github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-14 02:27:31 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use early break instead of large if

Browse source
This commit is contained in:
Diadlo 2017-06-21 23:14:25 +03:00
commit 21c4b99e1b
No known key found for this signature in database
GPG key ID: 5AF9F2E29107C727
1 changed files with 228 additions and 224 deletions
Download patch file Download diff file Expand all files Collapse all files

452
hydra.c
View file

@ -450,231 +450,235 @@ void help_bfg() {
void module_usage() {
int find = 0;
if (hydra_options.service) {
printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service);
if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) {
printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n");
find = 1;
}
if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) {
printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n");
find = 1;
}
if (strcmp(hydra_options.service, "cvs") == 0) {
printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n");
find = 1;
}
if (strcmp(hydra_options.service, "xmpp") == 0) {
printf("Module xmpp is optionally taking one authentication type of:\n"
" LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n"
"Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "pop3") == 0)) {
printf("Module pop3 is optionally taking one authentication type of:\n"
" CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
" CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "rdp") == 0)) {
printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) {
printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "nntp") == 0)) {
printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "imap") == 0)) {
printf("Module imap is optionally taking one authentication type of:\n"
" CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
" CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) {
printf("Module smtp-enum is optionally taking one SMTP command of:\n\n"
"VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n"
"login parameter is used as username and password parameter as the domain name\n"
"For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "smtp")) == 0) {
printf("Module smtp is optionally taking one authentication type of:\n"
" LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"
"Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "svn") == 0)) {
printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "ncp") == 0)) {
printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "firebird") == 0)) {
printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "mysql") == 0)) {
printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "irc") == 0)) {
printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "postgres") == 0)) {
printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "telnet") == 0)) {
printf("Module telnet is optionally taking the string which is displayed after\n"
"a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) {
printf("Module sapr3 requires the client id, a number between 0 and 99\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "sshkey") == 0)) {
printf("Module sshkey does not provide additional options, although the semantic for\n"
"options -p and -P is changed:\n"
" -p expects a path to an unencrypted private key in PEM format.\n"
" -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) {
printf("Module cisco-enable is optionally taking the logon password for the cisco device\n"
"Note: if AAA authentication is used, use the -l option for the username\n"
"and the optional parameter for the password of the user.\n"
"Examples:\n"
" hydra -P pass.txt target cisco-enable (direct console access)\n"
" hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n"
" hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "cisco") == 0)) {
printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n");
find = 1;
}
if (!find && ((strcmp(hydra_options.service, "ldap2") == 0)
|| (strcmp(hydra_options.service, "ldap3") == 0)
|| (strcmp(hydra_options.service, "ldap3-crammd5") == 0)
|| (strcmp(hydra_options.service, "ldap3-digestmd5") == 0))
) {
printf("Module %s is optionally taking the DN (depending of the auth method choosed\n"
"Note: you can also specify the DN as login when Simple auth method is used).\n"
"The keyword \"^USER^\" is replaced with the login.\n"
"Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n"
"unauthenticated (user but no pass), user/pass authenticated (user and pass).\n"
"So don't forget to set empty string as user/pass to test all modes.\n"
"Hint: to authenticate to a windows active directy ldap, this is usually\n"
" cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service);
find = 1;
}
if (!find && ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))) {
printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n"
"Note: you can set the group type using LOCAL or DOMAIN keyword\n"
" or other_domain:{value} to specify a trusted domain.\n"
" you can set the password type using HASH or MACHINE keyword\n"
" (to use the Machine's NetBIOS name as the password).\n"
" you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n"
"Example: \n"
" hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n"
" hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n"
" hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n");
find = 1;
}
if (!find && ((strcmp(hydra_options.service, "http-get-form") == 0)
|| (strcmp(hydra_options.service, "https-get-form") == 0)
|| (strcmp(hydra_options.service, "http-post-form") == 0)
|| (strcmp(hydra_options.service, "https-post-form") == 0)
|| (strncmp(hydra_options.service, "http-form", 9) == 0)
|| (strncmp(hydra_options.service, "https-form", 10) == 0)
)
) {
printf("Module %s requires the page and the parameters for the web form.\n\n"
"By default this module is configured to follow a maximum of 5 redirections in\n"
"a row. It always gathers a new cookie from the same URL without variables\n"
"The parameters take three \":\" separated values, plus optional values.\n"
"(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n"
"\nSyntax: <url>:<form parameters>:<condition string>[:<optional>[:<optional>]\n"
"First is the page on the server to GET or POST to (URL).\n"
"Second is the POST/GET variables (taken from either the browser, proxy, etc.\n"
" with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n"
" placeholders (FORM PARAMETERS)\n"
"Third is the string that it checks for an *invalid* login (by default)\n"
" Invalid condition login check can be preceded by \"F=\", successful condition\n"
" login check must be preceded by \"S=\".\n"
" This is where most people get it wrong. You have to check the webapp what a\n"
" failed string looks like and put it in this parameter!\n"
"The following parameters are optional:\n"
" C=/page/uri to define a different page to gather initial cookies from\n"
" (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n"
" ^USER^ and ^PASS^ can also be put into these headers!\n"
" Note: 'h' will add the user-defined header at the end\n"
" regardless it's already being sent by Hydra or not.\n"
" 'H' will replace the value of that header if it exists, by the\n"
" one supplied by the user, or add the header at the end\n"
"Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n"
" All colons that are not option separators should be escaped (see the examples above and below).\n"
" You can specify a header without escaping the colons, but that way you will not be able to put colons\n"
" in the header value itself, as they will be interpreted by hydra as option separators.\n"
"\nExamples:\n"
" \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n"
" \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n"
" \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n"
" \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n"
" \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F<target>%%2Fexchange&flags=0&username=<domain>%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n",
hydra_options.service);
find = 1;
}
if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) {
printf("Module http-proxy is optionally taking the page to authenticate at.\n"
"Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) {
printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n"
"The -L loginfile must contain the URL list to try through the proxy.\n"
"The proxy credentials cann be put as the optional parameter, e.g.\n"
" hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n");
find = 1;
}
if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) {
printf("Module snmp is optionally taking the following parameters:\n");
printf(" READ perform read requests (default)\n");
printf(" WRITE perform write requests\n");
printf(" 1 use SNMP version 1 (default)\n");
printf(" 2 use SNMP version 2\n");
printf(" 3 use SNMP version 3\n");
printf(" Note that SNMP version 3 usually uses both login and passwords!\n");
printf(" SNMP version 3 has the following optional sub parameters:\n");
printf(" MD5 use MD5 authentication (default)\n");
printf(" SHA use SHA authentication\n");
printf(" DES use DES encryption\n");
printf(" AES use AES encryption\n");
printf(" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n");
printf(" only requires a password (or username) not both.\n");
printf("To combine the options, use colons (\":\"), e.g.:\n");
printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n");
printf(" hydra -P pass.txt -m 2 target.com snmp\n");
find = 1;
}
if (!find && ((strcmp(hydra_options.service, "http-get") == 0)
|| (strcmp(hydra_options.service, "https-get") == 0)
|| (strcmp(hydra_options.service, "http-post") == 0)
|| (strcmp(hydra_options.service, "https-post") == 0))
) {
printf("Module %s requires the page to authenticate.\n"
"For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service);
find = 1;
}
if (!hydra_options.service) {
printf("The Module %s does not need or support optional parameters\n", hydra_options.service);
exit(0);
}
printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service);
if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) {
printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n");
find = 1;
}
if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) {
printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n");
find = 1;
}
if (strcmp(hydra_options.service, "cvs") == 0) {
printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n");
find = 1;
}
if (strcmp(hydra_options.service, "xmpp") == 0) {
printf("Module xmpp is optionally taking one authentication type of:\n"
" LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n"
"Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "pop3") == 0)) {
printf("Module pop3 is optionally taking one authentication type of:\n"
" CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
" CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "rdp") == 0)) {
printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) {
printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "nntp") == 0)) {
printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "imap") == 0)) {
printf("Module imap is optionally taking one authentication type of:\n"
" CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
" CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) {
printf("Module smtp-enum is optionally taking one SMTP command of:\n\n"
"VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n"
"login parameter is used as username and password parameter as the domain name\n"
"For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "smtp")) == 0) {
printf("Module smtp is optionally taking one authentication type of:\n"
" LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"
"Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "svn") == 0)) {
printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "ncp") == 0)) {
printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "firebird") == 0)) {
printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "mysql") == 0)) {
printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "irc") == 0)) {
printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "postgres") == 0)) {
printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "telnet") == 0)) {
printf("Module telnet is optionally taking the string which is displayed after\n"
"a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) {
printf("Module sapr3 requires the client id, a number between 0 and 99\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "sshkey") == 0)) {
printf("Module sshkey does not provide additional options, although the semantic for\n"
"options -p and -P is changed:\n"
" -p expects a path to an unencrypted private key in PEM format.\n"
" -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) {
printf("Module cisco-enable is optionally taking the logon password for the cisco device\n"
"Note: if AAA authentication is used, use the -l option for the username\n"
"and the optional parameter for the password of the user.\n"
"Examples:\n"
" hydra -P pass.txt target cisco-enable (direct console access)\n"
" hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n"
" hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "cisco") == 0)) {
printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n");
find = 1;
}
if (!find && ((strcmp(hydra_options.service, "ldap2") == 0)
|| (strcmp(hydra_options.service, "ldap3") == 0)
|| (strcmp(hydra_options.service, "ldap3-crammd5") == 0)
|| (strcmp(hydra_options.service, "ldap3-digestmd5") == 0))
) {
printf("Module %s is optionally taking the DN (depending of the auth method choosed\n"
"Note: you can also specify the DN as login when Simple auth method is used).\n"
"The keyword \"^USER^\" is replaced with the login.\n"
"Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n"
"unauthenticated (user but no pass), user/pass authenticated (user and pass).\n"
"So don't forget to set empty string as user/pass to test all modes.\n"
"Hint: to authenticate to a windows active directy ldap, this is usually\n"
" cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service);
find = 1;
}
if (!find && ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))) {
printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n"
"Note: you can set the group type using LOCAL or DOMAIN keyword\n"
" or other_domain:{value} to specify a trusted domain.\n"
" you can set the password type using HASH or MACHINE keyword\n"
" (to use the Machine's NetBIOS name as the password).\n"
" you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n"
"Example: \n"
" hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n"
" hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n"
" hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n");
find = 1;
}
if (!find && ((strcmp(hydra_options.service, "http-get-form") == 0)
|| (strcmp(hydra_options.service, "https-get-form") == 0)
|| (strcmp(hydra_options.service, "http-post-form") == 0)
|| (strcmp(hydra_options.service, "https-post-form") == 0)
|| (strncmp(hydra_options.service, "http-form", 9) == 0)
|| (strncmp(hydra_options.service, "https-form", 10) == 0)
)
) {
printf("Module %s requires the page and the parameters for the web form.\n\n"
"By default this module is configured to follow a maximum of 5 redirections in\n"
"a row. It always gathers a new cookie from the same URL without variables\n"
"The parameters take three \":\" separated values, plus optional values.\n"
"(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n"
"\nSyntax: <url>:<form parameters>:<condition string>[:<optional>[:<optional>]\n"
"First is the page on the server to GET or POST to (URL).\n"
"Second is the POST/GET variables (taken from either the browser, proxy, etc.\n"
" with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n"
" placeholders (FORM PARAMETERS)\n"
"Third is the string that it checks for an *invalid* login (by default)\n"
" Invalid condition login check can be preceded by \"F=\", successful condition\n"
" login check must be preceded by \"S=\".\n"
" This is where most people get it wrong. You have to check the webapp what a\n"
" failed string looks like and put it in this parameter!\n"
"The following parameters are optional:\n"
" C=/page/uri to define a different page to gather initial cookies from\n"
" (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n"
" ^USER^ and ^PASS^ can also be put into these headers!\n"
" Note: 'h' will add the user-defined header at the end\n"
" regardless it's already being sent by Hydra or not.\n"
" 'H' will replace the value of that header if it exists, by the\n"
" one supplied by the user, or add the header at the end\n"
"Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n"
" All colons that are not option separators should be escaped (see the examples above and below).\n"
" You can specify a header without escaping the colons, but that way you will not be able to put colons\n"
" in the header value itself, as they will be interpreted by hydra as option separators.\n"
"\nExamples:\n"
" \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n"
" \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n"
" \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n"
" \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n"
" \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F<target>%%2Fexchange&flags=0&username=<domain>%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n",
hydra_options.service);
find = 1;
}
if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) {
printf("Module http-proxy is optionally taking the page to authenticate at.\n"
"Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n");
find = 1;
}
if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) {
printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n"
"The -L loginfile must contain the URL list to try through the proxy.\n"
"The proxy credentials cann be put as the optional parameter, e.g.\n"
" hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n");
find = 1;
}
if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) {
printf("Module snmp is optionally taking the following parameters:\n");
printf(" READ perform read requests (default)\n");
printf(" WRITE perform write requests\n");
printf(" 1 use SNMP version 1 (default)\n");
printf(" 2 use SNMP version 2\n");
printf(" 3 use SNMP version 3\n");
printf(" Note that SNMP version 3 usually uses both login and passwords!\n");
printf(" SNMP version 3 has the following optional sub parameters:\n");
printf(" MD5 use MD5 authentication (default)\n");
printf(" SHA use SHA authentication\n");
printf(" DES use DES encryption\n");
printf(" AES use AES encryption\n");
printf(" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n");
printf(" only requires a password (or username) not both.\n");
printf("To combine the options, use colons (\":\"), e.g.:\n");
printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n");
printf(" hydra -P pass.txt -m 2 target.com snmp\n");
find = 1;
}
if (!find && ((strcmp(hydra_options.service, "http-get") == 0)
|| (strcmp(hydra_options.service, "https-get") == 0)
|| (strcmp(hydra_options.service, "http-post") == 0)
|| (strcmp(hydra_options.service, "https-post") == 0))
) {
printf("Module %s requires the page to authenticate.\n"
"For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service);
find = 1;
}
if (!find) // this is also printed if the module does not exist at all
printf("The Module %s does not need or support optional parameters\n", hydra_options.service);
exit(0);