcmp(hydra_options.service, "https") == 0) {
24092431 fprintf(stderr, "[WARNING] The service http has been replaced with http-head and http-get, using by default GET method. Same for https.\n");
24102432 if (strcmp(hydra_options.service, "http") == 0) {
2411 hydra_options.service=malloc(strlen("http-get")+1);
2433 hydra_options.service = malloc(strlen("http-get") + 1);
24122434 strcpy(hydra_options.service, "http-get");
24132435 }
24142436 if (strcmp(hydra_options.service, "https") == 0) {
2415 hydra_options.service=malloc(strlen("https-get")+1);
2437 hydra_options.service = malloc(strlen("https-get") + 1);
24162438 strcpy(hydra_options.service, "https-get");
24172439 }
24182440 }
24312453
24322454 i = 0;
24332455 if (strcmp(hydra_options.service, "telnet") == 0) {
2434 fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze reliable, if possible better choose FTP or SSH if available\n");
2456 fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available\n");
24352457 i = 1;
24362458 }
24372459 if (strcmp(hydra_options.service, "ftp") == 0)
24402462 fprintf(stderr, "[WARNING] you enabled ftp-SSL (auth tls) mode. If you want to use direct SSL ftp, use -S and the ftp module instead.\n");
24412463 i = 1;
24422464 }
2443 if (strcmp(hydra_options.service, "pop3") == 0)
2444 i = 1;
2445 if (strcmp(hydra_options.service, "imap") == 0)
2446 i = 1;
2465 if (strcmp(hydra_options.service, "pop3") == 0) {
2466 fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n");
2467 i = 1;
2468 }
2469 if (strcmp(hydra_options.service, "imap") == 0) {
2470 fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n");
2471 i = 1;
2472 }
2473 if (strcmp(hydra_options.service, "redis") == 0)
2474 i = 2;
24472475 if (strcmp(hydra_options.service, "asterisk") == 0)
24482476 i = 1;
2449 if (strcmp(hydra_options.service, "vmauthd") == 0)
2477 if (strcmp(hydra_options.service, "vmauthd") == 0)
24502478 i = 1;
24512479 if (strcmp(hydra_options.service, "rexec") == 0)
24522480 i = 1;
24732501 i = 1;
24742502 if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) {
24752503 i = 2;
2476 hydra_options.service=malloc(strlen("oracle-listener")+1);
2504 hydra_options.service = malloc(strlen("oracle-listener") + 1);
24772505 strcpy(hydra_options.service, "oracle-listener");
24782506 }
24792507 if ((strcmp(hydra_options.service, "oracle-sid") == 0) || (strcmp(hydra_options.service, "sid") == 0)) {
24802508 i = 3;
2481 hydra_options.service=malloc(strlen("oracle-sid")+1);
2509 hydra_options.service = malloc(strlen("oracle-sid") + 1);
24822510 strcpy(hydra_options.service, "oracle-sid");
24832511 }
24842512 #ifdef LIBORACLE
24852513 if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) {
24862514 i = 1;
2487 hydra_options.service=malloc(strlen("oracle")+1);
2515 hydra_options.service = malloc(strlen("oracle") + 1);
24882516 strcpy(hydra_options.service, "oracle");
24892517 }
24902518 #endif
25382566 fprintf(stderr, "[INFO] The SVN repository path wasn't passed so using /trunk by default\n");
25392567 }
25402568 }
2541 if (strcmp(hydra_options.service, "ssh") == 0 || strcmp(hydra_options.service, "sshkey") == 0)
2569 if (strcmp(hydra_options.service, "ssh") == 0 || strcmp(hydra_options.service, "sshkey") == 0) {
2570 if (hydra_options.tasks > 8)
2571 fprintf(stderr, "[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\n");
25422572 #ifdef LIBSSH
25432573 i = 1;
25442574 #else
25452575 bail("Compiled without LIBSSH v0.4.x support, module is not available!");
25462576 #endif
2547 if (strcmp(hydra_options.service, "smtp") == 0)
2548 i = 1;
2577 }
2578 if (strcmp(hydra_options.service, "smtp") == 0) {
2579 fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n");
2580 i = 1;
2581 }
25492582 if (strcmp(hydra_options.service, "smtp-enum") == 0)
25502583 i = 1;
25512584 if (strcmp(hydra_options.service, "teamspeak") == 0)
25522585 i = 1;
2553
2554 // ADD NEW SERVICES HERE
25552586 if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) {
25562587 if (hydra_options.tasks > 1) {
25572588 fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n");
26212652 }
26222653 if (strcmp(hydra_options.service, "snmp") == 0 && hydra_options.miscptr != NULL) {
26232654 char *lptr;
2655
26242656 j = 1;
26252657 tmpptr = strdup(hydra_options.miscptr);
26262658 lptr = strtok(tmpptr, ":");
2627 while(lptr != NULL) {
2659 while (lptr != NULL) {
26282660 i = 0;
26292661 if (strcasecmp(lptr, "1") == 0 || strcasecmp(lptr, "2") == 0 || strcasecmp(lptr, "3") == 0) {
26302662 i = 1;
26312663 j = lptr[0] - '0' + (j & 252);
2632 }
2633 else if (strcasecmp(lptr, "READ") == 0 || strcasecmp(lptr, "WRITE") == 0 || strcasecmp(lptr, "PLAIN") == 0)
2664 } else if (strcasecmp(lptr, "READ") == 0 || strcasecmp(lptr, "WRITE") == 0 || strcasecmp(lptr, "PLAIN") == 0)
26342665 i = 1;
26352666 else if (strcasecmp(lptr, "MD5") == 0) {
26362667 i = 1;
26582689 fprintf(stderr, "[WARNING] SNMPv3 is still in beta state, use at own risk and report problems\n");
26592690 if (j >= 16)
26602691 bail("The SNMPv3 module so far only support authentication (md5/sha), not yet encryption\n");
2661 if (hydra_options.colonfile == NULL && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) {
2692 if (hydra_options.colonfile == NULL
2693 && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) {
26622694 if (j > 3) {
2663 fprintf(stderr, "[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n");
2695 fprintf(stderr,
2696 "[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n");
26642697 exit(-1);
26652698 }
26662699 fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, NoAuthNoPriv is assumed. This is an unusual case, you should know what you are doing\n");
26702703 strcat(tmpptr, "PLAIN");
26712704 hydra_options.miscptr = tmpptr;
26722705 } else {
2673 i = 1; // snmpv3 with login+pass mode
2706 i = 1; // snmpv3 with login+pass mode
26742707 #ifndef LIBOPENSSL
26752708 bail("hydra was not compiled with OPENSSL support, snmpv3 can only be used on NoAuthNoPriv mode (only logins, no passwords)!");
26762709 #endif
2677 printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no");
2710 printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5",
2711 (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no");
26782712 }
26792713 }
26802714 }
27112745 if (hydra_options.miscptr == NULL)
27122746 bail("-m option is required to specify the DN\n");
27132747 }
2714
2748 // ADD NEW SERVICES HERE
2749 if (strcmp(hydra_options.service, "s7-300") == 0) {
2750 if (hydra_options.tasks > 8) {
2751 fprintf(stderr, "[INFO] Reduced number of tasks to 8 (the PLC does not like more connections)\n");
2752 hydra_options.tasks = 8;
2753 }
2754 i = 2;
2755 }
27152756 if (strcmp(hydra_options.service, "cisco-enable") == 0) {
2716 i = 4;
2757 i = 2;
27172758 if (hydra_options.login == NULL)
27182759 hydra_options.login = empty_login;
27192760 if (hydra_options.miscptr == NULL) {
27672808 fprintf(stderr, "[WARNING] http-head auth does not work with every server, better use http-get\n");
27682809 }
27692810
2770 if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 || strcmp(hydra_options.service, "https-post-form") == 0 ) {
2811 if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0
2812 || strcmp(hydra_options.service, "https-post-form") == 0) {
27712813 char bufferurl[1024], *url, *variables, *cond, *optional1;
27722814
27732815 if (strncmp(hydra_options.service, "http-", 5) == 0) {
27742816 i = 1;
2775 } else { // https
2817 } else { // https
27762818 #ifdef LIBOPENSSL
27772819 i = 1;
27782820 hydra_options.ssl = 1;
27992841 printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP"));
28002842 use_proxy = 1;
28012843 }
2802
2844
28032845 if (strstr(hydra_options.miscptr, "\\:") != NULL) {
28042846 fprintf(stderr, "[WARNING] escape sequence \\: detected in module option, no parameter verification is performed.\n");
28052847 } else {
28082850 variables = strtok(NULL, ":");
28092851 cond = strtok(NULL, ":");
28102852 optional1 = strtok(NULL, "\n");
2811 if ((variables == NULL ) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL)) {
2853 if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL)) {
28122854 fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^ or ^PASS^: %s\n", variables);
28132855 exit(-1);
28142856 }
28222864 exit(-1);
28232865 }
28242866 switch (optional1[0]) {
2825 case 'C': // fall through
2867 case 'C': // fall through
28262868 case 'c':
28272869 if (optional1[1] != '=' || optional1[2] != '/') {
28282870 fprintf(stderr, "[ERROR] Wrong syntax of parameter C, must look like 'C=/url/of/page', not http:// etc.: %s\n", optional1);
28292871 exit(-1);
28302872 }
28312873 break;
2832 case 'H': // fall through
2874 case 'H': // fall through
28332875 case 'h':
28342876 if (optional1[1] != '=' || strtok(NULL, ":") == NULL) {
28352877 fprintf(stderr, "[ERROR] Wrong syntax of parameter H, must look like 'H=X-My-Header: MyValue', no http:// : %s\n", optional1);
28492891 i = 1;
28502892 if (strcmp(hydra_options.service, "rdp") == 0) {
28512893 if (hydra_options.tasks > 4)
2852 fprintf(stderr, "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n");
2894 fprintf(stderr,
2895 "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n");
28532896 //if (hydra_options.tasks > 4) {
28542897 // fprintf(stderr, "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\n");
28552898 // hydra_options.tasks = 4;
28642907 fprintf(stderr, "[ERROR] Unknown service: %s\n", hydra_options.service);
28652908 exit(-1);
28662909 }
2910 if (port < 1 || port > 65535) {
2911 if ((port = hydra_lookup_port(hydra_options.service)) < 1) {
2912 fprintf(stderr, "[ERROR] No valid port set or no default port available. Use the -s Option.\n");
2913 exit(-1);
2914 }
2915 hydra_options.port = port;
2916 }
2917
2918 if (hydra_options.ssl == 1 && strncmp(hydra_options.service, "http-", 5 == 0) && hydra_options.port == 443)
2919 fprintf(stderr, "[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n");
28672920
28682921 if (hydra_options.loop_mode && hydra_options.colonfile != NULL)
28692922 bail("The loop mode option (-u) works with all modes - except colon files (-C)\n");
28702923 if (strncmp(hydra_options.service, "http-", strlen("http-")) != 0 && strcmp(hydra_options.service, "http-head") != 0 && getenv("HYDRA_PROXY_HTTP") != NULL)
28712924 fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only with the http-head/http-get module, ignored...\n");
28722925 if (i == 2) {
2873 if (hydra_options.colonfile != NULL || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0)))
2874 bail("The cisco, oracle-listener, snmp and vnc modules are only using the -p or -P option, not login (-l, -L) or colon file (-C).\nUse the telnet module for cisco using \"Username:\" authentication.\n");
2926 if (hydra_options.colonfile != NULL
2927 || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0)))
2928 bail
2929 ("The redis, cisco, oracle-listener, s7-300, snmp and vnc modules are only using the -p or -P option, not login (-l, -L) or colon file (-C).\nUse the telnet module for cisco using \"Username:\" authentication.\n");
28752930 if ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass == NULL || hydra_options.passfile == NULL)) {
28762931 hydra_options.pass = hydra_options.login;
28772932 hydra_options.passfile = hydra_options.loginfile;
28802935 hydra_options.loginfile = NULL;
28812936 }
28822937 if (i == 3) {
2883 if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL)))
2938 if (hydra_options.colonfile != NULL || hydra_options.bfg > 0
2939 || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL)))
28842940 bail("The rsh, oracle-sid login is neither using the -p, -P or -x options nor colon file (-C)\n");
28852941 if ((hydra_options.login == NULL || hydra_options.loginfile == NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL)) {
28862942 hydra_options.login = hydra_options.pass;
28992955 || (hydra_options.pass != NULL && hydra_options.passfile != NULL)))
29002956 bail("The -C option is standalone, don't use it with -l/L, -p/P or -x!");
29012957 if ((hydra_options.bfg)
2902 && ( (hydra_options.pass != NULL) || (hydra_options.passfile != NULL)
2903 || (hydra_options.colonfile != NULL) ) )
2958 && ((hydra_options.pass != NULL) || (hydra_options.passfile != NULL)
2959 || (hydra_options.colonfile != NULL)))
29042960 bail("The -x (password bruteforce generation option) doesn't work with -p/P, -C or -e!\n");
2905 if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL
2906 && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) {
2961 if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0
2962 && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) {
29072963 // test if the service is smtp-enum as it could be used either with a login+pass or only a login
29082964 if (strstr(hydra_options.service, "smtp-enum") != NULL)
29092965 hydra_options.pass = empty_login;
29322988 exit(-1);
29332989 }
29342990 if (hydra_brains.sizelogin > MAX_BYTES) {
2935 fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int)hydra_brains.sizelogin);
2991 fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizelogin);
29362992 exit(-1);
29372993 }
29382994 login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8);
29573013 exit(-1);
29583014 }
29593015 if (hydra_brains.sizepass > MAX_BYTES) {
2960 fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int)hydra_brains.sizepass);
3016 fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizepass);
29613017 exit(-1);
29623018 }
29633019 pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8);
29953051 hydra_brains.sizelogin = size_of_data;
29963052 if (hydra_brains.countlogin == 0)
29973053 bail("File for login:password information is empty!");
2998 if (hydra_brains.countlogin > MAX_LINES / 2) {
2999 fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %lu entries.\n", MAX_LINES / 2, hydra_brains.countlogin);
3000 exit(-1);
3001 }
3002 if (hydra_brains.sizelogin > MAX_BYTES / 2) {
3003 fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (unsigned long int)hydra_brains.sizelogin);
3004 exit(-1);
3005 }
3054 if (hydra_brains.countlogin > MAX_LINES / 2) {
3055 fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %lu entries.\n", MAX_LINES / 2, hydra_brains.countlogin);
3056 exit(-1);
3057 }
3058 if (hydra_brains.sizelogin > MAX_BYTES / 2) {
3059 fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (unsigned long int) hydra_brains.sizelogin);
3060 exit(-1);
3061 }
30063062 csv_ptr = malloc(hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8);
30073063 if (csv_ptr == NULL)
30083064 bail("Could not allocate enough memory for colon file data");
30233079 exit(-1);
30243080 }
30253081 free(memcheck);
3026 if (fopen(RESTOREFILE, "r") != NULL) {
3082 if ((rfp = fopen(RESTOREFILE, "r")) != NULL) {
30273083 fprintf(stderr, "[WARNING] Restorefile (%s) from a previous session found, to prevent overwriting, you have 10 seconds to abort...\n", RESTOREFILE);
30283084 sleep(10);
3085 fclose(rfp);
30293086 }
30303087
30313088 if (hydra_options.infile_ptr != NULL) {
30343091 hydra_brains.targets = countservers = countinfile = countlines(ifp, 0);
30353092 if (countinfile == 0)
30363093 bail("File for IP addresses is empty!");
3037 hydra_targets = malloc(sizeof(hydra_targets) * (countservers + 1) + 8);
3094 hydra_targets = malloc(sizeof(hydra_targets) * (countservers + 2) + 8);
30383095 if (hydra_targets == NULL)
30393096 bail("Could not allocate enough memory for target data");
30403097 sizeinfile = size_of_data;
30413098 if (countinfile > MAX_LINES / 1000) {
3042 fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, countinfile);
3099 fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int)countinfile);
30433100 exit(-1);
30443101 }
30453102 if (sizeinfile > MAX_BYTES / 1000) {
3046 fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, sizeinfile);
3103 fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int)sizeinfile);
30473104 exit(-1);
30483105 }
3049 servers_ptr = malloc(sizeinfile + countservers + 8);
3106 if ((servers_ptr = malloc(sizeinfile + countservers + 8)) == NULL)
3107 bail("Could not allocate enough memory for target file data");
30503108 memset(servers_ptr, 0, sizeinfile + countservers + 8);
3051 if (servers_ptr == NULL)
3052 bail("Could not allocate enough memory for target file data");
30533109 fill_mem(servers_ptr, ifp, 0);
30543110 sizeservers = sizeinfile;
30553111 tmpptr = servers_ptr;
30573113 hydra_targets[i] = malloc(sizeof(hydra_target));
30583114 memset(hydra_targets[i], 0, sizeof(hydra_target));
30593115 hydra_targets[i]->target = tmpptr;
3116 if ((tmpptr2 = index(hydra_targets[i]->target, ':')) != NULL) {
3117 *tmpptr2++ = 0;
3118 hydra_targets[i]->port = atoi(tmpptr2);
3119 if (hydra_targets[i]->port < 1 || hydra_targets[i]->port > 65535)
3120 hydra_targets[i]->port = 0;
3121 }
3122 if (hydra_targets[i]->port == 0)
3123 hydra_targets[i]->port = hydra_options.port;
30603124 while (*tmpptr != 0)
30613125 tmpptr++;
30623126 tmpptr++;
30633127 }
3064 } else {
3128 } else if (index(hydra_options.server, '/') != NULL) {
3129 /* CIDR notation on command line, e.g. 192.168.0.0/24 */
3130 unsigned int four_from, four_to, addr_cur, addr_cur2, k, l;
3131 in_addr_t addr4;
3132 struct sockaddr_in target;
3133 hydra_options.cidr = 1;
3134 do_retry = 0;
3135 if ((tmpptr = malloc(strlen(hydra_options.server) + 1)) == NULL) {
3136 fprintf(stderr, "Error: can not allocate memory\n");
3137 exit(-1);
3138 }
3139 strcpy(tmpptr, hydra_options.server);
3140 tmpptr2 = index(tmpptr, '/');
3141 *tmpptr2++ = 0;
3142 if ((k = atoi(tmpptr2)) < 16 || k > 31) {
3143 fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server);
3144 exit(-1);
3145 }
3146 if ((addr4 = htonl(inet_addr(tmpptr))) == 0xffffffff) {
3147 fprintf(stderr, "Error: option is not a valid IPv4 address: %s\n", tmpptr);
3148 exit(-1);
3149 }
3150 free(tmpptr);
3151 l = 1 << (32 - k);
3152 l--;
3153 four_to = (addr4 | l);
3154 l = 0xffffffff - l;
3155 four_from = (addr4 & l);
3156 l = 1 << (32 - k);
3157 hydra_brains.targets = countservers = l;
3158 hydra_targets = malloc(sizeof(hydra_targets) * (l + 2) + 8);
3159 if (hydra_targets == NULL)
3160 bail("Could not allocate enough memory for target data");
3161 i = 0;
3162 addr_cur = four_from;
3163 while (addr_cur <= four_to && i < l) {
3164 hydra_targets[i] = malloc(sizeof(hydra_target));
3165 memset(hydra_targets[i], 0, sizeof(hydra_target));
3166 addr_cur2 = htonl(addr_cur);
3167 memcpy(&target.sin_addr.s_addr, (char*) &addr_cur2, 4);
3168 hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr) target.sin_addr));
3169 hydra_targets[i]->port = hydra_options.port;
3170 addr_cur++;
3171 i++;
3172 }
3173 if (verbose)
3174 printf("[VERBOSE] CIDR attack from %s to %s\n", hydra_targets[0]->target, hydra_targets[l - 1]->target);
3175 printf("[WARNING] The CIDR attack mode is still beta. Please report issues.\n");
3176 } else { // standard: single target on command line
30653177 countservers = hydra_brains.targets = 1;
3066 hydra_targets = malloc(sizeof(hydra_targets));
3178 hydra_targets = malloc(sizeof(int) * 4);
30673179 hydra_targets[0] = malloc(sizeof(hydra_target));
30683180 memset(hydra_targets[0], 0, sizeof(hydra_target));
30693181 hydra_targets[0]->target = servers_ptr = hydra_options.server;
3182 hydra_targets[0]->port = hydra_options.port;
30703183 sizeservers = strlen(hydra_options.server) + 1;
30713184 }
30723185 for (i = 0; i < hydra_brains.targets; i++) {
30753188 if (hydra_options.loop_mode) {
30763189 if (hydra_options.try_password_same_as_login)
30773190 hydra_targets[i]->pass_state = 0;
3191 else if (hydra_options.try_null_password) {
3192 hydra_targets[i]->pass_ptr = empty_login;
3193 hydra_targets[i]->pass_state = 1;
3194 } else if (hydra_options.try_password_reverse_login)
3195 hydra_targets[i]->pass_state = 2;
30783196 else
3079 if (hydra_options.try_null_password) {
3080 hydra_targets[i]->pass_ptr = empty_login;
3081 hydra_targets[i]->pass_state = 1;
3082 } else
3083 if (hydra_options.try_password_reverse_login)
3084 hydra_targets[i]->pass_state = 2;
3085 else
3086 hydra_targets[i]->pass_state = 3;
3197 hydra_targets[i]->pass_state = 3;
30873198 }
30883199 }
30893200 } // END OF restore == 0
30993210 if (proxy_string != NULL && proxy_string[0] != 0) {
31003211 if (strstr(proxy_string, "//") != NULL) {
31013212 char *dslash = strstr(proxy_string, "://");
3213
31023214 if (dslash) {
3103 proxy_string[dslash-proxy_string] = 0;
3104 strncpy(proxy_string_type, proxy_string, sizeof(proxy_string_type));
3105 }
3106
3107 proxy_string=dslash;
3215 proxy_string[dslash - proxy_string] = 0;
3216 strncpy(proxy_string_type, proxy_string, sizeof(proxy_string_type) - 1);
3217 proxy_string_type[sizeof(proxy_string_type) - 1] = 0;
3218 }
3219
3220 proxy_string = dslash;
31083221 proxy_string += 3;
31093222 }
31103223 if (proxy_string[strlen(proxy_string) - 1] == '/')
32033316 if (hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) {
32043317 if ((hydra_options.tasks = hydra_options.max_use / hydra_brains.targets) == 0)
32053318 hydra_options.tasks = 1;
3206 fprintf(stderr, "[WARNING] More tasks defined per server than allowed for maximal connections. Tasks reduced to %d.\n", hydra_options.tasks);
3319 fprintf(stderr, "[WARNING] More tasks defined per server than allowed for maximal connections. Tasks per server reduced to %d.\n", hydra_options.tasks);
32073320 } else {
32083321 if (hydra_options.tasks > MAXTASKS) {
32093322 fprintf(stderr, "[WARNING] reducing tasks to MAXTASKS (%d)\n", MAXTASKS);
32133326 hydra_options.max_use = hydra_brains.targets * hydra_options.tasks;
32143327 if (hydra_options.max_use > MAXTASKS)
32153328 hydra_options.max_use = MAXTASKS;
3216 math2 = hydra_brains.todo_all / hydra_options.tasks;
3329 math2 = (hydra_brains.todo / hydra_options.tasks);
3330 if (hydra_brains.todo % hydra_options.tasks)
3331 math2++;
3332 math2 = (math2 * hydra_brains.targets) / hydra_options.max_use;
32173333 // set options (bits!)
32183334 options = 0;
32193335 if (hydra_options.ssl)
32203336 options = options | OPTION_SSL;
32213337 if (hydra_options.colonfile != NULL)
3222 printf("[DATA] %d task%s, %d server%s, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, math2 == 1 ? "y" : "ies");
3338 printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets,
3339 hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, math2 == 1 ? "y" : "ies");
32233340 else
3224 printf("[DATA] %d task%s, %d server%s, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_brains.todo,
3225 hydra_brains.todo == 1 ? "y" : "ies", (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies");
3226 if (port < 1)
3227 if ((port = hydra_lookup_port(hydra_options.service)) < 1) {
3228 fprintf(stderr, "[ERROR] No valid port set or no default port available. Use the -s Option\n");
3229 exit(-1);
3230 }
3341 printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets,
3342 hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", (unsigned long int) hydra_brains.countlogin,
3343 (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies");
32313344
32323345 printf("[DATA] attacking service %s on port %d\n", hydra_options.service, port);
32333346
32403353 hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg);
32413354 for (i = 1; i < argc; i++)
32423355 fprintf(hydra_brains.ofp, " %s", argv[i]);
3243 fprintf(hydra_brains.ofp, ")\n");
3244 }
3245
3356 fprintf(hydra_brains.ofp, ")\n");
3357 }
32463358 // we have to flush all writeable buffered file pointers before forking
32473359 // set appropriate signals for mother
32483360 signal(SIGCHLD, killed_childs);
3249 signal(SIGTERM, kill_children);
3361 if (debug == 0)
3362 signal(SIGTERM, kill_children);
3363 if (debug == 0) {
32503364 #ifdef SIGBUS
3251 signal(SIGBUS, kill_children);
3252 #endif
3253 if (debug == 0)
3365 signal(SIGBUS, kill_children);
3366 #endif
32543367 signal(SIGSEGV, kill_children);
3368 }
32553369 signal(SIGHUP, kill_children);
32563370 signal(SIGINT, kill_children);
32573371 signal(SIGPIPE, SIG_IGN);
32593373 printf("[VERBOSE] Resolving addresses ... ");
32603374 if (debug)
32613375 printf("\n");
3262 for (i = 0; i < countservers; i++) {
3376 for (i = 0; i < hydra_brains.targets; i++) {
32633377 if (debug)
32643378 printf("[DEBUG] resolving %s\n", hydra_targets[i]->target);
32653379 memset(&hints, 0, sizeof(hints));
33473461 memset(hydra_heads[i], 0, sizeof(hydra_head));
33483462 }
33493463 }
3350
33513464 // here we call the init function of the relevant service module
33523465 // should we do the init centrally or should each child do that?
33533466 // that depends largely on the number of targets and maximum tasks
3354 if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15))
3467 // if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15))
33553468 for (i = 0; i < hydra_brains.targets; i++)
33563469 hydra_service_init(i);
33573470
33903503 hydra_heads[head_no]->target_no = hydra_select_target();
33913504 if (debug)
33923505 printf("[DEBUG] child %d got target %d selected\n", head_no, hydra_heads[head_no]->target_no);
3393 if (target_no < 0)
3394 hydra_kill_head(head_no, 0, 2);
3506 if (hydra_heads[head_no]->target_no < 0)
3507 hydra_kill_head(head_no, 0, 3);
33953508 else
33963509 hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1
33973510 }
34203533 hydra_targets[hydra_heads[head_no]->target_no]->fail_count--;
34213534 // no break here
34223535 case 'n': // mother sends this to itself initially
3536 loop_cnt = 0;
34233537 if (hydra_send_next_pair(hydra_heads[head_no]->target_no, head_no) == -1) {
34243538 hydra_kill_head(head_no, 1, 2);
34253539 }
34323546 if (hydra_heads[j]->active >= 0 && (hydra_heads[j]->target_no == target_no || hydra_options.exit_found == 2))
34333547 hydra_kill_head(j, 1, 2); // kill all heads working on the target
34343548 if (hydra_targets[hydra_heads[head_no]->target_no]->done == 0) {
3435 hydra_targets[hydra_heads[head_no]->target_no]->done = 1; // mark target as done
3549 hydra_targets[hydra_heads[head_no]->target_no]->done = 1; // mark target as done
34363550 hydra_brains.finished++;
34373551 printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target);
34383552 }
35363650 for (j = 0; j < hydra_options.max_use; j++)
35373651 if (hydra_heads[j]->active >= 0)
35383652 k++;
3539 printf("[STATUS] %.2f tries/min, %lu tries in %02lu:%02luh, %lu todo in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min
3653 printf("[STATUS] %.2f tries/min, %lu tries in %02lu:%02luh, %lu todo in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min
35403654 hydra_brains.sent, // tries
35413655 (long unsigned int) ((elapsed_status - starttime) / 3600), // hours
35423656 (long unsigned int) (((elapsed_status - starttime) % 3600) / 60), // minutes
3543 hydra_brains.todo_all - hydra_brains.sent < 0 ? 1 : hydra_brains.todo_all - hydra_brains.sent, // left todo
3657 hydra_brains.todo_all - hydra_brains.sent <= 0 ? 1 : hydra_brains.todo_all - hydra_brains.sent, // left todo
35443658 (long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime))
35453659 ) / 3600, // hours
35463660 (((long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime))
3547 ) % 3600) / 60) + 1, // min
3548 k
3549 );
3661 ) % 3600) / 60) + 1, // min
3662 k);
3663 hydra_debug(0, "STATUS");
35503664 }
35513665
35523666 exit_condition = hydra_check_for_exit_condition();
35703684 case 1:
35713685 break;
35723686 case 0:
3573 if (hydra_targets[i]->ok == 0)
3574 k++;
3575 else
3576 j++;
3687 if (hydra_targets[i]->ok == 0)
3688 k++;
3689 else
3690 j++;
35773691 break;
35783692 default:
35793693 error++;
35823696
35833697 for (i = 0; i < hydra_options.max_use; i++)
35843698 if (hydra_heads[i]->active > 0 && hydra_heads[i]->pid > 0)
3585 hydra_kill_head(i, 1, 2);
3699 hydra_kill_head(i, 1, 3);
35863700 (void) wait3(NULL, WNOHANG, NULL);
35873701
3588 printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s");
3702 printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ",
3703 hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s");
35893704 if (error == 0 && j == 0) {
35903705 process_restore = 0;
35913706 unlink(RESTOREFILE);
35923707 } else {
3593 printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s");
3594 hydra_restore_write(1);
3708 if (hydra_options.cidr == 0) {
3709 printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s");
3710 hydra_restore_write(1);
3711 }
35953712 }
35963713 if (error) {
35973714 fprintf(stderr, "[ERROR] %d target%s disabled because of too many errors\n", error, error == 1 ? " was" : "s were");
36053722 fprintf(stderr, "[ERROR] %d target%s did not complete\n", j, j == 1 ? "" : "s");
36063723 error = 1;
36073724 }
3608
36093725 // yeah we did it
36103726 printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time());
36113727 if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout)
+4
-0
hydra.h less more
113113 #define PORT_RDP_SSL 3389
114114 #define PORT_ASTERISK 5038
115115 #define PORT_ASTERISK_SSL 5038
116 #define PORT_S7_300 102
117 #define PORT_S7_300_SSL 102
118 #define PORT_REDIS 6379
119 #define PORT_REDIS_SSL 6379
116120
117121 #define False 0
118122 #define True 1
+3
-2
ntlm.c less more
0
10 /* $Id$
21 Single file NTLM system to create and parse authentication messages.
32
12431242 free(h);
12441243 }
12451244
1246 void buildAuthResponse(tSmbNtlmAuthChallenge * challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domainname, char *host) {
1245 void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domainname, char *host) {
12471246 uint8 lmRespData[24];
12481247 uint8 ntRespData[24];
12491248 char *u = strdup(user);
12871286 challenge->flags = flags; /* Overide flags! */
12881287 response->flags = challenge->flags;
12891288
1289 if (w)
1290 free(w);
12901291 if (d)
12911292 free(d);
12921293 if (u)
+1
-1
performance.h less more
3333 struct timeval tv;
3434 int ret = 0;
3535
36 fcntl(fd, F_SETFL, O_NONBLOCK);
36 (void)fcntl(fd, F_SETFL, O_NONBLOCK);
3737 do {
3838 FD_ZERO(&fr);
3939 FD_SET(fd, &fr);
+2
-0
pw-inspector.c less more
156156 }
157157 /* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i, minlen, maxlen, strlen(buf)); */
158158 }
159 fclose(in);
160 fclose(out);
159161
160162 return count;
161163 }
+30
-28
sasl.c less more
362362 } while ((pbuffer[0] != '\0') && (pbuffer[0] > 31) && (ind < array_size));
363363
364364 //save the latest one
365 array[ind] = malloc(currentpos + 1);
366 strncpy(array[ind], buffer + lastpos, currentpos);
367 array[ind][currentpos] = '\0';
368 ind++;
365 if (ind < array_size) {
366 array[ind] = malloc(currentpos + 1);
367 strncpy(array[ind], buffer + lastpos, currentpos);
368 array[ind][currentpos] = '\0';
369 ind++;
370 }
369371
370372 for (i = 0; i < ind; i++) {
371373 //removing space chars between comma separated value if any
372374 while ((array[i] != NULL) && (array[i][0] == ' ')) {
373 char *tmp=strdup(array[i]);
375 char *tmp = strdup(array[i]);
376
374377 memset(array[i], 0, sizeof(array[i]));
375378 strcpy(array[i], tmp + 1);
376379 free(tmp);
482485 memset(algo, 0, sizeof(algo));
483486 strcpy(algo, "MD5");
484487 }
485
486488 //xmpp case, some xmpp server is not sending the realm so we have to set it up
487 if ((strlen(realm)==0) && (strstr(type, "xmpp") != NULL))
489 if ((strlen(realm) == 0) && (strstr(type, "xmpp") != NULL))
488490 snprintf(realm, sizeof(realm), "%s", miscptr);
489491
490492 //compute ha1
497499
498500 //for MD5-sess
499501 if (strstr(algo, "5-sess") != NULL) {
500 memset(buffer, 0, sizeof(buffer));
502 buffer[0] = 0; //memset(buffer, 0, sizeof(buffer)); => buffer is char*!
501503
502504 /* per RFC 2617 Errata ID 1649 */
503505 if ((strstr(type, "proxy") != NULL) || (strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) {
504506 memset(buffer3, 0, sizeof(buffer3));
505507 pbuffer = buffer3;
506508 for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
507 sprintf(pbuffer, "%02x", response[i]);
508 pbuffer += 2;
509 sprintf(pbuffer, "%02x", response[i]);
510 pbuffer += 2;
509511 }
510512 sprintf(buffer, "%s:%s:%s", buffer3, nonce, "hydra");
511513 } else {
578580 snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", preplogin, realm,
579581 nonce, algo, type, realm, buffer);
580582 } else {
581 if (strstr(type, "sip") != NULL) {
582 snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer);
583 } else {
584 if (use_proxy == 1 && proxy_authentication != NULL)
585 snprintf(result, 500,
586 "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
587 type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication, header);
588 else {
589 if (use_proxy == 1)
583 if (strstr(type, "sip") != NULL) {
584 snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer);
585 } else {
586 if (use_proxy == 1 && proxy_authentication != NULL)
590587 snprintf(result, 500,
591 "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
592 type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header);
593 else
594 snprintf(result, 500,
595 "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
596 type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header);
588 "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
589 type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication, header);
590 else {
591 if (use_proxy == 1)
592 snprintf(result, 500,
593 "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
594 type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header);
595 else
596 snprintf(result, 500,
597 "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n",
598 type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header);
597599 }
598600 }
599601 }
638640 }
639641
640642 /*client-final-message */
641 if (verbose)
643 if (debug)
642644 hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage);
643645
644646 //r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096
672674 return;
673675 }
674676
675 if ((salt != NULL) && (strlen(salt) > 2))
677 if ((salt != NULL) && (strlen(salt) > 2) && (strlen(salt) <= sizeof(buffer)))
676678 //s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s=
677679 strcpy(buffer, salt + 2);
678680 else {
708710 to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20);
709711
710712 snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64);
711 if (verbose)
713 if (debug)
712714 hydra_report(stderr, "DEBUG C: %s\n", result);
713715 free(preppasswd);
714716 }
xhydra.jpg less more
Binary diff not shown
xhydra.png less more
Binary diff not shown